Release NixOS 23.05

(cherry picked from commit 2c6ae7132c)

.github/CODEOWNERS

@@ -58,9 +58,13 @@
 /maintainers/scripts/db-to-md.sh @jtojnar @ryantm
 /maintainers/scripts/doc @jtojnar @ryantm
 
+/doc/* @fricklerhandwerk
 /doc/build-aux/pandoc-filters @jtojnar
+/doc/builders/trivial-builders.chapter.md @fricklerhandwerk
 /doc/contributing/ @fricklerhandwerk
 /doc/contributing/contributing-to-documentation.chapter.md @jtojnar @fricklerhandwerk
+/doc/stdenv @fricklerhandwerk
+/doc/using @fricklerhandwerk
 
 # NixOS Internals
 /nixos/default.nix                                    @infinisil
@@ -298,13 +302,6 @@ pkgs/development/python-modules/buildcatrust/ @ajs124 @lukegb @mweinelt
 /doc/languages-frameworks/javascript.section.md @winterqt
 
 # OCaml
-/pkgs/build-support/ocaml           @ulrikstrid
-/pkgs/development/compilers/ocaml   @ulrikstrid
-/pkgs/development/ocaml-modules     @ulrikstrid
-
-# ZFS
-pkgs/os-specific/linux/zfs                @raitobezarius
-nixos/lib/make-single-disk-zfs-image.nix  @raitobezarius
-nixos/lib/make-multi-disk-zfs-image.nix   @raitobezarius
-nixos/modules/tasks/filesystems/zfs.nix   @raitobezarius
-nixos/tests/zfs.nix                       @raitobezarius
+/pkgs/build-support/ocaml           @romildo @ulrikstrid
+/pkgs/development/compilers/ocaml   @romildo @ulrikstrid
+/pkgs/development/ocaml-modules     @romildo @ulrikstrid

.github/workflows/basic-eval.yml

@@ -19,7 +19,7 @@ jobs:
     # we don't limit this action to only NixOS repo since the checks are cheap and useful developer feedback
     steps:
     - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v21
+    - uses: cachix/install-nix-action@v20
     - uses: cachix/cachix-action@v12
       with:
         # This cache is for the nixpkgs repo checks and should not be trusted or used elsewhere.

.github/workflows/check-maintainers-sorted.yaml

@@ -16,7 +16,7 @@ jobs:
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
-      - uses: cachix/install-nix-action@v21
+      - uses: cachix/install-nix-action@v20
         with:
           # explicitly enable sandbox
           extra_nix_config: sandbox = true

.github/workflows/editorconfig.yml

@@ -28,7 +28,7 @@ jobs:
       with:
         # pull_request_target checks out the base branch by default
         ref: refs/pull/${{ github.event.pull_request.number }}/merge
-    - uses: cachix/install-nix-action@v21
+    - uses: cachix/install-nix-action@v20
       with:
         # nixpkgs commit is pinned so that it doesn't break
         # editorconfig-checker 2.4.0

.github/workflows/manual-nixos.yml

@@ -18,7 +18,7 @@ jobs:
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
-      - uses: cachix/install-nix-action@v21
+      - uses: cachix/install-nix-action@v20
         with:
           # explicitly enable sandbox
           extra_nix_config: sandbox = true

.github/workflows/manual-nixpkgs.yml

@@ -19,7 +19,7 @@ jobs:
         with:
           # pull_request_target checks out the base branch by default
           ref: refs/pull/${{ github.event.pull_request.number }}/merge
-      - uses: cachix/install-nix-action@v21
+      - uses: cachix/install-nix-action@v20
         with:
           # explicitly enable sandbox
           extra_nix_config: sandbox = true

.github/workflows/manual-rendering.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v21
+      - uses: cachix/install-nix-action@v20
         with:
           # explicitly enable sandbox
           extra_nix_config: sandbox = true

.github/workflows/periodic-merge-24h.yml

@@ -38,10 +38,6 @@ jobs:
             into: staging-next-22.11
           - from: staging-next-22.11
             into: staging-22.11
-          - from: release-23.05
-            into: staging-next-23.05
-          - from: staging-next-23.05
-            into: staging-23.05
     name: ${{ matrix.pairs.from }} → ${{ matrix.pairs.into }}
     steps:
       - uses: actions/checkout@v3

.github/workflows/update-terraform-providers.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v21
+      - uses: cachix/install-nix-action@v20
         with:
           nix_path: nixpkgs=channel:nixpkgs-unstable
       - name: setup

.version

@@ -1 +1 @@
-23.11
+23.05

CONTRIBUTING.md

@@ -66,12 +66,9 @@ Useful git commands that can help a lot with this are `git commit --patch --amen
 From time to time, changes between branches must be rebased, for example, if the
 number of new rebuilds they would cause is too large for the target branch. When
 rebasing, care must be taken to include only the intended changes, otherwise
-many CODEOWNERS will be inadvertently requested for review. To achieve this,
+many CODEOWNERS will be inadvertently requested for review.  To achieve this,
 rebasing should not be performed directly on the target branch, but on the merge
-base between the current and target branch. As an additional precautionary measure,
-you should temporarily mark the PR as draft for the duration of the operation.
-This reduces the probability of mass-pinging people. (OfBorg might still
-request a couple of persons for reviews though.)
+base between the current and target branch.
 
 In the following example, we assume that the current branch, called `feature`,
 is based on `master`, and we rebase it onto the merge base between
@@ -105,36 +102,6 @@ git status
 git push origin feature --force-with-lease
 ```
 
-### Something went wrong and a lot of people were pinged
-
-It happens. Remember to be kind, especially to new contributors.
-There is no way back, so the pull request should be closed and locked
-(if possible). The changes should be re-submitted in a new PR, in which the people
-originally involved in the conversation need to manually be pinged again.
-No further discussion should happen on the original PR, as a lot of people
-are now subscribed to it.
-
-The following message (or a version thereof) might be left when closing to
-describe the situation, since closing and locking without any explanation
-is kind of rude:
-
-```markdown
-It looks like you accidentally mass-pinged a bunch of people, which are now subscribed
-and getting notifications for everything in this pull request. Unfortunately, they
-cannot be automatically unsubscribed from the issue (removing review request does not
-unsubscribe), therefore development cannot continue in this pull request anymore.
-
-Please open a new pull request with your changes, link back to this one and ping the
-people actually involved in here over there.
-
-In order to avoid this in the future, there are instructions for how to properly
-rebase between branches in our [contribution guidelines](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md#rebasing-between-branches-ie-from-master-to-staging).
-Setting your pull request to draft prior to rebasing is strongly recommended.
-In draft status, you can preview the list of people that are about to be requested
-for review, which allows you to sidestep this issue.
-This is not a bulletproof method though, as OfBorg still does review requests even on draft PRs.
-```
-
 ## Backporting changes
 
 Follow these steps to backport a change into a release branch in compliance with the [commit policy](https://nixos.org/nixpkgs/manual/#submitting-changes-stable-release-branches).

doc/Makefile

@@ -66,13 +66,18 @@ out/html/index.html: doc-support/result manual-full.xml style.css highlightjs
 	cp doc-support/result/xsl/docbook/images/callouts/*.svg out/html/images/callouts/
 	chmod u+w -R out/html/
 
-out/epub/manual.epub: epub.xml
+out/epub/manual.epub: manual-full.xml
 	mkdir -p out/epub/scratch
 	xsltproc --nonet \
 		--output out/epub/scratch/ \
 		doc-support/result/epub.xsl \
-		./epub.xml
+		./manual-full.xml
 
+	cp -r $(pandoc_media_dir) out/epub/scratch/OEBPS
+	cp ./overrides.css out/epub/scratch/OEBPS
+	cp ./style.css out/epub/scratch/OEBPS
+	mkdir -p out/epub/scratch/OEBPS/images/callouts/
+	cp doc-support/result/xsl/docbook/images/callouts/*.svg out/epub/scratch/OEBPS/images/callouts/
 	echo "application/epub+zip" > mimetype
 	zip -0Xq "out/epub/manual.epub" mimetype
 	rm mimetype

doc/builders/fetchers.chapter.md

@@ -132,16 +132,11 @@ A number of fetcher functions wrap part of `fetchurl` and `fetchzip`. They are m
 
 `fetchFromGitHub` expects four arguments. `owner` is a string corresponding to the GitHub user or organization that controls this repository. `repo` corresponds to the name of the software repository. These are located at the top of every GitHub HTML page as `owner`/`repo`. `rev` corresponds to the Git commit hash or tag (e.g `v1.0`) that will be downloaded from Git. Finally, `hash` corresponds to the hash of the extracted directory. Again, other hash algorithms are also available, but `hash` is currently preferred.
 
-To use a different GitHub instance, use `githubBase` (defaults to `"github.com"`).
-
 `fetchFromGitHub` uses `fetchzip` to download the source archive generated by GitHub for the specified revision. If `leaveDotGit`, `deepClone` or `fetchSubmodules` are set to `true`, `fetchFromGitHub` will use `fetchgit` instead. Refer to its section for documentation of these options.
 
 ## `fetchFromGitLab` {#fetchfromgitlab}
 
-This is used with GitLab repositories. It behaves similarly to `fetchFromGitHub`, and expects `owner`, `repo`, `rev`, and `hash`.
-
-To use a specific GitLab instance, use `domain` (defaults to `"gitlab.com"`).
-
+This is used with GitLab repositories. The arguments expected are very similar to `fetchFromGitHub` above.
 
 ## `fetchFromGitiles` {#fetchfromgitiles}
 
@@ -149,7 +144,7 @@ This is used with Gitiles repositories. The arguments expected are similar to `f
 
 ## `fetchFromBitbucket` {#fetchfrombitbucket}
 
-This is used with BitBucket repositories. The arguments expected are very similar to `fetchFromGitHub` above.
+This is used with BitBucket repositories. The arguments expected are very similar to fetchFromGitHub above.
 
 ## `fetchFromSavannah` {#fetchfromsavannah}
 

doc/builders/special/darwin-builder.section.md

@@ -62,7 +62,7 @@ builders-use-substitutes = true
 $ sudo launchctl kickstart -k system/org.nixos.nix-daemon
 ```
 
-## Example flake usage {#sec-darwin-builder-example-flake}
+## Example flake usage
 
 ```
 {
@@ -120,7 +120,7 @@ $ sudo launchctl kickstart -k system/org.nixos.nix-daemon
 }
 ```
 
-## Reconfiguring the builder {#sec-darwin-builder-reconfiguring}
+## Reconfiguring the builder
 
 Initially you should not change the builder configuration else you will not be
 able to use the binary cache. However, after you have the builder running locally

doc/builders/special/makesetuphook.section.md

@@ -12,7 +12,7 @@ pkgs.makeSetupHook {
 } ./script.sh
 ```
 
-### setup hook that depends on the hello package and runs hello and @shell@ is substituted with path to bash {#sec-pkgs.makeSetupHook-usage-example}
+#### setup hook that depends on the hello package and runs hello and @shell@ is substituted with path to bash {#sec-pkgs.makeSetupHook-usage-example}
 
 ```nix
 pkgs.makeSetupHook {

doc/builders/special/vm-tools.section.md

@@ -6,7 +6,7 @@ A set of VM related utilities, that help in building some packages in more advan
 
 A bash script fragment that produces a disk image at `destination`.
 
-### Attributes {#vm-tools-createEmptyImage-attributes}
+### Attributes
 
 * `size`. The disk size, in MiB.
 * `fullName`. Name that will be written to `${destination}/nix-support/full-name`.
@@ -20,14 +20,14 @@ Thus, any pure Nix derivation should run unmodified.
 
 If the build fails and Nix is run with the `-K/--keep-failed` option, a script `run-vm` will be left behind in the temporary build directory that allows you to boot into the VM and debug it interactively.
 
-### Attributes {#vm-tools-runInLinuxVM-attributes}
+### Attributes
 
 * `preVM` (optional). Shell command to be evaluated *before* the VM is started (i.e., on the host).
 * `memSize` (optional, default `512`). The memory size of the VM in MiB.
 * `diskImage` (optional). A file system image to be attached to `/dev/sda`.
   Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
 
-### Examples {#vm-tools-runInLinuxVM-examples}
+### Examples
 
 Build the derivation hello inside a VM:
 ```nix
@@ -56,13 +56,13 @@ runInLinuxVM (hello.overrideAttrs (_: {
 
 Takes a file, such as an ISO, and extracts its contents into the store.
 
-### Attributes {#vm-tools-extractFs-attributes}
+### Attributes
 
 * `file`. Path to the file to be extracted.
   Note that currently we expect the image to contain a filesystem, not a full disk image with a partition table etc.
 * `fs` (optional). Filesystem of the contents of the file.
 
-### Examples {#vm-tools-extractFs-examples}
+### Examples
 
 Extract the contents of an ISO file:
 ```nix
@@ -82,7 +82,7 @@ Like [](#vm-tools-runInLinuxVM), but instead of using `stdenv` from the Nix stor
 
 Generate a script that can be used to run an interactive session in the given image.
 
-### Examples {#vm-tools-makeImageTestScript-examples}
+### Examples
 
 Create a script for running a Fedora 27 VM:
 ```nix
@@ -100,7 +100,7 @@ makeImageTestScript diskImages.ubuntu2004x86_64
 
 A set of functions that build a predefined set of minimal Linux distributions images.
 
-### Images {#vm-tools-diskImageFuns-images}
+### Images
 
 * Fedora
   * `fedora26x86_64`
@@ -126,12 +126,12 @@ A set of functions that build a predefined set of minimal Linux distributions im
   * `debian11i386`
   * `debian11x86_64`
 
-### Attributes {#vm-tools-diskImageFuns-attributes}
+### Attributes
 
 * `size` (optional, defaults to `4096`). The size of the image, in MiB.
 * `extraPackages` (optional). A list names of additional packages from the distribution that should be included in the image.
 
-### Examples {#vm-tools-diskImageFuns-examples}
+### Examples
 
 8GiB image containing Firefox in addition to the default packages:
 ```nix

doc/builders/testers.chapter.md

@@ -1,5 +1,5 @@
 # Testers {#chap-testers}
-This chapter describes several testing builders which are available in the `testers` namespace.
+This chapter describes several testing builders which are available in the <literal>testers</literal> namespace.
 
 ## `hasPkgConfigModule` {#tester-hasPkgConfigModule}
 

doc/contributing/coding-conventions.chapter.md

@@ -220,9 +220,7 @@ There are a few naming guidelines:
 
 - The `version` attribute _must_ start with a digit e.g`"0.3.1rc2".
 
-- If a package is a commit from a repository without a version assigned, then the `version` attribute _should_ be the latest upstream version preceding that commit, followed by `-unstable-` and the date of the (fetched) commit. The date _must_ be in `"YYYY-MM-DD"` format.
-
-Example: Given a project had its latest releases `2.2` in November 2021, and `3.0` in January 2022, a commit authored on March 15, 2022 for an upcoming bugfix release `2.2.1` would have `version = "2.2-unstable-2022-03-15"`.
+- If a package is not a release but a commit from a repository, then the `version` attribute _must_ be the date of that (fetched) commit. The date _must_ be in `"unstable-YYYY-MM-DD"` format.
 
 - Dashes in the package `pname` _should_ be preserved in new variable names, rather than converted to underscores or camel cased — e.g., `http-parser` instead of `http_parser` or `httpParser`. The hyphenated style is preferred in all three package names.
 

doc/contributing/reviewing-contributions.chapter.md

@@ -12,7 +12,7 @@ When reviewing a pull request, please always be nice and polite. Controversial c
 
 GitHub provides reactions as a simple and quick way to provide feedback to pull requests or any comments. The thumb-down reaction should be used with care and if possible accompanied with some explanation so the submitter has directions to improve their contribution.
 
-Pull request reviews should include a list of what has been reviewed in a comment, so other reviewers and mergers can know the state of the review.
+pull request reviews should include a list of what has been reviewed in a comment, so other reviewers and mergers can know the state of the review.
 
 All the review template samples provided in this section are generic and meant as examples. Their usage is optional and the reviewer is free to adapt them to their liking.
 
@@ -201,7 +201,7 @@ checks should be performed:
     them to either recommit using that key or to remove their key
     information.
 
-    Given a maintainer entry like this:
+    Given a maintainter entry like this:
 
     ``` nix
     {

doc/default.nix

@@ -20,33 +20,7 @@ in pkgs.stdenv.mkDerivation {
     ln -s ${doc-support} ./doc-support/result
   '';
 
-  epub = ''
-    <book xmlns="http://docbook.org/ns/docbook"
-          xmlns:xlink="http://www.w3.org/1999/xlink"
-          version="5.0"
-          xml:id="nixpkgs-manual">
-      <info>
-        <title>Nixpkgs Manual</title>
-        <subtitle>Version ${pkgs.lib.version}</subtitle>
-      </info>
-      <chapter>
-        <title>Temporarily unavailable</title>
-        <para>
-          The Nixpkgs manual is currently not available in EPUB format,
-          please use the <link xlink:href="https://nixos.org/nixpkgs/manual">HTML manual</link>
-          instead.
-        </para>
-        <para>
-          If you've used the EPUB manual in the past and it has been useful to you, please
-          <link xlink:href="https://github.com/NixOS/nixpkgs/issues/237234">let us know</link>.
-        </para>
-      </chapter>
-    </book>
-  '';
-  passAsFile = [ "epub" ];
-
   preBuild = ''
-    cp $epubPath epub.xml
     make -j$NIX_BUILD_CORES render-md
   '';
 

doc/functions/generators.section.md

@@ -16,7 +16,7 @@ let
              if v == true then ''"yes"''
         else if v == false then ''"no"''
         else if isString v then ''"${v}"''
-        # and delegates all other values to the default generator
+        # and delegats all other values to the default generator
         else generators.mkValueStringDefault {} v;
     } ":";
   };

doc/hooks/autoconf.section.md

@@ -1,3 +1,4 @@
-# Autoconf {#setup-hook-autoconf}
+
+### Autoconf {#setup-hook-autoconf}
 
 The `autoreconfHook` derivation adds `autoreconfPhase`, which runs autoreconf, libtoolize and automake, essentially preparing the configure script in autotools-based builds. Most autotools-based packages come with the configure script pre-generated, but this hook is necessary for a few packages and when you need to patch the package’s configure scripts.

doc/hooks/automake.section.md

@@ -1,3 +1,4 @@
-# Automake {#setup-hook-automake}
+
+### Automake {#setup-hook-automake}
 
 Adds the `share/aclocal` subdirectory of each build input to the `ACLOCAL_PATH` environment variable.

doc/hooks/autopatchelf.section.md

@@ -1,4 +1,5 @@
-# autoPatchelfHook {#setup-hook-autopatchelfhook}
+
+### autoPatchelfHook {#setup-hook-autopatchelfhook}
 
 This is a special setup hook which helps in packaging proprietary software in that it automatically tries to find missing shared library dependencies of ELF files based on the given `buildInputs` and `nativeBuildInputs`.
 

doc/hooks/breakpoint.section.md

@@ -1,4 +1,5 @@
-# breakpointHook {#breakpointhook}
+
+### breakpointHook {#breakpointhook}
 
 This hook will make a build pause instead of stopping when a failure happens. It prevents nix from cleaning up the build environment immediately and allows the user to attach to a build environment using the `cntr` command. Upon build error it will print instructions on how to use `cntr`, which can be used to enter the environment for debugging. Installing cntr and running the command will provide shell access to the build sandbox of failed build. At `/var/lib/cntr` the sandboxed filesystem is mounted. All commands and files of the system are still accessible within the shell. To execute commands from the sandbox use the cntr exec subcommand. `cntr` is only supported on Linux-based platforms. To use it first add `cntr` to your `environment.systemPackages` on NixOS or alternatively to the root user on non-NixOS systems. Then in the package that is supposed to be inspected, add `breakpointHook` to `nativeBuildInputs`.
 

doc/hooks/cmake.section.md

@@ -1,3 +1,4 @@
-# cmake {#cmake}
+
+### cmake {#cmake}
 
 Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.

doc/hooks/gdk-pixbuf.section.md

@@ -1,3 +1,4 @@
-# gdk-pixbuf {#setup-hook-gdk-pixbuf}
+
+### gdk-pixbuf {#setup-hook-gdk-pixbuf}
 
 Exports `GDK_PIXBUF_MODULE_FILE` environment variable to the builder. Add librsvg package to `buildInputs` to get svg support. See also the [setup hook description in GNOME platform docs](#ssec-gnome-hooks-gdk-pixbuf).

doc/hooks/ghc.section.md

@@ -1,3 +1,4 @@
-# GHC {#ghc}
+
+### GHC {#ghc}
 
 Creates a temporary package database and registers every Haskell build input in it (TODO: how?).

doc/hooks/gnome.section.md

@@ -1,3 +1,4 @@
-# GNOME platform {#gnome-platform}
+
+### GNOME platform {#gnome-platform}
 
 Hooks related to GNOME platform and related libraries like GLib, GTK and GStreamer are described in [](#sec-language-gnome).

doc/hooks/installShellFiles.section.md

@@ -1,4 +1,5 @@
-# `installShellFiles` {#installshellfiles}
+
+### `installShellFiles` {#installshellfiles}
 
 This hook helps with installing manpages and shell completion files. It exposes 2 shell functions `installManPage` and `installShellCompletion` that can be used from your `postInstall` hook.
 

doc/hooks/libiconv.section.md

@@ -1,3 +1,4 @@
-# libiconv, libintl {#libiconv-libintl}
+
+### libiconv, libintl {#libiconv-libintl}
 
 A few libraries automatically add to `NIX_LDFLAGS` their library, making their symbols automatically available to the linker. This includes libiconv and libintl (gettext). This is done to provide compatibility between GNU Linux, where libiconv and libintl are bundled in, and other systems where that might not be the case. Sometimes, this behavior is not desired. To disable this behavior, set `dontAddExtraLibs`.

doc/hooks/libxml2.section.md

@@ -1,3 +1,4 @@
-# libxml2 {#setup-hook-libxml2}
+
+### libxml2 {#setup-hook-libxml2}
 
 Adds every file named `catalog.xml` found under the `xml/dtd` and `xml/xsl` subdirectories of each build input to the `XML_CATALOG_FILES` environment variable.

doc/hooks/meson.section.md

@@ -1,25 +1,26 @@
-# Meson {#meson}
+
+### Meson {#meson}
 
 Overrides the configure phase to run meson to generate Ninja files. To run these files, you should accompany Meson with ninja. By default, `enableParallelBuilding` is enabled as Meson supports parallel building almost everywhere.
 
-## Variables controlling Meson {#variables-controlling-meson}
+#### Variables controlling Meson {#variables-controlling-meson}
 
-### `mesonFlags` {#mesonflags}
+##### `mesonFlags` {#mesonflags}
 
 Controls the flags passed to meson.
 
-### `mesonBuildType` {#mesonbuildtype}
+##### `mesonBuildType` {#mesonbuildtype}
 
 Which [`--buildtype`](https://mesonbuild.com/Builtin-options.html#core-options) to pass to Meson. We default to `plain`.
 
-### `mesonAutoFeatures` {#mesonautofeatures}
+##### `mesonAutoFeatures` {#mesonautofeatures}
 
 What value to set [`-Dauto_features=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `enabled`.
 
-### `mesonWrapMode` {#mesonwrapmode}
+##### `mesonWrapMode` {#mesonwrapmode}
 
 What value to set [`-Dwrap_mode=`](https://mesonbuild.com/Builtin-options.html#core-options) to. We default to `nodownload` as we disallow network access.
 
-### `dontUseMesonConfigure` {#dontusemesonconfigure}
+##### `dontUseMesonConfigure` {#dontusemesonconfigure}
 
 Disables using Meson’s `configurePhase`.

doc/hooks/ninja.section.md

@@ -1,3 +1,4 @@
-# ninja {#ninja}
+
+### ninja {#ninja}
 
 Overrides the build, install, and check phase to run ninja instead of make. You can disable this behavior with the `dontUseNinjaBuild`, `dontUseNinjaInstall`, and `dontUseNinjaCheck`, respectively. Parallel building is enabled by default in Ninja.

doc/hooks/perl.section.md

@@ -1,3 +1,4 @@
-# Perl {#setup-hook-perl}
+
+### Perl {#setup-hook-perl}
 
 Adds the `lib/site_perl` subdirectory of each build input to the `PERL5LIB` environment variable. For instance, if `buildInputs` contains Perl, then the `lib/site_perl` subdirectory of each input is added to the `PERL5LIB` environment variable.

doc/hooks/pkg-config.section.md

@@ -1,3 +1,4 @@
-# pkg-config {#setup-hook-pkg-config}
+
+### pkg-config {#setup-hook-pkg-config}
 
 Adds the `lib/pkgconfig` and `share/pkgconfig` subdirectories of each build input to the `PKG_CONFIG_PATH` environment variable.

doc/hooks/python.section.md

@@ -1,3 +1,4 @@
-# Python {#setup-hook-python}
+
+### Python {#setup-hook-python}
 
 Adds the `lib/${python.libPrefix}/site-packages` subdirectory of each build input to the `PYTHONPATH` environment variable.

doc/hooks/qt-4.section.md

@@ -1,3 +1,4 @@
-# Qt 4 {#qt-4}
+
+### Qt 4 {#qt-4}
 
 Sets the `QTDIR` environment variable to Qt’s path.

doc/hooks/scons.section.md

@@ -1,3 +1,4 @@
-# scons {#scons}
+
+### scons {#scons}
 
 Overrides the build, install, and check phases. This uses the scons build system as a replacement for make. scons does not provide a configure phase, so everything is managed at build and install time.

doc/hooks/tetex-tex-live.section.md

@@ -1,3 +1,4 @@
-# teTeX / TeX Live {#tetex-tex-live}
+
+### teTeX / TeX Live {#tetex-tex-live}
 
 Adds the `share/texmf-nix` subdirectory of each build input to the `TEXINPUTS` environment variable.

doc/hooks/unzip.section.md

@@ -1,3 +1,4 @@
-# unzip {#unzip}
+
+### unzip {#unzip}
 
 This setup hook will allow you to unzip .zip files specified in `$src`. There are many similar packages like `unrar`, `undmg`, etc.

doc/hooks/validatePkgConfig.section.md

@@ -1,3 +1,4 @@
-# validatePkgConfig {#validatepkgconfig}
+
+### validatePkgConfig {#validatepkgconfig}
 
 The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package. This helps catching some common errors in pkg-config files, such as undefined variables.

doc/hooks/waf.section.md

@@ -1,3 +1,4 @@
-# wafHook {#wafhook}
+
+### wafHook {#wafhook}
 
 Overrides the configure, build, and install phases. This will run the “waf” script used by many projects. If `wafPath` (default `./waf`) doesn’t exist, it will copy the version of waf available in Nixpkgs. `wafFlags` can be used to pass flags to the waf script.

doc/hooks/xcbuild.section.md

@@ -1,3 +1,4 @@
-# xcbuildHook {#xcbuildhook}
+
+### xcbuildHook {#xcbuildhook}
 
 Overrides the build and install phases to run the "xcbuild" command. This hook is needed when a project only comes with build files for the XCode build system. You can disable this behavior by setting buildPhase and configurePhase to a custom value. xcbuildFlags controls flags passed only to xcbuild.

doc/languages-frameworks/bower.section.md

@@ -1,6 +1,6 @@
 # Bower {#sec-bower}
 
-[Bower](https://bower.io) is a package manager for web site front-end components. Bower packages (comprising of build artifacts and sometimes sources) are stored in `git` repositories, typically on Github. The package registry is run by the Bower team with package metadata coming from the `bower.json` file within each package.
+[Bower](https://bower.io) is a package manager for web site front-end components. Bower packages (comprising of build artefacts and sometimes sources) are stored in `git` repositories, typically on Github. The package registry is run by the Bower team with package metadata coming from the `bower.json` file within each package.
 
 The end result of running Bower is a `bower_components` directory which can be included in the web app's build process.
 
@@ -41,18 +41,32 @@ The function is implemented in [pkgs/development/bower-modules/generic/default.n
 
 ### Example buildBowerComponents {#ex-buildBowerComponents}
 
-```nix
+```{=docbook}
+<programlisting language="nix">
 bowerComponents = buildBowerComponents {
   name = "my-web-app";
-  generated = ./bower-packages.nix; # note 1
-  src = myWebApp; # note 2
+  generated = ./bower-packages.nix; <co xml:id="ex-buildBowerComponents-1" />
+  src = myWebApp; <co xml:id="ex-buildBowerComponents-2" />
 };
+</programlisting>
 ```
 
 In ["buildBowerComponents" example](#ex-buildBowerComponents) the following arguments are of special significance to the function:
 
-1. `generated` specifies the file which was created by {command}`bower2nix`.
-2. `src` is your project's sources. It needs to contain a {file}`bower.json` file.
+```{=docbook}
+<calloutlist>
+  <callout arearefs="ex-buildBowerComponents-1">
+    <para>
+      <varname>generated</varname> specifies the file which was created by <command>bower2nix</command>.
+    </para>
+    </callout>
+      <callout arearefs="ex-buildBowerComponents-2">
+    <para>
+      <varname>src</varname> is your project's sources. It needs to contain a <filename>bower.json</filename> file.
+    </para>
+  </callout>
+</calloutlist>
+```
 
 `buildBowerComponents` will run Bower to link together the output of `bower2nix`, resulting in a `bower_components` directory which can be used.
 
@@ -77,9 +91,10 @@ gulp.task('build', [], function () {
 
 ### Example Full example — default.nix {#ex-buildBowerComponentsDefaultNix}
 
-```nix
+```{=docbook}
+<programlisting language="nix">
 { myWebApp ? { outPath = ./.; name = "myWebApp"; }
-, pkgs ? import <nixpkgs> {}
+, pkgs ? import &lt;nixpkgs&gt; {}
 }:
 
 pkgs.stdenv.mkDerivation {
@@ -88,29 +103,49 @@ pkgs.stdenv.mkDerivation {
 
   buildInputs = [ pkgs.nodePackages.gulp ];
 
-  bowerComponents = pkgs.buildBowerComponents { # note 1
+  bowerComponents = pkgs.buildBowerComponents { <co xml:id="ex-buildBowerComponentsDefault-1" />
     name = "my-web-app";
     generated = ./bower-packages.nix;
     src = myWebApp;
   };
 
   buildPhase = ''
-    cp --reflink=auto --no-preserve=mode -R $bowerComponents/bower_components . # note 2
-    export HOME=$PWD # note 3
-    ${pkgs.nodePackages.gulp}/bin/gulp build # note 4
+    cp --reflink=auto --no-preserve=mode -R $bowerComponents/bower_components . <co xml:id="ex-buildBowerComponentsDefault-2" />
+    export HOME=$PWD <co xml:id="ex-buildBowerComponentsDefault-3" />
+    ${pkgs.nodePackages.gulp}/bin/gulp build <co xml:id="ex-buildBowerComponentsDefault-4" />
   '';
 
   installPhase = "mv gulpdist $out";
 }
+</programlisting>
 ```
 
 A few notes about [Full example — `default.nix`](#ex-buildBowerComponentsDefaultNix):
 
-1. The result of `buildBowerComponents` is an input to the frontend build.
-2. Whether to symlink or copy the {file}`bower_components` directory depends on the build tool in use.
-   In this case a copy is used to avoid {command}`gulp` silliness with permissions.
-3. {command}`gulp` requires `HOME` to refer to a writeable directory.
-4. The actual build command in this example is {command}`gulp`. Other tools could be used instead.
+```{=docbook}
+<calloutlist>
+  <callout arearefs="ex-buildBowerComponentsDefault-1">
+    <para>
+      The result of <varname>buildBowerComponents</varname> is an input to the frontend build.
+    </para>
+  </callout>
+  <callout arearefs="ex-buildBowerComponentsDefault-2">
+    <para>
+      Whether to symlink or copy the <filename>bower_components</filename> directory depends on the build tool in use. In this case a copy is used to avoid <command>gulp</command> silliness with permissions.
+    </para>
+  </callout>
+  <callout arearefs="ex-buildBowerComponentsDefault-3">
+    <para>
+      <command>gulp</command> requires <varname>HOME</varname> to refer to a writeable directory.
+    </para>
+  </callout>
+  <callout arearefs="ex-buildBowerComponentsDefault-4">
+    <para>
+      The actual build command. Other tools could be used.
+    </para>
+  </callout>
+</calloutlist>
+```
 
 ## Troubleshooting {#ssec-bower2nix-troubleshooting}
 

doc/languages-frameworks/cuda.section.md

@@ -8,7 +8,7 @@ A package set is available for each CUDA version, so for example
 `cudaPackages_11_6`. Within each set is a matching version of the above listed
 packages. Additionally, other versions of the packages that are packaged and
 compatible are available as well. For example, there can be a
-`cudaPackages.cudnn_8_3` package.
+`cudaPackages.cudnn_8_3_2` package.
 
 To use one or more CUDA packages in an expression, give the expression a `cudaPackages` parameter, and in case CUDA is optional
 ```nix
@@ -28,7 +28,7 @@ set.
 ```nix
 mypkg = let
   cudaPackages = cudaPackages_11_5.overrideScope' (final: prev: {
-    cudnn = prev.cudnn_8_3;
+    cudnn = prev.cudnn_8_3_2;
   }});
 in callPackage { inherit cudaPackages; };
 ```

doc/languages-frameworks/dhall.section.md

@@ -307,12 +307,12 @@ $ nix-env --install --attr haskellPackages.dhall-nixpkgs
 
 $ nix-env --install --attr nix-prefetch-git  # Used by dhall-to-nixpkgs
 
-$ dhall-to-nixpkgs github https://github.com/Gabriella439/dhall-semver.git
+$ dhall-to-nixpkgs github https://github.com/Gabriel439/dhall-semver.git
 { buildDhallGitHubPackage, Prelude }:
   buildDhallGitHubPackage {
     name = "dhall-semver";
     githubBase = "github.com";
-    owner = "Gabriella439";
+    owner = "Gabriel439";
     repo = "dhall-semver";
     rev = "2d44ae605302ce5dc6c657a1216887fbb96392a4";
     fetchSubmodules = false;

doc/languages-frameworks/gnome.section.md

@@ -27,7 +27,7 @@ The modules are typically installed to `lib/gio/modules/` directory of a package
 
 In particular, we recommend:
 
-* adding `dconf.lib` for any software on Linux that reads [GSettings](#ssec-gnome-settings) (even transitively through e.g. GTK’s file manager)
+* adding `dconf.lib` for any software on Linux that reads [GSettings](#ssec-gnome-settings) (even transitivily through e.g. GTK’s file manager)
 * adding `glib-networking` for any software that accesses network using GIO or libsoup – glib-networking contains a module that implements TLS support and loads system-wide proxy settings
 
 To allow software to use various virtual file systems, `gvfs` package can be also added. But that is usually an optional feature so we typically use `gvfs` from the system (e.g. installed globally using NixOS module).
@@ -137,15 +137,15 @@ Most GNOME package offer [`updateScript`](#var-passthru-updateScript), it is the
 
 ## Frequently encountered issues {#ssec-gnome-common-issues}
 
-### `GLib-GIO-ERROR **: 06:04:50.903: No GSettings schemas are installed on the system` {#ssec-gnome-common-issues-no-schemas}
+#### `GLib-GIO-ERROR **: 06:04:50.903: No GSettings schemas are installed on the system` {#ssec-gnome-common-issues-no-schemas}
 
 There are no schemas available in `XDG_DATA_DIRS`. Temporarily add a random package containing schemas like `gsettings-desktop-schemas` to `buildInputs`. [`glib`](#ssec-gnome-hooks-glib) and [`wrapGAppsHook`](#ssec-gnome-hooks-wrapgappshook) setup hooks will take care of making the schemas available to application and you will see the actual missing schemas with the [next error](#ssec-gnome-common-issues-missing-schema). Or you can try looking through the source code for the actual schemas used.
 
-### `GLib-GIO-ERROR **: 06:04:50.903: Settings schema ‘org.gnome.foo’ is not installed` {#ssec-gnome-common-issues-missing-schema}
+#### `GLib-GIO-ERROR **: 06:04:50.903: Settings schema ‘org.gnome.foo’ is not installed` {#ssec-gnome-common-issues-missing-schema}
 
 Package is missing some GSettings schemas. You can find out the package containing the schema with `nix-locate org.gnome.foo.gschema.xml` and let the hooks handle the wrapping as [above](#ssec-gnome-common-issues-no-schemas).
 
-### When using `wrapGAppsHook` with special derivers you can end up with double wrapped binaries. {#ssec-gnome-common-issues-double-wrapped}
+#### When using `wrapGAppsHook` with special derivers you can end up with double wrapped binaries. {#ssec-gnome-common-issues-double-wrapped}
 
 This is because derivers like `python.pkgs.buildPythonApplication` or `qt5.mkDerivation` have setup-hooks automatically added that produce wrappers with makeWrapper. The simplest way to workaround that is to disable the `wrapGAppsHook` automatic wrapping with `dontWrapGApps = true;` and pass the arguments it intended to pass to makeWrapper to another.
 
@@ -193,7 +193,7 @@ mkDerivation {
 }
 ```
 
-### I am packaging a project that cannot be wrapped, like a library or GNOME Shell extension. {#ssec-gnome-common-issues-unwrappable-package}
+#### I am packaging a project that cannot be wrapped, like a library or GNOME Shell extension. {#ssec-gnome-common-issues-unwrappable-package}
 
 You can rely on applications depending on the library setting the necessary environment variables but that is often easy to miss. Instead we recommend to patch the paths in the source code whenever possible. Here are some examples:
 
@@ -209,6 +209,6 @@ You can rely on applications depending on the library setting the necessary envi
 
   []{#ssec-gnome-common-issues-unwrappable-package-gsettings-c} [Hard-coding GSettings schema path in C library](https://github.com/NixOS/nixpkgs/blob/29c120c065d03b000224872251bed93932d42412/pkgs/development/libraries/glib-networking/default.nix#L31-L34) – nothing special other than using [Coccinelle patch](https://github.com/NixOS/nixpkgs/pull/67957#issuecomment-527717467) to generate the patch itself.
 
-### I need to wrap a binary outside `bin` and `libexec` directories. {#ssec-gnome-common-issues-weird-location}
+#### I need to wrap a binary outside `bin` and `libexec` directories. {#ssec-gnome-common-issues-weird-location}
 
 You can manually trigger the wrapping with `wrapGApp` in `preFixup` phase. It takes a path to a program as a first argument; the remaining arguments are passed directly to [`wrapProgram`](#fun-wrapProgram) function.

doc/languages-frameworks/go.section.md

@@ -19,7 +19,7 @@ In the following is an example expression using `buildGoModule`, the following a
   To avoid updating this field when dependencies change, run `go mod vendor` in your source repo and set `vendorHash = null;`
 
   To obtain the actual hash, set `vendorHash = lib.fakeSha256;` and run the build ([more details here](#sec-source-hashes)).
-- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform-dependent `vendorHash` checksums.
+- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums.
 - `modPostBuild`: Shell commands to run after the build of the go-modules executes `go mod vendor`, and before calculating fixed output derivation's `vendorHash` (or `vendorSha256`). Note that if you change this attribute, you need to update `vendorHash` (or `vendorSha256`) attribute.
 
 ```nix

doc/languages-frameworks/haskell.section.md

@@ -276,15 +276,6 @@ Defaults to `true`.
 : Whether to generate an index for interactive navigation of the HTML documentation.
 Defaults to `true` if supported.
 
-`doInstallIntermediates`
-: Whether to install intermediate build products (files written to `dist/build`
-by GHC during the build process). With `enableSeparateIntermediatesOutput`,
-these files are instead installed to [a separate `intermediates`
-output.][multiple-outputs] The output can then be passed into a future build of
-the same package with the `previousIntermediates` argument to support
-incremental builds. See [“Incremental builds”](#haskell-incremental-builds) for
-more information. Defaults to `false`.
-
 `enableLibraryProfiling`
 : Whether to enable [profiling][profiling] for libraries contained in the
 package. Enabled by default if supported.
@@ -380,12 +371,6 @@ Defaults to `false`.
 : Whether to install documentation to a separate `doc` output.
 Is automatically enabled if `doHaddock` is `true`.
 
-`enableSeparateIntermediatesOutput`
-: When `doInstallIntermediates` is true, whether to install intermediate build
-products to a separate `intermediates` output. See [“Incremental
-builds”](#haskell-incremental-builds) for more information. Defaults to
-`false`.
-
 `allowInconsistentDependencies`
 : If enabled, allow multiple versions of the same Haskell package in the
 dependency tree at configure time. Often in such a situation compilation would
@@ -396,11 +381,6 @@ later fail because of type mismatches. Defaults to `false`.
 when loading the library in the REPL, but requires extra build time and
 disk space. Defaults to `false`.
 
-`previousIntermediates`
-: If non-null, intermediate build artifacts are copied from this input to
-`dist/build` before performing compiling. See [“Incremental
-builds”](#haskell-incremental-builds) for more information. Defaults to `null`.
-
 `buildTarget`
 : Name of the executable or library to build and install.
 If unset, all available targets are built and installed.
@@ -516,54 +496,6 @@ the [Meta-attributes section](#chap-meta) for their documentation.
     * `broken`
     * `hydraPlatforms`
 
-### Incremental builds {#haskell-incremental-builds}
-
-`haskellPackages.mkDerivation` supports incremental builds for GHC 9.4 and
-newer with the `doInstallIntermediates`, `enableSeparateIntermediatesOutput`,
-and `previousIntermediates` arguments.
-
-The basic idea is to first perform a full build of the package in question,
-save its intermediate build products for later, and then copy those build
-products into the build directory of an incremental build performed later.
-Then, GHC will use those build artifacts to avoid recompiling unchanged
-modules.
-
-For more detail on how to store and use incremental build products, see
-[Gabriella Gonzalez’ blog post “Nixpkgs support for incremental Haskell
-builds”.][incremental-builds] motivation behind this feature.
-
-An incremental build for [the `turtle` package][turtle] can be performed like
-so:
-
-```nix
-let
-  pkgs = import <nixpkgs> {};
-  inherit (pkgs) haskell;
-  inherit (haskell.lib.compose) overrideCabal;
-
-  # Incremental builds work with GHC >=9.4.
-  turtle = haskell.packages.ghc944.turtle;
-
-  # This will do a full build of `turtle`, while writing the intermediate build products
-  # (compiled modules, etc.) to the `intermediates` output.
-  turtle-full-build-with-incremental-output = overrideCabal (drv: {
-    doInstallIntermediates = true;
-    enableSeparateIntermediatesOutput = true;
-  }) turtle;
-
-  # This will do an incremental build of `turtle` by copying the previously
-  # compiled modules and intermediate build products into the source tree
-  # before running the build.
-  #
-  # GHC will then naturally pick up and reuse these products, making this build
-  # complete much more quickly than the previous one.
-  turtle-incremental-build = overrideCabal (drv: {
-    previousIntermediates = turtle-full-build-with-incremental-output.intermediates;
-  }) turtle;
-in
-  turtle-incremental-build
-```
-
 ## Development environments {#haskell-development-environments}
 
 In addition to building and installing Haskell software, nixpkgs can also
@@ -1057,7 +989,7 @@ benchmark component.
 `dontBenchmark drv`
 : Set `doBenchmark` to `false` for `drv`.
 
-`setBuildTargets drv list`
+`setBuildTargets list drv`
 : Sets the `buildTarget` argument for `drv` so that the targets specified in `list` are built.
 
 `doCoverage drv`
@@ -1151,11 +1083,8 @@ on the issue linked above.
 [haskell.nix]: https://input-output-hk.github.io/haskell.nix/index.html
 [HLS user guide]: https://haskell-language-server.readthedocs.io/en/latest/configuration.html#configuring-your-editor
 [hoogle]: https://wiki.haskell.org/Hoogle
-[incremental-builds]: https://www.haskellforall.com/2022/12/nixpkgs-support-for-incremental-haskell.html
 [jailbreak-cabal]: https://github.com/NixOS/jailbreak-cabal/
-[multiple-outputs]: https://nixos.org/manual/nixpkgs/stable/#chap-multiple-output
 [optparse-applicative-completions]: https://github.com/pcapriotti/optparse-applicative/blob/7726b63796aa5d0df82e926d467f039b78ca09e2/README.md#bash-zsh-and-fish-completions
 [profiling-detail]: https://cabal.readthedocs.io/en/latest/cabal-project.html#cfg-field-profiling-detail
 [profiling]: https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/profiling.html
 [search.nixos.org]: https://search.nixos.org
-[turtle]: https://hackage.haskell.org/package/turtle

doc/languages-frameworks/ios.section.md

@@ -104,7 +104,7 @@ The above function takes a variety of parameters:
   and the location where the source code resides
 * `sdkVersion` specifies which version of the iOS SDK to use.
 
-It also possible to adjust the `xcodebuild` parameters. This is only needed in
+It also possile to adjust the `xcodebuild` parameters. This is only needed in
 rare circumstances. In most cases the default values should suffice:
 
 * Specifies which `xcodebuild` target to build. By default it takes the target
@@ -130,7 +130,7 @@ In addition, you need to set the following parameters:
   store certificates.
 * `generateIPA` specifies that we want to produce an IPA file (this is probably
   what you want)
-* `generateXCArchive` specifies that we want to produce an xcarchive file.
+* `generateXCArchive` specifies thet we want to produce an xcarchive file.
 
 When building IPA files on Hydra and when it is desired to allow iOS devices to
 install IPAs by browsing to the Hydra build products page, you can enable the

doc/languages-frameworks/javascript.section.md

@@ -143,7 +143,7 @@ To update NPM packages in nixpkgs, run the same `generate.sh` script:
 #### Git protocol error {#javascript-git-error}
 
 Some packages may have Git dependencies from GitHub specified with `git://`.
-GitHub has [disabled unencrypted Git connections](https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git), so you may see the following error when running the generate script:
+GitHub has [disabled unecrypted Git connections](https://github.blog/2021-09-01-improving-git-protocol-security-github/#no-more-unauthenticated-git), so you may see the following error when running the generate script:
 
 ```
 The unauthenticated git protocol on port 9418 is no longer supported

doc/languages-frameworks/python.section.md

@@ -995,7 +995,7 @@ and in this case the `python3` interpreter is automatically used.
 ### Interpreters {#interpreters}
 
 Versions 2.7, 3.8, 3.9, 3.10 and 3.11 of the CPython interpreter are available
-as respectively `python27`, `python38`, `python39`, `python310` and `python311`.
+as respectively `python27`, python38`, `python39`, `python310` and `python311`.
 The aliases `python2` and `python3` correspond to respectively `python27` and
 `python310`. The attribute `python` maps to `python2`. The PyPy interpreters
 compatible with Python 2.7 and 3 are available as `pypy27` and `pypy3`, with
@@ -1514,6 +1514,10 @@ Note: There is a boolean value `lib.inNixShell` set to `true` if nix-shell is in
 Packages inside nixpkgs are written by hand. However many tools exist in
 community to help save time. No tool is preferred at the moment.
 
+- [pypi2nix](https://github.com/nix-community/pypi2nix): Generate Nix
+  expressions for your Python project. Note that [sharing derivations from
+  pypi2nix with nixpkgs is possible but not
+  encouraged](https://github.com/nix-community/pypi2nix/issues/222#issuecomment-443497376).
 - [nixpkgs-pytools](https://github.com/nix-community/nixpkgs-pytools)
 - [poetry2nix](https://github.com/nix-community/poetry2nix)
 

doc/languages-frameworks/qt.section.md

@@ -10,22 +10,37 @@ pure and explicit at build-time, at the cost of introducing an extra indirection
 
 ## Nix expression for a Qt package (default.nix) {#qt-default-nix}
 
-```nix
-{ stdenv, lib, qtbase, wrapQtAppsHook }:
+```{=docbook}
+<programlisting>
+{ stdenv, lib, qtbase, wrapQtAppsHook }: <co xml:id='qt-default-nix-co-1' />
 
 stdenv.mkDerivation {
   pname = "myapp";
   version = "1.0";
 
   buildInputs = [ qtbase ];
-  nativeBuildInputs = [ wrapQtAppsHook ];
+  nativeBuildInputs = [ wrapQtAppsHook ]; <co xml:id='qt-default-nix-co-2' />
 }
+</programlisting>
+
+ <calloutlist>
+  <callout arearefs='qt-default-nix-co-1'>
+   <para>
+    Import Qt modules directly, that is: <literal>qtbase</literal>, <literal>qtdeclarative</literal>, etc.
+    <emphasis>Do not</emphasis> import Qt package sets such as <literal>qt5</literal>
+    because the Qt versions of dependencies may not be coherent, causing build and runtime failures.
+   </para>
+  </callout>
+  <callout arearefs='qt-default-nix-co-2'>
+    <para>
+      All Qt packages must include <literal>wrapQtAppsHook</literal> in
+      <literal>nativeBuildInputs</literal>, or you must explicitly set
+      <literal>dontWrapQtApps</literal>.
+    </para>
+  </callout>
+ </calloutlist>
 ```
 
-It is important to import Qt modules directly, that is: `qtbase`, `qtdeclarative`, etc. *Do not* import Qt package sets such as `qt5` because the Qt versions of dependencies may not be coherent, causing build and runtime failures.
-
-Additionally all Qt packages must include `wrapQtAppsHook` in `nativeBuildInputs`, or you must explicitly set `dontWrapQtApps`.
-
 ## Locating runtime dependencies {#qt-runtime-dependencies}
 
 Qt applications must be wrapped to find runtime dependencies.

doc/stdenv/meta.chapter.md

@@ -70,7 +70,7 @@ A list of the maintainers of this Nix expression. Maintainers are defined in [`n
 
 ### `mainProgram` {#var-meta-mainProgram}
 
-The name of the main binary for the package. This affects the binary `nix run` executes and falls back to the name of the package. Example: `"rg"`
+The name of the main binary for the package. This effects the binary `nix run` executes and falls back to the name of the package. Example: `"rg"`
 
 ### `priority` {#var-meta-priority}
 
@@ -128,7 +128,7 @@ Prefer `passthru.tests` for tests that are introduced in nixpkgs because:
 * we can run `passthru.tests` independently
 * `installCheckPhase` adds overhead to each build
 
-For more on how to write and run package tests, see [](#sec-package-tests).
+For more on how to write and run package tests, see <xref linkend="sec-package-tests"/>.
 
 #### NixOS tests {#var-meta-tests-nixos}
 

doc/stdenv/stdenv.chapter.md

@@ -286,7 +286,7 @@ This is where “sum-like” comes in from above: We can just sum all of the hos
 
 Because of the bounds checks, the uncommon cases are `h = t` and `h + 2 = t`. In the former case, the motivation for `mapOffset` is that since its host and target platforms are the same, no transitive dependency of it should be able to “discover” an offset greater than its reduced target offsets. `mapOffset` effectively “squashes” all its transitive dependencies’ offsets so that none will ever be greater than the target offset of the original `h = t` package. In the other case, `h + 1` is skipped over between the host and target offsets. Instead of squashing the offsets, we need to “rip” them apart so no transitive dependencies’ offset is that one.
 
-Overall, the unifying theme here is that propagation shouldn’t be introducing transitive dependencies involving platforms the depending package is unaware of. \[One can imagine the depending package asking for dependencies with the platforms it knows about; other platforms it doesn’t know how to ask for. The platform description in that scenario is a kind of unforgeable capability.\] The offset bounds checking and definition of `mapOffset` together ensure that this is the case. Discovering a new offset is discovering a new platform, and since those platforms weren’t in the derivation “spec” of the needing package, they cannot be relevant. From a capability perspective, we can imagine that the host and target platforms of a package are the capabilities a package requires, and the depending package must provide the capability to the dependency.
+Overall, the unifying theme here is that propagation shouldn’t be introducing transitive dependencies involving platforms the depending package is unaware of. \[One can imagine the dependending package asking for dependencies with the platforms it knows about; other platforms it doesn’t know how to ask for. The platform description in that scenario is a kind of unforagable capability.\] The offset bounds checking and definition of `mapOffset` together ensure that this is the case. Discovering a new offset is discovering a new platform, and since those platforms weren’t in the derivation “spec” of the needing package, they cannot be relevant. From a capability perspective, we can imagine that the host and target platforms of a package are the capabilities a package requires, and the depending package must provide the capability to the dependency.
 
 #### Variables specifying dependencies {#variables-specifying-dependencies}
 
@@ -971,8 +971,7 @@ to `~/.gdbinit`. GDB will then be able to find debug information installed via `
 
 The installCheck phase checks whether the package was installed correctly by running its test suite against the installed directories. The default `installCheck` calls `make installcheck`.
 
-It is often better to add tests that are not part of the source distribution to `passthru.tests` (see
-[](#var-meta-tests)). This avoids adding overhead to every build and enables us to run them independently.
+It is often better to add tests that are not part of the source distribution to `passthru.tests` (see <xref linkend="var-meta-tests"/>). This avoids adding overhead to every build and enables us to run them independently.
 
 #### Variables controlling the installCheck phase {#variables-controlling-the-installcheck-phase}
 
@@ -1235,7 +1234,7 @@ This runs the strip command on installed binaries and libraries. This removes un
 
 This setup hook patches installed scripts to add Nix store paths to their shebang interpreter as found in the build environment. The [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) line tells a Unix-like operating system which interpreter to use to execute the script's contents.
 
-::: {.note}
+::: note
 The [generic builder][generic-builder] populates `PATH` from inputs of the derivation.
 :::
 
@@ -1273,7 +1272,7 @@ patchShebangs --build configure
 
 Interpreter paths that point to a valid Nix store location are not changed.
 
-::: {.note}
+::: note
 A script file must be marked as executable, otherwise it will not be
 considered.
 :::

lib/attrsets.nix

@@ -123,11 +123,7 @@ rec {
          { x = "a"; y = "b"; }
        => { x = "a"; xa = "a"; y = "b"; yb = "b"; }
   */
-  concatMapAttrs = f: v:
-    foldl' mergeAttrs { }
-      (attrValues
-        (mapAttrs f v)
-      );
+  concatMapAttrs = f: flip pipe [ (mapAttrs f) attrValues (foldl' mergeAttrs { }) ];
 
 
   /* Update or set specific paths of an attribute set.

lib/derivations.nix

@@ -31,7 +31,7 @@ in
 
         (lazyDerivation { inherit derivation; meta.foo = true; }).meta
 
-    In these expressions, `derivation` _will_ be evaluated:
+    In these expressions, it `derivation` _will_ be evaluated:
 
         "${lazyDerivation { inherit derivation }}"
 

lib/licenses.nix

@@ -215,12 +215,6 @@ in mkLicense lset) ({
     url = "https://opensource.org/licenses/CAL-1.0";
   };
 
-  caldera = {
-    spdxId = "Caldera";
-    fullName = "Caldera License";
-    url = "http://www.lemis.com/grog/UNIX/ancient-source-all.pdf";
-  };
-
   capec = {
     fullName = "Common Attack Pattern Enumeration and Classification";
     url = "https://capec.mitre.org/about/termsofuse.html";
@@ -562,12 +556,6 @@ in mkLicense lset) ({
     fullName = "Imlib2 License";
   };
 
-  info-zip = {
-    spdxId = "Info-ZIP";
-    fullName = "Info-ZIP License";
-    url = "http://www.info-zip.org/pub/infozip/license.html";
-  };
-
   inria-compcert = {
     fullName  = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
     url       = "https://compcert.org/doc/LICENSE.txt";

lib/lists.nix

@@ -198,38 +198,8 @@ rec {
     default:
     # Input list
     list:
-    let
-      # A naive recursive implementation would be much simpler, but
-      # would also overflow the evaluator stack. We use `foldl'` as a workaround
-      # because it reuses the same stack space, evaluating the function for one
-      # element after another. We can't return early, so this means that we
-      # sacrifice early cutoff, but that appears to be an acceptable cost. A
-      # clever scheme with "exponential search" is possible, but appears over-
-      # engineered for now. See https://github.com/NixOS/nixpkgs/pull/235267
-
-      # Invariant:
-      # - if index < 0 then el == elemAt list (- index - 1) and all elements before el didn't satisfy pred
-      # - if index >= 0 then pred (elemAt list index) and all elements before (elemAt list index) didn't satisfy pred
-      #
-      # We start with index -1 and the 0'th element of the list, which satisfies the invariant
-      resultIndex = foldl' (index: el:
-        if index < 0 then
-          # No match yet before the current index, we need to check the element
-          if pred el then
-            # We have a match! Turn it into the actual index to prevent future iterations from modifying it
-            - index - 1
-          else
-            # Still no match, update the index to the next element (we're counting down, so minus one)
-            index - 1
-        else
-          # There's already a match, propagate the index without evaluating anything
-          index
-      ) (-1) list;
-    in
-    if resultIndex < 0 then
-      default
-    else
-      elemAt list resultIndex;
+    let found = filter pred list;
+    in if found == [] then default else head found;
 
   /* Return true if function `pred` returns true for at least one
      element of `list`.

lib/systems/doubles.nix

@@ -27,9 +27,9 @@ let
     # Linux
     "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux"
     "armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux"
-    "microblazeel-linux" "mips-linux" "mips64-linux" "mips64el-linux"
-    "mipsel-linux" "powerpc64-linux" "powerpc64le-linux" "riscv32-linux"
-    "riscv64-linux" "s390-linux" "s390x-linux" "x86_64-linux"
+    "microblazeel-linux" "mipsel-linux" "mips64el-linux" "powerpc64-linux"
+    "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux"
+    "s390x-linux" "x86_64-linux"
 
     # MMIXware
     "mmix-mmixware"

lib/systems/examples.nix

@@ -91,16 +91,22 @@ rec {
   } // platforms.fuloong2f_n32;
 
   # can execute on 32bit chip
-  mips-linux-gnu           = { config = "mips-unknown-linux-gnu";           } // platforms.gcc_mips32r2_o32;
-  mipsel-linux-gnu         = { config = "mipsel-unknown-linux-gnu";         } // platforms.gcc_mips32r2_o32;
+  mips-linux-gnu                = { config = "mips-unknown-linux-gnu";                } // platforms.gcc_mips32r2_o32;
+  mipsel-linux-gnu              = { config = "mipsel-unknown-linux-gnu";              } // platforms.gcc_mips32r2_o32;
+  mipsisa32r6-linux-gnu         = { config = "mipsisa32r6-unknown-linux-gnu";         } // platforms.gcc_mips32r6_o32;
+  mipsisa32r6el-linux-gnu       = { config = "mipsisa32r6el-unknown-linux-gnu";       } // platforms.gcc_mips32r6_o32;
 
   # require 64bit chip (for more registers, 64-bit floating point, 64-bit "long long") but use 32bit pointers
-  mips64-linux-gnuabin32   = { config = "mips64-unknown-linux-gnuabin32";   } // platforms.gcc_mips64r2_n32;
-  mips64el-linux-gnuabin32 = { config = "mips64el-unknown-linux-gnuabin32"; } // platforms.gcc_mips64r2_n32;
+  mips64-linux-gnuabin32        = { config = "mips64-unknown-linux-gnuabin32";        } // platforms.gcc_mips64r2_n32;
+  mips64el-linux-gnuabin32      = { config = "mips64el-unknown-linux-gnuabin32";      } // platforms.gcc_mips64r2_n32;
+  mipsisa64r6-linux-gnuabin32   = { config = "mipsisa64r6-unknown-linux-gnuabin32";   } // platforms.gcc_mips64r6_n32;
+  mipsisa64r6el-linux-gnuabin32 = { config = "mipsisa64r6el-unknown-linux-gnuabin32"; } // platforms.gcc_mips64r6_n32;
 
   # 64bit pointers
-  mips64-linux-gnuabi64    = { config = "mips64-unknown-linux-gnuabi64";    } // platforms.gcc_mips64r2_64;
-  mips64el-linux-gnuabi64  = { config = "mips64el-unknown-linux-gnuabi64";  } // platforms.gcc_mips64r2_64;
+  mips64-linux-gnuabi64         = { config = "mips64-unknown-linux-gnuabi64";         } // platforms.gcc_mips64r2_64;
+  mips64el-linux-gnuabi64       = { config = "mips64el-unknown-linux-gnuabi64";       } // platforms.gcc_mips64r2_64;
+  mipsisa64r6-linux-gnuabi64    = { config = "mipsisa64r6-unknown-linux-gnuabi64";    } // platforms.gcc_mips64r6_64;
+  mipsisa64r6el-linux-gnuabi64  = { config = "mipsisa64r6el-unknown-linux-gnuabi64";  } // platforms.gcc_mips64r6_64;
 
   muslpi = raspberryPi // {
     config = "armv6l-unknown-linux-musleabihf";

lib/systems/parse.nix

@@ -91,10 +91,14 @@ rec {
     microblaze   = { bits = 32; significantByte = bigEndian;    family = "microblaze"; };
     microblazeel = { bits = 32; significantByte = littleEndian; family = "microblaze"; };
 
-    mips     = { bits = 32; significantByte = bigEndian;    family = "mips"; };
-    mipsel   = { bits = 32; significantByte = littleEndian; family = "mips"; };
-    mips64   = { bits = 64; significantByte = bigEndian;    family = "mips"; };
-    mips64el = { bits = 64; significantByte = littleEndian; family = "mips"; };
+    mips          = { bits = 32; significantByte = bigEndian;    family = "mips"; };
+    mipsel        = { bits = 32; significantByte = littleEndian; family = "mips"; };
+    mipsisa32r6   = { bits = 32; significantByte = bigEndian;    family = "mips"; };
+    mipsisa32r6el = { bits = 32; significantByte = littleEndian; family = "mips"; };
+    mips64        = { bits = 64; significantByte = bigEndian;    family = "mips"; };
+    mips64el      = { bits = 64; significantByte = littleEndian; family = "mips"; };
+    mipsisa64r6   = { bits = 64; significantByte = bigEndian;    family = "mips"; };
+    mipsisa64r6el = { bits = 64; significantByte = littleEndian; family = "mips"; };
 
     mmix     = { bits = 64; significantByte = bigEndian;    family = "mmix"; };
 

lib/tests/filesystem.sh

@@ -35,50 +35,58 @@ touch regular
 ln -s target symlink
 mkfifo fifo
 
-expectSuccess() {
-    local expr=$1
-    local expectedResultRegex=$2
-    if ! result=$(nix-instantiate --eval --strict --json \
-        --expr "with (import <nixpkgs/lib>).filesystem; $expr"); then
-        die "$expr failed to evaluate, but it was expected to succeed"
-    fi
-    if [[ ! "$result" =~ $expectedResultRegex ]]; then
-        die "$expr == $result, but $expectedResultRegex was expected"
+checkPathType() {
+    local path=$1
+    local expectedPathType=$2
+    local actualPathType=$(nix-instantiate --eval --strict --json 2>&1 \
+        -E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathType path' \
+        --argstr path "$path")
+    if [[ "$actualPathType" != "$expectedPathType" ]]; then
+        die "lib.filesystem.pathType \"$path\" == $actualPathType, but $expectedPathType was expected"
     fi
 }
 
-expectFailure() {
-    local expr=$1
-    local expectedErrorRegex=$2
-    if result=$(nix-instantiate --eval --strict --json 2>"$work/stderr" \
-        --expr "with (import <nixpkgs/lib>).filesystem; $expr"); then
-        die "$expr evaluated successfully to $result, but it was expected to fail"
-    fi
-    if [[ ! "$(<"$work/stderr")" =~ $expectedErrorRegex ]]; then
-        die "Error was $(<"$work/stderr"), but $expectedErrorRegex was expected"
+checkPathType "/" '"directory"'
+checkPathType "$PWD/directory" '"directory"'
+checkPathType "$PWD/regular" '"regular"'
+checkPathType "$PWD/symlink" '"symlink"'
+checkPathType "$PWD/fifo" '"unknown"'
+checkPathType "$PWD/non-existent" "error: evaluation aborted with the following error message: 'lib.filesystem.pathType: Path $PWD/non-existent does not exist.'"
+
+checkPathIsDirectory() {
+    local path=$1
+    local expectedIsDirectory=$2
+    local actualIsDirectory=$(nix-instantiate --eval --strict --json 2>&1 \
+        -E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathIsDirectory path' \
+        --argstr path "$path")
+    if [[ "$actualIsDirectory" != "$expectedIsDirectory" ]]; then
+        die "lib.filesystem.pathIsDirectory \"$path\" == $actualIsDirectory, but $expectedIsDirectory was expected"
     fi
 }
 
-expectSuccess "pathType /." '"directory"'
-expectSuccess "pathType $PWD/directory" '"directory"'
-expectSuccess "pathType $PWD/regular" '"regular"'
-expectSuccess "pathType $PWD/symlink" '"symlink"'
-expectSuccess "pathType $PWD/fifo" '"unknown"'
-# Different errors depending on whether the builtins.readFilePath primop is available or not
-expectFailure "pathType $PWD/non-existent" "error: (evaluation aborted with the following error message: 'lib.filesystem.pathType: Path $PWD/non-existent does not exist.'|getting status of '$PWD/non-existent': No such file or directory)"
+checkPathIsDirectory "/" "true"
+checkPathIsDirectory "$PWD/directory" "true"
+checkPathIsDirectory "$PWD/regular" "false"
+checkPathIsDirectory "$PWD/symlink" "false"
+checkPathIsDirectory "$PWD/fifo" "false"
+checkPathIsDirectory "$PWD/non-existent" "false"
 
-expectSuccess "pathIsDirectory /." "true"
-expectSuccess "pathIsDirectory $PWD/directory" "true"
-expectSuccess "pathIsDirectory $PWD/regular" "false"
-expectSuccess "pathIsDirectory $PWD/symlink" "false"
-expectSuccess "pathIsDirectory $PWD/fifo" "false"
-expectSuccess "pathIsDirectory $PWD/non-existent" "false"
+checkPathIsRegularFile() {
+    local path=$1
+    local expectedIsRegularFile=$2
+    local actualIsRegularFile=$(nix-instantiate --eval --strict --json 2>&1 \
+        -E '{ path }: let lib = import <nixpkgs/lib>; in lib.filesystem.pathIsRegularFile path' \
+        --argstr path "$path")
+    if [[ "$actualIsRegularFile" != "$expectedIsRegularFile" ]]; then
+        die "lib.filesystem.pathIsRegularFile \"$path\" == $actualIsRegularFile, but $expectedIsRegularFile was expected"
+    fi
+}
 
-expectSuccess "pathIsRegularFile /." "false"
-expectSuccess "pathIsRegularFile $PWD/directory" "false"
-expectSuccess "pathIsRegularFile $PWD/regular" "true"
-expectSuccess "pathIsRegularFile $PWD/symlink" "false"
-expectSuccess "pathIsRegularFile $PWD/fifo" "false"
-expectSuccess "pathIsRegularFile $PWD/non-existent" "false"
+checkPathIsRegularFile "/" "false"
+checkPathIsRegularFile "$PWD/directory" "false"
+checkPathIsRegularFile "$PWD/regular" "true"
+checkPathIsRegularFile "$PWD/symlink" "false"
+checkPathIsRegularFile "$PWD/fifo" "false"
+checkPathIsRegularFile "$PWD/non-existent" "false"
 
 echo >&2 tests ok

lib/tests/misc.nix

@@ -518,46 +518,6 @@ runTests {
     expected = false;
   };
 
-  testFindFirstExample1 = {
-    expr = findFirst (x: x > 3) 7 [ 1 6 4 ];
-    expected = 6;
-  };
-
-  testFindFirstExample2 = {
-    expr = findFirst (x: x > 9) 7 [ 1 6 4 ];
-    expected = 7;
-  };
-
-  testFindFirstEmpty = {
-    expr = findFirst (abort "when the list is empty, the predicate is not needed") null [];
-    expected = null;
-  };
-
-  testFindFirstSingleMatch = {
-    expr = findFirst (x: x == 5) null [ 5 ];
-    expected = 5;
-  };
-
-  testFindFirstSingleDefault = {
-    expr = findFirst (x: false) null [ (abort "if the predicate doesn't access the value, it must not be evaluated") ];
-    expected = null;
-  };
-
-  testFindFirstNone = {
-    expr = builtins.tryEval (findFirst (x: x == 2) null [ 1 (throw "the last element must be evaluated when there's no match") ]);
-    expected = { success = false; value = false; };
-  };
-
-  # Makes sure that the implementation doesn't cause a stack overflow
-  testFindFirstBig = {
-    expr = findFirst (x: x == 1000000) null (range 0 1000000);
-    expected = 1000000;
-  };
-
-  testFindFirstLazy = {
-    expr = findFirst (x: x == 1) 7 [ 1 (abort "list elements after the match must not be evaluated") ];
-    expected = 1;
-  };
 
 # ATTRSETS
 

lib/tests/modules.sh

@@ -378,7 +378,7 @@ checkConfigOutput '^{ }$' config.sub.nixosOk ./class-check.nix
 checkConfigError 'The module .*/module-class-is-darwin.nix was imported into nixos instead of darwin.' config.sub.nixosFail.config ./class-check.nix
 
 # submoduleWith type merge with different class
-checkConfigError 'A submoduleWith option is declared multiple times with conflicting class values "darwin" and "nixos".' config.sub.mergeFail.config ./class-check.nix
+checkConfigError 'error: A submoduleWith option is declared multiple times with conflicting class values "darwin" and "nixos".' config.sub.mergeFail.config ./class-check.nix
 
 # _type check
 checkConfigError 'Could not load a value as a module, because it is of type "flake", in file .*/module-imports-_type-check.nix' config.ok.config ./module-imports-_type-check.nix

lib/tests/release.nix

@@ -2,63 +2,53 @@
   # Don't test properties of pkgs.lib, but rather the lib in the parent directory
   pkgs ? import ../.. {} // { lib = throw "pkgs.lib accessed, but the lib tests should use nixpkgs' lib path directly!"; },
   nix ? pkgs.nix,
-  nixVersions ? [ pkgs.nixVersions.minimum nix pkgs.nixVersions.unstable ],
 }:
 
-let
-  testWithNix = nix:
-    pkgs.runCommand "nixpkgs-lib-tests-nix-${nix.version}" {
-      buildInputs = [
-        (import ./check-eval.nix)
-        (import ./maintainers.nix {
-          inherit pkgs;
-          lib = import ../.;
-        })
-        (import ./teams.nix {
-          inherit pkgs;
-          lib = import ../.;
-        })
-        (import ../path/tests {
-          inherit pkgs;
-        })
-      ];
-      nativeBuildInputs = [
-        nix
-      ];
-      strictDeps = true;
-    } ''
-      datadir="${nix}/share"
-      export TEST_ROOT=$(pwd)/test-tmp
-      export NIX_BUILD_HOOK=
-      export NIX_CONF_DIR=$TEST_ROOT/etc
-      export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
-      export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
-      export NIX_STATE_DIR=$TEST_ROOT/var/nix
-      export NIX_STORE_DIR=$TEST_ROOT/store
-      export PAGER=cat
-      cacheDir=$TEST_ROOT/binary-cache
+pkgs.runCommand "nixpkgs-lib-tests" {
+  buildInputs = [
+    (import ./check-eval.nix)
+    (import ./maintainers.nix {
+      inherit pkgs;
+      lib = import ../.;
+    })
+    (import ./teams.nix {
+      inherit pkgs;
+      lib = import ../.;
+    })
+    (import ../path/tests {
+      inherit pkgs;
+    })
+  ];
+  nativeBuildInputs = [
+    nix
+  ];
+  strictDeps = true;
+} ''
+    datadir="${nix}/share"
+    export TEST_ROOT=$(pwd)/test-tmp
+    export NIX_BUILD_HOOK=
+    export NIX_CONF_DIR=$TEST_ROOT/etc
+    export NIX_LOCALSTATE_DIR=$TEST_ROOT/var
+    export NIX_LOG_DIR=$TEST_ROOT/var/log/nix
+    export NIX_STATE_DIR=$TEST_ROOT/var/nix
+    export NIX_STORE_DIR=$TEST_ROOT/store
+    export PAGER=cat
+    cacheDir=$TEST_ROOT/binary-cache
 
-      mkdir -p $NIX_CONF_DIR
-      echo "experimental-features = nix-command" >> $NIX_CONF_DIR/nix.conf
+    mkdir -p $NIX_CONF_DIR
+    echo "experimental-features = nix-command" >> $NIX_CONF_DIR/nix.conf
 
-      nix-store --init
+    nix-store --init
 
-      cp -r ${../.} lib
-      echo "Running lib/tests/modules.sh"
-      bash lib/tests/modules.sh
+    cp -r ${../.} lib
+    echo "Running lib/tests/modules.sh"
+    bash lib/tests/modules.sh
 
-      echo "Running lib/tests/filesystem.sh"
-      TEST_LIB=$PWD/lib bash lib/tests/filesystem.sh
+    echo "Running lib/tests/filesystem.sh"
+    TEST_LIB=$PWD/lib bash lib/tests/filesystem.sh
 
-      echo "Running lib/tests/sources.sh"
-      TEST_LIB=$PWD/lib bash lib/tests/sources.sh
+    echo "Running lib/tests/sources.sh"
+    TEST_LIB=$PWD/lib bash lib/tests/sources.sh
 
-      mkdir $out
-      echo success > $out/${nix.version}
-    '';
-
-in
-  pkgs.symlinkJoin {
-    name = "nixpkgs-lib-tests";
-    paths = map testWithNix nixVersions;
-  }
+    touch $out
+''

lib/tests/sources.sh

@@ -23,19 +23,14 @@ clean_up() {
 trap clean_up EXIT
 cd "$work"
 
-# Crudely unquotes a JSON string by just taking everything between the first and the second quote.
-# We're only using this for resulting /nix/store paths, which can't contain " anyways,
-# nor can they contain any other characters that would need to be escaped specially in JSON
-# This way we don't need to add a dependency on e.g. jq
-crudeUnquoteJSON() {
-    cut -d \" -f2
-}
-
 touch {README.md,module.o,foo.bar}
 
-dir="$(nix-instantiate --eval --strict --read-write-mode --json --expr '(with import <nixpkgs/lib>; "${
+# nix-instantiate doesn't write out the source, only computing the hash, so
+# this uses the experimental nix command instead.
+
+dir="$(nix eval --impure --raw --expr '(with import <nixpkgs/lib>; "${
   cleanSource ./.
-}")' | crudeUnquoteJSON)"
+}")')"
 (cd "$dir"; find) | sort -f | diff -U10 - <(cat <<EOF
 .
 ./foo.bar
@@ -44,9 +39,9 @@ EOF
 ) || die "cleanSource 1"
 
 
-dir="$(nix-instantiate --eval --strict --read-write-mode --json --expr '(with import <nixpkgs/lib>; "${
+dir="$(nix eval --impure --raw --expr '(with import <nixpkgs/lib>; "${
   cleanSourceWith { src = '"$work"'; filter = path: type: ! hasSuffix ".bar" path; }
-}")' | crudeUnquoteJSON)"
+}")')"
 (cd "$dir"; find) | sort -f | diff -U10 - <(cat <<EOF
 .
 ./module.o
@@ -54,9 +49,9 @@ dir="$(nix-instantiate --eval --strict --read-write-mode --json --expr '(with im
 EOF
 ) || die "cleanSourceWith 1"
 
-dir="$(nix-instantiate --eval --strict --read-write-mode --json --expr '(with import <nixpkgs/lib>; "${
+dir="$(nix eval --impure --raw --expr '(with import <nixpkgs/lib>; "${
   cleanSourceWith { src = cleanSource '"$work"'; filter = path: type: ! hasSuffix ".bar" path; }
-}")' | crudeUnquoteJSON)"
+}")')"
 (cd "$dir"; find) | sort -f | diff -U10 - <(cat <<EOF
 .
 ./README.md

lib/tests/systems.nix

@@ -18,7 +18,7 @@ with lib.systems.doubles; lib.runTests {
   testarm = mseteq arm [ "armv5tel-linux" "armv6l-linux" "armv6l-netbsd" "armv6l-none" "armv7a-linux" "armv7a-netbsd" "armv7l-linux" "armv7l-netbsd" "arm-none" "armv7a-darwin" ];
   testarmv7 = mseteq armv7 [ "armv7a-darwin" "armv7a-linux" "armv7l-linux" "armv7a-netbsd" "armv7l-netbsd" ];
   testi686 = mseteq i686 [ "i686-linux" "i686-freebsd13" "i686-genode" "i686-netbsd" "i686-openbsd" "i686-cygwin" "i686-windows" "i686-none" "i686-darwin" ];
-  testmips = mseteq mips [ "mips-linux" "mips64-linux" "mips64el-linux" "mipsel-linux" "mipsel-netbsd" ];
+  testmips = mseteq mips [ "mips64el-linux" "mipsel-linux" "mipsel-netbsd" ];
   testmmix = mseteq mmix [ "mmix-mmixware" ];
   testpower = mseteq power [ "powerpc-netbsd" "powerpc-none" "powerpc64-linux" "powerpc64le-linux" "powerpcle-none" ];
   testriscv = mseteq riscv [ "riscv32-linux" "riscv64-linux" "riscv32-netbsd" "riscv64-netbsd" "riscv32-none" "riscv64-none" ];
@@ -34,7 +34,7 @@ with lib.systems.doubles; lib.runTests {
   testredox = mseteq redox [ "x86_64-redox" ];
   testgnu = mseteq gnu (linux /* ++ kfreebsd ++ ... */);
   testillumos = mseteq illumos [ "x86_64-solaris" ];
-  testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "loongarch64-linux" "m68k-linux" "microblaze-linux" "microblazeel-linux" "mips-linux" "mips64-linux" "mips64el-linux" "mipsel-linux" "powerpc64-linux" "powerpc64le-linux" "riscv32-linux" "riscv64-linux" "s390-linux" "s390x-linux" "x86_64-linux" ];
+  testlinux = mseteq linux [ "aarch64-linux" "armv5tel-linux" "armv6l-linux" "armv7a-linux" "armv7l-linux" "i686-linux" "mips64el-linux" "mipsel-linux" "riscv32-linux" "riscv64-linux" "x86_64-linux" "powerpc64-linux" "powerpc64le-linux" "m68k-linux" "s390-linux" "s390x-linux" "microblaze-linux" "microblazeel-linux" "loongarch64-linux" ];
   testnetbsd = mseteq netbsd [ "aarch64-netbsd" "armv6l-netbsd" "armv7a-netbsd" "armv7l-netbsd" "i686-netbsd" "m68k-netbsd" "mipsel-netbsd" "powerpc-netbsd" "riscv32-netbsd" "riscv64-netbsd" "x86_64-netbsd" ];
   testopenbsd = mseteq openbsd [ "i686-openbsd" "x86_64-openbsd" ];
   testwindows = mseteq windows [ "i686-cygwin" "x86_64-cygwin" "i686-windows" "x86_64-windows" ];

lib/trivial.nix

@@ -195,7 +195,7 @@ rec {
      On each release the first letter is bumped and a new animal is chosen
      starting with that new letter.
   */
-  codeName = "Tapir";
+  codeName = "Stoat";
 
   /* Returns the current nixpkgs version suffix as string. */
   versionSuffix =

maintainers/maintainer-list.nix

@@ -64,12 +64,6 @@
     githubId = 64707304;
     name = "Dmitry Kulikov";
   };
-  _0x120581f = {
-    email = "nixpkgs@0x120581f.dev";
-    name = "0x120581f";
-    github = "0x120581f";
-    githubId = 130835755;
-  };
   _0x4A6F = {
     email = "mail-maintainer@0x4A6F.dev";
     matrix = "@0x4a6f:matrix.org";
@@ -183,12 +177,6 @@
     githubId = 12578560;
     name = "Quinn Bohner";
   };
-  _8-bit-fox = {
-    email = "sebastian@markwaerter.de";
-    github = "8-bit-fox";
-    githubId = 43320117;
-    name = "Sebastian Marquardt";
-  };
   _9999years = {
     email = "rbt@fastmail.com";
     github = "9999years";
@@ -315,12 +303,6 @@
     githubId = 2321000;
     name = "Ruslan Babayev";
   };
-  abustany = {
-    email = "adrien@bustany.org";
-    github = "abustany";
-    githubId = 2526296;
-    name = "Adrien Bustany";
-  };
   acairncross = {
     email = "acairncross@gmail.com";
     github = "acairncross";
@@ -1651,12 +1633,6 @@
       fingerprint = "2688 0377 C31D 9E81 9BDF  83A8 C8C6 BDDB 3847 F72B";
     }];
   };
-  azd325 = {
-    email = "tim.kleinschmidt@gmail.com";
-    github = "Azd325";
-    githubId = 426541;
-    name = "Tim Kleinschmidt";
-  };
   azuwis = {
     email = "azuwis@gmail.com";
     github = "azuwis";
@@ -1887,12 +1863,6 @@
     githubId = 11135;
     name = "Berk D. Demir";
   };
-  bddvlpr = {
-    email = "luna@bddvlpr.com";
-    github = "bddvlpr";
-    githubId = 17461028;
-    name = "Luna Simons";
-  };
   bdesham = {
     email = "benjamin@esham.io";
     github = "bdesham";
@@ -2222,13 +2192,6 @@
     githubId = 68566724;
     name = "bootstrap-prime";
   };
-  boozedog = {
-    email = "code@booze.dog";
-    github = "boozedog";
-    githubId = 1410808;
-    matrix = "@boozedog:matrix.org";
-    name = "David A. Buser";
-  };
   borisbabic = {
     email = "boris.ivan.babic@gmail.com";
     github = "borisbabic";
@@ -2962,7 +2925,7 @@
   };
   citadelcore = {
     email = "alex@arctarus.co.uk";
-    github = "VertexA115";
+    github = "CitadelCore";
     githubId = 5567402;
     name = "Alex Zero";
     keys = [{
@@ -3567,12 +3530,6 @@
       fingerprint = "4779 D1D5 3C97 2EAE 34A5  ED3D D8AF C4BF 0567 0F9D";
     }];
   };
-  dariof4 = {
-    name = "dariof4";
-    email = "dazedtank@gmail.com";
-    github = "dariof4";
-    githubId = 9992814;
-  };
   darkonion0 = {
     name = "Alexandre Peruggia";
     email = "darkgenius1@protonmail.com";
@@ -4959,12 +4916,6 @@
     githubId = 1847524;
     name = "Evan Stoll";
   };
-  evanrichter = {
-    email = "evanjrichter@gmail.com";
-    github = "evanrichter";
-    githubId = 330292;
-    name = "Evan Richter";
-  };
   evax = {
     email = "nixos@evax.fr";
     github = "evax";
@@ -4983,12 +4934,6 @@
     githubId = 2512008;
     name = "Even Brenden";
   };
-  evilmav = {
-    email = "elenskiy.ilya@gmail.com";
-    github = "evilmav";
-    githubId = 6803717;
-    name = "Ilya Elenskiy";
-  };
   evils = {
     email = "evils.devils@protonmail.com";
     matrix = "@evils:nixos.dev";
@@ -5302,12 +5247,6 @@
     githubId = 2489598;
     name = "Felix Breidenstein";
   };
-  flemzord = {
-    email = "maxence@maireaux.fr";
-    github = "flemzord";
-    githubId = 1952914;
-    name = "Maxence Maireaux";
-  };
   flexagoon = {
     email = "flexagoon@pm.me";
     github = "flexagoon";
@@ -5459,12 +5398,6 @@
     githubId = 7551358;
     name = "Frede Emil";
   };
-  Freed-Wu = {
-    email = "wuzhenyu@ustc.edu";
-    github = "Freed-Wu";
-    githubId = 32936898;
-    name = "Wu Zhenyu";
-  };
   freezeboy = {
     github = "freezeboy";
     githubId = 13279982;
@@ -5568,7 +5501,7 @@
   };
   fuzen = {
     email = "me@fuzen.cafe";
-    github = "LovingMelody";
+    github = "Fuzen-py";
     githubId = 17859309;
     name = "Fuzen";
   };
@@ -5597,18 +5530,18 @@
     githubId = 606000;
     name = "Gabriel Adomnicai";
   };
+  Gabriel439 = {
+    email = "Gabriel439@gmail.com";
+    github = "Gabriella439";
+    githubId = 1313787;
+    name = "Gabriel Gonzalez";
+  };
   GabrielDougherty = {
     email = "contact@gabrieldougherty.com";
     github = "GabrielDougherty";
     githubId = 10541219;
     name = "Gabriel Dougherty";
   };
-  Gabriella439 = {
-    email = "GenuineGabriella@gmail.com";
-    github = "Gabriella439";
-    githubId = 1313787;
-    name = "Gabriella Gonzalez";
-  };
   gador = {
     email = "florian.brandes@posteo.de";
     github = "gador";
@@ -5768,12 +5701,6 @@
     githubId = 10353047;
     name = "Tobias Happ";
   };
-  getchoo = {
-    email = "getchoo@tuta.io";
-    github = "getchoo";
-    githubId = 48872998;
-    name = "Seth";
-  };
   gfrascadorio = {
     email = "gfrascadorio@tutanota.com";
     github = "gfrascadorio";
@@ -5928,6 +5855,15 @@
     githubId = 1621335;
     name = "Andrew Trachenko";
   };
+  gordias = {
+    name = "Gordias";
+    email = "gordias@disroot.org";
+    github = "gordiasdot";
+    githubId = 94724133;
+    keys = [{
+      fingerprint = "C006 B8A0 0618 F3B6 E0E4  2ECD 5D47 2848 30FA A4FA";
+    }];
+  };
   gotcha = {
     email = "gotcha@bubblenet.be";
     github = "gotcha";
@@ -6428,12 +6364,6 @@
       fingerprint = "45A9 9917 578C D629 9F5F  B5B4 C22D 4DE4 D7B3 2D19";
     }];
   };
-  hitsmaxft = {
-    name = "Bhe Hongtyu";
-    email = "mfthits@gmail.com";
-    github = "hitsmaxft";
-    githubId = 352727;
-  };
   hjones2199 = {
     email = "hjones2199@gmail.com";
     github = "hjones2199";
@@ -6467,15 +6397,6 @@
     githubId = 6074754;
     name = "Hlodver Sigurdsson";
   };
-  hmajid2301 = {
-    name = "Haseeb Majid";
-    email = "hello@haseebmajid.dev";
-    github = "hmajid2301";
-    githubId = 998807;
-    keys = [{
-      fingerprint = "A236 785D 59F1 9076 1E9C E8EC 7828 3DB3 D233 E1F9";
-    }];
-  };
   hmenke = {
     name = "Henri Menke";
     email = "henri@henrimenke.de";
@@ -6802,7 +6723,7 @@
   };
   ilya-kolpakov = {
     email = "ilya.kolpakov@gmail.com";
-    github = "1pakch";
+    github = "ilya-kolpakov";
     githubId = 592849;
     name = "Ilya Kolpakov";
   };
@@ -6959,12 +6880,6 @@
     githubId = 137306;
     name = "Michele Catalano";
   };
-  isaozler = {
-    email = "isaozler@gmail.com";
-    github = "isaozler";
-    githubId = 1378630;
-    name = "Isa Ozler";
-  };
   isgy = {
     name = "isgy";
     email = "isgy@teiyg.com";
@@ -7204,7 +7119,7 @@
   jayesh-bhoot = {
     name = "Jayesh Bhoot";
     email = "jb@jayeshbhoot.com";
-    github = "bhootjb";
+    github = "jayeshbhoot";
     githubId = 1915507;
   };
   jayman2000 = {
@@ -7612,12 +7527,6 @@
     githubId = 8900;
     name = "Johan Magnus Jonsson";
   };
-  jmbaur = {
-    email = "jaredbaur@fastmail.com";
-    github = "jmbaur";
-    githubId = 45740526;
-    name = "Jared Baur";
-  };
   jmc-figueira = {
     email = "business+nixos@jmc-figueira.dev";
     github = "jmc-figueira";
@@ -7689,10 +7598,10 @@
     name = "Jocelyn Thode";
   };
   joedevivo = {
-    github = "joedevivo";
-    githubId = 55951;
-    name = "Joe DeVivo";
-  };
+     github = "joedevivo";
+     githubId = 55951;
+     name = "Joe DeVivo";
+   };
   joelancaster = {
     email = "joe.a.lancas@gmail.com";
     github = "JoeLancaster";
@@ -8022,7 +7931,7 @@
   };
   juaningan = {
     email = "juaningan@gmail.com";
-    github = "oneingan";
+    github = "uningan";
     githubId = 810075;
     name = "Juan Rodal";
   };
@@ -8985,7 +8894,7 @@
     github = "leifhelm";
     githubId = 31693262;
     name = "Jakob Leifhelm";
-    keys = [{
+    keys =[{
       fingerprint = "4A82 F68D AC07 9FFD 8BF0  89C4 6817 AA02 3810 0822";
     }];
   };
@@ -9033,12 +8942,6 @@
     githubId = 1572058;
     name = "Leonardo Cecchi";
   };
-  leonid = {
-    email = "belyaev.l@northeastern.edu";
-    github = "leonidbelyaev";
-    githubId = 77865363;
-    name = "Leonid Belyaev";
-  };
   leshainc = {
     email = "leshainc@fomalhaut.me";
     github = "LeshaInc";
@@ -9109,12 +9012,6 @@
     githubId = 1769386;
     name = "Liam Diprose";
   };
-  liberatys = {
-    email = "liberatys@hey.com";
-    name = "Nick Anthony Flueckiger";
-    github = "liberatys";
-    githubId = 35100156;
-  };
   libjared = {
     email = "jared@perrycode.com";
     github = "libjared";
@@ -9227,12 +9124,6 @@
       fingerprint = "74F5 E5CC 19D3 B5CB 608F  6124 68FF 81E6 A785 0F49";
     }];
   };
-  liyangau = {
-    email = "d@aufomm.com";
-    github = "liyangau";
-    githubId = 71299093;
-    name = "Li Yang";
-  };
   lizelive = {
     email = "nixpkgs@lize.live";
     github = "lizelive";
@@ -9427,12 +9318,6 @@
     githubId = 59375051;
     name = "Lucas Ransan";
   };
-  LucaGuerra = {
-    email = "luca@guerra.sh";
-    github = "LucaGuerra";
-    githubId = 35580196;
-    name = "Luca Guerra";
-  };
   lucasew = {
     email = "lucas59356@gmail.com";
     github = "lucasew";
@@ -9512,12 +9397,6 @@
       fingerprint = "97A0 AE5E 03F3 499B 7D7A  65C6 76A4 1432 37EF 5817";
     }];
   };
-  lukaswrz = {
-    email = "lukas@wrz.one";
-    github = "lukaswrz";
-    githubId = 84395723;
-    name = "Lukas Wurzinger";
-  };
   lukeadams = {
     email = "luke.adams@belljar.io";
     github = "lukeadams";
@@ -10060,7 +9939,7 @@
     githubId = 95194;
     name = "Mauricio Scheffer";
   };
-  maxbrunet = {
+   maxbrunet = {
     email = "max@brnt.mx";
     github = "maxbrunet";
     githubId = 32458727;
@@ -10432,7 +10311,7 @@
     name = "Michael Pacheco";
     github = "MichaelPachec0";
     githubId = 48970112;
-    keys = [{
+    keys = [ {
       fingerprint = "8D12 991F 5558 C501 70B2  779C 7811 46B0 B5F9 5F64";
     }];
   };
@@ -10744,12 +10623,6 @@
     githubId = 708570;
     name = "Manuel Mendez";
   };
-  mmusnjak = {
-    email = "marko.musnjak@gmail.com";
-    github = "mmusnjak";
-    githubId = 668956;
-    name = "Marko Mušnjak";
-  };
   mnacamura = {
     email = "m.nacamura@gmail.com";
     github = "mnacamura";
@@ -10818,12 +10691,6 @@
       fingerprint = "6460 4147 C434 F65E C306  A21F 135E EDD0 F719 34F3";
     }];
   };
-  moody = {
-    email = "moody@posixcafe.org";
-    github = "majiru";
-    githubId = 3579600;
-    name = "Jacob Moody";
-  };
   moosingin3space = {
     email = "moosingin3space@gmail.com";
     github = "moosingin3space";
@@ -11171,11 +11038,6 @@
     githubId = 1009523;
     name = "Ashijit Pramanik";
   };
-  name-snrl = {
-    github = "name-snrl";
-    githubId = 72071763;
-    name = "Yusup Urazaev";
-  };
   namore = {
     email = "namor@hemio.de";
     github = "namore";
@@ -11519,12 +11381,6 @@
       fingerprint = "E576 BFB2 CF6E B13D F571  33B9 E315 A758 4613 1564";
     }];
   };
-  nielsegberts = {
-    email = "nix@nielsegberts.nl";
-    github = "nielsegberts";
-    githubId = 368712;
-    name = "Niels Egberts";
-  };
   nigelgbanks = {
     name = "Nigel Banks";
     email = "nigel.g.banks@gmail.com";
@@ -11567,16 +11423,6 @@
     githubId = 26231126;
     name = "Nils ANDRÉ-CHANG";
   };
-  nim65s = {
-    email = "guilhem.saurel@laas.fr";
-    matrix = "@gsaurel:laas.fr";
-    github = "nim65s";
-    githubId = 131929;
-    name = "Guilhem Saurel";
-    keys = [{
-      fingerprint = "9B1A 7906 5D2F 2B80 6C8A  5A1C 7D2A CDAF 4653 CF28";
-    }];
-  };
   ninjatrappeur = {
     email = "felix@alternativebit.fr";
     matrix = "@ninjatrappeur:matrix.org";
@@ -11877,12 +11723,6 @@
     githubId = 30825096;
     name = "Ning Zhang";
   };
-  oaksoaj = {
-    email = "oaksoaj@riseup.net";
-    name = "Oaksoaj";
-    github = "oaksoaj";
-    githubId = 103952141;
-  };
   obadz = {
     email = "obadz-nixos@obadz.com";
     github = "obadz";
@@ -12041,15 +11881,6 @@
     github = "ony";
     githubId = 11265;
   };
-  ooliver1 = {
-    name = "Oliver Wilkes";
-    email = "oliverwilkes2006@icloud.com";
-    github = "ooliver1";
-    githubId = 34910574;
-    keys = [{
-      fingerprint = "D055 8A23 3947 B7A0 F966  B07F 0B41 0348 9833 7273";
-    }];
-  };
   opeik = {
     email = "sandro@stikic.com";
     github = "opeik";
@@ -12678,12 +12509,6 @@
     githubId = 3737;
     name = "Peter Jones";
   };
-  pjrm = {
-    email = "pedrojrmagalhaes@gmail.com";
-    github = "pjrm";
-    githubId = 4622652;
-    name = "Pedro Magalhães";
-  };
   pkharvey = {
     email = "kayharvey@protonmail.com";
     github = "pkharvey";
@@ -15317,12 +15142,6 @@
     githubId = 38893265;
     name = "StrikerLulu";
   };
-  stteague = {
-    email = "stteague505@yahoo.com";
-    github = "stteague";
-    githubId = 77596767;
-    name = "Scott Teague";
-  };
   stumoss = {
     email = "samoss@gmail.com";
     github = "stumoss";
@@ -15480,13 +15299,6 @@
     githubId = 20063502;
     name = "Sybrand Aarnoutse";
   };
-  syboxez = {
-    email = "syboxez@gmail.com";
-    matrix = "@Syboxez:matrix.org";
-    github = "syboxez";
-    githubId = 12841859;
-    name = "Syboxez Blank";
-  };
   symphorien = {
     email = "symphorien_nixpkgs@xlumurb.eu";
     matrix = "@symphorien:xlumurb.eu";
@@ -15990,12 +15802,6 @@
     github = "thielema";
     githubId = 898989;
   };
-  thilobillerbeck = {
-    name = "Thilo Billerbeck";
-    email = "thilo.billerbeck@officerent.de";
-    github = "thilobillerbeck";
-    githubId = 7442383;
-  };
   thled = {
     name = "Thomas Le Duc";
     email = "dev@tleduc.de";
@@ -16090,12 +15896,6 @@
     github = "TilCreator";
     githubId = 18621411;
   };
-  tillkruss = {
-    name = "Till Krüss";
-    email = "till@kruss.io";
-    github = "tillkruss";
-    githubId = 665029;
-  };
   tilpner = {
     name = "Till Höppner";
     email = "nixpkgs@tilpner.com";
@@ -16194,12 +15994,6 @@
     githubId = 3159881;
     name = "Tobias Markus";
   };
-  tm-drtina = {
-    email = "tm.drtina@gmail.com";
-    github = "tm-drtina";
-    githubId = 26902865;
-    name = "Tomas Drtina";
-  };
   tmountain = {
     email = "tinymountain@gmail.com";
     github = "tmountain";
@@ -16556,15 +16350,6 @@
       fingerprint = "EE59 5E29 BB5B F2B3 5ED2  3F1C D276 FF74 6700 7335";
     }];
   };
-  undefined-moe = {
-    name = "undefined";
-    email = "i@undefined.moe";
-    github = "undefined-moe";
-    githubId = 29992205;
-    keys = [{
-      fingerprint = "6684 4E7D D213 C75D 8828  6215 C714 A58B 6C1E 0F52";
-    }];
-  };
   unhammer = {
     email = "unhammer@fsfe.org";
     github = "unhammer";
@@ -16805,12 +16590,6 @@
     github = "vdot0x23";
     githubId = 40716069;
   };
-  vector1dev = {
-    name = "vector1dev";
-    matrix = "@vector1dev:vector1.dev";
-    github = "vector1dev";
-    githubId = 127302590;
-  };
   veehaitch = {
     name = "Vincent Haupert";
     email = "mail@vincent-haupert.de";
@@ -17094,6 +16873,16 @@
     github = "wdavidw";
     githubId = 46896;
   };
+  WeebSorceress = {
+    name = "WeebSorceress";
+    email = "hello@weebsorceress.anonaddy.me";
+    matrix = "@weebsorceress:matrix.org";
+    github = "WeebSorceress";
+    githubId = 106774777;
+    keys = [{
+      fingerprint = "659A 9BC3 F904 EC24 1461  2EFE 7F57 3443 17F0 FA43";
+    }];
+  };
   wegank = {
     name = "Weijia Wang";
     email = "contact@weijia.wang";
@@ -17545,10 +17334,10 @@
   };
   yayayayaka = {
     email = "nixpkgs@uwu.is";
-    matrix = "@yaya:uwu.is";
+    matrix = "@lara:uwu.is";
     github = "yayayayaka";
     githubId = 73759599;
-    name = "Yaya";
+    name = "Lara A.";
   };
   ydlr = {
     name = "ydlr";
@@ -17872,12 +17661,6 @@
     githubId = 2189609;
     name = "Zhaofeng Li";
   };
-  zi3m5f = {
-    name = "zi3m5f";
-    email = "k7n3o3a6f@mozmail.com";
-    github = "zi3m5f";
-    githubId = 113244000;
-  };
   ziguana = {
     name = "Zig Uana";
     email = "git@ziguana.dev";

maintainers/scripts/fix-maintainers.pl

@@ -42,7 +42,7 @@ while(my($k, $v) = each %$maintainers_json) {
     }
     my $resp_json = from_json($resp->content);
     my $api_user = %$resp_json{"login"};
-    if (lc($current_user) ne lc($api_user)) {
+    if ($current_user ne $api_user) {
         print $current_user . " is now known on github as " . $api_user . ". Editing maintainer-list.nix…\n";
         my $file = path($maintainers_list_nix);
         my $data = $file->slurp_utf8;

maintainers/team-list.nix

@@ -213,7 +213,7 @@ with lib.maintainers; {
 
   dhall = {
     members = [
-      Gabriella439
+      Gabriel439
       ehmry
     ];
     scope = "Maintain Dhall and related packages.";
@@ -292,8 +292,6 @@ with lib.maintainers; {
     members = [
       imincik
       sikmir
-      nh2
-      willcohen
     ];
     scope = "Maintain geospatial packages.";
     shortName = "Geospatial";
@@ -385,6 +383,7 @@ with lib.maintainers; {
     members = [
       cleeyv
       ryantm
+      yuka
     ];
     scope = "Maintain Jitsi.";
     shortName = "Jitsi";
@@ -538,6 +537,7 @@ with lib.maintainers; {
       ma27
       fadenb
       mguentner
+      ekleog
       ralith
       dandellion
       sumnerevans
@@ -557,15 +557,6 @@ with lib.maintainers; {
     shortName = "Minimal Bootstrap";
   };
 
-  mercury = {
-    members = [
-      _9999years
-      Gabriella439
-    ];
-    scope = "Group registry for packages maintained by Mercury";
-    shortName = "Mercury Employees";
-  };
-
   mobile = {
     members = [
       samueldr
@@ -603,6 +594,7 @@ with lib.maintainers; {
       lilyinstarlight
       marsam
       winter
+      yuka
     ];
     scope = "Maintain Node.js runtimes and build tooling.";
     shortName = "Node.js";

nixos/doc/manual/configuration/customizing-packages.section.md

@@ -12,29 +12,6 @@ Unfortunately, Nixpkgs currently lacks a way to query available
 configuration options.
 :::
 
-::: {.note}
-Alternatively, many packages come with extensions one might add.
-Examples include:
-- [`passExtensions.pass-otp`](https://search.nixos.org/packages/query=passExtensions.pass-otp)
-- [`python310Packages.requests`](https://search.nixos.org/packages/query=python310Packages.requests)
-
-You can use them like this:
-```nix
-environment.systemPackages = with pkgs; [
-  sl
-  (pass.withExtensions (subpkgs: with subpkgs; [
-    pass-audit
-    pass-otp
-    pass-genphrase
-  ]))
-  (python3.withPackages (subpkgs: with subpkgs; [
-      requests
-  ]))
-  cowsay
-];
-```
-:::
-
 Apart from high-level options, it's possible to tweak a package in
 almost arbitrary ways, such as changing or disabling dependencies of a
 package. For instance, the Emacs package in Nixpkgs by default has a

nixos/doc/manual/default.nix

@@ -267,41 +267,19 @@ in rec {
 
   manualEpub = runCommand "nixos-manual-epub"
     { nativeBuildInputs = [ buildPackages.libxml2.bin buildPackages.libxslt.bin buildPackages.zip ];
-      doc = ''
-        <book xmlns="http://docbook.org/ns/docbook"
-              xmlns:xlink="http://www.w3.org/1999/xlink"
-              version="5.0"
-              xml:id="book-nixos-manual">
-          <info>
-            <title>NixOS Manual</title>
-            <subtitle>Version ${lib.version}</subtitle>
-          </info>
-          <chapter>
-            <title>Temporarily unavailable</title>
-            <para>
-              The NixOS manual is currently not available in EPUB format,
-              please use the <link xlink:href="https://nixos.org/nixos/manual">HTML manual</link>
-              instead.
-            </para>
-            <para>
-              If you've used the EPUB manual in the past and it has been useful to you, please
-              <link xlink:href="https://github.com/NixOS/nixpkgs/issues/237234">let us know</link>.
-            </para>
-          </chapter>
-        </book>
-      '';
-      passAsFile = [ "doc" ];
     }
     ''
       # Generate the epub manual.
       dst=$out/share/doc/nixos
 
       xsltproc \
-        --param chapter.autolabel 0 \
+        ${manualXsltprocOptions} \
         --nonet --xinclude --output $dst/epub/ \
         ${docbook_xsl_ns}/xml/xsl/docbook/epub/docbook.xsl \
-        $docPath
+        ${manual-combined}/manual-combined.xml
 
+      mkdir -p $dst/epub/OEBPS/images/callouts
+      cp -r ${docbook_xsl_ns}/xml/xsl/docbook/images/callouts/*.svg $dst/epub/OEBPS/images/callouts # */
       echo "application/epub+zip" > mimetype
       manual="$dst/nixos-manual.epub"
       zip -0Xq "$manual" mimetype

nixos/doc/manual/release-notes/release-notes.md

@@ -3,7 +3,6 @@
 This section lists the release notes for each stable version of NixOS and current unstable revision.
 
 ```{=include=} sections
-rl-2311.section.md
 rl-2305.section.md
 rl-2211.section.md
 rl-2205.section.md

nixos/doc/manual/release-notes/rl-2305.section.md

@@ -12,11 +12,11 @@ To upgrade to the latest release, follow the [upgrade chapter](https://nixos.org
 
 In addition to numerous new and updated packages, this release has the following highlights:
 
-- The default [Nix](https://github.com/NixOS/nix) version was updated from 2.11 to 2.13. In particular, this includes a [small language alteration](https://github.com/NixOS/nix/issues/8259) in the way floats are represented in `builtins.toJSON`. See the release notes for [2.12](https://nixos.org/manual/nix/stable/release-notes/rl-2.12.html) and [2.13](https://nixos.org/manual/nix/unstable/release-notes/rl-2.13.html) for more information.
+- The default [Nix](https://github.com/NixOS/nix) version was updated from 2.11 to 2.13. In particular, this includes a [small language alteration](https://github.com/NixOS/nix/issues/8259) in the way floats are represented in `builtins.toJSON`. See the release notes for [2.13](https://nixos.org/manual/nix/stable/release-notes/rl-2.13.html) and [2.14](https://nixos.org/manual/nix/unstable/release-notes/rl-2.14.html) for more information.
 
-- The default [Linux Kernel](https://kernel.org/) was updated from version 5.15 to 6.1, see [Kernelnewbies](https://kernelnewbies.org/Linux_6.1) for what has changed. All Kernels currently shown on [kernel.org](https://kernel.org/) are available.
+- The default [Linux Kernel](https://kernel.org/) was updated from version 5.15 to 6.1, see [Kernelnewbies](https://kernelnewbies.org/Linux_6.1) for what has changed. All currently shown Kernels shown on [kernel.org](https://kernel.org/) are available.
 
-- [systemd](https://systemd.io) has been updated from v252 to v253, see [the release notes](https://github.com/systemd/systemd/blob/v253/NEWS#L3-L659) for more information on the changes.
+- [systemd](https://systemd.io) has been updated from v252 to v253, see [the release notes](https://github.com/systemd/systemd/blob/main/NEWS#L21-L677) for more information on the changes.
     - Updating with `nixos-rebuild boot` and rebooting is recommended, since in some rare cases the `nixos-rebuild switch` into the new generation on a live system might fail due to missing mount units.
 
 - [glibc](https://www.gnu.org/software/libc/) has been updated from version 2.35 to 2.37, see [the release notes](https://sourceware.org/glibc/wiki/Release/2.37) for what was changed.
@@ -42,9 +42,6 @@ In addition to numerous new and updated packages, this release has the following
 
 - [KDE Plasma](https://kde.org/de/plasma-desktop/) has been updated to version 5.27, see [the release notes](https://kde.org/announcements/plasma/5/5.27.0/) for what was changed.
 
-- `openra` was updated to `20230225`. Due to large scope of the update, currently only `openraPackages.engines.release` and `openraPackages.engines.latest` packages are available.
-  If you want to use the old engine versions or mods, they were moved to the `openraPackages_2019` namespace.
-
 ## New Services {#sec-release-23.05-new-services}
 
 - [Akkoma](https://akkoma.social), an ActivityPub microblogging server. Available as [services.akkoma](options.html#opt-services.akkoma.enable).
@@ -195,13 +192,18 @@ In addition to numerous new and updated packages, this release has the following
   };
   ```
 
+- Many `services.syncthing` options have been moved to `services.syncthing.settings`, as part of [RFC 42](https://github.com/NixOS/rfcs/pull/42)'s implementation, see [#226088](https://github.com/NixOS/nixpkgs/pull/226088).
+
 - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems.
 
 - `git-bug` has been updated to at least version 0.8.0, which includes backwards incompatible changes. The `git-bug-migration` package can be used to upgrade existing repositories.
 
 - `graylog` has been updated to version 5, which can not be updated directly from the previously packaged version 3.3. If you had installed the previously packaged version 3.3, please follow the [upgrade path](https://go2docs.graylog.org/5-0/upgrading_graylog/upgrade_path.htm) from 3.3 to 4.0 to 4.3 to 5.0.
 
-- `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChroot` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs.
+- `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs.
+
+
+- `buildFHSUserEnv` is now called `buildFHSEnv` and uses FlatPak's Bubblewrap sandboxing tool rather than Nixpkgs' own chrootenv. The old chrootenv-based implemenation is still available via `buildFHSEnvChrootenv` but is considered deprecated and will be removed when the remaining uses inside Nixpkgs have been migrated. If your FHSEnv-wrapped application misbehaves when using the new bubblewrap implementation, please create an issue in Nixpkgs.
 
 - `nushell` has been updated to at least version 0.77.0, which includes potential breaking changes in aliases. The old aliases are now available as `old-alias` but it is recommended you migrate to the new format. See [Reworked aliases](https://www.nushell.sh/blog/2023-03-14-nushell_0_77.html#reworked-aliases-breaking-changes-kubouch).
 
@@ -275,10 +277,6 @@ In addition to numerous new and updated packages, this release has the following
 
 - The EC2 image module previously detected and activated swap-formatted instance store devices and partitions in stage-1 (initramfs). This behaviour has been removed. Users relying on this should provide their own implementation.
 
-- `gitlab` has been upgraded from major version 15 to major version 16 and requires at least PostgreSQL 13.6. Check the [upgrade guide](#module-services-postgres-upgrading) in the NixOS manual on how to upgrade your PostgreSQL installation.
-
-- `gitlab` 16 deprecates the use of external container registries, in our case `pkgs.docker-distribution`. Module users who have [`services.gitlab.registry.enable`](#opt-services.gitlab.registry.enable) set to `true` are advised to back up their state and switch to gitlab's fork by setting [`services.gitlab.registry.package`](#opt-services.gitlab.registry.package) to `pkgs.gitlab-container-registry`.
-
 - `fail2ban` has been updated to 1.0.2, which has a few breaking changes compared to 0.11.2 ([changelog for 1.0.1](https://github.com/fail2ban/fail2ban/blob/1.0.1/ChangeLog), [changelog for 1.0.2](https://github.com/fail2ban/fail2ban/blob/1.0.2/ChangeLog))
 
 - `albert` has been updated from 0.17.6 to 0.20.13, and 0.18.0 changed the config format and many plugins ([changelog for 0.18.0](https://github.com/albertlauncher/albert/blob/v0.18.0/CHANGELOG.md))
@@ -359,8 +357,6 @@ In addition to numerous new and updated packages, this release has the following
 
 - Only `k3s` version 1.26 is included. Users of the `k3s_1_24` or `k3s_1_25` packages should upgrade to use the `1.26` version of the package.
 
-- The `nerdfonts` package has been updated to major version 3, which includes potential [breaking changes](https://github.com/ryanoasis/nerd-fonts/releases/tag/v3.0.0).
-
 ## Other Notable Changes {#sec-release-23.05-notable-changes}
 
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
@@ -525,7 +521,7 @@ In addition to numerous new and updated packages, this release has the following
 
 - The new option `services.tailscale.useRoutingFeatures` controls various settings for using Tailscale features like exit nodes and subnet routers. If you wish to use your machine as an exit node, you can set this setting to `server`, otherwise if you wish to use an exit node you can set this setting to `client`. The strict RPF warning has been removed as the RPF will be loosened automatically based on the value of this setting.
 
-- `openjdk` from version 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.
+- `openjdk` from versioggn 11 and above is not build with `openjfx` (i.e.: JavaFX) support by default anymore. You can re-enable it by overriding, e.g.: `openjdk11.override { enableJavaFX = true; };`.
 
 - [Xastir](https://xastir.org/index.php/Main_Page) can now access AX.25 interfaces via the `libax25` package.
 
@@ -549,6 +545,8 @@ In addition to numerous new and updated packages, this release has the following
 
 - Booting from a volume managed by the Stratis storage management daemon is now supported. Use `fileSystems.<name>.stratis.poolUuid` to configure the pool containing the fs.
 
+- Only `k3s` version 1.26 is included. Users of the `k3s_1_24` or `k3s_1_25` packages should upgrade to use the version 1.26 of the package.
+
 ## Nixpkgs internals {#sec-release-23.05-nixpkgs-internals}
 
 - `buildDunePackage` now defaults to `strictDeps = true` which means that any library should go into `buildInputs` or `checkInputs`. Any executable that is run on the building machine should go into `nativeBuildInputs` or `nativeCheckInputs` respectively. Example of executables are `ocaml`, `findlib` and `menhir`. PPXs are libraries which are built by dune and should therefore not go into `nativeBuildInputs`.

nixos/doc/manual/release-notes/rl-2311.section.md

@@ -1,49 +0,0 @@
-# Release 23.11 (“Tapir”, 2023.11/??) {#sec-release-23.11}
-
-## Highlights {#sec-release-23.11-highlights}
-
-- FoundationDB now defaults to major version 7.
-
-## New Services {#sec-release-23.11-new-services}
-
-- Create the first release note entry in this section!
-
-- [acme-dns](https://github.com/joohoi/acme-dns), a limited DNS server to handle ACME DNS challenges easily and securely. Available as [services.acme-dns](#opt-services.acme-dns.enable).
-
-<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
-
-- [river](https://github.com/riverwm/river), A dynamic tiling wayland compositor. Available as [programs.river](#opt-programs.river.enable).
-
-- [GoToSocial](https://gotosocial.org/), an ActivityPub social network server, written in Golang. Available as [services.gotosocial](#opt-services.gotosocial.enable).
-
-- [sitespeed-io](https://sitespeed.io), a tool that can generate metrics (timings, diagnostics) for websites. Available as [services.sitespeed-io](#opt-services.sitespeed-io.enable).
-
-## Backward Incompatibilities {#sec-release-23.11-incompatibilities}
-
-- `writeTextFile` now requires `executable` to be boolean, values like `null` or `""` will now fail to evaluate.
-
-- The latest version of `clonehero` now stores custom content in `~/.clonehero`. See the [migration instructions](https://clonehero.net/2022/11/29/v23-to-v1-migration-instructions.html). Typically, these content files would exist along side the binary, but the previous build used a wrapper script that would store them in `~/.config/unity3d/srylain Inc_/Clone Hero`.
-
-- `python3.pkgs.fetchPypi` (and `python3Packages.fetchPypi`) has been deprecated in favor of top-level `fetchPypi`.
-
-- `mariadb` now defaults to `mariadb_1011` instead of `mariadb_106`, meaning the default version was upgraded from 10.6.x to 10.11.x. See the [upgrade notes](https://mariadb.com/kb/en/upgrading-from-mariadb-10-6-to-mariadb-10-11/) for potential issues.
-
-- `etcd` has been updated to 3.5, you will want to read the [3.3 to 3.4](https://etcd.io/docs/v3.5/upgrades/upgrade_3_4/) and [3.4 to 3.5](https://etcd.io/docs/v3.5/upgrades/upgrade_3_5/) upgrade guides
-
-- `himalaya` has been updated to `0.8.0`, which drops the native TLS support (in favor of Rustls) and add OAuth 2.0 support. See the [release note](https://github.com/soywod/himalaya/releases/tag/v0.8.0) for more details.
-
-- The [services.caddy.acmeCA](#opt-services.caddy.acmeCA) option now defaults to `null` instead of `"https://acme-v02.api.letsencrypt.org/directory"`, to use all of Caddy's default ACME CAs and enable Caddy's automatic issuer fallback feature by default, as recommended by upstream.
-
-- `util-linux` is now supported on Darwin and is no longer an alias to `unixtools`. Use the `unixtools.util-linux` package for access to the Apple variants of the utilities.
-
-- `fileSystems.<name>.autoFormat` now uses `systemd-makefs`, which does not accept formatting options. Therefore, `fileSystems.<name>.formatOptions` has been removed.
-
-- `fileSystems.<name>.autoResize` now uses `systemd-growfs` to resize the file system online in stage 2. This means that `f2fs` and `ext2` can no longer be auto resized, while `xfs` and `btrfs` now can be.
-
-## Other Notable Changes {#sec-release-23.11-notable-changes}
-
-- The Cinnamon module now enables XDG desktop integration by default. If you are experiencing collisions related to xdg-desktop-portal-gtk you can safely remove `xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];` from your NixOS configuration.
-
-- A new option was added to the virtualisation module that enables specifying explicitly named network interfaces in QEMU VMs. The existing `virtualisation.vlans` is still supported for cases where the name of the network interface is irrelevant.
-
-- `services.nginx` gained a `defaultListen` option at server-level with support for PROXY protocol listeners, also `proxyProtocol` is now exposed in `services.nginx.virtualHosts.<name>.listen` option. It is now possible to run PROXY listeners and non-PROXY listeners at a server-level, see [#213510](https://github.com/NixOS/nixpkgs/pull/213510/) for more details.

nixos/lib/test-driver/test_driver/machine.py

@@ -855,37 +855,21 @@ class Machine:
         with self.nested(f"waiting for {regex} to appear on screen"):
             retry(screen_matches)
 
-    def wait_for_console_text(self, regex: str, timeout: int | None = None) -> None:
-        """
-        Wait for the provided regex to appear on console.
-        For each reads,
-
-        If timeout is None, timeout is infinite.
-
-        `timeout` is in seconds.
-        """
-        # Buffer the console output, this is needed
-        # to match multiline regexes.
-        console = io.StringIO()
-
-        def console_matches() -> bool:
-            nonlocal console
-            try:
-                # This will return as soon as possible and
-                # sleep 1 second.
-                console.write(self.last_lines.get(block=False))
-            except queue.Empty:
-                pass
-            console.seek(0)
-            matches = re.search(regex, console.read())
-            return matches is not None
-
+    def wait_for_console_text(self, regex: str) -> None:
         with self.nested(f"waiting for {regex} to appear on console"):
-            if timeout is not None:
-                retry(console_matches, timeout)
-            else:
-                while not console_matches():
-                    pass
+            # Buffer the console output, this is needed
+            # to match multiline regexes.
+            console = io.StringIO()
+            while True:
+                try:
+                    console.write(self.last_lines.get())
+                except queue.Empty:
+                    self.sleep(1)
+                    continue
+                console.seek(0)
+                matches = re.search(regex, console.read())
+                if matches is not None:
+                    return
 
     def send_key(
         self, key: str, delay: Optional[float] = 0.01, log: Optional[bool] = True

nixos/lib/testing/driver.nix

@@ -12,9 +12,7 @@ let
   };
 
 
-  vlans = map (m: (
-    m.virtualisation.vlans ++
-    (lib.mapAttrsToList (_: v: v.vlan) m.virtualisation.interfaces))) (lib.attrValues config.nodes);
+  vlans = map (m: m.virtualisation.vlans) (lib.attrValues config.nodes);
   vms = map (m: m.system.build.vm) (lib.attrValues config.nodes);
 
   nodeHostNames =

nixos/lib/testing/network.nix

@@ -4,7 +4,7 @@ let
   inherit (lib)
     attrNames concatMap concatMapStrings flip forEach head
     listToAttrs mkDefault mkOption nameValuePair optionalString
-    range toLower types zipListsWith zipLists
+    range types zipListsWith zipLists
     mdDoc
     ;
 
@@ -18,41 +18,24 @@ let
 
   networkModule = { config, nodes, pkgs, ... }:
     let
-      qemu-common = import ../qemu-common.nix { inherit lib pkgs; };
-
-      # Convert legacy VLANs to named interfaces and merge with explicit interfaces.
-      vlansNumbered = forEach (zipLists config.virtualisation.vlans (range 1 255)) (v: {
-        name = "eth${toString v.snd}";
-        vlan = v.fst;
-        assignIP = true;
-      });
-      explicitInterfaces = lib.mapAttrsToList (n: v: v // { name = n; }) config.virtualisation.interfaces;
-      interfaces = vlansNumbered ++ explicitInterfaces;
-      interfacesNumbered = zipLists interfaces (range 1 255);
-
-      # Automatically assign IP addresses to requested interfaces.
-      assignIPs = lib.filter (i: i.assignIP) interfaces;
-      ipInterfaces = forEach assignIPs (i:
-        nameValuePair i.name { ipv4.addresses =
-          [ { address = "192.168.${toString i.vlan}.${toString config.virtualisation.test.nodeNumber}";
+      interfacesNumbered = zipLists config.virtualisation.vlans (range 1 255);
+      interfaces = forEach interfacesNumbered ({ fst, snd }:
+        nameValuePair "eth${toString snd}" {
+          ipv4.addresses =
+            [{
+              address = "192.168.${toString fst}.${toString config.virtualisation.test.nodeNumber}";
               prefixLength = 24;
             }];
         });
 
-      qemuOptions = lib.flatten (forEach interfacesNumbered ({ fst, snd }:
-        qemu-common.qemuNICFlags snd fst.vlan config.virtualisation.test.nodeNumber));
-      udevRules = forEach interfacesNumbered ({ fst, snd }:
-        # MAC Addresses for QEMU network devices are lowercase, and udev string comparison is case-sensitive.
-        ''SUBSYSTEM=="net",ACTION=="add",ATTR{address}=="${toLower(qemu-common.qemuNicMac fst.vlan config.virtualisation.test.nodeNumber)}",NAME="${fst.name}"'');
-
       networkConfig =
         {
           networking.hostName = mkDefault config.virtualisation.test.nodeName;
 
-          networking.interfaces = listToAttrs ipInterfaces;
+          networking.interfaces = listToAttrs interfaces;
 
           networking.primaryIPAddress =
-            optionalString (ipInterfaces != [ ]) (head (head ipInterfaces).value.ipv4.addresses).address;
+            optionalString (interfaces != [ ]) (head (head interfaces).value.ipv4.addresses).address;
 
           # Put the IP addresses of all VMs in this machine's
           # /etc/hosts file.  If a machine has multiple
@@ -68,13 +51,16 @@ let
                     "${config.networking.hostName}.${config.networking.domain} " +
                   "${config.networking.hostName}\n"));
 
-          virtualisation.qemu.options = qemuOptions;
-          boot.initrd.services.udev.rules = concatMapStrings (x: x + "\n") udevRules;
+          virtualisation.qemu.options =
+            let qemu-common = import ../qemu-common.nix { inherit lib pkgs; };
+            in
+            flip concatMap interfacesNumbered
+              ({ fst, snd }: qemu-common.qemuNICFlags snd fst config.virtualisation.test.nodeNumber);
         };
 
     in
     {
-      key = "network-interfaces";
+      key = "ip-address";
       config = networkConfig // {
         # Expose the networkConfig items for tests like nixops
         # that need to recreate the network config.

nixos/maintainers/scripts/ec2/amazon-image.nix

@@ -43,7 +43,7 @@ in {
 
     sizeMB = mkOption {
       type = with types; either (enum [ "auto" ]) int;
-      default = 3072;
+      default = 2048;
       example = 8192;
       description = lib.mdDoc "The size in MB of the image";
     };

nixos/modules/config/no-x-libs.nix

@@ -38,7 +38,6 @@ with lib;
       gpsd = super.gpsd.override { guiSupport = false; };
       graphviz = super.graphviz-nox;
       gst_all_1 = super.gst_all_1 // {
-        gst-plugins-bad = super.gst_all_1.gst-plugins-bad.override { guiSupport = false; };
         gst-plugins-base = super.gst_all_1.gst-plugins-base.override { enableX11 = false; };
       };
       imagemagick = super.imagemagick.override { libX11Support = false; libXtSupport = false; };

nixos/modules/config/qt.nix

@@ -20,7 +20,7 @@ let
       pkgs.adwaita-qt6
     ]
     else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
-    else if isQt5ct then [ pkgs.libsForQt5.qt5ct pkgs.qt6Packages.qt6ct ]
+    else if isQt5ct then [ pkgs.libsForQt5.qt5ct ]
     else if isLxqt then [ pkgs.lxqt.lxqt-qtplugin pkgs.lxqt.lxqt-config ]
     else if isKde then [ pkgs.libsForQt5.plasma-integration pkgs.libsForQt5.systemsettings ]
     else throw "`qt.platformTheme` ${cfg.platformTheme} and `qt.style` ${cfg.style} are not compatible.";

nixos/modules/config/users-groups.nix

@@ -652,7 +652,7 @@ in {
       deps = [ "users" ];
       text = ''
         users=()
-        while IFS=: read -r user hash _; do
+        while IFS=: read -r user hash tail; do
           if [[ "$hash" = "$"* && ! "$hash" =~ ^\''$${cryptSchemeIdPatternGroup}\$ ]]; then
             users+=("$user")
           fi

nixos/modules/hardware/i2c.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 
 with lib;
 
@@ -31,14 +31,10 @@ in
       i2c = { };
     };
 
-    services.udev.packages = lib.singleton (pkgs.writeTextFile
-      { name = "i2c-udev-rules";
-        text = ''
-          # allow group ${cfg.group} and users with a seat use of i2c devices
-          ACTION=="add", KERNEL=="i2c-[0-9]*", TAG+="uaccess", GROUP="${cfg.group}", MODE="660"
-        '';
-        destination = "/etc/udev/rules.d/70-i2c.rules";
-      });
+    services.udev.extraRules = ''
+      # allow group ${cfg.group} and users with a seat use of i2c devices
+      ACTION=="add", KERNEL=="i2c-[0-9]*", TAG+="uaccess", GROUP="${cfg.group}", MODE="660"
+    '';
 
   };
 

nixos/modules/installer/tools/nix-fallback-paths.nix

@@ -1,7 +1,7 @@
 {
-  x86_64-linux = "/nix/store/ny9r65799s7xhp605bc2753sjvzkxrrs-nix-2.15.1";
-  i686-linux = "/nix/store/ck55dz5klc7szi8rx9ghhm8gi2b5q5bw-nix-2.15.1";
-  aarch64-linux = "/nix/store/cl0a02vr28913dgw98hrm45a4baqr3z1-nix-2.15.1";
-  x86_64-darwin = "/nix/store/wq228jdbz16pp2lnxf32n8dv27pw53p8-nix-2.15.1";
-  aarch64-darwin = "/nix/store/x11cpsjg4q236msfz5scc325pfp9xy64-nix-2.15.1";
+  x86_64-linux = "/nix/store/mc43d38fibi94pp5crfwacl5gbslccd0-nix-2.13.3";
+  i686-linux = "/nix/store/09m966pj26cgd4ihlg8ihl1106j3vih8-nix-2.13.3";
+  aarch64-linux = "/nix/store/7f191d125akld27gc6jl0r13l8pl7x0h-nix-2.13.3";
+  x86_64-darwin = "/nix/store/1wn9jkvi2zqfjnjgg7lnp30r2q2y8whd-nix-2.13.3";
+  aarch64-darwin = "/nix/store/8w0v2mffa10chrf1h66cbvbpw86qmh85-nix-2.13.3";
 }

nixos/modules/installer/tools/nixos-generate-config.pl

@@ -85,7 +85,7 @@ sub debug {
 
 
 # nixpkgs.system
-push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@hostPlatformSystem@\";";
+push @attrs, "nixpkgs.hostPlatform = lib.mkDefault \"@system@\";";
 
 
 my $cpuinfo = read_file "/proc/cpuinfo";
@@ -335,7 +335,7 @@ sub findStableDevPath {
 
     my $st = stat($dev) or return $dev;
 
-    foreach my $dev2 (glob("/dev/stratis/*/*"), glob("/dev/disk/by-uuid/*"), glob("/dev/mapper/*"), glob("/dev/disk/by-label/*")) {
+    foreach my $dev2 (glob("/dev/disk/by-uuid/*"), glob("/dev/mapper/*"), glob("/dev/disk/by-label/*")) {
         my $st2 = stat($dev2) or next;
         return $dev2 if $st->rdev == $st2->rdev;
     }
@@ -467,17 +467,6 @@ EOF
         }
     }
 
-    # is this a stratis fs?
-    my $stableDevPath = findStableDevPath $device;
-    my $stratisPool;
-    if ($stableDevPath =~ qr#/dev/stratis/(.*)/.*#) {
-        my $poolName = $1;
-        my ($header, @lines) = split "\n", qx/stratis pool list/;
-        my $uuidIndex = index $header, 'UUID';
-        my ($line) = grep /^$poolName /, @lines;
-        $stratisPool = substr $line, $uuidIndex - 32, 36;
-    }
-
     # Don't emit tmpfs entry for /tmp, because it most likely comes from the
     # boot.tmp.useTmpfs option in configuration.nix (managed declaratively).
     next if ($mountPoint eq "/tmp" && $fsType eq "tmpfs");
@@ -485,7 +474,7 @@ EOF
     # Emit the filesystem.
     $fileSystems .= <<EOF;
   fileSystems.\"$mountPoint\" =
-    { device = \"$stableDevPath\";
+    { device = \"${\(findStableDevPath $device)}\";
       fsType = \"$fsType\";
 EOF
 
@@ -495,12 +484,6 @@ EOF
 EOF
     }
 
-    if ($stratisPool) {
-        $fileSystems .= <<EOF;
-      stratis.poolUuid = "$stratisPool";
-EOF
-    }
-
     $fileSystems .= <<EOF;
     };
 

nixos/modules/installer/tools/tools.nix

@@ -35,7 +35,7 @@ let
     name = "nixos-generate-config";
     src = ./nixos-generate-config.pl;
     perl = "${pkgs.perl.withPackages (p: [ p.FileSlurp ])}/bin/perl";
-    hostPlatformSystem = pkgs.stdenv.hostPlatform.system;
+    system = pkgs.stdenv.hostPlatform.system;
     detectvirt = "${config.systemd.package}/bin/systemd-detect-virt";
     btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
     inherit (config.system.nixos-generate-config) configuration desktopConfiguration;

nixos/modules/misc/version.nix

@@ -28,6 +28,7 @@ let
     DOCUMENTATION_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/learn.html";
     SUPPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://nixos.org/community.html";
     BUG_REPORT_URL = lib.optionalString (cfg.distroId == "nixos") "https://github.com/NixOS/nixpkgs/issues";
+    SUPPORT_END = "2023-12-31";
   } // lib.optionalAttrs (cfg.variant_id != null) {
     VARIANT_ID = cfg.variant_id;
   };
@@ -143,7 +144,7 @@ in
     defaultChannel = mkOption {
       internal = true;
       type = types.str;
-      default = "https://nixos.org/channels/nixos-unstable";
+      default = "https://nixos.org/channels/nixos-23.05";
       description = lib.mdDoc "Default NixOS channel to which the root user is subscribed.";
     };
 

nixos/modules/module-list.nix

@@ -241,6 +241,7 @@
   ./programs/starship.nix
   ./programs/steam.nix
   ./programs/streamdeck-ui.nix
+  ./programs/sway.nix
   ./programs/sysdig.nix
   ./programs/system-config-printer.nix
   ./programs/systemtap.nix
@@ -255,9 +256,7 @@
   ./programs/usbtop.nix
   ./programs/vim.nix
   ./programs/wavemon.nix
-  ./programs/wayland/river.nix
-  ./programs/wayland/sway.nix
-  ./programs/wayland/waybar.nix
+  ./programs/waybar.nix
   ./programs/weylus.nix
   ./programs/wireshark.nix
   ./programs/xastir.nix
@@ -328,8 +327,6 @@
   ./services/audio/spotifyd.nix
   ./services/audio/squeezelite.nix
   ./services/audio/tts.nix
-  ./services/audio/wyoming/faster-whisper.nix
-  ./services/audio/wyoming/piper.nix
   ./services/audio/ympd.nix
   ./services/backup/automysqlbackup.nix
   ./services/backup/bacula.nix
@@ -810,7 +807,6 @@
   ./services/network-filesystems/xtreemfs.nix
   ./services/network-filesystems/yandex-disk.nix
   ./services/networking/3proxy.nix
-  ./services/networking/acme-dns.nix
   ./services/networking/adguardhome.nix
   ./services/networking/alice-lg.nix
   ./services/networking/amuled.nix
@@ -916,7 +912,6 @@
   ./services/networking/knot.nix
   ./services/networking/kresd.nix
   ./services/networking/lambdabot.nix
-  ./services/networking/legit.nix
   ./services/networking/libreswan.nix
   ./services/networking/lldpd.nix
   ./services/networking/logmein-hamachi.nix
@@ -1012,7 +1007,6 @@
   ./services/networking/shorewall.nix
   ./services/networking/shorewall6.nix
   ./services/networking/shout.nix
-  ./services/networking/sitespeed-io.nix
   ./services/networking/skydns.nix
   ./services/networking/smartdns.nix
   ./services/networking/smokeping.nix
@@ -1190,7 +1184,6 @@
   ./services/web-apps/galene.nix
   ./services/web-apps/gerrit.nix
   ./services/web-apps/gotify-server.nix
-  ./services/web-apps/gotosocial.nix
   ./services/web-apps/grocy.nix
   ./services/web-apps/pixelfed.nix
   ./services/web-apps/healthchecks.nix
@@ -1317,6 +1310,7 @@
   ./services/x11/window-managers/default.nix
   ./services/x11/window-managers/fluxbox.nix
   ./services/x11/window-managers/icewm.nix
+  ./services/x11/window-managers/bspwm.nix
   ./services/x11/window-managers/katriawm.nix
   ./services/x11/window-managers/metacity.nix
   ./services/x11/window-managers/nimdow.nix
@@ -1353,7 +1347,6 @@
   ./system/boot/loader/raspberrypi/raspberrypi.nix
   ./system/boot/loader/systemd-boot/systemd-boot.nix
   ./system/boot/luksroot.nix
-  ./system/boot/stratisroot.nix
   ./system/boot/modprobe.nix
   ./system/boot/networkd.nix
   ./system/boot/plymouth.nix

nixos/modules/programs/nano.nix

@@ -35,17 +35,8 @@ in
   ###### implementation
 
   config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
-    environment.etc.nanorc.text = lib.concatStringsSep LF (
-      ( lib.optionals cfg.syntaxHighlight [
-          "# The line below is added because value of programs.nano.syntaxHighlight is set to true"
-          ''include "${pkgs.nano}/share/nano/*.nanorc"''
-          ""
-      ])
-      ++ ( lib.optionals (cfg.nanorc != "") [
-        "# The lines below have been set from value of programs.nano.nanorc"
-        cfg.nanorc
-      ])
-    );
+    environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
+      (lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
   };
 
 }

nixos/modules/programs/sway.nix

@@ -49,7 +49,7 @@ in {
       description = lib.mdDoc ''
         Sway package to use. Will override the options
         'wrapperFeatures', 'extraSessionCommands', and 'extraOptions'.
-        Set to `null` to not add any Sway package to your
+        Set to <code>null</code> to not add any Sway package to your
         path. This should be done if you want to use the Home Manager Sway
         module to install Sway.
       '';
@@ -123,36 +123,41 @@ in {
 
   };
 
-  config = mkIf cfg.enable
-    (mkMerge [
+  config = mkIf cfg.enable {
+    assertions = [
       {
-        assertions = [
-          {
-            assertion = cfg.extraSessionCommands != "" -> cfg.wrapperFeatures.base;
-            message = ''
-              The extraSessionCommands for Sway will not be run if
-              wrapperFeatures.base is disabled.
-            '';
-          }
-        ];
-        environment = {
-          systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
-          # Needed for the default wallpaper:
-          pathsToLink = optionals (cfg.package != null) [ "/share/backgrounds/sway" ];
-          etc = {
-            "sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
-              # Import the most important environment variables into the D-Bus and systemd
-              # user environments (e.g. required for screen sharing and Pinentry prompts):
-              exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
-            '';
-          } // optionalAttrs (cfg.package != null) {
-            "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
-          };
-        };
-        # To make a Sway session available if a display manager like SDDM is enabled:
-        services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ]; }
-      (import ./wayland-session.nix { inherit lib pkgs; })
-    ]);
+        assertion = cfg.extraSessionCommands != "" -> cfg.wrapperFeatures.base;
+        message = ''
+          The extraSessionCommands for Sway will not be run if
+          wrapperFeatures.base is disabled.
+        '';
+      }
+    ];
+    environment = {
+      systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
+      # Needed for the default wallpaper:
+      pathsToLink = optionals (cfg.package != null) [ "/share/backgrounds/sway" ];
+      etc = {
+        "sway/config.d/nixos.conf".source = pkgs.writeText "nixos.conf" ''
+          # Import the most important environment variables into the D-Bus and systemd
+          # user environments (e.g. required for screen sharing and Pinentry prompts):
+          exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP
+        '';
+      } // optionalAttrs (cfg.package != null) {
+        "sway/config".source = mkOptionDefault "${cfg.package}/etc/sway/config";
+      };
+    };
+    security.polkit.enable = true;
+    security.pam.services.swaylock = {};
+    hardware.opengl.enable = mkDefault true;
+    fonts.enableDefaultFonts = mkDefault true;
+    programs.dconf.enable = mkDefault true;
+    # To make a Sway session available if a display manager like SDDM is enabled:
+    services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ];
+    programs.xwayland.enable = mkDefault true;
+    # For screen sharing (this option only has an effect with xdg.portal.enable):
+    xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-wlr ];
+  };
 
   meta.maintainers = with lib.maintainers; [ primeos colemickens ];
 }

nixos/modules/programs/wayland/river.nix

@@ -1,59 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-with lib; let
-  cfg = config.programs.river;
-in {
-  options.programs.river = {
-    enable = mkEnableOption (lib.mdDoc "river, a dynamic tiling Wayland compositor");
-
-    package = mkOption {
-      type = with types; nullOr package;
-      default = pkgs.river;
-      defaultText = literalExpression "pkgs.river";
-      description = lib.mdDoc ''
-        River package to use.
-        Set to `null` to not add any River package to your path.
-        This should be done if you want to use the Home Manager River module to install River.
-      '';
-    };
-
-    extraPackages = mkOption {
-      type = with types; listOf package;
-      default = with pkgs; [
-        swaylock
-        foot
-        dmenu
-      ];
-      defaultText = literalExpression ''
-        with pkgs; [ swaylock foot dmenu ];
-      '';
-      example = literalExpression ''
-        with pkgs; [
-          termite rofi light
-        ]
-      '';
-      description = lib.mdDoc ''
-        Extra packages to be installed system wide. See
-        [Common X11 apps used on i3 with Wayland alternatives](https://github.com/swaywm/sway/wiki/i3-Migration-Guide#common-x11-apps-used-on-i3-with-wayland-alternatives)
-        for a list of useful software.
-      '';
-    };
-  };
-
-  config =
-    mkIf cfg.enable (mkMerge [
-      {
-        environment.systemPackages = optional (cfg.package != null) cfg.package ++ cfg.extraPackages;
-
-        # To make a river session available if a display manager like SDDM is enabled:
-        services.xserver.displayManager.sessionPackages = optionals (cfg.package != null) [ cfg.package ];
-      }
-      (import ./wayland-session.nix { inherit lib pkgs; })
-    ]);
-
-  meta.maintainers = with lib.maintainers; [ GaetanLepage ];
-}

nixos/modules/programs/wayland/wayland-session.nix

@@ -1,23 +0,0 @@
-{ lib, pkgs, ... }: with lib; {
-    security = {
-      polkit.enable = true;
-      pam.services.swaylock = {};
-    };
-
-    hardware.opengl.enable = mkDefault true;
-    fonts.enableDefaultFonts = mkDefault true;
-
-    programs = {
-      dconf.enable = mkDefault true;
-      xwayland.enable = mkDefault true;
-    };
-
-    xdg.portal = {
-      enable = mkDefault true;
-
-      extraPortals = [
-        # For screen sharing
-        pkgs.xdg-desktop-portal-wlr
-      ];
-    };
-}

nixos/modules/security/pam.nix

@@ -484,9 +484,6 @@ let
           optionalString cfg.mysqlAuth ''
             account sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
           '' +
-          optionalString (config.services.kanidm.enablePam) ''
-            account sufficient ${pkgs.kanidm}/lib/pam_kanidm.so ignore_unknown_user
-          '' +
           optionalString (config.services.sssd.enable && cfg.sssdStrictAccess==false) ''
             account sufficient ${pkgs.sssd}/lib/security/pam_sss.so
           '' +
@@ -620,9 +617,6 @@ let
           optionalString use_ldap ''
             auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass
           '' +
-          optionalString config.services.kanidm.enablePam ''
-            auth sufficient ${pkgs.kanidm}/lib/pam_kanidm.so ignore_unknown_user use_first_pass
-          '' +
           optionalString config.services.sssd.enable ''
             auth sufficient ${pkgs.sssd}/lib/security/pam_sss.so use_first_pass
           '' +
@@ -659,9 +653,6 @@ let
           optionalString cfg.mysqlAuth ''
             password sufficient ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
           '' +
-          optionalString config.services.kanidm.enablePam ''
-            password sufficient ${pkgs.kanidm}/lib/pam_kanidm.so
-          '' +
           optionalString config.services.sssd.enable ''
             password sufficient ${pkgs.sssd}/lib/security/pam_sss.so
           '' +
@@ -723,9 +714,6 @@ let
           optionalString cfg.mysqlAuth ''
             session optional ${pkgs.pam_mysql}/lib/security/pam_mysql.so config_file=/etc/security/pam_mysql.conf
           '' +
-          optionalString config.services.kanidm.enablePam ''
-            session optional ${pkgs.kanidm}/lib/pam_kanidm.so
-          '' +
           optionalString config.services.sssd.enable ''
             session optional ${pkgs.sssd}/lib/security/pam_sss.so
           '' +
@@ -1310,7 +1298,6 @@ in
       # Include the PAM modules in the system path mostly for the manpages.
       [ pkgs.pam ]
       ++ optional config.users.ldap.enable pam_ldap
-      ++ optional config.services.kanidm.enablePam pkgs.kanidm
       ++ optional config.services.sssd.enable pkgs.sssd
       ++ optionals config.security.pam.krb5.enable [pam_krb5 pam_ccreds]
       ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ]
@@ -1377,9 +1364,6 @@ in
       optionalString use_ldap ''
          mr ${pam_ldap}/lib/security/pam_ldap.so,
       '' +
-      optionalString config.services.kanidm.enablePam ''
-        mr ${pkgs.kanidm}/lib/pam_kanidm.so,
-      '' +
       optionalString config.services.sssd.enable ''
         mr ${pkgs.sssd}/lib/security/pam_sss.so,
       '' +

nixos/modules/services/audio/wyoming/faster-whisper.nix

@@ -1,186 +0,0 @@
-{ config
-, lib
-, pkgs
-, ...
-}:
-
-let
-  cfg = config.services.wyoming.faster-whisper;
-
-  inherit (lib)
-    escapeShellArgs
-    mkOption
-    mdDoc
-    mkEnableOption
-    mkPackageOptionMD
-    types
-    ;
-
-  inherit (builtins)
-    toString
-    ;
-
-in
-
-{
-  options.services.wyoming.faster-whisper = with types; {
-    package = mkPackageOptionMD pkgs "wyoming-faster-whisper" { };
-
-    servers = mkOption {
-      default = {};
-      description = mdDoc ''
-        Attribute set of faster-whisper instances to spawn.
-      '';
-      type = types.attrsOf (types.submodule (
-        { ... }: {
-          options = {
-            enable = mkEnableOption (mdDoc "Wyoming faster-whisper server");
-
-            model = mkOption {
-              type = enum [
-                "tiny"
-                "tiny-int8"
-                "base"
-                "base-int8"
-                "small"
-                "small-int8"
-                "medium"
-                "medium-int8"
-              ];
-              default = "tiny-int8";
-              example = "medium-int8";
-              description = mdDoc ''
-                Name of the voice model to use.
-              '';
-            };
-
-            uri = mkOption {
-              type = strMatching "^(tcp|unix)://.*$";
-              example = "tcp://0.0.0.0:10300";
-              description = mdDoc ''
-                URI to bind the wyoming server to.
-              '';
-            };
-
-            device = mkOption {
-              # https://opennmt.net/CTranslate2/python/ctranslate2.models.Whisper.html#
-              type = types.enum [
-                "cpu"
-                "cuda"
-                "auto"
-              ];
-              default = "cpu";
-              description = mdDoc ''
-                Id of a speaker in a multi-speaker model.
-              '';
-            };
-
-            language = mkOption {
-              type = enum [
-                # https://github.com/home-assistant/addons/blob/master/whisper/config.yaml#L20
-                "auto" "af" "am" "ar" "as" "az" "ba" "be" "bg" "bn" "bo" "br" "bs" "ca" "cs" "cy" "da" "de" "el" "en" "es" "et" "eu" "fa" "fi" "fo" "fr" "gl" "gu" "ha" "haw" "he" "hi" "hr" "ht" "hu" "hy" "id" "is" "it" "ja" "jw" "ka" "kk" "km" "kn" "ko" "la" "lb" "ln" "lo" "lt" "lv" "mg" "mi" "mk" "ml" "mn" "mr" "ms" "mt" "my" "ne" "nl" "nn" "no" "oc" "pa" "pl" "ps" "pt" "ro" "ru" "sa" "sd" "si" "sk" "sl" "sn" "so" "sq" "sr" "su" "sv" "sw" "ta" "te" "tg" "th" "tk" "tl" "tr" "tt" "uk" "ur" "uz" "vi" "yi" "yo" "zh"
-              ];
-              example = "en";
-              description = mdDoc ''
-                The language used to to parse words and sentences.
-              '';
-            };
-
-            beamSize = mkOption {
-              type = ints.unsigned;
-              default = 1;
-              example = 5;
-              description = mdDoc ''
-                The number of beams to use in beam search.
-              '';
-              apply = toString;
-            };
-
-            extraArgs = mkOption {
-              type = listOf str;
-              default = [ ];
-              description = mdDoc ''
-                Extra arguments to pass to the server commandline.
-              '';
-              apply = escapeShellArgs;
-            };
-          };
-        }
-      ));
-    };
-  };
-
-  config = let
-    inherit (lib)
-      mapAttrs'
-      mkIf
-      nameValuePair
-    ;
-  in mkIf (cfg.servers != {}) {
-    systemd.services = mapAttrs' (server: options:
-      nameValuePair "wyoming-faster-whisper-${server}" {
-        description = "Wyoming faster-whisper server instance ${server}";
-        after = [
-          "network-online.target"
-        ];
-        wantedBy = [
-          "multi-user.target"
-        ];
-        serviceConfig = {
-          DynamicUser = true;
-          User = "wyoming-faster-whisper";
-          StateDirectory = "wyoming/faster-whisper";
-          # https://github.com/home-assistant/addons/blob/master/whisper/rootfs/etc/s6-overlay/s6-rc.d/whisper/run
-          ExecStart = ''
-            ${cfg.package}/bin/wyoming-faster-whisper \
-              --data-dir $STATE_DIRECTORY \
-              --download-dir $STATE_DIRECTORY \
-              --uri ${options.uri} \
-              --model ${options.model} \
-              --language ${options.language} \
-              --beam-size ${options.beamSize} ${options.extraArgs}
-          '';
-          CapabilityBoundingSet = "";
-          DeviceAllow = if builtins.elem options.device [ "cuda" "auto" ] then [
-            # https://docs.nvidia.com/dgx/pdf/dgx-os-5-user-guide.pdf
-            "/dev/nvidia1"
-            "/dev/nvidia2"
-            "/dev/nvidia3"
-            "/dev/nvidia4"
-            "/dev/nvidia-caps/nvidia-cap1"
-            "/dev/nvidia-caps/nvidia-cap2"
-            "/dev/nvidiactl"
-            "/dev/nvidia-modeset"
-            "/dev/nvidia-uvm"
-            "/dev/nvidia-uvm-tools"
-          ] else "";
-          DevicePolicy = "closed";
-          LockPersonality = true;
-          MemoryDenyWriteExecute = true;
-          PrivateDevices = true;
-          PrivateUsers = true;
-          ProtectHome = true;
-          ProtectHostname = true;
-          ProtectKernelLogs = true;
-          ProtectKernelModules = true;
-          ProtectKernelTunables = true;
-          ProtectControlGroups = true;
-          ProtectProc = "invisible";
-          ProcSubset = "pid";
-          RestrictAddressFamilies = [
-            "AF_INET"
-            "AF_INET6"
-            "AF_UNIX"
-          ];
-          RestrictNamespaces = true;
-          RestrictRealtime = true;
-          SystemCallArchitectures = "native";
-          SystemCallFilter = [
-            "@system-service"
-            "~@privileged"
-          ];
-          UMask = "0077";
-        };
-      }) cfg.servers;
-  };
-}

nixos/modules/services/audio/wyoming/piper.nix

@@ -1,174 +0,0 @@
-{ config
-, lib
-, pkgs
-, ...
-}:
-
-let
-  cfg = config.services.wyoming.piper;
-
-  inherit (lib)
-    escapeShellArgs
-    mkOption
-    mdDoc
-    mkEnableOption
-    mkPackageOptionMD
-    types
-    ;
-
-  inherit (builtins)
-    toString
-    ;
-
-in
-
-{
-  meta.buildDocsInSandbox = false;
-
-  options.services.wyoming.piper = with types; {
-    package = mkPackageOptionMD pkgs "wyoming-piper" { };
-
-    servers = mkOption {
-      default = {};
-      description = mdDoc ''
-        Attribute set of piper instances to spawn.
-      '';
-      type = types.attrsOf (types.submodule (
-        { ... }: {
-          options = {
-            enable = mkEnableOption (mdDoc "Wyoming Piper server");
-
-            piper = mkPackageOptionMD pkgs "piper-tts" { };
-
-            voice = mkOption {
-              type = str;
-              example = "en-us-ryan-medium";
-              description = mdDoc ''
-                Name of the voice model to use. See the following website for samples:
-                https://rhasspy.github.io/piper-samples/
-              '';
-            };
-
-            uri = mkOption {
-              type = strMatching "^(tcp|unix)://.*$";
-              example = "tcp://0.0.0.0:10200";
-              description = mdDoc ''
-                URI to bind the wyoming server to.
-              '';
-            };
-
-            speaker = mkOption {
-              type = ints.unsigned;
-              default = 0;
-              description = mdDoc ''
-                ID of a specific speaker in a multi-speaker model.
-              '';
-              apply = toString;
-            };
-
-            noiseScale = mkOption {
-              type = float;
-              default = 0.667;
-              description = mdDoc ''
-                Generator noise value.
-              '';
-              apply = toString;
-            };
-
-            noiseWidth = mkOption {
-              type = float;
-              default = 0.333;
-              description = mdDoc ''
-                Phoneme width noise value.
-              '';
-              apply = toString;
-            };
-
-            lengthScale = mkOption {
-              type = float;
-              default = 1.0;
-              description = mdDoc ''
-                Phoneme length value.
-              '';
-              apply = toString;
-            };
-
-            extraArgs = mkOption {
-              type = listOf str;
-              default = [ ];
-              description = mdDoc ''
-                Extra arguments to pass to the server commandline.
-              '';
-              apply = escapeShellArgs;
-            };
-          };
-        }
-      ));
-    };
-  };
-
-  config = let
-    inherit (lib)
-      mapAttrs'
-      mkIf
-      nameValuePair
-    ;
-  in mkIf (cfg.servers != {}) {
-    systemd.services = mapAttrs' (server: options:
-      nameValuePair "wyoming-piper-${server}" {
-        description = "Wyoming Piper server instance ${server}";
-        after = [
-          "network-online.target"
-        ];
-        wantedBy = [
-          "multi-user.target"
-        ];
-        serviceConfig = {
-          DynamicUser = true;
-          User = "wyoming-piper";
-          StateDirectory = "wyoming/piper";
-          # https://github.com/home-assistant/addons/blob/master/piper/rootfs/etc/s6-overlay/s6-rc.d/piper/run
-          ExecStart = ''
-            ${cfg.package}/bin/wyoming-piper \
-              --data-dir $STATE_DIRECTORY \
-              --download-dir $STATE_DIRECTORY \
-              --uri ${options.uri} \
-              --piper ${options.piper}/bin/piper \
-              --voice ${options.voice} \
-              --speaker ${options.speaker} \
-              --length-scale ${options.lengthScale} \
-              --noise-scale ${options.noiseScale} \
-              --noise-w ${options.noiseWidth} ${options.extraArgs}
-          '';
-          CapabilityBoundingSet = "";
-          DeviceAllow = "";
-          DevicePolicy = "closed";
-          LockPersonality = true;
-          MemoryDenyWriteExecute = true;
-          PrivateDevices = true;
-          PrivateUsers = true;
-          ProtectHome = true;
-          ProtectHostname = true;
-          ProtectKernelLogs = true;
-          ProtectKernelModules = true;
-          ProtectKernelTunables = true;
-          ProtectControlGroups = true;
-          ProtectProc = "invisible";
-          ProcSubset = "pid";
-          RestrictAddressFamilies = [
-            "AF_INET"
-            "AF_INET6"
-            "AF_UNIX"
-          ];
-          RestrictNamespaces = true;
-          RestrictRealtime = true;
-          SystemCallArchitectures = "native";
-          SystemCallFilter = [
-            "@system-service"
-            "~@privileged"
-          ];
-          UMask = "0077";
-        };
-      }) cfg.servers;
-  };
-}

nixos/modules/services/continuous-integration/buildkite-agents.nix

@@ -11,7 +11,7 @@ let
       default = null;
       description = lib.mdDoc description;
       type = types.nullOr types.lines;
-    } // (lib.optionalAttrs (example != null) { inherit example; });
+    } // (if example == null then {} else { inherit example; });
   };
   mkHookOptions = hooks: listToAttrs (map mkHookOption hooks);