disnix: 0.7.1 -> 0.7.2

(cherry picked from commit 94f0a6793b)
sublime3: fixes missing build inputs
2026-06-10 15:23:43 +00:00 · 2017-07-26 19:24:34 +00:00 · 2017-07-19 10:45:56 +01:00 · 2017-07-11 00:27:58 +02:00 · 2017-06-01 08:17:42 +01:00 · 2017-05-31 09:57:20 +00:00
5958 changed files with 105505 additions and 167458 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,28 +0,0 @@
-# EditorConfig configuration for nixpkgs
-# http://EditorConfig.org
-
-# Top-most EditorConfig file
-root = true
-
-# Unix-style newlines with a newline ending every file, utf-8 charset
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-charset = utf-8
-
-# see https://nixos.org/nixpkgs/manual/#chap-conventions
-
-# Match nix/ruby files, set indent to spaces with width of two
-[*.{nix,rb}]
-indent_style = space
-indent_size = 2
-
-# Match shell/python/perl scripts, set indent to spaces with width of four
-[*.{sh,py,pl}]
-indent_style = space
-indent_size = 4
-
-# Match diffs, avoid to trim trailing whitespace
-[*.{diff,patch}]
-trim_trailing_whitespace = false
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -14,22 +14,14 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.

 * Format the commits in the following way:

-  ```
-  (pkg-name | service-name): (from -> to | init at version | refactor | etc)
-  
-  (Motivation for change. Additional information.)
-  ```
+  `(pkg-name | service-name): (from -> to | init at version | refactor | etc)`

  Examples:

  * nginx: init at 2.0.1
  * firefox: 3.0 -> 3.1.1
  * hydra service: add bazBaz option
-  
-    Dual baz behavior is needed to do foo.
  * nginx service: refactor config generation
-    
-    The old config generation system used impure shell scripts and could break in specific circumstances (see #1234).

 * `meta.description` should:
  * Be capitalized
@@ -38,12 +30,6 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.

 See the nixpkgs manual for more details on how to [Submit changes to nixpkgs](https://nixos.org/nixpkgs/manual/#chap-submitting-changes).

-## Writing good commit messages
-
-In addition to writing properly formatted commit messages, it's important to include relevant information so other developers can later understand *why* a change was made. While this information usually can be found by digging code, mailing list archives, pull request discussions or upstream changes, it may require a lot of work.
-
-For package version upgrades and such a one-line commit message is usually sufficient.
-
 ## Reviewing contributions

 See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#sec-reviewing-contributions).
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -4,12 +4,12 @@
 ###### Things done

 - [ ] Tested using sandboxing
-  ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
-    or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
+  ([nix.useChroot](http://nixos.org/nixos/manual/options.html#opt-nix.useChroot) on NixOS,
+    or option `build-use-chroot` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
    on non-NixOS)
 - Built on platform(s)
   - [ ] NixOS
-   - [ ] macOS
+   - [ ] OS X
   - [ ] Linux
 - [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nox --run "nox-review wip"`
 - [ ] Tested execution of all binary files (usually in `./result/bin/`)
--- a/.mention-bot
+++ b/.mention-bot
@@ -1,14 +1,6 @@
 {
  "userBlacklist": [
    "civodul",
-    "jhasse",
-    "shlevy",
-    "bbenoist"
-  ],
-  "alwaysNotifyForPaths": [
-    { "name": "FRidh", "files": ["pkgs/top-level/python-packages.nix", "pkgs/development/interpreters/python/*", "pkgs/development/python-modules/*" ] },
-    { "name": "LnL7", "files": ["pkgs/stdenv/darwin/*", "pkgs/os-specific/darwin/*"] },
-    { "name": "copumpkin", "files": ["pkgs/stdenv/darwin/*", "pkgs/os-specific/darwin/apple-source-releases/*"] }
-  ],
-  "fileBlacklist": ["pkgs/top-level/all-packages.nix"]
+    "jhasse"
+  ]
 }
--- a/.travis.yml
+++ b/.travis.yml
@@ -4,7 +4,7 @@ matrix:
        - os: linux
          sudo: false
          script:
-              - ./maintainers/scripts/travis-nox-review-pr.sh nixpkgs-verify nixpkgs-manual nixpkgs-tarball nixpkgs-unstable
+              - ./maintainers/scripts/travis-nox-review-pr.sh nixpkgs-verify nixpkgs-manual nixpkgs-tarball
              - ./maintainers/scripts/travis-nox-review-pr.sh nixos-options nixos-manual
        - os: linux
          sudo: required
--- a/.version
+++ b/.version
@@ -1 +1 @@
-17.03
+16.09
--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-Copyright (c) 2003-2017 Eelco Dolstra and the Nixpkgs/NixOS contributors
+Copyright (c) 2003-2016 Eelco Dolstra and the Nixpkgs/NixOS contributors

 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
--- a/README.md
+++ b/README.md
@@ -2,6 +2,8 @@

 [![Build Status](https://travis-ci.org/NixOS/nixpkgs.svg?branch=master)](https://travis-ci.org/NixOS/nixpkgs)
 [![Code Triagers Badge](https://www.codetriage.com/nixos/nixpkgs/badges/users.svg)](https://www.codetriage.com/nixos/nixpkgs)
+[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/pr?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)
+[![Issue Stats](http://www.issuestats.com/github/nixos/nixpkgs/badge/issue?style=flat)](http://www.issuestats.com/github/nixos/nixpkgs)

 Nixpkgs is a collection of packages for the [Nix](https://nixos.org/nix/) package
 manager. It is periodically built and tested by the [hydra](http://hydra.nixos.org/)
@@ -13,12 +15,12 @@ build daemon as so-called channels. To get channel information via git, add
 ```

 For stability and maximum binary package support, it is recommended to maintain
-custom changes on top of one of the channels, e.g. `nixos-17.03` for the latest
+custom changes on top of one of the channels, e.g. `nixos-16.09` for the latest
 release and `nixos-unstable` for the latest successful build of master:

 ```
 % git remote update channels
-% git rebase channels/nixos-17.03
+% git rebase channels/nixos-16.09
 ```

 For pull-requests, please rebase onto nixpkgs `master`.
@@ -32,9 +34,9 @@ For pull-requests, please rebase onto nixpkgs `master`.
 * [Manual (NixOS)](https://nixos.org/nixos/manual/)
 * [Nix Wiki](https://nixos.org/wiki/) (deprecated, see milestone ["Move the Wiki!"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aopen+is%3Aissue+milestone%3A%22Move+the+wiki%21%22))
 * [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
-* [Continuous package builds for 17.03 release](https://hydra.nixos.org/jobset/nixos/release-17.03)
+* [Continuous package builds for 16.09 release](https://hydra.nixos.org/jobset/nixos/release-16.09)
 * [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
-* [Tests for 17.03 release](https://hydra.nixos.org/job/nixos/release-17.03/tested#tabs-constituents)
+* [Tests for 16.09 release](https://hydra.nixos.org/job/nixos/release-16.09/tested#tabs-constituents)

 Communication:

--- a/doc/configuration.xml
+++ b/doc/configuration.xml
@@ -2,223 +2,85 @@
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xml:id="chap-packageconfig">

-<title>Global configuration</title>
+<title><filename>~/.nixpkgs/config.nix</filename>: global configuration</title>

-<para>Nix comes with certain defaults about what packages can and
-cannot be installed, based on a package's metadata. By default, Nix
-will prevent installation if any of the following criteria are
-true:</para>
+<para>Nix packages can be configured to allow or deny certain options.</para>

-<itemizedlist>
-  <listitem><para>The package is thought to be broken, and has had
-  its <literal>meta.broken</literal> set to
-  <literal>true</literal>.</para></listitem>
+<para>To apply the configuration edit
+<filename>~/.nixpkgs/config.nix</filename> and set it like

-  <listitem><para>The package's <literal>meta.license</literal> is set
-  to a license which is considered to be unfree.</para></listitem>
-
-  <listitem><para>The package has known security vulnerabilities but
-  has not or can not be updated for some reason, and a list of issues
-  has been entered in to the package's
-  <literal>meta.knownVulnerabilities</literal>.</para></listitem>
-</itemizedlist>
-
-<para>Note that all this is checked during evaluation already,
-and the check includes any package that is evaluated.
-In particular, all build-time dependencies are checked.
-<literal>nix-env -qa</literal> will (attempt to) hide any packages
-that would be refused.
-</para>
-
-<para>Each of these criteria can be altered in the nixpkgs
-configuration.</para>
-
-<para>The nixpkgs configuration for a NixOS system is set in the
-<literal>configuration.nix</literal>, as in the following example:
-<programlisting>
-{
-  nixpkgs.config = {
-    allowUnfree = true;
-  };
-}
-</programlisting>
-However, this does not allow unfree software for individual users.
-Their configurations are managed separately.</para>
-
-<para>A user's of nixpkgs configuration is stored in a user-specific
-configuration file located at
-<filename>~/.config/nixpkgs/config.nix</filename>. For example:
 <programlisting>
 {
  allowUnfree = true;
 }
 </programlisting>
-</para>

-<section xml:id="sec-allow-broken">
-  <title>Installing broken packages</title>
+and will allow the Nix package manager to install unfree licensed packages.</para>

+<para>The configuration as listed also applies to NixOS under
+<option>nixpkgs.config</option> set.</para>

-  <para>There are two ways to try compiling a package which has been
-  marked as broken.</para>
+<itemizedlist>

-  <itemizedlist>
-    <listitem><para>
-      For allowing the build of a broken package once, you can use an
-      environment variable for a single invocation of the nix tools:
+  <listitem>
+    <para>Allow installing of packages that are distributed under
+    unfree license by setting <programlisting>allowUnfree =
+    true;</programlisting> or deny them by setting it to
+    <literal>false</literal>.</para>

-      <programlisting>$ export NIXPKGS_ALLOW_BROKEN=1</programlisting>
-    </para></listitem>
-
-    <listitem><para>
-      For permanently allowing broken packages to be built, you may
-      add <literal>allowBroken = true;</literal> to your user's
-      configuration file, like this:
+    <para>Same can be achieved by setting the environment variable:

 <programlisting>
-{
-  allowBroken = true;
-}
+$ export NIXPKGS_ALLOW_UNFREE=1
 </programlisting>
-    </para></listitem>
-  </itemizedlist>
-</section>

-<section xml:id="sec-allow-unfree">
-  <title>Installing unfree packages</title>
+    </para>
+  </listitem>

-  <para>There are several ways to tweak how Nix handles a package
-  which has been marked as unfree.</para>
-
-  <itemizedlist>
-    <listitem><para>
-      To temporarily allow all unfree packages, you can use an
-      environment variable for a single invocation of the nix tools:
-
-      <programlisting>$ export NIXPKGS_ALLOW_UNFREE=1</programlisting>
-    </para></listitem>
-
-    <listitem><para>
-      It is possible to permanently allow individual unfree packages,
-      while still blocking unfree packages by default using the
-      <literal>allowUnfreePredicate</literal> configuration
-      option in the user configuration file.</para>
-
-      <para>This option is a function which accepts a package as a
-      parameter, and returns a boolean. The following example
-      configuration accepts a package and always returns false:
-<programlisting>
-{
-  allowUnfreePredicate = (pkg: false);
-}
-</programlisting>
-      </para>
-
-      <para>A more useful example, the following configuration allows
-      only allows flash player and visual studio code:
+  <listitem>
+    <para>Whenever unfree packages are not allowed, single packages
+    can still be allowed by a predicate function that accepts package
+    as an argument and should return a boolean:

 <programlisting>
-{
-  allowUnfreePredicate = (pkg: elem (builtins.parseDrvName pkg.name).name [ "flashplayer" "vscode" ]);
-}
+allowUnfreePredicate = (pkg: ...);
 </programlisting>
-    </para></listitem>

-    <listitem>
-      <para>It is also possible to whitelist and blacklist licenses
-      that are specifically acceptable or not acceptable, using
-      <literal>whitelistedLicenses</literal> and
-      <literal>blacklistedLicenses</literal>, respectively.
-      </para>
-
-      <para>The following example configuration whitelists the
-      licenses <literal>amd</literal> and <literal>wtfpl</literal>:
+    Example to allow flash player and visual studio code only:

 <programlisting>
-{
-  whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
-}
+allowUnfreePredicate = with builtins; (pkg: elem (parseDrvName pkg.name).name [ "flashplayer" "vscode" ]);
 </programlisting>
-      </para>

-      <para>The following example configuration blacklists the
-      <literal>gpl3</literal> and <literal>agpl3</literal> licenses:
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>Whenever unfree packages are not allowed, packages can still
+    be whitelisted by their license:

 <programlisting>
-{
-  blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
-}
+whitelistedLicenses = with stdenv.lib.licenses; [ amd wtfpl ];
 </programlisting>
-      </para>
-    </listitem>
-  </itemizedlist>
+    </para>
+  </listitem>

-  <para>A complete list of licenses can be found in the file
-  <filename>lib/licenses.nix</filename> of the nixpkgs tree.</para>
-</section>
-
-
-<section xml:id="sec-allow-insecure">
-  <title>
-    Installing insecure packages
-  </title>
-
-  <para>There are several ways to tweak how Nix handles a package
-  which has been marked as insecure.</para>
-
-  <itemizedlist>
-    <listitem><para>
-      To temporarily allow all insecure packages, you can use an
-      environment variable for a single invocation of the nix tools:
-
-      <programlisting>$ export NIXPKGS_ALLOW_INSECURE=1</programlisting>
-    </para></listitem>
-
-    <listitem><para>
-      It is possible to permanently allow individual insecure
-      packages, while still blocking other insecure packages by
-      default using the <literal>permittedInsecurePackages</literal>
-      configuration option in the user configuration file.</para>
-
-      <para>The following example configuration permits the
-      installation of the hypothetically insecure package
-      <literal>hello</literal>, version <literal>1.2.3</literal>:
-<programlisting>
-{
-  permittedInsecurePackages = [
-    "hello-1.2.3"
-  ];
-}
-</programlisting>
-      </para>
-    </listitem>
-
-    <listitem><para>
-      It is also possible to create a custom policy around which
-      insecure packages to allow and deny, by overriding the
-      <literal>allowInsecurePredicate</literal> configuration
-      option.</para>
-
-      <para>The <literal>allowInsecurePredicate</literal> option is a
-      function which accepts a package and returns a boolean, much
-      like <literal>allowUnfreePredicate</literal>.</para>
-
-      <para>The following configuration example only allows insecure
-      packages with very short names:
+  <listitem>
+    <para>In addition to whitelisting licenses which are denied by the
+    <literal>allowUnfree</literal> setting, you can also explicitely
+    deny installation of packages which have a certain license:

 <programlisting>
-{
-  allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
-}
+blacklistedLicenses = with stdenv.lib.licenses; [ agpl3 gpl3 ];
 </programlisting>
-      </para>
+    </para>
+  </listitem>
+
+</itemizedlist>
+
+<para>A complete list of licenses can be found in the file
+<filename>lib/licenses.nix</filename> of the nix package tree.</para>

-      <para>Note that <literal>permittedInsecurePackages</literal> is
-      only checked if <literal>allowInsecurePredicate</literal> is not
-      specified.
-    </para></listitem>
-  </itemizedlist>
-</section>

 <!--============================================================-->

@@ -227,7 +89,7 @@ packages via <literal>packageOverrides</literal></title>

 <para>You can define a function called
 <varname>packageOverrides</varname> in your local
-<filename>~/.config/nixpkgs/config.nix</filename> to overide nix packages.  It
+<filename>~/.nixpkgs/config.nix</filename> to overide nix packages.  It
 must be a function that takes pkgs as an argument and return modified
 set of packages.

--- a/doc/cross-compilation.xml
+++ b/doc/cross-compilation.xml
@@ -1,168 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="chap-cross">
-
-<title>Cross-compilation</title>
-
-<section xml:id="sec-cross-intro">
-  <title>Introduction</title>
-  <para>
-    "Cross-compilation" means compiling a program on one machine for another type of machine.
-    For example, a typical use of cross compilation is to compile programs for embedded devices.
-    These devices often don't have the computing power and memory to compile their own programs.
-    One might think that cross-compilation is a fairly niche concern, but there are advantages to being rigorous about distinguishing build-time vs run-time environments even when one is developing and deploying on the same machine.
-    Nixpkgs is increasingly adopting this opinion in that packages should be written with cross-compilation in mind, and nixpkgs should evaluate in a similar way (by minimizing cross-compilation-specific special cases) whether or not one is cross-compiling.
-  </para>
-
-  <para>
-    This chapter will be organized in three parts.
-    First, it will describe the basics of how to package software in a way that supports cross-compilation.
-    Second, it will describe how to use Nixpkgs when cross-compiling.
-    Third, it will describe the internal infrastructure supporting cross-compilation.
-  </para>
-</section>
-
-<!--============================================================-->
-
-<section xml:id="sec-cross-packaging">
-  <title>Packaging in a cross-friendly manner</title>
-
-  <section>
-    <title>Platform parameters</title>
-    <para>
-      The three GNU Autoconf platforms, <wordasword>build</wordasword>, <wordasword>host</wordasword>, and <wordasword>cross</wordasword>, are historically the result of much confusion.
-      <link xlink:href="https://gcc.gnu.org/onlinedocs/gccint/Configure-Terms.html" /> clears this up somewhat but there is more to be said.
-      An important advice to get out the way is, unless you are packaging a compiler or other build tool, just worry about the build and host platforms.
-      Dealing with just two platforms usually better matches people's preconceptions, and in this case is completely correct.
-    </para>
-    <para>
-      In Nixpkgs, these three platforms are defined as attribute sets under the names <literal>buildPlatform</literal>, <literal>hostPlatform</literal>, and <literal>targetPlatform</literal>.
-      All are guaranteed to contain at least a <varname>platform</varname> field, which contains detailed information on the platform.
-      All three are always defined at the top level, so one can get at them just like a dependency in a function that is imported with <literal>callPackage</literal>:
-      <programlisting>{ stdenv, buildPlatform, hostPlatform, fooDep, barDep, .. }: ...</programlisting>
-    </para>
-    <warning><para>
-      These platforms should all have the same structure in all scenarios, but that is currently not the case.
-      When not cross-compiling, they will each contain a <literal>system</literal> field with a short 2-part, hyphen-separated summering string name for the platform.
-      But, when when cross compiling, <literal>hostPlatform</literal> and <literal>targetPlatform</literal> may instead contain <literal>config</literal> with a fuller 3- or 4-part string in the manner of LLVM.
-      We should have all 3 platforms always contain both, and maybe give <literal>config</literal> a better name while we are at it.
-    </para></warning>
-    <variablelist>
-      <varlistentry>
-        <term><varname>buildPlatform</varname></term>
-        <listitem><para>
-          The "build platform" is the platform on which a package is built.
-          Once someone has a built package, or pre-built binary package, the build platform should not matter and be safe to ignore.
-        </para></listitem>
-      </varlistentry>
-      <varlistentry>
-        <term><varname>hostPlatform</varname></term>
-        <listitem><para>
-          The "host platform" is the platform on which a package is run.
-          This is the simplest platform to understand, but also the one with the worst name.
-        </para></listitem>
-      </varlistentry>
-      <varlistentry>
-        <term><varname>targetPlatform</varname></term>
-        <listitem>
-          <para>
-            The "target platform" is black sheep.
-            The other two intrinsically apply to all compiled software—or any build process with a notion of "build-time" followed by "run-time".
-            The target platform only applies to programming tools, and even then only is a good for for some of them.
-            Briefly, GCC, Binutils, GHC, and certain other tools are written in such a way such that a single build can only compiler code for a single platform.
-            Thus, when building them, one must think ahead about what platforms they wish to use the tool to produce machine code for, and build binaries for each.
-          </para>
-          <para>
-            There is no fundamental need to think about the target ahead of time like this.
-            LLVM, for example, was designed from the beginning with cross-compilation in mind, and so a normal LLVM binary will support every architecture that LLVM supports.
-            If the tool supports modular or pluggable backends, one might imagine specifying a <emphasis>set</emphasis> of target platforms / backends one wishes to support, rather than a single one.
-          </para>
-          <para>
-            The biggest reason for mess, if there is one, is that many compilers have the bad habit a build process that builds the compiler and standard library/runtime together.
-            Then the specifying target platform is essential, because it determines the host platform of the standard library/runtime.
-            Nixpkgs tries to avoid this where possible too, but still, because the concept of a target platform is so ingrained now in Autoconf and other tools, it is best to support it as is.
-            Tools like LLVM that don't need up-front target platforms can safely ignore it like normal packages, and it will do no harm.
-          </para>
-          </listitem>
-      </varlistentry>
-    </variablelist>
-    <note><para>
-      If you dig around nixpkgs, you may notice there is also <varname>stdenv.cross</varname>.
-      This field defined as <varname>hostPlatform</varname> when the host and build platforms differ, but otherwise not defined at all.
-      This field is obsolete and will soon disappear—please do not use it.
-    </para></note>
-  </section>
-
-  <section>
-    <title>Specifying Dependencies</title>
-    <para>
-      As mentioned in the introduction to this chapter, one can think about a build time vs run time distinction whether cross-compiling or not.
-      In the case of cross-compilation, this corresponds with whether a derivation running on the native or foreign platform is produced.
-      An interesting thing to think about is how this corresponds with the three Autoconf platforms.
-      In the run-time case, the depending and depended-on package simply have matching build, host, and target platforms.
-      But in the build-time case, one can imagine "sliding" the platforms one over.
-      The depended-on package's host and target platforms (respectively) become the depending package's build and host platforms.
-      This is the most important guiding principle behind cross-compilation with Nixpkgs, and will be called the <wordasword>sliding window principle</wordasword>.
-      In this manner, given the 3 platforms for one package, we can determine the three platforms for all its transitive dependencies.
-    </para>
-    <para>
-      Some examples will probably make this clearer.
-      If a package is being built with a <literal>(build, host, target)</literal> platform triple of <literal>(foo, bar, bar)</literal>, then its build-time dependencies would have a triple of <literal>(foo, foo, bar)</literal>, and <emphasis>those packages'</emphasis> build-time dependencies would have triple of <literal>(foo, foo, foo)</literal>.
-      In other words, it should take two "rounds" of following build-time dependency edges before one reaches a fixed point where, by the sliding window principle, the platform triple no longer changes.
-      Indeed, this happens with cross compilation, where only rounds of native dependencies starting with the second necessarily coincide with native packages.
-    </para>
-    <note><para>
-      The depending package's target platform is unconstrained by the sliding window principle, which makes sense in that one can in principle build cross compilers targeting arbitrary platforms.
-    </para></note>
-    <para>
-      How does this work in practice? Nixpkgs is now structured so that build-time dependencies are taken from from <varname>buildPackages</varname>, whereas run-time dependencies are taken from the top level attribute set.
-      For example, <varname>buildPackages.gcc</varname> should be used at build time, while <varname>gcc</varname> should be used at run time.
-      Now, for most of Nixpkgs's history, there was no <varname>buildPackages</varname>, and most packages have not been refactored to use it explicitly.
-      Instead, one can use the four attributes used for specifying dependencies as documented in <link linkend="ssec-stdenv-attributes" />.
-      We "splice" together the run-time and build-time package sets with <varname>callPackage</varname>, and then <varname>mkDerivation</varname> for each of four attributes pulls the right derivation out.
-      This splicing can be skipped when not cross compiling as the package sets are the same, but is a bit slow for cross compiling.
-      Because of this, a best-of-both-worlds solution is in the works with no splicing or explicit access of <varname>buildPackages</varname> needed.
-      For now, feel free to use either method.
-    </para>
-  </section>
-
-</section>
-
-<!--============================================================-->
-
-<section xml:id="sec-cross-usage">
-  <title>Cross-building packages</title>
-  <note><para>
-    More information needs to moved from the old wiki, especially <link xlink:href="https://nixos.org/wiki/CrossCompiling" />, for this section.
-  </para></note>
-  <para>
-    Many sources (manual, wiki, etc) probably mention passing <varname>system</varname>, <varname>platform</varname>, and, optionally, <varname>crossSystem</varname> to nixpkgs:
-    <literal>import &lt;nixpkgs&gt; { system = ..; platform = ..; crossSystem = ..; }</literal>.
-    <varname>system</varname> and <varname>platform</varname> together determine the system on which packages are built, and <varname>crossSystem</varname> specifies the platform on which packages are ultimately intended to run, if it is different.
-    This still works, but with more recent changes, one can alternatively pass <varname>localSystem</varname>, containing <varname>system</varname> and <varname>platform</varname>, for symmetry.
-  </para>
-  <para>
-    One would think that <varname>localSystem</varname> and <varname>crossSystem</varname> overlap horribly with the three <varname>*Platforms</varname> (<varname>buildPlatform</varname>, <varname>hostPlatform,</varname> and <varname>targetPlatform</varname>; see <varname>stage.nix</varname> or the manual).
-    Actually, those identifiers are purposefully not used here to draw a subtle but important distinction:
-    While the granularity of having 3 platforms is necessary to properly *build* packages, it is overkill for specifying the user's *intent* when making a build plan or package set.
-    A simple "build vs deploy" dichotomy is adequate: the sliding window principle described in the previous section shows how to interpolate between the these two "end points" to get the 3 platform triple for each bootstrapping stage.
-    That means for any package a given package set, even those not bound on the top level but only reachable via dependencies or <varname>buildPackages</varname>, the three platforms will be defined as one of <varname>localSystem</varname> or <varname>crossSystem</varname>, with the former replacing the latter as one traverses build-time dependencies.
-    A last simple difference then is <varname>crossSystem</varname> should be null when one doesn't want to cross-compile, while the <varname>*Platform</varname>s are always non-null.
-    <varname>localSystem</varname> is always non-null.
-  </para>
-</section>
-
-<!--============================================================-->
-
-<section xml:id="sec-cross-infra">
-  <title>Cross-compilation infrastructure</title>
-  <para>To be written.</para>
-  <note><para>
-    If one explores nixpkgs, they will see derivations with names like <literal>gccCross</literal>.
-    Such <literal>*Cross</literal> derivations is a holdover from before we properly distinguished between the host and target platforms
-    —the derivation with "Cross" in the name covered the <literal>build = host != target</literal> case, while the other covered the <literal>host = target</literal>, with build platform the same or not based on whether one was using its <literal>.nativeDrv</literal> or <literal>.crossDrv</literal>.
-    This ugliness will disappear soon.
-  </para></note>
-</section>
-
-</chapter>
--- a/doc/default.nix
+++ b/doc/default.nix
@@ -60,22 +60,10 @@ pkgs.stdenv.mkDerivation {
      inputFile = ../pkgs/development/idris-modules/README.md;
      outputFile = "languages-frameworks/idris.xml";
    }
-  + toDocbook {
-      inputFile = ../pkgs/development/node-packages/README.md;
-      outputFile = "languages-frameworks/node.xml";
-    }
  + toDocbook {
      inputFile = ../pkgs/development/r-modules/README.md;
      outputFile = "languages-frameworks/r.xml";
    }
-  + toDocbook {
-      inputFile = ./languages-frameworks/rust.md;
-      outputFile = "./languages-frameworks/rust.xml";
-    }
-  + toDocbook {
-      inputFile = ./languages-frameworks/vim.md;
-      outputFile = "./languages-frameworks/vim.xml";
-    }
  + ''
    echo ${lib.nixpkgsVersion} > .version

@@ -105,9 +93,7 @@ pkgs.stdenv.mkDerivation {

    cp -r $dst/images $dst/epub/OEBPS
    echo "application/epub+zip" > mimetype
-    manual="$dst/nixpkgs-manual.epub"
-    zip -0Xq "$manual" mimetype
-    cd $dst/epub && zip -Xr9D "$manual" *
-    rm -rf $dst/epub
+    zip -0Xq  "$dst/Nixpkgs Contributors Guide - NixOS community.epub" mimetype
+    zip -Xr9D "$dst/Nixpkgs Contributors Guide - NixOS community.epub" $dst/epub/*
  '';
 }
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -8,235 +8,177 @@
  The nixpkgs repository has several utility functions to manipulate Nix expressions.
 </para>

-<section xml:id="sec-overrides">
-  <title>Overriding</title>
+<section xml:id="sec-pkgs-overridePackages">
+  <title>pkgs.overridePackages</title>

  <para>
-    Sometimes one wants to override parts of
-    <literal>nixpkgs</literal>, e.g. derivation attributes, the results of
-    derivations or even the whole package set.
+    This function inside the nixpkgs expression (<varname>pkgs</varname>)
+    can be used to override the set of packages itself.
+  </para>
+  <para>
+    Warning: this function is expensive and must not be used from within
+    the nixpkgs repository.
+  </para>
+  <para>
+    Example usage:
+
+    <programlisting>let
+  pkgs = import &lt;nixpkgs&gt; {};
+  newpkgs = pkgs.overridePackages (self: super: {
+    foo = super.foo.override { ... };
+  };
+in ...</programlisting>
  </para>

-  <section xml:id="sec-pkg-override">
-    <title>&lt;pkg&gt;.override</title>
+  <para>
+    The resulting <varname>newpkgs</varname> will have the new <varname>foo</varname>
+    expression, and all other expressions depending on <varname>foo</varname> will also
+    use the new <varname>foo</varname> expression.
+  </para>

-    <para>
-      The function <varname>override</varname> is usually available for all the
-      derivations in the nixpkgs expression (<varname>pkgs</varname>).
-    </para>
-    <para>
-      It is used to override the arguments passed to a function.
-    </para>
-    <para>
-      Example usages:
+  <para>
+    The behavior of this function is similar to <link 
+    linkend="sec-modify-via-packageOverrides">config.packageOverrides</link>.
+  </para>

-      <programlisting>pkgs.foo.override { arg1 = val1; arg2 = val2; ... }</programlisting>
-      <programlisting>import pkgs.path { overlays = [ (self: super: {
-    foo = super.foo.override { barSupport = true ; };
-  })]};</programlisting>
-      <programlisting>mypkg = pkgs.callPackage ./mypkg.nix {
-    mydep = pkgs.mydep.override { ... };
-  }</programlisting>
-    </para>
+  <para>
+    The <varname>self</varname> parameter refers to the final package set with the
+    applied overrides. Using this parameter may lead to infinite recursion if not
+    used consciously.
+  </para>

-    <para>
-      In the first example, <varname>pkgs.foo</varname> is the result of a function call
-      with some default arguments, usually a derivation.
-      Using <varname>pkgs.foo.override</varname> will call the same function with
-      the given new arguments.
-    </para>
-
-  </section>
-
-  <section xml:id="sec-pkg-overrideAttrs">
-    <title>&lt;pkg&gt;.overrideAttrs</title>
-
-    <para>
-      The function <varname>overrideAttrs</varname> allows overriding the
-      attribute set passed to a <varname>stdenv.mkDerivation</varname> call,
-      producing a new derivation based on the original one.
-      This function is available on all derivations produced by the
-      <varname>stdenv.mkDerivation</varname> function, which is most packages
-      in the nixpkgs expression <varname>pkgs</varname>.
-    </para>
-
-    <para>
-      Example usage:
-
-      <programlisting>helloWithDebug = pkgs.hello.overrideAttrs (oldAttrs: rec {
-    separateDebugInfo = true;
-  });</programlisting>
-    </para>
-
-    <para>
-      In the above example, the <varname>separateDebugInfo</varname> attribute is
-      overriden to be true, thus building debug info for
-      <varname>helloWithDebug</varname>, while all other attributes will be
-      retained from the original <varname>hello</varname> package.
-    </para>
-
-    <para>
-      The argument <varname>oldAttrs</varname> is conventionally used to refer to
-      the attr set originally passed to <varname>stdenv.mkDerivation</varname>.
-    </para>
-
-    <note>
-      <para>
-        Note that <varname>separateDebugInfo</varname> is processed only by the
-        <varname>stdenv.mkDerivation</varname> function, not the generated, raw
-        Nix derivation. Thus, using <varname>overrideDerivation</varname> will
-        not work in this case, as it overrides only the attributes of the final
-        derivation. It is for this reason that <varname>overrideAttrs</varname>
-        should be preferred in (almost) all cases to
-        <varname>overrideDerivation</varname>, i.e. to allow using
-        <varname>sdenv.mkDerivation</varname> to process input arguments, as well
-        as the fact that it is easier to use (you can use the same attribute
-        names you see in your Nix code, instead of the ones generated (e.g.
-        <varname>buildInputs</varname> vs <varname>nativeBuildInputs</varname>,
-        and involves less typing.
-      </para>
-    </note>
-
-  </section>
-
-
-  <section xml:id="sec-pkg-overrideDerivation">
-    <title>&lt;pkg&gt;.overrideDerivation</title>
-
-    <warning>
-      <para>You should prefer <varname>overrideAttrs</varname> in almost all
-      cases, see its documentation for the reasons why.
-      <varname>overrideDerivation</varname> is not deprecated and will continue
-      to work, but is less nice to use and does not have as many abilities as
-      <varname>overrideAttrs</varname>.
-      </para>
-    </warning>
-
-    <warning>
-      <para>Do not use this function in Nixpkgs as it evaluates a Derivation
-      before modifying it, which breaks package abstraction and removes
-      error-checking of function arguments. In addition, this
-      evaluation-per-function application incurs a performance penalty,
-      which can become a problem if many overrides are used.
-      It is only intended for ad-hoc customisation, such as in
-      <filename>~/.config/nixpkgs/config.nix</filename>.
-    </para>
-    </warning>
-
-    <para>
-      The function <varname>overrideDerivation</varname> creates a new derivation
-      based on an existing one by overriding the original's attributes with
-      the attribute set produced by the specified function.
-      This function is available on all
-      derivations defined using the <varname>makeOverridable</varname> function.
-      Most standard derivation-producing functions, such as
-      <varname>stdenv.mkDerivation</varname>, are defined using this
-      function, which means most packages in the nixpkgs expression,
-      <varname>pkgs</varname>, have this function.
-    </para>
-
-    <para>
-      Example usage:
-
-      <programlisting>mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
-    name = "sed-4.2.2-pre";
-    src = fetchurl {
-      url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
-      sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k";
-    };
-    patches = [];
-  });</programlisting>
-    </para>
-
-    <para>
-      In the above example, the <varname>name</varname>, <varname>src</varname>,
-      and <varname>patches</varname> of the derivation will be overridden, while
-      all other attributes will be retained from the original derivation.
-    </para>
-
-    <para>
-      The argument <varname>oldAttrs</varname> is used to refer to the attribute set of
-      the original derivation.
-    </para>
-
-    <note>
-      <para>
-        A package's attributes are evaluated *before* being modified by
-        the <varname>overrideDerivation</varname> function.
-        For example, the <varname>name</varname> attribute reference
-        in <varname>url = "mirror://gnu/hello/${name}.tar.gz";</varname>
-        is filled-in *before* the <varname>overrideDerivation</varname> function
-        modifies the attribute set. This means that overriding the
-        <varname>name</varname> attribute, in this example, *will not* change the
-        value of the <varname>url</varname> attribute. Instead, we need to override
-        both the <varname>name</varname> *and* <varname>url</varname> attributes.
-      </para>
-    </note>
-
-  </section>
-
-  <section xml:id="sec-lib-makeOverridable">
-    <title>lib.makeOverridable</title>
-
-    <para>
-      The function <varname>lib.makeOverridable</varname> is used to make the result
-      of a function easily customizable. This utility only makes sense for functions
-      that accept an argument set and return an attribute set.
-    </para>
-
-    <para>
-      Example usage:
-
-      <programlisting>f = { a, b }: { result = a+b; }
-  c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
-
-    </para>
-
-    <para>
-      The variable <varname>c</varname> is the value of the <varname>f</varname> function
-      applied with some default arguments. Hence the value of <varname>c.result</varname>
-      is <literal>3</literal>, in this example.
-    </para>
-
-    <para>
-      The variable <varname>c</varname> however also has some additional functions, like
-      <link linkend="sec-pkg-override">c.override</link> which can be used to
-      override the default arguments. In this example the value of
-      <varname>(c.override { a = 4; }).result</varname> is 6.
-    </para>
-
-  </section>
+  <para>
+    The <varname>super</varname> parameter refers to the old package set.
+    It's equivalent to <varname>pkgs</varname> in the above example.
+  </para>

 </section>

-<section xml:id="sec-generators">
-  <title>Generators</title>
+<section xml:id="sec-pkg-override">
+  <title>&lt;pkg&gt;.override</title>

  <para>
-    Generators are functions that create file formats from nix
-    data structures, e. g. for configuration files.
-    There are generators available for: <literal>INI</literal>,
-    <literal>JSON</literal> and <literal>YAML</literal>
+    The function <varname>override</varname> is usually available for all the
+    derivations in the nixpkgs expression (<varname>pkgs</varname>).
+  </para>
+  <para>
+    It is used to override the arguments passed to a function.
+  </para>
+  <para>
+    Example usages:
+
+    <programlisting>pkgs.foo.override { arg1 = val1; arg2 = val2; ... }</programlisting>
+    <programlisting>pkgs.overridePackages (self: super: {
+  foo = super.foo.override { barSupport = true ; };
+})</programlisting>
+    <programlisting>mypkg = pkgs.callPackage ./mypkg.nix {
+  mydep = pkgs.mydep.override { ... };
+})</programlisting>
  </para>

  <para>
-    All generators follow a similar call interface: <code>generatorName
-    configFunctions data</code>, where <literal>configFunctions</literal> is a
-    set of user-defined functions that format variable parts of the content.
-    They each have common defaults, so often they do not need to be set
-    manually. An example is <code>mkSectionName ? (name: libStr.escape [ "[" "]"
-    ] name)</code> from the <literal>INI</literal> generator. It gets the name
-    of a section and returns a sanitized name. The default
-    <literal>mkSectionName</literal> escapes <literal>[</literal> and
-    <literal>]</literal> with a backslash.
+    In the first example, <varname>pkgs.foo</varname> is the result of a function call
+    with some default arguments, usually a derivation.
+    Using <varname>pkgs.foo.override</varname> will call the same function with
+    the given new arguments.
  </para>

-  <note><para>Nix store paths can be converted to strings by enclosing a
-  derivation attribute like so: <code>"${drv}"</code>.</para></note>
+</section>
+
+<section xml:id="sec-pkg-overrideDerivation">
+  <title>&lt;pkg&gt;.overrideDerivation</title>
+
+  <warning>
+    <para>Do not use this function in Nixpkgs as it evaluates a Derivation
+    before modifying it, which breaks package abstraction and removes
+    error-checking of function arguments. In addition, this
+    evaluation-per-function application incurs a performance penalty,
+    which can become a problem if many overrides are used.
+    It is only intended for ad-hoc customisation, such as in
+    <filename>~/.nixpkgs/config.nix</filename>.
+   </para>
+  </warning>

  <para>
-    Detailed documentation for each generator can be found in
-    <literal>lib/generators.nix</literal>.
+    The function <varname>overrideDerivation</varname> creates a new derivation
+    based on an existing one by overriding the original's attributes with
+    the attribute set produced by the specified function.
+    This function is available on all
+    derivations defined using the <varname>makeOverridable</varname> function.
+    Most standard derivation-producing functions, such as
+    <varname>stdenv.mkDerivation</varname>, are defined using this
+    function, which means most packages in the nixpkgs expression,
+    <varname>pkgs</varname>, have this function.
+  </para> 
+
+  <para>
+    Example usage:
+
+    <programlisting>mySed = pkgs.gnused.overrideDerivation (oldAttrs: {
+  name = "sed-4.2.2-pre";
+  src = fetchurl {
+    url = ftp://alpha.gnu.org/gnu/sed/sed-4.2.2-pre.tar.bz2;
+    sha256 = "11nq06d131y4wmf3drm0yk502d2xc6n5qy82cg88rb9nqd2lj41k";
+  };
+  patches = [];
+});</programlisting>
+  </para>
+
+  <para>
+    In the above example, the <varname>name</varname>, <varname>src</varname>,
+    and <varname>patches</varname> of the derivation will be overridden, while
+    all other attributes will be retained from the original derivation.
+  </para>
+
+  <para>
+    The argument <varname>oldAttrs</varname> is used to refer to the attribute set of
+    the original derivation.
+  </para>
+
+  <note>
+    <para>
+      A package's attributes are evaluated *before* being modified by
+      the <varname>overrideDerivation</varname> function.
+      For example, the <varname>name</varname> attribute reference
+      in <varname>url = "mirror://gnu/hello/${name}.tar.gz";</varname>
+      is filled-in *before* the <varname>overrideDerivation</varname> function
+      modifies the attribute set. This means that overriding the
+      <varname>name</varname> attribute, in this example, *will not* change the
+      value of the <varname>url</varname> attribute. Instead, we need to override
+      both the <varname>name</varname> *and* <varname>url</varname> attributes.
+    </para>
+  </note>
+
+</section>
+
+<section xml:id="sec-lib-makeOverridable">
+  <title>lib.makeOverridable</title>
+
+  <para>
+    The function <varname>lib.makeOverridable</varname> is used to make the result
+    of a function easily customizable. This utility only makes sense for functions
+    that accept an argument set and return an attribute set.
+  </para>
+
+  <para>
+    Example usage:
+
+    <programlisting>f = { a, b }: { result = a+b; }
+c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
+
+  </para>
+
+  <para>
+    The variable <varname>c</varname> is the value of the <varname>f</varname> function
+    applied with some default arguments. Hence the value of <varname>c.result</varname>
+    is <literal>3</literal>, in this example.
+  </para>
+
+  <para>
+    The variable <varname>c</varname> however also has some additional functions, like
+    <link linkend="sec-pkg-override">c.override</link> which can be used to
+    override the default arguments. In this example the value of
+    <varname>(c.override { a = 4; }).result</varname> is 6.
  </para>

 </section>
@@ -353,37 +295,37 @@
 </section>

 <section xml:id="sec-pkgs-dockerTools">
-<title>pkgs.dockerTools</title>
+ <title>pkgs.dockerTools</title>

-<para>
+ <para>
  <varname>pkgs.dockerTools</varname> is a set of functions for creating and
  manipulating Docker images according to the
  <link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#docker-image-specification-v100">
-  Docker Image Specification v1.0.0
+   Docker Image Specification v1.0.0
  </link>. Docker itself is not used to perform any of the operations done by these
  functions.
-</para>
+ </para>

-<warning>
+ <warning>
  <para>
-  The <varname>dockerTools</varname> API is unstable and may be subject to
-  backwards-incompatible changes in the future.
+   The <varname>dockerTools</varname> API is unstable and may be subject to
+   backwards-incompatible changes in the future.
  </para>
-</warning>
+ </warning>

-<section xml:id="ssec-pkgs-dockerTools-buildImage">
+ <section xml:id="ssec-pkgs-dockerTools-buildImage">
  <title>buildImage</title>

  <para>
-  This function is analogous to the <command>docker build</command> command,
-  in that can used to build a Docker-compatible repository tarball containing
-  a single image with one or multiple layers. As such, the result
-  is suitable for being loaded in Docker with <command>docker load</command>.
+   This function is analogous to the <command>docker build</command> command,
+   in that can used to build a Docker-compatible repository tarball containing
+   a single image with one or multiple layers. As such, the result
+   is suitable for being loaded in Docker with <command>docker load</command>.
  </para>

  <para>
-  The parameters of <varname>buildImage</varname> with relative example values are
-  described below:
+   The parameters of <varname>buildImage</varname> with relative example values are
+   described below:
  </para>

  <example xml:id='ex-dockerTools-buildImage'><title>Docker build</title>
@@ -391,11 +333,11 @@
  buildImage {
    name = "redis"; <co xml:id='ex-dockerTools-buildImage-1' />
    tag = "latest"; <co xml:id='ex-dockerTools-buildImage-2' />
-
+    
    fromImage = someBaseImage; <co xml:id='ex-dockerTools-buildImage-3' />
    fromImageName = null; <co xml:id='ex-dockerTools-buildImage-4' />
    fromImageTag = "latest"; <co xml:id='ex-dockerTools-buildImage-5' />
-
+    
    contents = pkgs.redis; <co xml:id='ex-dockerTools-buildImage-6' />
    runAsRoot = '' <co xml:id='ex-dockerTools-buildImage-runAsRoot' />
      #!${stdenv.shell}
@@ -414,147 +356,131 @@
  </example>

  <para>The above example will build a Docker image <literal>redis/latest</literal>
-  from the given base image. Loading and running this image in Docker results in
-  <literal>redis-server</literal> being started automatically.
+   from the given base image. Loading and running this image in Docker results in
+   <literal>redis-server</literal> being started automatically.
  </para>

  <calloutlist>
-  <callout arearefs='ex-dockerTools-buildImage-1'>
+   <callout arearefs='ex-dockerTools-buildImage-1'>
    <para>
-    <varname>name</varname> specifies the name of the resulting image.
-    This is the only required argument for <varname>buildImage</varname>.
+     <varname>name</varname> specifies the name of the resulting image.
+     This is the only required argument for <varname>buildImage</varname>.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-2'>
+   <callout arearefs='ex-dockerTools-buildImage-2'>
    <para>
-    <varname>tag</varname> specifies the tag of the resulting image.
-    By default it's <literal>latest</literal>.
+     <varname>tag</varname> specifies the tag of the resulting image.
+     By default it's <literal>latest</literal>.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-3'>
+   <callout arearefs='ex-dockerTools-buildImage-3'>
    <para>
-    <varname>fromImage</varname> is the repository tarball containing the base image.
-    It must be a valid Docker image, such as exported by <command>docker save</command>.
-    By default it's <literal>null</literal>, which can be seen as equivalent
-    to <literal>FROM scratch</literal> of a <filename>Dockerfile</filename>.
+     <varname>fromImage</varname> is the repository tarball containing the base image.
+     It must be a valid Docker image, such as exported by <command>docker save</command>.
+     By default it's <literal>null</literal>, which can be seen as equivalent
+     to <literal>FROM scratch</literal> of a <filename>Dockerfile</filename>.
    </para>
-  </callout>
-
-  <callout arearefs='ex-dockerTools-buildImage-4'>
+   </callout>
+   
+   <callout arearefs='ex-dockerTools-buildImage-4'>
    <para>
-    <varname>fromImageName</varname> can be used to further specify
-    the base image within the repository, in case it contains multiple images.
-    By default it's <literal>null</literal>, in which case
-    <varname>buildImage</varname> will peek the first image available
-    in the repository.
+     <varname>fromImageName</varname> can be used to further specify
+     the base image within the repository, in case it contains multiple images.
+     By default it's <literal>null</literal>, in which case
+     <varname>buildImage</varname> will peek the first image available
+     in the repository.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-5'>
+   <callout arearefs='ex-dockerTools-buildImage-5'>
    <para>
-    <varname>fromImageTag</varname> can be used to further specify the tag
-    of the base image within the repository, in case an image contains multiple tags.
-    By default it's <literal>null</literal>, in which case
-    <varname>buildImage</varname> will peek the first tag available for the base image.
+     <varname>fromImageTag</varname> can be used to further specify the tag
+     of the base image within the repository, in case an image contains multiple tags.
+     By default it's <literal>null</literal>, in which case
+     <varname>buildImage</varname> will peek the first tag available for the base image.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-6'>
+   <callout arearefs='ex-dockerTools-buildImage-6'>
    <para>
-    <varname>contents</varname> is a derivation that will be copied in the new
-    layer of the resulting image. This can be similarly seen as
-    <command>ADD contents/ /</command> in a <filename>Dockerfile</filename>.
-    By default it's <literal>null</literal>.
+     <varname>contents</varname> is a derivation that will be copied in the new
+     layer of the resulting image. This can be similarly seen as
+     <command>ADD contents/ /</command> in a <filename>Dockerfile</filename>.
+     By default it's <literal>null</literal>.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-runAsRoot'>
+   <callout arearefs='ex-dockerTools-buildImage-runAsRoot'>
    <para>
-    <varname>runAsRoot</varname> is a bash script that will run as root
-    in an environment that overlays the existing layers of the base image with
-    the new resulting layer, including the previously copied
-    <varname>contents</varname> derivation.
-    This can be similarly seen as
-    <command>RUN ...</command> in a <filename>Dockerfile</filename>.
-
-    <note>
+     <varname>runAsRoot</varname> is a bash script that will run as root
+     in an environment that overlays the existing layers of the base image with
+     the new resulting layer, including the previously copied
+     <varname>contents</varname> derivation.
+     This can be similarly seen as
+     <command>RUN ...</command> in a <filename>Dockerfile</filename>.
+     
+     <note>
      <para>
-      Using this parameter requires the <literal>kvm</literal>
-      device to be available.
+       Using this parameter requires the <literal>kvm</literal>
+       device to be available.
      </para>
-    </note>
+     </note>
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-buildImage-8'>
+   <callout arearefs='ex-dockerTools-buildImage-8'>
    <para>
-    <varname>config</varname> is used to specify the configuration of the
-    containers that will be started off the built image in Docker.
-    The available options are listed in the
-    <link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#container-runconfig-field-descriptions">
+     <varname>config</varname> is used to specify the configuration of the
+     containers that will be started off the built image in Docker.
+     The available options are listed in the
+     <link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#container-runconfig-field-descriptions">
      Docker Image Specification v1.0.0
-    </link>.
+     </link>.
    </para>
-  </callout>
+   </callout>

  </calloutlist>

  <para>
-  After the new layer has been created, its closure
-  (to which <varname>contents</varname>, <varname>config</varname> and
-  <varname>runAsRoot</varname> contribute) will be copied in the layer itself.
-  Only new dependencies that are not already in the existing layers will be copied.
+   After the new layer has been created, its closure
+   (to which <varname>contents</varname>, <varname>config</varname> and
+   <varname>runAsRoot</varname> contribute) will be copied in the layer itself.
+   Only new dependencies that are not already in the existing layers will be copied.
  </para>

  <para>
-  At the end of the process, only one new single layer will be produced and
-  added to the resulting image.
+   At the end of the process, only one new single layer will be produced and
+   added to the resulting image.
  </para>

  <para>
-  The resulting repository will only list the single image
-  <varname>image/tag</varname>. In the case of <xref linkend='ex-dockerTools-buildImage'/>
-  it would be <varname>redis/latest</varname>.
+   The resulting repository will only list the single image
+   <varname>image/tag</varname>. In the case of <xref linkend='ex-dockerTools-buildImage'/>
+   it would be <varname>redis/latest</varname>.
  </para>

  <para>
-  It is possible to inspect the arguments with which an image was built
-  using its <varname>buildArgs</varname> attribute.
+   It is possible to inspect the arguments with which an image was built
+   using its <varname>buildArgs</varname> attribute.
  </para>

+ </section>

-
-  <note>
-  <para>
-  If you see errors similar to <literal>getProtocolByName: does not exist (no such protocol name: tcp)</literal>
-  you may need to add <literal>pkgs.iana_etc</literal> to <varname>contents</varname>.
-  </para>
-  </note>
-
-  <note>
-  <para>
-  If you see errors similar to <literal>Error_Protocol ("certificate has unknown CA",True,UnknownCa)</literal>
-  you may need to add <literal>pkgs.cacert</literal> to <varname>contents</varname>.
-  </para>
-  </note>
-
-</section>
-
-<section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
+ <section xml:id="ssec-pkgs-dockerTools-fetchFromRegistry">
  <title>pullImage</title>

  <para>
-  This function is analogous to the <command>docker pull</command> command,
-  in that can be used to fetch a Docker image from a Docker registry.
-  Currently only registry <literal>v1</literal> is supported.
-  By default <link xlink:href="https://hub.docker.com/">Docker Hub</link>
-  is used to pull images.
+   This function is analogous to the <command>docker pull</command> command,
+   in that can be used to fetch a Docker image from a Docker registry.
+   Currently only registry <literal>v1</literal> is supported.
+   By default <link xlink:href="https://hub.docker.com/">Docker Hub</link>
+   is used to pull images.
  </para>

  <para>
-  Its parameters are described in the example below:
+   Its parameters are described in the example below:
  </para>

  <example xml:id='ex-dockerTools-pullImage'><title>Docker pull</title>
@@ -572,73 +498,73 @@
  </example>

  <calloutlist>
-  <callout arearefs='ex-dockerTools-pullImage-1'>
+   <callout arearefs='ex-dockerTools-pullImage-1'>
    <para>
-    <varname>imageName</varname> specifies the name of the image to be downloaded,
-    which can also include the registry namespace (e.g. <literal>library/debian</literal>).
-    This argument is required.
+     <varname>imageName</varname> specifies the name of the image to be downloaded,
+     which can also include the registry namespace (e.g. <literal>library/debian</literal>).
+     This argument is required.
    </para>
-  </callout>
-
-  <callout arearefs='ex-dockerTools-pullImage-2'>
+   </callout>
+   
+   <callout arearefs='ex-dockerTools-pullImage-2'>
    <para>
-    <varname>imageTag</varname> specifies the tag of the image to be downloaded.
-    By default it's <literal>latest</literal>.
+     <varname>imageTag</varname> specifies the tag of the image to be downloaded.
+     By default it's <literal>latest</literal>.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-pullImage-3'>
+   <callout arearefs='ex-dockerTools-pullImage-3'>
    <para>
-    <varname>imageId</varname>, if specified this exact image will be fetched, instead
-    of <varname>imageName/imageTag</varname>. However, the resulting repository
-    will still be named <varname>imageName/imageTag</varname>.
-    By default it's <literal>null</literal>.
+     <varname>imageId</varname>, if specified this exact image will be fetched, instead
+     of <varname>imageName/imageTag</varname>. However, the resulting repository
+     will still be named <varname>imageName/imageTag</varname>.
+     By default it's <literal>null</literal>.
    </para>
-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-pullImage-4'>
+   <callout arearefs='ex-dockerTools-pullImage-4'>
    <para>
-    <varname>sha256</varname> is the checksum of the whole fetched image.
-    This argument is required.
+     <varname>sha256</varname> is the checksum of the whole fetched image.
+     This argument is required.
    </para>

    <note>
-    <para>The checksum is computed on the unpacked directory, not on the final tarball.</para>
+     <para>The checksum is computed on the unpacked directory, not on the final tarball.</para>
    </note>

-  </callout>
+   </callout>

-  <callout arearefs='ex-dockerTools-pullImage-5'>
+   <callout arearefs='ex-dockerTools-pullImage-5'>
    <para>
-    In the above example the default values are shown for the variables
-    <varname>indexUrl</varname> and <varname>registryVersion</varname>.
-    Hence by default the Docker.io registry is used to pull the images.
+     In the above example the default values are shown for the variables
+     <varname>indexUrl</varname> and <varname>registryVersion</varname>.
+     Hence by default the Docker.io registry is used to pull the images.
    </para>
-  </callout>
+   </callout>
  </calloutlist>
-
-</section>
-
-<section xml:id="ssec-pkgs-dockerTools-exportImage">
+   
+ </section>
+  
+ <section xml:id="ssec-pkgs-dockerTools-exportImage">
  <title>exportImage</title>

  <para>
-  This function is analogous to the <command>docker export</command> command,
-  in that can used to flatten a Docker image that contains multiple layers.
-  It is in fact the result of the merge of all the layers of the image.
-  As such, the result is suitable for being imported in Docker
-  with <command>docker import</command>.
+   This function is analogous to the <command>docker export</command> command,
+   in that can used to flatten a Docker image that contains multiple layers.
+   It is in fact the result of the merge of all the layers of the image.
+   As such, the result is suitable for being imported in Docker
+   with <command>docker import</command>.
  </para>

  <note>
-  <para>
+   <para>
    Using this function requires the <literal>kvm</literal>
    device to be available.
-  </para>
+   </para>
  </note>

  <para>
-  The parameters of <varname>exportImage</varname> are the following:
+   The parameters of <varname>exportImage</varname> are the following:
  </para>

  <example xml:id='ex-dockerTools-exportImage'><title>Docker export</title>
@@ -647,35 +573,35 @@
    fromImage = someLayeredImage;
    fromImageName = null;
    fromImageTag = null;
-
+    
    name = someLayeredImage.name;
  }
  </programlisting>
  </example>

  <para>
-  The parameters relative to the base image have the same synopsis as
-  described in <xref linkend='ssec-pkgs-dockerTools-buildImage'/>, except that
-  <varname>fromImage</varname> is the only required argument in this case.
+   The parameters relative to the base image have the same synopsis as
+   described in <xref linkend='ssec-pkgs-dockerTools-buildImage'/>, except that
+   <varname>fromImage</varname> is the only required argument in this case.
  </para>

  <para>
-  The <varname>name</varname> argument is the name of the derivation output,
-  which defaults to <varname>fromImage.name</varname>.
+   The <varname>name</varname> argument is the name of the derivation output,
+   which defaults to <varname>fromImage.name</varname>.
  </para>
-</section>
+ </section>

-<section xml:id="ssec-pkgs-dockerTools-shadowSetup">
+ <section xml:id="ssec-pkgs-dockerTools-shadowSetup">
  <title>shadowSetup</title>

  <para>
-  This constant string is a helper for setting up the base files for managing
-  users and groups, only if such files don't exist already.
-  It is suitable for being used in a
-  <varname>runAsRoot</varname> <xref linkend='ex-dockerTools-buildImage-runAsRoot'/> script for cases like
-  in the example below:
+   This constant string is a helper for setting up the base files for managing
+   users and groups, only if such files don't exist already.
+   It is suitable for being used in a
+   <varname>runAsRoot</varname> <xref linkend='ex-dockerTools-buildImage-runAsRoot'/> script for cases like
+   in the example below:
  </para>
-
+  
  <example xml:id='ex-dockerTools-shadowSetup'><title>Shadow base files</title>
  <programlisting>
  buildImage {
@@ -694,13 +620,13 @@
  </example>

  <para>
-  Creating base files like <literal>/etc/passwd</literal> or
-  <literal>/etc/login.defs</literal> are necessary for shadow-utils to
-  manipulate users and groups.
+   Creating base files like <literal>/etc/passwd</literal> or
+   <literal>/etc/login.defs</literal> are necessary for shadow-utils to
+   manipulate users and groups.
  </para>
-
-</section>
-
+  
+ </section>
+ 
 </section>

 </chapter>
--- a/doc/languages-frameworks/beam.xml
+++ b/doc/languages-frameworks/beam.xml
@@ -248,7 +248,7 @@ $ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA beamPackages.ibrowse
      development. Many times we need to create a
      <literal>shell.nix</literal> file and do our development inside
      of the environment specified by that file. This file looks a lot
-      like the packaging described above. The main difference is that
+      like the packageing described above. The main difference is that
      <literal>src</literal> points to project root and we call the
      package directly.
    </para>
--- a/doc/languages-frameworks/haskell.md
+++ b/doc/languages-frameworks/haskell.md
@@ -195,7 +195,7 @@ its normal core packages:
        mtl-2.2.1

 This function allows users to define their own development environment by means
-of an override. After adding the following snippet to `~/.config/nixpkgs/config.nix`,
+of an override. After adding the following snippet to `~/.nixpkgs/config.nix`,

    {
      packageOverrides = super: let self = super.pkgs; in
@@ -383,7 +383,7 @@ You can select a particular GHC version to compile with by setting the
 Stack choose what GHC version it wants based on the snapshot specified
 in `stack.yaml` (only works with Stack >= 1.1.3):

-    {nixpkgs ? import <nixpkgs> { }, ghc ? nixpkgs.ghc}:
+    {nixpkgs ? import <nixpkgs> { }, ghc ? nixpkgs.ghc}

    with nixpkgs;

@@ -522,7 +522,7 @@ file with `cabal2nix`:
    $ cd ~/src/foo && cabal2nix . >default.nix
    $ cd ~/src/bar && cabal2nix . >default.nix

-Then edit your `~/.config/nixpkgs/config.nix` file to register those builds in the
+Then edit your `~/.nixpkgs/config.nix` file to register those builds in the
 default Haskell package set:

      {
@@ -554,7 +554,7 @@ Every Haskell package set takes a function called `overrides` that you can use
 to manipulate the package as much as you please. One useful application of this
 feature is to replace the default `mkDerivation` function with one that enables
 library profiling for all packages. To accomplish that, add configure the
-following snippet in your `~/.config/nixpkgs/config.nix` file:
+following snippet in your `~/.nixpkgs/config.nix` file:

    {
      packageOverrides = super: let self = super.pkgs; in
@@ -583,7 +583,7 @@ The first step is to generate Nix build instructions with `cabal2nix`:

    $ cabal2nix cabal://ghc-events-0.4.3.0 >~/.nixpkgs/ghc-events-0.4.3.0.nix

-Then add the override in `~/.config/nixpkgs/config.nix`:
+Then add the override in `~/.nixpkgs/config.nix`:

    {
      packageOverrides = super: let self = super.pkgs; in
@@ -793,64 +793,6 @@ It's important to realize, however, that most system libraries in Nix are built
 as shared libraries only, i.e. there is just no static library available that
 Cabal could link!

-### Building GHC with integer-simple
-
-By default GHC implements the Integer type using the
-[GNU Multiple Precision Arithmetic (GMP) library](https://gmplib.org/).
-The implementation can be found in the
-[integer-gmp](http://hackage.haskell.org/package/integer-gmp) package.
-
-A potential problem with this is that GMP is licensed under the
-[GNU Lesser General Public License (LGPL)](http://www.gnu.org/copyleft/lesser.html),
-a kind of "copyleft" license. According to the terms of the LGPL, paragraph 5,
-you may distribute a program that is designed to be compiled and dynamically
-linked with the library under the terms of your choice (i.e., commercially) but
-if your program incorporates portions of the library, if it is linked
-statically, then your program is a "derivative"--a "work based on the
-library"--and according to paragraph 2, section c, you "must cause the whole of
-the work to be licensed" under the terms of the LGPL (including for free).
-
-The LGPL licensing for GMP is a problem for the overall licensing of binary
-programs compiled with GHC because most distributions (and builds) of GHC use
-static libraries. (Dynamic libraries are currently distributed only for OS X.)
-The LGPL licensing situation may be worse: even though
-[The Glasgow Haskell Compiler License](https://www.haskell.org/ghc/license)
-is essentially a "free software" license (BSD3), according to
-paragraph 2 of the LGPL, GHC must be distributed under the terms of the LGPL!
-
-To work around these problems GHC can be build with a slower but LGPL-free
-alternative implemention for Integer called
-[integer-simple](http://hackage.haskell.org/package/integer-simple).
-
-To get a GHC compiler build with `integer-simple` instead of `integer-gmp` use
-the attribute: `pkgs.haskell.compiler.integer-simple."${ghcVersion}"`.
-For example:
-
-    $ nix-build -E '(import <nixpkgs> {}).pkgs.haskell.compiler.integer-simple.ghc802'
-    ...
-    $ result/bin/ghc-pkg list | grep integer
-        integer-simple-0.1.1.1
-
-The following command displays the complete list of GHC compilers build with `integer-simple`:
-
-    $ nix-env -f "<nixpkgs>" -qaP -A haskell.compiler.integer-simple
-    haskell.compiler.integer-simple.ghc7102  ghc-7.10.2
-    haskell.compiler.integer-simple.ghc7103  ghc-7.10.3
-    haskell.compiler.integer-simple.ghc722   ghc-7.2.2
-    haskell.compiler.integer-simple.ghc742   ghc-7.4.2
-    haskell.compiler.integer-simple.ghc763   ghc-7.6.3
-    haskell.compiler.integer-simple.ghc783   ghc-7.8.3
-    haskell.compiler.integer-simple.ghc784   ghc-7.8.4
-    haskell.compiler.integer-simple.ghc801   ghc-8.0.1
-    haskell.compiler.integer-simple.ghc802   ghc-8.0.2
-    haskell.compiler.integer-simple.ghcHEAD  ghc-8.1.20170106
-
-To get a package set supporting `integer-simple` use the attribute:
-`pkgs.haskell.packages.integer-simple."${ghcVersion}"`. For example
-use the following to get the `scientific` package build with `integer-simple`:
-
-    $ nix-build -A pkgs.haskell.packages.integer-simple.ghc802.scientific
-

 ## Other resources

--- a/doc/languages-frameworks/index.xml
+++ b/doc/languages-frameworks/index.xml
@@ -21,15 +21,12 @@ such as Perl or Haskell.  These are described in this chapter.</para>
 <xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md  -->
 <xi:include href="java.xml" />
 <xi:include href="lua.xml" />
-<xi:include href="node.xml" /> <!-- generated from ../../pkgs/development/node-packages/README.md  -->
 <xi:include href="perl.xml" />
 <xi:include href="python.xml" />
 <xi:include href="qt.xml" />
 <xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md  -->
 <xi:include href="ruby.xml" />
-<xi:include href="rust.xml" />
 <xi:include href="texlive.xml" />
-<xi:include href="vim.xml" />


 </chapter>
--- a/doc/languages-frameworks/perl.xml
+++ b/doc/languages-frameworks/perl.xml
@@ -157,16 +157,16 @@ expression on standard output.  For example:

 <screen>
 $ nix-generate-from-cpan XML::Simple
-  XMLSimple = buildPerlPackage rec {
-    name = "XML-Simple-2.22";
+  XMLSimple = buildPerlPackage {
+    name = "XML-Simple-2.20";
    src = fetchurl {
-      url = "mirror://cpan/authors/id/G/GR/GRANTM/${name}.tar.gz";
-      sha256 = "b9450ef22ea9644ae5d6ada086dc4300fa105be050a2030ebd4efd28c198eb49";
+      url = mirror://cpan/authors/id/G/GR/GRANTM/XML-Simple-2.20.tar.gz;
+      sha256 = "5cff13d0802792da1eb45895ce1be461903d98ec97c9c953bc8406af7294434a";
    };
    propagatedBuildInputs = [ XMLNamespaceSupport XMLSAX XMLSAXExpat ];
    meta = {
-      description = "An API for simple XML files";
-      license = with stdenv.lib.licenses; [ artistic1 gpl1Plus ];
+      description = "Easily read/write XML (esp config files)";
+      license = "perl";
    };
  };
 </screen>
--- a/doc/languages-frameworks/python.md
+++ b/doc/languages-frameworks/python.md
@@ -74,6 +74,7 @@ can do is write a simple Nix expression which sets up an environment for you,
 requiring you only to type `nix-shell`. Say we want to have Python 3.5, `numpy`
 and `toolz`, like before, in an environment. With a `shell.nix` file
 containing
+
 ```nix
 with import <nixpkgs> {};

@@ -96,29 +97,26 @@ We will first have a look at how Python packages are packaged on Nix. Then, we w

 #### Python packaging on Nix

-On Nix all packages are built by functions. The main function in Nix for building Python packages is [`buildPythonPackage`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/interpreters/python/build-python-package.nix).
+On Nix all packages are built by functions. The main function in Nix for building Python packages is [`buildPythonPackage`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/python-modules/generic/default.nix).
 Let's see how we would build the `toolz` package. According to [`python-packages.nix`](https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/python-packages.nix) `toolz` is build using

 ```nix
-{ # ...
+toolz = buildPythonPackage rec{
+  name = "toolz-${version}";
+  version = "0.7.4";

-  toolz = buildPythonPackage rec {
-    name = "toolz-${version}";
-    version = "0.7.4";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
-      sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
-    };
-
-    meta = {
-      homepage = "http://github.com/pytoolz/toolz/";
-      description = "List processing tools and functional utilities";
-      license = licenses.bsd3;
-      maintainers = with maintainers; [ fridh ];
-    };
+  src = pkgs.fetchurl{
+    url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
+    sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
  };
-}
+
+  meta = {
+    homepage = "http://github.com/pytoolz/toolz/";
+    description = "List processing tools and functional utilities";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ fridh ];
+  };
+};
 ```

 What happens here? The function `buildPythonPackage` is called and as argument
@@ -131,7 +129,7 @@ specify some (optional) [meta information](http://nixos.org/nixpkgs/manual/#chap

 The output of the function is a derivation, which is an attribute with the name
 `toolz` of the set `pythonPackages`. Actually, sets are created for all interpreter versions,
-so e.g. `python27Packages`, `python35Packages` and `pypyPackages`.
+so `python27Packages`, `python34Packages`, `python35Packages` and `pypyPackages`.

 The above example works when you're directly working on
 `pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though,
@@ -143,15 +141,13 @@ with import <nixpkgs> {};

 pkgs.python35Packages.buildPythonPackage rec {
  name = "toolz-${version}";
-  version = "0.8.0";
+  version = "0.7.4";

-  src = pkgs.fetchurl {
+  src = pkgs.fetchurl{
    url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
-    sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
+    sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
  };

-  doCheck = false;
-
  meta = {
    homepage = "http://github.com/pytoolz/toolz/";
    description = "List processing tools and functional utilities";
@@ -174,18 +170,18 @@ with import <nixpkgs> {};
 ( let
    toolz = pkgs.python35Packages.buildPythonPackage rec {
      name = "toolz-${version}";
-      version = "0.8.0";
+      version = "0.7.4";

-      src = pkgs.fetchurl {
+      src = pkgs.fetchurl{
        url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
-        sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
+        sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
      };

-      doCheck = false;
-
      meta = {
        homepage = "http://github.com/pytoolz/toolz/";
        description = "List processing tools and functional utilities";
+        license = licenses.bsd3;
+        maintainers = with maintainers; [ fridh ];
      };
    };

@@ -217,28 +213,25 @@ The following example shows which arguments are given to `buildPythonPackage` in
 order to build [`datashape`](https://github.com/blaze/datashape).

 ```nix
-{ # ...
+datashape = buildPythonPackage rec {
+  name = "datashape-${version}";
+  version = "0.4.7";

-  datashape = buildPythonPackage rec {
-    name = "datashape-${version}";
-    version = "0.4.7";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/D/DataShape/${name}.tar.gz";
-      sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
-    };
-
-    buildInputs = with self; [ pytest ];
-    propagatedBuildInputs = with self; [ numpy multipledispatch dateutil ];
-
-    meta = {
-      homepage = https://github.com/ContinuumIO/datashape;
-      description = "A data description language";
-      license = licenses.bsd2;
-      maintainers = with maintainers; [ fridh ];
-    };
+  src = pkgs.fetchurl {
+    url = "mirror://pypi/D/DataShape/${name}.tar.gz";
+    sha256 = "14b2ef766d4c9652ab813182e866f493475e65e558bed0822e38bf07bba1a278";
  };
-}
+
+  buildInputs = with self; [ pytest ];
+  propagatedBuildInputs = with self; [ numpy multipledispatch dateutil ];
+
+  meta = {
+    homepage = https://github.com/ContinuumIO/datashape;
+    description = "A data description language";
+    license = licenses.bsd2;
+    maintainers = with maintainers; [ fridh ];
+  };
+};
 ```

 We can see several runtime dependencies, `numpy`, `multipledispatch`, and
@@ -252,26 +245,23 @@ Python bindings to `libxml2` and `libxslt`. These libraries are only required
 when building the bindings and are therefore added as `buildInputs`.

 ```nix
-{ # ...
+lxml = buildPythonPackage rec {
+  name = "lxml-3.4.4";

-  lxml = buildPythonPackage rec {
-    name = "lxml-3.4.4";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/l/lxml/${name}.tar.gz";
-      sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
-    };
-
-    buildInputs = with self; [ pkgs.libxml2 pkgs.libxslt ];
-
-    meta = {
-      description = "Pythonic binding for the libxml2 and libxslt libraries";
-      homepage = http://lxml.de;
-      license = licenses.bsd3;
-      maintainers = with maintainers; [ sjourdois ];
-    };
+  src = pkgs.fetchurl {
+    url = "mirror://pypi/l/lxml/${name}.tar.gz";
+    sha256 = "16a0fa97hym9ysdk3rmqz32xdjqmy4w34ld3rm3jf5viqjx65lxk";
  };
-}
+
+  buildInputs = with self; [ pkgs.libxml2 pkgs.libxslt ];
+
+  meta = {
+    description = "Pythonic binding for the libxml2 and libxslt libraries";
+    homepage = http://lxml.de;
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ sjourdois ];
+  };
+};
 ```

 In this example `lxml` and Nix are able to work out exactly where the relevant
@@ -285,50 +275,50 @@ find each of them in a different folder, and therefore we have to set `LDFLAGS`
 and `CFLAGS`.

 ```nix
-{ # ...
+pyfftw = buildPythonPackage rec {
+  name = "pyfftw-${version}";
+  version = "0.9.2";

-  pyfftw = buildPythonPackage rec {
-    name = "pyfftw-${version}";
-    version = "0.9.2";
-
-    src = pkgs.fetchurl {
-      url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
-      sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
-    };
-
-    buildInputs = [ pkgs.fftw pkgs.fftwFloat pkgs.fftwLongDouble];
-
-    propagatedBuildInputs = with self; [ numpy scipy ];
-
-    # Tests cannot import pyfftw. pyfftw works fine though.
-    doCheck = false;
-
-    preConfigure = ''
-      export LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib"
-      export CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include"
-    '';
-
-    meta = {
-      description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
-      homepage = http://hgomersall.github.com/pyFFTW/;
-      license = with licenses; [ bsd2 bsd3 ];
-      maintainer = with maintainers; [ fridh ];
-    };
+  src = pkgs.fetchurl {
+    url = "mirror://pypi/p/pyFFTW/pyFFTW-${version}.tar.gz";
+    sha256 = "f6bbb6afa93085409ab24885a1a3cdb8909f095a142f4d49e346f2bd1b789074";
  };
-}
+
+  buildInputs = [ pkgs.fftw pkgs.fftwFloat pkgs.fftwLongDouble];
+
+  propagatedBuildInputs = with self; [ numpy scipy ];
+
+  # Tests cannot import pyfftw. pyfftw works fine though.
+  doCheck = false;
+
+  LDFLAGS="-L${pkgs.fftw.dev}/lib -L${pkgs.fftwFloat.out}/lib -L${pkgs.fftwLongDouble.out}/lib"
+  CFLAGS="-I${pkgs.fftw.dev}/include -I${pkgs.fftwFloat.dev}/include -I${pkgs.fftwLongDouble.dev}/include"
+  '';
+
+  meta = {
+    description = "A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms";
+    homepage = http://hgomersall.github.com/pyFFTW/;
+    license = with licenses; [ bsd2 bsd3 ];
+    maintainer = with maintainers; [ fridh ];
+  };
+};
 ```
 Note also the line `doCheck = false;`, we explicitly disabled running the test-suite.


 #### Develop local package

-As a Python developer you're likely aware of [development mode](http://setuptools.readthedocs.io/en/latest/setuptools.html#development-mode) (`python setup.py develop`);
+As a Python developer you're likely aware of [development mode](http://pythonhosted.org/setuptools/setuptools.html#development-mode) (`python setup.py develop`);
 instead of installing the package this command creates a special link to the project code.
 That way, you can run updated code without having to reinstall after each and every change you make.
-Development mode is also available. Let's see how you can use it.
+Development mode is also available on Nix as [explained](http://nixos.org/nixpkgs/manual/#ssec-python-development) in the Nixpkgs manual.
+Let's see how you can use it.

 In the previous Nix expression the source was fetched from an url. We can also refer to a local source instead using
-`src = ./path/to/source/tree;`
+
+```nix
+src = ./path/to/source/tree;
+```

 If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src`
 is a local source, and if the local source has a `setup.py`, then development
@@ -347,7 +337,7 @@ buildPythonPackage rec {
  name = "mypackage";
  src = ./path/to/package/source;
  propagatedBuildInputs = [ pytest numpy pkgs.libsndfile ];
-}
+};
 ```

 It is important to note that due to how development mode is implemented on Nix it is not possible to have multiple packages simultaneously in development mode.
@@ -380,7 +370,7 @@ buildPythonPackage rec {
  name = "toolz-${version}";
  version = "0.7.4";

-  src = pkgs.fetchurl {
+  src = pkgs.fetchurl{
    url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
    sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
  };
@@ -391,7 +381,7 @@ buildPythonPackage rec {
    license = licenses.bsd3;
    maintainers = with maintainers; [ fridh ];
  };
-}
+};
 ```

 It takes two arguments, `pkgs` and `buildPythonPackage`.
@@ -401,10 +391,7 @@ We now call this function using `callPackage` in the definition of our environme
 with import <nixpkgs> {};

 ( let
-    toolz = pkgs.callPackage /path/to/toolz/release.nix {
-      pkgs = pkgs;
-      buildPythonPackage = pkgs.python35Packages.buildPythonPackage;
-    };
+    toolz = pkgs.callPackage ~/path/to/toolz/release.nix { pkgs=pkgs; buildPythonPackage=pkgs.python35Packages.buildPythonPackage; };
  in pkgs.python35.withPackages (ps: [ ps.numpy toolz ])
 ).env
 ```
@@ -422,21 +409,36 @@ and in this case the `python35` interpreter is automatically used.

 ### Interpreters

-Versions 2.7, 3.3, 3.4, 3.5 and 3.6 of the CPython interpreter are available as
-respectively `python27`, `python33`, `python34`, `python35` and `python36`. The PyPy interpreter
-is available as `pypy`. The aliases `python2` and `python3` correspond to respectively `python27` and
-`python35`. The default interpreter, `python`, maps to `python2`.
-The Nix expressions for the interpreters can be found in
+Versions 2.6, 2.7, 3.3, 3.4 and 3.5 of the CPython interpreter are available on
+Nix and are available as `python26`, `python27`, `python33`, `python34` and
+`python35`. The PyPy interpreter is also available as `pypy`. Currently, the
+aliases `python` and `python3` correspond to respectively `python27` and
+`python35`. The Nix expressions for the interpreters can be found in
 `pkgs/development/interpreters/python`.

+
+#### Missing modules standard library
+
+The interpreters `python26` and `python27` do not include modules that
+require external dependencies. This is done in order to reduce the closure size.
+The following modules need to be added as `buildInput` explicitly:
+
+* `python.modules.bsddb`
+* `python.modules.curses`
+* `python.modules.curses_panel`
+* `python.modules.crypt`
+* `python.modules.gdbm`
+* `python.modules.sqlite3`
+* `python.modules.tkinter`
+* `python.modules.readline`
+
+For convenience `python27Full` and `python26Full` are provided with all
+modules included.
+
 All packages depending on any Python interpreter get appended
 `out/{python.sitePackages}` to `$PYTHONPATH` if such directory
 exists.

-#### Missing `tkinter` module standard library
-
-To reduce closure size the `Tkinter`/`tkinter` is available as a separate package, `pythonPackages.tkinter`.
-
 #### Attributes on interpreters packages

 Each interpreter has the following attributes:
@@ -446,21 +448,18 @@ Each interpreter has the following attributes:
 - `buildEnv`. Function to build python interpreter environments with extra packages bundled together. See section *python.buildEnv function* for usage and documentation.
 - `withPackages`. Simpler interface to `buildEnv`. See section *python.withPackages function* for usage and documentation.
 - `sitePackages`. Alias for `lib/${libPrefix}/site-packages`.
- `executable`. Name of the interpreter executable, e.g. `python3.4`.
- `pkgs`. Set of Python packages for that specific interpreter. The package set can be modified by overriding the interpreter and passing `packageOverrides`.
+- `executable`. Name of the interpreter executable, ie `python3.4`.

 ### Building packages and applications

-Python libraries and applications that use `setuptools` or
-`distutils` are typically build with respectively the `buildPythonPackage` and
-`buildPythonApplication` functions. These two functions also support installing a `wheel`.
+Python packages (libraries) and applications that use `setuptools` or
+`distutils` are typically built with respectively the `buildPythonPackage` and
+`buildPythonApplication` functions.

 All Python packages reside in `pkgs/top-level/python-packages.nix` and all
-applications elsewhere. In case a package is used as both a library and an application,
-then the package should be in `pkgs/top-level/python-packages.nix` since only those packages are made
-available for all interpreter versions. The preferred location for library expressions is in
+applications elsewhere. Some packages are also defined in
 `pkgs/development/python-modules`. It is important that these packages are
-called from `pkgs/top-level/python-packages.nix` and not elsewhere, to guarantee
+called in `pkgs/top-level/python-packages.nix` and not elsewhere, to guarantee
 the right version of the package is built.

 Based on the packages defined in `pkgs/top-level/python-packages.nix` an
@@ -472,42 +471,35 @@ sets are
 * `pkgs.python33Packages`
 * `pkgs.python34Packages`
 * `pkgs.python35Packages`
-* `pkgs.python36Packages`
 * `pkgs.pypyPackages`

 and the aliases

-* `pkgs.python2Packages` pointing to `pkgs.python27Packages`
+* `pkgs.pythonPackages` pointing to `pkgs.python27Packages`
 * `pkgs.python3Packages` pointing to `pkgs.python35Packages`
-* `pkgs.pythonPackages` pointing to `pkgs.python2Packages`

 #### `buildPythonPackage` function

 The `buildPythonPackage` function is implemented in
 `pkgs/development/interpreters/python/build-python-package.nix`

-The following is an example:
-```nix
-{ # ...
+and can be used as:

-  twisted = buildPythonPackage {
-    name = "twisted-8.1.0";
+    twisted = buildPythonPackage {
+      name = "twisted-8.1.0";

-    src = pkgs.fetchurl {
-      url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
-      sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
-    };
+      src = pkgs.fetchurl {
+        url = http://tmrc.mit.edu/mirror/twisted/Twisted/8.1/Twisted-8.1.0.tar.bz2;
+        sha256 = "0q25zbr4xzknaghha72mq57kh53qw1bf8csgp63pm9sfi72qhirl";
+      };

-    propagatedBuildInputs = [ self.ZopeInterface ];
+      propagatedBuildInputs = [ self.ZopeInterface ];

-    meta = {
-      homepage = http://twistedmatrix.com/;
-      description = "Twisted, an event-driven networking engine written in Python";
-      license = stdenv.lib.licenses.mit;
-    };
-  };
-}
-```
+      meta = {
+        homepage = http://twistedmatrix.com/;
+        description = "Twisted, an event-driven networking engine written in Python";
+        license = stdenv.lib.licenses.mit; };
+      };

 The `buildPythonPackage` mainly does four things:

@@ -542,7 +534,7 @@ All parameters from `mkDerivation` function are still supported.
 * `postShellHook`: Hook to execute commands after `shellHook`.
 * `makeWrapperArgs`: A list of strings. Arguments to be passed to `makeWrapper`, which wraps generated binaries. By default, the arguments to `makeWrapper` set `PATH` and `PYTHONPATH` environment variables before calling the binary. Additional arguments here can allow a developer to set environment variables which will be available when the binary is run. For example, `makeWrapperArgs = ["--set FOO BAR" "--set BAZ QUX"]`.
 * `installFlags`: A list of strings. Arguments to be passed to `pip install`. To pass options to `python setup.py install`, use `--install-option`. E.g., `installFlags=["--install-option='--cpp_implementation'"].
-* `format`: Format of the source. Valid options are `setuptools` (default), `flit`, `wheel`, and `other`. `setuptools` is for when the source has a `setup.py` and `setuptools` is used to build a wheel, `flit`, in case `flit` should be used to build a wheel, and `wheel` in case a wheel is provided. In case you need to provide your own `buildPhase` and `installPhase` you can use `other`.
+* `format`: Format of the source. Options are `setup` for when the source has a `setup.py` and `setuptools` is used to build a wheel, and `wheel` in case the source is already a binary wheel. The default value is `setup`.
 * `catchConflicts` If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`.
 * `checkInputs` Dependencies needed for running the `checkPhase`. These are added to `buildInputs` when `doCheck = true`.

@@ -557,32 +549,29 @@ Because with an application we're not interested in multiple version the prefix
 Python environments can be created using the low-level `pkgs.buildEnv` function.
 This example shows how to create an environment that has the Pyramid Web Framework.
 Saving the following as `default.nix`
-```nix
-with import <nixpkgs> {};

-python.buildEnv.override {
-  extraLibs = [ pkgs.pythonPackages.pyramid ];
-  ignoreCollisions = true;
-}
-```
+    with import <nixpkgs> {};
+
+    python.buildEnv.override {
+      extraLibs = [ pkgs.pythonPackages.pyramid ];
+      ignoreCollisions = true;
+    }

 and running `nix-build` will create
-```
-/nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env
-```
+
+    /nix/store/cf1xhjwzmdki7fasgr4kz6di72ykicl5-python-2.7.8-env

 with wrapped binaries in `bin/`.

 You can also use the `env` attribute to create local environments with needed
 packages installed. This is somewhat comparable to `virtualenv`. For example,
 running `nix-shell` with the following `shell.nix`
-```nix
-with import <nixpkgs> {};

-(python3.buildEnv.override {
-  extraLibs = with python3Packages; [ numpy requests2 ];
-}).env
-```
+    with import <nixpkgs> {};
+
+    (python3.buildEnv.override {
+      extraLibs = with python3Packages; [ numpy requests2 ];
+    }).env

 will drop you into a shell where Python will have the
 specified packages in its path.
@@ -597,33 +586,30 @@ specified packages in its path.
 #### python.withPackages function

 The `python.withPackages` function provides a simpler interface to the `python.buildEnv` functionality.
-It takes a function as an argument that is passed the set of python packages and returns the list
+It takes a function as an argument that is passed the set of python packages and returns the list 
 of the packages to be included in the environment. Using the `withPackages` function, the previous
 example for the Pyramid Web Framework environment can be written like this:
-```nix
-with import <nixpkgs> {};

-python.withPackages (ps: [ps.pyramid])
-```
+    with import <nixpkgs> {};

-`withPackages` passes the correct package set for the specific interpreter version as an
+    python.withPackages (ps: [ps.pyramid])
+
+`withPackages` passes the correct package set for the specific interpreter version as an 
 argument to the function. In the above example, `ps` equals `pythonPackages`.
 But you can also easily switch to using python3:
-```nix
-with import <nixpkgs> {};
+    
+    with import <nixpkgs> {};

-python3.withPackages (ps: [ps.pyramid])
-```
+    python3.withPackages (ps: [ps.pyramid])

 Now, `ps` is set to `python3Packages`, matching the version of the interpreter.

 As `python.withPackages` simply uses `python.buildEnv` under the hood, it also supports the `env`
 attribute. The `shell.nix` file from the previous section can thus be also written like this:
-```nix
-with import <nixpkgs> {};

-(python33.withPackages (ps: [ps.numpy ps.requests2])).env
-```
+    with import <nixpkgs> {};
+
+    (python33.withPackages (ps: [ps.numpy ps.requests2])).env

 In contrast to `python.buildEnv`, `python.withPackages` does not support the more advanced options
 such as `ignoreCollisions = true` or `postBuild`. If you need them, you have to use `python.buildEnv`.
@@ -637,24 +623,22 @@ install -e . --prefix $TMPDIR/`for the package.
 Warning: `shellPhase` is executed only if `setup.py` exists.

 Given a `default.nix`:
-```nix
-with import <nixpkgs> {};

-buildPythonPackage { name = "myproject";
+    with import <nixpkgs> {};

-buildInputs = with pkgs.pythonPackages; [ pyramid ];
+    buildPythonPackage { name = "myproject";

-src = ./.; }
-```
+    buildInputs = with pkgs.pythonPackages; [ pyramid ];
+
+    src = ./.; }

 Running `nix-shell` with no arguments should give you
 the environment in which the package would be built with
 `nix-build`.

 Shortcut to setup environments with C headers/libraries and python packages:
-```shell
-nix-shell -p pythonPackages.pyramid zlib libjpeg git
-```
+
+    $ nix-shell -p pythonPackages.pyramid zlib libjpeg git

 Note: There is a boolean value `lib.inNixShell` set to `true` if nix-shell is invoked.

@@ -667,19 +651,6 @@ community to help save time. No tool is preferred at the moment.
 - [pypi2nix](https://github.com/garbas/pypi2nix) by Rok Garbas
 - [pypi2nix](https://github.com/offlinehacker/pypi2nix) by Jaka Hudoklin

-### Deterministic builds
-
-Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
-Minor modifications had to be made to the interpreters in order to generate
-deterministic bytecode. This has security implications and is relevant for
-those using Python in a `nix-shell`.
-
-When the environment variable `DETERMINISTIC_BUILD` is set, all bytecode will have timestamp 1.
-The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` and
-[PYTHONHASHSEED=0](https://docs.python.org/3.5/using/cmdline.html#envvar-PYTHONHASHSEED).
-Both are also exported in `nix-shell`.
-
-
 ## FAQ

 ### How can I install a working Python environment?
@@ -702,7 +673,7 @@ with import <nixpkgs> {};
 pkgs.python35.withPackages (ps: with ps; [ numpy ipython ])
 ```
 and install it in your profile with
-```shell
+```
 nix-env -if build.nix
 ```
 Now you can use the Python interpreter, as well as the extra packages that you added to the environment.
@@ -710,19 +681,15 @@ Now you can use the Python interpreter, as well as the extra packages that you a
 #### Environment defined in `~/.nixpkgs/config.nix`

 If you prefer to, you could also add the environment as a package override to the Nixpkgs set.
-```nix
-{ # ...
-
+```
  packageOverrides = pkgs: with pkgs; {
    myEnv = python35.withPackages (ps: with ps; [ numpy ipython ]);
  };
-}
 ```
 and install it in your profile with
-```shell
+```
 nix-env -iA nixpkgs.myEnv
 ```
-
 We're installing using the attribute path and assume the channels is named `nixpkgs`.
 Note that I'm using the attribute path here.

@@ -731,12 +698,9 @@ Note that I'm using the attribute path here.
 For the sake of completeness, here's another example how to install the environment system-wide.

 ```nix
-{ # ...
-
-  environment.systemPackages = with pkgs; [
-    (python35.withPackages(ps: with ps; [ numpy ipython ]))
-  ];
-}
+environment.systemPackages = with pkgs; [
+  (python35.withPackages(ps: with ps; [ numpy ipython ]))
+];
 ```

 ### How to solve circular dependencies?
@@ -747,54 +711,59 @@ should also be done when packaging `A`.

 ### How to override a Python package?

-We can override the interpreter and pass `packageOverrides`.
-In the following example we rename the `pandas` package and build it.
-```nix
-with import <nixpkgs> {};
-
-let
-  python = let
-    packageOverrides = self: super: {
-      pandas = super.pandas.override {name="foo";};
-    };
-  in pkgs.python35.override {inherit packageOverrides;};
-
-in python.pkgs.pandas
+Recursively updating a package can be done with `pkgs.overridePackages` as explained in the Nixpkgs manual.
+Python attribute sets are created for each interpreter version. We will therefore override the attribute set for the interpreter version we're interested.
+In the following example we change the name of the package `pandas` to `foo`.
+```
+newpkgs = pkgs.overridePackages(self: super: rec {
+  python35Packages = (super.python35Packages.override { self = python35Packages;})
+    // { pandas = super.python35Packages.pandas.override  {name = "foo";};
+  };
+});
+```
+This can be tested with
 ```
-Using `nix-build` on this expression will build the package `pandas`
-but with the new name `foo`.
-
-All packages in the package set will use the renamed package.
-A typical use case is to switch to another version of a certain package.
-For example, in the Nixpkgs repository we have multiple versions of `django` and `scipy`.
-In the following example we use a different version of `scipy` and create an environment that uses it.
-All packages in the Python package set will now use the updated `scipy` version.
-
-```nix
 with import <nixpkgs> {};

-( let
-    packageOverrides = self: super: {
-      scipy = super.scipy_0_17;
-    };
-  in (pkgs.python35.override {inherit packageOverrides;}).withPackages (ps: [ps.blaze])
+(let
+
+newpkgs = pkgs.overridePackages(self: super: rec {
+  python35Packages = (super.python35Packages.override { self = python35Packages;})
+    // { pandas = super.python35Packages.pandas.override  {name = "foo";};
+  };
+});
+in newpkgs.python35.withPackages (ps: [ps.blaze])
 ).env
 ```
-The requested package `blaze` depends on `pandas` which itself depends on `scipy`.
+A typical use case is to switch to another version of a certain package. For example, in the Nixpkgs repository we have multiple versions of `django` and `scipy`.
+In the following example we use a different version of `scipy`. All packages in `newpkgs` will now use the updated `scipy` version.
+```
+with import <nixpkgs> {};

-If you want the whole of Nixpkgs to use your modifications, then you can use `overlays`
-as explained in this manual. In the following example we build a `inkscape` using a different version of `numpy`.
-```nix
-let
-  pkgs = import <nixpkgs> {};
-  newpkgs = import pkgs.path { overlays = [ (pkgsself: pkgssuper: {
-    python27 = let
-      packageOverrides = self: super: {
-        numpy = super.numpy_1_10;
-      };
-    in pkgssuper.python27.override {inherit packageOverrides;};
-  } ) ]; };
-in newpkgs.inkscape
+(let
+
+newpkgs = pkgs.overridePackages(self: super: rec {
+  python35Packages = super.python35Packages.override {
+    self = python35Packages // { scipy = python35Packages.scipy_0_17;};
+  };
+});
+in newpkgs.python35.withPackages (ps: [ps.blaze])
+).env
+```
+The requested package `blaze` depends upon `pandas` which itself depends on `scipy`.
+
+A similar example but now using `django`
+```
+with import <nixpkgs> {};
+
+(let
+
+newpkgs = pkgs.overridePackages(self: super: rec {
+  python27Packages = (super.python27Packages.override {self = python27Packages;})
+    // { django = super.python27Packages.django_1_9; };
+});
+in newpkgs.python27.withPackages (ps: [ps.django_guardian ])
+).env
 ```

 ### `python setup.py bdist_wheel` cannot create .whl
@@ -807,32 +776,32 @@ This is because files are included that depend on items in the Nix store which h
 The command `bdist_wheel` takes into account `SOURCE_DATE_EPOCH`, and `nix-shell` sets this to 1. By setting it to a value corresponding to 1980 or later, or by unsetting it, it is possible to build wheels.

 Use 1980 as timestamp:
-```shell
+```
 nix-shell --run "SOURCE_DATE_EPOCH=315532800 python3 setup.py bdist_wheel"
 ```
 or the current time:
-```shell
+```
 nix-shell --run "SOURCE_DATE_EPOCH=$(date +%s) python3 setup.py bdist_wheel"
 ```
 or unset:
-```shell
+"""
 nix-shell --run "unset SOURCE_DATE_EPOCH; python3 setup.py bdist_wheel"
-```
+"""

 ### `install_data` / `data_files` problems

 If you get the following error:
-```
-could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc':
-Permission denied
-```
-This is a [known bug](https://github.com/pypa/setuptools/issues/130) in `setuptools`.
+
+    could not create '/nix/store/6l1bvljpy8gazlsw2aw9skwwp4pmvyxw-python-2.7.8/etc':
+    Permission denied
+
+This is a [known bug](https://bitbucket.org/pypa/setuptools/issue/130/install_data-doesnt-respect-prefix) in setuptools.
 Setuptools `install_data` does not respect `--prefix`. An example of such package using the feature is `pkgs/tools/X11/xpra/default.nix`.
 As workaround install it as an extra `preInstall` step:
-```shell
-${python.interpreter} setup.py install_data --install-dir=$out --root=$out
-sed -i '/ = data\_files/d' setup.py
-```
+
+    ${python.interpreter} setup.py install_data --install-dir=$out --root=$out
+    sed -i '/ = data\_files/d' setup.py
+

 ###  Rationale of non-existent global site-packages

@@ -849,76 +818,6 @@ If you want to create a Python environment for development, then the recommended
 method is to use `nix-shell`, either with or without the `python.buildEnv`
 function.

-### How to consume python modules using pip in a virtualenv like I am used to on other Operating Systems ?
-
-This is an example of a `default.nix` for a `nix-shell`, which allows to consume a `virtualenv` environment,
-and install python modules through `pip` the traditional way.
-
-Create this `default.nix` file, together with a `requirements.txt` and simply execute `nix-shell`.
-
-```nix
-with import <nixpkgs> {};
-with pkgs.python27Packages;
-
-stdenv.mkDerivation {
-  name = "impurePythonEnv";
-  buildInputs = [
-    # these packages are required for virtualenv and pip to work:
-    #
-    python27Full
-    python27Packages.virtualenv
-    python27Packages.pip
-    # the following packages are related to the dependencies of your python
-    # project.
-    # In this particular example the python modules listed in the
-    # requirements.tx require the following packages to be installed locally
-    # in order to compile any binary extensions they may require.
-    #
-    taglib
-    openssl
-    git
-    libxml2
-    libxslt
-    libzip
-    stdenv
-    zlib ];
-  src = null;
-  shellHook = ''
-  # set SOURCE_DATE_EPOCH so that we can use python wheels
-  SOURCE_DATE_EPOCH=$(date +%s)
-  virtualenv --no-setuptools venv
-  export PATH=$PWD/venv/bin:$PATH
-  pip install -r requirements.txt
-  '';
-}
-```
-
-Note that the `pip install` is an imperative action. So every time `nix-shell`
-is executed it will attempt to download the python modules listed in
-requirements.txt. However these will be cached locally within the `virtualenv`
-folder and not downloaded again.
-
-### How to override a Python package from `configuration.nix`?
-
-If you need to change a package's attribute(s) from `configuration.nix` you could do:
-
-```nix
-  nixpkgs.config.packageOverrides = superP: {
-    pythonPackages = superP.pythonPackages.override {
-      overrides = self: super: {
-        bepasty-server = super.bepasty-server.overrideAttrs ( oldAttrs: {
-          src = pkgs.fetchgit {
-            url = "https://github.com/bepasty/bepasty-server";
-            sha256 = "9ziqshmsf0rjvdhhca55sm0x8jz76fsf2q4rwh4m6lpcf8wr0nps";
-            rev = "e2516e8cf4f2afb5185337073607eb9e84a61d2d";
-          };
-        });
-      };
-    };
-  };
-```
-
-If you are using the `bepasty-server` package somewhere, for example in `systemPackages` or indirectly from `services.bepasty`, then a `nixos-rebuild switch` will rebuild the system but with the `bepasty-server` package using a different `src` attribute. This way one can modify `python` based software/libraries easily. Using `self` and `super` one can also alter dependencies (`buildInputs`) between the old state (`self`) and new state (`super`). 

 ## Contributing

@@ -926,8 +825,7 @@ If you are using the `bepasty-server` package somewhere, for example in `systemP

 Following rules are desired to be respected:

-* Python libraries are supposed to be called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
-* Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
-* Make sure libraries build for all Python interpreters.
-* By default we enable tests. Make sure the tests are found and, in the case of libraries, are passing for all interpreters. If certain tests fail they can be disabled individually. Try to avoid disabling the tests altogether. In any case, when you disable tests, leave a comment explaining why.
-* Commit names of Python libraries should include `pythonPackages`, for example `pythonPackages.numpy: 1.11 -> 1.12`.
+* Make sure package builds for all python interpreters. Use `disabled` argument to `buildPythonPackage` to set unsupported interpreters.
+* If tests need to be disabled for a package, make sure you leave a comment about reasoning.
+* Packages in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
+* Python libraries are supposed to be in `python-packages.nix` and packaged with `buildPythonPackage`. Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
--- a/doc/languages-frameworks/qt.xml
+++ b/doc/languages-frameworks/qt.xml
@@ -2,31 +2,67 @@
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xml:id="sec-language-qt">

-<title>Qt and KDE</title>
+<title>Qt</title>

-<para>Qt is a comprehensive desktop and mobile application development toolkit for C++. Legacy support is available for Qt 3 and Qt 4, but all current development uses Qt 5. The Qt 5 packages in Nixpkgs are updated frequently to take advantage of new features, but older versions are typically retained to support packages that may not be compatible with the latest version. When packaging applications and libraries for Nixpkgs, it is important to ensure that compatible versions of Qt 5 are used throughout; this consideration motivates the tools described below.</para>
+<para>The information in this section applies to Qt 5.5 and later.</para>
+
+<para>Qt is an application development toolkit for C++. Although it is
+not a distinct programming language, there are special considerations
+for packaging Qt-based programs and libraries. A small set of tools
+and conventions has grown out of these considerations.</para>

 <section xml:id="ssec-qt-libraries"><title>Libraries</title>

-<para>Libraries that depend on Qt 5 should be built with each available version to avoid linking a dependent package against incompatible versions of Qt 5. (Although Qt 5 maintains backward ABI compatibility, linking against multiple versions at once is generally not possible; at best it will lead to runtime faults.) Packages that provide libraries should be added to the top-level function <varname>mkLibsForQt5</varname>, which is used to build a set of libraries for every Qt 5 version. The <varname>callPackage</varname> provided in this scope will ensure that only one Qt version will be used throughout the dependency tree. Dependencies should be imported unqualified, i.e. <literal>qtbase</literal> not <literal>qt5.qtbase</literal>, so that <varname>callPackage</varname> can do its work. <emphasis>Do not</emphasis> import a package set such as <literal>qt5</literal> or <literal>libsForQt5</literal> into your package; although it may work fine in the moment, it could well break at the next Qt update.</para>
-
-<para>If a library does not support a particular version of Qt 5, it is best to mark it as broken by setting its <literal>meta.broken</literal> attribute. A package may be marked broken for certain versions by testing the <literal>qtbase.version</literal> attribute, which will always give the current Qt 5 version.</para>
+<para>Packages that provide libraries should be listed in
+<varname>qt5LibsFun</varname> so that the library is built with each
+Qt version. A set of packages is provided for each version of Qt; for
+example, <varname>qt5Libs</varname> always provides libraries built
+with the latest version, <varname>qt55Libs</varname> provides
+libraries built with Qt 5.5, and so on. To avoid version conflicts, no
+top-level attributes are created for these packages.</para>

 </section>

-<section xml:id="ssec-qt-applications"><title>Applications</title>
+<section xml:id="ssec-qt-programs"><title>Programs</title>

-<para>Applications generally do not need to be built with every Qt version because they do not provide any libraries for dependent packages to link against. The primary consideration is merely ensuring that the application itself and its dependencies are linked against only one version of Qt. To call your application expression, use <literal>libsForQt5.callPackage</literal> instead of <literal>callPackage</literal>. Dependencies should be imported unqualified, i.e. <literal>qtbase</literal> not <literal>qt5.qtbase</literal>. <emphasis>Do not</emphasis> import a package set such as <literal>qt5</literal> or <literal>libsForQt5</literal> into your package; although it may work fine in the moment, it could well break at the next Qt update.</para>
+<para>Application packages do not need to be built with every Qt
+version. To ensure consistency between the package's dependencies,
+call the package with <literal>qt5Libs.callPackage</literal> instead
+of the usual <literal>callPackage</literal>. An older version may be
+selected in case of incompatibility. For example, to build with Qt
+5.5, call the package with
+<literal>qt55Libs.callPackage</literal>.</para>

-<para>It is generally best to build an application package against the <varname>libsForQt5</varname> library set. In case a package does not build with the latest Qt version, it is possible to pick a set pinned to a particular version, e.g. <varname>libsForQt55</varname> for Qt 5.5, if that is the latest version the package supports.</para>
+<para>Several environment variables must be set at runtime for Qt
+applications to function correctly, including:</para>

-<para>Qt-based applications require that several paths be set at runtime. This is accomplished by wrapping the provided executables in a package with <literal>wrapQtProgram</literal> or <literal>makeQtWrapper</literal> during the <literal>postFixup</literal> phase. To use the wrapper generators, add <literal>makeQtWrapper</literal> to <literal>nativeBuildInputs</literal>. The wrapper generators support the same options as <literal>wrapProgram</literal> and <literal>makeWrapper</literal> respectively. It is usually only necessary to generate wrappers for programs intended to be invoked by the user.</para>
+<itemizedlist>
+  <listitem><para><envar>QT_PLUGIN_PATH</envar></para></listitem>
+  <listitem><para><envar>QML_IMPORT_PATH</envar></para></listitem>
+  <listitem><para><envar>QML2_IMPORT_PATH</envar></para></listitem>
+  <listitem><para><envar>XDG_DATA_DIRS</envar></para></listitem>
+</itemizedlist>
+
+<para>To ensure that these are set correctly, the program must be wrapped by
+invoking <literal>wrapQtProgram <replaceable>program</replaceable></literal>
+during installation (for example, during
+<literal>fixupPhase</literal>). <literal>wrapQtProgram</literal>
+accepts the same options as <literal>makeWrapper</literal>.
+</para>

 </section>

 <section xml:id="ssec-qt-kde"><title>KDE</title>

-<para>The KDE Frameworks are a set of libraries for Qt 5 which form the basis of the Plasma desktop environment and the KDE Applications suite. Packaging a Frameworks-based library does not require any steps beyond those described above for general Qt-based libraries. Frameworks-based applications should not use <literal>makeQtWrapper</literal>; instead, use <literal>kdeWrapper</literal> to create the necessary wrappers: <literal>kdeWrapper { unwrapped = <replaceable>expr</replaceable>; targets = <replaceable>exes</replaceable>; }</literal>, where <replaceable>expr</replaceable> is the un-wrapped package expression and <replaceable>exes</replaceable> is a list of strings giving the relative paths to programs in the package which should be wrapped.</para>
+<para>Many of the considerations above also apply to KDE packages,
+especially the need to set the correct environment variables at
+runtime. To ensure that this is done, invoke <literal>wrapKDEProgram
+<replaceable>program</replaceable></literal> during
+installation. <literal>wrapKDEProgram</literal> also generates a
+<literal>ksycoca</literal> database so that required data and services
+can be found. Like its Qt counterpart,
+<literal>wrapKDEProgram</literal> accepts the same options as
+<literal>makeWrapper</literal>.</para>

 </section>

--- a/doc/languages-frameworks/ruby.xml
+++ b/doc/languages-frameworks/ruby.xml
@@ -26,8 +26,9 @@ bundlerEnv rec {

  version = (import gemset).sensu.version;
  inherit ruby;
-  # expects Gemfile, Gemfile.lock and gemset.nix in the same directory
-  gemdir = ./.;
+  gemfile = ./Gemfile;
+  lockfile = ./Gemfile.lock;
+  gemset = ./gemset.nix;

  meta = with lib; {
    description = "A monitoring framework that aims to be simple, malleable, and scalable";
--- a/doc/languages-frameworks/rust.md
+++ b/doc/languages-frameworks/rust.md
@@ -1,91 +0,0 @@
---
-title: Rust
-author: Matthias Beyer
-date: 2017-03-05
---
-
-# User's Guide to the Rust Infrastructure
-
-To install the rust compiler and cargo put
-
-```
-rustStable.rustc
-rustStable.cargo
-```
-
-into the `environment.systemPackages` or bring them into scope with
-`nix-shell -p rustStable.rustc -p rustStable.cargo`.
-
-There are also `rustBeta` and `rustNightly` package sets available.
-These are not updated very regulary. For daily builds see
-[Using the Rust nightlies overlay](#using-the-rust-nightlies-overlay)
-
-## Packaging Rust applications
-
-Rust applications are packaged by using the `buildRustPackage` helper from `rustPlatform`:
-
-```
-with rustPlatform;
-
-buildRustPackage rec {
-  name = "ripgrep-${version}";
-  version = "0.4.0";
-
-  src = fetchFromGitHub {
-    owner = "BurntSushi";
-    repo = "ripgrep";
-    rev = "${version}";
-    sha256 = "0y5d1n6hkw85jb3rblcxqas2fp82h3nghssa4xqrhqnz25l799pj";
-  };
-
-  depsSha256 = "0q68qyl2h6i0qsz82z840myxlnjay8p1w5z7hfyr8fqp7wgwa9cx";
-
-  meta = with stdenv.lib; {
-    description = "A utility that combines the usability of The Silver Searcher with the raw speed of grep";
-    homepage = https://github.com/BurntSushi/ripgrep;
-    license = with licenses; [ unlicense ];
-    maintainers = [ maintainers.tailhook ];
-    platforms = platforms.all;
-  };
-}
-```
-
-`buildRustPackage` requires a `depsSha256` attribute which is computed over
-all crate sources of this package. Currently it is obtained by inserting a
-fake checksum into the expression and building the package once. The correct
-checksum can be then take from the failed build.
-
-To install crates with nix there is also an experimental project called
-[nixcrates](https://github.com/fractalide/nixcrates).
-
-## Using the Rust nightlies overlay
-
-Mozilla provides an overlay for nixpkgs to bring a nightly version of Rust into scope.
-This overlay can _also_ be used to install recent unstable or stable versions
-of Rust, if desired.
-
-To use this overlay, clone
-[nixpkgs-mozilla](https://github.com/mozilla/nixpkgs-mozilla),
-and create a symbolic link to the file
-[rust-overlay.nix](https://github.com/mozilla/nixpkgs-mozilla/blob/master/rust-overlay.nix)
-in the `~/.config/nixpkgs/overlays` directory.
-
-    $ git clone https://github.com/mozilla/nixpkgs-mozilla.git
-    $ mkdir -p ~/.config/nixpkgs/overlays
-    $ ln -s $(pwd)/nixpkgs-mozilla/rust-overlay.nix ~/.config/nixpkgs/overlays/rust-overlay.nix
-
-The latest version can be installed with the following command:
-
-    $ nix-env -Ai nixos.rustChannels.stable.rust
-
-Or using the attribute with nix-shell:
-
-    $ nix-shell -p nixos.rustChannels.stable.rust
-
-To install the beta or nightly channel, "stable" should be substituted by
-"nightly" or "beta", or
-use the function provided by this overlay to pull a version based on a
-build date.
-
-The overlay automatically updates itself as it uses the same source as
-[rustup](https://www.rustup.rs/).
--- a/doc/languages-frameworks/texlive.xml
+++ b/doc/languages-frameworks/texlive.xml
@@ -35,7 +35,6 @@ texlive.combine {
      You can list packages e.g. by <command>nix-repl</command>.
      <programlisting>
 $ nix-repl
-nix-repl> :l &lt;nixpkgs>
 nix-repl> texlive.collection-&lt;TAB>
      </programlisting>
    </para></listitem>
--- a/doc/languages-frameworks/vim.md
+++ b/doc/languages-frameworks/vim.md
@@ -1,102 +0,0 @@
---
-title: User's Guide for Vim in Nixpkgs
-author: Marc Weber
-date: 2016-06-25
---
-# User's Guide to Vim Plugins/Addons/Bundles/Scripts in Nixpkgs
-
-You'll get a vim(-your-suffix) in PATH also loading the plugins you want.
-Loading can be deferred; see examples.
-
-VAM (=vim-addon-manager) and Pathogen plugin managers are supported.
-Vundle, NeoBundle could be your turn.
-
-## dependencies by Vim plugins
-
-VAM introduced .json files supporting dependencies without versioning
-assuming that "using latest version" is ok most of the time.
-
-## HOWTO
-
-First create a vim-scripts file having one plugin name per line. Example:
-
-    "tlib"
-    {'name': 'vim-addon-sql'}
-    {'filetype_regex': '\%(vim)$', 'names': ['reload', 'vim-dev-plugin']}
-
-Such vim-scripts file can be read by VAM as well like this:
-
-    call vam#Scripts(expand('~/.vim-scripts'), {})
-
-Create a default.nix file:
-
-    { nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
-    nixpkgs.vim_configurable.customize { name = "vim"; vimrcConfig.vam.pluginDictionaries = [ "vim-addon-vim2nix" ]; }
-
-Create a generate.vim file:
-
-    ActivateAddons vim-addon-vim2nix
-    let vim_scripts = "vim-scripts"
-    call nix#ExportPluginsForNix({
-    \  'path_to_nixpkgs': eval('{"'.substitute(substitute(substitute($NIX_PATH, ':', ',', 'g'), '=',':', 'g'), '\([:,]\)', '"\1"',"g").'"}')["nixpkgs"],
-    \  'cache_file': '/tmp/vim2nix-cache',
-    \  'try_catch': 0,
-    \  'plugin_dictionaries': ["vim-addon-manager"]+map(readfile(vim_scripts), 'eval(v:val)')
-    \ })
-
-Then run
-
-    nix-shell -p vimUtils.vim_with_vim2nix --command "vim -c 'source generate.vim'"
-
-You should get a Vim buffer with the nix derivations (output1) and vam.pluginDictionaries (output2).
-You can add your vim to your system's configuration file like this and start it by "vim-my":
-
-    my-vim =
-     let plugins = let inherit (vimUtils) buildVimPluginFrom2Nix; in {
-          copy paste output1 here
-     }; in vim_configurable.customize {
-       name = "vim-my";
-
-       vimrcConfig.vam.knownPlugins = plugins; # optional
-       vimrcConfig.vam.pluginDictionaries = [
-          copy paste output2 here
-       ];
-
-       # Pathogen would be
-       # vimrcConfig.pathogen.knownPlugins = plugins; # plugins
-       # vimrcConfig.pathogen.pluginNames = ["tlib"];
-     };
-
-
-Sample output1:
-
-    "reload" = buildVimPluginFrom2Nix { # created by nix#NixDerivation
-      name = "reload";
-      src = fetchgit {
-        url = "git://github.com/xolox/vim-reload";
-        rev = "0a601a668727f5b675cb1ddc19f6861f3f7ab9e1";
-        sha256 = "0vb832l9yxj919f5hfg6qj6bn9ni57gnjd3bj7zpq7d4iv2s4wdh";
-      };
-      dependencies = ["nim-misc"];
-
-    };
-    [...]
-
-Sample output2:
-
-    [
-      ''vim-addon-manager''
-      ''tlib''
-      { "name" = ''vim-addon-sql''; }
-      { "filetype_regex" = ''\%(vim)$$''; "names" = [ ''reload'' ''vim-dev-plugin'' ]; }
-    ]
-
-
-## Important repositories
-
- [vim-pi](https://bitbucket.org/vimcommunity/vim-pi) is a plugin repository
-  from VAM plugin manager meant to be used by others as well used by
-
- [vim2nix](http://github.com/MarcWeber/vim-addon-vim2nix) which generates the
-  .nix code
-
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -13,13 +13,11 @@
  <xi:include href="quick-start.xml" />
  <xi:include href="stdenv.xml" />
  <xi:include href="multiple-output.xml" />
-  <xi:include href="cross-compilation.xml" />
  <xi:include href="configuration.xml" />
  <xi:include href="functions.xml" />
  <xi:include href="meta.xml" />
  <xi:include href="languages-frameworks/index.xml" />
  <xi:include href="package-notes.xml" />
-  <xi:include href="overlays.xml" />
  <xi:include href="coding-conventions.xml" />
  <xi:include href="submitting-changes.xml" />
  <xi:include href="reviewing-contributions.xml" />
--- a/doc/multiple-output.xml
+++ b/doc/multiple-output.xml
@@ -45,48 +45,34 @@
    <title>File type groups</title>
    <para>The support code currently recognizes some particular kinds of outputs and either instructs the build system of the package to put files into their desired outputs or it moves the files during the fixup phase.  Each group of file types has an <varname>outputFoo</varname> variable specifying the output name where they should go.  If that variable isn't defined by the derivation writer, it is guessed &ndash; a default output name is defined, falling back to other possibilities if the output isn't defined.</para>
    <variablelist>
-
      <varlistentry><term><varname>
         $outputDev</varname></term><listitem><para>
         is for development-only files. These include C(++) headers, pkg-config, cmake and aclocal files.  They go to <varname>dev</varname> or <varname>out</varname> by default.
-       </para></listitem>
-      </varlistentry>
-
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
        $outputBin</varname></term><listitem><para>
        is meant for user-facing binaries, typically residing in bin/.  They go to <varname>bin</varname> or <varname>out</varname> by default.
-      </para></listitem></varlistentry>
-
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
        $outputLib</varname></term><listitem><para>
        is meant for libraries, typically residing in <filename>lib/</filename> and <filename>libexec/</filename>.  They go to <varname>lib</varname> or <varname>out</varname> by default.
-      </para></listitem></varlistentry>
-
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
        $outputDoc</varname></term><listitem><para>
        is for user documentation, typically residing in <filename>share/doc/</filename>.  It goes to <varname>doc</varname> or <varname>out</varname> by default.
-      </para></listitem></varlistentry>
-
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
-        $outputDevdoc</varname></term><listitem><para>
-        is for <emphasis>developer</emphasis> documentation.  Currently we count gtk-doc in there.  It goes to <varname>devdoc</varname> or is removed (!) by default.  This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
-      </para></listitem></varlistentry>
-
+        $outputDocdev</varname></term><listitem><para>
+        is for <emphasis>developer</emphasis> documentation.  Currently we count gtk-doc and man3 pages in there.  It goes to <varname>devdoc</varname> or is removed (!) by default.  This is because e.g. gtk-doc tends to be rather large and completely unused by nixpkgs users.
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
        $outputMan</varname></term><listitem><para>
        is for man pages (except for section 3). They go to <varname>man</varname> or <varname>doc</varname> or <varname>$outputBin</varname> by default.
-      </para></listitem></varlistentry>
-
-      <varlistentry><term><varname>
-        $outputDevman</varname></term><listitem><para>
-        is for section 3 man pages. They go to <varname>devman</varname> or <varname>$outputMan</varname> by default.
-      </para></listitem></varlistentry>
-
+        </para></listitem></varlistentry>
      <varlistentry><term><varname>
        $outputInfo</varname></term><listitem><para>
        is for info pages. They go to <varname>info</varname> or <varname>doc</varname> or <varname>$outputMan</varname> by default.
-      </para></listitem></varlistentry>
-
+        </para></listitem></varlistentry>
    </variablelist>
  </section>

@@ -102,3 +88,4 @@
 </section><!--Writing a split derivation-->

 </chapter>
+
--- a/doc/old/cross.txt
+++ b/doc/old/cross.txt
@@ -61,7 +61,7 @@ stdenv.mkDerivation {
  builder = ./builder.sh;
  src = fetchurl {
    url = http://ftp.nluug.nl/gnu/binutils/binutils-2.16.1.tar.bz2;
-    sha256 = "1ian3kwh2vg6hr3ymrv48s04gijs539vzrq62xr76bxbhbwnz2np";
+    md5 = "6a9d529efb285071dad10e1f3d2b2967";
  };
  inherit noSysDirs;
  configureFlags = "--target=arm-linux";
@@ -81,11 +81,11 @@ Step 2: build kernel headers for the target architecture
 assert stdenv.system == "i686-linux";

 stdenv.mkDerivation {
-  name = "linux-headers-2.6.13.1-arm";
+  name = "linux-headers-2.6.13.4-arm";
  builder = ./builder.sh;
  src = fetchurl {
-    url = http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.1.tar.bz2;
-    sha256 = "12qxmc827fjhaz53kjy7vyrzsaqcg78amiqsb3qm20z26w705lma";
+    url = http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.13.4.tar.bz2;
+    md5 = "94768d7eef90a9d8174639b2a7d3f58d";
  };
 }
 ---
@@ -152,7 +152,9 @@ stdenv.mkDerivation {
  builder = ./builder.sh;
  src = fetchurl {
    url = ftp://ftp.nluug.nl/pub/gnu/gcc/gcc-4.0.2/gcc-core-4.0.2.tar.bz2;
-    sha256 = "02fxh0asflm8825w23l2jq1wvs7hbnam0jayrivg7zdv2ifnc0rc";
+    md5 = "f7781398ada62ba255486673e6274b26";
+    #url = ftp://ftp.nluug.nl/pub/gnu/gcc/gcc-4.0.2/gcc-4.0.2.tar.bz2;
+    #md5 = "a659b8388cac9db2b13e056e574ceeb0";
  };
  # !!! apply only if noSysDirs is set
  patches = [./no-sys-dirs.patch ./gcc-inhibit.patch];
--- a/doc/overlays.xml
+++ b/doc/overlays.xml
@@ -1,99 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="chap-overlays">
-
-<title>Overlays</title>
-
-<para>This chapter describes how to extend and change Nixpkgs packages using
-overlays. Overlays are used to add layers in the fix-point used by Nixpkgs
-to compose the set of all packages.</para>
-
-<!--============================================================-->
-
-<section xml:id="sec-overlays-install">
-<title>Installing Overlays</title>
-
-<para>The set of overlays is looked for in the following places. The
-first one present is considered, and all the rest are ignored:
-
-<orderedlist>
-
-  <listitem>
-
-    <para>As an argument of the imported attribute set. When importing Nixpkgs,
-    the <varname>overlays</varname> attribute argument can be set to a list of
-    functions, which is described in <xref linkend="sec-overlays-layout"/>.</para>
-
-  </listitem>
-
-  <listitem>
-
-    <para>In the directory pointed to by the Nix search path entry
-    <literal>&lt;nixpkgs-overlays></literal>.</para>
-  </listitem>
-
-  <listitem>
-
-    <para>In the directory <filename>~/.nixpkgs/overlays/</filename>.</para>
-  </listitem>
-
-</orderedlist>
-</para>
-
-<para>For the second and third options, the directory should contain Nix expressions defining the
-overlays. Each overlay can be a file, a directory containing a
-<filename>default.nix</filename>, or a symlink to one of those. The expressions should follow
-the syntax described in <xref linkend="sec-overlays-layout"/>.</para>
-
-<para>The order of the overlay layers can influence the recipe of packages if multiple layers override
-the same recipe. In the case where overlays are loaded from a directory, they are loaded in
-alphabetical order.</para>
-
-<para>To install an overlay using the last option, you can clone the overlay's repository and add
-a symbolic link to it in <filename>~/.nixpkgs/overlays/</filename> directory.</para>
-
-</section>
-
-<!--============================================================-->
-
-<section xml:id="sec-overlays-layout">
-<title>Overlays Layout</title>
-
-<para>Overlays are expressed as Nix functions which accept 2 arguments and return a set of
-packages.</para>
-
-<programlisting>
-self: super:
-
-{
-  boost = super.boost.override {
-    python = self.python3;
-  };
-  rr = super.callPackage ./pkgs/rr {
-    stdenv = self.stdenv_32bit;
-  };
-}
-</programlisting>
-
-<para>The first argument, usually named <varname>self</varname>, corresponds to the final package
-set. You should use this set for the dependencies of all packages specified in your
-overlay. For example, all the dependencies of <varname>rr</varname> in the example above come
-from <varname>self</varname>, as well as the overriden dependencies used in the
-<varname>boost</varname> override.</para>
-
-<para>The second argument, usually named <varname>super</varname>,
-corresponds to the result of the evaluation of the previous stages of
-Nixpkgs. It does not contain any of the packages added by the current
-overlay nor any of the following overlays. This set should be used either
-to refer to packages you wish to override, or to access functions defined
-in Nixpkgs. For example, the original recipe of <varname>boost</varname>
-in the above example, comes from <varname>super</varname>, as well as the
-<varname>callPackage</varname> function.</para>
-
-<para>The value returned by this function should be a set similar to
-<filename>pkgs/top-level/all-packages.nix</filename>, which contains
-overridden and/or new packages.</para>
-
-</section>
-
-</chapter>
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@@ -278,7 +278,7 @@ packageOverrides = pkgs: {
 </screen>

    to your Nixpkgs configuration
-    (<filename>~/.config/nixpkgs/config.nix</filename>) and install it by
+    (<filename>~/.nixpkgs/config.nix</filename>) and install it by
    running <command>nix-env -f '&lt;nixpkgs&gt;' -iA
    myEclipse</command> and afterward run Eclipse as usual. It is
    possible to find out which plugins are available for installation
@@ -382,138 +382,4 @@ it. Place the resulting <filename>package.nix</filename> file into

 </section>

-<section xml:id="sec-steam">
-
-<title>Steam</title>
-
-<section xml:id="sec-steam-nix">
-
-<title>Steam in Nix</title>
-
-<para>
-  Steam is distributed as a <filename>.deb</filename> file, for now only 
-  as an i686 package (the amd64 package only has documentation). 
-  When unpacked, it has a script called <filename>steam</filename> that 
-  in ubuntu (their target distro) would go to <filename>/usr/bin
-  </filename>. When run for the first time, this script copies some 
-  files to the user's home, which include another script that is the 
-  ultimate responsible for launching the steam binary, which is also 
-  in $HOME.
-</para>
-<para>
-  Nix problems and constraints:
-<itemizedlist>
-  <listitem><para>We don't have <filename>/bin/bash</filename> and many 
-  scripts point there. Similarly for <filename>/usr/bin/python</filename>
-  .</para></listitem>
-  <listitem><para>We don't have the dynamic loader in <filename>/lib
-  </filename>.</para></listitem>
-  <listitem><para>The <filename>steam.sh</filename> script in $HOME can 
-  not be patched, as it is checked and rewritten by steam.</para></listitem>
-  <listitem><para>The steam binary cannot be patched, it's also checked.</para></listitem>
-</itemizedlist>
-</para>
-<para>
-  The current approach to deploy Steam in NixOS is composing a FHS-compatible
-  chroot environment, as documented
-  <link xlink:href="http://sandervanderburg.blogspot.nl/2013/09/composing-fhs-compatible-chroot.html">here</link>.
-  This allows us to have binaries in the expected paths without disrupting the system,
-  and to avoid patching them to work in a non FHS environment.
-</para>
-
-</section>
-
-<section xml:id="sec-steam-play">
-
-<title>How to play</title>
-
-<para>
-  For 64-bit systems it's important to have 
-  <programlisting>hardware.opengl.driSupport32Bit = true;</programlisting> 
-  in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need 
-  <programlisting>hardware.pulseaudio.support32Bit = true;</programlisting> 
-  if you are using PulseAudio - this will enable 32bit ALSA apps integration.
-  To use the Steam controller, you need to add
-  <programlisting>services.udev.extraRules = ''
-    SUBSYSTEM=="usb", ATTRS{idVendor}=="28de", MODE="0666"
-    KERNEL=="uinput", MODE="0660", GROUP="users", OPTIONS+="static_node=uinput"
-  '';</programlisting>
-  to your configuration.
-</para>
-
-</section>
-
-<section xml:id="sec-steam-troub">
-
-<title>Troubleshooting</title>
-
-<para>
-<variablelist>
-
-  <varlistentry>
-    <term>Steam fails to start. What do I do?</term>
-    <listitem><para>Try to run 
-    <programlisting>strace steam</programlisting>
-    to see what is causing steam to fail.</para></listitem>
-  </varlistentry>
-
-  <varlistentry>
-  <term>Using the FOSS Radeon drivers</term>
-  <listitem><itemizedlist><listitem><para>
-  The open source radeon drivers need a newer libc++ than is provided 
-  by the default runtime, which leads to a crash on launch. Use
-  <programlisting>environment.systemPackages = [(pkgs.steam.override { newStdcpp = true; })];</programlisting>
-  in your config if you get an error like
-  <programlisting>
-libGL error: unable to load driver: radeonsi_dri.so
-libGL error: driver pointer missing
-libGL error: failed to load driver: radeonsi
-libGL error: unable to load driver: swrast_dri.so
-libGL error: failed to load driver: swrast</programlisting></para></listitem>
-  <listitem><para>
-  Steam ships statically linked with a version of libcrypto that
-  conflics with the one dynamically loaded by radeonsi_dri.so.
-  If you get the error
-  <programlisting>steam.sh: line 713: 7842 Segmentation fault (core dumped)</programlisting>
-  have a look at <link xlink:href="https://github.com/NixOS/nixpkgs/pull/20269">this pull request</link>.
-  </para></listitem>
-
-  </itemizedlist></listitem></varlistentry>
-
-  <varlistentry>
-  <term>Java</term>
-  <listitem><orderedlist>
-  <listitem><para>
-  There is no java in steam chrootenv by default. If you get a message like
-  <programlisting>/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found</programlisting>
-  You need to add  
-  <programlisting> steam.override { withJava = true; };</programlisting>
-  to your configuration.
-  </para></listitem>
-  </orderedlist></listitem></varlistentry>
-
-</variablelist>
-</para>
-
-</section>
-
-<section xml:id="sec-steam-run">
-
-<title>steam-run</title>
-<para>
-The FHS-compatible chroot used for steam can also be used to run 
-other linux games that expect a FHS environment.
-To do it, add 
-<programlisting>pkgs.(steam.override {
-          nativeOnly = true;
-          newStdcpp = true;
-        }).run</programlisting>
-to your configuration, rebuild, and run the game with 
-<programlisting>steam-run ./foo</programlisting>
-</para>
-
-</section>
-
-</section>
-
 </chapter>
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -27,7 +27,7 @@ stdenv.mkDerivation {
  name = "libfoo-1.2.3";
  src = fetchurl {
    url = http://example.org/libfoo-1.2.3.tar.bz2;
-    sha256 = "0x2g1jqygyr5wiwg4ma1nd7w4ydpy82z9gkcv8vh2v8dn3y58v5m";
+    md5 = "e1ec107956b6ddcb0b8b0679367e9ac9";
  };
 }</programlisting>

@@ -194,52 +194,33 @@ genericBuild
    tools.</para></listitem>
  </varlistentry>

-</variablelist>
-
-<variablelist>
-  <title>Variables specifying dependencies</title>
-
-  <varlistentry>
-    <term><varname>nativeBuildInputs</varname></term>
-    <listitem><para>
-      A list of dependencies used by the new derivation at <emphasis>build</emphasis>-time.
-      I.e. these dependencies should not make it into the package's runtime-closure, though this is currently not checked.
-      For each dependency <replaceable>dir</replaceable>, the directory <filename><replaceable>dir</replaceable>/bin</filename>, if it exists, is added to the <envar>PATH</envar> environment variable.
-      Other environment variables are also set up via a pluggable mechanism.
-      For instance, if <varname>buildInputs</varname> contains Perl, then the <filename>lib/site_perl</filename> subdirectory of each input is added to the <envar>PERL5LIB</envar> environment variable.
-      See <xref linkend="ssec-setup-hooks"/> for details.
-    </para></listitem>
-  </varlistentry>
-
  <varlistentry>
    <term><varname>buildInputs</varname></term>
-    <listitem><para>
-      A list of dependencies used by the new derivation at <emphasis>run</emphasis>-time.
-      Currently, the build-time environment is modified in the exact same way as with <varname>nativeBuildInputs</varname>.
-      This is problematic in that when cross-compiling, foreign executables can clobber native ones on the <envar>PATH</envar>.
-      Even more confusing is static-linking.
-      A statically-linked library should be listed here because ultimately that generated machine code will be used at run-time, even though a derivation containing the object files or static archives will only be used at build-time.
-      A less confusing solution to this would be nice.
-    </para></listitem>
+    <listitem><para>A list of dependencies used by
+    <literal>stdenv</literal> to set up the environment for the build.
+    For each dependency <replaceable>dir</replaceable>, the directory
+    <filename><replaceable>dir</replaceable>/bin</filename>, if it
+    exists, is added to the <envar>PATH</envar> environment variable.
+    Other environment variables are also set up via a pluggable
+    mechanism.  For instance, if <varname>buildInputs</varname>
+    contains Perl, then the <filename>lib/site_perl</filename>
+    subdirectory of each input is added to the <envar>PERL5LIB</envar>
+    environment variable.  See <xref linkend="ssec-setup-hooks"/> for
+    details.</para></listitem>
  </varlistentry>
-
-
-  <varlistentry>
-    <term><varname>propagatedNativeBuildInputs</varname></term>
-    <listitem><para>
-      Like <varname>nativeBuildInputs</varname>, but these dependencies are <emphasis>propagated</emphasis>:
-      that is, the dependencies listed here are added to the <varname>nativeBuildInputs</varname> of any package that uses <emphasis>this</emphasis> package as a dependency.
-      So if package Y has <literal>propagatedBuildInputs = [X]</literal>, and package Z has <literal>buildInputs = [Y]</literal>, then package X will appear in Z’s build environment automatically.
-    </para></listitem>
-  </varlistentry>
-
+  
  <varlistentry>
    <term><varname>propagatedBuildInputs</varname></term>
-    <listitem><para>
-      Like <varname>buildInputs</varname>, but propagated just like <varname>propagatedNativeBuildInputs</varname>.
-      This inherits <varname>buildInputs</varname>'s flaws of clobbering native executables when cross-compiling and being confusing for static linking.
-    </para></listitem>
+    <listitem><para>Like <varname>buildInputs</varname>, but these
+    dependencies are <emphasis>propagated</emphasis>: that is, the
+    dependencies listed here are added to the
+    <varname>buildInputs</varname> of any package that uses
+    <emphasis>this</emphasis> package as a dependency.  So if package
+    Y has <literal>propagatedBuildInputs = [X]</literal>, and package
+    Z has <literal>buildInputs = [Y]</literal>, then package X will
+    appear in Z’s build environment automatically.</para></listitem>
  </varlistentry>
+  

 </variablelist>

@@ -341,7 +322,7 @@ executed and in what order:
      $preInstallPhases installPhase fixupPhase $preDistPhases
      distPhase $postPhases</literal>.
      </para>
-
+      
      <para>Usually, if you just want to add a few phases, it’s more
      convenient to set one of the variables below (such as
      <varname>preInstallPhases</varname>), as you then don’t specify
@@ -725,7 +706,7 @@ makeFlagsArray=(CFLAGS="-O0 -g" LDFLAGS="-lfoo -lbar")
 </variablelist>


-<para>
+<para> 
 You can set flags for <command>make</command> through the
 <varname>makeFlags</varname> variable.</para>

@@ -792,7 +773,7 @@ doCheck = true;</programlisting>

 </variablelist>

-
+  
 </section>


@@ -859,12 +840,12 @@ install phase.  The default <function>fixupPhase</function> does the
 following:

 <itemizedlist>
-
+      
  <listitem><para>It moves the <filename>man/</filename>,
  <filename>doc/</filename> and <filename>info/</filename>
  subdirectories of <envar>$out</envar> to
  <filename>share/</filename>.</para></listitem>
-
+      
  <listitem><para>It strips libraries and executables of debug
  information.</para></listitem>

@@ -1007,41 +988,6 @@ set debug-file-directory ~/.nix-profile/lib/debug

 </section>

-<section xml:id="ssec-installCheck-phase"><title>The installCheck phase</title>
-
-<para>The installCheck phase checks whether the package was installed
-correctly by running its test suite against the installed directories.
-The default <function>installCheck</function> calls <command>make
-installcheck</command>.</para>
-
-<variablelist>
-  <title>Variables controlling the installCheck phase</title>
-
-  <varlistentry>
-    <term><varname>doInstallCheck</varname></term>
-    <listitem><para>If set to a non-empty string, the installCheck phase is
-    executed, otherwise it is skipped (default).  Thus you should set
-
-    <programlisting>doInstallCheck = true;</programlisting>
-
-    in the derivation to enable install checks.</para></listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><varname>preInstallCheck</varname></term>
-    <listitem><para>Hook executed at the start of the installCheck
-    phase.</para></listitem>
-  </varlistentry>
-
-  <varlistentry>
-    <term><varname>postInstallCheck</varname></term>
-    <listitem><para>Hook executed at the end of the installCheck
-    phase.</para></listitem>
-  </varlistentry>
-
-</variablelist>
-
-</section>

 <section xml:id="ssec-distribution-phase"><title>The distribution
 phase</title>
@@ -1110,41 +1056,13 @@ functions.</para>

 <variablelist>

-
-  <varlistentry xml:id='fun-makeWrapper'>
-    <term><function>makeWrapper</function>
-    <replaceable>executable</replaceable>
-    <replaceable>wrapperfile</replaceable>
-    <replaceable>args</replaceable></term>
-    <listitem><para>Constructs a wrapper for a program with various
-    possible arguments. For example:
-
-<programlisting>
-# adds `FOOBAR=baz` to `$out/bin/foo`’s environment
-makeWrapper $out/bin/foo $wrapperfile --set FOOBAR baz
-
-# prefixes the binary paths of `hello` and `git`
-# Be advised that paths often should be patched in directly
-# (via string replacements or in `configurePhase`).
-makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello git ]}
-</programlisting>
-
-    There’s many more kinds of arguments, they are documented in
-    <literal>nixpkgs/pkgs/build-support/setup-hooks/make-wrapper.sh</literal>.</para>
-
-    <para><literal>wrapProgram</literal> is a convenience function you probably
-    want to use most of the time.</para>
-
-    </listitem>
-  </varlistentry>
  
-
  <varlistentry xml:id='fun-substitute'>
    <term><function>substitute</function>
    <replaceable>infile</replaceable>
    <replaceable>outfile</replaceable>
    <replaceable>subs</replaceable></term>
-
+    
    <listitem>
      <para>Performs string substitution on the contents of
      <replaceable>infile</replaceable>, writing the result to
@@ -1172,7 +1090,7 @@ makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello
            <literal>@<replaceable>...</replaceable>@</literal> in the
            template as placeholders.</para></listitem>
          </varlistentry>
-
+          
          <varlistentry>
            <term><option>--subst-var-by</option>
            <replaceable>varName</replaceable>
@@ -1181,7 +1099,7 @@ makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello
            <literal>@<replaceable>varName</replaceable>@</literal> by
            the string <replaceable>s</replaceable>.</para></listitem>
          </varlistentry>
-
+          
        </variablelist>

      </para>
@@ -1209,7 +1127,7 @@ substitute ./foo.in ./foo.out \

    </listitem>
  </varlistentry>
-
+  

  <varlistentry xml:id='fun-substituteInPlace'>
    <term><function>substituteInPlace</function>
@@ -1220,7 +1138,7 @@ substitute ./foo.in ./foo.out \
    <replaceable>file</replaceable>.</para></listitem>
  </varlistentry>

-
+  
  <varlistentry xml:id='fun-substituteAll'>
    <term><function>substituteAll</function>
    <replaceable>infile</replaceable>
@@ -1278,42 +1196,27 @@ echo @foo@
    <term><function>stripHash</function>
    <replaceable>path</replaceable></term>
    <listitem><para>Strips the directory and hash part of a store
-    path, outputting the name part to <literal>stdout</literal>.
-    For example:
-
+    path, storing the name part in the environment variable
+    <literal>strippedName</literal>. For example:
+    
 <programlisting>
-# prints coreutils-8.24
 stripHash "/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
+# prints coreutils-8.24
+echo $strippedName
 </programlisting>

    If you wish to store the result in another variable, then the
    following idiom may be useful:
-
+    
 <programlisting>
 name="/nix/store/9s9r019176g7cvn2nvcw41gsp862y6b4-coreutils-8.24"
-someVar=$(stripHash $name)
+someVar=$(stripHash $name; echo $strippedName)
 </programlisting>

    </para></listitem>
  </varlistentry>
+
  
-
-  <varlistentry xml:id='fun-wrapProgram'>
-    <term><function>wrapProgram</function>
-    <replaceable>executable</replaceable>
-    <replaceable>makeWrapperArgs</replaceable></term>
-    <listitem><para>Convenience function for <literal>makeWrapper</literal>
-    that automatically creates a sane wrapper file
-
-    It takes all the same arguments as <literal>makeWrapper</literal>,
-    except for <literal>--argv0</literal>.</para>
-
-    <para>It cannot be applied multiple times, since it will overwrite the wrapper
-    file.</para>
-    </listitem>
-  </varlistentry>
-
-
 </variablelist>

 </section>
@@ -1670,3 +1573,4 @@ Arch Wiki</link>.
 </section>

 </chapter>
+
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -391,7 +391,7 @@ rec {
      );
    in f [] [rhs lhs];

-  /* A recursive variant of the update operator ‘//’.  The recursion
+  /* A recursive variant of the update operator ‘//’.  The recusion
     stops when one of the attribute values is not an attribute set,
     in which case the right hand side value takes precedence over the
     left hand side value.
--- a/lib/customisation.nix
+++ b/lib/customisation.nix
@@ -15,10 +15,10 @@ rec {
     the original derivation attributes.

     `overrideDerivation' allows certain "ad-hoc" customisation
-     scenarios (e.g. in ~/.config/nixpkgs/config.nix).  For instance,
-     if you want to "patch" the derivation returned by a package
-     function in Nixpkgs to build another version than what the
-     function itself provides, you can do something like this:
+     scenarios (e.g. in ~/.nixpkgs/config.nix).  For instance, if you
+     want to "patch" the derivation returned by a package function in
+     Nixpkgs to build another version than what the function itself
+     provides, you can do something like this:

       mySed = overrideDerivation pkgs.gnused (oldAttrs: {
         name = "sed-4.2.2-pre";
@@ -56,18 +56,16 @@ rec {
      ff = f origArgs;
      overrideWith = newArgs: origArgs // (if builtins.isFunction newArgs then newArgs origArgs else newArgs);
    in
-      if builtins.isAttrs ff then (ff // {
-        override = newArgs: makeOverridable f (overrideWith newArgs);
-        overrideDerivation = fdrv:
-          makeOverridable (args: overrideDerivation (f args) fdrv) origArgs;
-        ${if ff ? overrideAttrs then "overrideAttrs" else null} = fdrv:
-          makeOverridable (args: (f args).overrideAttrs fdrv) origArgs;
-      })
-      else if builtins.isFunction ff then {
-        override = newArgs: makeOverridable f (overrideWith newArgs);
-        __functor = self: ff;
-        overrideDerivation = throw "overrideDerivation not yet supported for functors";
-      }
+      if builtins.isAttrs ff then (ff //
+        { override = newArgs: makeOverridable f (overrideWith newArgs);
+          overrideDerivation = fdrv:
+            makeOverridable (args: overrideDerivation (f args) fdrv) origArgs;
+        })
+      else if builtins.isFunction ff then
+        { override = newArgs: makeOverridable f (overrideWith newArgs);
+          __functor = self: ff;
+          overrideDerivation = throw "overrideDerivation not yet supported for functors";
+        }
      else ff;


@@ -106,9 +104,11 @@ rec {
    let
      f = if builtins.isFunction fn then fn else import fn;
      auto = builtins.intersectAttrs (builtins.functionArgs f) autoArgs;
-      origArgs = auto // args;
-      pkgs = f origArgs;
-      mkAttrOverridable = name: pkg: makeOverridable (newArgs: (f newArgs).${name}) origArgs;
+      finalArgs = auto // args;
+      pkgs = f finalArgs;
+      mkAttrOverridable = name: pkg: pkg // {
+        override = newArgs: mkAttrOverridable name (f (finalArgs // newArgs)).${name};
+      };
    in lib.mapAttrs mkAttrOverridable pkgs;


@@ -177,10 +177,9 @@ rec {
    let self = f self // {
          newScope = scope: newScope (self // scope);
          callPackage = self.newScope {};
-          override = g:
-            makeScope newScope
-            (self_: let super = f self_; in super // g super self_);
-          packages = f;
+          override = g: makeScope newScope (self_:
+            let super = f self_;
+            in super // g super self_);
        };
    in self;

--- a/lib/default.nix
+++ b/lib/default.nix
@@ -1,50 +1,27 @@
-let
+let 

-  # trivial, often used functions
  trivial = import ./trivial.nix;
-
-  # datatypes
-  attrsets = import ./attrsets.nix;
  lists = import ./lists.nix;
  strings = import ./strings.nix;
  stringsWithDeps = import ./strings-with-deps.nix;
-
-  # packaging
-  customisation = import ./customisation.nix;
-  maintainers = import ./maintainers.nix;
-  meta = import ./meta.nix;
+  attrsets = import ./attrsets.nix;
  sources = import ./sources.nix;
-
-  # module system
  modules = import ./modules.nix;
  options = import ./options.nix;
  types = import ./types.nix;
-
-  # constants
-  licenses = import ./licenses.nix;
+  meta = import ./meta.nix;
+  debug = import ./debug.nix;
+  misc = import ./deprecated.nix;
+  maintainers = import ./maintainers.nix;
  platforms = import ./platforms.nix;
  systems = import ./systems.nix;
-
-  # misc
-  debug = import ./debug.nix;
-  generators = import ./generators.nix;
-  misc = import ./deprecated.nix;
-
-  # domain-specific
+  customisation = import ./customisation.nix;
+  licenses = import ./licenses.nix;
  sandbox = import ./sandbox.nix;
-  fetchers = import ./fetchers.nix;
-
-  # Eval-time filesystem handling
-  filesystem = import ./filesystem.nix;

 in
-  { inherit trivial
-            attrsets lists strings stringsWithDeps
-            customisation maintainers meta sources
-            modules options types
-            licenses platforms systems
-            debug generators misc
-            sandbox fetchers filesystem;
+  { inherit trivial lists strings stringsWithDeps attrsets sources options
+      modules types meta debug maintainers licenses platforms systems sandbox;
  }
  # !!! don't include everything at top-level; perhaps only the most
  # commonly used functions.
--- a/lib/fetchers.nix
+++ b/lib/fetchers.nix
@@ -1,12 +0,0 @@
-# snippets that can be shared by mutliple fetchers (pkgs/build-support)
-{
-
-  proxyImpureEnvVars = [
-    # We borrow these environment variables from the caller to allow
-    # easy proxy configuration.  This is impure, but a fixed-output
-    # derivation like fetchurl is allowed to do so since its result is
-    # by definition pure.
-    "http_proxy" "https_proxy" "ftp_proxy" "all_proxy" "no_proxy"
-  ];
-
-}
--- a/lib/filesystem.nix
+++ b/lib/filesystem.nix
@@ -1,26 +0,0 @@
-{ # locateDominatingFile :  RegExp
-  #                      -> Path
-  #                      -> Nullable { path : Path;
-  #                                    matches : [ MatchResults ];
-  #                                  }
-  # Find the first directory containing a file matching 'pattern'
-  # upward from a given 'file'.
-  # Returns 'null' if no directories contain a file matching 'pattern'.
-  locateDominatingFile = pattern: file:
-    let go = path:
-          let files = builtins.attrNames (builtins.readDir path);
-              matches = builtins.filter (match: match != null)
-                          (map (builtins.match pattern) files);
-          in
-            if builtins.length matches != 0
-              then { inherit path matches; }
-              else if path == /.
-                then null
-                else go (dirOf path);
-        parent = dirOf file;
-        isDir =
-          let base = baseNameOf file;
-              type = (builtins.readDir parent).${base} or null;
-          in file == /. || type == "directory";
-    in go (if isDir then file else parent);
-}
--- a/lib/generators.nix
+++ b/lib/generators.nix
@@ -1,93 +0,0 @@
-/* Functions that generate widespread file
- * formats from nix data structures.
- *
- * They all follow a similar interface:
- * generator { config-attrs } data
- *
- * Tests can be found in ./tests.nix
- * Documentation in the manual, #sec-generators
- */
-with import ./trivial.nix;
-let
-  libStr = import ./strings.nix;
-  libAttr = import ./attrsets.nix;
-
-  flipMapAttrs = flip libAttr.mapAttrs;
-in
-
-rec {
-
-  /* Generate a line of key k and value v, separated by
-   * character sep. If sep appears in k, it is escaped.
-   * Helper for synaxes with different separators.
-   *
-   * mkKeyValueDefault ":" "f:oo" "bar"
-   * > "f\:oo:bar"
-   */
-  mkKeyValueDefault = sep: k: v:
-    "${libStr.escape [sep] k}${sep}${toString v}";
-
-
-  /* Generate a key-value-style config file from an attrset.
-   *
-   * mkKeyValue is the same as in toINI.
-   */
-  toKeyValue = {
-    mkKeyValue ? mkKeyValueDefault "="
-  }: attrs:
-    let mkLine = k: v: mkKeyValue k v + "\n";
-    in libStr.concatStrings (libAttr.mapAttrsToList mkLine attrs);
-
-
-  /* Generate an INI-style config file from an
-   * attrset of sections to an attrset of key-value pairs.
-   *
-   * generators.toINI {} {
-   *   foo = { hi = "${pkgs.hello}"; ciao = "bar"; };
-   *   baz = { "also, integers" = 42; };
-   * }
-   *
-   *> [baz]
-   *> also, integers=42
-   *>
-   *> [foo]
-   *> ciao=bar
-   *> hi=/nix/store/y93qql1p5ggfnaqjjqhxcw0vqw95rlz0-hello-2.10
-   *
-   * The mk* configuration attributes can generically change
-   * the way sections and key-value strings are generated.
-   *
-   * For more examples see the test cases in ./tests.nix.
-   */
-  toINI = {
-    # apply transformations (e.g. escapes) to section names
-    mkSectionName ? (name: libStr.escape [ "[" "]" ] name),
-    # format a setting line from key and value
-    mkKeyValue    ? mkKeyValueDefault "="
-  }: attrsOfAttrs:
-    let
-        # map function to string for each key val
-        mapAttrsToStringsSep = sep: mapFn: attrs:
-          libStr.concatStringsSep sep
-            (libAttr.mapAttrsToList mapFn attrs);
-        mkSection = sectName: sectValues: ''
-          [${mkSectionName sectName}]
-        '' + toKeyValue { inherit mkKeyValue; } sectValues;
-    in
-      # map input to ini sections
-      mapAttrsToStringsSep "\n" mkSection attrsOfAttrs;
-
-
-  /* Generates JSON from an arbitrary (non-function) value.
-    * For more information see the documentation of the builtin.
-    */
-  toJSON = {}: builtins.toJSON;
-
-
-  /* YAML has been a strict superset of JSON since 1.2, so we
-    * use toJSON. Before it only had a few differences referring
-    * to implicit typing rules, so it should work with older
-    * parsers as well.
-    */
-  toYAML = {}@args: toJSON args;
-}
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -65,11 +65,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "Boost Software License 1.0";
  };

-  beerware = spdx {
-    spdxId = "Beerware";
-    fullName = ''Beerware License'';
-  };
-
  bsd2 = spdx {
    spdxId = "BSD-2-Clause";
    fullName = ''BSD 2-clause "Simplified" License'';
@@ -110,11 +105,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "Creative Commons Attribution Non Commercial Share Alike 4.0";
  };

-  cc-by-nd-30 = spdx {
-    spdxId = "CC-BY-ND-3.0";
-    fullName = "Creative Commons Attribution-No Derivative Works v3.00";
-  };
-
  cc-by-sa-25 = spdx {
    spdxId = "CC-BY-SA-2.5";
    fullName = "Creative Commons Attribution Share Alike 2.5";
@@ -191,11 +181,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    free = false;
  };

-  eupl11 = spdx {
-    spdxId = "EUPL-1.1";
-    fullname = "European Union Public License 1.1";
-  };
-
  fdl12 = spdx {
    spdxId = "GFDL-1.2";
    fullName = "GNU Free Documentation License v1.2";
@@ -379,11 +364,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "Mozilla Public License 2.0";
  };

-  mspl = spdx {
-    spdxId = "MS-PL";
-    fullName = "Microsoft Public License";
-  };
-
  msrla = {
    fullName  = "Microsoft Research License Agreement";
    url       = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
@@ -459,12 +439,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "Sleepycat License";
  };

-  smail = {
-    shortName = "smail";
-    fullName = "SMAIL General Public License";
-    url = http://metadata.ftp-master.debian.org/changelogs/main/d/debianutils/debianutils_4.8.1_copyright;
-  };
-
  tcltk = spdx {
    spdxId = "TCL";
    fullName = "TCL/TK License";
@@ -496,11 +470,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "The Unlicense";
  };

-  upl = {
-    fullName = "Universal Permissive License";
-    url = "https://oss.oracle.com/licenses/upl/";
-  };
-
  vim = spdx {
    spdxId = "Vim";
    fullName = "Vim License";
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -10,17 +10,14 @@
  aaronschif = "Aaron Schif <aaronschif@gmail.com>";
  abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
  abbradar = "Nikolay Amiantov <ab@fmap.me>";
-  abigailbuccaneer = "Abigail Bunyan <abigailbuccaneer@gmail.com>";
  aboseley = "Adam Boseley <adam.boseley@gmail.com>";
  abuibrahim = "Ruslan Babayev <ruslan@babayev.com>";
-  acowley = "Anthony Cowley <acowley@gmail.com>";
  adev = "Adrien Devresse <adev@adev.name>";
  Adjective-Object = "Maxwell Huang-Hobbs <mhuan13@gmail.com>";
  adnelson = "Allen Nelson <ithinkican@gmail.com>";
  adolfogc = "Adolfo E. García Castro <adolfo.garcia.cr@gmail.com>";
  aespinosa = "Allan Espinosa <allan.espinosa@outlook.com>";
  aflatter = "Alexander Flatter <flatter@fastmail.fm>";
-  afldcr   = "James Alexander Feldman-Crough <alex@fldcr.com>";
  aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
  afranchuk = "Alex Franchuk <alex.franchuk@gmail.com>";
  aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
@@ -28,37 +25,31 @@
  akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";
  akc = "Anders Claesson <akc@akc.is>";
  algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
-  alibabzo = "Alistair Bill <alistair.bill@gmail.com>";
  all = "Nix Committers <nix-commits@lists.science.uu.nl>";
  ambrop72 = "Ambroz Bizjak <ambrop7@gmail.com>";
  amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
-  amiloradovsky = "Andrew Miloradovsky <miloradovsky@gmail.com>";
  amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
  AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
  anderspapitto = "Anders Papitto <anderspapitto@gmail.com>";
  andres = "Andres Loeh <ksnixos@andres-loeh.de>";
  andrewrk = "Andrew Kelley <superjoe30@gmail.com>";
-  andsild = "Anders Sildnes <andsild@gmail.com>";
  aneeshusa = "Aneesh Agrawal <aneeshusa@gmail.com>";
  antono = "Antono Vasiljev <self@antono.info>";
-  apeyroux = "Alexandre Peyroux <alex@px.io>";
  ardumont = "Antoine R. Dumont <eniotna.t@gmail.com>";
  aristid = "Aristid Breitkreuz <aristidb@gmail.com>";
  arobyn = "Alexei Robyn <shados@shados.net>";
  artuuge = "Artur E. Ruuge <artuuge@gmail.com>";
  ashalkhakov = "Artyom Shalkhakov <artyom.shalkhakov@gmail.com>";
-  aske = "Kirill Boltaev <aske@fmap.me>";
  asppsa = "Alastair Pharo <asppsa@gmail.com>";
  astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
-  asymmetric = "Lorenzo Manacorda <lorenzo@mailbox.org>";
  aszlig = "aszlig <aszlig@redmoonstudios.org>";
  auntie = "Jonathan Glines <auntieNeo@gmail.com>";
  avnik = "Alexander V. Nikolaev <avn@avnik.info>";
  aycanirican = "Aycan iRiCAN <iricanaycan@gmail.com>";
-  bachp = "Pascal Bach <pascal.bach@nextrem.ch>";
  badi = "Badi' Abdul-Wahid <abdulwahidc@gmail.com>";
  balajisivaraman = "Balaji Sivaraman<sivaraman.balaji@gmail.com>";
  Baughn = "Svein Ove Aas <sveina@gmail.com>";
+  bbenoist = "Baptist BENOIST <return_0@live.com>";
  bcarrell = "Brandon Carrell <brandoncarrell@gmail.com>";
  bcdarwin = "Ben Darwin <bcdarwin@gmail.com>";
  bdimcheff = "Brandon Dimcheff <brandon@dimcheff.com>";
@@ -81,22 +72,18 @@
  c0dehero = "CodeHero <codehero@nerdpol.ch>";
  calrama = "Moritz Maxeiner <moritz@ucworks.org>";
  campadrenalin = "Philip Horger <campadrenalin@gmail.com>";
-  canndrew = "Andrew Cann <shum@canndrew.org>";
  carlsverre = "Carl Sverre <accounts@carlsverre.com>";
  cdepillabout = "Dennis Gosnell <cdep.illabout@gmail.com>";
  cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
  chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
  chattered = "Phil Scott <me@philscotted.com>";
-  changlinli = "Changlin Li <mail@changlinli.com>";
  choochootrain = "Hurshal Patel <hurshal@imap.cc>";
  chris-martin = "Chris Martin <ch.martin@gmail.com>";
  chrisjefferson = "Christopher Jefferson <chris@bubblescope.net>";
  christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
-  ckampka = "Christian Kampka <christian@kampka.net>";
  cko = "Christine Koppelt <christine.koppelt@gmail.com>";
  cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
  cmcdragonkai = "Roger Qiu <roger.qiu@matrix.ai>";
-  cmfwyp = "cmfwyp <cmfwyp@riseup.net>";
  coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
  codsl = "codsl <codsl@riseup.net>";
  codyopel = "Cody Opel <codyopel@gmail.com>";
@@ -105,43 +92,31 @@
  corngood = "David McFarland <corngood@gmail.com>";
  coroa = "Jonas Hörsch <jonas@chaoflow.net>";
  couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
-  cpages = "Carles Pagès <page@ruiec.cat>";
  cransom = "Casey Ransom <cransom@hubns.net>";
-  cryptix = "Henry Bubert <cryptix@riseup.net>";
  CrystalGamma = "Jona Stubbe <nixos@crystalgamma.de>";
  cstrahan = "Charles Strahan <charles@cstrahan.com>";
  cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
  DamienCassou = "Damien Cassou <damien@cassou.me>";
-  danbst = "Danylo Hlynskyi <abcz2.uprola@gmail.com>";
-  dancek = "Hannu Hartikainen <hannu.hartikainen@gmail.com>";
-  danielfullmer = "Daniel Fullmer <danielrf12@gmail.com>";
  dasuxullebt = "Christoph-Simon Senjak <christoph.senjak@googlemail.com>";
+  danbst = "Danylo Hlynskyi <abcz2.uprola@gmail.com>";
  davidak = "David Kleuker <post@davidak.de>";
  davidrusu = "David Rusu <davidrusu.me@gmail.com>";
-  davorb = "Davor Babic <davor@davor.se>";
  dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
  dbrock = "Daniel Brockman <daniel@brockman.se>";
  deepfire = "Kosyrev Serge <_deepfire@feelingofgreen.ru>";
  demin-dmitriy = "Dmitriy Demin <demindf@gmail.com>";
  DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
-  DerTim1 = "Tim Digel <tim.digel@active-group.de>";
  desiderius = "Didier J. Devroye <didier@devroye.name>";
  devhell = "devhell <\"^\"@regexmail.net>";
  dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
  dfoxfranke = "Daniel Fox Franke <dfoxfranke@gmail.com>";
  dgonyeo = "Derek Gonyeo <derek@gonyeo.com>";
-  dipinhora = "Dipin Hora <dipinhora+github@gmail.com>";
  dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
  dochang = "Desmond O. Chang <dochang@gmail.com>";
-  domenkozar = "Domen Kozar <domen@dev.si>";
  doublec = "Chris Double <chris.double@double.co.nz>";
-  dpaetzel = "David Pätzel <david.a.paetzel@gmail.com>";
  drets = "Dmytro Rets <dmitryrets@gmail.com>";
  drewkett = "Andrew Burkett <burkett.andrew@gmail.com>";
-  dtzWill = "Will Dietz <nix@wdtz.org>";
-  e-user = "Alexander Kahl <nixos@sodosopa.io>";
  ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
-  edanaher = "Evan Danaher <nixos@edanaher.net>";
  ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
  eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
  edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
@@ -150,7 +125,6 @@
  ehmry = "Emery Hemingway <emery@vfemail.net>";
  eikek = "Eike Kettner <eike.kettner@posteo.de>";
  elasticdog = "Aaron Bull Schaefer <aaron@elasticdog.com>";
-  eleanor = "Dejan Lukan <dejan@proteansec.com>";
  elitak = "Eric Litak <elitak@gmail.com>";
  ellis = "Ellis Whitehead <nixos@ellisw.net>";
  epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
@@ -158,7 +132,6 @@
  ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
  erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
  ertes = "Ertugrul Söylemez <esz@posteo.de>";
-  ethercrow = "Dmitry Ivanov <ethercrow@gmail.com>";
  exi = "Reno Reckling <nixos@reckling.org>";
  exlevan = "Alexey Levan <exlevan@gmail.com>";
  expipiplus1 = "Joe Hermaszewski <nix@monoid.al>";
@@ -187,96 +160,75 @@
  giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
  gleber = "Gleb Peregud <gleber.p@gmail.com>";
  globin = "Robin Gloster <mail@glob.in>";
-  gnidorah = "Alex Ivanov <yourbestfriend@opmbx.org>";
  goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
  Gonzih = "Max Gonzih <gonzih@gmail.com>";
-  goodrone = "Andrew Trachenko <goodrone@gmail.com>";
  gpyh = "Yacine Hmito <yacine.hmito@gmail.com>";
  grahamc = "Graham Christensen <graham@grahamc.com>";
  gridaphobe = "Eric Seidel <eric@seidel.io>";
  guibert = "David Guibert <david.guibert@gmail.com>";
-  guillaumekoenig = "Guillaume Koenig <guillaume.edward.koenig@gmail.com>";
-  guyonvarch = "Joris Guyonvarch <joris@guyonvarch.me>";
-  hakuch = "Jesse Haber-Kucharsky <hakuch@gmail.com>";
  havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
  hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
  hce = "Hans-Christian Esperer <hc@hcesperer.org>";
  henrytill = "Henry Till <henrytill@gmail.com>";
+  hiberno = "Christian Lask <hiberno@hiberno.net>";
  hinton = "Tom Hinton <t@larkery.com>";
  hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
  iand675 = "Ian Duncan <ian@iankduncan.com>";
  ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
+  domenkozar = "Domen Kozar <domen@dev.si>";
  igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
  ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
-  ivan-tkatchev = "Ivan Tkatchev <tkatchev@gmail.com>";
  j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
  jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
  javaguirre = "Javier Aguirre <contacto@javaguirre.net>";
  jb55 = "William Casarin <bill@casarin.me>";
-  jbedo = "Justin Bedő <cu@cua0.org>";
  jcumming = "Jack Cummings <jack@mudshark.org>";
-  jdagilliland = "Jason Gilliland <jdagilliland@gmail.com>";
  jefdaj = "Jeffrey David Johnson <jefdaj@gmail.com>";
-  jerith666 = "Matt McHenry <github@matt.mchenryfamily.org>";
  jfb = "James Felix Black <james@yamtime.com>";
  jgeerds = "Jascha Geerds <jascha@jgeerds.name>";
-  jgertm = "Tim Jaeger <jger.tm@gmail.com>";
  jgillich = "Jakob Gillich <jakob@gillich.me>";
  jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
  joachifm = "Joachim Fasting <joachifm@fastmail.fm>";
  joamaki = "Jussi Maki <joamaki@gmail.com>";
  joelmo = "Joel Moberg <joel.moberg@gmail.com>";
  joelteon = "Joel Taylor <me@joelt.io>";
-  johbo = "Johannes Bornhold <johannes@bornhold.name>";
  joko = "Ioannis Koutras <ioannis.koutras@gmail.com>";
-  jonafato = "Jon Banafato <jon@jonafato.com>";
  jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
-  jpierre03 = "Jean-Pierre PRUNARET <nix@prunetwork.fr>";
  jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
  juliendehos = "Julien Dehos <dehos@lisic.univ-littoral.fr>";
  jwiegley = "John Wiegley <johnw@newartisans.com>";
  jwilberding = "Jordan Wilberding <jwilberding@afiniate.com>";
  jzellner = "Jeff Zellner <jeffz@eml.cc>";
-  kaiha = "Kai Harries <kai.harries@gmail.com>";
  kamilchm = "Kamil Chmielewski <kamil.chm@gmail.com>";
  kampfschlaefer = "Arnold Krille <arnold@arnoldarts.de>";
  kevincox = "Kevin Cox <kevincox@kevincox.ca>";
  khumba = "Bryan Gardiner <bog@khumba.net>";
-  KibaFox = "Kiba Fox <kiba.fox@foxypossibilities.com>";
-  kierdavis = "Kier Davis <kierdavis@gmail.com>";
  kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
-  knedlsepp = "Josef Kemetmüller <josef.kemetmueller@gmail.com>";
  koral = "Koral <koral@mailoo.org>";
  kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
  kragniz = "Louis Taylor <louis@kragniz.eu>";
-  kristoff3r = "Kristoffer Søholm <k.soeholm@gmail.com>";
  ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
  lassulus = "Lassulus <lassulus@gmail.com>";
  layus = "Guillaume Maudoux <layus.on@gmail.com>";
  ldesgoui = "Lucas Desgouilles <ldesgoui@gmail.com>";
-  league = "Christopher League <league@contrapunctus.net>";
  lebastr = "Alexander Lebedev <lebastr@gmail.com>";
-  leemachin = "Lee Machin <me@mrl.ee>";
  leenaars = "Michiel Leenaars <ml.software@leenaa.rs>";
  leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
  lethalman = "Luca Bruno <lucabru@src.gnome.org>";
  lewo = "Antoine Eiche <lewo@abesis.fr>";
-  lheckemann = "Linus Heckemann <git@sphalerite.org>";
  lhvwb = "Nathaniel Baxter <nathaniel.baxter@gmail.com>";
  lihop = "Leroy Hopson <nixos@leroy.geek.nz>";
  linquize = "Linquize <linquize@yahoo.com.hk>";
  linus = "Linus Arver <linusarver@gmail.com>";
  lnl7 = "Daiderd Jordan <daiderd@gmail.com>";
-  loskutov = "Ignat Loskutov <ignat.loskutov@gmail.com>";
  lovek323 = "Jason O'Conal <jason@oconal.id.au>";
  lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
  lsix = "Lancelot SIX <lsix@lancelotsix.com>";
-  lucas8 = "Luc Chabassier <luc.linux@mailoo.org>";
  ludo = "Ludovic Courtès <ludo@gnu.org>";
  luispedro = "Luis Pedro Coelho <luis@luispedro.org>";
+  lukasepple = "Lukas Epple <post@lukasepple.de>";
  lukego = "Luke Gorrie <luke@snabb.co>";
  lw = "Sergey Sofeychuk <lw@fmap.me>";
-  ma27 = "Maximilian Bosch <maximilian@mbosch.me>";
  madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
  magnetophon = "Bart Brouns <bart@magnetophon.nl>";
  mahe = "Matthias Herrmann <matthias.mh.herrmann@gmail.com>";
@@ -290,34 +242,25 @@
  martingms = "Martin Gammelsæter <martin@mg.am>";
  matejc = "Matej Cotman <cotman.matej@gmail.com>";
  mathnerd314 = "Mathnerd314 <mathnerd314.gph+hs@gmail.com>";
-  matthewbauer = "Matthew Bauer <mjbauer95@gmail.com>";
  matthiasbeyer = "Matthias Beyer <mail@beyermatthias.de>";
  maurer = "Matthew Maurer <matthew.r.maurer+nix@gmail.com>";
  mbakke = "Marius Bakke <mbakke@fastmail.com>";
-  mbbx6spp = "Susan Potter <me@susanpotter.net>";
+  matthewbauer = "Matthew Bauer <mjbauer95@gmail.com>";
  mbe = "Brandon Edens <brandonedens@gmail.com>";
  mboes = "Mathieu Boespflug <mboes@tweag.net>";
-  mbrgm = "Marius Bergmann <marius@yeai.de>";
  mcmtroffaes = "Matthias C. M. Troffaes <matthias.troffaes@gmail.com>";
-  mdaiter = "Matthew S. Daiter <mdaiter8121@gmail.com>";
  meditans = "Carlo Nucera <meditans@gmail.com>";
  meisternu = "Matt Miemiec <meister@krutt.org>";
-  metabar = "Celine Mercier <softs@metabarcoding.org>";
-  mguentner = "Maximilian Güntner <code@klandest.in>";
-  mic92 = "Jörg Thalheim <joerg@thalheim.io>";
+  mic92 = "Jörg Thalheim <joerg@higgsboson.tk>";
  michaelpj = "Michael Peyton Jones <michaelpj@gmail.com>";
  michalrus = "Michal Rus <m@michalrus.com>";
  michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
-  mikefaille = "Michaël Faille <michael@faille.io>";
  mimadrid = "Miguel Madrid <mimadrid@ucm.es>";
  mingchuan = "Ming Chuan <ming@culpring.com>";
  mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
  mirrexagon = "Andrew Abbott <mirrexagon@mirrexagon.com>";
-  mjanczyk = "Marcin Janczyk <m@dragonvr.pl>";
-  mlieberman85 = "Michael Lieberman <mlieberman85@gmail.com>";
  modulistic = "Pablo Costa <modulistic@gmail.com>";
  mog = "Matthew O'Gorman <mog-lists@rldn.net>";
-  montag451 = "montag451 <montag451@laposte.net>";
  moosingin3space = "Nathan Moos <moosingin3space@gmail.com>";
  moretea = "Maarten Hoogendoorn <maarten@moretea.nl>";
  mornfall = "Petr Ročkai <me@mornfall.net>";
@@ -325,7 +268,6 @@
  mounium = "Katona László <muoniurn@gmail.com>";
  MP2E = "Cray Elliott <MP2E@archlinux.us>";
  mpscholten = "Marc Scholten <marc@mpscholten.de>";
-  mpsyco = "Francis St-Amour <fr.st-amour@gmail.com>";
  msackman = "Matthew Sackman <matthew@wellquite.org>";
  mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
  msteen = "Matthijs Steen <emailmatthijs@gmail.com>";
@@ -333,46 +275,34 @@
  mudri = "James Wood <lamudri@gmail.com>";
  muflax = "Stefan Dorn <mail@muflax.com>";
  myrl = "Myrl Hex <myrl.0xf@gmail.com>";
-  namore = "Roman Naumann <namor@hemio.de>";
  nand0p = "Fernando Jose Pando <nando@hex7.com>";
-  Nate-Devv = "Nathan Moore <natedevv@gmail.com>";
  nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
+  Nate-Devv = "Nathan Moore <natedevv@gmail.com>";
  nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
  ndowens = "Nathan Owens <ndowens04@gmail.com>";
  nequissimus = "Tim Steinbach <tim@nequissimus.com>";
  nfjinjing = "Jinjing Wang <nfjinjing@gmail.com>";
-  nhooyr = "Anmol Sethi <anmol@aubble.com>";
-  nickhu = "Nick Hu <me@nickhu.co.uk>";
-  nicknovitski = "Nick Novitski <nixpkgs@nicknovitski.com>";
  nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
-  NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
-  nixy = "Andrew R. M. <andrewmiller237@gmail.com>";
-  nocoolnametom = "Tom Doggett <nocoolnametom@gmail.com>";
  notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
+  NikolaMandic = "Ratko Mladic <nikola@mandic.email>";
  np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
  nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
-  xnwdd = "Guillermo NWDD <nwdd+nixos@no.team>";
  obadz = "obadz <obadz-nixos@obadz.com>";
  ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
  odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
  offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
-  oida = "oida <oida@posteo.de>";
-  okasu = "Okasu <oka.sux@gmail.com>";
  olcai = "Erik Timan <dev@timan.info>";
  olejorgenb = "Ole Jørgen Brønner <olejorgenb@yahoo.no>";
-  orbekk = "KJ Ørbekk <kjetil.orbekk@gmail.com>";
  orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
-  orivej = "Orivej Desh <orivej@gmx.fr>";
  osener = "Ozan Sener <ozan@ozansener.com>";
  otwieracz = "Slawomir Gonet <slawek@otwiera.cz>";
  oxij = "Jan Malakhovski <oxij@oxij.org>";
+  page = "Carles Pagès <page@cubata.homelinux.net>";
  paholg = "Paho Lurie-Gregg <paho@paholg.com>";
  pakhfn = "Fedor Pakhomov <pakhfn@gmail.com>";
  palo = "Ingolf Wanger <palipalo9@googlemail.com>";
-  paperdigits = "Mica Semrick <mica@silentumbrella.com>";
  pashev = "Igor Pashev <pashev.igor@gmail.com>";
  pawelpacana = "Paweł Pacana <pawel.pacana@gmail.com>";
-  periklis = "theopompos@gmail.com";
  pesterhazy = "Paulus Esterhazy <pesterhazy@gmail.com>";
  peterhoeg = "Peter Hoeg <peter@hoeg.com>";
  peti = "Peter Simons <simons@cryp.to>";
@@ -389,15 +319,11 @@
  plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
  pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
  pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
-  polyrod = "Maurizio Di Pietro <dc1mdp@gmail.com>";
-  pradeepchhetri = "Pradeep Chhetri <pradeep.chhetri89@gmail.com>";
  prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
-  primeos = "Michael Weiss <dev.primeos@gmail.com>";
  profpatsch = "Profpatsch <mail@profpatsch.de>";
  proglodyte = "Proglodyte <proglodyte23@gmail.com>";
  pshendry = "Paul Hendry <paul@pshendry.com>";
  psibi = "Sibi <sibi@psibi.in>";
-  pstn = "Philipp Steinpaß <philipp@xndr.de>";
  pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
  puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
  pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
@@ -408,17 +334,14 @@
  rardiol = "Ricardo Ardissone <ricardo.ardissone@gmail.com>";
  rasendubi = "Alexey Shmalko <rasen.dubi@gmail.com>";
  raskin = "Michael Raskin <7c6f434c@mail.ru>";
-  rbasso = "Rafael Basso <rbasso@sharpgeeks.net>";
  redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
  redvers = "Redvers Davies <red@infect.me>";
  refnil = "Martin Lavoie <broemartino@gmail.com>";
-  regnat = "Théophane Hufschmitt <regnat@regnat.ovh>";
  relrod = "Ricky Elrod <ricky@elrod.me>";
  renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
  retrry = "Tadas Barzdžius <retrry@gmail.com>";
  rick68 = "Wei-Ming Yang <rick68@gmail.com>";
  rickynils = "Rickard Nilsson <rickynils@gmail.com>";
-  rlupton20 = "Richard Lupton <richard.lupton@gmail.com>";
  rnhmjoj = "Michele Guerini Rocco <micheleguerinirocco@me.com>";
  rob = "Rob Vermaas <rob.vermaas@gmail.com>";
  robberer = "Longrin Wischnewski <robberer@freakmail.de>";
@@ -430,20 +353,18 @@
  rongcuid = "Rongcui Dong <rongcuid@outlook.com>";
  ronny = "Ronny Pfannschmidt <nixos@ronnypfannschmidt.de>";
  rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
-  rtreffer = "Rene Treffer <treffer+nixos@measite.de>";
  rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
  rvl = "Rodney Lorrimar <dev+nix@rodney.id.au>";
  rvlander = "Gaëtan André <rvlander@gaetanandre.eu>";
  ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
-  ryansydnor = "Ryan Sydnor <ryan.t.sydnor@gmail.com>";
  ryantm = "Ryan Mulligan <ryan@ryantm.com>";
+  ryansydnor = "Ryan Sydnor <ryan.t.sydnor@gmail.com>";
  rycee = "Robert Helgesson <robert@rycee.net>";
  ryneeverett = "Ryne Everett <ryneeverett@gmail.com>";
  s1lvester = "Markus Silvester <s1lvester@bockhacker.me>";
  samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
  sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
  schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
-  schneefux = "schneefux <schneefux+nixos_pkg@schneefux.xyz>";
  schristo = "Scott Christopher <schristopher@konputa.com>";
  scolobb = "Sergiu Ivanov <sivanov@colimite.fr>";
  sepi = "Raffael Mancini <raffael@mancini.lu>";
@@ -460,18 +381,15 @@
  skeidel = "Sven Keidel <svenkeidel@gmail.com>";
  skrzyp = "Jakub Skrzypnik <jot.skrzyp@gmail.com>";
  sleexyz = "Sean Lee <freshdried@gmail.com>";
-  smironov = "Sergey Mironov <grrwlf@gmail.com>";
+  smironov = "Sergey Mironov <ierton@gmail.com>";
  solson = "Scott Olson <scott@solson.me>";
  spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
  spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
  spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";
  sprock = "Roger Mason <rmason@mun.ca>";
  spwhitt = "Spencer Whitt <sw@swhitt.me>";
-  srhb = "Sarah Brofeldt <sbrofeldt@gmail.com>";
  SShrike = "Severen Redwood <severen@shrike.me>";
  stephenmw = "Stephen Weinberg <stephen@q5comm.com>";
-  sternenseemann = "Lukas Epple <post@lukasepple.de>";
-  stesie = "Stefan Siegl <stesie@brokenpipe.de>";
  steveej = "Stefan Junker <mail@stefanjunker.de>";
  swarren83 = "Shawn Warren <shawn.w.warren@gmail.com>";
  swistak35 = "Rafał Łasocha <me@swistak35.com>";
@@ -479,7 +397,6 @@
  sztupi = "Attila Sztupak <attila.sztupak@gmail.com>";
  taeer = "Taeer Bar-Yam <taeer@necsi.edu>";
  tailhook = "Paul Colomiets <paul@colomiets.name>";
-  takikawa = "Asumu Takikawa <asumu@igalia.com>";
  taktoa = "Remy Goldschmidt <taktoa@gmail.com>";
  tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
  teh = "Tom Hunger <tehunger@gmail.com>";
@@ -497,29 +414,21 @@
  travisbhartwell = "Travis B. Hartwell <nafai@travishartwell.net>";
  trino = "Hubert Mühlhans <muehlhans.hubert@ekodia.de>";
  tstrobel = "Thomas Strobel <4ZKTUB6TEP74PYJOPWIR013S2AV29YUBW5F9ZH2F4D5UMJUJ6S@hash.domains>";
-  ttuegel = "Thomas Tuegel <ttuegel@mailbox.org>";
+  ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
  tv = "Tomislav Viljetić <tv@shackspace.de>";
  tvestelind = "Tomas Vestelind <tomas.vestelind@fripost.org>";
-  tvorog = "Marsel Zaripov <marszaripov@gmail.com>";
  twey = "James ‘Twey’ Kay <twey@twey.co.uk>";
  uralbash = "Svintsov Dmitry <root@uralbash.ru>";
-  #urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>"; inactive since 2012
-  uwap = "uwap <me@uwap.name>";
+  urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
  vandenoever = "Jos van den Oever <jos@vandenoever.info>";
  vanzef = "Ivan Solyankin <vanzef@gmail.com>";
  vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
  vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
  vcunat = "Vladimír Čunát <vcunat@gmail.com>";
-  vdemeester = "Vincent Demeester <vincent@sbr.pm>";
-  veprbl = "Dmitry Kalinkin <veprbl@gmail.com>";
-  vifino = "Adrian Pistol <vifino@tty.sh>";
  viric = "Lluís Batlle i Rossell <viric@viric.name>";
  vizanto = "Danny Wilson <danny@prime.vc>";
-  vklquevs = "vklquevs <vklquevs@gmail.com>";
  vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
  vmandela = "Venkateswara Rao Mandela <venkat.mandela@gmail.com>";
-  volhovm = "Mikhail Volkhov <volhovm.cs@gmail.com>";
-  volth = "Jaroslavas Pocepko <jaroslavas@volth.com>";
  vozz = "Oliver Hunt <oliver.huntuk@gmail.com>";
  vrthra = "Rahul Gopinath <rahul@gopinath.org>";
  wedens = "wedens <kirill.wedens@gmail.com>";
@@ -532,18 +441,14 @@
  womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
  wscott = "Wayne Scott <wsc9tt@gmail.com>";
  wyvie = "Elijah Rum <elijahrum@gmail.com>";
-  xvapx = "Marti Serra <marti.serra.coscollano@gmail.com>";
-  xwvvvvwx = "David Terry <davidterry@posteo.de>";
  yarr = "Dmitry V. <savraz@gmail.com>";
-  yochai = "Yochai <yochai@titat.info>";
-  yorickvp = "Yorick van Pelt <yorickvanpelt@gmail.com>";
+  yorickvP = "Yorick van Pelt <yorickvanpelt@gmail.com>";
  yurrriq = "Eric Bailey <eric@ericb.me>";
  z77z = "Marco Maggesi <maggesi@math.unifi.it>";
  zagy = "Christian Zagrodnick <cz@flyingcircus.io>";
-  zauberpony = "Elmar Athmer <elmar@athmer.org>";
  zef = "Zef Hemel <zef@zef.me>";
  zimbatm = "zimbatm <zimbatm@zimbatm.com>";
  zohl = "Al Zohali <zohl@fmap.me>";
  zoomulator = "Kim Simmons <zoomulator@gmail.com>";
-  zraexy = "David Mell <zraexy@gmail.com>";
+  amiloradovsky = "Andrew Miloradovsky <miloradovsky@gmail.com>";
 }
--- a/lib/modules.nix
+++ b/lib/modules.nix
@@ -1,5 +1,4 @@
 with import ./lists.nix;
-with import ./strings.nix;
 with import ./trivial.nix;
 with import ./attrsets.nix;
 with import ./options.nix;
@@ -231,20 +230,12 @@ rec {
     correspond to the definition of 'loc' in 'opt.file'. */
  mergeOptionDecls = loc: opts:
    foldl' (res: opt:
-      let t  = res.type;
-          t' = opt.options.type;
-          mergedType = t.typeMerge t'.functor;
-          typesMergeable = mergedType != null;
-          typeSet = if (bothHave "type") && typesMergeable
-                       then { type = mergedType; }
-                       else {};
-          bothHave = k: opt.options ? ${k} && res ? ${k};
-      in
-      if bothHave "default" ||
-         bothHave "example" ||
-         bothHave "description" ||
-         bothHave "apply" ||
-         (bothHave "type" && (! typesMergeable))
+      if opt.options ? default && res ? default ||
+         opt.options ? example && res ? example ||
+         opt.options ? description && res ? description ||
+         opt.options ? apply && res ? apply ||
+         # Accept to merge options which have identical types.
+         opt.options ? type && res ? type && opt.options.type.name != res.type.name
      then
        throw "The option `${showOption loc}' in `${opt.file}' is already declared in ${showFiles res.declarations}."
      else
@@ -266,7 +257,7 @@ rec {
        in opt.options // res //
          { declarations = res.declarations ++ [opt.file];
            options = submodules;
-          } // typeSet
+          }
    ) { inherit loc; declarations = []; options = []; } opts;

  /* Merge all the definitions of an option to produce the final
@@ -326,7 +317,7 @@ rec {
    # Type-check the remaining definitions, and merge them.
    mergedValue = foldl' (res: def:
      if type.check def.value then res
-      else throw "The option value `${showOption loc}' in `${def.file}' is not a ${type.description}.")
+      else throw "The option value `${showOption loc}' in `${def.file}' is not a ${type.name}.")
      (type.merge loc defsFinal) defsFinal;

    isDefined = defsFinal != [];
@@ -375,13 +366,10 @@ rec {
    if def._type or "" == "merge" then
      concatMap dischargeProperties def.contents
    else if def._type or "" == "if" then
-      if isBool def.condition then
-        if def.condition then
-          dischargeProperties def.content
-        else
-          [ ]
+      if def.condition then
+        dischargeProperties def.content
      else
-        throw "‘mkIf’ called with a non-Boolean condition"
+        [ ]
    else
      [ def ];

@@ -433,14 +421,12 @@ rec {
      options = opt.options or
        (throw "Option `${showOption loc'}' has type optionSet but has no option attribute, in ${showFiles opt.declarations}.");
      f = tp:
-        let optionSetIn = type: (tp.name == type) && (tp.functor.wrapped.name == "optionSet");
-        in
        if tp.name == "option set" || tp.name == "submodule" then
          throw "The option ${showOption loc} uses submodules without a wrapping type, in ${showFiles opt.declarations}."
-        else if optionSetIn "attrsOf" then types.attrsOf (types.submodule options)
-        else if optionSetIn "loaOf"   then types.loaOf   (types.submodule options)
-        else if optionSetIn "listOf"  then types.listOf  (types.submodule options)
-        else if optionSetIn "nullOr"  then types.nullOr  (types.submodule options)
+        else if tp.name == "attribute set of option sets" then types.attrsOf (types.submodule options)
+        else if tp.name == "list or attribute set of option sets" then types.loaOf (types.submodule options)
+        else if tp.name == "list of option sets" then types.listOf (types.submodule options)
+        else if tp.name == "null or option set" then types.nullOr (types.submodule options)
        else tp;
    in
      if opt.type.getSubModules or null == null
@@ -559,84 +545,6 @@ rec {
    use = builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'.";
  };

-  /* Return a module that causes a warning to be shown if any of the "from"
-     option is defined; the defined values can be used in the "mergeFn" to set
-     the "to" value.
-     This function can be used to merge multiple options into one that has a
-     different type.
-
-     "mergeFn" takes the module "config" as a parameter and must return a value
-     of "to" option type.
-
-       mkMergedOptionModule
-         [ [ "a" "b" "c" ]
-           [ "d" "e" "f" ] ]
-         [ "x" "y" "z" ]
-         (config:
-           let value = p: getAttrFromPath p config;
-           in
-           if      (value [ "a" "b" "c" ]) == true then "foo"
-           else if (value [ "d" "e" "f" ]) == true then "bar"
-           else "baz")
-
-     - options.a.b.c is a removed boolean option
-     - options.d.e.f is a removed boolean option
-     - options.x.y.z is a new str option that combines a.b.c and d.e.f
-       functionality
-
-     This show a warning if any a.b.c or d.e.f is set, and set the value of
-     x.y.z to the result of the merge function 
-  */
-  mkMergedOptionModule = from: to: mergeFn:
-    { config, options, ... }:
-    {
-      options = foldl recursiveUpdate {} (map (path: setAttrByPath path (mkOption {
-        visible = false;
-        # To use the value in mergeFn without triggering errors
-        default = "_mkMergedOptionModule";
-      })) from);
-
-      config = {
-        warnings = filter (x: x != "") (map (f:
-          let val = getAttrFromPath f config;
-              opt = getAttrFromPath f options;
-          in
-          optionalString 
-            (val != "_mkMergedOptionModule")
-            "The option `${showOption f}' defined in ${showFiles opt.files} has been changed to `${showOption to}' that has a different type. Please read `${showOption to}' documentation and update your configuration accordingly."
-        ) from);
-      } // setAttrByPath to (mkMerge
-             (optional 
-               (any (f: (getAttrFromPath f config) != "_mkMergedOptionModule") from)
-               (mergeFn config)));
-    };
-
-  /* Single "from" version of mkMergedOptionModule.
-     Return a module that causes a warning to be shown if the "from" option is
-     defined; the defined value can be used in the "mergeFn" to set the "to"
-     value.
-     This function can be used to change an option into another that has a
-     different type.
-
-     "mergeFn" takes the module "config" as a parameter and must return a value of
-     "to" option type.
-
-       mkChangedOptionModule [ "a" "b" "c" ] [ "x" "y" "z" ]
-         (config:
-           let value = getAttrFromPath [ "a" "b" "c" ] config;
-           in
-           if   value > 100 then "high"
-           else "normal")
-
-     - options.a.b.c is a removed int option
-     - options.x.y.z is a new str option that supersedes a.b.c
-
-     This show a warning if a.b.c is set, and set the value of x.y.z to the
-     result of the change function
-  */
-  mkChangedOptionModule = from: to: changeFn:
-    mkMergedOptionModule [ from ] to changeFn;
-
  /* Like ‘mkRenamedOptionModule’, but doesn't show a warning. */
  mkAliasOptionModule = from: to: doRename {
    inherit from to;
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -92,7 +92,7 @@ rec {
          internal = opt.internal or false;
          visible = opt.visible or true;
          readOnly = opt.readOnly or false;
-          type = opt.type.description or null;
+          type = opt.type.name or null;
        }
        // (if opt ? example then { example = scrubOptionValue opt.example; } else {})
        // (if opt ? default then { default = scrubOptionValue opt.default; } else {})
--- a/lib/platforms.nix
+++ b/lib/platforms.nix
@@ -15,10 +15,10 @@ rec {
  freebsd = ["i686-freebsd" "x86_64-freebsd"];
  gnu = linux; /* ++ hurd ++ kfreebsd ++ ... */
  illumos = ["x86_64-solaris"];
-  linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux" "mips64el-linux"];
+  linux = ["i686-linux" "x86_64-linux" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "mips64el-linux"];
  netbsd = ["i686-netbsd" "x86_64-netbsd"];
  openbsd = ["i686-openbsd" "x86_64-openbsd"];
  unix = linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos;

-  mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux" "aarch64-linux"];
+  mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux" "armv7l-linux"];
 }
--- a/lib/sources.nix
+++ b/lib/sources.nix
@@ -12,26 +12,20 @@ rec {

  # Bring in a path as a source, filtering out all Subversion and CVS
  # directories, as well as backup files (*~).
-  cleanSourceFilter = name: type: let baseName = baseNameOf (toString name); in ! (
-    # Filter out Subversion and CVS directories.
-    (type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
-    # Filter out backup files.
-    lib.hasSuffix "~" baseName ||
-    # Filter out generates files.
-    lib.hasSuffix ".o" baseName ||
-    lib.hasSuffix ".so" baseName ||
-    # Filter out nix-build result symlinks
-    (type == "symlink" && lib.hasPrefix "result" baseName)
-  );
+  cleanSource =
+    let filter = name: type: let baseName = baseNameOf (toString name); in ! (
+      # Filter out Subversion and CVS directories.
+      (type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
+      # Filter out backup files.
+      lib.hasSuffix "~" baseName ||
+      # Filter out generates files.
+      lib.hasSuffix ".o" baseName ||
+      lib.hasSuffix ".so" baseName ||
+      # Filter out nix-build result symlinks
+      (type == "symlink" && lib.hasPrefix "result" baseName)
+    );
+    in src: builtins.filterSource filter src;

-  cleanSource = builtins.filterSource cleanSourceFilter;
-
-  # Filter sources by a list of regular expressions.
-  #
-  # E.g. `src = sourceByRegex ./my-subproject [".*\.py$" "^database.sql$"]`
-  sourceByRegex = src: regexes: builtins.filterSource (path: type:
-    let relPath = lib.removePrefix (toString src + "/") (toString path);
-    in lib.any (re: builtins.match re relPath != null) regexes) src;

  # Get all files ending with the specified suffices from the given
  # directory or its descendants.  E.g. `sourceFilesBySuffices ./dir
--- a/lib/tests.nix
+++ b/lib/tests.nix
@@ -130,94 +130,4 @@ runTests {
    expected = false;
  };

-
-  /* Generator tests */
-  # these tests assume attributes are converted to lists
-  # in alphabetical order
-
-  testMkKeyValueDefault = {
-    expr = generators.mkKeyValueDefault ":" "f:oo" "bar";
-    expected = ''f\:oo:bar'';
-  };
-
-  testToKeyValue = {
-    expr = generators.toKeyValue {} {
-      key = "value";
-      "other=key" = "baz";
-    };
-    expected = ''
-      key=value
-      other\=key=baz
-    '';
-  };
-
-  testToINIEmpty = {
-    expr = generators.toINI {} {};
-    expected = "";
-  };
-
-  testToINIEmptySection = {
-    expr = generators.toINI {} { foo = {}; bar = {}; };
-    expected = ''
-      [bar]
-
-      [foo]
-    '';
-  };
-
-  testToINIDefaultEscapes = {
-    expr = generators.toINI {} {
-      "no [ and ] allowed unescaped" = {
-        "and also no = in keys" = 42;
-      };
-    };
-    expected = ''
-      [no \[ and \] allowed unescaped]
-      and also no \= in keys=42
-    '';
-  };
-
-  testToINIDefaultFull = {
-    expr = generators.toINI {} {
-      "section 1" = {
-        attribute1 = 5;
-        x = "Me-se JarJar Binx";
-      };
-      "foo[]" = {
-        "he\\h=he" = "this is okay";
-      };
-    };
-    expected = ''
-      [foo\[\]]
-      he\h\=he=this is okay
-
-      [section 1]
-      attribute1=5
-      x=Me-se JarJar Binx
-    '';
-  };
-
-  /* right now only invocation check */
-  testToJSONSimple =
-    let val = {
-      foobar = [ "baz" 1 2 3 ];
-    };
-    in {
-      expr = generators.toJSON {} val;
-      # trival implementation
-      expected = builtins.toJSON val;
-  };
-
-  /* right now only invocation check */
-  testToYAMLSimple =
-    let val = {
-      list = [ { one = 1; } { two = 2; } ];
-      all = 42;
-    };
-    in {
-      expr = generators.toYAML {} val;
-      # trival implementation
-      expected = builtins.toJSON val;
-  };
-
 }
--- a/lib/tests/modules.sh
+++ b/lib/tests/modules.sh
@@ -115,11 +115,6 @@ set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-loaOfSub-
 checkConfigError 'The option .* defined in .* does not exist.' "$@"
 checkConfigOutput "true" "$@" ./define-module-check.nix

-# Check coerced value.
-checkConfigOutput "\"42\"" config.value ./declare-coerced-value.nix
-checkConfigOutput "\"24\"" config.value ./declare-coerced-value.nix ./define-value-string.nix
-checkConfigError 'The option value .* in .* is not a string or integer.' config.value ./declare-coerced-value.nix ./define-value-list.nix
-
 cat <<EOF
 ====== module tests ======
 $pass Pass
--- a/lib/tests/modules/declare-coerced-value.nix
+++ b/lib/tests/modules/declare-coerced-value.nix
@@ -1,10 +0,0 @@
-{ lib, ... }:
-
-{
-  options = {
-    value = lib.mkOption {
-      default = 42;
-      type = lib.types.coercedTo lib.types.int builtins.toString lib.types.str;
-    };
-  };
-}
--- a/lib/tests/modules/define-value-list.nix
+++ b/lib/tests/modules/define-value-list.nix
@@ -1,3 +0,0 @@
-{
-  value = [];
-}
--- a/lib/tests/modules/define-value-string.nix
+++ b/lib/tests/modules/define-value-string.nix
@@ -1,3 +0,0 @@
-{
-  value = "24";
-}
--- a/lib/trivial.nix
+++ b/lib/trivial.nix
@@ -53,31 +53,6 @@ rec {
  # argument, but it's nice this way if several uses of `extends` are cascaded.
  extends = f: rattrs: self: let super = rattrs self; in super // f self super;

-  # Create an overridable, recursive attribute set. For example:
-  #
-  #     nix-repl> obj = makeExtensible (self: { })
-  #
-  #     nix-repl> obj
-  #     { __unfix__ = «lambda»; extend = «lambda»; }
-  #
-  #     nix-repl> obj = obj.extend (self: super: { foo = "foo"; })
-  #
-  #     nix-repl> obj
-  #     { __unfix__ = «lambda»; extend = «lambda»; foo = "foo"; }
-  #
-  #     nix-repl> obj = obj.extend (self: super: { foo = super.foo + " + "; bar = "bar"; foobar = self.foo + self.bar; })
-  #
-  #     nix-repl> obj
-  #     { __unfix__ = «lambda»; bar = "bar"; extend = «lambda»; foo = "foo + "; foobar = "foo + bar"; }
-  makeExtensible = makeExtensibleWithCustomName "extend";
-
-  # Same as `makeExtensible` but the name of the extending attribute is
-  # customized.
-  makeExtensibleWithCustomName = extenderName: rattrs:
-    fix' rattrs // {
-      ${extenderName} = f: makeExtensibleWithCustomName extenderName (extends f rattrs);
-   };
-
  # Flip the order of the arguments of a binary function.
  flip = f: a: b: f b a;

@@ -102,7 +77,25 @@ rec {
  min = x: y: if x < y then x else y;
  max = x: y: if x > y then x else y;

-  /* Reads a JSON file. */
+  /* Reads a JSON file. It is useful to import pure data into other nix
+     expressions.
+
+     Example:
+
+       mkDerivation {
+         src = fetchgit (importJSON ./repo.json)
+         #...
+       }
+
+       where repo.json contains:
+
+       {
+         "url": "git://some-domain/some/repo",
+         "rev": "265de7283488964f44f0257a8b4a055ad8af984d",
+         "sha256": "0sb3h3067pzf3a7mlxn1hikpcjrsvycjcnj9hl9b1c3ykcgvps7h"
+       }
+
+  */
  importJSON = path:
    builtins.fromJSON (builtins.readFile path);

--- a/lib/types.nix
+++ b/lib/types.nix
@@ -17,43 +17,10 @@ rec {
  };


-  # Default type merging function
-  # takes two type functors and return the merged type
-  defaultTypeMerge = f: f':
-    let wrapped = f.wrapped.typeMerge f'.wrapped.functor;
-        payload = f.binOp f.payload f'.payload;
-    in
-    # cannot merge different types
-    if f.name != f'.name
-       then null
-    # simple types
-    else if    (f.wrapped == null && f'.wrapped == null)
-            && (f.payload == null && f'.payload == null)
-       then f.type
-    # composed types
-    else if (f.wrapped != null && f'.wrapped != null) && (wrapped != null)
-       then f.type wrapped
-    # value types
-    else if (f.payload != null && f'.payload != null) && (payload != null)
-       then f.type payload
-    else null;
-
-  # Default type functor
-  defaultFunctor = name: {
-    inherit name;
-    type    = types."${name}" or null;
-    wrapped = null;
-    payload = null;
-    binOp   = a: b: null;
-  };
-
  isOptionType = isType "option-type";
  mkOptionType =
-    { # Human-readable representation of the type, should be equivalent to
-      # the type function name.
+    { # Human-readable representation of the type.
      name
-    , # Description of the type, defined recursively by embedding the the wrapped type if any.
-      description ? null
    , # Function applied to each definition that should return true if
      # its type-correct, false otherwise.
      check ? (x: true)
@@ -69,26 +36,12 @@ rec {
      getSubOptions ? prefix: {}
    , # List of modules if any, or null if none.
      getSubModules ? null
-    , # Function for building the same option type with a different list of
+    , # Function for building the same option type  with a different list of
      # modules.
      substSubModules ? m: null
-    , # Function that merge type declarations.
-      # internal, takes a functor as argument and returns the merged type.
-      # returning null means the type is not mergeable
-      typeMerge ? defaultTypeMerge functor
-    , # The type functor.
-      # internal, representation of the type as an attribute set.
-      #   name: name of the type
-      #   type: type function.
-      #   wrapped: the type wrapped in case of compound types.
-      #   payload: values of the type, two payloads of the same type must be 
-      #            combinable with the binOp binary operation.
-      #   binOp: binary operation that merge two payloads of the same type.
-      functor ? defaultFunctor name
    }:
    { _type = "option-type";
-      inherit name check merge getSubOptions getSubModules substSubModules typeMerge functor;
-      description = if description == null then name else description;
+      inherit name check merge getSubOptions getSubModules substSubModules;
    };


@@ -99,39 +52,29 @@ rec {
    };

    bool = mkOptionType {
-      name = "bool";
-      description = "boolean";
+      name = "boolean";
      check = isBool;
      merge = mergeEqualOption;
    };

-    int = mkOptionType rec {
-      name = "int";
-      description = "integer";
+    int = mkOptionType {
+      name = "integer";
      check = isInt;
      merge = mergeOneOption;
    };

    str = mkOptionType {
-      name = "str";
-      description = "string";
+      name = "string";
      check = isString;
      merge = mergeOneOption;
    };

    # Merge multiple definitions by concatenating them (with the given
    # separator between the values).
-    separatedString = sep: mkOptionType rec {
-      name = "separatedString";
-      description = "string";
+    separatedString = sep: mkOptionType {
+      name = "string";
      check = isString;
      merge = loc: defs: concatStringsSep sep (getValues defs);
-      functor = (defaultFunctor name) // {
-        payload = sep;
-        binOp = sepLhs: sepRhs:
-          if sepLhs == sepRhs then sepLhs
-          else null;
-      };
    };

    lines = separatedString "\n";
@@ -143,8 +86,7 @@ rec {
    string = separatedString "";

    attrs = mkOptionType {
-      name = "attrs";
-      description = "attribute set";
+      name = "attribute set";
      check = isAttrs;
      merge = loc: foldl' (res: def: mergeAttrs res def.value) {};
    };
@@ -172,9 +114,8 @@ rec {
    # drop this in the future:
    list = builtins.trace "`types.list' is deprecated; use `types.listOf' instead" types.listOf;

-    listOf = elemType: mkOptionType rec {
-      name = "listOf";
-      description = "list of ${elemType.description}s";
+    listOf = elemType: mkOptionType {
+      name = "list of ${elemType.name}s";
      check = isList;
      merge = loc: defs:
        map (x: x.value) (filter (x: x ? value) (concatLists (imap (n: def:
@@ -191,12 +132,10 @@ rec {
      getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["*"]);
      getSubModules = elemType.getSubModules;
      substSubModules = m: listOf (elemType.substSubModules m);
-      functor = (defaultFunctor name) // { wrapped = elemType; };
    };

-    attrsOf = elemType: mkOptionType rec {
-      name = "attrsOf";
-      description = "attribute set of ${elemType.description}s";
+    attrsOf = elemType: mkOptionType {
+      name = "attribute set of ${elemType.name}s";
      check = isAttrs;
      merge = loc: defs:
        mapAttrs (n: v: v.value) (filterAttrs (n: v: v ? value) (zipAttrsWith (name: defs:
@@ -208,7 +147,6 @@ rec {
      getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name>"]);
      getSubModules = elemType.getSubModules;
      substSubModules = m: attrsOf (elemType.substSubModules m);
-      functor = (defaultFunctor name) // { wrapped = elemType; };
    };

    # List or attribute set of ...
@@ -227,21 +165,18 @@ rec {
            def;
        listOnly = listOf elemType;
        attrOnly = attrsOf elemType;
-      in mkOptionType rec {
-        name = "loaOf";
-        description = "list or attribute set of ${elemType.description}s";
+      in mkOptionType {
+        name = "list or attribute set of ${elemType.name}s";
        check = x: isList x || isAttrs x;
        merge = loc: defs: attrOnly.merge loc (imap convertIfList defs);
        getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]);
        getSubModules = elemType.getSubModules;
        substSubModules = m: loaOf (elemType.substSubModules m);
-        functor = (defaultFunctor name) // { wrapped = elemType; };
      };

    # List or element of ...
-    loeOf = elemType: mkOptionType rec {
-      name = "loeOf";
-      description = "element or list of ${elemType.description}s";
+    loeOf = elemType: mkOptionType {
+      name = "element or list of ${elemType.name}s";
      check = x: isList x || elemType.check x;
      merge = loc: defs:
        let
@@ -254,22 +189,18 @@ rec {
        else if !isString res then
          throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
        else res;
-      functor = (defaultFunctor name) // { wrapped = elemType; };
    };

-    uniq = elemType: mkOptionType rec {
-      name = "uniq";
-      inherit (elemType) description check;
+    uniq = elemType: mkOptionType {
+      inherit (elemType) name check;
      merge = mergeOneOption;
      getSubOptions = elemType.getSubOptions;
      getSubModules = elemType.getSubModules;
      substSubModules = m: uniq (elemType.substSubModules m);
-      functor = (defaultFunctor name) // { wrapped = elemType; };
    };

-    nullOr = elemType: mkOptionType rec {
-      name = "nullOr";
-      description = "null or ${elemType.description}";
+    nullOr = elemType: mkOptionType {
+      name = "null or ${elemType.name}";
      check = x: x == null || elemType.check x;
      merge = loc: defs:
        let nrNulls = count (def: def.value == null) defs; in
@@ -280,7 +211,6 @@ rec {
      getSubOptions = elemType.getSubOptions;
      getSubModules = elemType.getSubModules;
      substSubModules = m: nullOr (elemType.substSubModules m);
-      functor = (defaultFunctor name) // { wrapped = elemType; };
    };

    submodule = opts:
@@ -306,12 +236,6 @@ rec {
            args = { name = ""; }; }).options;
        getSubModules = opts';
        substSubModules = m: submodule m;
-        functor = (defaultFunctor name) // {
-          # Merging of submodules is done as part of mergeOptionDecls, as we have to annotate
-          # each submodule with its location.
-          payload = [];
-          binOp = lhs: rhs: [];
-        };
      };

    enum = values:
@@ -321,65 +245,23 @@ rec {
          else if builtins.isInt v then builtins.toString v
          else ''<${builtins.typeOf v}>'';
      in
-      mkOptionType rec {
-        name = "enum";
-        description = "one of ${concatMapStringsSep ", " show values}";
+      mkOptionType {
+        name = "one of ${concatMapStringsSep ", " show values}";
        check = flip elem values;
        merge = mergeOneOption;
-        functor = (defaultFunctor name) // { payload = values; binOp = a: b: unique (a ++ b); };
      };

-    either = t1: t2: mkOptionType rec {
-      name = "either";
-      description = "${t1.description} or ${t2.description}";
+    either = t1: t2: mkOptionType {
+      name = "${t1.name} or ${t2.name}";
      check = x: t1.check x || t2.check x;
-      merge = loc: defs:
-        let
-          defList = map (d: d.value) defs;
-        in
-          if   all (x: t1.check x) defList
-               then t1.merge loc defs
-          else if all (x: t2.check x) defList
-               then t2.merge loc defs
-          else mergeOneOption loc defs;
-      typeMerge = f':
-        let mt1 = t1.typeMerge (elemAt f'.wrapped 0).functor;
-            mt2 = t2.typeMerge (elemAt f'.wrapped 1).functor;
-        in
-           if (name == f'.name) && (mt1 != null) && (mt2 != null)
-           then functor.type mt1 mt2
-           else null;
-      functor = (defaultFunctor name) // { wrapped = [ t1 t2 ]; };
+      merge = mergeOneOption;
    };

-    coercedTo = coercedType: coerceFunc: finalType:
-      assert coercedType.getSubModules == null;
-      mkOptionType rec {
-        name = "coercedTo";
-        description = "${finalType.description} or ${coercedType.description}";
-        check = x: finalType.check x || coercedType.check x;
-        merge = loc: defs:
-          let
-            coerceVal = val:
-              if finalType.check val then val
-              else let
-                coerced = coerceFunc val;
-              in assert finalType.check coerced; coerced;
-
-          in finalType.merge loc (map (def: def // { value = coerceVal def.value; }) defs);
-        getSubOptions = finalType.getSubOptions;
-        getSubModules = finalType.getSubModules;
-        substSubModules = m: coercedTo coercedType coerceFunc (finalType.substSubModules m);
-        typeMerge = t1: t2: null;
-        functor = (defaultFunctor name) // { wrapped = finalType; };
-      };
-
    # Obsolete alternative to configOf.  It takes its option
    # declarations from the ‘options’ attribute of containing option
    # declaration.
    optionSet = mkOptionType {
-      name = builtins.trace "types.optionSet is deprecated; use types.submodule instead" "optionSet";
-      description = "option set";
+      name = /* builtins.trace "types.optionSet is deprecated; use types.submodule instead" */ "option set";
    };

    # Augment the given type with an additional type check function.
--- a/maintainers/scripts/fetch-kde-qt.sh
+++ b/maintainers/scripts/fetch-kde-qt.sh
@@ -1,8 +1,6 @@
 #! /usr/bin/env nix-shell
 #! nix-shell -i bash -p coreutils findutils gnused nix wget

-set -efuo pipefail
-
 SRCS=
 if [ -d "$1" ]; then
    SRCS="$(pwd)/$1/srcs.nix"
--- a/maintainers/scripts/hydra-eval-failures.py
+++ b/maintainers/scripts/hydra-eval-failures.py
@@ -1,94 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i python -p pythonFull pythonPackages.requests pythonPackages.pyquery pythonPackages.click
-
-# To use, just execute this script with --help to display help.
-
-import subprocess
-import json
-import sys
-
-import click
-import requests
-from pyquery import PyQuery as pq
-
-
-maintainers_json = subprocess.check_output([
-    'nix-instantiate',
-    'lib/maintainers.nix',
-    '--eval',
-    '--json'])
-maintainers = json.loads(maintainers_json)
-MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
-
-
-def get_response_text(url):
-    return pq(requests.get(url).text)  # IO
-
-EVAL_FILE = {
-    'nixos': 'nixos/release.nix',
-    'nixpkgs': 'pkgs/top-level/release.nix',
-}
-
-
-def get_maintainers(attr_name):
-    nixname = attr_name.split('.')
-    meta_json = subprocess.check_output([
-        'nix-instantiate',
-        '--eval',
-        '--strict',
-        '-A',
-        '.'.join(nixname[1:]) + '.meta',
-        EVAL_FILE[nixname[0]],
-        '--json'])
-    meta = json.loads(meta_json)
-    if meta.get('maintainers'):
-        return [MAINTAINERS[name] for name in meta['maintainers'] if MAINTAINERS.get(name)]
-
-
-@click.command()
-@click.option(
-    '--jobset',
-    default="nixos/release-17.03",
-    help='Hydra project like nixos/release-17.03')
-def cli(jobset):
-    """
-    Given a Hydra project, inspect latest evaluation
-    and print a summary of failed builds
-    """
-
-    url = "http://hydra.nixos.org/jobset/{}".format(jobset)
-
-    # get the last evaluation
-    click.echo(click.style(
-        'Getting latest evaluation for {}'.format(url), fg='green'))
-    d = get_response_text(url)
-    evaluations = d('#tabs-evaluations').find('a[class="row-link"]')
-    latest_eval_url = evaluations[0].get('href')
-
-    # parse last evaluation page
-    click.echo(click.style(
-        'Parsing evaluation {}'.format(latest_eval_url), fg='green'))
-    d = get_response_text(latest_eval_url + '?full=1')
-
-    # TODO: aborted evaluations
-    # TODO: dependency failed without propagated builds
-    for tr in d('img[alt="Failed"]').parents('tr'):
-        a = pq(tr)('a')[1]
-        print "- [ ] [{}]({})".format(a.text, a.get('href'))
-
-        sys.stdout.flush()
-
-        maintainers = get_maintainers(a.text)
-        if maintainers:
-            print "  - maintainers: {}".format(", ".join(map(lambda u: '@' + u, maintainers)))
-        # TODO: print last three persons that touched this file
-        # TODO: pinpoint the diff that broke this build, or maybe it's transient or maybe it never worked?
-
-        sys.stdout.flush()
-
-
-if __name__ == "__main__":
-    try:
-        cli()
-    except:
-        import pdb;pdb.post_mortem()
--- a/maintainers/scripts/travis-nox-review-pr.sh
+++ b/maintainers/scripts/travis-nox-review-pr.sh
@@ -38,12 +38,6 @@ while test -n "$1"; do
            nix-build $TRAVIS_BUILD_DIR/pkgs/top-level/release.nix --attr tarball --show-trace
            ;;

-        nixpkgs-unstable)
-            echo "=== Checking nixpkgs unstable job"
-
-            nix-instantiate $TRAVIS_BUILD_DIR/pkgs/top-level/release.nix --attr unstable --show-trace
-            ;;
-
        nixpkgs-lint)
            echo "=== Checking nixpkgs lint"

--- a/maintainers/scripts/update.nix
+++ b/maintainers/scripts/update.nix
@@ -1,131 +0,0 @@
-{ package ? null
-, maintainer ? null
-}:
-
-# TODO: add assert statements
-
-let
-
-  pkgs = import ./../../default.nix { };
-
-  packagesWith = cond: return: set:
-    pkgs.lib.flatten
-      (pkgs.lib.mapAttrsToList
-        (name: pkg:
-          let
-            result = builtins.tryEval (
-              if pkgs.lib.isDerivation pkg && cond name pkg
-                then [(return name pkg)]
-              else if pkg.recurseForDerivations or false || pkg.recurseForRelease or false
-                then packagesWith cond return pkg
-              else []
-            );
-          in
-            if result.success then result.value
-            else []
-        )
-        set
-      );
-
-  packagesWithUpdateScriptAndMaintainer = maintainer':
-    let
-      maintainer =
-        if ! builtins.hasAttr maintainer' pkgs.lib.maintainers then
-          builtins.throw "Maintainer with name `${maintainer'} does not exist in `lib/maintainers.nix`."
-        else
-          builtins.getAttr maintainer' pkgs.lib.maintainers;
-    in
-      packagesWith (name: pkg: builtins.hasAttr "updateScript" pkg &&
-                                 (if builtins.hasAttr "maintainers" pkg.meta
-                                   then (if builtins.isList pkg.meta.maintainers
-                                           then builtins.elem maintainer pkg.meta.maintainers
-                                           else maintainer == pkg.meta.maintainers
-                                        )
-                                   else false
-                                 )
-                   )
-                   (name: pkg: pkg)
-                   pkgs;
-
-  packageByName = name:
-    let
-        package = pkgs.lib.attrByPath (pkgs.lib.splitString "." name) null pkgs;
-    in
-      if package == null then
-        builtins.throw "Package with an attribute name `${name}` does not exists."
-      else if ! builtins.hasAttr "updateScript" package then
-        builtins.throw "Package with an attribute name `${name}` does have an `passthru.updateScript` defined."
-      else
-        package;
-
-  packages =
-    if package != null then
-      [ (packageByName package) ]
-    else if maintainer != null then
-      packagesWithUpdateScriptAndMaintainer maintainer
-    else
-      builtins.throw "No arguments provided.\n\n${helpText}";
-
-  helpText = ''
-    Please run:
-
-        % nix-shell maintainers/scripts/update.nix --argstr maintainer garbas
-
-    to run all update scripts for all packages that lists \`garbas\` as a maintainer
-    and have \`updateScript\` defined, or:
-
-        % nix-shell maintainers/scripts/update.nix --argstr package garbas
-
-    to run update script for specific package.
-  '';
-
-  runUpdateScript = package: ''
-    echo -ne " - ${package.name}: UPDATING ..."\\r
-    ${package.updateScript} &> ${(builtins.parseDrvName package.name).name}.log
-    CODE=$?
-    if [ "$CODE" != "0" ]; then
-      echo " - ${package.name}: ERROR       "
-      echo ""
-      echo "--- SHOWING ERROR LOG FOR ${package.name} ----------------------"
-      echo ""
-      cat ${(builtins.parseDrvName package.name).name}.log
-      echo ""
-      echo "--- SHOWING ERROR LOG FOR ${package.name} ----------------------"
-      exit $CODE
-    else
-      rm ${(builtins.parseDrvName package.name).name}.log
-    fi
-    echo " - ${package.name}: DONE.       "
-  '';
-
-in pkgs.stdenv.mkDerivation {
-  name = "nixpkgs-update-script";
-  buildCommand = ''
-    echo ""
-    echo "----------------------------------------------------------------"
-    echo ""
-    echo "Not possible to update packages using \`nix-build\`"
-    echo ""
-    echo "${helpText}"
-    echo "----------------------------------------------------------------"
-    exit 1
-  '';
-  shellHook = ''
-    echo ""
-    echo "Going to be running update for following packages:"
-    echo "${builtins.concatStringsSep "\n" (map (x: " - ${x.name}") packages)}"
-    echo ""
-    read -n1 -r -p "Press space to continue..." confirm
-    if [ "$confirm" = "" ]; then
-      echo ""
-      echo "Running update for:"
-      ${builtins.concatStringsSep "\n" (map runUpdateScript packages)}
-      echo ""
-      echo "Packages updated!"
-      exit 0
-    else
-      echo "Aborting!"
-      exit 1
-    fi
-  '';
-}
--- a/maintainers/scripts/vanity.sh
+++ b/maintainers/scripts/vanity.sh
@@ -101,15 +101,15 @@ cleaner_script="$(echo "$name_list_canonical" | denormalize_name |

 # Add github usernames
 if [ -n "$NIXPKGS_GITHUB_NAME_CACHE" ]; then
-    github_adder_script="$(mktemp)"
-    echo "$github_name_list" |
+    github_adder_script="$(echo "$github_name_list" |
        grep -E "$(echo "$name_list_canonical" | cut -f 2 |
 	    tr '\n' '|' )" |
 	sort | uniq |
        sed -re 's/(.*)\t(.*)/s| \1$| \1\t\2|g;/' |
-	denormalize_name > "$github_adder_script"
+	denormalize_name
+	)"
 else
-    github_adder_script='/dev/null'
+    github_adder_script=''
 fi

 echo "$name_list" | denormalize_name
@@ -118,5 +118,5 @@ echo

 echo "$git_data" | cut -f 1 |
    sed -e "$cleaner_script" |
-    sort | uniq -c | sort -k1n | sed -rf "$github_adder_script" |
+    sort | uniq -c | sort -k1n | sed -re "$github_adder_script" |
    sed -re 's/^ *([0-9]+) /\1\t/'
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -37,4 +37,7 @@ in
  vm = vmConfig.system.build.vm;

  vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
+
+  # The following are used by nixos-rebuild.
+  nixFallback = pkgs.nixUnstable.out;
 }
--- a/nixos/doc/manual/administration/container-networking.xml
+++ b/nixos/doc/manual/administration/container-networking.xml
@@ -47,12 +47,4 @@ where <literal>eth0</literal> should be replaced with the desired
 external interface. Note that <literal>ve-+</literal> is a wildcard
 that matches all container interfaces.</para>

-<para>If you are using Network Manager, you need to explicitly prevent
-it from managing container interfaces:
-
-<programlisting>
-networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
-</programlisting>
-</para>
-
 </section>
--- a/nixos/doc/manual/configuration/configuration.xml
+++ b/nixos/doc/manual/configuration/configuration.xml
@@ -21,7 +21,6 @@ effect after you run <command>nixos-rebuild</command>.</para>
 <xi:include href="user-mgmt.xml" />
 <xi:include href="file-systems.xml" />
 <xi:include href="x-windows.xml" />
-<xi:include href="xfce.xml" />
 <xi:include href="networking.xml" />
 <xi:include href="linux-kernel.xml" />

--- a/nixos/doc/manual/configuration/customizing-packages.xml
+++ b/nixos/doc/manual/configuration/customizing-packages.xml
@@ -42,30 +42,29 @@ construction, so without them,
 elements.)</para>

 <para>Even greater customisation is possible using the function
-<varname>overrideAttrs</varname>.  While the
+<varname>overrideDerivation</varname>.  While the
 <varname>override</varname> mechanism above overrides the arguments of
-a package function, <varname>overrideAttrs</varname> allows
-changing the <emphasis>attributes</emphasis> passed to <literal>mkDerivation</literal>.
-This permits changing any aspect of the package, such as the source code.
+a package function, <varname>overrideDerivation</varname> allows
+changing the <emphasis>result</emphasis> of the function.  This
+permits changing any aspect of the package, such as the source code.
 For instance, if you want to override the source code of Emacs, you
 can say:

 <programlisting>
-environment.systemPackages = [
-  (pkgs.emacs.overrideAttrs (oldAttrs: {
-    name = "emacs-25.0-pre";
-    src = /path/to/my/emacs/tree;
-  }))
-];
+environment.systemPackages =
+  [ (pkgs.lib.overrideDerivation pkgs.emacs (attrs: {
+      name = "emacs-25.0-pre";
+      src = /path/to/my/emacs/tree;
+    }))
+  ];
 </programlisting>

-Here, <varname>overrideAttrs</varname> takes the Nix derivation
+Here, <varname>overrideDerivation</varname> takes the Nix derivation
 specified by <varname>pkgs.emacs</varname> and produces a new
 derivation in which the original’s <literal>name</literal> and
 <literal>src</literal> attribute have been replaced by the given
-values by re-calling <literal>stdenv.mkDerivation</literal>.
-The original attributes are accessible via the function argument,
-which is conventionally named <varname>oldAttrs</varname>.</para>
+values.  The original attributes are accessible via
+<varname>attrs</varname>.</para>

 <para>The overrides shown above are not global.  They do not affect
 the original package; other packages in Nixpkgs continue to depend on
--- a/nixos/doc/manual/configuration/ipv6-config.xml
+++ b/nixos/doc/manual/configuration/ipv6-config.xml
@@ -12,35 +12,8 @@ can disable IPv6 support globally by setting:

 <programlisting>
 networking.enableIPv6 = false;
-</programlisting></para>
-
-<para>You can disable IPv6 on a single interface using a normal sysctl (in this
-example, we use interface <varname>eth0</varname>):
-
-<programlisting>
-boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;
 </programlisting>
-</para>

-<para>As with IPv4 networking interfaces are automatically configured via
-DHCPv6. You can configure an interface manually:
-
-<programlisting>
-networking.interfaces.eth0.ip6 = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ];
-</programlisting>
-</para>
-
-<para>For configuring a gateway, optionally with explicitly specified interface:
-
-<programlisting>
-networking.defaultGateway6 = {
-  address = "fe00::1";
-  interface = "enp0s3";
-}
-</programlisting>
-</para>
-
-<para>See <xref linkend='sec-ipv4' /> for similar examples and additional information.
 </para>

 </section>
--- a/nixos/doc/manual/configuration/modularity.xml
+++ b/nixos/doc/manual/configuration/modularity.xml
@@ -36,8 +36,9 @@ latter might look like this:
 { config, pkgs, ... }:

 { services.xserver.enable = true;
-  services.xserver.displayManager.sddm.enable = true;
-  services.xserver.desktopManager.plasma5.enable = true;
+  services.xserver.displayManager.kdm.enable = true;
+  services.xserver.desktopManager.kde4.enable = true;
+  environment.systemPackages = [ pkgs.kde4.kscreensaver ];
 }
 </programlisting>

@@ -128,7 +129,7 @@ default; run <literal>nix-env -i nix-repl</literal> to get it.  A
 typical use:

 <screen>
-$ nix-repl '&lt;nixpkgs/nixos>'
+$ nix-repl '&lt;nixos>'

 nix-repl> config.networking.hostName
 "mandark"
--- a/nixos/doc/manual/configuration/network-manager.xml
+++ b/nixos/doc/manual/configuration/network-manager.xml
@@ -16,26 +16,12 @@ networking.networkmanager.enable = true;
 some desktop managers (e.g., GNOME) enable NetworkManager
 automatically for you.</para>

-<para>All users that should have permission to change network settings must
-belong to the <code>networkmanager</code> group:
-
-<programlisting>
-users.extraUsers.youruser.extraGroups = [ "networkmanager" ];
-</programlisting>
-</para>
-
-<para>NetworkManager is controlled using either <command>nmcli</command> or
-<command>nmtui</command> (curses-based terminal user interface). See their
-manual pages for details on their usage. Some desktop environments (GNOME, KDE)
-have their own configuration tools for NetworkManager. On XFCE, there is no
-configuration tool for NetworkManager by default: by adding
-<code>networkmanagerapplet</code> to the list of system packages, the graphical
-applet will be installed and will launch automatically when XFCE is starting
-(and will show in the status tray).</para>
+<para>All users that should have permission to change network settings
+must belong to the <code>networkmanager</code> group.</para>

 <note><para><code>networking.networkmanager</code> and
-<code>networking.wireless</code> (WPA Supplicant) cannot be enabled at the same
-time: you can still connect to the wireless networks using
+<code>networking.wireless</code> can not be enabled at the same time:
+you can still connect to the wireless networks using
 NetworkManager.</para></note>

 </section>
--- a/nixos/doc/manual/configuration/user-mgmt.xml
+++ b/nixos/doc/manual/configuration/user-mgmt.xml
@@ -36,10 +36,7 @@ to set a password, which is retained across invocations of
 and /etc/group will be congruent to your NixOS configuration. For instance,
 if you remove a user from users.extraUsers and run nixos-rebuild, the user
 account will cease to exist. Also, imperative commands for managing users
-and groups, such as useradd, are no longer available. Passwords may still be
-assigned by setting the user's <literal>hashedPassword</literal> option. A
-hashed password can be generated using <command>mkpasswd -m sha-512</command>
-after installing the <literal>mkpasswd</literal> package.</para>
+and groups, such as useradd, are no longer available.</para>

 <para>A user ID (uid) is assigned automatically.  You can also specify
 a uid manually by adding
--- a/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixos/doc/manual/configuration/x-windows.xml
@@ -25,23 +25,19 @@ Otherwise, you can only log into a plain undecorated
 <command>xterm</command> window.  Thus you should pick one or more of
 the following lines:
 <programlisting>
-services.xserver.desktopManager.plasma5.enable = true;
+services.xserver.desktopManager.kde4.enable = true;
 services.xserver.desktopManager.xfce.enable = true;
-services.xserver.desktopManager.gnome3.enable = true;
 services.xserver.windowManager.xmonad.enable = true;
 services.xserver.windowManager.twm.enable = true;
 services.xserver.windowManager.icewm.enable = true;
-services.xserver.windowManager.i3.enable = true;
 </programlisting>
 </para>

 <para>NixOS’s default <emphasis>display manager</emphasis> (the
 program that provides a graphical login prompt and manages the X
-server) is SLiM. You can select an alternative one by picking one
-of the following lines:
+server) is SLiM.  You can select KDE’s <command>kdm</command> instead:
 <programlisting>
-services.xserver.displayManager.sddm.enable = true;
-services.xserver.displayManager.lightdm.enable = true;
+services.xserver.displayManager.kdm.enable = true;
 </programlisting>
 </para>

--- a/nixos/doc/manual/configuration/xfce.xml
+++ b/nixos/doc/manual/configuration/xfce.xml
@@ -1,105 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-xfce">
-
-    <title>Xfce Desktop Environment</title>
-
-    <para>
-        To enable the Xfce Desktop Environment, set
-        <programlisting>
-services.xserver.desktopManager = {
-    xfce.enable = true;
-    default = "xfce";
-};
-        </programlisting>
-    </para>
-
-    <para>
-        Optionally, <emphasis>compton</emphasis>
-        can be enabled for nice graphical effects, some example settings:
-        <programlisting>
-services.compton = {
-  enable          = true;
-  fade            = true;
-  inactiveOpacity = "0.9";
-  shadow          = true;
-  fadeDelta       = 4;
-};
-        </programlisting>
-    </para>
-
-    <para>
-        Some Xfce programs are not installed automatically.
-        To install them manually (system wide), put them into your
-        <literal>environment.systemPackages</literal>.
-    </para>
-
-    <para>
-        NixOS’s default <emphasis>display manager</emphasis> is SLiM.
-        (DM is the program that provides a graphical login prompt
-         and manages the X server.)
-        You can, for example, select KDE’s
-        <command>sddm</command> instead:
-        <programlisting>
-services.xserver.displayManager.sddm.enable = true;
-        </programlisting>
-    </para>
-
-    <simplesect>
-        <title>Thunar Volume Support</title>
-
-        <para>
-            To enable
-            <emphasis>Thunar</emphasis>
-            volume support, put
-            <programlisting>
-services.xserver.desktopManager.xfce.enable = true;
-            </programlisting>
-            into your <emphasis>configuration.nix</emphasis>.
-        </para>
-
-    </simplesect>
-
-    <simplesect>
-        <title>Polkit Authentication Agent</title>
-
-        <para>
-            There is no authentication agent automatically installed alongside
-            Xfce. To allow mounting of local (non-removable) filesystems, you
-            will need to install one.
-
-            Installing <emphasis>polkit_gnome</emphasis>, a rebuild, logout and
-            login did the trick.
-        </para>
-
-    </simplesect>
-
-    <simplesect>
-        <title>Troubleshooting</title>
-
-        <para>
-            Even after enabling udisks2, volume management might not work.
-            Thunar and/or the desktop takes time to show up.
-
-            Thunar will spit out this kind of message on start
-            (look at <command>journalctl --user -b</command>).
-
-            <programlisting>
-Thunar:2410): GVFS-RemoteVolumeMonitor-WARNING **: remote volume monitor with dbus name org.gtk.Private.UDisks2VolumeMonitor is not supported
-            </programlisting>
-
-            This is caused by some needed GNOME services not running.
-            This is all fixed by enabling "Launch GNOME services on startup" in
-            the Advanced tab of the Session and Startup settings panel.
-            Alternatively, you can run this command to do the same thing.
-            <programlisting>
-$ xfconf-query -c xfce4-session -p /compat/LaunchGNOME -s true
-            </programlisting>
-            A log-out and re-log will be needed for this to take effect.
-        </para>
-
-    </simplesect>
-
-</chapter>
--- a/nixos/doc/manual/default.nix
+++ b/nixos/doc/manual/default.nix
@@ -94,11 +94,14 @@ let
    "--stringparam chunk.toc ${toc}"
  ];

-  olinkDB = runCommand "manual-olinkdb"
-    { inherit sources;
-      buildInputs = [ libxml2 libxslt ];
-    }
-    ''
+  olinkDB = stdenv.mkDerivation {
+    name = "manual-olinkdb";
+
+    inherit sources;
+
+    buildInputs = [ libxml2 libxslt ];
+
+    buildCommand = ''
      ${copySources}

      xsltproc \
@@ -130,14 +133,15 @@ let
      </targetset>
      EOF
    '';
+  };

 in rec {

  # The NixOS options in JSON format.
-  optionsJSON = runCommand "options-json"
-    { meta.description = "List of NixOS options in JSON format";
-    }
-    ''
+  optionsJSON = stdenv.mkDerivation {
+    name = "options-json";
+
+    buildCommand = ''
      # Export list of options in different format.
      dst=$out/share/doc/nixos
      mkdir -p $dst
@@ -150,14 +154,18 @@ in rec {
      echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
    ''; # */

+    meta.description = "List of NixOS options in JSON format";
+  };
+
  # Generate the NixOS manual.
-  manual = runCommand "nixos-manual"
-    { inherit sources;
-      buildInputs = [ libxml2 libxslt ];
-      meta.description = "The NixOS manual in HTML format";
-      allowedReferences = ["out"];
-    }
-    ''
+  manual = stdenv.mkDerivation {
+    name = "nixos-manual";
+
+    inherit sources;
+
+    buildInputs = [ libxml2 libxslt ];
+
+    buildCommand = ''
      ${copySources}

      # Check the validity of the manual sources.
@@ -184,12 +192,20 @@ in rec {
      echo "doc manual $dst" >> $out/nix-support/hydra-build-products
    ''; # */

+    meta.description = "The NixOS manual in HTML format";

-  manualEpub = runCommand "nixos-manual-epub"
-    { inherit sources;
-      buildInputs = [ libxml2 libxslt zip ];
-    }
-    ''
+    allowedReferences = ["out"];
+  };
+
+
+  manualEpub = stdenv.mkDerivation {
+    name = "nixos-manual-epub";
+
+    inherit sources;
+
+    buildInputs = [ libxml2 libxslt zip ];
+
+    buildCommand = ''
      ${copySources}

      # Check the validity of the manual sources.
@@ -218,15 +234,17 @@ in rec {
      mkdir -p $out/nix-support
      echo "doc-epub manual $manual" >> $out/nix-support/hydra-build-products
    '';
-
+  };

  # Generate the NixOS manpages.
-  manpages = runCommand "nixos-manpages"
-    { inherit sources;
-      buildInputs = [ libxml2 libxslt ];
-      allowedReferences = ["out"];
-    }
-    ''
+  manpages = stdenv.mkDerivation {
+    name = "nixos-manpages";
+
+    inherit sources;
+
+    buildInputs = [ libxml2 libxslt ];
+
+    buildCommand = ''
      ${copySources}

      # Check the validity of the man pages sources.
@@ -246,4 +264,7 @@ in rec {
        ./man-pages.xml
    '';

+    allowedReferences = ["out"];
+  };
+
 }
--- a/nixos/doc/manual/development/development.xml
+++ b/nixos/doc/manual/development/development.xml
@@ -14,7 +14,6 @@ NixOS.</para>
 <xi:include href="sources.xml" />
 <xi:include href="writing-modules.xml" />
 <xi:include href="building-parts.xml" />
-<xi:include href="writing-documentation.xml" />
 <xi:include href="building-nixos.xml" />
 <xi:include href="nixos-tests.xml" />
 <xi:include href="testing-installer.xml" />
--- a/nixos/doc/manual/development/option-declarations.xml
+++ b/nixos/doc/manual/development/option-declarations.xml
@@ -31,9 +31,9 @@ options = {
  <varlistentry>
    <term><varname>type</varname></term>
    <listitem>
-      <para>The type of the option (see <xref linkend='sec-option-types' />).
-      It may be omitted, but that’s not advisable since it may lead to errors
-      that are hard to diagnose.</para>
+      <para>The type of the option (see below).  It may be omitted,
+      but that’s not advisable since it may lead to errors that are
+      hard to diagnose.</para>
    </listitem>
  </varlistentry>

@@ -65,92 +65,86 @@ options = {

 </para>

-<section xml:id="sec-option-declarations-eot"><title>Extensible Option
-    Types</title>
+<para>Here is a non-exhaustive list of option types:

-  <para>Extensible option types is a feature that allow to extend certain types
-    declaration through multiple module files.
-    This feature only work with a restricted set of types, namely
-    <literal>enum</literal> and <literal>submodules</literal> and any composed
-    forms of them.</para>
+<variablelist>

-  <para>Extensible option types can be used for <literal>enum</literal> options
-    that affects multiple modules, or as an alternative to related
-    <literal>enable</literal> options.</para>
-
-  <para>As an example, we will take the case of display managers. There is a
-    central display manager module for generic display manager options and a
-    module file per display manager backend (slim, sddm, gdm ...).
-  </para>
-
-  <para>There are two approach to this module structure:
-
-  <itemizedlist>
-    <listitem><para>Managing the display managers independently by adding an
-        enable option to every display manager module backend. (NixOS)</para>
+  <varlistentry>
+    <term><varname>types.bool</varname></term>
+    <listitem>
+      <para>A Boolean.</para>
    </listitem>
-    <listitem><para>Managing the display managers in the central module by
-        adding an option to select which display manager backend to use.</para>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.int</varname></term>
+    <listitem>
+      <para>An integer.</para>
    </listitem>
-  </itemizedlist>
-  </para>
+  </varlistentry>

-  <para>Both approachs have problems.</para>
+  <varlistentry>
+    <term><varname>types.str</varname></term>
+    <listitem>
+      <para>A string.</para>
+    </listitem>
+  </varlistentry>

-  <para>Making backends independent can quickly become hard to manage. For
-    display managers, there can be only one enabled at a time, but the type
-    system can not enforce this restriction as there is no relation between
-    each backend <literal>enable</literal> option. As a result, this restriction
-    has to be done explicitely by adding assertions in each display manager
-    backend module.</para>
+  <varlistentry>
+    <term><varname>types.lines</varname></term>
+    <listitem>
+      <para>A string.  If there are multiple definitions, they are
+      concatenated, with newline characters in between.</para>
+    </listitem>
+  </varlistentry>

-  <para>On the other hand, managing the display managers backends in the
-    central module will require to change the central module option every time
-    a new backend is added or removed.</para>
+  <varlistentry>
+    <term><varname>types.path</varname></term>
+    <listitem>
+      <para>A path, defined as anything that, when coerced to a
+      string, starts with a slash.  This includes derivations.</para>
+    </listitem>
+  </varlistentry>

-  <para>By using extensible option types, it is possible to create a placeholder
-    option in the central module (<xref linkend='ex-option-declaration-eot-service'
-      />), and to extend it in each backend module (<xref
-      linkend='ex-option-declaration-eot-backend-slim' />, <xref
-      linkend='ex-option-declaration-eot-backend-sddm' />).</para>
+  <varlistentry>
+    <term><varname>types.package</varname></term>
+    <listitem>
+      <para>A derivation (such as <literal>pkgs.hello</literal>) or a
+      store path (such as
+      <filename>/nix/store/1ifi1cfbfs5iajmvwgrbmrnrw3a147h9-hello-2.10</filename>).</para>
+    </listitem>
+  </varlistentry>

-  <para>As a result, <literal>displayManager.enable</literal> option values can
-  be added without changing the main service module file and the type system
-  automatically enforce that there can only be a single display manager
-  enabled.</para>
+  <varlistentry>
+    <term><varname>types.listOf</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>A list of elements of type <replaceable>t</replaceable>
+      (e.g., <literal>types.listOf types.str</literal> is a list of
+      strings).  Multiple definitions are concatenated together.</para>
+    </listitem>
+  </varlistentry>

-<example xml:id='ex-option-declaration-eot-service'><title>Extensible type
-    placeholder in the service module</title>
-<screen>
-services.xserver.displayManager.enable = mkOption {
-  description = "Display manager to use";
-  type = with types; nullOr (enum [ ]);
-};</screen></example>
+  <varlistentry>
+    <term><varname>types.attrsOf</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>A set of elements of type <replaceable>t</replaceable>
+      (e.g., <literal>types.attrsOf types.int</literal> is a set of
+      name/value pairs, the values being integers).</para>
+    </listitem>
+  </varlistentry>

-<example xml:id='ex-option-declaration-eot-backend-slim'><title>Extending
-    <literal>services.xserver.displayManager.enable</literal> in the
-    <literal>slim</literal> module</title>
-<screen>
-services.xserver.displayManager.enable = mkOption {
-  type = with types; nullOr (enum [ "slim" ]);
-};</screen></example>
+  <varlistentry>
+    <term><varname>types.nullOr</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>Either the value <literal>null</literal> or something of
+      type <replaceable>t</replaceable>.</para>
+    </listitem>
+  </varlistentry>

-<example xml:id='ex-option-declaration-eot-backend-sddm'><title>Extending
-    <literal>services.foo.backend</literal> in the <literal>sddm</literal>
-    module</title>
-<screen>
-services.xserver.displayManager.enable = mkOption {
-  type = with types; nullOr (enum [ "sddm" ]);
-};</screen></example>
+</variablelist>

-<para>The placeholder declaration is a standard <literal>mkOption</literal>
-  declaration, but it is important that extensible option declarations only use
-  the <literal>type</literal> argument.</para>
-
-<para>Extensible option types work with any of the composed variants of
-  <literal>enum</literal> such as
-  <literal>with types; nullOr (enum [ "foo" "bar" ])</literal>
-  or <literal>with types; listOf (enum [ "foo" "bar" ])</literal>.</para>
+You can also create new types using the function
+<varname>mkOptionType</varname>.  See
+<filename>lib/types.nix</filename> in Nixpkgs for details.</para>

 </section>
-</section>
--- a/nixos/doc/manual/development/option-types.xml
+++ b/nixos/doc/manual/development/option-types.xml
@@ -1,446 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-        xmlns:xlink="http://www.w3.org/1999/xlink"
-        xmlns:xi="http://www.w3.org/2001/XInclude"
-        version="5.0"
-        xml:id="sec-option-types">
-
-<title>Options Types</title>
-
-  <para>Option types are a way to put constraints on the values a module option 
-    can take.
-    Types are also responsible of how values are merged in case of multiple 
-    value definitions.</para>
-  <section><title>Basic Types</title>
-
-    <para>Basic types are the simplest available types in the module system.
-      Basic types include multiple string types that mainly differ in how 
-      definition merging is handled.</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>types.bool</varname></term>
-    <listitem><para>A boolean, its values can be <literal>true</literal> or 
-        <literal>false</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.int</varname></term>
-    <listitem><para>An integer.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.path</varname></term>
-    <listitem><para>A filesystem path, defined as anything that when coerced to 
-        a string starts with a slash. Even if derivations can be considered as 
-        path, the more specific <literal>types.package</literal> should be 
-        preferred.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.package</varname></term>
-    <listitem><para>A derivation or a store path.</para></listitem>
-  </varlistentry>
-</variablelist>
-
-<para>String related types:</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>types.str</varname></term>
-    <listitem><para>A string. Multiple definitions cannot be 
-        merged.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.lines</varname></term>
-    <listitem><para>A string. Multiple definitions are concatenated with a new 
-        line <literal>"\n"</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.commas</varname></term>
-    <listitem><para>A string. Multiple definitions are concatenated with a comma 
-        <literal>","</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.envVar</varname></term>
-    <listitem><para>A string. Multiple definitions are concatenated with a 
-        collon <literal>":"</literal>.</para></listitem>
-  </varlistentry>
-</variablelist>
-
- </section>
-
- <section><title>Value Types</title>
-
-   <para>Value types are type that take a value parameter. The only value type 
-     in the library is <literal>enum</literal>.</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>types.enum</varname> <replaceable>l</replaceable></term>
-    <listitem><para>One element of the list <replaceable>l</replaceable>, e.g. 
-        <literal>types.enum [ "left" "right" ]</literal>. Multiple definitions 
-        cannot be merged.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.separatedString</varname>
-      <replaceable>sep</replaceable></term>
-    <listitem><para>A string with a custom separator
-        <replaceable>sep</replaceable>, e.g. <literal>types.separatedString
-          "|"</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.submodule</varname> <replaceable>o</replaceable></term>
-    <listitem><para>A set of sub options <replaceable>o</replaceable>.
-        <replaceable>o</replaceable> can be an attribute set or a function
-        returning an attribute set. Submodules are used in composed types to
-        create modular options. Submodule are detailed in <xref
-          linkend='section-option-types-submodule' />.</para></listitem>
-  </varlistentry>
-</variablelist>
- </section>
-
- <section><title>Composed Types</title>
-
-   <para>Composed types are types that take a type as parameter. <literal>listOf 
-       int</literal> and <literal>either int str</literal> are examples of 
-     composed types.</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>types.listOf</varname> <replaceable>t</replaceable></term>
-    <listitem><para>A list of <replaceable>t</replaceable> type, e.g. 
-        <literal>types.listOf int</literal>. Multiple definitions are merged 
-        with list concatenation.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.attrsOf</varname> <replaceable>t</replaceable></term>
-    <listitem><para>An attribute set of where all the values are of 
-        <replaceable>t</replaceable> type. Multiple definitions result in the 
-        joined attribute set.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.loaOf</varname> <replaceable>t</replaceable></term>
-    <listitem><para>An attribute set or a list of <replaceable>t</replaceable> 
-        type. Multiple definitions are merged according to the 
-        value.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.nullOr</varname> <replaceable>t</replaceable></term>
-    <listitem><para><literal>null</literal> or type 
-        <replaceable>t</replaceable>. Multiple definitions are merged according 
-        to type <replaceable>t</replaceable>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.uniq</varname> <replaceable>t</replaceable></term>
-    <listitem><para>Ensures that type <replaceable>t</replaceable> cannot be 
-        merged. It is used to ensure option definitions are declared only 
-        once.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>types.either</varname> <replaceable>t1</replaceable> 
-      <replaceable>t2</replaceable></term>
-    <listitem><para>Type <replaceable>t1</replaceable> or type 
-        <replaceable>t2</replaceable>, e.g. <literal>with types; either int 
-          str</literal>. Multiple definitions cannot be 
-        merged.</para></listitem>
-  </varlistentry>
-</variablelist>
-
-</section>
-
-<section xml:id='section-option-types-submodule'><title>Submodule</title>
-
-  <para>Submodule is a very powerful type that defines a set of sub-options that 
-    are handled like a separate module.
-    It is especially interesting when used with composed types like 
-    <literal>attrsOf</literal> or <literal>listOf</literal>.</para>
-
-  <para>The submodule type take a parameter <replaceable>o</replaceable>, that 
-    should be a set, or a function returning a set with an 
-    <literal>options</literal> key defining the sub-options.
-    The option set can be defined directly (<xref linkend='ex-submodule-direct' 
-      />) or as reference (<xref linkend='ex-submodule-reference' />).</para>
-
-  <para>Submodule option definitions are type-checked accordingly to the options 
-    declarations. It is possible to declare submodule options inside a submodule 
-    sub-options for even higher modularity.</para>
-
-<example xml:id='ex-submodule-direct'><title>Directly defined submodule</title>
-<screen>
-options.mod = mkOption {
-  name = "mod";
-  description = "submodule example";
-  type = with types; listOf (submodule {
-    options = {
-      foo = mkOption {
-        type = int;
-      };
-      bar = mkOption {
-        type = str;
-      };
-    };
-  });
-};</screen></example>
-
-<example xml:id='ex-submodule-reference'><title>Submodule defined as a 
-    reference</title>
-<screen>
-let
-  modOptions = {
-    options = {
-      foo = mkOption {
-        type = int;
-      };
-      bar = mkOption {
-        type = int;
-      };
-    };
-  };
-in
-options.mod = mkOption {
-  description = "submodule example";
-  type = with types; listOf (submodule modOptions);
-};</screen></example>
-
-<section><title>Composed with <literal>listOf</literal></title>
-
-  <para>When composed with <literal>listOf</literal>, submodule allows multiple 
-    definitions of the submodule option set.</para>
-
-<example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list 
-    of submodules</title>
-<screen>
-options.mod = mkOption {
-  description = "submodule example";
-  type = with types; listOf (submodule {
-    options = {
-      foo = mkOption {
-        type = int;
-      };
-      bar = mkOption {
-        type = str;
-      };
-    };
-  });
-};</screen></example>
-
-<example xml:id='ex-submodule-listof-definition'><title>Definition of a list of 
-    submodules</title>
-<screen>
-config.mod = [
-  { foo = 1; bar = "one"; }
-  { foo = 2; bar = "two"; }
-];</screen></example>
-
-</section>
-
-
-<section><title>Composed with <literal>attrsOf</literal></title>
-
-  <para>When composed with <literal>attrsOf</literal>, submodule allows multiple 
-    named definitions of the submodule option set.</para>
-
-<example xml:id='ex-submodule-attrsof-declaration'><title>Declaration of 
-    attribute sets of submodules</title>
-<screen>
-options.mod = mkOption {
-  description = "submodule example";
-  type = with types; attrsOf (submodule {
-    options = {
-      foo = mkOption {
-        type = int;
-      };
-      bar = mkOption {
-        type = str;
-      };
-    };
-  });
-};</screen></example>
-
-<example xml:id='ex-submodule-attrsof-definition'><title>Declaration of 
-    attribute sets of submodules</title>
-<screen>
-config.mod.one = { foo = 1; bar = "one"; };
-config.mod.two = { foo = 2; bar = "two"; };</screen></example>
-
-</section>
-</section>
-
-<section><title>Extending types</title>
-
-  <para>Types are mainly characterized by their <literal>check</literal> and 
-    <literal>merge</literal> functions.</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>check</varname></term>
-    <listitem><para>The function to type check the value. Takes a value as 
-        parameter and return a boolean.
-        It is possible to extend a type check with the 
-        <literal>addCheck</literal> function (<xref 
-          linkend='ex-extending-type-check-1' />), or to fully override the 
-        check function (<xref linkend='ex-extending-type-check-2' />).</para>
-
-<example xml:id='ex-extending-type-check-1'><title>Adding a type check</title>
-<screen>
-byte = mkOption {
-  description = "An integer between 0 and 255.";
-  type = addCheck (x: x &gt;= 0 &amp;&amp; x &lt;= 255) types.int;
-};</screen></example>
-
-<example xml:id='ex-extending-type-check-2'><title>Overriding a type 
-    check</title>
-<screen>
-nixThings = mkOption {
-  description = "words that start with 'nix'";
-  type = types.str // {
-    check = (x: lib.hasPrefix "nix" x)
-  };
-};</screen></example>
-    </listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>merge</varname></term>
-    <listitem><para>Function to merge the options values when multiple values 
-        are set.
-The function takes two parameters, <literal>loc</literal> the option path as a 
-list of strings, and <literal>defs</literal> the list of defined values as a 
-list.
-It is possible to override a type merge function for custom 
-needs.</para></listitem>
-  </varlistentry>
-</variablelist>
-
-</section>
-
-<section><title>Custom Types</title>
-
-<para>Custom types can be created with the <literal>mkOptionType</literal> 
-  function.
-As type creation includes some more complex topics such as submodule handling, 
-it is recommended to get familiar with <filename 
-  xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/types.nix">types.nix</filename> 
-code before creating a new type.</para>
-
-<para>The only required parameter is <literal>name</literal>.</para>
-
-<variablelist>
-  <varlistentry>
-    <term><varname>name</varname></term>
-    <listitem><para>A string representation of the type function 
-        name.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>definition</varname></term>
-    <listitem><para>Description of the type used in documentation. Give 
-        information of the type and any of its arguments.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>check</varname></term>
-    <listitem><para>A function to type check the definition value. Takes the 
-        definition value as a parameter and returns a boolean indicating the 
-        type check result, <literal>true</literal> for success and 
-        <literal>false</literal> for failure.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>merge</varname></term>
-    <listitem><para>A function to merge multiple definitions values. Takes two 
-        parameters:</para>
-      <variablelist>
-        <varlistentry>
-          <term><replaceable>loc</replaceable></term>
-          <listitem><para>The option path as a list of strings, e.g. 
-              <literal>["boot" "loader "grub" 
-                "enable"]</literal>.</para></listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><replaceable>defs</replaceable></term>
-          <listitem><para>The list of sets of defined <literal>value</literal> 
-              and <literal>file</literal> where the value was defined, e.g. 
-              <literal>[ { file = "/foo.nix"; value = 1; } { file = "/bar.nix"; 
-                value = 2 } ]</literal>. The <literal>merge</literal> function 
-              should return the merged value or throw an error in case the 
-              values are impossible or not meant to be merged.</para></listitem>
-        </varlistentry>
-      </variablelist>
-    </listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>getSubOptions</varname></term>
-    <listitem><para>For composed types that can take a submodule as type 
-        parameter, this function generate sub-options documentation. It takes 
-        the current option prefix as a list and return the set of sub-options. 
-        Usually defined in a recursive manner by adding a term to the prefix, 
-        e.g. <literal>prefix: elemType.getSubOptions (prefix ++ 
-          [<replaceable>"prefix"</replaceable>])</literal> where 
-        <replaceable>"prefix"</replaceable> is the newly added 
-        prefix.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>getSubModules</varname></term>
-    <listitem><para>For composed types that can take a submodule as type 
-        parameter, this function should return the type parameters submodules. 
-        If the type parameter is called <literal>elemType</literal>, the 
-        function should just recursively look into submodules by returning 
-        <literal>elemType.getSubModules;</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>substSubModules</varname></term>
-    <listitem><para>For composed types that can take a submodule as type 
-        parameter, this function can be used to substitute the parameter of a 
-        submodule type. It takes a module as parameter and return the type with 
-        the submodule options substituted. It is usally defined as a type 
-        function call with a recursive call to 
-        <literal>substSubModules</literal>, e.g for a type 
-        <literal>composedType</literal> that take an <literal>elemtype</literal> 
-        type parameter, this function should be defined as <literal>m: 
-          composedType (elemType.substSubModules m)</literal>.</para></listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>typeMerge</varname></term>
-    <listitem><para>A function to merge multiple type declarations. Takes the 
-        type to merge <literal>functor</literal> as parameter. A 
-        <literal>null</literal> return value means that type cannot be 
-        merged.</para>
-      <variablelist>
-        <varlistentry>
-          <term><replaceable>f</replaceable></term>
-          <listitem><para>The type to merge  
-              <literal>functor</literal>.</para></listitem>
-        </varlistentry>
-      </variablelist>
-      <para>Note: There is a generic <literal>defaultTypeMerge</literal> that 
-        work with most of value and composed types.</para>
-    </listitem>
-  </varlistentry>
-  <varlistentry>
-    <term><varname>functor</varname></term>
-    <listitem><para>An attribute set representing the type. It is used for type 
-        operations and has the following keys:</para>
-      <variablelist>
-        <varlistentry>
-          <term><varname>type</varname></term>
-          <listitem><para>The type function.</para></listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><varname>wrapped</varname></term>
-          <listitem><para>Holds the type parameter for composed types.</para>
-          </listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><varname>payload</varname></term>
-          <listitem><para>Holds the value parameter for value types. 
-              The types that have a <literal>payload</literal> are the
-              <literal>enum</literal>, <literal>separatedString</literal> and
-              <literal>submodule</literal> types.</para></listitem>
-        </varlistentry>
-        <varlistentry>
-          <term><varname>binOp</varname></term>
-          <listitem><para>A binary operation that can merge the payloads of two 
-              same types. Defined as a function that take two payloads as 
-              parameters and return the payloads merged.</para></listitem>
-        </varlistentry>
-      </variablelist>
-    </listitem>
-  </varlistentry>
-</variablelist>
-
-</section>
-</section>
--- a/nixos/doc/manual/development/sources.xml
+++ b/nixos/doc/manual/development/sources.xml
@@ -27,8 +27,8 @@ a subdirectory of the Nixpkgs repository.) The remote
 <literal>channels</literal> refers to a read-only repository that
 tracks the Nixpkgs/NixOS channels (see <xref linkend="sec-upgrading"/>
 for more information about channels). Thus, the Git branch
-<literal>channels/nixos-17.03</literal> will contain the latest built
-and tested version available in the <literal>nixos-17.03</literal>
+<literal>channels/nixos-14.12</literal> will contain the latest built
+and tested version available in the <literal>nixos-14.12</literal>
 channel.</para>

 <para>It’s often inconvenient to develop directly on the master
@@ -39,9 +39,9 @@ branch based on your current NixOS version:

 <screen>
 $ nixos-version
-17.09pre104379.6e0b727 (Hummingbird)
+14.04.273.ea1952b (Baboon)

-$ git checkout -b local e3938c8
+$ git checkout -b local ea1952b
 </screen>

 Or, to base your local branch on the latest version available in a
@@ -49,17 +49,17 @@ NixOS channel:

 <screen>
 $ git remote update channels
-$ git checkout -b local channels/nixos-17.03
+$ git checkout -b local channels/nixos-14.12
 </screen>

-(Replace <literal>nixos-17.03</literal> with the name of the channel
+(Replace <literal>nixos-14.12</literal> with the name of the channel
 you want to use.) You can use <command>git merge</command> or
 <command>git rebase</command> to keep your local branch in sync with
 the channel, e.g.

 <screen>
 $ git remote update channels
-$ git merge channels/nixos-17.03
+$ git merge channels/nixos-14.12
 </screen>

 You can use <command>git cherry-pick</command> to copy commits from
--- a/nixos/doc/manual/development/writing-documentation.xml
+++ b/nixos/doc/manual/development/writing-documentation.xml
@@ -1,147 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-        xmlns:xlink="http://www.w3.org/1999/xlink"
-        xmlns:xi="http://www.w3.org/2001/XInclude"
-        version="5.0"
-        xml:id="sec-writing-documentation">
-
-<title>Writing NixOS Documentation</title>
-
-<para>
-  As NixOS grows, so too does the need for a catalogue and explanation
-  of its extensive functionality. Collecting pertinent information
-  from disparate sources and presenting it in an accessible style
-  would be a worthy contribution to the project.
-</para>
-
-<section>
-<title>Building the Manual</title>
-<para>
-  The DocBook sources of the <xref linkend="book-nixos-manual"/> are in the
-  <link xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/doc/manual"><filename>nixos/doc/manual</filename></link>
-  subdirectory of the Nixpkgs repository. If you make modifications to
-  the manual, it's important to build it before committing. You can do
-  that as follows:
-
-  <screen>nix-build nixos/release.nix -A manual.x86_64-linux</screen>
-</para>
-
-<para>
-  When this command successfully finishes, it will tell you where the
-  manual got generated. The HTML will be accessible through the
-  <filename>result</filename> symlink at
-  <filename>./result/share/doc/nixos/index.html</filename>.
-</para>
-</section>
-
-<section>
-<title>Editing DocBook XML</title>
-
-<para>
-  For general information on how to write in DocBook, see
-  <link xlink:href="http://www.docbook.org/tdg5/en/html/docbook.html">
-    DocBook 5: The Definitive Guide</link>.
-</para>
-
-<para>
-  Emacs nXML Mode is very helpful for editing DocBook XML because it
-  validates the document as you write, and precisely locates
-  errors. To use it, see <xref linkend="sec-emacs-docbook-xml"/>.
-</para>
-
-<para>
-  <link xlink:href="http://pandoc.org">Pandoc</link> can generate
-  DocBook XML from a multitude of formats, which makes a good starting
-  point.
-
-  <example xml:id="ex-pandoc-xml-conv">
-    <title>Pandoc invocation to convert GitHub-Flavoured MarkDown to DocBook 5 XML</title>
-    <screen>pandoc -f markdown_github -t docbook5 docs.md -o my-section.md</screen>
-  </example>
-
-  Pandoc can also quickly convert a single
-  <filename>section.xml</filename> to HTML, which is helpful when
-  drafting.
-</para>
-
-<para>
-  Sometimes writing valid DocBook is simply too difficult. In this
-  case, submit your documentation updates in a <link
-  xlink:href="https://github.com/NixOS/nixpkgs/issues/new">GitHub
-  Issue</link> and someone will handle the conversion to XML for you.
-</para>
-</section>
-
-<section>
-<title>Creating a Topic</title>
-
-<para>
- You can use an existing topic as a basis for the new topic or create a topic from scratch.
-</para>
-
-<para>
-Keep the following guidelines in mind when you create and add a topic:
-
-<itemizedlist>
-  <listitem><para>
-    The NixOS <link xlink:href="http://www.docbook.org/tdg5/en/html/book.html"><tag>book</tag></link>
-    element is in <filename>nixos/doc/manual/manual.xml</filename>.
-    It includes several
-    <link xlink:href="http://www.docbook.org/tdg5/en/html/book.html"><tag>part</tag>s</link>
-    which are in subdirectories.
-  </para></listitem>
-
-  <listitem><para>
-    Store the topic file in the same directory as the <tag>part</tag>
-    to which it belongs. If your topic is about configuring a NixOS
-    module, then the XML file can be stored alongside the module
-    definition <filename>nix</filename> file.
-  </para></listitem>
-
-  <listitem><para>
-    If you include multiple words in the file name, separate the words
-    with a dash. For example: <filename>ipv6-config.xml</filename>.
-  </para></listitem>
-
-  <listitem><para>
-    Make sure that the <tag>xml:id</tag> value is unique. You can use
-    abbreviations if the ID is too long. For example:
-    <varname>nixos-config</varname>.
-  </para></listitem>
-
-  <listitem><para>
-    Determine whether your topic is a chapter or a section. If you are
-    unsure, open an existing topic file and check whether the main
-    element is chapter or section.
-  </para></listitem>
-
-</itemizedlist>
-
-</para>
-</section>
-
-<section>
-<title>Adding a Topic to the Book</title>
-
-<para>
-  Open the parent XML file and add an <varname>xi:include</varname>
-  element to the list of chapters with the file name of the topic that
-  you created. If you created a <tag>section</tag>, you add the file to
-  the <tag>chapter</tag> file. If you created a <tag>chapter</tag>, you
-  add the file to the <tag>part</tag> file.
-</para>
-
-<para>
-  If the topic is about configuring a NixOS module, it can be
-  automatically included in the manual by using the
-  <varname>meta.doc</varname> attribute. See <xref
-  linkend="sec-meta-attributes"/> for an explanation.
-</para>
-
-</section>
-
-
-
-
-
-
-</chapter>
--- a/nixos/doc/manual/development/writing-modules.xml
+++ b/nixos/doc/manual/development/writing-modules.xml
@@ -176,7 +176,6 @@ in {
 </example>

 <xi:include href="option-declarations.xml" />
-<xi:include href="option-types.xml" />
 <xi:include href="option-def.xml" />
 <xi:include href="meta-attributes.xml" />

--- a/nixos/doc/manual/installation/installing-usb.xml
+++ b/nixos/doc/manual/installation/installing-usb.xml
@@ -11,9 +11,7 @@ a USB stick. You can use the <command>dd</command> utility to write the image:
 <command>dd if=<replaceable>path-to-image</replaceable>
 of=<replaceable>/dev/sdb</replaceable></command>. Be careful about specifying the
 correct drive; you can use the <command>lsblk</command> command to get a list of
-block devices. If you're on OS X you can run <command>diskutil list</command>
-to see the list of devices; the device you'll use for the USB must be ejected
-before writing the image.</para>
+block devices.</para>

 <para>The <command>dd</command> utility will write the image verbatim to the drive,
 making it the recommended option for both UEFI and non-UEFI installations. For
--- a/nixos/doc/manual/installation/installing.xml
+++ b/nixos/doc/manual/installation/installing.xml
@@ -37,11 +37,6 @@
  first disable network-manager with
  <command>systemctl stop network-manager</command>.</para></listitem>

-  <listitem><para>If you would like to continue the installation from a different
-  machine you need to activate the SSH daemon via <literal>systemctl start sshd</literal>.
-  In order to be able to login you also need to set a password for
-  <literal>root</literal> using <literal>passwd</literal>.</para></listitem>
-
  <listitem><para>The NixOS installer doesn’t do any partitioning or
  formatting yet, so you need to do that yourself.  Use the following
  commands:
--- a/nixos/doc/manual/installation/obtaining.xml
+++ b/nixos/doc/manual/installation/obtaining.xml
@@ -32,7 +32,7 @@ running NixOS system through several other means:
  <listitem>
    <para>Using AMIs for Amazon’s EC2.  To find one for your region
    and instance type, please refer to the <link
-    xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/ec2-amis.nix">list
+    xlink:href="https://github.com/NixOS/nixops/blob/master/nix/ec2-amis.nix">list
    of most recent AMIs</link>.</para>
  </listitem>
  <listitem>
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -15,12 +15,12 @@ been built.  These channels are:
 <itemizedlist>
  <listitem>
    <para><emphasis>Stable channels</emphasis>, such as <literal
-    xlink:href="https://nixos.org/channels/nixos-17.03">nixos-17.03</literal>.
+    xlink:href="https://nixos.org/channels/nixos-14.12">nixos-14.12</literal>.
    These only get conservative bug fixes and package upgrades.  For
    instance, a channel update may cause the Linux kernel on your
-    system to be upgraded from 4.9.16 to 4.9.17 (a minor bug fix), but
-    not from 4.9.<replaceable>x</replaceable> to
-    4.11.<replaceable>x</replaceable> (a major change that has the
+    system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
+    not from 3.4.<replaceable>x</replaceable> to
+    3.11.<replaceable>x</replaceable> (a major change that has the
    potential to break things).  Stable channels are generally
    maintained until the next stable branch is created.</para>
    <para></para>
@@ -34,7 +34,7 @@ been built.  These channels are:
  </listitem>
  <listitem>
    <para><emphasis>Small channels</emphasis>, such as <literal
-    xlink:href="https://nixos.org/channels/nixos-17.03-small">nixos-17.03-small</literal>
+    xlink:href="https://nixos.org/channels/nixos-14.12-small">nixos-14.12-small</literal>
    or <literal
    xlink:href="https://nixos.org/channels/nixos-unstable-small">nixos-unstable-small</literal>. These
    are identical to the stable and unstable channels described above,
@@ -55,8 +55,8 @@ appliances.)</para>

 <para>When you first install NixOS, you’re automatically subscribed to
 the NixOS channel that corresponds to your installation source.   For
-instance, if you installed from a 17.03 ISO, you will be subscribed to
-the <literal>nixos-17.03</literal> channel.  To see which NixOS
+instance, if you installed from a 14.12 ISO, you will be subscribed to
+the <literal>nixos-14.12</literal> channel.  To see which NixOS
 channel you’re subscribed to, run the following as root:

 <screen>
@@ -71,16 +71,16 @@ To switch to a different NixOS channel, do
 </screen>

 (Be sure to include the <literal>nixos</literal> parameter at the
-end.)  For instance, to use the NixOS 17.03 stable channel:
+end.)  For instance, to use the NixOS 14.12 stable channel:

 <screen>
-# nix-channel --add https://nixos.org/channels/nixos-17.03 nixos
+# nix-channel --add https://nixos.org/channels/nixos-14.12 nixos
 </screen>

 If you have a server, you may want to use the “small” channel instead:

 <screen>
-# nix-channel --add https://nixos.org/channels/nixos-17.03-small nixos
+# nix-channel --add https://nixos.org/channels/nixos-14.12-small nixos
 </screen>

 And if you want to live on the bleeding edge:
@@ -101,11 +101,6 @@ channel by running
 which is equivalent to the more verbose <literal>nix-channel --update
 nixos; nixos-rebuild switch</literal>.</para>

-<note><para>Channels are set per user. This means that running <literal>
-nix-channel --add</literal> as a non root user (or without sudo) will not
-affect configuration in <literal>/etc/nixos/configuration.nix</literal>
-</para></note>
-
 <warning><para>It is generally safe to switch back and forth between
 channels.  The only exception is that a newer NixOS may also have a
 newer Nix version, which may involve an upgrade of Nix’s database
@@ -130,7 +125,7 @@ runs, see <command>systemctl list-timers</command>.)  You can also
 specify a channel explicitly, e.g.

 <programlisting>
-system.autoUpgrade.channel = https://nixos.org/channels/nixos-17.03;
+system.autoUpgrade.channel = https://nixos.org/channels/nixos-15.09;
 </programlisting>

 </para>
--- a/nixos/doc/manual/man-nixos-rebuild.xml
+++ b/nixos/doc/manual/man-nixos-rebuild.xml
@@ -68,7 +68,7 @@ desired operation.  It must be one of the following:
    <listitem>
      <para>Build and activate the new configuration, and make it the
      boot default.  That is, the configuration is added to the GRUB
-      boot menu as the default menu entry, so that subsequent reboots
+      boot menu as the default meny entry, so that subsequent reboots
      will boot the system into the new configuration.  Previous
      configurations activated with <command>nixos-rebuild
      switch</command> or <command>nixos-rebuild boot</command> remain
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@@ -9,7 +9,6 @@
 <para>This section lists the release notes for each stable version of NixOS
 and current unstable revision.</para>

-<xi:include href="rl-1703.xml" />
 <xi:include href="rl-1609.xml" />
 <xi:include href="rl-1603.xml" />
 <xi:include href="rl-1509.xml" />
--- a/nixos/doc/manual/release-notes/rl-1609.xml
+++ b/nixos/doc/manual/release-notes/rl-1609.xml
@@ -49,7 +49,62 @@ has the following highlights: </para>
 <para>The following new services were added since the last release:</para>

 <itemizedlist>
-  <listitem><para><literal>(this will get automatically generated at release time)</literal></para></listitem>
+  <listitem><para><literal>hardware/video/amdgpu.nix</literal></para></listitem>
+  <listitem><para><literal>hardware/video/displaylink.nix</literal></para></listitem>
+  <listitem><para><literal>programs/info.nix</literal></para></listitem>
+  <listitem><para><literal>programs/mosh.nix</literal></para></listitem>
+  <listitem><para><literal>programs/spacefm.nix</literal></para></listitem>
+  <listitem><para><literal>programs/tmux.nix</literal></para></listitem>
+  <listitem><para><literal>programs/xonsh.nix</literal></para></listitem>
+  <listitem><para><literal>security/chromium-suid-sandbox.nix</literal></para></listitem>
+  <listitem><para><literal>security/hidepid.nix</literal></para></listitem>
+  <listitem><para><literal>services/audio/squeezelite.nix</literal></para></listitem>
+  <listitem><para><literal>services/backup/znapzend.nix</literal></para></listitem>
+  <listitem><para><literal>services/continuous-integration/buildkite-agent.nix</literal></para></listitem>
+  <listitem><para><literal>services/continuous-integration/hydra/default.nix</literal></para></listitem>
+  <listitem><para><literal>services/continuous-integration/gocd-agent/default.nix</literal></para></listitem>
+  <listitem><para><literal>services/continuous-integration/gocd-server/default.nix</literal></para></listitem>
+  <listitem><para><literal>services/development/hoogle.nix</literal></para></listitem>
+  <listitem><para><literal>services/editors/emacs.nix</literal></para></listitem>
+  <listitem><para><literal>services/games/factorio.nix</literal></para></listitem>
+  <listitem><para><literal>services/games/terraria.nix</literal></para></listitem>
+  <listitem><para><literal>services/logging/awstats.nix</literal></para></listitem>
+  <listitem><para><literal>services/logging/graylog.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/emby.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/mantisbt.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/nzbget.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/packagekit.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/sonarr.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/spice-vdagentd.nix</literal></para></listitem>
+  <listitem><para><literal>services/misc/taskserver</literal></para></listitem>
+  <listitem><para><literal>services/network-filesystems/tahoe.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/coturn.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/ferm.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/gdomap.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/libreswan.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/logmein-hamachi.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/mfi.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/mjpg-streamer.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/mosquitto.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/nntp-proxy.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/offlineimap.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/pptpd.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/sniproxy.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/smokeping.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/toxvpn.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/xl2tpd.nix</literal></para></listitem>
+  <listitem><para><literal>services/networking/zerobin.nix</literal></para></listitem>
+  <listitem><para><literal>services/security/oauth2_proxy.nix</literal></para></listitem>
+  <listitem><para><literal>services/torrent/flexget.nix</literal></para></listitem>
+  <listitem><para><literal>services/web-apps/mattermost.nix</literal></para></listitem>
+  <listitem><para><literal>services/web-apps/tt-rss.nix</literal></para></listitem>
+  <listitem><para><literal>services/web-servers/caddy.nix</literal></para></listitem>
+  <listitem><para><literal>services/web-servers/lighttpd/inginious.nix</literal></para></listitem>
+  <listitem><para><literal>services/x11/compton.nix</literal></para></listitem>
+  <listitem><para><literal>services/x11/xbanish.nix</literal></para></listitem>
+  <listitem><para><literal>system/boot/loader/systemd-boot/systemd-boot.nix</literal></para></listitem>
+  <listitem><para><literal>system/boot/plymouth.nix</literal></para></listitem>
+  <listitem><para><literal>virtualisation/xe-guest-utilities.nix</literal></para></listitem>
 </itemizedlist>

 <para>When upgrading from a previous release, please be aware of the
@@ -108,6 +163,13 @@ following incompatible changes:</para>
    </para>
  </listitem>

+  <listitem>
+  <para>
+     Using packages compiled with older Wayland may yield an error "undefined reference to `wl_proxy_*`".
+     Please upgrade those packages and <link xlink:href="https://github.com/NixOS/nixpkgs/issues/16779">see bug report for more details.</link>
+  </para>
+  </listitem>
+
  <listitem>
    <para>Gitlab's maintainance script
    <command>gitlab-runner</command> was removed and split up into the
@@ -164,6 +226,7 @@ following incompatible changes:</para>
      PHP has been upgraded to 7.0
    </para>
  </listitem>
+
 </itemizedlist>


--- a/nixos/doc/manual/release-notes/rl-1703.xml
+++ b/nixos/doc/manual/release-notes/rl-1703.xml
@@ -1,514 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-17.03">
-
-<title>Release 17.03 (“Gorilla”, 2017/03/31)</title>
-
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-17.03-highlights">
-
-<title>Highlights</title>
-
-<para>In addition to numerous new and upgraded packages, this release
-has the following highlights: </para>
-
-<itemizedlist>
-  <listitem>
-    <para>Nixpkgs is now extensible through overlays. See the <link
-    xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">Nixpkgs
-    manual</link> for more information.</para>
-  </listitem>
-
-  <listitem>
-    <para>This release is based on Glibc 2.25, GCC 5.4.0 and systemd
-    232. The default Linux kernel is 4.9 and Nix is at 1.11.8.</para>
-  </listitem>
-
-  <listitem>
-    <para>The default desktop environment now is KDE's Plasma 5. KDE 4 has been removed</para>
-  </listitem>
-
-  <listitem>
-    <para>The setuid wrapper functionality now supports setting
-    capabilities.</para>
-  </listitem>
-
-  <listitem>
-    <para>X.org server uses branch 1.19. Due to ABI incompatibilities,
-      <literal>ati_unfree</literal> keeps forcing 1.17
-      and <literal>amdgpu-pro</literal> starts forcing 1.18.</para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Cross compilation has been rewritten. See the nixpkgs manual for
-      details. The most obvious breaking change is that in derivations there is no
-      <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> are now
-      cross by default, not native.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>The <literal>overridePackages</literal> function has been rewritten
-    to be replaced by <link
-    xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
-    overlays</link></para>
-  </listitem>
-
-  <listitem>
-    <para>Packages in nixpkgs can be marked as insecure through listed
-    vulnerabilities. See the <link
-    xlink:href="https://nixos.org/nixpkgs/manual/#sec-allow-insecure">Nixpkgs
-    manual</link> for more information.</para>
-  </listitem>
-
-  <listitem>
-    <para>PHP now defaults to PHP 7.1</para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The user handling now keeps track of deallocated UIDs/GIDs. When a user
-      or group is revived, this allows it to be allocated the UID/GID it had before.
-      A consequence is that UIDs and GIDs are no longer reused.
-    </para>
-  </listitem>
-
-</itemizedlist>
-
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-17.03-new-services">
-
-<title>New Services</title>
-
-<para>The following new services were added since the last release:</para>
-
-<itemizedlist>
-  <listitem><para><literal>hardware/ckb.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/mcelog.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/usb-wwan.nix</literal></para></listitem>
-  <listitem><para><literal>hardware/video/capture/mwprocapture.nix</literal></para></listitem>
-  <listitem><para><literal>programs/adb.nix</literal></para></listitem>
-  <listitem><para><literal>programs/chromium.nix</literal></para></listitem>
-  <listitem><para><literal>programs/gphoto2.nix</literal></para></listitem>
-  <listitem><para><literal>programs/java.nix</literal></para></listitem>
-  <listitem><para><literal>programs/mtr.nix</literal></para></listitem>
-  <listitem><para><literal>programs/oblogout.nix</literal></para></listitem>
-  <listitem><para><literal>programs/vim.nix</literal></para></listitem>
-  <listitem><para><literal>programs/wireshark.nix</literal></para></listitem>
-  <listitem><para><literal>security/dhparams.nix</literal></para></listitem>
-  <listitem><para><literal>services/audio/ympd.nix</literal></para></listitem>
-  <listitem><para><literal>services/computing/boinc/client.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/buildbot/master.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/buildbot/worker.nix</literal></para></listitem>
-  <listitem><para><literal>services/continuous-integration/gitlab-runner.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/riak-cs.nix</literal></para></listitem>
-  <listitem><para><literal>services/databases/stanchion.nix</literal></para></listitem>
-  <listitem><para><literal>services/desktops/gnome3/gnome-terminal-server.nix</literal></para></listitem>
-  <listitem><para><literal>services/editors/infinoted.nix</literal></para></listitem>
-  <listitem><para><literal>services/hardware/illum.nix</literal></para></listitem>
-  <listitem><para><literal>services/hardware/trezord.nix</literal></para></listitem>
-  <listitem><para><literal>services/logging/journalbeat.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/offlineimap.nix</literal></para></listitem>
-  <listitem><para><literal>services/mail/postgrey.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/couchpotato.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/docker-registry.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/errbot.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/geoip-updater.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/gogs.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/leaps.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/nix-optimise.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/ssm-agent.nix</literal></para></listitem>
-  <listitem><para><literal>services/misc/sssd.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/arbtt.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/netdata.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/default.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/alertmanager.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/blackbox-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/json-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/nginx-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/node-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/snmp-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/unifi-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/prometheus/varnish-exporter.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/sysstat.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/telegraf.nix</literal></para></listitem>
-  <listitem><para><literal>services/monitoring/vnstat.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/cachefilesd.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/glusterfs.nix</literal></para></listitem>
-  <listitem><para><literal>services/network-filesystems/ipfs.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/dante.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/dnscrypt-wrapper.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/fakeroute.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/flannel.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/htpdate.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/miredo.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/nftables.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/powerdns.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/pdns-recursor.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/quagga.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/redsocks.nix</literal></para></listitem>
-  <listitem><para><literal>services/networking/wireguard.nix</literal></para></listitem>
-  <listitem><para><literal>services/system/cgmanager.nix</literal></para></listitem>
-  <listitem><para><literal>services/torrent/opentracker.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/confluence.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/crowd.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/atlassian/jira.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/frab.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/nixbot.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/selfoss.nix</literal></para></listitem>
-  <listitem><para><literal>services/web-apps/quassel-webserver.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/unclutter-xfixes.nix</literal></para></listitem>
-  <listitem><para><literal>services/x11/urxvtd.nix</literal></para></listitem>
-  <listitem><para><literal>system/boot/systemd-nspawn.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/ecs-agent.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/lxcfs.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/openstack/keystone.nix</literal></para></listitem>
-  <listitem><para><literal>virtualisation/openstack/glance.nix</literal></para></listitem>
-</itemizedlist>
-
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-17.03-incompatibilities">
-
-<title>Backward Incompatibilities</title>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
-
-<itemizedlist>
-  <listitem>
-    <para>
-      Derivations have no <literal>.nativeDrv</literal> nor <literal>.crossDrv</literal> 
-      and are now cross by default, not native.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>stdenv.overrides</literal> is now expected to take <literal>self</literal>
-      and <literal>super</literal> arguments. See <literal>lib.trivial.extends</literal>
-      for what those parameters represent.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>ansible</literal> now defaults to ansible version 2 as version 1
-      has been removed due to a serious <link
-      xlink:href="https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt">
-      vulnerability</link> unpatched by upstream.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>gnome</literal> alias has been removed along with
-      <literal>gtk</literal>, <literal>gtkmm</literal> and several others.
-      Now you need to use versioned attributes, like <literal>gnome3</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The attribute name of the Radicale daemon has been changed from
-      <literal>pythonPackages.radicale</literal> to
-      <literal>radicale</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The <literal>stripHash</literal> bash function in <literal>stdenv</literal>
-      changed according to its documentation; it now outputs the stripped name to
-      <literal>stdout</literal> instead of putting it in the variable
-      <literal>strippedName</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>PHP now scans for extra configuration .ini files in /etc/php.d
-    instead of /etc. This prevents accidentally loading non-PHP .ini files
-    that may be in /etc.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Two lone top-level dict dbs moved into <literal>dictdDBs</literal>. This
-      affects: <literal>dictdWordnet</literal> which is now at
-      <literal>dictdDBs.wordnet</literal> and <literal>dictdWiktionary</literal>
-      which is now at <literal>dictdDBs.wiktionary</literal>
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Parsoid service now uses YAML configuration format.
-     <literal>service.parsoid.interwikis</literal> is now called
-     <literal>service.parsoid.wikis</literal> and is a list of either API URLs
-     or attribute sets as specified in parsoid's documentation.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-     <literal>Ntpd</literal> was replaced by
-     <literal>systemd-timesyncd</literal> as the default service to synchronize
-     system time with a remote NTP server. The old behavior can be restored by
-     setting <literal>services.ntp.enable</literal> to <literal>true</literal>.
-     Upstream time servers for all NTP implementations are now configured using
-     <literal>networking.timeServers</literal>.
-   </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>service.nylon</literal> is now declared using named instances.
-      As an example:
-
-<programlisting>
-  services.nylon = {
-    enable = true;
-    acceptInterface = "br0";
-    bindInterface = "tun1";
-    port = 5912;
-  };
-</programlisting>
-
-      should be replaced with:
-
-<programlisting>
-  services.nylon.myvpn = {
-    enable = true;
-    acceptInterface = "br0";
-    bindInterface = "tun1";
-    port = 5912;
-  };
-</programlisting>
-
-      this enables you to declare a SOCKS proxy for each uplink.
-
-    </para>
-  </listitem>
-
-  <listitem>
-    <para><literal>overridePackages</literal> function no longer exists.
-    It is replaced by <link
-    xlink:href="https://nixos.org/nixpkgs/manual/#sec-overlays-install">
-    overlays</link>. For example, the following code:
-
-<programlisting>
-  let
-    pkgs = import &lt;nixpkgs&gt; {};
-  in
-    pkgs.overridePackages (self: super: ...)
-</programlisting>
-
-    should be replaced by:
-
-<programlisting>
-  let
-    pkgs = import &lt;nixpkgs&gt; {};
-  in
-    import pkgs.path { overlays = [(self: super: ...)] }
-</programlisting>
-
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Autoloading connection tracking helpers is now disabled by default.
-      This default was also changed in the Linux kernel and is considered
-      insecure if not configured properly in your firewall. If you need
-      connection tracking helpers (i.e. for active FTP) please enable
-      <literal>networking.firewall.autoLoadConntrackHelpers</literal> and
-      tune <literal>networking.firewall.connectionTrackingModules</literal>
-      to suit your needs.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>local_recipient_maps</literal> is not set to empty value by
-      Postfix service. It's an insecure default as stated by Postfix
-      documentation. Those who want to retain this setting need to set it via
-      <literal>services.postfix.extraConfig</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-    Iputils no longer provide ping6 and traceroute6. The functionality of
-    these tools have been integrated into ping and traceroute respectively. To
-    enforce an address family the new flags <literal>-4</literal> and
-    <literal>-6</literal> have been added. One notable incompatibility is that
-    specifying an interface (for link-local IPv6 for instance) is no longer done
-    with the <literal>-I</literal> flag, but by encoding the interface into the
-    address (<literal>ping fe80::1%eth0</literal>).
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The socket handling of the <literal>services.rmilter</literal> module
-      has been fixed and refactored. As rmilter doesn't support binding to
-      more than one socket, the options <literal>bindUnixSockets</literal>
-      and <literal>bindInetSockets</literal> have been replaced by
-      <literal>services.rmilter.bindSocket.*</literal>. The default is still
-      a unix socket in <literal>/run/rmilter/rmilter.sock</literal>. Refer to
-      the options documentation for more information.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The <literal>fetch*</literal> functions no longer support md5,
-      please use sha256 instead.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The dnscrypt-proxy module interface has been streamlined around the
-      <option>extraArgs</option> option. Where possible, legacy option
-      declarations are mapped to <option>extraArgs</option> but will emit
-      warnings. The <option>resolverList</option> has been outright
-      removed: to use an unlisted resolver, use the
-      <option>customResolver</option> option.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      torbrowser now stores local state under
-      <filename>~/.local/share/tor-browser</filename> by default. Any
-      browser profile data from the old location,
-      <filename>~/.torbrowser4</filename>, must be migrated manually.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The ihaskell, monetdb, offlineimap and sitecopy services have been removed.
-    </para>
-  </listitem>
-</itemizedlist>
-
-</section>
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-17.03-notable-changes">
-
-<title>Other Notable Changes</title>
-
-<itemizedlist>
-
-  <listitem>
-    <para>Module type system have a new extensible option types feature that
-      allow to extend certain types, such as enum, through multiple option
-      declarations of the same option across multiple modules.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      <literal>jre</literal> now defaults to GTK+ UI by default. This
-      improves visual consistency and makes Java follow system font style,
-      improving the situation on HighDPI displays. This has a cost of increased
-      closure size; for server and other headless workloads it's recommended to
-      use <literal>jre_headless</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>Python 2.6 interpreter and package set have been removed.</para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The Python 2.7 interpreter does not use modules anymore. Instead, all
-      CPython interpreters now include the whole standard library except for `tkinter`,
-      which is available in the Python package set.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Python 2.7, 3.5 and 3.6 are now built deterministically and 3.4 mostly.
-      Minor modifications had to be made to the interpreters in order to generate
-      deterministic bytecode. This has security implications and is relevant for
-      those using Python in a <literal>nix-shell</literal>. See the Nixpkgs manual
-      for details.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The Python package sets now use a fixed-point combinator and the sets are
-      available as attributes of the interpreters.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The Python function <literal>buildPythonPackage</literal> has been improved and can be
-      used to build from Setuptools source, Flit source, and precompiled Wheels.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      When adding new or updating current Python libraries, the expressions should be put
-      in separate files in <literal>pkgs/development/python-modules</literal> and
-      called from <literal>python-packages.nix</literal>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The dnscrypt-proxy service supports synchronizing the list of public
-      resolvers without working DNS resolution. This fixes issues caused by the
-      resolver list becoming outdated. It also improves the viability of
-      DNSCrypt only configurations.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      Containers using bridged networking no longer lose their connection after
-      changes to the host networking.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      ZFS supports pool auto scrubbing.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>
-      The bind DNS utilities (e.g. dig) have been split into their own output and
-      are now also available in <literal>pkgs.dnsutils</literal> and it is no longer
-      necessary to pull in all of <literal>bind</literal> to use them.
-    </para>
-  </listitem>
-</itemizedlist>
-</section>
-</section>
--- a/nixos/lib/eval-config.nix
+++ b/nixos/lib/eval-config.nix
@@ -1,4 +1,4 @@
-# From an end-user configuration file (`configuration.nix'), build a NixOS
+# From an end-user configuration file (`configuration'), build a NixOS
 # configuration object (`config') from which we can retrieve option
 # values.

--- a/nixos/lib/make-disk-image.nix
+++ b/nixos/lib/make-disk-image.nix
@@ -7,12 +7,6 @@
 , # The size of the disk, in megabytes.
  diskSize

-  # The files and directories to be placed in the target file system.
-  # This is a list of attribute sets {source, target} where `source'
-  # is the file system object (regular file or directory) to be
-  # grafted in the file system at path `target'.
-, contents ? []
-
 , # Whether the disk should be partitioned (with a single partition
  # containing the root filesystem) or contain the root filesystem
  # directly.
@@ -33,10 +27,6 @@

 , name ? "nixos-disk-image"

-  # This prevents errors while checking nix-store validity, see
-  # https://github.com/NixOS/nix/issues/1134
-, fixValidity ? true
-
 , format ? "raw"
 }:

@@ -51,14 +41,7 @@ pkgs.vmTools.runInLinuxVM (
          ${pkgs.vmTools.qemu}/bin/qemu-img create -f ${format} $diskImage "${toString diskSize}M"
          mv closure xchg/
        '';
-      buildInputs = with pkgs; [ utillinux perl e2fsprogs parted rsync ];
-
-      # I'm preserving the line below because I'm going to search for it across nixpkgs to consolidate
-      # image building logic. The comment right below this now appears in 4 different places in nixpkgs :)
-      # !!! should use XML.
-      sources = map (x: x.source) contents;
-      targets = map (x: x.target) contents;
-
+      buildInputs = [ pkgs.utillinux pkgs.perl pkgs.e2fsprogs pkgs.parted ];
      exportReferencesGraph =
        [ "closure" config.system.build.toplevel ];
      inherit postVM;
@@ -78,6 +61,9 @@ pkgs.vmTools.runInLinuxVM (

      # Create an empty filesystem and mount it.
      mkfs.${fsType} -L nixos $rootDisk
+      ${optionalString (fsType == "ext4") ''
+        tune2fs -c 0 -i 0 $rootDisk
+      ''}
      mkdir /mnt
      mount $rootDisk /mnt

@@ -85,11 +71,9 @@ pkgs.vmTools.runInLinuxVM (
      printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
          ${config.nix.package.out}/bin/nix-store --load-db --option build-users-group ""

-      ${if fixValidity then ''
-        # Add missing size/hash fields to the database. FIXME:
-        # exportReferencesGraph should provide these directly.
-        ${config.nix.package.out}/bin/nix-store --verify --check-contents --option build-users-group ""
-      '' else ""}
+      # Add missing size/hash fields to the database. FIXME:
+      # exportReferencesGraph should provide these directly.
+      ${config.nix.package.out}/bin/nix-store --verify --check-contents --option build-users-group ""

      # In case the bootloader tries to write to /dev/sda…
      ln -s vda /dev/xvda
@@ -111,45 +95,9 @@ pkgs.vmTools.runInLinuxVM (
      # Remove /etc/machine-id so that each machine cloning this image will get its own id
      rm -f /mnt/etc/machine-id

-      # Copy arbitrary other files into the image
-      # Semi-shamelessly copied from make-etc.sh. I (@copumpkin) shall factor this stuff out as part of
-      # https://github.com/NixOS/nixpkgs/issues/23052.
-      set -f
-      sources_=($sources)
-      targets_=($targets)
-      set +f
-
-      for ((i = 0; i < ''${#targets_[@]}; i++)); do
-        source="''${sources_[$i]}"
-        target="''${targets_[$i]}"
-
-        if [[ "$source" =~ '*' ]]; then
-
-          # If the source name contains '*', perform globbing.
-          mkdir -p /mnt/$target
-          for fn in $source; do
-            rsync -a --no-o --no-g "$fn" /mnt/$target/
-          done
-
-        else
-
-          mkdir -p /mnt/$(dirname $target)
-          if ! [ -e /mnt/$target ]; then
-            rsync -a --no-o --no-g $source /mnt/$target
-          else
-            echo "duplicate entry $target -> $source"
-            exit 1
-          fi
-        fi
-      done
-
      umount /mnt

-      # Make sure resize2fs works. Note that resize2fs has stricter criteria for resizing than a normal
-      # mount, so the `-c 0` and `-i 0` don't affect it. Setting it to `now` doesn't produce deterministic
-      # output, of course, but we can fix that when/if we start making images deterministic.
-      ${optionalString (fsType == "ext4") ''
-        tune2fs -T now -c 0 -i 0 $rootDisk
-      ''}
+      # Do a fsck to make sure resize2fs works.
+      fsck.${fsType} -f -y $rootDisk
    ''
 )
--- a/nixos/lib/make-system-tarball.sh
+++ b/nixos/lib/make-system-tarball.sh
@@ -52,10 +52,9 @@ $extraCommands

 mkdir -p $out/tarball

-rm env-vars
-
-tar --sort=name --mtime='@1' --owner=0 --group=0 --numeric-owner -cvJf $out/tarball/$fileName.tar.xz * $extraArgs
+tar cvJf $out/tarball/$fileName.tar.xz * $extraArgs

 mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
 echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products
+
--- a/nixos/lib/test-driver/Machine.pm
+++ b/nixos/lib/test-driver/Machine.pm
@@ -508,7 +508,7 @@ sub screenshot {
 sub getTTYText {
    my ($self, $tty) = @_;

-    my ($status, $out) = $self->execute("fold -w\$(stty -F /dev/tty${tty} size | awk '{print \$2}') /dev/vcs${tty}");
+    my ($status, $out) = $self->execute("fold -w 80 /dev/vcs${tty}");
    return $out;
 }

@@ -591,14 +591,25 @@ sub getWindowNames {
 }


+sub hasWindow {
+    my ($self, $regexp) = @_;
+    my @names = $self->getWindowNames;
+    foreach my $n (@names) {
+        if ($n =~ /$regexp/) {
+            $self->log("match '$n' on '$regexp'");
+            return 1;
+        } else {
+            $self->log("no match '$n' on '$regexp'");
+        }
+    }
+}
+
+
 sub waitForWindow {
    my ($self, $regexp) = @_;
    $self->nest("waiting for a window to appear", sub {
        retry sub {
-            my @names = $self->getWindowNames;
-            foreach my $n (@names) {
-                return 1 if $n =~ /$regexp/;
-            }
+            return $self->hasWindow($regexp)
        }
    });
 }
@@ -607,42 +618,15 @@ sub waitForWindow {
 sub copyFileFromHost {
    my ($self, $from, $to) = @_;
    my $s = `cat $from` or die;
-    $s =~ s/'/'\\''/g;
-    $self->mustSucceed("echo '$s' > $to");
+    $self->mustSucceed("echo '$s' > $to"); # !!! escaping
 }


-my %charToKey = (
-    '!' => "shift-0x02",
-    '@' => "shift-0x03",
-    '#' => "shift-0x04",
-    '$' => "shift-0x05",
-    '%' => "shift-0x06",
-    '^' => "shift-0x07",
-    '&' => "shift-0x08",
-    '*' => "shift-0x09",
-    '(' => "shift-0x0A",
-    ')' => "shift-0x0B",
-    '-' => "0x0C", '_' => "shift-0x0C",
-    '=' => "0x0D", '+' => "shift-0x0D",
-    '[' => "0x1A", '{' => "shift-0x1A",
-    ']' => "0x1B", '}' => "shift-0x1B",
-    ';' => "0x27", ':' => "shift-0x27",
-   '\'' => "0x28", '"' => "shift-0x28",
-    '`' => "0x29", '~' => "shift-0x29",
-   '\\' => "0x2B", '|' => "shift-0x2B",
-    ',' => "0x33", '<' => "shift-0x33",
-    '.' => "0x34", '>' => "shift-0x34",
-    '/' => "0x35", '?' => "shift-0x35",
-    ' ' => "spc",
-   "\n" => "ret",
-);
-
-
 sub sendKeys {
    my ($self, @keys) = @_;
    foreach my $key (@keys) {
-        $key = $charToKey{$key} if exists $charToKey{$key};
+        $key = "spc" if $key eq " ";
+        $key = "ret" if $key eq "\n";
        $self->sendMonitorCommand("sendkey $key");
    }
 }
--- a/nixos/lib/testing.nix
+++ b/nixos/lib/testing.nix
@@ -93,7 +93,7 @@ rec {

      vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);

-      ocrProg = tesseract;
+      ocrProg = tesseract.override { enableLanguages = [ "eng" ]; };

      # Generate onvenience wrappers for running the test driver
      # interactively with the specified network, and for starting the
@@ -108,16 +108,16 @@ rec {
          mkdir -p $out/bin
          echo "$testScript" > $out/test-script
          ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
-          vms=($(for i in ${toString vms}; do echo $i/bin/run-*-vm; done))
+          vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
          wrapProgram $out/bin/nixos-test-driver \
-            --add-flags "''${vms[*]}" \
+            --add-flags "$vms" \
            ${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \
            --run "testScript=\"\$(cat $out/test-script)\"" \
            --set testScript '$testScript' \
            --set VLANS '${toString vlans}'
          ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
          wrapProgram $out/bin/nixos-run-vms \
-            --add-flags "''${vms[*]}" \
+            --add-flags "$vms" \
            ${lib.optionalString enableOCR "--prefix PATH : '${ocrProg}/bin'"} \
            --set tests 'startAll; joinAll;' \
            --set VLANS '${toString vlans}' \
--- a/nixos/maintainers/scripts/ec2/amazon-image.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-image.nix
@@ -2,34 +2,15 @@

 with lib;

-let
-  cfg = config.amazonImage;
-in {
+{

  imports =
    [ ../../../modules/installer/cd-dvd/channel.nix
      ../../../modules/virtualisation/amazon-image.nix
    ];

-  options.amazonImage = {
-    contents = mkOption {
-      example = literalExample ''
-        [ { source = pkgs.memtest86 + "/memtest.bin";
-            target = "boot/memtest.bin";
-          }
-        ]
-      '';
-      default = [];
-      description = ''
-        This option lists files to be copied to fixed locations in the
-        generated image. Glob patterns work.
-      '';
-    };
-  };
-
-  config.system.build.amazonImage = import ../../../lib/make-disk-image.nix {
+  system.build.amazonImage = import ../../../lib/make-disk-image.nix {
    inherit lib config;
-    inherit (cfg) contents;
    pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
    partitioned = config.ec2.hvm;
    diskSize = if config.ec2.hvm then 2048 else 8192;
--- a/nixos/maintainers/scripts/ec2/create-amis.sh
+++ b/nixos/maintainers/scripts/ec2/create-amis.sh
@@ -1,8 +1,4 @@
-#!/usr/bin/env nix-shell
-#! nix-shell -i bash -p qemu ec2_ami_tools jq ec2_api_tools awscli
-
-# To start with do: nix-shell -p awscli --run "aws configure"
-
+#! /bin/sh -e

 set -o pipefail
 #set -x
@@ -61,7 +57,7 @@ for type in $types; do
                    ami=$(aws ec2 copy-image \
                        --region "$region" \
                        --source-region "$prevRegion" --source-image-id "$prevAmi" \
-                        --name "$name" --description "$description" | jq -r '.ImageId')
+                        --name "$name" --description "$description" | json -q .ImageId)
                    if [ "$ami" = null ]; then break; fi
                else

--- a/nixos/maintainers/scripts/openstack/nova-image.nix
+++ b/nixos/maintainers/scripts/openstack/nova-image.nix
@@ -1,24 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-{
-  imports =
-    [ ../../../modules/installer/cd-dvd/channel.nix
-      ../../../modules/virtualisation/nova-config.nix
-    ];
-
-  system.build.novaImage = import ../../../lib/make-disk-image.nix {
-    inherit lib config;
-    pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
-    diskSize = 8192;
-    format = "qcow2";
-    configFile = pkgs.writeText "configuration.nix"
-      ''
-        {
-          imports = [ <nixpkgs/nixos/modules/virtualisation/nova-config.nix> ];
-        }
-      '';
-  };
-
-}
--- a/nixos/modules/config/debug-info.nix
+++ b/nixos/modules/config/debug-info.nix
@@ -17,10 +17,12 @@ with lib;
        where tools such as <command>gdb</command> can find them.
        If you need debug symbols for a package that doesn't
        provide them by default, you can enable them as follows:
+        <!-- FIXME: ugly, see #10721 -->
        <programlisting>
        nixpkgs.config.packageOverrides = pkgs: {
-          hello = pkgs.hello.overrideAttrs (oldAttrs: {
-            separateDebugInfo = true;
+          hello = overrideDerivation pkgs.hello (attrs: {
+            outputs = attrs.outputs or ["out"] ++ ["debug"];
+            buildInputs = attrs.buildInputs ++ [&lt;nixpkgs/pkgs/build-support/setup-hooks/separate-debug-info.sh>];
          });
        };
        </programlisting>
--- a/nixos/modules/config/fonts/fontconfig.nix
+++ b/nixos/modules/config/fonts/fontconfig.nix
@@ -301,7 +301,9 @@ in
          };

          style = mkOption {
-            type = types.enum ["none" "slight" "medium" "full"];
+            type = types.str // {
+              check = flip elem ["none" "slight" "medium" "full"];
+            };
            default = "full";
            description = ''
              TrueType hinting style, one of <literal>none</literal>,
@@ -327,7 +329,9 @@ in
            default = "rgb";
            type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"];
            description = ''
-              Subpixel order.
+              Subpixel order, one of <literal>none</literal>,
+              <literal>rgb</literal>, <literal>bgr</literal>,
+              <literal>vrgb</literal>, or <literal>vbgr</literal>.
            '';
          };

@@ -335,7 +339,9 @@ in
            default = "default";
            type = types.enum ["none" "default" "light" "legacy"];
            description = ''
-              FreeType LCD filter.
+              FreeType LCD filter, one of <literal>none</literal>,
+              <literal>default</literal>, <literal>light</literal>, or
+              <literal>legacy</literal>.
            '';
          };

--- a/nixos/modules/config/gnu.nix
+++ b/nixos/modules/config/gnu.nix
@@ -7,11 +7,11 @@ with lib;
    gnu = mkOption {
      type = types.bool;
      default = false;
-      description = ''
-        When enabled, GNU software is chosen by default whenever a there is
-        a choice between GNU and non-GNU software (e.g., GNU lsh
-        vs. OpenSSH).
-      '';
+      description =
+        '' When enabled, GNU software is chosen by default whenever a there is
+           a choice between GNU and non-GNU software (e.g., GNU lsh
+           vs. OpenSSH).
+        '';
    };
  };

--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -44,9 +44,8 @@ in
      consolePackages = mkOption {
        type = types.listOf types.package;
        default = with pkgs.kbdKeymaps; [ dvp neo ];
-        defaultText = ''with pkgs.kbdKeymaps; [ dvp neo ]'';
        description = ''
-          List of additional packages that provide console fonts, keymaps and
+	  List of additional packages that provide console fonts, keymaps and
          other resources.
        '';
      };
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -13,7 +13,7 @@ let

  resolvconfOptions = cfg.resolvconfOptions
    ++ optional cfg.dnsSingleRequest "single-request"
-    ++ optional cfg.dnsExtensionMechanism "edns0";
+    ++ optional cfg.dnsExtensionMechanism "ends0";
 in

 {
@@ -29,19 +29,6 @@ in
      '';
    };

-    networking.hostConf = lib.mkOption {
-      type = types.lines;
-      default = "multi on";
-      example = ''
-        multi on
-        reorder on
-        trim lan
-      '';
-      description = ''
-        The contents of <filename>/etc/host.conf</filename>. See also <citerefentry><refentrytitle>host.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.
-      '';
-    };
-
    networking.dnsSingleRequest = lib.mkOption {
      type = types.bool;
      default = false;
@@ -57,7 +44,7 @@ in

    networking.dnsExtensionMechanism = lib.mkOption {
      type = types.bool;
-      default = true;
+      default = false;
      description = ''
        Enable the <code>edns0</code> option in <filename>resolv.conf</filename>. With
        that option set, <code>glibc</code> supports use of the extension mechanisms for
@@ -84,18 +71,6 @@ in
      '';
    };

-    networking.timeServers = mkOption {
-      default = [
-        "0.nixos.pool.ntp.org"
-        "1.nixos.pool.ntp.org"
-        "2.nixos.pool.ntp.org"
-        "3.nixos.pool.ntp.org"
-      ];
-      description = ''
-        The set of NTP servers from which to synchronise.
-      '';
-    };
-
    networking.proxy = {

      default = lib.mkOption {
@@ -196,9 +171,6 @@ in
            ${cfg.extraHosts}
          '';

-        # /etc/host.conf: resolver configuration file
-        "host.conf".text = cfg.hostConf;
-
        # /etc/resolvconf.conf: Configuration for openresolv.
        "resolvconf.conf".text =
            ''
@@ -251,11 +223,16 @@ in
    # Install the proxy environment variables
    environment.sessionVariables = cfg.proxy.envVars;

+    # The ‘ip-up’ target is started when we have IP connectivity.  So
+    # services that depend on IP connectivity (like ntpd) should be
+    # pulled in by this target.
+    systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
+
    # This is needed when /etc/resolv.conf is being overriden by networkd
    # and other configurations. If the file is destroyed by an environment
    # activation then it must be rebuilt so that applications which interface
    # with /etc/resolv.conf directly don't break.
-    system.activationScripts.resolvconf = stringAfter [ "etc" "specialfs" "var" ]
+    system.activationScripts.resolvconf = stringAfter [ "etc" "tmpfs" "var" ]
      ''
        # Systemd resolved controls its own resolv.conf
        rm -f /run/resolvconf/interfaces/systemd
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@@ -9,28 +9,10 @@ let
  inherit (config.services.avahi) nssmdns;
  inherit (config.services.samba) nsswins;
  ldap = (config.users.ldap.enable && config.users.ldap.nsswitch);
-  sssd = config.services.sssd.enable;

-  hostArray = [ "files" "mymachines" ]
-    ++ optionals nssmdns [ "mdns_minimal [!UNAVAIL=return]" ]
-    ++ optionals nsswins [ "wins" ]
-    ++ [ "dns" ]
-    ++ optionals nssmdns [ "mdns" ]
-    ++ ["myhostname" ];
+in

-  passwdArray = [ "files" ]
-    ++ optional sssd "sss"
-    ++ optionals ldap [ "ldap" ]
-    ++ [ "mymachines" ];
-
-  shadowArray = [ "files" ]
-    ++ optional sssd "sss"
-    ++ optionals ldap [ "ldap" ];
-
-  servicesArray = [ "files" ]
-    ++ optional sssd "sss";
-
-in {
+{
  options = {

    # NSS modules.  Hacky!
@@ -57,19 +39,17 @@ in {
    # Name Service Switch configuration file.  Required by the C
    # library.  !!! Factor out the mdns stuff.  The avahi module
    # should define an option used by this module.
-    environment.etc."nsswitch.conf".text = ''
-      passwd:    ${concatStringsSep " " passwdArray}
-      group:     ${concatStringsSep " " passwdArray}
-      shadow:    ${concatStringsSep " " shadowArray}
-
-      hosts:     ${concatStringsSep " " hostArray}
-      networks:  files
-
-      ethers:    files
-      services:  ${concatStringsSep " " servicesArray}
-      protocols: files
-      rpc:       files
-    '';
+    environment.etc."nsswitch.conf".text =
+      ''
+        passwd:    files ${optionalString ldap "ldap"}
+        group:     files ${optionalString ldap "ldap"}
+        shadow:    files ${optionalString ldap "ldap"}
+        hosts:     files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname mymachines
+        networks:  files dns
+        ethers:    files
+        services:  files
+        protocols: files
+      '';

    # Systemd provides nss-myhostname to ensure that our hostname
    # always resolves to a valid IP address.  It returns all locally
--- a/nixos/modules/config/power-management.nix
+++ b/nixos/modules/config/power-management.nix
@@ -69,7 +69,7 @@ in

  config = mkIf cfg.enable {

-    # Leftover for old setups, should be set by nixos-generate-config now
+    # FIXME: Implement powersave governor for sandy bridge or later Intel CPUs
    powerManagement.cpuFreqGovernor = mkDefault "ondemand";

    systemd.targets.post-resume = {
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@@ -108,7 +108,7 @@ in {
        type = types.bool;
        default = false;
        description = ''
-          Whether to include the 32-bit pulseaudio libraries in the system or not.
+          Whether to include the 32-bit pulseaudio libraries in the systemn or not.
          This is only useful on 64-bit systems and currently limited to x86_64-linux.
        '';
      };
@@ -160,13 +160,6 @@ in {
            if activated.
          '';
        };
-
-        config = mkOption {
-          type = types.attrsOf types.unspecified;
-          default = {};
-          description = ''Config of the pulse daemon. See <literal>man pulse-daemon.conf</literal>.'';
-          example = literalExample ''{ flat-volumes = "no"; }'';
-        };
      };

      zeroconf = {
@@ -211,18 +204,14 @@ in {
    (mkIf cfg.enable {
      environment.systemPackages = [ overriddenPackage ];

-      environment.etc = [
-        { target = "asound.conf";
-          source = alsaConf; }
-
-        { target = "pulse/daemon.conf";
-          source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }
-      ];
+      environment.etc = singleton {
+        target = "asound.conf";
+        source = alsaConf;
+      };

      # Allow PulseAudio to get realtime priority using rtkit.
      security.rtkit.enable = true;

-      systemd.packages = [ cfg.package ];
    })

    (mkIf hasZeroconf {
@@ -238,14 +227,31 @@ in {
        target = "pulse/default.pa";
        source = myConfigFile;
      };
+
      systemd.user = {
        services.pulseaudio = {
+          description = "PulseAudio Server";
+          # NixOS doesn't support "Also" so we bring it in manually
+          wantedBy = [ "default.target" ];
          serviceConfig = {
+            Type = "notify";
+            ExecStart = binaryNoDaemon;
+            Restart = "on-failure";
            RestartSec = "500ms";
          };
          environment = { DISPLAY = ":${toString config.services.xserver.display}"; };
          restartIfChanged = true;
        };
+
+        sockets.pulseaudio = {
+          description = "PulseAudio Socket";
+          wantedBy = [ "sockets.target" ];
+          socketConfig = {
+            Priority = 6;
+            Backlog = 5;
+            ListenStream = "%t/pulse/native";
+          };
+        };
      };
    })

@@ -274,8 +280,6 @@ in {
          RestartSec = "500ms";
        };
      };
-
-      environment.variables.PULSE_COOKIE = "${stateDir}/.config/pulse/cookie";
    })
  ];

--- a/nixos/modules/config/shells-environment.nix
+++ b/nixos/modules/config/shells-environment.nix
@@ -41,7 +41,7 @@ in
        strings.  The latter is concatenated, interspersed with colon
        characters.
      '';
-      type = with types; attrsOf (either str (listOf str));
+      type = types.attrsOf (types.loeOf types.str);
      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
    };

@@ -168,7 +168,7 @@ in

         ${cfg.extraInit}

-         # The setuid/setcap wrappers override other bin directories.
+         # The setuid wrappers override other bin directories.
         export PATH="${config.security.wrapperDir}:$PATH"

         # ~/bin if it exists overrides other bin directories.
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@@ -64,9 +64,5 @@ in
    # Removed under grsecurity.
    boot.kernel.sysctl."kernel.kptr_restrict" =
      if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
-
-    # Disable YAMA by default to allow easy debugging.
-    boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
-
  };
 }
--- a/nixos/modules/config/system-environment.nix
+++ b/nixos/modules/config/system-environment.nix
@@ -23,7 +23,7 @@ in
        strings.  The latter is concatenated, interspersed with colon
        characters.
      '';
-      type = with types; attrsOf (either str (listOf str));
+      type = types.attrsOf (types.loeOf types.str);
      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
    };

--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -34,7 +34,7 @@ let
      config.programs.ssh.package
      pkgs.perl
      pkgs.procps
-      pkgs.rsync
+      pkgs.rsync # used by nixos-install anyway
      pkgs.strace
      pkgs.su
      pkgs.time
@@ -118,7 +118,6 @@ in
        "/share/terminfo"
        "/share/themes"
        "/share/vim-plugins"
-        "/share/vulkan"
      ];

    system.path = pkgs.buildEnv {
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -6,21 +6,6 @@ use JSON;
 make_path("/var/lib/nixos", { mode => 0755 });


-# Keep track of deleted uids and gids.
-my $uidMapFile = "/var/lib/nixos/uid-map";
-my $uidMap = -e $uidMapFile ? decode_json(read_file($uidMapFile)) : {};
-
-my $gidMapFile = "/var/lib/nixos/gid-map";
-my $gidMap = -e $gidMapFile ? decode_json(read_file($gidMapFile)) : {};
-
-
-sub updateFile {
-    my ($path, $contents, $perms) = @_;
-    write_file("$path.tmp", { binmode => ':utf8', perms => $perms // 0644 }, $contents);
-    rename("$path.tmp", $path) or die;
-}
-
-
 sub hashPassword {
    my ($password) = @_;
    my $salt = "";
@@ -33,10 +18,10 @@ sub hashPassword {
 # Functions for allocating free GIDs/UIDs. FIXME: respect ID ranges in
 # /etc/login.defs.
 sub allocId {
-    my ($used, $prevUsed, $idMin, $idMax, $up, $getid) = @_;
+    my ($used, $idMin, $idMax, $up, $getid) = @_;
    my $id = $up ? $idMin : $idMax;
    while ($id >= $idMin && $id <= $idMax) {
-        if (!$used->{$id} && !$prevUsed->{$id} && !defined &$getid($id)) {
+        if (!$used->{$id} && !defined &$getid($id)) {
            $used->{$id} = 1;
            return $id;
        }
@@ -46,36 +31,23 @@ sub allocId {
    die "$0: out of free UIDs or GIDs\n";
 }

-my (%gidsUsed, %uidsUsed, %gidsPrevUsed, %uidsPrevUsed);
+my (%gidsUsed, %uidsUsed);

 sub allocGid {
-    my ($name) = @_;
-    my $prevGid = $gidMap->{$name};
-    if (defined $prevGid && !defined $gidsUsed{$prevGid}) {
-        print STDERR "reviving group '$name' with GID $prevGid\n";
-        $gidsUsed{$prevGid} = 1;
-        return $prevGid;
-    }
-    return allocId(\%gidsUsed, \%gidsPrevUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
+    return allocId(\%gidsUsed, 400, 499, 0, sub { my ($gid) = @_; getgrgid($gid) });
 }

 sub allocUid {
-    my ($name, $isSystemUser) = @_;
+    my ($isSystemUser) = @_;
    my ($min, $max, $up) = $isSystemUser ? (400, 499, 0) : (1000, 29999, 1);
-    my $prevUid = $uidMap->{$name};
-    if (defined $prevUid && $prevUid >= $min && $prevUid <= $max && !defined $uidsUsed{$prevUid}) {
-        print STDERR "reviving user '$name' with UID $prevUid\n";
-        $uidsUsed{$prevUid} = 1;
-        return $prevUid;
-    }
-    return allocId(\%uidsUsed, \%uidsPrevUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
+    return allocId(\%uidsUsed, $min, $max, $up, sub { my ($uid) = @_; getpwuid($uid) });
 }


 # Read the declared users/groups.
 my $spec = decode_json(read_file($ARGV[0]));

-# Don't allocate UIDs/GIDs that are manually assigned.
+# Don't allocate UIDs/GIDs that are already in use.
 foreach my $g (@{$spec->{groups}}) {
    $gidsUsed{$g->{gid}} = 1 if defined $g->{gid};
 }
@@ -84,11 +56,6 @@ foreach my $u (@{$spec->{users}}) {
    $uidsUsed{$u->{uid}} = 1 if defined $u->{uid};
 }

-# Likewise for previously used but deleted UIDs/GIDs.
-$uidsPrevUsed{$_} = 1 foreach values %{$uidMap};
-$gidsPrevUsed{$_} = 1 foreach values %{$gidMap};
-
-
 # Read the current /etc/group.
 sub parseGroup {
    chomp;
@@ -147,18 +114,16 @@ foreach my $g (@{$spec->{groups}}) {
            }
        }
    } else {
-        $g->{gid} = allocGid($name) if !defined $g->{gid};
+        $g->{gid} = allocGid if !defined $g->{gid};
        $g->{password} = "x";
    }

    $g->{members} = join ",", sort(keys(%members));
    $groupsOut{$name} = $g;
-
-    $gidMap->{$name} = $g->{gid};
 }

 # Update the persistent list of declarative groups.
-updateFile($declGroupsFile, join(" ", sort(keys %groupsOut)));
+write_file($declGroupsFile, { binmode => ':utf8' }, join(" ", sort(keys %groupsOut)));

 # Merge in the existing /etc/group.
 foreach my $name (keys %groupsCur) {
@@ -175,8 +140,8 @@ foreach my $name (keys %groupsCur) {
 # Rewrite /etc/group. FIXME: acquire lock.
 my @lines = map { join(":", $_->{name}, $_->{password}, $_->{gid}, $_->{members}) . "\n" }
    (sort { $a->{gid} <=> $b->{gid} } values(%groupsOut));
-updateFile($gidMapFile, encode_json($gidMap));
-updateFile("/etc/group", \@lines);
+write_file("/etc/group.tmp", { binmode => ':utf8' }, @lines);
+rename("/etc/group.tmp", "/etc/group") or die;
 system("nscd --invalidate group");

 # Generate a new /etc/passwd containing the declared users.
@@ -202,7 +167,7 @@ foreach my $u (@{$spec->{users}}) {
            $u->{uid} = $existing->{uid};
        }
    } else {
-        $u->{uid} = allocUid($name, $u->{isSystemUser}) if !defined $u->{uid};
+        $u->{uid} = allocUid($u->{isSystemUser}) if !defined $u->{uid};

        if (defined $u->{initialPassword}) {
            $u->{hashedPassword} = hashPassword($u->{initialPassword});
@@ -230,12 +195,10 @@ foreach my $u (@{$spec->{users}}) {

    $u->{fakePassword} = $existing->{fakePassword} // "x";
    $usersOut{$name} = $u;
-
-    $uidMap->{$name} = $u->{uid};
 }

 # Update the persistent list of declarative users.
-updateFile($declUsersFile, join(" ", sort(keys %usersOut)));
+write_file($declUsersFile, { binmode => ':utf8' }, join(" ", sort(keys %usersOut)));

 # Merge in the existing /etc/passwd.
 foreach my $name (keys %usersCur) {
@@ -251,8 +214,8 @@ foreach my $name (keys %usersCur) {
 # Rewrite /etc/passwd. FIXME: acquire lock.
@lines = map { join(":", $_->{name}, $_->{fakePassword}, $_->{uid}, $_->{gid}, $_->{description}, $_->{home}, $_->{shell}) . "\n" }
    (sort { $a->{uid} <=> $b->{uid} } (values %usersOut));
-updateFile($uidMapFile, encode_json($uidMap));
-updateFile("/etc/passwd", \@lines);
+write_file("/etc/passwd.tmp", { binmode => ':utf8' }, @lines);
+rename("/etc/passwd.tmp", "/etc/passwd") or die;
 system("nscd --invalidate passwd");


@@ -279,4 +242,5 @@ foreach my $u (values %usersOut) {
    push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
 }

-updateFile("/etc/shadow", \@shadowNew, 0600);
+write_file("/etc/shadow.tmp", { binmode => ':utf8', perms => 0600 }, @shadowNew);
+rename("/etc/shadow.tmp", "/etc/shadow") or die;
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -131,12 +131,13 @@ let
      };

      subUidRanges = mkOption {
-        type = with types; listOf (submodule subordinateUidRange);
+        type = types.listOf types.optionSet;
        default = [];
        example = [
          { startUid = 1000; count = 1; }
          { startUid = 100001; count = 65534; }
        ];
+        options = [ subordinateUidRange ];
        description = ''
          Subordinate user ids that user is allowed to use.
          They are set into <filename>/etc/subuid</filename> and are used
@@ -145,12 +146,13 @@ let
      };

      subGidRanges = mkOption {
-        type = with types; listOf (submodule subordinateGidRange);
+        type = types.listOf types.optionSet;
        default = [];
        example = [
          { startGid = 100; count = 1; }
          { startGid = 1001; count = 999; }
        ];
+        options = [ subordinateGidRange ];
        description = ''
          Subordinate group ids that user is allowed to use.
          They are set into <filename>/etc/subgid</filename> and are used
@@ -308,36 +310,32 @@ let
  };

  subordinateUidRange = {
-    options = {
-      startUid = mkOption {
-        type = types.int;
-        description = ''
-          Start of the range of subordinate user ids that user is
-          allowed to use.
-        '';
-      };
-      count = mkOption {
-        type = types.int;
-        default = 1;
-        description = ''Count of subordinate user ids'';
-      };
+    startUid = mkOption {
+      type = types.int;
+      description = ''
+        Start of the range of subordinate user ids that user is
+        allowed to use.
+      '';
+    };
+    count = mkOption {
+      type = types.int;
+      default = 1;
+      description = ''Count of subordinate user ids'';
    };
  };

  subordinateGidRange = {
-    options = {
-      startGid = mkOption {
-        type = types.int;
-        description = ''
-          Start of the range of subordinate group ids that user is
-          allowed to use.
-        '';
-      };
-      count = mkOption {
-        type = types.int;
-        default = 1;
-        description = ''Count of subordinate group ids'';
-      };
+    startGid = mkOption {
+      type = types.int;
+      description = ''
+        Start of the range of subordinate group ids that user is
+        allowed to use.
+      '';
+    };
+    count = mkOption {
+      type = types.int;
+      default = 1;
+      description = ''Count of subordinate group ids'';
    };
  };

@@ -430,7 +428,7 @@ in {

    users.users = mkOption {
      default = {};
-      type = with types; loaOf (submodule userOpts);
+      type = types.loaOf types.optionSet;
      example = {
        alice = {
          uid = 1234;
@@ -446,6 +444,7 @@ in {
        Additional user accounts to be created automatically by the system.
        This can also be used to set options for root.
      '';
+      options = [ userOpts ];
    };

    users.groups = mkOption {
@@ -454,10 +453,11 @@ in {
        { students.gid = 1001;
          hackers = { };
        };
-      type = with types; loaOf (submodule groupOpts);
+      type = types.loaOf types.optionSet;
      description = ''
        Additional groups to be created automatically by the system.
      '';
+      options = [ groupOpts ];
    };

    # FIXME: obsolete - will remove.
--- a/nixos/modules/hardware/ckb.nix
+++ b/nixos/modules/hardware/ckb.nix
@@ -1,40 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.hardware.ckb;
-
-in
-  {
-    options.hardware.ckb = {
-      enable = mkEnableOption "the Corsair keyboard/mouse driver";
-
-      package = mkOption {
-        type = types.package;
-        default = pkgs.ckb;
-        defaultText = "pkgs.ckb";
-        description = ''
-          The package implementing the Corsair keyboard/mouse driver.
-        '';
-      };
-    };
-
-    config = mkIf cfg.enable {
-      environment.systemPackages = [ cfg.package ];
-
-      systemd.services.ckb = {
-        description = "Corsair Keyboard Daemon";
-        wantedBy = ["multi-user.target"];
-        script = "${cfg.package}/bin/ckb-daemon";
-        serviceConfig = {
-          Restart = "always";
-          StandardOutput = "syslog";
-        };
-      };
-    };
-
-    meta = {
-      maintainers = with lib.maintainers; [ kierdavis ];
-    };
-  }
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .03
 .09