wireapp · supersven · Feb 17, 2026 · Feb 16, 2026 · Feb 16, 2026 · Feb 16, 2026
@@ -0,0 +1 @@
+Upgrade wire-server's Nix env. Switch to nixpkgs `nixos-25.11` (the release branch).
@@ -3,7 +3,7 @@
 
   inputs = {
     self.submodules = true;
-    nixpkgs.url = "github:nixos/nixpkgs?rev=09b8fda8959d761445f12b55f380d90375a1d6bb";
+    nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.11";
     nixpkgs_24_11.url = "github:nixos/nixpkgs?ref=nixos-24.11";
     flake-utils.url = "github:numtide/flake-utils";
     tom-bombadil = {
@@ -16,10 +16,6 @@
       url = "github:wireapp/bloodhound?ref=wire-fork";
       flake = false;
     };
-    hsaml2 = {
-      url = "github:dylex/hsaml2?ref=main";
-      flake = false;
-    };
     hedis = {
       url = "github:wireapp/hedis?ref=wire-changes";
       flake = false;

@@ -7,6 +7,6 @@ DOMAIN=$2
 
 echo 'Creating RabbitMQ resources'
 
-curl --cacert /certs/rabbitmq-ca/ca.pem -u "$RABBITMQ_USERNAME:$RABBITMQ_PASSWORD" -X PUT "$ENDPOINT_URL/$DOMAIN"
+curl --cacert /certs/rabbitmq-ca/ca.crt -u "$RABBITMQ_USERNAME:$RABBITMQ_PASSWORD" -X PUT "$ENDPOINT_URL/$DOMAIN"
 
 echo "RabbitMQ vhost created successfully for $DOMAIN"
@@ -62,11 +62,6 @@ let
       src = inputs.bloodhound;
     };
 
-    # Merged PR https://github.com/dylex/hsaml2/pull/20
-    hsaml2 = {
-      src = inputs.hsaml2;
-    };
-
     # PR: https://github.com/informatikr/hedis/pull/224
     # PR: https://github.com/informatikr/hedis/pull/226
     # PR: https://github.com/informatikr/hedis/pull/227
@@ -170,23 +165,6 @@ let
   };
 
   hackagePins = {
-    # start pinned dependencies for http2
-    http-semantics = {
-      version = "0.4.0";
-      sha256 = "sha256-rh0z51EKvsu5rQd5n2z3fSRjjEObouNZSBPO9NFYOF0=";
-    };
-
-    network-run = {
-      version = "0.5.0";
-      sha256 = "sha256-vbXh+CzxDsGApjqHxCYf/ijpZtUCApFbkcF5gyN0THU=";
-    };
-
-    time-manager = {
-      version = "0.2.4";
-      sha256 = "sha256-sAt/331YLQ2IU3z90aKYSq1nxoazv87irsuJp7ZG3pw=";
-    };
-    # end pinned dependencies for http2
-
     # This pin should not be necessary. However, without it, Nix tries to fetch
     # the sources from the `amazonka` package and fails.
     # Fix: https://github.com/NixOS/nixpkgs/pull/409098
@@ -205,9 +183,11 @@ let
       version = "3.4.12";
       sha256 = "sha256-Y9xQ1wBbBtSZ4qw3yTGSYX27qi2uFRDJVtAdmQqRnFQ=";
     };
-    http2 = {
-      version = "5.4.0";
-      sha256 = "sha256-PeEWVd61bQ8G7LvfLeXklzXqNJFaAjE2ecRMWJZESPE=";
+
+    # Version freshly released, thus not in nixpkgs, yet: https://github.com/dylex/hsaml2/issues/21
+    hsaml2 = {
+      version = "0.2.0";
+      sha256 = "sha256-kEalrs79uI8CMaVa7suYEzeer/YqFoJOqkV+LhiUwY4=";
     };
   };
   # Name -> Source -> Maybe Subpath -> Drv

@@ -31,6 +31,9 @@ hself: hsuper: {
   hasql-transaction = hlib.dontCheck hsuper.hasql-transaction; # users 1.2.1 from nixpkgs
   postgresql-binary = hlib.dontCheck (hsuper.postgresql-binary);
 
+  # Test fixtures don't seem to be bundled for Hackage
+  hsaml2 = hlib.dontCheck (hsuper.hsaml2);
+
   # ---------------------
   # need to be jailbroken
   # (these need to be fixed upstream eventually)
@@ -86,6 +89,10 @@ hself: hsuper: {
   # warp requires curl in its testsuite
   warp = hlib.addTestToolDepends hsuper.warp [ curl ];
 
+  http-semantics = hsuper.http-semantics_0_4_0;
+  network-run = hsuper.network-run_0_5_0;
+  http2 = hsuper.http2_5_4_0;
+
   # -----------------
   # flags and patches
   # (these are fine)
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Upgrade wire-server's Nix env. Switch to nixpkgs `nixos-25.11` (the release branch).