rl-2505.section.md

Release 25.05 (“Warbler”, 2025.05/??) {#sec-release-25.05}

Highlights {#sec-release-25.05-highlights}

• The default PHP version has been updated to 8.3.

• nixos-rebuild-ng, a full rewrite of nixos-rebuild in Python, is available for testing. You can enable it by setting system.rebuild.enableNg in your configuration (this will replace the old nixos-rebuild), or by adding nixos-rebuild-ng to your environment.systemPackages (in this case, it will live side-by-side with nixos-rebuild as nixos-rebuild-ng). It is expected that the next major version of NixOS (25.11) will enable system.rebuild.enableNg by default.

• A nixos-rebuild build-image sub-command has been added.

  It allows users to build platform-specific (disk) images from their NixOS configurations. nixos-rebuild build-image works similar to the popular nix-community/nixos-generators project. See new section on image building in the nixpkgs manual.

New Modules {#sec-release-25.05-new-modules}

• Bazecor, the graphical configurator for Dygma Products.

• scanservjs, a web UI for SANE scanners. Available at services.scanservjs.

• Kimai, a web-based multi-user time-tracking application. Available as services.kimai.

• Omnom, a webpage bookmarking and snapshotting service. Available as services.omnom.

• MaryTTS, an open-source, multilingual text-to-speech synthesis system written in pure Java. Available as services.marytts.

• Conduwuit, a federated chat server implementing the Matrix protocol, forked from Conduit. Available as services.conduwuit.

• Traccar, a modern GPS Tracking Platform. Available as services.traccar.

• crab-hole, a cross platform Pi-hole clone written in Rust using hickory-dns/trust-dns. Available as services.crab-hole.

• Amazon CloudWatch Agent, the official telemetry collector for AWS CloudWatch and AWS X-Ray. Available as services.amazon-cloudwatch-agent.

• Bat, a {manpage}cat(1) clone with wings. Available as programs.bat.

• agorakit, an organization tool for citizens' collectives. Available with services.agorakit.

• waagent, the Microsoft Azure Linux Agent (waagent) manages Linux provisioning and VM interaction with the Azure Fabric Controller. Available with services.waagent.

• nostr-rs-relay, This is a nostr relay, written in Rust. Available as services.nostr-rs-relay.

• mqtt-exporter, a Prometheus exporter for exposing messages from MQTT. Available as services.prometheus.exporters.mqtt.

• Buffyboard, a framebuffer on-screen keyboard. Available as services.buffyboard.

• KanBoard, a project management tool that focuses on the Kanban methodology. Available as services.kanboard.

• git-worktree-switcher, switch between git worktrees with speed. Available as programs.git-worktree-switcher

Backward Incompatibilities {#sec-release-25.05-incompatibilities}

• binwalk was updated to 3.1.0, which has been rewritten in rust. The python module is no longer available. See the release notes of 3.1.0 for more information.

• buildGoPackage has been removed. Use buildGoModule instead. See the Go section in the nixpkgs manual for details.

• strawberry has been updated to 1.2, which drops support for the VLC backend and Qt 5. The strawberry-qt5 package and withGstreamer/withVlc override options have been removed due to this.

• ps3-disc-dumper was updated to 4.2.5, which removed the CLI project and now exclusively offers the GUI

• timescaledb requires manual upgrade steps. After you run ALTER EXTENSION, you must run this SQL script. For more details, see the following pull requests #6797. PostgreSQL 13 is no longer supported in TimescaleDB v2.16.

• Support for CUDA 10 has been dropped, as announced in the 24.11 release notes.

• zammad has had its support for MySQL removed, since it was never working correctly and is now deprecated upstream. Check the migration guide for how to convert your database to PostgreSQL.

• nodePackages.vls has been deprecated, as the upstream consumer of it, vetur, has been deprecated by upstream. Upstream suggests migrating to Volar for Vue LSP tooling instead.

• nodePackages.create-react-native-app has been removed, as it is deprecated. Upstream suggests using a framework for React Native apps instead.

• nodePackages.insect has been removed, as it's deprecated by upstream. The suggested replacement is numbat.

• nodePackages.webpack-dev-server has been removed, as it should be installed in projects that use it instead.

• nodePackages.copy-webpack-plugin has been removed, as it should be installed in projects that use it instead.

• racket_7_9 has been removed, as it is insecure. It is recommended to use Racket 8 instead.

• ente-auth now uses the name enteauth for its binary. The previous name was ente_auth.

• fluxus has been removed, as it depends on racket_7_9 and had no updates in 9 years.

• renovate was updated to v39. See the upstream release notes for breaking changes. Like upstream's docker images, renovate now runs on NodeJS 22.

• The behavior of the networking.nat.externalIP and networking.nat.externalIPv6 options has been changed. networking.nat.forwardPorts now only forwards packets destined for the specified IP addresses.

• python3Packages.jaeger-client was removed because it was deprecated upstream. OpenTelemetry is the recommended replacement.

• nodePackages.meshcommander has been removed, as the package was deprecated by Intel.

• kanata was updated to v1.7.0, which introduces several breaking changes. See the release notes of v1.7.0 for more information.

• nodePackages.expo-cli has been removed, as it was deprecated by upstream. The suggested replacement is the npx expo command.

• DokuWiki with the Caddy webserver (services.dokuwiki.webserver = "caddy") now sets up sites with Caddy's automatic HTTPS instead of HTTP-only. To keep the old behavior for a site example.com, set services.caddy.virtualHosts."example.com".hostName = "http://example.com". If you set custom Caddy options for a DokuWiki site, migrate these options by removing http:// from services.caddy.virtualHosts."http://example.com".

• vscode-utils.buildVscodeExtension now requires pname as an argument

• nerdfonts has been separated into individual font packages under the namespace nerd-fonts. The directories for font files have changed from $out/share/fonts/{opentype,truetype}/NerdFonts to $out/share/fonts/{opentype,truetype}/NerdFonts/<fontDirName>, where <fontDirName> can be found in the official website as the titles in preview images, with the "Nerd Font" suffix and any whitespaces trimmed. Configuration changes are required, see build output.

• retroarch has been refactored and the older retroarch.override { cores = [ ... ]; } to create a RetroArch derivation with custom cores doesn't work anymore, use retroarch.withCores (cores: [ ... ]) instead. If you need more customization (e.g.: custom settings), use wrapRetroArch instead.

• gkraken software and hardware.gkraken.enable option have been removed, use coolercontrol via programs.coolercontrol.enable option instead.

• nodePackages.ganache has been removed, as the package has been deprecated by upstream.

• virtualisation.azure.agent option provided by azure-agent.nix is replaced by services.waagent, and will be removed in a future release.

• containerd has been updated to v2, which contains breaking changes. See the containerd 2.0 documentation for more details.

• The ZFS import service now respects fileSystems.*.options = [ "noauto" ]; and does not add that pool's import service to zfs-import.target, meaning it will not be automatically imported at boot.

• nodePackages.stackdriver-statsd-backend has been removed, as the StackDriver service has been discontinued by Google, and therefore the package no longer works.

• python3Packages.opentracing has been removed due to being unmaintained upstream. OpenTelemetry is the recommended replacement.

• Default file names of images generated by several builders in system.build have been changed as outlined in the table below.

  Names are now known at evaluation time and customizable via the new options image.baseName, image.extension, image.fileName and image.filePath with the latter returning a path relative to the derivations out path (e.g. iso/${image.fileName for iso images).

  | system.build Option | Old Filename | New Filename | |--------------------------+------------------------------------------------------------+-----------------------------------------------------------------| | amazonImage | nixos-amazon-image-25.05pre-git-x86_64-linux.vhd | nixos-image-amazon-25.05pre-git-x86_64-linux.vhd | | azureImage | disk.vhd | nixos-image-azure-25.05pre-git-x86_64-linux.vhd | | digitalOceanImage | nixos.qcow2.gz | nixos-image-digital-ocean-25.05pre-git-x86_64-linux.qcow2.gz | | googleComputeImage | nixos-image-25.05pre-git-x86_64-linux.raw.tar.gz | nixos-image-google-compute-25.05pre-git-x86_64-linux.raw.tar.gz | | hypervImage | nixos-25.05pre-git-x86_64-linux.vhdx | nixos-image-hyperv-25.05pre-git-x86_64-linux.vhdx | | isoImage (installer) | nixos-25.05pre-git-x86_64-linux.iso | nixos-image-25.05pre-git-x86_64-linux.iso | | isoImage | nixos.iso | nixos-image-25.05pre-git-x86_64-linux.iso | | kubevirtImage | nixos.qcow2 | nixos-image-kubevirt-25.05pre-git-x86_64-linux.qcow2 | | linodeImage | nixos-image-25.05pre-git-x86_64-linux.img.gz | nixos-image-linode-25.05pre-git-x86_64-linux.img.gz | | metadata (lxc-container) | nixos-system-x86_64-linux.tar.xz | nixos-image-lxc-metadata-25.05pre-git-x86_64-linux.tar.xz | | OCIImage | nixos.qcow2 | nixos-image-oci-25.05pre-git-x86_64-linux.qcow2 | | openstackImage (zfs) | nixos-openstack-image-25.05pre-git-x86_64-linux.root.qcow2 | nixos-image-openstack-zfs-25.05pre-git-x86_64-linux.root.qcow2 | | openstackImage | nixos.qcow2 | nixos-image-openstack-25.05pre-git-x86_64-linux.qcow2 | | sdImage | nixos-sd-image-25.05pre-git-x86_64-linux.img.zst | nixos-image-sd-card-25.05pre-git-x86_64-linux.img.zst | | tarball (lxc-container) | nixos-system-x86_64-linux.tar.xz | nixos-image-lxc-25.05pre-git-x86_64-linux.tar.xz | | tarball (proxmox-lxc) | nixos-system-x86_64-linux.tar.xz | nixos-image-lxc-proxmox-25.05pre-git-x86_64-linux.tar.xz | | vagrantVirtualbox | nixos-25.05pre-git-x86_64-linux.ova | nixos-image-virtualbox-25.05pre-git-x86_64-linux.ova | | virtualBoxOVA | virtualbox-vagrant.box | nixos-image-vagrant-virtualbox-25.05pre-git-x86_64-linux.ova | | vmwareImage | nixos-25.05pre-git-x86_64-linux.vmdk | nixos-image-vmware-25.05pre-git-x86_64-linux.vmdk |

• the notmuch vim plugin now lives in a separate output of the notmuch package. Installing notmuch will not bring the notmuch vim package anymore, add vimPlugins.notmuch-vim to your (Neo)vim configuration if you want the vim plugin.

• prisma and prisma-engines have been updated to version 6.0.1, which introduces several breaking changes. See the Prisma ORM upgrade guide for more information.

• zf was updated to 0.10.2, which includes breaking changes from the 0.10.0 release. zf no longer does Unicode normalization of the input and no longer supports terminal escape sequences in the ZF_PROMPT environment variable.

Other Notable Changes {#sec-release-25.05-notable-changes}

• Cinnamon has been updated to 6.4, please check the upstream announcement for more details.

  • Following changes in Mint 22 we are no longer overriding Qt application styles. You can still restore the previous default with qt.style = "gtk2" and qt.platformTheme = "gtk2".

• Xfce has been updated to 4.20, please check the upstream feature tour for more details.

  • Wayland session is still experimental and requires opt-in using enableWaylandSession option.
  • Overriding Wayland compositor is possible using enableWaylandSession option, but you might need to take care xfce4-session, dbus-update-activation-environment and systemctl --user import-environment on startup.
  • For new Xfce installations, default panel layout has changed to not include external panel plugins by default. You can still add them yourself using the "Panel Preferences" dialog.

• networking.wireguard now has an optional networkd backend. It is enabled by default when networking.useNetworkd is enabled, and it can be enabled alongside scripted networking with networking.wireguard.useNetworkd. Some networking.wireguard options have slightly different behavior with the networkd and script-based backends, documented in each option.

• services.avahi.ipv6 now defaults to true.

• bind.cacheNetworks now only controls access for recursive queries, where it previously controlled access for all queries.

• programs.fzf.keybindings now supports the fish shell.

Nixpkgs Library {#sec-release-25.05-lib}

Breaking changes {#sec-release-25.05-lib-breaking}

• Structure of the functor of some types has changed. functor is an implementation detail and should not be relied upon. If you did rely on it let us know in this PR.
  • lib.types.enum: Previously the functor.payload was the list of enum values directly. Now it is an attribute set containing the values in the values attribute.
  • lib.types.separatedString: Previously the functor.payload was the seperator directly. Now it is an attribute set containing the seperator in the sep attribute.