pkgs: Add _type = "pkgs"

(cherry picked from commit ad1e2500ef) (cherry picked from commit aec730a0af)
ip2unix: 2.1.3 -> 2.1.4
2026-06-09 14:53:47 +00:00 · 2022-05-02 09:54:44 +02:00 · 2021-07-10 02:20:35 +02:00 · 2020-09-24 14:55:48 +02:00 · 2020-09-24 14:53:59 +02:00 · 2020-06-19 00:10:22 +02:00
990 changed files with 31725 additions and 19391 deletions
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -51,4 +51,4 @@ For package version upgrades and such a one-line commit message is usually suffi

 ## Reviewing contributions

-See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#sec-reviewing-contributions).
+See the nixpkgs manual for more details on how to [Review contributions](https://nixos.org/nixpkgs/manual/#chap-reviewing-contributions).
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,4 +1,4 @@
-<!-- Nixpkgs has a lot of new incoming Pull Requests, but not enough people to review this constant stream. Even if you aren't a committer, we would appreciate reviews of other PRs, especially simple ones like package updates. Just testing the relevant package/service and leaving a comment saying what you tested, how you tested it and whether it worked would be great. List of open PRs: <https://github.com/NixOS/nixpkgs/pulls>, for more about reviewing contributions: <https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#sec-reviewing-contributions>. Reviewing isn't mandatory, but it would help out a lot and reduce the average time-to-merge for all of us. Thanks a lot if you do! -->
+<!-- Nixpkgs has a lot of new incoming Pull Requests, but not enough people to review this constant stream. Even if you aren't a committer, we would appreciate reviews of other PRs, especially simple ones like package updates. Just testing the relevant package/service and leaving a comment saying what you tested, how you tested it and whether it worked would be great. List of open PRs: <https://github.com/NixOS/nixpkgs/pulls>, for more about reviewing contributions: <https://hydra.nixos.org/job/nixpkgs/trunk/manual/latest/download/1/nixpkgs/manual.html#chap-reviewing-contributions>. Reviewing isn't mandatory, but it would help out a lot and reduce the average time-to-merge for all of us. Thanks a lot if you do! -->
 ###### Motivation for this change


@@ -12,7 +12,7 @@
   - [ ] macOS
   - [ ] other Linux distributions
 - [ ] Tested via one or more NixOS test(s) if existing and applicable for the change (look inside [nixos/tests](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests))
- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nix-review --run "nix-review wip"`
+- [ ] Tested compilation of all pkgs that depend on this change using `nix-shell -p nixpkgs-review --run "nixpkgs-review wip"`
 - [ ] Tested execution of all binary files (usually in `./result/bin/`)
 - [ ] Determined the impact on package closure size (by running `nix path-info -S` before and after)
 - [ ] Ensured that relevant documentation is up to date
--- a/doc/functions/fetchers.xml
+++ b/doc/functions/fetchers.xml
@@ -1,8 +1,8 @@
-<section xmlns="http://docbook.org/ns/docbook"
+<chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
-         xml:id="sec-pkgs-fetchers">
- <title>Fetcher functions</title>
+         xml:id="chap-pkgs-fetchers">
+ <title>Fetchers</title>

 <para>
  When using Nix, you will frequently need to download source code and other files from the internet. Nixpkgs comes with a few helper functions that allow you to fetch fixed-output derivations in a structured way.
@@ -145,4 +145,4 @@ stdenv.mkDerivation {
   </listitem>
  </varlistentry>
 </variablelist>
-</section>
+</chapter>
--- a/doc/builders/images.xml
+++ b/doc/builders/images.xml
@@ -0,0 +1,12 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         xml:id="chap-images">
+ <title>Images</title>
+ <para>
+  This chapter describes tools for creating various types of images.
+ </para>
+ <xi:include href="images/appimagetools.xml" />
+ <xi:include href="images/dockertools.xml" />
+ <xi:include href="images/ocitools.xml" />
+ <xi:include href="images/snaptools.xml" />
+</chapter>
--- a/doc/builders/images/appimagetools.xml
+++ b/doc/builders/images/appimagetools.xml
--- a/doc/builders/images/dockertools.xml
+++ b/doc/builders/images/dockertools.xml
--- a/doc/builders/images/ocitools.xml
+++ b/doc/builders/images/ocitools.xml
--- a/doc/builders/images/snap/example-firefox.nix
+++ b/doc/builders/images/snap/example-firefox.nix
--- a/doc/builders/images/snap/example-hello.nix
+++ b/doc/builders/images/snap/example-hello.nix
--- a/doc/builders/images/snaptools.xml
+++ b/doc/builders/images/snaptools.xml
--- a/doc/builders/special.xml
+++ b/doc/builders/special.xml
@@ -0,0 +1,12 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         xml:id="chap-special">
+ <title>Special builders</title>
+ <para>
+  This chapter describes several special builders.
+ </para>
+ <xi:include href="special/fhs-environments.xml" />
+ <xi:include href="special/mkshell.xml" />
+</chapter>
+
+
--- a/doc/builders/special/fhs-environments.xml
+++ b/doc/builders/special/fhs-environments.xml
--- a/doc/builders/special/mkshell.xml
+++ b/doc/builders/special/mkshell.xml
--- a/doc/functions/trivial-builders.xml
+++ b/doc/functions/trivial-builders.xml
@@ -1,7 +1,7 @@
-<section xmlns="http://docbook.org/ns/docbook"
+<chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
-         xml:id="sec-trivial-builders">
+         xml:id="chap-trivial-builders">
 <title>Trivial builders</title>

 <para>
@@ -76,4 +76,4 @@
   </listitem>
  </varlistentry>
 </variablelist>
-</section>
+</chapter>
--- a/doc/configuration.xml
+++ b/doc/configuration.xml
@@ -141,11 +141,10 @@
     For a more useful example, try the following. This configuration only allows unfree packages named flash player and visual studio code:
 <programlisting>
 {
-  allowUnfreePredicate = (pkg: builtins.elem
-    (builtins.parseDrvName pkg.name).name [
-      "flashplayer"
-      "vscode"
-    ]);
+  allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "flashplayer"
+    "vscode"
+  ];
 }
 </programlisting>
    </para>
@@ -217,7 +216,7 @@
     The following configuration example only allows insecure packages with very short names:
 <programlisting>
 {
-  allowInsecurePredicate = (pkg: (builtins.stringLength (builtins.parseDrvName pkg.name).name) &lt;= 5);
+  allowInsecurePredicate = pkg: builtins.stringLength (lib.getName pkg) &lt;= 5;
 }
 </programlisting>
    </para>
--- a/doc/contributing-to-documentation.xml
+++ b/doc/contributing-to-documentation.xml
--- a/doc/cross-compilation.xml
+++ b/doc/cross-compilation.xml
@@ -256,7 +256,7 @@
     </question>
     <answer>
      <para>
-<programlisting>doCheck = stdenv.hostPlatform != stdenv.buildPlatfrom;</programlisting>
+<programlisting>doCheck = stdenv.hostPlatform == stdenv.buildPlatfrom;</programlisting>
       Add it to your <function>mkDerivation</function> invocation.
      </para>
     </answer>
@@ -348,12 +348,12 @@ nix-build &lt;nixpkgs&gt; --arg crossSystem '{ config = "&lt;arch&gt;-&lt;os&gt;
      </para>
     </listitem>
    </orderedlist>
-    In each stage, <varname>pkgsBuildHost</varname> refers the the previous stage, <varname>pkgsBuildBuild</varname> refers to the one before that, and <varname>pkgsHostTarget</varname> refers to the current one, and <varname>pkgsTargetTarget</varname> refers to the next one. When there is no previous or next stage, they instead refer to the current stage. Note how all the invariants regarding the mapping between dependency and depending packages' build host and target platforms are preserved. <varname>pkgsBuildTarget</varname> and <varname>pkgsHostHost</varname> are more complex in that the stage fitting the requirements isn't always a fixed chain of "prevs" and "nexts" away (modulo the "saturating" self-references at the ends). We just special case each instead. All the primary edges are implemented is in <filename>pkgs/stdenv/booter.nix</filename>, and secondarily aliases in <filename>pkgs/top-level/stage.nix</filename>.
+    In each stage, <varname>pkgsBuildHost</varname> refers to the previous stage, <varname>pkgsBuildBuild</varname> refers to the one before that, and <varname>pkgsHostTarget</varname> refers to the current one, and <varname>pkgsTargetTarget</varname> refers to the next one. When there is no previous or next stage, they instead refer to the current stage. Note how all the invariants regarding the mapping between dependency and depending packages' build host and target platforms are preserved. <varname>pkgsBuildTarget</varname> and <varname>pkgsHostHost</varname> are more complex in that the stage fitting the requirements isn't always a fixed chain of "prevs" and "nexts" away (modulo the "saturating" self-references at the ends). We just special case each instead. All the primary edges are implemented is in <filename>pkgs/stdenv/booter.nix</filename>, and secondarily aliases in <filename>pkgs/top-level/stage.nix</filename>.
   </para>

   <note>
    <para>
-     Note the native stages are bootstrapped in legacy ways that predate the current cross implementation. This is why the the bootstrapping stages leading up to the final stages are ignored inthe previous paragraph.
+     Note the native stages are bootstrapped in legacy ways that predate the current cross implementation. This is why the bootstrapping stages leading up to the final stages are ignored inthe previous paragraph.
    </para>
   </note>

--- a/doc/doc-support/parameters.xml
+++ b/doc/doc-support/parameters.xml
@@ -8,7 +8,7 @@
 <xsl:param name="html.script" select="'./highlightjs/highlight.pack.js ./highlightjs/loader.js'" />
 <xsl:param name="xref.with.number.and.title" select="1" />
 <xsl:param name="use.id.as.filename" select="1" />
- <xsl:param name="toc.section.depth" select="3" />
+ <xsl:param name="toc.section.depth" select="0" />
 <xsl:param name="admon.style" select="''" />
 <xsl:param name="callout.graphics.extension" select="'.svg'" />
 </xsl:stylesheet>
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -7,17 +7,8 @@
  The nixpkgs repository has several utility functions to manipulate Nix expressions.
 </para>
 <xi:include href="functions/library.xml" />
- <xi:include href="functions/overrides.xml" />
 <xi:include href="functions/generators.xml" />
 <xi:include href="functions/debug.xml" />
- <xi:include href="functions/fetchers.xml" />
- <xi:include href="functions/trivial-builders.xml" />
- <xi:include href="functions/fhs-environments.xml" />
- <xi:include href="functions/shell.xml" />
- <xi:include href="functions/dockertools.xml" />
- <xi:include href="functions/snaptools.xml" />
- <xi:include href="functions/appimagetools.xml" />
 <xi:include href="functions/prefer-remote-fetch.xml" />
 <xi:include href="functions/nix-gitignore.xml" />
- <xi:include href="functions/ocitools.xml" />
 </chapter>
--- a/doc/languages-frameworks/android.section.md
+++ b/doc/languages-frameworks/android.section.md
@@ -95,7 +95,7 @@ $ nix-build

 The Android SDK gets deployed with all desired plugin versions.

-We can also deploy subsets of the Android SDK. For example, to only the the
+We can also deploy subsets of the Android SDK. For example, to only the
 `platform-tools` package, you can evaluate the following expression:

 ```nix
--- a/doc/languages-frameworks/emscripten.section.md
+++ b/doc/languages-frameworks/emscripten.section.md
@@ -1,4 +1,4 @@
-# User's Guide to Emscripten in Nixpkgs
+# Emscripten

 [Emscripten](https://github.com/kripken/emscripten): An LLVM-to-JavaScript Compiler

--- a/doc/languages-frameworks/gnome.xml
+++ b/doc/languages-frameworks/gnome.xml
@@ -224,7 +224,7 @@ mkDerivation {
    </term>
    <listitem>
     <para>
-      You can rely on applications depending on the library set the necessary environment variables but that it often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
+      You can rely on applications depending on the library setting the necessary environment variables but that is often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
      <itemizedlist>
       <listitem xml:id="ssec-gnome-common-issues-unwrappable-package-gnome-shell-ext">
        <para>
--- a/doc/languages-frameworks/haskell.section.md
+++ b/doc/languages-frameworks/haskell.section.md
@@ -3,7 +3,7 @@ title: User's Guide for Haskell in Nixpkgs
 author: Peter Simons
 date: 2015-06-01
 ---
-# User's Guide to the Haskell Infrastructure
+# Haskell


 ## How to install Haskell packages
--- a/doc/languages-frameworks/idris.section.md
+++ b/doc/languages-frameworks/idris.section.md
@@ -1,4 +1,4 @@
-# Idris packages
+# Idris

 ## Installing Idris

--- a/doc/languages-frameworks/index.xml
+++ b/doc/languages-frameworks/index.xml
@@ -1,7 +1,7 @@
 <chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         xml:id="chap-language-support">
- <title>Support for specific programming languages and frameworks</title>
+ <title>Languages and frameworks</title>
 <para>
  The <link linkend="chap-stdenv">standard build environment</link> makes it easy to build typical Autotools-based packages with very little code. Any other kind of package can be accomodated by overriding the appropriate phases of <literal>stdenv</literal>. However, there are specialised functions in Nixpkgs to easily build packages for other programming languages, such as Perl or Haskell. These are described in this chapter.
 </para>
@@ -9,6 +9,8 @@
 <xi:include href="beam.xml" />
 <xi:include href="bower.xml" />
 <xi:include href="coq.xml" />
+ <xi:include href="crystal.section.xml" />
+ <xi:include href="emscripten.section.xml" />
 <xi:include href="gnome.xml" />
 <xi:include href="go.xml" />
 <xi:include href="haskell.section.xml" />
@@ -27,6 +29,4 @@
 <xi:include href="texlive.xml" />
 <xi:include href="titanium.section.xml" />
 <xi:include href="vim.section.xml" />
- <xi:include href="emscripten.section.xml" />
- <xi:include href="crystal.section.xml" />
 </chapter>
--- a/doc/languages-frameworks/ios.section.md
+++ b/doc/languages-frameworks/ios.section.md
@@ -1,7 +1,7 @@
 ---
 title: iOS
 author: Sander van der Burg
-date: 2018-11-18
+date: 2019-11-10
 ---
 # iOS

@@ -217,3 +217,13 @@ xcode.simulateApp {

 By providing the result of an `xcode.buildApp {}` function and configuring the
 app bundle id, the app gets deployed automatically and started.
+
+Troubleshooting
+---------------
+In some rare cases, it may happen that after a failure, changes are not picked
+up. Most likely, this is caused by a derived data cache that Xcode maintains.
+To wipe it you can run:
+
+```bash
+$ rm -rf ~/Library/Developer/Xcode/DerivedData
+```
--- a/doc/languages-frameworks/node.section.md
+++ b/doc/languages-frameworks/node.section.md
@@ -1,5 +1,5 @@
-Node.js packages
-================
+Node.js
+=======
 The `pkgs/development/node-packages` folder contains a generated collection of
 [NPM packages](https://npmjs.com/) that can be installed with the Nix package
 manager.
--- a/doc/languages-frameworks/python.section.md
+++ b/doc/languages-frameworks/python.section.md
@@ -803,6 +803,9 @@ should be used with `ignoreCollisions = true`.
 The following are setup hooks specifically for Python packages. Most of these are
 used in `buildPythonPackage`.

+- `eggUnpackhook` to move an egg to the correct folder so it can be installed with the `eggInstallHook`
+- `eggBuildHook` to skip building for eggs.
+- `eggInstallHook` to install eggs.
 - `flitBuildHook` to build a wheel using `flit`.
 - `pipBuildHook` to build a wheel using `pip` and PEP 517. Note a build system (e.g. `setuptools` or `flit`) should still be added as `nativeBuildInput`.
 - `pipInstallHook` to install wheels.
--- a/doc/languages-frameworks/r.section.md
+++ b/doc/languages-frameworks/r.section.md
@@ -1,5 +1,5 @@
-R packages
-==========
+R
+=

 ## Installation

--- a/doc/languages-frameworks/rust.section.md
+++ b/doc/languages-frameworks/rust.section.md
@@ -4,7 +4,7 @@ author: Matthias Beyer
 date: 2017-03-05
 ---

-# User's Guide to the Rust Infrastructure
+# Rust

 To install the rust compiler and cargo put

@@ -188,7 +188,7 @@ argument and returns a set that contains all attribute that should be
 overwritten.

 For more complicated cases, such as when parts of the crate's
-derivation depend on the the crate's version, the `attrs` argument of
+derivation depend on the crate's version, the `attrs` argument of
 the override above can be read, as in the following example, which
 patches the derivation:

--- a/doc/languages-frameworks/vim.section.md
+++ b/doc/languages-frameworks/vim.section.md
@@ -3,7 +3,7 @@ title: User's Guide for Vim in Nixpkgs
 author: Marc Weber
 date: 2016-06-25
 ---
-# User's Guide to Vim Plugins/Addons/Bundles/Scripts in Nixpkgs
+# Vim

 Both Neovim and Vim can be configured to include your favorite plugins
 and additional libraries.
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -1,25 +1,41 @@
 <book xmlns="http://docbook.org/ns/docbook"
      xmlns:xi="http://www.w3.org/2001/XInclude">
 <info>
-  <title>Nixpkgs Users and Contributors Guide</title>
+  <title>Nixpkgs Manual</title>
  <subtitle>Version <xi:include href=".version" parse="text" />
  </subtitle>
 </info>
 <xi:include href="introduction.chapter.xml" />
- <xi:include href="quick-start.xml" />
- <xi:include href="package-specific-user-notes.xml" />
- <xi:include href="stdenv.xml" />
- <xi:include href="multiple-output.xml" />
- <xi:include href="cross-compilation.xml" />
- <xi:include href="configuration.xml" />
- <xi:include href="functions.xml" />
- <xi:include href="meta.xml" />
- <xi:include href="languages-frameworks/index.xml" />
- <xi:include href="platform-notes.xml" />
- <xi:include href="package-notes.xml" />
- <xi:include href="overlays.xml" />
- <xi:include href="coding-conventions.xml" />
- <xi:include href="submitting-changes.xml" />
- <xi:include href="reviewing-contributions.xml" />
- <xi:include href="contributing.xml" />
+ <part>
+  <title>Using Nixpkgs</title>
+  <xi:include href="configuration.xml" />
+  <xi:include href="overlays.xml" />
+  <xi:include href="overrides.xml" />
+  <xi:include href="functions.xml" />
+ </part>
+ <part>
+  <title>Standard environment</title>
+  <xi:include href="stdenv.xml" />
+  <xi:include href="meta.xml" />
+  <xi:include href="multiple-output.xml" />
+  <xi:include href="cross-compilation.xml" />
+  <xi:include href="platform-notes.xml" />
+ </part>
+ <part>
+  <title>Builders</title>
+  <xi:include href="builders/fetchers.xml" />
+  <xi:include href="builders/trivial-builders.xml" />
+  <xi:include href="builders/special.xml" />
+  <xi:include href="builders/images.xml" />
+  <xi:include href="languages-frameworks/index.xml" />
+  <xi:include href="packages/index.xml" />
+ </part>
+ <part>
+  <title>Contributing to Nixpkgs</title>
+  <xi:include href="quick-start.xml" />
+  <xi:include href="coding-conventions.xml" />
+  <xi:include href="submitting-changes.xml" />
+  <xi:include href="reviewing-contributions.xml" />
+  <xi:include href="contributing-to-documentation.xml" />
+ </part>
 </book>
--- a/doc/overrides.css
+++ b/doc/overrides.css
@@ -1,9 +1,22 @@
 .docbook .xref img[src^=images\/callouts\/],
 .screen img,
-.programlisting img {
+.programlisting img,
+.literallayout img,
+.synopsis img {
    width: 1em;
 }

 .calloutlist img {
    width: 1.5em;
 }
+
+.prompt,
+.screen img,
+.programlisting img,
+.literallayout img,
+.synopsis img {
+    -moz-user-select: none;
+    -webkit-user-select: none;
+    -ms-user-select: none;
+    user-select: none;
+}
--- a/doc/functions/overrides.xml
+++ b/doc/functions/overrides.xml
@@ -1,7 +1,7 @@
-<section xmlns="http://docbook.org/ns/docbook"
+<chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
-         xml:id="sec-overrides">
+         xml:id="chap-overrides">
 <title>Overriding</title>

 <para>
@@ -148,4 +148,4 @@ c = lib.makeOverridable f { a = 1; b = 2; };
   The variable <varname>c</varname> however also has some additional functions, like <link linkend="sec-pkg-override">c.override</link> which can be used to override the default arguments. In this example the value of <varname>(c.override { a = 4; }).result</varname> is 6.
  </para>
 </section>
-</section>
+</chapter>
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@@ -1,422 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="chap-package-notes">
- <title>Package Notes</title>
- <para>
-  This chapter contains information about how to use and maintain the Nix expressions for a number of specific packages, such as the Linux kernel or X.org.
- </para>
-<!--============================================================-->
- <section xml:id="sec-linux-kernel">
-  <title>Linux kernel</title>
-
-  <para>
-   The Nix expressions to build the Linux kernel are in <link
-xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel"><filename>pkgs/os-specific/linux/kernel</filename></link>.
-  </para>
-
-  <para>
-   The function that builds the kernel has an argument <varname>kernelPatches</varname> which should be a list of <literal>{name, patch, extraConfig}</literal> attribute sets, where <varname>name</varname> is the name of the patch (which is included in the kernel’s <varname>meta.description</varname> attribute), <varname>patch</varname> is the patch itself (possibly compressed), and <varname>extraConfig</varname> (optional) is a string specifying extra options to be concatenated to the kernel configuration file (<filename>.config</filename>).
-  </para>
-
-  <para>
-   The kernel derivation exports an attribute <varname>features</varname> specifying whether optional functionality is or isn’t enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the <varname>iwlwifi</varname> feature (i.e. has built-in support for Intel wireless chipsets), then NixOS doesn’t have to build the external <varname>iwlwifi</varname> package:
-<programlisting>
-modulesTree = [kernel]
-  ++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
-  ++ ...;
-</programlisting>
-  </para>
-
-  <para>
-   How to add a new (major) version of the Linux kernel to Nixpkgs:
-   <orderedlist>
-    <listitem>
-     <para>
-      Copy the old Nix expression (e.g. <filename>linux-2.6.21.nix</filename>) to the new one (e.g. <filename>linux-2.6.22.nix</filename>) and update it.
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      Add the new kernel to <filename>all-packages.nix</filename> (e.g., create an attribute <varname>kernel_2_6_22</varname>).
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      Now we’re going to update the kernel configuration. First unpack the kernel. Then for each supported platform (<literal>i686</literal>, <literal>x86_64</literal>, <literal>uml</literal>) do the following:
-      <orderedlist>
-       <listitem>
-        <para>
-         Make an copy from the old config (e.g. <filename>config-2.6.21-i686-smp</filename>) to the new one (e.g. <filename>config-2.6.22-i686-smp</filename>).
-        </para>
-       </listitem>
-       <listitem>
-        <para>
-         Copy the config file for this platform (e.g. <filename>config-2.6.22-i686-smp</filename>) to <filename>.config</filename> in the kernel source tree.
-        </para>
-       </listitem>
-       <listitem>
-        <para>
-         Run <literal>make oldconfig ARCH=<replaceable>{i386,x86_64,um}</replaceable></literal> and answer all questions. (For the uml configuration, also add <literal>SHELL=bash</literal>.) Make sure to keep the configuration consistent between platforms (i.e. don’t enable some feature on <literal>i686</literal> and disable it on <literal>x86_64</literal>).
-        </para>
-       </listitem>
-       <listitem>
-        <para>
-         If needed you can also run <literal>make menuconfig</literal>:
-<screen>
-<prompt>$ </prompt>nix-env -i ncurses
-<prompt>$ </prompt>export NIX_CFLAGS_LINK=-lncurses
-<prompt>$ </prompt>make menuconfig ARCH=<replaceable>arch</replaceable></screen>
-        </para>
-       </listitem>
-       <listitem>
-        <para>
-         Copy <filename>.config</filename> over the new config file (e.g. <filename>config-2.6.22-i686-smp</filename>).
-        </para>
-       </listitem>
-      </orderedlist>
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      Test building the kernel: <literal>nix-build -A kernel_2_6_22</literal>. If it compiles, ship it! For extra credit, try booting NixOS with it.
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the <varname>linuxPackagesFor</varname> function in <filename>all-packages.nix</filename> (such as the NVIDIA drivers, AUFS, etc.). If the updated packages aren’t backwards compatible with older kernels, you may need to keep the older versions around.
-     </para>
-    </listitem>
-   </orderedlist>
-  </para>
- </section>
-<!--============================================================-->
- <section xml:id="sec-xorg">
-  <title>X.org</title>
-
-  <para>
-   The Nix expressions for the X.org packages reside in <filename>pkgs/servers/x11/xorg/default.nix</filename>. This file is automatically generated from lists of tarballs in an X.org release. As such it should not be modified directly; rather, you should modify the lists, the generator script or the file <filename>pkgs/servers/x11/xorg/overrides.nix</filename>, in which you can override or add to the derivations produced by the generator.
-  </para>
-
-  <para>
-   The generator is invoked as follows:
-<screen>
-<prompt>$ </prompt>cd pkgs/servers/x11/xorg
-<prompt>$ </prompt>cat tarballs-7.5.list extra.list old.list \
-  | perl ./generate-expr-from-tarballs.pl
-</screen>
-   For each of the tarballs in the <filename>.list</filename> files, the script downloads it, unpacks it, and searches its <filename>configure.ac</filename> and <filename>*.pc.in</filename> files for dependencies. This information is used to generate <filename>default.nix</filename>. The generator caches downloaded tarballs between runs. Pay close attention to the <literal>NOT FOUND: <replaceable>name</replaceable></literal> messages at the end of the run, since they may indicate missing dependencies. (Some might be optional dependencies, however.)
-  </para>
-
-  <para>
-   A file like <filename>tarballs-7.5.list</filename> contains all tarballs in a X.org release. It can be generated like this:
-<screen>
-<prompt>$ </prompt>export i="mirror://xorg/X11R7.4/src/everything/"
-<prompt>$ </prompt>cat $(PRINT_PATH=1 nix-prefetch-url $i | tail -n 1) \
-  | perl -e 'while (&lt;>) { if (/(href|HREF)="([^"]*.bz2)"/) { print "$ENV{'i'}$2\n"; }; }' \
-  | sort > tarballs-7.4.list
-</screen>
-   <filename>extra.list</filename> contains libraries that aren’t part of X.org proper, but are closely related to it, such as <literal>libxcb</literal>. <filename>old.list</filename> contains some packages that were removed from X.org, but are still needed by some people or by other packages (such as <varname>imake</varname>).
-  </para>
-
-  <para>
-   If the expression for a package requires derivation attributes that the generator cannot figure out automatically (say, <varname>patches</varname> or a <varname>postInstall</varname> hook), you should modify <filename>pkgs/servers/x11/xorg/overrides.nix</filename>.
-  </para>
- </section>
-<!--============================================================-->
-<!--
-<section xml:id="sec-package-notes-gnome">
-  <title>Gnome</title>
-  <para>* Expression is auto-generated</para>
-  <para>* How to update</para>
-</section>
-->
-<!--============================================================-->
-<!--
-<section xml:id="sec-package-notes-gcc">
-  <title>GCC</title>
-  <para>…</para>
-</section>
-->
-<!--============================================================-->
- <section xml:id="sec-eclipse">
-  <title>Eclipse</title>
-
-  <para>
-   The Nix expressions related to the Eclipse platform and IDE are in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/eclipse"><filename>pkgs/applications/editors/eclipse</filename></link>.
-  </para>
-
-  <para>
-   Nixpkgs provides a number of packages that will install Eclipse in its various forms. These range from the bare-bones Eclipse Platform to the more fully featured Eclipse SDK or Scala-IDE packages and multiple version are often available. It is possible to list available Eclipse packages by issuing the command:
-<screen>
-<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -qaP -A eclipses --description
-</screen>
-   Once an Eclipse variant is installed it can be run using the <command>eclipse</command> command, as expected. From within Eclipse it is then possible to install plugins in the usual manner by either manually specifying an Eclipse update site or by installing the Marketplace Client plugin and using it to discover and install other plugins. This installation method provides an Eclipse installation that closely resemble a manually installed Eclipse.
-  </para>
-
-  <para>
-   If you prefer to install plugins in a more declarative manner then Nixpkgs also offer a number of Eclipse plugins that can be installed in an <emphasis>Eclipse environment</emphasis>. This type of environment is created using the function <varname>eclipseWithPlugins</varname> found inside the <varname>nixpkgs.eclipses</varname> attribute set. This function takes as argument <literal>{ eclipse, plugins ? [], jvmArgs ? [] }</literal> where <varname>eclipse</varname> is a one of the Eclipse packages described above, <varname>plugins</varname> is a list of plugin derivations, and <varname>jvmArgs</varname> is a list of arguments given to the JVM running the Eclipse. For example, say you wish to install the latest Eclipse Platform with the popular Eclipse Color Theme plugin and also allow Eclipse to use more RAM. You could then add
-<screen>
-packageOverrides = pkgs: {
-  myEclipse = with pkgs.eclipses; eclipseWithPlugins {
-    eclipse = eclipse-platform;
-    jvmArgs = [ "-Xmx2048m" ];
-    plugins = [ plugins.color-theme ];
-  };
-}
-</screen>
-   to your Nixpkgs configuration (<filename>~/.config/nixpkgs/config.nix</filename>) and install it by running <command>nix-env -f '&lt;nixpkgs&gt;' -iA myEclipse</command> and afterward run Eclipse as usual. It is possible to find out which plugins are available for installation using <varname>eclipseWithPlugins</varname> by running
-<screen>
-<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -qaP -A eclipses.plugins --description
-</screen>
-  </para>
-
-  <para>
-   If there is a need to install plugins that are not available in Nixpkgs then it may be possible to define these plugins outside Nixpkgs using the <varname>buildEclipseUpdateSite</varname> and <varname>buildEclipsePlugin</varname> functions found in the <varname>nixpkgs.eclipses.plugins</varname> attribute set. Use the <varname>buildEclipseUpdateSite</varname> function to install a plugin distributed as an Eclipse update site. This function takes <literal>{ name, src }</literal> as argument where <literal>src</literal> indicates the Eclipse update site archive. All Eclipse features and plugins within the downloaded update site will be installed. When an update site archive is not available then the <varname>buildEclipsePlugin</varname> function can be used to install a plugin that consists of a pair of feature and plugin JARs. This function takes an argument <literal>{ name, srcFeature, srcPlugin }</literal> where <literal>srcFeature</literal> and <literal>srcPlugin</literal> are the feature and plugin JARs, respectively.
-  </para>
-
-  <para>
-   Expanding the previous example with two plugins using the above functions we have
-<screen>
-packageOverrides = pkgs: {
-  myEclipse = with pkgs.eclipses; eclipseWithPlugins {
-    eclipse = eclipse-platform;
-    jvmArgs = [ "-Xmx2048m" ];
-    plugins = [
-      plugins.color-theme
-      (plugins.buildEclipsePlugin {
-        name = "myplugin1-1.0";
-        srcFeature = fetchurl {
-          url = "http://…/features/myplugin1.jar";
-          sha256 = "123…";
-        };
-        srcPlugin = fetchurl {
-          url = "http://…/plugins/myplugin1.jar";
-          sha256 = "123…";
-        };
-      });
-      (plugins.buildEclipseUpdateSite {
-        name = "myplugin2-1.0";
-        src = fetchurl {
-          stripRoot = false;
-          url = "http://…/myplugin2.zip";
-          sha256 = "123…";
-        };
-      });
-    ];
-  };
-}
-</screen>
-  </para>
- </section>
- <section xml:id="sec-elm">
-  <title>Elm</title>
-
-  <para>
-   To start a development environment do <command>nix-shell -p elmPackages.elm elmPackages.elm-format</command>
-  </para>
-
-  <para>
-   To update Elm compiler, see <filename>nixpkgs/pkgs/development/compilers/elm/README.md</filename>.
-  </para>
-
-  <para>
-   To package Elm applications, <link xlink:href="https://github.com/hercules-ci/elm2nix#elm2nix">read about elm2nix</link>.
-  </para>
- </section>
- <section xml:id="sec-kakoune">
-  <title>Kakoune</title>
-
-  <para>
-   Kakoune can be built to autoload plugins:
-<programlisting>(kakoune.override {
-  configure = {
-    plugins = with pkgs.kakounePlugins; [ parinfer-rust ];
-  };
-})</programlisting>
-  </para>
- </section>
- <section xml:id="sec-shell-helpers">
-  <title>Interactive shell helpers</title>
-
-  <para>
-   Some packages provide the shell integration to be more useful. But unlike other systems, nix doesn't have a standard share directory location. This is why a bunch <command>PACKAGE-share</command> scripts are shipped that print the location of the corresponding shared folder. Current list of such packages is as following:
-   <itemizedlist>
-    <listitem>
-     <para>
-      <literal>autojump</literal>: <command>autojump-share</command>
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      <literal>fzf</literal>: <command>fzf-share</command>
-     </para>
-    </listitem>
-   </itemizedlist>
-   E.g. <literal>autojump</literal> can then used in the .bashrc like this:
-<screen>
-  source "$(autojump-share)/autojump.bash"
-</screen>
-  </para>
- </section>
- <section xml:id="sec-weechat">
-  <title>Weechat</title>
-
-  <para>
-   Weechat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration such as
-<programlisting>weechat.override {configure = {availablePlugins, ...}: {
-    plugins = with availablePlugins; [ python perl ];
-  }
-}</programlisting>
-   If the <literal>configure</literal> function returns an attrset without the <literal>plugins</literal> attribute, <literal>availablePlugins</literal> will be used automatically.
-  </para>
-
-  <para>
-   The plugins currently available are <literal>python</literal>, <literal>perl</literal>, <literal>ruby</literal>, <literal>guile</literal>, <literal>tcl</literal> and <literal>lua</literal>.
-  </para>
-
-  <para>
-   The python and perl plugins allows the addition of extra libraries. For instance, the <literal>inotify.py</literal> script in weechat-scripts requires D-Bus or libnotify, and the <literal>fish.py</literal> script requires pycrypto. To use these scripts, use the plugin's <literal>withPackages</literal> attribute:
-<programlisting>weechat.override { configure = {availablePlugins, ...}: {
-    plugins = with availablePlugins; [
-            (python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
-        ];
-    };
-}
-</programlisting>
-  </para>
-
-  <para>
-   In order to also keep all default plugins installed, it is possible to use the following method:
-<programlisting>weechat.override { configure = { availablePlugins, ... }: {
-  plugins = builtins.attrValues (availablePlugins // {
-    python = availablePlugins.python.withPackages (ps: with ps; [ pycrypto python-dbus ]);
-  });
-}; }
-</programlisting>
-  </para>
-
-  <para>
-   WeeChat allows to set defaults on startup using the <literal>--run-command</literal>. The <literal>configure</literal> method can be used to pass commands to the program:
-<programlisting>weechat.override {
-  configure = { availablePlugins, ... }: {
-    init = ''
-      /set foo bar
-      /server add freenode chat.freenode.org
-    '';
-  };
-}</programlisting>
-   Further values can be added to the list of commands when running <literal>weechat --run-command "your-commands"</literal>.
-  </para>
-
-  <para>
-   Additionally it's possible to specify scripts to be loaded when starting <literal>weechat</literal>. These will be loaded before the commands from <literal>init</literal>:
-<programlisting>weechat.override {
-  configure = { availablePlugins, ... }: {
-    scripts = with pkgs.weechatScripts; [
-      weechat-xmpp weechat-matrix-bridge wee-slack
-    ];
-    init = ''
-      /set plugins.var.python.jabber.key "val"
-    '':
-  };
-}</programlisting>
-  </para>
-
-  <para>
-   In <literal>nixpkgs</literal> there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a <literal>passthru.scripts</literal> attribute which contains a list of all scripts inside the store path. Furthermore all scripts have to live in <literal>$out/share</literal>. An exemplary derivation looks like this:
-<programlisting>{ stdenv, fetchurl }:
-
-stdenv.mkDerivation {
-  name = "exemplary-weechat-script";
-  src = fetchurl {
-    url = "https://scripts.tld/your-scripts.tar.gz";
-    sha256 = "...";
-  };
-  passthru.scripts = [ "foo.py" "bar.lua" ];
-  installPhase = ''
-    mkdir $out/share
-    cp foo.py $out/share
-    cp bar.lua $out/share
-  '';
-}</programlisting>
-  </para>
- </section>
- <section xml:id="sec-ibus-typing-booster">
-  <title>ibus-engines.typing-booster</title>
-
-  <para>
-   This package is an ibus-based completion method to speed up typing.
-  </para>
-
-  <section xml:id="sec-ibus-typing-booster-activate">
-   <title>Activating the engine</title>
-
-   <para>
-    IBus needs to be configured accordingly to activate <literal>typing-booster</literal>. The configuration depends on the desktop manager in use. For detailed instructions, please refer to the <link xlink:href="https://mike-fabian.github.io/ibus-typing-booster/documentation.html">upstream docs</link>.
-   </para>
-
-   <para>
-    On NixOS you need to explicitly enable <literal>ibus</literal> with given engines before customizing your desktop to use <literal>typing-booster</literal>. This can be achieved using the <literal>ibus</literal> module:
-<programlisting>{ pkgs, ... }: {
-  i18n.inputMethod = {
-    enabled = "ibus";
-    ibus.engines = with pkgs.ibus-engines; [ typing-booster ];
-  };
-}</programlisting>
-   </para>
-  </section>
-
-  <section xml:id="sec-ibus-typing-booster-customize-hunspell">
-   <title>Using custom hunspell dictionaries</title>
-
-   <para>
-    The IBus engine is based on <literal>hunspell</literal> to support completion in many languages. By default the dictionaries <literal>de-de</literal>, <literal>en-us</literal>, <literal>fr-moderne</literal> <literal>es-es</literal>, <literal>it-it</literal>, <literal>sv-se</literal> and <literal>sv-fi</literal> are in use. To add another dictionary, the package can be overridden like this:
-<programlisting>ibus-engines.typing-booster.override {
-  langs = [ "de-at" "en-gb" ];
-}</programlisting>
-   </para>
-
-   <para>
-    <emphasis>Note: each language passed to <literal>langs</literal> must be an attribute name in <literal>pkgs.hunspellDicts</literal>.</emphasis>
-   </para>
-  </section>
-
-  <section xml:id="sec-ibus-typing-booster-emoji-picker">
-   <title>Built-in emoji picker</title>
-
-   <para>
-    The <literal>ibus-engines.typing-booster</literal> package contains a program named <literal>emoji-picker</literal>. To display all emojis correctly, a special font such as <literal>noto-fonts-emoji</literal> is needed:
-   </para>
-
-   <para>
-    On NixOS it can be installed using the following expression:
-<programlisting>{ pkgs, ... }: {
-  fonts.fonts = with pkgs; [ noto-fonts-emoji ];
-}</programlisting>
-   </para>
-  </section>
- </section>
- <section xml:id="sec-nginx">
-  <title>Nginx</title>
-
-  <para>
-   <link xlink:href="https://nginx.org/">Nginx</link> is a reverse proxy and lightweight webserver.
-  </para>
-
-  <section xml:id="sec-nginx-etag">
-   <title>ETags on static files served from the Nix store</title>
-
-   <para>
-    HTTP has a couple different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified"><literal>Last-Modified</literal></link> response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the <literal>Last-Modified</literal> header. This doesn't give the desired behavior when the file is in the Nix store, because all file timestamps are set to 0 (for reasons related to build reproducibility).
-   </para>
-
-   <para>
-    Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag"><literal>ETag</literal></link> response header. The value of the <literal>ETag</literal> header specifies some identifier for the particular content that the server is sending (e.g. a hash). When a client makes a second request for the same resource, it sends that value back in an <literal>If-None-Match</literal> header. If the ETag value is unchanged, then the server does not need to resend the content.
-   </para>
-
-   <para>
-    As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of <filename>/nix/store</filename>, the hash in the store path is used as the <literal>ETag</literal> header in the HTTP response, thus providing proper caching functionality. This happens automatically; you do not need to do modify any configuration to get this behavior.
-   </para>
-  </section>
- </section>
-</chapter>
--- a/doc/package-specific-user-notes.xml
+++ b/doc/package-specific-user-notes.xml
@@ -1,357 +0,0 @@
-<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="package-specific-user-notes">
- <title>Package-specific usage notes</title>
- <para>
-  These chapters includes some notes that apply to specific packages and should answer some of the frequently asked questions related to Nixpkgs use. Some useful information related to package use can be found in <link linkend="chap-package-notes">package-specific development notes</link>.
- </para>
- <section xml:id="opengl">
-  <title>OpenGL</title>
-
-  <para>
-   Packages that use OpenGL have NixOS desktop as their primary target. The current solution for loading the GPU-specific drivers is based on <literal>libglvnd</literal> and looks for the driver implementation in <literal>LD_LIBRARY_PATH</literal>. If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of <literal>libglvnd</literal> and <literal>mesa_drivers</literal> in <literal>LD_LIBRARY_PATH</literal>. For proprietary video drivers you might have luck with also adding the corresponding video driver package.
-  </para>
- </section>
- <section xml:id="locales">
-  <title>Locales</title>
-
-  <para>
-   To allow simultaneous use of packages linked against different versions of <literal>glibc</literal> with different locale archive formats Nixpkgs patches <literal>glibc</literal> to rely on <literal>LOCALE_ARCHIVE</literal> environment variable.
-  </para>
-
-  <para>
-   On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the <literal>LOCALE_ARCHIVE</literal> variable pointing to <literal>${glibcLocales}/lib/locale/locale-archive</literal>. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters <literal>allLocales</literal> and <literal>locales</literal> of the package.
-  </para>
- </section>
- <section xml:id="sec-emacs">
-  <title>Emacs</title>
-
-  <section xml:id="sec-emacs-config">
-   <title>Configuring Emacs</title>
-
-   <para>
-    The Emacs package comes with some extra helpers to make it easier to configure. <varname>emacsWithPackages</varname> allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use <literal>company</literal>, <literal>counsel</literal>, <literal>flycheck</literal>, <literal>ivy</literal>, <literal>magit</literal>, <literal>projectile</literal>, and <literal>use-package</literal> you could use this as a <filename>~/.config/nixpkgs/config.nix</filename> override:
-   </para>
-
-<screen>
-{
-  packageOverrides = pkgs: with pkgs; {
-    myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
-      company
-      counsel
-      flycheck
-      ivy
-      magit
-      projectile
-      use-package
-    ]));
-  }
-}
-</screen>
-
-   <para>
-    You can install it like any other packages via <command>nix-env -iA myEmacs</command>. However, this will only install those packages. It will not <literal>configure</literal> them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provide a <filename>default.el</filename> file in <filename>/share/emacs/site-start/</filename>. Emacs knows to load this file automatically when it starts.
-   </para>
-
-<screen>
-{
-  packageOverrides = pkgs: with pkgs; rec {
-    myEmacsConfig = writeText "default.el" ''
-;; initialize package
-
-(require 'package)
-(package-initialize 'noactivate)
-(eval-when-compile
-  (require 'use-package))
-
-;; load some packages
-
-(use-package company
-  :bind ("&lt;C-tab&gt;" . company-complete)
-  :diminish company-mode
-  :commands (company-mode global-company-mode)
-  :defer 1
-  :config
-  (global-company-mode))
-
-(use-package counsel
-  :commands (counsel-descbinds)
-  :bind (([remap execute-extended-command] . counsel-M-x)
-         ("C-x C-f" . counsel-find-file)
-         ("C-c g" . counsel-git)
-         ("C-c j" . counsel-git-grep)
-         ("C-c k" . counsel-ag)
-         ("C-x l" . counsel-locate)
-         ("M-y" . counsel-yank-pop)))
-
-(use-package flycheck
-  :defer 2
-  :config (global-flycheck-mode))
-
-(use-package ivy
-  :defer 1
-  :bind (("C-c C-r" . ivy-resume)
-         ("C-x C-b" . ivy-switch-buffer)
-         :map ivy-minibuffer-map
-         ("C-j" . ivy-call))
-  :diminish ivy-mode
-  :commands ivy-mode
-  :config
-  (ivy-mode 1))
-
-(use-package magit
-  :defer
-  :if (executable-find "git")
-  :bind (("C-x g" . magit-status)
-         ("C-x G" . magit-dispatch-popup))
-  :init
-  (setq magit-completing-read-function 'ivy-completing-read))
-
-(use-package projectile
-  :commands projectile-mode
-  :bind-keymap ("C-c p" . projectile-command-map)
-  :defer 5
-  :config
-  (projectile-global-mode))
-    '';
-    myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
-      (runCommand "default.el" {} ''
-mkdir -p $out/share/emacs/site-lisp
-cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
-'')
-      company
-      counsel
-      flycheck
-      ivy
-      magit
-      projectile
-      use-package
-    ]));
-  };
-}
-</screen>
-
-   <para>
-    This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing <command>-q</command> to the Emacs command.
-   </para>
-
-   <para>
-    Sometimes <varname>emacsWithPackages</varname> is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in <filename>pkgs/top-level/emacs-packages.nix</filename>). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use <varname>overrideScope'</varname>.
-   </para>
-
-<screen>
-overrides = self: super: rec {
-  haskell-mode = self.melpaPackages.haskell-mode;
-  ...
-};
-((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
-  # here both these package will use haskell-mode of our own choice
-  ghc-mod
-  dante
-])
-</screen>
-  </section>
- </section>
- <section xml:id="dlib">
-  <title>DLib</title>
-
-  <para>
-   <link xlink:href="http://dlib.net/">DLib</link> is a modern, C++-based toolkit which provides several machine learning algorithms.
-  </para>
-
-  <section xml:id="compiling-without-avx-support">
-   <title>Compiling without AVX support</title>
-
-   <para>
-    Especially older CPUs don't support <link xlink:href="https://en.wikipedia.org/wiki/Advanced_Vector_Extensions">AVX</link> (<abbrev>Advanced Vector Extensions</abbrev>) instructions that are used by DLib to optimize their algorithms.
-   </para>
-
-   <para>
-    On the affected hardware errors like <literal>Illegal instruction</literal> will occur. In those cases AVX support needs to be disabled:
-<programlisting>self: super: {
-  dlib = super.dlib.override { avxSupport = false; };
-}</programlisting>
-   </para>
-  </section>
- </section>
- <section xml:id="unfree-software">
-  <title>Unfree software</title>
-
-  <para>
-   All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software. At the same time, many users need (or want) to run some specific pieces of proprietary software. Nixpkgs includes some expressions for unfree software packages. By default unfree software cannot be installed and doesn’t show up in searches. To allow installing unfree software in a single Nix invocation one can export <literal>NIXPKGS_ALLOW_UNFREE=1</literal>. For a persistent solution, users can set <literal>allowUnfree</literal> in the Nixpkgs configuration.
-  </para>
-
-  <para>
-   Fine-grained control is possible by defining <literal>allowUnfreePredicate</literal> function in config; it takes the <literal>mkDerivation</literal> parameter attrset and returns <literal>true</literal> for unfree packages that should be allowed.
-  </para>
- </section>
- <section xml:id="sec-steam">
-  <title>Steam</title>
-
-  <section xml:id="sec-steam-nix">
-   <title>Steam in Nix</title>
-
-   <para>
-    Steam is distributed as a <filename>.deb</filename> file, for now only as an i686 package (the amd64 package only has documentation). When unpacked, it has a script called <filename>steam</filename> that in Ubuntu (their target distro) would go to <filename>/usr/bin </filename>. When run for the first time, this script copies some files to the user's home, which include another script that is the ultimate responsible for launching the steam binary, which is also in $HOME.
-   </para>
-
-   <para>
-    Nix problems and constraints:
-    <itemizedlist>
-     <listitem>
-      <para>
-       We don't have <filename>/bin/bash</filename> and many scripts point there. Similarly for <filename>/usr/bin/python</filename> .
-      </para>
-     </listitem>
-     <listitem>
-      <para>
-       We don't have the dynamic loader in <filename>/lib </filename>.
-      </para>
-     </listitem>
-     <listitem>
-      <para>
-       The <filename>steam.sh</filename> script in $HOME can not be patched, as it is checked and rewritten by steam.
-      </para>
-     </listitem>
-     <listitem>
-      <para>
-       The steam binary cannot be patched, it's also checked.
-      </para>
-     </listitem>
-    </itemizedlist>
-   </para>
-
-   <para>
-    The current approach to deploy Steam in NixOS is composing a FHS-compatible chroot environment, as documented <link xlink:href="http://sandervanderburg.blogspot.nl/2013/09/composing-fhs-compatible-chroot.html">here</link>. This allows us to have binaries in the expected paths without disrupting the system, and to avoid patching them to work in a non FHS environment.
-   </para>
-  </section>
-
-  <section xml:id="sec-steam-play">
-   <title>How to play</title>
-
-   <para>
-    For 64-bit systems it's important to have
-<programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
-    in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
-<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
-    if you are using PulseAudio - this will enable 32bit ALSA apps integration. To use the Steam controller or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro, you need to add
-<programlisting>hardware.steam-hardware.enable = true;</programlisting>
-    to your configuration.
-   </para>
-  </section>
-
-  <section xml:id="sec-steam-troub">
-   <title>Troubleshooting</title>
-
-   <para>
-    <variablelist>
-     <varlistentry>
-      <term>
-       Steam fails to start. What do I do?
-      </term>
-      <listitem>
-       <para>
-        Try to run
-<programlisting>strace steam</programlisting>
-        to see what is causing steam to fail.
-       </para>
-      </listitem>
-     </varlistentry>
-     <varlistentry>
-      <term>
-       Using the FOSS Radeon or nouveau (nvidia) drivers
-      </term>
-      <listitem>
-       <itemizedlist>
-        <listitem>
-         <para>
-          The <literal>newStdcpp</literal> parameter was removed since NixOS 17.09 and should not be needed anymore.
-         </para>
-        </listitem>
-        <listitem>
-         <para>
-          Steam ships statically linked with a version of libcrypto that conflics with the one dynamically loaded by radeonsi_dri.so. If you get the error
-<programlisting>steam.sh: line 713: 7842 Segmentation fault (core dumped)</programlisting>
-          have a look at <link xlink:href="https://github.com/NixOS/nixpkgs/pull/20269">this pull request</link>.
-         </para>
-        </listitem>
-       </itemizedlist>
-      </listitem>
-     </varlistentry>
-     <varlistentry>
-      <term>
-       Java
-      </term>
-      <listitem>
-       <orderedlist>
-        <listitem>
-         <para>
-          There is no java in steam chrootenv by default. If you get a message like
-<programlisting>/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found</programlisting>
-          You need to add
-<programlisting> steam.override { withJava = true; };</programlisting>
-          to your configuration.
-         </para>
-        </listitem>
-       </orderedlist>
-      </listitem>
-     </varlistentry>
-    </variablelist>
-   </para>
-  </section>
-
-  <section xml:id="sec-steam-run">
-   <title>steam-run</title>
-
-   <para>
-    The FHS-compatible chroot used for steam can also be used to run other linux games that expect a FHS environment. To do it, add
-<programlisting>pkgs.(steam.override {
-          nativeOnly = true;
-          newStdcpp = true;
-        }).run</programlisting>
-    to your configuration, rebuild, and run the game with
-<programlisting>steam-run ./foo</programlisting>
-   </para>
-  </section>
- </section>
- <section xml:id="sec-citrix">
-  <title>Citrix Receiver &amp; Citrix Workspace App</title>
-
-  <para>
-   <note>
-    <para>
-     Please note that the <literal>citrix_receiver</literal> package has been deprecated since its development was <link xlink:href="https://docs.citrix.com/en-us/citrix-workspace-app.html">discontinued by upstream</link> and has been replaced by <link xlink:href="https://www.citrix.com/products/workspace-app/">the citrix workspace app</link>.
-    </para>
-   </note>
-   <link xlink:href="https://www.citrix.com/products/receiver/">Citrix Receiver</link> and <link xlink:href="https://www.citrix.com/products/workspace-app/">Citrix Workspace App</link> are a remote desktop viewers which provide access to <link xlink:href="https://www.citrix.com/products/xenapp-xendesktop/">XenDesktop</link> installations.
-  </para>
-
-  <section xml:id="sec-citrix-base">
-   <title>Basic usage</title>
-
-   <para>
-    The tarball archive needs to be downloaded manually as the license agreements of the vendor for <link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">Citrix Receiver</link> or <link xlink:href="https://www.citrix.de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html">Citrix Workspace</link> need to be accepted first. Then run <command>nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz</command>. With the archive available in the store the package can be built and installed with Nix.
-   </para>
-
-   <warning>
-    <title>Caution with <command>nix-shell</command> installs</title>
-    <para>
-     It's recommended to install <literal>Citrix Receiver</literal> and/or <literal>Citrix Workspace</literal> using <literal>nix-env -i</literal> or globally to ensure that the <literal>.desktop</literal> files are installed properly into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't be possible to open <literal>.ica</literal> files automatically from the browser to start a Citrix connection.
-    </para>
-   </warning>
-  </section>
-
-  <section xml:id="sec-citrix-custom-certs">
-   <title>Custom certificates</title>
-
-   <para>
-    The <literal>Citrix Workspace App</literal> in <literal>nixpkgs</literal> trust several certificates <link xlink:href="https://curl.haxx.se/docs/caextract.html">from the Mozilla database</link> by default. However several companies using Citrix might require their own corporate certificate. On distros with imperative packaging these certs can be stored easily in <link xlink:href="https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/"><literal>$ICAROOT</literal></link>, however this directory is a store path in <literal>nixpkgs</literal>. In order to work around this issue the package provides a simple mechanism to add custom certificates without rebuilding the entire package using <literal>symlinkJoin</literal>:
-<programlisting>
-<![CDATA[with import <nixpkgs> { config.allowUnfree = true; };
-let extraCerts = [ ./custom-cert-1.pem ./custom-cert-2.pem /* ... */ ]; in
-citrix_workspace.override {
-  inherit extraCerts;
-}]]>
-</programlisting>
-   </para>
-  </section>
- </section>
-</chapter>
--- a/doc/packages/citrix.xml
+++ b/doc/packages/citrix.xml
@@ -0,0 +1,44 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-citrix">
+  <title>Citrix Workspace</title>
+
+  <para>
+   <note>
+    <para>
+     Please note that the <literal>citrix_receiver</literal> package has been deprecated since its development was <link xlink:href="https://docs.citrix.com/en-us/citrix-workspace-app.html">discontinued by upstream</link> and has been replaced by <link xlink:href="https://www.citrix.com/products/workspace-app/">the citrix workspace app</link>.
+    </para>
+   </note>
+   <link xlink:href="https://www.citrix.com/products/receiver/">Citrix Receiver</link> and <link xlink:href="https://www.citrix.com/products/workspace-app/">Citrix Workspace App</link> are a remote desktop viewers which provide access to <link xlink:href="https://www.citrix.com/products/xenapp-xendesktop/">XenDesktop</link> installations.
+  </para>
+
+  <section xml:id="sec-citrix-base">
+   <title>Basic usage</title>
+
+   <para>
+    The tarball archive needs to be downloaded manually as the license agreements of the vendor for <link xlink:href="https://www.citrix.com/downloads/citrix-receiver/">Citrix Receiver</link> or <link xlink:href="https://www.citrix.de/downloads/workspace-app/linux/workspace-app-for-linux-latest.html">Citrix Workspace</link> need to be accepted first. Then run <command>nix-prefetch-url file://$PWD/linuxx64-$version.tar.gz</command>. With the archive available in the store the package can be built and installed with Nix.
+   </para>
+
+   <warning>
+    <title>Caution with <command>nix-shell</command> installs</title>
+    <para>
+     It's recommended to install <literal>Citrix Receiver</literal> and/or <literal>Citrix Workspace</literal> using <literal>nix-env -i</literal> or globally to ensure that the <literal>.desktop</literal> files are installed properly into <literal>$XDG_CONFIG_DIRS</literal>. Otherwise it won't be possible to open <literal>.ica</literal> files automatically from the browser to start a Citrix connection.
+    </para>
+   </warning>
+  </section>
+
+  <section xml:id="sec-citrix-custom-certs">
+   <title>Custom certificates</title>
+
+   <para>
+    The <literal>Citrix Workspace App</literal> in <literal>nixpkgs</literal> trust several certificates <link xlink:href="https://curl.haxx.se/docs/caextract.html">from the Mozilla database</link> by default. However several companies using Citrix might require their own corporate certificate. On distros with imperative packaging these certs can be stored easily in <link xlink:href="https://developer-docs.citrix.com/projects/receiver-for-linux-command-reference/en/13.7/"><literal>$ICAROOT</literal></link>, however this directory is a store path in <literal>nixpkgs</literal>. In order to work around this issue the package provides a simple mechanism to add custom certificates without rebuilding the entire package using <literal>symlinkJoin</literal>:
+<programlisting>
+<![CDATA[with import <nixpkgs> { config.allowUnfree = true; };
+let extraCerts = [ ./custom-cert-1.pem ./custom-cert-2.pem /* ... */ ]; in
+citrix_workspace.override {
+  inherit extraCerts;
+}]]>
+</programlisting>
+   </para>
+  </section>
+</section>
--- a/doc/packages/dlib.xml
+++ b/doc/packages/dlib.xml
@@ -0,0 +1,24 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="dlib">
+  <title>DLib</title>
+
+  <para>
+   <link xlink:href="http://dlib.net/">DLib</link> is a modern, C++-based toolkit which provides several machine learning algorithms.
+  </para>
+
+  <section xml:id="compiling-without-avx-support">
+   <title>Compiling without AVX support</title>
+
+   <para>
+    Especially older CPUs don't support <link xlink:href="https://en.wikipedia.org/wiki/Advanced_Vector_Extensions">AVX</link> (<abbrev>Advanced Vector Extensions</abbrev>) instructions that are used by DLib to optimize their algorithms.
+   </para>
+
+   <para>
+    On the affected hardware errors like <literal>Illegal instruction</literal> will occur. In those cases AVX support needs to be disabled:
+<programlisting>self: super: {
+  dlib = super.dlib.override { avxSupport = false; };
+}</programlisting>
+   </para>
+  </section>
+</section>
--- a/doc/packages/eclipse.xml
+++ b/doc/packages/eclipse.xml
@@ -0,0 +1,72 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-eclipse">
+  <title>Eclipse</title>
+
+  <para>
+   The Nix expressions related to the Eclipse platform and IDE are in <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/eclipse"><filename>pkgs/applications/editors/eclipse</filename></link>.
+  </para>
+
+  <para>
+   Nixpkgs provides a number of packages that will install Eclipse in its various forms. These range from the bare-bones Eclipse Platform to the more fully featured Eclipse SDK or Scala-IDE packages and multiple version are often available. It is possible to list available Eclipse packages by issuing the command:
+<screen>
+<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -qaP -A eclipses --description
+</screen>
+   Once an Eclipse variant is installed it can be run using the <command>eclipse</command> command, as expected. From within Eclipse it is then possible to install plugins in the usual manner by either manually specifying an Eclipse update site or by installing the Marketplace Client plugin and using it to discover and install other plugins. This installation method provides an Eclipse installation that closely resemble a manually installed Eclipse.
+  </para>
+
+  <para>
+   If you prefer to install plugins in a more declarative manner then Nixpkgs also offer a number of Eclipse plugins that can be installed in an <emphasis>Eclipse environment</emphasis>. This type of environment is created using the function <varname>eclipseWithPlugins</varname> found inside the <varname>nixpkgs.eclipses</varname> attribute set. This function takes as argument <literal>{ eclipse, plugins ? [], jvmArgs ? [] }</literal> where <varname>eclipse</varname> is a one of the Eclipse packages described above, <varname>plugins</varname> is a list of plugin derivations, and <varname>jvmArgs</varname> is a list of arguments given to the JVM running the Eclipse. For example, say you wish to install the latest Eclipse Platform with the popular Eclipse Color Theme plugin and also allow Eclipse to use more RAM. You could then add
+<screen>
+packageOverrides = pkgs: {
+  myEclipse = with pkgs.eclipses; eclipseWithPlugins {
+    eclipse = eclipse-platform;
+    jvmArgs = [ "-Xmx2048m" ];
+    plugins = [ plugins.color-theme ];
+  };
+}
+</screen>
+   to your Nixpkgs configuration (<filename>~/.config/nixpkgs/config.nix</filename>) and install it by running <command>nix-env -f '&lt;nixpkgs&gt;' -iA myEclipse</command> and afterward run Eclipse as usual. It is possible to find out which plugins are available for installation using <varname>eclipseWithPlugins</varname> by running
+<screen>
+<prompt>$ </prompt>nix-env -f '&lt;nixpkgs&gt;' -qaP -A eclipses.plugins --description
+</screen>
+  </para>
+
+  <para>
+   If there is a need to install plugins that are not available in Nixpkgs then it may be possible to define these plugins outside Nixpkgs using the <varname>buildEclipseUpdateSite</varname> and <varname>buildEclipsePlugin</varname> functions found in the <varname>nixpkgs.eclipses.plugins</varname> attribute set. Use the <varname>buildEclipseUpdateSite</varname> function to install a plugin distributed as an Eclipse update site. This function takes <literal>{ name, src }</literal> as argument where <literal>src</literal> indicates the Eclipse update site archive. All Eclipse features and plugins within the downloaded update site will be installed. When an update site archive is not available then the <varname>buildEclipsePlugin</varname> function can be used to install a plugin that consists of a pair of feature and plugin JARs. This function takes an argument <literal>{ name, srcFeature, srcPlugin }</literal> where <literal>srcFeature</literal> and <literal>srcPlugin</literal> are the feature and plugin JARs, respectively.
+  </para>
+
+  <para>
+   Expanding the previous example with two plugins using the above functions we have
+<screen>
+packageOverrides = pkgs: {
+  myEclipse = with pkgs.eclipses; eclipseWithPlugins {
+    eclipse = eclipse-platform;
+    jvmArgs = [ "-Xmx2048m" ];
+    plugins = [
+      plugins.color-theme
+      (plugins.buildEclipsePlugin {
+        name = "myplugin1-1.0";
+        srcFeature = fetchurl {
+          url = "http://…/features/myplugin1.jar";
+          sha256 = "123…";
+        };
+        srcPlugin = fetchurl {
+          url = "http://…/plugins/myplugin1.jar";
+          sha256 = "123…";
+        };
+      });
+      (plugins.buildEclipseUpdateSite {
+        name = "myplugin2-1.0";
+        src = fetchurl {
+          stripRoot = false;
+          url = "http://…/myplugin2.zip";
+          sha256 = "123…";
+        };
+      });
+    ];
+  };
+}
+</screen>
+  </para>
+</section>
--- a/doc/packages/elm.xml
+++ b/doc/packages/elm.xml
@@ -0,0 +1,17 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-elm">
+ <title>Elm</title>
+
+ <para>
+ To start a development environment do <command>nix-shell -p elmPackages.elm elmPackages.elm-format</command>
+ </para>
+
+ <para>
+ To update Elm compiler, see <filename>nixpkgs/pkgs/development/compilers/elm/README.md</filename>.
+ </para>
+
+ <para>
+ To package Elm applications, <link xlink:href="https://github.com/hercules-ci/elm2nix#elm2nix">read about elm2nix</link>.
+ </para>
+</section>
--- a/doc/packages/emacs.xml
+++ b/doc/packages/emacs.xml
@@ -0,0 +1,131 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-emacs">
+  <title>Emacs</title>
+
+  <section xml:id="sec-emacs-config">
+   <title>Configuring Emacs</title>
+
+   <para>
+    The Emacs package comes with some extra helpers to make it easier to configure. <varname>emacsWithPackages</varname> allows you to manage packages from ELPA. This means that you will not have to install that packages from within Emacs. For instance, if you wanted to use <literal>company</literal>, <literal>counsel</literal>, <literal>flycheck</literal>, <literal>ivy</literal>, <literal>magit</literal>, <literal>projectile</literal>, and <literal>use-package</literal> you could use this as a <filename>~/.config/nixpkgs/config.nix</filename> override:
+   </para>
+
+<screen>
+{
+  packageOverrides = pkgs: with pkgs; {
+    myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
+      company
+      counsel
+      flycheck
+      ivy
+      magit
+      projectile
+      use-package
+    ]));
+  }
+}
+</screen>
+
+   <para>
+    You can install it like any other packages via <command>nix-env -iA myEmacs</command>. However, this will only install those packages. It will not <literal>configure</literal> them for us. To do this, we need to provide a configuration file. Luckily, it is possible to do this from within Nix! By modifying the above example, we can make Emacs load a custom config file. The key is to create a package that provide a <filename>default.el</filename> file in <filename>/share/emacs/site-start/</filename>. Emacs knows to load this file automatically when it starts.
+   </para>
+
+<screen>
+{
+  packageOverrides = pkgs: with pkgs; rec {
+    myEmacsConfig = writeText "default.el" ''
+;; initialize package
+
+(require 'package)
+(package-initialize 'noactivate)
+(eval-when-compile
+  (require 'use-package))
+
+;; load some packages
+
+(use-package company
+  :bind ("&lt;C-tab&gt;" . company-complete)
+  :diminish company-mode
+  :commands (company-mode global-company-mode)
+  :defer 1
+  :config
+  (global-company-mode))
+
+(use-package counsel
+  :commands (counsel-descbinds)
+  :bind (([remap execute-extended-command] . counsel-M-x)
+         ("C-x C-f" . counsel-find-file)
+         ("C-c g" . counsel-git)
+         ("C-c j" . counsel-git-grep)
+         ("C-c k" . counsel-ag)
+         ("C-x l" . counsel-locate)
+         ("M-y" . counsel-yank-pop)))
+
+(use-package flycheck
+  :defer 2
+  :config (global-flycheck-mode))
+
+(use-package ivy
+  :defer 1
+  :bind (("C-c C-r" . ivy-resume)
+         ("C-x C-b" . ivy-switch-buffer)
+         :map ivy-minibuffer-map
+         ("C-j" . ivy-call))
+  :diminish ivy-mode
+  :commands ivy-mode
+  :config
+  (ivy-mode 1))
+
+(use-package magit
+  :defer
+  :if (executable-find "git")
+  :bind (("C-x g" . magit-status)
+         ("C-x G" . magit-dispatch-popup))
+  :init
+  (setq magit-completing-read-function 'ivy-completing-read))
+
+(use-package projectile
+  :commands projectile-mode
+  :bind-keymap ("C-c p" . projectile-command-map)
+  :defer 5
+  :config
+  (projectile-global-mode))
+    '';
+    myEmacs = emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [
+      (runCommand "default.el" {} ''
+mkdir -p $out/share/emacs/site-lisp
+cp ${myEmacsConfig} $out/share/emacs/site-lisp/default.el
+'')
+      company
+      counsel
+      flycheck
+      ivy
+      magit
+      projectile
+      use-package
+    ]));
+  };
+}
+</screen>
+
+   <para>
+    This provides a fairly full Emacs start file. It will load in addition to the user's presonal config. You can always disable it by passing <command>-q</command> to the Emacs command.
+   </para>
+
+   <para>
+    Sometimes <varname>emacsWithPackages</varname> is not enough, as this package set has some priorities imposed on packages (with the lowest priority assigned to Melpa Unstable, and the highest for packages manually defined in <filename>pkgs/top-level/emacs-packages.nix</filename>). But you can't control this priorities when some package is installed as a dependency. You can override it on per-package-basis, providing all the required dependencies manually - but it's tedious and there is always a possibility that an unwanted dependency will sneak in through some other package. To completely override such a package you can use <varname>overrideScope'</varname>.
+   </para>
+
+<screen>
+overrides = self: super: rec {
+  haskell-mode = self.melpaPackages.haskell-mode;
+  ...
+};
+((emacsPackagesGen emacs).overrideScope' overrides).emacsWithPackages (p: with p; [
+  # here both these package will use haskell-mode of our own choice
+  ghc-mod
+  dante
+])
+</screen>
+  </section>
+</section>
--- a/doc/packages/ibus.xml
+++ b/doc/packages/ibus.xml
@@ -0,0 +1,57 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-ibus-typing-booster">
+  <title>ibus-engines.typing-booster</title>
+
+  <para>
+   This package is an ibus-based completion method to speed up typing.
+  </para>
+
+  <section xml:id="sec-ibus-typing-booster-activate">
+   <title>Activating the engine</title>
+
+   <para>
+    IBus needs to be configured accordingly to activate <literal>typing-booster</literal>. The configuration depends on the desktop manager in use. For detailed instructions, please refer to the <link xlink:href="https://mike-fabian.github.io/ibus-typing-booster/documentation.html">upstream docs</link>.
+   </para>
+
+   <para>
+    On NixOS you need to explicitly enable <literal>ibus</literal> with given engines before customizing your desktop to use <literal>typing-booster</literal>. This can be achieved using the <literal>ibus</literal> module:
+<programlisting>{ pkgs, ... }: {
+  i18n.inputMethod = {
+    enabled = "ibus";
+    ibus.engines = with pkgs.ibus-engines; [ typing-booster ];
+  };
+}</programlisting>
+   </para>
+  </section>
+
+  <section xml:id="sec-ibus-typing-booster-customize-hunspell">
+   <title>Using custom hunspell dictionaries</title>
+
+   <para>
+    The IBus engine is based on <literal>hunspell</literal> to support completion in many languages. By default the dictionaries <literal>de-de</literal>, <literal>en-us</literal>, <literal>fr-moderne</literal> <literal>es-es</literal>, <literal>it-it</literal>, <literal>sv-se</literal> and <literal>sv-fi</literal> are in use. To add another dictionary, the package can be overridden like this:
+<programlisting>ibus-engines.typing-booster.override {
+  langs = [ "de-at" "en-gb" ];
+}</programlisting>
+   </para>
+
+   <para>
+    <emphasis>Note: each language passed to <literal>langs</literal> must be an attribute name in <literal>pkgs.hunspellDicts</literal>.</emphasis>
+   </para>
+  </section>
+
+  <section xml:id="sec-ibus-typing-booster-emoji-picker">
+   <title>Built-in emoji picker</title>
+
+   <para>
+    The <literal>ibus-engines.typing-booster</literal> package contains a program named <literal>emoji-picker</literal>. To display all emojis correctly, a special font such as <literal>noto-fonts-emoji</literal> is needed:
+   </para>
+
+   <para>
+    On NixOS it can be installed using the following expression:
+<programlisting>{ pkgs, ... }: {
+  fonts.fonts = with pkgs; [ noto-fonts-emoji ];
+}</programlisting>
+   </para>
+  </section>
+ </section>
--- a/doc/packages/index.xml
+++ b/doc/packages/index.xml
@@ -0,0 +1,23 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         xml:id="chap-packages">
+ <title>Packages</title>
+ <para>
+  This chapter contains information about how to use and maintain the Nix expressions for a number of specific packages, such as the Linux kernel or X.org.
+ </para>
+ <xi:include href="citrix.xml" />
+ <xi:include href="dlib.xml" />
+ <xi:include href="eclipse.xml" />
+ <xi:include href="elm.xml" />
+ <xi:include href="emacs.xml" />
+ <xi:include href="ibus.xml" />
+ <xi:include href="kakoune.xml" />
+ <xi:include href="linux.xml" />
+ <xi:include href="locales.xml" />
+ <xi:include href="nginx.xml" />
+ <xi:include href="opengl.xml" />
+ <xi:include href="shell-helpers.xml" />
+ <xi:include href="steam.xml" />
+ <xi:include href="weechat.xml" />
+ <xi:include href="xorg.xml" />
+</chapter>
--- a/doc/packages/kakoune.xml
+++ b/doc/packages/kakoune.xml
@@ -0,0 +1,14 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-kakoune">
+  <title>Kakoune</title>
+
+  <para>
+   Kakoune can be built to autoload plugins:
+<programlisting>(kakoune.override {
+  configure = {
+    plugins = with pkgs.kakounePlugins; [ parinfer-rust ];
+  };
+})</programlisting>
+  </para>
+</section>
--- a/doc/packages/linux.xml
+++ b/doc/packages/linux.xml
@@ -0,0 +1,85 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-linux-kernel">
+  <title>Linux kernel</title>
+
+  <para>
+   The Nix expressions to build the Linux kernel are in <link
+xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/os-specific/linux/kernel"><filename>pkgs/os-specific/linux/kernel</filename></link>.
+  </para>
+
+  <para>
+   The function that builds the kernel has an argument <varname>kernelPatches</varname> which should be a list of <literal>{name, patch, extraConfig}</literal> attribute sets, where <varname>name</varname> is the name of the patch (which is included in the kernel’s <varname>meta.description</varname> attribute), <varname>patch</varname> is the patch itself (possibly compressed), and <varname>extraConfig</varname> (optional) is a string specifying extra options to be concatenated to the kernel configuration file (<filename>.config</filename>).
+  </para>
+
+  <para>
+   The kernel derivation exports an attribute <varname>features</varname> specifying whether optional functionality is or isn’t enabled. This is used in NixOS to implement kernel-specific behaviour. For instance, if the kernel has the <varname>iwlwifi</varname> feature (i.e. has built-in support for Intel wireless chipsets), then NixOS doesn’t have to build the external <varname>iwlwifi</varname> package:
+<programlisting>
+modulesTree = [kernel]
+  ++ pkgs.lib.optional (!kernel.features ? iwlwifi) kernelPackages.iwlwifi
+  ++ ...;
+</programlisting>
+  </para>
+
+  <para>
+   How to add a new (major) version of the Linux kernel to Nixpkgs:
+   <orderedlist>
+    <listitem>
+     <para>
+      Copy the old Nix expression (e.g. <filename>linux-2.6.21.nix</filename>) to the new one (e.g. <filename>linux-2.6.22.nix</filename>) and update it.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Add the new kernel to <filename>all-packages.nix</filename> (e.g., create an attribute <varname>kernel_2_6_22</varname>).
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Now we’re going to update the kernel configuration. First unpack the kernel. Then for each supported platform (<literal>i686</literal>, <literal>x86_64</literal>, <literal>uml</literal>) do the following:
+      <orderedlist>
+       <listitem>
+        <para>
+         Make an copy from the old config (e.g. <filename>config-2.6.21-i686-smp</filename>) to the new one (e.g. <filename>config-2.6.22-i686-smp</filename>).
+        </para>
+       </listitem>
+       <listitem>
+        <para>
+         Copy the config file for this platform (e.g. <filename>config-2.6.22-i686-smp</filename>) to <filename>.config</filename> in the kernel source tree.
+        </para>
+       </listitem>
+       <listitem>
+        <para>
+         Run <literal>make oldconfig ARCH=<replaceable>{i386,x86_64,um}</replaceable></literal> and answer all questions. (For the uml configuration, also add <literal>SHELL=bash</literal>.) Make sure to keep the configuration consistent between platforms (i.e. don’t enable some feature on <literal>i686</literal> and disable it on <literal>x86_64</literal>).
+        </para>
+       </listitem>
+       <listitem>
+        <para>
+         If needed you can also run <literal>make menuconfig</literal>:
+<screen>
+<prompt>$ </prompt>nix-env -i ncurses
+<prompt>$ </prompt>export NIX_CFLAGS_LINK=-lncurses
+<prompt>$ </prompt>make menuconfig ARCH=<replaceable>arch</replaceable></screen>
+        </para>
+       </listitem>
+       <listitem>
+        <para>
+         Copy <filename>.config</filename> over the new config file (e.g. <filename>config-2.6.22-i686-smp</filename>).
+        </para>
+       </listitem>
+      </orderedlist>
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      Test building the kernel: <literal>nix-build -A kernel_2_6_22</literal>. If it compiles, ship it! For extra credit, try booting NixOS with it.
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      It may be that the new kernel requires updating the external kernel modules and kernel-dependent packages listed in the <varname>linuxPackagesFor</varname> function in <filename>all-packages.nix</filename> (such as the NVIDIA drivers, AUFS, etc.). If the updated packages aren’t backwards compatible with older kernels, you may need to keep the older versions around.
+     </para>
+    </listitem>
+   </orderedlist>
+  </para>
+ </section>
--- a/doc/packages/locales.xml
+++ b/doc/packages/locales.xml
@@ -0,0 +1,13 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="locales">
+ <title>Locales</title>
+
+ <para>
+  To allow simultaneous use of packages linked against different versions of <literal>glibc</literal> with different locale archive formats Nixpkgs patches <literal>glibc</literal> to rely on <literal>LOCALE_ARCHIVE</literal> environment variable.
+ </para>
+
+ <para>
+  On non-NixOS distributions this variable is obviously not set. This can cause regressions in language support or even crashes in some Nixpkgs-provided programs. The simplest way to mitigate this problem is exporting the <literal>LOCALE_ARCHIVE</literal> variable pointing to <literal>${glibcLocales}/lib/locale/locale-archive</literal>. The drawback (and the reason this is not the default) is the relatively large (a hundred MiB) size of the full set of locales. It is possible to build a custom set of locales by overriding parameters <literal>allLocales</literal> and <literal>locales</literal> of the package.
+ </para>
+</section>
--- a/doc/packages/nginx.xml
+++ b/doc/packages/nginx.xml
@@ -0,0 +1,25 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-nginx">
+  <title>Nginx</title>
+
+  <para>
+   <link xlink:href="https://nginx.org/">Nginx</link> is a reverse proxy and lightweight webserver.
+  </para>
+
+  <section xml:id="sec-nginx-etag">
+   <title>ETags on static files served from the Nix store</title>
+
+   <para>
+    HTTP has a couple different mechanisms for caching to prevent clients from having to download the same content repeatedly if a resource has not changed since the last time it was requested. When nginx is used as a server for static files, it implements the caching mechanism based on the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified"><literal>Last-Modified</literal></link> response header automatically; unfortunately, it works by using filesystem timestamps to determine the value of the <literal>Last-Modified</literal> header. This doesn't give the desired behavior when the file is in the Nix store, because all file timestamps are set to 0 (for reasons related to build reproducibility).
+   </para>
+
+   <para>
+    Fortunately, HTTP supports an alternative (and more effective) caching mechanism: the <link xlink:href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/ETag"><literal>ETag</literal></link> response header. The value of the <literal>ETag</literal> header specifies some identifier for the particular content that the server is sending (e.g. a hash). When a client makes a second request for the same resource, it sends that value back in an <literal>If-None-Match</literal> header. If the ETag value is unchanged, then the server does not need to resend the content.
+   </para>
+
+   <para>
+    As of NixOS 19.09, the nginx package in Nixpkgs is patched such that when nginx serves a file out of <filename>/nix/store</filename>, the hash in the store path is used as the <literal>ETag</literal> header in the HTTP response, thus providing proper caching functionality. This happens automatically; you do not need to do modify any configuration to get this behavior.
+   </para>
+  </section>
+</section>
--- a/doc/packages/opengl.xml
+++ b/doc/packages/opengl.xml
@@ -0,0 +1,9 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-opengl">
+ <title>OpenGL</title>
+
+ <para>
+ Packages that use OpenGL have NixOS desktop as their primary target. The current solution for loading the GPU-specific drivers is based on <literal>libglvnd</literal> and looks for the driver implementation in <literal>LD_LIBRARY_PATH</literal>. If you are using a non-NixOS GNU/Linux/X11 desktop with free software video drivers, consider launching OpenGL-dependent programs from Nixpkgs with Nixpkgs versions of <literal>libglvnd</literal> and <literal>mesa_drivers</literal> in <literal>LD_LIBRARY_PATH</literal>. For proprietary video drivers you might have luck with also adding the corresponding video driver package.
+ </para>
+</section>
--- a/doc/packages/shell-helpers.xml
+++ b/doc/packages/shell-helpers.xml
@@ -0,0 +1,25 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-shell-helpers">
+  <title>Interactive shell helpers</title>
+
+  <para>
+   Some packages provide the shell integration to be more useful. But unlike other systems, nix doesn't have a standard share directory location. This is why a bunch <command>PACKAGE-share</command> scripts are shipped that print the location of the corresponding shared folder. Current list of such packages is as following:
+   <itemizedlist>
+    <listitem>
+     <para>
+      <literal>autojump</literal>: <command>autojump-share</command>
+     </para>
+    </listitem>
+    <listitem>
+     <para>
+      <literal>fzf</literal>: <command>fzf-share</command>
+     </para>
+    </listitem>
+   </itemizedlist>
+   E.g. <literal>autojump</literal> can then used in the .bashrc like this:
+<screen>
+  source "$(autojump-share)/autojump.bash"
+</screen>
+  </para>
+</section>
--- a/doc/packages/steam.xml
+++ b/doc/packages/steam.xml
@@ -0,0 +1,131 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-steam">
+  <title>Steam</title>
+
+  <section xml:id="sec-steam-nix">
+   <title>Steam in Nix</title>
+
+   <para>
+    Steam is distributed as a <filename>.deb</filename> file, for now only as an i686 package (the amd64 package only has documentation). When unpacked, it has a script called <filename>steam</filename> that in Ubuntu (their target distro) would go to <filename>/usr/bin </filename>. When run for the first time, this script copies some files to the user's home, which include another script that is the ultimate responsible for launching the steam binary, which is also in $HOME.
+   </para>
+
+   <para>
+    Nix problems and constraints:
+    <itemizedlist>
+     <listitem>
+      <para>
+       We don't have <filename>/bin/bash</filename> and many scripts point there. Similarly for <filename>/usr/bin/python</filename> .
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       We don't have the dynamic loader in <filename>/lib </filename>.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       The <filename>steam.sh</filename> script in $HOME can not be patched, as it is checked and rewritten by steam.
+      </para>
+     </listitem>
+     <listitem>
+      <para>
+       The steam binary cannot be patched, it's also checked.
+      </para>
+     </listitem>
+    </itemizedlist>
+   </para>
+
+   <para>
+    The current approach to deploy Steam in NixOS is composing a FHS-compatible chroot environment, as documented <link xlink:href="http://sandervanderburg.blogspot.nl/2013/09/composing-fhs-compatible-chroot.html">here</link>. This allows us to have binaries in the expected paths without disrupting the system, and to avoid patching them to work in a non FHS environment.
+   </para>
+  </section>
+
+  <section xml:id="sec-steam-play">
+   <title>How to play</title>
+
+   <para>
+    For 64-bit systems it's important to have
+<programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
+    in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
+<programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
+    if you are using PulseAudio - this will enable 32bit ALSA apps integration. To use the Steam controller or other Steam supported controllers such as the DualShock 4 or Nintendo Switch Pro, you need to add
+<programlisting>hardware.steam-hardware.enable = true;</programlisting>
+    to your configuration.
+   </para>
+  </section>
+
+  <section xml:id="sec-steam-troub">
+   <title>Troubleshooting</title>
+
+   <para>
+    <variablelist>
+     <varlistentry>
+      <term>
+       Steam fails to start. What do I do?
+      </term>
+      <listitem>
+       <para>
+        Try to run
+<programlisting>strace steam</programlisting>
+        to see what is causing steam to fail.
+       </para>
+      </listitem>
+     </varlistentry>
+     <varlistentry>
+      <term>
+       Using the FOSS Radeon or nouveau (nvidia) drivers
+      </term>
+      <listitem>
+       <itemizedlist>
+        <listitem>
+         <para>
+          The <literal>newStdcpp</literal> parameter was removed since NixOS 17.09 and should not be needed anymore.
+         </para>
+        </listitem>
+        <listitem>
+         <para>
+          Steam ships statically linked with a version of libcrypto that conflics with the one dynamically loaded by radeonsi_dri.so. If you get the error
+<programlisting>steam.sh: line 713: 7842 Segmentation fault (core dumped)</programlisting>
+          have a look at <link xlink:href="https://github.com/NixOS/nixpkgs/pull/20269">this pull request</link>.
+         </para>
+        </listitem>
+       </itemizedlist>
+      </listitem>
+     </varlistentry>
+     <varlistentry>
+      <term>
+       Java
+      </term>
+      <listitem>
+       <orderedlist>
+        <listitem>
+         <para>
+          There is no java in steam chrootenv by default. If you get a message like
+<programlisting>/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found</programlisting>
+          You need to add
+<programlisting> steam.override { withJava = true; };</programlisting>
+          to your configuration.
+         </para>
+        </listitem>
+       </orderedlist>
+      </listitem>
+     </varlistentry>
+    </variablelist>
+   </para>
+  </section>
+
+  <section xml:id="sec-steam-run">
+   <title>steam-run</title>
+
+   <para>
+    The FHS-compatible chroot used for steam can also be used to run other linux games that expect a FHS environment. To do it, add
+<programlisting>pkgs.(steam.override {
+          nativeOnly = true;
+          newStdcpp = true;
+        }).run</programlisting>
+    to your configuration, rebuild, and run the game with
+<programlisting>steam-run ./foo</programlisting>
+   </para>
+  </section>
+</section>
--- a/doc/packages/unfree.xml
+++ b/doc/packages/unfree.xml
@@ -0,0 +1,13 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="unfree-software">
+ <title>Unfree software</title>
+
+ <para>
+  All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software. At the same time, many users need (or want) to run some specific pieces of proprietary software. Nixpkgs includes some expressions for unfree software packages. By default unfree software cannot be installed and doesn’t show up in searches. To allow installing unfree software in a single Nix invocation one can export <literal>NIXPKGS_ALLOW_UNFREE=1</literal>. For a persistent solution, users can set <literal>allowUnfree</literal> in the Nixpkgs configuration.
+ </para>
+
+ <para>
+  Fine-grained control is possible by defining <literal>allowUnfreePredicate</literal> function in config; it takes the <literal>mkDerivation</literal> parameter attrset and returns <literal>true</literal> for unfree packages that should be allowed.
+ </para>
+</section>
--- a/doc/packages/weechat.xml
+++ b/doc/packages/weechat.xml
@@ -0,0 +1,85 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-weechat">
+  <title>Weechat</title>
+
+  <para>
+   Weechat can be configured to include your choice of plugins, reducing its closure size from the default configuration which includes all available plugins. To make use of this functionality, install an expression that overrides its configuration such as
+<programlisting>weechat.override {configure = {availablePlugins, ...}: {
+    plugins = with availablePlugins; [ python perl ];
+  }
+}</programlisting>
+   If the <literal>configure</literal> function returns an attrset without the <literal>plugins</literal> attribute, <literal>availablePlugins</literal> will be used automatically.
+  </para>
+
+  <para>
+   The plugins currently available are <literal>python</literal>, <literal>perl</literal>, <literal>ruby</literal>, <literal>guile</literal>, <literal>tcl</literal> and <literal>lua</literal>.
+  </para>
+
+  <para>
+   The python and perl plugins allows the addition of extra libraries. For instance, the <literal>inotify.py</literal> script in weechat-scripts requires D-Bus or libnotify, and the <literal>fish.py</literal> script requires pycrypto. To use these scripts, use the plugin's <literal>withPackages</literal> attribute:
+<programlisting>weechat.override { configure = {availablePlugins, ...}: {
+    plugins = with availablePlugins; [
+            (python.withPackages (ps: with ps; [ pycrypto python-dbus ]))
+        ];
+    };
+}
+</programlisting>
+  </para>
+
+  <para>
+   In order to also keep all default plugins installed, it is possible to use the following method:
+<programlisting>weechat.override { configure = { availablePlugins, ... }: {
+  plugins = builtins.attrValues (availablePlugins // {
+    python = availablePlugins.python.withPackages (ps: with ps; [ pycrypto python-dbus ]);
+  });
+}; }
+</programlisting>
+  </para>
+
+  <para>
+   WeeChat allows to set defaults on startup using the <literal>--run-command</literal>. The <literal>configure</literal> method can be used to pass commands to the program:
+<programlisting>weechat.override {
+  configure = { availablePlugins, ... }: {
+    init = ''
+      /set foo bar
+      /server add freenode chat.freenode.org
+    '';
+  };
+}</programlisting>
+   Further values can be added to the list of commands when running <literal>weechat --run-command "your-commands"</literal>.
+  </para>
+
+  <para>
+   Additionally it's possible to specify scripts to be loaded when starting <literal>weechat</literal>. These will be loaded before the commands from <literal>init</literal>:
+<programlisting>weechat.override {
+  configure = { availablePlugins, ... }: {
+    scripts = with pkgs.weechatScripts; [
+      weechat-xmpp weechat-matrix-bridge wee-slack
+    ];
+    init = ''
+      /set plugins.var.python.jabber.key "val"
+    '':
+  };
+}</programlisting>
+  </para>
+
+  <para>
+   In <literal>nixpkgs</literal> there's a subpackage which contains derivations for WeeChat scripts. Such derivations expect a <literal>passthru.scripts</literal> attribute which contains a list of all scripts inside the store path. Furthermore all scripts have to live in <literal>$out/share</literal>. An exemplary derivation looks like this:
+<programlisting>{ stdenv, fetchurl }:
+
+stdenv.mkDerivation {
+  name = "exemplary-weechat-script";
+  src = fetchurl {
+    url = "https://scripts.tld/your-scripts.tar.gz";
+    sha256 = "...";
+  };
+  passthru.scripts = [ "foo.py" "bar.lua" ];
+  installPhase = ''
+    mkdir $out/share
+    cp foo.py $out/share
+    cp bar.lua $out/share
+  '';
+}</programlisting>
+  </para>
+</section>
--- a/doc/packages/xorg.xml
+++ b/doc/packages/xorg.xml
@@ -0,0 +1,34 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-xorg">
+  <title>X.org</title>
+
+  <para>
+   The Nix expressions for the X.org packages reside in <filename>pkgs/servers/x11/xorg/default.nix</filename>. This file is automatically generated from lists of tarballs in an X.org release. As such it should not be modified directly; rather, you should modify the lists, the generator script or the file <filename>pkgs/servers/x11/xorg/overrides.nix</filename>, in which you can override or add to the derivations produced by the generator.
+  </para>
+
+  <para>
+   The generator is invoked as follows:
+<screen>
+<prompt>$ </prompt>cd pkgs/servers/x11/xorg
+<prompt>$ </prompt>cat tarballs-7.5.list extra.list old.list \
+  | perl ./generate-expr-from-tarballs.pl
+</screen>
+   For each of the tarballs in the <filename>.list</filename> files, the script downloads it, unpacks it, and searches its <filename>configure.ac</filename> and <filename>*.pc.in</filename> files for dependencies. This information is used to generate <filename>default.nix</filename>. The generator caches downloaded tarballs between runs. Pay close attention to the <literal>NOT FOUND: <replaceable>name</replaceable></literal> messages at the end of the run, since they may indicate missing dependencies. (Some might be optional dependencies, however.)
+  </para>
+
+  <para>
+   A file like <filename>tarballs-7.5.list</filename> contains all tarballs in a X.org release. It can be generated like this:
+<screen>
+<prompt>$ </prompt>export i="mirror://xorg/X11R7.4/src/everything/"
+<prompt>$ </prompt>cat $(PRINT_PATH=1 nix-prefetch-url $i | tail -n 1) \
+  | perl -e 'while (&lt;>) { if (/(href|HREF)="([^"]*.bz2)"/) { print "$ENV{'i'}$2\n"; }; }' \
+  | sort > tarballs-7.4.list
+</screen>
+   <filename>extra.list</filename> contains libraries that aren’t part of X.org proper, but are closely related to it, such as <literal>libxcb</literal>. <filename>old.list</filename> contains some packages that were removed from X.org, but are still needed by some people or by other packages (such as <varname>imake</varname>).
+  </para>
+
+  <para>
+   If the expression for a package requires derivation attributes that the generator cannot figure out automatically (say, <varname>patches</varname> or a <varname>postInstall</varname> hook), you should modify <filename>pkgs/servers/x11/xorg/overrides.nix</filename>.
+  </para>
+</section>
--- a/doc/platform-notes.xml
+++ b/doc/platform-notes.xml
@@ -1,6 +1,6 @@
 <chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="chap-platform-nodes">
+         xml:id="chap-platform-notes">
 <title>Platform Notes</title>
 <section xml:id="sec-darwin">
  <title>Darwin (macOS)</title>
--- a/doc/reviewing-contributions.xml
+++ b/doc/reviewing-contributions.xml
@@ -2,7 +2,7 @@
        xmlns:xlink="http://www.w3.org/1999/xlink"
        xmlns:xi="http://www.w3.org/2001/XInclude"
        version="5.0"
-        xml:id="sec-reviewing-contributions">
+        xml:id="chap-reviewing-contributions">
 <title>Reviewing contributions</title>
 <warning>
  <para>
@@ -148,10 +148,10 @@
     </listitem>
     <listitem>
      <para>
-       The <link xlink:href="https://github.com/Mic92/nix-review">nix-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
+       The <link xlink:href="https://github.com/Mic92/nixpkgs-review">nixpkgs-review</link> tool can be used to review a pull request content in a single command. <varname>PRNUMBER</varname> should be replaced by the number at the end of the pull request title. You can also provide the full github pull request url.
      </para>
 <screen>
-<prompt>$ </prompt>nix-shell -p nix-review --run "nix-review pr PRNUMBER"
+<prompt>$ </prompt>nix-shell -p nixpkgs-review --run "nixpkgs-review pr PRNUMBER"
 </screen>
     </listitem>
    </itemizedlist>
--- a/doc/submitting-changes.xml
+++ b/doc/submitting-changes.xml
@@ -290,20 +290,25 @@ Additional information.
  </section>

  <section xml:id="submitting-changes-tested-compilation">
-   <title>Tested compilation of all pkgs that depend on this change using <command>nix-review</command></title>
+   <title>Tested compilation of all pkgs that depend on this change using <command>nixpkgs-review</command></title>

   <para>
-    If you are updating a package's version, you can use nix-review to make sure all packages that depend on the updated package still compile correctly. The <command>nix-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
+    If you are updating a package's version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The <command>nixpkgs-review</command> utility can look for and build all dependencies either based on uncommited changes with the <literal>wip</literal> option or specifying a github pull request number.
   </para>

   <para>
    review changes from pull request number 12345:
-<screen>nix-shell -p nix-review --run "nix-review pr 12345"</screen>
+    <screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345</screen>
   </para>

   <para>
    review uncommitted changes:
-<screen>nix-shell -p nix-review --run "nix-review wip"</screen>
+    <screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip</screen>
+   </para>
+
+   <para>
+    review changes from last commit:
+    <screen>nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD</screen>
   </para>
  </section>

@@ -375,31 +380,32 @@ Additional information.

  <section xml:id="submitting-changes-master-branch">
   <title>Master branch</title>
-
-   <itemizedlist>
-    <listitem>
-     <para>
-      It should only see non-breaking commits that do not cause mass rebuilds.
-     </para>
-    </listitem>
-   </itemizedlist>
+   <para>
+    The <literal>master</literal> branch is the main development branch.
+    It should only see non-breaking commits that do not cause mass rebuilds.
+   </para>
  </section>

  <section xml:id="submitting-changes-staging-branch">
   <title>Staging branch</title>
+   <para>
+    The <literal>staging</literal> branch is a development branch where mass-rebuilds go.
+    It should only see non-breaking mass-rebuild commits.
+    That means it is not to be used for testing, and changes must have been well tested already.
+    If the branch is already in a broken state, please refrain from adding extra new breakages.
+   </para>
+  </section>

-   <itemizedlist>
-    <listitem>
-     <para>
-      It's only for non-breaking mass-rebuild commits. That means it's not to be used for testing, and changes must have been well tested already. <link xlink:href="https://web.archive.org/web/20160528180406/http://comments.gmane.org/gmane.linux.distributions.nixos/13447">Read policy here</link>.
-     </para>
-    </listitem>
-    <listitem>
-     <para>
-      If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days, merge into master, then resume development on staging. <link xlink:href="http://hydra.nixos.org/jobset/nixpkgs/staging#tabs-evaluations">Keep an eye on the staging evaluations here</link>. If any fixes for staging happen to be already in master, then master can be merged into staging.
-     </para>
-    </listitem>
-   </itemizedlist>
+  <section xml:id="submitting-changes-staging-next-branch">
+   <title>Staging-next branch</title>
+   <para>
+    The <literal>staging-next</literal> branch is for stabilizing mass-rebuilds submitted to the <literal>staging</literal> branch prior to merging them into <literal>master</literal>.
+    Mass-rebuilds should go via the <literal>staging</literal> branch.
+    It should only see non-breaking commits that are fixing issues blocking it from being merged into the <literal>master </literal> branch.
+   </para>
+   <para>
+    If the branch is already in a broken state, please refrain from adding extra new breakages. Stabilize it for a few days and then merge into master.
+   </para>
  </section>

  <section xml:id="submitting-changes-stable-release-branches">
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -84,7 +84,8 @@ let
      hasInfix hasPrefix hasSuffix stringToCharacters stringAsChars escape
      escapeShellArg escapeShellArgs replaceChars lowerChars
      upperChars toLower toUpper addContextFrom splitString
-      removePrefix removeSuffix versionOlder versionAtLeast getVersion
+      removePrefix removeSuffix versionOlder versionAtLeast
+      getName getVersion
      nameFromURL enableFeature enableFeatureAs withFeature
      withFeatureAs fixedWidthString fixedWidthNumber isStorePath
      toInt readPathsFromFile fileContents;
@@ -134,5 +135,7 @@ let
      mergeAttrsByFuncDefaultsClean mergeAttrBy
      fakeSha256 fakeSha512
      nixType imap;
+    inherit (versions)
+      splitVersion;
  });
 in lib
--- a/lib/strings.nix
+++ b/lib/strings.nix
@@ -472,6 +472,23 @@ rec {
  */
  versionAtLeast = v1: v2: !versionOlder v1 v2;

+  /* This function takes an argument that's either a derivation or a
+     derivation's "name" attribute and extracts the name part from that
+     argument.
+
+     Example:
+       getName "youtube-dl-2016.01.01"
+       => "youtube-dl"
+       getName pkgs.youtube-dl
+       => "youtube-dl"
+  */
+  getName = x:
+   let
+     parse = drv: (builtins.parseDrvName drv).name;
+   in if isString x
+      then parse x
+      else x.pname or (parse x.name);
+
  /* This function takes an argument that's either a derivation or a
     derivation's "name" attribute and extracts the version part from that
     argument.
--- a/lib/systems/doubles.nix
+++ b/lib/systems/doubles.nix
@@ -27,6 +27,8 @@ let
    "riscv32-linux" "riscv64-linux"

    "aarch64-none" "avr-none" "arm-none" "i686-none" "x86_64-none" "powerpc-none" "msp430-none" "riscv64-none" "riscv32-none"
+
+    "js-ghcjs"
  ];

  allParsed = map parse.mkSystemFromString all;
@@ -45,6 +47,7 @@ in {
  x86_64  = filterDoubles predicates.isx86_64;
  mips    = filterDoubles predicates.isMips;
  riscv   = filterDoubles predicates.isRiscV;
+  js      = filterDoubles predicates.isJavaScript;

  cygwin  = filterDoubles predicates.isCygwin;
  darwin  = filterDoubles predicates.isDarwin;
--- a/lib/systems/examples.nix
+++ b/lib/systems/examples.nix
@@ -207,7 +207,7 @@ rec {

  # 32 bit mingw-w64
  mingw32 = {
-    config = "i686-pc-mingw32";
+    config = "i686-w64-mingw32";
    libc = "msvcrt"; # This distinguishes the mingw (non posix) toolchain
    platform = {};
  };
@@ -215,7 +215,7 @@ rec {
  # 64 bit mingw-w64
  mingwW64 = {
    # That's the triplet they use in the mingw-w64 docs.
-    config = "x86_64-pc-mingw32";
+    config = "x86_64-w64-mingw32";
    libc = "msvcrt"; # This distinguishes the mingw (non posix) toolchain
    platform = {};
  };
--- a/lib/systems/parse.nix
+++ b/lib/systems/parse.nix
@@ -208,6 +208,9 @@ rec {
  vendors = setTypes types.openVendor {
    apple = {};
    pc = {};
+    # Actually matters, unlocking some MinGW-w64-specific options in GCC. See
+    # bottom of https://sourceforge.net/p/mingw-w64/wiki2/Unicode%20apps/
+    w64 = {};

    none = {};
    unknown = {};
--- a/lib/tests/systems.nix
+++ b/lib/tests/systems.nix
@@ -12,7 +12,7 @@ let
    expected = lib.sort lib.lessThan y;
  };
 in with lib.systems.doubles; lib.runTests {
-  testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded);
+  testall = mseteq all (linux ++ darwin ++ freebsd ++ openbsd ++ netbsd ++ illumos ++ wasi ++ windows ++ embedded ++ js);

  testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "arm-none" "armv7a-darwin" ];
  testi686 = mseteq i686 [ "i686-linux" "i686-freebsd" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
--- a/lib/types.nix
+++ b/lib/types.nix
@@ -242,8 +242,7 @@ rec {

    path = mkOptionType {
      name = "path";
-      # Hacky: there is no ‘isPath’ primop.
-      check = x: builtins.substring 0 1 (toString x) == "/";
+      check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
      merge = mergeEqualOption;
    };

--- a/lib/versions.nix
+++ b/lib/versions.nix
@@ -1,14 +1,16 @@
 /* Version string functions. */
 { lib }:

-let
+rec {

+  /* Break a version string into its component parts.
+
+     Example:
+       splitVersion "1.2.3"
+       => ["1" "2" "3"]
+  */
  splitVersion = builtins.splitVersion or (lib.splitString ".");

-in
-
-{
-
  /* Get the major version string from a string.

    Example:
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -1427,6 +1427,12 @@
    githubId = 245394;
    name = "Hannu Hartikainen";
  };
+  danderson = {
+    email = "dave@natulte.net";
+    github = "danderson";
+    githubId = 1918;
+    name = "David Anderson";
+  };
  danharaj = {
    email = "dan@obsidian.systems";
    github = "danharaj";
@@ -1977,6 +1983,12 @@
    email = "mpcervin@uncg.edu";
    name = "Mabry Cervin";
  };
+  equirosa = {
+    email = "eduardo@eduardoquiros.com";
+    github = "equirosa";
+    githubId = 39096810;
+    name = "Eduardo Quiros";
+  };
  eqyiel = {
    email = "ruben@maher.fyi";
    github = "eqyiel";
@@ -2348,6 +2360,12 @@
    github = "gavinrogers";
    name = "Gavin Rogers";
  };
+  gazally = {
+    email = "gazally@runbox.com";
+    github = "gazally";
+    githubId = 16470252;
+    name = "Gemini Lasswell";
+  };
  gebner = {
    email = "gebner@gebner.org";
    github = "gebner";
@@ -2900,6 +2918,12 @@
    githubId = 1198065;
    name = "Jeffrey David Johnson";
  };
+  jefflabonte = {
+    email = "grimsleepless@protonmail.com";
+    github = "jefflabonte";
+    githubId = 9425955;
+    name = "Jean-François Labonté";
+  };
  jensbin = {
    email = "jensbin+git@pm.me";
    github = "jensbin";
@@ -3166,6 +3190,16 @@
    githubId = 4611077;
    name = "Raymond Gauthier";
  };
+  jtcoolen = {
+    email = "jtcoolen@pm.me";
+    name = "Julien Coolen";
+    github = "jtcoolen";
+    githubId = 54635632;
+    keys = [{
+      longkeyid = "rsa4096/0x19642151C218F6F5";
+      fingerprint = "4C68 56EE DFDA 20FB 77E8  9169 1964 2151 C218 F6F5";
+    }];
+  };
  jtobin = {
    email = "jared@jtobin.io";
    github = "jtobin";
@@ -3951,6 +3985,12 @@
    githubId = 1269099;
    name = "Marius Bakke";
  };
+  mbaillie = {
+    email = "martin@baillie.email";
+    github = "martinbaillie";
+    githubId = 613740;
+    name = "Martin Baillie";
+  };
  mbbx6spp = {
    email = "me@susanpotter.net";
    github = "mbbx6spp";
@@ -6824,6 +6864,12 @@
    githubId = 3889405;
    name = "vyp";
  };
+  wamserma = {
+    name = "Markus S. Wamser";
+    email = "github-dev@mail2013.wamser.eu";
+    github = "wamserma";
+    githubId = 60148;
+  };
  waynr = {
    name = "Wayne Warren";
    email = "wayne.warren.s@gmail.com";
@@ -6894,7 +6940,7 @@
    email = "worldofpeace@protonmail.ch";
    github = "worldofpeace";
    githubId = 28888242;
-    name = "Worldofpeace";
+    name = "worldofpeace";
  };
  wscott = {
    email = "wsc9tt@gmail.com";
--- a/maintainers/scripts/update-discord
+++ b/maintainers/scripts/update-discord
@@ -6,7 +6,7 @@ exec >${1:?usage: $0 <output-file>}

 cat <<EOF
 { branch ? "stable", pkgs }:
-
+# Generated by /maintainers/scripts/update-discord
 let
  inherit (pkgs) callPackage fetchurl;
 in {
@@ -16,7 +16,7 @@ for branch in "" ptb canary; do
    url=$(curl -sI "https://discordapp.com/api/download${branch:+/}${branch}?platform=linux&format=tar.gz" | grep -oP 'location: \K\S+')
    version=${url##https://dl*.discordapp.net/apps/linux/}
    version=${version%%/*.tar.gz}
-    echo "  ${branch:-stable} = callPackage ./base.nix {"
+    echo "  ${branch:-stable} = callPackage ./base.nix rec {"
    echo "    pname = \"discord${branch:+-}${branch}\";"
    case $branch in
        "") suffix="" ;;
@@ -27,7 +27,7 @@ for branch in "" ptb canary; do
    echo "    desktopName = \"Discord${suffix:+ }${suffix}\";"
    echo "    version = \"${version}\";"
    echo "    src = fetchurl {"
-    echo "      url = \"${url}\";"
+    echo "      url = \"${url//${version}/\$\{version\}}\";"
    echo "      sha256 = \"$(nix-prefetch-url "$url")\";"
    echo "    };"
    echo "  };"
--- a/maintainers/scripts/update.nix
+++ b/maintainers/scripts/update.nix
@@ -126,7 +126,7 @@ let

  packageData = package: {
    name = package.name;
-    pname = (builtins.parseDrvName package.name).name;
+    pname = pkgs.lib.getName package;
    updateScript = map builtins.toString (pkgs.lib.toList package.updateScript);
  };

--- a/nixos/doc/manual/development/releases.xml
+++ b/nixos/doc/manual/development/releases.xml
@@ -45,12 +45,12 @@
    <listitem>
     <para>
      <literal>git tag -a -s -m &quot;Release 17.09-beta&quot; 17.09-beta
-      &amp;&amp; git push --tags</literal>
+      &amp;&amp; git push origin 17.09-beta</literal>
     </para>
    </listitem>
    <listitem>
     <para>
-      From the master branch run <literal>git checkout -B
+      From the master branch run <literal>git checkout -b
      release-17.09</literal>.
     </para>
    </listitem>
@@ -157,7 +157,7 @@
    <listitem>
     <para>
      Release Nix (currently only Eelco Dolstra can do that).
-      <link xlink:href="https://github.com/NixOS/nixpkgs/commit/53710c752a85f00658882531bc90a23a3d1287e4">
+      <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/tools/nix-fallback-paths.nix">
      Make sure fallback is updated. </link>
     </para>
    </listitem>
@@ -169,8 +169,8 @@
    </listitem>
    <listitem>
     <para>
-      Change <literal>stableBranch</literal> to true and wait for channel to
-      update.
+      Change <literal>stableBranch</literal> to <literal>true</literal> in Hydra and wait for
+      the channel to update.
     </para>
    </listitem>
   </itemizedlist>
@@ -193,9 +193,11 @@
    </listitem>
    <listitem>
     <para>
-      Update http://nixos.org/nixos/download.html and
-      http://nixos.org/nixos/manual in
-      https://github.com/NixOS/nixos-org-configurations
+      Update the
+      <link xlink:href="https://github.com/NixOS/nixos-homepage/commit/2a37975d5a617ecdfca94696242b6f32ffcba9f1"><code>NIXOS_SERIES</code></link>
+      in the
+      <link xlink:href="https://github.com/NixOS/nixos-homepage">nixos-homepage</link>
+      repository.
     </para>
    </listitem>
    <listitem>
@@ -212,7 +214,8 @@
    </listitem>
    <listitem>
     <para>
-      Send an email to nix-dev to announce the release with above information.
+      Create a new topic on <link xlink:href="https://discourse.nixos.org/">the
+      Discourse instance</link> to announce the release with the above information.
      Best to check how previous email was formulated to see what needs to be
      included.
     </para>
--- a/nixos/doc/manual/installation/installing.xml
+++ b/nixos/doc/manual/installation/installing.xml
@@ -68,7 +68,7 @@
    If you would like to continue the installation from a different machine you
    need to activate the SSH daemon via <command>systemctl start
    sshd</command>. You then must set a password for either <literal>root</literal> or
-    <literal>nixos</literal> with <command>passwd></command> to be able to login.
+    <literal>nixos</literal> with <command>passwd</command> to be able to login.
   </para>
  </section>
 </section>
@@ -392,11 +392,11 @@
     <filename>hardware-configuration.nix</filename> is included from
     <filename>configuration.nix</filename> and will be overwritten by future
     invocations of <command>nixos-generate-config</command>; thus, you
-     generally should not modify it.) Additionally, you may want to look at 
+     generally should not modify it.) Additionally, you may want to look at
     <link xlink:href="https://github.com/NixOS/nixos-hardware">Hardware
     configuration for known-hardware</link> at this point or after
     installation.
-      
+
    </para>
    <note>
     <para>
@@ -418,11 +418,11 @@
     Do the installation:
 <screen>
 <prompt># </prompt>nixos-install</screen>
-     Cross fingers. If this fails due to a temporary problem (such as a network
-     issue while downloading binaries from the NixOS binary cache), you can
-     just re-run <command>nixos-install</command>. Otherwise, fix your
-     <filename>configuration.nix</filename> and then re-run
-     <command>nixos-install</command>.
+     This will install your system based on the configuration you provided.
+     If anything fails due to a configuration problem or any other issue
+     (such as a network outage while downloading binaries from the NixOS
+     binary cache), you can re-run <command>nixos-install</command> after
+     fixing your <filename>configuration.nix</filename>.
    </para>
    <para>
     As the last step, <command>nixos-install</command> will ask you to set the
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -120,12 +120,17 @@ nixos https://nixos.org/channels/nixos-unstable
   to <filename>configuration.nix</filename>:
 <programlisting>
 <xref linkend="opt-system.autoUpgrade.enable"/> = true;
+<xref linkend="opt-system.autoUpgrade.allowReboot"/> = true;
 </programlisting>
   This enables a periodically executed systemd service named
-   <literal>nixos-upgrade.service</literal>. It runs <command>nixos-rebuild
-   switch --upgrade</command> to upgrade NixOS to the latest version in the
-   current channel. (To see when the service runs, see <command>systemctl
-   list-timers</command>.) You can also specify a channel explicitly, e.g.
+   <literal>nixos-upgrade.service</literal>. If the <literal>allowReboot</literal>
+   option is <literal>false</literal>, it runs <command>nixos-rebuild switch
+   --upgrade</command> to upgrade NixOS to the latest version in the current
+   channel. (To see when the service runs, see <command>systemctl list-timers</command>.)
+   If <literal>allowReboot</literal> is <literal>true</literal>, then the
+   system will automatically reboot if the new generation contains a different
+   kernel, initrd or kernel modules.
+   You can also specify a channel explicitly, e.g.
 <programlisting>
 <xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-19.09;
 </programlisting>
--- a/nixos/doc/manual/release-notes/rl-1909.xml
+++ b/nixos/doc/manual/release-notes/rl-1909.xml
@@ -3,7 +3,7 @@
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-19.09">
- <title>Release 19.09 (“Loris”, 2019/09/??)</title>
+ <title>Release 19.09 (“Loris”, 2019/10/09)</title>

 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
@@ -23,6 +23,26 @@
     End of support is planned for end of April 2020, handing over to 20.03.
    </para>
   </listitem>
+   <listitem>
+    <para>
+     Nix has been updated to 2.3; see its
+     <link xlink:href="https://nixos.org/nix/manual/#ssec-relnotes-2.3">release
+     notes</link>.
+    </para>
+   </listitem>
+   <listitem>
+    <para>Core version changes:</para>
+    <para>systemd: 239 -&gt; 243</para>
+    <para>gcc: 7 -&gt; 8</para>
+    <para>glibc: 2.27 (unchanged)</para>
+    <para>linux: 4.19 LTS (unchanged)</para>
+    <para>openssl: 1.0 -&gt; 1.1</para>
+   </listitem>
+   <listitem>
+    <para>Desktop version changes:</para>
+    <para>plasma5: 5.14 -&gt; 5.16</para>
+    <para>gnome3: 3.30 -&gt; 3.32</para>
+   </listitem>
   <listitem>
    <para>
     PHP now defaults to PHP 7.3, updated from 7.2.
@@ -170,6 +190,13 @@
     </listitem>
    </itemizedlist>
   </listitem>
+   <listitem>
+    <para>
+     <xref linkend="opt-services.blueman.enable"/> has been added.
+     If you previously had blueman installed via <option>environment.systemPackages</option> please
+     migrate to using the NixOS module, as this would result in an insufficiently configured blueman.
+    </para>
+   </listitem>
  </itemizedlist>

 </section>
@@ -512,9 +539,11 @@
       is set to <literal>/var/lib/gitlab/state</literal>, <literal>gitlab</literal> and all parent directories
       must be owned by either <literal>root</literal> or the user specified in <option>services.gitlab.user</option>.
     </para>
+   </listitem>
+   <listitem>
     <para>
      The <option>networking.useDHCP</option> option is unsupported in combination with
-      <option>networking.useNetworkd</option> in anticipation of defaulting to it by default.
+      <option>networking.useNetworkd</option> in anticipation of defaulting to it.
      It has to be set to <literal>false</literal> and enabled per
      interface with <option>networking.interfaces.&lt;name&gt;.useDHCP = true;</option>
    </para>
@@ -541,6 +570,27 @@
       earlier version of NixOS.
     </para>
   </listitem>
+   <listitem>
+     <para>
+       Due to the short lifetime of non-LTS kernel releases package attributes like <literal>linux_5_1</literal>,
+       <literal>linux_5_2</literal> and <literal>linux_5_3</literal> have been removed to discourage dependence
+       on specific non-LTS kernel versions in stable NixOS releases.
+
+       Going forward, versioned attributes like <literal>linux_4_9</literal> will exist for LTS versions only.
+       Please use <literal>linux_latest</literal> or <literal>linux_testing</literal> if you depend on non-LTS
+       releases. Keep in mind that <literal>linux_latest</literal> and <literal>linux_testing</literal> will
+       change versions under the hood during the lifetime of a stable release and might include breaking changes.
+     </para>
+   </listitem>
+   <listitem>
+     <para>
+       Because of the systemd upgrade,
+       some network interfaces might change their name. For details see
+       <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.net-naming-scheme.html#History">
+       upstream docs</link> or <link xlink:href="https://github.com/NixOS/nixpkgs/issues/71086">
+       our ticket</link>.
+     </para>
+   </listitem>
  </itemizedlist>
 </section>

--- a/nixos/lib/make-options-doc/default.nix
+++ b/nixos/lib/make-options-doc/default.nix
@@ -133,6 +133,7 @@ in {

  optionsJSON = pkgs.runCommand "options.json"
    { meta.description = "List of NixOS options in JSON format";
+      buildInputs = [ pkgs.brotli ];
    }
    ''
      # Export list of options in different format.
@@ -141,8 +142,11 @@ in {

      cp ${builtins.toFile "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix))} $dst/options.json

+      brotli -9 < $dst/options.json > $dst/options.json.br
+
      mkdir -p $out/nix-support
      echo "file json $dst/options.json" >> $out/nix-support/hydra-build-products
+      echo "file json-br $dst/options.json.br" >> $out/nix-support/hydra-build-products
    ''; # */

  optionsDocBook = pkgs.runCommand "options-docbook.xml" {} ''
--- a/nixos/maintainers/scripts/ec2/create-amis.sh
+++ b/nixos/maintainers/scripts/ec2/create-amis.sh
@@ -14,11 +14,11 @@
 set -euo pipefail

 # configuration
-state_dir=/home/deploy/amis/ec2-images
+state_dir=$HOME/amis/ec2-images
 home_region=eu-west-1
 bucket=nixos-amis

-regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1
+regions=(eu-west-1 eu-west-2 eu-west-3 eu-central-1 eu-north-1
         us-east-1 us-east-2 us-west-1 us-west-2
         ca-central-1
         ap-southeast-1 ap-southeast-2 ap-northeast-1 ap-northeast-2
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@@ -89,11 +89,7 @@ with lib;
      };

      consoleKeyMap = mkOption {
-        type = mkOptionType {
-          name = "string or path";
-          check = t: (isString t || types.path.check t);
-        };
-
+        type = with types; either str path;
        default = "us";
        example = "fr";
        description = ''
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@@ -99,11 +99,12 @@ in {
        description = ''
          If false, a PulseAudio server is launched automatically for
          each user that tries to use the sound system. The server runs
-          with user privileges. This is the recommended and most secure
-          way to use PulseAudio. If true, one system-wide PulseAudio
+          with user privileges. If true, one system-wide PulseAudio
          server is launched on boot, running as the user "pulse", and
          only users in the "audio" group will have access to the server.
          Please read the PulseAudio documentation for more details.
+
+          Don't enable this option unless you know what you are doing.
        '';
      };

--- a/nixos/modules/config/qt5.nix
+++ b/nixos/modules/config/qt5.nix
@@ -10,7 +10,7 @@ let
  isQtStyle = cfg.platformTheme == "gtk2" && cfg.style != "adwaita";

  packages = if isQGnome then [ pkgs.qgnomeplatform pkgs.adwaita-qt ]
-    else if isQtStyle then [ pkgs.qtstyleplugins ]
+    else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
    else throw "`qt5.platformTheme` ${cfg.platformTheme} and `qt5.style` ${cfg.style} are not compatible.";

 in
--- a/nixos/modules/hardware/steam-hardware.nix
+++ b/nixos/modules/hardware/steam-hardware.nix
@@ -21,5 +21,12 @@ in
    services.udev.packages = [
      pkgs.steamPackages.steam
    ];
+
+    # The uinput module needs to be loaded in order to trigger the udev rules
+    # defined in the steam package for setting permissions on /dev/uinput.
+    #
+    # If the udev rules are not triggered, some controllers won't work with
+    # steam.
+    boot.kernelModules = [ "uinput" ];
  };
 }
--- a/nixos/modules/installer/tools/nix-fallback-paths.nix
+++ b/nixos/modules/installer/tools/nix-fallback-paths.nix
@@ -1,6 +1,6 @@
 {
-  x86_64-linux = "/nix/store/3ds3cgji9vjxdbgp10av6smyym1126d1-nix-2.3";
-  i686-linux = "/nix/store/ln1ndqvfpc9cdl03vqxi6kvlxm9wfv9g-nix-2.3";
-  aarch64-linux = "/nix/store/n8a1rwzrp20qcr2c4hvyn6c5q9zx8csw-nix-2.3";
-  x86_64-darwin = "/nix/store/jq6npmpld02sz4rgniz0qrsdfnm6j17a-nix-2.3";
+  x86_64-linux = "/nix/store/ddmmzn4ggz1f66lwxjy64n89864yj9w9-nix-2.3.3";
+  i686-linux = "/nix/store/5axys7hsggb4282dsbps5k5p0v59yv13-nix-2.3.3";
+  aarch64-linux = "/nix/store/k80nwvi19hxwbz3c9cxgp24f1jjxwmcc-nix-2.3.3";
+  x86_64-darwin = "/nix/store/lrnvapsqmf0ja6zfyx4cpxr7ahdr7f9b-nix-2.3.3";
 }
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@@ -128,7 +128,7 @@ in {

    # directory creation needs to be separated from main service
    # because ReadWritePaths fails when the directory doesn't already exist
-    systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ];
+    systemd.tmpfiles.rules = mkIf ((dirOf cfg.output) != "/var/cache") [ "d ${dirOf cfg.output} 0755 root root -" ];

    systemd.services.update-locatedb =
      { description = "Update Locate Database";
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -142,7 +142,6 @@
  ./programs/seahorse.nix
  ./programs/slock.nix
  ./programs/shadow.nix
-  ./programs/shell.nix
  ./programs/spacefm.nix
  ./programs/singularity.nix
  ./programs/ssh.nix
@@ -316,6 +315,7 @@
  ./services/development/bloop.nix
  ./services/development/hoogle.nix
  ./services/development/jupyter/default.nix
+  ./services/development/lorri.nix
  ./services/editors/emacs.nix
  ./services/editors/infinoted.nix
  ./services/games/factorio.nix
@@ -664,6 +664,7 @@
  ./services/networking/polipo.nix
  ./services/networking/powerdns.nix
  ./services/networking/pdns-recursor.nix
+  ./services/networking/pppd.nix
  ./services/networking/pptpd.nix
  ./services/networking/prayer.nix
  ./services/networking/privoxy.nix
@@ -703,6 +704,7 @@
  ./services/networking/syncthing.nix
  ./services/networking/syncthing-relay.nix
  ./services/networking/syncplay.nix
+  ./services/networking/tailscale.nix
  ./services/networking/tcpcrypt.nix
  ./services/networking/teamspeak3.nix
  ./services/networking/tedicross.nix
@@ -726,6 +728,7 @@
  ./services/networking/xinetd.nix
  ./services/networking/xl2tpd.nix
  ./services/networking/xrdp.nix
+  ./services/networking/yggdrasil.nix
  ./services/networking/zerobin.nix
  ./services/networking/zeronet.nix
  ./services/networking/zerotierone.nix
--- a/nixos/modules/profiles/graphical.nix
+++ b/nixos/modules/profiles/graphical.nix
@@ -16,7 +16,6 @@

  # Enable sound in virtualbox appliances.
  hardware.pulseaudio.enable = true;
-  hardware.pulseaudio.systemWide = true; # Needed since we run plasma as root.

  environment.systemPackages = [ pkgs.glxinfo pkgs.firefox ];
 }
--- a/nixos/modules/programs/adb.nix
+++ b/nixos/modules/programs/adb.nix
@@ -23,7 +23,8 @@ with lib;
  ###### implementation
  config = mkIf config.programs.adb.enable {
    services.udev.packages = [ pkgs.android-udev-rules ];
-    environment.systemPackages = [ pkgs.androidenv.androidPkgs_9_0.platform-tools ];
+    # Give platform-tools lower priority so mke2fs+friends are taken from other packages first
+    environment.systemPackages = [ (lowPrio pkgs.androidenv.androidPkgs_9_0.platform-tools) ];
    users.groups.adbusers = {};
  };
 }
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -1,54 +0,0 @@
-# This module defines a standard configuration for NixOS shells.
-
-{ config, lib, ... }:
-
-with lib;
-
-{
-
-  config = {
-
-    environment.shellInit =
-      ''
-        # Set up the per-user profile.
-        mkdir -m 0755 -p "$NIX_USER_PROFILE_DIR"
-        if [ "$(stat -c '%u' "$NIX_USER_PROFILE_DIR")" != "$(id -u)" ]; then
-            echo "WARNING: the per-user profile dir $NIX_USER_PROFILE_DIR should belong to user id $(id -u)" >&2
-        fi
-
-        if [ -w "$HOME" ]; then
-          if ! [ -L "$HOME/.nix-profile" ]; then
-              if [ "$USER" != root ]; then
-                  ln -s "$NIX_USER_PROFILE_DIR/profile" "$HOME/.nix-profile"
-              else
-                  # Root installs in the system-wide profile by default.
-                  ln -s /nix/var/nix/profiles/default "$HOME/.nix-profile"
-              fi
-          fi
-
-          # Subscribe the root user to the NixOS channel by default.
-          if [ "$USER" = root -a ! -e "$HOME/.nix-channels" ]; then
-              echo "${config.system.defaultChannel} nixos" > "$HOME/.nix-channels"
-          fi
-
-          # Create the per-user garbage collector roots directory.
-          NIX_USER_GCROOTS_DIR="/nix/var/nix/gcroots/per-user/$USER"
-          mkdir -m 0755 -p "$NIX_USER_GCROOTS_DIR"
-          if [ "$(stat -c '%u' "$NIX_USER_GCROOTS_DIR")" != "$(id -u)" ]; then
-              echo "WARNING: the per-user gcroots dir $NIX_USER_GCROOTS_DIR should belong to user id $(id -u)" >&2
-          fi
-
-          # Set up a default Nix expression from which to install stuff.
-          if [ ! -e "$HOME/.nix-defexpr" -o -L "$HOME/.nix-defexpr" ]; then
-              rm -f "$HOME/.nix-defexpr"
-              mkdir -p "$HOME/.nix-defexpr"
-              if [ "$USER" != root ]; then
-                  ln -s /nix/var/nix/profiles/per-user/root/channels "$HOME/.nix-defexpr/channels_root"
-              fi
-          fi
-        fi
-      '';
-
-  };
-
-}
--- a/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
+++ b/nixos/modules/programs/zsh/zsh-syntax-highlighting.nix
@@ -81,7 +81,7 @@ in
    ];

    programs.zsh.interactiveShellInit = with pkgs;
-      lib.concatStringsSep "\n" ([
+      lib.mkAfter (lib.concatStringsSep "\n" ([
        "source ${zsh-syntax-highlighting}/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh"
      ] ++ optional (length(cfg.highlighters) > 0)
        "ZSH_HIGHLIGHT_HIGHLIGHTERS=(${concatStringsSep " " cfg.highlighters})"
@@ -95,6 +95,6 @@ in
            styles: design:
            "ZSH_HIGHLIGHT_STYLES[${styles}]='${design}'"
          ) cfg.styles)
-      );
+      ));
  };
 }
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -133,7 +133,8 @@ with lib;
    # piwik was renamed to matomo
    (mkRenamedOptionModule [ "services" "piwik" "enable" ] [ "services" "matomo" "enable" ])
    (mkRenamedOptionModule [ "services" "piwik" "webServerUser" ] [ "services" "matomo" "webServerUser" ])
-    (mkRenamedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] [ "services" "matomo" "phpfpmProcessManagerConfig" ])
+    (mkRemovedOptionModule [ "services" "piwik" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
+    (mkRemovedOptionModule [ "services" "matomo" "phpfpmProcessManagerConfig" ] "Use services.phpfpm.pools.<name>.settings")
    (mkRenamedOptionModule [ "services" "piwik" "nginx" ] [ "services" "matomo" "nginx" ])

    # tarsnap
--- a/nixos/modules/security/acme.nix
+++ b/nixos/modules/security/acme.nix
@@ -69,9 +69,9 @@ let
      plugins = mkOption {
        type = types.listOf (types.enum [
          "cert.der" "cert.pem" "chain.pem" "external.sh"
-          "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json"
+          "fullchain.pem" "full.pem" "key.der" "key.pem" "account_key.json" "account_reg.json"
        ]);
-        default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" ];
+        default = [ "fullchain.pem" "full.pem" "key.pem" "account_key.json" "account_reg.json" ];
        description = ''
          Plugins to enable. With default settings simp_le will
          store public certificate bundle in <filename>fullchain.pem</filename>,
@@ -198,11 +198,16 @@ in
                          ++ optionals (data.email != null) [ "--email" data.email ]
                          ++ concatMap (p: [ "-f" p ]) data.plugins
                          ++ concatLists (mapAttrsToList (name: root: [ "-d" (if root == null then name else "${name}:${root}")]) data.extraDomains)
-                          ++ optionals (!cfg.production) ["--server" "https://acme-staging.api.letsencrypt.org/directory"];
+                          ++ optionals (!cfg.production) ["--server" "https://acme-staging-v02.api.letsencrypt.org/directory"];
                acmeService = {
                  description = "Renew ACME Certificate for ${cert}";
                  after = [ "network.target" "network-online.target" ];
                  wants = [ "network-online.target" ];
+                  # simp_le uses requests, which uses certifi under the hood,
+                  # which doesn't respect the system trust store.
+                  # At least in the acme test, we provision a fake CA, impersonating the LE endpoint.
+                  # REQUESTS_CA_BUNDLE is a way to teach python requests to use something else
+                  environment.REQUESTS_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt";
                  serviceConfig = {
                    Type = "oneshot";
                    SuccessExitStatus = [ "0" "1" ];
--- a/nixos/modules/services/admin/oxidized.nix
+++ b/nixos/modules/services/admin/oxidized.nix
@@ -110,6 +110,7 @@ in
        Restart  = "always";
        WorkingDirectory = cfg.dataDir;
        KillSignal = "SIGKILL";
+        PIDFile = "${cfg.dataDir}/.config/oxidized/pid";
      };
    };
  };
--- a/nixos/modules/services/backup/bacula.nix
+++ b/nixos/modules/services/backup/bacula.nix
@@ -44,7 +44,17 @@ let
        Pid Directory = "/run";
        ${sd_cfg.extraStorageConfig}
      }
- 
+
+      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
+      Autochanger {
+        Name = "${name}";
+        Device = ${concatStringsSep ", " (map (a: "\"${a}\"") value.devices)};
+        Changer Device =  "${value.changerDevice}";
+        Changer Command = "${value.changerCommand}";
+        ${value.extraAutochangerConfig}
+      }
+      '') sd_cfg.autochanger)}
+
      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
      Device {
        Name = "${name}";
@@ -103,7 +113,19 @@ let
      password = mkOption {
        # TODO: required?
        description = ''
-           Specifies the password that must be supplied for a Director to b
+          Specifies the password that must be supplied for the default Bacula
+          Console to be authorized. The same password must appear in the
+          Director resource of the Console configuration file. For added
+          security, the password is never passed across the network but instead
+          a challenge response hash code created with the password. This
+          directive is required. If you have either /dev/random or bc on your
+          machine, Bacula will generate a random password during the
+          configuration process, otherwise it will be left blank and you must
+          manually supply it.
+
+          The password is plain text. It is not generated through any special
+          process but as noted above, it is better to use random text for
+          security reasons. 
        '';
      };
      
@@ -111,26 +133,133 @@ let
        default = "no";
        example = "yes";
        description = ''
-           If Monitor is set to no (default), this director will have full 
+          If Monitor is set to <literal>no</literal>, this director will have
+          full access to this Storage daemon. If Monitor is set to
+          <literal>yes</literal>, this director will only be able to fetch the
+          current status of this Storage daemon.
+
+          Please note that if this director is being used by a Monitor, we
+          highly recommend to set this directive to yes to avoid serious
+          security problems. 
        '';
      };
    };
  };

+  autochangerOptions = {...}:
+  {
+    options = {
+      changerDevice = mkOption {
+        description = ''
+          The specified name-string must be the generic SCSI device name of the
+          autochanger that corresponds to the normal read/write Archive Device
+          specified in the Device resource. This generic SCSI device name
+          should be specified if you have an autochanger or if you have a
+          standard tape drive and want to use the Alert Command (see below).
+          For example, on Linux systems, for an Archive Device name of
+          <literal>/dev/nst0</literal>, you would specify
+          <literal>/dev/sg0</literal> for the Changer Device name.  Depending
+          on your exact configuration, and the number of autochangers or the
+          type of autochanger, what you specify here can vary. This directive
+          is optional. See the Using AutochangersAutochangersChapter chapter of
+          this manual for more details of using this and the following
+          autochanger directives.         
+          '';
+      };
+
+      changerCommand = mkOption {
+        description = ''
+          The name-string specifies an external program to be called that will
+          automatically change volumes as required by Bacula. Normally, this
+          directive will be specified only in the AutoChanger resource, which
+          is then used for all devices. However, you may also specify the
+          different Changer Command in each Device resource. Most frequently,
+          you will specify the Bacula supplied mtx-changer script as follows:
+
+          <literal>"/path/mtx-changer %c %o %S %a %d"</literal>
+
+          and you will install the mtx on your system (found in the depkgs
+          release). An example of this command is in the default bacula-sd.conf
+          file. For more details on the substitution characters that may be
+          specified to configure your autochanger please see the
+          AutochangersAutochangersChapter chapter of this manual. For FreeBSD
+          users, you might want to see one of the several chio scripts in
+          examples/autochangers.
+          '';
+        default = "/etc/bacula/mtx-changer %c %o %S %a %d";
+      };
+
+      devices = mkOption {
+        description = ''
+        '';
+      };
+
+      extraAutochangerConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Autochanger directive.
+        '';
+        example = ''
+   
+        '';
+      };
+    };
+  };
+
+
  deviceOptions = {...}:
  {
    options = {
      archiveDevice = mkOption {
        # TODO: required?
        description = ''
-          The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
+          The specified name-string gives the system file name of the storage
+          device managed by this storage daemon. This will usually be the
+          device file name of a removable storage device (tape drive), for
+          example <literal>/dev/nst0</literal> or
+          <literal>/dev/rmt/0mbn</literal>. For a DVD-writer, it will be for
+          example <literal>/dev/hdc</literal>. It may also be a directory name
+          if you are archiving to disk storage. In this case, you must supply
+          the full absolute path to the directory. When specifying a tape
+          device, it is preferable that the "non-rewind" variant of the device
+          file name be given. 
        '';
      };

      mediaType = mkOption {
        # TODO: required?
        description = ''
-          The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
+          The specified name-string names the type of media supported by this
+          device, for example, <literal>DLT7000</literal>. Media type names are
+          arbitrary in that you set them to anything you want, but they must be
+          known to the volume database to keep track of which storage daemons
+          can read which volumes. In general, each different storage type
+          should have a unique Media Type associated with it. The same
+          name-string must appear in the appropriate Storage resource
+          definition in the Director's configuration file.
+
+          Even though the names you assign are arbitrary (i.e. you choose the
+          name you want), you should take care in specifying them because the
+          Media Type is used to determine which storage device Bacula will
+          select during restore. Thus you should probably use the same Media
+          Type specification for all drives where the Media can be freely
+          interchanged. This is not generally an issue if you have a single
+          Storage daemon, but it is with multiple Storage daemons, especially
+          if they have incompatible media.
+
+          For example, if you specify a Media Type of <literal>DDS-4</literal>
+          then during the restore, Bacula will be able to choose any Storage
+          Daemon that handles <literal>DDS-4</literal>. If you have an
+          autochanger, you might want to name the Media Type in a way that is
+          unique to the autochanger, unless you wish to possibly use the
+          Volumes in other drives. You should also ensure to have unique Media
+          Type names if the Media is not compatible between drives. This
+          specification is required for all devices.
+
+          In addition, if you are using disk storage, each Device resource will
+          generally have a different mount point or directory. In order for
+          Bacula to select the correct Device resource, each one must have a
+          unique Media Type.
        '';
      };

@@ -166,8 +295,8 @@ in {
        default = "${config.networking.hostName}-fd";
        description = ''
          The client name that must be used by the Director when connecting.
-          Generally, it is a good idea to use a name related to the machine
-          so that error messages can be easily identified if you have multiple
+          Generally, it is a good idea to use a name related to the machine so
+          that error messages can be easily identified if you have multiple
          Clients. This directive is required.
        '';
      };
@@ -232,7 +361,8 @@ in {
        default = 9103;
        type = types.int;
        description = ''
-          Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.
+          Specifies port number on which the Storage daemon listens for
+          Director connections.
        '';
      };

@@ -251,7 +381,15 @@ in {
        '';
        type = with types; attrsOf (submodule deviceOptions);
      };
- 
+
+      autochanger = mkOption {
+        default = {};
+        description = ''
+          This option defines Autochanger resources in Bacula Storage Daemon.
+        '';
+        type = with types; attrsOf (submodule autochangerOptions);
+      };
+
      extraStorageConfig = mkOption {
        default = "";
        description = ''
@@ -287,7 +425,8 @@ in {
      name = mkOption {
        default = "${config.networking.hostName}-dir";
        description = ''
-          The director name used by the system administrator. This directive is required.
+          The director name used by the system administrator. This directive is
+          required.
        '';
      };
 
@@ -295,7 +434,12 @@ in {
        default = 9101;
        type = types.int;
        description = ''
-          Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
+          Specify the port (a positive integer) on which the Director daemon
+          will listen for Bacula Console connections. This same port number
+          must be specified in the Director resource of the Console
+          configuration file. The default is 9101, so normally this directive
+          need not be specified. This directive should not be used if you
+          specify DirAddresses (N.B plural) directive.
        '';
      };
 
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@@ -8,15 +8,11 @@ let

  mysql = cfg.package;

-  isMariaDB =
-    let
-      pName = _p: (builtins.parseDrvName (_p.name)).name;
-    in pName mysql == pName pkgs.mariadb;
+  isMariaDB = lib.getName mysql == lib.getName pkgs.mariadb;
+
  isMysqlAtLeast57 =
-    let
-      pName = _p: (builtins.parseDrvName (_p.name)).name;
-    in (pName mysql == pName pkgs.mysql57)
-       && ((builtins.compareVersions mysql.version "5.7") >= 0);
+    (lib.getName mysql == lib.getName pkgs.mysql57)
+     && (builtins.compareVersions mysql.version "5.7" >= 0);

  mysqldOptions =
    "--user=${cfg.user} --datadir=${cfg.dataDir} --basedir=${mysql}";
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -185,10 +185,10 @@ in
  ###### implementation

  config = mkIf config.services.redis.enable {
-
-    boot.kernel.sysctl = mkIf cfg.vmOverCommit {
-      "vm.overcommit_memory" = "1";
-    };
+    boot.kernel.sysctl = (mkMerge [
+      { "vm.nr_hugepages" = "0"; }
+      ( mkIf cfg.vmOverCommit { "vm.overcommit_memory" = "1"; } )
+    ]);

    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [ cfg.port ];
@@ -198,14 +198,6 @@ in

    environment.systemPackages = [ cfg.package ];

-    systemd.services.disable-transparent-huge-pages = {
-      description = "Disable Transparent Huge Pages (required by Redis)";
-      before = [ "redis.service" ];
-      wantedBy = [ "redis.service" ];
-      script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled";
-      serviceConfig.Type = "oneshot";
-    };
-
    systemd.services.redis =
      { description = "Redis Server";

--- a/nixos/modules/services/development/lorri.nix
+++ b/nixos/modules/services/development/lorri.nix
@@ -0,0 +1,47 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.lorri;
+  socketPath = "lorri/daemon.socket";
+in {
+  options = {
+    services.lorri = {
+      enable = lib.mkOption {
+        default = false;
+        type = lib.types.bool;
+        description = ''
+          Enables the daemon for `lorri`, a nix-shell replacement for project
+          development. The socket-activated daemon starts on the first request
+          issued by the `lorri` command.
+        '';
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.user.sockets.lorri = {
+      description = "Socket for Lorri Daemon";
+      wantedBy = [ "sockets.target" ];
+      socketConfig = {
+        ListenStream = "%t/${socketPath}";
+        RuntimeDirectory = "lorri";
+      };
+    };
+
+    systemd.user.services.lorri = {
+      description = "Lorri Daemon";
+      requires = [ "lorri.socket" ];
+      after = [ "lorri.socket" ];
+      path = with pkgs; [ config.nix.package gnutar gzip ];
+      serviceConfig = {
+        ExecStart = "${pkgs.lorri}/bin/lorri daemon";
+        PrivateTmp = true;
+        ProtectSystem = "strict";
+        ProtectHome = "read-only";
+        Restart = "on-failure";
+      };
+    };
+
+    environment.systemPackages = [ pkgs.lorri ];
+  };
+}
--- a/nixos/modules/services/misc/apache-kafka.nix
+++ b/nixos/modules/services/misc/apache-kafka.nix
@@ -131,7 +131,7 @@ in {
      home = head cfg.logDirs;
    };

-    systemd.tmpfiles.rules = map (logDir: "d '${logDir} 0700 apache-kafka - - -") cfg.logDirs;
+    systemd.tmpfiles.rules = map (logDir: "d '${logDir}' 0700 apache-kafka - - -") cfg.logDirs;

    systemd.services.apache-kafka = {
      description = "Apache Kafka Daemon";
--- a/nixos/modules/services/misc/gitea.nix
+++ b/nixos/modules/services/misc/gitea.nix
@@ -364,7 +364,7 @@ in
          ''}
          sed -e "s,#secretkey#,$KEY,g" \
              -e "s,#dbpass#,$DBPASS,g" \
-              -e "s,#jwtsecet#,$JWTSECET,g" \
+              -e "s,#jwtsecret#,$JWTSECRET,g" \
              -e "s,#mailerpass#,$MAILERPASSWORD,g" \
              -i ${runConfig}
          chmod 640 ${runConfig} ${secretKey} ${jwtSecret}
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@@ -182,7 +182,7 @@ let
        ${optionalString (cfg.smtp.passwordFile != null) ''password: "@smtpPassword@",''}
        domain: "${cfg.smtp.domain}",
        ${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"}
-        enable_starttls_auto: ${toString cfg.smtp.enableStartTLSAuto},
+        enable_starttls_auto: ${boolToString cfg.smtp.enableStartTLSAuto},
        ca_file: "/etc/ssl/certs/ca-certificates.crt",
        openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}'
      }
@@ -610,6 +610,8 @@ in {
    # objects owners and extensions; for now we tack on what's needed
    # here.
    systemd.services.postgresql.postStart = mkAfter (optionalString databaseActuallyCreateLocally ''
+      set -eu
+
      $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${cfg.databaseName}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${cfg.databaseName}" OWNER "${cfg.databaseUsername}"'
      current_owner=$($PSQL -tAc "SELECT pg_catalog.pg_get_userbyid(datdba) FROM pg_catalog.pg_database WHERE datname = '${cfg.databaseName}'")
      if [[ "$current_owner" != "${cfg.databaseUsername}" ]]; then
@@ -651,7 +653,7 @@ in {
      "d ${cfg.statePath} 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.statePath}/builds 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.statePath}/config 0750 ${cfg.user} ${cfg.group} -"
-      "D ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"
+      "d ${cfg.statePath}/config/initializers 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.statePath}/db 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.statePath}/log 0750 ${cfg.user} ${cfg.group} -"
      "d ${cfg.statePath}/repositories 2770 ${cfg.user} ${cfg.group} -"
@@ -668,7 +670,6 @@ in {
      "d ${gitlabConfig.production.shared.path}/artifacts 0750 ${cfg.user} ${cfg.group} -"
      "d ${gitlabConfig.production.shared.path}/lfs-objects 0750 ${cfg.user} ${cfg.group} -"
      "d ${gitlabConfig.production.shared.path}/pages 0750 ${cfg.user} ${cfg.group} -"
-      "L+ ${cfg.statePath}/lib - - - - ${cfg.packages.gitlab}/share/gitlab/lib"
      "L+ /run/gitlab/config - - - - ${cfg.statePath}/config"
      "L+ /run/gitlab/log - - - - ${cfg.statePath}/log"
      "L+ /run/gitlab/tmp - - - - ${cfg.statePath}/tmp"
@@ -742,7 +743,6 @@ in {
        gitlab-workhorse
      ];
      serviceConfig = {
-        PermissionsStartOnly = true; # preStart must be run as root
        Type = "simple";
        User = cfg.user;
        Group = cfg.group;
@@ -784,13 +784,18 @@ in {
        ExecStartPre = let
          preStartFullPrivileges = ''
            shopt -s dotglob nullglob
+            set -eu
+
            chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/*
            chown --no-dereference '${cfg.user}':'${cfg.group}' '${cfg.statePath}'/config/*
          '';
          preStart = ''
+            set -eu
+
            cp -f ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
            rm -rf ${cfg.statePath}/db/*
            rm -rf ${cfg.statePath}/config/initializers/*
+            rm -f ${cfg.statePath}/lib
            cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
            cp -rf --no-preserve=mode ${cfg.packages.gitlab}/share/gitlab/db/* ${cfg.statePath}/db

@@ -853,7 +858,7 @@ in {

            initial_root_password="$(<'${cfg.initialRootPasswordFile}')"
            ${gitlab-rake}/bin/gitlab-rake gitlab:db:configure GITLAB_ROOT_PASSWORD="$initial_root_password" \
-                                                               GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}'
+                                                               GITLAB_ROOT_EMAIL='${cfg.initialRootEmail}' > /dev/null

            # We remove potentially broken links to old gitlab-shell versions
            rm -Rf ${cfg.statePath}/repositories/**/*.git/hooks
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@@ -79,7 +79,11 @@ turn_user_lifetime: "${cfg.turn_user_lifetime}"
 user_creation_max_duration: ${cfg.user_creation_max_duration}
 bcrypt_rounds: ${cfg.bcrypt_rounds}
 allow_guest_access: ${boolToString cfg.allow_guest_access}
-trusted_third_party_id_servers: ${builtins.toJSON cfg.trusted_third_party_id_servers}
+
+account_threepid_delegates:
+  ${optionalString (cfg.account_threepid_delegates.email != null) "email: ${cfg.account_threepid_delegates.email}"}
+  ${optionalString (cfg.account_threepid_delegates.msisdn != null) "msisdn: ${cfg.account_threepid_delegates.msisdn}"}
+
 room_invite_state_types: ${builtins.toJSON cfg.room_invite_state_types}
 ${optionalString (cfg.macaroon_secret_key != null) ''
  macaroon_secret_key: "${cfg.macaroon_secret_key}"
@@ -102,6 +106,7 @@ perspectives:
    '') cfg.servers)}
    }
  }
+redaction_retention_period: ${toString cfg.redaction_retention_period}
 app_service_config_files: ${builtins.toJSON cfg.app_service_config_files}

 ${cfg.extraConfig}
@@ -402,6 +407,9 @@ in {
          "192.168.0.0/16"
          "100.64.0.0/10"
          "169.254.0.0/16"
+          "::1/128"
+          "fe80::/64"
+          "fc00::/7"
        ];
        description = ''
          List of IP address CIDR ranges that the URL preview spider is denied
@@ -552,14 +560,18 @@ in {
          accessible to anonymous users.
        '';
      };
-      trusted_third_party_id_servers = mkOption {
-        type = types.listOf types.str;
-        default = [
-          "matrix.org"
-          "vector.im"
-        ];
+      account_threepid_delegates.email = mkOption {
+        type = types.nullOr types.str;
+        default = null;
        description = ''
-          The list of identity servers trusted to verify third party identifiers by this server.
+          Delegate email sending to https://example.org
+        '';
+      };
+      account_threepid_delegates.msisdn = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          Delegate SMS sending to this local process (https://localhost:8090)
        '';
      };
      room_invite_state_types = mkOption {
@@ -600,6 +612,13 @@ in {
          A list of application service config file to use
        '';
      };
+      redaction_retention_period = mkOption {
+        type = types.int;
+        default = 7;
+        description = ''
+          How long to keep redacted events in unredacted form in the database.
+        '';
+      };
      extraConfig = mkOption {
        type = types.lines;
        default = "";
@@ -699,4 +718,12 @@ in {
      };
    };
  };
+
+  imports = [
+    (mkRemovedOptionModule [ "services" "matrix-synapse" "trusted_third_party_id_servers" ] ''
+      The `trusted_third_party_id_servers` option as been removed in `matrix-synapse` v1.4.0
+      as the behavior is now obsolete.
+    '')
+  ];
+
 }
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -75,7 +75,7 @@ let
            '' else ''
              echo "Checking that Nix can read nix.conf..."
              ln -s $out ./nix.conf
-              NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net"} >/dev/null
+              NIX_CONF_DIR=$PWD ${cfg.package}/bin/nix show-config ${optionalString isNix23 "--no-net --option experimental-features nix-command"} >/dev/null
            '')
      );

@@ -479,21 +479,15 @@ in

    services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;

-    # FIXME: use systemd-tmpfiles to create Nix directories.
    system.activationScripts.nix = stringAfter [ "etc" "users" ]
      ''
-        # Nix initialisation.
-        install -m 0755 -d \
-          /nix/var/nix/gcroots \
-          /nix/var/nix/temproots \
-          /nix/var/nix/userpool \
-          /nix/var/nix/profiles \
-          /nix/var/nix/db \
-          /nix/var/log/nix/drvs
-        install -m 1777 -d \
-          /nix/var/nix/gcroots/per-user \
-          /nix/var/nix/profiles/per-user \
-          /nix/var/nix/gcroots/tmp
+        # Create directories in /nix.
+        ${nix}/bin/nix ping-store --no-net
+
+        # Subscribe the root user to the NixOS channel by default.
+        if [ ! -e "/root/.nix-channels" ]; then
+            echo "${config.system.defaultChannel} nixos" > "/root/.nix-channels"
+        fi
      '';

    nix.systemFeatures = mkDefault (
--- a/nixos/modules/services/monitoring/grafana.nix
+++ b/nixos/modules/services/monitoring/grafana.nix
@@ -43,7 +43,7 @@ let

    ANALYTICS_REPORTING_ENABLED = boolToString cfg.analytics.reporting.enable;

-    SMTP_ENABLE = boolToString cfg.smtp.enable;
+    SMTP_ENABLED = boolToString cfg.smtp.enable;
    SMTP_HOST = cfg.smtp.host;
    SMTP_USER = cfg.smtp.user;
    SMTP_PASSWORD = cfg.smtp.password;
--- a/nixos/modules/services/monitoring/prometheus/exporters.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters.nix
@@ -196,6 +196,9 @@ in
    services.prometheus.exporters.minio.minioAccessSecret = mkDefault config.services.minio.secretKey;
  })] ++ [(mkIf config.services.rspamd.enable {
    services.prometheus.exporters.rspamd.url = mkDefault "http://localhost:11334/stat";
+  })] ++ [(mkIf config.services.nginx.enable {
+    systemd.services.prometheus-nginx-exporter.after = [ "nginx.service" ];
+    systemd.services.prometheus-nginx-exporter.requires = [ "nginx.service" ];
  })] ++ (mapAttrsToList (name: conf:
    mkExporterConf {
      inherit name;
--- a/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/blackbox.nix
@@ -3,16 +3,34 @@
 with lib;

 let
+  logPrefix = "services.prometheus.exporter.blackbox";
  cfg = config.services.prometheus.exporters.blackbox;

-  checkConfig = file: pkgs.runCommand "checked-blackbox-exporter.conf" {
-    preferLocalBuild = true;
-    buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ]; } ''
-    ln -s ${file} $out
-    blackbox_exporter --config.check --config.file $out
-  '';
-in
-{
+  # This ensures that we can deal with string paths, path types and
+  # store-path strings with context.
+  coerceConfigFile = file:
+    if (builtins.isPath file) || (lib.isStorePath file) then
+      file
+    else
+      (lib.warn ''
+        ${logPrefix}: configuration file "${file}" is being copied to the nix-store.
+        If you would like to avoid that, please set enableConfigCheck to false.
+      '' /. + file);
+  checkConfigLocation = file:
+    if lib.hasPrefix "/tmp/" file then
+      throw
+      "${logPrefix}: configuration file must not reside within /tmp - it won't be visible to the systemd service."
+    else
+      true;
+  checkConfig = file:
+    pkgs.runCommand "checked-blackbox-exporter.conf" {
+      preferLocalBuild = true;
+      buildInputs = [ pkgs.buildPackages.prometheus-blackbox-exporter ];
+    } ''
+      ln -s ${coerceConfigFile file} $out
+      blackbox_exporter --config.check --config.file $out
+    '';
+in {
  port = 9115;
  extraOpts = {
    configFile = mkOption {
@@ -21,14 +39,29 @@ in
        Path to configuration file.
      '';
    };
+    enableConfigCheck = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to run a correctness check for the configuration file. This depends
+        on the configuration file residing in the nix-store. Paths passed as string will
+        be copied to the store.
+      '';
+    };
  };
-  serviceOpts = {
+
+  serviceOpts = let
+    adjustedConfigFile = if cfg.enableConfigCheck then
+      checkConfig cfg.configFile
+    else
+      checkConfigLocation cfg.configFile;
+  in {
    serviceConfig = {
      AmbientCapabilities = [ "CAP_NET_RAW" ]; # for ping probes
      ExecStart = ''
        ${pkgs.prometheus-blackbox-exporter}/bin/blackbox_exporter \
          --web.listen-address ${cfg.listenAddress}:${toString cfg.port} \
-          --config.file ${checkConfig cfg.configFile} \
+          --config.file ${adjustedConfigFile} \
          ${concatStringsSep " \\\n  " cfg.extraFlags}
      '';
      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
--- a/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
+++ b/nixos/modules/services/monitoring/prometheus/exporters/wireguard.nix
@@ -6,6 +6,10 @@ let
  cfg = config.services.prometheus.exporters.wireguard;
 in {
  port = 9586;
+  imports = [
+    (mkRenamedOptionModule [ "addr" ] [ "listenAddress" ])
+    ({ options.warnings = options.warnings; options.assertions = options.assertions; })
+  ];
  extraOpts = {
    verbose = mkEnableOption "Verbose logging mode for prometheus-wireguard-exporter";

@@ -42,14 +46,6 @@ in {
        Whether or not the remote IP of a WireGuard peer should be exposed via prometheus.
      '';
    };
-
-    addr = mkOption {
-      type = types.str;
-      default = "0.0.0.0";
-      description = ''
-        IP address of the exporter.
-      '';
-    };
  };
  serviceOpts = {
    path = [ pkgs.wireguard-tools ];
@@ -59,7 +55,7 @@ in {
      ExecStart = ''
        ${pkgs.prometheus-wireguard-exporter}/bin/prometheus_wireguard_exporter \
          -p ${toString cfg.port} \
-          -l ${cfg.addr} \
+          -l ${cfg.listenAddress} \
          ${optionalString cfg.verbose "-v"} \
          ${optionalString cfg.singleSubnetPerField "-s"} \
          ${optionalString cfg.withRemoteIp "-r"} \
--- a/Show More
+++ b/Show More