diff --git a/flake.lock b/flake.lock
index 598bc62..4711198 100644
--- a/flake.lock
+++ b/flake.lock
@@ -96,16 +96,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748162331,
-        "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
+        "lastModified": 1764983851,
+        "narHash": "sha256-y7RPKl/jJ/KAP/VKLMghMgXTlvNIJMHKskl8/Uuar7o=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
+        "rev": "d9bc5c7dceb30d8d6fafa10aeb6aa8a48c218454",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05",
+        "ref": "nixos-25.11",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 082f348..f1aa3eb 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
   description = "An opinionated Nixos Mailsystem";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
     flake-parts.url = "github:hercules-ci/flake-parts";
     flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
     treefmt-nix.url = "github:numtide/treefmt-nix";
diff --git a/mailsystem/dovecot.nix b/mailsystem/dovecot.nix
index 877c3e0..eddecc1 100644
--- a/mailsystem/dovecot.nix
+++ b/mailsystem/dovecot.nix
@@ -261,7 +261,7 @@ in {
 
     security.dhparams.params.dovecot2.bits = cfg.dovecot.dhparamSize;
 
-    systemd.services.dovecot2 = {
+    systemd.services.dovecot = {
       preStart = ''
         ${genAuthDbsScript}
         ${genMaildirScript}
diff --git a/mailsystem/postfix.nix b/mailsystem/postfix.nix
index 3e31cb6..7e9e752 100644
--- a/mailsystem/postfix.nix
+++ b/mailsystem/postfix.nix
@@ -63,9 +63,6 @@ in {
       hostname = "${cfg.reverseFqdn}";
       networksStyle = "host";
 
-      sslCert = sslCertPath;
-      sslKey = sslKeyPath;
-
       enableSubmissions = true;
 
       mapFiles."virtual_aliases" = aliases_file;
@@ -85,12 +82,17 @@ in {
         cleanup_service_name = "submission-header-cleanup";
       };
 
-      config = {
+      settings.main = {
         mydestination = "";
         recipient_delimiter = "+";
         smtpd_banner = "${cfg.fqdn} ESMTP NO UCE";
         disable_vrfy_command = true;
-        message_size_limit = toString cfg.messageSizeLimit;
+        message_size_limit = cfg.messageSizeLimit;
+
+        smtpd_tls_chain_files = [
+          sslKeyPath
+          sslCertPath
+        ];
 
         virtual_uid_maps = "static:${toString cfg.vmailUID}";
         virtual_gid_maps = "static:${toString cfg.vmailUID}";
@@ -165,7 +167,7 @@ in {
         smtpd_forbid_bare_newline_exclusions = "$mynetworks";
       };
 
-      masterConfig = {
+      settings.master = {
         "lmtp" = {
           # Add headers when delivering, see http://www.postfix.org/smtp.8.html
           # D => Delivered-To, O => X-Original-To, R => Return-Path
diff --git a/tests/aliases.nix b/tests/aliases.nix
index 4db867d..ac103ac 100644
--- a/tests/aliases.nix
+++ b/tests/aliases.nix
@@ -32,7 +32,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
     };
   };
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
     name = "aliases";
     nodes = {
       server = {pkgs, ...}: {
diff --git a/tests/basic.nix b/tests/basic.nix
index cdee2ad..f244817 100644
--- a/tests/basic.nix
+++ b/tests/basic.nix
@@ -16,7 +16,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
     };
   };
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
     name = "basic";
     nodes = {
       server = {pkgs, ...}: {
diff --git a/tests/internal.nix b/tests/internal.nix
index 8fccbfb..83f912d 100644
--- a/tests/internal.nix
+++ b/tests/internal.nix
@@ -1,5 +1,5 @@
 {pkgs, ...}:
-pkgs.nixosTest {
+pkgs.testers.nixosTest {
   name = "internal";
   nodes.machine = {...}: {
     imports = [./common/server.nix];
diff --git a/tests/rspamd.nix b/tests/rspamd.nix
index eb71ed6..e6176a9 100644
--- a/tests/rspamd.nix
+++ b/tests/rspamd.nix
@@ -30,7 +30,7 @@ with (import ./common/lib.nix {inherit pkgs;}); let
       domains
     );
 in
-  pkgs.nixosTest {
+  pkgs.testers.nixosTest {
     name = "rspamd";
     nodes = {
       server = {pkgs, ...}: {
@@ -151,12 +151,12 @@ in
           server.wait_until_fails('${pendingPostqueue}')
 
           client.succeed("${test-mark-spam "normal2"} >&2")
-          server.wait_until_succeeds("journalctl -u dovecot2 | grep -i learn-spam.sh >&2")
-          server.fail("journalctl -u dovecot2 | grep -i learn-spam.sh | grep -i error >&2")
+          server.wait_until_succeeds("journalctl -u dovecot | grep -i learn-spam.sh >&2")
+          server.fail("journalctl -u dovecot | grep -i learn-spam.sh | grep -i error >&2")
 
           client.succeed("${test-mark-ham "normal2"} >&2")
-          server.wait_until_succeeds("journalctl -u dovecot2 | grep -i learn-ham.sh >&2")
-          server.fail("journalctl -u dovecot2 | grep -i learn-ham.sh | grep -i error >&2")
+          server.wait_until_succeeds("journalctl -u dovecot | grep -i learn-ham.sh >&2")
+          server.fail("journalctl -u dovecot | grep -i learn-ham.sh | grep -i error >&2")
 
       with subtest("dkim signing"):
           client.succeed("${sendMail "normal2" "" accounts."normal".address ''