Revert "nixos/fonts: Add unifont to list of default fonts."

This reverts commit 53746ff9d2 because
it increases default system closure size significantly. It's also
unnecessary - people can always add fonts themselves.

.version

@@ -1 +1 @@
-16.03
+15.09

README.md

@@ -14,12 +14,12 @@ build daemon as so-called channels. To get channel information via git, add
 ```
 
 For stability and maximum binary package support, it is recommended to maintain
-custom changes on top of one of the channels, e.g. `nixos-15.09` for the latest
+custom changes on top of one of the channels, e.g. `nixos-14.12` for the latest
 release and `nixos-unstable` for the latest successful build of master:
 
 ```
 % git remote update channels
-% git rebase channels/nixos-15.09
+% git rebase channels/nixos-14.12
 ```
 
 For pull-requests, please rebase onto nixpkgs `master`.

default.nix

@@ -1,8 +1,6 @@
-let requiredVersion = "1.10"; in
+if ! builtins ? nixVersion || builtins.compareVersions "1.8" builtins.nixVersion == 1 then
 
-if ! builtins ? nixVersion || builtins.compareVersions requiredVersion builtins.nixVersion == 1 then
-
-  abort "This version of Nixpkgs requires Nix >= ${requiredVersion}, please upgrade! See https://nixos.org/wiki/How_to_update_when_Nix_is_too_old_to_evaluate_Nixpkgs"
+  abort "This version of Nixpkgs requires Nix >= 1.8, please upgrade! See https://nixos.org/wiki/How_to_update_when_nix_is_too_old_to_evaluate_nixpkgs"
 
 else
 

doc/default.nix

@@ -6,7 +6,7 @@ stdenv.mkDerivation {
 
   sources = sourceFilesBySuffices ./. [".xml"];
 
-  buildInputs = [ pandoc libxml2 libxslt ];
+  buildInputs = [ libxml2 libxslt ];
 
   xsltFlags = ''
     --param section.autolabel 1
@@ -19,23 +19,7 @@ stdenv.mkDerivation {
   '';
 
   buildCommand = ''
-    {
-      echo "<chapter xmlns=\"http://docbook.org/ns/docbook\""
-      echo "         xmlns:xlink=\"http://www.w3.org/1999/xlink\""
-      echo "         xml:id=\"users-guide-to-the-haskell-infrastructure\">"
-      echo ""
-      echo "<title>User's Guide to the Haskell Infrastructure</title>"
-      echo ""
-      pandoc ${./haskell-users-guide.md} -w docbook | \
-        sed -e 's|<ulink url=|<link xlink:href=|' \
-            -e 's|</ulink>|</link>|' \
-            -e 's|<sect. id=|<section xml:id=|' \
-            -e 's|</sect[0-9]>|</section>|'
-      echo ""
-      echo "</chapter>"
-    } >haskell-users-guide.xml
-
-    ln -s "$sources/"*.xml .
+    ln -s $sources/*.xml . # */
 
     echo ${nixpkgsVersion} > .version
 
@@ -53,7 +37,7 @@ stdenv.mkDerivation {
     cp ${./style.css} $dst/style.css
 
     mkdir -p $dst/images/callouts
-    cp "${docbook5_xsl}/xml/xsl/docbook/images/callouts/"*.gif $dst/images/callouts/
+    cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
 
     mkdir -p $out/nix-support
     echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products

doc/functions.xml

@@ -127,7 +127,7 @@ in ...</programlisting>
   <title>lib.makeOverridable</title>
 
   <para>
-    The function <varname>lib.makeOverridable</varname> is used to make the result
+    The function <varname>lib.makeOverridable</varname> is used make the result
     of a function easily customizable. This utility only makes sense for functions
     that accept an argument set and return an attribute set.
   </para>
@@ -236,20 +236,6 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
     <literal>runScript</literal> parameter, which is a command that would be
     executed inside the sandbox and passed all the command line arguments. It
     default to <literal>bash</literal>.
-  </para>
-  <para>
-    It also uses <literal>CHROOTENV_EXTRA_BINDS</literal> environment variable
-    for binding extra directories in the sandbox to outside places. The format of
-    the variable is <literal>/mnt=test-mnt:/data</literal>, where
-    <literal>/mnt</literal> would be mounted as <literal>/test-mnt</literal>
-    and <literal>/data</literal> would be mounted as <literal>/data</literal>.
-    <literal>extraBindMounts</literal> array argument to
-    <function>buildFHSUserEnv</function> function is prepended to this variable.
-    Latter entries take priority if defined several times -- i.e. in case of
-    <literal>/data=data1:/data=data2</literal> the actual bind path would be
-    <literal>/data2</literal>.
-  </para>
-  <para>
     One can create a simple environment using a <literal>shell.nix</literal>
     like that:
   </para>

doc/haskell-users-guide.md

@@ -1,719 +0,0 @@
----
-title: User's Guide for Haskell in Nixpkgs
-author: Peter Simons
-date: 2015-06-01
----
-
-# How to install Haskell packages
-
-Nixpkgs distributes build instructions for all Haskell packages registered on
-[Hackage](http://hackage.haskell.org/), but strangely enough normal Nix package
-lookups don't seem to discover any of them, except for the default version of ghc, cabal-install, and stack:
-
-    $ nix-env -i alex
-    error: selector ‘alex’ matches no derivations
-    $ nix-env -qa ghc
-    ghc-7.10.2
-
-The Haskell package set is not registered in the top-level namespace because it
-is *huge*. If all Haskell packages were visible to these commands, then
-name-based search/install operations would be much slower than they are now. We
-avoided that by keeping all Haskell-related packages in a separate attribute
-set called `haskellPackages`, which the following command will list:
-
-    $ nix-env -f "<nixpkgs>" -qaP -A haskellPackages
-    haskellPackages.a50         a50-0.5
-    haskellPackages.abacate     haskell-abacate-0.0.0.0
-    haskellPackages.abcBridge   haskell-abcBridge-0.12
-    haskellPackages.afv         afv-0.1.1
-    haskellPackages.alex        alex-3.1.4
-    haskellPackages.Allure      Allure-0.4.101.1
-    haskellPackages.alms        alms-0.6.7
-    [... some 8000 entries omitted  ...]
-
-To install any of those packages into your profile, refer to them by their
-attribute path (first column):
-
-    $ nix-env -f "<nixpkgs>" -iA haskellPackages.Allure ...
-
-The attribute path of any Haskell packages corresponds to the name of that
-particular package on Hackage: the package `cabal-install` has the attribute
-`haskellPackages.cabal-install`, and so on. (Actually, this convention causes
-trouble with packages like `3dmodels` and `4Blocks`, because these names are
-invalid identifiers in the Nix language. The issue of how to deal with these
-rare corner cases is currently unresolved.)
-
-Haskell packages who's Nix name (second column) begins with a `haskell-` prefix
-are packages that provide a library whereas packages without that prefix
-provide just executables. Libraries may provide executables too, though: the
-package `haskell-pandoc`, for example, installs both a library and an
-application. You can install and use Haskell executables just like any other
-program in Nixpkgs, but using Haskell libraries for development is a bit
-trickier and we'll address that subject in great detail in section [How to
-create a development environment].
-
-Attribute paths are deterministic inside of Nixpkgs, but the path necessary to
-reach Nixpkgs varies from system to system. We dodged that problem by giving
-`nix-env` an explicit `-f "<nixpkgs>"` parameter, but if you call `nix-env`
-without that flag, then chances are the invocation fails:
-
-    $ nix-env -iA haskellPackages.cabal-install
-    error: attribute ‘haskellPackages’ in selection path
-           ‘haskellPackages.cabal-install’ not found
-
-On NixOS, for example, Nixpkgs does *not* exist in the top-level namespace by
-default. To figure out the proper attribute path, it's easiest to query for the
-path of a well-known Nixpkgs package, i.e.:
-
-    $ nix-env -qaP coreutils
-    nixos.coreutils  coreutils-8.23
-
-If your system responds like that (most NixOS installations will), then the
-attribute path to `haskellPackages` is `nixos.haskellPackages`. Thus, if you
-want to use `nix-env` without giving an explicit `-f` flag, then that's the way
-to do it:
-
-    $ nix-env -qaP -A nixos.haskellPackages
-    $ nix-env -iA nixos.haskellPackages.cabal-install
-
-Our current default compiler is GHC 7.10.x and the `haskellPackages` set
-contains packages built with that particular version. Nixpkgs contains the
-latest major release of every GHC since 6.10.4, however, and there is a whole
-family of package sets available that defines Hackage packages built with each
-of those compilers, too:
-
-    $ nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc6123
-    $ nix-env -f "<nixpkgs>" -qaP -A haskell.packages.ghc763
-
-The name `haskellPackages` is really just a synonym for
-`haskell.packages.ghc7102`, because we prefer that package set internally and
-recommend it to our users as their default choice, but ultimately you are free
-to compile your Haskell packages with any GHC version you please. The following
-command displays the complete list of available compilers:
-
-    $ nix-env -f "<nixpkgs>" -qaP -A haskell.compiler
-    haskell.compiler.ghc6104        ghc-6.10.4
-    haskell.compiler.ghc6123        ghc-6.12.3
-    haskell.compiler.ghc704         ghc-7.0.4
-    haskell.compiler.ghc722         ghc-7.2.2
-    haskell.compiler.ghc742         ghc-7.4.2
-    haskell.compiler.ghc763         ghc-7.6.3
-    haskell.compiler.ghc784         ghc-7.8.4
-    haskell.compiler.ghc7102        ghc-7.10.2
-    haskell.compiler.ghcHEAD        ghc-7.11.20150402
-    haskell.compiler.ghcNokinds     ghc-nokinds-7.11.20150704
-    haskell.compiler.ghcjs          ghcjs-0.1.0
-    haskell.compiler.jhc            jhc-0.8.2
-    haskell.compiler.uhc            uhc-1.1.9.0
-
-We have no package sets for `jhc` or `uhc` yet, unfortunately, but for every
-version of GHC listed above, there exists a package set based on that compiler.
-Also, the attributes `haskell.compiler.ghcXYC` and
-`haskell.packages.ghcXYC.ghc` are synonymous for the sake of convenience.
-
-# How to create a development environment
-
-## How to install a compiler
-
-A simple development environment consists of a Haskell compiler and the tool
-`cabal-install`, and we saw in section [How to install Haskell packages] how
-you can install those programs into your user profile:
-
-    $ nix-env -f "<nixpkgs>" -iA haskellPackages.ghc haskellPackages.cabal-install
-
-Instead of the default package set `haskellPackages`, you can also use the more
-precise name `haskell.compiler.ghc7102`, which has the advantage that it refers
-to the same GHC version regardless of what Nixpkgs considers "default" at any
-given time.
-
-Once you've made those tools available in `$PATH`, it's possible to build
-Hackage packages the same way people without access to Nix do it all the time:
-
-    $ cabal get lens-4.11 && cd lens-4.11
-    $ cabal install -j --dependencies-only
-    $ cabal configure
-    $ cabal build
-
-If you enjoy working with Cabal sandboxes, then that's entirely possible too:
-just execute the command
-
-    $ cabal sandbox init
-
-before installing the required dependencies.
-
-The `nix-shell` utility makes it easy to switch to a different compiler
-version; just enter the Nix shell environment with the command
-
-    $ nix-shell -p haskell.compiler.ghc784
-
-to bring GHC 7.8.4 into `$PATH`. Re-running `cabal configure` switches your
-build to use that compiler instead. If you're working on a project that doesn't
-depend on any additional system libraries outside of GHC, then it's sufficient
-even to run the `cabal configure` command inside of the shell:
-
-    $ nix-shell -p haskell.compiler.ghc784 --command "cabal configure"
-
-Afterwards, all other commands like `cabal build` work just fine in any shell
-environment, because the configure phase recorded the absolute paths to all
-required tools like GHC in its build configuration inside of the `dist/`
-directory. Please note, however, that `nix-collect-garbage` can break such an
-environment because the Nix store paths created by `nix-shell` aren't "alive"
-anymore once `nix-shell` has terminated. If you find that your Haskell builds
-no longer work after garbage collection, then you'll have to re-run `cabal
-configure` inside of a new `nix-shell` environment.
-
-## How to install a compiler with libraries
-
-GHC expects to find all installed libraries inside of its own `lib` directory.
-This approach works fine on traditional Unix systems, but it doesn't work for
-Nix, because GHC's store path is immutable once it's built. We cannot install
-additional libraries into that location. As a consequence, our copies of GHC
-don't know any packages except their own core libraries, like `base`,
-`containers`, `Cabal`, etc.
-
-We can register additional libraries to GHC, however, using a special build
-function called `ghcWithPackages`. That function expects one argument: a
-function that maps from an attribute set of Haskell packages to a list of
-packages, which determines the libraries known to that particular version of
-GHC. For example, the Nix expression `ghcWithPackages (pkgs: [pkgs.mtl])`
-generates a copy of GHC that has the `mtl` library registered in addition to
-its normal core packages:
-
-    $ nix-shell -p "haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])"
-
-    [nix-shell:~]$ ghc-pkg list mtl
-    /nix/store/zy79...-ghc-7.10.2/lib/ghc-7.10.2/package.conf.d:
-        mtl-2.2.1
-
-This function allows users to define their own development environment by means
-of an override. After adding the following snippet to `~/.nixpkgs/config.nix`,
-
-    {
-      packageOverrides = super: let self = super.pkgs; in
-      {
-        myHaskellEnv = self.haskell.packages.ghc7102.ghcWithPackages
-                         (haskellPackages: with haskellPackages; [
-                           # libraries
-                           arrows async cgi criterion
-                           # tools
-                           cabal-install haskintex
-                         ]);
-      };
-    }
-
-it's possible to install that compiler with `nix-env -f "<nixpkgs>" -iA
-myHaskellEnv`. If you'd like to switch that development environment to a
-different version of GHC, just replace the `ghc7102` bit in the previous
-definition with the appropriate name. Of course, it's also possible to define
-any number of these development environments! (You can't install two of them
-into the same profile at the same time, though, because that would result in
-file conflicts.)
-
-The generated `ghc` program is a wrapper script that re-directs the real
-GHC executable to use a new `lib` directory --- one that we specifically
-constructed to contain all those packages the user requested:
-
-    $ cat $(type -p ghc)
-    #! /nix/store/xlxj...-bash-4.3-p33/bin/bash -e
-    export NIX_GHC=/nix/store/19sm...-ghc-7.10.2/bin/ghc
-    export NIX_GHCPKG=/nix/store/19sm...-ghc-7.10.2/bin/ghc-pkg
-    export NIX_GHC_DOCDIR=/nix/store/19sm...-ghc-7.10.2/share/doc/ghc/html
-    export NIX_GHC_LIBDIR=/nix/store/19sm...-ghc-7.10.2/lib/ghc-7.10.2
-    exec /nix/store/j50p...-ghc-7.10.2/bin/ghc "-B$NIX_GHC_LIBDIR" "$@"
-
-The variables `$NIX_GHC`, `$NIX_GHCPKG`, etc. point to the *new* store path
-`ghcWithPackages` constructed specifically for this environment. The last line
-of the wrapper script then executes the real `ghc`, but passes the path to the
-new `lib` directory using GHC's `-B` flag.
-
-The purpose of those environment variables is to work around an impurity in the
-popular [ghc-paths](http://hackage.haskell.org/package/ghc-paths) library. That
-library promises to give its users access to GHC's installation paths. Only,
-the library can't possible know that path when it's compiled, because the path
-GHC considers its own is determined only much later, when the user configures
-it through `ghcWithPackages`. So we [patched
-ghc-paths](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/ghc-paths-nix.patch)
-to return the paths found in those environment variables at run-time rather
-than trying to guess them at compile-time.
-
-To make sure that mechanism works properly all the time, we recommend that you
-set those variables to meaningful values in your shell environment, too, i.e.
-by adding the following code to your `~/.bashrc`:
-
-    if type >/dev/null 2>&1 -p ghc; then
-      eval "$(egrep ^export "$(type -p ghc)")"
-    fi
-
-If you are certain that you'll use only one GHC environment which is located in
-your user profile, then you can use the following code, too, which has the
-advantage that it doesn't contain any paths from the Nix store, i.e. those
-settings always remain valid even if a `nix-env -u` operation updates the GHC
-environment in your profile:
-
-    if [ -e ~/.nix-profile/bin/ghc ]; then
-      export NIX_GHC="$HOME/.nix-profile/bin/ghc"
-      export NIX_GHCPKG="$HOME/.nix-profile/bin/ghc-pkg"
-      export NIX_GHC_DOCDIR="$HOME/.nix-profile/share/doc/ghc/html"
-      export NIX_GHC_LIBDIR="$HOME/.nix-profile/lib/ghc-$($NIX_GHC --numeric-version)"
-    fi
-
-## How to install a compiler with libraries, hoogle and documentation indexes
-
-If you plan to use your environment for interactive programming, not just
-compiling random Haskell code, you might want to replace `ghcWithPackages` in
-all the listings above with `ghcWithHoogle`.
-
-This environment generator not only produces an environment with GHC and all
-the specified libraries, but also generates a `hoogle` and `haddock` indexes
-for all the packages, and provides a wrapper script around `hoogle` binary that
-uses all those things. A precise name for this thing would be
-"`ghcWithPackagesAndHoogleAndDocumentationIndexes`", which is, regrettably, too
-long and scary.
-
-For example, installing the following environment
-
-    {
-      packageOverrides = super: let self = super.pkgs; in
-      {
-        myHaskellEnv = self.haskellPackages.ghcWithHoogle
-                         (haskellPackages: with haskellPackages; [
-                           # libraries
-                           arrows async cgi criterion
-                           # tools
-                           cabal-install haskintex
-                         ]);
-      };
-    }
-
-allows one to browse module documentation index [not too dissimilar to
-this](https://downloads.haskell.org/~ghc/latest/docs/html/libraries/index.html)
-for all the specified packages and their dependencies by directing a browser of
-choice to `~/.nix-profiles/share/doc/hoogle/index.html` (or
-`/run/current-system/sw/share/doc/hoogle/index.html` in case you put it in
-`environment.systemPackages` in NixOS).
-
-After you've marveled enough at that try adding the following to your
-`~/.ghc/ghci.conf`
-
-    :def hoogle \s -> return $ ":! hoogle search -cl --count=15 \"" ++ s ++ "\""
-    :def doc \s -> return $ ":! hoogle search -cl --info \"" ++ s ++ "\""
-
-and test it by typing into `ghci`:
-
-    :hoogle a -> a
-    :doc a -> a
-
-Be sure to note the links to `haddock` files in the output. With any modern and
-properly configured terminal emulator you can just click those links to
-navigate there.
-
-Finally, you can run
-
-    hoogle server -p 8080
-
-and navigate to http://localhost:8080/ for your own local
-[Hoogle](https://www.haskell.org/hoogle/). Note, however, that Firefox and
-possibly other browsers disallow navigation from `http:` to `file:` URIs for
-security reasons, which might be quite an inconvenience. See [this
-page](http://kb.mozillazine.org/Links_to_local_pages_do_not_work) for
-workarounds.
-
-
-## How to create ad hoc environments for `nix-shell`
-
-The easiest way to create an ad hoc development environment is to run
-`nix-shell` with the appropriate GHC environment given on the command-line:
-
-    nix-shell -p "haskellPackages.ghcWithPackages (pkgs: with pkgs; [mtl pandoc])"
-
-For more sophisticated use-cases, however, it's more convenient to save the
-desired configuration in a file called `shell.nix` that looks like this:
-
-    { nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
-    let
-      inherit (nixpkgs) pkgs;
-      ghc = pkgs.haskell.packages.${compiler}.ghcWithPackages (ps: with ps; [
-              monad-par mtl
-            ]);
-    in
-    pkgs.stdenv.mkDerivation {
-      name = "my-haskell-env-0";
-      buildInputs = [ ghc ];
-      shellHook = "eval $(egrep ^export ${ghc}/bin/ghc)";
-    }
-
-Now run `nix-shell` --- or even `nix-shell --pure` --- to enter a shell
-environment that has the appropriate compiler in `$PATH`. If you use `--pure`,
-then add all other packages that your development environment needs into the
-`buildInputs` attribute. If you'd like to switch to a different compiler
-version, then pass an appropriate `compiler` argument to the expression, i.e.
-`nix-shell --argstr compiler ghc784`.
-
-If you need such an environment because you'd like to compile a Hackage package
-outside of Nix --- i.e. because you're hacking on the latest version from Git
----, then the package set provides suitable nix-shell environments for you
-already! Every Haskell package has an `env` attribute that provides a shell
-environment suitable for compiling that particular package. If you'd like to
-hack the `lens` library, for example, then you just have to check out the
-source code and enter the appropriate environment:
-
-      $ cabal get lens-4.11 && cd lens-4.11
-      Downloading lens-4.11...
-      Unpacking to lens-4.11/
-
-      $ nix-shell "<nixpkgs>" -A haskellPackages.lens.env
-      [nix-shell:/tmp/lens-4.11]$
-
-At point, you can run `cabal configure`, `cabal build`, and all the other
-development commands. Note that you need `cabal-install` installed in your
-`$PATH` already to use it here --- the `nix-shell` environment does not provide
-it.
-
-# How to create Nix builds for your own private Haskell packages
-
-If your own Haskell packages have build instructions for Cabal, then you can
-convert those automatically into build instructions for Nix using the
-`cabal2nix` utility, which you can install into your profile by running
-`nix-env -i cabal2nix`.
-
-## How to build a stand-alone project
-
-For example, let's assume that you're working on a private project called
-`foo`. To generate a Nix build expression for it, change into the project's
-top-level directory and run the command:
-
-    $ cabal2nix . >foo.nix
-
-Then write the following snippet into a file called `default.nix`:
-
-    { nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
-    nixpkgs.pkgs.haskell.packages.${compiler}.callPackage ./foo.nix { }
-
-Finally, store the following code in a file called `shell.nix`:
-
-    { nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
-    (import ./default.nix { inherit nixpkgs compiler; }).env
-
-At this point, you can run `nix-build` to have Nix compile your project and
-install it into a Nix store path. The local directory will contain a symlink
-called `result` after `nix-build` returns that points into that location. Of
-course, passing the flag `--argstr compiler ghc763` allows switching the build
-to any version of GHC currently supported.
-
-Furthermore, you can call `nix-shell` to enter an interactive development
-environment in which you can use `cabal configure` and `cabal build` to develop
-your code. That environment will automatically contain a proper GHC derivation
-with all the required libraries registered as well as all the system-level
-libraries your package might need.
-
-If your package does not depend on any system-level libraries, then it's
-sufficient to run
-
-    $ nix-shell --command "cabal configure"
-
-once to set up your build. `cabal-install` determines the absolute paths to all
-resources required for the build and writes them into a config file in the
-`dist/` directory. Once that's done, you can run `cabal build` and any other
-command for that project even outside of the `nix-shell` environment. This
-feature is particularly nice for those of us who like to edit their code with
-an IDE, like Emacs' `haskell-mode`, because it's not necessary to start Emacs
-inside of nix-shell just to make it find out the necessary settings for
-building the project; `cabal-install` has already done that for us.
-
-If you want to do some quick-and-dirty hacking and don't want to bother setting
-up a `default.nix` and `shell.nix` file manually, then you can use the
-`--shell` flag offered by `cabal2nix` to have it generate a stand-alone
-`nix-shell` environment for you. With that feature, running
-
-    $ cabal2nix --shell . >shell.nix
-    $ nix-shell --command "cabal configure"
-
-is usually enough to set up a build environment for any given Haskell package.
-You can even use that generated file to run `nix-build`, too:
-
-    $ nix-build shell.nix
-
-## How to build projects that depend on each other
-
-If you have multiple private Haskell packages that depend on each other, then
-you'll have to register those packages in the Nixpkgs set to make them visible
-for the dependency resolution performed by `callPackage`. First of all, change
-into each of your projects top-level directories and generate a `default.nix`
-file with `cabal2nix`:
-
-    $ cd ~/src/foo && cabal2nix . >default.nix
-    $ cd ~/src/bar && cabal2nix . >default.nix
-
-Then edit your `~/.nixpkgs/config.nix` file to register those builds in the
-default Haskell package set:
-
-      {
-        packageOverrides = super: let self = super.pkgs; in
-        {
-          haskellPackages = super.haskellPackages.override {
-            overrides = self: super: {
-              foo = self.callPackage ../src/foo {};
-              bar = self.callPackage ../src/bar {};
-            };
-          };
-        };
-      }
-
-Once that's accomplished, `nix-env -f "<nixpkgs>" -qA haskellPackages` will
-show your packages like any other package from Hackage, and you can build them
-
-    $ nix-build "<nixpkgs>" -A haskellPackages.foo
-
-or enter an interactive shell environment suitable for building them:
-
-    $ nix-shell "<nixpkgs>" -A haskellPackages.bar.env
-
-# Miscellaneous Topics
-
-## How to build with profiling enabled
-
-Every Haskell package set takes a function called `overrides` that you can use
-to manipulate the package as much as you please. One useful application of this
-feature is to replace the default `mkDerivation` function with one that enables
-library profiling for all packages. To accomplish that, add configure the
-following snippet in your `~/.nixpkgs/config.nix` file:
-
-    {
-      packageOverrides = super: let self = super.pkgs; in
-      {
-        profiledHaskellPackages = self.haskellPackages.override {
-          overrides = self: super: {
-            mkDerivation = args: super.mkDerivation (args // {
-              enableLibraryProfiling = true;
-            });
-          };
-        };
-      };
-    }
-
-Then, replace instances of `haskellPackages` in the `cabal2nix`-generated
-`default.nix` or `shell.nix` files with `profiledHaskellPackages`.
-
-## How to override package versions in a compiler-specific package set
-
-Nixpkgs provides the latest version of
-[`ghc-events`](http://hackage.haskell.org/package/ghc-events), which is 0.4.4.0
-at the time of this writing. This is fine for users of GHC 7.10.x, but GHC
-7.8.4 cannot compile that binary. Now, one way to solve that problem is to
-register an older version of `ghc-events` in the 7.8.x-specific package set.
-The first step is to generate Nix build instructions with `cabal2nix`:
-
-    $ cabal2nix cabal://ghc-events-0.4.3.0 >~/.nixpkgs/ghc-events-0.4.3.0.nix
-
-Then add the override in `~/.nixpkgs/config.nix`:
-
-    {
-      packageOverrides = super: let self = super.pkgs; in
-      {
-        haskell = super.haskell // {
-          packages = super.haskell.packages // {
-            ghc784 = super.haskell.packages.ghc784.override {
-              overrides = self: super: {
-                ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
-              };
-            };
-          };
-        };
-      };
-    }
-
-This code is a little crazy, no doubt, but it's necessary because the intuitive
-version
-
-    haskell.packages.ghc784 = super.haskell.packages.ghc784.override {
-      overrides = self: super: {
-        ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
-      };
-    };
-
-doesn't do what we want it to: that code replaces the `haskell` package set in
-Nixpkgs with one that contains only one entry,`packages`, which contains only
-one entry `ghc784`. This override loses the `haskell.compiler` set, and it
-loses the `haskell.packages.ghcXYZ` sets for all compilers but GHC 7.8.4. To
-avoid that problem, we have to perform the convoluted little dance from above,
-iterating over each step in hierarchy.
-
-Once it's accomplished, however, we can install a variant of `ghc-events`
-that's compiled with GHC 7.8.4:
-
-    nix-env -f "<nixpkgs>" -iA haskell.packages.ghc784.ghc-events
-
-Unfortunately, it turns out that this build fails again while executing the
-test suite! Apparently, the release archive on Hackage is missing some data
-files that the test suite requires, so we cannot run it. We accomplish that by
-re-generating the Nix expression with the `--no-check` flag:
-
-    $ cabal2nix --no-check cabal://ghc-events-0.4.3.0 >~/.nixpkgs/ghc-events-0.4.3.0.nix
-
-Now the builds succeeds.
-
-Of course, in the concrete example of `ghc-events` this whole exercise is not
-an ideal solution, because `ghc-events` can analyze the output emitted by any
-version of GHC later than 6.12 regardless of the compiler version that was used
-to build the `ghc-events' executable, so strictly speaking there's no reason to
-prefer one built with GHC 7.8.x in the first place. However, for users who
-cannot use GHC 7.10.x at all for some reason, the approach of downgrading to an
-older version might be useful.
-
-## How to recover from GHC's infamous non-deterministic library ID bug
-
-GHC and distributed build farms don't get along well:
-
-    https://ghc.haskell.org/trac/ghc/ticket/4012
-
-When you see an error like this one
-
-    package foo-0.7.1.0 is broken due to missing package
-    text-1.2.0.4-98506efb1b9ada233bb5c2b2db516d91
-
-then you have to download and re-install `foo` and all its dependents from
-scratch:
-
-    # nix-store -q --referrers /nix/store/*-haskell-text-1.2.0.4 \
-      | xargs -L 1 nix-store --repair-path --option binary-caches http://hydra.nixos.org
-
-If you're using additional Hydra servers other than `hydra.nixos.org`, then it
-might be necessary to purge the local caches that store data from those
-machines to disable these binary channels for the duration of the previous
-command, i.e. by running:
-
-    rm /nix/var/nix/binary-cache-v3.sqlite
-    rm /nix/var/nix/manifests/*
-    rm /nix/var/nix/channel-cache/*
-
-## Builds on Darwin fail with `math.h` not found
-
-Users of GHC on Darwin have occasionally reported that builds fail, because the
-compiler complains about a missing include file:
-
-    fatal error: 'math.h' file not found
-
-The issue has been discussed at length in [ticket
-6390](https://github.com/NixOS/nixpkgs/issues/6390), and so far no good
-solution has been proposed. As a work-around, users who run into this problem
-can configure the environment variables
-
-    export NIX_CFLAGS_COMPILE="-idirafter /usr/include"
-    export NIX_CFLAGS_LINK="-L/usr/lib"
-
-in their `~/.bashrc` file to avoid the compiler error.
-
-## Using Stack together with Nix
-
-    --  While building package zlib-0.5.4.2 using:
-      runhaskell -package=Cabal-1.22.4.0 -clear-package-db [... lots of flags ...]
-    Process exited with code: ExitFailure 1
-    Logs have been written to: /home/foo/src/stack-ide/.stack-work/logs/zlib-0.5.4.2.log
-
-    Configuring zlib-0.5.4.2...
-    Setup.hs: Missing dependency on a foreign library:
-    * Missing (or bad) header file: zlib.h
-    This problem can usually be solved by installing the system package that
-    provides this library (you may need the "-dev" version). If the library is
-    already installed but in a non-standard location then you can use the flags
-    --extra-include-dirs= and --extra-lib-dirs= to specify where it is.
-    If the header file does exist, it may contain errors that are caught by the C
-    compiler at the preprocessing stage. In this case you can re-run configure
-    with the verbosity flag -v3 to see the error messages.
-
-When you run the build inside of the nix-shell environment, the system
-is configured to find libz.so without any special flags -- the compiler
-and linker "just know" how to find it. Consequently, Cabal won't record
-any search paths for libz.so in the package description, which means
-that the package works fine inside of nix-shell, but once you leave the
-shell the shared object can no longer be found. That issue is by no
-means specific to Stack: you'll have that problem with any other
-Haskell package that's built inside of nix-shell but run outside of that
-environment.
-
-I suppose we could try to remedy the issue by wrapping `stack` or
-`cabal` with a script that tries to find those kind of implicit search
-paths and makes them explicit on the "cabal configure" command line. I
-don't think anyone is working on that subject yet, though, because the
-problem doesn't seem so bad in practice.
-
-You can remedy that issue in several ways. First of all, run
-
-    $ nix-build --no-out-link "<nixpkgs>" -A zlib
-    /nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8
-
-to find out the store path of the system's zlib library. Now, you can
-
-1) add that path (plus a "/lib" suffix) to your $LD_LIBRARY_PATH
-   environment variable to make sure your system linker finds libz.so
-   automatically. It's no pretty solution, but it will work.
-
-2) As a variant of (1), you can also install any number of system
-   libraries into your user's profile (or some other profile) and point
-   $LD_LIBRARY_PATH to that profile instead, so that you don't have to
-   list dozens of those store paths all over the place.
-
-3) The solution I prefer is to call stack with an appropriate
-   --extra-lib-dirs flag like so:
-
-    $ stack --extra-lib-dirs=/nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8/lib build
-
-   Typically, you'll need --extra-include-dirs as well. It's possible
-   to add those flag to the project's "stack.yaml" or your user's
-   global "~/.stack/global/stack.yaml" file so that you don't have to
-   specify them manually every time.
-
-   The same thing applies to `cabal configure`, of course, if you're
-   building with `cabal-install` instead of Stack.
-
-## Creating statically linked binaries
-
-There are two levels of static linking. The first option is to configure the
-build with the Cabal flag `--disable-executable-dynamic`. In Nix expressions,
-this can be achieved by setting the attribute:
-
-    enableSharedExecutables = false;
-
-That gives you a binary with statically linked Haskell libraries and
-dynamically linked system libraries.
-
-To link both Haskell libraries and system libraries statically, the additional
-flags `--ghc-option=-optl=-static --ghc-option=-optl=-pthread` need to be used.
-In Nix, this is accomplished with:
-
-    configureFlags = [ "--ghc-option=-optl=-static" "--ghc-option=-optl=-pthread" ];
-
-It's important to realize, however, that most system libraries in Nix are built
-as shared libraries only, i.e. there is just no static library available that
-Cabal could link!
-
-
-# Other resources
-
-- The Youtube video [Nix Loves Haskell](https://www.youtube.com/watch?v=BsBhi_r-OeE)
-  provides an introduction into Haskell NG aimed at beginners. The slides are
-  available at http://cryp.to/nixos-meetup-3-slides.pdf and also -- in a form
-  ready for cut & paste -- at
-  https://github.com/NixOS/cabal2nix/blob/master/doc/nixos-meetup-3-slides.md.
-
-- Another Youtube video is [Escaping Cabal Hell with Nix](https://www.youtube.com/watch?v=mQd3s57n_2Y),
-  which discusses the subject of Haskell development with Nix but also provides
-  a basic introduction to Nix as well, i.e. it's suitable for viewers with
-  almost no prior Nix experience.
-
-- Oliver Charles wrote a very nice [Tutorial how to develop Haskell packages with Nix](http://wiki.ocharles.org.uk/Nix).
-
-- The *Journey into the Haskell NG infrastructure* series of postings
-  describe the new Haskell infrastructure in great detail:
-
-    - [Part 1](http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015591.html)
-      explains the differences between the old and the new code and gives
-      instructions how to migrate to the new setup.
-
-    - [Part 2](http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015608.html)
-      looks in-depth at how to tweak and configure your setup by means of
-      overrides.
-
-    - [Part 3](http://lists.science.uu.nl/pipermail/nix-dev/2015-April/016912.html)
-      describes the infrastructure that keeps the Haskell package set in Nixpkgs
-      up-to-date.

doc/haskell-users-guide.xml

@@ -0,0 +1,912 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="users-guide-to-the-haskell-infrastructure">
+
+<title>User's Guide to the Haskell Infrastructure</title>
+
+<section xml:id="how-to-install-haskell-packages">
+  <title>How to install Haskell packages</title>
+  <para>
+    Nixpkgs distributes build instructions for all Haskell packages
+    registered on
+    <link xlink:href="http://hackage.haskell.org/">Hackage</link>, but
+    strangely enough normal Nix package lookups don't seem to discover
+    any of them, except for the default version of ghc, cabal-install, and stack:
+  </para>
+  <programlisting>
+$ nix-env -i alex
+error: selector ‘alex’ matches no derivations
+$ nix-env -qa ghc
+ghc-7.10.2
+</programlisting>
+  <para>
+    The Haskell package set is not registered in the top-level namespace
+    because it is <emphasis>huge</emphasis>. If all Haskell packages
+    were visible to these commands, then name-based search/install
+    operations would be much slower than they are now. We avoided that
+    by keeping all Haskell-related packages in a separate attribute set
+    called <literal>haskellPackages</literal>, which the following
+    command will list:
+  </para>
+  <programlisting>
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
+haskellPackages.a50         a50-0.5
+haskellPackages.abacate     haskell-abacate-0.0.0.0
+haskellPackages.abcBridge   haskell-abcBridge-0.12
+haskellPackages.afv         afv-0.1.1
+haskellPackages.alex        alex-3.1.4
+haskellPackages.Allure      Allure-0.4.101.1
+haskellPackages.alms        alms-0.6.7
+[... some 8000 entries omitted  ...]
+</programlisting>
+  <para>
+    To install any of those packages into your profile, refer to them by
+    their attribute path (first column):
+  </para>
+  <programlisting>
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.Allure ...
+</programlisting>
+  <para>
+    The attribute path of any Haskell packages corresponds to the name
+    of that particular package on Hackage: the package
+    <literal>cabal-install</literal> has the attribute
+    <literal>haskellPackages.cabal-install</literal>, and so on.
+    (Actually, this convention causes trouble with packages like
+    <literal>3dmodels</literal> and <literal>4Blocks</literal>, because
+    these names are invalid identifiers in the Nix language. The issue
+    of how to deal with these rare corner cases is currently
+    unresolved.)
+  </para>
+  <para>
+    Haskell packages who's Nix name (second column) begins with a
+    <literal>haskell-</literal> prefix are packages that provide a
+    library whereas packages without that prefix provide just
+    executables. Libraries may provide executables too, though: the
+    package <literal>haskell-pandoc</literal>, for example, installs
+    both a library and an application. You can install and use Haskell
+    executables just like any other program in Nixpkgs, but using
+    Haskell libraries for development is a bit trickier and we'll
+    address that subject in great detail in section
+    <link linkend="how-to-create-a-development-environment">How to
+    create a development environment</link>.
+  </para>
+  <para>
+    Attribute paths are deterministic inside of Nixpkgs, but the path
+    necessary to reach Nixpkgs varies from system to system. We dodged
+    that problem by giving <literal>nix-env</literal> an explicit
+    <literal>-f &quot;&lt;nixpkgs&gt;&quot;</literal> parameter, but if
+    you call <literal>nix-env</literal> without that flag, then chances
+    are the invocation fails:
+  </para>
+  <programlisting>
+$ nix-env -iA haskellPackages.cabal-install
+error: attribute ‘haskellPackages’ in selection path
+       ‘haskellPackages.cabal-install’ not found
+</programlisting>
+  <para>
+    On NixOS, for example, Nixpkgs does <emphasis>not</emphasis> exist
+    in the top-level namespace by default. To figure out the proper
+    attribute path, it's easiest to query for the path of a well-known
+    Nixpkgs package, i.e.:
+  </para>
+  <programlisting>
+$ nix-env -qaP coreutils
+nixos.coreutils  coreutils-8.23
+</programlisting>
+  <para>
+    If your system responds like that (most NixOS installations will),
+    then the attribute path to <literal>haskellPackages</literal> is
+    <literal>nixos.haskellPackages</literal>. Thus, if you want to
+    use <literal>nix-env</literal> without giving an explicit
+    <literal>-f</literal> flag, then that's the way to do it:
+  </para>
+  <programlisting>
+$ nix-env -qaP -A nixos.haskellPackages
+$ nix-env -iA nixos.haskellPackages.cabal-install
+</programlisting>
+  <para>
+    Our current default compiler is GHC 7.10.x and the
+    <literal>haskellPackages</literal> set contains packages built with
+    that particular version. Nixpkgs contains the latest major release
+    of every GHC since 6.10.4, however, and there is a whole family of
+    package sets available that defines Hackage packages built with each
+    of those compilers, too:
+  </para>
+  <programlisting>
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.packages.ghc6123
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.packages.ghc763
+</programlisting>
+  <para>
+    The name <literal>haskellPackages</literal> is really just a synonym
+    for <literal>haskell.packages.ghc7102</literal>, because we prefer
+    that package set internally and recommend it to our users as their
+    default choice, but ultimately you are free to compile your Haskell
+    packages with any GHC version you please. The following command
+    displays the complete list of available compilers:
+  </para>
+  <programlisting>
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskell.compiler
+haskell.compiler.ghc6104        ghc-6.10.4
+haskell.compiler.ghc6123        ghc-6.12.3
+haskell.compiler.ghc704         ghc-7.0.4
+haskell.compiler.ghc722         ghc-7.2.2
+haskell.compiler.ghc742         ghc-7.4.2
+haskell.compiler.ghc763         ghc-7.6.3
+haskell.compiler.ghc784         ghc-7.8.4
+haskell.compiler.ghc7102        ghc-7.10.2
+haskell.compiler.ghcHEAD        ghc-7.11.20150402
+haskell.compiler.ghcNokinds     ghc-nokinds-7.11.20150704
+haskell.compiler.ghcjs          ghcjs-0.1.0
+haskell.compiler.jhc            jhc-0.8.2
+haskell.compiler.uhc            uhc-1.1.9.0
+</programlisting>
+  <para>
+    We have no package sets for <literal>jhc</literal> or
+    <literal>uhc</literal> yet, unfortunately, but for every version of
+    GHC listed above, there exists a package set based on that compiler.
+    Also, the attributes <literal>haskell.compiler.ghcXYC</literal> and
+    <literal>haskell.packages.ghcXYC.ghc</literal> are synonymous for
+    the sake of convenience.
+  </para>
+</section>
+<section xml:id="how-to-create-a-development-environment">
+  <title>How to create a development environment</title>
+  <section xml:id="how-to-install-a-compiler">
+    <title>How to install a compiler</title>
+    <para>
+      A simple development environment consists of a Haskell compiler
+      and the tool <literal>cabal-install</literal>, and we saw in
+      section <link linkend="how-to-install-haskell-packages">How to
+      install Haskell packages</link> how you can install those programs
+      into your user profile:
+    </para>
+    <programlisting>
+$ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.ghc haskellPackages.cabal-install
+</programlisting>
+    <para>
+      Instead of the default package set
+      <literal>haskellPackages</literal>, you can also use the more
+      precise name <literal>haskell.compiler.ghc7102</literal>, which
+      has the advantage that it refers to the same GHC version
+      regardless of what Nixpkgs considers &quot;default&quot; at any
+      given time.
+    </para>
+    <para>
+      Once you've made those tools available in
+      <literal>$PATH</literal>, it's possible to build Hackage packages
+      the same way people without access to Nix do it all the time:
+    </para>
+    <programlisting>
+$ cabal get lens-4.11 &amp;&amp; cd lens-4.11
+$ cabal install -j --dependencies-only
+$ cabal configure
+$ cabal build
+</programlisting>
+    <para>
+      If you enjoy working with Cabal sandboxes, then that's entirely
+      possible too: just execute the command
+    </para>
+    <programlisting>
+$ cabal sandbox init
+</programlisting>
+    <para>
+      before installing the required dependencies.
+    </para>
+    <para>
+      The <literal>nix-shell</literal> utility makes it easy to switch
+      to a different compiler version; just enter the Nix shell
+      environment with the command
+    </para>
+    <programlisting>
+$ nix-shell -p haskell.compiler.ghc784
+</programlisting>
+    <para>
+      to bring GHC 7.8.4 into <literal>$PATH</literal>. Re-running
+      <literal>cabal configure</literal> switches your build to use that
+      compiler instead. If you're working on a project that doesn't
+      depend on any additional system libraries outside of GHC, then
+      it's sufficient even to run the <literal>cabal configure</literal>
+      command inside of the shell:
+    </para>
+    <programlisting>
+$ nix-shell -p haskell.compiler.ghc784 --command &quot;cabal configure&quot;
+</programlisting>
+    <para>
+      Afterwards, all other commands like <literal>cabal build</literal>
+      work just fine in any shell environment, because the configure
+      phase recorded the absolute paths to all required tools like GHC
+      in its build configuration inside of the <literal>dist/</literal>
+      directory. Please note, however, that
+      <literal>nix-collect-garbage</literal> can break such an
+      environment because the Nix store paths created by
+      <literal>nix-shell</literal> aren't &quot;alive&quot; anymore once
+      <literal>nix-shell</literal> has terminated. If you find that your
+      Haskell builds no longer work after garbage collection, then
+      you'll have to re-run <literal>cabal configure</literal> inside of
+      a new <literal>nix-shell</literal> environment.
+    </para>
+  </section>
+  <section xml:id="how-to-install-a-compiler-with-libraries">
+    <title>How to install a compiler with libraries</title>
+    <para>
+      GHC expects to find all installed libraries inside of its own
+      <literal>lib</literal> directory. This approach works fine on
+      traditional Unix systems, but it doesn't work for Nix, because
+      GHC's store path is immutable once it's built. We cannot install
+      additional libraries into that location. As a consequence, our
+      copies of GHC don't know any packages except their own core
+      libraries, like <literal>base</literal>,
+      <literal>containers</literal>, <literal>Cabal</literal>, etc.
+    </para>
+    <para>
+      We can register additional libraries to GHC, however, using a
+      special build function called <literal>ghcWithPackages</literal>.
+      That function expects one argument: a function that maps from an
+      attribute set of Haskell packages to a list of packages, which
+      determines the libraries known to that particular version of GHC.
+      For example, the Nix expression
+      <literal>ghcWithPackages (pkgs: [pkgs.mtl])</literal> generates a
+      copy of GHC that has the <literal>mtl</literal> library registered
+      in addition to its normal core packages:
+    </para>
+    <programlisting>
+$ nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: [pkgs.mtl])&quot;
+
+[nix-shell:~]$ ghc-pkg list mtl
+/nix/store/zy79...-ghc-7.10.2/lib/ghc-7.10.2/package.conf.d:
+    mtl-2.2.1
+</programlisting>
+    <para>
+      This function allows users to define their own development
+      environment by means of an override. After adding the following
+      snippet to <literal>~/.nixpkgs/config.nix</literal>,
+    </para>
+    <programlisting>
+{
+  packageOverrides = super: let self = super.pkgs; in
+  {
+    myHaskellEnv = self.haskell.packages.ghc7102.ghcWithPackages
+                     (haskellPackages: with haskellPackages; [
+                       # libraries
+                       arrows async cgi criterion
+                       # tools
+                       cabal-install haskintex
+                     ]);
+  };
+}
+</programlisting>
+    <para>
+      it's possible to install that compiler with
+      <literal>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA myHaskellEnv</literal>.
+      If you'd like to switch that development environment to a
+      different version of GHC, just replace the
+      <literal>ghc7102</literal> bit in the previous definition with the
+      appropriate name. Of course, it's also possible to define any
+      number of these development environments! (You can't install two
+      of them into the same profile at the same time, though, because
+      that would result in file conflicts.)
+    </para>
+    <para>
+      The generated <literal>ghc</literal> program is a wrapper script
+      that re-directs the real GHC executable to use a new
+      <literal>lib</literal> directory --- one that we specifically
+      constructed to contain all those packages the user requested:
+    </para>
+    <programlisting>
+$ cat $(type -p ghc)
+#! /nix/store/xlxj...-bash-4.3-p33/bin/bash -e
+export NIX_GHC=/nix/store/19sm...-ghc-7.10.2/bin/ghc
+export NIX_GHCPKG=/nix/store/19sm...-ghc-7.10.2/bin/ghc-pkg
+export NIX_GHC_DOCDIR=/nix/store/19sm...-ghc-7.10.2/share/doc/ghc/html
+export NIX_GHC_LIBDIR=/nix/store/19sm...-ghc-7.10.2/lib/ghc-7.10.2
+exec /nix/store/j50p...-ghc-7.10.2/bin/ghc &quot;-B$NIX_GHC_LIBDIR&quot; &quot;$@&quot;
+</programlisting>
+    <para>
+      The variables <literal>$NIX_GHC</literal>,
+      <literal>$NIX_GHCPKG</literal>, etc. point to the
+      <emphasis>new</emphasis> store path
+      <literal>ghcWithPackages</literal> constructed specifically for
+      this environment. The last line of the wrapper script then
+      executes the real <literal>ghc</literal>, but passes the path to
+      the new <literal>lib</literal> directory using GHC's
+      <literal>-B</literal> flag.
+    </para>
+    <para>
+      The purpose of those environment variables is to work around an
+      impurity in the popular
+      <link xlink:href="http://hackage.haskell.org/package/ghc-paths">ghc-paths</link>
+      library. That library promises to give its users access to GHC's
+      installation paths. Only, the library can't possible know that
+      path when it's compiled, because the path GHC considers its own is
+      determined only much later, when the user configures it through
+      <literal>ghcWithPackages</literal>. So we
+      <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/haskell-modules/ghc-paths-nix.patch">patched
+      ghc-paths</link> to return the paths found in those environment
+      variables at run-time rather than trying to guess them at
+      compile-time.
+    </para>
+    <para>
+      To make sure that mechanism works properly all the time, we
+      recommend that you set those variables to meaningful values in
+      your shell environment, too, i.e. by adding the following code to
+      your <literal>~/.bashrc</literal>:
+    </para>
+    <programlisting>
+if type &gt;/dev/null 2&gt;&amp;1 -p ghc; then
+  eval &quot;$(egrep ^export &quot;$(type -p ghc)&quot;)&quot;
+fi
+</programlisting>
+    <para>
+      If you are certain that you'll use only one GHC environment which
+      is located in your user profile, then you can use the following
+      code, too, which has the advantage that it doesn't contain any
+      paths from the Nix store, i.e. those settings always remain valid
+      even if a <literal>nix-env -u</literal> operation updates the GHC
+      environment in your profile:
+    </para>
+    <programlisting>
+if [ -e ~/.nix-profile/bin/ghc ]; then
+  export NIX_GHC=&quot;$HOME/.nix-profile/bin/ghc&quot;
+  export NIX_GHCPKG=&quot;$HOME/.nix-profile/bin/ghc-pkg&quot;
+  export NIX_GHC_DOCDIR=&quot;$HOME/.nix-profile/share/doc/ghc/html&quot;
+  export NIX_GHC_LIBDIR=&quot;$HOME/.nix-profile/lib/ghc-$($NIX_GHC --numeric-version)&quot;
+fi
+</programlisting>
+  </section>
+  <section xml:id="how-to-install-a-compiler-with-indexes">
+    <title>How to install a compiler with libraries, hoogle and documentation indexes</title>
+    <para>
+      If you plan to use your environment for interactive programming,
+      not just compiling random Haskell code, you might want to
+      replace <literal>ghcWithPackages</literal> in all the listings
+      above with <literal>ghcWithHoogle</literal>.
+    </para>
+    <para>
+      This environment generator not only produces an environment with
+      GHC and all the specified libraries, but also generates a
+      <literal>hoogle</literal> and <literal>haddock</literal> indexes
+      for all the packages, and provides a wrapper script around
+      <literal>hoogle</literal> binary that uses all those things. A
+      precise name for this thing would be
+      "<literal>ghcWithPackagesAndHoogleAndDocumentationIndexes</literal>",
+      which is, regrettably, too long and scary.
+    </para>
+    <para>
+      For example, installing the following environment
+    </para>
+    <programlisting>
+{
+  packageOverrides = super: let self = super.pkgs; in
+  {
+    myHaskellEnv = self.haskellPackages.ghcWithHoogle
+                     (haskellPackages: with haskellPackages; [
+                       # libraries
+                       arrows async cgi criterion
+                       # tools
+                       cabal-install haskintex
+                     ]);
+  };
+}
+</programlisting>
+    <para>
+      allows one to browse module documentation index <link
+      xlink:href="https://downloads.haskell.org/~ghc/latest/docs/html/libraries/index.html">not
+      too dissimilar to this</link> for all the specified packages and
+      their dependencies by directing a browser of choice to
+      <literal>~/.nix-profiles/share/doc/hoogle/index.html</literal>
+      (or
+      <literal>/run/current-system/sw/share/doc/hoogle/index.html</literal>
+      in case you put it in
+      <literal>environment.systemPackages</literal> in NixOS).
+    </para>
+    <para>
+      After you've marveled enough at that try adding the following to
+      your <literal>~/.ghc/ghci.conf</literal>
+    </para>
+    <programlisting>
+:def hoogle \s -> return $ ":! hoogle search -cl --count=15 \"" ++ s ++ "\""
+:def doc \s -> return $ ":! hoogle search -cl --info \"" ++ s ++ "\""
+</programlisting>
+    <para>
+      and test it by typing into <literal>ghci</literal>:
+    </para>
+    <programlisting>
+:hoogle a -> a
+:doc a -> a
+</programlisting>
+    <para>
+      Be sure to note the links to <literal>haddock</literal> files in
+      the output. With any modern and properly configured terminal
+      emulator you can just click those links to navigate there.
+    </para>
+    <para>
+      Finally, you can run
+    </para>
+    <programlisting>
+hoogle server -p 8080
+</programlisting>
+    <para>
+      and navigate to <link xlink:href="http://localhost:8080/"/> for
+      your own local <link
+      xlink:href="https://www.haskell.org/hoogle/">Hoogle</link>.
+      Note, however, that Firefox and possibly other browsers disallow
+      navigation from <literal>http:</literal> to
+      <literal>file:</literal> URIs for security reasons, which might
+      be quite an inconvenience. See <link
+      xlink:href="http://kb.mozillazine.org/Links_to_local_pages_do_not_work">this
+      page</link> for workarounds.
+    </para>
+  </section>
+  <section xml:id="how-to-create-ad-hoc-environments-for-nix-shell">
+    <title>How to create ad hoc environments for
+    <literal>nix-shell</literal></title>
+    <para>
+      The easiest way to create an ad hoc development environment is to
+      run <literal>nix-shell</literal> with the appropriate GHC
+      environment given on the command-line:
+    </para>
+    <programlisting>
+nix-shell -p &quot;haskellPackages.ghcWithPackages (pkgs: with pkgs; [mtl pandoc])&quot;
+</programlisting>
+    <para>
+      For more sophisticated use-cases, however, it's more convenient to
+      save the desired configuration in a file called
+      <literal>shell.nix</literal> that looks like this:
+    </para>
+    <programlisting>
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
+let
+  inherit (nixpkgs) pkgs;
+  ghc = pkgs.haskell.packages.${compiler}.ghcWithPackages (ps: with ps; [
+          monad-par mtl
+        ]);
+in
+pkgs.stdenv.mkDerivation {
+  name = &quot;my-haskell-env-0&quot;;
+  buildInputs = [ ghc ];
+  shellHook = &quot;eval $(egrep ^export ${ghc}/bin/ghc)&quot;;
+}
+</programlisting>
+    <para>
+      Now run <literal>nix-shell</literal> --- or even
+      <literal>nix-shell --pure</literal> --- to enter a shell
+      environment that has the appropriate compiler in
+      <literal>$PATH</literal>. If you use <literal>--pure</literal>,
+      then add all other packages that your development environment
+      needs into the <literal>buildInputs</literal> attribute. If you'd
+      like to switch to a different compiler version, then pass an
+      appropriate <literal>compiler</literal> argument to the
+      expression, i.e.
+      <literal>nix-shell --argstr compiler ghc784</literal>.
+    </para>
+    <para>
+      If you need such an environment because you'd like to compile a
+      Hackage package outside of Nix --- i.e. because you're hacking on
+      the latest version from Git ---, then the package set provides
+      suitable nix-shell environments for you already! Every Haskell
+      package has an <literal>env</literal> attribute that provides a
+      shell environment suitable for compiling that particular package.
+      If you'd like to hack the <literal>lens</literal> library, for
+      example, then you just have to check out the source code and enter
+      the appropriate environment:
+    </para>
+    <programlisting>
+  $ cabal get lens-4.11 &amp;&amp; cd lens-4.11
+  Downloading lens-4.11...
+  Unpacking to lens-4.11/
+
+  $ nix-shell &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.lens.env
+  [nix-shell:/tmp/lens-4.11]$
+</programlisting>
+    <para>
+      At point, you can run <literal>cabal configure</literal>,
+      <literal>cabal build</literal>, and all the other development
+      commands. Note that you need <literal>cabal-install</literal>
+      installed in your <literal>$PATH</literal> already to use it here
+      --- the <literal>nix-shell</literal> environment does not provide
+      it.
+    </para>
+  </section>
+</section>
+<section xml:id="how-to-create-nix-builds-for-your-own-private-haskell-packages">
+  <title>How to create Nix builds for your own private Haskell
+  packages</title>
+  <para>
+    If your own Haskell packages have build instructions for Cabal, then
+    you can convert those automatically into build instructions for Nix
+    using the <literal>cabal2nix</literal> utility, which you can
+    install into your profile by running
+    <literal>nix-env -i cabal2nix</literal>.
+  </para>
+  <section xml:id="how-to-build-a-stand-alone-project">
+    <title>How to build a stand-alone project</title>
+    <para>
+      For example, let's assume that you're working on a private project
+      called <literal>foo</literal>. To generate a Nix build expression
+      for it, change into the project's top-level directory and run the
+      command:
+    </para>
+    <programlisting>
+$ cabal2nix . &gt;foo.nix
+</programlisting>
+    <para>
+      Then write the following snippet into a file called
+      <literal>default.nix</literal>:
+    </para>
+    <programlisting>
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
+nixpkgs.pkgs.haskell.packages.${compiler}.callPackage ./foo.nix { }
+</programlisting>
+    <para>
+      Finally, store the following code in a file called
+      <literal>shell.nix</literal>:
+    </para>
+    <programlisting>
+{ nixpkgs ? import &lt;nixpkgs&gt; {}, compiler ? &quot;ghc7102&quot; }:
+(import ./default.nix { inherit nixpkgs compiler; }).env
+</programlisting>
+    <para>
+      At this point, you can run <literal>nix-build</literal> to have
+      Nix compile your project and install it into a Nix store path. The
+      local directory will contain a symlink called
+      <literal>result</literal> after <literal>nix-build</literal>
+      returns that points into that location. Of course, passing the
+      flag <literal>--argstr compiler ghc763</literal> allows switching
+      the build to any version of GHC currently supported.
+    </para>
+    <para>
+      Furthermore, you can call <literal>nix-shell</literal> to enter an
+      interactive development environment in which you can use
+      <literal>cabal configure</literal> and
+      <literal>cabal build</literal> to develop your code. That
+      environment will automatically contain a proper GHC derivation
+      with all the required libraries registered as well as all the
+      system-level libraries your package might need.
+    </para>
+    <para>
+      If your package does not depend on any system-level libraries,
+      then it's sufficient to run
+    </para>
+    <programlisting>
+$ nix-shell --command &quot;cabal configure&quot;
+</programlisting>
+    <para>
+      once to set up your build. <literal>cabal-install</literal>
+      determines the absolute paths to all resources required for the
+      build and writes them into a config file in the
+      <literal>dist/</literal> directory. Once that's done, you can run
+      <literal>cabal build</literal> and any other command for that
+      project even outside of the <literal>nix-shell</literal>
+      environment. This feature is particularly nice for those of us who
+      like to edit their code with an IDE, like Emacs'
+      <literal>haskell-mode</literal>, because it's not necessary to
+      start Emacs inside of nix-shell just to make it find out the
+      necessary settings for building the project;
+      <literal>cabal-install</literal> has already done that for us.
+    </para>
+    <para>
+      If you want to do some quick-and-dirty hacking and don't want to
+      bother setting up a <literal>default.nix</literal> and
+      <literal>shell.nix</literal> file manually, then you can use the
+      <literal>--shell</literal> flag offered by
+      <literal>cabal2nix</literal> to have it generate a stand-alone
+      <literal>nix-shell</literal> environment for you. With that
+      feature, running
+    </para>
+    <programlisting>
+$ cabal2nix --shell . &gt;shell.nix
+$ nix-shell --command &quot;cabal configure&quot;
+</programlisting>
+    <para>
+      is usually enough to set up a build environment for any given
+      Haskell package. You can even use that generated file to run
+      <literal>nix-build</literal>, too:
+    </para>
+    <programlisting>
+$ nix-build shell.nix
+</programlisting>
+  </section>
+  <section xml:id="how-to-build-projects-that-depend-on-each-other">
+    <title>How to build projects that depend on each other</title>
+    <para>
+      If you have multiple private Haskell packages that depend on each
+      other, then you'll have to register those packages in the Nixpkgs
+      set to make them visible for the dependency resolution performed
+      by <literal>callPackage</literal>. First of all, change into each
+      of your projects top-level directories and generate a
+      <literal>default.nix</literal> file with
+      <literal>cabal2nix</literal>:
+    </para>
+    <programlisting>
+$ cd ~/src/foo &amp;&amp; cabal2nix . &gt;default.nix
+$ cd ~/src/bar &amp;&amp; cabal2nix . &gt;default.nix
+</programlisting>
+    <para>
+      Then edit your <literal>~/.nixpkgs/config.nix</literal> file to
+      register those builds in the default Haskell package set:
+    </para>
+    <programlisting>
+  {
+    packageOverrides = super: let self = super.pkgs; in
+    {
+      haskellPackages = super.haskellPackages.override {
+        overrides = self: super: {
+          foo = self.callPackage ../src/foo {};
+          bar = self.callPackage ../src/bar {};
+        };
+      };
+    };
+  }
+</programlisting>
+    <para>
+      Once that's accomplished,
+      <literal>nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qA haskellPackages</literal>
+      will show your packages like any other package from Hackage, and
+      you can build them
+    </para>
+    <programlisting>
+$ nix-build &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.foo
+</programlisting>
+    <para>
+      or enter an interactive shell environment suitable for building
+      them:
+    </para>
+    <programlisting>
+$ nix-shell &quot;&lt;nixpkgs&gt;&quot; -A haskellPackages.bar.env
+</programlisting>
+  </section>
+</section>
+<section xml:id="miscellaneous-topics">
+  <title>Miscellaneous Topics</title>
+  <section xml:id="how-to-build-with-profiling-enabled">
+    <title>How to build with profiling enabled</title>
+    <para>
+      Every Haskell package set takes a function called
+      <literal>overrides</literal> that you can use to manipulate the
+      package as much as you please. One useful application of this
+      feature is to replace the default <literal>mkDerivation</literal>
+      function with one that enables library profiling for all packages.
+      To accomplish that, add configure the following snippet in your
+      <literal>~/.nixpkgs/config.nix</literal> file:
+    </para>
+    <programlisting>
+{
+  packageOverrides = super: let self = super.pkgs; in
+  {
+    profiledHaskellPackages = self.haskellPackages.override {
+      overrides = self: super: {
+        mkDerivation = args: super.mkDerivation (args // {
+          enableLibraryProfiling = true;
+        });
+      };
+    };
+  };
+}
+</programlisting>
+    <para>
+        Then, replace instances of <literal>haskellPackages</literal> in the
+        <literal>cabal2nix</literal>-generated <literal>default.nix</literal>
+        or <literal>shell.nix</literal> files with
+        <literal>profiledHaskellPackages</literal>.
+    </para>
+  </section>
+  <section xml:id="how-to-override-package-versions-in-a-compiler-specific-package-set">
+    <title>How to override package versions in a compiler-specific
+    package set</title>
+    <para>
+      Nixpkgs provides the latest version of
+      <link xlink:href="http://hackage.haskell.org/package/ghc-events"><literal>ghc-events</literal></link>,
+      which is 0.4.4.0 at the time of this writing. This is fine for
+      users of GHC 7.10.x, but GHC 7.8.4 cannot compile that binary.
+      Now, one way to solve that problem is to register an older version
+      of <literal>ghc-events</literal> in the 7.8.x-specific package
+      set. The first step is to generate Nix build instructions with
+      <literal>cabal2nix</literal>:
+    </para>
+    <programlisting>
+$ cabal2nix cabal://ghc-events-0.4.3.0 &gt;~/.nixpkgs/ghc-events-0.4.3.0.nix
+</programlisting>
+    <para>
+      Then add the override in <literal>~/.nixpkgs/config.nix</literal>:
+    </para>
+    <programlisting>
+{
+  packageOverrides = super: let self = super.pkgs; in
+  {
+    haskell = super.haskell // {
+      packages = super.haskell.packages // {
+        ghc784 = super.haskell.packages.ghc784.override {
+          overrides = self: super: {
+            ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
+          };
+        };
+      };
+    };
+  };
+}
+</programlisting>
+    <para>
+      This code is a little crazy, no doubt, but it's necessary because
+      the intuitive version
+    </para>
+    <programlisting>
+haskell.packages.ghc784 = super.haskell.packages.ghc784.override {
+  overrides = self: super: {
+    ghc-events = self.callPackage ./ghc-events-0.4.3.0.nix {};
+  };
+};
+</programlisting>
+    <para>
+      doesn't do what we want it to: that code replaces the
+      <literal>haskell</literal> package set in Nixpkgs with one that
+      contains only one entry,<literal>packages</literal>, which
+      contains only one entry <literal>ghc784</literal>. This override
+      loses the <literal>haskell.compiler</literal> set, and it loses
+      the <literal>haskell.packages.ghcXYZ</literal> sets for all
+      compilers but GHC 7.8.4. To avoid that problem, we have to perform
+      the convoluted little dance from above, iterating over each step
+      in hierarchy.
+    </para>
+    <para>
+      Once it's accomplished, however, we can install a variant of
+      <literal>ghc-events</literal> that's compiled with GHC 7.8.4:
+    </para>
+    <programlisting>
+nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskell.packages.ghc784.ghc-events
+</programlisting>
+    <para>
+      Unfortunately, it turns out that this build fails again while
+      executing the test suite! Apparently, the release archive on
+      Hackage is missing some data files that the test suite requires,
+      so we cannot run it. We accomplish that by re-generating the Nix
+      expression with the <literal>--no-check</literal> flag:
+    </para>
+    <programlisting>
+$ cabal2nix --no-check cabal://ghc-events-0.4.3.0 &gt;~/.nixpkgs/ghc-events-0.4.3.0.nix
+</programlisting>
+    <para>
+      Now the builds succeeds.
+    </para>
+    <para>
+      Of course, in the concrete example of
+      <literal>ghc-events</literal> this whole exercise is not an ideal
+      solution, because <literal>ghc-events</literal> can analyze the
+      output emitted by any version of GHC later than 6.12 regardless of
+      the compiler version that was used to build the `ghc-events'
+      executable, so strictly speaking there's no reason to prefer one
+      built with GHC 7.8.x in the first place. However, for users who
+      cannot use GHC 7.10.x at all for some reason, the approach of
+      downgrading to an older version might be useful.
+    </para>
+  </section>
+  <section xml:id="how-to-recover-from-ghcs-infamous-non-deterministic-library-id-bug">
+    <title>How to recover from GHC's infamous non-deterministic library
+    ID bug</title>
+    <para>
+      GHC and distributed build farms don't get along well:
+    </para>
+    <programlisting>
+https://ghc.haskell.org/trac/ghc/ticket/4012
+</programlisting>
+    <para>
+      When you see an error like this one
+    </para>
+    <programlisting>
+package foo-0.7.1.0 is broken due to missing package
+text-1.2.0.4-98506efb1b9ada233bb5c2b2db516d91
+</programlisting>
+    <para>
+      then you have to download and re-install <literal>foo</literal>
+      and all its dependents from scratch:
+    </para>
+    <programlisting>
+# nix-store -q --referrers /nix/store/*-haskell-text-1.2.0.4 \
+  | xargs -L 1 nix-store --repair-path --option binary-caches http://hydra.nixos.org
+</programlisting>
+    <para>
+      If you're using additional Hydra servers other than
+      <literal>hydra.nixos.org</literal>, then it might be necessary to
+      purge the local caches that store data from those machines to
+      disable these binary channels for the duration of the previous
+      command, i.e. by running:
+    </para>
+    <programlisting>
+rm /nix/var/nix/binary-cache-v3.sqlite
+rm /nix/var/nix/manifests/*
+rm /nix/var/nix/channel-cache/*
+</programlisting>
+  </section>
+  <section xml:id="builds-on-darwin-fail-with-math.h-not-found">
+    <title>Builds on Darwin fail with <literal>math.h</literal> not
+    found</title>
+    <para>
+      Users of GHC on Darwin have occasionally reported that builds
+      fail, because the compiler complains about a missing include file:
+    </para>
+    <programlisting>
+fatal error: 'math.h' file not found
+</programlisting>
+    <para>
+      The issue has been discussed at length in
+      <link xlink:href="https://github.com/NixOS/nixpkgs/issues/6390">ticket
+      6390</link>, and so far no good solution has been proposed. As a
+      work-around, users who run into this problem can configure the
+      environment variables
+    </para>
+    <programlisting>
+export NIX_CFLAGS_COMPILE=&quot;-idirafter /usr/include&quot;
+export NIX_CFLAGS_LINK=&quot;-L/usr/lib&quot;
+</programlisting>
+    <para>
+      in their <literal>~/.bashrc</literal> file to avoid the compiler
+      error.
+    </para>
+  </section>
+</section>
+
+<section xml:id="other-resources">
+  <title>Other resources</title>
+  <itemizedlist>
+    <listitem>
+      <para>
+        The Youtube video
+        <link xlink:href="https://www.youtube.com/watch?v=BsBhi_r-OeE">Nix
+        Loves Haskell</link> provides an introduction into Haskell NG
+        aimed at beginners. The slides are available at
+        http://cryp.to/nixos-meetup-3-slides.pdf and also -- in a form
+        ready for cut &amp; paste -- at
+        https://github.com/NixOS/cabal2nix/blob/master/doc/nixos-meetup-3-slides.md.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Another Youtube video is
+        <link xlink:href="https://www.youtube.com/watch?v=mQd3s57n_2Y">Escaping
+        Cabal Hell with Nix</link>, which discusses the subject of
+        Haskell development with Nix but also provides a basic
+        introduction to Nix as well, i.e. it's suitable for viewers with
+        almost no prior Nix experience.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        Oliver Charles wrote a very nice
+        <link xlink:href="http://wiki.ocharles.org.uk/Nix">Tutorial how to
+        develop Haskell packages with Nix</link>.
+      </para>
+    </listitem>
+    <listitem>
+      <para>
+        The <emphasis>Journey into the Haskell NG
+        infrastructure</emphasis> series of postings describe the new
+        Haskell infrastructure in great detail:
+      </para>
+      <itemizedlist>
+        <listitem>
+          <para>
+            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015591.html">Part
+            1</link> explains the differences between the old and the
+            new code and gives instructions how to migrate to the new
+            setup.
+          </para>
+        </listitem>
+        <listitem>
+          <para>
+            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-January/015608.html">Part
+            2</link> looks in-depth at how to tweak and configure your
+            setup by means of overrides.
+          </para>
+        </listitem>
+        <listitem>
+          <para>
+            <link xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-April/016912.html">Part
+            3</link> describes the infrastructure that keeps the
+            Haskell package set in Nixpkgs up-to-date.
+          </para>
+        </listitem>
+      </itemizedlist>
+    </listitem>
+  </itemizedlist>
+</section>
+
+</chapter>

doc/language-support.xml

@@ -981,72 +981,6 @@ stdenv.mkDerivation {
 </programlisting>
 </section>
 
-<section xml:id="sec-language-qt"><title>Qt</title>
-
-<para>The information in this section applies to Qt 5.5 and later.</para>
-
-<para>Qt is an application development toolkit for C++. Although it is
-not a distinct programming language, there are special considerations
-for packaging Qt-based programs and libraries. A small set of tools
-and conventions has grown out of these considerations.</para>
-
-<section xml:id="ssec-qt-libraries"><title>Libraries</title>
-
-<para>Packages that provide libraries should be listed in
-<varname>qt5LibsFun</varname> so that the library is built with each
-Qt version. A set of packages is provided for each version of Qt; for
-example, <varname>qt5Libs</varname> always provides libraries built
-with the latest version, <varname>qt55Libs</varname> provides
-libraries built with Qt 5.5, and so on. To avoid version conflicts, no
-top-level attributes are created for these packages.</para>
-
-</section>
-
-<section xml:id="ssec-qt-programs"><title>Programs</title>
-
-<para>Application packages do not need to be built with every Qt
-version. To ensure consistency between the package's dependencies,
-call the package with <literal>qt5Libs.callPackage</literal> instead
-of the usual <literal>callPackage</literal>. An older version may be
-selected in case of incompatibility. For example, to build with Qt
-5.5, call the package with
-<literal>qt55Libs.callPackage</literal>.</para>
-
-<para>Several environment variables must be set at runtime for Qt
-applications to function correctly, including:</para>
-
-<itemizedlist>
-  <listitem><para><envar>QT_PLUGIN_PATH</envar></para></listitem>
-  <listitem><para><envar>QML_IMPORT_PATH</envar></para></listitem>
-  <listitem><para><envar>QML2_IMPORT_PATH</envar></para></listitem>
-  <listitem><para><envar>XDG_DATA_DIRS</envar></para></listitem>
-</itemizedlist>
-
-<para>To ensure that these are set correctly, the program must be wrapped by
-invoking <literal>wrapQtProgram <replaceable>program</replaceable></literal>
-during installation (for example, during
-<literal>fixupPhase</literal>). <literal>wrapQtProgram</literal>
-accepts the same options as <literal>makeWrapper</literal>.
-</para>
-
-</section>
-
-<section xml:id="ssec-qt-kde"><title>KDE</title>
-
-<para>Many of the considerations above also apply to KDE packages,
-especially the need to set the correct environment variables at
-runtime. To ensure that this is done, invoke <literal>wrapKDEProgram
-<replaceable>program</replaceable></literal> during
-installation. <literal>wrapKDEProgram</literal> also generates a
-<literal>ksycoca</literal> database so that required data and services
-can be found. Like its Qt counterpart,
-<literal>wrapKDEProgram</literal> accepts the same options as
-<literal>makeWrapper</literal>.</para>
-
-</section>
-
-</section>
-
 <!--
 <section><title>Haskell</title>
 

doc/stdenv.xml

@@ -1204,7 +1204,7 @@ echo @foo@
   </varlistentry>
 
   <varlistentry>
-    <term>Qt 4</term>
+    <term>Qt</term>
     <listitem><para>Sets the <envar>QTDIR</envar> environment variable
     to Qt’s path.</para></listitem>
   </varlistentry>

lib/attrsets.nix

@@ -78,26 +78,6 @@ rec {
     listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
 
 
-  /* Filter an attribute set recursivelly by removing all attributes for
-     which the given predicate return false.
-
-     Example:
-       filterAttrsRecursive (n: v: v != null) { foo = { bar = null; }; }
-       => { foo = {}; }
-  */
-  filterAttrsRecursive = pred: set:
-    listToAttrs (
-      concatMap (name:
-        let v = set.${name}; in
-        if pred name v then [
-          (nameValuePair name (
-            if isAttrs v then filterAttrsRecursive pred v
-            else v
-          ))
-        ] else []
-      ) (attrNames set)
-    );
-
   /* foldAttrs: apply fold functions to values grouped by key. Eg accumulate values as list:
      foldAttrs (n: a: [n] ++ a) [] [{ a = 2; } { a = 3; }]
      => { a = [ 2 3 ]; }

lib/customisation.nix

@@ -164,23 +164,4 @@ rec {
       drv' = (lib.head outputsList).value;
     in lib.deepSeq drv' drv';
 
-  /* Make a set of packages with a common scope. All packages called
-     with the provided `callPackage' will be evaluated with the same
-     arguments. Any package in the set may depend on any other. The
-     `override' function allows subsequent modification of the package
-     set in a consistent way, i.e. all packages in the set will be
-     called with the overridden packages. The package sets may be
-     hierarchical: the packages in the set are called with the scope
-     provided by `newScope' and the set provides a `newScope' attribute
-     which can form the parent scope for later package sets. */
-  makeScope = newScope: f:
-    let self = f self // {
-          newScope = scope: newScope (self // scope);
-          callPackage = self.newScope {};
-          override = g: makeScope newScope (self_:
-            let super = f self_;
-            in super // g super self_);
-        };
-    in self;
-
 }

lib/licenses.nix

@@ -155,11 +155,6 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
     fullName = "GNU Free Documentation License v1.2";
   };
 
-  fdl13 = spdx {
-    spdxId = "GFDL-1.3";
-    fullName = "GNU Free Documentation License v1.2";
-  };
-
   free = {
     fullName = "Unspecified free software license";
   };

lib/maintainers.nix

@@ -7,7 +7,6 @@
      so it's easy to ping a package @maintainer.
   */
 
-  a1russell = "Adam Russell <adamlr6+pub@gmail.com>";
   abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
   abbradar = "Nikolay Amiantov <ab@fmap.me>";
   adev	   = "Adrien Devresse <adev@adev.name>";
@@ -19,7 +18,6 @@
   akc = "Anders Claesson <akc@akc.is>";
   algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
   all = "Nix Committers <nix-commits@lists.science.uu.nl>";
-  ambrop72 = "Ambroz Bizjak <ambrop7@gmail.com>";
   amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
   amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
   AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
@@ -71,7 +69,6 @@
   cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
   cwoac = "Oliver Matthews <oliver@codersoffortune.net>";
   DamienCassou = "Damien Cassou <damien@cassou.me>";
-  davidak = "David Kleuker <post@davidak.de>";
   davidrusu = "David Rusu <davidrusu.me@gmail.com>";
   dbohdan = "Danyil Bohdan <danyil.bohdan@gmail.com>";
   DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
@@ -81,9 +78,7 @@
   dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
   dfoxfranke = "Daniel Fox Franke <dfoxfranke@gmail.com>";
   dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
-  dochang = "Desmond O. Chang <dochang@gmail.com>";
   doublec = "Chris Double <chris.double@double.co.nz>";
-  ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
   ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
   eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
   edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
@@ -91,10 +86,8 @@
   eikek = "Eike Kettner <eike.kettner@posteo.de>";
   ellis = "Ellis Whitehead <nixos@ellisw.net>";
   emery = "Emery Hemingway <emery@vfemail.net>";
-  enolan = "Echo Nolan <echo@echonolan.net>";
   epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
   ericbmerritt = "Eric Merritt <eric@afiniate.com>";
-  erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
   ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
   exlevan = "Alexey Levan <exlevan@gmail.com>";
   falsifian = "James Cook <james.cook@utoronto.ca>";
@@ -102,8 +95,6 @@
   fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
   forkk = "Andrew Okin <forkk@forkk.net>";
   fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
-  fps = "Florian Paul Schmidt <mista.tapas@gmx.net>";
-  fridh = "Frederik Rietdijk <fridh@fridh.nl>";
   fro_ozen = "fro_ozen <fro_ozen@gmx.de>";
   ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
   funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
@@ -113,7 +104,6 @@
   garrison = "Jim Garrison <jim@garrison.cc>";
   gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
   gebner = "Gabriel Ebner <gebner@gebner.org>";
-  gfxmonk = "Tim Cuthbertson <tim@gfxmonk.net>";
   giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
   globin = "Robin Gloster <robin@glob.in>";
   goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
@@ -132,7 +122,6 @@
   iyzsong = "Song Wenwu <iyzsong@gmail.com>";
   j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
   jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
-  javaguirre = "Javier Aguirre <contacto@javaguirre.net>";
   jb55 = "William Casarin <bill@casarin.me>";
   jcumming = "Jack Cummings <jack@mudshark.org>";
   jefdaj = "Jeffrey David Johnson <jefdaj@gmail.com>";
@@ -148,15 +137,13 @@
   jwilberding = "Jordan Wilberding <jwilberding@afiniate.com>";
   jzellner = "Jeff Zellner <jeffz@eml.cc>";
   kamilchm = "Kamil Chmielewski <kamil.chm@gmail.com>";
-  kampfschlaefer = "Arnold Krille <arnold@arnoldarts.de>";
   khumba = "Bryan Gardiner <bog@khumba.net>";
   kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
   koral = "Koral <koral@mailoo.org>";
   kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
-  kragniz = "Louis Taylor <louis@kragniz.eu>";
+  kragniz = "Louis Taylor <kragniz@gmail.com>";
   ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
   lassulus = "Lassulus <lassulus@gmail.com>";
-  layus = "Guillaume Maudoux <layus.on@gmail.com>";
   lebastr = "Alexander Lebedev <lebastr@gmail.com>";
   leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
   lethalman = "Luca Bruno <lucabru@src.gnome.org>";
@@ -169,7 +156,6 @@
   lowfatcomputing = "Andreas Wagner <andreas.wagner@lowfatcomputing.org>";
   lsix = "Lancelot SIX <lsix@lancelotsix.com>";
   ludo = "Ludovic Courtès <ludo@gnu.org>";
-  lukego = "Luke Gorrie <luke@snabb.co>";
   madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
   magnetophon = "Bart Brouns <bart@magnetophon.nl>";
   mahe = "Matthias Herrmann <matthias.mh.herrmann@gmail.com>";
@@ -185,7 +171,6 @@
   meditans = "Carlo Nucera <meditans@gmail.com>";
   meisternu = "Matt Miemiec <meister@krutt.org>";
   michelk = "Michel Kuhlmann <michel@kuhlmanns.info>";
-  michaelpj = "Michael Peyton Jones <michaelpj@gmail.com>";
   mirdhyn = "Merlin Gaillard <mirdhyn@gmail.com>";
   mschristiansen = "Mikkel Christiansen <mikkel@rheosystems.com>";
   modulistic = "Pablo Costa <modulistic@gmail.com>";
@@ -197,7 +182,6 @@
   muflax = "Stefan Dorn <mail@muflax.com>";
   nathan-gs = "Nathan Bijnens <nathan@nathan.gs>";
   nckx = "Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>";
-  nico202 = "Nicolò Balzarotti <anothersms@gmail.com>";
   notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
   np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
   nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
@@ -245,7 +229,6 @@
   rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
   rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
   rycee = "Robert Helgesson <robert@rycee.net>";
-  samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
   sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
   schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
   schristo = "Scott Christopher <schristopher@konputa.com>";

lib/modules.nix

@@ -469,7 +469,6 @@ rec {
   mkBefore = mkOrder 500;
   mkAfter = mkOrder 1500;
 
-
   # Convenient property used to transfer all definitions and their
   # properties from one option to another. This property is useful for
   # renaming options, and also for including properties from another module
@@ -499,68 +498,4 @@ rec {
   /* Compatibility. */
   fixMergeModules = modules: args: evalModules { inherit modules args; check = false; };
 
-
-  /* Return a module that causes a warning to be shown if the
-     specified option is defined. For example,
-
-       mkRemovedOptionModule [ "boot" "loader" "grub" "bootDevice" ]
-
-     causes a warning if the user defines boot.loader.grub.bootDevice.
-  */
-  mkRemovedOptionModule = optionName:
-    { options, ... }:
-    { options = setAttrByPath optionName (mkOption {
-        visible = false;
-      });
-      config.warnings =
-        let opt = getAttrFromPath optionName options; in
-        optional opt.isDefined
-          "The option definition `${showOption optionName}' in ${showFiles opt.files} no longer has any effect; please remove it.";
-    };
-
-  /* Return a module that causes a warning to be shown if the
-     specified "from" option is defined; the defined value is however
-     forwarded to the "to" option. This can be used to rename options
-     while providing backward compatibility. For example,
-
-       mkRenamedOptionModule [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]
-
-     forwards any definitions of boot.copyKernels to
-     boot.loader.grub.copyKernels while printing a warning.
-  */
-  mkRenamedOptionModule = from: to: doRename {
-    inherit from to;
-    visible = false;
-    warn = true;
-    use = builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'.";
-  };
-
-  /* Like ‘mkRenamedOptionModule’, but doesn't show a warning. */
-  mkAliasOptionModule = from: to: doRename {
-    inherit from to;
-    visible = true;
-    warn = false;
-    use = id;
-  };
-
-  doRename = { from, to, visible, warn, use }:
-    let
-      toOf = attrByPath to
-        (abort "Renaming error: option `${showOption to}' does not exists.");
-    in
-      { config, options, ... }:
-      { options = setAttrByPath from (mkOption {
-          description = "Alias of <option>${showOption to}</option>.";
-          apply = x: use (toOf config);
-        });
-        config = {
-        /*
-          warnings =
-            let opt = getAttrFromPath from options; in
-            optional (warn && opt.isDefined)
-              "The option `${showOption from}' defined in ${showFiles opt.files} has been renamed to `${showOption to}'.";
-              */
-        } // setAttrByPath to (mkAliasDefinitions (getAttrFromPath from options));
-      };
-
 }

lib/types.nix

@@ -6,7 +6,7 @@ with import ./attrsets.nix;
 with import ./options.nix;
 with import ./trivial.nix;
 with import ./strings.nix;
-with {inherit (import ./modules.nix) mergeDefinitions filterOverrides; };
+with {inherit (import ./modules.nix) mergeDefinitions; };
 
 rec {
 
@@ -166,23 +166,6 @@ rec {
         substSubModules = m: loaOf (elemType.substSubModules m);
       };
 
-    # List or element of ...
-    loeOf = elemType: mkOptionType {
-      name = "element or list of ${elemType.name}s";
-      check = x: isList x || elemType.check x;
-      merge = loc: defs:
-        let
-          defs' = filterOverrides defs;
-          res = (head defs').value;
-        in
-        if isList res then concatLists (getValues defs')
-        else if lessThan 1 (length defs') then
-          throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
-        else if !isString res then
-          throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
-        else res;
-    };
-
     uniq = elemType: mkOptionType {
       inherit (elemType) name check;
       merge = mergeOneOption;

maintainers/scripts/gnome-latest.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+GNOME_FTP="ftp.gnome.org/pub/GNOME/sources"
+
+project=$1
+
+if [ "$project" == "--help" ]; then
+  echo "Usage: $0 project [major.minor]"
+  exit 0
+fi
+
+baseVersion=$2
+
+if [ -z "$project" ]; then
+  echo "No project specified, exiting"
+  exit 1
+fi
+
+# curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
+# any conversations with sysadmin. Somehow lftp works.
+if [ "$FTP_CLIENT" = "lftp" ]; then
+  ls_ftp() {
+    lftp -c "open $1; cls"
+  }
+else
+  ls_ftp() {
+    curl -l "$1"/
+  }
+fi
+
+if [ -z "$baseVersion" ]; then
+  echo "Looking for available versions..." >&2
+  available_baseversions=( `ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n` )
+  echo -e "The following versions are available:\n ${available_baseversions[@]}" >&2
+  echo -en "Choose one of them: " >&2
+  read baseVersion
+fi
+
+FTPDIR="${GNOME_FTP}/${project}/${baseVersion}"
+
+#version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
+# gnome's LATEST-IS is broken. Do not trust it.
+
+files=$(ls_ftp "${FTPDIR}")
+declare -A versions
+
+for f in $files; do
+  case $f in
+    (LATEST-IS-*|*.news|*.changes|*.sha256sum|*.diff*):
+      ;;
+    ($project-*.*.9*.tar.*):
+      tmp=${f#$project-}
+      tmp=${tmp%.tar*}
+      echo "Ignored unstable version ${tmp}" >&2
+      ;;
+    ($project-*.tar.*):
+      tmp=${f#$project-}
+      tmp=${tmp%.tar*}
+      versions[${tmp}]=1
+      ;;
+    (*):
+      echo "UNKNOWN FILE $f"
+      ;;
+  esac
+done
+echo "Found versions ${!versions[@]}" >&2
+version=`echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1`
+echo "Latest version is: ${version}" >&2
+
+name=${project}-${version}
+echo "Fetching .sha256 file" >&2
+curl -O http://${FTPDIR}/${name}.sha256sum
+
+extensions=( "xz" "bz2" "gz" )
+echo "Choosing archive extension (known are ${extensions[@]})..." >&2
+for ext in ${extensions[@]}; do
+  if grep "\\.tar\\.${ext}$" ${name}.sha256sum >& /dev/null; then
+    ext_pref=$ext
+    sha256=$(grep "\\.tar\\.${ext}$" ${name}.sha256sum | cut -f1 -d\ )
+    break
+  fi
+done
+sha256=`nix-hash --to-base32 --type sha256 $sha256`
+echo "Chosen ${ext_pref}, hash is ${sha256}" >&2
+
+cat <<EOF
+  name = "${project}-${version}";
+
+  src = fetchurl {
+    url = mirror://gnome/sources/${project}/${baseVersion}/${project}-${version}.tar.${ext_pref};
+    sha256 = "${sha256}";
+  };
+EOF
+
+rm -v ${name}.sha256sum >&2

maintainers/scripts/gnome.sh

@@ -1,138 +0,0 @@
-#!/usr/bin/env bash
-
-set -o pipefail
-
-GNOME_FTP="ftp.gnome.org/pub/GNOME/sources"
-
-usage() {
-  echo "Usage: $0 show|update project [major.minor]" >&2
-  exit 0
-}
-
-if [ "$#" -lt 1 ]; then
-  usage
-fi
-
-action="$1"
-project="$2"
-majorVersion="$3"
-
-if [ "$action" != "show" ] && [ "$action" != "update" ]; then
-  echo "Unknown action $action" >&2
-  usage
-fi
-
-if [ -z "$project" ]; then
-  echo "No project specified, exiting"
-  exit 1
-fi
-
-# curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
-# any conversations with sysadmin. Somehow lftp works.
-if [ "$FTP_CLIENT" = "lftp" ]; then
-  ls_ftp() {
-    lftp -c "open $1; cls"
-  }
-else
-  ls_ftp() {
-    curl -s -l "$1"/
-  }
-fi
-
-if [ -z "$majorVersion" ]; then
-  echo "Looking for available versions..." >&2
-  available_baseversions=( `ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n` )
-  if [ "$?" -ne "0" ]; then
-    echo "Project $project not found" >&2
-    exit 1
-  fi
-  
-  echo -e "The following versions are available:\n ${available_baseversions[@]}" >&2
-  echo -en "Choose one of them: " >&2
-  read majorVersion
-fi
-
-if echo "$majorVersion" | grep -q "[0-9]\+\.[0-9]\+\.[0-9]\+"; then
-	# not a major version
-	version="$majorVersion"
-	majorVersion=$(echo "$majorVersion" | cut -d '.' -f 1,2)
-fi
-
-FTPDIR="${GNOME_FTP}/${project}/${majorVersion}"
-
-#version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
-# gnome's LATEST-IS is broken. Do not trust it.
-
-if [ -z "$version" ]; then
-	files=$(ls_ftp "${FTPDIR}")
-	declare -A versions
-	
-	for f in $files; do
-		case $f in
-    (LATEST-IS-*|*.news|*.changes|*.sha256sum|*.diff*):
-		;;
-    ($project-*.*.9*.tar.*):
-		tmp=${f#$project-}
-		tmp=${tmp%.tar*}
-		echo "Ignored unstable version ${tmp}" >&2
-		;;
-    ($project-*.tar.*):
-		tmp=${f#$project-}
-		tmp=${tmp%.tar*}
-		versions[${tmp}]=1
-		;;
-    (*):
-		echo "UNKNOWN FILE $f"
-		;;
-		esac
-	done
-	echo "Found versions ${!versions[@]}" >&2
-	version=`echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1`
-	echo "Latest version is: ${version}" >&2
-fi
-
-name=${project}-${version}
-echo "Fetching .sha256 file" >&2
-sha256out=$(curl -s -f http://${FTPDIR}/${name}.sha256sum)
-
-if [ "$?" -ne "0" ]; then
-	echo "Version not found" >&2
-	exit 1
-fi
-
-extensions=( "xz" "bz2" "gz" )
-echo "Choosing archive extension (known are ${extensions[@]})..." >&2
-for ext in ${extensions[@]}; do
-  if echo -e "$sha256out" | grep -q "\\.tar\\.${ext}$"; then
-    ext_pref=$ext
-    sha256=$(echo -e "$sha256out" | grep "\\.tar\\.${ext}$" | cut -f1 -d\ )
-    break
-  fi
-done
-echo "Chosen ${ext_pref}, hash is ${sha256}" >&2
-
-src="# Autogenerated by maintainers/scripts/gnome.sh update
-
-fetchurl: {
-  name = \"${project}-${version}\";
-
-  src = fetchurl {
-    url = mirror://gnome/sources/${project}/${majorVersion}/${project}-${version}.tar.${ext_pref};
-    sha256 = \"${sha256}\";
-  };
-}"
-
-if [ "$action" == "update" ]; then
-  # find project in nixpkgs tree
-  GNOME_TOP=$(readlink -e $(dirname "${BASH_SOURCE[0]}")"/../../pkgs/desktops/gnome-3/")
-  projectPath=$(find "$GNOME_TOP" -name "$project" -print)
-  if [ -z "$projectPath" ]; then
-    echo "Project $project not found under $GNOME_TOP"
-    exit 1
-  fi
-
-  echo "Updating $projectPath/src.nix"
-  echo -e "$src" > "$projectPath/src.nix"
-else
-  echo -e "\n$src"
-fi

nixos/doc/manual/default.nix

@@ -31,8 +31,10 @@ let
     else
       fn;
 
-  # Convert the list of options into an XML file.
-  optionsXML = builtins.toFile "options.xml" (builtins.toXML optionsList');
+  # Convert the list of options into an XML file.  The builtin
+  # unsafeDiscardStringContext is used to prevent the realisation of
+  # the store paths which are used in options definitions.
+  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML optionsList'));
 
   optionsDocBook = runCommand "options-db.xml" {} ''
     optionsXML=${optionsXML}
@@ -137,8 +139,6 @@ in rec {
     ''; # */
 
     meta.description = "The NixOS manual in HTML format";
-
-    allowedReferences = ["out"];
   };
 
   manualPDF = stdenv.mkDerivation {
@@ -146,9 +146,12 @@ in rec {
 
     inherit sources;
 
-    buildInputs = [ libxml2 libxslt dblatex dblatex.tex ];
+    buildInputs = [ libxml2 libxslt dblatex tetex ];
 
     buildCommand = ''
+      # TeX needs a writable font cache.
+      export VARTEXFONTS=$TMPDIR/texfonts
+
       ${copySources}
 
       dst=$out/share/doc/nixos
@@ -159,7 +162,7 @@ in rec {
 
       mkdir -p $out/nix-support
       echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
-    '';
+    ''; # */
   };
 
   # Generate the NixOS manpages.
@@ -187,8 +190,6 @@ in rec {
         ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
         ./man-pages.xml
     '';
-
-    allowedReferences = ["out"];
   };
 
 }

nixos/doc/manual/installation/installing.xml

@@ -18,8 +18,8 @@
   <listitem><para>The NixOS manual is available on virtual console 8
   (press Alt+F8 to access).</para></listitem>
 
-  <listitem><para>You get logged in as <literal>root</literal>
-  (with empty password).</para></listitem>
+  <listitem><para>Login as <literal>root</literal> and the empty
+  password.</para></listitem>
 
   <listitem><para>If you downloaded the graphical ISO image, you can
   run <command>start display-manager</command> to start KDE.</para></listitem>

nixos/doc/manual/release-notes/release-notes.xml

@@ -9,7 +9,6 @@
 <para>This section lists the release notes for each stable version of NixOS
 and current unstable revision.</para>
 
-<xi:include href="rl-unstable.xml" />
 <xi:include href="rl-1509.xml" />
 <xi:include href="rl-1412.xml" />
 <xi:include href="rl-1404.xml" />

nixos/doc/manual/release-notes/rl-1509.xml

@@ -11,6 +11,28 @@ has the following highlights:</para>
 
 <itemizedlist>
 
+  <listitem>
+    <para>Gnome has been upgraded to 3.16.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>Xfce has been upgraded to 4.12.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
+      Plasma 5.3.2 and Applications 15.04.3.
+      KDE 4 has been updated to kdelibs-4.14.10.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>E19 has been upgraded to 0.16.8.15.
+    </para>
+  </listitem>
+
   <listitem>
     <para>The <link xlink:href="http://haskell.org/">Haskell</link>
     packages infrastructure has been re-designed from the ground up
@@ -56,32 +78,10 @@ system.autoUpgrade.enable = true;
     3.18.</para>
   </listitem>
 
-  <listitem>
-    <para>GNOME has been upgraded to 3.16.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>Xfce has been upgraded to 4.12.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
-      Plasma 5.3.2 and Applications 15.04.3.
-      KDE 4 has been updated to kdelibs-4.14.10.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para>E19 has been upgraded to 0.16.8.15.
-    </para>
-  </listitem>
-
 </itemizedlist>
 
 
-<para>The following new services were added since the last release:
+  <para>Following new services were added since the last release:
 
   <itemizedlist>
     <listitem><para><literal>services/mail/exim.nix</literal></para></listitem>
@@ -152,7 +152,7 @@ system.autoUpgrade.enable = true;
     <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem>
     <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem>
   </itemizedlist>
-</para>
+  </para>
 
 
 <para>When upgrading from a previous release, please be aware of the

nixos/doc/manual/release-notes/rl-unstable.xml

@@ -1,45 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-unstable">
-
-<title>Unstable</title>
-
-<para>When upgrading from a previous release, please be aware of the
-following incompatible changes:</para>
-
-<itemizedlist>
-  <listitem>
-    <para><command>wmiiSnap</command> has been replaced with
-    <command>wmii_hg</command>, but
-    <command>services.xserver.windowManager.wmii.enable</command> has
-    been updated respectively so this only affects you if you have
-    explicitly installed <command>wmiiSnap</command>.
-    </para>
-  </listitem>
-
-  <listitem>
-    <para><command>wmiimenu</command> is removed, as it has been
-    removed by the developers upstream. Use <command>wimenu</command>
-    from the <command>wmii-hg</command> package.</para>
-  </listitem>
-
-  <listitem>
-    <para>Gitit is no longer automatically added to the module list in
-    NixOS and as such there will not be any manual entries for it. You
-    will need to add an import statement to your NixOS configuration
-    in order to use it, e.g.
-
-<programlisting><![CDATA[
-{
-  imports = [ <nixos/modules/services/misc/gitit.nix> ];
-}
-]]></programlisting>
-
-    will include the Gitit service configuration options.</para>
-  </listitem>
-
-</itemizedlist>
-
-</section>

nixos/lib/eval-config.nix

@@ -54,6 +54,11 @@ in rec {
 
   # These are the extra arguments passed to every module.  In
   # particular, Nixpkgs is passed through the "pkgs" argument.
+  # FIXME: we enable config.allowUnfree to make packages like
+  # nvidia-x11 available. This isn't a problem because if the user has
+  # ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on
+  # the 64-bit package anyway. However, it would be cleaner to respect
+  # nixpkgs.config here.
   extraArgs = extraArgs_ // {
     inherit modules baseModules;
   };

nixos/lib/make-disk-image.nix

@@ -39,7 +39,6 @@ pkgs.vmTools.runInLinuxVM (
       exportReferencesGraph =
         [ "closure" config.system.build.toplevel ];
       inherit postVM;
-      memSize = 1024;
     }
     ''
       ${if partitioned then ''

nixos/maintainers/scripts/ec2/create-amis.sh

@@ -38,7 +38,8 @@ for type in hvm pv; do
         prevAmi=
         prevRegion=
 
-        for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
+        #for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
+        for region in eu-west-1 us-east-1; do
 
             name=nixos-$version-$arch-$type-$store
             description="NixOS $system $version ($type-$store)"
@@ -176,6 +177,7 @@ for type in hvm pv; do
                         extraFlags+=" --virtualization-type hvm"
                     fi
 
+                    set -x
                     ami=$(ec2-register \
                         -n "$name" \
                         -d "$description" \
@@ -191,17 +193,15 @@ for type in hvm pv; do
                 ami=$(cat $amiFile)
             fi
 
-            if [ -z "$NO_WAIT" -o -z "$prevAmi" ]; then
-                echo "waiting for AMI..."
-                while true; do
-                    status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5)
-                    if [ "$status" = available ]; then break; fi
-                    sleep 10
-                done
+            echo "waiting for AMI..."
+            while true; do
+                status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5)
+                if [ "$status" = available ]; then break; fi
+                sleep 10
+            done
 
-                ec2-modify-image-attribute \
-                    --region "$region" "$ami" -l -a all
-            fi
+            ec2-modify-image-attribute \
+                --region "$region" "$ami" -l -a all
 
             echo "region = $region, type = $type, store = $store, ami = $ami"
             if [ -z "$prevAmi" ]; then

nixos/modules/config/fonts/fontconfig.nix

@@ -108,8 +108,10 @@ with lib;
         subpixel = {
 
           rgba = mkOption {
+            type = types.string // {
+              check = flip elem ["rgb" "bgr" "vrgb" "vbgr" "none"];
+            };
             default = "rgb";
-            type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"];
             description = ''
               Subpixel order, one of <literal>none</literal>,
               <literal>rgb</literal>, <literal>bgr</literal>,
@@ -118,8 +120,10 @@ with lib;
           };
 
           lcdfilter = mkOption {
+            type = types.str // {
+              check = flip elem ["none" "default" "light" "legacy"];
+            };
             default = "default";
-            type = types.enum ["none" "default" "light" "legacy"];
             description = ''
               FreeType LCD filter, one of <literal>none</literal>,
               <literal>default</literal>, <literal>light</literal>, or

nixos/modules/config/fonts/fonts.nix

@@ -31,7 +31,6 @@ with lib;
         pkgs.xorg.fontbh100dpi
         pkgs.xorg.fontmiscmisc
         pkgs.xorg.fontcursormisc
-        pkgs.unifont
       ];
 
   };

nixos/modules/config/i18n.nix

@@ -52,15 +52,6 @@ in
         '';
       };
 
-      consoleUseXkbConfig = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          If set, configure the console keymap from the xserver keyboard
-          settings.
-        '';
-      };
-
       consoleKeyMap = mkOption {
         type = mkOptionType {
           name = "string or path";
@@ -83,13 +74,6 @@ in
 
   config = {
 
-    i18n.consoleKeyMap = with config.services.xserver;
-      mkIf config.i18n.consoleUseXkbConfig
-        (pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
-          '${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-            -option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
-        '');
-
     environment.systemPackages =
       optional (config.i18n.supportedLocales != []) glibcLocales;
 

nixos/modules/config/ldap.nix

@@ -108,7 +108,7 @@ in
 
         extraConfig = mkOption {
           default =  "";
-          type = types.lines;
+          type = types.string;
           description = ''
             Extra configuration options that will be added verbatim at
             the end of the nslcd configuration file (nslcd.conf).
@@ -120,7 +120,7 @@ in
         distinguishedName = mkOption {
           default = "";
           example = "cn=admin,dc=example,dc=com";
-          type = types.str;
+          type = types.string;
           description = ''
             The distinguished name to bind to the LDAP server with. If this
             is not specified, an anonymous bind will be done.
@@ -129,7 +129,7 @@ in
 
         password = mkOption {
           default = "/etc/ldap/bind.password";
-          type = types.str;
+          type = types.string;
           description = ''
             The path to a file containing the credentials to use when binding
             to the LDAP server (if not binding anonymously).
@@ -149,7 +149,7 @@ in
 
         policy = mkOption {
           default = "hard_open";
-          type = types.enum [ "hard_open" "hard_init" "soft" ];
+          type = types.string;
           description = ''
             Specifies the policy to use for reconnecting to an unavailable
             LDAP server. The default is <literal>hard_open</literal>, which
@@ -168,7 +168,7 @@ in
 
       extraConfig = mkOption {
         default = "";
-        type = types.lines;
+        type = types.string;
         description = ''
           Extra configuration options that will be added verbatim at
           the end of the ldap configuration file (ldap.conf).

nixos/modules/config/networking.nix

@@ -39,16 +39,6 @@ in
       '';
     };
 
-    networking.extraResolvconfConf = lib.mkOption {
-      type = types.lines;
-      default = "";
-      example = "libc=NO";
-      description = ''
-        Extra configuration to append to <filename>resolvconf.conf</filename>.
-      '';
-    };
-
-
     networking.proxy = {
 
       default = lib.mkOption {
@@ -160,7 +150,6 @@ in
             '' + optionalString dnsmasqResolve ''
               dnsmasq_conf=/etc/dnsmasq-conf.conf
               dnsmasq_resolv=/etc/dnsmasq-resolv.conf
-            '' + cfg.extraResolvconfConf + ''
             '';
 
       } // (optionalAttrs config.services.resolved.enable (

nixos/modules/config/power-management.nix

@@ -98,7 +98,6 @@ in
         after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
         script =
           ''
-            ${config.systemd.package}/bin/systemctl try-restart post-resume.target
             ${cfg.resumeCommands}
             ${cfg.powerUpCommands}
           '';

nixos/modules/config/shells-environment.nix

@@ -41,7 +41,20 @@ in
         strings.  The latter is concatenated, interspersed with colon
         characters.
       '';
-      type = types.attrsOf (types.loeOf types.str);
+      type = types.attrsOf (mkOptionType {
+        name = "a string or a list of strings";
+        merge = loc: defs:
+          let
+            defs' = filterOverrides defs;
+            res = (head defs').value;
+          in
+          if isList res then concatLists (getValues defs')
+          else if lessThan 1 (length defs') then
+            throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
+          else if !isString res then
+            throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
+          else res;
+      });
       apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
     };
 
@@ -57,8 +70,8 @@ in
       type = types.attrsOf (types.listOf types.str);
       example = { PATH = [ "/bin" "/sbin" ]; MANPATH = [ "/man" "/share/man" ]; };
       description = ''
-        Attribute set of environment variable.  Each attribute maps to a list
-        of relative paths.  Each relative path is appended to the each profile
+	Attribute set of environment variable.  Each attribute maps to a list
+	of relative paths.  Each relative path is appended to the each profile
         of <option>environment.profiles</option> to form the content of the
         corresponding environment variable.
       '';
@@ -123,7 +136,6 @@ in
         "''${pkgs.dash}/bin/dash"
       '';
       type = types.path;
-      visible = false;
       description = ''
         The shell executable that is linked system-wide to
         <literal>/bin/sh</literal>. Please note that NixOS assumes all

nixos/modules/config/system-environment.nix

@@ -23,7 +23,20 @@ in
         strings.  The latter is concatenated, interspersed with colon
         characters.
       '';
-      type = types.attrsOf (types.loeOf types.str);
+      type = types.attrsOf (mkOptionType {
+        name = "a string or a list of strings";
+        merge = loc: defs:
+          let
+            defs' = filterOverrides defs;
+            res = (head defs').value;
+          in
+          if isList res then concatLists (getValues defs')
+          else if lessThan 1 (length defs') then
+            throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
+          else if !isString res then
+            throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
+          else res;
+      });
       apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
     };
 

nixos/modules/config/users-groups.nix

@@ -550,8 +550,4 @@ in {
 
   };
 
-  imports =
-    [ (mkAliasOptionModule [ "users" "extraUsers" ] [ "users" "users" ])
-      (mkAliasOptionModule [ "users" "extraGroups" ] [ "users" "groups" ])
-    ];
 }

nixos/modules/installer/tools/auto-upgrade.nix

@@ -70,7 +70,7 @@ let cfg = config.system.autoUpgrade; in
       path = [ pkgs.gnutar pkgs.xz config.nix.package ];
 
       script = ''
-        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch ${toString cfg.flags}
+        ${config.system.build.nixos-rebuild}/bin/nixos-rebuild test ${toString cfg.flags}
       '';
 
       startAt = mkIf cfg.enable "04:40";

nixos/modules/installer/tools/nixos-generate-config.pl

@@ -152,22 +152,6 @@ sub pciCheck {
         push @kernelModules, "wl";
      }
 
-    # broadcom FullMac driver
-    # list taken from
-    # https://wireless.wiki.kernel.org/en/users/Drivers/brcm80211#brcmfmac
-    if ($vendor eq "0x14e4" &&
-        ($device eq "0x43a3" || $device eq "0x43df" || $device eq "0x43ec" ||
-         $device eq "0x43d3" || $device eq "0x43d9" || $device eq "0x43e9" ||
-         $device eq "0x43ba" || $device eq "0x43bb" || $device eq "0x43bc" ||
-         $device eq "0xaa52" || $device eq "0x43ca" || $device eq "0x43cb" ||
-         $device eq "0x43cc" || $device eq "0x43c3" || $device eq "0x43c4" ||
-         $device eq "0x43c5"
-        ) )
-    {
-        # we need e.g. brcmfmac43602-pcie.bin
-        push @imports, "<nixos/modules/hardware/network/broadcom-43xx.nix>";
-    }
-
     # Can't rely on $module here, since the module may not be loaded
     # due to missing firmware.  Ideally we would check modules.pcimap
     # here.
@@ -233,8 +217,8 @@ foreach my $path (glob "/sys/bus/usb/devices/*") {
 }
 
 
-# Add the modules for all block and MMC devices.
-foreach my $path (glob "/sys/class/{block,mmc_host}/*") {
+# Add the modules for all block devices.
+foreach my $path (glob "/sys/class/block/*") {
     my $module;
     if (-e "$path/device/driver/module") {
         $module = basename `readlink -f $path/device/driver/module`;

nixos/modules/installer/tools/nixos-install.sh

@@ -188,9 +188,6 @@ mkdir -m 0755 -p $mountPoint/bin
 ln -sf @shell@ $mountPoint/bin/sh
 
 
-# Build hooks likely won't function correctly in the minimal chroot; just disable them.
-unset NIX_BUILD_HOOK
-
 # Make the build below copy paths from the CD if possible.  Note that
 # /tmp/root in the chroot is the root of the CD.
 export NIX_OTHER_STORES=/tmp/root/nix:$NIX_OTHER_STORES

nixos/modules/misc/extra-arguments.nix

@@ -4,11 +4,6 @@
   _module.args = {
     pkgs_i686 = import ../../.. {
       system = "i686-linux";
-      # FIXME: we enable config.allowUnfree to make packages like
-      # nvidia-x11 available. This isn't a problem because if the user has
-      # ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on
-      # the 64-bit package anyway. However, it would be cleaner to respect
-      # nixpkgs.config here.
       config.allowUnfree = true;
     };
 

nixos/modules/misc/ids.nix

@@ -229,11 +229,6 @@
       riak = 205;
       shout = 206;
       gateone = 207;
-      namecoin = 208;
-      dnschain = 209;
-      #lxd = 210; # unused
-      kibana = 211;
-      xtreemfs = 212;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -441,11 +436,6 @@
       riak = 205;
       #shout = 206; #unused
       gateone = 207;
-      namecoin = 208;
-      #dnschain = 209; #unused
-      lxd = 210; # unused
-      #kibana = 211;
-      xtreemfs = 212;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/misc/version.nix

@@ -56,7 +56,7 @@ with lib;
     system.defaultChannel = mkOption {
       internal = true;
       type = types.str;
-      default = https://nixos.org/channels/nixos-unstable;
+      default = https://nixos.org/channels/nixos-15.09;
       description = "Default NixOS channel to which the root user is subscribed.";
     };
 
@@ -75,7 +75,7 @@ with lib;
       mkDefault (if pathExists fn then readFile fn else "master");
 
     # Note: code names must only increase in alphabetical order.
-    system.nixosCodeName = "Emu";
+    system.nixosCodeName = "Dingo";
 
     # Generate /etc/os-release.  See
     # http://0pointer.de/public/systemd-man/os-release.html for the

nixos/modules/module-list.nix

@@ -197,7 +197,7 @@
   ./services/misc/etcd.nix
   ./services/misc/felix.nix
   ./services/misc/folding-at-home.nix
-  #./services/misc/gitit.nix
+  ./services/misc/gitit.nix
   ./services/misc/gitlab.nix
   ./services/misc/gitolite.nix
   ./services/misc/gpsd.nix
@@ -257,7 +257,6 @@
   ./services/network-filesystems/diod.nix
   ./services/network-filesystems/u9fs.nix
   ./services/network-filesystems/yandex-disk.nix
-  ./services/network-filesystems/xtreemfs.nix
   ./services/networking/aiccu.nix
   ./services/networking/amuled.nix
   ./services/networking/asterisk.nix
@@ -276,7 +275,6 @@
   ./services/networking/ddclient.nix
   ./services/networking/dhcpcd.nix
   ./services/networking/dhcpd.nix
-  ./services/networking/dnschain.nix
   ./services/networking/dnscrypt-proxy.nix
   ./services/networking/dnsmasq.nix
   ./services/networking/docker-registry-server.nix
@@ -305,7 +303,6 @@
   ./services/networking/minidlna.nix
   ./services/networking/mstpd.nix
   ./services/networking/murmur.nix
-  ./services/networking/namecoind.nix
   ./services/networking/nat.nix
   ./services/networking/networkmanager.nix
   ./services/networking/ngircd.nix
@@ -340,7 +337,6 @@
   ./services/networking/ssh/lshd.nix
   ./services/networking/ssh/sshd.nix
   ./services/networking/strongswan.nix
-  ./services/networking/supplicant.nix
   ./services/networking/supybot.nix
   ./services/networking/syncthing.nix
   ./services/networking/tcpcrypt.nix
@@ -367,7 +363,6 @@
   ./services/scheduling/fcron.nix
   ./services/scheduling/marathon.nix
   ./services/search/elasticsearch.nix
-  ./services/search/kibana.nix
   ./services/search/solr.nix
   ./services/security/clamav.nix
   ./services/security/fail2ban.nix
@@ -377,7 +372,6 @@
   ./services/security/haveged.nix
   ./services/security/hologram.nix
   ./services/security/munge.nix
-  ./services/security/physlock.nix
   ./services/security/torify.nix
   ./services/security/tor.nix
   ./services/security/torsocks.nix
@@ -492,7 +486,6 @@
   ./virtualisation/docker.nix
   ./virtualisation/libvirtd.nix
   ./virtualisation/lxc.nix
-  ./virtualisation/lxd.nix
   ./virtualisation/amazon-options.nix
   ./virtualisation/openvswitch.nix
   ./virtualisation/parallels-guest.nix

nixos/modules/profiles/base.nix

@@ -47,7 +47,7 @@
   ];
 
   # Include support for various filesystems.
-  boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "zfs" "ntfs" "cifs" ];
+  boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" "zfs" "ntfs" "cifs" ];
 
   # Configure host id for ZFS to work
   networking.hostId = "8425e349";

nixos/modules/programs/cdemu.nix

@@ -9,28 +9,19 @@ in {
     programs.cdemu = {
       enable = mkOption {
         default = false;
-        description = ''
-          <command>cdemu</command> for members of
-          <option>programs.cdemu.group</option>.
-        '';
+        description = "Whether to enable cdemu for users of appropriate group (default cdrom)";
       };
       group = mkOption {
         default = "cdrom";
-        description = ''
-          Group that users must be in to use <command>cdemu</command>.
-        '';
+        description = "Required group for users of cdemu";
       };
       gui = mkOption {
         default = true;
-        description = ''
-          Whether to install the <command>cdemu</command> GUI (gCDEmu).
-        '';
+        description = "Whether to install cdemu GUI (gCDEmu)";
       };
       image-analyzer = mkOption {
         default = true;
-        description = ''
-          Whether to install the image analyzer.
-        '';
+        description = "Whether to install image analyzer";
       };
     };
   };

nixos/modules/programs/ssh.nix

@@ -36,6 +36,7 @@ in
 
       askPassword = mkOption {
         type = types.str;
+        default = "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
         description = ''Program used by SSH to ask for passwords.'';
       };
 
@@ -222,7 +223,5 @@ in
         export SSH_ASKPASS=${askPassword}
       '';
 
-    programs.ssh.askPassword = mkDefault "${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass";
-
   };
 }

nixos/modules/programs/venus.nix

@@ -41,7 +41,7 @@ in
 
       dates = mkOption {
         default = "*:0/15";
-        type = types.str;
+        type = types.string;
         description = ''
           Specification (in the format described by
           <citerefentry><refentrytitle>systemd.time</refentrytitle>
@@ -52,7 +52,7 @@ in
 
       user = mkOption {
         default = "root";
-        type = types.str;
+        type = types.string;
         description = ''
           User for running venus script.
         '';
@@ -60,7 +60,7 @@ in
 
       group = mkOption {
         default = "root";
-        type = types.str;
+        type = types.string;
         description = ''
           Group for running venus script.
         '';
@@ -68,7 +68,7 @@ in
 
       name = mkOption {
         default = "NixOS Planet";
-        type = types.str;
+        type = types.string;
         description = ''
           Your planet's name.
         '';
@@ -76,7 +76,7 @@ in
 
       link = mkOption {
         default = "http://planet.nixos.org";
-        type = types.str;
+        type = types.string;
         description = ''
           Link to the main page.
         '';
@@ -84,7 +84,7 @@ in
 
       ownerName = mkOption {
         default = "Rok Garbas";
-        type = types.str;
+        type = types.string;
         description = ''
           Your name.
         '';
@@ -92,13 +92,14 @@ in
 
       ownerEmail = mkOption {
         default = "some@example.com";
-        type = types.str;
+        type = types.string;
         description = ''
           Your e-mail address.
         '';
       };
 
       outputTheme = mkOption {
+        default = "${pkgs.venus}/themes/classic_fancy";
         type = types.path;
         description = ''
           Directory containing a config.ini file which is merged with this one.
@@ -169,7 +170,5 @@ in
         startAt = cfg.dates;
       };
 
-    services.venus.outputTheme = mkDefault "${pkgs.venus}/themes/classic_fancy";
-
   };
 }

nixos/modules/programs/wvdial.nix

@@ -24,7 +24,7 @@ in
 
       dialerDefaults = mkOption {
         default = "";
-        type = types.str;
+        type = types.string;
         example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
         description = ''
           Contents of the "Dialer Defaults" section of
@@ -40,7 +40,7 @@ in
           persist
           noauth
         '';
-        type = types.str;
+        type = types.string;
         description = "Default ppp settings for wvdial.";
       };
 

nixos/modules/programs/xfs_quota.nix

@@ -32,25 +32,25 @@ in
             };
 
             fileSystem = mkOption {
-              type = types.str;
+              type = types.string;
               description = "XFS filesystem hosting the xfs_quota project.";
               default = "/";
             };
 
             path = mkOption {
-              type = types.str;
+              type = types.string;
               description = "Project directory.";
             };
 
             sizeSoftLimit = mkOption {
-              type = types.nullOr types.str;
+              type = types.nullOr types.string;
               default = null;
               example = "30g";
               description = "Soft limit of the project size";
             };
 
             sizeHardLimit = mkOption {
-              type = types.nullOr types.str;
+              type = types.nullOr types.string;
               default = null;
               example = "50g";
               description = "Hard limit of the project size.";

nixos/modules/rename.nix

@@ -1,88 +1,169 @@
-{ lib, ... }:
+{ config, lib, options, ... }:
 
 with lib;
 
-{
-  imports = [
-    (mkRenamedOptionModule [ "environment" "x11Packages" ] [ "environment" "systemPackages" ])
-    (mkRenamedOptionModule [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ])
-    (mkRenamedOptionModule [ "environment" "nix" ] [ "nix" "package" ])
-    (mkRenamedOptionModule [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ])
-    (mkRenamedOptionModule [ "fonts" "extraFonts" ] [ "fonts" "fonts" ])
+let
 
-    (mkRenamedOptionModule [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ])
-    (mkRenamedOptionModule [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ])
-    (mkRenamedOptionModule [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ])
+  alias = from: to: rename {
+    inherit from to;
+    name = "Alias";
+    use = id;
+    define = id;
+    visible = true;
+  };
 
-    # Old Grub-related options.
-    (mkRenamedOptionModule [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ])
-    (mkRenamedOptionModule [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ])
+  # warn option was renamed
+  obsolete = from: to: rename {
+    inherit from to;
+    name = "Obsolete name";
+    use = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
+    define = x: builtins.trace "Obsolete option `${showOption from}' is used. It was renamed to `${showOption to}'." x;
+  };
 
-    # smartd
-    (mkRenamedOptionModule [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ])
+  # abort if deprecated option is used
+  deprecated = from: to: rename {
+    inherit from to;
+    name = "Deprecated name";
+    use = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
+    define = x: abort "Deprecated option `${showOption from}' is used. It was renamed to `${showOption to}'.";
+  };
 
-    # OpenSSH
-    (mkRenamedOptionModule [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ])
-    (mkAliasOptionModule [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ])
-    (mkRenamedOptionModule [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ])
-    (mkRenamedOptionModule [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ])
-    (mkRenamedOptionModule [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ])
-    (mkRenamedOptionModule [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ])
-    (mkRenamedOptionModule [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ])
-    (mkRenamedOptionModule [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ])
-    (mkAliasOptionModule [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ])
+  showOption = concatStringsSep ".";
 
-    # VirtualBox
-    (mkRenamedOptionModule [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
-    (mkRenamedOptionModule [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ])
-    (mkRenamedOptionModule [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
-    (mkRenamedOptionModule [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
-    (mkRenamedOptionModule [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
-    (mkRenamedOptionModule [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ])
-    (mkRenamedOptionModule [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ])
-    (mkRenamedOptionModule [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ])
+  zipModules = list:
+    zipAttrsWith (n: v:
+      if tail v != [] then
+        if all (o: isAttrs o && o ? _type) v then mkMerge v
+        else if n == "_type" then head v
+        else if n == "warnings" then concatLists v
+        else if n == "description" || n == "apply" then
+          abort "Cannot rename an option to multiple options."
+        else zipModules v
+      else head v
+    ) list;
 
-    # Tarsnap
-    (mkRenamedOptionModule [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ])
+  rename = { from, to, name, use, define, visible ? false }:
+    let
+      setTo = setAttrByPath to;
+      setFrom = setAttrByPath from;
+      toOf = attrByPath to
+        (abort "Renaming error: option `${showOption to}' does not exists.");
+      fromOf = attrByPath from
+        (abort "Internal error: option `${showOption from}' should be declared.");
+    in
+      [ { options = setFrom (mkOption {
+            description = "${name} of <option>${showOption to}</option>.";
+            apply = x: use (toOf config);
+            inherit visible;
+          });
 
-    # proxy
-    (mkRenamedOptionModule [ "nix" "proxy" ] [ "networking" "proxy" "default" ])
+          config = setTo (mkAliasAndWrapDefinitions define (fromOf options));
+        }
+      ];
 
-    # KDE
-    (mkRenamedOptionModule [ "kde" "extraPackages" ] [ "environment" "systemPackages" ])
-    (mkRenamedOptionModule [ "environment" "kdePackages" ] [ "environment" "systemPackages" ])
+  obsolete' = option: singleton
+    { options = setAttrByPath option (mkOption {
+        default = null;
+        visible = false;
+      });
+      config.warnings = optional (getAttrFromPath option config != null)
+        "The option `${showOption option}' defined in your configuration no longer has any effect; please remove it.";
+    };
 
-    # Multiple efi bootloaders now
-    (mkRenamedOptionModule [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ])
+in zipModules ([]
 
-    # NixOS environment changes
-    # !!! this hardcodes bash, could we detect from config which shell is actually used?
-    (mkRenamedOptionModule [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ])
+++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]
+++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
+++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
+++ obsolete [ "fonts" "enableFontConfig" ] [ "fonts" "fontconfig" "enable" ]
+++ obsolete [ "fonts" "extraFonts" ] [ "fonts" "fonts" ]
+++ alias [ "users" "extraUsers" ] [ "users" "users" ]
+++ alias [ "users" "extraGroups" ] [ "users" "groups" ]
 
-    (mkRenamedOptionModule [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ])
-    (mkRenamedOptionModule [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ])
-    (mkRenamedOptionModule [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ])
-    (mkRenamedOptionModule [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ])
+++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
+++ obsolete [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]
+++ obsolete [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]
 
-    (mkRenamedOptionModule [ "services" "mysql55" ] [ "services" "mysql" ])
+# FIXME: Remove these eventually.
+++ obsolete [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ]
+++ obsolete [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]
+++ obsolete [ "boot" "systemd" "services" ] [ "systemd" "services" ]
 
-    (mkAliasOptionModule [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ])
+# Old Grub-related options.
+++ obsolete [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]
+++ obsolete [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]
+++ obsolete [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]
+++ obsolete [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ]
+++ obsolete [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ]
 
-    # XBMC
-    (mkRenamedOptionModule [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
-    (mkRenamedOptionModule [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ])
+++ obsolete [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]
+++ obsolete [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ]
 
-    # DNSCrypt-proxy
-    (mkRenamedOptionModule [ "services" "dnscrypt-proxy" "port" ] [ "services" "dnscrypt-proxy" "localPort" ])
+# smartd
+++ obsolete [ "services" "smartd" "deviceOpts" ] [ "services" "smartd" "defaults" "monitored" ]
 
-    # Options that are obsolete and have no replacement.
-    (mkRemovedOptionModule [ "boot" "initrd" "luks" "enable" ])
-    (mkRemovedOptionModule [ "programs" "bash" "enable" ])
-    (mkRemovedOptionModule [ "services" "samba" "defaultShare" ])
-    (mkRemovedOptionModule [ "services" "syslog-ng" "serviceName" ])
-    (mkRemovedOptionModule [ "services" "syslog-ng" "listenToJournal" ])
-    (mkRemovedOptionModule [ "ec2" "metadata" ])
-    (mkRemovedOptionModule [ "services" "openvpn" "enable" ])
+# OpenSSH
+++ obsolete [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ]
+++ alias [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ]
+++ obsolete [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ]
+++ obsolete [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ]
+++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
+++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
+++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
+++ obsolete [ "services" "xserver" "startOpenSSHAgent" ] [ "programs" "ssh" "startAgent" ]
+++ alias [ "services" "openssh" "knownHosts" ] [ "programs" "ssh" "knownHosts" ]
 
-  ];
-}
+# VirtualBox
+++ obsolete [ "services" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ]
+++ obsolete [ "services" "virtualboxGuest" "enable" ] [ "virtualisation" "virtualbox" "guest" "enable" ]
+++ obsolete [ "programs" "virtualbox" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ]
+++ obsolete [ "programs" "virtualbox" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ]
+++ obsolete [ "programs" "virtualbox" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ]
+++ obsolete [ "services" "virtualboxHost" "enable" ] [ "virtualisation" "virtualbox" "host" "enable" ]
+++ obsolete [ "services" "virtualboxHost" "addNetworkInterface" ] [ "virtualisation" "virtualbox" "host" "addNetworkInterface" ]
+++ obsolete [ "services" "virtualboxHost" "enableHardening" ] [ "virtualisation" "virtualbox" "host" "enableHardening" ]
+
+# Tarsnap
+++ obsolete [ "services" "tarsnap" "config" ] [ "services" "tarsnap" "archives" ]
+
+# proxy
+++ obsolete [ "nix" "proxy" ] [ "networking" "proxy" "default" ]
+
+# KDE
+++ deprecated [ "kde" "extraPackages" ] [ "environment" "systemPackages" ]
+++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ]
+
+# Multiple efi bootloaders now
+++ obsolete [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ]
+
+# NixOS environment changes
+# !!! this hardcodes bash, could we detect from config which shell is actually used?
+++ obsolete [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ]
+
+++ obsolete [ "services" "xserver" "driSupport" ] [ "hardware" "opengl" "driSupport" ]
+++ obsolete [ "services" "xserver" "driSupport32Bit" ] [ "hardware" "opengl" "driSupport32Bit" ]
+++ obsolete [ "services" "xserver" "s3tcSupport" ] [ "hardware" "opengl" "s3tcSupport" ]
+++ obsolete [ "hardware" "opengl" "videoDrivers" ] [ "services" "xserver" "videoDrivers" ]
+
+++ obsolete [ "services" "mysql55" ] [ "services" "mysql" ]
+
+++ alias    [ "environment" "checkConfigurationOptions" ] [ "_module" "check" ]
+
+# XBMC
+++ obsolete [ "services" "xserver" "windowManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]
+++ obsolete [ "services" "xserver" "desktopManager" "xbmc" ] [ "services" "xserver" "desktopManager" "kodi" ]
+
+# DNSCrypt-proxy
+++ obsolete [ "services" "dnscrypt-proxy" "port" ] [ "services" "dnscrypt-proxy" "localPort" ]
+
+# Options that are obsolete and have no replacement.
+++ obsolete' [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete' [ "boot" "initrd" "luks" "enable" ]
+++ obsolete' [ "programs" "bash" "enable" ]
+++ obsolete' [ "services" "samba" "defaultShare" ]
+++ obsolete' [ "services" "syslog-ng" "serviceName" ]
+++ obsolete' [ "services" "syslog-ng" "listenToJournal" ]
+++ obsolete' [ "ec2" "metadata" ]
+
+)

nixos/modules/security/apparmor.nix

@@ -37,5 +37,13 @@ in
          ) cfg.profiles;
        };
      };
+
+     security.pam.services.apparmor.text = ''
+       ## AppArmor changes hats according to `order`: first try user, then
+       ## group, and finally fall back to a hat called "DEFAULT"
+       ##
+       ## For now, enable debugging as this is an experimental feature.
+       session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug
+     '';
    };
 }

nixos/modules/security/pam.nix

@@ -192,16 +192,6 @@ let
         description = "Whether to log authentication failures in <filename>/var/log/faillog</filename>.";
       };
 
-      enableAppArmor = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Enable support for attaching AppArmor profiles at the
-          user/group level, e.g., as part of a role based access
-          control scheme.
-        '';
-      };
-
       text = mkOption {
         type = types.nullOr types.lines;
         description = "Contents of the PAM service file.";
@@ -304,8 +294,6 @@ let
               "session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
           ${optionalString cfg.pamMount
               "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
-          ${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
-              "session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
         '';
     };
 
@@ -419,7 +407,7 @@ in
     users.motd = mkOption {
       default = null;
       example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.";
-      type = types.nullOr types.lines;
+      type = types.nullOr types.string;
       description = "Message of the day shown to users when they log in.";
     };
 

nixos/modules/security/prey.nix

@@ -16,28 +16,19 @@ in {
         default = false;
         type = types.bool;
         description = ''
-          Enables the <link xlink:href="http://preyproject.com/" />
-          shell client. Be sure to specify both API and device keys.
-          Once enabled, a <command>cron</command> job will run every 15
-          minutes to report status information.
+          Enables http://preyproject.com/ bash client. Be sure to specify api and device keys.
+          Once setup, cronjob will run evert 15 minutes and report status.
         '';
       };
 
       deviceKey = mkOption {
-        type = types.str;
-        description = ''
-          <literal>Device key</literal> obtained by visiting
-          <link xlink:href="https://panel.preyproject.com/devices" />
-          and clicking on your device.
-        '';
+        type = types.string;
+        description = "Device Key obtained from https://panel.preyproject.com/devices (and clicking on the device)";
       };
 
       apiKey = mkOption {
-        type = types.str;
-        description = ''
-          <literal>API key</literal> obtained from
-          <link xlink:href="https://panel.preyproject.com/profile" />.
-        '';
+        type = types.string;
+        description = "API key obtained from https://panel.preyproject.com/profile";
       };
     };
 

nixos/modules/services/amqp/activemq/default.nix

@@ -32,6 +32,7 @@ in {
         '';
       };
       configurationDir = mkOption {
+        default = "${activemq}/conf";
         description = ''
           The base directory for ActiveMQ's configuration.
           By default, this directory is searched for a file named activemq.xml,
@@ -125,8 +126,6 @@ in {
       '';
     };
 
-    services.activemq.configurationDir = mkDefault "${activemq}/conf";
-
   };
 
 }

nixos/modules/services/backup/bacula.nix

@@ -169,17 +169,14 @@ in {
         type = types.bool;
         default = false;
         description = ''
-          Whether to enable the Bacula File Daemon.
+          Whether to enable Bacula File Daemon.
         '';
       };
  
       name = mkOption {
         default = "${config.networking.hostName}-fd";
         description = ''
-          The client name that must be used by the Director when connecting.
-          Generally, it is a good idea to use a name related to the machine
-          so that error messages can be easily identified if you have multiple
-          Clients. This directive is required.
+        	The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
         '';
       };
  
@@ -187,9 +184,7 @@ in {
         default = 9102;
         type = types.int;
         description = ''
-          This specifies the port number on which the Client listens for
-          Director connections. It must agree with the FDPort specified in
-          the Client resource of the Director's configuration file.
+        	This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
         '';
       };
  
@@ -207,7 +202,7 @@ in {
         description = ''
           Extra configuration to be passed in Client directive.
         '';
-        example = literalExample ''
+        example = ''
           Maximum Concurrent Jobs = 20;
           Heartbeat Interval = 30;
         '';
@@ -218,7 +213,7 @@ in {
         description = ''
           Extra configuration to be passed in Messages directive.
         '';
-        example = literalExample ''
+        example = ''
           console = all
         '';
       };

nixos/modules/services/backup/sitecopy-backup.nix

@@ -21,16 +21,15 @@ in
       enable = mkOption {
         default = false;
         description = ''
-          Whether to enable <command>sitecopy</command> backups of specified
-          directories.
+          Whether to enable sitecopy backups of specified directories.
         '';
       };
 
       period = mkOption {
         default = "15 04 * * *";
         description = ''
-          This option defines (in the format used by <command>cron</command>)
-          when the <command>sitecopy</command> backups are to be run.
+          This option defines (in the format used by cron) when the
+          sitecopy backup are being run.
           The default is to update at 04:15 (at night) every day.
         '';
       };
@@ -48,10 +47,9 @@ in
         ];
         default = [];
         description = ''
-           List of attribute sets describing the backups.
+           List of attributesets describing the backups.
 
-           Username/password are extracted from
-           <filename>${stateDir}/sitecopy.secrets</filename> at activation
+           Username/password are extracted from <filename>${stateDir}/sitecopy.secrets</filename> at activation
            time. The secrets file lines should have the following structure:
            <screen>
              server username password

nixos/modules/services/cluster/kubernetes.nix

@@ -73,7 +73,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes apiserver listening port.";
+        description = "Kubernets apiserver listening port.";
         default = 8080;
         type = types.int;
       };
@@ -211,7 +211,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes scheduler listening port.";
+        description = "Kubernets scheduler listening port.";
         default = 10251;
         type = types.int;
       };
@@ -243,7 +243,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes controller manager listening port.";
+        description = "Kubernets controller manager listening port.";
         default = 10252;
         type = types.int;
       };
@@ -299,7 +299,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes kubelet info server listening port.";
+        description = "Kubernets kubelet info server listening port.";
         default = 10250;
         type = types.int;
       };

nixos/modules/services/continuous-integration/jenkins/default.nix

@@ -65,15 +65,11 @@ in {
       };
 
       environment = mkOption {
-        default = { };
+        default = { NIX_REMOTE = "daemon"; };
         type = with types; attrsOf str;
         description = ''
           Additional environment variables to be passed to the jenkins process.
-          As a base environment, jenkins receives NIX_PATH, SSL_CERT_FILE and
-          GIT_SSL_CAINFO from <option>environment.sessionVariables</option>,
-          NIX_REMOTE is set to "daemon" and JENKINS_HOME is set to
-          the value of <option>services.jenkins.home</option>. This option has
-          precedence and can be used to override those mentioned variables.
+          The environment will always include JENKINS_HOME.
         '';
       };
 
@@ -110,21 +106,9 @@ in {
       after = [ "network.target" ];
       wantedBy = [ "multi-user.target" ];
 
-      environment =
-        let
-          selectedSessionVars =
-            lib.filterAttrs (n: v: builtins.elem n
-                [ "NIX_PATH"
-                  "SSL_CERT_FILE"
-                  "GIT_SSL_CAINFO"
-                ])
-              config.environment.sessionVariables;
-        in
-          selectedSessionVars //
-          { JENKINS_HOME = cfg.home;
-            NIX_REMOTE = "daemon";
-          } //
-          cfg.environment;
+      environment = {
+        JENKINS_HOME = cfg.home;
+      } // cfg.environment;
 
       path = cfg.packages;
 

nixos/modules/services/databases/mysql.nix

@@ -167,12 +167,6 @@ in
 
         unitConfig.RequiresMountsFor = "${cfg.dataDir}";
 
-        path = [
-          # Needed for the mysql_install_db command in the preStart script
-          # which calls the hostname command.
-          pkgs.nettools
-        ];
-
         preStart =
           ''
             if ! test -e ${cfg.dataDir}/mysql; then

nixos/modules/services/hardware/brltty.nix

@@ -4,6 +4,10 @@ with lib;
 
 let
   cfg = config.services.brltty;
+  
+  stateDir = "/run/brltty";
+
+  pidFile = "${stateDir}/brltty.pid";
 
 in {
 
@@ -20,24 +24,14 @@ in {
   config = mkIf cfg.enable {
 
     systemd.services.brltty = {
-      description = "Braille Device Support";
-      unitConfig = {
-        Documentation = "http://mielke.cc/brltty/";
-        DefaultDependencies = "no";
-        RequiresMountsFor = "${pkgs.brltty}/var/lib/brltty";
-      };
+      description = "Braille console driver";
+      preStart = ''
+        mkdir -p ${stateDir}
+      '';
       serviceConfig = {
-        ExecStart = "${pkgs.brltty}/bin/brltty --no-daemon";
-        Type = "simple";        # Change to notidy after next releae
-        TimeoutStartSec = 5;
-        TimeoutStopSec = 10;
-        Restart = "always";
-        RestartSec = 30;
-        Nice = -10;
-        OOMScoreAdjust = -900;
-        ProtectHome = "read-only";
-        ProtectSystem = "full";
-        SystemCallArchitectures = "native";
+        ExecStart = "${pkgs.brltty}/bin/brltty --pid-file=${pidFile}";
+        Type = "forking";
+        PIDFile = pidFile;
       };
       before = [ "sysinit.target" ];
       wantedBy = [ "sysinit.target" ];

nixos/modules/services/hardware/freefall.nix

@@ -2,42 +2,40 @@
 
 with lib;
 
-let
+{
 
-  cfg = config.services.freefall;
+  ###### interface
 
-in {
+  options = with types; {
 
-  options.services.freefall = {
+    services.freefall = {
 
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
-      '';
-    };
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
+        '';
+        type = bool;
+      };
 
-    package = mkOption {
-      type = types.package;
-      default = pkgs.freefall;
-      description = ''
-        freefall derivation to use.
-      '';
-    };
+      devices = mkOption {
+        default = [ "/dev/sda" ];
+        description = ''
+          Device paths to all internal spinning hard drives.
+        '';
+        type = listOf string;
+      };
 
-    devices = mkOption {
-      type = types.listOf types.string;
-      default = [ "/dev/sda" ];
-      description = ''
-        Device paths to all internal spinning hard drives.
-      '';
     };
 
   };
 
+  ###### implementation
+
   config = let
 
+    cfg = config.services.freefall;
+
     mkService = dev:
       assert dev != "";
       let dev' = utils.escapeSystemdPath dev; in
@@ -45,8 +43,12 @@ in {
         description = "Free-fall protection for ${dev}";
         after = [ "${dev'}.device" ];
         wantedBy = [ "${dev'}.device" ];
+        path = [ pkgs.freefall ];
+        unitConfig = {
+          DefaultDependencies = false;
+        };
         serviceConfig = {
-          ExecStart = "${cfg.package}/bin/freefall ${dev}";
+          ExecStart = "${pkgs.freefall}/bin/freefall ${dev}";
           Restart = "on-failure";
           Type = "forking";
         };
@@ -54,9 +56,9 @@ in {
 
   in mkIf cfg.enable {
 
-    environment.systemPackages = [ cfg.package ];
+    environment.systemPackages = [ pkgs.freefall ];
 
-    systemd.services = builtins.listToAttrs (map mkService cfg.devices);
+    systemd.services = listToAttrs (map mkService cfg.devices);
 
   };
 

nixos/modules/services/hardware/sane.nix

@@ -36,6 +36,7 @@ in
 
     hardware.sane.configDir = mkOption {
       type = types.string;
+      default = "${saneConfig}/etc/sane.d";
       description = "The value of SANE_CONFIG_DIR.";
     };
 
@@ -46,8 +47,6 @@ in
 
   config = mkIf config.hardware.sane.enable {
 
-    hardware.sane.configDir = mkDefault "${saneConfig}/etc/sane.d";
-
     environment.systemPackages = backends;
     environment.sessionVariables = {
       SANE_CONFIG_DIR = config.hardware.sane.configDir;

nixos/modules/services/logging/logstash.nix

@@ -84,10 +84,10 @@ in
         type = types.lines;
         default = ''stdin { type => "example" }'';
         description = "Logstash input configuration.";
-        example = literalExample ''
+        example = ''
           # Read from journal
           pipe {
-            command => "''${pkgs.systemd}/bin/journalctl -f -o json"
+            command => "${pkgs.systemd}/bin/journalctl -f -o json"
             type => "syslog" codec => json {}
           }
         '';

nixos/modules/services/mail/mlmmj.nix

@@ -14,7 +14,7 @@ let
   alias = domain: list: "${list}: \"|${pkgs.mlmmj}/bin/mlmmj-receive -L ${listDir domain list}/\"";
   subjectPrefix = list: "[${list}]";
   listAddress = domain: list: "${list}@${domain}";
-  customHeaders = domain: list: [ "List-Id: ${list}" "Reply-To: ${list}@${domain}" ];
+  customHeaders = list: domain: [ "List-Id: ${list}" "Reply-To: ${list}@${domain}" ];
   footer = domain: list: "To unsubscribe send a mail to ${list}+unsubscribe@${domain}";
   createList = d: l: ''
     ${pkgs.coreutils}/bin/mkdir -p ${listCtl d l}
@@ -90,15 +90,14 @@ in
       enable = true;
       recipientDelimiter= "+";
       extraMasterConf = ''
-        mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nexthop
+        mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nextHop
       '';
 
       extraAliases = concatMapStrings (alias cfg.listDomain) cfg.mailLists;
 
       extraConfig = ''
-        transport_maps = hash:${stateDir}/transports
-        virtual_alias_maps = hash:${stateDir}/virtuals
-        propagate_unmatched_extensions = virtual
+        transport = hash:${stateDir}/transports
+        virtual = hash:${stateDir}/virtuals
       '';
     };
 
@@ -109,10 +108,9 @@ in
           ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${spoolDir}
           ${lib.concatMapStrings (createList cfg.listDomain) cfg.mailLists}
           echo ${lib.concatMapStrings (virtual cfg.listDomain) cfg.mailLists} > ${stateDir}/virtuals
-          echo ${lib.concatMapStrings (transport cfg.listDomain) cfg.mailLists} > ${stateDir}/transports
-          ${pkgs.postfix}/bin/postmap ${stateDir}/virtuals
-          ${pkgs.postfix}/bin/postmap ${stateDir}/transports
-      '';
+          echo ${cfg.listDomain} mailman: > ${stateDir}/transports
+          echo ${lib.concatMapStrings (transport cfg.listDomain) cfg.mailLists} >> ${stateDir}/transports
+    '';
 
     systemd.services."mlmmj-maintd" = {
       description = "mlmmj maintenance daemon";

nixos/modules/services/mail/opensmtpd.nix

@@ -46,17 +46,6 @@ in {
           is left empty, the OpenSMTPD server will not start.
         '';
       };
-
-      procPackages = mkOption {
-        type = types.listOf types.path;
-        default = [];
-        description = ''
-          Packages to search for filters, tables, queues, and schedulers.
-
-          Add OpenSMTPD-extras here if you want to use the filters, etc. from
-          that package.
-        '';
-      };
     };
 
   };
@@ -83,19 +72,12 @@ in {
       };
     };
 
-    systemd.services.opensmtpd = let
-      procEnv = pkgs.buildEnv {
-        name = "opensmtpd-procs";
-        paths = [ opensmtpd ] ++ cfg.procPackages;
-        pathsToLink = [ "/libexec/opensmtpd" ];
-      };
-    in {
+    systemd.services.opensmtpd = {
       wantedBy = [ "multi-user.target" ];
       wants = [ "network.target" ];
       after = [ "network.target" ];
       preStart = "mkdir -p /var/spool";
       serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}";
-      environment.OPENSMTPD_PROC_PATH = "${procEnv}/libexec/opensmtpd";
     };
 
     environment.systemPackages = [ (pkgs.runCommand "opensmtpd-sendmail" {} ''

nixos/modules/services/mail/postfix.nix

@@ -77,8 +77,7 @@ let
       smtpd_tls_key_file = ${cfg.sslKey}
 
       smtpd_use_tls = yes
-    ''
-    + optionalString (cfg.recipientDelimiter != "") ''
+
       recipient_delimiter = ${cfg.recipientDelimiter}
     ''
     + optionalString (cfg.virtual != "") ''

nixos/modules/services/misc/confd.nix

@@ -63,7 +63,7 @@ in {
 
     package = mkOption {
       description = "Confd package to use.";
-      default = pkgs.confd;
+      default = pkgs.goPackages.confd;
       type = types.package;
     };
   };

nixos/modules/services/misc/gitit.nix

@@ -35,7 +35,6 @@ let
       };
 
       haskellPackages = mkOption {
-        default = pkgs.haskellPackages;
         defaultText = "pkgs.haskellPackages";
         example = literalExample "pkgs.haskell.packages.ghc784";
         description = "haskellPackages used to build gitit and plugins.";
@@ -100,7 +99,7 @@ let
       };
 
       authenticationMethod = mkOption {
-        type = types.enum [ "form" "http" "generic" "github" ];
+        type = types.enum [ "form" "http" "generic"];
         default = "form";
         description = ''
           'form' means that users will be logged in and registered using forms
@@ -138,7 +137,6 @@ let
 
       staticDir = mkOption {
         type = types.path;
-        default = gititShared + "/data/static";
         description = ''
           Specifies the path of the static directory (containing javascript,
           css, and images).  If it does not exist, gitit will create it and
@@ -209,7 +207,6 @@ let
 
       templatesDir = mkOption {
         type = types.path;
-        default = gititShared + "/data/templates";
         description = ''
           Specifies the path of the directory containing page templates.  If it
           does not exist, gitit will create it with default templates.  Users
@@ -291,7 +288,6 @@ let
 
       plugins = mkOption {
         type = with types; listOf str;
-        default = [ (gititShared + "/plugins/Dot.hs") ];
         description = ''
           Specifies a list of plugins to load. Plugins may be specified either
           by their path or by their module name. If the plugin name starts
@@ -541,42 +537,6 @@ video/x-ms-wmx  wmx
           through xss-sanitize.  Set to no only if you trust all of your users.
         '';
       };
-
-      oauthClientId = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth client ID";
-      };
-
-      oauthClientSecret = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth client secret";
-      };
-
-      oauthCallback = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth callback URL";
-      };
-
-      oauthAuthorizeEndpoint = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth authorize endpoint";
-      };
-
-      oauthAccessTokenEndpoint = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth access token endpoint";
-      };
-
-      githubOrg = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "Github organization";
-      };
   };
 
   configFile = pkgs.writeText "gitit.conf" ''
@@ -627,14 +587,6 @@ video/x-ms-wmx  wmx
     pdf-export: ${toYesNo cfg.pdfExport}
     pandoc-user-data: ${toString cfg.pandocUserData}
     xss-sanitize: ${toYesNo cfg.xssSanitize}
-
-    [Github]
-    oauthclientid: ${toString cfg.oauthClientId}
-    oauthclientsecret: ${toString cfg.oauthClientSecret}
-    oauthcallback: ${toString cfg.oauthCallback}
-    oauthauthorizeendpoint: ${toString cfg.oauthAuthorizeEndpoint}
-    oauthaccesstokenendpoint: ${toString cfg.oauthAccessTokenEndpoint}
-    github-org: ${toString cfg.githubOrg}
   '';
 
 in
@@ -645,6 +597,13 @@ in
 
   config = mkIf cfg.enable {
 
+    services.gitit = {
+      haskellPackages = mkDefault pkgs.haskellPackages;
+      staticDir = gititShared + "/data/static";
+      templatesDir = gititShared + "/data/templates";
+      plugins = [ ];
+    };
+
     users.extraUsers.gitit = {
       group = config.users.extraGroups.gitit.name;
       description = "Gitit user";
@@ -722,3 +681,4 @@ NAMED
     };
   };
 }
+

nixos/modules/services/misc/nix-gc.nix

@@ -52,7 +52,7 @@ in
 
     systemd.services.nix-gc =
       { description = "Nix Garbage Collector";
-        script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
+        script = "exec ${config.nix.package}/bin/nix-store --gc ${cfg.options}";
         startAt = optionalString cfg.automatic cfg.dates;
       };
 

nixos/modules/services/misc/nixos-manual.nix

@@ -80,6 +80,7 @@ in
 
     services.nixosManual.browser = mkOption {
       type = types.path;
+      default = "${pkgs.w3m}/bin/w3m";
       description = ''
         Browser used to show the manual.
       '';
@@ -115,8 +116,6 @@ in
     services.mingetty.helpLine = mkIf cfg.showManual
       "\nPress <Alt-F${toString cfg.ttyNumber}> for the NixOS manual.";
 
-    services.nixosManual.browser = mkDefault "${pkgs.w3m}/bin/w3m";
-
   };
 
 }

nixos/modules/services/misc/subsonic.nix

@@ -97,6 +97,7 @@ in
 
       transcoders = mkOption {
         type = types.listOf types.path;
+        default = [ "${pkgs.ffmpeg}/bin/ffmpeg" ];
         description = ''
           List of paths to transcoder executables that should be accessible
           from Subsonic. Symlinks will be created to each executable inside
@@ -152,8 +153,5 @@ in
     };
 
     users.extraGroups.subsonic.gid = config.ids.gids.subsonic;
-
-    services.subsonic.transcoders = mkDefault [ "${pkgs.ffmpeg}/bin/ffmpeg" ];
-
   };
 }

nixos/modules/services/misc/synergy.nix

@@ -89,7 +89,6 @@ in
         wantedBy = optional cfgC.autoStart "multi-user.target";
         path = [ pkgs.synergy ];
         serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}'';
-        serviceConfig.Restart = "on-failure";
       };
     })
     (mkIf cfgS.enable {
@@ -99,7 +98,6 @@ in
         wantedBy = optional cfgS.autoStart "multi-user.target";
         path = [ pkgs.synergy ];
         serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }'';
-        serviceConfig.Restart = "on-failure";
       };
     })
   ];

nixos/modules/services/monitoring/grafana.nix

@@ -200,12 +200,13 @@ in {
 
     staticRootPath = mkOption {
       description = "Root path for static assets.";
+      default = "${cfg.package}/share/go/src/github.com/grafana/grafana/public";
       type = types.str;
     };
 
     package = mkOption {
       description = "Package to use.";
-      default = pkgs.grafana;
+      default = pkgs.goPackages.grafana;
       type = types.package;
     };
 
@@ -310,7 +311,7 @@ in {
 
   config = mkIf cfg.enable {
     warnings = [
-      "Grafana passwords will be stored as plaintext in the Nix store!"
+      "Grafana passwords will be stored as plaintext in nix store!"
     ];
 
     systemd.services.grafana = {
@@ -330,8 +331,5 @@ in {
       home = cfg.dataDir;
       createHome = true;
     };
-
-    services.grafana.staticRootPath = mkDefault "${cfg.package.out}/share/go/src/github.com/grafana/grafana/public";
-
   };
 }

nixos/modules/services/monitoring/smartd.nix

@@ -119,7 +119,7 @@ in
 
           recipient = mkOption {
             default = "root";
-            type = types.str;
+            type = types.string;
             description = "Recipient of the notification messages.";
           };
 
@@ -153,7 +153,7 @@ in
 
           display = mkOption {
             default = ":${toString config.services.xserver.display}";
-            type = types.str;
+            type = types.string;
             description = "DISPLAY to send X11 notifications to.";
           };
         };

nixos/modules/services/network-filesystems/samba.nix

@@ -97,8 +97,8 @@ in
         description = ''
           Enabling this will add a line directly after pam_unix.so.
           Whenever a password is changed the samba password will be updated as well.
-          However, you still have to add the samba password once, using smbpasswd -a user.
-          If you don't want to maintain an extra password database, you still can send plain text
+          However you still yave to add the samba password once using smbpasswd -a user
+          If you don't want to maintain an extra pwd database you still can send plain text
           passwords which is not secure.
         '';
       };

nixos/modules/services/network-filesystems/xtreemfs.nix

@@ -1,469 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.services.xtreemfs;
-
-  xtreemfs = pkgs.xtreemfs;
-
-  home = cfg.homeDir;
-
-  startupScript = class: configPath: pkgs.writeScript "xtreemfs-osd.sh" ''
-    #! ${pkgs.stdenv.shell}
-    JAVA_HOME="${pkgs.jdk}"
-    JAVADIR="${xtreemfs}/share/java"
-    JAVA_CALL="$JAVA_HOME/bin/java -ea -cp $JAVADIR/XtreemFS.jar:$JAVADIR/BabuDB.jar:$JAVADIR/Flease.jar:$JAVADIR/protobuf-java-2.5.0.jar:$JAVADIR/Foundation.jar:$JAVADIR/jdmkrt.jar:$JAVADIR/jdmktk.jar:$JAVADIR/commons-codec-1.3.jar"
-    $JAVA_CALL ${class} ${configPath}
-  '';
-
-  dirReplicationConfig = pkgs.writeText "xtreemfs-dir-replication-plugin.properties" ''
-    babudb.repl.backupDir = ${home}/server-repl-dir
-    plugin.jar = ${xtreemfs}/share/java/BabuDB_replication_plugin.jar
-    babudb.repl.dependency.0 = ${xtreemfs}/share/java/Flease.jar
-
-    ${cfg.dir.replication.extraConfig}
-  '';
-
-  dirConfig = pkgs.writeText "xtreemfs-dir-config.properties" ''
-    uuid = ${cfg.dir.uuid}
-    listen.port = ${toString cfg.dir.port}
-    ${optionalString (cfg.dir.address != "") "listen.address = ${cfg.dir.address}"}
-    http_port = ${toString cfg.dir.httpPort}
-    babudb.baseDir = ${home}/dir/database
-    babudb.logDir = ${home}/dir/db-log
-    babudb.sync = ${if cfg.dir.replication.enable then "FDATASYNC" else cfg.dir.syncMode}
-
-    ${optionalString cfg.dir.replication.enable "babudb.plugin.0 = ${dirReplicationConfig}"}
-
-    ${cfg.dir.extraConfig}
-  '';
-
-  mrcReplicationConfig = pkgs.writeText "xtreemfs-mrc-replication-plugin.properties" ''
-    babudb.repl.backupDir = ${home}/server-repl-mrc
-    plugin.jar = ${xtreemfs}/share/java/BabuDB_replication_plugin.jar
-    babudb.repl.dependency.0 = ${xtreemfs}/share/java/Flease.jar
-
-    ${cfg.mrc.replication.extraConfig}
-  '';
-
-  mrcConfig = pkgs.writeText "xtreemfs-mrc-config.properties" ''
-    uuid = ${cfg.mrc.uuid}
-    listen.port = ${toString cfg.mrc.port}
-    ${optionalString (cfg.mrc.address != "") "listen.address = ${cfg.mrc.address}"}
-    http_port = ${toString cfg.mrc.httpPort}
-    babudb.baseDir = ${home}/mrc/database
-    babudb.logDir = ${home}/mrc/db-log
-    babudb.sync = ${if cfg.mrc.replication.enable then "FDATASYNC" else cfg.mrc.syncMode}
-
-    ${optionalString cfg.mrc.replication.enable "babudb.plugin.0 = ${mrcReplicationConfig}"}
-
-    ${cfg.mrc.extraConfig}
-  '';
-
-  osdConfig = pkgs.writeText "xtreemfs-osd-config.properties" ''
-    uuid = ${cfg.osd.uuid}
-    listen.port = ${toString cfg.osd.port}
-    ${optionalString (cfg.osd.address != "") "listen.address = ${cfg.osd.address}"}
-    http_port = ${toString cfg.osd.httpPort}
-    object_dir = ${home}/osd/
-
-    ${cfg.osd.extraConfig}
-  '';
-
-  optionalDir = optionals cfg.dir.enable ["xtreemfs-dir.service"];
-
-  systemdOptionalDependencies = {
-    after = [ "network.target" ] ++ optionalDir;
-    wantedBy = [ "multi-user.target" ] ++ optionalDir;
-  };
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.xtreemfs = {
-
-      enable = mkEnableOption "XtreemFS";
-
-      homeDir = mkOption {
-        default = "/var/lib/xtreemfs";
-        description = ''
-          XtreemFS home dir for the xtreemfs user.
-        '';
-      };
-
-      dir = {
-        enable = mkOption {
-          default = true;
-          description = ''
-            Whether to enable XtreemFS DIR service.
-          '';
-        };
-        uuid = mkOption {
-          example = "eacb6bab-f444-4ebf-a06a-3f72d7465e40";
-          description = ''
-            Must be set to a unique identifier, preferably a UUID according to
-            RFC 4122. UUIDs can be generated with `uuidgen` command, found in
-            the `utillinux` package.
-          '';
-        };
-        port = mkOption {
-          default = 32638;
-          description = ''
-            The port to listen on for incoming connections (TCP).
-          '';
-        };
-        address = mkOption {
-          example = "127.0.0.1";
-          default = "";
-          description = ''
-            If specified, it defines the interface to listen on. If not
-            specified, the service will listen on all interfaces (any).
-          '';
-        };
-        httpPort = mkOption {
-          default = 30638;
-          description = ''
-            Specifies the listen port for the HTTP service that returns the
-            status page.
-          '';
-        };
-        syncMode = mkOption {
-          default = "FSYNC";
-          example = "FDATASYNC";
-          description = ''
-            The sync mode influences how operations are committed to the disk
-            log before the operation is acknowledged to the caller.
-
-            -ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure.
-            -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model.
-            -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode.
-            -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk.
-            -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
-
-            For best throughput use ASYNC, for maximum data safety use FSYNC.
-
-            (If xtreemfs.dir.replication.enable is true then FDATASYNC is forced)
-          '';
-        };
-        extraConfig = mkOption {
-          default = "";
-          example = ''
-            # specify whether SSL is required
-            ssl.enabled = true
-            ssl.service_creds.pw = passphrase
-            ssl.service_creds.container = pkcs12
-            ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/dir.p12
-            ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks
-            ssl.trusted_certs.pw = jks_passphrase
-            ssl.trusted_certs.container = jks
-          '';
-          description = ''
-            Configuration of XtreemFS DIR service.
-            WARNING: configuration is saved as plaintext inside nix store.
-            For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
-          '';
-        };
-        replication = {
-          enable = mkEnableOption "XtreemFS DIR replication plugin";
-          extraConfig = mkOption {
-            example = ''
-              # participants of the replication including this replica
-              babudb.repl.participant.0 = 192.168.0.10
-              babudb.repl.participant.0.port = 35676
-              babudb.repl.participant.1 = 192.168.0.11
-              babudb.repl.participant.1.port = 35676
-              babudb.repl.participant.2 = 192.168.0.12
-              babudb.repl.participant.2.port = 35676
-
-              # number of servers that at least have to be up to date
-              # To have a fault-tolerant system, this value has to be set to the
-              # majority of nodes i.e., if you have three replicas, set this to 2
-              # Please note that a setup with two nodes provides no fault-tolerance.
-              babudb.repl.sync.n = 2
-
-              # specify whether SSL is required
-              babudb.ssl.enabled = true
-
-              babudb.ssl.protocol = tlsv12
-
-              # server credentials for SSL handshakes
-              babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12
-              babudb.ssl.service_creds.pw = passphrase
-              babudb.ssl.service_creds.container = pkcs12
-
-              # trusted certificates for SSL handshakes
-              babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks
-              babudb.ssl.trusted_certs.pw = jks_passphrase
-              babudb.ssl.trusted_certs.container = jks
-
-              babudb.ssl.authenticationWithoutEncryption = false
-            '';
-            description = ''
-              Configuration of XtreemFS DIR replication plugin.
-              WARNING: configuration is saved as plaintext inside nix store.
-              For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
-            '';
-          };
-        };
-      };
-
-      mrc = {
-        enable = mkOption {
-          default = true;
-          description = ''
-            Whether to enable XtreemFS MRC service.
-          '';
-        };
-        uuid = mkOption {
-          example = "eacb6bab-f444-4ebf-a06a-3f72d7465e41";
-          description = ''
-            Must be set to a unique identifier, preferably a UUID according to
-            RFC 4122. UUIDs can be generated with `uuidgen` command, found in
-            the `utillinux` package.
-          '';
-        };
-        port = mkOption {
-          default = 32636;
-          description = ''
-            The port to listen on for incoming connections (TCP).
-          '';
-        };
-        address = mkOption {
-          example = "127.0.0.1";
-          default = "";
-          description = ''
-            If specified, it defines the interface to listen on. If not
-            specified, the service will listen on all interfaces (any).
-          '';
-        };
-        httpPort = mkOption {
-          default = 30636;
-          description = ''
-            Specifies the listen port for the HTTP service that returns the
-            status page.
-          '';
-        };
-        syncMode = mkOption {
-          default = "FSYNC";
-          example = "FDATASYNC";
-          description = ''
-            The sync mode influences how operations are committed to the disk
-            log before the operation is acknowledged to the caller.
-
-            -ASYNC mode the writes to the disk log are buffered in memory by the operating system. This is the fastest mode but will lead to data loss in case of a crash, kernel panic or power failure.
-            -SYNC_WRITE_METADATA opens the file with O_SYNC, the system will not buffer any writes. The operation will be acknowledged when data has been safely written to disk. This mode is slow but offers maximum data safety. However, BabuDB cannot influence the disk drive caches, this depends on the OS and hard disk model.
-            -SYNC_WRITE similar to SYNC_WRITE_METADATA but opens file with O_DSYNC which means that only the data is commit to disk. This can lead to some data loss depending on the implementation of the underlying file system. Linux does not implement this mode.
-            -FDATASYNC is similar to SYNC_WRITE but opens the file in asynchronous mode and calls fdatasync() after writing the data to disk.
-            -FSYNC is similar to SYNC_WRITE_METADATA but opens the file in asynchronous mode and calls fsync() after writing the data to disk.
-
-            For best throughput use ASYNC, for maximum data safety use FSYNC.
-
-            (If xtreemfs.mrc.replication.enable is true then FDATASYNC is forced)
-          '';
-        };
-        extraConfig = mkOption {
-          example = ''
-            osd_check_interval = 300
-            no_atime = true
-            local_clock_renewal = 0
-            remote_time_sync = 30000
-            authentication_provider = org.xtreemfs.common.auth.NullAuthProvider
-
-            # shared secret between the MRC and all OSDs
-            capability_secret = iNG8UuQJrJ6XVDTe
-
-            dir_service.host = 192.168.0.10
-            dir_service.port = 32638
-
-            # if replication is enabled
-            dir_service.1.host = 192.168.0.11
-            dir_service.1.port = 32638
-            dir_service.2.host = 192.168.0.12
-            dir_service.2.port = 32638
-
-            # specify whether SSL is required
-            ssl.enabled = true
-            ssl.protocol = tlsv12
-            ssl.service_creds.pw = passphrase
-            ssl.service_creds.container = pkcs12
-            ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/mrc.p12
-            ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks
-            ssl.trusted_certs.pw = jks_passphrase
-            ssl.trusted_certs.container = jks
-          '';
-          description = ''
-            Configuration of XtreemFS MRC service.
-            WARNING: configuration is saved as plaintext inside nix store.
-            For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
-          '';
-        };
-        replication = {
-          enable = mkEnableOption "XtreemFS MRC replication plugin";
-          extraConfig = mkOption {
-            example = ''
-              # participants of the replication including this replica
-              babudb.repl.participant.0 = 192.168.0.10
-              babudb.repl.participant.0.port = 35678
-              babudb.repl.participant.1 = 192.168.0.11
-              babudb.repl.participant.1.port = 35678
-              babudb.repl.participant.2 = 192.168.0.12
-              babudb.repl.participant.2.port = 35678
-
-              # number of servers that at least have to be up to date
-              # To have a fault-tolerant system, this value has to be set to the
-              # majority of nodes i.e., if you have three replicas, set this to 2
-              # Please note that a setup with two nodes provides no fault-tolerance.
-              babudb.repl.sync.n = 2
-
-              # specify whether SSL is required
-              babudb.ssl.enabled = true
-
-              babudb.ssl.protocol = tlsv12
-
-              # server credentials for SSL handshakes
-              babudb.ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12
-              babudb.ssl.service_creds.pw = passphrase
-              babudb.ssl.service_creds.container = pkcs12
-
-              # trusted certificates for SSL handshakes
-              babudb.ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks
-              babudb.ssl.trusted_certs.pw = jks_passphrase
-              babudb.ssl.trusted_certs.container = jks
-
-              babudb.ssl.authenticationWithoutEncryption = false
-            '';
-            description = ''
-              Configuration of XtreemFS MRC replication plugin.
-              WARNING: configuration is saved as plaintext inside nix store.
-              For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
-            '';
-          };
-        };
-      };
-
-      osd = {
-        enable = mkOption {
-          default = true;
-          description = ''
-            Whether to enable XtreemFS OSD service.
-          '';
-        };
-        uuid = mkOption {
-          example = "eacb6bab-f444-4ebf-a06a-3f72d7465e42";
-          description = ''
-            Must be set to a unique identifier, preferably a UUID according to
-            RFC 4122. UUIDs can be generated with `uuidgen` command, found in
-            the `utillinux` package.
-          '';
-        };
-        port = mkOption {
-          default = 32640;
-          description = ''
-            The port to listen on for incoming connections (TCP and UDP).
-          '';
-        };
-        address = mkOption {
-          example = "127.0.0.1";
-          default = "";
-          description = ''
-            If specified, it defines the interface to listen on. If not
-            specified, the service will listen on all interfaces (any).
-          '';
-        };
-        httpPort = mkOption {
-          default = 30640;
-          description = ''
-            Specifies the listen port for the HTTP service that returns the
-            status page.
-          '';
-        };
-        extraConfig = mkOption {
-          example = ''
-            local_clock_renewal = 0
-            remote_time_sync = 30000
-            report_free_space = true
-            capability_secret = iNG8UuQJrJ6XVDTe
-
-            dir_service.host = 192.168.0.10
-            dir_service.port = 32638
-
-            # if replication is used
-            dir_service.1.host = 192.168.0.11
-            dir_service.1.port = 32638
-            dir_service.2.host = 192.168.0.12
-            dir_service.2.port = 32638
-
-            # specify whether SSL is required
-            ssl.enabled = true
-            ssl.service_creds.pw = passphrase
-            ssl.service_creds.container = pkcs12
-            ssl.service_creds = /etc/xos/xtreemfs/truststore/certs/osd.p12
-            ssl.trusted_certs = /etc/xos/xtreemfs/truststore/certs/trusted.jks
-            ssl.trusted_certs.pw = jks_passphrase
-            ssl.trusted_certs.container = jks
-          '';
-          description = ''
-            Configuration of XtreemFS OSD service.
-            WARNING: configuration is saved as plaintext inside nix store.
-            For more options: http://www.xtreemfs.org/xtfs-guide-1.5.1/index.html
-          '';
-        };
-      };
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = lib.mkIf cfg.enable {
-
-    environment.systemPackages = [ xtreemfs ];
-
-    users.extraUsers.xtreemfs =
-      { uid = config.ids.uids.xtreemfs;
-        description = "XtreemFS user";
-        createHome = true;
-        home = home;
-      };
-
-    users.extraGroups.xtreemfs =
-      { gid = config.ids.gids.xtreemfs;
-      };
-
-    systemd.services.xtreemfs-dir = mkIf cfg.dir.enable {
-      description = "XtreemFS-DIR Server";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
-        User = "xtreemfs";
-        ExecStart = "${startupScript "org.xtreemfs.dir.DIR" dirConfig}";
-      };
-    };
-
-    systemd.services.xtreemfs-mrc = mkIf cfg.mrc.enable ({
-      description = "XtreemFS-MRC Server";
-      serviceConfig = {
-        User = "xtreemfs";
-        ExecStart = "${startupScript "org.xtreemfs.mrc.MRC" mrcConfig}";
-      };
-    } // systemdOptionalDependencies);
-
-    systemd.services.xtreemfs-osd = mkIf cfg.osd.enable ({
-      description = "XtreemFS-OSD Server";
-      serviceConfig = {
-        User = "xtreemfs";
-        ExecStart = "${startupScript "org.xtreemfs.osd.OSD" osdConfig}";
-      };
-    } // systemdOptionalDependencies);
-
-  };
-
-}

nixos/modules/services/networking/asterisk.nix

@@ -201,7 +201,6 @@ in
         for d in '${varlibdir}' '${spooldir}' '${logdir}'; do
           # TODO: Make exceptions for /var directories that likely should be updated
           if [ ! -e "$d" ]; then
-            mkdir -p "$d"
             cp --recursive ${pkgs.asterisk}/"$d" "$d"
             chown --recursive ${asteriskUser} "$d"
             find "$d" -type d | xargs chmod 0755

nixos/modules/services/networking/bind.nix

@@ -24,8 +24,6 @@ let
         pid-file "/var/run/named/named.pid";
       };
 
-      ${cfg.extraConfig}
-
       ${ concatMapStrings
           ({ name, file, master ? true, slaves ? [], masters ? [] }:
             ''
@@ -112,13 +110,6 @@ in
         }];
       };
 
-      extraConfig = mkOption {
-        default = "";
-        description = "
-          Extra lines to be added verbatim to the generated named configuration file.
-        ";
-      };
-
       configFile = mkOption {
         default = confFile;
         description = "

nixos/modules/services/networking/bitlbee.nix

@@ -16,12 +16,11 @@ let
     ''
     [settings]
     RunMode = Daemon
-    User = bitlbee
+    User = bitlbee  
     ConfigDir = ${cfg.configDir}
     DaemonInterface = ${cfg.interface}
     DaemonPort = ${toString cfg.portNumber}
     AuthMode = ${cfg.authMode}
-    Plugindir = ${pkgs.bitlbee-plugins cfg.plugins}/lib/bitlbee
     ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
     ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
     ${cfg.extraSettings}
@@ -73,7 +72,7 @@ in
             Open -- Accept connections from anyone, use NickServ for user authentication.
             Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
             Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
-        '';
+        ''; 
       };
 
       hostName = mkOption {
@@ -86,15 +85,6 @@ in
         '';
       };
 
-      plugins = mkOption {
-        type = types.listOf types.package;
-        default = [];
-        example = literalExample "[ pkgs.bitlbee-facebook ]";
-        description = ''
-          The list of bitlbee plugins to install.
-        '';
-      };
-
       configDir = mkOption {
         default = "/var/lib/bitlbee";
         type = types.path;
@@ -117,14 +107,14 @@ in
         default = "";
         description = ''
           Will be inserted in the Settings section of the config file.
-        '';
+        ''; 
       };
 
       extraDefaults = mkOption {
         default = "";
         description = ''
           Will be inserted in the Default section of the config file.
-        '';
+        ''; 
       };
 
     };
@@ -148,7 +138,7 @@ in
         gid = config.ids.gids.bitlbee;
       };
 
-    systemd.services.bitlbee =
+    systemd.services.bitlbee = 
       { description = "BitlBee IRC to other chat networks gateway";
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];

nixos/modules/services/networking/connman.nix

@@ -5,12 +5,7 @@ with lib;
 
 let
   cfg = config.networking.connman;
-  configFile = pkgs.writeText "connman.conf" ''
-    [General]
-    NetworkInterfaceBlacklist=${concatStringsSep "," cfg.networkInterfaceBlacklist}
 
-    ${cfg.extraConfig}
-  '';
 in {
 
   ###### interface
@@ -27,23 +22,6 @@ in {
         '';
       };
 
-      extraConfig = mkOption {
-        type = types.lines;
-        default = ''
-        '';
-        description = ''
-          Configuration lines appended to the generated connman configuration file.
-        '';
-      };
-
-      networkInterfaceBlacklist = mkOption {
-        type = with types; listOf string;
-        default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ];
-        description = ''
-          Default blacklisted interfaces, this includes NixOS containers interfaces (ve).
-        '';
-      };
-
     };
 
   };
@@ -73,7 +51,7 @@ in {
         Type = "dbus";
         BusName = "net.connman";
         Restart = "on-failure";
-        ExecStart = "${pkgs.connman}/sbin/connmand --config=${configFile} --nodaemon";
+        ExecStart = "${pkgs.connman}/sbin/connmand --nodaemon";
         StandardOutput = "null";
       };
     };

nixos/modules/services/networking/copy-com.nix

@@ -39,8 +39,7 @@ in
 
     systemd.services."copy-com-${cfg.user}" = {
       description = "Copy.com client";
-      wants = [ "network-online.target" ];
-      after = [ "network-online.target" "local-fs.target" ];
+      after = [ "network.target" "local-fs.target" ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig = {
         ExecStart = "${pkgs.copy-com}/bin/CopyConsole ${if cfg.debug then "-consoleOutput -debugToConsole=dirwatch,path-watch,csm_path,csm -debug -console" else ""}";

nixos/modules/services/networking/dhcpcd.nix

@@ -18,7 +18,6 @@ let
     map (i: i.name) (filter (i: if i.useDHCP != null then !i.useDHCP else i.ip4 != [ ] || i.ipAddress != null) interfaces)
     ++ mapAttrsToList (i: _: i) config.networking.sits
     ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
-    ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.vswitches))
     ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bonds))
     ++ config.networking.dhcpcd.denyInterfaces;
 

nixos/modules/services/networking/dnschain.nix

@@ -1,110 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services;
-
-  dnschainConf = pkgs.writeText "dnschain.conf" ''
-    [log]
-    level=info
-
-    [dns]
-    host = 127.0.0.1
-    port = 5333
-    oldDNSMethod = NO_OLD_DNS
-    # TODO: check what that address is acutally used for
-    externalIP = 127.0.0.1
-
-    [http]
-    host = 127.0.0.1
-    port=8088
-    tlsPort=4443
-  '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.dnschain = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to run dnschain. That implies running
-          namecoind as well, so make sure to configure
-          it appropriately.
-        '';
-      };
-
-    };
-
-    services.dnsmasq = {
-      resolveDnschainQueries = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Resolve <literal>.bit</literal> top-level domains
-          with dnschain and namecoind.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.dnschain.enable {
-
-    services.namecoind.enable = true;
-
-    services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
-
-    users.extraUsers = singleton
-      { name = "dnschain";
-        uid = config.ids.uids.dnschain;
-        extraGroups = [ "namecoin" ];
-        description = "Dnschain daemon user";
-        home = "/var/lib/dnschain";
-        createHome = true;
-      };
-
-    systemd.services.dnschain = {
-        description = "Dnschain Daemon";
-        after = [ "namecoind.target" ];
-        wantedBy = [ "multi-user.target" ];
-        path = [ pkgs.openssl ];
-        preStart = ''
-          # Link configuration file into dnschain HOME directory
-          if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
-              rm -rf /var/lib/dnschain/.dnschain.conf
-              ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
-          fi
-
-          # Create empty namecoin.conf so that dnschain is not
-          # searching for /etc/namecoin/namecoin.conf
-          if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
-              mkdir -p /var/lib/dnschain/.namecoin
-              touch /var/lib/dnschain/.namecoin/namecoin.conf
-          fi
-        '';
-        serviceConfig = {
-          Type = "simple";
-          User = "dnschain";
-          EnvironmentFile = config.services.namecoind.userFile;
-          ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
-        };
-    };
-
-  };
-
-}

nixos/modules/services/networking/dnscrypt-proxy.nix

@@ -52,7 +52,10 @@ in
         default = "opendns";
         type = types.nullOr types.string;
         description = ''
-          The name of the upstream DNSCrypt resolver to use.
+          The name of the upstream DNSCrypt resolver to use. See
+          <literal>${resolverListFile}</literal> for alternative resolvers
+          (e.g., if you are concerned about logging and/or server
+          location).
         '';
       };
       customResolver = mkOption {

nixos/modules/services/networking/dnsmasq.nix

@@ -96,7 +96,7 @@ in
           Type = "dbus";
           BusName = "uk.org.thekelleys.dnsmasq";
           ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+          ExecReload = "${dnsmasq}/bin/kill -HUP $MAINPID";
         };
         restartTriggers = [ config.environment.etc.hosts.source ];
     };

nixos/modules/services/networking/namecoind.nix

@@ -1,150 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.namecoind;
-
-  namecoinConf =
-  let
-    useSSL = (cfg.rpcCertificate != null) && (cfg.rpcKey != null);
-  in
-  pkgs.writeText "namecoin.conf" ''
-    server=1
-    daemon=0
-    rpcallowip=127.0.0.1
-    walletpath=${cfg.wallet}
-    gen=${if cfg.generate then "1" else "0"}
-    rpcssl=${if useSSL then "1" else "0"}
-    ${optionalString useSSL "rpcsslcertificatechainfile=${cfg.rpcCertificate}"}
-    ${optionalString useSSL "rpcsslprivatekeyfile=${cfg.rpcKey}"}
-    ${optionalString useSSL "rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH"}
-    txindex=1
-    txprevcache=1
-  '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.namecoind = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to run namecoind.
-        '';
-      };
-
-      wallet = mkOption {
-        type = types.path;
-        example = "/etc/namecoin/wallet.dat";
-        description = ''
-          Wallet file. The ownership of the file has to be
-          namecoin:namecoin, and the permissions must be 0640.
-        '';
-      };
-
-      userFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/user";
-        description = ''
-          File containing the user name and user password to
-          authenticate RPC connections to namecoind.
-          The content of the file is of the form:
-          <literal>
-          USER=namecoin
-          PASSWORD=secret
-          </literal>
-          The ownership of the file has to be namecoin:namecoin,
-          and the permissions must be 0640.
-        '';
-      };
-
-      generate = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to generate (mine) Namecoins.
-        '';
-      };
-
-      rpcCertificate = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/server.cert";
-        description = ''
-          Certificate file for securing RPC connections.
-        '';
-      };
-
-      rpcKey = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/server.pem";
-        description = ''
-          Key file for securing RPC connections.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    users.extraUsers = singleton
-      { name = "namecoin";
-        uid = config.ids.uids.namecoin;
-        description = "Namecoin daemon user";
-        home = "/var/lib/namecoin";
-        createHome = true;
-      };
-
-    users.extraGroups = singleton
-      { name = "namecoin";
-        gid = config.ids.gids.namecoin;
-      };
-
-    systemd.services.namecoind = {
-        description = "Namecoind Daemon";
-        after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
-        preStart = ''
-          if [  "$(stat --printf '%u' ${cfg.userFile})" != "${toString config.ids.uids.namecoin}" \
-             -o "$(stat --printf '%g' ${cfg.userFile})" != "${toString config.ids.gids.namecoin}" \
-             -o "$(stat --printf '%a' ${cfg.userFile})" != "640" ]; then
-             echo "ERROR: bad ownership or rights on ${cfg.userFile}" >&2
-             exit 1
-          fi
-          if [  "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
-             -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
-             -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
-             echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
-             exit 1
-          fi
-        '';
-        serviceConfig = {
-          Type = "simple";
-          User = "namecoin";
-          EnvironmentFile = cfg.userFile;
-          ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${namecoinConf} -rpcuser=\${USER} -rpcpassword=\${PASSWORD} -printtoconsole";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
-          StandardOutput = "null";
-          Nice = "10";
-        };
-    };
-
-  };
-
-}

nixos/modules/services/networking/networkmanager.nix

@@ -71,10 +71,11 @@ let
     ${coreutils}/bin/rm -f $tmp $tmp.ns
   '';
 
+  # pre-up and pre-down hooks were added in NM 0.9.10, but we still use 0.9.0
   dispatcherTypesSubdirMap = {
     "basic" = "";
-    "pre-up" = "pre-up.d/";
-    "pre-down" = "pre-down.d/";
+    /*"pre-up" = "pre-up.d/";
+    "pre-down" = "pre-down.d/";*/
   };
 
 in {

nixos/modules/services/networking/ntpd.nix

@@ -6,8 +6,6 @@ let
 
   inherit (pkgs) ntp;
 
-  cfg = config.services.ntp;
-
   stateDir = "/var/lib/ntp";
 
   ntpUser = "ntp";
@@ -18,10 +16,10 @@ let
     restrict 127.0.0.1
     restrict -6 ::1
 
-    ${toString (map (server: "server " + server + " iburst\n") cfg.servers)}
+    ${toString (map (server: "server " + server + " iburst\n") config.services.ntp.servers)}
   '';
 
-  ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup ${toString cfg.extraFlags}";
+  ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup";
 
 in
 
@@ -53,12 +51,6 @@ in
         '';
       };
 
-      extraFlags = mkOption {
-        type = types.listOf types.str;
-        description = "Extra flags passed to the ntpd command.";
-        default = [];
-      };
-
     };
 
   };

nixos/modules/services/networking/oidentd.nix

@@ -28,9 +28,7 @@ with lib;
     jobs.oidentd =
       { startOn = "started network-interfaces";
         daemonType = "fork";
-        exec = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup" +
-          optionalString config.networking.enableIPv6 " -a ::"
-        ;
+        exec = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup";
       };
 
     users.extraUsers.oidentd = {

nixos/modules/services/networking/openvpn.nix

@@ -67,6 +67,12 @@ in
 
   options = {
 
+    /* !!! Obsolete. */
+    services.openvpn.enable = mkOption {
+      default = true;
+      description = "Whether to enable OpenVPN.";
+    };
+
     services.openvpn.servers = mkOption {
       default = {};
 

nixos/modules/services/networking/seeks.nix

@@ -33,7 +33,7 @@ in
         type = types.str;
         description = "
           The Seeks server configuration. If it is not specified,
-          a default configuration is used.
+          a default configuration is used (${seeks}/etc/seeks).
         ";
       };
 

nixos/modules/services/networking/supplicant.nix

@@ -1,249 +0,0 @@
-{ config, lib, utils, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.networking.supplicant;
-
-  # We must escape interfaces due to the systemd interpretation
-  subsystemDevice = interface:
-    "sys-subsystem-net-devices-${utils.escapeSystemdPath interface}.device";
-
-  serviceName = iface: "supplicant-${if (iface=="WLAN") then "wlan@" else (
-                                     if (iface=="LAN") then "lan@" else (
-                                     if (iface=="DBUS") then "dbus"
-                                     else (replaceChars [" "] ["-"] iface)))}";
-
-  # TODO: Use proper privilege separation for wpa_supplicant
-  supplicantService = iface: suppl:
-    let
-      deps = (if (iface=="WLAN"||iface=="LAN") then ["sys-subsystem-net-devices-%i.device"] else (
-             if (iface=="DBUS") then ["dbus.service"]
-             else (map subsystemDevice (splitString " " iface))))
-             ++ optional (suppl.bridge!="") (subsystemDevice suppl.bridge);
-
-      ifaceArg = concatStringsSep " -N " (map (i: "-i${i}") (splitString " " iface));
-      driverArg = optionalString (suppl.driver != null) "-D${suppl.driver}";
-      bridgeArg = optionalString (suppl.bridge!="") "-b${suppl.bridge}";
-      confFileArg = optionalString (suppl.configFile.path!=null) "-c${suppl.configFile.path}";
-      extraConfFile = pkgs.writeText "supplicant-extra-conf-${replaceChars [" "] ["-"] iface}" ''
-        ${optionalString suppl.userControlled.enable "ctrl_interface=DIR=${suppl.userControlled.socketDir} GROUP=${suppl.userControlled.group}"}
-        ${optionalString suppl.configFile.writable "update_config=1"}
-        ${suppl.extraConf}
-      '';
-    in
-      { description = "Supplicant ${iface}${optionalString (iface=="WLAN"||iface=="LAN") " %I"}";
-        wantedBy = [ "network.target" ];
-        bindsTo = deps;
-        after = deps;
-        before = [ "network.target" ];
-        # Receive restart event after resume
-        partOf = [ "post-resume.target" ];
-
-        path = [ pkgs.coreutils ];
-
-        preStart = ''
-          ${optionalString (suppl.configFile.path!=null) ''
-            touch -a ${suppl.configFile.path}
-            chmod 600 ${suppl.configFile.path}
-          ''}
-          ${optionalString suppl.userControlled.enable ''
-            if ! test -e ${suppl.userControlled.socketDir}; then
-                mkdir -m 0770 -p ${suppl.userControlled.socketDir}
-                chgrp ${suppl.userControlled.group} ${suppl.userControlled.socketDir}
-            fi
-
-            if test "$(stat --printf '%G' ${suppl.userControlled.socketDir})" != "${suppl.userControlled.group}"; then
-                echo "ERROR: bad ownership on ${suppl.userControlled.socketDir}" >&2
-                exit 1
-            fi
-          ''}
-        '';
-
-        serviceConfig.ExecStart = "${pkgs.wpa_supplicant}/bin/wpa_supplicant -s ${driverArg} ${confFileArg} -I${extraConfFile} ${bridgeArg} ${suppl.extraCmdArgs} ${if (iface=="WLAN"||iface=="LAN") then "-i%I" else (if (iface=="DBUS") then "-u" else ifaceArg)}";
-
-      };
-
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    networking.supplicant = mkOption {
-      type = types.attrsOf types.optionSet;
-
-      default = { };
-
-      example = {
-        "wlan0 wlan1" = {
-          configFile = "/etc/wpa_supplicant";
-          userControlled.group = "network";
-          extraConf = ''
-            ap_scan=1
-            p2p_disabled=1
-          '';
-          extraCmdArgs = "-u -W";
-          bridge = "br0";
-        };
-      };
-
-      description = ''
-        Interfaces for which to start <command>wpa_supplicant</command>.
-        The supplicant is used to scan for and associate with wireless networks,
-        or to authenticate with 802.1x capable network switches.
-
-        The value of this option is an attribute set. Each attribute configures a
-        <command>wpa_supplicant</command> service, where the attribute name specifies
-        the name of the interface that <command>wpa_supplicant</command> operates on.
-        The attribute name can be a space separated list of interfaces.
-        The attribute names <literal>WLAN</literal>, <literal>LAN</literal> and <literal>DBUS</literal>
-        have a special meaning. <literal>WLAN</literal> and <literal>LAN</literal> are
-        configurations for universal <command>wpa_supplicant</command> service that is
-        started for each WLAN interface or for each LAN interface, respectively.
-        <literal>DBUS</literal> defines a device-unrelated <command>wpa_supplicant</command>
-        service that can be accessed through <literal>D-Bus</literal>.
-      '';
-
-      options = {
-
-        configFile = {
-
-          path = mkOption {
-            type = types.path;
-            example = "/etc/wpa_supplicant.conf";
-            description = ''
-              External <literal>wpa_supplicant.conf</literal> configuration file.
-              The configuration options defined declaratively within <literal>networking.supplicant</literal> have
-              precedence over options defined in <literal>configFile</literal>.
-            '';
-          };
-
-          writable = mkOption {
-            type = types.bool;
-            default = false;
-            description = ''
-              Whether the configuration file at <literal>configFile.path</literal> should be written to by
-              <literal>wpa_supplicant</literal>.
-            '';
-          };
-
-        };
-
-        extraConf = mkOption {
-          type = types.lines;
-          default = "";
-          example = ''
-            ap_scan=1
-            device_name=My-NixOS-Device
-            device_type=1-0050F204-1
-            driver_param=use_p2p_group_interface=1
-            disable_scan_offload=1
-            p2p_listen_reg_class=81
-            p2p_listen_channel=1
-            p2p_oper_reg_class=81
-            p2p_oper_channel=1
-            manufacturer=NixOS
-            model_name=NixOS_Unstable
-            model_number=2015
-          '';
-          description = ''
-            Configuration options for <literal>wpa_supplicant.conf</literal>.
-            Options defined here have precedence over options in <literal>configFile</literal>.
-            NOTE: Do not write sensitive data into <literal>extraConf</literal> as it will
-            be world-readable in the <literal>nix-store</literal>. For sensitive information
-            use the <literal>configFile</literal> instead.
-          '';
-        };
-
-        extraCmdArgs = mkOption {
-          type = types.str;
-          default = "";
-          example = "-e/var/run/wpa_supplicant/entropy.bin";
-          description =
-            "Command line arguments to add when executing <literal>wpa_supplicant</literal>.";
-        };
-
-        driver = mkOption {
-          type = types.nullOr types.str;
-          default = "nl80211,wext";
-          description = "Force a specific wpa_supplicant driver.";
-        };
-
-        bridge = mkOption {
-          type = types.str;
-          default = "";
-          description = "Name of the bridge interface that wpa_supplicant should listen at.";
-        };
-
-        userControlled = {
-
-          enable = mkOption {
-            type = types.bool;
-            default = false;
-            description = ''
-              Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli.
-              This is useful for laptop users that switch networks a lot and don't want
-              to depend on a large package such as NetworkManager just to pick nearby
-              access points.
-            '';
-          };
-
-          socketDir = mkOption {
-            type = types.str;
-            default = "/var/run/wpa_supplicant";
-            description = "Directory of sockets for controlling wpa_supplicant.";
-          };
-
-          group = mkOption {
-            type = types.str;
-            default = "wheel";
-            example = "network";
-            description = "Members of this group can control wpa_supplicant.";
-          };
-
-        };
-
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf (cfg != {}) {
-
-    environment.systemPackages =  [ pkgs.wpa_supplicant ];
-
-    services.dbus.packages = [ pkgs.wpa_supplicant ];
-
-    systemd.services = mapAttrs' (n: v: nameValuePair (serviceName n) (supplicantService n v)) cfg;
-
-    services.udev.packages = [
-      (pkgs.writeTextFile {
-        name = "99-zzz-60-supplicant.rules";
-        destination = "/etc/udev/rules.d/99-zzz-60-supplicant.rules";
-        text = ''
-          ${flip (concatMapStringsSep "\n") (filter (n: n!="WLAN" && n!="LAN" && n!="DBUS") (attrNames cfg)) (iface:
-            flip (concatMapStringsSep "\n") (splitString " " iface) (i: ''
-              ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE}=="${i}", TAG+="systemd", ENV{SYSTEMD_WANTS}+="supplicant-${replaceChars [" "] ["-"] iface}.service", TAG+="SUPPLICANT_ASSIGNED"''))}
-
-          ${optionalString (hasAttr "WLAN" cfg) ''
-            ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="wlan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-wlan@$result.service"
-          ''}
-          ${optionalString (hasAttr "LAN" cfg) ''
-            ACTION=="add", SUBSYSTEM=="net", ENV{DEVTYPE}=="lan", TAG!="SUPPLICANT_ASSIGNED", TAG+="systemd", PROGRAM="${pkgs.systemd}/bin/systemd-escape -p %E{INTERFACE}", ENV{SYSTEMD_WANTS}+="supplicant-lan@$result.service"
-          ''}
-        '';
-      })];
-
-  };
-
-}
-

nixos/modules/services/networking/syncthing.nix

@@ -36,7 +36,9 @@ in
       dataDir = mkOption {
         default = "/var/lib/syncthing";
         description = ''
-          Path where the settings and keys will exist.
+          Path where the `.syncthing` (settings and keys) and `Sync`
+          (your synced files) directories will exist. This can be your home
+          directory.
         '';
       };
 
@@ -54,16 +56,19 @@ in
         description = "Syncthing service";
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];
-        environment.STNORESTART = "yes";  # do not self-restart
-        environment.STNOUPGRADE = "yes";
+        environment.STNORESTART = "placeholder";  # do not self-restart
+        environment.HOME = "${cfg.dataDir}";
         serviceConfig = {
           User = "${cfg.user}";
           PermissionsStartOnly = true;
-          Restart = "on-failure";
-          ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";
-          SuccessExitStatus = "2 3 4";
-          RestartForceExitStatus="3 4";
+          Restart = "always";
+          ExecStart = "${pkgs.syncthing}/bin/syncthing -home=${cfg.dataDir}/.syncthing";
         };
+        preStart = ''
+          mkdir -p ${cfg.dataDir}
+          chown ${cfg.user} ${cfg.dataDir}
+        '';
+
       };
 
     environment.systemPackages = [ pkgs.syncthing ];

nixos/modules/services/scheduling/cron.nix

@@ -100,7 +100,7 @@ in
       environment.systemPackages = [ cronNixosPkg ];
 
       environment.etc.crontab =
-        { source = pkgs.runCommand "crontabs" { inherit allFiles; preferLocalBuild = true; }
+        { source = pkgs.runCommand "crontabs" { inherit allFiles; }
             ''
               touch $out
               for i in $allFiles; do

nixos/modules/services/search/elasticsearch.nix

@@ -37,12 +37,6 @@ in {
       type = types.bool;
     };
 
-    package = mkOption {
-      description = "Elasticsearch package to use.";
-      default = pkgs.elasticsearch;
-      type = types.package;
-    };
-
     host = mkOption {
       description = "Elasticsearch listen address.";
       default = "127.0.0.1";
@@ -129,7 +123,7 @@ in {
       after = [ "network-interfaces.target" ];
       environment = { ES_HOME = cfg.dataDir; };
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}";
+        ExecStart = "${pkgs.elasticsearch}/bin/elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}";
         User = "elasticsearch";
         PermissionsStartOnly = true;
       };
@@ -148,7 +142,7 @@ in {
       '';
     };
 
-    environment.systemPackages = [ cfg.package ];
+    environment.systemPackages = [ pkgs.elasticsearch ];
 
     users.extraUsers = singleton {
       name = "elasticsearch";

nixos/modules/services/search/kibana.nix

@@ -1,168 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.kibana;
-
-  cfgFile = pkgs.writeText "kibana.json" (builtins.toJSON (
-    (filterAttrsRecursive (n: v: v != null) ({
-      server = {
-        host = cfg.host;
-        port = cfg.port;
-        ssl = {
-          cert = cfg.cert;
-          key = cfg.key;
-        };
-      };
-
-      kibana = {
-        index = cfg.index;
-        defaultAppId = cfg.defaultAppId;
-      };
-
-      elasticsearch = {
-        url = cfg.elasticsearch.url;
-        username = cfg.elasticsearch.username;
-        password = cfg.elasticsearch.password;
-        ssl = {
-          cert = cfg.elasticsearch.cert;
-          key = cfg.elasticsearch.key;
-          ca = cfg.elasticsearch.ca;
-        };
-      };
-
-      logging = {
-        verbose = cfg.logLevel == "verbose";
-        quiet = cfg.logLevel == "quiet";
-        silent = cfg.logLevel == "silent";
-        dest = "stdout";
-      };
-    } // cfg.extraConf)
-  )));
-in {
-  options.services.kibana = {
-    enable = mkEnableOption "enable kibana service";
-
-    host = mkOption {
-      description = "Kibana listening host";
-      default = "127.0.0.1";
-      type = types.str;
-    };
-
-    port = mkOption {
-      description = "Kibana listening port";
-      default = 5601;
-      type = types.int;
-    };
-
-    cert = mkOption {
-      description = "Kibana ssl certificate.";
-      default = null;
-      type = types.nullOr types.path;
-    };
-
-    key = mkOption {
-      description = "Kibana ssl key.";
-      default = null;
-      type = types.nullOr types.path;
-    };
-
-    index = mkOption {
-      description = "Elasticsearch index to use for saving kibana config.";
-      default = ".kibana";
-      type = types.str;
-    };
-
-    defaultAppId = mkOption {
-      description = "Elasticsearch default application id.";
-      default = "discover";
-      type = types.str;
-    };
-
-    elasticsearch = {
-      url = mkOption {
-        description = "Elasticsearch url";
-        default = "http://localhost:9200";
-        type = types.str;
-      };
-
-      username = mkOption {
-        description = "Username for elasticsearch basic auth.";
-        default = null;
-        type = types.nullOr types.str;
-      };
-
-      password = mkOption {
-        description = "Password for elasticsearch basic auth.";
-        default = null;
-        type = types.nullOr types.str;
-      };
-
-      ca = mkOption {
-        description = "CA file to auth against elasticsearch.";
-        default = null;
-        type = types.nullOr types.path;
-      };
-
-      cert = mkOption {
-        description = "Certificate file to auth against elasticsearch.";
-        default = null;
-        type = types.nullOr types.path;
-      };
-
-      key = mkOption {
-        description = "Key file to auth against elasticsearch.";
-        default = null;
-        type = types.nullOr types.path;
-      };
-    };
-
-    logLevel = mkOption {
-      description = "Kibana log level";
-      default = "normal";
-      type = types.enum ["verbose" "normal" "silent" "quiet"];
-    };
-
-    package = mkOption {
-      description = "Kibana package to use";
-      default = pkgs.kibana;
-      type = types.package;
-    };
-
-    dataDir = mkOption {
-      description = "Kibana data directory";
-      default = "/var/lib/kibana";
-      type = types.path;
-    };
-
-    extraConf = mkOption {
-      description = "Kibana extra configuration";
-      default = {};
-      type = types.attrs;
-    };
-  };
-
-  config = mkIf (cfg.enable) {
-    systemd.services.kibana = {
-      description = "Kibana Service";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-interfaces.target" "elasticsearch.service" ];
-      serviceConfig = {
-        ExecStart = "${cfg.package}/bin/kibana --config ${cfgFile}";
-        User = "kibana";
-        WorkingDirectory = cfg.dataDir;
-      };
-    };
-
-    environment.systemPackages = [ cfg.package ];
-
-    users.extraUsers = singleton {
-      name = "kibana";
-      uid = config.ids.uids.kibana;
-      description = "Kibana service user";
-      home = cfg.dataDir;
-      createHome = true;
-    };
-  };
-}

nixos/modules/services/security/hologram.nix

@@ -95,7 +95,7 @@ in {
       wantedBy    = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
+        ExecStart = "${pkgs.goPackages.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
       };
     };
   };

nixos/modules/services/security/physlock.nix

@@ -1,114 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.physlock;
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.physlock = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable the <command>physlock</command> screen locking mechanism.
-
-          Enable this and then run <command>systemctl start physlock</command>
-          to securely lock the screen.
-
-          This will switch to a new virtual terminal, turn off console
-          switching and disable SysRq mechanism (when
-          <option>services.physlock.disableSysRq</option> is set)
-          until the root or <option>services.physlock.user</option>
-          password is given.
-        '';
-      };
-
-      user = mkOption {
-        type = types.nullOr types.str;
-        default = null;
-        description = ''
-          User whose password will be used to unlock the screen on par
-          with the root password.
-        '';
-      };
-
-      disableSysRq = mkOption {
-        type = types.bool;
-        default = true;
-        description = ''
-          Whether to disable SysRq when locked with physlock.
-        '';
-      };
-
-      lockOn = {
-
-        suspend = mkOption {
-          type = types.bool;
-          default = true;
-          description = ''
-            Whether to lock screen with physlock just before suspend.
-          '';
-        };
-
-        hibernate = mkOption {
-          type = types.bool;
-          default = true;
-          description = ''
-            Whether to lock screen with physlock just before hibernate.
-          '';
-        };
-
-        extraTargets = mkOption {
-          type = types.listOf types.str;
-          default = [];
-          example = [ "display-manager.service" ];
-          description = ''
-            Other targets to lock the screen just before.
-
-            Useful if you want to e.g. both autologin to X11 so that
-            your <filename>~/.xsession</filename> gets executed and
-            still to have the screen locked so that the system can be
-            booted relatively unattended.
-          '';
-        };
-
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    # for physlock -l and physlock -L
-    environment.systemPackages = [ pkgs.physlock ];
-
-    systemd.services."physlock" = {
-      enable = true;
-      description = "Physlock";
-      wantedBy = optional cfg.lockOn.suspend   "suspend.target"
-              ++ optional cfg.lockOn.hibernate "hibernate.target"
-              ++ cfg.lockOn.extraTargets;
-      before   = optional cfg.lockOn.suspend   "systemd-suspend.service"
-              ++ optional cfg.lockOn.hibernate "systemd-hibernate.service"
-              ++ cfg.lockOn.extraTargets;
-      serviceConfig.Type = "forking";
-      script = ''
-        ${pkgs.physlock}/bin/physlock -d${optionalString cfg.disableSysRq "s"}${optionalString (cfg.user != null) " -u ${cfg.user}"}
-      '';
-    };
-
-  };
-
-}

nixos/modules/services/torrent/deluge.nix

@@ -36,8 +36,6 @@ in {
       wantedBy = [ "multi-user.target" ];
       path = [ pkgs.pythonPackages.deluge ];
       serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d";
-      # To prevent "Quit & shutdown daemon" from working; we want systemd to manage it!
-      serviceConfig.Restart = "on-success";
       serviceConfig.User = "deluge";
       serviceConfig.Group = "deluge";
     };

nixos/modules/services/web-servers/apache-httpd/wordpress.nix

@@ -5,8 +5,8 @@ with lib;
 
 let
 
-  version = "4.3";
-  fullversion = "${version}";
+  version = "4.2";
+  fullversion = "${version}.2";
 
   # Our bare-bones wp-config.php file using the above settings
   wordpressConfig = pkgs.writeText "wp-config.php" ''
@@ -40,8 +40,6 @@ let
     RewriteRule ^(.*\.php)$ $1 [L]
     RewriteRule . index.php [L]
     </IfModule>
-
-    ${config.extraHtaccess}
   '';
 
   # WP translation can be found here:
@@ -74,7 +72,7 @@ let
       owner = "WordPress";
       repo = "WordPress";
       rev = "${fullversion}";
-      sha256 = "0sz5jjhjpwqis8336gyq9a77cr4sf8zahd1y4pzmpvpzn9cn503y";
+      sha256 = "0gq1j9b0d0rykql3jzdb2yn4adj0rrcsvqrmj3dzx11ir57ilsgc";
     };
     installPhase = ''
       mkdir -p $out
@@ -222,18 +220,7 @@ in
         settings, see <link xlink:href='http://codex.wordpress.org/Editing_wp-config.php'/>.
       '';
     };
-    extraHtaccess = mkOption {
-      default = "";
-      example =
-        ''
-          php_value upload_max_filesize 20M
-          php_value post_max_size 20M
-        '';
-      description = ''
-        Any additional text to be appended to Wordpress's .htaccess file.
-      '';
-    };
-  };
+  }; 
 
   documentRoot = wordpressRoot;
 

nixos/modules/services/web-servers/phpfpm.nix

@@ -44,7 +44,8 @@ in {
 
       phpIni = mkOption {
         type = types.path;
-        description = "PHP configuration file to use.";
+        default = "${cfg.phpPackage}/etc/php-recommended.ini";
+        description = "php.ini file to use.";
       };
 
       poolConfigs = mkOption {
@@ -85,7 +86,5 @@ in {
       };
     };
 
-    services.phpfpm.phpIni = mkDefault "${cfg.phpPackage}/etc/php-recommended.ini";
-
   };
 }

nixos/modules/services/x11/desktop-managers/gnome3.nix

@@ -104,7 +104,6 @@ in {
 
     services.xserver.desktopManager.session = singleton
       { name = "gnome3";
-        bgSupport = true;
         start = ''
           # Set GTK_DATA_PREFIX so that GTK+ can find the themes
           export GTK_DATA_PREFIX=${config.system.path}