NixOS is back with, Nix OS 25.11, a version that brings very profound changes both in the system itself and in the vast ecosystem of packages that surrounds it. Codenamed “Xantusia”, it is now available and comes loaded with interesting new features for desktops, servers, development, and cloud deployments, but also with a fair number of incompatibilities and deprecated packages that should be carefully reviewed before updating.
In this article we will see All the important news From NixOS 25.11 and the Nixpkgs package base: key updates such as GNOME 49, LLVM 21, and ROCm 6.3; significant changes to Go, Rust, Node.js, PostgreSQL, and Docker; renamed services; new modules; and additional configuration options. We'll also discuss a real-world case study involving proxy issues when compiling Discord and how to address them in this new environment.
NixOS 25.11 “Xantusia”: lifecycle and launch figures
The new stable version, NixOS 25.11 “Xantusia”It can now be installed and updated on any system using stable channels. This edition will receive security patches and bug fixes for seven months, until June 30, 2026, so it's the new recommended upgrade if you're coming from a previous version.
The previous stable one, NixOS 25.05 “Warbler”, officially becomes obsolete and will stop receiving security updates from December 31, 2025. If you are still on 25.05 or an even older branch, it's a good time to calmly plan your migration to 25.11, reviewing the incompatible changes that we will detail throughout this text.
This launch is also a showcase of rate of development of the project. Between NixOS 25.05 and NixOS 25.11, 2742 contributors participated, collectively signing no fewer than 59.430 commits to Nixpacks and the system configuration. Behind these figures lie everything from minor fixes to marginal packages to major redesigns of critical distribution modules.
Nixpkgs: Packages added, updated, and removed from NixOS 25.11
The Nixpkgs package collection, which is the spine Not only NixOS but any system that uses the Nix package manager on Linux or macOS has received massive maintenance this cycle.
On the one hand, there have been 7002 new packages addedfurther expanding the range of available software. This includes everything from cutting-edge development tools to desktop applications, management utilities, and scientific software.
At the same time, the team has Updated 25.252 existing packagesThis ensures that most popular software is updated to recent versions, especially those with security patches and performance improvements. This is crucial in environments where reproducibility is essential while also maintaining reasonable up-to-dateness.
To keep the repository manageable and secure, Nixpkgs has 6338 old packages removed that were no longer maintained, were broken, or had become obsolete upstream. In many cases, direct alternatives exist within the Nixpkgs tree itself, but in others, they are simply made unavailable to avoid security or compilation issues.
NixOS modules and configuration options
In addition to its packages, NixOS is distinguished by its powerful declarative module system. This cycle has included 107 new modules incorporatedThese updates add support for new services, daemons, applications, and system configurations. They also bring 1778 new configuration options, further increasing the granularity with which a system can be described.
On the other hand, they have removed 41 modules and 807 configuration options that had become obsolete, broken, or replaced by more modern alternatives. If you reuse older configurations, it's a good idea to review the deprecation notices to adapt your files before upgrading.
Notable new features on the desktop: GNOME 49 “Brescia”
One of the big new features for desktop users is the update to GNOME 49 “Brescia”This version of the desktop environment takes a decisive step towards Wayland and eliminates the X11-based session, which may be a significant change if you maintained older configurations or extensions that explicitly depended on Xorg.
GNOME 49 incorporates New applications This includes a revamped video player and an updated document viewer, as well as a redesigned calendar and numerous small user experience improvements. It's advisable to review the official GNOME release notes if you rely on any highly specific functionality or complex extensions.
C compilers and toolchains: LLVM, GCC, and CMake
In the compilation section, NixOS 25.11 updates LLVM to version 21This is a significant leap forward for developers using C, C++, or Rust with the Clang toolchain. This version includes optimization improvements, new supported goals, and adjustments to warnings that may cause changes in behavior in some projects.
the compiler GCC remains in branch 14This is a version that is already established and tested in production. This makes it easier to maintain compatibility with projects that still depend on this family of compilers without encountering disruptive changes with each system update.
For its part, CMake is updated to version 4This can enable new features in modern build systems but may also require adjustments in projects that used outdated syntax or commands. If you have older CMake templates, it's a good idea to run build tests before finalizing the migration.
GPU, computing, and changes in ROCm and CUDA
For those working with GPU acceleration, the branch rocmPackages_6 upgrade to ROCm 6.3While rocmPackages_5 It is removed from the tree. Some parts are restructured: rocmPackages.rocm-thunk It disappears as a separate package and is integrated into rocmPackages.clr, and rocmPackages.clang-ocl He is retiring after being abandoned by AMD in 2023.
In parallel, Official support for CUDA 10 is lostAs already mentioned in the NixOS 24.11 release notes, users who were still supporting very old hardware should consider upgrading their GPU or checking if there are maintained alternatives from other manufacturers or backends.
Browser, proxies, and problems compiling Discord
One practical issue that has come to light with this version is the use of proxies during compilationsA user describes how they can successfully download the file. discord-0.0.116.tar.gz from the browser using the corporate proxy, but when running nixos-rebuild The download with curl fails repeatedly with an error curl: (35) Recv failure: Connection reset by peer until all attempts are exhausted.
The Nix error message indicates that The Discord tarball could not be downloaded from no mirror, thus breaking the derivation discord-0.0.116.tar.gz.drv and, in turn, the construction of the user environment and the complete system. Although the log shows warnings of automatic retries, variables such as https_proxy o all_proxyThis suggests that the runtime environment within the build sandbox is not seeing the user's network configuration.
In NixOS, the standard proxy environment variables They may not propagate directly to forks if strict sandboxing is used or if the system configuration does not export them to builds. The typical solution involves configuring Nix options as nix.extraOptions to include http_proxy, https_proxy and company, or temporarily disable the sandbox for that machine (not recommended long-term) while adjusting the proxy server to allow traffic from the builder's IP.
Another option is to resort to binary caches that already contain Discord or other problematic packages, thus preventing Nix from having to download the origins directly. In any case, these types of network errors become more relevant in a version like 25.11, which moves so many pieces at once and can bring out different behaviors in the way URLs are resolved.
Network, containers and web services
In the area of networking and containers, NixOS 25.11 introduces significant changes. Squid HTTP proxy upgrades to version 7This edition includes several incompatible changes, such as the removal of ESI functionality. For adjustments to your custom settings, it is recommended to review the Squid release notes.
At the orchestration level, containerd updates to its 2.x branchThis brings with it a number of behavioral changes. Whether you use containerd directly or as a component of a platform, it's essential to review the containerd 2.0 documentation to avoid surprises in production.
In the Docker world, docker_24 is removed from the tree because it is no longer supported and has known vulnerabilities since June 2024. The idea is to push installations to newer and maintained versions of Docker.
Regarding servers and control panels, NetBox is updated to branch 4.2with significant changes at the schema and behavior levels. Version 4.0.x is removed from the tree, and users are advised to follow the notifications for updates 4.1 and 4.2 before upgrading. Other services such as matomo They switch to using version 5 by default (version 4 is no longer supported), and the package is removed. matomo-beta since it is now easy to overwrite the version from overrideAttrs.
Kafka also makes a significant leap: Apache Kafka is updated to branch 4.0which no longer supports ZooKeeper. All installations must be migrated to KRaft mode, following the Apache Foundation's guidelines. On NixOS, this involves reviewing configurations to remove references to ZooKeeper and adapting broker deployments.
Services, daemons, and applications that change or disappear from NixOS 25.11
The list of Packages and services that are renamed, incompatiblely updated, or retired It is very long in this cycle, a sign of the willingness to clean up the tree of old or problematic software.
Some notable examples: gkraken It disappears and it is recommended to use coolercontrol as an alternative; opensmtpd-extras It is being removed because it is not compatible with OpenSMTPD 7.6.0+, giving way to specific packages. opensmtpd-table-*; zammad It stops supporting MySQL and forces users to migrate to PostgreSQL following the official guide.
In the world of names, Minetest is now called Luanti to reflect the upstream change, but aliases are maintained to avoid immediate disruptions. Similarly, poac changes to cabinpkg, xdragon becomes dragon-drop (With xdragon (as an alias) and siduck76-st it is renamed to st-snazzyThere are also small letters: the font serious-sans It is withdrawing because upstream has changed the name to Serious Shanns, still unpackaged.
Other projects are simply archived: gkraken, ephemeral, vocal, fluxus, sm64ex-coop, nexusmods-app, nodePackages.ganache and many more are marked as broken, unmaintained, or unsafe and removed from Nixpacks. In several cases, an alternative is suggested (for example, sm64coopdx to replace sm64ex-coop, or gnome-podcasts y kasts to replace a vowel).
In the messaging and privacy environment, the packets signald, signaldctl and purple-signald They are being discontinued due to prolonged incompatibility with Signal's official servers and the Matrix server. conduit It is marked as vulnerable after being discontinued by its developers.
New versions and behavior changes in popular applications
Aside from the disappearances, many applications are updated with behavioral changes that break compatibility. For example, Grafana Agent and its module They are leaving the scene in favor of Grafana Alloy, which already has its own service. services.alloyGrafana recommends migrating to grafana-alloy and provides documentation to complete the transfer.
The ecosystem of monitors and panels is also evolving: Prometheus makes the leap to the 3.x branchwith official migration notes, while kanata, authelia, helmfile, open-policy-agent and many other packages are updated to major versions with changes to syntax, configuration formats, and default values. In particular, OPA makes rego.v1 is now the default style, marking the v0 syntax as inherited, although a compatibility mode still exists.
The desktop world is not far behind: GIMP 3.0 appears as gimp3, Strawberry is updated to series 1.2 and abandons the VLC and Qt5 backend (the package disappears) strawberry-qt5 and some options with GStreamer/VLC), rofi It goes from 1.7.5 to 1.7.6 with ABI changes in binary plugins, and tauon 7.9.0+ Your database is being migrated to a backward-incompatible schema, so it's advisable to make a backup of ~/.local/share/TauonMusicBox before opening the new version.
In the field of web development and JavaScript, nodejs_latest evolves to 24.x series, are eliminated nodejs_23 y nodejs_18and cleans up Node packages that should never have been global (such as webpack-dev-server, copy-webpack-plugin, expo-cli o create-react-native-app), with the recommendation to install them at the project level. Tools such as pnpm jumps to version 10 with a secondary package pnpm_9 for those who need compatibility.
There are also adjustments to the fonts: nerdfonts is divided into individual packages under the namespace nerd-fonts and the installation paths for the fonts change, now having directories by font type (<fontDirName>This forces us to adapt configurations that pointed to the old routes.
Changes to kernel, hardware, and system environment
At the system level, it is abandoned full support for 32-bit Darwinmaintaining only modern platforms. Furthermore, the triple configuration of aarch64-darwin conforms to arm64-apple-darwin, aligning with the expectations of Apple and LLVM.
The package tinycc It then separates outputs into dev, doc y libmaking tinycc.out It contains only the tcc binaries and cross-compilers. In TPM, tpm2-pkcs11 It compiles without support for abrmd By default, it prioritizes the kernel resource manager; if you need the variant with abrmd, it exists. tpm2-pkcs11.abrmdand the NixOS module automatically chooses according to security.tpm2.abrmd.
In udev, the rules of libjaylink They now demand to belong to the group. jlink instead of plugdevThis was very uncommon in NixOS. Access is also allowed via seat sessions, so the impact is limited if you use a standard desktop.
the props mkBinaryCache It is modernized and begins to use zstd as the default compression
For the generated binary cachesThe option to continue is left open. xz through compression = "xz";This improves performance in the generation and consumption of binaries in most cases.
In network options, networking.nat.externalIP and externalIPv6 change their behavior: the rules of networking.nat.forwardPorts These rules now only apply to packets destined for explicitly specified IPs. This prevents unexpected redirects, but may require adjusting existing NAT definitions.
In file system management, the definitions fileSystems (such as fileSystems."/") are set using lib.mkDefault from the NixOS modules, which allows replacing them all at once but causes errors if only individual attributes are overwritten without specifying deviceOtherwise, you might encounter messages like No device specified for mount point '/'.
Text editing, development environments and various utilities of NixOS 25.11
In the Emacs universe, NixOS 25.11 Remove Emacs 28 and 29Both the standard version and the Macport version for Emacs 28 are included. The Macport edition of Emacs 29 is maintained but with patches for known vulnerabilities. Racket also undergoes pruning: racket_7_9 is withdrawn due to unsafepushing to use Racket 8, and thereby eliminating fluxes, which had been relying on that unmaintained version for years.
The text search engine binwalk 3.1.0 It is rewritten in Rust, and the associated Python module becomes unavailable; the personal accounts tool python3Packages.beancount It rises to 3.1 with the previous series maintained as beancount_2In email and CLI, tldr It switches to using the Python client instead of C, and Himalayas It updates to version 1.1.0 with groundbreaking changes that require a configuration review.
In various tools, nq 1.0 renames fq and tq to nqtail and nqterm, zf 0.10.2 It changes the way it handles Unicode and escape sequences, and ast-grep remove the command sg to avoid conflicts with shadow-utils, while still allowing a legacy compatibility version through enableLegacySg = true;.
At the same time, the family of standard log functions nixLog* It is rewritten to prefix the debugging level and the calling function name, reintroducing nixLog as an unconditional logger that also adds the function context. This makes debugging complex derivations and hooks easier.
Finally, some testing utilities such as testers.shellcheck Now they warn you if the attribute is not provided. namewhich will become mandatory in future versions. And in Haskell, testTarget is marked as obsolete in favor of testTargets, which accepts an explicit list of targets instead of a space-separated string.
NixOS version 25.11 thus consolidates a huge number of changes, from the GNOME 49 desktop and massive package updates to deep adjustments in toolchains, network services, and compatibility policies, making it a key release for anyone who wants to keep their Nix environment up to date without losing sight of the stability and reproducibility that characterize the project.
