Release 25.12.1

This release is for x86 platforms, full testing has been performed with Lenovo X1 Carbon Gen11 and System76 Darter Pro

Supported Hardware

• Lenovo ThinkPad X1 Carbon Gen 10/11/12/13, Gen9 2-in-1
• Dell Latitude 7230, 7330
• Alienware M18
• System76 Darter Pro

What's Changed

• version:bump for the next release by @clayhill66 in #1574
• cosmic: enable nm in login, replace nm-applet with cosmi's builtin by @kajusnau in #1575
• docs: add 25.11.1 release note by @clayhill66 in #1576
• performance module by @kajusnau in #1542
• shfmt: enable shfmt to align all the shell scripts by @brianmcgillion in #1578
• build(deps): bump js-yaml from 4.1.0 to 4.1.1 in /docs in the npm_and_yarn group across 1 directory by @dependabot[bot] in #1572
• build(deps): bump github/codeql-action from 4.31.3 to 4.31.5 by @dependabot[bot] in #1584
• build(deps): bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #1583
• build(deps): bump astral-sh/setup-uv from 7.1.3 to 7.1.4 by @dependabot[bot] in #1585
• build(deps): bump starlight-blog from 0.25.0 to 0.25.1 in /docs by @dependabot[bot] in #1581
• build(deps): bump astro from 5.15.6 to 5.16.0 in /docs by @dependabot[bot] in #1582
• cosmic-applets: hide some buttons by @kajusnau in #1580
• modules/partitioning: fix disko builder permission error by @vadika in #1588
• unixbench: remove, it pull compilers to resulting closure by @avnik in #1589
• dynamic-hostname: fix Darter Pro uniqueness issue by @vadika in #1579
• docs: Add YubiKey integration documentation by @vunnyso in #1592
• modules/partitioning: remove xcp workaround by @Mic92 in #1593
• cosmic7: Update to the beta7 by @brianmcgillion in #1564
• AGX Industrial (64GB) target added by @emrahbillur in #1472
• jetpack-nixos: rebased by @brianmcgillion in #1591
• jetpack: fix cuda support by @brianmcgillion in #1595
• feat(givc): enable notifier and exec by @mbssrc in #1596
• Refactor cleanup by @brianmcgillion in #1594
• build(deps): bump github/codeql-action from 4.31.5 to 4.31.6 by @dependabot[bot] in #1598
• Implement PCI device management via vhotplug by @nesteroff in #1528
• performance: fix scheduler, fix dell performance by @kajusnau in #1586
• bump: docs depends and ghafpkgs by @brianmcgillion in #1604
• Ghaf kill switch GUI application by @vunnyso in #1577
• performance: add thermal limit adjustment option by @kajusnau in #1605
• Fix USB input devices hot-plugging by @nesteroff in #1608
• Firmware control by @brianmcgillion in #1607
• microvm: use a store image and not share /nix/store by @brianmcgillion in #1562
• iso: do not copy the system closure only the disk by @brianmcgillion in #1609
• givc: bump to include fix for shutdown hang by @kajusnau in #1610
• sysbench: Add back to the system PATH by @brianmcgillion in #1612
• devshell: add ghaf-flash to devshell, improve readability by @kajusnau in #1613
• cosmic: bump to cosmic beta 8 by @brianmcgillion in #1597
• Storedisk size and ghaf-vms (to list status) by @brianmcgillion in #1614
• killswitch: avoid re-blocking devices already in blocked state by @vunnyso in #1606
• bump: cosmic 9 by @brianmcgillion in #1616
• build(deps): bump github/codeql-action from 4.31.6 to 4.31.7 by @dependabot[bot] in #1618
• build(deps): bump step-security/harden-runner from 2.13.2 to 2.13.3 by @dependabot[bot] in #1621
• build(deps): bump astral-sh/setup-uv from 7.1.4 to 7.1.5 by @dependabot[bot] in #1620
• build(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #1619
• cosmic: add pre-defined layouts and layout config by @kajusnau in #1617
• Update docs deps 20251209 042454 by @brianmcgillion in #1626
• logging: add MaxFileSec for journald by @everton-dematos in #1565
• Upgrade docs deps 20251209 080940 by @brianmcgillion in #1627
• jetpack-nixos: bump by @TanelDettenborn in #1625
• Bump mid dec by @brianmcgillion in #1629
• GhA: stop building in github runners by @henrirosten in #1631
• Flatpak fix: add browser detection and launch support by @jkuro-tii in #1587
• fix: fix softlock on incorrect password by @kajusnau in #1633
• desktop: add proper light/dark themes, unify chrome vm colors by @kajusnau in #1636
• bot: improve the copilot reviews by @brianmcgillion in #1638
• audit: Centralize ordering and systemd service override by @everton-dematos in #1635
• audio: disable pipewire logs by default by @kajusnau in #1640
• build(deps): bump cachix/install-nix-action from 31.8.4 to 31.9.0 by @dependabot[bot] in #1645
• build(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #1644
• build(deps): bump astral-sh/setup-uv from 7.1.5 to 7.1.6 by @dependabot[bot] in #1643
• build(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.1 by @dependabot[bot] in #1642
• build(deps): bump step-security/harden-runner from 2.13.3 to 2.14.0 by @dependabot[bot] in #1641
• cosmic: bump to the latest stable by @brianmcgillion in #1632
• docs: bump by @brianmcgillion in #1648
• Update docs deps 20251216 073030 by @brianmcgillion in #1649
• Improve PCI device auto-detection and enable it in the demo-tower target for network devices by @nesteroff in #1650
• jetpack-nixos: bump by @TanelDettenborn in #1654
• 5080: switch to vhotplug network by @brianmcgillion in #1655
• Agx industrial ethernet by @emrahbillur in #1653
• build(deps): bump github/codeql-action from 4.31.7 to 4.31.9 by @dependabot[bot] in #1659
• ci/eval: rewrite script to use nix-eval-jobs --select by @Mic92 in #1658
• Pass NHLT table in intel-laptop target only when present on the host by @nesteroff in #1661
• docs: Add system logs architecture diagram and notes by @everton-dematos in #1662
• verity-images: Fix the installer to copy the image by @brianmcgillion in #1663
• audit/logging: add time-based audit log retention and journald transport label by @everton-dematos in #1656
• docs: add architecture notes on inter-VM channels, memory wipe, and secret handling by @vadika in #1666
• fix(pci-ports): start PCIe port range from 1 by @vunnyso in #1664
• Active Directory by @mbssrc in #1416
• Integrate Fleet MDM services by @vadika in #1590
• feat(installer): implement deferred disk encryption trigger by @vunnyso in #1670
• bump: wireguard-gui by @enesoztrk in #1615
• build(deps): bump astro from 5.16.5 to 5.16.7 in /docs by @dependabot[bot] in #1675
• build(deps): bump github/codeql-action from 4.31.9 to 4.31.10 by @dependabot[bot] in #1673
• build(deps): bump astral-sh/setup-uv from 7.1.6 to 7.2.0 by @dependabot[bot] in #1674

Full Changelog: ghaf-25.11.1...ghaf-25.12.1