Revert "nixos/fonts: Add unifont to list of default fonts."

This reverts commit 53746ff9d2 because it increases default system closure size significantly. It's also unnecessary - people can always add fonts themselves.
typos
2026-06-13 16:53:53 +00:00 · 2015-09-30 21:46:06 +02:00 · 2015-09-30 21:27:37 +02:00 · 2015-09-30 21:27:30 +02:00 · 2015-09-30 21:26:58 +02:00 · 2015-09-30 21:06:46 +02:00
688 changed files with 528297 additions and 10993 deletions
--- a/.version
+++ b/.version
@@ -1 +1 @@
-15.08
+15.09
--- a/README.md
+++ b/README.md
@@ -33,8 +33,10 @@ For pull-requests, please rebase onto nixpkgs `master`.
 * [Manual (NixOS)](https://nixos.org/nixos/manual/)
 * [Continuous package builds for unstable/master](https://hydra.nixos.org/jobset/nixos/trunk-combined)
 * [Continuous package builds for 14.12 release](https://hydra.nixos.org/jobset/nixos/release-14.12)
 * [Continuous package builds for 15.09 release](https://hydra.nixos.org/jobset/nixos/release-15.09)
 * [Tests for unstable/master](https://hydra.nixos.org/job/nixos/trunk-combined/tested#tabs-constituents)
 * [Tests for 14.12 release](https://hydra.nixos.org/job/nixos/release-14.12/tested#tabs-constituents)
 * [Tests for 15.09 release](https://hydra.nixos.org/job/nixos/release-15.09/tested#tabs-constituents)
 Communication:
--- a/doc/functions.xml
+++ b/doc/functions.xml
@@ -248,7 +248,7 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
  targetPkgs = pkgs: (with pkgs;
    [ udev
      alsaLib
-    ]) ++ (with pkgs.xlibs;
+    ]) ++ (with pkgs.xorg;
    [ libX11
      libXcursor
      libXrandr
--- a/doc/haskell-users-guide.xml
+++ b/doc/haskell-users-guide.xml
@@ -11,14 +11,13 @@
    registered on
    <link xlink:href="http://hackage.haskell.org/">Hackage</link>, but
    strangely enough normal Nix package lookups don't seem to discover
-    any of them:
+    any of them, except for the default version of ghc, cabal-install, and stack:
  </para>
  <programlisting>
-$ nix-env -qa cabal-install
+$ nix-env -i alex
-error: selector ‘cabal-install’ matches no derivations
+error: selector ‘alex’ matches no derivations
-
+$ nix-env -qa ghc
-$ nix-env -i ghc
+ghc-7.10.2
 error: selector ‘ghc’ matches no derivations
 </programlisting>
  <para>
    The Haskell package set is not registered in the top-level namespace
@@ -95,7 +94,7 @@ $ nix-env -qaP coreutils
 nixos.coreutils  coreutils-8.23
 </programlisting>
  <para>
-    If your system responds like that (most NixOS installatios will),
+    If your system responds like that (most NixOS installations will),
    then the attribute path to <literal>haskellPackages</literal> is
    <literal>nixos.haskellPackages</literal>. Thus, if you want to
    use <literal>nix-env</literal> without giving an explicit
@@ -119,7 +118,7 @@ $ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.packages.ghc763
 </programlisting>
  <para>
    The name <literal>haskellPackages</literal> is really just a synonym
-    for <literal>haskell.packages.ghc7101</literal>, because we prefer
+    for <literal>haskell.packages.ghc7102</literal>, because we prefer
    that package set internally and recommend it to our users as their
    default choice, but ultimately you are free to compile your Haskell
    packages with any GHC version you please. The following command
@@ -134,7 +133,7 @@ haskell.compiler.ghc722         ghc-7.2.2
 haskell.compiler.ghc742         ghc-7.4.2
 haskell.compiler.ghc763         ghc-7.6.3
 haskell.compiler.ghc784         ghc-7.8.4
-haskell.compiler.ghc7101        ghc-7.10.1
+haskell.compiler.ghc7102        ghc-7.10.2
 haskell.compiler.ghcHEAD        ghc-7.11.20150402
 haskell.compiler.ghcNokinds     ghc-nokinds-7.11.20150704
 haskell.compiler.ghcjs          ghcjs-0.1.0
@@ -167,7 +166,7 @@ $ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.ghc haskellPackages
    <para>
      Instead of the default package set
      <literal>haskellPackages</literal>, you can also use the more
-      precise name <literal>haskell.compiler.ghc7101</literal>, which
+      precise name <literal>haskell.compiler.ghc7102</literal>, which
      has the advantage that it refers to the same GHC version
      regardless of what Nixpkgs considers &quot;default&quot; at any
      given time.
@@ -254,7 +253,7 @@ $ nix-shell -p haskell.compiler.ghc784 --command &quot;cabal configure&quot;
 $ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
 [nix-shell:~]$ ghc-pkg list mtl
-/nix/store/zy79...-ghc-7.10.1/lib/ghc-7.10.1/package.conf.d:
+/nix/store/zy79...-ghc-7.10.2/lib/ghc-7.10.2/package.conf.d:
    mtl-2.2.1
 </programlisting>
    <para>
@@ -266,7 +265,7 @@ $ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
 {
  packageOverrides = super: let self = super.pkgs; in
  {
-    myHaskellEnv = self.haskell.packages.ghc7101.ghcWithPackages
+    myHaskellEnv = self.haskell.packages.ghc7102.ghcWithPackages
                     (haskellPackages: with haskellPackages; [
                       # libraries
                       arrows async cgi criterion
@@ -281,7 +280,7 @@ $ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
      <literal>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA myHaskellEnv</literal>.
      If you'd like to switch that development environment to a
      different version of GHC, just replace the
-      <literal>ghc7101</literal> bit in the previous definition with the
+      <literal>ghc7102</literal> bit in the previous definition with the
      appropriate name. Of course, it's also possible to define any
      number of these development environments! (You can't install two
      of them into the same profile at the same time, though, because
@@ -296,11 +295,11 @@ $ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
    <programlisting>
 $ cat $(type -p ghc)
 #! /nix/store/xlxj...-bash-4.3-p33/bin/bash -e
-export NIX_GHC=/nix/store/19sm...-ghc-7.10.1/bin/ghc
+export NIX_GHC=/nix/store/19sm...-ghc-7.10.2/bin/ghc
-export NIX_GHCPKG=/nix/store/19sm...-ghc-7.10.1/bin/ghc-pkg
+export NIX_GHCPKG=/nix/store/19sm...-ghc-7.10.2/bin/ghc-pkg
-export NIX_GHC_DOCDIR=/nix/store/19sm...-ghc-7.10.1/share/doc/ghc/html
+export NIX_GHC_DOCDIR=/nix/store/19sm...-ghc-7.10.2/share/doc/ghc/html
-export NIX_GHC_LIBDIR=/nix/store/19sm...-ghc-7.10.1/lib/ghc-7.10.1
+export NIX_GHC_LIBDIR=/nix/store/19sm...-ghc-7.10.2/lib/ghc-7.10.2
-exec /nix/store/j50p...-ghc-7.10.1/bin/ghc &quot;-B$NIX_GHC_LIBDIR&quot; &quot;$@&quot;
+exec /nix/store/j50p...-ghc-7.10.2/bin/ghc &quot;-B$NIX_GHC_LIBDIR&quot; &quot;$@&quot;
 </programlisting>
    <para>
      The variables <literal>$NIX_GHC</literal>,
@@ -354,6 +353,90 @@ if [ -e ~/.nix-profile/bin/ghc ]; then
 fi
 </programlisting>
  </section>
  <section xml:id="how-to-install-a-compiler-with-indexes">
    <title>How to install a compiler with libraries, hoogle and documentation indexes</title>
    <para>
      If you plan to use your environment for interactive programming,
      not just compiling random Haskell code, you might want to
      replace <literal>ghcWithPackages</literal> in all the listings
      above with <literal>ghcWithHoogle</literal>.
    </para>
    <para>
      This environment generator not only produces an environment with
      GHC and all the specified libraries, but also generates a
      <literal>hoogle</literal> and <literal>haddock</literal> indexes
      for all the packages, and provides a wrapper script around
      <literal>hoogle</literal> binary that uses all those things. A
      precise name for this thing would be
      "<literal>ghcWithPackagesAndHoogleAndDocumentationIndexes</literal>",
      which is, regrettably, too long and scary.
    </para>
    <para>
      For example, installing the following environment
    </para>
    <programlisting>
 {
  packageOverrides = super: let self = super.pkgs; in
  {
    myHaskellEnv = self.haskellPackages.ghcWithHoogle
                     (haskellPackages: with haskellPackages; [
                       # libraries
                       arrows async cgi criterion
                       # tools
                       cabal-install haskintex
                     ]);
  };
 }
 </programlisting>
    <para>
      allows one to browse module documentation index <link
      xlink:href="https://downloads.haskell.org/~ghc/latest/docs/html/libraries/index.html">not
      too dissimilar to this</link> for all the specified packages and
      their dependencies by directing a browser of choice to
      <literal>~/.nix-profiles/share/doc/hoogle/index.html</literal>
      (or
      <literal>/run/current-system/sw/share/doc/hoogle/index.html</literal>
      in case you put it in
      <literal>environment.systemPackages</literal> in NixOS).
    </para>
    <para>
      After you've marveled enough at that try adding the following to
      your <literal>~/.ghc/ghci.conf</literal>
    </para>
    <programlisting>
 :def hoogle \s -> return $ ":! hoogle search -cl --count=15 \"" ++ s ++ "\""
 :def doc \s -> return $ ":! hoogle search -cl --info \"" ++ s ++ "\""
 </programlisting>
    <para>
      and test it by typing into <literal>ghci</literal>:
    </para>
    <programlisting>
 :hoogle a -> a
 :doc a -> a
 </programlisting>
    <para>
      Be sure to note the links to <literal>haddock</literal> files in
      the output. With any modern and properly configured terminal
      emulator you can just click those links to navigate there.
    </para>
    <para>
      Finally, you can run
    </para>
    <programlisting>
 hoogle server -p 8080
 </programlisting>
    <para>
      and navigate to <link xlink:href="http://localhost:8080/"/> for
      your own local <link
      xlink:href="https://www.haskell.org/hoogle/">Hoogle</link>.
      Note, however, that Firefox and possibly other browsers disallow
      navigation from <literal>http:</literal> to
      <literal>file:</literal> URIs for security reasons, which might
      be quite an inconvenience. See <link
      xlink:href="http://kb.mozillazine.org/Links_to_local_pages_do_not_work">this
      page</link> for workarounds.
    </para>
  </section>
  <section xml:id="how-to-create-ad-hoc-environments-for-nix-shell">
    <title>How to create ad hoc environments for
    <literal>nix-shell</literal></title>
@@ -371,7 +454,7 @@ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: with pkgs; [mtl pandoc
      <literal>shell.nix</literal> that looks like this:
    </para>
    <programlisting>
-{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
 let
  inherit (nixpkgs) pkgs;
  ghc = pkgs.haskell.packages.${compiler}.ghcWithPackages (ps: with ps; [
@@ -451,7 +534,7 @@ $ cabal2nix . &gt;foo.nix
      <literal>default.nix</literal>:
    </para>
    <programlisting>
-{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
 nixpkgs.pkgs.haskell.packages.${compiler}.callPackage ./foo.nix { }
 </programlisting>
    <para>
@@ -459,7 +542,7 @@ nixpkgs.pkgs.haskell.packages.${compiler}.callPackage ./foo.nix { }
      <literal>shell.nix</literal>:
    </para>
    <programlisting>
-{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7101&quot; }:
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
 (import ./default.nix { inherit nixpkgs compiler; }).env
 </programlisting>
    <para>
@@ -600,6 +683,12 @@ $ nix-shell &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.bar.env
  };
 }
 </programlisting>
    <para>
        Then, replace instances of <literal>haskellPackages</literal> in the
        <literal>cabal2nix</literal>-generated <literal>default.nix</literal>
        or <literal>shell.nix</literal> files with
        <literal>profiledHaskellPackages</literal>.
    </para>
  </section>
  <section xml:id="how-to-override-package-versions-in-a-compiler-specific-package-set">
    <title>How to override package versions in a compiler-specific
@@ -755,4 +844,69 @@ export NIX_CFLAGS_LINK=&quot;-L/usr/lib&quot;
  </section>
 </section>
 <section xml:id="other-resources">
  <title>Other resources</title>
  <itemizedlist>
    <listitem>
      <para>
        The Youtube video
        <link xlink:href="https://www.youtube.com/watch?v=BsBhi_r-OeE">Nix
        Loves Haskell</link> provides an introduction into Haskell NG
        aimed at beginners. The slides are available at
        http://cryp.to/nixos-meetup-3-slides.pdf and also -- in a form
        ready for cut &amp; paste -- at
        https://github.com/NixOS/cabal2nix/blob/master/doc/nixos-meetup-3-slides.md.
      </para>
    </listitem>
    <listitem>
      <para>
        Another Youtube video is
        <link xlink:href="https://www.youtube.com/watch?v=mQd3s57n_2Y">Escaping
        Cabal Hell with Nix</link>, which discusses the subject of
        Haskell development with Nix but also provides a basic
        introduction to Nix as well, i.e. it's suitable for viewers with
        almost no prior Nix experience.
      </para>
    </listitem>
    <listitem>
      <para>
        Oliver Charles wrote a very nice
        <link xlink:href="http://wiki.ocharles.org.uk/Nix">Tutorial how to
        develop Haskell packages with Nix</link>.
      </para>
    </listitem>
    <listitem>
      <para>
        The <emphasis>Journey into the Haskell NG
        infrastructure</emphasis> series of postings describe the new
        Haskell infrastructure in great detail:
      </para>
      <itemizedlist>
        <listitem>
          <para>
            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015591.html">Part
            1</link> explains the differences between the old and the
            new code and gives instructions how to migrate to the new
            setup.
          </para>
        </listitem>
        <listitem>
          <para>
            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015608.html">Part
            2</link> looks in-depth at how to tweak and configure your
            setup by means of overrides.
          </para>
        </listitem>
        <listitem>
          <para>
            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-April/016912.html">Part
            3</link> describes the infrastructure that keeps the
            Haskell package set in Nixpkgs up-to-date.
          </para>
        </listitem>
      </itemizedlist>
    </listitem>
  </itemizedlist>
 </section>
 </chapter>
--- a/doc/meta.xml
+++ b/doc/meta.xml
@@ -61,7 +61,7 @@ $ nix-env -qa hello --meta --json
                "i686-openbsd",
                "x86_64-openbsd"
            ],
-            "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
+            "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/default.nix:14"
        },
        "name": "hello-2.9",
        "system": "x86_64-linux"
--- a/doc/quick-start.xml
+++ b/doc/quick-start.xml
@@ -56,7 +56,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
        <listitem>
          <para>GNU Hello: <link
-          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/misc/hello/ex-2/default.nix"><filename>pkgs/applications/misc/hello/ex-2/default.nix</filename></link>.
+          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/misc/hello/default.nix"><filename>pkgs/applications/misc/hello/default.nix</filename></link>.
          Trivial package, which specifies some <varname>meta</varname>
          attributes which is good practice.</para>
        </listitem>
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -899,6 +899,34 @@ following:
    phase.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>separateDebugInfo</varname></term>
    <listitem><para>If set to <literal>true</literal>, the standard
    environment will enable debug information in C/C++ builds. After
    installation, the debug information will be separated from the
    executables and stored in the output named
    <literal>debug</literal>. (This output is enabled automatically;
    you don’t need to set the <varname>outputs</varname> attribute
    explicitly.) To be precise, the debug information is stored in
    <filename><replaceable>debug</replaceable>/lib/debug/.build-id/<replaceable>XX</replaceable>/<replaceable>YYYY…</replaceable></filename>,
    where <replaceable>XXYYYY…</replaceable> is the <replaceable>build
    ID</replaceable> of the binary — a SHA-1 hash of the contents of
    the binary. Debuggers like GDB use the build ID to look up the
    separated debug information.</para>
    <para>For example, with GDB, you can add
 <programlisting>
 set debug-file-directory ~/.nix-profile/lib/debug
 </programlisting>
    to <filename>~/.gdbinit</filename>. GDB will then be able to find
    debug information installed via <literal>nix-env
    -i</literal>.</para>
    </listitem>
  </varlistentry>
 </variablelist>
 </section>
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -14,6 +14,7 @@
  aflatter = "Alexander Flatter <flatter@fastmail.fm>";
  aherrmann = "Andreas Herrmann <andreash87@gmx.ch>";
  ak = "Alexander Kjeldaas <ak@formalprivacy.com>";
  akaWolf = "Artjom Vejsel <akawolf0@gmail.com>";
  akc = "Anders Claesson <akc@akc.is>";
  algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
  all = "Nix Committers <nix-commits@lists.science.uu.nl>";
@@ -67,7 +68,7 @@
  couchemar = "Andrey Pavlov <couchemar@yandex.ru>";
  cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
  cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
-  DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
+  DamienCassou = "Damien Cassou <damien@cassou.me>";
  davidrusu = "David Rusu <davidrusu.me@gmail.com>";
  dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
  DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
@@ -123,6 +124,7 @@
  jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
  jb55 = "William Casarin <bill@casarin.me>";
  jcumming = "Jack Cummings <jack@mudshark.org>";
  jefdaj = "Jeffrey David Johnson <jefdaj@gmail.com>";
  jfb = "James Felix Black <james@yamtime.com>";
  jgeerds = "Jascha Geerds <jg@ekby.de>";
  jirkamarsik = "Jirka Marsik <jiri.marsik89@gmail.com>";
@@ -135,6 +137,7 @@
  jwilberding = "Jordan Wilberding <jwilberding@afiniate.com>";
  jzellner = "Jeff Zellner <jeffz@eml.cc>";
  kamilchm = "Kamil Chmielewski <kamil.chm@gmail.com>";
  khumba = "Bryan Gardiner <bog@khumba.net>";
  kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
  koral = "Koral <koral@mailoo.org>";
  kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
@@ -150,6 +153,7 @@
  linus = "Linus Arver <linusarver@gmail.com>";
  lnl7 = "Daiderd Jordan <daiderd@gmail.com>";
  lovek323 = "Jason O'Conal <jason@oconal.id.au>";
  lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
  lsix = "Lancelot SIX <lsix@lancelotsix.com>";
  ludo = "Ludovic Courtès <ludo@gnu.org>";
  madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
@@ -204,6 +208,7 @@
  pmahoney = "Patrick Mahoney <pat@polycrystal.org>";
  pmiddend = "Philipp Middendorf <pmidden@secure.mailbox.org>";
  prikhi = "Pavan Rikhi <pavan.rikhi@gmail.com>";
  psibi = "Sibi <sibi@psibi.in>";
  pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
  puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
  qknight = "Joachim Schiele <js@lastlog.de>";
--- a/nixos/doc/manual/configuration/x-windows.xml
+++ b/nixos/doc/manual/configuration/x-windows.xml
@@ -61,6 +61,12 @@ by default because it’s not free software.  You can enable it as follows:
 <programlisting>
 services.xserver.videoDrivers = [ "nvidia" ];
 </programlisting>
 Or if you have an older card, you may have to use one of the legacy drivers:
 <programlisting>
 services.xserver.videoDrivers = [ "nvidiaLegacy340" ];
 services.xserver.videoDrivers = [ "nvidiaLegacy304" ];
 services.xserver.videoDrivers = [ "nvidiaLegacy173" ];
 </programlisting>
 You may need to reboot after enabling this driver to prevent a clash
 with other kernel modules.</para>
--- a/nixos/doc/manual/installation/upgrading.xml
+++ b/nixos/doc/manual/installation/upgrading.xml
@@ -107,4 +107,30 @@ newer Nix version, which may involve an upgrade of Nix’s database
 schema.  This cannot be undone easily, so in that case you will not be
 able to go back to your original channel.</para></warning>
 <section><title>Automatic Upgrades</title>
 <para>You can keep a NixOS system up-to-date automatically by adding
 the following to <filename>configuration.nix</filename>:
 <programlisting>
 system.autoUpgrade.enable = true;
 </programlisting>
 This enables a periodically executed systemd service named
 <literal>nixos-upgrade.service</literal>. It runs
 <command>nixos-rebuild switch --upgrade</command> to upgrade NixOS to
 the latest version in the current channel. (To see when the service
 runs, see <command>systemctl list-timers</command>.)  You can also
 specify a channel explicitly, e.g.
 <programlisting>
 system.autoUpgrade.channel = https://nixos.org/channels/nixos-15.09;
 </programlisting>
 </para>
 </section>
 </chapter>
--- a/nixos/doc/manual/release-notes/release-notes.xml
+++ b/nixos/doc/manual/release-notes/release-notes.xml
@@ -9,7 +9,7 @@
 <para>This section lists the release notes for each stable version of NixOS
 and current unstable revision.</para>
-<xi:include href="rl-unstable.xml" />
+<xi:include href="rl-1509.xml" />
 <xi:include href="rl-1412.xml" />
 <xi:include href="rl-1404.xml" />
 <xi:include href="rl-1310.xml" />
--- a/nixos/doc/manual/release-notes/rl-1509.xml
+++ b/nixos/doc/manual/release-notes/rl-1509.xml
@@ -0,0 +1,491 @@
 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-15.09">
 <title>Release 15.09 (“Dingo”, 2015/09/30)</title>
 <para>In addition to numerous new and upgraded packages, this release
 has the following highlights:</para>
 <itemizedlist>
  <listitem>
    <para>Gnome has been upgraded to 3.16.
    </para>
  </listitem>
  <listitem>
    <para>Xfce has been upgraded to 4.12.
    </para>
  </listitem>
  <listitem>
    <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
      Plasma 5.3.2 and Applications 15.04.3.
      KDE 4 has been updated to kdelibs-4.14.10.
    </para>
  </listitem>
  <listitem>
    <para>E19 has been upgraded to 0.16.8.15.
    </para>
  </listitem>
  <listitem>
    <para>The <link xlink:href="http://haskell.org/">Haskell</link>
    packages infrastructure has been re-designed from the ground up
    (&quot;Haskell NG&quot;). NixOS now distributes the latest version
    of every single package registered on <link
    xlink:href="http://hackage.haskell.org/">Hackage</link> -- well in
    excess of 8,000 Haskell packages. Detailed instructions on how to
    use that infrastructure can be found in the <link
    xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
    Guide to the Haskell Infrastructure</link>. Users migrating from an
    earlier release may find helpful information below, in the list of
    backwards-incompatible changes. Furthermore, we distribute 51(!)
    additional Haskell package sets that provide every single <link
    xlink:href="http://www.stackage.org/">LTS Haskell</link> release
    since version 0.0 as well as the most recent <link
    xlink:href="http://www.stackage.org/">Stackage Nightly</link>
    snapshot. The announcement <link
    xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-September/018138.html">&quot;Full
    Stackage Support in Nixpkgs&quot;</link> gives additional
    details.</para>
  </listitem>
  <listitem>
    <para>Nix has been updated to version 1.10, which among other
    improvements enables cryptographic signatures on binary caches for
    improved security.</para>
  </listitem>
  <listitem>
    <para>You can now keep your NixOS system up to date automatically
    by setting
 <programlisting>
 system.autoUpgrade.enable = true;
 </programlisting>
    This will cause the system to periodically check for updates in
    your current channel and run <command>nixos-rebuild</command>.</para>
  </listitem>
  <listitem>
    <para>This release is based on Glibc 2.21, GCC 4.9 and Linux
    3.18.</para>
  </listitem>
 </itemizedlist>
  <para>Following new services were added since the last release:
  <itemizedlist>
    <listitem><para><literal>services/mail/exim.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/apache-kafka.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/canto-daemon.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/confd.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/devmon.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/gitit.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/ihaskell.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/mbpfan.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/mediatomb.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/mwlib.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/parsoid.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/plex.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/ripple-rest.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/ripple-data-api.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/subsonic.nix</literal></para></listitem>
    <listitem><para><literal>services/misc/sundtek.nix</literal></para></listitem>
    <listitem><para><literal>services/monitoring/cadvisor.nix</literal></para></listitem>
    <listitem><para><literal>services/monitoring/das_watchdog.nix</literal></para></listitem>
    <listitem><para><literal>services/monitoring/grafana.nix</literal></para></listitem>
    <listitem><para><literal>services/monitoring/riemann-tools.nix</literal></para></listitem>
    <listitem><para><literal>services/monitoring/teamviewer.nix</literal></para></listitem>
    <listitem><para><literal>services/network-filesystems/u9fs.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/aiccu.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/asterisk.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/bird.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/charybdis.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/docker-registry-server.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/fan.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/firefox/sync-server.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/gateone.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/heyefi.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/i2p.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/lambdabot.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/mstpd.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/nix-serve.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/nylon.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/racoon.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/skydns.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/shout.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/softether.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/sslh.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/tinc.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/tlsdated.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/tox-bootstrapd.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/tvheadend.nix</literal></para></listitem>
    <listitem><para><literal>services/networking/zerotierone.nix</literal></para></listitem>
    <listitem><para><literal>services/scheduling/marathon.nix</literal></para></listitem>
    <listitem><para><literal>services/security/fprintd.nix</literal></para></listitem>
    <listitem><para><literal>services/security/hologram.nix</literal></para></listitem>
    <listitem><para><literal>services/security/munge.nix</literal></para></listitem>
    <listitem><para><literal>services/system/cloud-init.nix</literal></para></listitem>
    <listitem><para><literal>services/web-servers/shellinabox.nix</literal></para></listitem>
    <listitem><para><literal>services/web-servers/uwsgi.nix</literal></para></listitem>
    <listitem><para><literal>services/x11/unclutter.nix</literal></para></listitem>
    <listitem><para><literal>services/x11/display-managers/sddm.nix</literal></para></listitem>
    <listitem><para><literal>system/boot/coredump.nix</literal></para></listitem>
    <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
    <listitem><para><literal>system/boot/loader/generic-extlinux-compatible</literal></para></listitem>
    <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
    <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
    <listitem><para><literal>system/boot/timesyncd.nix</literal></para></listitem>
    <listitem><para><literal>tasks/filesystems/exfat.nix</literal></para></listitem>
    <listitem><para><literal>tasks/filesystems/ntfs.nix</literal></para></listitem>
    <listitem><para><literal>tasks/filesystems/vboxsf.nix</literal></para></listitem>
    <listitem><para><literal>virtualisation/virtualbox-host.nix</literal></para></listitem>
    <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem>
    <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem>
  </itemizedlist>
  </para>
 <para>When upgrading from a previous release, please be aware of the
 following incompatible changes:
 <itemizedlist>
 <listitem><para><command>sshd</command> no longer supports DSA and ECDSA
 host keys by default. If you have existing systems with such host keys
 and want to continue to use them, please set
 <programlisting>
 system.stateVersion = "14.12";
 </programlisting>
 The new option <option>system.stateVersion</option> ensures that
 certain configuration changes that could break existing systems (such
 as the <command>sshd</command> host key setting) will maintain
 compatibility with the specified NixOS release. NixOps sets the state
 version of existing deployments automatically.</para></listitem>
 <listitem><para><command>cron</command> is no longer enabled by
 default, unless you have a non-empty
 <option>services.cron.systemCronJobs</option>. To force
 <command>cron</command> to be enabled, set
 <option>services.cron.enable = true</option>.</para></listitem>
 <listitem><para>Nix now requires binary caches to be cryptographically
 signed. If you have unsigned binary caches that you want to continue
 to use, you should set <option>nix.requireSignedBinaryCaches =
 false</option>.</para></listitem>
 <listitem><para>Steam now doesn't need root rights to work. Instead of using
 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
 <literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,
 and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
 </para></listitem>
 <listitem><para>CMPlayer has been renamed to bomi upstream. Package
 <literal>cmplayer</literal> was accordingly renamed to
 <literal>bomi</literal> </para></listitem>
 <listitem><para>Atom Shell has been renamed to Electron upstream.  Package <literal>atom-shell</literal>
 was accordingly renamed to <literal>electron</literal>
 </para></listitem>
 <listitem><para>Elm is not released on Hackage anymore. You should now use <literal>elmPackages.elm</literal>
 which contains the latest Elm platform.</para></listitem>
 <listitem>
  <para>The CUPS printing service has been updated to version
  <literal>2.0.2</literal>.  Furthermore its systemd service has been
  renamed to <literal>cups.service</literal>.</para>
  <para>Local printers are no longer shared or advertised by
  default. This behavior can be changed by enabling
  <option>services.printing.defaultShared</option> or
  <option>services.printing.browsing</option> respectively.</para>
 </listitem>
 <listitem>
  <para>
    The VirtualBox host and guest options have been named more
    consistently. They can now found in
    <option>virtualisation.virtualbox.host.*</option> instead of
    <option>services.virtualboxHost.*</option> and
    <option>virtualisation.virtualbox.guest.*</option> instead of
    <option>services.virtualboxGuest.*</option>.
  </para>
  <para>
    Also, there now is support for the <literal>vboxsf</literal> file
    system using the <option>fileSystems</option> configuration
    attribute. An example of how this can be used in a configuration:
 <programlisting>
 fileSystems."/shiny" = {
  device = "myshinysharedfolder";
  fsType = "vboxsf";
 };
 </programlisting>
  </para>
 </listitem>
 <listitem>
  <para>
    &quot;<literal>nix-env -qa</literal>&quot; no longer discovers
    Haskell packages by name. The only packages visible in the global
    scope are <literal>ghc</literal>, <literal>cabal-install</literal>,
    and <literal>stack</literal>, but all other packages are hidden. The
    reason for this inconvenience is the sheer size of the Haskell
    package set. Name-based lookups are expensive, and most
    <literal>nix-env -qa</literal> operations would become much slower
    if we'd add the entire Hackage database into the top level attribute
    set. Instead, the list of Haskell packages can be displayed by
    running:
  </para>
  <programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
 </programlisting>
  <para>
    Executable programs written in Haskell can be installed with:
  </para>
  <programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.pandoc
 </programlisting>
  <para>
    Installing Haskell <emphasis>libraries</emphasis> this way, however, is no
    longer supported. See the next item for more details.
  </para>
 </listitem>
 <listitem>
  <para>
    Previous versions of NixOS came with a feature called
    <literal>ghc-wrapper</literal>, a small script that allowed GHC to
    transparently pick up on libraries installed in the user's profile. This
    feature has been deprecated; <literal>ghc-wrapper</literal> was removed
    from the distribution. The proper way to register Haskell libraries with
    the compiler now is the <literal>haskellPackages.ghcWithPackages</literal>
    function. The <link
    xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
    Guide to the Haskell Infrastructure</link> provides more information about
    this subject.
  </para>
 </listitem>
 <listitem>
  <para>
    All Haskell builds that have been generated with version 1.x of
    the <literal>cabal2nix</literal> utility are now invalid and need
    to be re-generated with a current version of
    <literal>cabal2nix</literal> to function. The most recent version
    of this tool can be installed by running
    <literal>nix-env -i cabal2nix</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    The <literal>haskellPackages</literal> set in Nixpkgs used to have a
    function attribute called <literal>extension</literal> that users
    could override in their <literal>~/.nixpkgs/config.nix</literal>
    files to configure additional attributes, etc. That function still
    exists, but it's now called <literal>overrides</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    The OpenBLAS library has been updated to version
    <literal>0.2.14</literal>. Support for the
    <literal>x86_64-darwin</literal> platform was added. Dynamic
    architecture detection was enabled; OpenBLAS now selects
    microarchitecture-optimized routines at runtime, so optimal
    performance is achieved without the need to rebuild OpenBLAS
    locally. OpenBLAS has replaced ATLAS in most packages which use an
    optimized BLAS or LAPACK implementation.
 </para>
 </listitem>
 <listitem>
  <para>
    The <literal>phpfpm</literal> is now using the default PHP version
    (<literal>pkgs.php</literal>) instead of PHP 5.4 (<literal>pkgs.php54</literal>).
  </para>
 </listitem>
 <listitem>
  <para>
    The <literal>locate</literal> service no longer indexes the Nix store
    by default, preventing packages with potentially numerous versions from
    cluttering the output. Indexing the store can be activated by setting
    <option>services.locate.includeStore = true</option>.
  </para>
 </listitem>
 <listitem>
  <para>
    The Nix expression search path (<envar>NIX_PATH</envar>) no longer
    contains <filename>/etc/nixos/nixpkgs</filename> by default. You
    can override <envar>NIX_PATH</envar> by setting
    <option>nix.nixPath</option>.
  </para>
 </listitem>
 <listitem>
  <para>
    Python 2.6 has been marked as broken (as it no longer recieves
    security updates from upstream).
  </para>
 </listitem>
 <listitem>
  <para>
    Any use of module arguments such as <varname>pkgs</varname> to access
    library functions, or to define <literal>imports</literal> attributes
    will now lead to an infinite loop at the time of the evaluation.
  </para>
  <para>
    In case of an infinite loop, use the <command>--show-trace</command>
    command line argument and read the line just above the error message.
 <screen>
 $ nixos-rebuild build --show-trace
 …
 while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix":
 infinite recursion encountered
 </screen>
  </para>
  <para>
    Any use of <literal>pkgs.lib</literal>, should be replaced by
    <varname>lib</varname>, after adding it as argument of the module.  The
    following module
 <programlisting>
 { config, pkgs, ... }:
 with pkgs.lib;
 {
  options = {
    foo = mkOption { … };
  };
  config = mkIf config.foo { … };
 }
 </programlisting>
   should be modified to look like:
 <programlisting>
 { config, pkgs, lib, ... }:
 with lib;
 {
  options = {
    foo = mkOption { <replaceable>option declaration</replaceable> };
  };
  config = mkIf config.foo { <replaceable>option definition</replaceable> };
 }
 </programlisting>
  </para>
  <para>
    When <varname>pkgs</varname> is used to download other projects to
    import their modules, and only in such cases, it should be replaced by
    <literal>(import &lt;nixpkgs&gt; {})</literal>.  The following module
 <programlisting>
 { config, pkgs, ... }:
 let
  myProject = pkgs.fetchurl {
    src = <replaceable>url</replaceable>;
    sha256 = <replaceable>hash</replaceable>;
  };
 in
 {
  imports = [ "${myProject}/module.nix" ];
 }
 </programlisting>
    should be modified to look like:
 <programlisting>
 { config, pkgs, ... }:
 let
  myProject = (import &lt;nixpkgs&gt; {}).fetchurl {
    src = <replaceable>url</replaceable>;
    sha256 = <replaceable>hash</replaceable>;
  };
 in
 {
  imports = [ "${myProject}/module.nix" ];
 }
 </programlisting>
  </para>
 </listitem>
 </itemizedlist>
 </para>
 <para>Other notable improvements:
 <itemizedlist>
  <listitem><para>The nixos and nixpkgs channels were unified,
    so one <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
    instead of <literal>nix-env -iA nixos.pkgs.bash</literal>.
    See <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the commit</link> for details.
  </para></listitem>
  <listitem>
    <para>
      Users running an SSH server who worry about the quality of their
      <literal>/etc/ssh/moduli</literal> file with respect to the
      <link
      xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
      discovered in the Diffie-Hellman key exchange</link> can now
      replace OpenSSH's default version with one they generated
      themselves using the new
      <option>services.openssh.moduliFile</option> option.
      </para>
  </listitem>
  <listitem> <para>
    A newly packaged TeX Live 2015 is provided in <literal>pkgs.texlive</literal>,
    split into 6500 nix packages. For basic user documentation see
    <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive-new/default.nix#L1"
      >the source</link>.
    Beware of <link xlink:href="https://github.com/NixOS/nixpkgs/issues/9757"
      >an issue</link> when installing a too large package set.
    The plan is to deprecate and maybe delete the original TeX packages
    until the next release.
  </para> </listitem>
  <listitem><para>
    <option>buildEnv.env</option> on all Python interpreters
    is now available for nix-shell interoperability.
  </para> </listitem>
 </itemizedlist>
 </para>
 </section>
--- a/nixos/doc/manual/release-notes/rl-unstable.xml
+++ b/nixos/doc/manual/release-notes/rl-unstable.xml
@@ -1,231 +0,0 @@
 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-unstable">
 <title>Release 15.07 (“Dingo”, 2015/07/??)</title>
 <para>In addition to numerous new and upgraded packages, this release has the following highlights:
  <itemizedlist>
    <listitem>
      <para>
        The Haskell packages infrastructure has been re-designed from the ground up.
        NixOS now distributes the latest version of every single package registered on
        <link xlink:href="http://hackage.haskell.org/">Hackage</link>, i.e. well over
        8000 Haskell packages. Further information and usage instructions for the
        improved infrastructure are available at <link
        xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link>.
        Users migrating from an earlier release will find also find helpful information
        below, in the list of backwards-incompatible changes.
      </para>
    </listitem>
    <listitem>
      <para>
        Users running an SSH server who worry about the quality of their
        <literal>/etc/ssh/moduli</literal> file with respect to the <link
        xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
        discovered in the Diffie-Hellman key exchange</link> can now replace OpenSSH's
        default version with one they generated themselves using the new
        <literal>services.openssh.moduliFile</literal> option.
      </para>
    </listitem>
  </itemizedlist>
 </para>
 <para>When upgrading from a previous release, please be aware of the
 following incompatible changes:
 <itemizedlist>
 <listitem><para><command>sshd</command> no longer supports DSA and ECDSA
 host keys by default. If you have existing systems with such host keys
 and want to continue to use them, please set
 <programlisting>
 system.stateVersion = "14.12";
 </programlisting>
 (The new option <option>system.stateVersion</option> ensures that
 certain configuration changes that could break existing systems (such
 as the <command>sshd</command> host key setting) will maintain
 compatibility with the specified NixOS release.)</para></listitem>
 <listitem><para><command>cron</command> is no longer enabled by
 default, unless you have a non-empty
 <option>services.cron.systemCronJobs</option>. To force
 <command>cron</command> to be enabled, set
 <option>services.cron.enable = true</option>.</para></listitem>
 <listitem><para>Nix now requires binary caches to be cryptographically
 signed. If you have unsigned binary caches that you want to continue
 to use, you should set <option>nix.requireSignedBinaryCaches =
 false</option>.</para></listitem>
 <listitem><para>Steam now doesn't need root rights to work. Instead of using
 <literal>*-steam-chrootenv</literal>, you should now just run <literal>steam</literal>.
 <literal>steamChrootEnv</literal> package was renamed to <literal>steam</literal>,
 and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
 </para></listitem>
 <listitem><para>CMPlayer has been renamed to bomi upstream. Package <literal>cmplayer</literal>
 was accordingly renamed to <literal>bomi</literal>
 </para></listitem>
 <listitem><para>Atom Shell has been renamed to Electron upstream.  Package <literal>atom-shell</literal>
 was accordingly renamed to <literal>electron</literal>
 </para></listitem>
 <listitem><para>Elm is not released on Hackage anymore. You should now use <literal>elmPackages.elm</literal>
 which contains the latest Elm platform.</para></listitem>
 <listitem>
  <para>
 	The CUPS printing service has been updated to version <literal>2.0.2</literal>.
 	Furthermore its systemd service has been renamed to <literal>cups.service</literal>.
  </para>
  <para>
 	Local printers are no longer shared or advertised by default. This behavior
 	can be changed by enabling <literal>services.printing.defaultShared</literal>
 	or <literal>services.printing.browsing</literal> respectively.
  </para>
 </listitem>
 <listitem>
  <para>
    The VirtualBox host and guest options have been moved/renamed more
    consistently and less confusing to be now found in
    <literal>virtualisation.virtualbox.host.*</literal> instead of
    <literal>services.virtualboxHost.*</literal> and
    <literal>virtualisation.virtualbox.guest.*</literal> instead of
    <literal>services.virtualboxGuest.*</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    Haskell packages can no longer be found by name, i.e. the commands
    <literal>nix-env -qa cabal-install</literal> and <literal>nix-env -i
    ghc</literal> will fail, even though we <emphasis>do</emphasis> ship
    both <literal>cabal-install</literal> and <literal>ghc</literal>.
    The reason for this inconvenience is the sheer size of the Haskell
    package set: name-based lookups such as these would become much
    slower than they are today if we'd add the entire Hackage database
    into the top level attribute set. Instead, the list of Haskell
    packages can be displayed by
  </para>
  <programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
 </programlisting>
  <para>
    and packages can be installed with:
  </para>
  <programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
 </programlisting>
 </listitem>
 <listitem>
  <para>
    Previous versions of NixOS came with a feature called
    <literal>ghc-wrapper</literal>, a small wrapper script that allows
    GHC to transparently pick up on libraries installed in the user's
    profile. This feature has been deprecated;
    <literal>ghc-wrapper</literal> was removed from the distribution.
    The proper way to register Haskell libraries with the compiler now
    is the <literal>haskellPackages.ghcWithPackages</literal>
    function.
    <link xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link>
    provides much information about this subject.
  </para>
 </listitem>
 <listitem>
  <para>
    All Haskell builds that have been generated with version 1.x of
    the <literal>cabal2nix</literal> utility are now invalid and need
    to be re-generated with a current version of
    <literal>cabal2nix</literal> to function. The most recent version
    of this tool can be installed by running
    <literal>nix-env -i cabal2nix</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    The <literal>haskellPackages</literal> set in Nixpkgs used to have a
    function attribute called <literal>extension</literal> that users
    could override in their <literal>~/.nixpkgs/config.nix</literal>
    files to configure additional attributes, etc. That function still
    exists, but it's now called <literal>overrides</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    The OpenBLAS library has been updated to version
    <literal>0.2.14</literal>. Support for the
    <literal>x86_64-darwin</literal> platform was added. Dynamic
    architecture detection was enabled; OpenBLAS now selects
    microarchitecture-optimized routines at runtime, so optimal
    performance is achieved without the need to rebuild OpenBLAS
    locally. OpenBLAS has replaced ATLAS in most packages which use an
    optimized BLAS or LAPACK implementation.
 </para>
 </listitem>
 <listitem>
  <para>
    The <literal>phpfpm</literal> is now using the default PHP version
    (<literal>pkgs.php</literal>) instead of PHP 5.4 (<literal>pkgs.php54</literal>).
  </para>
 </listitem>
 <listitem>
  <para>
    The <literal>locate</literal> service no longer indexes the Nix store
    by default, preventing packages with potentially numerous versions from
    cluttering the output. Indexing the store can be activated by setting
    <literal>services.locate.includeStore = true</literal>.
  </para>
 </listitem>
 <listitem>
  <para>
    The Nix expression search path (<envar>NIX_PATH</envar>) no longer
    contains <filename>/etc/nixos/nixpkgs</filename> by default. You
    can override <envar>NIX_PATH</envar> by setting
    <option>nix.nixPath</option>.
  </para>
 </listitem>
 </itemizedlist>
 </para>
 <para>The following new services were added since the last release:
 <itemizedlist>
 <listitem><para><literal>brltty</literal></para></listitem>
 <listitem><para><literal>marathon</literal></para></listitem>
 <listitem><para><literal>tvheadend</literal></para></listitem>
 </itemizedlist>
 </para>
 <para>Other notable improvements:
 <itemizedlist>
  <listitem><para>The nixos and nixpkgs channels were unified,
    so one <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
    instead of <literal>nix-env -iA nixos.pkgs.bash</literal>.
    See <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the commit</link> for details.
  </para></listitem>
 </itemizedlist>
 </para>
 </section>
--- a/nixos/lib/make-disk-image.nix
+++ b/nixos/lib/make-disk-image.nix
@@ -0,0 +1,115 @@
 { pkgs
 , lib
 , # The NixOS configuration to be installed onto the disk image.
  config
 , # The size of the disk, in megabytes.
  diskSize
 , # Whether the disk should be partitioned (with a single partition
  # containing the root filesystem) or contain the root filesystem
  # directly.
  partitioned ? true
 , # The root file system type.
  fsType ? "ext4"
 , # The initial NixOS configuration file to be copied to
  # /etc/nixos/configuration.nix.
  configFile ? null
 , # Shell code executed after the VM has finished.
  postVM ? ""
 }:
 with lib;
 pkgs.vmTools.runInLinuxVM (
  pkgs.runCommand "nixos-disk-image"
    { preVM =
        ''
          mkdir $out
          diskImage=$out/nixos.img
          ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${toString diskSize}M"
          mv closure xchg/
        '';
      buildInputs = [ pkgs.utillinux pkgs.perl pkgs.e2fsprogs pkgs.parted ];
      exportReferencesGraph =
        [ "closure" config.system.build.toplevel ];
      inherit postVM;
    }
    ''
      ${if partitioned then ''
        # Create a single / partition.
        parted /dev/vda mklabel msdos
        parted /dev/vda -- mkpart primary ext2 1M -1s
        . /sys/class/block/vda1/uevent
        mknod /dev/vda1 b $MAJOR $MINOR
        rootDisk=/dev/vda1
      '' else ''
        rootDisk=/dev/vda
      ''}
      # Create an empty filesystem and mount it.
      mkfs.${fsType} -L nixos $rootDisk
      ${optionalString (fsType == "ext4") ''
        tune2fs -c 0 -i 0 $rootDisk
      ''}
      mkdir /mnt
      mount $rootDisk /mnt
      # The initrd expects these directories to exist.
      mkdir /mnt/dev /mnt/proc /mnt/sys
      mount -o bind /proc /mnt/proc
      mount -o bind /dev /mnt/dev
      mount -o bind /sys /mnt/sys
      # Copy all paths in the closure to the filesystem.
      storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
      mkdir -p /mnt/nix/store
      echo "copying everything (will take a while)..."
      set -f
      cp -prd $storePaths /mnt/nix/store/
      # Register the paths in the Nix database.
      printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
          chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
      # Add missing size/hash fields to the database. FIXME:
      # exportReferencesGraph should provide these directly.
      chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents
      # Create the system profile to allow nixos-rebuild to work.
      chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
          -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
      # `nixos-rebuild' requires an /etc/NIXOS.
      mkdir -p /mnt/etc
      touch /mnt/etc/NIXOS
      # `switch-to-configuration' requires a /bin/sh
      mkdir -p /mnt/bin
      ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
      # Install a configuration.nix.
      mkdir -p /mnt/etc/nixos
      ${optionalString (configFile != null) ''
        cp ${configFile} /mnt/etc/nixos/configuration.nix
      ''}
      # Generate the GRUB menu.
      ln -s vda /dev/xvda
      ln -s vda /dev/sda
      chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
      umount /mnt/proc /mnt/dev /mnt/sys
      umount /mnt
      # Do an fsck to make sure resize2fs works.
      fsck.${fsType} -f -y $rootDisk
    ''
 )
--- a/nixos/maintainers/scripts/ec2/amazon-base-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-base-config.nix
@@ -1,5 +0,0 @@
 { modulesPath, ...}:
 {
  imports = [ "${modulesPath}/virtualisation/amazon-init.nix" ];
  services.journald.rateLimitBurst = 0;
 }
--- a/nixos/maintainers/scripts/ec2/amazon-hvm-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-hvm-config.nix
@@ -1,5 +0,0 @@
 { config, pkgs, ...}:
 {
  imports = [ ./amazon-base-config.nix ];
  ec2.hvm = true;
 }
--- a/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix
@@ -1,34 +0,0 @@
 { config, pkgs, lib, ...}:
 let
  cloudUtils = pkgs.fetchurl {
    url = "https://launchpad.net/cloud-utils/trunk/0.27/+download/cloud-utils-0.27.tar.gz";
    sha256 = "16shlmg36lidp614km41y6qk3xccil02f5n3r4wf6d1zr5n4v8vd";
  };
  growpart = pkgs.stdenv.mkDerivation {
    name = "growpart";
    src = cloudUtils;
    buildPhase = ''
      cp bin/growpart $out
      sed -i 's|awk|gawk|' $out
      sed -i 's|sed|gnused|' $out
    '';
    dontInstall = true;
    dontPatchShebangs = true;
  };
 in
 {
  imports = [ ./amazon-base-config.nix ];
  ec2.hvm = true;
  boot.loader.grub.device = lib.mkOverride 0 "/dev/xvdg";
  boot.kernelParams = [ "console=ttyS0" ];
  boot.initrd.extraUtilsCommands = ''
    copy_bin_and_libs ${pkgs.gawk}/bin/gawk
    copy_bin_and_libs ${pkgs.gnused}/bin/sed
    copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
    cp -v ${growpart} $out/bin/growpart
  '';
  boot.initrd.postDeviceCommands = ''
    [ -e /dev/xvda ] && [ -e /dev/xvda1 ] && TMPDIR=/run sh $(type -P growpart) /dev/xvda 1
  '';
 }
--- a/nixos/maintainers/scripts/ec2/amazon-image.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-image.nix
@@ -0,0 +1,27 @@
 { config, lib, pkgs, ... }:
 with lib;
 {
  imports =
    [ ../../../modules/installer/cd-dvd/channel.nix
      ../../../modules/virtualisation/amazon-image.nix
    ];
  system.build.amazonImage = import ../../../lib/make-disk-image.nix {
    inherit pkgs lib config;
    partitioned = config.ec2.hvm;
    diskSize = if config.ec2.hvm then 2048 else 8192;
    configFile = pkgs.writeText "configuration.nix"
      ''
        {
          imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
          ${optionalString config.ec2.hvm ''
            ec2.hvm = true;
          ''}
        }
      '';
  };
 }
--- a/nixos/maintainers/scripts/ec2/create-amis.sh
+++ b/nixos/maintainers/scripts/ec2/create-amis.sh
@@ -0,0 +1,217 @@
 #! /bin/sh -e
 set -o pipefail
 #set -x
 stateDir=${TMPDIR:-/tmp}/ec2-image
 echo "keeping state in $stateDir"
 mkdir -p $stateDir
 version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g)
 echo "NixOS version is $version"
 rm -f ec2-amis.nix
 for type in hvm pv; do
    link=$stateDir/$type
    imageFile=$link/nixos.img
    system=x86_64-linux
    arch=x86_64
    # Build the image.
    if ! [ -L $link ]; then
        if [ $type = pv ]; then hvmFlag=false; else hvmFlag=true; fi
        echo "building image type '$type'..."
        nix-build -o $link \
            '<nixpkgs/nixos>' \
            -A config.system.build.amazonImage \
            --arg configuration "{ imports = [ <nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix> ]; ec2.hvm = $hvmFlag; }"
    fi
    for store in ebs s3; do
        bucket=nixos-amis
        bucketDir="$version-$type-$store"
        prevAmi=
        prevRegion=
        #for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
        for region in eu-west-1 us-east-1; do
            name=nixos-$version-$arch-$type-$store
            description="NixOS $system $version ($type-$store)"
            amiFile=$stateDir/$region.$type.$store.ami-id
            if ! [ -e $amiFile ]; then
                echo "doing $name in $region..."
                if [ -n "$prevAmi" ]; then
                    ami=$(ec2-copy-image \
                        --region "$region" \
                        --source-region "$prevRegion" --source-ami-id "$prevAmi" \
                        --name "$name" --description "$description" | cut -f 2)
                else
                    if [ $store = s3 ]; then
                        # Bundle the image.
                        imageDir=$stateDir/$type-bundled
                        if ! [ -d $imageDir ]; then
                            rm -rf $imageDir.tmp
                            mkdir -p $imageDir.tmp
                            ec2-bundle-image \
                                -d $imageDir.tmp \
                                -i $imageFile --arch $arch \
                                --user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
                            mv $imageDir.tmp $imageDir
                        fi
                        # Upload the bundle to S3.
                        if ! [ -e $imageDir/uploaded ]; then
                            echo "uploading bundle to S3..."
                            ec2-upload-bundle \
                                -m $imageDir/nixos.img.manifest.xml \
                                -b "$bucket/$bucketDir" \
                                -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" \
                                --location EU
                            touch $imageDir/uploaded
                        fi
                        extraFlags="$bucket/$bucketDir/nixos.img.manifest.xml"
                    else
                        # Convert the image to vhd format so we don't have
                        # to upload a huge raw image.
                        vhdFile=$stateDir/$type.vhd
                        if ! [ -e $vhdFile ]; then
                            qemu-img convert -O vpc $imageFile $vhdFile.tmp
                            mv $vhdFile.tmp $vhdFile
                        fi
                        taskId=$(cat $stateDir/$region.$type.task-id 2> /dev/null || true)
                        volId=$(cat $stateDir/$region.$type.vol-id 2> /dev/null || true)
                        snapId=$(cat $stateDir/$region.$type.snap-id 2> /dev/null || true)
                        # Import the VHD file.
                        if [ -z "$snapId" -a -z "$volId" -a -z "$taskId" ]; then
                            echo "importing $vhdFile..."
                            taskId=$(ec2-import-volume $vhdFile --no-upload -f vhd \
                                -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY" \
                                --region "$region" -z "${region}a" \
                                --bucket "$bucket" --prefix "$bucketDir/" \
                                | tee /dev/stderr \
                                | sed 's/.*\(import-vol-[0-9a-z]\+\).*/\1/ ; t ; d')
                            echo -n "$taskId" > $stateDir/$region.$type.task-id
                        fi
                        if [ -z "$snapId" -a -z "$volId" ]; then
                            ec2-resume-import  $vhdFile -t "$taskId" --region "$region" \
                                -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY"
                        fi
                        # Wait for the volume creation to finish.
                        if [ -z "$snapId" -a -z "$volId" ]; then
                            echo "waiting for import to finish..."
                            while true; do
                                volId=$(ec2-describe-conversion-tasks "$taskId" --region "$region" | sed 's/.*VolumeId.*\(vol-[0-9a-f]\+\).*/\1/ ; t ; d')
                                if [ -n "$volId" ]; then break; fi
                                sleep 10
                            done
                            echo -n "$volId" > $stateDir/$region.$type.vol-id
                        fi
                        # Delete the import task.
                        if [ -n "$volId" -a -n "$taskId" ]; then
                            echo "removing import task..."
                            ec2-delete-disk-image -t "$taskId" --region "$region" -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY" || true
                            rm -f $stateDir/$region.$type.task-id
                        fi
                        # Create a snapshot.
                        if [ -z "$snapId" ]; then
                            echo "creating snapshot..."
                            snapId=$(ec2-create-snapshot "$volId" --region "$region" | cut -f 2)
                            echo -n "$snapId" > $stateDir/$region.$type.snap-id
                            ec2-create-tags "$snapId" -t "Name=$description" --region "$region"
                        fi
                        # Wait for the snapshot to finish.
                        echo "waiting for snapshot to finish..."
                        while true; do
                            status=$(ec2-describe-snapshots "$snapId" --region "$region" | head -n1 | cut -f 4)
                            if [ "$status" = completed ]; then break; fi
                            sleep 10
                        done
                        # Delete the volume.
                        if [ -n "$volId" ]; then
                            echo "deleting volume..."
                            ec2-delete-volume "$volId" --region "$region" || true
                            rm -f $stateDir/$region.$type.vol-id
                        fi
                        extraFlags="-b /dev/sda1=$snapId:20:true:gp2"
                        if [ $type = pv ]; then
                            extraFlags+=" --root-device-name=/dev/sda1"
                        fi
                        extraFlags+=" -b /dev/sdb=ephemeral0 -b /dev/sdc=ephemeral1 -b /dev/sdd=ephemeral2 -b /dev/sde=ephemeral3"
                    fi
                    # Register the AMI.
                    if [ $type = pv ]; then
                        kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.04-$arch*" --region "$region" | cut -f 2)
                        [ -n "$kernel" ]
                        echo "using PV-GRUB kernel $kernel"
                        extraFlags+=" --virtualization-type paravirtual --kernel $kernel"
                    else
                        extraFlags+=" --virtualization-type hvm"
                    fi
                    set -x
                    ami=$(ec2-register \
                        -n "$name" \
                        -d "$description" \
                        --region "$region" \
                        --architecture "$arch" \
                        $extraFlags | cut -f 2)
                fi
                echo -n "$ami" > $amiFile
                echo "created AMI $ami of type '$type' in $region..."
            else
                ami=$(cat $amiFile)
            fi
            echo "waiting for AMI..."
            while true; do
                status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5)
                if [ "$status" = available ]; then break; fi
                sleep 10
            done
            ec2-modify-image-attribute \
                --region "$region" "$ami" -l -a all
            echo "region = $region, type = $type, store = $store, ami = $ami"
            if [ -z "$prevAmi" ]; then
                prevAmi="$ami"
                prevRegion="$region"
            fi
            echo "  \"15.09\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix
        done
    done
 done
--- a/nixos/maintainers/scripts/ec2/create-ebs-amis.py
+++ b/nixos/maintainers/scripts/ec2/create-ebs-amis.py
@@ -1,216 +0,0 @@
 #! /usr/bin/env python
 import os
 import sys
 import time
 import argparse
 import nixops.util
 from nixops import deployment
 from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
 import boto.ec2
 from nixops.statefile import StateFile, get_default_state_file
 parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI')
 parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in')
 parser.add_argument('--channel', dest='channel', default="14.12", help='Channel to use')
 parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use')
 parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image')
 parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob")
 args = parser.parse_args()
 instance_type = "m3.medium" if args.hvm else "m1.small"
 if args.hvm:
    virtualization_type = "hvm"
    root_block = "/dev/sda1"
    image_type = 'hvm'
 else:
    virtualization_type = "paravirtual"
    root_block = "/dev/sda"
    image_type = 'ebs'
 ebs_size = 20
 # Start a NixOS machine in the given region.
 f = open("ebs-creator-config.nix", "w")
 f.write('''{{
  resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
  resources.ec2KeyPairs.keypair.region = "{0}";
  machine =
    {{ pkgs, ... }}:
    {{
      deployment.ec2.accessKeyId = "lb-nixos";
      deployment.ec2.region = "{0}";
      deployment.ec2.blockDeviceMapping."/dev/xvdg".size = pkgs.lib.mkOverride 10 {1};
    }};
 }}
 '''.format(args.region, ebs_size))
 f.close()
 db = StateFile(get_default_state_file())
 try:
    depl = db.open_deployment("ebs-creator")
 except Exception:
    depl = db.create_deployment()
    depl.name = "ebs-creator"
 depl.logger.set_autoresponse("y")
 depl.nix_exprs = [os.path.abspath("./ebs-creator.nix"), os.path.abspath("./ebs-creator-config.nix")]
 if not args.keep: depl.destroy_resources()
 depl.deploy(allow_reboot=True)
 m = depl.machines['machine']
 # Do the installation.
 device="/dev/xvdg"
 if args.hvm:
    m.run_command('parted -s /dev/xvdg -- mklabel msdos')
    m.run_command('parted -s /dev/xvdg -- mkpart primary ext2 1M -1s')
    device="/dev/xvdg1"
 m.run_command("if mountpoint -q /mnt; then umount /mnt; fi")
 m.run_command("mkfs.ext4 -L nixos {0}".format(device))
 m.run_command("mkdir -p /mnt")
 m.run_command("mount {0} /mnt".format(device))
 m.run_command("touch /mnt/.ebs")
 m.run_command("mkdir -p /mnt/etc/nixos")
 m.run_command("nix-channel --add https://nixos.org/channels/nixos-{} nixos".format(args.channel))
 m.run_command("nix-channel --update")
 version = m.run_command("nix-instantiate --eval-only -A lib.nixpkgsVersion '<nixpkgs>'", capture_stdout=True).split(' ')[0].replace('"','').strip()
 print >> sys.stderr, "NixOS version is {0}".format(version)
 if args.hvm:
    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/amazon-base-config.nix")
    m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
    m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
    m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
 else:
    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
    m.run_command("nixos-install")
 m.run_command("umount /mnt")
 if args.hvm:
    ami_name = "nixos-{0}-x86_64-hvm".format(version)
    description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
 else:
    ami_name = "nixos-{0}-x86_64-ebs".format(version)
    description = "NixOS {0} (x86_64; EBS root)".format(version)
 # Wait for the snapshot to finish.
 def check():
    status = snapshot.update()
    print >> sys.stderr, "snapshot status is {0}".format(status)
    return status == '100%'
 m.connect()
 volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
 # Create a snapshot.
 snapshot = volume.create_snapshot(description=description)
 print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
 nixops.util.check_wait(check, max_tries=120)
 m._conn.create_tags([snapshot.id], {'Name': ami_name})
 if not args.keep: depl.destroy_resources()
 # Register the image.
 aki = m._conn.get_all_images(filters={'manifest-location': 'ec2*pv-grub-hd0_1.03-x86_64*'})[0]
 print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
 block_map = BlockDeviceMapping()
 block_map[root_block] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True, size=ebs_size, volume_type="gp2")
 block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
 block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
 block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
 block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
 common_args = dict(
        name=ami_name,
        description=description,
        architecture="x86_64",
        root_device_name=root_block,
        block_device_map=block_map,
        virtualization_type=virtualization_type,
        delete_root_volume_on_termination=True
        )
 if not args.hvm:
    common_args['kernel_id']=aki.id
 ami_id = m._conn.register_image(**common_args)
 print >> sys.stderr, "registered AMI {0}".format(ami_id)
 print >> sys.stderr, "sleeping a bit..."
 time.sleep(30)
 print >> sys.stderr, "setting image name..."
 m._conn.create_tags([ami_id], {'Name': ami_name})
 print >> sys.stderr, "making image public..."
 image = m._conn.get_all_images(image_ids=[ami_id])[0]
 image.set_launch_permissions(user_ids=[], group_names=["all"])
 # Do a test deployment to make sure that the AMI works.
 f = open("ebs-test.nix", "w")
 f.write(
    '''
    {{
      network.description = "NixOS EBS test";
      resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
      resources.ec2KeyPairs.keypair.region = "{0}";
      machine = {{ config, pkgs, resources, ... }}: {{
        deployment.targetEnv = "ec2";
        deployment.ec2.accessKeyId = "lb-nixos";
        deployment.ec2.region = "{0}";
        deployment.ec2.instanceType = "{2}";
        deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
        deployment.ec2.securityGroups = [ "public-ssh" ];
        deployment.ec2.ami = "{1}";
      }};
    }}
    '''.format(args.region, ami_id, instance_type))
 f.close()
 test_depl = db.create_deployment()
 test_depl.auto_response = "y"
 test_depl.name = "ebs-creator-test"
 test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")]
 test_depl.deploy(create_only=True)
 test_depl.machines['machine'].run_command("nixos-version")
 # Log the AMI ID.
 f = open("ec2-amis.nix".format(args.region, image_type), "w")
 f.write("{\n")
 for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
    copy_image = None
    if args.region != dest:
        try:
            print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
            conn = boto.ec2.connect_to_region(dest)
            copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None)
        except :
            print >> sys.stderr, "FAILED!"
        # Log the AMI ID.
        if copy_image != None:
            f.write('  "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,dest,"hvm" if args.hvm else "ebs",copy_image.image_id))
    else:
        f.write('  "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,args.region,"hvm" if args.hvm else "ebs",ami_id))
 f.write("}\n")
 f.close()
 if not args.keep:
    test_depl.logger.set_autoresponse("y")
    test_depl.destroy_resources()
    test_depl.delete()
--- a/nixos/maintainers/scripts/ec2/create-s3-amis.sh
+++ b/nixos/maintainers/scripts/ec2/create-s3-amis.sh
@@ -1,53 +0,0 @@
 #! /bin/sh -e
 export NIXOS_CONFIG=$(dirname $(readlink -f $0))/amazon-base-config.nix
 version=$(nix-instantiate --eval-only '<nixpkgs/nixos>' -A config.system.nixosVersion | sed s/'"'//g)
 echo "NixOS version is $version"
 buildAndUploadFor() {
    system="$1"
    arch="$2"
    echo "building $system image..."
    nix-build '<nixpkgs/nixos>' \
        -A config.system.build.amazonImage --argstr system "$system" -o ec2-ami
    ec2-bundle-image -i ./ec2-ami/nixos.img --user "$AWS_ACCOUNT" --arch "$arch" \
        -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
    for region in eu-west-1; do
        echo "uploading $system image for $region..."
        name=nixos-$version-$arch-s3
        bucket="$(echo $name-$region | tr '[A-Z]_' '[a-z]-')"
        if [ "$region" = eu-west-1 ]; then s3location=EU;
        elif [ "$region" = us-east-1 ]; then s3location=US;
        else s3location="$region"
        fi
        ec2-upload-bundle -b "$bucket" -m /tmp/nixos.img.manifest.xml \
            -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" --location "$s3location" \
            --url http://s3.amazonaws.com
        kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.04-$arch*" --region "$region" | cut -f 2)
        echo "using PV-GRUB kernel $kernel"
        ami=$(ec2-register "$bucket/nixos.img.manifest.xml" -n "$name" -d "NixOS $system r$revision" -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY" \
            --region "$region" --kernel "$kernel" | cut -f 2)
        echo "AMI ID is $ami"
        echo "  \"14.12\".\"$region\".s3 = \"$ami\";" >> ec2-amis.nix
        ec2-modify-image-attribute --region "$region" "$ami" -l -a all -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY"
        for cp_region in us-east-1 us-west-1 us-west-2 eu-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
          new_ami=$(aws ec2 copy-image --source-image-id $ami --source-region $region --region $cp_region --name "$name" | json ImageId)
          echo "  \"14.12\".\"$cp_region\".s3 = \"$new_ami\";" >> ec2-amis.nix  
        done
    done
 }
 buildAndUploadFor x86_64-linux x86_64
--- a/nixos/maintainers/scripts/ec2/ebs-creator.nix
+++ b/nixos/maintainers/scripts/ec2/ebs-creator.nix
@@ -1,13 +0,0 @@
 {
  network.description = "NixOS EBS creator";
  machine =
    { config, pkgs, resources, ... }:
    { deployment.targetEnv = "ec2";
      deployment.ec2.instanceType = "c3.large";
      deployment.ec2.securityGroups = [ "public-ssh" ];
      deployment.ec2.ebsBoot = false;
      deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
      environment.systemPackages = [ pkgs.parted ];
    };
 }
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -103,16 +103,23 @@ in
      [ "/bin"
        "/etc/xdg"
        "/info"
-        "/lib"
+        "/lib" # FIXME: remove
        #"/lib/debug/.build-id" # enables GDB to find separated debug info
        "/man"
        "/sbin"
        "/share/applications"
        "/share/desktop-directories"
        "/share/doc"
        "/share/emacs"
        "/share/icons"
        "/share/info"
        "/share/man"
        "/share/menus"
        "/share/mime"
        "/share/nano"
        "/share/org"
        "/share/terminfo"
        "/share/themes"
        "/share/vim-plugins"
      ];
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -216,7 +216,7 @@ let
          exist. If <option>users.mutableUsers</option> is true, the
          password can be changed subsequently using the
          <command>passwd</command> command. Otherwise, it's
-          equivalent to setting the <option>password</option> option.
+          equivalent to setting the <option>hashedPassword</option> option.
          ${hashedPasswordDescription}
        '';
@@ -336,13 +336,13 @@ let
    map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n")
      user.subUidRanges);
-  subuidFile = concatStrings (map mkSubuidEntry (attrValues cfg.extraUsers));
+  subuidFile = concatStrings (map mkSubuidEntry (attrValues cfg.users));
  mkSubgidEntry = user: concatStrings (
    map (range: "${user.name}:${toString range.startGid}:${toString range.count}\n")
        user.subGidRanges);
-  subgidFile = concatStrings (map mkSubgidEntry (attrValues cfg.extraUsers));
+  subgidFile = concatStrings (map mkSubgidEntry (attrValues cfg.users));
  idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
    let
@@ -354,8 +354,8 @@ let
      else { dup = false; acc = newAcc; }
    ) { dup = false; acc = {}; } (builtins.attrNames set)).dup;
-  uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.extraUsers) "uid";
+  uidsAreUnique = idsAreUnique (filterAttrs (n: u: u.uid != null) cfg.users) "uid";
-  gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.extraGroups) "gid";
+  gidsAreUnique = idsAreUnique (filterAttrs (n: g: g.gid != null) cfg.groups) "gid";
  spec = pkgs.writeText "users-groups.json" (builtins.toJSON {
    inherit (cfg) mutableUsers;
@@ -364,13 +364,13 @@ let
          name uid group description home shell createHome isSystemUser
          password passwordFile hashedPassword
          initialPassword initialHashedPassword;
-      }) cfg.extraUsers;
+      }) cfg.users;
    groups = mapAttrsToList (n: g:
      { inherit (g) name gid;
        members = g.members ++ (mapAttrsToList (n: u: u.name) (
-          filterAttrs (n: u: elem g.name u.extraGroups) cfg.extraUsers
+          filterAttrs (n: u: elem g.name u.extraGroups) cfg.users
        ));
-      }) cfg.extraGroups;
+      }) cfg.groups;
  });
 in {
@@ -388,10 +388,10 @@ in {
        <literal>groupadd</literal> commands. On system activation, the
        existing contents of the <literal>/etc/passwd</literal> and
        <literal>/etc/group</literal> files will be merged with the
-        contents generated from the <literal>users.extraUsers</literal> and
+        contents generated from the <literal>users.users</literal> and
-        <literal>users.extraGroups</literal> options.
+        <literal>users.groups</literal> options.
        The initial password for a user will be set
-        according to <literal>users.extraUsers</literal>, but existing passwords
+        according to <literal>users.users</literal>, but existing passwords
        will not be changed.
        <warning><para>
@@ -399,7 +399,7 @@ in {
        group files will simply be replaced on system activation. This also
        holds for the user passwords; all changed
        passwords will be reset according to the
-        <literal>users.extraUsers</literal> configuration on activation.
+        <literal>users.users</literal> configuration on activation.
        </para></warning>
      '';
    };
@@ -412,7 +412,7 @@ in {
      '';
    };
-    users.extraUsers = mkOption {
+    users.users = mkOption {
      default = {};
      type = types.loaOf types.optionSet;
      example = {
@@ -433,7 +433,7 @@ in {
      options = [ userOpts ];
    };
-    users.extraGroups = mkOption {
+    users.groups = mkOption {
      default = {};
      example =
        { students.gid = 1001;
@@ -461,7 +461,7 @@ in {
  config = {
-    users.extraUsers = {
+    users.users = {
      root = {
        uid = ids.uids.root;
        description = "System administrator";
@@ -478,7 +478,7 @@ in {
      };
    };
-    users.extraGroups = {
+    users.groups = {
      root.gid = ids.gids.root;
      wheel.gid = ids.gids.wheel;
      disk.gid = ids.gids.disk;
@@ -525,6 +525,27 @@ in {
      { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
        message = "UIDs and GIDs must be unique!";
      }
      { # If mutableUsers is false, to prevent users creating a
        # configuration that locks them out of the system, ensure that
        # there is at least one "privileged" account that has a
        # password or an SSH authorized key. Privileged accounts are
        # root and users in the wheel group.
        assertion = !cfg.mutableUsers ->
          any id (mapAttrsToList (name: cfg:
            (name == "root"
             || cfg.group == "wheel"
             || elem "wheel" cfg.extraGroups)
            &&
            ((cfg.hashedPassword != null && cfg.hashedPassword != "!")
             || cfg.password != null
             || cfg.passwordFile != null
             || cfg.openssh.authorizedKeys.keys != []
             || cfg.openssh.authorizedKeys.keyFiles != [])
          ) cfg.users);
        message = ''
          Neither the root account nor any wheel user has a password or SSH authorized key.
          You must set one to prevent being locked out of your system.'';
      }
    ];
  };
--- a/nixos/modules/installer/cd-dvd/channel.nix
+++ b/nixos/modules/installer/cd-dvd/channel.nix
@@ -33,7 +33,7 @@ in
        echo "unpacking the NixOS/Nixpkgs sources..."
        mkdir -p /nix/var/nix/profiles/per-user/root
        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
-          -i ${channelSources} --quiet --option use-substitutes false
+          -i ${channelSources} --quiet --option build-use-substitutes false
        mkdir -m 0700 -p /root/.nix-defexpr
        ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
        mkdir -m 0755 -p /var/lib/nixos
--- a/nixos/modules/installer/tools/nixos-rebuild.sh
+++ b/nixos/modules/installer/tools/nixos-rebuild.sh
@@ -157,9 +157,9 @@ if [ -n "$buildNix" ]; then
            if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
                machine="$(uname -m)"
                if [ "$machine" = x86_64 ]; then
-                    nixStorePath=/nix/store/664kxr14kfgx4dl095crvmr7pbh9xlh5-nix-1.9
+                    nixStorePath=/nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
                elif [[ "$machine" =~ i.86 ]]; then
-                    nixStorePath=/nix/store/p7xdvz72xx3rhm121jclsbdmmcds7xh6-nix-1.9
+                    nixStorePath=/nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
                else
                    echo "$0: unsupported platform"
                    exit 1
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@@ -56,7 +56,7 @@ with lib;
    system.defaultChannel = mkOption {
      internal = true;
      type = types.str;
-      default = https://nixos.org/channels/nixos-unstable;
+      default = https://nixos.org/channels/nixos-15.09;
      description = "Default NixOS channel to which the root user is subscribed.";
    };
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -468,6 +468,7 @@
  ./tasks/filesystems/ntfs.nix
  ./tasks/filesystems/reiserfs.nix
  ./tasks/filesystems/unionfs-fuse.nix
  ./tasks/filesystems/vboxsf.nix
  ./tasks/filesystems/vfat.nix
  ./tasks/filesystems/xfs.nix
  ./tasks/filesystems/zfs.nix
--- a/nixos/modules/programs/command-not-found/command-not-found.nix
+++ b/nixos/modules/programs/command-not-found/command-not-found.nix
@@ -57,9 +57,9 @@ in
          if [ $? = 126 ]; then
            "$@"
          fi
-	else
+        else
          # Indicate than there was an error so ZSH falls back to its default handler
-	  return 127
+          return 127
        fi
      }
    '';
--- a/nixos/modules/programs/command-not-found/command-not-found.pl
+++ b/nixos/modules/programs/command-not-found/command-not-found.pl
@@ -30,11 +30,11 @@ The program ‘$program’ is currently not installed. It is provided by
 the package ‘$package’, which I will now install for you.
 EOF
        ;
-        exit 126 if system("nix-env", "-i", $package) == 0;
+        exit 126 if system("nix-env", "-iA", "nixos.$package") == 0;
    } else {
        print STDERR <<EOF;
 The program ‘$program’ is currently not installed. You can install it by typing:
-  nix-env -i $package
+  nix-env -iA nixos.$package
 EOF
    }
 } else {
@@ -42,7 +42,7 @@ EOF
 The program ‘$program’ is currently not installed. It is provided by
 several packages. You can install it by typing one of the following:
 EOF
-    print STDERR "  nix-env -i $_->{package}\n" foreach @$res;
+    print STDERR "  nix-env -iA nixos.$_->{package}\n" foreach @$res;
 }
 exit 127;
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -18,6 +18,14 @@ let
      exec ${askPassword}
    '';
  knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
  knownHostsText = flip (concatMapStringsSep "\n") knownHosts
    (h: assert h.hostNames != [];
      concatStringsSep "," h.hostNames + " "
      + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
    );
 in
 {
  ###### interface
@@ -92,16 +100,76 @@ in
        '';
      };
      knownHosts = mkOption {
        default = {};
        type = types.loaOf (types.submodule ({ name, ... }: {
          options = {
            hostNames = mkOption {
              type = types.listOf types.str;
              default = [];
              description = ''
                A list of host names and/or IP numbers used for accessing
                the host's ssh service.
              '';
            };
            publicKey = mkOption {
              default = null;
              type = types.nullOr types.str;
              example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
              description = ''
                The public key data for the host. You can fetch a public key
                from a running SSH server with the <command>ssh-keyscan</command>
                command. The public key should not include any host names, only
                the key type and the key itself.
              '';
            };
            publicKeyFile = mkOption {
              default = null;
              type = types.nullOr types.path;
              description = ''
                The path to the public key file for the host. The public
                key file is read at build time and saved in the Nix store.
                You can fetch a public key file from a running SSH server
                with the <command>ssh-keyscan</command> command. The content
                of the file should follow the same format as described for
                the <literal>publicKey</literal> option.
              '';
            };
          };
          config = {
            hostNames = mkDefault [ name ];
          };
        }));
        description = ''
          The set of system-wide known SSH hosts.
        '';
        example = [
          {
            hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
            publicKeyFile = literalExample "./pubkeys/myhost_ssh_host_dsa_key.pub";
          }
          {
            hostNames = [ "myhost2" ];
            publicKeyFile = literalExample "./pubkeys/myhost2_ssh_host_dsa_key.pub";
          }
        ];
      };
    };
  };
  config = {
-    assertions = singleton
+    assertions =
-      { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
+      [ { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
-        message = "cannot enable X11 forwarding without setting XAuth location";
+          message = "cannot enable X11 forwarding without setting XAuth location";
-      };
+        }
      ] ++ flip mapAttrsToList cfg.knownHosts (name: data: {
        assertion = (data.publicKey == null && data.publicKeyFile != null) ||
                    (data.publicKey != null && data.publicKeyFile == null);
        message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
      });
    # SSH configuration. Slight duplication of the sshd_config
    # generation in the sshd service.
@@ -118,6 +186,8 @@ in
        ${cfg.extraConfig}
      '';
    environment.etc."ssh/ssh_known_hosts".text = knownHostsText;
    # FIXME: this should really be socket-activated for über-awesomeness.
    systemd.user.services.ssh-agent =
      { enable = cfg.startAgent;
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -77,6 +77,8 @@ in zipModules ([]
 ++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
 ++ obsolete [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ]
 ++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]
 ++ alias [ "users" "extraUsers" ] [ "users" "users" ]
 ++ alias [ "users" "extraGroups" ] [ "users" "groups" ]
 ++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
 ++ obsolete [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]
@@ -110,6 +112,7 @@ in zipModules ([]
 ++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
 ++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
 ++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
 ++ alias [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ]
 # VirtualBox
 ++ obsolete [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ]
--- a/nixos/modules/services/cluster/kubernetes.nix
+++ b/nixos/modules/services/cluster/kubernetes.nix
@@ -105,7 +105,7 @@ in {
      tokenAuth = mkOption {
        description = ''
          Kubernetes apiserver token authentication file. See
-          <link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authentication.md"/>
+          <link xlink:href="http://kubernetes.io/v1.0/docs/admin/authentication.html"/>
        '';
        default = {};
        example = literalExample ''
@@ -120,7 +120,7 @@ in {
      authorizationMode = mkOption {
        description = ''
          Kubernetes apiserver authorization mode (AlwaysAllow/AlwaysDeny/ABAC). See
-          <link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md"/>
+          <link xlink:href="http://kubernetes.io/v1.0/docs/admin/authorization.html"/>
        '';
        default = "AlwaysAllow";
        type = types.enum ["AlwaysAllow" "AlwaysDeny" "ABAC"];
@@ -129,7 +129,7 @@ in {
      authorizationPolicy = mkOption {
        description = ''
          Kubernetes apiserver authorization policy file. See
-          <link xlink:href="https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/authorization.md"/>
+          <link xlink:href="http://kubernetes.io/v1.0/docs/admin/authorization.html"/>
        '';
        default = [];
        example = literalExample ''
@@ -159,18 +159,37 @@ in {
      };
      runtimeConfig = mkOption {
-        description = "Api runtime configuration";
+        description = ''
          Api runtime configuration. See
          <link xlink:href="http://kubernetes.io/v1.0/docs/admin/cluster-management.html"/>
        '';
        default = "";
        example = "api/all=false,api/v1=true";
        type = types.str;
      };
      admissionControl = mkOption {
-        description = "Kubernetes admission control plugins to use.";
+        description = ''
          Kubernetes admission control plugins to use. See
          <link xlink:href="http://kubernetes.io/v1.0/docs/admin/admission-controllers.html"/>
        '';
        default = ["AlwaysAdmit"];
        example = [
          "NamespaceLifecycle" "NamespaceExists" "LimitRanger"
          "SecurityContextDeny" "ServiceAccount" "ResourceQuota"
        ];
        type = types.listOf types.str;
      };
      serviceAccountKey = mkOption {
        description = ''
          Kubernetes apiserver PEM-encoded x509 RSA private or public key file,
          used to verify ServiceAccount tokens.
        '';
        default = null;
        type = types.nullOr types.path;
      };
      extraOpts = mkOption {
        description = "Kubernetes apiserver extra command line options.";
        default = "";
@@ -235,8 +254,26 @@ in {
        type = types.str;
      };
      serviceAccountPrivateKey = mkOption {
        description = ''
          Kubernetes controller manager PEM-encoded private RSA key file used to
          sign service account tokens
        '';
        default = null;
        type = types.nullOr types.path;
      };
      rootCaFile = mkOption {
        description = ''
          Kubernetes controller manager certificate authority file included in
          service account's token secret.
        '';
        default = null;
        type = types.nullOr types.path;
      };
      extraOpts = mkOption {
-        description = "Kubernetes controller extra command line options.";
+        description = "Kubernetes controller manager extra command line options.";
        default = "";
        type = types.str;
      };
@@ -294,7 +331,10 @@ in {
      };
      apiServers = mkOption {
-        description = "Kubernetes kubelet list of Kubernetes API servers for publishing events, and reading pods and services.";
+        description = ''
          Kubernetes kubelet list of Kubernetes API servers for publishing events,
          and reading pods and services.
        '';
        default = ["${cfg.apiserver.address}:${toString cfg.apiserver.port}"];
        type = types.listOf types.str;
      };
@@ -413,17 +453,14 @@ in {
            ${optionalString (cfg.apiserver.runtimeConfig!="")
              "--runtime-config=${cfg.apiserver.runtimeConfig}"} \
            --admission_control=${concatStringsSep "," cfg.apiserver.admissionControl} \
            ${optionalString (cfg.apiserver.serviceAccountKey!=null)
              "--service-account-key-file=${cfg.apiserver.serviceAccountKey}"} \
            --logtostderr=true \
            ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
            ${cfg.apiserver.extraOpts}
          '';
          User = "kubernetes";
        };
        postStart = ''
          until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.apiserver.address}:${toString cfg.apiserver.port}/'; do
            sleep 1;
          done
        '';
      };
    })
@@ -456,6 +493,10 @@ in {
            --address=${cfg.controllerManager.address} \
            --port=${toString cfg.controllerManager.port} \
            --master=${cfg.controllerManager.master} \
            ${optionalString (cfg.controllerManager.serviceAccountPrivateKey!=null)
              "--service-account-private-key-file=${cfg.controllerManager.serviceAccountPrivateKey}"} \
            ${optionalString (cfg.controllerManager.rootCaFile!=null)
              "--root-ca-file=${cfg.controllerManager.rootCaFile}"} \
            --logtostderr=true \
            ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
            ${cfg.controllerManager.extraOpts}
@@ -509,6 +550,8 @@ in {
            ${optionalString cfg.verbose "--v=6 --log-flush-frequency=1s"} \
            ${cfg.proxy.extraOpts}
          '';
          Restart = "always"; # Retry connection
          RestartSec = "5s";
        };
      };
    })
--- a/nixos/modules/services/databases/opentsdb.nix
+++ b/nixos/modules/services/databases/opentsdb.nix
@@ -5,10 +5,7 @@ with lib;
 let
  cfg = config.services.opentsdb;
-  configFile = pkgs.writeText "opentsdb.conf" ''
+  configFile = pkgs.writeText "opentsdb.conf" cfg.config;
    tsd.core.auto_create_metrics = true
    tsd.http.request.enable_chunked  = true
  '';
 in {
@@ -59,6 +56,17 @@ in {
        '';
      };
      config = mkOption {
        type = types.lines;
        default = ''
          tsd.core.auto_create_metrics = true
          tsd.http.request.enable_chunked  = true
        '';
        description = ''
          The contents of OpenTSDB's configuration file
        '';
      };
    };
  };
--- a/nixos/modules/services/hardware/udev.nix
+++ b/nixos/modules/services/hardware/udev.nix
@@ -180,9 +180,7 @@ in
        firmware to function).  If multiple packages contain firmware
        files with the same name, the first package in the list takes
        precedence.  Note that you must rebuild your system if you add
-        files to any of these directories.  For quick testing,
+        files to any of these directories.
        put firmware files in <filename>/root/test-firmware</filename>
        and add that directory to the list.
      '';
      apply = list: pkgs.buildEnv {
        name = "firmware";
--- a/nixos/modules/services/logging/logstash.nix
+++ b/nixos/modules/services/logging/logstash.nix
@@ -132,6 +132,7 @@ in
      description = "Logstash Daemon";
      wantedBy = [ "multi-user.target" ];
      environment = { JAVA_HOME = jre; };
      path = [ pkgs.bash ];
      serviceConfig = {
        ExecStart =
          "${cfg.package}/bin/logstash agent " +
--- a/nixos/modules/services/misc/nixos-manual.nix
+++ b/nixos/modules/services/misc/nixos-manual.nix
@@ -93,7 +93,7 @@ in
    system.build.manual = manual;
-    environment.systemPackages = [ manual.manpages help ];
+    environment.systemPackages = [ manual.manpages manual.manual help ];
    boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"];
--- a/nixos/modules/services/monitoring/bosun.nix
+++ b/nixos/modules/services/monitoring/bosun.nix
@@ -30,6 +30,7 @@ in {
      package = mkOption {
        type = types.package;
        default = pkgs.bosun;
        example = literalExample "pkgs.bosun";
        description = ''
          bosun binary to use.
@@ -95,8 +96,6 @@ in {
  config = mkIf cfg.enable {
    services.bosun.package = mkDefault pkgs.bosun; 
    systemd.services.bosun = {
      description = "bosun metrics collector (part of Bosun)";
      wantedBy = [ "multi-user.target" ];
--- a/nixos/modules/services/network-filesystems/nfsd.nix
+++ b/nixos/modules/services/network-filesystems/nfsd.nix
@@ -88,10 +88,7 @@ in
    environment.systemPackages = [ pkgs.nfs-utils ];
-    environment.etc = singleton
+    environment.etc.exports.source = exports;
      { source = exports;
        target = "exports";
      };
    boot.kernelModules = [ "nfsd" ];
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -9,14 +9,6 @@ let
  nssModulesPath = config.system.nssModules.path;
  knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
  knownHostsText = flip (concatMapStringsSep "\n") knownHosts
    (h:
      concatStringsSep "," h.hostNames + " "
      + (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
    );
  userOptions = {
    openssh.authorizedKeys = {
@@ -48,8 +40,7 @@ let
  };
  authKeysFiles = let
-    mkAuthKeyFile = u: {
+    mkAuthKeyFile = u: nameValuePair "ssh/authorized_keys.d/${u.name}" {
      target = "ssh/authorized_keys.d/${u.name}";
      mode = "0444";
      source = pkgs.writeText "${u.name}-authorized_keys" ''
        ${concatStringsSep "\n" u.openssh.authorizedKeys.keys}
@@ -59,7 +50,7 @@ let
    usersWithKeys = attrValues (flip filterAttrs config.users.extraUsers (n: u:
      length u.openssh.authorizedKeys.keys != 0 || length u.openssh.authorizedKeys.keyFiles != 0
    ));
-  in map mkAuthKeyFile usersWithKeys;
+  in listToAttrs (map mkAuthKeyFile usersWithKeys);
 in
@@ -211,57 +202,6 @@ in
        description = "Verbatim contents of <filename>sshd_config</filename>.";
      };
      knownHosts = mkOption {
        default = {};
        type = types.loaOf types.optionSet;
        description = ''
          The set of system-wide known SSH hosts.
        '';
        example = [
          {
            hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
            publicKeyFile = literalExample "./pubkeys/myhost_ssh_host_dsa_key.pub";
          }
          {
            hostNames = [ "myhost2" ];
            publicKeyFile = literalExample "./pubkeys/myhost2_ssh_host_dsa_key.pub";
          }
        ];
        options = {
          hostNames = mkOption {
            type = types.listOf types.str;
            default = [];
            description = ''
              A list of host names and/or IP numbers used for accessing
              the host's ssh service.
            '';
          };
          publicKey = mkOption {
            default = null;
            type = types.nullOr types.str;
            example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
            description = ''
              The public key data for the host. You can fetch a public key
              from a running SSH server with the <command>ssh-keyscan</command>
              command. The public key should not include any host names, only
              the key type and the key itself.
            '';
          };
          publicKeyFile = mkOption {
            default = null;
            type = types.nullOr types.path;
            description = ''
              The path to the public key file for the host. The public
              key file is read at build time and saved in the Nix store.
              You can fetch a public key file from a running SSH server
              with the <command>ssh-keyscan</command> command. The content
              of the file should follow the same format as described for
              the <literal>publicKey</literal> option.
            '';
          };
        };
      };
      moduliFile = mkOption {
        example = "services.openssh.moduliFile = /etc/my-local-ssh-moduli;";
        type = types.path;
@@ -274,7 +214,7 @@ in
    };
-    users.extraUsers = mkOption {
+    users.users = mkOption {
      options = [ userOptions ];
    };
@@ -292,14 +232,8 @@ in
    services.openssh.moduliFile = mkDefault "${cfgc.package}/etc/ssh/moduli";
-    environment.etc = authKeysFiles ++ [
+    environment.etc = authKeysFiles //
-      { source = cfg.moduliFile;
+      { "ssh/moduli".source = cfg.moduliFile; };
        target = "ssh/moduli";
      }
      { text = knownHostsText;
        target = "ssh/ssh_known_hosts";
      }
    ];
    systemd =
      let
@@ -417,11 +351,6 @@ in
    assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
                    message = "cannot enable X11 forwarding without setting xauth location";}]
      ++ flip mapAttrsToList cfg.knownHosts (name: data: {
        assertion = (data.publicKey == null && data.publicKeyFile != null) ||
                    (data.publicKey != null && data.publicKeyFile == null);
        message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
      })
      ++ flip map cfg.listenAddresses ({ addr, port, ... }: {
        assertion = addr != null;
        message = "addr must be specified in each listenAddresses entry";
--- a/nixos/modules/services/web-servers/apache-httpd/default.nix
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -117,7 +117,6 @@ let
    ]
    ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
    ++ optional enableSSL "ssl"
    ++ optional mainCfg.enableCompression "deflate"
    ++ extraApacheModules;
@@ -177,27 +176,6 @@ let
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!EXP
  '';
  # From http://paulstamatiou.com/how-to-optimize-your-apache-site-with-mod-deflate/
  compressConf = ''
    SetOutputFilter DEFLATE
    # Don't compress binaries
    SetEnvIfNoCase Request_URI .(?:exe|t?gz|zip|iso|tar|bz2|sit|rar) no-gzip dont-vary
    # Don't compress images
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|jpg|ico|png)  no-gzip dont-vary
    # Don't compress PDFs
    SetEnvIfNoCase Request_URI .pdf no-gzip dont-vary
    # Don't compress flash files (only relevant if you host your own videos)
    SetEnvIfNoCase Request_URI .flv no-gzip dont-vary
    # Netscape 4.X has some problems
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    # Netscape 4.06-4.08 have some more problems
    BrowserMatch ^Mozilla/4.0[678] no-gzip
    # MSIE masquerades as Netscape, but it is fine
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
  '';
  mimeConf = ''
    TypesConfig ${httpd}/conf/mime.types
@@ -373,7 +351,6 @@ let
    ${mimeConf}
    ${loggingConf}
    ${browserHacks}
    ${optionalString mainCfg.enableCompression compressConf}
    Include ${httpd}/conf/extra/httpd-default.conf
    Include ${httpd}/conf/extra/httpd-autoindex.conf
@@ -446,7 +423,7 @@ in
      enable = mkOption {
        type = types.bool;
        default = false;
-        description = "Enable the Apache HTTP Server.";
+        description = "Whether to enable the Apache HTTP Server.";
      };
      package = mkOption {
@@ -609,12 +586,6 @@ in
        description =
          "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
      };
      enableCompression = mkOption {
        type = types.bool;
        default = false;
        description = "Enable compression of responses using mod_deflate.";
      };
    }
    # Include the options shared between the main server and virtual hosts.
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -8,9 +8,12 @@ let
  configFile = pkgs.writeText "nginx.conf" ''
    user ${cfg.user} ${cfg.group};
    daemon off;
    ${cfg.config}
    ${optionalString (cfg.httpConfig != "") ''
    http {
      include ${cfg.package}/conf/mime.types;
      ${cfg.httpConfig}
    }
    ''}
--- a/nixos/modules/services/x11/desktop-managers/gnome3.nix
+++ b/nixos/modules/services/x11/desktop-managers/gnome3.nix
@@ -99,7 +99,6 @@ in {
    networking.networkmanager.enable = mkDefault true;
    services.upower.enable = config.powerManagement.enable;
    hardware.bluetooth.enable = mkDefault true;
    services.xserver.displayManager.desktopManagerHandlesLidAndPower = false; # true doesn't make sense here, GNOME just doesn't handle it anymore
    fonts.fonts = [ pkgs.dejavu_fonts pkgs.cantarell_fonts ];
--- a/nixos/modules/services/x11/desktop-managers/kodi.nix
+++ b/nixos/modules/services/x11/desktop-managers/kodi.nix
@@ -28,4 +28,4 @@ in
    environment.systemPackages = [ pkgs.kodi ];
  };
-}
+}
--- a/nixos/modules/services/x11/display-managers/default.nix
+++ b/nixos/modules/services/x11/display-managers/default.nix
@@ -62,7 +62,7 @@ let
        if [ -z "$_INHIBITION_LOCK_TAKEN" ]; then
          export _INHIBITION_LOCK_TAKEN=1
          if ! ${config.systemd.package}/bin/loginctl show-session $XDG_SESSION_ID | grep -q '^RemoteHost='; then
-            exec ${config.systemd.package}/bin/systemd-inhibit --what=handle-lid-switch:handle-power-key --why="See NixOS configuration option 'services.xserver.displayManager.desktopManagerHandlesLidAndPower' for more information." "$0" "$sessionType"
+            exec ${config.systemd.package}/bin/systemd-inhibit --what=handle-lid-switch:handle-power-key --why="Desktop environment handles power events" "$0" "$sessionType"
          fi
        fi
@@ -114,6 +114,10 @@ let
      rm -rf $HOME/.compose-cache
      mkdir $HOME/.compose-cache
      # Work around KDE errors when a user first logs in and
      # .local/share doesn't exist yet.
      mkdir -p $HOME/.local/share
      ${cfg.displayManager.sessionCommands}
      # Allow the user to execute commands at the beginning of the X session.
@@ -161,7 +165,11 @@ let
      exit 0
    '';
-  mkDesktops = names: pkgs.runCommand "desktops" {}
+  mkDesktops = names: pkgs.runCommand "desktops"
    { # trivial derivation
      preferLocalBuild = true;
      allowSubstitutes = false;
    }
    ''
      mkdir -p $out
      ${concatMapStrings (n: ''
@@ -225,7 +233,7 @@ in
      desktopManagerHandlesLidAndPower = mkOption {
        type = types.bool;
-        default = true;
+        default = false;
        description = ''
          Whether the display manager should prevent systemd from handling
          lid and power events. This is normally handled by the desktop
--- a/nixos/modules/services/x11/display-managers/gdm.nix
+++ b/nixos/modules/services/x11/display-managers/gdm.nix
@@ -65,7 +65,7 @@ in
    systemd.services.display-manager.wants = [ "systemd-machined.service" ];
    systemd.services.display-manager.after = [ "systemd-machined.service" ];
-    systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xlibs.xhost pkgs.dbus_tools ];
+    systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xorg.xhost pkgs.dbus_tools ];
    services.dbus.packages = [ gdm ];
--- a/nixos/modules/services/x11/display-managers/kdm.nix
+++ b/nixos/modules/services/x11/display-managers/kdm.nix
@@ -19,7 +19,7 @@ let
      ''}
      [X-*-Core]
-      Xrdb=${pkgs.xlibs.xrdb}/bin/xrdb
+      Xrdb=${pkgs.xorg.xrdb}/bin/xrdb
      SessionsDirs=${dmcfg.session.desktops}
      Session=${dmcfg.session.script}
      FailsafeClient=${pkgs.xterm}/bin/xterm
--- a/nixos/modules/system/boot/modprobe.nix
+++ b/nixos/modules/system/boot/modprobe.nix
@@ -85,11 +85,7 @@ with lib;
        '')}
        ${config.boot.extraModprobeConfig}
      '';
-    environment.etc."modprobe.d/usb-load-ehci-first.conf".text =
+    environment.etc."modprobe.d/debian.conf".source = pkgs.kmod-debian-aliases;
      ''
        softdep uhci_hcd pre: ehci_hcd
        softdep ohci_hcd pre: ehci_hcd
      '';
    environment.systemPackages = [ config.system.sbin.modprobe pkgs.kmod ];
--- a/nixos/modules/system/boot/stage-1-init.sh
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -290,10 +290,23 @@ mountFS() {
        if [ -z "$fsType" ]; then fsType=auto; fi
    fi
-    echo "$device /mnt-root$mountPoint $fsType $options" >> /etc/fstab
+    # Filter out x- options, which busybox doesn't do yet.
    local optionsFiltered="$(IFS=,; for i in $options; do if [ "${i:0:2}" != "x-" ]; then echo -n $i,; fi; done)"
    echo "$device /mnt-root$mountPoint $fsType $optionsFiltered" >> /etc/fstab
    checkFS "$device" "$fsType"
    # Optionally resize the filesystem.
    case $options in
        *x-nixos.autoresize*)
            if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then
                echo "resizing $device..."
                resize2fs "$device"
            fi
            ;;
    esac
    # Create backing directories for unionfs-fuse.
    if [ "$fsType" = unionfs-fuse ]; then
        for i in $(IFS=:; echo ${options##*,dirs=}); do
--- a/nixos/modules/system/boot/stage-1.nix
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -70,6 +70,12 @@ let
      copy_bin_and_libs ${pkgs.kmod}/bin/kmod
      ln -sf kmod $out/bin/modprobe
      # Copy resize2fs if needed.
      ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) ''
        # We need mke2fs in the initrd.
        copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/resize2fs
      ''}
      ${config.boot.initrd.extraUtilsCommands}
      # Copy ld manually since it isn't detected correctly
@@ -241,6 +247,9 @@ let
          };
          symlink = "/etc/modprobe.d/ubuntu.conf";
        }
        { object = pkgs.kmod-debian-aliases;
          symlink = "/etc/modprobe.d/debian.conf";
        }
      ];
  };
@@ -390,7 +399,6 @@ in
      }
    ];
    system.build.bootStage1 = bootStage1;
    system.build.initialRamdisk = initialRamdisk;
    system.build.extraUtils = extraUtils;
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -643,6 +643,10 @@ in
        if ! [ -e /etc/machine-id ]; then
          ${systemd}/bin/systemd-machine-id-setup
        fi
        # Keep a persistent journal. Note that systemd-tmpfiles will
        # set proper ownership/permissions.
        mkdir -m 0700 -p /var/log/journal
      '';
    users.extraUsers.systemd-network.uid = config.ids.uids.systemd-network;
--- a/nixos/modules/tasks/filesystems.nix
+++ b/nixos/modules/tasks/filesystems.nix
@@ -7,7 +7,7 @@ let
  fileSystems = attrValues config.fileSystems;
-  prioOption = prio: optionalString (prio !=null) " pri=${toString prio}";
+  prioOption = prio: optionalString (prio != null) " pri=${toString prio}";
  fileSystemOpts = { name, config, ... }: {
@@ -41,9 +41,9 @@ let
      };
      options = mkOption {
-        default = "defaults,relatime";
+        default = "defaults";
        example = "data=journal";
-        type = types.commas;
+        type = types.commas; # FIXME: should be a list
        description = "Options used to mount the file system.";
      };
@@ -58,6 +58,17 @@ let
        '';
      };
      autoResize = mkOption {
        default = false;
        type = types.bool;
        description = ''
          If set, the filesystem is grown to its maximum size before
          being mounted. (This is typically the size of the containing
          partition.) This is currently only supported for ext2/3/4
          filesystems that are mounted during early boot.
        '';
      };
      noCheck = mkOption {
        default = false;
        type = types.bool;
@@ -69,6 +80,7 @@ let
    config = {
      mountPoint = mkDefault name;
      device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType);
      options = mkIf config.autoResize "x-nixos.autoresize";
    };
  };
@@ -141,7 +153,7 @@ in
    environment.etc.fstab.text =
      let
-        fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" ];
+        fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" ];
        skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck;
      in ''
        # This is a generated file.  Do not edit!
--- a/nixos/modules/tasks/filesystems/vboxsf.nix
+++ b/nixos/modules/tasks/filesystems/vboxsf.nix
@@ -0,0 +1,23 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  inInitrd = any (fs: fs == "vboxsf") config.boot.initrd.supportedFilesystems;
  package = pkgs.runCommand "mount.vboxsf" {} ''
    mkdir -p $out/bin
    cp ${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/mount.vboxsf $out/bin
  '';
 in
 {
  config = mkIf (any (fs: fs == "vboxsf") config.boot.supportedFilesystems) {
    system.fsPackages = [ package ];
    boot.initrd.kernelModules = mkIf inInitrd [ "vboxsf" ];
  };
 }
--- a/nixos/modules/virtualisation/amazon-config.nix
+++ b/nixos/modules/virtualisation/amazon-config.nix
@@ -1,3 +0,0 @@
 {
  imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
 }
--- a/nixos/modules/virtualisation/amazon-grow-partition.nix
+++ b/nixos/modules/virtualisation/amazon-grow-partition.nix
@@ -0,0 +1,50 @@
 # This module automatically grows the root partition on Amazon EC2 HVM
 # instances. This allows an instance to be created with a bigger root
 # filesystem than provided by the AMI.
 { config, lib, pkgs, ... }:
 with lib;
 let
  growpart = pkgs.stdenv.mkDerivation {
    name = "growpart";
    src = pkgs.fetchurl {
      url = "https://launchpad.net/cloud-utils/trunk/0.27/+download/cloud-utils-0.27.tar.gz";
      sha256 = "16shlmg36lidp614km41y6qk3xccil02f5n3r4wf6d1zr5n4v8vd";
    };
    patches = [ ./growpart-util-linux-2.26.patch ];
    buildPhase = ''
      cp bin/growpart $out
      sed -i 's|awk|gawk|' $out
      sed -i 's|sed|gnused|' $out
    '';
    dontInstall = true;
    dontPatchShebangs = true;
  };
 in
 {
  config = mkIf config.ec2.hvm {
    boot.initrd.extraUtilsCommands = ''
      copy_bin_and_libs ${pkgs.gawk}/bin/gawk
      copy_bin_and_libs ${pkgs.gnused}/bin/sed
      copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
      cp -v ${growpart} $out/bin/growpart
      ln -s sed $out/bin/gnused
    '';
    boot.initrd.postDeviceCommands = ''
      if [ -e /dev/xvda ] && [ -e /dev/xvda1 ]; then
        TMPDIR=/run sh $(type -P growpart) /dev/xvda 1
        udevadm settle
      fi
    '';
  };
 }
--- a/nixos/modules/virtualisation/amazon-image.nix
+++ b/nixos/modules/virtualisation/amazon-image.nix
@@ -1,105 +1,40 @@
 # Configuration for Amazon EC2 instances. (Note that this file is a
 # misnomer - it should be "amazon-config.nix" or so, not
 # "amazon-image.nix", since it's used not only to build images but
 # also to reconfigure instances. However, we can't rename it because
 # existing "configuration.nix" files on EC2 instances refer to it.)
 { config, lib, pkgs, ... }:
 with lib;
-let
+
-  cfg = config.ec2;
+let cfg = config.ec2; in
-in
+
 {
-  imports = [ ../profiles/headless.nix ./ec2-data.nix ];
+  imports = [ ../profiles/headless.nix ./ec2-data.nix ./amazon-grow-partition.nix ];
  config = {
    system.build.amazonImage =
      pkgs.vmTools.runInLinuxVM (
        pkgs.runCommand "amazon-image"
          { preVM =
              ''
                mkdir $out
                diskImage=$out/nixos.img
                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "8G"
                mv closure xchg/
              '';
            buildInputs = [ pkgs.utillinux pkgs.perl ];
            exportReferencesGraph =
              [ "closure" config.system.build.toplevel ];
          }
          ''
            ${if cfg.hvm then ''
              # Create a single / partition.
              ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
              ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
              . /sys/class/block/vda1/uevent
              mknod /dev/vda1 b $MAJOR $MINOR
-              # Create an empty filesystem and mount it.
+    fileSystems."/" = {
-              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
+      device = "/dev/disk/by-label/nixos";
-              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+      autoResize = true;
-              mkdir /mnt
+    };
              mount /dev/vda1 /mnt
            '' else ''
              # Create an empty filesystem and mount it.
              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda
              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda
              mkdir /mnt
              mount /dev/vda /mnt
            ''}
            # The initrd expects these directories to exist.
            mkdir /mnt/dev /mnt/proc /mnt/sys
            mount -o bind /proc /mnt/proc
            mount -o bind /dev /mnt/dev
            mount -o bind /sys /mnt/sys
            # Copy all paths in the closure to the filesystem.
            storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
            mkdir -p /mnt/nix/store
            echo "copying everything (will take a while)..."
            cp -prd $storePaths /mnt/nix/store/
            # Register the paths in the Nix database.
            printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
                chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
            # Create the system profile to allow nixos-rebuild to work.
            chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
                -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
            # `nixos-rebuild' requires an /etc/NIXOS.
            mkdir -p /mnt/etc
            touch /mnt/etc/NIXOS
            # `switch-to-configuration' requires a /bin/sh
            mkdir -p /mnt/bin
            ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
            # Install a configuration.nix.
            mkdir -p /mnt/etc/nixos
            cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix
            # Generate the GRUB menu.
            ln -s vda /dev/xvda
            chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
            umount /mnt/proc /mnt/dev /mnt/sys
            umount /mnt
          ''
      );
    fileSystems."/".device = "/dev/disk/by-label/nixos";
    boot.initrd.kernelModules = [ "xen-blkfront" ];
    boot.kernelModules = [ "xen-netfront" ];
    boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ];
    # Prevent the nouveau kernel module from being loaded, as it
    # interferes with the nvidia/nvidia-uvm modules needed for CUDA.
-    boot.blacklistedKernelModules = [ "nouveau" ];
+    # Also blacklist xen_fbfront to prevent a 30 second delay during
    # boot.
    boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ];
    # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
    boot.loader.grub.version = if cfg.hvm then 2 else 1;
    boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev";
    boot.loader.grub.timeout = 0;
-    boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})";
+    boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)";
    boot.initrd.postDeviceCommands =
      ''
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -299,7 +299,7 @@ in
            ''
              #! ${pkgs.stdenv.shell} -e
              ${nixos-container}/bin/nixos-container run "$INSTANCE" -- \
-                bash --login -c "/nix/var/nix/profiles/system/bin/switch-to-configuration test"
+                bash --login -c "''${SYSTEM_PATH:-/nix/var/nix/profiles/system}/bin/switch-to-configuration test"
            '';
          SyslogIdentifier = "container %i";
--- a/nixos/modules/virtualisation/docker.nix
+++ b/nixos/modules/virtualisation/docker.nix
@@ -43,6 +43,17 @@ in
            in future.  So set this option explicitly to false if you wish.
          '';
      };
    storageDriver =
      mkOption {
        type = types.enum ["aufs" "btrfs" "devicemapper" "overlay" "zfs"];
        description =
          ''
            This option determines which Docker storage driver to use.
            It is required but lacks a default value as its most
            suitable value will depend the filesystems available on the
            host.
          '';
      };
    extraOptions =
      mkOption {
        type = types.separatedString " ";
@@ -85,7 +96,7 @@ in
        after = [ "network.target" "docker.socket" ];
        requires = [ "docker.socket" ];
        serviceConfig = {
-          ExecStart = "${pkgs.docker}/bin/docker --daemon=true --host=fd:// --group=docker ${cfg.extraOptions}";
+          ExecStart = "${pkgs.docker}/bin/docker daemon --host=fd:// --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
          #  I'm not sure if that limits aren't too high, but it's what
          #  goes in config bundled with docker itself
          LimitNOFILE = 1048576;
@@ -111,7 +122,7 @@ in
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        serviceConfig = {
-          ExecStart = "${pkgs.docker}/bin/docker --daemon=true --group=docker ${cfg.extraOptions}";
+          ExecStart = "${pkgs.docker}/bin/docker daemon --group=docker --storage-driver=${cfg.storageDriver} ${cfg.extraOptions}";
          #  I'm not sure if that limits aren't too high, but it's what
          #  goes in config bundled with docker itself
          LimitNOFILE = 1048576;
--- a/nixos/modules/virtualisation/ec2-data.nix
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -9,7 +9,7 @@ with lib;
 {
  config = {
-    systemd.services."fetch-ec2-data" =
+    systemd.services.fetch-ec2-data =
      { description = "Fetch EC2 Data";
        wantedBy = [ "multi-user.target" "sshd.service" ];
@@ -35,10 +35,8 @@ with lib;
                mkdir -m 0700 -p /root/.ssh
                $wget http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key > /root/key.pub
                if [ $? -eq 0 -a -e /root/key.pub ]; then
-                    if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
+                    cat /root/key.pub >> /root/.ssh/authorized_keys
-                        cat /root/key.pub >> /root/.ssh/authorized_keys
+                    echo "new key added to authorized_keys"
                        echo "new key added to authorized_keys"
                    fi
                    chmod 600 /root/.ssh/authorized_keys
                    rm -f /root/key.pub
                fi
@@ -48,13 +46,22 @@ with lib;
            # the supplied user data, if available.  Otherwise sshd will
            # generate one normally.
            $wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
            mkdir -m 0755 -p /etc/ssh
            key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
            key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
            if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
                mkdir -m 0755 -p /etc/ssh
                (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
                echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
            fi
            key="$(sed 's/|/\n/g; s/SSH_HOST_ED25519_KEY://; t; d' /root/user-data)"
            key_pub="$(sed 's/SSH_HOST_ED25519_KEY_PUB://; t; d' /root/user-data)"
            if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_ed25519_key ]; then
                (umask 077; echo "$key" > /etc/ssh/ssh_host_ed25519_key)
                echo "$key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
            fi
          '';
        serviceConfig.Type = "oneshot";
@@ -71,7 +78,9 @@ with lib;
            # can obtain it securely by parsing the output of
            # ec2-get-console-output.
            echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
-            ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
+            for i in /etc/ssh/ssh_host_*_key.pub; do
                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i > /dev/console
            done
            echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
          '';
        serviceConfig.Type = "oneshot";
--- a/nixos/modules/virtualisation/growpart-util-linux-2.26.patch
+++ b/nixos/modules/virtualisation/growpart-util-linux-2.26.patch
@@ -0,0 +1,88 @@
 From 1895d10a7539d055a4e0206af1e7a9e5ea32a4f7 Mon Sep 17 00:00:00 2001
 From: Juerg Haefliger <juerg.haefliger@hp.com>
 Date: Wed, 25 Mar 2015 13:59:20 +0100
 Subject: [PATCH] Support new sfdisk version 2.26
 The sfdisk usage with version 2.26 changed. Specifically, the option
 --show-pt-geometry and functionality for CHS have been removed.
 Also, restoring a backup MBR now needs to be done using dd.
 ---
 bin/growpart | 28 ++++++++++------------------
 1 file changed, 10 insertions(+), 18 deletions(-)
 diff --git a/bin/growpart b/bin/growpart
 index 595c40b..d4c995b 100755
 --- a/bin/growpart
 +++ b/bin/growpart
@@ -28,7 +28,6 @@ PART=""
 PT_UPDATE=false
 DRY_RUN=0
 -MBR_CHS=""
 MBR_BACKUP=""
 GPT_BACKUP=""
 _capture=""
@@ -133,7 +132,8 @@ bad_Usage() {
 }
 mbr_restore() {
 -	sfdisk --no-reread "${DISK}" ${MBR_CHS} -I "${MBR_BACKUP}"
 +	dd if="${MBR_BACKUP}-${DISK#/dev/}-0x00000000.bak" of="${DISK}" bs=1 \
 +		conv=notrunc
 }
 sfdisk_worked_but_blkrrpart_failed() {
@@ -148,34 +148,26 @@ sfdisk_worked_but_blkrrpart_failed() {
 mbr_resize() {
 	RESTORE_HUMAN="${TEMP_D}/recovery"
 -	MBR_BACKUP="${TEMP_D}/orig.save"
 +	MBR_BACKUP="${TEMP_D}/backup"
 	local change_out=${TEMP_D}/change.out
 	local dump_out=${TEMP_D}/dump.out
 	local new_out=${TEMP_D}/new.out
 	local dump_mod=${TEMP_D}/dump.mod
 -	local tmp="${TEMP_D}/tmp.out"
 -	local err="${TEMP_D}/err.out"
 -	local _devc cyl _w1 heads _w2 sectors _w3 tot dpart
 +	local tot dpart
 	local pt_start pt_size pt_end max_end new_size change_info
 -	# --show-pt-geometry outputs something like
 -	#     /dev/sda: 164352 cylinders, 4 heads, 32 sectors/track
 -	rqe sfd_geom sfdisk "${DISK}" --show-pt-geometry >"${tmp}" &&
 -		read _devc cyl _w1 heads _w2 sectors _w3 <"${tmp}" &&
 -		MBR_CHS="-C ${cyl} -H ${heads} -S ${sectors}" ||
 -		fail "failed to get CHS from ${DISK}"
 +	tot=$(sfdisk --list "${DISK}" | awk '{ print $(NF-1) ; exit }') ||
 +		fail "failed to get total number of sectors from ${DISK}"
 -	tot=$((${cyl}*${heads}*${sectors}))
 +	debug 1 "total number of sectors of ${DISK} is ${tot}"
 -	debug 1 "geometry is ${MBR_CHS}. total size=${tot}"
 -	rqe sfd_dump sfdisk ${MBR_CHS} --unit=S --dump "${DISK}" \
 +	rqe sfd_dump sfdisk --dump "${DISK}" \
 		>"${dump_out}" ||
 		fail "failed to dump sfdisk info for ${DISK}"
 -
 	{
 -		echo "## sfdisk ${MBR_CHS} --unit=S --dump ${DISK}"
 +		echo "## sfdisk --dump ${DISK}"
 		cat "${dump_out}"
 	}  >"${RESTORE_HUMAN}"
 	[ $? -eq 0 ] || fail "failed to save sfdisk -d output"
@@ -237,7 +229,7 @@ mbr_resize() {
 		exit 0
 	fi
 -	LANG=C sfdisk --no-reread "${DISK}" ${MBR_CHS} --force \
 +	LANG=C sfdisk --no-reread "${DISK}" --force \
 		-O "${MBR_BACKUP}" <"${new_out}" >"${change_out}" 2>&1
 	ret=$?
 	[ $ret -eq 0 ] || RESTORE_FUNC="mbr_restore"
 -- 
 2.1.4
--- a/nixos/modules/virtualisation/nixos-container.pl
+++ b/nixos/modules/virtualisation/nixos-container.pl
@@ -290,7 +290,8 @@ elsif ($action eq "show-ip") {
 }
 elsif ($action eq "show-host-key") {
-    my $fn = "$root/etc/ssh/ssh_host_ecdsa_key.pub";
+    my $fn = "$root/etc/ssh/ssh_host_ed25519_key.pub";
    $fn = "$root/etc/ssh/ssh_host_ecdsa_key.pub" unless -e $fn;
    exit 1 if ! -f $fn;
    print read_file($fn);
 }
--- a/nixos/modules/virtualisation/openvswitch.nix
+++ b/nixos/modules/virtualisation/openvswitch.nix
@@ -67,7 +67,6 @@ in {
      description = "Open_vSwitch Database Server";
      wantedBy = [ "multi-user.target" ];
      after = [ "systemd-udev-settle.service" ];
      wants = [ "vswitchd.service" ];
      path = [ cfg.package ];
      restartTriggers = [ db cfg.package ];
      # Create the config database
@@ -108,6 +107,7 @@ in {
    systemd.services.vswitchd = {
      description = "Open_vSwitch Daemon";
      wantedBy = [ "multi-user.target" ];
      bindsTo = [ "ovsdb.service" ];
      after = [ "ovsdb.service" ];
      path = [ cfg.package ];
@@ -135,8 +135,8 @@ in {
    systemd.services.ovs-monitor-ipsec = {
      description = "Open_vSwitch Ipsec Daemon";
      wantedBy = [ "multi-user.target" ];
-      requires = [ "racoon.service" ];
+      requires = [ "ovsdb.service" ];
-      after = [ "vswitchd.service" ];
+      before = [ "vswitchd.service" "racoon.service" ];
      environment.UNIXCTLPATH = "/tmp/ovsdb.ctl.sock";
      serviceConfig = {
        ExecStart = ''
--- a/nixos/modules/virtualisation/virtualbox-guest.nix
+++ b/nixos/modules/virtualisation/virtualbox-guest.nix
@@ -32,7 +32,8 @@ in
    boot.extraModulePackages = [ kernel.virtualboxGuestAdditions ];
-    boot.kernelModules = [ "vboxsf" ];
+    boot.supportedFilesystems = [ "vboxsf" ];
    boot.initrd.supportedFilesystems = [ "vboxsf" ];
    users.extraGroups.vboxsf.gid = config.ids.gids.vboxsf;
--- a/nixos/modules/virtualisation/virtualbox-image.nix
+++ b/nixos/modules/virtualisation/virtualbox-image.nix
@@ -11,93 +11,37 @@ in {
  options = {
    virtualbox = {
      baseImageSize = mkOption {
-        type = types.str;
+        type = types.int;
-        default = "10G";
+        default = 10 * 1024;
        description = ''
-          The size of the VirtualBox base image. The size string should be on
+          The size of the VirtualBox base image in MiB.
          a format the qemu-img command accepts.
        '';
      };
    };
  };
  config = {
-    system.build.virtualBoxImage =
+
-      pkgs.vmTools.runInLinuxVM (
+    system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
-        pkgs.runCommand "virtualbox-image"
+      inherit pkgs lib config;
-          { memSize = 768;
+      partitioned = true;
-            preVM =
+      diskSize = cfg.baseImageSize;
-              ''
+
-                mkdir $out
+      configFile = pkgs.writeText "configuration.nix"
-                diskImage=$out/image
+        ''
-                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${cfg.baseImageSize}"
+          {
-                mv closure xchg/
+            imports = [ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> ];
              '';
            postVM =
              ''
                echo "creating VirtualBox disk image..."
                ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
                rm $diskImage
              '';
            buildInputs = [ pkgs.utillinux pkgs.perl ];
            exportReferencesGraph =
              [ "closure" config.system.build.toplevel ];
          }
-          ''
+        '';
-            # Create a single / partition.
+
-            ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+      postVM =
-            ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+        ''
-            . /sys/class/block/vda1/uevent
+          echo "creating VirtualBox disk image..."
-            mknod /dev/vda1 b $MAJOR $MINOR
+          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
-  
+          rm $diskImage
-            # Create an empty filesystem and mount it.
+        '';
-            ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
+    };
-            ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+
            mkdir /mnt
            mount /dev/vda1 /mnt
            # The initrd expects these directories to exist.
            mkdir /mnt/dev /mnt/proc /mnt/sys
            mount --bind /proc /mnt/proc
            mount --bind /dev /mnt/dev
            mount --bind /sys /mnt/sys
            # Copy all paths in the closure to the filesystem.
            storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
            echo "filling Nix store..."
            mkdir -p /mnt/nix/store
            set -f
            cp -prd $storePaths /mnt/nix/store/
            mkdir -p /mnt/etc/nix
            echo 'build-users-group = ' > /mnt/etc/nix/nix.conf
            # Register the paths in the Nix database.
            printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
                chroot /mnt ${config.nix.package}/bin/nix-store --load-db
            # Create the system profile to allow nixos-rebuild to work.
            chroot /mnt ${config.nix.package}/bin/nix-env \
                -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
            # `nixos-rebuild' requires an /etc/NIXOS.
            mkdir -p /mnt/etc/nixos
            touch /mnt/etc/NIXOS
            # `switch-to-configuration' requires a /bin/sh
            mkdir -p /mnt/bin
            ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
            # Generate the GRUB menu.
            ln -s vda /dev/sda
            chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
            umount /mnt/proc /mnt/dev /mnt/sys
            umount /mnt
          ''
      );
    system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
      { buildInputs = [ pkgs.linuxPackages.virtualbox ];
        vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
@@ -109,7 +53,8 @@ in {
        VBoxManage createvm --name "$vmName" --register \
          --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
        VBoxManage modifyvm "$vmName" \
-          --memory 1536 --acpi on --vram 10 \
+          --memory 1536 --acpi on --vram 32 \
          ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
          --nictype1 virtio --nic1 nat \
          --audiocontroller ac97 --audio alsa \
          --rtcuseutc on \
@@ -117,17 +62,17 @@ in {
        VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
        VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
          --medium ${config.system.build.virtualBoxImage}/disk.vdi
-  
+
        echo "exporting VirtualBox VM..."
        mkdir -p $out
        VBoxManage export "$vmName" --output "$out/$fileName"
      '';
-  
+
    fileSystems."/".device = "/dev/disk/by-label/nixos";
-  
+
    boot.loader.grub.version = 2;
    boot.loader.grub.device = "/dev/sda";
-  
+
-    services.virtualboxGuest.enable = true;
+    virtualisation.virtualbox.guest.enable = true;
  };
 }
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -9,7 +9,7 @@ let
  version = builtins.readFile ../.version;
  versionSuffix =
-    (if stableBranch then "." else "pre") + "${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
+    (if stableBranch then "." else "pre") + "${toString (nixpkgs.revCount - 67824)}.${nixpkgs.shortRev}";
  forAllSystems = genAttrs supportedSystems;
@@ -220,7 +220,7 @@ in rec {
  tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; });
  tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; });
  tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops;
-  tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
+  #tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
  tests.firefox = callTest tests/firefox.nix {};
  tests.firewall = callTest tests/firewall.nix {};
  tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
--- a/nixos/tests/docker.nix
+++ b/nixos/tests/docker.nix
@@ -11,6 +11,7 @@ import ./make-test.nix ({ pkgs, ...} : {
      { config, pkgs, ... }:
        {
          virtualisation.docker.enable = true;
          virtualisation.docker.storageDriver = "overlay";
        };
    };
--- a/nixos/tests/ec2.nix
+++ b/nixos/tests/ec2.nix
@@ -9,9 +9,18 @@ let
    (import ../lib/eval-config.nix {
      inherit system;
      modules = [
-        ../maintainers/scripts/ec2/amazon-hvm-config.nix
+        ../maintainers/scripts/ec2/amazon-image.nix
        ../../nixos/modules/testing/test-instrumentation.nix
-        { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ]; }
+        { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ];
          ec2.hvm = true;
          # Hack to make the partition resizing work in QEMU.
          boot.initrd.postDeviceCommands = mkBefore
            ''
              ln -s vda /dev/xvda
              ln -s vda1 /dev/xvda1
            '';
        }
      ];
    }).config.system.build.amazonImage;
@@ -34,41 +43,49 @@ let
      nodes = {};
      testScript =
        ''
-          use File::Temp qw/ tempfile /;
+          my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine";
-          my ($fh, $filename) = tempfile();
+          mkdir $imageDir, 0700;
          my $diskImage = "$imageDir/machine.qcow2";
          system("qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $diskImage") == 0 or die;
          system("qemu-img resize $diskImage 10G") == 0 or die;
-          `qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $filename`;
+          # Note: we use net=169.0.0.0/8 rather than
-
+          # net=169.254.0.0/16 to prevent dhcpcd from getting horribly
-          my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.254.0.0/16,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'";
+          # confused. (It would get a DHCP lease in the 169.254.*
-          $startCommand .= " -drive file=" . Cwd::abs_path($filename) . ",if=virtio,werror=report";
+          # range, which it would then configure and prompty delete
          # again when it deletes link-local addresses.) Ideally we'd
          # turn off the DHCP server, but qemu does not have an option
          # to do that.
          my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'";
          $startCommand .= " -drive file=$diskImage,if=virtio,werror=report";
          $startCommand .= " \$QEMU_OPTS";
          my $machine = createMachine({ startCommand => $startCommand });
          ${script}
        '';
    };
-  snakeOilPrivateKey = [
+  snakeOilPrivateKey = ''
-    "-----BEGIN EC PRIVATE KEY-----"
+    -----BEGIN OPENSSH PRIVATE KEY-----
-    "MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49"
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-    "AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN"
+    QyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1QAAAJDufJ4S7nye
-    "r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA=="
+    EgAAAAtzc2gtZWQyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1Q
-    "-----END EC PRIVATE KEY-----"
+    AAAECgwbDlYATM5/jypuptb0GF/+zWZcJfoVIFBG3LQeRyGsQ+bBm/l0M+sxRqrR0M/7p4
-  ];
+    FNN75A2vPXgoEQh2Ed3VAAAADEVDMiB0ZXN0IGtleQE=
    -----END OPENSSH PRIVATE KEY-----
  '';
  snakeOilPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQ+bBm/l0M+sxRqrR0M/7p4FNN75A2vPXgoEQh2Ed3V EC2 test key";
  snakeOilPublicKey = pkgs.lib.concatStrings [
    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
    "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
    "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil"
  ];
 in {
  boot-ec2-nixops = makeEc2Test {
    name         = "nixops-userdata";
    sshPublicKey = snakeOilPublicKey; # That's right folks! My user's key is also the host key!
    userData = ''
-      SSH_HOST_DSA_KEY_PUB:${snakeOilPublicKey}
+      SSH_HOST_ED25519_KEY_PUB:${snakeOilPublicKey}
-      SSH_HOST_DSA_KEY:${pkgs.lib.concatStringsSep "|" snakeOilPrivateKey}
+      SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey}
    '';
    script = ''
      $machine->start;
@@ -80,8 +97,9 @@ in {
      # Let's install our client private key
      $machine->succeed("mkdir -p ~/.ssh");
-      ${concatMapStrings (s: "$machine->succeed('echo ${s} >> ~/.ssh/id_ecdsa');") snakeOilPrivateKey}
+
-      $machine->succeed("chmod 600 ~/.ssh/id_ecdsa");
+      $machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519");
      $machine->succeed("chmod 600 ~/.ssh/id_ed25519");
      # We haven't configured the host key yet, so this should still fail
      $machine->fail("ssh -o BatchMode=yes localhost exit");
@@ -90,7 +108,16 @@ in {
      $machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts");
      $machine->succeed("ssh -o BatchMode=yes localhost exit");
      # Test whether the root disk was resized.
      my $blocks = $machine->succeed("stat -c %b -f /");
      my $bsize = $machine->succeed("stat -c %S -f /");
      my $size = $blocks * $bsize;
      die "wrong free space $size" if $size < 9.7 * 1024 * 1024 * 1024 || $size > 10 * 1024 * 1024 * 1024;
      # Just to make sure resizing is idempotent.
      $machine->shutdown;
      $machine->start;
      $machine->waitForFile("/root/user-data");
    '';
  };
--- a/nixos/tests/etcd.nix
+++ b/nixos/tests/etcd.nix
@@ -82,7 +82,7 @@ import ./make-test.nix ({ pkgs, ... } : {
    subtest "single node", sub {
      $simple->start();
      $simple->waitForUnit("etcd.service");
-      $simple->succeed("etcdctl set /foo/bar 'Hello world'");
+      $simple->waitUntilSucceeds("etcdctl set /foo/bar 'Hello world'");
      $simple->waitUntilSucceeds("etcdctl get /foo/bar | grep 'Hello world'");
    };
@@ -91,7 +91,7 @@ import ./make-test.nix ({ pkgs, ... } : {
      $node2->start();
      $node1->waitForUnit("etcd.service");
      $node2->waitForUnit("etcd.service");
-      $node1->succeed("etcdctl set /foo/bar 'Hello world'");
+      $node1->waitUntilSucceeds("etcdctl set /foo/bar 'Hello world'");
      $node2->waitUntilSucceeds("etcdctl get /foo/bar | grep 'Hello world'");
      $node1->shutdown();
      $node2->shutdown();
@@ -104,7 +104,7 @@ import ./make-test.nix ({ pkgs, ... } : {
      $discovery2->start();
      $discovery1->waitForUnit("etcd.service");
      $discovery2->waitForUnit("etcd.service");
-      $discovery1->succeed("etcdctl set /foo/bar 'Hello world'");
+      $discovery1->waitUntilSucceeds("etcdctl set /foo/bar 'Hello world'");
      $discovery2->waitUntilSucceeds("etcdctl get /foo/bar | grep 'Hello world'");
    };
  '';
--- a/nixos/tests/firefox.nix
+++ b/nixos/tests/firefox.nix
@@ -14,7 +14,7 @@ import ./make-test.nix ({ pkgs, ... }: {
  testScript =
    ''
      $machine->waitForX;
-      $machine->execute("firefox file://${pkgs.valgrind}/share/doc/valgrind/html/index.html &");
+      $machine->execute("firefox file://${pkgs.valgrind.doc}/share/doc/valgrind/html/index.html &");
      $machine->waitForWindow(qr/Valgrind/);
      $machine->sleep(40); # wait until Firefox has finished loading the page
      $machine->screenshot("screen");
--- a/nixos/tests/kde4.nix
+++ b/nixos/tests/kde4.nix
@@ -15,7 +15,7 @@ import ./make-test.nix ({ pkgs, ... }: {
      services.httpd.enable = true;
      services.httpd.adminAddr = "foo@example.org";
-      services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
+      services.httpd.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      services.xserver.displayManager.kdm.enable = true;
      services.xserver.displayManager.kdm.extraConfig =
--- a/nixos/tests/logstash.nix
+++ b/nixos/tests/logstash.nix
@@ -19,8 +19,8 @@ import ./make-test.nix ({ pkgs, ...} : {
                exec { command => "echo dragons" interval => 1 type => "test" }
              '';
              filterConfig = ''
-                if [type] == "test" {
+                if [message] =~ /dragons/ {
-                  grep { match => ["message", "flowers"] drop => true }
+                  drop {}
                }
              '';
              outputConfig = ''
--- a/nixos/tests/make-test.nix
+++ b/nixos/tests/make-test.nix
@@ -2,4 +2,4 @@ f: { system ? builtins.currentSystem, ... } @ args:
 with import ../lib/testing.nix { inherit system; };
-makeTest (if builtins.isFunction f then f (args // { inherit pkgs; }) else f)
+makeTest (if builtins.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f)
--- a/nixos/tests/nfs.nix
+++ b/nixos/tests/nfs.nix
@@ -6,7 +6,7 @@ let
    { config, pkgs, ... }:
    { fileSystems = pkgs.lib.mkVMOverride
        [ { mountPoint = "/data";
-            device = "server:${if version == 4 then "/" else "/data"}";
+            device = "server:/data";
            fsType = "nfs";
            options = "vers=${toString version}";
          }
--- a/nixos/tests/printing.nix
+++ b/nixos/tests/printing.nix
@@ -63,7 +63,7 @@ import ./make-test.nix ({pkgs, ... }: {
      foreach my $file ("${pkgs.groff.doc}/share/doc/*/examples/mom/penguin.pdf",
                        "${pkgs.groff.doc}/share/doc/*/meref.ps",
                        "${pkgs.cups}/share/doc/cups/images/cups.png",
-                        "${pkgs.pcre}/share/doc/pcre/pcre.txt")
+                        "${pkgs.pcre.doc}/share/doc/pcre/pcre.txt")
      {
          $file =~ /([^\/]*)$/; my $fn = $1;
--- a/nixos/tests/proxy.nix
+++ b/nixos/tests/proxy.nix
@@ -7,7 +7,7 @@ let
    { services.httpd.enable = true;
      services.httpd.adminAddr = "foo@example.org";
-      services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
+      services.httpd.documentRoot = "${pkgs.valgrind.doc}/share/doc/valgrind/html";
      networking.firewall.allowedTCPPorts = [ 80 ];
    };
@@ -67,6 +67,7 @@ in
      $proxy->waitForUnit("httpd");
      $backend1->waitForUnit("httpd");
      $backend2->waitForUnit("httpd");
      $client->waitForUnit("network.target");
      # With the back-ends up, the proxy should work.
      $client->succeed("curl --fail http://proxy/");
--- a/nixos/tests/resize-root.nix
+++ b/nixos/tests/resize-root.nix
@@ -0,0 +1,36 @@
 import ./make-test.nix ({ pkgs, lib, ...} : {
  meta.maintainers = [ lib.maintainers.eelco ];
  machine = { config, pkgs, ... }: {
    virtualisation.diskSize = 512;
    fileSystems = lib.mkVMOverride {
      "/".autoResize = true;
    };
  };
  testScript =
    ''
      # Create a VM with a 512 MiB disk.
      $machine->start;
      $machine->waitForUnit("multi-user.target");
      my $blocks = $machine->succeed("stat -c %b -f /");
      my $bsize = $machine->succeed("stat -c %S -f /");
      my $size = $blocks * $bsize;
      die "wrong free space $size" if $size < 480 * 1024 * 1024 || $size > 512 * 1024 * 1024;
      $machine->succeed("touch /marker");
      $machine->shutdown;
      # Grow the disk to 1024 MiB.
      system("qemu-img resize vm-state-machine/machine.qcow2 1024M") == 0 or die;
      # Start the VM again and check whether the initrd has correctly
      # grown the root filesystem.
      $machine->start;
      $machine->waitForUnit("multi-user.target");
      $machine->succeed("[ -e /marker ]");
      my $blocks = $machine->succeed("stat -c %b -f /");
      my $size = $blocks * $bsize;
      die "wrong free space $size" if $size < 980 * 1024 * 1024 || $size > 1024 * 1024 * 1024;
    '';
 })
--- a/nixos/tests/virtualbox.nix
+++ b/nixos/tests/virtualbox.nix
@@ -1,26 +1,41 @@
 { debug ? false, ... } @ args:
 import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
-  debug = false;
+  testVMConfig = vmName: attrs: { config, pkgs, ... }: let
    guestAdditions = pkgs.linuxPackages.virtualboxGuestAdditions;
-  testVMConfig = vmName: attrs: { config, pkgs, ... }: {
+    miniInit = ''
-    boot.kernelParams = let
+      #!${pkgs.stdenv.shell} -xe
-      miniInit = ''
+      export PATH="${pkgs.coreutils}/bin:${pkgs.utillinux}/bin"
        #!${pkgs.stdenv.shell} -xe
        export PATH="${pkgs.coreutils}/bin:${pkgs.utillinux}/bin"
-        ${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/VBoxService
+      mkdir -p /etc/dbus-1 /var/run/dbus
-        ${(attrs.vmScript or (const "")) pkgs}
+      cat > /etc/passwd <<EOF
      root:x:0:0::/root:/bin/false
      messagebus:x:1:1::/var/run/dbus:/bin/false
      EOF
      cat > /etc/group <<EOF
      root:x:0:
      messagebus:x:1:
      EOF
      cp -v "${pkgs.dbus.daemon}/etc/dbus-1/system.conf" \
        /etc/dbus-1/system.conf
      "${pkgs.dbus.daemon}/bin/dbus-daemon" --fork --system
-        i=0
+      ${guestAdditions}/bin/VBoxService
-        while [ ! -e /mnt-root/shutdown ]; do
+      ${(attrs.vmScript or (const "")) pkgs}
          sleep 10
          i=$(($i + 10))
          [ $i -le 120 ] || fail
        done
-        rm -f /mnt-root/boot-done /mnt-root/shutdown
+      i=0
-      '';
+      while [ ! -e /mnt-root/shutdown ]; do
-    in [
+        sleep 10
        i=$(($i + 10))
        [ $i -le 120 ] || fail
      done
      rm -f /mnt-root/boot-done /mnt-root/shutdown
    '';
  in {
    boot.kernelParams = [
      "console=tty0" "console=ttyS0" "ignore_loglevel"
      "boot.trace" "panic=1" "boot.panic_on_fail"
      "init=${pkgs.writeScript "mini-init.sh" miniInit}"
@@ -39,7 +54,7 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
    ];
    boot.initrd.extraUtilsCommands = ''
-      copy_bin_and_libs "${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/mount.vboxsf"
+      copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
      copy_bin_and_libs "${pkgs.utillinux}/bin/unshare"
      ${(attrs.extraUtilsCommands or (const "")) pkgs}
    '';
@@ -126,6 +141,7 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
    vmFlags = mkFlags ([
      "--uart1 0x3F8 4"
      "--uartmode1 client /run/virtualbox-log-${name}.sock"
      "--memory 768"
    ] ++ (attrs.vmFlags or []));
    controllerFlags = mkFlags [
@@ -180,6 +196,8 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
    };
    testSubs = ''
      my ${"$" + name}_sharepath = '${sharePath}';
      sub checkRunning_${name} {
        my $cmd = 'VBoxManage list runningvms | grep -q "^\"${name}\""';
        my ($status, $out) = $machine->execute(ru $cmd);
@@ -286,9 +304,15 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
    echo "$otherIP reachable" | ${pkgs.netcat}/bin/netcat -clp 5678 || :
  '';
  sysdDetectVirt = pkgs: ''
    ${pkgs.systemd}/bin/systemd-detect-virt > /mnt-root/result
  '';
  vboxVMs = mapAttrs createVM {
    simple = {};
    detectvirt.vmScript = sysdDetectVirt;
    test1.vmFlags = hostonlyVMFlags;
    test1.vmScript = dhcpScript;
@@ -307,7 +331,7 @@ in {
      mkVMConf = name: val: val.machine // { key = "${name}-config"; };
      vmConfigs = mapAttrsToList mkVMConf vboxVMs;
    in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
-    virtualisation.memorySize = 768;
+    virtualisation.memorySize = 2048;
    virtualisation.virtualbox.host.enable = true;
    users.extraUsers.alice.extraGroups = let
      inherit (config.virtualisation.virtualbox.host) enableHardening;
@@ -372,17 +396,44 @@ in {
    destroyVM_simple;
    sub removeUUIDs {
      return join("\n", grep { $_ !~ /^UUID:/ } split(/\n/, $_[0]))."\n";
    }
    subtest "host-usb-permissions", sub {
      my $userUSB = removeUUIDs vbm("list usbhost");
      print STDERR $userUSB;
      my $rootUSB = removeUUIDs $machine->succeed("VBoxManage list usbhost");
      print STDERR $rootUSB;
      die "USB host devices differ for root and normal user"
        if $userUSB ne $rootUSB;
      die "No USB host devices found" if $userUSB =~ /<none>/;
    };
    subtest "systemd-detect-virt", sub {
      createVM_detectvirt;
      vbm("startvm detectvirt");
      waitForStartup_detectvirt;
      waitForVMBoot_detectvirt;
      shutdownVM_detectvirt;
      my $result = $machine->succeed("cat '$detectvirt_sharepath/result'");
      chomp $result;
      destroyVM_detectvirt;
      die "systemd-detect-virt returned \"$result\" instead of \"oracle\""
        if $result ne "oracle";
    };
    subtest "net-hostonlyif", sub {
      createVM_test1;
      createVM_test2;
      vbm("startvm test1");
      waitForStartup_test1;
      waitForVMBoot_test1;
      vbm("startvm test2");
      waitForStartup_test2;
      waitForVMBoot_test1;
      waitForVMBoot_test2;
      $machine->screenshot("net_booted");
@@ -403,4 +454,4 @@ in {
      destroyVM_test2;
    };
  '';
-})
+}) args
--- a/pkgs/applications/altcoins/bitcoin-xt.nix
+++ b/pkgs/applications/altcoins/bitcoin-xt.nix
@@ -0,0 +1,39 @@
 { stdenv, fetchurl, pkgconfig, autoreconfHook, openssl, db48, boost
 , zlib, miniupnpc, qt4, utillinux, protobuf, qrencode, curl
 , withGui }:
 with stdenv.lib;
 stdenv.mkDerivation rec{
  name = "bitcoin" + (toString (optional (!withGui) "d")) + "-xt-" + version;
  xt_version = "0.11A";
  version = xt_version;
  src = fetchurl {
    url = "https://github.com/bitcoinxt/bitcoinxt/archive/v0.11A.tar.gz";
    sha256 = "129cbqf6bln6rhdk70c6nfwdjk6afvsaaw4xdyp0pnfand8idz7n";
  };
  buildInputs = [ pkgconfig autoreconfHook openssl db48 boost zlib
                  miniupnpc utillinux protobuf curl ]
                  ++ optionals withGui [ qt4 qrencode ];
  configureFlags = [
    "--with-boost-libdir=${boost.lib}/lib"
    "--with-libcurl-headers=${curl}/include"
  ] ++ optionals withGui [ "--with-gui=qt4" ];
  meta = {
    description = "Peer-to-peer electronic cash system";
    longDescription= ''
       Bitcoin XT is an implementation of a Bitcoin full node, based upon the
       source code of Bitcoin Core. It is built by taking the latest stable
       Core release, applying a series of patches, and then doing deterministic
       builds so anyone can check the downloads correspond to the source code. 
    '';
    homepage = "https://bitcoinxt.software/";
    maintainers = with maintainers; [ jefdaj ];
    license = licenses.mit;
    platforms = platforms.unix;
  };
 }
--- a/pkgs/applications/altcoins/default.nix
+++ b/pkgs/applications/altcoins/default.nix
@@ -5,6 +5,9 @@ rec {
  bitcoin  = callPackage ./bitcoin.nix { withGui = true; };
  bitcoind = callPackage ./bitcoin.nix { withGui = false; };
  bitcoin-xt  = callPackage ./bitcoin-xt.nix { withGui = true; };
  bitcoind-xt = callPackage ./bitcoin-xt.nix { withGui = false; };
  darkcoin  = callPackage ./darkcoin.nix { withGui = true; };
  darkcoind = callPackage ./darkcoin.nix { withGui = false; };
--- a/pkgs/applications/audio/audacious/default.nix
+++ b/pkgs/applications/audio/audacious/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, pkgconfig, glib, gtk3, libmowgli, libmcs
-, gettext, dbus_glib, libxml2, libmad, xlibs, alsaLib, libogg
+, gettext, dbus_glib, libxml2, libmad, xorg, alsaLib, libogg
 , libvorbis, libcdio, libcddb, flac, ffmpeg, makeWrapper
 , mpg123, neon, faad2
 }:
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
  buildInputs =
    [ gettext pkgconfig glib gtk3 libmowgli libmcs libxml2 dbus_glib
-      libmad xlibs.libXcomposite libogg libvorbis flac alsaLib libcdio
+      libmad xorg.libXcomposite libogg libvorbis flac alsaLib libcdio
      libcddb ffmpeg makeWrapper mpg123 neon faad2
    ];
--- a/pkgs/applications/audio/beast/default.nix
+++ b/pkgs/applications/audio/beast/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, zlib, guile, libart_lgpl, pkgconfig, intltool
 , gtk, glib, libogg, libvorbis, libgnomecanvas, gettext, perl }:
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
  name = "beast-0.7.1";
  src = fetchurl {
-    url = ftp://beast.gtk.org/pub/beast/v0.7/beast-0.7.1.tar.bz2;
+    url = "http://ftp.gtk.org/pub/beast/v0.7/${name}.tar.bz2";
    sha256 = "0jyl1i1918rsn4296w07fsf6wx3clvad522m3bzgf8ms7gxivg5l";
  };
--- a/pkgs/applications/audio/bristol/default.nix
+++ b/pkgs/applications/audio/bristol/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, alsaLib, libjack2, pkgconfig, libpulseaudio, xlibs }:
+{ stdenv, fetchurl, alsaLib, libjack2, pkgconfig, libpulseaudio, xorg }:
 stdenv.mkDerivation  rec {
  name = "bristol-${version}";
@@ -10,8 +10,8 @@ stdenv.mkDerivation  rec {
  };
  buildInputs = [
-    alsaLib libjack2 pkgconfig libpulseaudio xlibs.libX11 xlibs.libXext
+    alsaLib libjack2 pkgconfig libpulseaudio xorg.libX11 xorg.libXext
-    xlibs.xproto
+    xorg.xproto
  ];
  preInstall = ''
--- a/pkgs/applications/audio/calf/default.nix
+++ b/pkgs/applications/audio/calf/default.nix
@@ -6,7 +6,7 @@ stdenv.mkDerivation rec {
  version = "0.0.60";
  src = fetchurl {
-    url = "mirror://sourceforge/calf/${name}.tar.gz";
+    url = "http://calf-studio-gear.org/files/${name}.tar.gz";
    sha256 = "019fwg00jv217a5r767z7szh7vdrarybac0pr2sk26xp81kibrx9";
  };
--- a/pkgs/applications/audio/deadbeef/default.nix
+++ b/pkgs/applications/audio/deadbeef/default.nix
@@ -84,7 +84,7 @@ stdenv.mkDerivation rec {
  patches = [ (fetchpatch {
                url = "https://github.com/Alexey-Yakovenko/deadbeef/commit/e7725ea73fa1bd279a3651704870156bca8efea8.patch";
-                sha256 = "0a04l2607y3swcq9b1apffl1chdwj38jwfiizxcfmdbia4a0qlyg";
+                sha256 = "1530w968zyvcm9c8k57889n125k7a1kk3ydinjm398n07gypd599";
              })
            ];
--- a/pkgs/applications/audio/distrho/default.nix
+++ b/pkgs/applications/audio/distrho/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchgit, alsaLib, fftwSinglePrec, freetype, libjack2
-, libxslt, lv2, pkgconfig, premake3, xlibs, ladspa-sdk }:
+, libxslt, lv2, pkgconfig, premake3, xorg, ladspa-sdk }:
 stdenv.mkDerivation rec {
  name = "distrho-ports-git-2015-07-18";
@@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
  buildInputs = [
    alsaLib fftwSinglePrec freetype libjack2 pkgconfig premake3
-    xlibs.libX11 xlibs.libXcomposite xlibs.libXcursor xlibs.libXext
+    xorg.libX11 xorg.libXcomposite xorg.libXcursor xorg.libXext
-    xlibs.libXinerama xlibs.libXrender ladspa-sdk
+    xorg.libXinerama xorg.libXrender ladspa-sdk
  ];
  buildPhase = ''
--- a/pkgs/applications/audio/eq10q/default.nix
+++ b/pkgs/applications/audio/eq10q/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xlibs }:
+{ stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xorg }:
 stdenv.mkDerivation rec {
  name = "eq10q-2-${version}";
  version = "beta7.1";
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
    sha256 = "1jmrcx4jlx8kgsy5n4jcxa6qkjqvx7d8l2p7dsmw4hj20s39lgyi";
  };
-  buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xlibs.libpthreadstubs xlibs.libXdmcp xlibs.libxshmfence ];
+  buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];
  installFlags = ''
    DESTDIR=$(out)
--- a/pkgs/applications/audio/fmit/default.nix
+++ b/pkgs/applications/audio/fmit/default.nix
@@ -1,7 +1,5 @@
-# FIXME: upgrading qt5Full (Qt 5.3) to qt5.{base,multimedia} (Qt 5.4) breaks
+{ stdenv, fetchFromGitHub, fftw, freeglut, qt5
-# the default Qt audio capture source!
+, alsaSupport ? true, alsaLib ? null
 { stdenv, fetchFromGitHub, fftw, freeglut, qt5Full
 , alsaSupport ? false, alsaLib ? null
 , jackSupport ? false, libjack2 ? null }:
 assert alsaSupport -> alsaLib != null;
@@ -18,7 +16,7 @@ stdenv.mkDerivation {
    owner = "gillesdegottex";
  };
-  buildInputs = [ fftw freeglut qt5Full ]
+  buildInputs = [ fftw freeglut qt5.base qt5.multimedia ]
    ++ stdenv.lib.optional alsaSupport [ alsaLib ]
    ++ stdenv.lib.optional jackSupport [ libjack2 ];
--- a/pkgs/applications/audio/jaaa/default.nix
+++ b/pkgs/applications/audio/jaaa/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, alsaLib, libclthreads, libclxclient, libX11, libXft, libXrender, fftwFloat, freetype, fontconfig, libjack2, xlibs, zita-alsa-pcmi }:
+{ stdenv, fetchurl, alsaLib, libclthreads, libclxclient, libX11, libXft, libXrender, fftwFloat, freetype, fontconfig, libjack2, xorg, zita-alsa-pcmi }:
 stdenv.mkDerivation rec {
  name = "jaaa-${version}";
--- a/pkgs/applications/audio/pd-plugins/helmholtz/default.nix
+++ b/pkgs/applications/audio/pd-plugins/helmholtz/default.nix
@@ -6,6 +6,7 @@ stdenv.mkDerivation rec {
  src = fetchurl {
    url = "http://www.katjaas.nl/helmholtz/helmholtz~.zip";
    name = "helmholtz.zip";
    curlOpts = "--user-agent ''";
    sha256 = "0h1fj7lmvq9j6rmw33rb8k0byxb898bi2xhcwkqalb84avhywgvs";
  };
--- a/pkgs/applications/audio/petrifoo/default.nix
+++ b/pkgs/applications/audio/petrifoo/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, alsaLib, cmake, gtk, libjack2, libgnomecanvas
 , libpthreadstubs, libsamplerate, libsndfile, libtool, libxml2
-, pkgconfig }:
+, pkgconfig, openssl }:
 stdenv.mkDerivation  rec {
  name = "petri-foo-${version}";
@@ -13,7 +13,7 @@ stdenv.mkDerivation  rec {
  buildInputs =
   [ alsaLib cmake  gtk libjack2 libgnomecanvas libpthreadstubs
-     libsamplerate libsndfile libtool libxml2 pkgconfig
+     libsamplerate libsndfile libtool libxml2 pkgconfig openssl
   ];
  meta = with stdenv.lib; {
--- a/pkgs/applications/audio/praat/default.nix
+++ b/pkgs/applications/audio/praat/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, alsaLib, gtk, pkgconfig }:
-let version = "5401"; in
+let version = "5417"; in
 stdenv.mkDerivation {
  name = "praat-${version}";
  src = fetchurl {
    url = "http://www.fon.hum.uva.nl/praat/praat${version}_sources.tar.gz";
-    sha256 = "1hx0simc0hp5w5scyaiw8h8lrpafra4h1zy1jn1kzb0299yd06n3";
+    sha256 = "1bspl963pb1s6k3cd9p3g5j518pxg6hkrann945lqsrvbzaa20kl";
  };
  configurePhase = ''
--- a/pkgs/applications/audio/qmidiroute/default.nix
+++ b/pkgs/applications/audio/qmidiroute/default.nix
@@ -0,0 +1,29 @@
 { stdenv, fetchurl, pkgconfig, qt4, alsaLib }:
 stdenv.mkDerivation rec {
  version = "0.3.0";
  name = "qmidiroute-${version}";
  src = fetchurl {
    url = "mirror://sourceforge/project/alsamodular/QMidiRoute/${version}/${name}.tar.gz";
    sha256 = "11bfjz14z37v6hk2xyg4vrw423b5h3qgcbviv07g00ws1fgjygm2";
  };
  buildInputs = [ pkgconfig qt4 alsaLib ];
  meta = with stdenv.lib; {
    description = "MIDI event processor and router";
    longDescription = ''
    qmidiroute is a versatile MIDI event processor and router for the ALSA
    sequencer.  The graphical  interface  is  based  on  the  Qt4  toolkit.
    qmidiroute permits setting up an unlimited number of MIDI maps in which
    incoming events are selected, modified or even changed in  type  before
    being  directed  to  a  dedicated  ALSA  output  port. The maps work in
    parallel, and they are organized in tabs.
    '';
    license = licenses.gpl2;
    maintainers = [ maintainers.lebastr ];
    platforms = stdenv.lib.platforms.linux;
  };
 }
--- a/pkgs/applications/audio/qmmp/default.nix
+++ b/pkgs/applications/audio/qmmp/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, qt4, pkgconfig, x11
+{ stdenv, fetchurl, cmake, qt4, pkgconfig, xlibsWrapper
 # transports
 , curl, libmms
 # input plugins
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
  buildInputs =
    [ # basic requirements
-      cmake qt4 pkgconfig x11
+      cmake qt4 pkgconfig xlibsWrapper
      # transports
      curl libmms
      # input plugins
--- a/pkgs/applications/audio/rkrlv2/default.nix
+++ b/pkgs/applications/audio/rkrlv2/default.nix
@@ -1,5 +1,5 @@
 { stdenv, pkgs, fetchFromGitHub,
-automake, pkgconfig, lv2, fftw, cmake, xlibs, libjack2, libsamplerate, libsndfile
+automake, pkgconfig, lv2, fftw, cmake, xorg, libjack2, libsamplerate, libsndfile
 }:
 stdenv.mkDerivation rec {
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
    sha256 = "0kr3rvq7n1bh47qryyarcpiibms601qd8l1vypmm61969l4d4bn8";
  };
-  buildInputs = with xlibs; [ automake pkgconfig lv2 fftw cmake libXpm libjack2 libsamplerate libsndfile libXft ];
+  buildInputs = with xorg; [ automake pkgconfig lv2 fftw cmake libXpm libjack2 libsamplerate libsndfile libXft ];
  meta = {
    description = "Rakarrak effects ported to LV2";
--- a/pkgs/applications/audio/rosegarden/default.nix
+++ b/pkgs/applications/audio/rosegarden/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation (rec {
                  libsndfile libsamplerate perl makedepend libjack2 ]
 		++ stdenv.lib.optional withLirc [ lirc ];
-  enableParallelBuilding = true;
+  #enableParallelBuilding = true; issues on hydra
  meta = with stdenv.lib; {
    homepage = http://www.rosegardenmusic.com/;
--- a/pkgs/applications/audio/spotify/default.nix
+++ b/pkgs/applications/audio/spotify/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype
+{ fetchurl, stdenv, dpkg, xorg, qt4, alsaLib, makeWrapper, openssl, freetype
 , glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
 , libgcrypt, chromium, udev, fontconfig
 , dbus, expat }:
@@ -28,16 +28,16 @@ let
    qt4
    stdenv.cc.cc
    udev
-    xlibs.libX11
+    xorg.libX11
-    xlibs.libXcomposite
+    xorg.libXcomposite
-    xlibs.libXdamage
+    xorg.libXdamage
-    xlibs.libXext
+    xorg.libXext
-    xlibs.libXfixes
+    xorg.libXfixes
-    xlibs.libXi
+    xorg.libXi
-    xlibs.libXrandr
+    xorg.libXrandr
-    xlibs.libXrender
+    xorg.libXrender
-    xlibs.libXrender
+    xorg.libXrender
-    xlibs.libXScrnSaver
+    xorg.libXScrnSaver
  ];
 in
--- a/pkgs/applications/audio/tetraproc/default.nix
+++ b/pkgs/applications/audio/tetraproc/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, makeWrapper
 , expat, fftwFloat, fontconfig, freetype, libjack2, jack2Full, libclthreads, libclxclient
-, libsndfile, libxcb, xlibs
+, libsndfile, libxcb, xorg
 }:
 stdenv.mkDerivation rec {
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
  buildInputs = [
    expat libjack2 libclthreads libclxclient fftwFloat fontconfig libsndfile freetype
-    libxcb xlibs.libX11 xlibs.libXau xlibs.libXdmcp xlibs.libXft xlibs.libXrender
+    libxcb xorg.libX11 xorg.libXau xorg.libXdmcp xorg.libXft xorg.libXrender
  ];
  makeFlags = [
--- a/pkgs/applications/audio/vorbis-tools/default.nix
+++ b/pkgs/applications/audio/vorbis-tools/default.nix
@@ -1,6 +1,12 @@
-{stdenv, fetchurl, libogg, libvorbis, libao, pkgconfig, curl, glibc
+{ stdenv, fetchurl, fetchzip, libogg, libvorbis, libao, pkgconfig, curl
-, speex, flac}:
+, speex, flac }:
 let
  debPatch = fetchzip {
    url = "mirror://debian/pool/main/v/vorbis-tools/vorbis-tools_1.4.0-6.debian.tar.xz";
    sha256 = "1xmmpdvxyr84lazlg23c6ck5ic97ga2rkiqabb1d98ix2zdzyqz5";
  };
 in
 stdenv.mkDerivation {
  name = "vorbis-tools-1.4.0";
  src = fetchurl {
@@ -8,14 +14,23 @@ stdenv.mkDerivation {
    sha256 = "1g12bnh5ah08v529y72kfdz5lhvy75iaz7f9jskyby23m9dkk2d3";
  };
-  buildInputs = [ libogg libvorbis libao pkgconfig curl speex glibc flac ];
+  postPatch = ''
    for patch in $(ls "${debPatch}"/patches/*.{diff,patch} | grep -v debian_subdir)
    do patch -p1 < "$patch"
    done
  '';
-  meta = {
+  buildInputs = [ libogg libvorbis libao pkgconfig curl speex flac ];
  meta = with stdenv.lib; {
    description = "Extra tools for Ogg-Vorbis audio codec";
    longDescription = ''
      A set of command-line tools to manipulate Ogg Vorbis audio
      files, notably the `ogg123' player and the `oggenc' encoder.
    '';
    homepage = http://xiph.org/vorbis/;
-    license = stdenv.lib.licenses.gpl2;
+    license = licenses.gpl2;
    platforms = platforms.all;
  };
 }
--- a/pkgs/applications/audio/yoshimi/default.nix
+++ b/pkgs/applications/audio/yoshimi/default.nix
@@ -6,11 +6,11 @@ assert stdenv ? glibc;
 stdenv.mkDerivation  rec {
  name = "yoshimi-${version}";
-  version = "1.3.5.1";
+  version = "1.3.5.2";
  src = fetchurl {
    url = "mirror://sourceforge/yoshimi/${name}.tar.bz2";
-    sha256 = "1c7049pnvadxndk1rbja77kyr0rwnqca2546pxjnxksg923s5l8n";
+    sha256 = "001xvwknsm1sv5lvwz7f6dgf57b8djbpwbyk2gfxjy9rzl5q53qr";
  };
  buildInputs = [
--- a/pkgs/applications/display-managers/lightdm/default.nix
+++ b/pkgs/applications/display-managers/lightdm/default.nix
@@ -1,5 +1,5 @@
 { stdenv, fetchurl, pam, pkgconfig, libxcb, glib, libXdmcp, itstool, libxml2
-, intltool, x11, libxklavier, libgcrypt
+, intltool, xlibsWrapper, libxklavier, libgcrypt
 , qt4 ? null, qt5 ? null
 }:
--- a/Show More
+++ b/Show More
`@@ -2,4 +2,4 @@ f: { system ? builtins.currentSystem, ... } @ args:`

	`with import ../lib/testing.nix { inherit system; };`	`with import ../lib/testing.nix { inherit system; };`

	`makeTest (if builtins.isFunction f then f (args // { inherit pkgs; }) else f)`	`makeTest (if builtins.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f)`