unittest-cpp: init at 1.6.1

(cherry picked from commit 800a379cb3)

default.nix

@@ -1,6 +1,8 @@
-if ! builtins ? nixVersion || builtins.compareVersions "1.8" builtins.nixVersion == 1 then
+let requiredVersion = "1.8"; in
 
-  abort "This version of Nixpkgs requires Nix >= 1.8, please upgrade! See https://nixos.org/wiki/How_to_update_when_nix_is_too_old_to_evaluate_nixpkgs"
+if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.nixVersion == 1 then
+
+  abort "This version of Nixpkgs requires Nix >= ${requiredVersion}, please upgrade! See https://nixos.org/wiki/How_to_update_when_Nix_is_too_old_to_evaluate_Nixpkgs"
 
 else
 

doc/functions.xml

@@ -236,6 +236,20 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
     <literal>runScript</literal> parameter, which is a command that would be
     executed inside the sandbox and passed all the command line arguments. It
     default to <literal>bash</literal>.
+  </para>
+  <para>
+    It also uses <literal>CHROOTENV_EXTRA_BINDS</literal> environment variable
+    for binding extra directories in the sandbox to outside places. The format of
+    the variable is <literal>/mnt=test-mnt:/data</literal>, where
+    <literal>/mnt</literal> would be mounted as <literal>/test-mnt</literal>
+    and <literal>/data</literal> would be mounted as <literal>/data</literal>.
+    <literal>extraBindMounts</literal> array argument to
+    <function>buildFHSUserEnv</function> function is prepended to this variable.
+    Latter entries take priority if defined several times -- i.e. in case of
+    <literal>/data=data1:/data=data2</literal> the actual bind path would be
+    <literal>/data2</literal>.
+  </para>
+  <para>
     One can create a simple environment using a <literal>shell.nix</literal>
     like that:
   </para>

lib/customisation.nix

@@ -164,4 +164,23 @@ rec {
       drv' = (lib.head outputsList).value;
     in lib.deepSeq drv' drv';
 
+  /* Make a set of packages with a common scope. All packages called
+     with the provided `callPackage' will be evaluated with the same
+     arguments. Any package in the set may depend on any other. The
+     `override' function allows subsequent modification of the package
+     set in a consistent way, i.e. all packages in the set will be
+     called with the overridden packages. The package sets may be
+     hierarchical: the packages in the set are called with the scope
+     provided by `newScope' and the set provides a `newScope' attribute
+     which can form the parent scope for later package sets. */
+  makeScope = newScope: f:
+    let self = f self // {
+          newScope = scope: newScope (self // scope);
+          callPackage = self.newScope {};
+          override = g: makeScope newScope (self_:
+            let super = f self_;
+            in super // g super self_);
+        };
+    in self;
+
 }

lib/licenses.nix

@@ -155,6 +155,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
     fullName = "GNU Free Documentation License v1.2";
   };
 
+  fdl13 = spdx {
+    spdxId = "GFDL-1.3";
+    fullName = "GNU Free Documentation License v1.2";
+  };
+
   free = {
     fullName = "Unspecified free software license";
   };

lib/maintainers.nix

@@ -7,6 +7,7 @@
      so it's easy to ping a package @maintainer.
   */
 
+  aaronschif = "Aaron Schif <aaronschif@gmail.com>";
   abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
   abbradar = "Nikolay Amiantov <ab@fmap.me>";
   adev	   = "Adrien Devresse <adev@adev.name>";
@@ -85,10 +86,11 @@
   eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
   eikek = "Eike Kettner <eike.kettner@posteo.de>";
   ellis = "Ellis Whitehead <nixos@ellisw.net>";
-  emery = "Emery Hemingway <emery@vfemail.net>";
+  ehmry = "Emery Hemingway <emery@vfemail.net>";
   epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
   ericbmerritt = "Eric Merritt <eric@afiniate.com>";
   ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
+  exi = "Reno Reckling <nixos@reckling.org>";
   exlevan = "Alexey Levan <exlevan@gmail.com>";
   falsifian = "James Cook <james.cook@utoronto.ca>";
   flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
@@ -168,12 +170,14 @@
   mathnerd314 = "Mathnerd314 <mathnerd314.gph+hs@gmail.com>";
   matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
   mbakke = "Marius Bakke <ymse@tuta.io>";
+  mcmtroffaes = "Matthias C. M. Troffaes <matthias.troffaes@gmail.com>";
   meditans = "Carlo Nucera <meditans@gmail.com>";
   meisternu = "Matt Miemiec <meister@krutt.org>";
   michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
   mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
   mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
   modulistic = "Pablo Costa <modulistic@gmail.com>";
+  mog = "Matthew O'Gorman <mog-lists@rldn.net>";
   mornfall = "Petr Ročkai <me@mornfall.net>";
   MP2E = "Cray Elliott <MP2E@archlinux.us>";
   msackman = "Matthew Sackman <matthew@wellquite.org>";
@@ -197,9 +201,10 @@
   pakhfn = "Fedor Pakhomov <pakhfn@gmail.com>";
   pashev = "Igor Pashev <pashev.igor@gmail.com>";
   pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
-  phausmann = "Philipp Hausmann <nix@314.ch>";
+  phile314 = "Philipp Hausmann <nix@314.ch>";
   philandstuff = "Philip Potter <philip.g.potter@gmail.com>";
   phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
+  phunehehe = "Hoang Xuan Phu <phunehehe@gmail.com>";
   pierron = "Nicolas B. Pierron <nixos@nbp.name>";
   piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
   pjones = "Peter Jones <pjones@devalot.com>";
@@ -243,6 +248,7 @@
   skeidel = "Sven Keidel <svenkeidel@gmail.com>";
   smironov = "Sergey Mironov <ierton@gmail.com>";
   spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
+  spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";
   sprock = "Roger Mason <rmason@mun.ca>";
   spwhitt = "Spencer Whitt <sw@swhitt.me>";
   stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
@@ -256,6 +262,7 @@
   theuni = "Christian Theune <ct@flyingcircus.io>";
   thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
   titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
+  tokudan = "Daniel Frank <git@danielfrank.net>";
   tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
   travisbhartwell = "Travis B. Hartwell <nafai@travishartwell.net>";
   trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";

lib/strings.nix

@@ -185,9 +185,13 @@ rec {
   versionAtLeast = v1: v2: !versionOlder v1 v2;
 
 
-  # Get the version of the specified derivation, as specified in its
-  # ‘name’ attribute.
-  getVersion = drv: (builtins.parseDrvName drv.name).version;
+  # This function takes an argument that's either a derivation or a
+  # derivation's "name" attribute and extracts the version part from that
+  # argument. For example:
+  #
+  #    lib.getVersion "youtube-dl-2016.01.01" ==> "2016.01.01"
+  #    lib.getVersion pkgs.youtube-dl         ==> "2016.01.01"
+  getVersion = x: (builtins.parseDrvName (x.name or x)).version;
 
 
   # Extract name with version from URL. Ask for separator which is

lib/trivial.nix

@@ -12,8 +12,46 @@ rec {
   and = x: y: x && y;
   mergeAttrs = x: y: x // y;
 
-  # Take a function and evaluate it with its own returned value.
-  fix = f: let result = f result; in result;
+  # Compute the fixed point of the given function `f`, which is usually an
+  # attribute set that expects its final, non-recursive representation as an
+  # argument:
+  #
+  #     f = self: { foo = "foo"; bar = "bar"; foobar = self.foo + self.bar; }
+  #
+  # Nix evaluates this recursion until all references to `self` have been
+  # resolved. At that point, the final result is returned and `f x = x` holds:
+  #
+  #     nix-repl> fix f
+  #     { bar = "bar"; foo = "foo"; foobar = "foobar"; }
+  #
+  # See https://en.wikipedia.org/wiki/Fixed-point_combinator for further
+  # details.
+  fix = f: let x = f x; in x;
+
+  # A variant of `fix` that records the original recursive attribute set in the
+  # result. This is useful in combination with the `extends` function to
+  # implement deep overriding. See pkgs/development/haskell-modules/default.nix
+  # for a concrete example.
+  fix' = f: let x = f x // { __unfix__ = f; }; in x;
+
+  # Modify the contents of an explicitly recursive attribute set in a way that
+  # honors `self`-references. This is accomplished with a function
+  #
+  #     g = self: super: { foo = super.foo + " + "; }
+  #
+  # that has access to the unmodified input (`super`) as well as the final
+  # non-recursive representation of the attribute set (`self`). `extends`
+  # differs from the native `//` operator insofar as that it's applied *before*
+  # references to `self` are resolved:
+  #
+  #     nix-repl> fix (extends g f)
+  #     { bar = "bar"; foo = "foo + "; foobar = "foo + bar"; }
+  #
+  # The name of the function is inspired by object-oriented inheritance, i.e.
+  # think of it as an infix operator `g extends f` that mimics the syntax from
+  # Java. It may seem counter-intuitive to have the "base class" as the second
+  # argument, but it's nice this way if several uses of `extends` are cascaded.
+  extends = f: rattrs: self: let super = rattrs self; in super // f self super;
 
   # Flip the order of the arguments of a binary function.
   flip = f: a: b: f b a;

lib/types.nix

@@ -213,11 +213,18 @@ rec {
         substSubModules = m: submodule m;
       };
 
-    enum = values: mkOptionType {
-      name = "one of ${concatStringsSep ", " values}";
-      check = flip elem values;
-      merge = mergeOneOption;
-    };
+    enum = values:
+      let
+        show = v:
+               if builtins.isString v then ''"${v}"''
+          else if builtins.isInt v then builtins.toString v
+          else ''<${builtins.typeOf v}>'';
+      in
+      mkOptionType {
+        name = "one of ${concatMapStringsSep ", " show values}";
+        check = flip elem values;
+        merge = mergeOneOption;
+      };
 
     either = t1: t2: mkOptionType {
       name = "${t1.name} or ${t2.name}";

maintainers/scripts/copy-tarballs.pl

@@ -1,97 +1,151 @@
-#! /run/current-system/sw/bin/perl -w
+#! /usr/bin/env nix-shell
+#! nix-shell -i perl -p perl perlPackages.NetAmazonS3 nixUnstable
+
+# This command uploads tarballs to tarballs.nixos.org, the
+# content-addressed cache used by fetchurl as a fallback for when
+# upstream tarballs disappear or change. Usage:
+#
+# 1) To upload a single file:
+#
+#    $ copy-tarballs.pl --file /path/to/tarball.tar.gz
+#
+# 2) To upload all files obtained via calls to fetchurl in a Nix derivation:
+#
+#    $ copy-tarballs.pl --expr '(import <nixpkgs> {}).hello'
 
 use strict;
-use XML::Simple;
+use warnings;
 use File::Basename;
 use File::Path;
-use File::Copy 'cp';
-use IPC::Open2;
+use JSON;
+use Net::Amazon::S3;
 use Nix::Store;
 
-my $myDir = dirname($0);
+# S3 setup.
+my $aws_access_key_id = $ENV{'AWS_ACCESS_KEY_ID'} or die;
+my $aws_secret_access_key = $ENV{'AWS_SECRET_ACCESS_KEY'} or die;
 
-my $tarballsCache = $ENV{'NIX_TARBALLS_CACHE'} // "/tarballs";
+my $s3 = Net::Amazon::S3->new(
+    { aws_access_key_id     => $aws_access_key_id,
+      aws_secret_access_key => $aws_secret_access_key,
+      retry                 => 1,
+    });
 
-my $xml = `nix-instantiate --eval-only --xml --strict '<nixpkgs/maintainers/scripts/find-tarballs.nix>'`;
-die "$0: evaluation failed\n" if $? != 0;
+my $bucket = $s3->bucket("nixpkgs-tarballs") or die;
 
-my $data = XMLin($xml) or die;
-
-mkpath($tarballsCache);
-mkpath("$tarballsCache/md5");
-mkpath("$tarballsCache/sha1");
-mkpath("$tarballsCache/sha256");
-
-foreach my $file (@{$data->{list}->{attrs}}) {
-    my $url = $file->{attr}->{url}->{string}->{value};
-    my $algo = $file->{attr}->{type}->{string}->{value};
-    my $hash = $file->{attr}->{hash}->{string}->{value};
-
-    if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
-        print STDERR "skipping $url (unsupported scheme)\n";
-        next;
-    }
-
-    $url =~ /([^\/]+)$/;
-    my $fn = $1;
-
-    if (!defined $fn) {
-        print STDERR "skipping $url (no file name)\n";
-        next;
-    }
-
-    if ($fn =~ /[&?=%]/ || $fn =~ /^\./) {
-        print STDERR "skipping $url (bad character in file name)\n";
-        next;
-    }
-
-    if ($fn !~ /[a-zA-Z]/) {
-        print STDERR "skipping $url (no letter in file name)\n";
-        next;
-    }
-
-    if ($fn !~ /[0-9]/) {
-        print STDERR "skipping $url (no digit in file name)\n";
-        next;
-    }
-
-    if ($fn !~ /[-_\.]/) {
-        print STDERR "skipping $url (no dash/dot/underscore in file name)\n";
-        next;
-    }
-
-    my $dstPath = "$tarballsCache/$fn";
-
-    next if -e $dstPath;
-
-    print "downloading $url to $dstPath...\n";
-
-    next if $ENV{DRY_RUN};
-
-    $ENV{QUIET} = 1;
-    $ENV{PRINT_PATH} = 1;
-    my $fh;
-    my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
-    waitpid($pid, 0) or die;
-    if ($? != 0) {
-        print STDERR "failed to fetch $url: $?\n";
-        next;
-    }
-    <$fh>; my $storePath = <$fh>; chomp $storePath;
-
-    die unless -e $storePath;
-
-    cp($storePath, $dstPath) or die;
-
-    my $md5 = hashFile("md5", 0, $storePath) or die;
-    symlink("../$fn", "$tarballsCache/md5/$md5");
-
-    my $sha1 = hashFile("sha1", 0, $storePath) or die;
-    symlink("../$fn", "$tarballsCache/sha1/$sha1");
-
-    my $sha256 = hashFile("sha256", 0, $storePath) or die;
-    symlink("../$fn", "$tarballsCache/sha256/$sha256");
-
-    $sha256 = hashFile("sha256", 1, $storePath) or die;
-    symlink("../$fn", "$tarballsCache/sha256/$sha256");
+sub alreadyMirrored {
+    my ($algo, $hash) = @_;
+    return defined $bucket->get_key("$algo/$hash");
+}
+
+sub uploadFile {
+    my ($fn, $name) = @_;
+
+    my $md5_16 = hashFile("md5", 0, $fn) or die;
+    my $sha1_16 = hashFile("sha1", 0, $fn) or die;
+    my $sha256_32 = hashFile("sha256", 1, $fn) or die;
+    my $sha256_16 = hashFile("sha256", 0, $fn) or die;
+    my $sha512_32 = hashFile("sha512", 1, $fn) or die;
+    my $sha512_16 = hashFile("sha512", 0, $fn) or die;
+
+    my $mainKey = "sha512/$sha512_16";
+
+    # Upload the file as sha512/<hash-in-base-16>.
+    print STDERR "uploading $fn to $mainKey...\n";
+    $bucket->add_key_filename($mainKey, $fn, { 'x-amz-meta-original-name' => $name })
+        or die "failed to upload $fn to $mainKey\n";
+
+    # Create redirects from the other hash types.
+    sub redirect {
+        my ($name, $dest) = @_;
+        #print STDERR "linking $name to $dest...\n";
+        $bucket->add_key($name, "", { 'x-amz-website-redirect-location' => "/" . $dest })
+            or die "failed to create redirect from $name to $dest\n";
+    }
+    redirect "md5/$md5_16", $mainKey;
+    redirect "sha1/$sha1_16", $mainKey;
+    redirect "sha256/$sha256_32", $mainKey;
+    redirect "sha256/$sha256_16", $mainKey;
+    redirect "sha512/$sha512_32", $mainKey;
+}
+
+my $op = shift @ARGV;
+
+if ($op eq "--file") {
+    my $res = 0;
+    foreach my $fn (@ARGV) {
+	eval {
+	    if (alreadyMirrored("sha512", hashFile("sha512", 0, $fn))) {
+		print STDERR "$fn is already mirrored\n";
+	    } else {
+		uploadFile($fn, basename $fn);
+	    }
+	};
+	if ($@) {
+	    warn "$@\n";
+	    $res = 1;
+	}
+    }
+    exit $res;
+}
+
+elsif ($op eq "--expr") {
+
+    # Evaluate find-tarballs.nix.
+    my $expr = $ARGV[0] // die "$0: --expr requires a Nix expression\n";
+    my $pid = open(JSON, "-|", "nix-instantiate", "--eval-only", "--json", "--strict",
+                   "<nixpkgs/maintainers/scripts/find-tarballs.nix>",
+                   "--arg", "expr", $expr);
+    my $stdout = <JSON>;
+    waitpid($pid, 0);
+    die "$0: evaluation failed\n" if $?;
+    close JSON;
+
+    my $fetches = decode_json($stdout);
+
+    print STDERR "evaluation returned ", scalar(@{$fetches}), " tarballs\n";
+
+    # Check every fetchurl call discovered by find-tarballs.nix.
+    my $mirrored = 0;
+    my $have = 0;
+    foreach my $fetch (@{$fetches}) {
+        my $url = $fetch->{url};
+        my $algo = $fetch->{type};
+        my $hash = $fetch->{hash};
+
+        if ($url !~ /^http:/ && $url !~ /^https:/ && $url !~ /^ftp:/ && $url !~ /^mirror:/) {
+            print STDERR "skipping $url (unsupported scheme)\n";
+            next;
+        }
+
+        if (alreadyMirrored($algo, $hash)) {
+            $have++;
+            next;
+        }
+
+        print STDERR "mirroring $url...\n";
+
+        next if $ENV{DRY_RUN};
+
+        # Download the file using nix-prefetch-url.
+        $ENV{QUIET} = 1;
+        $ENV{PRINT_PATH} = 1;
+        my $fh;
+        my $pid = open($fh, "-|", "nix-prefetch-url", "--type", $algo, $url, $hash) or die;
+        waitpid($pid, 0) or die;
+        if ($? != 0) {
+            print STDERR "failed to fetch $url: $?\n";
+            next;
+        }
+        <$fh>; my $storePath = <$fh>; chomp $storePath;
+
+        uploadFile($storePath, $url);
+        $mirrored++;
+    }
+
+    print STDERR "mirrored $mirrored files, already have $have files\n";
+}
+
+else {
+    die "Syntax: $0 --file FILENAMES... | --expr EXPR\n";
 }

maintainers/scripts/find-tarballs.nix

@@ -4,9 +4,11 @@
 with import ../.. { };
 with lib;
 
+{ expr ? removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ] }:
+
 let
 
-  root = removeAttrs (import ../../pkgs/top-level/release.nix { }) [ "tarball" "unstable" ];
+  root = expr;
 
   uniqueUrls = map (x: x.file) (genericClosure {
     startSet = map (file: { key = file.url; inherit file; }) urls;
@@ -15,7 +17,10 @@ let
 
   urls = map (drv: { url = head drv.urls; hash = drv.outputHash; type = drv.outputHashAlgo; }) fetchurlDependencies;
 
-  fetchurlDependencies = filter (drv: drv.outputHash or "" != "" && drv ? urls) dependencies;
+  fetchurlDependencies =
+    filter
+      (drv: drv.outputHash or "" != "" && drv.outputHashMode == "flat" && drv.postFetch or "" == "" && drv ? urls)
+      dependencies;
 
   dependencies = map (x: x.value) (genericClosure {
     startSet = map keyDrv (derivationsIn' root);

nixos/doc/manual/default.nix

@@ -31,10 +31,8 @@ let
     else
       fn;
 
-  # Convert the list of options into an XML file.  The builtin
-  # unsafeDiscardStringContext is used to prevent the realisation of
-  # the store paths which are used in options definitions.
-  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList'));
+  # Convert the list of options into an XML file.
+  optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList');
 
   optionsDocBook = runCommand "options-db.xml" {} ''
     optionsXML=${optionsXML}
@@ -139,6 +137,8 @@ in rec {
     ''; # */
 
     meta.description = "The NixOS manual in HTML format";
+
+    allowedReferences = ["out"];
   };
 
   manualPDF = stdenv.mkDerivation {
@@ -190,6 +190,8 @@ in rec {
         ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
         ./man-pages.xml
     '';
+
+    allowedReferences = ["out"];
   };
 
 }

nixos/lib/make-disk-image.nix

@@ -22,12 +22,13 @@
 , # Shell code executed after the VM has finished.
   postVM ? ""
 
+, name ? "nixos-disk-image"
 }:
 
 with lib;
 
 pkgs.vmTools.runInLinuxVM (
-  pkgs.runCommand "nixos-disk-image"
+  pkgs.runCommand name
     { preVM =
         ''
           mkdir $out
@@ -39,6 +40,7 @@ pkgs.vmTools.runInLinuxVM (
       exportReferencesGraph =
         [ "closure" config.system.build.toplevel ];
       inherit postVM;
+      memSize = 1024;
     }
     ''
       ${if partitioned then ''
@@ -109,7 +111,7 @@ pkgs.vmTools.runInLinuxVM (
       umount /mnt/proc /mnt/dev /mnt/sys
       umount /mnt
 
-      # Do an fsck to make sure resize2fs works.
+      # Do a fsck to make sure resize2fs works.
       fsck.${fsType} -f -y $rootDisk
     ''
 )

nixos/lib/make-iso9660-image.nix

@@ -39,7 +39,6 @@
 
 , # The volume ID.
   volumeID ? ""
-
 }:
 
 assert bootable -> bootImage != "";
@@ -47,7 +46,7 @@ assert efiBootable -> efiBootImage != "";
 assert usbBootable -> isohybridMbrImage != "";
 
 stdenv.mkDerivation {
-  name = "iso9660-image";
+  name = isoName;
   builder = ./make-iso9660-image.sh;
   buildInputs = [perl xorriso syslinux];
 

nixos/lib/make-iso9660-image.sh

@@ -129,3 +129,4 @@ fi
 
 mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
+echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products

nixos/lib/test-driver/Machine.pm

@@ -538,7 +538,7 @@ sub waitForX {
         retry sub {
             my ($status, $out) = $self->execute("journalctl -b SYSLOG_IDENTIFIER=systemd | grep 'session opened'");
             return 0 if $status != 0;
-            ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
+            ($status, $out) = $self->execute("[ -e /tmp/.X11-unix/X0 ]");
             return 1 if $status == 0;
         }
     });

nixos/modules/config/debug-info.nix

@@ -0,0 +1,46 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options = {
+
+    environment.enableDebugInfo = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Some NixOS packages provide debug symbols. However, these are
+        not included in the system closure by default to save disk
+        space. Enabling this option causes the debug symbols to appear
+        in <filename>/run/current-system/sw/lib/debug/.build-id</filename>,
+        where tools such as <command>gdb</command> can find them.
+        If you need debug symbols for a package that doesn't
+        provide them by default, you can enable them as follows:
+        <!-- FIXME: ugly, see #10721 -->
+        <programlisting>
+        nixpkgs.config.packageOverrides = pkgs: {
+          hello = overrideDerivation pkgs.hello (attrs: {
+            outputs = attrs.outputs or ["out"] ++ ["debug"];
+            buildInputs = attrs.buildInputs ++ [&lt;nixpkgs/pkgs/build-support/setup-hooks/separate-debug-info.sh>];
+          });
+        };
+        </programlisting>
+      '';
+    };
+
+  };
+
+
+  config = {
+
+    # FIXME: currently disabled because /lib is already in
+    # environment.pathsToLink, and we can't have both.
+    #environment.pathsToLink = [ "/lib/debug/.build-id" ];
+
+    environment.outputsToLink =
+      optional config.environment.enableDebugInfo "debug";
+
+  };
+
+}

nixos/modules/config/shells-environment.nix

@@ -70,8 +70,8 @@ in
       type = types.attrsOf (types.listOf types.str);
       example = { PATH = [ "/bin" "/sbin" ]; MANPATH = [ "/man" "/share/man" ]; };
       description = ''
-	Attribute set of environment variable.  Each attribute maps to a list
-	of relative paths.  Each relative path is appended to the each profile
+        Attribute set of environment variable.  Each attribute maps to a list
+        of relative paths.  Each relative path is appended to the each profile
         of <option>environment.profiles</option> to form the content of the
         corresponding environment variable.
       '';
@@ -136,6 +136,7 @@ in
         "''${pkgs.dash}/bin/dash"
       '';
       type = types.path;
+      visible = false;
       description = ''
         The shell executable that is linked system-wide to
         <literal>/bin/sh</literal>. Please note that NixOS assumes all

nixos/modules/config/system-path.nix

@@ -34,7 +34,6 @@ let
       pkgs.xz
       pkgs.less
       pkgs.libcap
-      pkgs.man
       pkgs.nano
       pkgs.ncurses
       pkgs.netcat
@@ -78,8 +77,16 @@ in
         # to work.
         default = [];
         example = ["/"];
-        description = "List of directories to be symlinked in `/run/current-system/sw'.";
+        description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>.";
       };
+
+      outputsToLink = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = [ "doc" ];
+        description = "List of package outputs to be symlinked into <filename>/run/current-system/sw</filename>.";
+      };
+
     };
 
     system = {
@@ -103,9 +110,7 @@ in
       [ "/bin"
         "/etc/xdg"
         "/info"
-        "/lib" # FIXME: remove
-        #"/lib/debug/.build-id" # enables GDB to find separated debug info
-        "/man"
+        "/lib" # FIXME: remove and update debug-info.nix
         "/sbin"
         "/share/applications"
         "/share/desktop-directories"
@@ -113,7 +118,6 @@ in
         "/share/emacs"
         "/share/icons"
         "/share/info"
-        "/share/man"
         "/share/menus"
         "/share/mime"
         "/share/nano"
@@ -126,7 +130,7 @@ in
     system.path = pkgs.buildEnv {
       name = "system-path";
       paths = config.environment.systemPackages;
-      inherit (config.environment) pathsToLink;
+      inherit (config.environment) pathsToLink outputsToLink;
       ignoreCollisions = true;
       # !!! Hacky, should modularise.
       postBuild =

nixos/modules/installer/cd-dvd/channel.nix

@@ -17,7 +17,9 @@ let
       mkdir -p $out
       cp -prd ${pkgs.path} $out/nixos
       chmod -R u+w $out/nixos
-      ln -s . $out/nixos/nixpkgs
+      if [ ! -e $out/nixos/nixpkgs ]; then
+        ln -s . $out/nixos/nixpkgs
+      fi
       rm -rf $out/nixos/.git
       echo -n ${config.system.nixosVersionSuffix} > $out/nixos/.version-suffix
     '';

nixos/modules/installer/cd-dvd/iso-image.nix

@@ -43,6 +43,13 @@ let
     LINUX /boot/bzImage
     APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
     INITRD /boot/initrd
+
+    # A variant to boot with 'nomodeset'
+    LABEL boot-nomodeset
+    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (with nomodeset)
+    LINUX /boot/bzImage
+    APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset
+    INITRD /boot/initrd
   '';
 
   isolinuxMemtest86Entry = ''
@@ -59,10 +66,18 @@ let
     mkdir -p $out/EFI/boot
     cp -v ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi
     mkdir -p $out/loader/entries
+
     echo "title NixOS Live CD" > $out/loader/entries/nixos-livecd.conf
     echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd.conf
     echo "initrd /boot/initrd" >> $out/loader/entries/nixos-livecd.conf
     echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> $out/loader/entries/nixos-livecd.conf
+
+    # A variant to boot with 'nomodeset'
+    echo "title NixOS Live CD (with nomodeset)" > $out/loader/entries/nixos-livecd-nomodeset.conf
+    echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+    echo "initrd /boot/initrd" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+    echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+
     echo "default nixos-livecd" > $out/loader/loader.conf
     echo "timeout ${builtins.toString config.boot.loader.gummiboot.timeout}" >> $out/loader/loader.conf
   '';
@@ -230,7 +245,6 @@ in
     boot.kernelParams =
       [ "root=LABEL=${config.isoImage.volumeID}"
         "boot.shell_on_fail"
-        "nomodeset"
       ];
 
     fileSystems."/" =

nixos/modules/installer/tools/auto-upgrade.nix

@@ -42,6 +42,17 @@ let cfg = config.system.autoUpgrade; in
         '';
       };
 
+      dates = mkOption {
+        default = "04:40";
+        type = types.str;
+        description = ''
+          Specification (in the format described by
+          <citerefentry><refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>) of the time at
+          which the update will occur.
+        '';
+      };
+
     };
 
   };
@@ -70,10 +81,10 @@ let cfg = config.system.autoUpgrade; in
       path = [ pkgs.gnutar pkgs.xz config.nix.package ];
 
       script = ''
-        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild test ${toString cfg.flags}
+        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}
       '';
 
-      startAt = mkIf cfg.enable "04:40";
+      startAt = optionalString cfg.enable cfg.dates;
     };
 
   };

nixos/modules/installer/tools/nixos-generate-config.pl

@@ -148,7 +148,7 @@ sub pciCheck {
          $device eq "0x4331" || $device eq "0x43a0" || $device eq "0x43b1"
         ) )
      {
-        push @modulePackages, "\${config.boot.kernelPackages.broadcom_sta}";
+        push @modulePackages, "config.boot.kernelPackages.broadcom_sta";
         push @kernelModules, "wl";
      }
 
@@ -406,13 +406,20 @@ EOF
 
 # Generate the hardware configuration file.
 
-sub toNixExpr {
+sub toNixStringList {
     my $res = "";
     foreach my $s (@_) {
         $res .= " \"$s\"";
     }
     return $res;
 }
+sub toNixList {
+    my $res = "";
+    foreach my $s (@_) {
+        $res .= " $s";
+    }
+    return $res;
+}
 
 sub multiLineList {
     my $indent = shift;
@@ -428,9 +435,9 @@ sub multiLineList {
     return $res;
 }
 
-my $initrdAvailableKernelModules = toNixExpr(uniq @initrdAvailableKernelModules);
-my $kernelModules = toNixExpr(uniq @kernelModules);
-my $modulePackages = toNixExpr(uniq @modulePackages);
+my $initrdAvailableKernelModules = toNixStringList(uniq @initrdAvailableKernelModules);
+my $kernelModules = toNixStringList(uniq @kernelModules);
+my $modulePackages = toNixList(uniq @modulePackages);
 
 my $fsAndSwap = "";
 if (!$noFilesystems) {

nixos/modules/misc/ids.nix

@@ -229,6 +229,7 @@
       riak = 205;
       shout = 206;
       gateone = 207;
+      nm-openvpn = 217;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -436,6 +437,7 @@
       riak = 205;
       #shout = 206; #unused
       gateone = 207;
+      nm-openvpn = 217;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/module-list.nix

@@ -1,7 +1,8 @@
 [
+  ./config/debug-info.nix
   ./config/fonts/corefonts.nix
-  ./config/fonts/fontconfig.nix
   ./config/fonts/fontconfig-ultimate.nix
+  ./config/fonts/fontconfig.nix
   ./config/fonts/fontdir.nix
   ./config/fonts/fonts.nix
   ./config/fonts/ghostscript.nix
@@ -22,9 +23,9 @@
   ./config/system-environment.nix
   ./config/system-path.nix
   ./config/timezone.nix
-  ./config/vpnc.nix
   ./config/unix-odbc-drivers.nix
   ./config/users-groups.nix
+  ./config/vpnc.nix
   ./config/zram.nix
   ./hardware/all-firmware.nix
   ./hardware/cpu/amd-microcode.nix
@@ -61,9 +62,11 @@
   ./programs/command-not-found/command-not-found.nix
   ./programs/dconf.nix
   ./programs/environment.nix
+  ./programs/freetds.nix
   ./programs/ibus.nix
   ./programs/kbdlight.nix
   ./programs/light.nix
+  ./programs/man.nix
   ./programs/nano.nix
   ./programs/screen.nix
   ./programs/shadow.nix
@@ -73,7 +76,6 @@
   ./programs/uim.nix
   ./programs/venus.nix
   ./programs/wvdial.nix
-  ./programs/freetds.nix
   ./programs/xfs_quota.nix
   ./programs/zsh/zsh.nix
   ./rename.nix
@@ -116,6 +118,7 @@
   ./services/computing/slurm/slurm.nix
   ./services/continuous-integration/jenkins/default.nix
   ./services/continuous-integration/jenkins/slave.nix
+  ./services/continuous-integration/jenkins/job-builder.nix
   ./services/databases/4store-endpoint.nix
   ./services/databases/4store.nix
   ./services/databases/couchdb.nix

nixos/modules/programs/man.nix

@@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+  options = {
+
+    programs.man.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to enable manual pages and the <command>man</command> command.
+      '';
+    };
+
+  };
+
+
+  config = mkIf config.programs.man.enable {
+
+    environment.systemPackages = [ pkgs.man ];
+
+    environment.pathsToLink = [ "/share/man" ];
+
+    environment.outputsToLink = [ "man" ];
+
+  };
+
+}

nixos/modules/programs/ssh.nix

@@ -36,7 +36,6 @@ in
 
       askPassword = mkOption {
         type = types.str;
-        default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
         description = ''Program used by SSH to ask for passwords.'';
       };
 
@@ -223,5 +222,7 @@ in
         export SSH_ASKPASS=${askPassword}
       '';
 
+    programs.ssh.askPassword = mkDefault "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
+
   };
 }

nixos/modules/programs/venus.nix

@@ -99,7 +99,6 @@ in
       };
 
       outputTheme = mkOption {
-        default = "${pkgs.venus}/themes/classic_fancy";
         type = types.path;
         description = ''
           Directory containing a config.ini file which is merged with this one.
@@ -170,5 +169,7 @@ in
         startAt = cfg.dates;
       };
 
+    services.venus.outputTheme = mkDefault "${pkgs.venus}/themes/classic_fancy";
+
   };
 }

nixos/modules/services/amqp/activemq/default.nix

@@ -32,7 +32,6 @@ in {
         '';
       };
       configurationDir = mkOption {
-        default = "${activemq}/conf";
         description = ''
           The base directory for ActiveMQ's configuration.
           By default, this directory is searched for a file named activemq.xml,
@@ -126,6 +125,8 @@ in {
       '';
     };
 
+    services.activemq.configurationDir = mkDefault "${activemq}/conf";
+
   };
 
 }

nixos/modules/services/continuous-integration/jenkins/default.nix

@@ -48,11 +48,33 @@ in {
         '';
       };
 
+      listenAddress = mkOption {
+        default = "0.0.0.0";
+        example = "localhost";
+        type = types.str;
+        description = ''
+          Specifies the bind address on which the jenkins HTTP interface listens.
+          The default is the wildcard address.
+        '';
+      };
+
       port = mkOption {
         default = 8080;
         type = types.int;
         description = ''
-          Specifies port number on which the jenkins HTTP interface listens. The default is 8080.
+          Specifies port number on which the jenkins HTTP interface listens.
+          The default is 8080.
+        '';
+      };
+
+      prefix = mkOption {
+        default = "";
+        example = "/jenkins";
+        type = types.str;
+        description = ''
+          Specifies a urlPrefix to use with jenkins.
+          If the example /jenkins is given, the jenkins server will be
+          accessible using localhost:8080/jenkins.
         '';
       };
 
@@ -65,18 +87,22 @@ in {
       };
 
       environment = mkOption {
-        default = { NIX_REMOTE = "daemon"; };
+        default = { };
         type = with types; attrsOf str;
         description = ''
           Additional environment variables to be passed to the jenkins process.
-          The environment will always include JENKINS_HOME.
+          As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
+          GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
+          NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
+          the value of <option>services.jenkins.home</option>. This option has
+          precedence and can be used to override those mentioned variables.
         '';
       };
 
       extraOptions = mkOption {
         type = types.listOf types.str;
         default = [ ];
-        example = [ "--debug=9" "--httpListenAddress=localhost" ];
+        example = [ "--debug=9" ];
         description = ''
           Additional command line arguments to pass to Jenkins.
         '';
@@ -106,27 +132,39 @@ in {
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
-      environment = {
-        JENKINS_HOME = cfg.home;
-      } // cfg.environment;
+      environment =
+        let
+          selectedSessionVars =
+            lib.filterAttrs (n: v: builtins.elem n
+                [ "NIX_PATH"
+                  "SSL_CERT_FILE"
+                  "GIT_SSL_CAINFO"
+                ])
+              config.environment.sessionVariables;
+        in
+          selectedSessionVars //
+          { JENKINS_HOME = cfg.home;
+            NIX_REMOTE = "daemon";
+          } //
+          cfg.environment;
 
       path = cfg.packages;
 
+      # Force .war (re)extraction, or else we might run stale Jenkins.
+      preStart = ''
+        rm -rf ${cfg.home}/war
+      '';
+
       script = ''
-        ${pkgs.jdk}/bin/java -jar ${pkgs.jenkins} --httpPort=${toString cfg.port} ${concatStringsSep " " cfg.extraOptions}
+        ${pkgs.jdk}/bin/java -jar ${pkgs.jenkins} --httpListenAddress=${cfg.listenAddress} \
+                                                  --httpPort=${toString cfg.port} \
+                                                  --prefix=${cfg.prefix} \
+                                                  ${concatStringsSep " " cfg.extraOptions}
       '';
 
       postStart = ''
-        until ${pkgs.curl}/bin/curl -s -L localhost:${toString cfg.port} ; do
-          sleep 10
-        done
-        while true ; do
-          index=`${pkgs.curl}/bin/curl -s -L localhost:${toString cfg.port}`
-          if [[ !("$index" =~ 'Please wait while Jenkins is restarting' ||
-                  "$index" =~ 'Please wait while Jenkins is getting ready to work') ]]; then
-            exit 0
-          fi
-          sleep 30
+        until ${pkgs.curl}/bin/curl -s -L --fail --head http://${cfg.listenAddress}:${toString cfg.port}${cfg.prefix} >/dev/null; do
+            sleep 2
         done
       '';
 

nixos/modules/services/continuous-integration/jenkins/job-builder.nix

@@ -0,0 +1,155 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  jenkinsCfg = config.services.jenkins;
+  cfg = config.services.jenkins.jobBuilder;
+
+in {
+  options = {
+    services.jenkins.jobBuilder = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether or not to enable the Jenkins Job Builder (JJB) service. It
+          allows defining jobs for Jenkins in a declarative manner.
+
+          Jobs managed through the Jenkins WebUI (or by other means) are left
+          unchanged.
+
+          Note that it really is declarative configuration; if you remove a
+          previously defined job, the corresponding job directory will be
+          deleted.
+
+          Please see the Jenkins Job Builder documentation for more info:
+          <link xlink:href="http://docs.openstack.org/infra/jenkins-job-builder/">
+          http://docs.openstack.org/infra/jenkins-job-builder/</link>
+        '';
+      };
+
+      yamlJobs = mkOption {
+        default = "";
+        type = types.lines;
+        example = ''
+          - job:
+              name: jenkins-job-test-1
+              builders:
+                - shell: echo 'Hello world!'
+        '';
+        description = ''
+          Job descriptions for Jenkins Job Builder in YAML format.
+        '';
+      };
+
+      jsonJobs = mkOption {
+        default = [ ];
+        type = types.listOf types.str;
+        example = literalExample ''
+          [
+            '''
+              [ { "job":
+                  { "name": "jenkins-job-test-2",
+                    "builders": [ "shell": "echo 'Hello world!'" ]
+                  }
+                }
+              ]
+            '''
+          ]
+        '';
+        description = ''
+          Job descriptions for Jenkins Job Builder in JSON format.
+        '';
+      };
+
+      nixJobs = mkOption {
+        default = [ ];
+        type = types.listOf types.attrs;
+        example = literalExample ''
+          [ { job =
+              { name = "jenkins-job-test-3";
+                builders = [
+                  { shell = "echo 'Hello world!'"; }
+                ];
+              };
+            }
+          ];
+        '';
+        description = ''
+          Job descriptions for Jenkins Job Builder in Nix format.
+
+          This is a trivial wrapper around jsonJobs, using builtins.toJSON
+          behind the scene.
+        '';
+      };
+    };
+  };
+
+  config = mkIf (jenkinsCfg.enable && cfg.enable) {
+    systemd.services.jenkins-job-builder = {
+      description = "Jenkins Job Builder Service";
+      # JJB can run either before or after jenkins. We chose after, so we can
+      # always use curl to notify (running) jenkins to reload its config.
+      after = [ "jenkins.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      path = with pkgs; [ jenkins-job-builder curl ];
+
+      # Q: Why manipulate files directly instead of using "jenkins-jobs upload [...]"?
+      # A: Because this module is for administering a local jenkins install,
+      #    and using local file copy allows us to not worry about
+      #    authentication.
+      script =
+        let
+          yamlJobsFile = builtins.toFile "jobs.yaml" cfg.yamlJobs;
+          jsonJobsFiles =
+            map (x: (builtins.toFile "jobs.json" x))
+              (cfg.jsonJobs ++ [(builtins.toJSON cfg.nixJobs)]);
+          jobBuilderOutputDir = "/run/jenkins-job-builder/output";
+          # Stamp file is placed in $JENKINS_HOME/jobs/$JOB_NAME/ to indicate
+          # ownership. Enables tracking and removal of stale jobs.
+          ownerStamp = ".config-xml-managed-by-nixos-jenkins-job-builder";
+        in
+          ''
+            rm -rf ${jobBuilderOutputDir}
+            cur_decl_jobs=/run/jenkins-job-builder/declarative-jobs
+            rm -f "$cur_decl_jobs"
+
+            # Create / update jobs
+            mkdir -p ${jobBuilderOutputDir}
+            for inputFile in ${yamlJobsFile} ${concatStringsSep " " jsonJobsFiles}; do
+                HOME="${jenkinsCfg.home}" "${pkgs.jenkins-job-builder}/bin/jenkins-jobs" --ignore-cache test -o "${jobBuilderOutputDir}" "$inputFile"
+            done
+
+            for file in "${jobBuilderOutputDir}/"*; do
+                test -f "$file" || continue
+                jobname="$(basename $file)"
+                jobdir="${jenkinsCfg.home}/jobs/$jobname"
+                echo "Creating / updating job \"$jobname\""
+                mkdir -p "$jobdir"
+                touch "$jobdir/${ownerStamp}"
+                cp "$file" "$jobdir/config.xml"
+                echo "$jobname" >> "$cur_decl_jobs"
+            done
+
+            # Remove stale jobs
+            for file in "${jenkinsCfg.home}"/jobs/*/${ownerStamp}; do
+                test -f "$file" || continue
+                jobdir="$(dirname $file)"
+                jobname="$(basename "$jobdir")"
+                grep --quiet --line-regexp "$jobname" "$cur_decl_jobs" 2>/dev/null && continue
+                echo "Deleting stale job \"$jobname\""
+                rm -rf "$jobdir"
+            done
+
+            echo "Asking Jenkins to reload config"
+            curl --silent -X POST http://${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}/reload
+          '';
+      serviceConfig = {
+        User = jenkinsCfg.user;
+        RuntimeDirectory = "jenkins-job-builder";
+      };
+    };
+  };
+}

nixos/modules/services/databases/postgresql.nix

@@ -122,8 +122,8 @@ in
         example = literalExample "pkgs.postgis";
         description = ''
           When this list contains elements a new store path is created.
-          PostgreSQL and the elments are symlinked into it. Then pg_config,
-          postgres and pc_ctl are copied to make them use the new
+          PostgreSQL and the elements are symlinked into it. Then pg_config,
+          postgres and pg_ctl are copied to make them use the new
           $out/lib directory as pkglibdir. This makes it possible to use postgis
           without patching the .sql files which reference $libdir/postgis-1.5.
         '';
@@ -202,6 +202,8 @@ in
                   # For non-root operation.
                   initdb
                 fi
+                # See postStart!
+                touch "${cfg.dataDir}/.first_startup"
             fi
 
             ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"

nixos/modules/services/hardware/sane.nix

@@ -36,7 +36,6 @@ in
 
     hardware.sane.configDir = mkOption {
       type = types.string;
-      default = "${saneConfig}/etc/sane.d";
       description = "The value of SANE_CONFIG_DIR.";
     };
 
@@ -47,6 +46,8 @@ in
 
   config = mkIf config.hardware.sane.enable {
 
+    hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d";
+
     environment.systemPackages = backends;
     environment.sessionVariables = {
       SANE_CONFIG_DIR = config.hardware.sane.configDir;

nixos/modules/services/hardware/tlp.nix

@@ -8,7 +8,16 @@ cfg = config.services.tlp;
 
 tlp = pkgs.tlp.override { kmod = config.system.sbin.modprobe; };
 
-confFile = pkgs.writeText "tlp" (builtins.readFile "${tlp}/etc/default/tlp" + cfg.extraConfig);
+# XXX: We can't use writeTextFile + readFile here because it triggers
+# TLP build to get the .drv (even on --dry-run).
+confFile = pkgs.runCommand "tlp"
+  { config = cfg.extraConfig;
+    passAsFile = [ "config" ];
+  }
+  ''
+    cat ${tlp}/etc/default/tlp > $out
+    cat $configPath >> $out
+  '';
 
 in
 

nixos/modules/services/logging/logstash.nix

@@ -84,10 +84,10 @@ in
         type = types.lines;
         default = ''stdin { type => "example" }'';
         description = "Logstash input configuration.";
-        example = ''
+        example = literalExample ''
           # Read from journal
           pipe {
-            command => "${pkgs.systemd}/bin/journalctl -f -o json"
+            command => "''${pkgs.systemd}/bin/journalctl -f -o json"
             type => "syslog" codec => json {}
           }
         '';

nixos/modules/services/mail/opensmtpd.nix

@@ -9,6 +9,11 @@ let
   conf = writeText "smtpd.conf" cfg.serverConfiguration;
   args = concatStringsSep " " cfg.extraServerArgs;
 
+  sendmail = pkgs.runCommand "opensmtpd-sendmail" {} ''
+    mkdir -p $out/bin
+    ln -s ${opensmtpd}/sbin/smtpctl $out/bin/sendmail
+  '';
+
 in {
 
   ###### interface
@@ -23,6 +28,15 @@ in {
         description = "Whether to enable the OpenSMTPD server.";
       };
 
+      addSendmailToSystemPath = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to add OpenSMTPD's sendmail binary to the
+          system path or not.
+        '';
+      };
+
       extraServerArgs = mkOption {
         type = types.listOf types.str;
         default = [];
@@ -53,7 +67,7 @@ in {
 
   ###### implementation
 
-  config = mkIf config.services.opensmtpd.enable {
+  config = mkIf cfg.enable {
     users.extraGroups = {
       smtpd.gid = config.ids.gids.smtpd;
       smtpq.gid = config.ids.gids.smtpq;
@@ -80,9 +94,6 @@ in {
       serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}";
     };
 
-    environment.systemPackages = [ (pkgs.runCommand "opensmtpd-sendmail" {} ''
-      mkdir -p $out/bin
-      ln -s ${opensmtpd}/sbin/smtpctl $out/bin/sendmail
-    '') ];
+    environment.systemPackages = mkIf cfg.addSendmailToSystemPath [ sendmail ];
   };
 }

nixos/modules/services/mail/postfix.nix

@@ -379,7 +379,7 @@ in
           ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
           ${pkgs.coreutils}/bin/chown root:root /var/spool/mail
           ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
-          ${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/mail
+          ${pkgs.coreutils}/bin/ln -sf /var/spool/mail /var/
 
           ln -sf "${pkgs.postfix}/etc/postfix/"* /var/postfix/conf
 

nixos/modules/services/misc/disnix.nix

@@ -121,6 +121,7 @@ in
       disnix =
         { description = "Disnix server";
         
+          wants = [ "dysnomia.target" ];
           wantedBy = [ "multi-user.target" ];
           after = [ "dbus.service" ]
             ++ optional config.services.httpd.enable "httpd.service"
@@ -137,6 +138,17 @@ in
           environment = {
             HOME = "/root";
           };
+          
+          preStart = ''
+            mkdir -p /etc/systemd-mutable/system
+            if [ ! -f /etc/systemd-mutable/system/dysnomia.target ]
+            then
+                ( echo "[Unit]"
+                  echo "Description=Services that are activated and deactivated by Dysnomia"
+                  echo "After=final.target"
+                ) > /etc/systemd-mutable/system/dysnomia.target
+            fi
+          '';
 
           exec = "disnix-service";
         };

nixos/modules/services/misc/nixos-manual.nix

@@ -80,7 +80,6 @@ in
 
     services.nixosManual.browser = mkOption {
       type = types.path;
-      default = "${pkgs.w3m}/bin/w3m";
       description = ''
         Browser used to show the manual.
       '';
@@ -93,7 +92,9 @@ in
 
     system.build.manual = manual;
 
-    environment.systemPackages = [ manual.manpages manual.manual help ];
+    environment.systemPackages =
+      [ manual.manual help ]
+      ++ optional config.programs.man.enable manual.manpages;
 
     boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"];
 
@@ -116,6 +117,8 @@ in
     services.mingetty.helpLine = mkIf cfg.showManual
       "\nPress <Alt-F${toString cfg.ttyNumber}> for the NixOS manual.";
 
+    services.nixosManual.browser = mkDefault "${pkgs.w3m}/bin/w3m";
+
   };
 
 }

nixos/modules/services/misc/redmine.nix

@@ -124,7 +124,7 @@ in {
 
     assertions = [
       { assertion = cfg.databasePassword != "";
-        message = "databasePassword must be set";
+        message = "services.redmine.databasePassword must be set";
       }
     ];
 

nixos/modules/services/misc/subsonic.nix

@@ -97,7 +97,6 @@ in
 
       transcoders = mkOption {
         type = types.listOf types.path;
-        default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ];
         description = ''
           List of paths to transcoder executables that should be accessible
           from Subsonic. Symlinks will be created to each executable inside
@@ -153,5 +152,8 @@ in
     };
 
     users.extraGroups.subsonic.gid = config.ids.gids.subsonic;
+
+    services.subsonic.transcoders = mkDefault [ "${pkgs.ffmpeg}/bin/ffmpeg" ];
+
   };
 }

nixos/modules/services/monitoring/bosun.nix

@@ -9,7 +9,7 @@ let
     tsdbHost = ${cfg.opentsdbHost}
     httpListen = ${cfg.listenAddress}
     stateFile = ${cfg.stateFile}
-    checkFrequency = 5m
+    checkFrequency = ${cfg.checkFrequency}
 
     ${cfg.extraConfig}
   '';
@@ -77,6 +77,14 @@ in {
         '';
       };
 
+      checkFrequency = mkOption {
+        type = types.str;
+        default = "5m";
+        description = ''
+          Bosun's check frequency
+        '';
+      };
+
       extraConfig = mkOption {
         type = types.string;
         default = "";

nixos/modules/services/monitoring/grafana.nix

@@ -7,150 +7,37 @@ let
 
   b2s = val: if val then "true" else "false";
 
-  cfgFile = pkgs.writeText "grafana.ini" ''
-    app_name = grafana
-    app_mode = production
+  envOptions = {
+    PATHS_DATA = cfg.dataDir;
+    PATHS_LOGS = "${cfg.dataDir}/log";
 
-    [server]
-    ; protocol (http or https)
-    protocol = ${cfg.protocol}
-    ; the ip address to bind to, empty will bind to all interfaces
-    http_addr = ${cfg.addr}
-    ; the http port  to use
-    http_port = ${toString cfg.port}
-    ; The public facing domain name used to access grafana from a browser
-    domain = ${cfg.domain}
-    ; the full public facing url
-    root_url = ${cfg.rootUrl}
-    router_logging = false
-    ; the path relative to the binary where the static (html/js/css) files are placed
-    static_root_path = ${cfg.staticRootPath}
-    ; enable gzip
-    enable_gzip = false
-    ; https certs & key file
-    cert_file = ${cfg.certFile}
-    cert_key = ${cfg.certKey}
+    SERVER_PROTOCOL = cfg.protocol;
+    SERVER_HTTP_ADDR = cfg.addr;
+    SERVER_HTTP_PORT = cfg.port;
+    SERVER_DOMAIN = cfg.domain;
+    SERVER_ROOT_URL = cfg.rootUrl;
+    SERVER_STATIC_ROOT_PATH = cfg.staticRootPath;
+    SERVER_CERT_FILE = cfg.certFile;
+    SERVER_CERT_KEY = cfg.certKey;
 
-    [analytics]
-    # Server reporting, sends usage counters to stats.grafana.org every 24 hours.
-    # No ip addresses are being tracked, only simple counters to track
-    # running instances, dashboard and error counts. It is very helpful to us.
-    # Change this option to false to disable reporting.
-    reporting_enabled = true
-    ; Google Analytics universal tracking code, only enabled if you specify an id here
-    google_analytics_ua_id =
+    DATABASE_TYPE = cfg.database.type;
+    DATABASE_HOST = cfg.database.host;
+    DATABASE_NAME = cfg.database.name;
+    DATABASE_USER = cfg.database.user;
+    DATABASE_PASSWORD = cfg.database.password;
+    DATABASE_PATH = cfg.database.path;
 
-    [database]
-    ; Either "mysql", "postgres" or "sqlite3", it's your choice
-    type = ${cfg.database.type}
-    host = ${cfg.database.host}
-    name = ${cfg.database.name}
-    user = ${cfg.database.user}
-    password = ${cfg.database.password}
-    ; For "postgres" only, either "disable", "require" or "verify-full"
-    ssl_mode = disable
-    ; For "sqlite3" only
-    path = ${cfg.database.path}
+    SECURITY_ADMIN_USER = cfg.security.adminUser;
+    SECURITY_ADMIN_PASSWORD = cfg.security.adminPassword;
+    SECURITY_SECRET_KEY = cfg.security.secretKey;
 
-    [session]
-    ; Either "memory", "file", "redis", "mysql", default is "memory"
-    provider = file
-    ; Provider config options
-    ; memory: not have any config yet
-    ; file: session file path, e.g. `data/sessions`
-    ; redis: config like redis server addr, poolSize, password, e.g. `127.0.0.1:6379,100,grafana`
-    ; mysql: go-sql-driver/mysql dsn config string, e.g. `user:password@tcp(127.0.0.1)/database_name`
-    provider_config = data/sessions
-    ; Session cookie name
-    cookie_name = grafana_sess
-    ; If you use session in https only, default is false
-    cookie_secure = false
-    ; Session life time, default is 86400
-    session_life_time = 86400
-    ; session id hash func, Either "sha1", "sha256" or "md5" default is sha1
-    session_id_hashfunc = sha1
-    ; Session hash key, default is use random string
-    session_id_hashkey =
+    USERS_ALLOW_SIGN_UP = b2s cfg.users.allowSignUp;
+    USERS_ALLOW_ORG_CREATE = b2s cfg.users.allowOrgCreate;
+    USERS_AUTO_ASSIGN_ORG = b2s cfg.users.autoAssignOrg;
+    USERS_AUTO_ASSIGN_ORG_ROLE = cfg.users.autoAssignOrgRole;
 
-    [security]
-    ; default admin user, created on startup
-    admin_user = ${cfg.security.adminUser}
-    ; default admin password, can be changed before first start of grafana,  or in profile settings
-    admin_password = ${cfg.security.adminPassword}
-    ; used for signing
-    secret_key = ${cfg.security.secretKey}
-    ; Auto-login remember days
-    login_remember_days = 7
-    cookie_username = grafana_user
-    cookie_remember_name = grafana_remember
-
-    [users]
-    ; disable user signup / registration
-    allow_sign_up = ${b2s cfg.users.allowSignUp}
-    ; Allow non admin users to create organizations
-    allow_org_create = ${b2s cfg.users.allowOrgCreate}
-    # Set to true to automatically assign new users to the default organization (id 1)
-    auto_assign_org = ${b2s cfg.users.autoAssignOrg}
-    ; Default role new users will be automatically assigned (if disabled above is set to true)
-    auto_assign_org_role = ${cfg.users.autoAssignOrgRole}
-
-    [auth.anonymous]
-    ; enable anonymous access
-    enabled = ${b2s cfg.auth.anonymous.enable}
-    ; specify organization name that should be used for unauthenticated users
-    org_name = Main Org.
-    ; specify role for unauthenticated users
-    org_role = Viewer
-
-    [auth.github]
-    enabled = false
-    client_id = some_id
-    client_secret = some_secret
-    scopes = user:email
-    auth_url = https://github.com/login/oauth/authorize
-    token_url = https://github.com/login/oauth/access_token
-
-    [auth.google]
-    enabled = false
-    client_id = some_client_id
-    client_secret = some_client_secret
-    scopes = https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
-    auth_url = https://accounts.google.com/o/oauth2/auth
-    token_url = https://accounts.google.com/o/oauth2/token
-
-    [log]
-    root_path = data/log
-    ; Either "console", "file", default is "console"
-    ; Use comma to separate multiple modes, e.g. "console, file"
-    mode = console
-    ; Buffer length of channel, keep it as it is if you don't know what it is.
-    buffer_len = 10000
-    ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-    level = Info
-
-    ; For "console" mode only
-    [log.console]
-    level =
-
-    ; For "file" mode only
-    [log.file]
-    level =
-    ; This enables automated log rotate(switch of following options), default is true
-    log_rotate = true
-    ; Max line number of single file, default is 1000000
-    max_lines = 1000000
-    ; Max size shift of single file, default is 28 means 1 << 28, 256MB
-    max_lines_shift = 28
-    ; Segment log daily, default is true
-    daily_rotate = true
-    ; Expired days of log file(delete after max days), default is 7
-    max_days = 7
-
-    [event_publisher]
-    enabled = false
-    rabbitmq_url = amqp://localhost/
-    exchange = grafana_events
-  '';
+    AUTH_ANONYMOUS_ENABLE = b2s cfg.auth.anonymous.enable;
+  } // cfg.extraOptions;
 
 in {
   options.services.grafana = {
@@ -200,13 +87,12 @@ in {
 
     staticRootPath = mkOption {
       description = "Root path for static assets.";
-      default = "${cfg.package}/share/go/src/github.com/grafana/grafana/public";
       type = types.str;
     };
 
     package = mkOption {
       description = "Package to use.";
-      default = pkgs.goPackages.grafana;
+      default = pkgs.grafana;
       type = types.package;
     };
 
@@ -307,22 +193,36 @@ in {
         type = types.bool;
       };
     };
+
+    extraOptions = mkOption {
+      description = ''
+        Extra configuration options passed as env variables as specified in
+        <link xlink:href="http://docs.grafana.org/installation/configuration/">documentation</link>,
+        but without GF_ prefix
+      '';
+      default = {};
+      type = types.attrsOf types.str;
+    };
   };
 
   config = mkIf cfg.enable {
     warnings = [
-      "Grafana passwords will be stored as plaintext in nix store!"
+      "Grafana passwords will be stored as plaintext in the Nix store!"
     ];
 
     systemd.services.grafana = {
       description = "Grafana Service Daemon";
       wantedBy = ["multi-user.target"];
       after = ["networking.target"];
+      environment = mapAttrs' (n: v: nameValuePair "GF_${n}" (toString v)) envOptions;
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/grafana --config ${cfgFile} web";
+        ExecStart = "${cfg.package}/bin/grafana -homepath ${cfg.dataDir}";
         WorkingDirectory = cfg.dataDir;
         User = "grafana";
       };
+      preStart = ''
+        ln -fs ${cfg.package}/share/grafana/conf ${cfg.dataDir}
+      '';
     };
 
     users.extraUsers.grafana = {
@@ -331,5 +231,8 @@ in {
       home = cfg.dataDir;
       createHome = true;
     };
+
+    services.grafana.staticRootPath = mkDefault "${cfg.package}/share/grafana/public";
+
   };
 }

nixos/modules/services/monitoring/graphite.nix

@@ -249,13 +249,13 @@ in {
       };
 
       enableAggregator = mkOption {
-        description = "Whether to enable carbon agregator, the carbon buffering service.";
+        description = "Whether to enable carbon aggregator, the carbon buffering service.";
         default = false;
         type = types.bool;
       };
 
       aggregationRules = mkOption {
-        description = "Defines if and how received metrics will be agregated.";
+        description = "Defines if and how received metrics will be aggregated.";
         default = null;
         type = types.uniq (types.nullOr types.string);
         example = ''

nixos/modules/services/monitoring/teamviewer.nix

@@ -14,7 +14,7 @@ in
 
   options = {
 
-    services.teamviewer.enable = mkEnableOption "teamviewer daemon";
+    services.teamviewer.enable = mkEnableOption "TeamViewer daemon";
       
   };
 
@@ -27,8 +27,9 @@ in
     systemd.services.teamviewerd = {
       description = "TeamViewer remote control daemon";
 
-      wantedBy = [ "graphical.target" ];
+      wantedBy = [ "multi-user.target" ];
       after = [ "NetworkManager-wait-online.service" "network.target" ];
+      preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer";
 
       serviceConfig = {
         Type = "forking";

nixos/modules/services/network-filesystems/samba.nix

@@ -97,8 +97,8 @@ in
         description = ''
           Enabling this will add a line directly after pam_unix.so.
           Whenever a password is changed the samba password will be updated as well.
-          However you still yave to add the samba password once using smbpasswd -a user
-          If you don't want to maintain an extra pwd database you still can send plain text
+          However, you still have to add the samba password once, using smbpasswd -a user.
+          If you don't want to maintain an extra password database, you still can send plain text
           passwords which is not secure.
         '';
       };

nixos/modules/services/networking/asterisk.nix

@@ -201,6 +201,7 @@ in
         for d in '${varlibdir}' '${spooldir}' '${logdir}'; do
           # TODO: Make exceptions for /var directories that likely should be updated
           if [ ! -e "$d" ]; then
+            mkdir -p "$d"
             cp --recursive ${pkgs.asterisk}/"$d" "$d"
             chown --recursive ${asteriskUser} "$d"
             find "$d" -type d | xargs chmod 0755

nixos/modules/services/networking/dnscrypt-proxy.nix

@@ -52,10 +52,7 @@ in
         default = "opendns";
         type = types.nullOr types.string;
         description = ''
-          The name of the upstream DNSCrypt resolver to use. See
-          <literal>${resolverListFile}</literal> for alternative resolvers
-          (e.g., if you are concerned about logging and/or server
-          location).
+          The name of the upstream DNSCrypt resolver to use.
         '';
       };
       customResolver = mkOption {

nixos/modules/services/networking/networkmanager.nix

@@ -40,7 +40,6 @@ let
     polkit.addRule(function(action, subject) {
       if (
         subject.isInGroup("networkmanager")
-        && subject.active
         && (action.id.indexOf("org.freedesktop.NetworkManager.") == 0
             || action.id.indexOf("org.freedesktop.ModemManager")  == 0
         ))
@@ -207,10 +206,18 @@ in {
 
     environment.systemPackages = cfg.packages;
 
-    users.extraGroups = singleton {
+    users.extraGroups = [{
       name = "networkmanager";
       gid = config.ids.gids.networkmanager;
-    };
+    }
+    {
+      name = "nm-openvpn";
+      gid = config.ids.gids.nm-openvpn;
+    }];
+    users.extraUsers = [{
+      name = "nm-openvpn";
+      uid = config.ids.uids.nm-openvpn;
+    }];
 
     systemd.packages = cfg.packages;
 

nixos/modules/services/networking/nix-serve.nix

@@ -56,7 +56,7 @@ in
 
       serviceConfig = {
         ExecStart = "${pkgs.nix-serve}/bin/nix-serve " +
-          "--port ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
+          "--listen ${cfg.bindAddress}:${toString cfg.port} ${cfg.extraParams}";
         User = "nix-serve";
         Group = "nogroup";
       };

nixos/modules/services/networking/seeks.nix

@@ -33,7 +33,7 @@ in
         type = types.str;
         description = "
           The Seeks server configuration. If it is not specified,
-          a default configuration is used (${seeks}/etc/seeks).
+          a default configuration is used.
         ";
       };
 

nixos/modules/services/networking/syncthing.nix

@@ -21,7 +21,7 @@ in
         description = ''
           Whether to enable the Syncthing, self-hosted open-source alternative
           to Dropbox and BittorrentSync. Initial interface will be
-          available on http://127.0.0.1:8080/.
+          available on http://127.0.0.1:8384/.
         '';
       };
 
@@ -42,6 +42,17 @@ in
         '';
       };
 
+      package = mkOption {
+        type = types.package;
+        default = pkgs.syncthing;
+        example = literalExample "pkgs.syncthing";
+        description = ''
+          Syncthing package to use.
+        '';
+      };
+
+
+
     };
 
   };
@@ -71,7 +82,7 @@ in
 
       };
 
-    environment.systemPackages = [ pkgs.syncthing ];
+    environment.systemPackages = [ cfg.package ];
 
   };
 

nixos/modules/services/security/fail2ban.nix

@@ -50,20 +50,20 @@ in
 
       jails = mkOption {
         default = { };
-        example =
-          { "apache-nohome-iptables" =
-              ''
-                # Block an IP address if it accesses a non-existent
-                # home directory more than 5 times in 10 minutes,
-                # since that indicates that it's scanning.
-                filter   = apache-nohome
-                action   = iptables-multiport[name=HTTP, port="http,https"]
-                logpath  = /var/log/httpd/error_log*
-                findtime = 600
-                bantime  = 600
-                maxretry = 5
-              '';
-          };
+        example = literalExample ''
+          { apache-nohome-iptables = '''
+              # Block an IP address if it accesses a non-existent
+              # home directory more than 5 times in 10 minutes,
+              # since that indicates that it's scanning.
+              filter   = apache-nohome
+              action   = iptables-multiport[name=HTTP, port="http,https"]
+              logpath  = /var/log/httpd/error_log*
+              findtime = 600
+              bantime  = 600
+              maxretry = 5
+            ''';
+          }
+        '';
         type = types.attrsOf types.lines;
         description =
           ''
@@ -138,6 +138,7 @@ in
         findtime = 600
         maxretry = 3
         backend  = systemd
+        enabled  = true
        '';
 
     # Block SSH if there are too many failing connection attempts.

nixos/modules/services/security/hologram.nix

@@ -95,7 +95,7 @@ in {
       wantedBy    = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.goPackages.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
+        ExecStart = "${pkgs.goPackages.hologram.bin}/bin/hologram-server --debug --conf ${cfgFile}";
       };
     };
   };

nixos/modules/services/web-servers/apache-httpd/mediawiki.nix

@@ -83,11 +83,11 @@ let
 
   # Unpack Mediawiki and put the config file in its root directory.
   mediawikiRoot = pkgs.stdenv.mkDerivation rec {
-    name= "mediawiki-1.23.9";
+    name= "mediawiki-1.23.13";
 
     src = pkgs.fetchurl {
       url = "http://download.wikimedia.org/mediawiki/1.23/${name}.tar.gz";
-      sha256 = "1l7k4g0pgz92yvrfr52w26x740s4362v0gc95pk0i30vn2sp5bql";
+      sha256 = "168wpf53n4ksj2g5q5r0hxapx6238dvsfng5ff9ixk6axsn0j5d0";
     };
 
     skins = config.skins;

nixos/modules/services/web-servers/apache-httpd/trac.nix

@@ -5,14 +5,19 @@ with lib;
 let
 
   # Build a Subversion instance with Apache modules and Swig/Python bindings.
-  subversion = pkgs.subversion.override (origArgs: {
+  subversion = pkgs.subversion.override {
     bdbSupport = true;
     httpServer = true;
     pythonBindings = true;
-  });
+    apacheHttpd = httpd;
+  };
 
   pythonLib = p: "${p}/";
 
+  httpd = serverInfo.serverConfig.package;
+
+  versionPre24 = versionOlder httpd.version "2.4";
+
 in
 
 {
@@ -82,7 +87,7 @@ in
         AuthName "${config.ldapAuthentication.name}"
         AuthBasicProvider "ldap"
         AuthLDAPURL "${config.ldapAuthentication.url}"
-        authzldapauthoritative Off
+        ${if versionPre24 then "authzldapauthoritative Off" else ""}
         require valid-user
       </LocationMatch>
     '' else ""}

nixos/modules/services/web-servers/lighttpd/default.nix

@@ -44,7 +44,6 @@ let
     "mod_flv_streaming"
     "mod_magnet"
     "mod_mysql_vhost"
-    "mod_rewrite"
     "mod_scgi"
     "mod_setenv"
     "mod_trigger_b4_dl"

nixos/modules/services/web-servers/phpfpm.nix

@@ -44,8 +44,7 @@ in {
 
       phpIni = mkOption {
         type = types.path;
-        default = "${cfg.phpPackage}/etc/php-recommended.ini";
-        description = "php.ini file to use.";
+        description = "PHP configuration file to use.";
       };
 
       poolConfigs = mkOption {
@@ -86,5 +85,7 @@ in {
       };
     };
 
+    services.phpfpm.phpIni = mkDefault "${cfg.phpPackage}/etc/php-recommended.ini";
+
   };
 }

nixos/modules/services/x11/desktop-managers/kde4.nix

@@ -107,6 +107,12 @@ in
                 sed -e '/nix\\store\|nix\/store/ d' -i $HOME/.config/Trolltech.conf
             fi
 
+            # Load PulseAudio module for routing support.
+            # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/
+            ${optionalString config.hardware.pulseaudio.enable ''
+              ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
+            ''}
+
             # Start KDE.
             exec ${kde_workspace}/bin/startkde
           '';

nixos/modules/services/x11/desktop-managers/kde5.nix

@@ -76,7 +76,15 @@ in
     services.xserver.desktopManager.session = singleton {
       name = "kde5";
       bgSupport = true;
-      start = ''exec ${plasma5.plasma-workspace}/bin/startkde;'';
+      start = ''
+        # Load PulseAudio module for routing support.
+        # See http://colin.guthr.ie/2009/10/so-how-does-the-kde-pulseaudio-support-work-anyway/
+        ${optionalString config.hardware.pulseaudio.enable ''
+          ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
+        ''}
+
+        exec ${plasma5.plasma-workspace}/bin/startkde
+      '';
     };
 
     security.setuidOwners = singleton {

nixos/modules/services/x11/display-managers/default.nix

@@ -90,9 +90,6 @@ let
 
         # Publish access credentials in the root window.
         ${config.hardware.pulseaudio.package}/bin/pactl load-module module-x11-publish "display=$DISPLAY"
-
-        # Keep track of devices.  Mostly useful for Phonon/KDE.
-        ${config.hardware.pulseaudio.package}/bin/pactl load-module module-device-manager "do_routing=1"
       ''}
 
       # Tell systemd about our $DISPLAY. This is needed by the

nixos/modules/services/x11/display-managers/kdm.nix

@@ -57,6 +57,7 @@ let
   kdmrc = pkgs.stdenv.mkDerivation {
     name = "kdmrc";
     config = defaultConfig + cfg.extraConfig;
+    preferLocalBuild = true;
     buildCommand =
       ''
         echo "$config" > $out

nixos/modules/services/x11/display-managers/lightdm.nix

@@ -104,7 +104,6 @@ in
       };
 
       background = mkOption {
-        default = "${pkgs.nixos-artwork}/share/artwork/gnome/Gnome_Dark.png";
         description = ''
           The background image or color to use.
         '';
@@ -172,5 +171,8 @@ in
     };
 
     users.extraGroups.lightdm.gid = config.ids.gids.lightdm;
+
+    services.xserver.displayManager.lightdm.background = mkDefault "${pkgs.nixos-artwork}/share/artwork/gnome/Gnome_Dark.png";
+
   };
 }

nixos/modules/services/x11/xserver.nix

@@ -469,6 +469,7 @@ in
         xorg.xsetroot
         xorg.xinput
         xorg.xprop
+        xorg.xauth
         pkgs.xterm
         pkgs.xdg_utils
       ]
@@ -487,7 +488,7 @@ in
     systemd.services.display-manager =
       { description = "X11 Server";
 
-        after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" ];
+        after = [ "systemd-udev-settle.service" "local-fs.target" "acpid.service" "systemd-logind.service" ];
 
         restartIfChanged = false;
 
@@ -516,8 +517,7 @@ in
       };
 
     services.xserver.displayManager.xserverArgs =
-      [ "-ac"
-        "-terminate"
+      [ "-terminate"
         "-logfile" "/var/log/X.${toString cfg.display}.log"
         "-config ${configFile}"
         ":${toString cfg.display}" "vt${toString cfg.tty}"

nixos/modules/system/activation/top-level.nix

@@ -176,9 +176,10 @@ in
       default = false;
       description = ''
         If enabled, copies the NixOS configuration file
-        <literal>$NIXOS_CONFIG</literal> (usually
-        <filename>/etc/nixos/configuration.nix</filename>)
-        to the system store path.
+        (usually <filename>/etc/nixos/configuration.nix</filename>)
+        and links it from the resulting system
+        (getting to <filename>/run/current-system/configuration.nix</filename>).
+        Note that only this single file is copied, even if it imports others.
       '';
     };
 
@@ -236,7 +237,9 @@ in
     system.extraSystemBuilderCmds =
       optionalString
         config.system.copySystemConfiguration
-        "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
+        ''ln -s '${import ../../../lib/from-env.nix "NIXOS_CONFIG" <nixos-config>}' \
+            "$out/configuration.nix"
+        '';
 
     system.build.toplevel = system;
 

nixos/modules/system/boot/kernel.nix

@@ -158,7 +158,7 @@ in
 
     boot.kernel.sysctl."kernel.printk" = config.boot.consoleLogLevel;
 
-    boot.kernelModules = [ "loop" "configs" "atkbd" ];
+    boot.kernelModules = [ "loop" "atkbd" ];
 
     boot.initrd.availableKernelModules =
       [ # Note: most of these (especially the SATA/PATA modules)
@@ -197,9 +197,6 @@ in
         "hid_generic" "hid_lenovo"
         "hid_apple" "hid_logitech_dj" "hid_lenovo_tpkbd" "hid_roccat"
 
-        # Unix domain sockets (needed by udev).
-        "unix"
-
         # Misc. stuff.
         "pcips2" "atkbd"
 

nixos/modules/system/boot/loader/grub/install-grub.pl

@@ -387,6 +387,10 @@ sub addProfile {
     my $curEntry = 0;
     foreach my $link (@links) {
         last if $curEntry++ >= $configurationLimit;
+        if (! -e "$link/nixos-version") {
+            warn "skipping corrupt system profile entry ‘$link’\n";
+            next;
+        }
         my $date = strftime("%F", localtime(lstat($link)->mtime));
         my $version =
             -e "$link/nixos-version"

nixos/modules/system/boot/stage-1-init.sh

@@ -140,6 +140,7 @@ done
 
 
 # Create device nodes in /dev.
+@preDeviceCommands@
 echo "running udev..."
 mkdir -p /etc/udev
 ln -sfn @udevRules@ /etc/udev/rules.d
@@ -416,8 +417,18 @@ udevadm control --exit || true
 
 # Kill any remaining processes, just to be sure we're not taking any
 # with us into stage 2. But keep storage daemons like unionfs-fuse.
-pkill -9 -v -f '@'
-
+#
+# Storage daemons are distinguished by an @ in front of their command line:
+# https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/
+local pidsToKill="$(pgrep -v -f '^@')"
+for pid in $pidsToKill; do
+    # Make sure we don't kill kernel processes, see #15226 and:
+    # http://stackoverflow.com/questions/12213445/identifying-kernel-threads
+    readlink "/proc/$pid/exe" &> /dev/null || continue
+    # Try to avoid killing ourselves.
+    [ $pid -eq $$ ] && continue
+    kill -9 "$pid"
+done
 
 if test -n "$debug1mounts"; then fail; fi
 

nixos/modules/system/boot/stage-1.nix

@@ -203,7 +203,7 @@ let
     inherit (config.boot) resumeDevice devSize runSize;
 
     inherit (config.boot.initrd) checkJournalingFS
-      preLVMCommands postDeviceCommands postMountCommands kernelModules;
+      preLVMCommands preDeviceCommands postDeviceCommands postMountCommands kernelModules;
 
     resumeDevices = map (sd: if sd ? device then sd.device else "/dev/disk/by-label/${sd.label}")
                     (filter (sd: sd ? label || hasPrefix "/dev/" sd.device) config.swapDevices);
@@ -303,6 +303,15 @@ in
       '';
     };
 
+    boot.initrd.preDeviceCommands = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed before udev is started to create
+        device nodes.
+      '';
+    };
+
     boot.initrd.postDeviceCommands = mkOption {
       default = "";
       type = types.lines;

nixos/modules/tasks/filesystems/nfs.nix

@@ -90,7 +90,7 @@ in
         serviceConfig.Type = "forking";
         serviceConfig.ExecStart = ''
           @${pkgs.nfs-utils}/sbin/rpc.statd rpc.statd --no-notify \
-              ${if cfg.statdPort != null then "-p ${toString statdPort}" else ""}
+              ${if cfg.statdPort != null then "-p ${toString cfg.statdPort}" else ""}
         '';
         serviceConfig.Restart = "always";
       };

nixos/modules/tasks/filesystems/zfs.nix

@@ -21,9 +21,9 @@ let
 
   kernel = config.boot.kernelPackages;
 
-  splKernelPkg = if cfgZfs.useGit then kernel.spl_git else kernel.spl;
-  zfsKernelPkg = if cfgZfs.useGit then kernel.zfs_git else kernel.zfs;
-  zfsUserPkg = if cfgZfs.useGit then pkgs.zfs_git else pkgs.zfs;
+  splKernelPkg = kernel.spl;
+  zfsKernelPkg = kernel.zfs;
+  zfsUserPkg = pkgs.zfs;
 
   autosnapPkg = pkgs.zfstools.override {
     zfs = zfsUserPkg;
@@ -53,16 +53,6 @@ in
 
   options = {
     boot.zfs = {
-      useGit = mkOption {
-        type = types.bool;
-        default = false;
-        example = true;
-        description = ''
-          Use the git version of the SPL and ZFS packages.
-          Note that these are unreleased versions, with less testing, and therefore
-          may be more unstable.
-        '';
-      };
 
       extraPools = mkOption {
         type = types.listOf types.str;
@@ -83,6 +73,21 @@ in
         '';
       };
 
+      devNodes = mkOption {
+        type = types.path;
+        default = "/dev";
+        example = "/dev/disk/by-id";
+        description = ''
+          Name of directory from which to import ZFS devices.
+
+          Usually /dev works. However, ZFS import may fail if a device node is renamed.
+          It should therefore use stable device names, such as from /dev/disk/by-id.
+
+          The default remains /dev for 15.09, due to backwards compatibility concerns.
+          It will change to /dev/disk/by-id in the next NixOS release.
+        '';
+      };
+
       forceImportRoot = mkOption {
         type = types.bool;
         default = true;
@@ -224,7 +229,7 @@ in
             done
             ''] ++ (map (pool: ''
             echo "importing root ZFS pool \"${pool}\"..."
-            zpool import -N $ZFS_FORCE "${pool}"
+            zpool import -d ${cfgZfs.devNodes} -N $ZFS_FORCE "${pool}"
         '') rootPools));
       };
 
@@ -265,7 +270,7 @@ in
             };
             script = ''
               zpool_cmd="${zfsUserPkg}/sbin/zpool"
-              ("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}"
+              ("$zpool_cmd" list "${pool}" >/dev/null) || "$zpool_cmd" import -d ${cfgZfs.devNodes} -N ${optionalString cfgZfs.forceImportAll "-f"} "${pool}"
             '';
           };
       in listToAttrs (map createImportService dataPools) // {

nixos/modules/testing/test-instrumentation.nix

@@ -43,6 +43,11 @@ let kernel = config.boot.kernelPackages.kernel; in
     # into thinking they're running interactively.
     environment.variables.PAGER = "";
 
+    boot.initrd.preDeviceCommands =
+      ''
+        echo 600 > /proc/sys/kernel/hung_task_timeout_secs
+      '';
+
     boot.initrd.postDeviceCommands =
       ''
         # Using acpi_pm as a clock source causes the guest clock to

nixos/modules/virtualisation/amazon-image.nix

@@ -8,7 +8,28 @@
 
 with lib;
 
-let cfg = config.ec2; in
+let
+
+  cfg = config.ec2;
+
+  udhcpcScript = pkgs.writeScript "udhcp-script"
+    ''
+      #! /bin/sh
+      if [ "$1" = bound ]; then
+        ip address add "$ip/$mask" dev "$interface"
+        if [ -n "$router" ]; then
+          ip route add default via "$router" dev "$interface"
+        fi
+        if [ -n "$dns" ]; then
+          rm -f /etc/resolv.conf
+          for i in $dns; do
+            echo "nameserver $dns" >> /etc/resolv.conf
+          done
+        fi
+      fi
+    '';
+
+in
 
 {
   imports = [ ../profiles/headless.nix ./ec2-data.nix ./amazon-grow-partition.nix ];
@@ -20,8 +41,10 @@ let cfg = config.ec2; in
       autoResize = true;
     };
 
-    boot.initrd.kernelModules = [ "xen-blkfront" ];
-    boot.kernelModules = [ "xen-netfront" ];
+    boot.initrd.kernelModules =
+      [ "xen-blkfront" "xen-netfront"
+        "af_packet" # <- required by udhcpc
+      ];
     boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ];
 
     # Prevent the nouveau kernel module from being loaded, as it
@@ -41,7 +64,6 @@ let cfg = config.ec2; in
         # Force udev to exit to prevent random "Device or resource busy
         # while trying to open /dev/xvda" errors from fsck.
         udevadm control --exit || true
-        kill -9 -1
       '';
 
     # Mount all formatted ephemeral disks and activate all swap devices.
@@ -55,6 +77,18 @@ let cfg = config.ec2; in
     # Nix operations.
     boot.initrd.postMountCommands =
       ''
+        metaDir=$targetRoot/etc/ec2-metadata
+        mkdir -m 0755 $targetRoot/etc
+        mkdir -m 0700 -p "$metaDir"
+
+        echo "getting EC2 instance metadata..."
+        ip link set eth0 up
+        udhcpc --interface eth0 --quit --now --script ${udhcpcScript}
+
+        if ! [ -e "$metaDir/ami-manifest-path" ]; then
+          wget -q -O "$metaDir/ami-manifest-path" http://169.254.169.254/1.0/meta-data/ami-manifest-path
+        fi
+
         diskNr=0
         diskForUnionfs=
         for device in /dev/xvd[abcde]*; do
@@ -81,7 +115,7 @@ let cfg = config.ec2; in
             mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
             mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
 
-            if [ ! -e $targetRoot/.ebs ]; then
+            if [ "$(cat "$metaDir/ami-manifest-path")" != "(unknown)" ]; then
                 mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var
                 mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var
 

nixos/modules/virtualisation/docker.nix

@@ -46,12 +46,10 @@ in
     storageDriver =
       mkOption {
         type = types.enum ["aufs" "btrfs" "devicemapper" "overlay" "zfs"];
+        default = "devicemapper";
         description =
           ''
             This option determines which Docker storage driver to use.
-            It is required but lacks a default value as its most
-            suitable value will depend the filesystems available on the
-            host.
           '';
       };
     extraOptions =
@@ -129,7 +127,7 @@ in
           LimitNPROC = 1048576;
         } // proxy_env;
 
-        path = [ pkgs.kmod ];
+        path = [ pkgs.kmod ] ++ (optional (cfg.storageDriver == "zfs") pkgs.zfs);
         environment.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";
 
         postStart = cfg.postStart;

nixos/modules/virtualisation/nova-config.nix

@@ -1,5 +0,0 @@
-{ config, pkgs, modulesPath, ... }:
-
-{
-  imports = [ "${modulesPath}/virtualisation/nova-image.nix" ];
-}

nixos/modules/virtualisation/nova-image.nix

@@ -1,90 +1,45 @@
+# Usage:
+# $ NIXOS_CONFIG=`pwd`/nixos/modules/virtualisation/nova-image.nix nix-build '<nixpkgs/nixos>' -A config.system.build.novaImage
+
 { config, lib, pkgs, ... }:
 
 with lib;
 
 {
-  imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
-
-  system.build.novaImage =
-    pkgs.vmTools.runInLinuxVM (
-      pkgs.runCommand "nova-image"
-        { preVM =
-            ''
-              mkdir $out
-              diskImage=$out/image
-              ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G"
-              mv closure xchg/
-            '';
-          buildInputs = [ pkgs.utillinux pkgs.perl ];
-          exportReferencesGraph =
-            [ "closure" config.system.build.toplevel ];
+  system.build.novaImage = import ../../lib/make-disk-image.nix {
+    inherit pkgs lib config;
+    partitioned = true;
+    diskSize = 1 * 1024;
+    configFile = pkgs.writeText "configuration.nix"
+      ''
+        {
+          imports = [ <nixpkgs/nixos/modules/virtualisation/nova-image.nix> ];
         }
-        ''
-          # Create a single / partition.
-          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
-          ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
-          . /sys/class/block/vda1/uevent
-          mknod /dev/vda1 b $MAJOR $MINOR
+      '';
+  };
 
-          # Create an empty filesystem and mount it.
-          ${pkgs.e2fsprogs}/sbin/mkfs.ext3 -L nixos /dev/vda1
-          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
-          mkdir /mnt
-          mount /dev/vda1 /mnt
-
-          # The initrd expects these directories to exist.
-          mkdir /mnt/dev /mnt/proc /mnt/sys
-          mount --bind /proc /mnt/proc
-          mount --bind /dev /mnt/dev
-          mount --bind /sys /mnt/sys
-
-          # Copy all paths in the closure to the filesystem.
-          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
-
-          mkdir -p /mnt/nix/store
-          ${pkgs.rsync}/bin/rsync -av $storePaths /mnt/nix/store/
-
-          # Register the paths in the Nix database.
-          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
-              chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
-
-          # Create the system profile to allow nixos-rebuild to work.
-          chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
-              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
-
-          # `nixos-rebuild' requires an /etc/NIXOS.
-          mkdir -p /mnt/etc
-          touch /mnt/etc/NIXOS
-
-          # `switch-to-configuration' requires a /bin/sh
-          mkdir -p /mnt/bin
-          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
-
-          # Install a configuration.nix.
-          mkdir -p /mnt/etc/nixos
-          cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix
-
-          # Generate the GRUB menu.
-          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
-
-          umount /mnt/proc /mnt/dev /mnt/sys
-          umount /mnt
-        ''
-    );
+  imports = [
+    ../profiles/qemu-guest.nix
+    ../profiles/headless.nix
+    ./ec2-data.nix
+  ];
 
   fileSystems."/".device = "/dev/disk/by-label/nixos";
 
   boot.kernelParams = [ "console=ttyS0" ];
-
-  boot.loader.grub.version = 2;
   boot.loader.grub.device = "/dev/vda";
   boot.loader.grub.timeout = 0;
 
+  # Allow root logins
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "without-password";
+
   # Put /tmp and /var on /ephemeral0, which has a lot more space.
   # Unfortunately we can't do this with the `fileSystems' option
   # because it has no support for creating the source of a bind
   # mount.  Also, "move" /nix to /ephemeral0 by layering a unionfs-fuse
   # mount on top of it so we have a lot more space for Nix operations.
+
   /*
   boot.initrd.postMountCommands =
     ''
@@ -106,10 +61,6 @@ with lib;
     '';
 
     boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
-    */
+  */
 
-  # Allow root logins only using the SSH key that the user specified
-  # at instance creation time.
-  services.openssh.enable = true;
-  services.openssh.permitRootLogin = "without-password";
 }

nixos/modules/virtualisation/qemu-vm.nix

@@ -40,16 +40,17 @@ let
       if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
           TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
       fi
+
       # Create a directory for exchanging data with the VM.
       mkdir -p $TMPDIR/xchg
 
       ${if cfg.useBootLoader then ''
-        # Create a writable copy/snapshot of the boot disk
-        # A writable boot disk can be booted from automatically
+        # Create a writable copy/snapshot of the boot disk.
+        # A writable boot disk can be booted from automatically.
         ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 -b ${bootDisk}/disk.img $TMPDIR/disk.img || exit 1
 
         ${if cfg.useEFIBoot then ''
-          # VM needs a writable flash BIOS
+          # VM needs a writable flash BIOS.
           cp ${bootDisk}/bios.bin $TMPDIR || exit 1
           chmod 0644 $TMPDIR/bios.bin || exit 1
         '' else ''

nixos/modules/virtualisation/virtualbox-image.nix

@@ -22,7 +22,9 @@ in {
 
   config = {
 
-    system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
+    system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix {
+      name = "nixos-ova-${config.system.nixosVersion}-${pkgs.stdenv.system}";
+
       inherit pkgs lib config;
       partitioned = true;
       diskSize = cfg.baseImageSize;
@@ -37,37 +39,36 @@ in {
       postVM =
         ''
           echo "creating VirtualBox disk image..."
-          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
+          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage disk.vdi
           rm $diskImage
+
+          echo "creating VirtualBox VM..."
+          export HOME=$PWD
+          export PATH=${pkgs.linuxPackages.virtualbox}/bin:$PATH
+          vmName="NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})"
+          VBoxManage createvm --name "$vmName" --register \
+            --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
+          VBoxManage modifyvm "$vmName" \
+            --memory 1536 --acpi on --vram 32 \
+            ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
+            --nictype1 virtio --nic1 nat \
+            --audiocontroller ac97 --audio alsa \
+            --rtcuseutc on \
+            --usb on --mouse usbtablet
+          VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
+          VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
+            --medium disk.vdi
+
+          echo "exporting VirtualBox VM..."
+          mkdir -p $out
+          fn="$out/nixos-${config.system.nixosVersion}-${pkgs.stdenv.system}.ova"
+          VBoxManage export "$vmName" --output "$fn"
+
+          mkdir -p $out/nix-support
+          echo "file ova $fn" >> $out/nix-support/hydra-build-products
         '';
     };
 
-    system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
-      { buildInputs = [ pkgs.linuxPackages.virtualbox ];
-        vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
-        fileName = "nixos-${config.system.nixosVersion}-${pkgs.stdenv.system}.ova";
-      }
-      ''
-        echo "creating VirtualBox VM..."
-        export HOME=$PWD
-        VBoxManage createvm --name "$vmName" --register \
-          --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
-        VBoxManage modifyvm "$vmName" \
-          --memory 1536 --acpi on --vram 32 \
-          ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
-          --nictype1 virtio --nic1 nat \
-          --audiocontroller ac97 --audio alsa \
-          --rtcuseutc on \
-          --usb on --mouse usbtablet
-        VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
-        VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
-          --medium ${config.system.build.virtualBoxImage}/disk.vdi
-
-        echo "exporting VirtualBox VM..."
-        mkdir -p $out
-        VBoxManage export "$vmName" --output "$out/$fileName"
-      '';
-
     fileSystems."/".device = "/dev/disk/by-label/nixos";
 
     boot.loader.grub.device = "/dev/sda";

nixos/release-combined.nix

@@ -48,7 +48,7 @@ in rec {
         (all nixos.ova)
 
         #(all nixos.tests.containers)
-        (all nixos.tests.chromium)
+        #(all nixos.tests.chromium)
         (all nixos.tests.firefox)
         (all nixos.tests.firewall)
         (all nixos.tests.gnome3)
@@ -64,6 +64,7 @@ in rec {
         (all nixos.tests.installer.btrfsSubvols)
         (all nixos.tests.installer.btrfsSubvolDefault)
         (all nixos.tests.bootBiosCdrom)
+        (all nixos.tests.boot-stage1)
         (all nixos.tests.ipv6)
         (all nixos.tests.kde4)
         #(all nixos.tests.lightdm)

nixos/release.nix

@@ -25,33 +25,14 @@ let
 
 
   makeIso =
-    { module, type, description ? type, maintainers ? ["eelco"], system }:
+    { module, type, maintainers ? ["eelco"], system }:
 
     with import nixpkgs { inherit system; };
 
-    let
-
-      config = (import lib/eval-config.nix {
-        inherit system;
-        modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
-      }).config;
-
-      iso = config.system.build.isoImage;
-
-    in
-      # Declare the ISO as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-iso-${config.system.nixosVersion}"
-        { meta = {
-            description = "NixOS installation CD (${description}) - ISO image for ${system}";
-            maintainers = map (x: lib.maintainers.${x}) maintainers;
-          };
-          inherit iso;
-          passthru = { inherit config; };
-        }
-        ''
-          mkdir -p $out/nix-support
-          echo "file iso" $iso/iso/*.iso* >> $out/nix-support/hydra-build-products
-        ''); # */
+    hydraJob ((import lib/eval-config.nix {
+      inherit system;
+      modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
+    }).config.system.build.isoImage);
 
 
   makeSystemTarball =
@@ -131,30 +112,13 @@ in rec {
 
     with import nixpkgs { inherit system; };
 
-    let
-
-      config = (import lib/eval-config.nix {
-        inherit system;
-        modules =
-          [ versionModule
-            ./modules/installer/virtualbox-demo.nix
-          ];
-      }).config;
-
-    in
-      # Declare the OVA as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-ova-${config.system.nixosVersion}-${system}"
-        { meta = {
-            description = "NixOS VirtualBox appliance (${system})";
-            maintainers = maintainers.eelco;
-          };
-          ova = config.system.build.virtualBoxOVA;
-        }
-        ''
-          mkdir -p $out/nix-support
-          fn=$(echo $ova/*.ova)
-          echo "file ova $fn" >> $out/nix-support/hydra-build-products
-        '') # */
+    hydraJob ((import lib/eval-config.nix {
+      inherit system;
+      modules =
+        [ versionModule
+          ./modules/installer/virtualbox-demo.nix
+        ];
+    }).config.system.build.virtualBoxOVA)
 
   );
 
@@ -168,6 +132,7 @@ in rec {
             boot.loader.grub.device = mkDefault "/dev/sda";
           });
       }).config.system.build.toplevel;
+      preferLocalBuild = true;
     }
     "mkdir $out; ln -s $toplevel $out/dummy");
 
@@ -212,6 +177,7 @@ in rec {
   tests.avahi = callTest tests/avahi.nix {};
   tests.bittorrent = callTest tests/bittorrent.nix {};
   tests.blivet = callTest tests/blivet.nix {};
+  tests.boot-stage1 = callTest tests/boot-stage1.nix {};
   tests.cadvisor = hydraJob (import tests/cadvisor.nix { system = "x86_64-linux"; });
   tests.chromium = callTest tests/chromium.nix {};
   tests.cjdns = callTest tests/cjdns.nix {};

nixos/tests/boot-stage1.nix

@@ -0,0 +1,155 @@
+import ./make-test.nix ({ pkgs, ... }: {
+  name = "boot-stage1";
+
+  machine = { config, pkgs, lib, ... }: {
+    boot.extraModulePackages = let
+      compileKernelModule = name: source: pkgs.runCommand name rec {
+        inherit source;
+        kdev = config.boot.kernelPackages.kernel.dev;
+        kver = config.boot.kernelPackages.kernel.modDirVersion;
+        ksrc = "${kdev}/lib/modules/${kver}/build";
+      } ''
+        echo "obj-m += $name.o" > Makefile
+        echo "$source" > "$name.c"
+        make -C "$ksrc" M=$(pwd) modules
+        install -vD "$name.ko" "$out/lib/modules/$kver/$name.ko"
+      '';
+
+      # This spawns a kthread which just waits until it gets a signal and
+      # terminates if that is the case. We want to make sure that nothing during
+      # the boot process kills any kthread by accident, like what happened in
+      # issue #15226.
+      kcanary = compileKernelModule "kcanary" ''
+        #include <linux/init.h>
+        #include <linux/module.h>
+        #include <linux/kernel.h>
+        #include <linux/kthread.h>
+        #include <linux/sched.h>
+
+        struct task_struct *canaryTask;
+
+        static int kcanary(void *nothing)
+        {
+          allow_signal(SIGINT);
+          allow_signal(SIGTERM);
+          allow_signal(SIGKILL);
+          while (!kthread_should_stop()) {
+            set_current_state(TASK_INTERRUPTIBLE);
+            schedule_timeout_interruptible(msecs_to_jiffies(100));
+            if (signal_pending(current)) break;
+          }
+          return 0;
+        }
+
+        static int kcanaryInit(void)
+        {
+          kthread_run(&kcanary, NULL, "kcanary");
+          return 0;
+        }
+
+        static void kcanaryExit(void)
+        {
+          kthread_stop(canaryTask);
+        }
+
+        module_init(kcanaryInit);
+        module_exit(kcanaryExit);
+      '';
+
+    in lib.singleton kcanary;
+
+    boot.initrd.kernelModules = [ "kcanary" ];
+
+    boot.initrd.extraUtilsCommands = let
+      compile = name: source: pkgs.runCommand name { inherit source; } ''
+        mkdir -p "$out/bin"
+        echo "$source" | gcc -Wall -o "$out/bin/$name" -xc -
+      '';
+
+      daemonize = name: source: compile name ''
+        #include <stdio.h>
+        #include <unistd.h>
+
+        void runSource(void) {
+        ${source}
+        }
+
+        int main(void) {
+          if (fork() > 0) return 0;
+          setsid();
+          runSource();
+          return 1;
+        }
+      '';
+
+      mkCmdlineCanary = { name, cmdline ? "", source ? "" }: (daemonize name ''
+        char *argv[] = {"${cmdline}", NULL};
+        execvp("${name}-child", argv);
+      '') // {
+        child = compile "${name}-child" ''
+          #include <stdio.h>
+          #include <unistd.h>
+
+          int main(void) {
+            ${source}
+            while (1) sleep(1);
+            return 1;
+          }
+        '';
+      };
+
+      copyCanaries = with lib; concatMapStrings (canary: ''
+        ${optionalString (canary ? child) ''
+          copy_bin_and_libs "${canary.child}/bin/${canary.child.name}"
+        ''}
+        copy_bin_and_libs "${canary}/bin/${canary.name}"
+      '');
+
+    in copyCanaries [
+      # Simple canary process which just sleeps forever and should be killed by
+      # stage 2.
+      (daemonize "canary1" "while (1) sleep(1);")
+
+      # We want this canary process to try mimicking a kthread using a cmdline
+      # with a zero length so we can make sure that the process is properly
+      # killed in stage 1.
+      (mkCmdlineCanary {
+        name = "canary2";
+        source = ''
+          FILE *f;
+          f = fopen("/run/canary2.pid", "w");
+          fprintf(f, "%d\n", getpid());
+          fclose(f);
+        '';
+      })
+
+      # This canary process mimicks a storage daemon, which we do NOT want to be
+      # killed before going into stage 2. For more on root storage daemons, see:
+      # https://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons/
+      (mkCmdlineCanary {
+        name = "canary3";
+        cmdline = "@canary3";
+      })
+    ];
+
+    boot.initrd.postMountCommands = ''
+      canary1
+      canary2
+      canary3
+      # Make sure the pidfile of canary 2 is created so that we still can get
+      # its former pid after the killing spree starts next within stage 1.
+      while [ ! -s /run/canary2.pid ]; do sleep 0.1; done
+    '';
+  };
+
+  testScript = ''
+    $machine->waitForUnit("multi-user.target");
+    $machine->succeed('test -s /run/canary2.pid');
+    $machine->fail('pgrep -a canary1');
+    $machine->fail('kill -0 $(< /run/canary2.pid)');
+    $machine->succeed('pgrep -a -f \'^@canary3$\''');
+    $machine->succeed('pgrep -a -f \'^kcanary$\''');
+  '';
+
+  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];
+})

nixos/tests/chromium.nix

@@ -2,8 +2,8 @@ import ./make-test.nix (
 { pkgs
 , channelMap ? {
     stable = pkgs.chromium;
-    beta   = pkgs.chromiumBeta;
-    dev    = pkgs.chromiumDev;
+    #beta   = pkgs.chromiumBeta;
+    #dev    = pkgs.chromiumDev;
   }
 , ...
 }: rec {

nixos/tests/cjdns.nix

@@ -25,7 +25,7 @@ in
 import ./make-test.nix ({ pkgs, ...} : {
   name = "cjdns";
   meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ emery ];
+    maintainers = [ ehmry ];
   };
 
   nodes = rec
@@ -122,4 +122,4 @@ import ./make-test.nix ({ pkgs, ...} : {
 
       $bob->succeed("curl --fail -g http://[$aliceIp6]");
     '';
-})
+})

nixos/tests/common/user-account.nix

@@ -1,9 +1,14 @@
 { lib, ... }:
 
-{ users.extraUsers = lib.singleton
+{ users.extraUsers.alice =
     { isNormalUser = true;
-      name = "alice";
       description = "Alice Foobar";
       password = "foobar";
     };
+
+  users.extraUsers.bob =
+    { isNormalUser = true;
+      description = "Bob Foobar";
+      password = "foobar";
+    };
 }

nixos/tests/docker.nix

@@ -11,6 +11,8 @@ import ./make-test.nix ({ pkgs, ...} : {
       { config, pkgs, ... }:
         {
           virtualisation.docker.enable = true;
+          # FIXME: The default "devicemapper" storageDriver fails in NixOS VM
+          # tests.
           virtualisation.docker.storageDriver = "overlay";
         };
     };

nixos/tests/gnome3.nix

@@ -27,6 +27,7 @@ import ./make-test.nix ({ pkgs, ...} : {
       $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
 
       $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
+      $machine->succeed("xauth merge ~alice/.Xauthority");
       $machine->waitForWindow(qr/Terminal/);
       $machine->sleep(20);
       $machine->screenshot("screen");

nixos/tests/i3wm.nix

@@ -13,6 +13,8 @@ import ./make-test.nix ({ pkgs, ...} : {
 
   testScript = { nodes, ... }: ''
     $machine->waitForX;
+    $machine->waitForFile("/home/alice/.Xauthority");
+    $machine->succeed("xauth merge ~alice/.Xauthority");
     $machine->waitForWindow(qr/first configuration/);
     $machine->sleep(1);
     $machine->screenshot("started");

nixos/tests/installer.nix

@@ -370,6 +370,10 @@ in {
               "mdadm -W /dev/md1",
           );
         '';
+      preBootCommands = ''
+        $machine->start;
+        $machine->fail("dmesg | grep 'immediate safe mode'");
+      '';
     };
 
   # Test a basic install using GRUB 1.

nixos/tests/kde4.nix

@@ -41,11 +41,13 @@ import ./make-test.nix ({ pkgs, ... }: {
           pkgs.kde4.kdenetwork
           pkgs.kde4.kdetoys
           pkgs.kde4.kdewebdev
+          pkgs.xorg.xmessage
         ];
     };
 
-  testScript = '' 
+  testScript = ''
       $machine->waitUntilSucceeds("pgrep plasma-desktop");
+      $machine->succeed("xauth merge ~alice/.Xauthority");
       $machine->waitForWindow(qr/plasma-desktop/);
 
       # Check that logging in has given the user ownership of devices.
@@ -62,7 +64,7 @@ import ./make-test.nix ({ pkgs, ... }: {
 
       $machine->sleep(10);
 
-      $machine->screenshot("screen"); 
+      $machine->screenshot("screen");
     '';
 
 })

nixos/tests/lightdm.nix

@@ -22,6 +22,8 @@ import ./make-test.nix ({ pkgs, ...} : {
     $machine->waitForText(qr/${user.description}/);
     $machine->screenshot("lightdm");
     $machine->sendChars("${user.password}\n");
+    $machine->waitForFile("/home/alice/.Xauthority");
+    $machine->succeed("xauth merge ~alice/.Xauthority");
     $machine->waitForWindow("^IceWM ");
   '';
 })

nixos/tests/xfce.nix

@@ -15,11 +15,15 @@ import ./make-test.nix ({ pkgs, ...} : {
       services.xserver.displayManager.auto.user = "alice";
 
       services.xserver.desktopManager.xfce.enable = true;
+
+      environment.systemPackages = [ pkgs.xorg.xmessage ];
     };
 
   testScript =
     ''
       $machine->waitForX;
+      $machine->waitForFile("/home/alice/.Xauthority");
+      $machine->succeed("xauth merge ~alice/.Xauthority");
       $machine->waitForWindow(qr/xfce4-panel/);
       $machine->sleep(10);
 
@@ -30,5 +34,9 @@ import ./make-test.nix ({ pkgs, ...} : {
       $machine->waitForWindow(qr/Terminal/);
       $machine->sleep(10);
       $machine->screenshot("screen");
+
+      # Ensure that the X server does proper access control.
+      $machine->mustFail("su - bob -c 'DISPLAY=:0.0 xmessage Foo'");
+      $machine->mustFail("su - bob -c 'DISPLAY=:0 xmessage Foo'");
     '';
 })

pkgs/applications/altcoins/namecoind.nix

@@ -1,13 +1,13 @@
-{ stdenv, fetchurl, db4, boost, openssl, miniupnpc, unzip }:
+{ stdenv, fetchzip, db4, boost, openssl, miniupnpc, unzip }:
 
 with stdenv.lib;
 stdenv.mkDerivation rec {
   version = "0.3.80";
   name = "namecoind-${version}";
 
-  src = fetchurl {
+  src = fetchzip {
     url = "https://github.com/namecoin/namecoin/archive/nc${version}.tar.gz";
-    sha256 = "1755mqxpg91wg9hf0ibpj59sdzfmhh73yrpi7hfi2ipabkwmlpiz";
+    sha256 = "0mbkhj7y3f4vbqp5q3zk27bzqlk2kq71rcgivvj06w29fzd64mw6";
   };
 
   buildInputs = [ db4 boost openssl unzip miniupnpc ];

pkgs/applications/audio/gnaural/default.nix

@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
     { description = "Auditory binaural-beat generator";
       homepage = http://gnaural.sourceforge.net/;
       license = licenses.gpl2;
-      maintainers = [ maintainers.emery ];
+      maintainers = [ maintainers.ehmry ];
       platforms = platforms.linux;
     };
 }

pkgs/applications/audio/ladspa-sdk/default.nix

@@ -3,7 +3,7 @@ stdenv.mkDerivation rec {
   name = "ladspa-sdk-${version}";
   version = "1.13";
   src = fetchurl {
-    url = "http://www.ladspa.org/download/ladspa_sdk_${version}.tgz";
+    url = "http://http.debian.net/debian/pool/main/l/ladspa-sdk/ladspa-sdk_${version}.orig.tar.gz";
     sha256 = "0srh5n2l63354bc0srcrv58rzjkn4gv8qjqzg8dnq3rs4m7kzvdm";
   };
 
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
     description = "The SDK for the LADSPA audio plugin standard";
     longDescription = ''
       The LADSPA SDK, including the ladspa.h API header file,
-      ten example LADSPA plugins and 
+      ten example LADSPA plugins and
       three example programs (applyplugin, analyseplugin and listplugins).
     '';
     homepage = http://www.ladspa.org/ladspa_sdk/overview.html;

pkgs/applications/audio/ladspa-sdk/ladspah.nix

@@ -1,17 +1,26 @@
-{ runCommand, fetchurl }:
-
-let
-
+{ stdenv, fetchurl }:
+stdenv.mkDerivation rec {
+  name = "ladspa.h-${version}";
+  version = "1.13";
   src = fetchurl {
-    url = http://www.ladspa.org/ladspa_sdk/ladspa.h.txt;
-    sha256 = "1b908csn85ng9sz5s5d1mqk711cmawain2z8px2ajngihdrynb67";
+    url = "http://http.debian.net/debian/pool/main/l/ladspa-sdk/ladspa-sdk_${version}.orig.tar.gz";
+    sha256 = "0srh5n2l63354bc0srcrv58rzjkn4gv8qjqzg8dnq3rs4m7kzvdm";
   };
 
-in
-
-runCommand "ladspa.h"
-  { meta.description = "LADSPA format audio plugins"; }
-  ''
+  installPhase = ''
     mkdir -p $out/include
-    cp ${src} $out/include/ladspa.h
-  ''
+    cp src/ladspa.h $out/include/ladspa.h
+  '';
+
+  meta = {
+    description = "LADSPA format audio plugins header file";
+    longDescription = ''
+      The ladspa.h API header file from the LADSPA SDK.
+      For the full SDK, use the ladspa-sdk package.
+    '';
+    homepage = http://www.ladspa.org/ladspa_sdk/overview.html;
+    license = stdenv.lib.licenses.lgpl2;
+    maintainers = [ stdenv.lib.maintainers.magnetophon ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}

pkgs/applications/audio/meters_lv2/default.nix

@@ -40,7 +40,7 @@ stdenv.mkDerivation {
   meta = with stdenv.lib;
     { description = "Collection of audio level meters with GUI in LV2 plugin format";
       homepage = http://x42.github.io/meters.lv2/;
-      maintainers = with maintainers; [ emery ];
+      maintainers = with maintainers; [ ehmry ];
       license = licenses.gpl2;
       platforms = platforms.linux;
     };

pkgs/applications/audio/picard/default.nix

@@ -35,7 +35,7 @@ buildPythonPackage {
   meta = with stdenv.lib; {
     homepage = "http://musicbrainz.org/doc/MusicBrainz_Picard";
     description = "The official MusicBrainz tagger";
-    maintainers = with maintainers; [ emery ];
+    maintainers = with maintainers; [ ehmry ];
     license = licenses.gpl2;
     platforms = platforms.all;
   };

pkgs/applications/audio/spotify/default.nix

@@ -1,20 +1,21 @@
-{ fetchurl, stdenv, dpkg, xorg, qt4, alsaLib, makeWrapper, openssl, freetype
+{ fetchurl, stdenv, dpkg, xorg, alsaLib, makeWrapper, openssl, freetype
 , glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
-, libgcrypt, chromium, udev, fontconfig
-, dbus, expat }:
+, libgcrypt, udev, fontconfig, dbus, expat, ffmpeg_0_10, curl, zlib, gnome }:
 
 assert stdenv.system == "x86_64-linux";
 
 let
-  version = "0.9.17.1.g9b85d43.7";
+  version = "1.0.27.71.g0a26e3b2-9";
 
   deps = [
     alsaLib
     atk
     cairo
     cups
+    curl
     dbus
     expat
+    ffmpeg_0_10
     fontconfig
     freetype
     GConf
@@ -25,19 +26,20 @@ let
     libpng
     nss
     pango
-    qt4
     stdenv.cc.cc
     udev
     xorg.libX11
     xorg.libXcomposite
+    xorg.libXcursor
     xorg.libXdamage
     xorg.libXext
     xorg.libXfixes
     xorg.libXi
     xorg.libXrandr
     xorg.libXrender
-    xorg.libXrender
     xorg.libXScrnSaver
+    xorg.libXtst
+    zlib
   ];
 
 in
@@ -47,8 +49,8 @@ stdenv.mkDerivation {
 
   src =
     fetchurl {
-      url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}-1_amd64.deb";
-      sha256 = "0x87q7gd2997sgppsm4lmdiz1cm11x5vnd5c34nqb5d4ry5qfyki";
+      url = "http://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
+      sha256 = "1rs08cvn0y1lzazlmzj4sn2iyacadwi6j70n5c7rvfvvs4p61p42";
     };
 
   buildInputs = [ dpkg makeWrapper ];
@@ -60,8 +62,8 @@ stdenv.mkDerivation {
       libdir=$out/lib/spotify
       mkdir -p $libdir
       dpkg-deb -x $src $out
-      mv $out/opt/spotify/* $out/
-      rm -rf $out/usr $out/opt
+      mv $out/usr/* $out/
+      rm -rf $out/usr
 
       # Work around Spotify referring to a specific minor version of
       # OpenSSL.
@@ -71,33 +73,29 @@ stdenv.mkDerivation {
       ln -s ${nspr}/lib/libnspr4.so $libdir/libnspr4.so
       ln -s ${nspr}/lib/libplc4.so $libdir/libplc4.so
 
-      mkdir -p $out/bin
-
-      rpath="$out/spotify-client/Data:$libdir:$out/spotify-client:${stdenv.cc.cc}/lib64"
-
-      ln -s $out/spotify-client/spotify $out/bin/spotify
+      rpath="$out/share/spotify:$libdir"
 
       patchelf \
         --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
-        --set-rpath $rpath $out/spotify-client/spotify
+        --set-rpath $rpath $out/share/spotify/spotify
 
-      patchelf \
-        --interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
-        --set-rpath $rpath $out/spotify-client/Data/SpotifyHelper
-
-      preload=$out/libexec/spotify/libpreload.so
       librarypath="${stdenv.lib.makeLibraryPath deps}:$libdir"
-      mkdir -p $out/libexec/spotify
-      gcc -shared ${./preload.c} -o $preload -ldl -DOUT=\"$out\" -fPIC
-
-      wrapProgram $out/bin/spotify --set LD_PRELOAD $preload --prefix LD_LIBRARY_PATH : "$librarypath"
-      wrapProgram $out/spotify-client/Data/SpotifyHelper --set LD_PRELOAD $preload --prefix LD_LIBRARY_PATH : "$librarypath"
+      wrapProgram $out/share/spotify/spotify \
+        --prefix LD_LIBRARY_PATH : "$librarypath" \
+        --prefix PATH : "${gnome.zenity}/bin"
 
       # Desktop file
       mkdir -p "$out/share/applications/"
-      cp "$out/spotify-client/spotify.desktop" "$out/share/applications/"
-      sed -i "s|Icon=.*|Icon=$out/spotify-client/Icons/spotify-linux-512.png|" "$out/share/applications/spotify.desktop"
-    ''; # */
+      cp "$out/share/spotify/spotify.desktop" "$out/share/applications/"
+
+      # Icons
+      for i in 16 22 24 32 48 64 128 256 512; do
+        ixi="$i"x"$i"
+        mkdir -p "$out/share/icons/hicolor/$ixi/apps"
+        ln -s "$out/share/spotify/icons/spotify-linux-$i.png" \
+          "$out/share/icons/hicolor/$ixi/apps/spotify-client.png"
+      done
+    '';
 
   dontStrip = true;
   dontPatchELF = true;

pkgs/applications/audio/spotify/preload.c

@@ -1,66 +0,0 @@
-/* Spotify looks for its theme data in /usr/share/spotify/theme.  This
-   LD_PRELOAD library intercepts open() and stat() calls to redirect
-   them to the corresponding location in $out. */
-
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <dlfcn.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <limits.h>
-
-char themeDir [] = "/usr/share/spotify/theme";
-char realThemeDir [] = OUT "/share/spotify/theme";
-
-const char * rewrite(const char * path, char * buf)
-{
-    if (strncmp(path, themeDir, sizeof(themeDir) - 1) != 0) return path;
-    if (snprintf(buf, PATH_MAX, "%s%s", realThemeDir, path + sizeof(themeDir) - 1) >= PATH_MAX)
-        abort();
-    return buf;
-}
-
-int open(const char *path, int flags, ...)
-{
-    char buf[PATH_MAX];
-    int (*_open) (const char *, int, mode_t) = dlsym(RTLD_NEXT, "open");
-    mode_t mode = 0;
-    if (flags & O_CREAT) {
-        va_list ap;
-        va_start(ap, flags);
-        mode = va_arg(ap, mode_t);
-        va_end(ap);
-    }
-    return _open(rewrite(path, buf), flags, mode);
-}
-
-int open64(const char *path, int flags, ...)
-{
-    char buf[PATH_MAX];
-    int (*_open64) (const char *, int, mode_t) = dlsym(RTLD_NEXT, "open64");
-    mode_t mode = 0;
-    if (flags & O_CREAT) {
-        va_list ap;
-        va_start(ap, flags);
-        mode = va_arg(ap, mode_t);
-        va_end(ap);
-    }
-    return _open64(rewrite(path, buf), flags, mode);
-}
-
-int __xstat64(int ver, const char *path, struct stat64 *st)
-{
-    char buf[PATH_MAX];
-    int (*___xstat64) (int ver, const char *, struct stat64 *) = dlsym(RTLD_NEXT, "__xstat64");
-    return ___xstat64(ver, rewrite(path, buf), st);
-}
-
-int access(const char *path, int mode)
-{
-    char buf[PATH_MAX];
-    int (*_access) (const char *path, int mode) = dlsym(RTLD_NEXT, "access");
-    return _access(rewrite(path, buf), mode);
-}

pkgs/applications/audio/yoshimi/default.nix

@@ -1,20 +1,20 @@
 { stdenv, fetchurl, alsaLib, boost, cairo, cmake, fftwSinglePrec, fltk
-, libjack2, libsndfile, lv2, mesa, minixml, pkgconfig, zlib, xorg
+, libjack2, libsndfile, readline, lv2, mesa, minixml, pkgconfig, zlib, xorg
 }:
 
 assert stdenv ? glibc;
 
 stdenv.mkDerivation  rec {
   name = "yoshimi-${version}";
-  version = "1.3.5.2";
+  version = "1.3.7.1";
 
   src = fetchurl {
     url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
-    sha256 = "001xvwknsm1sv5lvwz7f6dgf57b8djbpwbyk2gfxjy9rzl5q53qr";
+    sha256 = "13xc1x8jrr2rn26jx4dini692ww3771d5j5xf7f56ixqr7mmdhvz";
   };
 
   buildInputs = [
-    alsaLib boost cairo fftwSinglePrec fltk libjack2 libsndfile lv2 mesa
+    alsaLib boost cairo fftwSinglePrec fltk libjack2 libsndfile readline lv2 mesa
     minixml zlib xorg.libpthreadstubs
   ];
 
@@ -22,7 +22,7 @@ stdenv.mkDerivation  rec {
 
   preConfigure = "cd src";
 
-  cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc}/lib/libm.so" ];
+  cmakeFlags = [ "-DFLTK_MATH_LIBRARY=${stdenv.glibc}/lib/libm.so -DCMAKE_INSTALL_DATAROOTDIR=$out" ];
 
   meta = with stdenv.lib; {
     description = "high quality software synthesizer based on ZynAddSubFX";

pkgs/applications/backup/crashplan/default.nix

@@ -16,6 +16,7 @@ in stdenv.mkDerivation rec {
     description = "An online/offline backup solution";
     homepage = "http://www.crashplan.org";
     license = licenses.unfree;
+    broken = true;  # outdated and new client has trouble starting (nullpointer exception)
     maintainers = with maintainers; [ sztupi iElectric ];
   };