# NixOS 24.11 Upgrade Notes for ops-jrz1 Review completed: 2026-01-10 ## Summary | Component | Impact | Action Required | |-----------|--------|-----------------| | PostgreSQL | HIGH | Pin to v15 before upgrade | | Forgejo | MEDIUM | Review 8.0/9.0 release notes | | Matrix (continuwuity) | NONE | Already using the fork | | mautrix-slack | NONE | No breaking changes | | nginx | NONE | We don't use gd/geoip | | Python | LOW | Monitor maubot | | ACME | NONE | No changes | ## PostgreSQL **Change:** Default version bumped from 15 to 16. PostgreSQL 12 removed. **Risk:** If we upgrade without pinning, PostgreSQL will upgrade to 16 which requires `pg_upgrade` or dump/restore. **Action:** Pin to PostgreSQL 15 before upgrade (task 7qg): ```nix services.postgresql.package = pkgs.postgresql_15; ``` **Other changes:** - `enableSystemd` → `systemdSupport` (we don't override this) - `initdbArgs` now shell-escaped (shouldn't affect us) - Hardened systemd settings by default (good) ## Forgejo **Change:** Major upgrade path 7.0 → 9.0 (skipping 8.0). **Breaking changes:** - `services.forgejo.mailerPasswordFile` deprecated → use `services.forgejo.secrets.mailer.PASSWD` - Package defaults to `forgejo-lts` now - PAM authentication removed (we don't use it) **Action:** We don't use mailer, so no config changes needed. But should review: - [Forgejo 8.0 release notes](https://forgejo.org/releases/) - [Forgejo 9.0 release notes](https://forgejo.org/releases/) **Risk:** Database migrations run automatically. Backup before upgrade. ## Matrix (conduwuit → continuwuity) **Change:** Upstream conduwuit discontinued in April 2025. Repository deleted. **Impact on us:** NONE - we already use `matrix-continuwuity` which is the community fork. **Note:** conduwuit package marked vulnerable in nixpkgs, will be removed in 25.11. Our config already uses the correct fork. ## mautrix-slack **Change:** No breaking changes documented for 24.11. **Note:** The NixOS module may have been added/improved in this cycle. Our custom module should continue to work. **Related:** mautrix-meta (Facebook/Instagram) updated to 0.4 with breaking changes, but we don't use it. ## nginx **Change:** `gd` and `geoip` dependencies removed from default build. **Impact:** NONE - we don't use image filter or GeoIP features. **If needed later:** ```nix services.nginx.package = pkgs.nginx.override { withImageFilter = true; withGeoIP = true; }; ``` ## Python **Change:** `override` and `overrideDerivation` removed from buildPythonPackage in favor of `overridePythonAttrs`. **Impact:** LOW - affects package overrides, not runtime. Maubot should work fine. **Monitor:** If maubot plugins fail to build, may need adjustment. ## systemd **Change:** cgroup v1 considered obsolete. `systemd.enableUnifiedCgroupHierarchy` option removed. **Impact:** NONE - we use cgroup v2 (default). ## ACME / Let's Encrypt **Change:** No breaking changes. ## Pre-Upgrade Checklist - [x] Pin PostgreSQL to v15 (task 7qg) - **DONE** - [x] Take verified backup (task asi) - **DONE: B2 backups operational** - [ ] Review Forgejo 8.0/9.0 release notes for database migrations - [ ] Note current NixOS generation number for rollback - [ ] Test upgrade in VM if possible ## Sources - [NixOS 24.11 Release Notes](https://nixos.org/manual/nixos/stable/release-notes) - [NixOS 24.11 Announcement](https://nixos.org/blog/announcements/2024/nixos-2411/) - [nixpkgs release notes source](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) - [conduwuit deprecation PR](https://github.com/NixOS/nixpkgs/pull/397902)