25.11

flake.lock

@@ -133,16 +133,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1763992789,
+        "lastModified": 1764536451,
-        "narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
+        "narHash": "sha256-BgtcUkBfItu9/yU14IgUaj4rYOanTOUZjUfBP20/ZB4=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
+        "rev": "3fdd076e08049a9c7a83149b270440d9787d2df5",
         "type": "github"
       },
       "original": {
         "owner": "nix-community",
-        "ref": "release-25.05",
+        "ref": "release-25.11",
         "repo": "home-manager",
         "type": "github"
       }
@@ -206,16 +206,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1764316264,
+        "lastModified": 1764494334,
-        "narHash": "sha256-82L+EJU+40+FIdeG4gmUlOF1jeSwlf2AwMarrpdHF6o=",
+        "narHash": "sha256-x2xCEXUlU4Ap56+t5HaoReOQ/bV/bIQ5rzTn/m+V3HQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9a7b80b6f82a71ea04270d7ba11b48855681c4b0",
+        "rev": "d542db745310b6929708d9abea513f3ff19b1341",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }

flake.nix

@@ -2,14 +2,14 @@
   description = "motiejus/config";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
     flake-utils.url = "github:numtide/flake-utils";
     flake-compat.url = "github:nix-community/flake-compat";
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
     nur.url = "github:nix-community/NUR";
 
-    home-manager.url = "github:nix-community/home-manager/release-25.05";
+    home-manager.url = "github:nix-community/home-manager/release-25.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
 
     agenix = {
@@ -77,7 +77,6 @@
       home-manager,
       nixos-hardware,
       nix-index-database,
-      pre-commit-hooks,
       nur,
       zig,
       kolide-launcher,
@@ -111,7 +110,7 @@
           go-raceless = super.callPackage ./pkgs/go-raceless { inherit (nicer) ; };
 
           pkgs-unstable = import nixpkgs-unstable {
-            inherit (super) system;
+            inherit (super.stdenv.hostPlatform) system;
             config.allowUnfree = true;
             overlays = [
               (_self: super: {

hosts/fwminex/configuration.nix

@@ -230,10 +230,10 @@ in
   };
 
   services = {
-    logind = {
+    logind.settings.Login = {
-      lidSwitch = "ignore";
+      HandleLidSwitch = "ignore";
-      powerKey = "suspend";
+      HandlePowerKey = "suspend";
-      powerKeyLongPress = "poweroff";
+      HandlePowerKeyLongPress = "poweroff";
     };
 
     plikd = {

hosts/sqq1-desk2/configuration.nix

@@ -155,7 +155,7 @@ in
       extremetuxracer
       superTux
       superTuxKart
-      frozen-bubble
+      # frozen-bubble # broken in 25.11 (perl SDL tests segfault)
       neverball
       pingus
       supermariowar

hosts/vm/configuration.nix

@@ -28,19 +28,21 @@
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
-  isoImage =
+  image =
     let
       vsn = "${config.system.nixos.release}${lib.trivial.versionSuffix}";
     in
     {
-      isoName = "toolshed-${vsn}.iso";
+      fileName = "toolshed-${vsn}.iso";
+    };
 
+  isoImage = {
     # as of writing zstd -19 reduces toolshed from 9.1G to 8.6G, but takes
     # ~30min on fwminex, as opposed to ~10m with default settings. xz also
     # yields 8.6G.
     #squashfsCompression = "zstd -Xcompression-level 19";
     squashfsCompression = "zstd";
-      appendToMenuLabel = " Toolshed ${vsn}";
+    appendToMenuLabel = " Toolshed ${config.system.nixos.release}${lib.trivial.versionSuffix}";
     makeEfiBootable = true; # EFI booting
     makeUsbBootable = true; # USB booting
   };

modules/base/default.nix

@@ -173,13 +173,13 @@ in
             tcpdump
             testssl
             dnsutils
-            curlHTTP3
+            curl
             bandwhich
             bridge-utils
             speedtest-cli
             nix-output-monitor
 
-            config.boot.kernelPackages.perf
+            perf
             config.boot.kernelPackages.vm-tools
           ]
         ];

modules/base/sshd/default.nix

@@ -1,6 +1,5 @@
 {
   lib,
-  config,
   myData,
   ...
 }:

modules/profiles/desktop/default.nix

@@ -71,10 +71,10 @@ in
         package = pkgs.pulseaudioFull;
       };
 
-      logind = {
+      logind.settings.Login = {
-        powerKey = "suspend";
+        HandlePowerKey = "suspend";
-        powerKeyLongPress = "poweroff";
+        HandlePowerKeyLongPress = "poweroff";
-        lidSwitchExternalPower = "ignore";
+        HandleLidSwitchExternalPower = "ignore";
       };
 
       avahi = {
@@ -224,7 +224,7 @@ in
       qalculate-qt # qalculate
       google-chrome
       wirelesstools
-      poppler_utils
+      poppler-utils
       squashfsTools
       joplin-desktop
       aspellDicts.en
@@ -238,7 +238,7 @@ in
       netsurf-browser
       man-pages-posix
       gnome-calculator
-      libsForQt5.okular
+      kdePackages.okular
       nvtopPackages.amd
       age-plugin-yubikey
       nvtopPackages.intel
@@ -330,11 +330,11 @@ in
         gtk = {
           enable = true;
           theme = {
-            package = pkgs.plasma5Packages.breeze-gtk;
+            package = pkgs.kdePackages.breeze-gtk;
             name = "Breeze";
           };
           cursorTheme = {
-            package = pkgs.plasma5Packages.breeze-icons;
+            package = pkgs.kdePackages.breeze-icons;
             name = "Breeze_Snow";
           };
           iconTheme = {

modules/profiles/desktop/plasma.nix

@@ -67,7 +67,7 @@ let
     attrs:
     let
       args = configToArgs attrs;
-      argToCommand = arg: "${pkgs.plasma5Packages.kconfig}/bin/kwriteconfig5 ${arg}";
+      argToCommand = arg: "${pkgs.kdePackages.kconfig}/bin/kwriteconfig6 ${arg}";
       commands = builtins.map argToCommand args;
     in
     lib.strings.concatStringsSep "\n" commands;

modules/profiles/workstation/default.nix

@@ -66,7 +66,7 @@ in
         wasmtime
         bpftrace
         hyperfine
-        sloccount
+        loccount
         tesseract
         postgresql
         gcc_latest

modules/profiles/xfce4/default.nix

@@ -1,6 +1,5 @@
 {
   lib,
-  config,
   ...
 }:
 {

modules/services/frigate/default.nix

@@ -126,11 +126,15 @@ in
             days = 2;
             mode = "all";
           };
-          events = {
+          alerts = {
-            pre_capture = 5;
-            post_capture = 5;
             retain = {
-              default = 5;
+              days = 5;
+              mode = "motion";
+            };
+          };
+          detections = {
+            retain = {
+              days = 5;
               mode = "motion";
             };
           };

modules/services/immich/default.nix

@@ -42,6 +42,13 @@ in
       enable = true;
       port = myData.ports.immich-server;
 
+      # Database configuration for NixOS 25.11
+      database = {
+        enable = true;
+        enableVectorChord = true; # New vector search backend (recommended)
+        enableVectors = false; # Disable deprecated pgvecto-rs
+      };
+
       # N.B. as of 24.11 default redis socket has permissions incompatible
       # with how immich is configured.
       # If immich can't find/connect to redis, it will fail on boot, so it's

modules/services/postfix/default.nix

@@ -17,22 +17,22 @@
     services.postfix = {
       enable = true;
       enableSmtp = true;
-      networks = [
+      settings.main = {
+        mynetworks = [
           "127.0.0.1/8"
           "[::ffff:127.0.0.0]/104"
           "[::1]/128"
           myData.subnets.tailscale.cidr
         ];
-      hostname = "relay.jakstys.lt";
+        myhostname = "relay.jakstys.lt";
-      extraConfig = ''
+        mydestination = "";
-        mydestination =
+        smtpd_relay_restrictions = "permit_mynetworks, reject";
-        smtpd_relay_restrictions = permit_mynetworks, reject
+        smtpd_recipient_restrictions = "permit_mynetworks, reject_unauth_destination";
-        smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
+        smtp_tls_security_level = "may";
-        smtp_tls_security_level = may
+        smtpd_helo_required = "yes";
-        smtpd_helo_required = yes
+        disable_vrfy_command = "yes";
-        disable_vrfy_command = yes
+        header_size_limit = "4096000";
-        header_size_limit = 4096000
+      };
-      '';
     };
   };
 }

shared/home/default.nix

@@ -141,13 +141,15 @@ in
 
       git = {
         enable = true;
-        userEmail = email;
+        settings = {
-        userName = "Motiejus Jakštys";
+          user = lib.mkMerge [
-        aliases = {
+            { name = "Motiejus Jakštys"; }
+            (lib.mkIf (email != null) { inherit email; })
+          ];
+          alias = {
             yolo = "commit --amend --no-edit -a";
             pushf = "push --force-with-lease";
           };
-        extraConfig = {
           log.date = "iso-strict-local";
           pull.ff = "only";
           core.abbrev = 12;
@@ -165,7 +167,6 @@ in
             confirm = "always";
             suppresscc = "self";
           };
-
         };
       };
 

shared/work/default.nix

@@ -74,7 +74,7 @@
       ANTHROPIC_VERTEX_PROJECT_ID = "chronosphere-rc-b";
     };
     programs = {
-      git.extraConfig = {
+      git.settings = {
         url."git@github.com:".insteadOf = "https://github.com";
         user.useConfigOnly = true;
       };