3.6 KiB
NixOS 24.11 Upgrade Notes for ops-jrz1
Review completed: 2026-01-10
Summary
| Component | Impact | Action Required |
|---|---|---|
| PostgreSQL | HIGH | Pin to v15 before upgrade |
| Forgejo | MEDIUM | Review 8.0/9.0 release notes |
| Matrix (continuwuity) | NONE | Already using the fork |
| mautrix-slack | NONE | No breaking changes |
| nginx | NONE | We don't use gd/geoip |
| Python | LOW | Monitor maubot |
| ACME | NONE | No changes |
PostgreSQL
Change: Default version bumped from 15 to 16. PostgreSQL 12 removed.
Risk: If we upgrade without pinning, PostgreSQL will upgrade to 16 which requires pg_upgrade or dump/restore.
Action: Pin to PostgreSQL 15 before upgrade (task 7qg):
services.postgresql.package = pkgs.postgresql_15;
Other changes:
enableSystemd→systemdSupport(we don't override this)initdbArgsnow shell-escaped (shouldn't affect us)- Hardened systemd settings by default (good)
Forgejo
Change: Major upgrade path 7.0 → 9.0 (skipping 8.0).
Breaking changes:
services.forgejo.mailerPasswordFiledeprecated → useservices.forgejo.secrets.mailer.PASSWD- Package defaults to
forgejo-ltsnow - PAM authentication removed (we don't use it)
Action: We don't use mailer, so no config changes needed. But should review:
Risk: Database migrations run automatically. Backup before upgrade.
Matrix (conduwuit → continuwuity)
Change: Upstream conduwuit discontinued in April 2025. Repository deleted.
Impact on us: NONE - we already use matrix-continuwuity which is the community fork.
Note: conduwuit package marked vulnerable in nixpkgs, will be removed in 25.11. Our config already uses the correct fork.
mautrix-slack
Change: No breaking changes documented for 24.11.
Note: The NixOS module may have been added/improved in this cycle. Our custom module should continue to work.
Related: mautrix-meta (Facebook/Instagram) updated to 0.4 with breaking changes, but we don't use it.
nginx
Change: gd and geoip dependencies removed from default build.
Impact: NONE - we don't use image filter or GeoIP features.
If needed later:
services.nginx.package = pkgs.nginx.override {
withImageFilter = true;
withGeoIP = true;
};
Python
Change: override and overrideDerivation removed from buildPythonPackage in favor of overridePythonAttrs.
Impact: LOW - affects package overrides, not runtime. Maubot should work fine.
Monitor: If maubot plugins fail to build, may need adjustment.
systemd
Change: cgroup v1 considered obsolete. systemd.enableUnifiedCgroupHierarchy option removed.
Impact: NONE - we use cgroup v2 (default).
ACME / Let's Encrypt
Change: No breaking changes.
Pre-Upgrade Checklist
- Pin PostgreSQL to v15 (task 7qg) - DONE
- Take verified backup (task asi) - DONE: B2 backups operational
- Review Forgejo 8.0/9.0 release notes for database migrations
- Note current NixOS generation number for rollback
- Test upgrade in VM if possible