changelog: add all new NixOS modules

(cherry picked from commit cce37d2164)

.gitignore

@@ -12,7 +12,5 @@ result-*
 
 .DS_Store
 
-/pkgs/applications/kde-apps-*/tmp/
-/pkgs/development/libraries/kde-frameworks-*/tmp/
 /pkgs/development/libraries/qt-5/*/tmp/
-/pkgs/desktops/plasma-*/tmp/
+/pkgs/desktops/kde-5/*/tmp/

doc/default.nix

@@ -63,9 +63,9 @@ stdenv.mkDerivation {
   + ''
     echo ${nixpkgsVersion} > .version
 
-    xmllint --noout --nonet --xinclude --noxincludenode \
-      --relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
-      manual.xml
+    # validate against relaxng schema
+    xmllint --nonet --xinclude --noxincludenode manual.xml --output manual-full.xml
+    ${jing}/bin/jing ${docbook5}/xml/rng/docbook/docbook.rng manual-full.xml
 
     dst=$out/share/doc/nixpkgs
     mkdir -p $dst

doc/haskell-users-guide.md

@@ -117,9 +117,10 @@ Also, the attributes `haskell.compiler.ghcXYC` and
 
 ### How to install a compiler
 
-A simple development environment consists of a Haskell compiler and the tool
-`cabal-install`, and we saw in section [How to install Haskell packages] how
-you can install those programs into your user profile:
+A simple development environment consists of a Haskell compiler and one or both
+of the tools `cabal-install` and `stack`. We saw in section
+[How to install Haskell packages] how you can install those programs into your
+user profile:
 
     $ nix-env -f "<nixpkgs>" -iA haskellPackages.ghc haskellPackages.cabal-install
 
@@ -148,10 +149,16 @@ version; just enter the Nix shell environment with the command
 
     $ nix-shell -p haskell.compiler.ghc784
 
-to bring GHC 7.8.4 into `$PATH`. Re-running `cabal configure` switches your
-build to use that compiler instead. If you're working on a project that doesn't
-depend on any additional system libraries outside of GHC, then it's sufficient
-even to run the `cabal configure` command inside of the shell:
+to bring GHC 7.8.4 into `$PATH`. Alternatively, you can use Stack instead of
+`nix-shell` directly to select compiler versions and other build tools
+per-project. It uses `nix-shell` under the hood when Nix support is turned on.
+See [How to build a Haskell project using Stack].
+
+If you're using `cabal-install`, re-running `cabal configure` inside the spawned
+shell switches your build to use that compiler instead. If you're working on
+a project that doesn't depend on any additional system libraries outside of GHC,
+then it's even sufficient to just run the `cabal configure` command inside of
+the shell:
 
     $ nix-shell -p haskell.compiler.ghc784 --command "cabal configure"
 
@@ -320,6 +327,58 @@ security reasons, which might be quite an inconvenience. See [this
 page](http://kb.mozillazine.org/Links_to_local_pages_do_not_work) for
 workarounds.
 
+### How to build a Haskell project using Stack
+
+[Stack][http://haskellstack.org] is a popular build tool for Haskell projects.
+It has first-class support for Nix. Stack can optionally use Nix to
+automatically select the right version of GHC and other build tools to build,
+test and execute apps in an existing project downloaded from somewhere on the
+Internet. Pass the `--nix` flag to any `stack` command to do so, e.g.
+
+    $ git clone --recursive http://github.com/yesodweb/wai
+    $ cd wai
+    $ stack --nix build
+
+If you want `stack` to use Nix by default, you can add a `nix` section to the
+`stack.yaml` file, as explained in the [Stack documentation][stack-nix-doc]. For
+example:
+
+    nix:
+      enable: true
+      packages: [pkgconfig zeromq zlib]
+
+The example configuration snippet above tells Stack to create an ad hoc
+environment for `nix-shell` as in the below section, in which the `pkgconfig`,
+`zeromq` and `zlib` packages from Nixpkgs are available. All `stack` commands
+will implicitly be executed inside this ad hoc environment.
+
+Some projects have more sophisticated needs. For examples, some ad hoc
+environments might need to expose Nixpkgs packages compiled in a certain way, or
+with extra environment variables. In these cases, you'll need a `shell` field
+instead of `packages`:
+
+    nix:
+      enable: true
+      shell-file: shell.nix
+
+For more on how to write a `shell.nix` file see the below section. You'll need
+to express a derivation. Note that Nixpkgs ships with a convenience wrapper
+function around `mkDerivation` called `haskell.lib.buildStackProject` to help you
+create this derivation in exactly the way Stack expects. All of the same inputs
+as `mkDerivation` can be provided. For example, to build a Stack project that
+including packages that link against a version of the R library compiled with
+special options turned on:
+
+    with (import <nixpkgs> { });
+
+    let R = pkgs.R.override { enableStrictBarrier = true; };
+    in
+	haskell.lib.buildStackProject {
+      name = "HaskellR";
+	  buildInputs = [ R zeromq zlib ];
+    }
+
+[stack-nix-doc]: http://docs.haskellstack.org/en/stable/nix_integration.html
 
 ### How to create ad hoc environments for `nix-shell`
 
@@ -605,7 +664,7 @@ can configure the environment variables
 
 in their `~/.bashrc` file to avoid the compiler error.
 
-### Using Stack together with Nix
+### Builds using Stack complain about missing system libraries
 
     --  While building package zlib-0.5.4.2 using:
       runhaskell -package=Cabal-1.22.4.0 -clear-package-db [... lots of flags ...]
@@ -633,13 +692,16 @@ means specific to Stack: you'll have that problem with any other
 Haskell package that's built inside of nix-shell but run outside of that
 environment.
 
-I suppose we could try to remedy the issue by wrapping `stack` or
-`cabal` with a script that tries to find those kind of implicit search
-paths and makes them explicit on the "cabal configure" command line. I
-don't think anyone is working on that subject yet, though, because the
-problem doesn't seem so bad in practice.
+You can remedy this issue in several ways. The easiest is to add a `nix` section
+to the `stack.yaml` like the following:
 
-You can remedy that issue in several ways. First of all, run
+    nix:
+      enable: true
+	  packages: [ zlib ]
+
+Stack's Nix support knows to add `${zlib}/lib` and `${zlib}/include` as an
+`--extra-lib-dirs` and `extra-include-dirs`, respectively. Alternatively, you
+can achieve the same effect by hand. First of all, run
 
     $ nix-build --no-out-link "<nixpkgs>" -A zlib
     /nix/store/alsvwzkiw4b7ip38l4nlfjijdvg3fvzn-zlib-1.2.8
@@ -663,7 +725,8 @@ to find out the store path of the system's zlib library. Now, you can
    Typically, you'll need --extra-include-dirs as well. It's possible
    to add those flag to the project's "stack.yaml" or your user's
    global "~/.stack/global/stack.yaml" file so that you don't have to
-   specify them manually every time.
+   specify them manually every time. But again, you're likely better off using
+   Stack's Nix support instead.
 
    The same thing applies to `cabal configure`, of course, if you're
    building with `cabal-install` instead of Stack.

doc/languages-frameworks/index.xml

@@ -23,6 +23,7 @@ such as Perl or Haskell.  These are described in this chapter.</para>
 <xi:include href="idris.xml" /> <!-- generated from ../../pkgs/development/idris-modules/README.md  -->
 <xi:include href="r.xml" /> <!-- generated from ../../pkgs/development/r-modules/README.md  -->
 <xi:include href="qt.xml" />
+<xi:include href="texlive.xml" />
 
 
 <!--

doc/languages-frameworks/ruby.xml

@@ -30,7 +30,7 @@ bundlerEnv {
 
   meta = with lib; {
     description = "A monitoring framework that aims to be simple, malleable,
-and scalable.";
+and scalable";
     homepage    = http://sensuapp.org/;
     license     = with licenses; mit;
     maintainers = with maintainers; [ theuni ];

doc/languages-frameworks/texlive.xml

@@ -0,0 +1,59 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="sec-language-texlive">
+
+<title>TeX Live</title>
+
+<para>Since release 15.09 there is a new TeX Live packaging that lives entirely under attribute <varname>texlive</varname>.</para>
+<section><title>User's guide</title>
+  <itemizedlist>
+    <listitem><para>
+      For basic usage just pull <varname>texlive.combined.scheme-basic</varname> for an environment with basic LaTeX support.</para></listitem>
+    <listitem><para>
+      It typically won't work to use separately installed packages together.
+      Instead, you can build a custom set of packages like this:
+      <programlisting>
+texlive.combine {
+  inherit (texlive) scheme-small collection-langkorean algorithms cm-super;
+}
+      </programlisting>
+      There are all the schemes, collections and a few thousand packages, as defined upstream (perhaps with tiny differences).
+    </para></listitem>
+    <listitem><para>
+      By default you only get executables and files needed during runtime, and a little documentation for the core packages.  To change that, you need to add <varname>pkgFilter</varname> function to <varname>combine</varname>.
+      <programlisting>
+texlive.combine {
+  # inherit (texlive) whatever-you-want;
+  pkgFilter = pkg:
+    pkg.tlType == "run" || pkg.tlType == "bin" || pkg.pname == "cm-super";
+  # elem tlType [ "run" "bin" "doc" "source" ]
+  # there are also other attributes: version, name
+}
+      </programlisting>
+    </para></listitem>
+    <listitem><para>
+      You can list packages e.g. by <command>nix-repl</command>.
+      <programlisting>
+$ nix-repl
+nix-repl> texlive.collection-&lt;TAB>
+      </programlisting>
+    </para></listitem>
+  </itemizedlist>
+</section>
+
+<section><title>Known problems</title>
+  <itemizedlist>
+    <listitem><para>
+      Some tools are still missing, e.g. luajittex;</para></listitem>
+    <listitem><para>
+      some apps aren't packaged/tested yet (asymptote, biber, etc.);</para></listitem>
+    <listitem><para>
+      feature/bug: when a package is rejected by <varname>pkgFilter</varname>, its dependencies are still propagated;</para></listitem>
+    <listitem><para>
+      in case of any bugs or feature requests, file a github issue or better a pull request and /cc @vcunat.</para></listitem>
+  </itemizedlist>
+</section>
+
+
+</section>
+

lib/maintainers.nix

@@ -67,6 +67,7 @@
   chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
   chattered = "Phil Scott <me@philscotted.com>";
   christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
+  cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
   coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
   codsl = "codsl <codsl@riseup.net>";
   codyopel = "Cody Opel <codyopel@gmail.com>";
@@ -148,7 +149,6 @@
   iElectric = "Domen Kozar <domen@dev.si>";
   igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
   ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
-  iyzsong = "Song Wenwu <iyzsong@gmail.com>";
   j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
   jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
   javaguirre = "Javier Aguirre <contacto@javaguirre.net>";
@@ -267,6 +267,7 @@
   psibi = "Sibi <sibi@psibi.in>";
   pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
   puffnfresh = "Brian McKenna <brian@brianmckenna.org>";
+  pxc = "Patrick Callahan <patrick.callahan@latitudeengineering.com>";
   qknight = "Joachim Schiele <js@lastlog.de>";
   ragge = "Ragnar Dahlen <r.dahlen@gmail.com>";
   raskin = "Michael Raskin <7c6f434c@mail.ru>";

maintainers/scripts/nix-generate-from-cpan.pl

@@ -279,7 +279,7 @@ sub get_deps {
         next if $n eq "perl";
 
         # Hacky way to figure out if this module is part of Perl.
-        if ( $n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/ ) {
+        if ( $n !~ /^JSON/ && $n !~ /^YAML/ && $n !~ /^Module::Pluggable/  && $n !~ /^if$/ ) {
             eval "use $n;";
             if ( !$@ ) {
                 DEBUG("skipping Perl-builtin module $n");
@@ -431,7 +431,7 @@ my $build_fun = -e "$pkg_path/Build.PL"
 print STDERR "===\n";
 
 print <<EOF;
-  "$attr_name" = $build_fun rec {
+  ${\(is_reserved($attr_name) ? "\"$attr_name\"" : $attr_name)} = $build_fun rec {
     name = "$pkg_name";
     src = fetchurl {
       url = "mirror://cpan/${\$module->path}/\${name}.${\$module->package_extension}";
@@ -450,7 +450,7 @@ EOF
 print <<EOF if defined $homepage;
       homepage = $homepage;
 EOF
-print <<EOF if defined $description;
+print <<EOF if defined $description && $description ne "Unknown";
       description = "$description";
 EOF
 print <<EOF if defined $license;

maintainers/scripts/travis-nox-review-pr.sh

@@ -11,7 +11,7 @@ if [[ $1 == nix ]]; then
 
     # Make sure we can use hydra's binary cache
     sudo mkdir /etc/nix
-    sudo echo "build-max-jobs = 4" > /etc/nix/nix.conf
+    sudo sh -c 'echo "build-max-jobs = 4" > /etc/nix/nix.conf'
 
     # Verify evaluation
     echo "=== Verifying that nixpkgs evaluates..."

nixos/doc/manual/default.nix

@@ -187,6 +187,7 @@ in rec {
         --param man.output.in.separate.dir 1 \
         --param man.output.base.dir "'$out/share/man/'" \
         --param man.endnotes.are.numbered 0 \
+        --param man.break.after.slash 1 \
         ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
         ./man-pages.xml
     '';

nixos/doc/manual/installation/installing.xml

@@ -22,7 +22,10 @@
   (with empty password).</para></listitem>
 
   <listitem><para>If you downloaded the graphical ISO image, you can
-  run <command>start display-manager</command> to start KDE.</para></listitem>
+  run <command>start display-manager</command> to start KDE. If you
+  want to continue on the terminal, you can use
+  <command>loadkeys</command> to switch to your preferred keyboard layout.
+  (We even provide neo2 via <command>loadkeys de neo</command>!)</para></listitem>
 
   <listitem><para>The boot process should have brought up networking (check
   <command>ip a</command>).  Networking is necessary for the

nixos/doc/manual/release-notes/release-notes.xml

@@ -9,7 +9,7 @@
 <para>This section lists the release notes for each stable version of NixOS
 and current unstable revision.</para>
 
-<xi:include href="rl-unstable.xml" />
+<xi:include href="rl-1603.xml" />
 <xi:include href="rl-1509.xml" />
 <xi:include href="rl-1412.xml" />
 <xi:include href="rl-1404.xml" />

nixos/doc/manual/release-notes/rl-1603.xml

@@ -2,9 +2,9 @@
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
-         xml:id="sec-release-unstable">
+         xml:id="sec-release-16.03">
 
-<title>Unstable</title>
+<title>Release 16.03 (“Emu”, 2016/03/??)</title>
 
 <para>In addition to numerous new and upgraded packages, this release
 has the following highlights:</para>
@@ -12,14 +12,44 @@ has the following highlights:</para>
 <itemizedlist>
 
   <listitem>
-    <para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
-    The package and attribute names are plain <literal>firefox</literal>
-    or <literal>midori</literal>, etc.  Backward-compatibility attributes were set up,
-    but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
-    your current <literal>firefox-with-plugins</literal>;
-    you have to uninstall it and install <literal>firefox</literal> instead.
-    More discussion is <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12299">
-    on the PR</link>.  </para>
+    <para>Systemd 229, bringing <link
+    xlink:href="https://github.com/systemd/systemd/blob/v229/NEWS">numerous
+    improvements</link> over 217.</para>
+  </listitem>
+
+  <listitem>
+    <para>Linux 4.4 (was 3.18).</para>
+  </listitem>
+
+  <listitem>
+    <para>GCC 5.3 (was 4.9). Note that GCC 5 <link
+    xlink:href="https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html">changes
+    the C++ ABI in an incompatible way</link>; this may cause problems
+    if you try to link objects compiled with different versions of
+    GCC.</para>
+  </listitem>
+
+  <listitem>
+    <para>Glibc 2.23 (was 2.21).</para>
+  </listitem>
+
+  <listitem>
+    <para>Improved support for ensuring <link
+    xlink:href="https://reproducible-builds.org/">bitwise reproducible
+    builds</link>. For example, <literal>stdenv</literal> now sets the
+    environment variable <envar
+    xlink:href="https://reproducible-builds.org/specs/source-date-epoch/">SOURCE_DATE_EPOCH</envar>
+    to a deterministic value, and Nix has <link
+    xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.11">gained
+    an option</link> to repeat a build a number of times to test
+    determinism. An ongoing project, the goal of exact reproducibility
+    is to allow binaries to be verified independently (e.g., a user
+    might only trust binaries that appear in three independent binary
+    caches).</para>
+  </listitem>
+
+  <listitem>
+    <para>Perl 5.22.</para>
   </listitem>
 
 </itemizedlist>
@@ -28,10 +58,57 @@ has the following highlights:</para>
 
   <itemizedlist>
     <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
-    <listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
-    <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
-    <listitem><para><literal>services/security/haka.nix</literal></para></listitem>
+    <listitem><para><literal>hardware/video/webcam/facetimehd.nix</literal></para></listitem>
     <listitem><para><literal>i18n/inputMethod/default.nix</literal></para></listitem>
+    <listitem><para><literal>i18n/inputMethod/fcitx.nix</literal></para></listitem>
+    <listitem><para><literal>i18n/inputMethod/ibus.nix</literal></para></listitem>
+    <listitem><para><literal>i18n/inputMethod/nabi.nix</literal></para></listitem>
+    <listitem><para><literal>i18n/inputMethod/uim.nix</literal></para></listitem>
+    <listitem><para><literal>programs/fish.nix</literal></para></listitem>
+    <listitem><para><literal>security/acme.nix</literal></para></listitem>
+    <listitem><para><literal>security/audit.nix</literal></para></listitem>
+    <listitem><para><literal>security/oath.nix</literal></para></listitem>
+    <listitem><para><literal>services/hardware/irqbalance.nix</literal></para></listitem>
+    <listitem><para><literal>services/mail/dspam.nix</literal></para></listitem>
+    <listitem><para><literal>services/mail/opendkim.nix</literal></para></listitem>
+    <listitem><para><literal>services/mail/postsrsd.nix</literal></para></listitem>
+    <listitem><para><literal>services/mail/rspamd.nix</literal></para></listitem>
+    <listitem><para><literal>services/mail/rmilter.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/autofs.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/bepasty.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/calibre-server.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/cfdyndns.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/gammu-smsd.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/mathics.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/matrix-synapse.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/octoprint.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/hdaps.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/heapster.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/longview.nix</literal></para></listitem>
+    <listitem><para><literal>services/network-filesystems/netatalk.nix</literal></para></listitem>
+    <listitem><para><literal>services/network-filesystems/xtreemfs.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/autossh.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/dnschain.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/gale.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/miniupnpd.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/namecoind.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/ostinato.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/pdnsd.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/shairport-sync.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/supplicant.nix</literal></para></listitem>
+    <listitem><para><literal>services/search/kibana.nix</literal></para></listitem>
+    <listitem><para><literal>services/security/haka.nix</literal></para></listitem>
+    <listitem><para><literal>services/security/physlock.nix</literal></para></listitem>
+    <listitem><para><literal>services/web-apps/pump.io.nix</literal></para></listitem>
+    <listitem><para><literal>services/x11/hardware/libinput.nix</literal></para></listitem>
+    <listitem><para><literal>services/x11/window-managers/windowlab.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/initrd-network.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/initrd-ssh.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
+    <listitem><para><literal>virtualisation/lxd.nix</literal></para></listitem>
+    <listitem><para><literal>virtualisation/rkt.nix</literal></para></listitem>
   </itemizedlist>
 </para>
 
@@ -39,6 +116,22 @@ has the following highlights:</para>
 following incompatible changes:</para>
 
 <itemizedlist>
+
+  <listitem>
+    <para>We no longer produce graphical ISO images and VirtualBox
+    images for <literal>i686-linux</literal>. A minimal ISO image is
+    still provided.</para>
+  </listitem>
+
+  <listitem>
+    <para>Firefox and similar browsers are now <emphasis>wrapped by default</emphasis>.
+    The package and attribute names are plain <literal>firefox</literal>
+    or <literal>midori</literal>, etc.  Backward-compatibility attributes were set up,
+    but note that <command>nix-env -u</command> will <emphasis>not</emphasis> update
+    your current <literal>firefox-with-plugins</literal>;
+    you have to uninstall it and install <literal>firefox</literal> instead.</para>
+  </listitem>
+
   <listitem>
     <para><command>wmiiSnap</command> has been replaced with
     <command>wmii_hg</command>, but
@@ -226,18 +319,84 @@ programs.ibus.plugins = with pkgs; [ ibus-anthy mozc ];
     was removed. Please review the currently available options.</para>
   </listitem>
 
+  <listitem>
+    <para>
+    The option <option>services.nsd.zones.&lt;name&gt;.data</option> no
+    longer interpret the dollar sign ($) as a shell variable, as such it
+    should not be escaped anymore.  Thus the following zone data:
+    </para>
+    <programlisting>
+\$ORIGIN example.com.
+\$TTL 1800
+@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
+    </programlisting>
+    <para>
+    Should modified to look like the actual file expected by nsd:
+    </para>
+    <programlisting>
+$ORIGIN example.com.
+$TTL 1800
+@       IN      SOA     ns1.vpn.nbp.name.      admin.example.com. (
+    </programlisting>
+  </listitem>
+
+  <listitem>
+    <para>
+    <literal>service.syncthing.dataDir</literal> options now has to point
+    to exact folder where syncthing is writing to. Example configuration should
+    loook something like:
+    </para>
+    <programlisting>
+services.syncthing = {
+    enable = true;
+    dataDir = "/home/somebody/.syncthing";
+    user = "somebody";
+};
+    </programlisting>
+  </listitem>
+
+  <listitem>
+    <para>
+      <literal>networking.firewall.allowPing</literal> is now enabled by
+      default. Users are encourarged to configure an approiate rate limit for
+      their machines using the Kernel interface at
+      <filename>/proc/sys/net/ipv4/icmp_ratelimit</filename> and
+      <filename>/proc/sys/net/ipv6/icmp/ratelimit</filename> or using the
+      firewall itself, i.e. by setting the NixOS option
+      <literal>networking.firewall.pingLimit</literal>.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>
+      Systems with some broadcom cards used to result into a generated config
+      that is no longer accepted. If you get errors like
+      <screen>error: path ‘/nix/store/*-broadcom-sta-*’ does not exist and cannot be created</screen>
+      you should either re-run <command>nixos-generate-config</command> or manually replace
+      <literal>"${config.boot.kernelPackages.broadcom_sta}"</literal>
+      by
+      <literal>config.boot.kernelPackages.broadcom_sta</literal>
+      in your <filename>/etc/nixos/hardware-configuration.nix</filename>.
+      More discussion is on <link xlink:href="https://github.com/NixOS/nixpkgs/pull/12595">
+      the github issue</link>.
+    </para>
+  </listitem>
 </itemizedlist>
 
 
 <para>Other notable improvements:
+
 <itemizedlist>
+
+  <!--
   <listitem>
     <para>The <command>command-not-found</command> hook was extended.
     Apart from <literal>$NIX_AUTO_INSTALL</literal> variable,
     it newly also checks for <literal>$NIX_AUTO_RUN</literal>
     which causes it to directly run the missing commands via
-    <command>nix-shell</command> (without installing anything). </para>
+    <command>nix-shell</command> (without installing anything).</para>
   </listitem>
+  -->
 
   <listitem>
     <para><literal>ejabberd</literal> module is brought back and now works on

nixos/lib/build-vms.nix

@@ -1,6 +1,6 @@
-{ system, minimal ? false }:
+{ system, minimal ? false, config ? {} }:
 
-let pkgs = import ../.. { config = {}; inherit system; }; in
+let pkgs = import ../.. { inherit system config; }; in
 
 with pkgs.lib;
 with import ../lib/qemu-flags.nix;

nixos/lib/make-disk-image.nix

@@ -22,17 +22,20 @@
 , # Shell code executed after the VM has finished.
   postVM ? ""
 
+, name ? "nixos-disk-image"
+
+, format ? "raw"
 }:
 
 with lib;
 
 pkgs.vmTools.runInLinuxVM (
-  pkgs.runCommand "nixos-disk-image"
+  pkgs.runCommand name
     { preVM =
         ''
           mkdir $out
-          diskImage=$out/nixos.img
-          ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${toString diskSize}M"
+          diskImage=$out/nixos.${if format == "qcow2" then "qcow2" else "img"}
+          ${pkgs.vmTools.qemu}/bin/qemu-img create -f ${format} $diskImage "${toString diskSize}M"
           mv closure xchg/
         '';
       buildInputs = [ pkgs.utillinux pkgs.perl pkgs.e2fsprogs pkgs.parted ];

nixos/lib/make-iso9660-image.nix

@@ -39,7 +39,6 @@
 
 , # The volume ID.
   volumeID ? ""
-
 }:
 
 assert bootable -> bootImage != "";
@@ -47,7 +46,7 @@ assert efiBootable -> efiBootImage != "";
 assert usbBootable -> isohybridMbrImage != "";
 
 stdenv.mkDerivation {
-  name = "iso9660-image";
+  name = isoName;
   builder = ./make-iso9660-image.sh;
   buildInputs = [perl xorriso syslinux];
 

nixos/lib/make-iso9660-image.sh

@@ -133,3 +133,4 @@ fi
 
 mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
+echo "file iso $out/iso/$isoName" >> $out/nix-support/hydra-build-products

nixos/lib/testing.nix

@@ -1,6 +1,6 @@
-{ system, minimal ? false }:
+{ system, minimal ? false, config ? {} }:
 
-with import ./build-vms.nix { inherit system minimal; };
+with import ./build-vms.nix { inherit system minimal config; };
 with pkgs;
 
 rec {

nixos/maintainers/scripts/azure/create-azure.sh

@@ -1,11 +1,8 @@
 #! /bin/sh -e
 
-BUCKET_NAME=${BUCKET_NAME:-nixos}
 export NIX_PATH=nixpkgs=../../../..
 export NIXOS_CONFIG=$(dirname $(readlink -f $0))/../../../modules/virtualisation/azure-image.nix
 export TIMESTAMP=$(date +%Y%m%d%H%M)
 
 nix-build '<nixpkgs/nixos>' \
-   -A config.system.build.azureImage --argstr system x86_64-linux -o azure --option extra-binary-caches http://hydra.nixos.org -j 10
-
-azure vm image create nixos-test --location "West Europe" --md5-skip -v --os Linux azure/disk.vhd
+   -A config.system.build.azureImage --argstr system x86_64-linux -o azure --option extra-binary-caches https://hydra.nixos.org -j 10

nixos/maintainers/scripts/azure/upload-azure.sh

@@ -0,0 +1,22 @@
+#! /bin/sh -e
+
+export STORAGE=${STORAGE:-nixos}
+export THREADS=${THREADS:-8}
+
+azure-vhd-utils-for-go  upload --localvhdpath azure/disk.vhd  --stgaccountname "$STORAGE"  --stgaccountkey "$KEY" \
+   --containername images --blobname nixos-unstable-nixops-updated.vhd --parallelism "$THREADS" --overwrite
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+

nixos/maintainers/scripts/ec2/amazon-image.nix

@@ -10,9 +10,11 @@ with lib;
     ];
 
   system.build.amazonImage = import ../../../lib/make-disk-image.nix {
-    inherit pkgs lib config;
+    inherit lib config;
+    pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
     partitioned = config.ec2.hvm;
     diskSize = if config.ec2.hvm then 2048 else 8192;
+    format = "qcow2";
     configFile = pkgs.writeText "configuration.nix"
       ''
         {

nixos/modules/config/gtk-exe-env.nix

@@ -1,41 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-  ];
-
-  options = {
-    gtkPlugins = lib.mkOption {
-      type = lib.types.listOf lib.types.path;
-      default = [];
-      description = ''
-        Plugin packages for GTK+ such as input methods.
-      '';
-    };
-  };
-
-  config = {
-    environment.variables = if builtins.length config.gtkPlugins > 0
-      then
-        let
-          paths = [ pkgs.gtk2 pkgs.gtk3 ] ++ config.gtkPlugins;
-          env = pkgs.buildEnv {
-            name = "gtk-exe-env";
-
-            inherit paths;
-
-            postBuild = lib.concatStringsSep "\n"
-              (map (d: d.gtkExeEnvPostBuild or "") paths);
-
-            ignoreCollisions = true;
-          };
-        in {
-          GTK_EXE_PREFIX = builtins.toString env;
-          GTK_PATH = [
-            "${env}/lib/gtk-2.0"
-            "${env}/lib/gtk-3.0"
-          ];
-        }
-      else {};
-  };
-}

nixos/modules/config/qt-plugin-env.nix

@@ -1,37 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  imports = [
-  ];
-
-  options = {
-    qtPlugins = lib.mkOption {
-      type = lib.types.listOf lib.types.path;
-      default = [];
-      description = ''
-        Plugin packages for Qt such as input methods.
-      '';
-    };
-  };
-
-  config = {
-    environment.variables = if builtins.length config.qtPlugins > 0
-      then
-        let
-          paths = [ pkgs.qt48 ] ++ config.qtPlugins;
-          env = pkgs.buildEnv {
-            name = "qt-plugin-env";
-
-            inherit paths;
-
-            postBuild = lib.concatStringsSep "\n"
-              (map (d: d.qtPluginEnvPostBuild or "") paths);
-
-            ignoreCollisions = true;
-          };
-        in {
-          QT_PLUGIN_PATH = [ (builtins.toString env) ];
-        }
-      else {};
-  };
-}

nixos/modules/i18n/inputMethod/fcitx.nix

@@ -18,10 +18,14 @@ in
         type    = with types; listOf fcitxEngine;
         default = [];
         example = literalExample "with pkgs.fcitx-engines; [ mozc hangul ]";
-        description = ''
-          Enabled Fcitx engines.
-          Available engines can be found by running `nix-env "<nixpkgs>" . -qaP -A fcitx-engines`.
-        '';
+        description =
+          let
+            engines =
+              lib.concatStringsSep ", "
+              (map (name: "<literal>${name}</literal>")
+               (lib.attrNames pkgs.fcitx-engines));
+          in
+            "Enabled Fcitx engines. Available engines are: ${engines}.";
       };
     };
 
@@ -29,8 +33,6 @@ in
 
   config = mkIf (config.i18n.inputMethod.enabled == "fcitx") {
     environment.systemPackages = [ fcitxPackage ];
-    gtkPlugins = [ fcitxPackage ];
-    qtPlugins  = [ fcitxPackage ];
 
     environment.variables = {
       GTK_IM_MODULE = "fcitx";

nixos/modules/i18n/inputMethod/nabi.nix

@@ -4,7 +4,6 @@ with lib;
 {
   config = mkIf (config.i18n.inputMethod.enabled == "nabi") {
     environment.systemPackages = [ pkgs.nabi ];
-    qtPlugins  = [ pkgs.nabi ];
 
     environment.variables = {
       GTK_IM_MODULE = "nabi";

nixos/modules/i18n/inputMethod/uim.nix

@@ -23,8 +23,6 @@ in
 
   config = mkIf (config.i18n.inputMethod.enabled == "uim") {
     environment.systemPackages = [ pkgs.uim ];
-    gtkPlugins = [ pkgs.uim ];
-    qtPlugins  = [ pkgs.uim ];
 
     environment.variables = {
       GTK_IM_MODULE = "uim";

nixos/modules/installer/tools/nixos-rebuild.sh

@@ -257,9 +257,9 @@ fi
 prebuiltNix() {
     machine="$1"
     if [ "$machine" = x86_64 ]; then
-        return /nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
+        echo /nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
     elif [[ "$machine" =~ i.86 ]]; then
-        return /nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
+        echo /nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
     else
         echo "$0: unsupported platform"
         exit 1

nixos/modules/misc/ids.nix

@@ -253,6 +253,8 @@
       pdnsd = 229;
       octoprint = 230;
       avahi-autoipd = 231;
+      hydra-queue-runner = 235;
+      hydra-www = 236;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 

nixos/modules/misc/version.nix

@@ -89,7 +89,7 @@ in
     defaultChannel = mkOption {
       internal = true;
       type = types.str;
-      default = https://nixos.org/channels/nixos-unstable;
+      default = https://nixos.org/channels/nixos-16.03;
       description = "Default NixOS channel to which the root user is subscribed.";
     };
 

nixos/modules/module-list.nix

@@ -7,7 +7,6 @@
   ./config/fonts/fonts.nix
   ./config/fonts/ghostscript.nix
   ./config/gnu.nix
-  ./config/gtk-exe-env.nix
   ./config/i18n.nix
   ./config/krb5.nix
   ./config/ldap.nix
@@ -16,7 +15,6 @@
   ./config/nsswitch.nix
   ./config/power-management.nix
   ./config/pulseaudio.nix
-  ./config/qt-plugin-env.nix
   ./config/shells-environment.nix
   ./config/swap.nix
   ./config/sysctl.nix
@@ -79,7 +77,6 @@
   ./programs/shell.nix
   ./programs/ssh.nix
   ./programs/ssmtp.nix
-  ./programs/uim.nix
   ./programs/venus.nix
   ./programs/wvdial.nix
   ./programs/xfs_quota.nix
@@ -325,7 +322,6 @@
   ./services/networking/hostapd.nix
   ./services/networking/i2pd.nix
   ./services/networking/i2p.nix
-  ./services/networking/ifplugd.nix
   ./services/networking/iodined.nix
   ./services/networking/ircd-hybrid/default.nix
   ./services/networking/kippo.nix

nixos/modules/profiles/base.nix

@@ -17,6 +17,7 @@
     pkgs.ddrescue
     pkgs.ccrypt
     pkgs.cryptsetup # needed for dm-crypt volumes
+    pkgs.which # 88K size
 
     # Some networking tools.
     pkgs.fuse

nixos/modules/profiles/headless.nix

@@ -20,4 +20,7 @@ with lib;
 
   # Don't allow emergency mode, because we don't have a console.
   systemd.enableEmergencyMode = false;
+
+  # Being headless, we don't need a GRUB splash image.
+  boot.loader.grub.splashImage = null;
 }

nixos/modules/programs/bash/bash.nix

@@ -56,7 +56,7 @@ in
       */
 
       shellAliases = mkOption {
-        default = config.environment.shellAliases // { which = "type -P"; };
+        default = config.environment.shellAliases;
         description = ''
           Set of aliases for bash shell. See <option>environment.shellAliases</option>
           for an option format description.

nixos/modules/programs/uim.nix

@@ -1,31 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-let
-  cfg = config.uim;
-in
-{
-  options = {
-
-    uim = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        example = true;
-        description = "Enable UIM input method";
-      };
-    };
-
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ pkgs.uim ];
-    gtkPlugins = [ pkgs.uim ];
-    qtPlugins = [ pkgs.uim ];
-    environment.variables.GTK_IM_MODULE = "uim";
-    environment.variables.QT_IM_MODULE = "uim";
-    environment.variables.XMODIFIERS = "@im=uim";
-    services.xserver.displayManager.sessionCommands = "uim-xim &";
-  };
-}

nixos/modules/security/ca.nix

@@ -67,6 +67,12 @@ in
     # CentOS/Fedora compatibility.
     environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
 
+    environment.sessionVariables =
+      { # FIXME: unneeded - remove eventually.
+        SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
+        GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt";
+      };
+
   };
 
 }

nixos/modules/security/grsecurity.nix

@@ -26,19 +26,11 @@ in
         '';
       };
 
-      stable = mkOption {
-        type = types.bool;
-        default = false;
+      kernelPatch = mkOption {
+        type = types.attrs;
+        example = lib.literalExample "pkgs.kernelPatches.grsecurity_4_1";
         description = ''
-          Enable the stable grsecurity patch, based on Linux 3.14.
-        '';
-      };
-
-      testing = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Enable the testing grsecurity patch, based on Linux 4.0.
+          Grsecurity patch to use.
         '';
       };
 
@@ -219,16 +211,7 @@ in
 
   config = mkIf cfg.enable {
     assertions =
-      [ { assertion = cfg.stable || cfg.testing;
-          message   = ''
-            If grsecurity is enabled, you must select either the
-            stable patch (with kernel 3.14), or the testing patch (with
-            kernel 4.0) to continue.
-          '';
-        }
-        { assertion = !(cfg.stable && cfg.testing);
-          message   = "Select either one of the stable or testing patch";
-        }
+      [
         { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
                       (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
           message   = "You cannot enable both restrictProc and restrictProcWithGroup";
@@ -247,6 +230,8 @@ in
         }
       ];
 
+    security.grsecurity.kernelPatch = lib.mkDefault pkgs.kernelPatches.grsecurity_latest;
+
     systemd.services.grsec-lock = mkIf cfg.config.sysctl {
       description     = "grsecurity sysctl-lock Service";
       requires        = [ "systemd-sysctl.service" ];

nixos/modules/services/backup/tarsnap.nix

@@ -293,7 +293,7 @@ in
       # make sure that the tarsnap server is reachable after systemd starts up
       # the service - therefore we sleep in a loop until we can ping the
       # endpoint.
-      preStart = "while ! ping -q -c 1 betatest-server.tarsnap.com &> /dev/null; do sleep 3; done";
+      preStart = "while ! ping -q -c 1 v1-0-0-server.tarsnap.com &> /dev/null; do sleep 3; done";
       scriptArgs = "%i";
       script = ''
         mkdir -p -m 0755 ${dirOf cfg.cachedir}

nixos/modules/services/misc/gitlab.nix

@@ -206,12 +206,6 @@ in {
         description = "Gitlab database user.";
       };
 
-      emailFrom = mkOption {
-        type = types.str;
-        default = "example@example.org";
-        description = "The source address for emails sent by gitlab.";
-      };
-
       host = mkOption {
         type = types.str;
         default = config.networking.hostName;
@@ -328,7 +322,7 @@ in {
         Group = cfg.group;
         TimeoutSec = "300";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailer -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
+        ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
       };
     };
 

nixos/modules/services/misc/nix-daemon.nix

@@ -39,7 +39,7 @@ let
         build-users-group = nixbld
         build-max-jobs = ${toString (cfg.maxJobs)}
         build-cores = ${toString (cfg.buildCores)}
-        build-use-chroot = ${if cfg.useChroot then "true" else "false"}
+        build-use-chroot = ${if (builtins.isBool cfg.useChroot) then (if cfg.useChroot then "true" else "false") else cfg.useChroot}
         build-chroot-dirs = ${toString cfg.chrootDirs} /bin/sh=${sh} $(echo $extraPaths)
         binary-caches = ${toString cfg.binaryCaches}
         trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
@@ -99,7 +99,7 @@ in
       };
 
       useChroot = mkOption {
-        type = types.bool;
+        type = types.either types.bool (types.enum ["relaxed"]);
         default = false;
         description = "
           If set, Nix will perform builds in a chroot-environment that it

nixos/modules/services/monitoring/collectd.nix

@@ -100,7 +100,7 @@ in {
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.collectd}/sbin/collectd -C ${conf} -P ${cfg.pidFile}";
+        ExecStart = "${cfg.package}/sbin/collectd -C ${conf} -P ${cfg.pidFile}";
         Type = "forking";
         PIDFile = cfg.pidFile;
         User = optional (cfg.user!="root") cfg.user;

nixos/modules/services/monitoring/grafana.nix

@@ -87,7 +87,7 @@ in {
 
     staticRootPath = mkOption {
       description = "Root path for static assets.";
-      default = "${cfg.package.out}/share/grafana/public";
+      default = "${cfg.package}/share/grafana/public";
       type = types.str;
     };
 

nixos/modules/services/networking/bird.nix

@@ -30,7 +30,7 @@ in
 
       user = mkOption {
         type = types.string;
-        default = "ircd";
+        default = "bird";
         description = ''
           BIRD Internet Routing Daemon user.
         '';
@@ -38,7 +38,7 @@ in
 
       group = mkOption {
         type = types.string;
-        default = "ircd";
+        default = "bird";
         description = ''
           BIRD Internet Routing Daemon group.
         '';

nixos/modules/services/networking/dnscrypt-proxy.nix

@@ -27,33 +27,54 @@ in
 {
   options = {
     services.dnscrypt-proxy = {
-      enable = mkEnableOption ''
-        Enable dnscrypt-proxy. The proxy relays regular DNS queries to a
-        DNSCrypt enabled upstream resolver. The traffic between the
-        client and the upstream resolver is encrypted and authenticated,
-        which may mitigate the risk of MITM attacks and third-party
+      enable = mkEnableOption "dnscrypt-proxy" // { description = ''
+        Whether to enable the DNSCrypt client proxy. The proxy relays
+        DNS queries to a DNSCrypt enabled upstream resolver. The traffic
+        between the client and the upstream resolver is encrypted and
+        authenticated, mitigating the risk of MITM attacks and third-party
         snooping (assuming the upstream is trustworthy).
-      '';
+
+        Enabling this option does not alter the system nameserver; to relay
+        local queries, prepend <literal>127.0.0.1</literal> to
+        <option>networking.nameservers</option>.
+
+        The recommended configuration is to run DNSCrypt proxy as a forwarder
+        for a caching DNS client, as in
+        <programlisting>
+        {
+          services.dnscrypt-proxy.enable = true;
+          services.dnscrypt-proxy.localPort = 43;
+          services.dnsmasq.enable = true;
+          services.dnsmasq.servers = [ "127.0.0.1#43" ];
+          services.dnsmasq.resolveLocalQueries = true; # this is the default
+        }
+        </programlisting>
+     ''; };
       localAddress = mkOption {
         default = "127.0.0.1";
         type = types.string;
         description = ''
-          Listen for DNS queries on this address.
+          Listen for DNS queries to relay on this address. The only reason to
+          change this from its default value is to proxy queries on behalf
+          of other machines (typically on the local network).
         '';
       };
       localPort = mkOption {
         default = 53;
         type = types.int;
         description = ''
-          Listen on this port.
+          Listen for DNS queries to relay on this port. The default value
+          assumes that the DNSCrypt proxy should relay DNS queries directly.
+          When running as a forwarder for another DNS client, set this option
+          to a different value; otherwise leave the default.
         '';
       };
       resolverName = mkOption {
-        default = "opendns";
+        default = "cisco";
         type = types.nullOr types.string;
         description = ''
           The name of the upstream DNSCrypt resolver to use. See
-          <literal>${resolverListFile}</literal> for alternative resolvers
+          <filename>${resolverListFile}</filename> for alternative resolvers
           (e.g., if you are concerned about logging and/or server
           location).
         '';
@@ -61,9 +82,8 @@ in
       customResolver = mkOption {
         default = null;
         description = ''
-          Use a resolver not listed in the upstream list (e.g.,
-          a private DNSCrypt provider). For advanced users only.
-          If specified, this option takes precedence.
+          Use an unlisted resolver (e.g., a private DNSCrypt provider). For
+          advanced users only. If specified, this option takes precedence.
         '';
         type = types.nullOr (types.submodule ({ ... }: { options = {
           address = mkOption {
@@ -80,20 +100,20 @@ in
             type = types.str;
             description = "Provider fully qualified domain name";
             example = "2.dnscrypt-cert.opendns.com";
-         };
-         key = mkOption {
-           type = types.str;
-           description = "Provider public key";
-           example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79";
-         }; }; }));
+          };
+          key = mkOption {
+            type = types.str;
+            description = "Provider public key";
+            example = "B735:1140:206F:225D:3E2B:D822:D7FD:691E:A1C3:3CC8:D666:8D0C:BE04:BFAB:CA43:FB79";
+          };
+        }; }));
       };
       tcpOnly = mkOption {
         default = false;
         type = types.bool;
         description = ''
-          Force sending encrypted DNS queries to the upstream resolver
-          over TCP instead of UDP (on port 443). Enabling this option may
-          help circumvent filtering, but should not be used otherwise.
+          Force sending encrypted DNS queries to the upstream resolver over
+          TCP instead of UDP (on port 443). Use only if the UDP port is blocked.
         '';
       };
     };
@@ -130,6 +150,9 @@ in
         ${pkgs.xz}/lib/liblzma.so.* mr,
         ${pkgs.libgcrypt}/lib/libgcrypt.so.* mr,
         ${pkgs.libgpgerror}/lib/libgpg-error.so.* mr,
+        ${pkgs.libcap}/lib/libcap.so.* mr,
+        ${pkgs.lz4}/lib/liblz4.so.* mr,
+        ${pkgs.attr}/lib/libattr.so.* mr,
 
         ${resolverListFile} r,
       }

nixos/modules/services/networking/firewall.nix

@@ -338,7 +338,7 @@ in
     };
 
     networking.firewall.allowPing = mkOption {
-      default = false;
+      default = true;
       type = types.bool;
       description =
         ''

nixos/modules/services/networking/ifplugd.nix

@@ -1,82 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  inherit (pkgs) ifplugd;
-
-  cfg = config.networking.interfaceMonitor;
-
-  # The ifplugd action script, which is called whenever the link
-  # status changes (i.e., a cable is plugged in or unplugged).
-  plugScript = pkgs.writeScript "ifplugd.action"
-    ''
-      #! ${pkgs.stdenv.shell}
-      iface="$1"
-      status="$2"
-      ${cfg.commands}
-    '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    networking.interfaceMonitor.enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        If <literal>true</literal>, monitor Ethernet interfaces for
-        cables being plugged in or unplugged.  When this occurs, the
-        commands specified in
-        <option>networking.interfaceMonitor.commands</option> are
-        executed.
-      '';
-    };
-
-    networking.interfaceMonitor.beep = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        If <literal>true</literal>, beep when an Ethernet cable is
-        plugged in or unplugged.
-      '';
-    };
-
-    networking.interfaceMonitor.commands = mkOption {
-      type = types.lines;
-      default = "";
-      description = ''
-        Shell commands to be executed when the link status of an
-        interface changes.  On invocation, the shell variable
-        <varname>iface</varname> contains the name of the interface,
-        while the variable <varname>status</varname> contains either
-        <literal>up</literal> or <literal>down</literal> to indicate
-        the new status.
-      '';
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-    systemd.services.ifplugd = {
-      description = "Network interface connectivity monitor";
-      after = [ "network-interfaces.target" ];
-      wantedBy = [ "multi-user.target" ];
-      script = ''
-        ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \
-          ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \
-          --run ${plugScript}
-      '';
-    };
-
-    environment.systemPackages = [ ifplugd ];
-  };
-}

nixos/modules/services/networking/iodined.nix

@@ -64,8 +64,7 @@ in
 
     systemd.services.iodined = {
       description = "iodine, ip over dns daemon";
-      after = [ "network.target" ];
-      wantedBy = [ "multi-user.target" ];
+      wantedBy = [ "ip-up.target" ];
       serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
     };
 

nixos/modules/services/printing/cupsd.nix

@@ -310,7 +310,9 @@ in
               [ ! -e "/var/lib/cups/$i" ] && ln -s "${rootdir}/etc/cups/$i" "/var/lib/cups/$i"
             done
             ${optionalString cfg.gutenprint ''
-              ${gutenprint}/bin/cups-genppdupdate -p /etc/cups/ppd
+              if [ -d /var/lib/cups/ppd ]; then
+                ${gutenprint}/bin/cups-genppdupdate -p /var/lib/cups/ppd
+              fi
             ''}
           '';
       };

nixos/modules/services/x11/window-managers/default.nix

@@ -10,7 +10,6 @@ in
   imports = [
     ./afterstep.nix
     ./bspwm.nix
-    ./clfswm.nix
     ./compiz.nix
     ./dwm.nix
     ./fluxbox.nix

nixos/modules/services/x11/xserver.nix

@@ -13,9 +13,9 @@ let
 
   # Map video driver names to driver packages. FIXME: move into card-specific modules.
   knownVideoDrivers = {
-    virtualbox   = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
-    ati = { modules = [ pkgs.xorg.xf86videoati pkgs.xorg.glamoregl ]; };
-    intel-testing = { modules = with pkgs.xorg; [ xf86videointel-testing glamoregl ]; driverName = "intel"; };
+    virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
+    ati = { modules = with pkgs.xorg; [ xf86videoati glamoregl ]; };
+    intel = { modules = with pkgs.xorg; [ xf86videointel glamoregl ]; };
   };
 
   fontsForXServer =

nixos/modules/system/boot/coredump.nix

@@ -33,19 +33,24 @@ with lib;
 
   };
 
-  config = mkIf config.systemd.coredump.enable {
+  config = mkMerge [
+    (mkIf config.systemd.coredump.enable {
 
-    environment.etc."systemd/coredump.conf".text =
-      ''
-        [Coredump]
-        ${config.systemd.coredump.extraConfig}
-      '';
+      environment.etc."systemd/coredump.conf".text =
+        ''
+          [Coredump]
+          ${config.systemd.coredump.extraConfig}
+        '';
 
-    # Have the kernel pass core dumps to systemd's coredump helper binary.
-    # From systemd's 50-coredump.conf file. See:
-    # <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in>
-    boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e";
+      # Have the kernel pass core dumps to systemd's coredump helper binary.
+      # From systemd's 50-coredump.conf file. See:
+      # <https://github.com/systemd/systemd/blob/v218/sysctl.d/50-coredump.conf.in>
+      boot.kernel.sysctl."kernel.core_pattern" = "|${pkgs.systemd}/lib/systemd/systemd-coredump %p %u %g %s %t %e";
+    })
 
-  };
+    (mkIf (!config.systemd.coredump.enable) {
+      boot.kernel.sysctl."kernel.core_pattern" = mkDefault "core";
+    })
+  ];
 
 }

nixos/modules/system/boot/stage-1.nix

@@ -58,6 +58,7 @@ let
 
       # Add RAID mdadm tool.
       copy_bin_and_libs ${pkgs.mdadm}/sbin/mdadm
+      copy_bin_and_libs ${pkgs.mdadm}/sbin/mdmon
 
       # Copy udev.
       copy_bin_and_libs ${udev}/lib/systemd/systemd-udevd

nixos/modules/tasks/filesystems.nix

@@ -93,7 +93,7 @@ let
     config = {
       mountPoint = mkDefault name;
       device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType);
-      options = mkIf config.autoResize "x-nixos.autoresize";
+      options = mkIf config.autoResize [ "x-nixos.autoresize" ];
 
       # -F needed to allow bare block device without partitions
       formatOptions = mkIf ((builtins.substring 0 3 config.fsType) == "ext") (mkDefault "-F");

nixos/modules/tasks/network-interfaces.nix

@@ -882,10 +882,8 @@ in
       optionalString hasBonds "options bonding max_bonds=0";
 
     boot.kernel.sysctl = {
-      "net.net.ipv4.conf.all.promote_secondaries" = true;
       "net.ipv6.conf.all.disable_ipv6" = mkDefault (!cfg.enableIPv6);
       "net.ipv6.conf.default.disable_ipv6" = mkDefault (!cfg.enableIPv6);
-      "net.ipv4.conf.all_forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
       "net.ipv6.conf.all.forwarding" = mkDefault (any (i: i.proxyARP) interfaces);
     } // listToAttrs (concatLists (flip map (filter (i: i.proxyARP) interfaces)
         (i: flip map [ "4" "6" ] (v: nameValuePair "net.ipv${v}.conf.${i.name}.proxy_arp" true))

nixos/modules/tasks/swraid.nix

@@ -12,4 +12,45 @@
     cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/
   '';
 
+  systemd.services.mdadm-shutdown = {
+    wantedBy = [ "final.target"];
+    after = [ "umount.target" ];
+
+    unitConfig = {
+      DefaultDependencies = false;
+    };
+
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = ''${pkgs.mdadm}/bin/mdadm --wait-clean --scan'';
+    };
+  };
+
+  systemd.services."mdmon@" = {
+    description = "MD Metadata Monitor on /dev/%I";
+
+    unitConfig.DefaultDependencies = false;
+
+    serviceConfig = {
+      Type = "forking";
+      Environment = "IMSM_NO_PLATFORM=1";
+      ExecStart = ''${pkgs.mdadm}/bin/mdmon --offroot --takeover %I'';
+      KillMode = "none";
+    };
+  };
+
+  systemd.services."mdadm-grow-continue@" = {
+    description = "Manage MD Reshape on /dev/%I";
+
+    unitConfig.DefaultDependencies = false;
+
+    serviceConfig = {
+      ExecStart = ''${pkgs.mdadm}/bin/mdadm --grow --continue /dev/%I'';
+      StandardInput = "null";
+      StandardOutput = "null";
+      StandardError = "null";
+      KillMode = "none";
+    };
+  };
+ 
 }

nixos/modules/virtualisation/amazon-image.nix

@@ -40,7 +40,6 @@ let cfg = config.ec2; in
         # Force udev to exit to prevent random "Device or resource busy
         # while trying to open /dev/xvda" errors from fsck.
         udevadm control --exit || true
-        kill -9 -1
       '';
 
     boot.initrd.network.enable = true;
@@ -66,8 +65,7 @@ let cfg = config.ec2; in
         fi
 
         if ! [ -e "$metaDir/user-data" ]; then
-          wget -q -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data
-          chmod 600 "$metaDir/user-data"
+          wget -q -O "$metaDir/user-data" http://169.254.169.254/1.0/user-data && chmod 600 "$metaDir/user-data"
         fi
 
         if ! [ -e "$metaDir/hostname" ]; then

nixos/modules/virtualisation/azure-agent-entropy.patch

@@ -0,0 +1,17 @@
+--- a/waagent	2016-03-12 09:58:15.728088851 +0200
++++ a/waagent	2016-03-12 09:58:43.572680025 +0200
+@@ -6173,10 +6173,10 @@
+             Log("MAC  address: " + ":".join(["%02X" % Ord(a) for a in mac]))
+         
+         # Consume Entropy in ACPI table provided by Hyper-V
+-        try:
+-            SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
+-        except:
+-            pass
++        #try:
++        #    SetFileContents("/dev/random", GetFileContents("/sys/firmware/acpi/tables/OEM0"))
++        #except:
++        #    pass
+ 
+         Log("Probing for Azure environment.")
+         self.Endpoint = self.DoDhcpWork()

nixos/modules/virtualisation/azure-agent.nix

@@ -14,6 +14,9 @@ let
       rev = "1b3a8407a95344d9d12a2a377f64140975f1e8e4";
       sha256 = "10byzvmpgrmr4d5mdn2kq04aapqb3sgr1admk13wjmy5cd6bwd2x";
     };
+
+    patches = [ ./azure-agent-entropy.patch ];
+
     buildInputs = [ makeWrapper python pythonPackages.wrapPython ];
     runtimeDeps = [ findutils gnugrep gawk coreutils openssl openssh
                     nettools # for hostname
@@ -54,9 +57,15 @@ in
 
   ###### interface
 
-  options.virtualisation.azure.agent.enable = mkOption {
-    default = false;
-    description = "Whether to enable the Windows Azure Linux Agent.";
+  options.virtualisation.azure.agent = {
+    enable = mkOption {
+      default = false;
+      description = "Whether to enable the Windows Azure Linux Agent.";
+    };
+    verboseLogging = mkOption {
+      default = false;
+      description = "Whether to enable verbose logging.";
+    };
   };
 
   ###### implementation
@@ -88,7 +97,7 @@ in
         Provisioning.DeleteRootPassword=n
 
         # Generate fresh host key pair.
-        Provisioning.RegenerateSshHostKeyPair=y
+        Provisioning.RegenerateSshHostKeyPair=n
 
         # Supported values are "rsa", "dsa" and "ecdsa".
         Provisioning.SshHostKeyPairType=ed25519
@@ -121,7 +130,7 @@ in
         Logs.Console=y
 
         # Enable verbose logging (y|n)
-        Logs.Verbose=n
+        Logs.Verbose=${if cfg.verboseLogging then "y" else "n"}
 
         # Root device timeout in seconds.
         OS.RootDeviceScsiTimeout=300
@@ -146,16 +155,30 @@ in
 
     systemd.targets.provisioned = {
       description = "Services Requiring Azure VM provisioning to have finished";
-      wantedBy = [ "sshd.service" ];
-      before = [ "sshd.service" ];
     };
 
+  systemd.services.consume-hypervisor-entropy =
+    { description = "Consume entropy in ACPI table provided by Hyper-V";
+
+      wantedBy = [ "sshd.service" "waagent.service" ];
+      before = [ "sshd.service" "waagent.service" ];
+      after = [ "local-fs.target" ];
+
+      path  = [ pkgs.coreutils ];
+      script =
+        ''
+          echo "Fetching entropy..."
+          cat /sys/firmware/acpi/tables/OEM0 > /dev/random
+        '';
+      serviceConfig.Type = "oneshot";
+      serviceConfig.RemainAfterExit = true;
+      serviceConfig.StandardError = "journal+console";
+      serviceConfig.StandardOutput = "journal+console";
+     };
 
     systemd.services.waagent = {
-      wantedBy = [ "sshd.service" ];
-      before = [ "sshd.service" ];
-      after = [ "ip-up.target" ];
-      wants = [ "ip-up.target" ];
+      wantedBy = [ "multi-user.target" ];
+      after = [ "ip-up.target" "sshd.service" ];
 
       path = [ pkgs.e2fsprogs ];
       description = "Windows Azure Agent Service";

nixos/modules/virtualisation/azure-config-user.nix

@@ -0,0 +1,12 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  # To build the configuration or use nix-env, you need to run
+  # either nixos-rebuild --upgrade or nix-channel --update
+  # to fetch the nixos channel.
+
+  # This configures everything but bootstrap services,
+  # which only need to be run once and have already finished
+  # if you are able to see this comment.
+  imports = [ "${modulesPath}/virtualisation/azure-common.nix" ];
+}

nixos/modules/virtualisation/azure-image.nix

@@ -2,7 +2,7 @@
 
 with lib;
 let
-  diskSize = "4096";
+  diskSize = "30720";
 in
 {
   system.build.azureImage =
@@ -23,7 +23,7 @@ in
           postVM =
             ''
               mkdir -p $out
-              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc -o subformat=fixed $diskImage $out/disk.vhd
+              ${pkgs.vmTools.qemu-220}/bin/qemu-img convert -f raw -O vpc $diskImage $out/disk.vhd
               rm $diskImage
             '';
           diskImageBase = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.raw";
@@ -78,7 +78,7 @@ in
 
           echo Install a configuration.nix.
           mkdir -p /mnt/etc/nixos /mnt/boot/grub
-          cp ${./azure-config.nix} /mnt/etc/nixos/configuration.nix
+          cp ${./azure-config-user.nix} /mnt/etc/nixos/configuration.nix
 
           echo Generate the GRUB menu.
           ln -s vda /dev/sda

nixos/modules/virtualisation/virtualbox-image.nix

@@ -22,7 +22,9 @@ in {
 
   config = {
 
-    system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
+    system.build.virtualBoxOVA = import ../../lib/make-disk-image.nix {
+      name = "nixos-ova-${config.system.nixosLabel}-${pkgs.stdenv.system}";
+
       inherit pkgs lib config;
       partitioned = true;
       diskSize = cfg.baseImageSize;
@@ -37,37 +39,36 @@ in {
       postVM =
         ''
           echo "creating VirtualBox disk image..."
-          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
+          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage disk.vdi
           rm $diskImage
+
+          echo "creating VirtualBox VM..."
+          export HOME=$PWD
+          export PATH=${pkgs.linuxPackages.virtualbox}/bin:$PATH
+          vmName="NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})"
+          VBoxManage createvm --name "$vmName" --register \
+            --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
+          VBoxManage modifyvm "$vmName" \
+            --memory 1536 --acpi on --vram 32 \
+            ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
+            --nictype1 virtio --nic1 nat \
+            --audiocontroller ac97 --audio alsa \
+            --rtcuseutc on \
+            --usb on --mouse usbtablet
+          VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
+          VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
+            --medium disk.vdi
+
+          echo "exporting VirtualBox VM..."
+          mkdir -p $out
+          fn="$out/nixos-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova"
+          VBoxManage export "$vmName" --output "$fn"
+
+          mkdir -p $out/nix-support
+          echo "file ova $fn" >> $out/nix-support/hydra-build-products
         '';
     };
 
-    system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
-      { buildInputs = [ pkgs.linuxPackages.virtualbox ];
-        vmName = "NixOS ${config.system.nixosLabel} (${pkgs.stdenv.system})";
-        fileName = "nixos-image-${config.system.nixosLabel}-${pkgs.stdenv.system}.ova";
-      }
-      ''
-        echo "creating VirtualBox VM..."
-        export HOME=$PWD
-        VBoxManage createvm --name "$vmName" --register \
-          --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
-        VBoxManage modifyvm "$vmName" \
-          --memory 1536 --acpi on --vram 32 \
-          ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
-          --nictype1 virtio --nic1 nat \
-          --audiocontroller ac97 --audio alsa \
-          --rtcuseutc on \
-          --usb on --mouse usbtablet
-        VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
-        VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
-          --medium ${config.system.build.virtualBoxImage}/disk.vdi
-
-        echo "exporting VirtualBox VM..."
-        mkdir -p $out
-        VBoxManage export "$vmName" --output "$out/$fileName"
-      '';
-
     fileSystems."/".device = "/dev/disk/by-label/nixos";
 
     boot.loader.grub.device = "/dev/sda";

nixos/release-combined.nix

@@ -44,11 +44,11 @@ in rec {
         (all nixos.manual)
 
         (all nixos.iso_minimal)
-        (all nixos.iso_graphical)
-        (all nixos.ova)
+        nixos.iso_graphical.x86_64-linux
+        nixos.ova.x86_64-linux
 
         #(all nixos.tests.containers)
-        (all nixos.tests.chromium.stable)
+        #(all nixos.tests.chromium.stable)
         (all nixos.tests.firefox)
         (all nixos.tests.firewall)
         nixos.tests.gnome3.x86_64-linux # FIXME: i686-linux

nixos/release.nix

@@ -9,7 +9,7 @@ let
 
   version = builtins.readFile ../.version;
   versionSuffix =
-    (if stableBranch then "." else "pre") + "${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
+    (if stableBranch then "." else "pre") + "${toString (nixpkgs.revCount - 77908)}.${nixpkgs.shortRev}";
 
   forAllSystems = genAttrs supportedSystems;
 
@@ -31,7 +31,7 @@ let
   # If the test is only for a particular system, use only the specified
   # system instead of generating attributes for all available systems.
   in if args ? system then discover (import fn args)
-     else foldAttrs (a: b: a // b) {} (map discoverForSystem supportedSystems);
+     else foldAttrs mergeAttrs {} (map discoverForSystem supportedSystems);
 
   pkgs = import nixpkgs { system = "x86_64-linux"; };
 
@@ -43,34 +43,14 @@ let
 
 
   makeIso =
-    { module, type, description ? type, maintainers ? ["eelco"], system }:
+    { module, type, maintainers ? ["eelco"], system }:
 
     with import nixpkgs { inherit system; };
 
-    let
-
-      config = (import lib/eval-config.nix {
-        inherit system;
-        modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
-      }).config;
-
-      iso = config.system.build.isoImage;
-
-    in
-      # Declare the ISO as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-iso-${config.system.nixosVersion}"
-        { meta = {
-            description = "NixOS installation CD (${description}) - ISO image for ${system}";
-            maintainers = map (x: lib.maintainers.${x}) maintainers;
-          };
-          inherit iso;
-          passthru = { inherit config; };
-          preferLocalBuild = true;
-        }
-        ''
-          mkdir -p $out/nix-support
-          echo "file iso" $iso/iso/*.iso* >> $out/nix-support/hydra-build-products
-        ''); # */
+    hydraJob ((import lib/eval-config.nix {
+      inherit system;
+      modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
+    }).config.system.build.isoImage);
 
 
   makeSystemTarball =
@@ -130,7 +110,7 @@ in rec {
     inherit system;
   });
 
-  iso_graphical = forAllSystems (system: makeIso {
+  iso_graphical = genAttrs [ "x86_64-linux" ] (system: makeIso {
     module = ./modules/installer/cd-dvd/installation-cd-graphical.nix;
     type = "graphical";
     inherit system;
@@ -138,7 +118,7 @@ in rec {
 
   # A variant with a more recent (but possibly less stable) kernel
   # that might support more hardware.
-  iso_minimal_new_kernel = forAllSystems (system: makeIso {
+  iso_minimal_new_kernel = genAttrs [ "x86_64-linux" ] (system: makeIso {
     module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix;
     type = "minimal-new-kernel";
     inherit system;
@@ -146,35 +126,17 @@ in rec {
 
 
   # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF).
-  ova = forAllSystems (system:
+  ova = genAttrs [ "x86_64-linux" ] (system:
 
     with import nixpkgs { inherit system; };
 
-    let
-
-      config = (import lib/eval-config.nix {
-        inherit system;
-        modules =
-          [ versionModule
-            ./modules/installer/virtualbox-demo.nix
-          ];
-      }).config;
-
-    in
-      # Declare the OVA as a build product so that it shows up in Hydra.
-      hydraJob (runCommand "nixos-ova-${config.system.nixosVersion}-${system}"
-        { meta = {
-            description = "NixOS VirtualBox appliance (${system})";
-            maintainers = maintainers.eelco;
-          };
-          ova = config.system.build.virtualBoxOVA;
-          preferLocalBuild = true;
-        }
-        ''
-          mkdir -p $out/nix-support
-          fn=$(echo $ova/*.ova)
-          echo "file ova $fn" >> $out/nix-support/hydra-build-products
-        '') # */
+    hydraJob ((import lib/eval-config.nix {
+      inherit system;
+      modules =
+        [ versionModule
+          ./modules/installer/virtualbox-demo.nix
+        ];
+    }).config.system.build.virtualBoxOVA)
 
   );
 

nixos/tests/avahi.nix

@@ -5,18 +5,21 @@ import ./make-test.nix ({ pkgs, ... } : {
     maintainers = [ eelco chaoflow ];
   };
 
-  nodes = {
-    one =
-      { config, pkgs, ... }: {
-        services.avahi.enable = true;
-        services.avahi.nssmdns = true;
-      };
-
-    two =
-      { config, pkgs, ... }: {
-        services.avahi.enable = true;
-        services.avahi.nssmdns = true;
+  nodes = let
+    cfg = { config, pkgs, ... }: {
+      services.avahi = {
+        enable = true;
+        nssmdns = true;
+        publish.addresses = true;
+        publish.domain = true;
+        publish.enable = true;
+        publish.userServices = true;
+        publish.workstation = true;
       };
+    };
+  in {
+    one = cfg;
+    two = cfg;
   };
 
   testScript =

nixos/tests/chromium.nix

@@ -1,4 +1,11 @@
-{ system ? builtins.currentSystem }:
+{ system ? builtins.currentSystem
+, pkgs ? import ../.. { inherit system; }
+, channelMap ? {
+    stable = pkgs.chromium;
+    beta   = pkgs.chromiumBeta;
+    dev    = pkgs.chromiumDev;
+  }
+}:
 
 with import ../lib/testing.nix { inherit system; };
 with pkgs.lib;
@@ -160,8 +167,4 @@ mapAttrs (channel: chromiumPkg: makeTest rec {
 
     $machine->shutdown;
   '';
-}) {
-  stable = pkgs.chromium;
-  beta   = pkgs.chromiumBeta;
-  dev    = pkgs.chromiumDev;
-}
+}) channelMap

nixos/tests/docker.nix

@@ -20,7 +20,7 @@ import ./make-test.nix ({ pkgs, ...} : {
   testScript = ''
     startAll;
 
-    $docker->waitForUnit("docker.service");
+    $docker->waitForUnit("sockets.target");
     $docker->succeed("tar cv --files-from /dev/null | docker import - scratchimg");
     $docker->succeed("docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10");
     $docker->succeed("docker ps | grep sleeping");

nixos/tests/ec2.nix

@@ -11,7 +11,6 @@ let
       modules = [
         ../maintainers/scripts/ec2/amazon-image.nix
         ../modules/testing/test-instrumentation.nix
-        ../modules/profiles/minimal.nix
         ../modules/profiles/qemu-guest.nix
         { ec2.hvm = true;
 
@@ -21,6 +20,14 @@ let
               ln -s vda /dev/xvda
               ln -s vda1 /dev/xvda1
             '';
+
+          # Needed by nixos-rebuild due to the lack of network
+          # access. Mostly copied from
+          # modules/profiles/installation-device.nix.
+          system.extraDependencies =
+            [ pkgs.stdenv pkgs.busybox pkgs.perlPackages.ArchiveCpio
+              pkgs.unionfs-fuse pkgs.mkinitcpio-nfs-utils
+            ];
         }
       ];
     }).config.system.build.amazonImage;
@@ -30,9 +37,8 @@ let
       metaData = pkgs.stdenv.mkDerivation {
         name = "metadata";
         buildCommand = ''
-          mkdir -p $out/2011-01-01
-          ln -s ${pkgs.writeText "userData" userData} $out/2011-01-01/user-data
           mkdir -p $out/1.0/meta-data
+          ln -s ${pkgs.writeText "userData" userData} $out/1.0/user-data
           echo "${hostname}" > $out/1.0/meta-data/hostname
           echo "(unknown)" > $out/1.0/meta-data/ami-manifest-path
         '' + optionalString (sshPublicKey != null) ''
@@ -48,7 +54,7 @@ let
           my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine";
           mkdir $imageDir, 0700;
           my $diskImage = "$imageDir/machine.qcow2";
-          system("qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $diskImage") == 0 or die;
+          system("qemu-img create -f qcow2 -o backing_file=${image}/nixos.qcow2 $diskImage") == 0 or die;
           system("qemu-img resize $diskImage 10G") == 0 or die;
 
           # Note: we use net=169.0.0.0/8 rather than
@@ -91,7 +97,7 @@ in {
     '';
     script = ''
       $machine->start;
-      $machine->waitForFile("/root/user-data");
+      $machine->waitForFile("/etc/ec2-metadata/user-data");
       $machine->waitForUnit("sshd.service");
 
       $machine->succeed("grep unknown /etc/ec2-metadata/ami-manifest-path");
@@ -121,7 +127,7 @@ in {
       # Just to make sure resizing is idempotent.
       $machine->shutdown;
       $machine->start;
-      $machine->waitForFile("/root/user-data");
+      $machine->waitForFile("/etc/ec2-metadata/user-data");
     '';
   };
 
@@ -135,6 +141,7 @@ in {
         imports = [
           <nixpkgs/nixos/modules/virtualisation/amazon-image.nix>
           <nixpkgs/nixos/modules/testing/test-instrumentation.nix>
+          <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
         ];
         environment.etc.testFile = {
           text = "whoa";

nixos/tests/firewall.nix

@@ -35,9 +35,9 @@ import ./make-test.nix ( { pkgs, ... } : {
       # Local connections should still work.
       $walled->succeed("curl -v http://localhost/ >&2");
 
-      # Connections to the firewalled machine should fail.
+      # Connections to the firewalled machine should fail, but ping should succeed.
       $attacker->fail("curl --fail --connect-timeout 2 http://walled/ >&2");
-      $attacker->fail("ping -c 1 walled >&2");
+      $attacker->succeed("ping -c 1 walled >&2");
 
       # Outgoing connections/pings should still work.
       $walled->succeed("curl -v http://attacker/ >&2");

nixos/tests/installer.nix

@@ -46,7 +46,7 @@ let
                   , grubIdentifier, preBootCommands, extraConfig
                   }:
     let
-      iface = if grubVersion == 1 then "scsi" else "virtio";
+      iface = if grubVersion == 1 then "ide" else "virtio";
       qemuFlags =
         (if system == "x86_64-linux" then "-m 768 " else "-m 512 ") +
         (optionalString (system == "x86_64-linux") "-cpu kvm64 ");

nixos/tests/riak.nix

@@ -7,7 +7,7 @@ import ./make-test.nix {
 
       {
         services.riak.enable = true;
-        services.riak.package = pkgs.riak2;
+        services.riak.package = pkgs.riak;
       };
   };
 

pkgs/applications/audio/clementine/default.nix

@@ -50,6 +50,12 @@ let
     name = "clementine-free-${version}";
     inherit patches src buildInputs;
     enableParallelBuilding = true;
+    postPatch = ''
+      sed -i src/CMakeLists.txt \
+        -e 's,-Werror,,g' \
+        -e 's,-Wno-unknown-warning-option,,g' \
+        -e 's,-Wno-unused-private-field,,g'
+    '';
     meta = with stdenv.lib; {
       homepage = "http://www.clementine-player.org";
       description = "A multiplatform music player";

pkgs/applications/audio/ekho/default.nix

@@ -20,7 +20,6 @@ in stdenv.mkDerivation rec {
     license        = licenses.gpl2Plus;
     platforms      = platforms.linux;
     hydraPlatforms = [];
-    maintainers    = with maintainers; [ iyzsong ];
   };
 
   src = fetchurl {

pkgs/applications/audio/faust/faust2.nix

@@ -37,7 +37,8 @@ let
 
     inherit src;
 
-    buildInputs = [ makeWrapper llvm emscripten openssl libsndfile pkgconfig libmicrohttpd vim ];
+    nativeBuildInputs = [ makeWrapper pkgconfig vim ];
+    buildInputs = [ llvm emscripten openssl libsndfile libmicrohttpd ];
 
 
     passthru = {
@@ -53,6 +54,20 @@ let
       # correct system.
       unset system
       sed -e "232s/LLVM_STATIC_LIBS/LLVMLIBS/" -i compiler/Makefile.unix
+
+      # The makefile sets LLVM_<version> depending on the current llvm
+      # version, but the detection code is quite brittle.
+      #
+      # Failing to properly detect the llvm version means that the macro
+      # LLVM_VERSION ends up being the raw output of `llvm-config --version`, while
+      # the code assumes that it's set to a symbol like `LLVM_35`.  Two problems result:
+      # * <command-line>:0:1: error: macro names must be identifiers.; and
+      # * a bunch of undefined reference errors due to conditional definitions relying on
+      #   LLVM_XY being defined.
+      #
+      # For now, fix this by 1) pinning the llvm version; 2) manually setting LLVM_VERSION
+      # to something the makefile will recognize.
+      sed '52iLLVM_VERSION=3.7.0' -i compiler/Makefile.unix
     '';
 
     # Remove most faust2appl scripts since they won't run properly

pkgs/applications/audio/meterbridge/default.nix

@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
     sha256 = "0jb6g3kbfyr5yf8mvblnciva2bmc01ijpr51m21r27rqmgi8gj5k";
   };
 
-  patches = [ ./buf_rect.patch ];
+  patches = [ ./buf_rect.patch ./fix_build_with_gcc-5.patch];
 
   buildInputs =
     [ pkgconfig SDL SDL_image libjack2

pkgs/applications/audio/meterbridge/fix_build_with_gcc-5.patch

@@ -0,0 +1,31 @@
+Description: Fix build with gcc-5
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778003
+Author: Jaromír Mikeš <mira.mikes@seznam.cz>
+Forwarded: No
+
+Index: meterbridge/src/linedraw.h
+===================================================================
+--- meterbridge.orig/src/linedraw.h
++++ meterbridge/src/linedraw.h
+@@ -1,7 +1,7 @@
+ #ifndef LINEDRAW_H
+ #define LINEDRAW_H
+ 
+-inline void set_rgba(SDL_Surface *surface, Uint32 x, Uint32 y, Uint32 col);
++void set_rgba(SDL_Surface *surface, Uint32 x, Uint32 y, Uint32 col);
+ 
+ void draw_ptr(SDL_Surface *surface, int x1, int y1, int x2, int y2, Uint32 nedle_col, Uint32 aa_col);
+ 
+Index: meterbridge/src/linedraw.c
+===================================================================
+--- meterbridge.orig/src/linedraw.c
++++ meterbridge/src/linedraw.c
+@@ -4,7 +4,7 @@
+ /* set a pixel on an SDL_Surface, assumes that the surface is 32bit RGBA,
+  * ordered ABGR (I think), probably wont work on bigendian systems */
+ 
+-inline void set_rgba(SDL_Surface *surface, Uint32 x, Uint32 y, Uint32 col)
++void set_rgba(SDL_Surface *surface, Uint32 x, Uint32 y, Uint32 col)
+ {
+ 	Uint32 *bufp = (Uint32 *)surface->pixels + y*surface->pitch/4 + x;
+ 	*bufp = col;

pkgs/applications/audio/spotify/default.nix

@@ -5,7 +5,7 @@
 assert stdenv.system == "x86_64-linux";
 
 let
-  version = "1.0.23.93.gd6cfae15-30";
+  version = "1.0.26.125.g64dc8bc6-14";
 
   deps = [
     alsaLib
@@ -50,7 +50,7 @@ stdenv.mkDerivation {
   src =
     fetchurl {
       url = "http://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
-      sha256 = "0n6vz51jv6s20dp4zlqkk52bpmpyfm1qn5bfm4lfq09x1g6ir5lr";
+      sha256 = "09wanpml2a6k8asfc0pd56n7fia37amgsplsan1qdh6dwdzr3rv5";
     };
 
   buildInputs = [ dpkg makeWrapper ];

pkgs/applications/audio/vmpk/default.nix

@@ -12,7 +12,6 @@ in stdenv.mkDerivation rec {
     homepage    = "http://vmpk.sourceforge.net/";
     license     = licenses.gpl3Plus;
     platforms   = platforms.linux;
-    maintainers = with maintainers; [ iyzsong ];
   };
 
   src = fetchurl {

pkgs/applications/audio/xmp/default.nix

@@ -8,7 +8,6 @@ stdenv.mkDerivation rec {
     homepage    = "http://xmp.sourceforge.net/";
     license     = licenses.gpl2Plus;
     platforms   = platforms.linux;
-    maintainers = with maintainers; [ iyzsong ];
   };
 
   src = fetchurl {

pkgs/applications/audio/zam-plugins/default.nix

@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     url = "https://github.com/zamaudio/zam-plugins.git";
     deepClone = true;
     rev = "91fe56931a3e57b80f18c740d2dde6b44f962aee";
-    sha256 = "0n29zxg4l2m3jsnfw6q2alyzaw7ibbv9nvk57k07sv3lh2yy3f30";
+    sha256 = "1s0s028h3z3pfd4qvi63fsg6bv33bvz0p5fbmbmhypzqjlx6mlkb";
   };
 
   buildInputs = [ boost libX11 mesa liblo libjack2 ladspaH lv2 pkgconfig rubberband libsndfile ];

pkgs/applications/audio/zynaddsubfx/default.nix

@@ -14,6 +14,10 @@ stdenv.mkDerivation  rec {
   buildInputs = [ alsaLib libjack2 fftw fltk13 libjpeg minixml zlib liblo ];
   nativeBuildInputs = [ cmake pkgconfig ];
 
+  postPatch = ''
+    substituteInPlace ./src/DSP/FFTwrapper.h --replace "isnan(" "std::isnan(" --replace "isinf(" "std::isinf("
+  '';
+
   meta = with stdenv.lib; {
     description = "High quality software synthesizer";
     homepage = http://zynaddsubfx.sourceforge.net;

pkgs/applications/editors/aseprite/default.nix

@@ -43,6 +43,5 @@ stdenv.mkDerivation rec {
     homepage = "http://www.aseprite.org/";
     license = stdenv.lib.licenses.gpl2Plus;
     platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [iyzsong];
   };
 }

pkgs/applications/editors/bviplus/default.nix

@@ -10,6 +10,12 @@ stdenv.mkDerivation rec {
   buildInputs = [
     ncurses
   ];
+
+  postPatch = ''
+      # Patch taken from https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=bviplus
+      sed -i -r 's,inline (void compute_percent_complete),\1,' vf_backend.c
+  '';
+
   makeFlags = "PREFIX=$(out)";
   meta = with lib; {
     description = "ncurses based hex editor with a vim-like interface";

pkgs/applications/editors/eclipse/plugins.nix

@@ -171,12 +171,12 @@ rec {
 
   checkstyle = buildEclipseUpdateSite rec {
     name = "checkstyle-${version}";
-    version = "6.14.0.201601142217";
+    version = "6.16.0.201603042325";
 
     src = fetchzip {
       stripRoot = false;
-      url = "mirror://sourceforge/project/eclipse-cs/Eclipse%20Checkstyle%20Plug-in/6.14.0/net.sf.eclipsecs-updatesite_${version}-bin.zip";
-      sha256 = "0ysxir1fv0mb9xnidc9hv6llnk48lkav0sryjbx7pw7vy1f8nd4c";
+      url = "mirror://sourceforge/project/eclipse-cs/Eclipse%20Checkstyle%20Plug-in/6.16.0/net.sf.eclipsecs-updatesite_${version}.zip";
+      sha256 = "0bm1linyw82bryblyabcx89zqw1ingh8mx62bwp3qj05yc9ksnly";
     };
 
     meta = with stdenv.lib; {

pkgs/applications/editors/emacs-modes/elpa-packages.nix

@@ -35,11 +35,11 @@ self:
     };
 
     overrides = {
-      # These packages require emacs-25
-      el-search = markBroken super.el-search;
-      iterators = markBroken super.iterators;
-      midi-kbd = markBroken super.midi-kbd;
-      stream = markBroken super.stream;
+      el-search = markBroken super.el-search; # requires emacs-25
+      iterators = markBroken super.iterators; # requires emacs-25
+      midi-kbd = markBroken super.midi-kbd; # requires emacs-25
+      stream = markBroken super.stream; # requires emacs-25
+      cl-lib = null; # builtin
     };
 
     elpaPackages = super // overrides;

pkgs/applications/editors/nano/default.nix

@@ -1,5 +1,6 @@
 { stdenv, fetchurl
 , ncurses
+, texinfo
 , gettext ? null
 , enableNls ? true
 , enableTiny ? false
@@ -11,12 +12,14 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "nano-${version}";
-  version = "2.5.0";
+  version = "2.5.3";
   src = fetchurl {
     url = "mirror://gnu/nano/${name}.tar.gz";
-    sha256 = "1vl9bim56k1b4zwc3icxp46w6pn6gb042j1h4jlz1jklxxpkwcpz";
+    sha256 = "1vhjrcydcfxqq1719vcsvqqnbjbq2523m00dhzag5vwzkc961c5j";
   };
-  buildInputs = [ ncurses ] ++ optional enableNls gettext;
+  nativeBuildInputs = [ texinfo ] ++ optional enableNls gettext;
+  buildInputs = [ ncurses ];
+  outputs = [ "out" "info" ];
   configureFlags = ''
     --sysconfdir=/etc
     ${optionalString (!enableNls) "--disable-nls"}

pkgs/applications/editors/tiled/default.nix

@@ -24,6 +24,5 @@ stdenv.mkDerivation rec {
     # The rest is GPL2 or later.
     license = stdenv.lib.licenses.gpl2Plus;
     platforms = stdenv.lib.platforms.linux;
-    maintainers = with stdenv.lib.maintainers; [ iyzsong ];
   };
 }

pkgs/applications/graphics/antimony/default.nix

@@ -16,6 +16,15 @@ in
     };
 
     patches = [ ./paths-fix.patch ];
+    # fix build with glibc-2.23
+    postPatch = ''
+      sed 's/\<isinf(/std::isinf(/g' -i \
+        src/export/export_heightmap.cpp \
+        src/fab/types/bounds.cpp \
+        src/graph/hooks/meta.cpp \
+        src/ui/dialogs/resolution_dialog.cpp \
+        src/render/render_task.cpp
+    '';
 
     buildInputs = [
       libpng python3 (boost.override { python = python3; })
@@ -32,6 +41,8 @@ in
       qmake antimony.pro PREFIX=$out
     '';
 
+    enableParallelBuilding = true;
+
     meta = with stdenv.lib; {
       description = "A computer-aided design (CAD) tool from a parallel universe";
       homepage    = "https://github.com/mkeeter/antimony";

pkgs/applications/graphics/apitrace/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, cmake, libX11, procps, python, qtbase }:
+{ stdenv, fetchFromGitHub, cmake, libX11, procps, python, libdwarf, qtbase, qtwebkit }:
 
 stdenv.mkDerivation rec {
   name = "apitrace-${version}";
@@ -11,13 +11,11 @@ stdenv.mkDerivation rec {
     owner = "apitrace";
   };
 
-  buildInputs = [ libX11 procps python qtbase ];
-  nativeBuildInputs = [ cmake ];
+  # LD_PRELOAD wrappers need to be statically linked to work against all kinds
+  # of games -- so it's fine to use e.g. bundled snappy.
+  buildInputs = [ libX11 procps python libdwarf qtbase qtwebkit ];
 
-  buildPhase = ''
-    cmake
-    make
-  '';
+  nativeBuildInputs = [ cmake ];
 
   meta = with stdenv.lib; {
     homepage = https://apitrace.github.io;

pkgs/applications/graphics/hugin/default.nix

@@ -1,6 +1,6 @@
 { stdenv, cmake, fetchurl, gnumake, pkgconfig, makeWrapper
 , boost, gettext, tclap, wxGTK
-, freeglut, glew, libXi, libXmu, mesa
+, freeglut, glew, libX11, libXi, libXmu, mesa, cairo
 , autopanosiftc, enblend-enfuse, exiv2, fftw, ilmbase, lensfun, libpng, libtiff
 , openexr, panotools, perlPackages, sqlite, vigra
 }:
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = "-I${ilmbase}/include/OpenEXR";
 
   buildInputs = [ boost gettext tclap wxGTK
-                  freeglut glew libXi libXmu mesa
+                  freeglut glew libX11 libXi libXmu mesa cairo
                   exiv2 fftw ilmbase lensfun libtiff libpng openexr panotools
                   sqlite vigra
                   perlPackages.ImageExifTool makeWrapper

pkgs/applications/graphics/leocad/default.nix

@@ -16,8 +16,11 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ qt4 zlib ];
 
-  prefixKey="INSTALL_PREFIX=";
+  prefixKey = "INSTALL_PREFIX=";
   configureScript = "qmake leocad.pro";
+  postPatch = ''
+    substituteInPlace common/camera.cpp --replace "isnan(" "std::isnan("
+  '';
 
   meta = with stdenv.lib; {
     description = "CAD program for creating virtual LEGO models";

pkgs/applications/graphics/openimageio/default.nix

@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "openimageio-${version}";
-  version = "1.6.9";
+  version = "1.6.11";
 
   src = fetchurl {
     url = "https://github.com/OpenImageIO/oiio/archive/Release-${version}.zip";
-    sha256 = "0942xj877875f4dpfg7aqwyw015y82vkhaqap7yhybmvzsfj7wki";
+    sha256 = "0cr0z81a41bg193dx9crcq1mns7mmzz7qys4lrbm18cmdbwkk88x";
   };
 
   buildInputs = [

pkgs/applications/graphics/wings/default.nix

@@ -1,29 +1,34 @@
-{ fetchurl, stdenv, erlang, esdl }:
+{ fetchurl, stdenv, erlang, esdl, cl }:
 
 stdenv.mkDerivation rec {
-  name = "wings-1.4.1";
+  name = "wings-1.5.4";
   src = fetchurl {
     url = "mirror://sourceforge/wings/${name}.tar.bz2";
-    sha256 = "16kqy92rapmbvkc58mc50cidp1pm8nlwlwx69riyadc9w4qs9bji";
+    sha256 = "0qz6rmmkqgk3p0d3v2ikkf22n511bq0m7xp3kkradwrp28fcl15x";
   };
 
-  ERL_LIBS = "${esdl}/lib/erlang/addons";
+  ERL_LIBS = "${esdl}/lib/erlang/lib:${cl}/lib/erlang/lib";
 
   patchPhase = ''
     sed -i 's,include("sdl_keyboard.hrl"),include_lib("esdl/include/sdl_keyboard.hrl"),' \
       src/wings_body.erl plugins_src/commands/wpc_constraints.erl
+
+    # Fix reference
+    sed -i 's,wings/e3d/,,' plugins_src/import_export/wpc_lwo.erl
   '';
 
-  buildInputs = [ erlang esdl ];
+  buildInputs = [ erlang esdl cl ];
 
+  # I did not test the *cl* part. I added the -pa just by imitation.
   installPhase = ''
     mkdir -p $out/bin $out/lib/${name}/ebin
     cp ebin/* $out/lib/${name}/ebin
     cp -R fonts textures shaders plugins $out/lib/$name
     cat << EOF > $out/bin/wings
     #!/bin/sh
-    export ROOTDIR=$out/lib/erlang/addons/${name}
-    ${erlang}/bin/erl -smp disable -pa ${esdl}/lib/erlang/addons/${esdl.name}/ebin \
+    ${erlang}/bin/erl -smp disable \
+      -pa ${esdl}/lib/erlang/lib/${cl.name}/ebin \
+      -pa ${esdl}/lib/erlang/lib/${esdl.name}/ebin \
       -pa $out/lib/${name}/ebin -run wings_start start_halt "$@"
     EOF
     chmod +x $out/bin/wings

pkgs/applications/inferno/default.nix

@@ -1,55 +1,47 @@
-{ fetchurl, fetchhg, stdenv, xorg, gcc46, makeWrapper }:
+{ fetchurl, fetchhg, stdenv, xorg, makeWrapper }:
 
 stdenv.mkDerivation rec {
   # Inferno is a rolling release from a mercurial repository. For the verison number
   # of the package I'm using the mercurial commit number.
-  version = "645";
-  name = "inferno-${version}";
-
-  # The mercurial repository does not contain all the components needed for the
-  # runtime system. The 'base' package contains these. For this package I download
-  # the base, extract the elements required from that, and add them to the source
-  # pulled from the mercurial repository.
-  srcBase = fetchurl {
-    url = "http://www.vitanuova.com/dist/4e/inferno-20100120.tgz";
-    sha256 = "0msvy3iwl4n5k0ry0xiyysjkq0qsawmwn3hvg67hbi5y8g7f7l88";
-  };
+  rev = "785";
+  name = "inferno-${rev}";
+  host = "Linux";
+  objtype = "386";
 
   src = fetchhg {
-    url    = "https://inferno-os.googlecode.com/hg";
-    rev    = "7ab390b860ca";
-    sha256 = "09y0iclb3yy10gw1p0182sddg64xh60q2fx4ai7lxyfb65i76qbh";
+    url    = "https://bitbucket.org/inferno-os/inferno-os";
+    sha256 = "1b428ma9fi5skvfrxp91dr43a62kax89wmx7950ahc1cxyx90k7x";
   };
 
-  # Fails with gcc48 due to inferno triggering an optimisation issue with floating point.
-  buildInputs = [ gcc46 xorg.libX11 xorg.libXpm xorg.libXext xorg.xextproto makeWrapper ];
+  buildInputs = [ makeWrapper ] ++ (with xorg; [ libX11 libXpm libXext xextproto ]);
 
   infernoWrapper = ./inferno;
 
   configurePhase = ''
-    tar --strip-components=1 -xvf $srcBase inferno/fonts inferno/Mkdirs inferno/empties
-    sed -e 's@^ROOT=.*$@ROOT='"$out"'/share/inferno@g' -e 's@^OBJTYPE=.*$@OBJTYPE=386@g' -e 's@^SYSHOST=.*$@SYSHOST=Linux@g' -i mkconfig
-    mkdir prof
-    sh Mkdirs
+    sed -e 's@^ROOT=.*$@ROOT='"$out"'/share/inferno@g' \
+        -e 's@^OBJTYPE=.*$@OBJTYPE=${objtype}@g' \
+        -e 's@^SYSHOST=.*$@SYSHOST=${host}@g' \
+        -i mkconfig
+    # Get rid of an annoying warning
+    sed -e 's/_BSD_SOURCE/_DEFAULT_SOURCE/g' \
+        -i ${host}/${objtype}/include/lib9.h
   '';
 
   buildPhase = ''
-    export PATH=$PATH:$out/share/inferno/Linux/386/bin
     mkdir -p $out/share/inferno
     cp -r . $out/share/inferno
     ./makemk.sh
+    export PATH=$PATH:$out/share/inferno/Linux/386/bin
     mk nuke
     mk
   '';
 
   installPhase = ''
+    # Installs executables in $out/share/inferno/${host}/${objtype}/bin
     mk install
     mkdir -p $out/bin
-    makeWrapper $out/share/inferno/Linux/386/bin/emu $out/bin/emu \
-      --suffix LD_LIBRARY_PATH ':' "${gcc46.cc}/lib" \
-      --suffix PATH ':' "$out/share/inferno/Linux/386/bin"
+    # Install start-up script
     makeWrapper $infernoWrapper $out/bin/inferno \
-      --suffix LD_LIBRARY_PATH ':' "${gcc46.cc}/lib" \
       --suffix PATH ':' "$out/share/inferno/Linux/386/bin" \
       --set INFERNO_ROOT "$out/share/inferno"
   '';
@@ -58,7 +50,7 @@ stdenv.mkDerivation rec {
     description = "A compact distributed operating system for building cross-platform distributed systems";
     homepage = "http://inferno-os.org/";
     license = stdenv.lib.licenses.gpl2;
-    maintainers = [ "Chris Double <chris.double@double.co.nz>" ];
+    maintainers = with stdenv.lib.maintainers; [ doublec kovirobi ];
     platforms = with stdenv.lib.platforms; linux;
   };
 }

pkgs/applications/misc/abook/default.nix

@@ -1,15 +1,23 @@
-{ stdenv, fetchurl, pkgconfig, ncurses, readline }:
+{ stdenv, fetchurl, fetchpatch, pkgconfig, ncurses, readline }:
 
-let version = "0.6.0pre2"; in
 stdenv.mkDerivation rec {
-  name = "abook-${version}";
+  name = "abook-0.6.0pre2";
 
   src = fetchurl {
     url = "http://abook.sourceforge.net/devel/${name}.tar.gz";
-    sha256 = "59d444504109dd96816e003b3023175981ae179af479349c34fa70bc12f6d385";
+    sha256 = "11fkyq9bqw7s6jf38yglk8bsx0ar2wik0fq0ds0rdp8985849m2r";
   };
 
-  buildInputs = [ pkgconfig ncurses readline ];
+  patches = [
+    (fetchpatch {
+       url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/gcc5.patch?h=packages/abook";
+       name = "gcc5.patch";
+       sha256 = "13n3qd6yy45i5n8ppjn9hj6y63ymjrq96280683xk7f7rjavw5nn";
+     })
+  ];
+
+  nativeBuildInputs = [ pkgconfig ];
+  buildInputs = [ ncurses readline ];
 
   meta = {
     homepage = "http://abook.sourceforge.net/";

pkgs/applications/misc/blender/default.nix

@@ -10,11 +10,11 @@
 with lib;
 
 stdenv.mkDerivation rec {
-  name = "blender-2.76b";
+  name = "blender-2.77";
 
   src = fetchurl {
     url = "http://download.blender.org/source/${name}.tar.gz";
-    sha256 = "0pb0mlj4vj0iir528ifqq67nsh3ca1942933d9cwlbpcja2jm1dx";
+    sha256 = "0aynm249xgrnm6h5hlp9x40ww0hn391d9ka2mg9mmqrdzhih286n";
   };
 
   buildInputs =
@@ -62,7 +62,7 @@ stdenv.mkDerivation rec {
     # They comment two licenses: GPLv2 and Blender License, but they
     # say: "We've decided to cancel the BL offering for an indefinite period."
     license = licenses.gpl2Plus;
-    platforms = platforms.linux;
+    platforms = [ "x86_64-linux" ];
     maintainers = [ maintainers.goibhniu ];
   };
 }

pkgs/applications/misc/d4x/default.nix

@@ -6,7 +6,7 @@ stdenv.mkDerivation {
   inherit boost;
 
   src = fetchurl {
-    url =  http://d4x.krasu.ru/files/d4x-2.5.7.1.tar.bz2;
+    url = http://pkgs.fedoraproject.org/repo/pkgs/d4x/d4x-2.5.7.1.tar.bz2/68d6336c3749a7caabb0f5a5f84f4102/d4x-2.5.7.1.tar.bz2;
     sha256 = "1i1jj02bxynisqapv31481sz9jpfp3f023ky47spz1v1wlwbs13m";
   };
 

pkgs/applications/misc/electrum/default.nix

@@ -1,17 +1,34 @@
-{ stdenv, fetchurl, buildPythonApplication, pythonPackages, slowaes }:
+{ stdenv, fetchurl, pythonPackages }:
 
-buildPythonApplication rec {
+let
+  jsonrpclib = pythonPackages.buildPythonPackage rec {
+    version = "0.1.7";
+    name = "jsonrpclib-${version}";
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/j/jsonrpclib/${name}.tar.gz";
+      sha256 = "02vgirw2bcgvpcxhv5hf3yvvb4h5wzd1lpjx8na5psdmaffj6l3z";
+    };
+    propagatedBuildInputs = [ pythonPackages.cjson ];
+    meta = {
+      homepage = https://pypi.python.org/pypi/jsonrpclib;
+      license = stdenv.lib.licenses.asl20;
+    };
+  };
+in
+
+pythonPackages.buildPythonApplication rec {
   name = "electrum-${version}";
-  version = "2.5.4";
+  version = "2.6.3";
 
   src = fetchurl {
     url = "https://download.electrum.org/${version}/Electrum-${version}.tar.gz";
-    sha256 = "18saa2rg07vfp9scp3i8s0wi2pqw9s8l8b44gq43zzl41120zc60";
+    sha256 = "0lj3a8zg6dznpnnxyza8a05c13py52j62rqlad1zcgksm5g63vic";
   };
 
   propagatedBuildInputs = with pythonPackages; [
     dns
     ecdsa
+    jsonrpclib
     pbkdf2
     protobuf
     pyasn1
@@ -47,7 +64,7 @@ buildPythonApplication rec {
       of the blockchain.
     '';
     homepage = https://electrum.org;
-    license = licenses.gpl3;
+    license = licenses.mit;
     maintainers = with maintainers; [ ehmry joachifm np ];
   };
 }

pkgs/applications/misc/pgadmin/default.nix

@@ -2,13 +2,15 @@
 
 stdenv.mkDerivation rec {
   name = "pgadmin3-${version}";
-  version = "1.20.0";
+  version = "1.22.1";
 
   src = fetchurl {
     url = "http://ftp.postgresql.org/pub/pgadmin3/release/v${version}/src/pgadmin3-${version}.tar.gz";
-    sha256 = "133bcbx9a322adldd1498h8bn2wfk45v1sbj9269jylwda1dfwq7";
+    sha256 = "0gkqpj8cg6jd6yhssrij1cbh960rg9fkjbdzcpryi6axwv0ag7ki";
   };
 
+  enableParallelBuilding = true;
+
   buildInputs = [ postgresql wxGTK libxml2 libxslt openssl ];
 
   preConfigure = ''