Breaking changes announcement for unstable

hexa · June 29, 2025, 9:22pm

We are preparing the migration of the minimal ISO installer to NetworkManager and in that process we found opportunities to meaningfully reduce its closure size.

github.com/NixOS/nixpkgs

networkmanager: drop hard dependency on openconnect and cleanup plugin handling

master ← mweinelt:nm-cleanup

opened 04:25PM - 29 Jun 25 UTC

mweinelt

+58 -60

Its closure size is huge, due to a dependency on webkitgtk, and now that we wan…t to enable networkmanager on the ISOs by default closure size matters a lot. Instead we now pass openconnect to the PATH of the systemd unit and pick it up from there. <del>:warning: I did not test the openconnect plugin, not sure I can reasonably do that.</del> :heavy_check_mark: I tested an openconnect connection and it worked the same as before with the patch applied. --- Since opening this PR I also redid the plugin requirement handling and dropped options that I felt were a mistake. Thanks for the inspiration and review by the #network:nixos.org folks. --- cc #420923 ## Things done - Built on platform(s) - [x] x86_64-linux - [ ] aarch64-linux - [ ] x86_64-darwin - [ ] aarch64-darwin - For non-Linux: Is sandboxing enabled in `nix.conf`? (See [Nix manual](https://nixos.org/manual/nix/stable/command-ref/conf-file.html)) - [ ] `sandbox = relaxed` - [ ] `sandbox = true` - [x] Tested, as applicable: - [NixOS test(s)](https://nixos.org/manual/nixos/unstable/index.html#sec-nixos-tests) (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests)) - and/or [package tests](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#package-tests) - or, for functions and "core" functionality, tests in [lib/tests](https://github.com/NixOS/nixpkgs/blob/master/lib/tests) or [pkgs/test](https://github.com/NixOS/nixpkgs/blob/master/pkgs/test) - made sure NixOS tests are [linked](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md#linking-nixos-module-tests-to-a-package) to the relevant packages - [ ] Tested compilation of all packages that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"`. Note: all changes have to be committed, also see [nixpkgs-review usage](https://github.com/Mic92/nixpkgs-review#usage) - [ ] Tested basic functionality of all binary files (usually in `./result/bin/`) - [Nixpkgs 25.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/doc/release-notes/rl-2511.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/doc/manual/release-notes/rl-2505.section.md) Nixpkgs Release notes) - [ ] (Package updates) Added a release notes entry if the change is major or breaking - [NixOS 25.11 Release Notes](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2511.section.md) (or backporting [24.11](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2411.section.md) and [25.05](https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/release-notes/rl-2505.section.md) NixOS Release notes) - [ ] (Module updates) Added a release notes entry if the change is significant - [ ] (Module addition) Added a release notes entry if adding a new NixOS module - [x] Fits [CONTRIBUTING.md](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md), [pkgs/README.md](https://github.com/NixOS/nixpkgs/blob/master/pkgs/README.md), [maintainers/README.md](https://github.com/NixOS/nixpkgs/blob/master/maintainers/README.md) and other contributing documentation in corresponding paths. --- Add a :+1: [reaction] to [pull requests you find important]. [reaction]: https://github.blog/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/ [pull requests you find important]: https://github.com/NixOS/nixpkgs/pulls?q=is%3Aopen+sort%3Areactions-%2B1-desc

The cliff notes are this:

NetworkManager will not ship with VPN plugins by default any more
All required VPN plugins need to be specified in networking.networkmanager.plugins

How to find the plugins you need?

Search on search.nixos.org
Check the list of plugins and builtins maintained by the upstream project. We should have support for most of them, so it can be a start to look up what’s required.

Finally, the list of plugins in nixpkgs

# via removed enableDefaultPlugins option
networkmanager-fortisslvpn
networkmanager-iodine
networkmanager-l2tp
networkmanager-openconnect
networkmanager-openvpn
networkmanager-sstp
networkmanager-vpnc
# via removed enableStrongSwan option
networkmanager-strongswan

The worst thing that can happen is that you update and NetworkManager will not be able to start or edit the VPN configuration. The configuration will not be lost and installing the relevant plugin will make it work again.