Revert "nixos/fonts: Add unifont to list of default fonts."

This reverts commit 53746ff9d2 because
it increases default system closure size significantly. It's also
unnecessary - people can always add fonts themselves.

.version

@@ -1 +1 @@
-16.03
+15.09

doc/functions.xml

@@ -248,7 +248,7 @@ c = lib.makeOverridable f { a = 1; b = 2; }</programlisting>
   targetPkgs = pkgs: (with pkgs;
     [ udev
       alsaLib
-    ]) ++ (with pkgs.xlibs;
+    ]) ++ (with pkgs.xorg;
     [ libX11
       libXcursor
       libXrandr

doc/haskell-users-guide.xml

@@ -11,14 +11,13 @@
     registered on
     <link xlink:href="http://hackage.haskell.org/">Hackage</link>, but
     strangely enough normal Nix package lookups don't seem to discover
-    any of them:
+    any of them, except for the default version of ghc, cabal-install, and stack:
   </para>
   <programlisting>
-$ nix-env -qa cabal-install
-error: selector ‘cabal-install’ matches no derivations
-
-$ nix-env -i ghc
-error: selector ‘ghc’ matches no derivations
+$ nix-env -i alex
+error: selector ‘alex’ matches no derivations
+$ nix-env -qa ghc
+ghc-7.10.2
 </programlisting>
   <para>
     The Haskell package set is not registered in the top-level namespace
@@ -354,6 +353,90 @@ if [ -e ~/.nix-profile/bin/ghc ]; then
 fi
 </programlisting>
   </section>
+  <section xml:id="how-to-install-a-compiler-with-indexes">
+    <title>How to install a compiler with libraries, hoogle and documentation indexes</title>
+    <para>
+      If you plan to use your environment for interactive programming,
+      not just compiling random Haskell code, you might want to
+      replace <literal>ghcWithPackages</literal> in all the listings
+      above with <literal>ghcWithHoogle</literal>.
+    </para>
+    <para>
+      This environment generator not only produces an environment with
+      GHC and all the specified libraries, but also generates a
+      <literal>hoogle</literal> and <literal>haddock</literal> indexes
+      for all the packages, and provides a wrapper script around
+      <literal>hoogle</literal> binary that uses all those things. A
+      precise name for this thing would be
+      "<literal>ghcWithPackagesAndHoogleAndDocumentationIndexes</literal>",
+      which is, regrettably, too long and scary.
+    </para>
+    <para>
+      For example, installing the following environment
+    </para>
+    <programlisting>
+{
+  packageOverrides = super: let self = super.pkgs; in
+  {
+    myHaskellEnv = self.haskellPackages.ghcWithHoogle
+                     (haskellPackages: with haskellPackages; [
+                       # libraries
+                       arrows async cgi criterion
+                       # tools
+                       cabal-install haskintex
+                     ]);
+  };
+}
+</programlisting>
+    <para>
+      allows one to browse module documentation index <link
+      xlink:href="https://downloads.haskell.org/~ghc/latest/docs/html/libraries/index.html">not
+      too dissimilar to this</link> for all the specified packages and
+      their dependencies by directing a browser of choice to
+      <literal>~/.nix-profiles/share/doc/hoogle/index.html</literal>
+      (or
+      <literal>/run/current-system/sw/share/doc/hoogle/index.html</literal>
+      in case you put it in
+      <literal>environment.systemPackages</literal> in NixOS).
+    </para>
+    <para>
+      After you've marveled enough at that try adding the following to
+      your <literal>~/.ghc/ghci.conf</literal>
+    </para>
+    <programlisting>
+:def hoogle \s -> return $ ":! hoogle search -cl --count=15 \"" ++ s ++ "\""
+:def doc \s -> return $ ":! hoogle search -cl --info \"" ++ s ++ "\""
+</programlisting>
+    <para>
+      and test it by typing into <literal>ghci</literal>:
+    </para>
+    <programlisting>
+:hoogle a -> a
+:doc a -> a
+</programlisting>
+    <para>
+      Be sure to note the links to <literal>haddock</literal> files in
+      the output. With any modern and properly configured terminal
+      emulator you can just click those links to navigate there.
+    </para>
+    <para>
+      Finally, you can run
+    </para>
+    <programlisting>
+hoogle server -p 8080
+</programlisting>
+    <para>
+      and navigate to <link xlink:href="http://localhost:8080/"/> for
+      your own local <link
+      xlink:href="https://www.haskell.org/hoogle/">Hoogle</link>.
+      Note, however, that Firefox and possibly other browsers disallow
+      navigation from <literal>http:</literal> to
+      <literal>file:</literal> URIs for security reasons, which might
+      be quite an inconvenience. See <link
+      xlink:href="http://kb.mozillazine.org/Links_to_local_pages_do_not_work">this
+      page</link> for workarounds.
+    </para>
+  </section>
   <section xml:id="how-to-create-ad-hoc-environments-for-nix-shell">
     <title>How to create ad hoc environments for
     <literal>nix-shell</literal></title>

doc/meta.xml

@@ -61,7 +61,7 @@ $ nix-env -qa hello --meta --json
                 "i686-openbsd",
                 "x86_64-openbsd"
             ],
-            "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
+            "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/default.nix:14"
         },
         "name": "hello-2.9",
         "system": "x86_64-linux"

doc/quick-start.xml

@@ -56,7 +56,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
 
         <listitem>
           <para>GNU Hello: <link
-          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/misc/hello/ex-2/default.nix"><filename>pkgs/applications/misc/hello/ex-2/default.nix</filename></link>.
+          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/misc/hello/default.nix"><filename>pkgs/applications/misc/hello/default.nix</filename></link>.
           Trivial package, which specifies some <varname>meta</varname>
           attributes which is good practice.</para>
         </listitem>

doc/stdenv.xml

@@ -899,6 +899,34 @@ following:
     phase.</para></listitem>
   </varlistentry>
 
+  <varlistentry>
+    <term><varname>separateDebugInfo</varname></term>
+    <listitem><para>If set to <literal>true</literal>, the standard
+    environment will enable debug information in C/C++ builds. After
+    installation, the debug information will be separated from the
+    executables and stored in the output named
+    <literal>debug</literal>. (This output is enabled automatically;
+    you don’t need to set the <varname>outputs</varname> attribute
+    explicitly.) To be precise, the debug information is stored in
+    <filename><replaceable>debug</replaceable>/lib/debug/.build-id/<replaceable>XX</replaceable>/<replaceable>YYYY…</replaceable></filename>,
+    where <replaceable>XXYYYY…</replaceable> is the <replaceable>build
+    ID</replaceable> of the binary — a SHA-1 hash of the contents of
+    the binary. Debuggers like GDB use the build ID to look up the
+    separated debug information.</para>
+
+    <para>For example, with GDB, you can add
+
+<programlisting>
+set debug-file-directory ~/.nix-profile/lib/debug
+</programlisting>
+
+    to <filename>~/.gdbinit</filename>. GDB will then be able to find
+    debug information installed via <literal>nix-env
+    -i</literal>.</para>
+
+    </listitem>
+  </varlistentry>
+
 </variablelist>
 
 </section>

lib/maintainers.nix

@@ -7,7 +7,6 @@
      so it's easy to ping a package @maintainer.
   */
 
-  a1russell = "Adam Russell <adamlr6+pub@gmail.com>";
   abaldeau = "Andreas Baldeau <andreas@baldeau.net>";
   abbradar = "Nikolay Amiantov <ab@fmap.me>";
   adev	   = "Adrien Devresse <adev@adev.name>";
@@ -80,7 +79,6 @@
   dfoxfranke = "Daniel Fox Franke <dfoxfranke@gmail.com>";
   dmalikov = "Dmitry Malikov <malikov.d.y@gmail.com>";
   doublec = "Chris Double <chris.double@double.co.nz>";
-  ebzzry = "Rommel Martinez <ebzzry@gmail.com>";
   ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
   eduarrrd = "Eduard Bachmakov <e.bachmakov@gmail.com>";
   edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
@@ -97,7 +95,6 @@
   fluffynukeit = "Daniel Austin <dan@fluffynukeit.com>";
   forkk = "Andrew Okin <forkk@forkk.net>";
   fpletz = "Franz Pletz <fpletz@fnordicwalking.de>";
-  fridh = "Frederik Rietdijk <fridh@fridh.nl>";
   fro_ozen = "fro_ozen <fro_ozen@gmx.de>";
   ftrvxmtrx = "Siarhei Zirukin <ftrvxmtrx@gmail.com>";
   funfunctor = "Edward O'Callaghan <eocallaghan@alterapraxis.com>";
@@ -107,7 +104,6 @@
   garrison = "Jim Garrison <jim@garrison.cc>";
   gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
   gebner = "Gabriel Ebner <gebner@gebner.org>";
-  gfxmonk = "Tim Cuthbertson <tim@gfxmonk.net>";
   giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
   globin = "Robin Gloster <robin@glob.in>";
   goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
@@ -148,7 +144,6 @@
   kragniz = "Louis Taylor <kragniz@gmail.com>";
   ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
   lassulus = "Lassulus <lassulus@gmail.com>";
-  layus = "Guillaume Maudoux <layus.on@gmail.com>";
   lebastr = "Alexander Lebedev <lebastr@gmail.com>";
   leonardoce = "Leonardo Cecchi <leonardo.cecchi@gmail.com>";
   lethalman = "Luca Bruno <lucabru@src.gnome.org>";
@@ -234,7 +229,6 @@
   rszibele = "Richard Szibele <richard_szibele@hotmail.com>";
   rushmorem = "Rushmore Mushambi <rushmore@webenchanter.com>";
   rycee = "Robert Helgesson <robert@rycee.net>";
-  samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
   sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
   schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
   schristo = "Scott Christopher <schristopher@konputa.com>";

nixos/doc/manual/release-notes/release-notes.xml

@@ -9,7 +9,6 @@
 <para>This section lists the release notes for each stable version of NixOS
 and current unstable revision.</para>
 
-<xi:include href="rl-unstable.xml" />
 <xi:include href="rl-1509.xml" />
 <xi:include href="rl-1412.xml" />
 <xi:include href="rl-1404.xml" />

nixos/doc/manual/release-notes/rl-1509.xml

@@ -4,37 +4,155 @@
          version="5.0"
          xml:id="sec-release-15.09">
 
-<title>Release 15.09 (“Dingo”, 2015/09/??)</title>
+<title>Release 15.09 (“Dingo”, 2015/09/30)</title>
 
-<para>In addition to numerous new and upgraded packages, this release has the following highlights:
+<para>In addition to numerous new and upgraded packages, this release
+has the following highlights:</para>
+
+<itemizedlist>
+
+  <listitem>
+    <para>Gnome has been upgraded to 3.16.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>Xfce has been upgraded to 4.12.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>KDE 5 has been upgraded to KDE Frameworks 5.10,
+      Plasma 5.3.2 and Applications 15.04.3.
+      KDE 4 has been updated to kdelibs-4.14.10.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>E19 has been upgraded to 0.16.8.15.
+    </para>
+  </listitem>
+
+  <listitem>
+    <para>The <link xlink:href="http://haskell.org/">Haskell</link>
+    packages infrastructure has been re-designed from the ground up
+    (&quot;Haskell NG&quot;). NixOS now distributes the latest version
+    of every single package registered on <link
+    xlink:href="http://hackage.haskell.org/">Hackage</link> -- well in
+    excess of 8,000 Haskell packages. Detailed instructions on how to
+    use that infrastructure can be found in the <link
+    xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
+    Guide to the Haskell Infrastructure</link>. Users migrating from an
+    earlier release may find helpful information below, in the list of
+    backwards-incompatible changes. Furthermore, we distribute 51(!)
+    additional Haskell package sets that provide every single <link
+    xlink:href="http://www.stackage.org/">LTS Haskell</link> release
+    since version 0.0 as well as the most recent <link
+    xlink:href="http://www.stackage.org/">Stackage Nightly</link>
+    snapshot. The announcement <link
+    xlink:href="http://lists.science.uu.nl/pipermail/nix-dev/2015-September/018138.html">&quot;Full
+    Stackage Support in Nixpkgs&quot;</link> gives additional
+    details.</para>
+  </listitem>
+
+  <listitem>
+    <para>Nix has been updated to version 1.10, which among other
+    improvements enables cryptographic signatures on binary caches for
+    improved security.</para>
+  </listitem>
+
+  <listitem>
+    <para>You can now keep your NixOS system up to date automatically
+    by setting
+
+<programlisting>
+system.autoUpgrade.enable = true;
+</programlisting>
+
+    This will cause the system to periodically check for updates in
+    your current channel and run <command>nixos-rebuild</command>.</para>
+  </listitem>
+
+  <listitem>
+    <para>This release is based on Glibc 2.21, GCC 4.9 and Linux
+    3.18.</para>
+  </listitem>
+
+</itemizedlist>
+
+
+  <para>Following new services were added since the last release:
 
   <itemizedlist>
-    <listitem>
-      <para>
-        The Haskell packages infrastructure has been re-designed from the ground up.
-        NixOS now distributes the latest version of every single package registered on
-        <link xlink:href="http://hackage.haskell.org/">Hackage</link>, i.e. well over
-        8000 Haskell packages. Further information and usage instructions for the
-        improved infrastructure are available at <link
-        xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link>.
-        Users migrating from an earlier release will find also find helpful information
-        below, in the list of backwards-incompatible changes.
-      </para>
-    </listitem>
-
-    <listitem>
-      <para>
-        Users running an SSH server who worry about the quality of their
-        <literal>/etc/ssh/moduli</literal> file with respect to the <link
-        xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
-        discovered in the Diffie-Hellman key exchange</link> can now replace OpenSSH's
-        default version with one they generated themselves using the new
-        <literal>services.openssh.moduliFile</literal> option.
-      </para>
-    </listitem>
+    <listitem><para><literal>services/mail/exim.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/apache-kafka.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/canto-daemon.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/confd.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/devmon.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/gitit.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/ihaskell.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/mbpfan.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/mediatomb.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/mwlib.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/parsoid.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/plex.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/ripple-rest.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/ripple-data-api.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/subsonic.nix</literal></para></listitem>
+    <listitem><para><literal>services/misc/sundtek.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/cadvisor.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/das_watchdog.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/grafana.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/riemann-tools.nix</literal></para></listitem>
+    <listitem><para><literal>services/monitoring/teamviewer.nix</literal></para></listitem>
+    <listitem><para><literal>services/network-filesystems/u9fs.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/aiccu.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/asterisk.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/bird.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/charybdis.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/docker-registry-server.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/fan.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/firefox/sync-server.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/gateone.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/heyefi.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/i2p.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/lambdabot.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/mstpd.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/nix-serve.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/nylon.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/racoon.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/skydns.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/shout.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/softether.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/sslh.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/tinc.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/tlsdated.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/tox-bootstrapd.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/tvheadend.nix</literal></para></listitem>
+    <listitem><para><literal>services/networking/zerotierone.nix</literal></para></listitem>
+    <listitem><para><literal>services/scheduling/marathon.nix</literal></para></listitem>
+    <listitem><para><literal>services/security/fprintd.nix</literal></para></listitem>
+    <listitem><para><literal>services/security/hologram.nix</literal></para></listitem>
+    <listitem><para><literal>services/security/munge.nix</literal></para></listitem>
+    <listitem><para><literal>services/system/cloud-init.nix</literal></para></listitem>
+    <listitem><para><literal>services/web-servers/shellinabox.nix</literal></para></listitem>
+    <listitem><para><literal>services/web-servers/uwsgi.nix</literal></para></listitem>
+    <listitem><para><literal>services/x11/unclutter.nix</literal></para></listitem>
+    <listitem><para><literal>services/x11/display-managers/sddm.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/coredump.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/loader/loader.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/loader/generic-extlinux-compatible</literal></para></listitem>
+    <listitem><para><literal>system/boot/networkd.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/resolved.nix</literal></para></listitem>
+    <listitem><para><literal>system/boot/timesyncd.nix</literal></para></listitem>
+    <listitem><para><literal>tasks/filesystems/exfat.nix</literal></para></listitem>
+    <listitem><para><literal>tasks/filesystems/ntfs.nix</literal></para></listitem>
+    <listitem><para><literal>tasks/filesystems/vboxsf.nix</literal></para></listitem>
+    <listitem><para><literal>virtualisation/virtualbox-host.nix</literal></para></listitem>
+    <listitem><para><literal>virtualisation/vmware-guest.nix</literal></para></listitem>
+    <listitem><para><literal>virtualisation/xen-dom0.nix</literal></para></listitem>
   </itemizedlist>
-
-</para>
+  </para>
 
 
 <para>When upgrading from a previous release, please be aware of the
@@ -50,10 +168,11 @@ and want to continue to use them, please set
 system.stateVersion = "14.12";
 </programlisting>
 
-(The new option <option>system.stateVersion</option> ensures that
+The new option <option>system.stateVersion</option> ensures that
 certain configuration changes that could break existing systems (such
 as the <command>sshd</command> host key setting) will maintain
-compatibility with the specified NixOS release.)</para></listitem>
+compatibility with the specified NixOS release. NixOps sets the state
+version of existing deployments automatically.</para></listitem>
 
 <listitem><para><command>cron</command> is no longer enabled by
 default, unless you have a non-empty
@@ -72,9 +191,9 @@ false</option>.</para></listitem>
 and old <literal>steam</literal> package -- to <literal>steamOriginal</literal>.
 </para></listitem>
 
-<listitem><para>CMPlayer has been renamed to bomi upstream. Package <literal>cmplayer</literal>
-was accordingly renamed to <literal>bomi</literal>
-</para></listitem>
+<listitem><para>CMPlayer has been renamed to bomi upstream. Package
+<literal>cmplayer</literal> was accordingly renamed to
+<literal>bomi</literal> </para></listitem>
 
 <listitem><para>Atom Shell has been renamed to Electron upstream.  Package <literal>atom-shell</literal>
 was accordingly renamed to <literal>electron</literal>
@@ -83,64 +202,82 @@ was accordingly renamed to <literal>electron</literal>
 <listitem><para>Elm is not released on Hackage anymore. You should now use <literal>elmPackages.elm</literal>
 which contains the latest Elm platform.</para></listitem>
 
+<listitem>
+  <para>The CUPS printing service has been updated to version
+  <literal>2.0.2</literal>.  Furthermore its systemd service has been
+  renamed to <literal>cups.service</literal>.</para>
+
+  <para>Local printers are no longer shared or advertised by
+  default. This behavior can be changed by enabling
+  <option>services.printing.defaultShared</option> or
+  <option>services.printing.browsing</option> respectively.</para>
+</listitem>
+
 <listitem>
   <para>
-	The CUPS printing service has been updated to version <literal>2.0.2</literal>.
-	Furthermore its systemd service has been renamed to <literal>cups.service</literal>.
+    The VirtualBox host and guest options have been named more
+    consistently. They can now found in
+    <option>virtualisation.virtualbox.host.*</option> instead of
+    <option>services.virtualboxHost.*</option> and
+    <option>virtualisation.virtualbox.guest.*</option> instead of
+    <option>services.virtualboxGuest.*</option>.
   </para>
+
   <para>
-	Local printers are no longer shared or advertised by default. This behavior
-	can be changed by enabling <literal>services.printing.defaultShared</literal>
-	or <literal>services.printing.browsing</literal> respectively.
+    Also, there now is support for the <literal>vboxsf</literal> file
+    system using the <option>fileSystems</option> configuration
+    attribute. An example of how this can be used in a configuration:
+
+<programlisting>
+fileSystems."/shiny" = {
+  device = "myshinysharedfolder";
+  fsType = "vboxsf";
+};
+</programlisting>
+
   </para>
 </listitem>
 
 <listitem>
   <para>
-    The VirtualBox host and guest options have been moved/renamed more
-    consistently and less confusing to be now found in
-    <literal>virtualisation.virtualbox.host.*</literal> instead of
-    <literal>services.virtualboxHost.*</literal> and
-    <literal>virtualisation.virtualbox.guest.*</literal> instead of
-    <literal>services.virtualboxGuest.*</literal>.
-  </para>
-</listitem>
-
-<listitem>
-  <para>
-    Haskell packages can no longer be found by name, i.e. the commands
-    <literal>nix-env -qa cabal-install</literal> and <literal>nix-env -i
-    ghc</literal> will fail, even though we <emphasis>do</emphasis> ship
-    both <literal>cabal-install</literal> and <literal>ghc</literal>.
-    The reason for this inconvenience is the sheer size of the Haskell
-    package set: name-based lookups such as these would become much
-    slower than they are today if we'd add the entire Hackage database
-    into the top level attribute set. Instead, the list of Haskell
-    packages can be displayed by
+    &quot;<literal>nix-env -qa</literal>&quot; no longer discovers
+    Haskell packages by name. The only packages visible in the global
+    scope are <literal>ghc</literal>, <literal>cabal-install</literal>,
+    and <literal>stack</literal>, but all other packages are hidden. The
+    reason for this inconvenience is the sheer size of the Haskell
+    package set. Name-based lookups are expensive, and most
+    <literal>nix-env -qa</literal> operations would become much slower
+    if we'd add the entire Hackage database into the top level attribute
+    set. Instead, the list of Haskell packages can be displayed by
+    running:
   </para>
   <programlisting>
 nix-env -f &quot;&lt;nixpkgs&gt;&quot; -qaP -A haskellPackages
 </programlisting>
   <para>
-    and packages can be installed with:
+    Executable programs written in Haskell can be installed with:
   </para>
   <programlisting>
-nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
+nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.pandoc
 </programlisting>
+  <para>
+    Installing Haskell <emphasis>libraries</emphasis> this way, however, is no
+    longer supported. See the next item for more details.
+  </para>
 </listitem>
 
 <listitem>
   <para>
     Previous versions of NixOS came with a feature called
-    <literal>ghc-wrapper</literal>, a small wrapper script that allows
-    GHC to transparently pick up on libraries installed in the user's
-    profile. This feature has been deprecated;
-    <literal>ghc-wrapper</literal> was removed from the distribution.
-    The proper way to register Haskell libraries with the compiler now
-    is the <literal>haskellPackages.ghcWithPackages</literal>
-    function.
-    <link xlink:href="https://nixos.org/wiki/Haskell">https://nixos.org/wiki/Haskell</link>
-    provides much information about this subject.
+    <literal>ghc-wrapper</literal>, a small script that allowed GHC to
+    transparently pick up on libraries installed in the user's profile. This
+    feature has been deprecated; <literal>ghc-wrapper</literal> was removed
+    from the distribution. The proper way to register Haskell libraries with
+    the compiler now is the <literal>haskellPackages.ghcWithPackages</literal>
+    function. The <link
+    xlink:href="http://nixos.org/nixpkgs/manual/#users-guide-to-the-haskell-infrastructure">User's
+    Guide to the Haskell Infrastructure</link> provides more information about
+    this subject.
   </para>
 </listitem>
 
@@ -190,7 +327,7 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
     The <literal>locate</literal> service no longer indexes the Nix store
     by default, preventing packages with potentially numerous versions from
     cluttering the output. Indexing the store can be activated by setting
-    <literal>services.locate.includeStore = true</literal>.
+    <option>services.locate.includeStore = true</option>.
   </para>
 </listitem>
 
@@ -203,16 +340,107 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
   </para>
 </listitem>
 
-</itemizedlist>
-</para>
+<listitem>
+  <para>
+    Python 2.6 has been marked as broken (as it no longer recieves
+    security updates from upstream).
+  </para>
+</listitem>
+
+<listitem>
+  <para>
+    Any use of module arguments such as <varname>pkgs</varname> to access
+    library functions, or to define <literal>imports</literal> attributes
+    will now lead to an infinite loop at the time of the evaluation.
+  </para>
+
+  <para>
+    In case of an infinite loop, use the <command>--show-trace</command>
+    command line argument and read the line just above the error message.
+
+<screen>
+$ nixos-rebuild build --show-trace
+…
+while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix":
+infinite recursion encountered
+</screen>
+  </para>
 
 
-<para>The following new services were added since the last release:
+  <para>
+    Any use of <literal>pkgs.lib</literal>, should be replaced by
+    <varname>lib</varname>, after adding it as argument of the module.  The
+    following module
+
+<programlisting>
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    foo = mkOption { … };
+  };
+  config = mkIf config.foo { … };
+}
+</programlisting>
+
+   should be modified to look like:
+
+<programlisting>
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+{
+  options = {
+    foo = mkOption { <replaceable>option declaration</replaceable> };
+  };
+  config = mkIf config.foo { <replaceable>option definition</replaceable> };
+}
+</programlisting>
+  </para>
+
+  <para>
+    When <varname>pkgs</varname> is used to download other projects to
+    import their modules, and only in such cases, it should be replaced by
+    <literal>(import &lt;nixpkgs&gt; {})</literal>.  The following module
+
+<programlisting>
+{ config, pkgs, ... }:
+
+let
+  myProject = pkgs.fetchurl {
+    src = <replaceable>url</replaceable>;
+    sha256 = <replaceable>hash</replaceable>;
+  };
+in
+
+{
+  imports = [ "${myProject}/module.nix" ];
+}
+</programlisting>
+
+    should be modified to look like:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+let
+  myProject = (import &lt;nixpkgs&gt; {}).fetchurl {
+    src = <replaceable>url</replaceable>;
+    sha256 = <replaceable>hash</replaceable>;
+  };
+in
+
+{
+  imports = [ "${myProject}/module.nix" ];
+}
+</programlisting>
+  </para>
+
+</listitem>
 
-<itemizedlist>
-<listitem><para><literal>brltty</literal></para></listitem>
-<listitem><para><literal>marathon</literal></para></listitem>
-<listitem><para><literal>tvheadend</literal></para></listitem>
 </itemizedlist>
 </para>
 
@@ -220,12 +448,44 @@ nix-env -f &quot;&lt;nixpkgs&gt;&quot; -iA haskellPackages.cabal-install
 <para>Other notable improvements:
 
 <itemizedlist>
+
   <listitem><para>The nixos and nixpkgs channels were unified,
     so one <emphasis>can</emphasis> use <literal>nix-env -iA nixos.bash</literal>
     instead of <literal>nix-env -iA nixos.pkgs.bash</literal>.
     See <link xlink:href="https://github.com/NixOS/nixpkgs/commit/2cd7c1f198">the commit</link> for details.
   </para></listitem>
+
+  <listitem>
+    <para>
+      Users running an SSH server who worry about the quality of their
+      <literal>/etc/ssh/moduli</literal> file with respect to the
+      <link
+      xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html">vulnerabilities
+      discovered in the Diffie-Hellman key exchange</link> can now
+      replace OpenSSH's default version with one they generated
+      themselves using the new
+      <option>services.openssh.moduliFile</option> option.
+      </para>
+  </listitem>
+
+  <listitem> <para>
+    A newly packaged TeX Live 2015 is provided in <literal>pkgs.texlive</literal>,
+    split into 6500 nix packages. For basic user documentation see
+    <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive-new/default.nix#L1"
+      >the source</link>.
+    Beware of <link xlink:href="https://github.com/NixOS/nixpkgs/issues/9757"
+      >an issue</link> when installing a too large package set.
+
+    The plan is to deprecate and maybe delete the original TeX packages
+    until the next release.
+  </para> </listitem>
+
+  <listitem><para>
+    <option>buildEnv.env</option> on all Python interpreters
+    is now available for nix-shell interoperability.
+  </para> </listitem>
 </itemizedlist>
+
 </para>
 
 </section>

nixos/doc/manual/release-notes/rl-unstable.xml

@@ -1,27 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xmlns:xi="http://www.w3.org/2001/XInclude"
-         version="5.0"
-         xml:id="sec-release-unstable">
-
-<title>Unstable</title>
-
-<para>When upgrading from a previous release, please be aware of the
-  following incompatible changes:
-
-  <itemizedlist>
-    <listitem><para>
-        <command>wmiiSnap</command> has been replaced with
-        <command>wmii_hg</command>, but
-        <command>services.xserver.windowManager.wmii.enable</command>
-        has been updated respectively so this only affects you if you
-        have explicitly installed <command>wmiiSnap</command>.
-    </para></listitem>
-    <listitem><para>
-        <command>wmiimenu</command> is removed, as it has been removed by
-        the developers upstream. Use <command>wimenu</command> from the
-        <command>wmii-hg</command> package.
-    </para></listitem>
-  </itemizedlist>
-</para>
-</section>

nixos/lib/eval-config.nix

@@ -54,6 +54,11 @@ in rec {
 
   # These are the extra arguments passed to every module.  In
   # particular, Nixpkgs is passed through the "pkgs" argument.
+  # FIXME: we enable config.allowUnfree to make packages like
+  # nvidia-x11 available. This isn't a problem because if the user has
+  # ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on
+  # the 64-bit package anyway. However, it would be cleaner to respect
+  # nixpkgs.config here.
   extraArgs = extraArgs_ // {
     inherit modules baseModules;
   };

nixos/lib/make-disk-image.nix

@@ -0,0 +1,115 @@
+{ pkgs
+, lib
+
+, # The NixOS configuration to be installed onto the disk image.
+  config
+
+, # The size of the disk, in megabytes.
+  diskSize
+
+, # Whether the disk should be partitioned (with a single partition
+  # containing the root filesystem) or contain the root filesystem
+  # directly.
+  partitioned ? true
+
+, # The root file system type.
+  fsType ? "ext4"
+
+, # The initial NixOS configuration file to be copied to
+  # /etc/nixos/configuration.nix.
+  configFile ? null
+
+, # Shell code executed after the VM has finished.
+  postVM ? ""
+
+}:
+
+with lib;
+
+pkgs.vmTools.runInLinuxVM (
+  pkgs.runCommand "nixos-disk-image"
+    { preVM =
+        ''
+          mkdir $out
+          diskImage=$out/nixos.img
+          ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${toString diskSize}M"
+          mv closure xchg/
+        '';
+      buildInputs = [ pkgs.utillinux pkgs.perl pkgs.e2fsprogs pkgs.parted ];
+      exportReferencesGraph =
+        [ "closure" config.system.build.toplevel ];
+      inherit postVM;
+    }
+    ''
+      ${if partitioned then ''
+        # Create a single / partition.
+        parted /dev/vda mklabel msdos
+        parted /dev/vda -- mkpart primary ext2 1M -1s
+        . /sys/class/block/vda1/uevent
+        mknod /dev/vda1 b $MAJOR $MINOR
+        rootDisk=/dev/vda1
+      '' else ''
+        rootDisk=/dev/vda
+      ''}
+
+      # Create an empty filesystem and mount it.
+      mkfs.${fsType} -L nixos $rootDisk
+      ${optionalString (fsType == "ext4") ''
+        tune2fs -c 0 -i 0 $rootDisk
+      ''}
+      mkdir /mnt
+      mount $rootDisk /mnt
+
+      # The initrd expects these directories to exist.
+      mkdir /mnt/dev /mnt/proc /mnt/sys
+
+      mount -o bind /proc /mnt/proc
+      mount -o bind /dev /mnt/dev
+      mount -o bind /sys /mnt/sys
+
+      # Copy all paths in the closure to the filesystem.
+      storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
+
+      mkdir -p /mnt/nix/store
+      echo "copying everything (will take a while)..."
+      set -f
+      cp -prd $storePaths /mnt/nix/store/
+
+      # Register the paths in the Nix database.
+      printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
+          chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
+
+      # Add missing size/hash fields to the database. FIXME:
+      # exportReferencesGraph should provide these directly.
+      chroot /mnt ${config.nix.package}/bin/nix-store --verify --check-contents
+
+      # Create the system profile to allow nixos-rebuild to work.
+      chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
+          -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
+
+      # `nixos-rebuild' requires an /etc/NIXOS.
+      mkdir -p /mnt/etc
+      touch /mnt/etc/NIXOS
+
+      # `switch-to-configuration' requires a /bin/sh
+      mkdir -p /mnt/bin
+      ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
+
+      # Install a configuration.nix.
+      mkdir -p /mnt/etc/nixos
+      ${optionalString (configFile != null) ''
+        cp ${configFile} /mnt/etc/nixos/configuration.nix
+      ''}
+
+      # Generate the GRUB menu.
+      ln -s vda /dev/xvda
+      ln -s vda /dev/sda
+      chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+      umount /mnt/proc /mnt/dev /mnt/sys
+      umount /mnt
+
+      # Do an fsck to make sure resize2fs works.
+      fsck.${fsType} -f -y $rootDisk
+    ''
+)

nixos/maintainers/scripts/ec2/amazon-base-config.nix

@@ -1,5 +0,0 @@
-{ modulesPath, ...}:
-{
-  imports = [ "${modulesPath}/virtualisation/amazon-init.nix" ];
-  services.journald.rateLimitBurst = 0;
-}

nixos/maintainers/scripts/ec2/amazon-hvm-config.nix

@@ -1,5 +0,0 @@
-{ config, pkgs, ...}:
-{
-  imports = [ ./amazon-base-config.nix ];
-  ec2.hvm = true;
-}

nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix

@@ -1,34 +0,0 @@
-{ config, pkgs, lib, ...}:
-let
-  cloudUtils = pkgs.fetchurl {
-    url = "https://launchpad.net/cloud-utils/trunk/0.27/+download/cloud-utils-0.27.tar.gz";
-    sha256 = "16shlmg36lidp614km41y6qk3xccil02f5n3r4wf6d1zr5n4v8vd";
-  };
-  growpart = pkgs.stdenv.mkDerivation {
-    name = "growpart";
-    src = cloudUtils;
-    buildPhase = ''
-      cp bin/growpart $out
-      sed -i 's|awk|gawk|' $out
-      sed -i 's|sed|gnused|' $out
-    '';
-    dontInstall = true;
-    dontPatchShebangs = true;
-  };
-in
-{
-  imports = [ ./amazon-base-config.nix ];
-  ec2.hvm = true;
-  boot.loader.grub.device = lib.mkOverride 0 "/dev/xvdg";
-  boot.kernelParams = [ "console=ttyS0" ];
-
-  boot.initrd.extraUtilsCommands = ''
-    copy_bin_and_libs ${pkgs.gawk}/bin/gawk
-    copy_bin_and_libs ${pkgs.gnused}/bin/sed
-    copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
-    cp -v ${growpart} $out/bin/growpart
-  '';
-  boot.initrd.postDeviceCommands = ''
-    [ -e /dev/xvda ] && [ -e /dev/xvda1 ] && TMPDIR=/run sh $(type -P growpart) /dev/xvda 1
-  '';
-}

nixos/maintainers/scripts/ec2/amazon-image.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+
+  imports =
+    [ ../../../modules/installer/cd-dvd/channel.nix
+      ../../../modules/virtualisation/amazon-image.nix
+    ];
+
+  system.build.amazonImage = import ../../../lib/make-disk-image.nix {
+    inherit pkgs lib config;
+    partitioned = config.ec2.hvm;
+    diskSize = if config.ec2.hvm then 2048 else 8192;
+    configFile = pkgs.writeText "configuration.nix"
+      ''
+        {
+          imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
+          ${optionalString config.ec2.hvm ''
+            ec2.hvm = true;
+          ''}
+        }
+      '';
+  };
+
+}

nixos/maintainers/scripts/ec2/create-amis.sh

@@ -0,0 +1,217 @@
+#! /bin/sh -e
+
+set -o pipefail
+#set -x
+
+stateDir=${TMPDIR:-/tmp}/ec2-image
+echo "keeping state in $stateDir"
+mkdir -p $stateDir
+
+version=$(nix-instantiate --eval --strict '<nixpkgs>' -A lib.nixpkgsVersion | sed s/'"'//g)
+echo "NixOS version is $version"
+
+rm -f ec2-amis.nix
+
+
+for type in hvm pv; do
+    link=$stateDir/$type
+    imageFile=$link/nixos.img
+    system=x86_64-linux
+    arch=x86_64
+
+    # Build the image.
+    if ! [ -L $link ]; then
+        if [ $type = pv ]; then hvmFlag=false; else hvmFlag=true; fi
+
+        echo "building image type '$type'..."
+        nix-build -o $link \
+            '<nixpkgs/nixos>' \
+            -A config.system.build.amazonImage \
+            --arg configuration "{ imports = [ <nixpkgs/nixos/maintainers/scripts/ec2/amazon-image.nix> ]; ec2.hvm = $hvmFlag; }"
+    fi
+
+    for store in ebs s3; do
+
+        bucket=nixos-amis
+        bucketDir="$version-$type-$store"
+
+        prevAmi=
+        prevRegion=
+
+        #for region in eu-west-1 eu-central-1 us-east-1 us-west-1 us-west-2 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
+        for region in eu-west-1 us-east-1; do
+
+            name=nixos-$version-$arch-$type-$store
+            description="NixOS $system $version ($type-$store)"
+
+            amiFile=$stateDir/$region.$type.$store.ami-id
+
+            if ! [ -e $amiFile ]; then
+
+                echo "doing $name in $region..."
+
+                if [ -n "$prevAmi" ]; then
+                    ami=$(ec2-copy-image \
+                        --region "$region" \
+                        --source-region "$prevRegion" --source-ami-id "$prevAmi" \
+                        --name "$name" --description "$description" | cut -f 2)
+                else
+
+                    if [ $store = s3 ]; then
+
+                        # Bundle the image.
+                        imageDir=$stateDir/$type-bundled
+
+                        if ! [ -d $imageDir ]; then
+                            rm -rf $imageDir.tmp
+                            mkdir -p $imageDir.tmp
+                            ec2-bundle-image \
+                                -d $imageDir.tmp \
+                                -i $imageFile --arch $arch \
+                                --user "$AWS_ACCOUNT" -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
+                            mv $imageDir.tmp $imageDir
+                        fi
+
+                        # Upload the bundle to S3.
+                        if ! [ -e $imageDir/uploaded ]; then
+                            echo "uploading bundle to S3..."
+                            ec2-upload-bundle \
+                                -m $imageDir/nixos.img.manifest.xml \
+                                -b "$bucket/$bucketDir" \
+                                -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" \
+                                --location EU
+                            touch $imageDir/uploaded
+                        fi
+
+                        extraFlags="$bucket/$bucketDir/nixos.img.manifest.xml"
+
+                    else
+
+                        # Convert the image to vhd format so we don't have
+                        # to upload a huge raw image.
+                        vhdFile=$stateDir/$type.vhd
+                        if ! [ -e $vhdFile ]; then
+                            qemu-img convert -O vpc $imageFile $vhdFile.tmp
+                            mv $vhdFile.tmp $vhdFile
+                        fi
+
+                        taskId=$(cat $stateDir/$region.$type.task-id 2> /dev/null || true)
+                        volId=$(cat $stateDir/$region.$type.vol-id 2> /dev/null || true)
+                        snapId=$(cat $stateDir/$region.$type.snap-id 2> /dev/null || true)
+
+                        # Import the VHD file.
+                        if [ -z "$snapId" -a -z "$volId" -a -z "$taskId" ]; then
+                            echo "importing $vhdFile..."
+                            taskId=$(ec2-import-volume $vhdFile --no-upload -f vhd \
+                                -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY" \
+                                --region "$region" -z "${region}a" \
+                                --bucket "$bucket" --prefix "$bucketDir/" \
+                                | tee /dev/stderr \
+                                | sed 's/.*\(import-vol-[0-9a-z]\+\).*/\1/ ; t ; d')
+                            echo -n "$taskId" > $stateDir/$region.$type.task-id
+                        fi
+
+                        if [ -z "$snapId" -a -z "$volId" ]; then
+                            ec2-resume-import  $vhdFile -t "$taskId" --region "$region" \
+                                -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY"
+                        fi
+
+                        # Wait for the volume creation to finish.
+                        if [ -z "$snapId" -a -z "$volId" ]; then
+                            echo "waiting for import to finish..."
+                            while true; do
+                                volId=$(ec2-describe-conversion-tasks "$taskId" --region "$region" | sed 's/.*VolumeId.*\(vol-[0-9a-f]\+\).*/\1/ ; t ; d')
+                                if [ -n "$volId" ]; then break; fi
+                                sleep 10
+                            done
+
+                            echo -n "$volId" > $stateDir/$region.$type.vol-id
+                        fi
+
+                        # Delete the import task.
+                        if [ -n "$volId" -a -n "$taskId" ]; then
+                            echo "removing import task..."
+                            ec2-delete-disk-image -t "$taskId" --region "$region" -o "$EC2_ACCESS_KEY" -w "$EC2_SECRET_KEY" || true
+                            rm -f $stateDir/$region.$type.task-id
+                        fi
+
+                        # Create a snapshot.
+                        if [ -z "$snapId" ]; then
+                            echo "creating snapshot..."
+                            snapId=$(ec2-create-snapshot "$volId" --region "$region" | cut -f 2)
+                            echo -n "$snapId" > $stateDir/$region.$type.snap-id
+                            ec2-create-tags "$snapId" -t "Name=$description" --region "$region"
+                        fi
+
+                        # Wait for the snapshot to finish.
+                        echo "waiting for snapshot to finish..."
+                        while true; do
+                            status=$(ec2-describe-snapshots "$snapId" --region "$region" | head -n1 | cut -f 4)
+                            if [ "$status" = completed ]; then break; fi
+                            sleep 10
+                        done
+
+                        # Delete the volume.
+                        if [ -n "$volId" ]; then
+                            echo "deleting volume..."
+                            ec2-delete-volume "$volId" --region "$region" || true
+                            rm -f $stateDir/$region.$type.vol-id
+                        fi
+
+                        extraFlags="-b /dev/sda1=$snapId:20:true:gp2"
+
+                        if [ $type = pv ]; then
+                            extraFlags+=" --root-device-name=/dev/sda1"
+                        fi
+
+                        extraFlags+=" -b /dev/sdb=ephemeral0 -b /dev/sdc=ephemeral1 -b /dev/sdd=ephemeral2 -b /dev/sde=ephemeral3"
+                    fi
+
+                    # Register the AMI.
+                    if [ $type = pv ]; then
+                        kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.04-$arch*" --region "$region" | cut -f 2)
+                        [ -n "$kernel" ]
+                        echo "using PV-GRUB kernel $kernel"
+                        extraFlags+=" --virtualization-type paravirtual --kernel $kernel"
+                    else
+                        extraFlags+=" --virtualization-type hvm"
+                    fi
+
+                    set -x
+                    ami=$(ec2-register \
+                        -n "$name" \
+                        -d "$description" \
+                        --region "$region" \
+                        --architecture "$arch" \
+                        $extraFlags | cut -f 2)
+                fi
+
+                echo -n "$ami" > $amiFile
+                echo "created AMI $ami of type '$type' in $region..."
+
+            else
+                ami=$(cat $amiFile)
+            fi
+
+            echo "waiting for AMI..."
+            while true; do
+                status=$(ec2-describe-images "$ami" --region "$region" | head -n1 | cut -f 5)
+                if [ "$status" = available ]; then break; fi
+                sleep 10
+            done
+
+            ec2-modify-image-attribute \
+                --region "$region" "$ami" -l -a all
+
+            echo "region = $region, type = $type, store = $store, ami = $ami"
+            if [ -z "$prevAmi" ]; then
+                prevAmi="$ami"
+                prevRegion="$region"
+            fi
+
+            echo "  \"15.09\".$region.$type-$store = \"$ami\";" >> ec2-amis.nix
+        done
+
+    done
+
+done

nixos/maintainers/scripts/ec2/create-ebs-amis.py

@@ -1,216 +0,0 @@
-#! /usr/bin/env python
-
-import os
-import sys
-import time
-import argparse
-import nixops.util
-from nixops import deployment
-from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
-import boto.ec2
-from nixops.statefile import StateFile, get_default_state_file
-
-parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI')
-parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in')
-parser.add_argument('--channel', dest='channel', default="14.12", help='Channel to use')
-parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use')
-parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image')
-parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob")
-args = parser.parse_args()
-
-instance_type = "m3.medium" if args.hvm else "m1.small"
-
-if args.hvm:
-    virtualization_type = "hvm"
-    root_block = "/dev/sda1"
-    image_type = 'hvm'
-else:
-    virtualization_type = "paravirtual"
-    root_block = "/dev/sda"
-    image_type = 'ebs'
-
-ebs_size = 20
-
-# Start a NixOS machine in the given region.
-f = open("ebs-creator-config.nix", "w")
-f.write('''{{
-  resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
-  resources.ec2KeyPairs.keypair.region = "{0}";
-
-  machine =
-    {{ pkgs, ... }}:
-    {{
-      deployment.ec2.accessKeyId = "lb-nixos";
-      deployment.ec2.region = "{0}";
-      deployment.ec2.blockDeviceMapping."/dev/xvdg".size = pkgs.lib.mkOverride 10 {1};
-    }};
-}}
-'''.format(args.region, ebs_size))
-f.close()
-
-db = StateFile(get_default_state_file())
-try:
-    depl = db.open_deployment("ebs-creator")
-except Exception:
-    depl = db.create_deployment()
-    depl.name = "ebs-creator"
-depl.logger.set_autoresponse("y")
-depl.nix_exprs = [os.path.abspath("./ebs-creator.nix"), os.path.abspath("./ebs-creator-config.nix")]
-if not args.keep: depl.destroy_resources()
-depl.deploy(allow_reboot=True)
-
-m = depl.machines['machine']
-
-# Do the installation.
-device="/dev/xvdg"
-if args.hvm:
-    m.run_command('parted -s /dev/xvdg -- mklabel msdos')
-    m.run_command('parted -s /dev/xvdg -- mkpart primary ext2 1M -1s')
-    device="/dev/xvdg1"
-
-m.run_command("if mountpoint -q /mnt; then umount /mnt; fi")
-m.run_command("mkfs.ext4 -L nixos {0}".format(device))
-m.run_command("mkdir -p /mnt")
-m.run_command("mount {0} /mnt".format(device))
-m.run_command("touch /mnt/.ebs")
-m.run_command("mkdir -p /mnt/etc/nixos")
-
-m.run_command("nix-channel --add https://nixos.org/channels/nixos-{} nixos".format(args.channel))
-m.run_command("nix-channel --update")
-
-version = m.run_command("nix-instantiate --eval-only -A lib.nixpkgsVersion '<nixpkgs>'", capture_stdout=True).split(' ')[0].replace('"','').strip()
-print >> sys.stderr, "NixOS version is {0}".format(version)
-if args.hvm:
-    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/amazon-base-config.nix")
-    m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
-    m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
-    m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
-else:
-    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
-    m.run_command("nixos-install")
-
-m.run_command("umount /mnt")
-
-if args.hvm:
-    ami_name = "nixos-{0}-x86_64-hvm".format(version)
-    description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
-else:
-    ami_name = "nixos-{0}-x86_64-ebs".format(version)
-    description = "NixOS {0} (x86_64; EBS root)".format(version)
-
-
-# Wait for the snapshot to finish.
-def check():
-    status = snapshot.update()
-    print >> sys.stderr, "snapshot status is {0}".format(status)
-    return status == '100%'
-
-m.connect()
-volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
-
-# Create a snapshot.
-snapshot = volume.create_snapshot(description=description)
-print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
-
-nixops.util.check_wait(check, max_tries=120)
-
-m._conn.create_tags([snapshot.id], {'Name': ami_name})
-
-if not args.keep: depl.destroy_resources()
-
-# Register the image.
-aki = m._conn.get_all_images(filters={'manifest-location': 'ec2*pv-grub-hd0_1.03-x86_64*'})[0]
-print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
-
-block_map = BlockDeviceMapping()
-block_map[root_block] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True, size=ebs_size, volume_type="gp2")
-block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
-block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
-block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
-block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
-
-common_args = dict(
-        name=ami_name,
-        description=description,
-        architecture="x86_64",
-        root_device_name=root_block,
-        block_device_map=block_map,
-        virtualization_type=virtualization_type,
-        delete_root_volume_on_termination=True
-        )
-if not args.hvm:
-    common_args['kernel_id']=aki.id
-
-ami_id = m._conn.register_image(**common_args)
-
-print >> sys.stderr, "registered AMI {0}".format(ami_id)
-
-print >> sys.stderr, "sleeping a bit..."
-time.sleep(30)
-
-print >> sys.stderr, "setting image name..."
-m._conn.create_tags([ami_id], {'Name': ami_name})
-
-print >> sys.stderr, "making image public..."
-image = m._conn.get_all_images(image_ids=[ami_id])[0]
-image.set_launch_permissions(user_ids=[], group_names=["all"])
-
-# Do a test deployment to make sure that the AMI works.
-f = open("ebs-test.nix", "w")
-f.write(
-    '''
-    {{
-      network.description = "NixOS EBS test";
-
-      resources.ec2KeyPairs.keypair.accessKeyId = "lb-nixos";
-      resources.ec2KeyPairs.keypair.region = "{0}";
-
-      machine = {{ config, pkgs, resources, ... }}: {{
-        deployment.targetEnv = "ec2";
-        deployment.ec2.accessKeyId = "lb-nixos";
-        deployment.ec2.region = "{0}";
-        deployment.ec2.instanceType = "{2}";
-        deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
-        deployment.ec2.securityGroups = [ "public-ssh" ];
-        deployment.ec2.ami = "{1}";
-      }};
-    }}
-    '''.format(args.region, ami_id, instance_type))
-f.close()
-
-test_depl = db.create_deployment()
-test_depl.auto_response = "y"
-test_depl.name = "ebs-creator-test"
-test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")]
-test_depl.deploy(create_only=True)
-test_depl.machines['machine'].run_command("nixos-version")
-
-# Log the AMI ID.
-f = open("ec2-amis.nix".format(args.region, image_type), "w")
-f.write("{\n")
-
-for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1', 'eu-central-1', 'ap-southeast-1', 'ap-southeast-2', 'ap-northeast-1', 'sa-east-1']:
-    copy_image = None
-    if args.region != dest:
-        try:
-            print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
-            conn = boto.ec2.connect_to_region(dest)
-            copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None)
-        except :
-            print >> sys.stderr, "FAILED!"
-
-        # Log the AMI ID.
-        if copy_image != None:
-            f.write('  "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,dest,"hvm" if args.hvm else "ebs",copy_image.image_id))
-    else:
-        f.write('  "{0}"."{1}".{2} = "{3}";\n'.format(args.channel,args.region,"hvm" if args.hvm else "ebs",ami_id))
-
-
-f.write("}\n")
-f.close()
-
-if not args.keep:
-    test_depl.logger.set_autoresponse("y")
-    test_depl.destroy_resources()
-    test_depl.delete()
-

nixos/maintainers/scripts/ec2/create-s3-amis.sh

@@ -1,53 +0,0 @@
-#! /bin/sh -e
-
-export NIXOS_CONFIG=$(dirname $(readlink -f $0))/amazon-base-config.nix
-
-version=$(nix-instantiate --eval-only '<nixpkgs/nixos>' -A config.system.nixosVersion | sed s/'"'//g)
-echo "NixOS version is $version"
-
-buildAndUploadFor() {
-    system="$1"
-    arch="$2"
-
-    echo "building $system image..."
-    nix-build '<nixpkgs/nixos>' \
-        -A config.system.build.amazonImage --argstr system "$system" -o ec2-ami
-
-    ec2-bundle-image -i ./ec2-ami/nixos.img --user "$AWS_ACCOUNT" --arch "$arch" \
-        -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
-
-    for region in eu-west-1; do
-        echo "uploading $system image for $region..."
-
-        name=nixos-$version-$arch-s3
-        bucket="$(echo $name-$region | tr '[A-Z]_' '[a-z]-')"
-
-        if [ "$region" = eu-west-1 ]; then s3location=EU;
-        elif [ "$region" = us-east-1 ]; then s3location=US;
-        else s3location="$region"
-        fi
-
-        ec2-upload-bundle -b "$bucket" -m /tmp/nixos.img.manifest.xml \
-            -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" --location "$s3location" \
-            --url http://s3.amazonaws.com
-
-        kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.04-$arch*" --region "$region" | cut -f 2)
-        echo "using PV-GRUB kernel $kernel"
-
-        ami=$(ec2-register "$bucket/nixos.img.manifest.xml" -n "$name" -d "NixOS $system r$revision" -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY" \
-            --region "$region" --kernel "$kernel" | cut -f 2)
-
-        echo "AMI ID is $ami"
-
-        echo "  \"14.12\".\"$region\".s3 = \"$ami\";" >> ec2-amis.nix
-
-        ec2-modify-image-attribute --region "$region" "$ami" -l -a all -O "$EC2_ACCESS_KEY" -W "$EC2_SECRET_KEY"
-
-        for cp_region in us-east-1 us-west-1 us-west-2 eu-central-1 ap-southeast-1 ap-southeast-2 ap-northeast-1 sa-east-1; do
-          new_ami=$(aws ec2 copy-image --source-image-id $ami --source-region $region --region $cp_region --name "$name" | json ImageId)
-          echo "  \"14.12\".\"$cp_region\".s3 = \"$new_ami\";" >> ec2-amis.nix  
-        done
-    done
-}
-
-buildAndUploadFor x86_64-linux x86_64

nixos/maintainers/scripts/ec2/ebs-creator.nix

@@ -1,13 +0,0 @@
-{
-  network.description = "NixOS EBS creator";
-
-  machine =
-    { config, pkgs, resources, ... }:
-    { deployment.targetEnv = "ec2";
-      deployment.ec2.instanceType = "c3.large";
-      deployment.ec2.securityGroups = [ "public-ssh" ];
-      deployment.ec2.ebsBoot = false;
-      deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
-      environment.systemPackages = [ pkgs.parted ];
-    };
-}

nixos/modules/config/i18n.nix

@@ -52,15 +52,6 @@ in
         '';
       };
 
-      consoleUseXkbConfig = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          If set, configure the console keymap from the xserver keyboard
-          settings.
-        '';
-      };
-
       consoleKeyMap = mkOption {
         type = mkOptionType {
           name = "string or path";
@@ -83,13 +74,6 @@ in
 
   config = {
 
-    i18n.consoleKeyMap = with config.services.xserver;
-      mkIf config.i18n.consoleUseXkbConfig
-        (pkgs.runCommand "xkb-console-keymap" { preferLocalBuild = true; } ''
-          '${pkgs.ckbcomp}/bin/ckbcomp' -model '${xkbModel}' -layout '${layout}' \
-            -option '${xkbOptions}' -variant '${xkbVariant}' > "$out"
-        '');
-
     environment.systemPackages =
       optional (config.i18n.supportedLocales != []) glibcLocales;
 

nixos/modules/config/system-path.nix

@@ -103,7 +103,8 @@ in
       [ "/bin"
         "/etc/xdg"
         "/info"
-        "/lib"
+        "/lib" # FIXME: remove
+        #"/lib/debug/.build-id" # enables GDB to find separated debug info
         "/man"
         "/sbin"
         "/share/applications"

nixos/modules/installer/cd-dvd/channel.nix

@@ -33,7 +33,7 @@ in
         echo "unpacking the NixOS/Nixpkgs sources..."
         mkdir -p /nix/var/nix/profiles/per-user/root
         ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
-          -i ${channelSources} --quiet --option use-substitutes false
+          -i ${channelSources} --quiet --option build-use-substitutes false
         mkdir -m 0700 -p /root/.nix-defexpr
         ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
         mkdir -m 0755 -p /var/lib/nixos

nixos/modules/installer/tools/nixos-rebuild.sh

@@ -157,9 +157,9 @@ if [ -n "$buildNix" ]; then
             if ! nix-build '<nixpkgs>' -A nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
                 machine="$(uname -m)"
                 if [ "$machine" = x86_64 ]; then
-                    nixStorePath=/nix/store/664kxr14kfgx4dl095crvmr7pbh9xlh5-nix-1.9
+                    nixStorePath=/nix/store/xryr9g56h8yjddp89d6dw12anyb4ch7c-nix-1.10
                 elif [[ "$machine" =~ i.86 ]]; then
-                    nixStorePath=/nix/store/p7xdvz72xx3rhm121jclsbdmmcds7xh6-nix-1.9
+                    nixStorePath=/nix/store/2w92k5wlpspf0q2k9mnf2z42prx3bwmv-nix-1.10
                 else
                     echo "$0: unsupported platform"
                     exit 1

nixos/modules/misc/extra-arguments.nix

@@ -4,11 +4,6 @@
   _module.args = {
     pkgs_i686 = import ../../.. {
       system = "i686-linux";
-      # FIXME: we enable config.allowUnfree to make packages like
-      # nvidia-x11 available. This isn't a problem because if the user has
-      # ‘nixpkgs.config.allowUnfree = false’, then evaluation will fail on
-      # the 64-bit package anyway. However, it would be cleaner to respect
-      # nixpkgs.config here.
       config.allowUnfree = true;
     };
 

nixos/modules/misc/ids.nix

@@ -229,9 +229,6 @@
       riak = 205;
       shout = 206;
       gateone = 207;
-      namecoin = 208;
-      dnschain = 209;
-      #lxd = 210; # unused
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -439,9 +436,6 @@
       riak = 205;
       #shout = 206; #unused
       gateone = 207;
-      namecoin = 208;
-      #dnschain = 209; #unused
-      lxd = 210; # unused
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/misc/version.nix

@@ -56,7 +56,7 @@ with lib;
     system.defaultChannel = mkOption {
       internal = true;
       type = types.str;
-      default = https://nixos.org/channels/nixos-unstable;
+      default = https://nixos.org/channels/nixos-15.09;
       description = "Default NixOS channel to which the root user is subscribed.";
     };
 
@@ -75,7 +75,7 @@ with lib;
       mkDefault (if pathExists fn then readFile fn else "master");
 
     # Note: code names must only increase in alphabetical order.
-    system.nixosCodeName = "Emu";
+    system.nixosCodeName = "Dingo";
 
     # Generate /etc/os-release.  See
     # http://0pointer.de/public/systemd-man/os-release.html for the

nixos/modules/module-list.nix

@@ -275,7 +275,6 @@
   ./services/networking/ddclient.nix
   ./services/networking/dhcpcd.nix
   ./services/networking/dhcpd.nix
-  ./services/networking/dnschain.nix
   ./services/networking/dnscrypt-proxy.nix
   ./services/networking/dnsmasq.nix
   ./services/networking/docker-registry-server.nix
@@ -304,7 +303,6 @@
   ./services/networking/minidlna.nix
   ./services/networking/mstpd.nix
   ./services/networking/murmur.nix
-  ./services/networking/namecoind.nix
   ./services/networking/nat.nix
   ./services/networking/networkmanager.nix
   ./services/networking/ngircd.nix
@@ -470,6 +468,7 @@
   ./tasks/filesystems/ntfs.nix
   ./tasks/filesystems/reiserfs.nix
   ./tasks/filesystems/unionfs-fuse.nix
+  ./tasks/filesystems/vboxsf.nix
   ./tasks/filesystems/vfat.nix
   ./tasks/filesystems/xfs.nix
   ./tasks/filesystems/zfs.nix
@@ -487,7 +486,6 @@
   ./virtualisation/docker.nix
   ./virtualisation/libvirtd.nix
   ./virtualisation/lxc.nix
-  ./virtualisation/lxd.nix
   ./virtualisation/amazon-options.nix
   ./virtualisation/openvswitch.nix
   ./virtualisation/parallels-guest.nix

nixos/modules/programs/cdemu.nix

@@ -9,28 +9,19 @@ in {
     programs.cdemu = {
       enable = mkOption {
         default = false;
-        description = ''
-          <command>cdemu</command> for members of
-          <option>programs.cdemu.group</option>.
-        '';
+        description = "Whether to enable cdemu for users of appropriate group (default cdrom)";
       };
       group = mkOption {
         default = "cdrom";
-        description = ''
-          Group that users must be in to use <command>cdemu</command>.
-        '';
+        description = "Required group for users of cdemu";
       };
       gui = mkOption {
         default = true;
-        description = ''
-          Whether to install the <command>cdemu</command> GUI (gCDEmu).
-        '';
+        description = "Whether to install cdemu GUI (gCDEmu)";
       };
       image-analyzer = mkOption {
         default = true;
-        description = ''
-          Whether to install the image analyzer.
-        '';
+        description = "Whether to install image analyzer";
       };
     };
   };

nixos/modules/rename.nix

@@ -165,6 +165,5 @@ in zipModules ([]
 ++ obsolete' [ "services" "syslog-ng" "serviceName" ]
 ++ obsolete' [ "services" "syslog-ng" "listenToJournal" ]
 ++ obsolete' [ "ec2" "metadata" ]
-++ obsolete' [ "services" "openvpn" "enable" ]
 
 )

nixos/modules/security/apparmor.nix

@@ -37,5 +37,13 @@ in
          ) cfg.profiles;
        };
      };
+
+     security.pam.services.apparmor.text = ''
+       ## AppArmor changes hats according to `order`: first try user, then
+       ## group, and finally fall back to a hat called "DEFAULT"
+       ##
+       ## For now, enable debugging as this is an experimental feature.
+       session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug
+     '';
    };
 }

nixos/modules/security/pam.nix

@@ -192,16 +192,6 @@ let
         description = "Whether to log authentication failures in <filename>/var/log/faillog</filename>.";
       };
 
-      enableAppArmor = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Enable support for attaching AppArmor profiles at the
-          user/group level, e.g., as part of a role based access
-          control scheme.
-        '';
-      };
-
       text = mkOption {
         type = types.nullOr types.lines;
         description = "Contents of the PAM service file.";
@@ -304,8 +294,6 @@ let
               "session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
           ${optionalString cfg.pamMount
               "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"}
-          ${optionalString (cfg.enableAppArmor && config.security.apparmor.enable)
-              "session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"}
         '';
     };
 

nixos/modules/security/prey.nix

@@ -16,28 +16,19 @@ in {
         default = false;
         type = types.bool;
         description = ''
-          Enables the <link xlink:href="http://preyproject.com/" />
-          shell client. Be sure to specify both API and device keys.
-          Once enabled, a <command>cron</command> job will run every 15
-          minutes to report status information.
+          Enables http://preyproject.com/ bash client. Be sure to specify api and device keys.
+          Once setup, cronjob will run evert 15 minutes and report status.
         '';
       };
 
       deviceKey = mkOption {
         type = types.string;
-        description = ''
-          <literal>Device key</literal> obtained by visiting
-          <link xlink:href="https://panel.preyproject.com/devices" />
-          and clicking on your device.
-        '';
+        description = "Device Key obtained from https://panel.preyproject.com/devices (and clicking on the device)";
       };
 
       apiKey = mkOption {
         type = types.string;
-        description = ''
-          <literal>API key</literal> obtained from
-          <link xlink:href="https://panel.preyproject.com/profile" />.
-        '';
+        description = "API key obtained from https://panel.preyproject.com/profile";
       };
     };
 

nixos/modules/services/backup/bacula.nix

@@ -169,17 +169,14 @@ in {
         type = types.bool;
         default = false;
         description = ''
-          Whether to enable the Bacula File Daemon.
+          Whether to enable Bacula File Daemon.
         '';
       };
  
       name = mkOption {
         default = "${config.networking.hostName}-fd";
         description = ''
-          The client name that must be used by the Director when connecting.
-          Generally, it is a good idea to use a name related to the machine
-          so that error messages can be easily identified if you have multiple
-          Clients. This directive is required.
+        	The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
         '';
       };
  
@@ -187,9 +184,7 @@ in {
         default = 9102;
         type = types.int;
         description = ''
-          This specifies the port number on which the Client listens for
-          Director connections. It must agree with the FDPort specified in
-          the Client resource of the Director's configuration file.
+        	This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
         '';
       };
  
@@ -207,7 +202,7 @@ in {
         description = ''
           Extra configuration to be passed in Client directive.
         '';
-        example = literalExample ''
+        example = ''
           Maximum Concurrent Jobs = 20;
           Heartbeat Interval = 30;
         '';
@@ -218,7 +213,7 @@ in {
         description = ''
           Extra configuration to be passed in Messages directive.
         '';
-        example = literalExample ''
+        example = ''
           console = all
         '';
       };

nixos/modules/services/backup/sitecopy-backup.nix

@@ -21,16 +21,15 @@ in
       enable = mkOption {
         default = false;
         description = ''
-          Whether to enable <command>sitecopy</command> backups of specified
-          directories.
+          Whether to enable sitecopy backups of specified directories.
         '';
       };
 
       period = mkOption {
         default = "15 04 * * *";
         description = ''
-          This option defines (in the format used by <command>cron</command>)
-          when the <command>sitecopy</command> backups are to be run.
+          This option defines (in the format used by cron) when the
+          sitecopy backup are being run.
           The default is to update at 04:15 (at night) every day.
         '';
       };
@@ -48,10 +47,9 @@ in
         ];
         default = [];
         description = ''
-           List of attribute sets describing the backups.
+           List of attributesets describing the backups.
 
-           Username/password are extracted from
-           <filename>${stateDir}/sitecopy.secrets</filename> at activation
+           Username/password are extracted from <filename>${stateDir}/sitecopy.secrets</filename> at activation
            time. The secrets file lines should have the following structure:
            <screen>
              server username password

nixos/modules/services/cluster/kubernetes.nix

@@ -73,7 +73,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes apiserver listening port.";
+        description = "Kubernets apiserver listening port.";
         default = 8080;
         type = types.int;
       };
@@ -211,7 +211,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes scheduler listening port.";
+        description = "Kubernets scheduler listening port.";
         default = 10251;
         type = types.int;
       };
@@ -243,7 +243,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes controller manager listening port.";
+        description = "Kubernets controller manager listening port.";
         default = 10252;
         type = types.int;
       };
@@ -299,7 +299,7 @@ in {
       };
 
       port = mkOption {
-        description = "Kubernetes kubelet info server listening port.";
+        description = "Kubernets kubelet info server listening port.";
         default = 10250;
         type = types.int;
       };

nixos/modules/services/databases/mysql.nix

@@ -167,12 +167,6 @@ in
 
         unitConfig.RequiresMountsFor = "${cfg.dataDir}";
 
-        path = [
-          # Needed for the mysql_install_db command in the preStart script
-          # which calls the hostname command.
-          pkgs.nettools
-        ];
-
         preStart =
           ''
             if ! test -e ${cfg.dataDir}/mysql; then

nixos/modules/services/databases/opentsdb.nix

@@ -5,10 +5,7 @@ with lib;
 let
   cfg = config.services.opentsdb;
 
-  configFile = pkgs.writeText "opentsdb.conf" ''
-    tsd.core.auto_create_metrics = true
-    tsd.http.request.enable_chunked  = true
-  '';
+  configFile = pkgs.writeText "opentsdb.conf" cfg.config;
 
 in {
 
@@ -59,6 +56,17 @@ in {
         '';
       };
 
+      config = mkOption {
+        type = types.lines;
+        default = ''
+          tsd.core.auto_create_metrics = true
+          tsd.http.request.enable_chunked  = true
+        '';
+        description = ''
+          The contents of OpenTSDB's configuration file
+        '';
+      };
+
     };
 
   };

nixos/modules/services/hardware/brltty.nix

@@ -4,6 +4,10 @@ with lib;
 
 let
   cfg = config.services.brltty;
+  
+  stateDir = "/run/brltty";
+
+  pidFile = "${stateDir}/brltty.pid";
 
 in {
 
@@ -20,24 +24,14 @@ in {
   config = mkIf cfg.enable {
 
     systemd.services.brltty = {
-      description = "Braille Device Support";
-      unitConfig = {
-        Documentation = "http://mielke.cc/brltty/";
-        DefaultDependencies = "no";
-        RequiresMountsFor = "${pkgs.brltty}/var/lib/brltty";
-      };
+      description = "Braille console driver";
+      preStart = ''
+        mkdir -p ${stateDir}
+      '';
       serviceConfig = {
-        ExecStart = "${pkgs.brltty}/bin/brltty --no-daemon";
-        Type = "simple";        # Change to notidy after next releae
-        TimeoutStartSec = 5;
-        TimeoutStopSec = 10;
-        Restart = "always";
-        RestartSec = 30;
-        Nice = -10;
-        OOMScoreAdjust = -900;
-        ProtectHome = "read-only";
-        ProtectSystem = "full";
-        SystemCallArchitectures = "native";
+        ExecStart = "${pkgs.brltty}/bin/brltty --pid-file=${pidFile}";
+        Type = "forking";
+        PIDFile = pidFile;
       };
       before = [ "sysinit.target" ];
       wantedBy = [ "sysinit.target" ];

nixos/modules/services/hardware/freefall.nix

@@ -2,42 +2,40 @@
 
 with lib;
 
-let
+{
 
-  cfg = config.services.freefall;
+  ###### interface
 
-in {
+  options = with types; {
 
-  options.services.freefall = {
+    services.freefall = {
 
-    enable = mkOption {
-      type = types.bool;
-      default = false;
-      description = ''
-        Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
-      '';
-    };
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to protect HP/Dell laptop hard drives (not SSDs) in free fall.
+        '';
+        type = bool;
+      };
 
-    package = mkOption {
-      type = types.package;
-      default = pkgs.freefall;
-      description = ''
-        freefall derivation to use.
-      '';
-    };
+      devices = mkOption {
+        default = [ "/dev/sda" ];
+        description = ''
+          Device paths to all internal spinning hard drives.
+        '';
+        type = listOf string;
+      };
 
-    devices = mkOption {
-      type = types.listOf types.string;
-      default = [ "/dev/sda" ];
-      description = ''
-        Device paths to all internal spinning hard drives.
-      '';
     };
 
   };
 
+  ###### implementation
+
   config = let
 
+    cfg = config.services.freefall;
+
     mkService = dev:
       assert dev != "";
       let dev' = utils.escapeSystemdPath dev; in
@@ -45,8 +43,12 @@ in {
         description = "Free-fall protection for ${dev}";
         after = [ "${dev'}.device" ];
         wantedBy = [ "${dev'}.device" ];
+        path = [ pkgs.freefall ];
+        unitConfig = {
+          DefaultDependencies = false;
+        };
         serviceConfig = {
-          ExecStart = "${cfg.package}/bin/freefall ${dev}";
+          ExecStart = "${pkgs.freefall}/bin/freefall ${dev}";
           Restart = "on-failure";
           Type = "forking";
         };
@@ -54,9 +56,9 @@ in {
 
   in mkIf cfg.enable {
 
-    environment.systemPackages = [ cfg.package ];
+    environment.systemPackages = [ pkgs.freefall ];
 
-    systemd.services = builtins.listToAttrs (map mkService cfg.devices);
+    systemd.services = listToAttrs (map mkService cfg.devices);
 
   };
 

nixos/modules/services/mail/mlmmj.nix

@@ -14,7 +14,7 @@ let
   alias = domain: list: "${list}: \"|${pkgs.mlmmj}/bin/mlmmj-receive -L ${listDir domain list}/\"";
   subjectPrefix = list: "[${list}]";
   listAddress = domain: list: "${list}@${domain}";
-  customHeaders = domain: list: [ "List-Id: ${list}" "Reply-To: ${list}@${domain}" ];
+  customHeaders = list: domain: [ "List-Id: ${list}" "Reply-To: ${list}@${domain}" ];
   footer = domain: list: "To unsubscribe send a mail to ${list}+unsubscribe@${domain}";
   createList = d: l: ''
     ${pkgs.coreutils}/bin/mkdir -p ${listCtl d l}
@@ -90,15 +90,14 @@ in
       enable = true;
       recipientDelimiter= "+";
       extraMasterConf = ''
-        mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nexthop
+        mlmmj unix - n n - - pipe flags=ORhu user=mlmmj argv=${pkgs.mlmmj}/bin/mlmmj-receive -F -L ${spoolDir}/$nextHop
       '';
 
       extraAliases = concatMapStrings (alias cfg.listDomain) cfg.mailLists;
 
       extraConfig = ''
-        transport_maps = hash:${stateDir}/transports
-        virtual_alias_maps = hash:${stateDir}/virtuals
-        propagate_unmatched_extensions = virtual
+        transport = hash:${stateDir}/transports
+        virtual = hash:${stateDir}/virtuals
       '';
     };
 
@@ -109,10 +108,9 @@ in
           ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} ${spoolDir}
           ${lib.concatMapStrings (createList cfg.listDomain) cfg.mailLists}
           echo ${lib.concatMapStrings (virtual cfg.listDomain) cfg.mailLists} > ${stateDir}/virtuals
-          echo ${lib.concatMapStrings (transport cfg.listDomain) cfg.mailLists} > ${stateDir}/transports
-          ${pkgs.postfix}/bin/postmap ${stateDir}/virtuals
-          ${pkgs.postfix}/bin/postmap ${stateDir}/transports
-      '';
+          echo ${cfg.listDomain} mailman: > ${stateDir}/transports
+          echo ${lib.concatMapStrings (transport cfg.listDomain) cfg.mailLists} >> ${stateDir}/transports
+    '';
 
     systemd.services."mlmmj-maintd" = {
       description = "mlmmj maintenance daemon";

nixos/modules/services/misc/confd.nix

@@ -63,7 +63,7 @@ in {
 
     package = mkOption {
       description = "Confd package to use.";
-      default = pkgs.confd;
+      default = pkgs.goPackages.confd;
       type = types.package;
     };
   };

nixos/modules/services/misc/gitit.nix

@@ -99,7 +99,7 @@ let
       };
 
       authenticationMethod = mkOption {
-        type = types.enum [ "form" "http" "generic" "github" ];
+        type = types.enum [ "form" "http" "generic"];
         default = "form";
         description = ''
           'form' means that users will be logged in and registered using forms
@@ -537,42 +537,6 @@ video/x-ms-wmx  wmx
           through xss-sanitize.  Set to no only if you trust all of your users.
         '';
       };
-
-      oauthClientId = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth client ID";
-      };
-
-      oauthClientSecret = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth client secret";
-      };
-
-      oauthCallback = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth callback URL";
-      };
-
-      oauthAuthorizeEndpoint = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth authorize endpoint";
-      };
-
-      oauthAccessTokenEndpoint = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "OAuth access token endpoint";
-      };
-
-      githubOrg = mkOption {
-        type = with types; nullOr str;
-        default = null;
-        description = "Github organization";
-      };
   };
 
   configFile = pkgs.writeText "gitit.conf" ''
@@ -623,14 +587,6 @@ video/x-ms-wmx  wmx
     pdf-export: ${toYesNo cfg.pdfExport}
     pandoc-user-data: ${toString cfg.pandocUserData}
     xss-sanitize: ${toYesNo cfg.xssSanitize}
-
-    [Github]
-    oauthclientid: ${toString cfg.oauthClientId}
-    oauthclientsecret: ${toString cfg.oauthClientSecret}
-    oauthcallback: ${toString cfg.oauthCallback}
-    oauthauthorizeendpoint: ${toString cfg.oauthAuthorizeEndpoint}
-    oauthaccesstokenendpoint: ${toString cfg.oauthAccessTokenEndpoint}
-    github-org: ${toString cfg.githubOrg}
   '';
 
 in
@@ -725,3 +681,4 @@ NAMED
     };
   };
 }
+

nixos/modules/services/misc/nix-gc.nix

@@ -52,7 +52,7 @@ in
 
     systemd.services.nix-gc =
       { description = "Nix Garbage Collector";
-        script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
+        script = "exec ${config.nix.package}/bin/nix-store --gc ${cfg.options}";
         startAt = optionalString cfg.automatic cfg.dates;
       };
 

nixos/modules/services/misc/nixos-manual.nix

@@ -93,7 +93,7 @@ in
 
     system.build.manual = manual;
 
-    environment.systemPackages = [ manual.manpages help ];
+    environment.systemPackages = [ manual.manpages manual.manual help ];
 
     boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"];
 

nixos/modules/services/monitoring/grafana.nix

@@ -200,13 +200,13 @@ in {
 
     staticRootPath = mkOption {
       description = "Root path for static assets.";
-      default = "${cfg.package.out}/share/go/src/github.com/grafana/grafana/public";
+      default = "${cfg.package}/share/go/src/github.com/grafana/grafana/public";
       type = types.str;
     };
 
     package = mkOption {
       description = "Package to use.";
-      default = pkgs.grafana;
+      default = pkgs.goPackages.grafana;
       type = types.package;
     };
 
@@ -319,7 +319,7 @@ in {
       wantedBy = ["multi-user.target"];
       after = ["networking.target"];
       serviceConfig = {
-        ExecStart = "${cfg.package-backend}/bin/grafana --config ${cfgFile} web";
+        ExecStart = "${cfg.package}/bin/grafana --config ${cfgFile} web";
         WorkingDirectory = cfg.dataDir;
         User = "grafana";
       };

nixos/modules/services/network-filesystems/samba.nix

@@ -97,8 +97,8 @@ in
         description = ''
           Enabling this will add a line directly after pam_unix.so.
           Whenever a password is changed the samba password will be updated as well.
-          However, you still have to add the samba password once, using smbpasswd -a user.
-          If you don't want to maintain an extra password database, you still can send plain text
+          However you still yave to add the samba password once using smbpasswd -a user
+          If you don't want to maintain an extra pwd database you still can send plain text
           passwords which is not secure.
         '';
       };

nixos/modules/services/networking/bitlbee.nix

@@ -16,12 +16,11 @@ let
     ''
     [settings]
     RunMode = Daemon
-    User = bitlbee
+    User = bitlbee  
     ConfigDir = ${cfg.configDir}
     DaemonInterface = ${cfg.interface}
     DaemonPort = ${toString cfg.portNumber}
     AuthMode = ${cfg.authMode}
-    Plugindir = ${pkgs.bitlbee-plugins cfg.plugins}/lib/bitlbee
     ${lib.optionalString (cfg.hostName != "") "HostName = ${cfg.hostName}"}
     ${lib.optionalString (cfg.protocols != "") "Protocols = ${cfg.protocols}"}
     ${cfg.extraSettings}
@@ -73,7 +72,7 @@ in
             Open -- Accept connections from anyone, use NickServ for user authentication.
             Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
             Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
-        '';
+        ''; 
       };
 
       hostName = mkOption {
@@ -86,15 +85,6 @@ in
         '';
       };
 
-      plugins = mkOption {
-        type = types.listOf types.package;
-        default = [];
-        example = literalExample "[ pkgs.bitlbee-facebook ]";
-        description = ''
-          The list of bitlbee plugins to install.
-        '';
-      };
-
       configDir = mkOption {
         default = "/var/lib/bitlbee";
         type = types.path;
@@ -117,14 +107,14 @@ in
         default = "";
         description = ''
           Will be inserted in the Settings section of the config file.
-        '';
+        ''; 
       };
 
       extraDefaults = mkOption {
         default = "";
         description = ''
           Will be inserted in the Default section of the config file.
-        '';
+        ''; 
       };
 
     };
@@ -148,7 +138,7 @@ in
         gid = config.ids.gids.bitlbee;
       };
 
-    systemd.services.bitlbee =
+    systemd.services.bitlbee = 
       { description = "BitlBee IRC to other chat networks gateway";
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];

nixos/modules/services/networking/connman.nix

@@ -5,12 +5,7 @@ with lib;
 
 let
   cfg = config.networking.connman;
-  configFile = pkgs.writeText "connman.conf" ''
-    [General]
-    NetworkInterfaceBlacklist=${concatStringsSep "," cfg.networkInterfaceBlacklist}
 
-    ${cfg.extraConfig}
-  '';
 in {
 
   ###### interface
@@ -27,23 +22,6 @@ in {
         '';
       };
 
-      extraConfig = mkOption {
-        type = types.lines;
-        default = ''
-        '';
-        description = ''
-          Configuration lines appended to the generated connman configuration file.
-        '';
-      };
-
-      networkInterfaceBlacklist = mkOption {
-        type = with types; listOf string;
-        default = [ "vmnet" "vboxnet" "virbr" "ifb" "ve" ];
-        description = ''
-          Default blacklisted interfaces, this includes NixOS containers interfaces (ve).
-        '';
-      };
-
     };
 
   };
@@ -73,7 +51,7 @@ in {
         Type = "dbus";
         BusName = "net.connman";
         Restart = "on-failure";
-        ExecStart = "${pkgs.connman}/sbin/connmand --config=${configFile} --nodaemon";
+        ExecStart = "${pkgs.connman}/sbin/connmand --nodaemon";
         StandardOutput = "null";
       };
     };

nixos/modules/services/networking/dnschain.nix

@@ -1,110 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services;
-
-  dnschainConf = pkgs.writeText "dnschain.conf" ''
-    [log]
-    level=info
-
-    [dns]
-    host = 127.0.0.1
-    port = 5333
-    oldDNSMethod = NO_OLD_DNS
-    # TODO: check what that address is acutally used for
-    externalIP = 127.0.0.1
-
-    [http]
-    host = 127.0.0.1
-    port=8088
-    tlsPort=4443
-  '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.dnschain = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to run dnschain. That implies running
-          namecoind as well, so make sure to configure
-          it appropriately.
-        '';
-      };
-
-    };
-
-    services.dnsmasq = {
-      resolveDnschainQueries = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Resolve <literal>.bit</literal> top-level domains
-          with dnschain and namecoind.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.dnschain.enable {
-
-    services.namecoind.enable = true;
-
-    services.dnsmasq.servers = optionals cfg.dnsmasq.resolveDnschainQueries [ "/.bit/127.0.0.1#5333" ];
-
-    users.extraUsers = singleton
-      { name = "dnschain";
-        uid = config.ids.uids.dnschain;
-        extraGroups = [ "namecoin" ];
-        description = "Dnschain daemon user";
-        home = "/var/lib/dnschain";
-        createHome = true;
-      };
-
-    systemd.services.dnschain = {
-        description = "Dnschain Daemon";
-        after = [ "namecoind.target" ];
-        wantedBy = [ "multi-user.target" ];
-        path = [ pkgs.openssl ];
-        preStart = ''
-          # Link configuration file into dnschain HOME directory
-          if [ "$(${pkgs.coreutils}/bin/realpath /var/lib/dnschain/.dnschain.conf)" != "${dnschainConf}" ]; then
-              rm -rf /var/lib/dnschain/.dnschain.conf
-              ln -s ${dnschainConf} /var/lib/dnschain/.dnschain.conf
-          fi
-
-          # Create empty namecoin.conf so that dnschain is not
-          # searching for /etc/namecoin/namecoin.conf
-          if [ ! -e /var/lib/dnschain/.namecoin/namecoin.conf ]; then
-              mkdir -p /var/lib/dnschain/.namecoin
-              touch /var/lib/dnschain/.namecoin/namecoin.conf
-          fi
-        '';
-        serviceConfig = {
-          Type = "simple";
-          User = "dnschain";
-          EnvironmentFile = config.services.namecoind.userFile;
-          ExecStart = "${pkgs.dnschain}/bin/dnschain --rpcuser=\${USER} --rpcpassword=\${PASSWORD} --rpcport=8336";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
-        };
-    };
-
-  };
-
-}

nixos/modules/services/networking/dnsmasq.nix

@@ -96,7 +96,7 @@ in
           Type = "dbus";
           BusName = "uk.org.thekelleys.dnsmasq";
           ExecStart = "${dnsmasq}/bin/dnsmasq -k --enable-dbus --user=dnsmasq -C ${dnsmasqConf}";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+          ExecReload = "${dnsmasq}/bin/kill -HUP $MAINPID";
         };
         restartTriggers = [ config.environment.etc.hosts.source ];
     };

nixos/modules/services/networking/namecoind.nix

@@ -1,150 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-  cfg = config.services.namecoind;
-
-  namecoinConf =
-  let
-    useSSL = (cfg.rpcCertificate != null) && (cfg.rpcKey != null);
-  in
-  pkgs.writeText "namecoin.conf" ''
-    server=1
-    daemon=0
-    rpcallowip=127.0.0.1
-    walletpath=${cfg.wallet}
-    gen=${if cfg.generate then "1" else "0"}
-    rpcssl=${if useSSL then "1" else "0"}
-    ${optionalString useSSL "rpcsslcertificatechainfile=${cfg.rpcCertificate}"}
-    ${optionalString useSSL "rpcsslprivatekeyfile=${cfg.rpcKey}"}
-    ${optionalString useSSL "rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH"}
-    txindex=1
-    txprevcache=1
-  '';
-
-in
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.namecoind = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to run namecoind.
-        '';
-      };
-
-      wallet = mkOption {
-        type = types.path;
-        example = "/etc/namecoin/wallet.dat";
-        description = ''
-          Wallet file. The ownership of the file has to be
-          namecoin:namecoin, and the permissions must be 0640.
-        '';
-      };
-
-      userFile = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/user";
-        description = ''
-          File containing the user name and user password to
-          authenticate RPC connections to namecoind.
-          The content of the file is of the form:
-          <literal>
-          USER=namecoin
-          PASSWORD=secret
-          </literal>
-          The ownership of the file has to be namecoin:namecoin,
-          and the permissions must be 0640.
-        '';
-      };
-
-      generate = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to generate (mine) Namecoins.
-        '';
-      };
-
-      rpcCertificate = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/server.cert";
-        description = ''
-          Certificate file for securing RPC connections.
-        '';
-      };
-
-      rpcKey = mkOption {
-        type = types.nullOr types.path;
-        default = null;
-        example = "/etc/namecoin/server.pem";
-        description = ''
-          Key file for securing RPC connections.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    users.extraUsers = singleton
-      { name = "namecoin";
-        uid = config.ids.uids.namecoin;
-        description = "Namecoin daemon user";
-        home = "/var/lib/namecoin";
-        createHome = true;
-      };
-
-    users.extraGroups = singleton
-      { name = "namecoin";
-        gid = config.ids.gids.namecoin;
-      };
-
-    systemd.services.namecoind = {
-        description = "Namecoind Daemon";
-        after = [ "network.target" ];
-        wantedBy = [ "multi-user.target" ];
-        preStart = ''
-          if [  "$(stat --printf '%u' ${cfg.userFile})" != "${toString config.ids.uids.namecoin}" \
-             -o "$(stat --printf '%g' ${cfg.userFile})" != "${toString config.ids.gids.namecoin}" \
-             -o "$(stat --printf '%a' ${cfg.userFile})" != "640" ]; then
-             echo "ERROR: bad ownership or rights on ${cfg.userFile}" >&2
-             exit 1
-          fi
-          if [  "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
-             -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
-             -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
-             echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
-             exit 1
-          fi
-        '';
-        serviceConfig = {
-          Type = "simple";
-          User = "namecoin";
-          EnvironmentFile = cfg.userFile;
-          ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${namecoinConf} -rpcuser=\${USER} -rpcpassword=\${PASSWORD} -printtoconsole";
-          ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
-          ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
-          StandardOutput = "null";
-          Nice = "10";
-        };
-    };
-
-  };
-
-}

nixos/modules/services/networking/ntpd.nix

@@ -6,8 +6,6 @@ let
 
   inherit (pkgs) ntp;
 
-  cfg = config.services.ntp;
-
   stateDir = "/var/lib/ntp";
 
   ntpUser = "ntp";
@@ -18,10 +16,10 @@ let
     restrict 127.0.0.1
     restrict -6 ::1
 
-    ${toString (map (server: "server " + server + " iburst\n") cfg.servers)}
+    ${toString (map (server: "server " + server + " iburst\n") config.services.ntp.servers)}
   '';
 
-  ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup ${toString cfg.extraFlags}";
+  ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup";
 
 in
 
@@ -53,12 +51,6 @@ in
         '';
       };
 
-      extraFlags = mkOption {
-        type = types.listOf types.str;
-        description = "Extra flags passed to the ntpd command.";
-        default = [];
-      };
-
     };
 
   };

nixos/modules/services/networking/openvpn.nix

@@ -67,6 +67,12 @@ in
 
   options = {
 
+    /* !!! Obsolete. */
+    services.openvpn.enable = mkOption {
+      default = true;
+      description = "Whether to enable OpenVPN.";
+    };
+
     services.openvpn.servers = mkOption {
       default = {};
 

nixos/modules/services/networking/syncthing.nix

@@ -36,7 +36,9 @@ in
       dataDir = mkOption {
         default = "/var/lib/syncthing";
         description = ''
-          Path where the settings and keys will exist.
+          Path where the `.syncthing` (settings and keys) and `Sync`
+          (your synced files) directories will exist. This can be your home
+          directory.
         '';
       };
 
@@ -55,12 +57,18 @@ in
         after = [ "network.target" ];
         wantedBy = [ "multi-user.target" ];
         environment.STNORESTART = "placeholder";  # do not self-restart
+        environment.HOME = "${cfg.dataDir}";
         serviceConfig = {
           User = "${cfg.user}";
           PermissionsStartOnly = true;
           Restart = "always";
-          ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";
+          ExecStart = "${pkgs.syncthing}/bin/syncthing -home=${cfg.dataDir}/.syncthing";
         };
+        preStart = ''
+          mkdir -p ${cfg.dataDir}
+          chown ${cfg.user} ${cfg.dataDir}
+        '';
+
       };
 
     environment.systemPackages = [ pkgs.syncthing ];

nixos/modules/services/search/elasticsearch.nix

@@ -37,12 +37,6 @@ in {
       type = types.bool;
     };
 
-    package = mkOption {
-      description = "Elasticsearch package to use.";
-      default = pkgs.elasticsearch;
-      type = types.package;
-    };
-
     host = mkOption {
       description = "Elasticsearch listen address.";
       default = "127.0.0.1";
@@ -129,7 +123,7 @@ in {
       after = [ "network-interfaces.target" ];
       environment = { ES_HOME = cfg.dataDir; };
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}";
+        ExecStart = "${pkgs.elasticsearch}/bin/elasticsearch -Des.path.conf=${configDir} ${toString cfg.extraCmdLineOptions}";
         User = "elasticsearch";
         PermissionsStartOnly = true;
       };
@@ -148,7 +142,7 @@ in {
       '';
     };
 
-    environment.systemPackages = [ cfg.package ];
+    environment.systemPackages = [ pkgs.elasticsearch ];
 
     users.extraUsers = singleton {
       name = "elasticsearch";

nixos/modules/services/security/hologram.nix

@@ -95,7 +95,7 @@ in {
       wantedBy    = [ "multi-user.target" ];
 
       serviceConfig = {
-        ExecStart = "${pkgs.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
+        ExecStart = "${pkgs.goPackages.hologram}/bin/hologram-server --debug --conf ${cfgFile}";
       };
     };
   };

nixos/modules/services/torrent/deluge.nix

@@ -36,8 +36,6 @@ in {
       wantedBy = [ "multi-user.target" ];
       path = [ pkgs.pythonPackages.deluge ];
       serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d";
-      # To prevent "Quit & shutdown daemon" from working; we want systemd to manage it!
-      serviceConfig.Restart = "on-success";
       serviceConfig.User = "deluge";
       serviceConfig.Group = "deluge";
     };

nixos/modules/services/web-servers/apache-httpd/wordpress.nix

@@ -5,8 +5,8 @@ with lib;
 
 let
 
-  version = "4.3";
-  fullversion = "${version}";
+  version = "4.2";
+  fullversion = "${version}.2";
 
   # Our bare-bones wp-config.php file using the above settings
   wordpressConfig = pkgs.writeText "wp-config.php" ''
@@ -40,8 +40,6 @@ let
     RewriteRule ^(.*\.php)$ $1 [L]
     RewriteRule . index.php [L]
     </IfModule>
-
-    ${config.extraHtaccess}
   '';
 
   # WP translation can be found here:
@@ -74,7 +72,7 @@ let
       owner = "WordPress";
       repo = "WordPress";
       rev = "${fullversion}";
-      sha256 = "0sz5jjhjpwqis8336gyq9a77cr4sf8zahd1y4pzmpvpzn9cn503y";
+      sha256 = "0gq1j9b0d0rykql3jzdb2yn4adj0rrcsvqrmj3dzx11ir57ilsgc";
     };
     installPhase = ''
       mkdir -p $out
@@ -222,18 +220,7 @@ in
         settings, see <link xlink:href='http://codex.wordpress.org/Editing_wp-config.php'/>.
       '';
     };
-    extraHtaccess = mkOption {
-      default = "";
-      example =
-        ''
-          php_value upload_max_filesize 20M
-          php_value post_max_size 20M
-        '';
-      description = ''
-        Any additional text to be appended to Wordpress's .htaccess file.
-      '';
-    };
-  };
+  }; 
 
   documentRoot = wordpressRoot;
 

nixos/modules/services/x11/display-managers/default.nix

@@ -114,6 +114,10 @@ let
       rm -rf $HOME/.compose-cache
       mkdir $HOME/.compose-cache
 
+      # Work around KDE errors when a user first logs in and
+      # .local/share doesn't exist yet.
+      mkdir -p $HOME/.local/share
+
       ${cfg.displayManager.sessionCommands}
 
       # Allow the user to execute commands at the beginning of the X session.

nixos/modules/services/x11/display-managers/gdm.nix

@@ -18,49 +18,14 @@ in
 
     services.xserver.displayManager.gdm = {
 
-      enable = mkEnableOption ''
-        GDM as the display manager.
-        <emphasis>GDM is very experimental and may render system unusable.</emphasis>
-      '';
-
-      debug = mkEnableOption ''
-        debugging messages in GDM
-      '';
-
-      autoLogin = mkOption {
-        default = {};
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        example = true;
         description = ''
-          Auto login configuration attrset.
+          Whether to enable GDM as the display manager.
+          <emphasis>GDM is very experimental and may render system unusable.</emphasis>
         '';
-
-        type = types.submodule {
-          options = {
-            enable = mkOption {
-              type = types.bool;
-              default = false;
-              description = ''
-                Automatically log in as the sepecified <option>autoLogin.user</option>.
-              '';
-            };
-
-            user = mkOption {
-              type = types.nullOr types.str;
-              default = null;
-              description = ''
-                User to be used for the autologin.
-              '';
-            };
-
-            delay = mkOption {
-              type = types.int;
-              default = 0;
-              description = ''
-                Seconds of inactivity after which the autologin will be performed.
-              '';
-            };
-
-          };
-        };
       };
 
     };
@@ -72,12 +37,6 @@ in
 
   config = mkIf cfg.gdm.enable {
 
-    assertions = [
-      { assertion = cfg.gdm.autoLogin.enable -> cfg.gdm.autoLogin.user != null;
-        message = "GDM auto-login requires services.xserver.displayManager.gdm.autoLogin.user to be set";
-      }
-    ];
-
     services.xserver.displayManager.slim.enable = false;
 
     users.extraUsers.gdm =
@@ -91,7 +50,7 @@ in
     users.extraGroups.gdm.gid = config.ids.gids.gdm;
 
     services.xserver.displayManager.job =
-      {
+      { 
         environment = {
           GDM_X_SERVER = "${cfg.xserverBin} ${cfg.xserverArgs}";
           GDM_SESSIONS_DIR = "${cfg.session.desktops}";
@@ -106,40 +65,12 @@ in
     systemd.services.display-manager.wants = [ "systemd-machined.service" ];
     systemd.services.display-manager.after = [ "systemd-machined.service" ];
 
-    systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xlibs.xhost pkgs.dbus_tools ];
+    systemd.services.display-manager.path = [ gnome3.gnome_shell gnome3.caribou pkgs.xorg.xhost pkgs.dbus_tools ];
 
     services.dbus.packages = [ gdm ];
 
     programs.dconf.profiles.gdm = "${gdm}/share/dconf/profile/gdm";
 
-    # Use AutomaticLogin if delay is zero, because it's immediate.
-    # Otherwise with TimedLogin with zero seconds the prompt is still
-    # presented and there's a little delay.
-    environment.etc."gdm/custom.conf".text = ''
-      [daemon]
-      ${optionalString cfg.gdm.autoLogin.enable (
-        if cfg.gdm.autoLogin.delay > 0 then ''
-          TimedLoginEnable=true
-          TimedLogin=${cfg.gdm.autoLogin.user}
-          TimedLoginDelay=${toString cfg.gdm.autoLogin.delay}
-        '' else ''
-          AutomaticLoginEnable=true
-          AutomaticLogin=${cfg.gdm.autoLogin.user}
-        '')
-      }
-
-      [security]
-
-      [xdmcp]
-
-      [greeter]
-
-      [chooser]
-
-      [debug]
-      ${optionalString cfg.gdm.debug "Enable=true"}
-    '';
-
     # GDM LFS PAM modules, adapted somehow to NixOS
     security.pam.services = {
       gdm-launch-environment.text = ''
@@ -158,7 +89,7 @@ in
         session  optional       pam_permit.so
       '';
 
-      gdm.text = ''
+     gdm.text = ''
         auth     requisite      pam_nologin.so
         auth     required       pam_env.so
 
@@ -199,7 +130,7 @@ in
           "auth     required       pam_deny.so"}
 
         account  sufficient     pam_unix.so
-
+        
         password requisite      pam_unix.so nullok sha512
         ${optionalString config.security.pam.enableEcryptfs
           "password optional ${pkgs.ecryptfs}/lib/security/pam_ecryptfs.so"}

nixos/modules/services/x11/display-managers/kdm.nix

@@ -19,7 +19,7 @@ let
       ''}
 
       [X-*-Core]
-      Xrdb=${pkgs.xlibs.xrdb}/bin/xrdb
+      Xrdb=${pkgs.xorg.xrdb}/bin/xrdb
       SessionsDirs=${dmcfg.session.desktops}
       Session=${dmcfg.session.script}
       FailsafeClient=${pkgs.xterm}/bin/xterm

nixos/modules/services/x11/redshift.nix

@@ -1,90 +1,58 @@
 { config, lib, pkgs, ... }:
-
 with lib;
-
 let
-
   cfg = config.services.redshift;
 
 in {
-
-  options.services.redshift = {
-    enable = mkOption {
+  options = {
+    services.redshift.enable = mkOption {
       type = types.bool;
       default = false;
       example = true;
-      description = ''
-        Enable Redshift to change your screen's colour temperature depending on
-        the time of day.
-      '';
+      description = "Enable Redshift to change your screen's colour temperature depending on the time of day";
     };
 
-    latitude = mkOption {
+    services.redshift.latitude = mkOption {
+      description = "Your current latitude";
       type = types.str;
-      description = ''
-        Your current latitude.
-      '';
     };
 
-    longitude = mkOption {
+    services.redshift.longitude = mkOption {
+      description = "Your current longitude";
       type = types.str;
-      description = ''
-        Your current longitude.
-      '';
     };
 
-    temperature = {
+    services.redshift.temperature = {
       day = mkOption {
-        type = types.int;
+        description = "Colour temperature to use during day time";
         default = 5500;
-        description = ''
-          Colour temperature to use during the day.
-        '';
-      };
-      night = mkOption {
         type = types.int;
-        default = 3700;
-        description = ''
-          Colour temperature to use at night.
-        '';
-      };
-    };
-
-    brightness = {
-      day = mkOption {
-        type = types.str;
-        default = "1";
-        description = ''
-          Screen brightness to apply during the day,
-          between <literal>0.1</literal> and <literal>1.0</literal>.
-        '';
       };
       night = mkOption {
-        type = types.str;
-        default = "1";
-        description = ''
-          Screen brightness to apply during the night,
-          between <literal>0.1</literal> and <literal>1.0</literal>.
-        '';
+        description = "Colour temperature to use during night time";
+        default = 3700;
+        type = types.int;
       };
     };
 
-    package = mkOption {
-      type = types.package;
-      default = pkgs.redshift;
-      description = ''
-        redshift derivation to use.
-      '';
+    services.redshift.brightness = {
+      day = mkOption {
+        description = "Screen brightness to apply during the day (between 0.1 and 1.0)";
+        default = "1";
+        type = types.str;
+      };
+      night = mkOption {
+        description = "Screen brightness to apply during the night (between 0.1 and 1.0)";
+        default = "1";
+        type = types.str;
+      };
     };
 
-    extraOptions = mkOption {
+    services.redshift.extraOptions = mkOption {
       type = types.listOf types.str;
       default = [];
       example = [ "-v" "-m randr" ];
-      description = ''
-        Additional command-line arguments to pass to
-        <command>redshift</command>.
-      '';
+      description = "Additional command-line arguments to pass to the redshift(1) command";
     };
   };
 
@@ -95,7 +63,7 @@ in {
       after = [ "display-manager.service" ];
       wantedBy = [ "graphical.target" ];
       serviceConfig.ExecStart = ''
-        ${cfg.package}/bin/redshift \
+        ${pkgs.redshift}/bin/redshift \
           -l ${cfg.latitude}:${cfg.longitude} \
           -t ${toString cfg.temperature.day}:${toString cfg.temperature.night} \
           -b ${toString cfg.brightness.day}:${toString cfg.brightness.night} \
@@ -105,5 +73,4 @@ in {
       serviceConfig.Restart = "always";
     };
   };
-
 }

nixos/modules/services/x11/window-managers/wmii.nix

@@ -1,43 +1,47 @@
-{ config, lib, pkgs, options, modulesPath }:
+{ config, lib, pkgs, ... }:
+
+with lib;
 
 let
-  inherit (lib) mkOption mkIf singleton;
+
   cfg = config.services.xserver.windowManager.wmii;
-  wmii = pkgs.wmii_hg;
+
 in
+
 {
   options = {
+
     services.xserver.windowManager.wmii.enable = mkOption {
       default = false;
       example = true;
       description = "Enable the wmii window manager.";
     };
+
   };
 
   config = mkIf cfg.enable {
+
     services.xserver.windowManager.session = singleton
       # stop wmii by
       #   $wmiir xwrite /ctl quit
       # this will cause wmii exiting with exit code 0
-      # (or "mod+a quit", which is bound to do the same thing in wmiirc
-      # by default)
       #
       # why this loop?
       # wmii crashes once a month here. That doesn't matter that much
-      # wmii can recover very well. However without loop the X session
-      # terminates and then your workspace setup is lost and all
-      # applications running on X will terminate.
+      # wmii can recover very well. However without loop the x session terminates and then your workspace setup is
+      # lost and all applications running on X will terminate.
       # Another use case is kill -9 wmii; after rotating screen.
-      # Note: we don't like kill for that purpose. But it works (->
-      # subject "wmii and xrandr" on mailinglist)
+      # Note: we don't like kill for that purpose. But it works (-> subject "wmii and xrandr" on mailinglist)
       { name = "wmii";
         start = ''
           while :; do
-            ${wmii}/bin/wmii && break
+            ${pkgs.wmiiSnap}/bin/wmii && break
           done
         '';
       };
 
-    environment.systemPackages = [ wmii ];
+    environment.systemPackages = [ pkgs.wmiiSnap ];
+
   };
+
 }

nixos/modules/system/boot/stage-1-init.sh

@@ -290,10 +290,23 @@ mountFS() {
         if [ -z "$fsType" ]; then fsType=auto; fi
     fi
 
-    echo "$device /mnt-root$mountPoint $fsType $options" >> /etc/fstab
+    # Filter out x- options, which busybox doesn't do yet.
+    local optionsFiltered="$(IFS=,; for i in $options; do if [ "${i:0:2}" != "x-" ]; then echo -n $i,; fi; done)"
+
+    echo "$device /mnt-root$mountPoint $fsType $optionsFiltered" >> /etc/fstab
 
     checkFS "$device" "$fsType"
 
+    # Optionally resize the filesystem.
+    case $options in
+        *x-nixos.autoresize*)
+            if [ "$fsType" = ext2 -o "$fsType" = ext3 -o "$fsType" = ext4 ]; then
+                echo "resizing $device..."
+                resize2fs "$device"
+            fi
+            ;;
+    esac
+
     # Create backing directories for unionfs-fuse.
     if [ "$fsType" = unionfs-fuse ]; then
         for i in $(IFS=:; echo ${options##*,dirs=}); do

nixos/modules/system/boot/stage-1.nix

@@ -70,6 +70,12 @@ let
       copy_bin_and_libs ${pkgs.kmod}/bin/kmod
       ln -sf kmod $out/bin/modprobe
 
+      # Copy resize2fs if needed.
+      ${optionalString (any (fs: fs.autoResize) (attrValues config.fileSystems)) ''
+        # We need mke2fs in the initrd.
+        copy_bin_and_libs ${pkgs.e2fsprogs}/sbin/resize2fs
+      ''}
+
       ${config.boot.initrd.extraUtilsCommands}
 
       # Copy ld manually since it isn't detected correctly
@@ -393,7 +399,6 @@ in
       }
     ];
 
-
     system.build.bootStage1 = bootStage1;
     system.build.initialRamdisk = initialRamdisk;
     system.build.extraUtils = extraUtils;

nixos/modules/tasks/filesystems.nix

@@ -7,7 +7,7 @@ let
 
   fileSystems = attrValues config.fileSystems;
 
-  prioOption = prio: optionalString (prio !=null) " pri=${toString prio}";
+  prioOption = prio: optionalString (prio != null) " pri=${toString prio}";
 
   fileSystemOpts = { name, config, ... }: {
 
@@ -41,9 +41,9 @@ let
       };
 
       options = mkOption {
-        default = "defaults,relatime";
+        default = "defaults";
         example = "data=journal";
-        type = types.commas;
+        type = types.commas; # FIXME: should be a list
         description = "Options used to mount the file system.";
       };
 
@@ -58,6 +58,17 @@ let
         '';
       };
 
+      autoResize = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If set, the filesystem is grown to its maximum size before
+          being mounted. (This is typically the size of the containing
+          partition.) This is currently only supported for ext2/3/4
+          filesystems that are mounted during early boot.
+        '';
+      };
+
       noCheck = mkOption {
         default = false;
         type = types.bool;
@@ -69,6 +80,7 @@ let
     config = {
       mountPoint = mkDefault name;
       device = mkIf (config.fsType == "tmpfs") (mkDefault config.fsType);
+      options = mkIf config.autoResize "x-nixos.autoresize";
     };
 
   };
@@ -141,7 +153,7 @@ in
 
     environment.etc.fstab.text =
       let
-        fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" ];
+        fsToSkipCheck = [ "none" "btrfs" "zfs" "tmpfs" "nfs" "vboxsf" ];
         skipCheck = fs: fs.noCheck || fs.device == "none" || builtins.elem fs.fsType fsToSkipCheck;
       in ''
         # This is a generated file.  Do not edit!

nixos/modules/tasks/filesystems/vboxsf.nix

@@ -0,0 +1,23 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  inInitrd = any (fs: fs == "vboxsf") config.boot.initrd.supportedFilesystems;
+
+  package = pkgs.runCommand "mount.vboxsf" {} ''
+    mkdir -p $out/bin
+    cp ${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/mount.vboxsf $out/bin
+  '';
+in
+
+{
+  config = mkIf (any (fs: fs == "vboxsf") config.boot.supportedFilesystems) {
+
+    system.fsPackages = [ package ];
+
+    boot.initrd.kernelModules = mkIf inInitrd [ "vboxsf" ];
+
+  };
+}

nixos/modules/virtualisation/amazon-config.nix

@@ -1,3 +0,0 @@
-{
-  imports = [ <nixpkgs/nixos/modules/virtualisation/amazon-image.nix> ];
-}

nixos/modules/virtualisation/amazon-grow-partition.nix

@@ -0,0 +1,50 @@
+# This module automatically grows the root partition on Amazon EC2 HVM
+# instances. This allows an instance to be created with a bigger root
+# filesystem than provided by the AMI.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  growpart = pkgs.stdenv.mkDerivation {
+    name = "growpart";
+    src = pkgs.fetchurl {
+      url = "https://launchpad.net/cloud-utils/trunk/0.27/+download/cloud-utils-0.27.tar.gz";
+      sha256 = "16shlmg36lidp614km41y6qk3xccil02f5n3r4wf6d1zr5n4v8vd";
+    };
+    patches = [ ./growpart-util-linux-2.26.patch ];
+    buildPhase = ''
+      cp bin/growpart $out
+      sed -i 's|awk|gawk|' $out
+      sed -i 's|sed|gnused|' $out
+    '';
+    dontInstall = true;
+    dontPatchShebangs = true;
+  };
+
+in
+
+{
+
+  config = mkIf config.ec2.hvm {
+
+    boot.initrd.extraUtilsCommands = ''
+      copy_bin_and_libs ${pkgs.gawk}/bin/gawk
+      copy_bin_and_libs ${pkgs.gnused}/bin/sed
+      copy_bin_and_libs ${pkgs.utillinux}/sbin/sfdisk
+      cp -v ${growpart} $out/bin/growpart
+      ln -s sed $out/bin/gnused
+    '';
+
+    boot.initrd.postDeviceCommands = ''
+      if [ -e /dev/xvda ] && [ -e /dev/xvda1 ]; then
+        TMPDIR=/run sh $(type -P growpart) /dev/xvda 1
+        udevadm settle
+      fi
+    '';
+
+  };
+
+}

nixos/modules/virtualisation/amazon-image.nix

@@ -1,105 +1,40 @@
+# Configuration for Amazon EC2 instances. (Note that this file is a
+# misnomer - it should be "amazon-config.nix" or so, not
+# "amazon-image.nix", since it's used not only to build images but
+# also to reconfigure instances. However, we can't rename it because
+# existing "configuration.nix" files on EC2 instances refer to it.)
+
 { config, lib, pkgs, ... }:
 
 with lib;
-let
-  cfg = config.ec2;
-in
+
+let cfg = config.ec2; in
+
 {
-  imports = [ ../profiles/headless.nix ./ec2-data.nix ];
+  imports = [ ../profiles/headless.nix ./ec2-data.nix ./amazon-grow-partition.nix ];
 
   config = {
-    system.build.amazonImage =
-      pkgs.vmTools.runInLinuxVM (
-        pkgs.runCommand "amazon-image"
-          { preVM =
-              ''
-                mkdir $out
-                diskImage=$out/nixos.img
-                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "8G"
-                mv closure xchg/
-              '';
-            buildInputs = [ pkgs.utillinux pkgs.perl ];
-            exportReferencesGraph =
-              [ "closure" config.system.build.toplevel ];
-          }
-          ''
-            ${if cfg.hvm then ''
-              # Create a single / partition.
-              ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
-              ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
-              . /sys/class/block/vda1/uevent
-              mknod /dev/vda1 b $MAJOR $MINOR
 
-              # Create an empty filesystem and mount it.
-              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
-              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
-              mkdir /mnt
-              mount /dev/vda1 /mnt
-            '' else ''
-              # Create an empty filesystem and mount it.
-              ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda
-              ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda
-              mkdir /mnt
-              mount /dev/vda /mnt
-            ''}
-
-            # The initrd expects these directories to exist.
-            mkdir /mnt/dev /mnt/proc /mnt/sys
-
-            mount -o bind /proc /mnt/proc
-            mount -o bind /dev /mnt/dev
-            mount -o bind /sys /mnt/sys
-
-            # Copy all paths in the closure to the filesystem.
-            storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
-
-            mkdir -p /mnt/nix/store
-            echo "copying everything (will take a while)..."
-            cp -prd $storePaths /mnt/nix/store/
-
-            # Register the paths in the Nix database.
-            printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
-                chroot /mnt ${config.nix.package}/bin/nix-store --load-db --option build-users-group ""
-
-            # Create the system profile to allow nixos-rebuild to work.
-            chroot /mnt ${config.nix.package}/bin/nix-env --option build-users-group "" \
-                -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
-
-            # `nixos-rebuild' requires an /etc/NIXOS.
-            mkdir -p /mnt/etc
-            touch /mnt/etc/NIXOS
-
-            # `switch-to-configuration' requires a /bin/sh
-            mkdir -p /mnt/bin
-            ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
-
-            # Install a configuration.nix.
-            mkdir -p /mnt/etc/nixos
-            cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix
-
-            # Generate the GRUB menu.
-            ln -s vda /dev/xvda
-            chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
-
-            umount /mnt/proc /mnt/dev /mnt/sys
-            umount /mnt
-          ''
-      );
-
-    fileSystems."/".device = "/dev/disk/by-label/nixos";
+    fileSystems."/" = {
+      device = "/dev/disk/by-label/nixos";
+      autoResize = true;
+    };
 
     boot.initrd.kernelModules = [ "xen-blkfront" ];
     boot.kernelModules = [ "xen-netfront" ];
+    boot.kernelParams = mkIf cfg.hvm [ "console=ttyS0" ];
 
     # Prevent the nouveau kernel module from being loaded, as it
     # interferes with the nvidia/nvidia-uvm modules needed for CUDA.
-    boot.blacklistedKernelModules = [ "nouveau" ];
+    # Also blacklist xen_fbfront to prevent a 30 second delay during
+    # boot.
+    boot.blacklistedKernelModules = [ "nouveau" "xen_fbfront" ];
 
     # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
     boot.loader.grub.version = if cfg.hvm then 2 else 1;
     boot.loader.grub.device = if cfg.hvm then "/dev/xvda" else "nodev";
     boot.loader.grub.timeout = 0;
-    boot.loader.grub.extraPerEntryConfig = "root (hd0${lib.optionalString cfg.hvm ",0"})";
+    boot.loader.grub.extraPerEntryConfig = mkIf (!cfg.hvm) "root (hd0)";
 
     boot.initrd.postDeviceCommands =
       ''

nixos/modules/virtualisation/containers.nix

@@ -12,12 +12,6 @@ let
     perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
     su = "${pkgs.shadow.su}/bin/su";
     inherit (pkgs) utillinux;
-
-    postInstall = ''
-      t=$out/etc/bash_completion.d
-      mkdir -p $t
-      cp ${./nixos-container-completion.sh} $t/nixos-container
-    '';
   };
 
   # The container's init script, a small wrapper around the regular

nixos/modules/virtualisation/ec2-data.nix

@@ -9,7 +9,7 @@ with lib;
 {
   config = {
 
-    systemd.services."fetch-ec2-data" =
+    systemd.services.fetch-ec2-data =
       { description = "Fetch EC2 Data";
 
         wantedBy = [ "multi-user.target" "sshd.service" ];
@@ -35,10 +35,8 @@ with lib;
                 mkdir -m 0700 -p /root/.ssh
                 $wget http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key > /root/key.pub
                 if [ $? -eq 0 -a -e /root/key.pub ]; then
-                    if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
-                        cat /root/key.pub >> /root/.ssh/authorized_keys
-                        echo "new key added to authorized_keys"
-                    fi
+                    cat /root/key.pub >> /root/.ssh/authorized_keys
+                    echo "new key added to authorized_keys"
                     chmod 600 /root/.ssh/authorized_keys
                     rm -f /root/key.pub
                 fi
@@ -48,13 +46,22 @@ with lib;
             # the supplied user data, if available.  Otherwise sshd will
             # generate one normally.
             $wget http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
+
+            mkdir -m 0755 -p /etc/ssh
+
             key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
             key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
             if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
-                mkdir -m 0755 -p /etc/ssh
                 (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
                 echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
             fi
+
+            key="$(sed 's/|/\n/g; s/SSH_HOST_ED25519_KEY://; t; d' /root/user-data)"
+            key_pub="$(sed 's/SSH_HOST_ED25519_KEY_PUB://; t; d' /root/user-data)"
+            if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_ed25519_key ]; then
+                (umask 077; echo "$key" > /etc/ssh/ssh_host_ed25519_key)
+                echo "$key_pub" > /etc/ssh/ssh_host_ed25519_key.pub
+            fi
           '';
 
         serviceConfig.Type = "oneshot";
@@ -71,7 +78,9 @@ with lib;
             # can obtain it securely by parsing the output of
             # ec2-get-console-output.
             echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
-            ${config.programs.ssh.package}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
+            for i in /etc/ssh/ssh_host_*_key.pub; do
+                ${config.programs.ssh.package}/bin/ssh-keygen -l -f $i > /dev/console
+            done
             echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
           '';
         serviceConfig.Type = "oneshot";

nixos/modules/virtualisation/growpart-util-linux-2.26.patch

@@ -0,0 +1,88 @@
+From 1895d10a7539d055a4e0206af1e7a9e5ea32a4f7 Mon Sep 17 00:00:00 2001
+From: Juerg Haefliger <juerg.haefliger@hp.com>
+Date: Wed, 25 Mar 2015 13:59:20 +0100
+Subject: [PATCH] Support new sfdisk version 2.26
+
+The sfdisk usage with version 2.26 changed. Specifically, the option
+--show-pt-geometry and functionality for CHS have been removed.
+Also, restoring a backup MBR now needs to be done using dd.
+---
+ bin/growpart | 28 ++++++++++------------------
+ 1 file changed, 10 insertions(+), 18 deletions(-)
+
+diff --git a/bin/growpart b/bin/growpart
+index 595c40b..d4c995b 100755
+--- a/bin/growpart
++++ b/bin/growpart
+@@ -28,7 +28,6 @@ PART=""
+ PT_UPDATE=false
+ DRY_RUN=0
+ 
+-MBR_CHS=""
+ MBR_BACKUP=""
+ GPT_BACKUP=""
+ _capture=""
+@@ -133,7 +132,8 @@ bad_Usage() {
+ }
+ 
+ mbr_restore() {
+-	sfdisk --no-reread "${DISK}" ${MBR_CHS} -I "${MBR_BACKUP}"
++	dd if="${MBR_BACKUP}-${DISK#/dev/}-0x00000000.bak" of="${DISK}" bs=1 \
++		conv=notrunc
+ }
+ 
+ sfdisk_worked_but_blkrrpart_failed() {
+@@ -148,34 +148,26 @@ sfdisk_worked_but_blkrrpart_failed() {
+ 
+ mbr_resize() {
+ 	RESTORE_HUMAN="${TEMP_D}/recovery"
+-	MBR_BACKUP="${TEMP_D}/orig.save"
++	MBR_BACKUP="${TEMP_D}/backup"
+ 
+ 	local change_out=${TEMP_D}/change.out
+ 	local dump_out=${TEMP_D}/dump.out
+ 	local new_out=${TEMP_D}/new.out
+ 	local dump_mod=${TEMP_D}/dump.mod
+-	local tmp="${TEMP_D}/tmp.out"
+-	local err="${TEMP_D}/err.out"
+ 
+-	local _devc cyl _w1 heads _w2 sectors _w3 tot dpart
++	local tot dpart
+ 	local pt_start pt_size pt_end max_end new_size change_info
+ 
+-	# --show-pt-geometry outputs something like
+-	#     /dev/sda: 164352 cylinders, 4 heads, 32 sectors/track
+-	rqe sfd_geom sfdisk "${DISK}" --show-pt-geometry >"${tmp}" &&
+-		read _devc cyl _w1 heads _w2 sectors _w3 <"${tmp}" &&
+-		MBR_CHS="-C ${cyl} -H ${heads} -S ${sectors}" ||
+-		fail "failed to get CHS from ${DISK}"
++	tot=$(sfdisk --list "${DISK}" | awk '{ print $(NF-1) ; exit }') ||
++		fail "failed to get total number of sectors from ${DISK}"
+ 
+-	tot=$((${cyl}*${heads}*${sectors}))
++	debug 1 "total number of sectors of ${DISK} is ${tot}"
+ 
+-	debug 1 "geometry is ${MBR_CHS}. total size=${tot}"
+-	rqe sfd_dump sfdisk ${MBR_CHS} --unit=S --dump "${DISK}" \
++	rqe sfd_dump sfdisk --dump "${DISK}" \
+ 		>"${dump_out}" ||
+ 		fail "failed to dump sfdisk info for ${DISK}"
+-
+ 	{
+-		echo "## sfdisk ${MBR_CHS} --unit=S --dump ${DISK}"
++		echo "## sfdisk --dump ${DISK}"
+ 		cat "${dump_out}"
+ 	}  >"${RESTORE_HUMAN}"
+ 	[ $? -eq 0 ] || fail "failed to save sfdisk -d output"
+@@ -237,7 +229,7 @@ mbr_resize() {
+ 		exit 0
+ 	fi
+ 
+-	LANG=C sfdisk --no-reread "${DISK}" ${MBR_CHS} --force \
++	LANG=C sfdisk --no-reread "${DISK}" --force \
+ 		-O "${MBR_BACKUP}" <"${new_out}" >"${change_out}" 2>&1
+ 	ret=$?
+ 	[ $ret -eq 0 ] || RESTORE_FUNC="mbr_restore"
+-- 
+2.1.4
+

nixos/modules/virtualisation/lxd.nix

@@ -1,64 +0,0 @@
-# Systemd services for lxd.
-
-{ config, lib, pkgs, ... }:
-
-with lib;
-
-let
-
-  cfg = config.virtualisation.lxd;
-
-in
-
-{
-  ###### interface
-
-  options = {
-
-    virtualisation.lxd.enable =
-      mkOption {
-        type = types.bool;
-        default = false;
-        description =
-          ''
-            This option enables lxd, a daemon that manages
-            containers. Users in the "lxd" group can interact with
-            the daemon (e.g. to start or stop containers) using the
-            <command>lxc</command> command line tool, among others.
-          '';
-      };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf cfg.enable {
-
-    environment.systemPackages =
-      [ pkgs.lxd ];
-
-    systemd.services.lxd =
-      { description = "LXD Container Management Daemon";
-
-        wantedBy = [ "multi-user.target" ];
-        after = [ "systemd-udev-settle.service" ];
-
-        # TODO(wkennington): Add lvm2 and thin-provisioning-tools
-        path = with pkgs; [ acl rsync gnutar xz btrfsProgs ];
-
-        serviceConfig.ExecStart = "@${pkgs.lxd}/bin/lxd lxd --syslog --group lxd";
-        serviceConfig.Type = "simple";
-        serviceConfig.KillMode = "process"; # when stopping, leave the containers alone
-      };
-
-    users.extraGroups.lxd.gid = config.ids.gids.lxd;
-
-    users.extraUsers.root = {
-      subUidRanges = [ { startUid = 1000000; count = 65536; } ];
-      subGidRanges = [ { startGid = 1000000; count = 65536; } ];
-    };
-
-  };
-
-}

nixos/modules/virtualisation/nixos-container-completion.sh

@@ -1,33 +0,0 @@
-#!/usr/bin/env bash
-
-_nixos-container() {
-    local cur prev opts
-    COMPREPLY=()
-    cur="${COMP_WORDS[COMP_CWORD]}"
-    prev="${COMP_WORDS[COMP_CWORD-1]}"
-    opts="list create destroy start stop status update login root-login run show-ip show-host-key"
-    startstop_opts=$(nixos-container list)
-    update_opts="--config"
-
-    if [[ "$prev" == "nixos-container" ]]
-    then
-        COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-        return 0
-    fi
-
-    if [[ $(echo "$opts" | grep "$prev") ]]
-    then
-        if [[ "$prev" == "start" || "$prev" == "stop" ]]
-        then
-            COMPREPLY=( $(compgen -W "${startstop_opts}" -- ${cur}) )
-            return 0
-        elif [[ "$prev" == "update" ]]
-        then
-            COMPREPLY=( $(compgen -W "${update_opts}" -- ${cur}) )
-            return 0
-        fi
-    fi
-}
-
-complete -F _nixos-container nixos-container
-

nixos/modules/virtualisation/parallels-guest.nix

@@ -17,7 +17,7 @@ in
         type = types.bool;
         default = false;
         description = ''
-          This enables Parallels Tools for Linux guests, along with provided
+          This enables Parallel Tools for Linux guests, along with provided
           video, mouse and other hardware drivers.
         '';
       };

nixos/modules/virtualisation/virtualbox-guest.nix

@@ -32,7 +32,8 @@ in
 
     boot.extraModulePackages = [ kernel.virtualboxGuestAdditions ];
 
-    boot.kernelModules = [ "vboxsf" ];
+    boot.supportedFilesystems = [ "vboxsf" ];
+    boot.initrd.supportedFilesystems = [ "vboxsf" ];
 
     users.extraGroups.vboxsf.gid = config.ids.gids.vboxsf;
 

nixos/modules/virtualisation/virtualbox-image.nix

@@ -11,93 +11,37 @@ in {
   options = {
     virtualbox = {
       baseImageSize = mkOption {
-        type = types.str;
-        default = "10G";
+        type = types.int;
+        default = 10 * 1024;
         description = ''
-          The size of the VirtualBox base image. The size string should be on
-          a format the qemu-img command accepts.
+          The size of the VirtualBox base image in MiB.
         '';
       };
     };
   };
 
   config = {
-    system.build.virtualBoxImage =
-      pkgs.vmTools.runInLinuxVM (
-        pkgs.runCommand "virtualbox-image"
-          { memSize = 768;
-            preVM =
-              ''
-                mkdir $out
-                diskImage=$out/image
-                ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "${cfg.baseImageSize}"
-                mv closure xchg/
-              '';
-            postVM =
-              ''
-                echo "creating VirtualBox disk image..."
-                ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
-                rm $diskImage
-              '';
-            buildInputs = [ pkgs.utillinux pkgs.perl ];
-            exportReferencesGraph =
-              [ "closure" config.system.build.toplevel ];
+
+    system.build.virtualBoxImage = import ../../lib/make-disk-image.nix {
+      inherit pkgs lib config;
+      partitioned = true;
+      diskSize = cfg.baseImageSize;
+
+      configFile = pkgs.writeText "configuration.nix"
+        ''
+          {
+            imports = [ <nixpkgs/nixos/modules/virtualisation/virtualbox-image.nix> ];
           }
-          ''
-            # Create a single / partition.
-            ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
-            ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
-            . /sys/class/block/vda1/uevent
-            mknod /dev/vda1 b $MAJOR $MINOR
-  
-            # Create an empty filesystem and mount it.
-            ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
-            ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
-            mkdir /mnt
-            mount /dev/vda1 /mnt
-  
-            # The initrd expects these directories to exist.
-            mkdir /mnt/dev /mnt/proc /mnt/sys
-            mount --bind /proc /mnt/proc
-            mount --bind /dev /mnt/dev
-            mount --bind /sys /mnt/sys
-  
-            # Copy all paths in the closure to the filesystem.
-            storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
-  
-            echo "filling Nix store..."
-            mkdir -p /mnt/nix/store
-            set -f
-            cp -prd $storePaths /mnt/nix/store/
-  
-            mkdir -p /mnt/etc/nix
-            echo 'build-users-group = ' > /mnt/etc/nix/nix.conf
-  
-            # Register the paths in the Nix database.
-            printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
-                chroot /mnt ${config.nix.package}/bin/nix-store --load-db
-  
-            # Create the system profile to allow nixos-rebuild to work.
-            chroot /mnt ${config.nix.package}/bin/nix-env \
-                -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
-  
-            # `nixos-rebuild' requires an /etc/NIXOS.
-            mkdir -p /mnt/etc/nixos
-            touch /mnt/etc/NIXOS
-  
-            # `switch-to-configuration' requires a /bin/sh
-            mkdir -p /mnt/bin
-            ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
-  
-            # Generate the GRUB menu.
-            ln -s vda /dev/sda
-            chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
-  
-            umount /mnt/proc /mnt/dev /mnt/sys
-            umount /mnt
-          ''
-      );
-  
+        '';
+
+      postVM =
+        ''
+          echo "creating VirtualBox disk image..."
+          ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
+          rm $diskImage
+        '';
+    };
+
     system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
       { buildInputs = [ pkgs.linuxPackages.virtualbox ];
         vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
@@ -109,7 +53,8 @@ in {
         VBoxManage createvm --name "$vmName" --register \
           --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
         VBoxManage modifyvm "$vmName" \
-          --memory 1536 --acpi on --vram 10 \
+          --memory 1536 --acpi on --vram 32 \
+          ${optionalString (pkgs.stdenv.system == "i686-linux") "--pae on"} \
           --nictype1 virtio --nic1 nat \
           --audiocontroller ac97 --audio alsa \
           --rtcuseutc on \
@@ -117,17 +62,17 @@ in {
         VBoxManage storagectl "$vmName" --name SATA --add sata --portcount 4 --bootable on --hostiocache on
         VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
           --medium ${config.system.build.virtualBoxImage}/disk.vdi
-  
+
         echo "exporting VirtualBox VM..."
         mkdir -p $out
         VBoxManage export "$vmName" --output "$out/$fileName"
       '';
-  
+
     fileSystems."/".device = "/dev/disk/by-label/nixos";
-  
-    boot.loader.grub.version = 2;
+
     boot.loader.grub.device = "/dev/sda";
-  
+
     virtualisation.virtualbox.guest.enable = true;
+
   };
 }

nixos/release.nix

@@ -9,7 +9,7 @@ let
 
   version = builtins.readFile ../.version;
   versionSuffix =
-    (if stableBranch then "." else "pre") + "${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
+    (if stableBranch then "." else "pre") + "${toString (nixpkgs.revCount - 67824)}.${nixpkgs.shortRev}";
 
   forAllSystems = genAttrs supportedSystems;
 
@@ -220,13 +220,12 @@ in rec {
   tests.dockerRegistry = hydraJob (import tests/docker-registry.nix { system = "x86_64-linux"; });
   tests.etcd = hydraJob (import tests/etcd.nix { system = "x86_64-linux"; });
   tests.ec2-nixops = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-nixops;
-  tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
+  #tests.ec2-config = hydraJob (import tests/ec2.nix { system = "x86_64-linux"; }).boot-ec2-config;
   tests.firefox = callTest tests/firefox.nix {};
   tests.firewall = callTest tests/firewall.nix {};
   tests.fleet = hydraJob (import tests/fleet.nix { system = "x86_64-linux"; });
   #tests.gitlab = callTest tests/gitlab.nix {};
   tests.gnome3 = callTest tests/gnome3.nix {};
-  tests.gnome3-gdm = callTest tests/gnome3-gdm.nix {};
   tests.i3wm = callTest tests/i3wm.nix {};
   tests.installer.grub1 = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).grub1.test);
   tests.installer.lvm = forAllSystems (system: hydraJob (import tests/installer.nix { inherit system; }).lvm.test);

nixos/tests/chromium.nix

@@ -44,8 +44,6 @@ import ./make-test.nix (
           search --onlyvisible --name "startup done"
           windowfocus --sync
           windowactivate --sync
-        ''}");
-        $machine->execute("${xdo "new-window" ''
           key Ctrl+n
         ''}");
       });
@@ -57,8 +55,6 @@ import ./make-test.nix (
           search --onlyvisible --name "new tab"
           windowfocus --sync
           windowactivate --sync
-        ''}");
-        $machine->execute("${xdo "close-window" ''
           key Ctrl+w
         ''}");
         for (1..20) {
@@ -159,8 +155,6 @@ import ./make-test.nix (
           $machine->succeed("${xdo "submit-url" ''
             search --sync --onlyvisible --name "sandbox status"
             windowfocus --sync
-          ''}");
-          $machine->succeed("${xdo "submit-url" ''
             key --delay 1000 Ctrl+a Ctrl+c
           ''}");
 

nixos/tests/ec2.nix

@@ -9,9 +9,18 @@ let
     (import ../lib/eval-config.nix {
       inherit system;
       modules = [
-        ../maintainers/scripts/ec2/amazon-hvm-config.nix
+        ../maintainers/scripts/ec2/amazon-image.nix
         ../../nixos/modules/testing/test-instrumentation.nix
-        { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ]; }
+        { boot.initrd.kernelModules = [ "virtio" "virtio_blk" "virtio_pci" "virtio_ring" ];
+          ec2.hvm = true;
+
+          # Hack to make the partition resizing work in QEMU.
+          boot.initrd.postDeviceCommands = mkBefore
+            ''
+              ln -s vda /dev/xvda
+              ln -s vda1 /dev/xvda1
+            '';
+        }
       ];
     }).config.system.build.amazonImage;
 
@@ -34,41 +43,49 @@ let
       nodes = {};
       testScript =
         ''
-          use File::Temp qw/ tempfile /;
-          my ($fh, $filename) = tempfile();
+          my $imageDir = ($ENV{'TMPDIR'} // "/tmp") . "/vm-state-machine";
+          mkdir $imageDir, 0700;
+          my $diskImage = "$imageDir/machine.qcow2";
+          system("qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $diskImage") == 0 or die;
+          system("qemu-img resize $diskImage 10G") == 0 or die;
 
-          `qemu-img create -f qcow2 -o backing_file=${image}/nixos.img $filename`;
-
-          my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.254.0.0/16,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'";
-          $startCommand .= " -drive file=" . Cwd::abs_path($filename) . ",if=virtio,werror=report";
+          # Note: we use net=169.0.0.0/8 rather than
+          # net=169.254.0.0/16 to prevent dhcpcd from getting horribly
+          # confused. (It would get a DHCP lease in the 169.254.*
+          # range, which it would then configure and prompty delete
+          # again when it deletes link-local addresses.) Ideally we'd
+          # turn off the DHCP server, but qemu does not have an option
+          # to do that.
+          my $startCommand = "qemu-kvm -m 768 -net nic -net 'user,net=169.0.0.0/8,guestfwd=tcp:169.254.169.254:80-cmd:${pkgs.micro-httpd}/bin/micro_httpd ${metaData}'";
+          $startCommand .= " -drive file=$diskImage,if=virtio,werror=report";
           $startCommand .= " \$QEMU_OPTS";
 
           my $machine = createMachine({ startCommand => $startCommand });
+
           ${script}
         '';
     };
 
-  snakeOilPrivateKey = [
-    "-----BEGIN EC PRIVATE KEY-----"
-    "MHcCAQEEIHQf/khLvYrQ8IOika5yqtWvI0oquHlpRLTZiJy5dRJmoAoGCCqGSM49"
-    "AwEHoUQDQgAEKF0DYGbBwbj06tA3fd/+yP44cvmwmHBWXZCKbS+RQlAKvLXMWkpN"
-    "r1lwMyJZoSGgBHoUahoYjTh9/sJL7XLJtA=="
-    "-----END EC PRIVATE KEY-----"
-  ];
+  snakeOilPrivateKey = ''
+    -----BEGIN OPENSSH PRIVATE KEY-----
+    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+    QyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1QAAAJDufJ4S7nye
+    EgAAAAtzc2gtZWQyNTUxOQAAACDEPmwZv5dDPrMUaq0dDP+6eBTTe+QNrz14KBEIdhHd1Q
+    AAAECgwbDlYATM5/jypuptb0GF/+zWZcJfoVIFBG3LQeRyGsQ+bBm/l0M+sxRqrR0M/7p4
+    FNN75A2vPXgoEQh2Ed3VAAAADEVDMiB0ZXN0IGtleQE=
+    -----END OPENSSH PRIVATE KEY-----
+  '';
+
+  snakeOilPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQ+bBm/l0M+sxRqrR0M/7p4FNN75A2vPXgoEQh2Ed3V EC2 test key";
 
-  snakeOilPublicKey = pkgs.lib.concatStrings [
-    "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHA"
-    "yNTYAAABBBChdA2BmwcG49OrQN33f/sj+OHL5sJhwVl2Qim0vkUJQCry1zFpKTa"
-    "9ZcDMiWaEhoAR6FGoaGI04ff7CS+1yybQ= snakeoil"
-  ];
 in {
   boot-ec2-nixops = makeEc2Test {
     name         = "nixops-userdata";
     sshPublicKey = snakeOilPublicKey; # That's right folks! My user's key is also the host key!
 
     userData = ''
-      SSH_HOST_DSA_KEY_PUB:${snakeOilPublicKey}
-      SSH_HOST_DSA_KEY:${pkgs.lib.concatStringsSep "|" snakeOilPrivateKey}
+      SSH_HOST_ED25519_KEY_PUB:${snakeOilPublicKey}
+      SSH_HOST_ED25519_KEY:${replaceStrings ["\n"] ["|"] snakeOilPrivateKey}
     '';
     script = ''
       $machine->start;
@@ -80,8 +97,9 @@ in {
 
       # Let's install our client private key
       $machine->succeed("mkdir -p ~/.ssh");
-      ${concatMapStrings (s: "$machine->succeed('echo ${s} >> ~/.ssh/id_ecdsa');") snakeOilPrivateKey}
-      $machine->succeed("chmod 600 ~/.ssh/id_ecdsa");
+
+      $machine->succeed("echo '${snakeOilPrivateKey}' > ~/.ssh/id_ed25519");
+      $machine->succeed("chmod 600 ~/.ssh/id_ed25519");
 
       # We haven't configured the host key yet, so this should still fail
       $machine->fail("ssh -o BatchMode=yes localhost exit");
@@ -90,7 +108,16 @@ in {
       $machine->succeed("echo localhost,127.0.0.1 ${snakeOilPublicKey} > ~/.ssh/known_hosts");
       $machine->succeed("ssh -o BatchMode=yes localhost exit");
 
+      # Test whether the root disk was resized.
+      my $blocks = $machine->succeed("stat -c %b -f /");
+      my $bsize = $machine->succeed("stat -c %S -f /");
+      my $size = $blocks * $bsize;
+      die "wrong free space $size" if $size < 9.7 * 1024 * 1024 * 1024 || $size > 10 * 1024 * 1024 * 1024;
+
+      # Just to make sure resizing is idempotent.
       $machine->shutdown;
+      $machine->start;
+      $machine->waitForFile("/root/user-data");
     '';
   };
 

nixos/tests/gnome3-gdm.nix

@@ -1,39 +0,0 @@
-import ./make-test.nix ({ pkgs, ...} : {
-  name = "gnome3-gdm";
-  meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ lethalman ];
-  };
-
-  machine =
-    { config, pkgs, ... }:
-
-    { imports = [ ./common/user-account.nix ];
-
-      services.xserver.enable = true;
-
-      services.xserver.displayManager.gdm = {
-        enable = true;
-        autoLogin = {
-          enable = true;
-          user = "alice";
-        };
-      };
-      services.xserver.desktopManager.gnome3.enable = true;
-
-      virtualisation.memorySize = 512;
-    };
-
-  testScript =
-    ''
-      $machine->waitForX;
-      $machine->sleep(15);
-
-      # Check that logging in has given the user ownership of devices.
-      $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
-
-      $machine->succeed("su - alice -c 'DISPLAY=:0.0 gnome-terminal &'");
-      $machine->waitForWindow(qr/Terminal/);
-      $machine->sleep(20);
-      $machine->screenshot("screen");
-    '';
-})

nixos/tests/make-test.nix

@@ -2,4 +2,4 @@ f: { system ? builtins.currentSystem, ... } @ args:
 
 with import ../lib/testing.nix { inherit system; };
 
-makeTest (if builtins.isFunction f then f (args // { inherit pkgs; }) else f)
+makeTest (if builtins.isFunction f then f (args // { inherit pkgs; inherit (pkgs) lib; }) else f)

nixos/tests/resize-root.nix

@@ -0,0 +1,36 @@
+import ./make-test.nix ({ pkgs, lib, ...} : {
+
+  meta.maintainers = [ lib.maintainers.eelco ];
+
+  machine = { config, pkgs, ... }: {
+    virtualisation.diskSize = 512;
+    fileSystems = lib.mkVMOverride {
+      "/".autoResize = true;
+    };
+  };
+
+  testScript =
+    ''
+      # Create a VM with a 512 MiB disk.
+      $machine->start;
+      $machine->waitForUnit("multi-user.target");
+      my $blocks = $machine->succeed("stat -c %b -f /");
+      my $bsize = $machine->succeed("stat -c %S -f /");
+      my $size = $blocks * $bsize;
+      die "wrong free space $size" if $size < 480 * 1024 * 1024 || $size > 512 * 1024 * 1024;
+      $machine->succeed("touch /marker");
+      $machine->shutdown;
+
+      # Grow the disk to 1024 MiB.
+      system("qemu-img resize vm-state-machine/machine.qcow2 1024M") == 0 or die;
+
+      # Start the VM again and check whether the initrd has correctly
+      # grown the root filesystem.
+      $machine->start;
+      $machine->waitForUnit("multi-user.target");
+      $machine->succeed("[ -e /marker ]");
+      my $blocks = $machine->succeed("stat -c %b -f /");
+      my $size = $blocks * $bsize;
+      die "wrong free space $size" if $size < 980 * 1024 * 1024 || $size > 1024 * 1024 * 1024;
+    '';
+})

nixos/tests/virtualbox.nix

@@ -1,39 +1,41 @@
+{ debug ? false, ... } @ args:
+
 import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
 
-  debug = false;
+  testVMConfig = vmName: attrs: { config, pkgs, ... }: let
+    guestAdditions = pkgs.linuxPackages.virtualboxGuestAdditions;
 
-  testVMConfig = vmName: attrs: { config, pkgs, ... }: {
-    boot.kernelParams = let
-      miniInit = ''
-        #!${pkgs.stdenv.shell} -xe
-        export PATH="${pkgs.coreutils}/bin:${pkgs.utillinux}/bin"
+    miniInit = ''
+      #!${pkgs.stdenv.shell} -xe
+      export PATH="${pkgs.coreutils}/bin:${pkgs.utillinux}/bin"
 
-        mkdir -p /etc/dbus-1 /var/run/dbus
-        cat > /etc/passwd <<EOF
-        root:x:0:0::/root:/bin/false
-        messagebus:x:1:1::/var/run/dbus:/bin/false
-        EOF
-        cat > /etc/group <<EOF
-        root:x:0:
-        messagebus:x:1:
-        EOF
-        cp -v "${pkgs.dbus.daemon}/etc/dbus-1/system.conf" \
-          /etc/dbus-1/system.conf
-        "${pkgs.dbus.daemon}/bin/dbus-daemon" --fork --system
+      mkdir -p /etc/dbus-1 /var/run/dbus
+      cat > /etc/passwd <<EOF
+      root:x:0:0::/root:/bin/false
+      messagebus:x:1:1::/var/run/dbus:/bin/false
+      EOF
+      cat > /etc/group <<EOF
+      root:x:0:
+      messagebus:x:1:
+      EOF
+      cp -v "${pkgs.dbus.daemon}/etc/dbus-1/system.conf" \
+        /etc/dbus-1/system.conf
+      "${pkgs.dbus.daemon}/bin/dbus-daemon" --fork --system
 
-        ${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/VBoxService
-        ${(attrs.vmScript or (const "")) pkgs}
+      ${guestAdditions}/bin/VBoxService
+      ${(attrs.vmScript or (const "")) pkgs}
 
-        i=0
-        while [ ! -e /mnt-root/shutdown ]; do
-          sleep 10
-          i=$(($i + 10))
-          [ $i -le 120 ] || fail
-        done
+      i=0
+      while [ ! -e /mnt-root/shutdown ]; do
+        sleep 10
+        i=$(($i + 10))
+        [ $i -le 120 ] || fail
+      done
 
-        rm -f /mnt-root/boot-done /mnt-root/shutdown
-      '';
-    in [
+      rm -f /mnt-root/boot-done /mnt-root/shutdown
+    '';
+  in {
+    boot.kernelParams = [
       "console=tty0" "console=ttyS0" "ignore_loglevel"
       "boot.trace" "panic=1" "boot.panic_on_fail"
       "init=${pkgs.writeScript "mini-init.sh" miniInit}"
@@ -52,7 +54,7 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
     ];
 
     boot.initrd.extraUtilsCommands = ''
-      copy_bin_and_libs "${pkgs.linuxPackages.virtualboxGuestAdditions}/bin/mount.vboxsf"
+      copy_bin_and_libs "${guestAdditions}/bin/mount.vboxsf"
       copy_bin_and_libs "${pkgs.utillinux}/bin/unshare"
       ${(attrs.extraUtilsCommands or (const "")) pkgs}
     '';
@@ -139,6 +141,7 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
     vmFlags = mkFlags ([
       "--uart1 0x3F8 4"
       "--uartmode1 client /run/virtualbox-log-${name}.sock"
+      "--memory 768"
     ] ++ (attrs.vmFlags or []));
 
     controllerFlags = mkFlags [
@@ -193,6 +196,8 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
     };
 
     testSubs = ''
+      my ${"$" + name}_sharepath = '${sharePath}';
+
       sub checkRunning_${name} {
         my $cmd = 'VBoxManage list runningvms | grep -q "^\"${name}\""';
         my ($status, $out) = $machine->execute(ru $cmd);
@@ -299,9 +304,15 @@ import ./make-test.nix ({ pkgs, ... }: with pkgs.lib; let
     echo "$otherIP reachable" | ${pkgs.netcat}/bin/netcat -clp 5678 || :
   '';
 
+  sysdDetectVirt = pkgs: ''
+    ${pkgs.systemd}/bin/systemd-detect-virt > /mnt-root/result
+  '';
+
   vboxVMs = mapAttrs createVM {
     simple = {};
 
+    detectvirt.vmScript = sysdDetectVirt;
+
     test1.vmFlags = hostonlyVMFlags;
     test1.vmScript = dhcpScript;
 
@@ -320,7 +331,7 @@ in {
       mkVMConf = name: val: val.machine // { key = "${name}-config"; };
       vmConfigs = mapAttrsToList mkVMConf vboxVMs;
     in [ ./common/user-account.nix ./common/x11.nix ] ++ vmConfigs;
-    virtualisation.memorySize = 1024;
+    virtualisation.memorySize = 2048;
     virtualisation.virtualbox.host.enable = true;
     users.extraUsers.alice.extraGroups = let
       inherit (config.virtualisation.virtualbox.host) enableHardening;
@@ -385,17 +396,44 @@ in {
 
     destroyVM_simple;
 
+    sub removeUUIDs {
+      return join("\n", grep { $_ !~ /^UUID:/ } split(/\n/, $_[0]))."\n";
+    }
+
+    subtest "host-usb-permissions", sub {
+      my $userUSB = removeUUIDs vbm("list usbhost");
+      print STDERR $userUSB;
+      my $rootUSB = removeUUIDs $machine->succeed("VBoxManage list usbhost");
+      print STDERR $rootUSB;
+
+      die "USB host devices differ for root and normal user"
+        if $userUSB ne $rootUSB;
+      die "No USB host devices found" if $userUSB =~ /<none>/;
+    };
+
+    subtest "systemd-detect-virt", sub {
+      createVM_detectvirt;
+      vbm("startvm detectvirt");
+      waitForStartup_detectvirt;
+      waitForVMBoot_detectvirt;
+      shutdownVM_detectvirt;
+      my $result = $machine->succeed("cat '$detectvirt_sharepath/result'");
+      chomp $result;
+      destroyVM_detectvirt;
+      die "systemd-detect-virt returned \"$result\" instead of \"oracle\""
+        if $result ne "oracle";
+    };
+
     subtest "net-hostonlyif", sub {
       createVM_test1;
       createVM_test2;
 
       vbm("startvm test1");
       waitForStartup_test1;
+      waitForVMBoot_test1;
 
       vbm("startvm test2");
       waitForStartup_test2;
-
-      waitForVMBoot_test1;
       waitForVMBoot_test2;
 
       $machine->screenshot("net_booted");
@@ -416,4 +454,4 @@ in {
       destroyVM_test2;
     };
   '';
-})
+}) args

pkgs/applications/audio/audacious/default.nix

@@ -1,5 +1,5 @@
 { stdenv, fetchurl, pkgconfig, glib, gtk3, libmowgli, libmcs
-, gettext, dbus_glib, libxml2, libmad, xlibs, alsaLib, libogg
+, gettext, dbus_glib, libxml2, libmad, xorg, alsaLib, libogg
 , libvorbis, libcdio, libcddb, flac, ffmpeg, makeWrapper
 , mpg123, neon, faad2
 }:
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
 
   buildInputs =
     [ gettext pkgconfig glib gtk3 libmowgli libmcs libxml2 dbus_glib
-      libmad xlibs.libXcomposite libogg libvorbis flac alsaLib libcdio
+      libmad xorg.libXcomposite libogg libvorbis flac alsaLib libcdio
       libcddb ffmpeg makeWrapper mpg123 neon faad2
     ];
 

pkgs/applications/audio/beast/default.nix

@@ -1,11 +1,11 @@
 { stdenv, fetchurl, zlib, guile, libart_lgpl, pkgconfig, intltool
 , gtk, glib, libogg, libvorbis, libgnomecanvas, gettext, perl }:
 
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   name = "beast-0.7.1";
 
   src = fetchurl {
-    url = ftp://beast.gtk.org/pub/beast/v0.7/beast-0.7.1.tar.bz2;
+    url = "http://ftp.gtk.org/pub/beast/v0.7/${name}.tar.bz2";
     sha256 = "0jyl1i1918rsn4296w07fsf6wx3clvad522m3bzgf8ms7gxivg5l";
   };
 

pkgs/applications/audio/bristol/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, alsaLib, libjack2, pkgconfig, libpulseaudio, xlibs }:
+{ stdenv, fetchurl, alsaLib, libjack2, pkgconfig, libpulseaudio, xorg }:
 
 stdenv.mkDerivation  rec {
   name = "bristol-${version}";
@@ -10,8 +10,8 @@ stdenv.mkDerivation  rec {
   };
 
   buildInputs = [
-    alsaLib libjack2 pkgconfig libpulseaudio xlibs.libX11 xlibs.libXext
-    xlibs.xproto
+    alsaLib libjack2 pkgconfig libpulseaudio xorg.libX11 xorg.libXext
+    xorg.xproto
   ];
 
   preInstall = ''

pkgs/applications/audio/dfasma/default.nix

@@ -1,58 +1,16 @@
 { stdenv, fetchFromGitHub, fftw, libsndfile, qt5 }:
 
-let
-
-  version = "1.2.5";
-  rev = "v${version}";
-  sha256 = "0mgy2bkmyp7lvaqsr7hkndwdgjf26mlpsj6smrmn1vp0cqyrw72d";
-
-  reaperFork = {
-    src = fetchFromGitHub {
-      sha256 = "07m2wf2gqyya95b65gawrnr4pvc9jyzmg6h8sinzgxlpskz93wwc";
-      rev = "39053e8896eedd7b3e8a9e9a9ffd80f1fc6ceb16";
-      repo = "reaper";
-      owner = "gillesdegottex";
-    };
-    meta = with stdenv.lib; {
-     license = licenses.asl20;
-    };
-  };
-
-  libqaudioextra = {
-    src = fetchFromGitHub {
-      sha256 = "17pvlij8cc4lwzf6f1cnygj3m3ci6xfa3lv5bgcr5i1gzyjxqpq1";
-      rev = "b7d187cd9a1fd76ea94151e2e02453508d0151d3";
-      repo = "libqaudioextra";
-      owner = "gillesdegottex";
-    };
-    meta = with stdenv.lib; {
-     license = licenses.gpl3Plus;
-    };
-  };
-
-in stdenv.mkDerivation {
+let version = "1.1.2"; in
+stdenv.mkDerivation {
   name = "dfasma-${version}";
 
   src = fetchFromGitHub {
-    inherit sha256 rev;
+    sha256 = "0xqam5hm4kvfksdlyz1rviijv386fk3px4lhz6glfsimbcvvzl0r";
+    rev = "v${version}";
     repo = "dfasma";
     owner = "gillesdegottex";
   };
 
-  buildInputs = [ fftw libsndfile qt5.base qt5.multimedia ];
-
-  postPatch = ''
-    substituteInPlace dfasma.pro --replace '$$DFASMAVERSIONGITPRO' '${version}'
-    cp -Rv "${reaperFork.src}"/* external/REAPER
-    cp -Rv "${libqaudioextra.src}"/* external/libqaudioextra
-  '';
-
-  configurePhase = ''
-    qmake PREFIX=$out PREFIXSHORTCUT=$out dfasma.pro
-  '';
-
-  enableParallelBuilding = true;
-
   meta = with stdenv.lib; {
     inherit version;
     description = "Analyse and compare audio files in time and frequency";
@@ -65,8 +23,25 @@ in stdenv.mkDerivation {
       amplitude, this software does not aim to be an audio editor.
     '';
     homepage = http://gillesdegottex.github.io/dfasma/;
-    license = [ licenses.gpl3Plus reaperFork.meta.license ];
-    platforms = platforms.linux;
+    license = licenses.gpl3Plus;
+    platforms = with platforms; linux;
     maintainers = with maintainers; [ nckx ];
   };
+
+  buildInputs = [ fftw libsndfile qt5.base qt5.multimedia ];
+
+  postPatch = ''
+    substituteInPlace dfasma.pro --replace '$$DFASMAVERSIONGITPRO' '${version}'
+  '';
+
+  configurePhase = ''
+    qmake DESTDIR=$out/bin dfasma.pro
+  '';
+
+  enableParallelBuilding = true;
+
+  postInstall = ''
+    install -Dm644 distrib/dfasma.desktop $out/share/applications/dfasma.desktop
+    install -Dm644 icons/dfasma.png $out/share/pixmaps/dfasma.png
+  '';
 }

pkgs/applications/audio/distrho/default.nix

@@ -1,5 +1,5 @@
 { stdenv, fetchgit, alsaLib, fftwSinglePrec, freetype, libjack2
-, libxslt, lv2, pkgconfig, premake3, xlibs, ladspa-sdk }:
+, libxslt, lv2, pkgconfig, premake3, xorg, ladspa-sdk }:
 
 stdenv.mkDerivation rec {
   name = "distrho-ports-git-2015-07-18";
@@ -16,8 +16,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     alsaLib fftwSinglePrec freetype libjack2 pkgconfig premake3
-    xlibs.libX11 xlibs.libXcomposite xlibs.libXcursor xlibs.libXext
-    xlibs.libXinerama xlibs.libXrender ladspa-sdk
+    xorg.libX11 xorg.libXcomposite xorg.libXcursor xorg.libXext
+    xorg.libXinerama xorg.libXrender ladspa-sdk
   ];
 
   buildPhase = ''

pkgs/applications/audio/eq10q/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xlibs }:
+{ stdenv, fetchurl, cmake, fftw, gtkmm, libxcb, lv2, pkgconfig, xorg }:
 stdenv.mkDerivation rec {
   name = "eq10q-2-${version}";
   version = "beta7.1";
@@ -7,7 +7,7 @@ stdenv.mkDerivation rec {
     sha256 = "1jmrcx4jlx8kgsy5n4jcxa6qkjqvx7d8l2p7dsmw4hj20s39lgyi";
   };
 
-  buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xlibs.libpthreadstubs xlibs.libXdmcp xlibs.libxshmfence ];
+  buildInputs = [ cmake fftw gtkmm libxcb lv2 pkgconfig xorg.libpthreadstubs xorg.libXdmcp xorg.libxshmfence ];
 
   installFlags = ''
     DESTDIR=$(out)

pkgs/applications/audio/fmit/default.nix

@@ -1,11 +1,9 @@
 { stdenv, fetchFromGitHub, fftw, freeglut, qt5
 , alsaSupport ? true, alsaLib ? null
-, jackSupport ? false, libjack2 ? null
-, portaudioSupport ? false, portaudio ? null }:
+, jackSupport ? false, libjack2 ? null }:
 
 assert alsaSupport -> alsaLib != null;
 assert jackSupport -> libjack2 != null;
-assert portaudioSupport -> portaudio != null;
 
 let version = "1.0.8"; in
 stdenv.mkDerivation {
@@ -20,8 +18,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ fftw freeglut qt5.base qt5.multimedia ]
     ++ stdenv.lib.optional alsaSupport [ alsaLib ]
-    ++ stdenv.lib.optional jackSupport [ libjack2 ]
-    ++ stdenv.lib.optional portaudioSupport [ portaudio ];
+    ++ stdenv.lib.optional jackSupport [ libjack2 ];
 
   configurePhase = ''
     mkdir build
@@ -29,7 +26,6 @@ stdenv.mkDerivation {
     qmake \
       CONFIG+=${stdenv.lib.optionalString alsaSupport "acs_alsa"} \
       CONFIG+=${stdenv.lib.optionalString jackSupport "acs_jack"} \
-      CONFIG+=${stdenv.lib.optionalString portaudioSupport "acs_portaudio"} \
       PREFIX="$out" PREFIXSHORTCUT="$out" \
       ../fmit.pro
   '';

pkgs/applications/audio/jaaa/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, alsaLib, libclthreads, libclxclient, libX11, libXft, libXrender, fftwFloat, freetype, fontconfig, libjack2, xlibs, zita-alsa-pcmi }:
+{ stdenv, fetchurl, alsaLib, libclthreads, libclxclient, libX11, libXft, libXrender, fftwFloat, freetype, fontconfig, libjack2, xorg, zita-alsa-pcmi }:
 
 stdenv.mkDerivation rec {
   name = "jaaa-${version}";

pkgs/applications/audio/keyfinder-cli/default.nix

@@ -1,22 +1,16 @@
-{ stdenv, fetchFromGitHub, libav, libkeyfinder }:
+{ stdenv, fetchFromGitHub, libav, libkeyfinder_0_11 }:
 
-let version = "2015-09-13"; in
+let version = "20150201"; in
 stdenv.mkDerivation rec {
   name = "keyfinder-cli-${version}";
 
   src = fetchFromGitHub {
     repo = "keyfinder-cli";
     owner = "EvanPurkhiser";
-    rev = "8579282f15ab3ebad937fed398ec5c88843be03d";
-    sha256 = "0jylykigxmsqvdny265k58vpxa4cqs1hq2f7mph1nl3apfx2shrh";
+    rev = "e8a20e73f8a465a6c3c9e71dabf4b636244a9b0c";
+    sha256 = "0x198ijr6wgzq24642s4pz5zxn4gvcc7dxmb6d1bfn3dwzi3j8lp";
   };
 
-  buildInputs = [ libav libkeyfinder ];
-
-  makeFlagsArray = "PREFIX=$(out)";
-
-  enableParallelBuilding = true;
-
   meta = with stdenv.lib; {
     inherit version;
     inherit (src.meta) homepage;
@@ -27,7 +21,13 @@ stdenv.mkDerivation rec {
       used to estimate the musical key of many different audio formats.
     '';
     license = licenses.gpl3Plus;
-    platforms = platforms.linux;
+    platforms = with platforms; linux;
     maintainers = with maintainers; [ nckx ];
   };
+
+  buildInputs = [ libav libkeyfinder_0_11 ];
+
+  makeFlagsArray = "PREFIX=$(out)";
+
+  enableParallelBuilding = true;
 }

pkgs/applications/audio/qmmp/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, cmake, qt4, pkgconfig, x11
+{ stdenv, fetchurl, cmake, qt4, pkgconfig, xlibsWrapper
 # transports
 , curl, libmms
 # input plugins
@@ -37,7 +37,7 @@ stdenv.mkDerivation rec {
 
   buildInputs =
     [ # basic requirements
-      cmake qt4 pkgconfig x11
+      cmake qt4 pkgconfig xlibsWrapper
       # transports
       curl libmms
       # input plugins

pkgs/applications/audio/renoise/default.nix

@@ -1,61 +0,0 @@
-{ stdenv, lib, requireFile, demo, fetchurl, libX11, libXext, libXcursor, libXrandr, libjack2, alsaLib, ... }:
-
-stdenv.mkDerivation rec {
-  name = "renoise";
-
-  buildInputs = [ libX11 libXext libXcursor libXrandr alsaLib libjack2 ];
-
-  src =
-    if builtins.currentSystem == "x86_64-linux" then
-        if demo then
-        fetchurl {
-            url = "http://files.renoise.com/demo/Renoise_3_0_1_Demo_x86_64.tar.bz2";
-            sha256 = "1q7f94wz2dbz659kpp53a3n1qyndsk0pkb29lxdff4pc3ddqwykg";
-        }
-        else
-        requireFile {
-            url = "http://backstage.renoise.com/frontend/app/index.html#/login";
-            name = "rns_3_0_1_reg_x86_64.tar.gz";
-            sha256 = "1swax2jz0gswdpzz8alwjfd8rhigc2yfspj7p8wvdvylqrf7n8q7";
-        }
-    else if builtins.currentSystem == "i686-linux" then
-        if demo then
-        fetchurl {
-            url = "http://files.renoise.com/demo/Renoise_3_0_1_Demo_x86.tar.bz2";
-            sha256 = "0dgqvib4xh2yhgh2wajj11wsb6xiiwgfkhyz32g8vnyaij5q8f58";
-        }
-        else
-        requireFile {
-            url = "http://backstage.renoise.com/frontend/app/index.html#/login";
-            name = "rns_3_0_1_reg_x86.tar.gz";
-            sha256 = "1swax2jz0gswdpzz8alwjfd8rhigc2yfspj7p8wvdvylqrf7n8q7";
-        }
-    else throw "platform is not suppored by Renoise";
-
-  installPhase = ''
-    cp -r Resources $out
-
-    mkdir -p $out/lib/
-
-    mv $out/AudioPluginServer* $out/lib/
-
-    cp renoise $out/renoise
-
-    for path in ${toString buildInputs}; do
-      ln -s $path/lib/*.so* $out/lib/
-    done
-
-    ln -s ${stdenv.cc.cc}/lib/libstdc++.so.6 $out/lib/
-
-    mkdir $out/bin
-    ln -s $out/renoise $out/bin/renoise
-
-    patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) --set-rpath $out/lib $out/renoise
-  '';
-
-  meta = {
-    description = "modern tracker-based DAW";
-    homepage = http://www.renoise.com/;
-    license = stdenv.lib.licenses.unfree;
-  };
-}

pkgs/applications/audio/rkrlv2/default.nix

@@ -1,5 +1,5 @@
 { stdenv, pkgs, fetchFromGitHub,
-automake, pkgconfig, lv2, fftw, cmake, xlibs, libjack2, libsamplerate, libsndfile
+automake, pkgconfig, lv2, fftw, cmake, xorg, libjack2, libsamplerate, libsndfile
 }:
 
 stdenv.mkDerivation rec {
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
     sha256 = "0kr3rvq7n1bh47qryyarcpiibms601qd8l1vypmm61969l4d4bn8";
   };
 
-  buildInputs = with xlibs; [ automake pkgconfig lv2 fftw cmake libXpm libjack2 libsamplerate libsndfile libXft ];
+  buildInputs = with xorg; [ automake pkgconfig lv2 fftw cmake libXpm libjack2 libsamplerate libsndfile libXft ];
 
   meta = {
     description = "Rakarrak effects ported to LV2";

pkgs/applications/audio/spotify/default.nix

@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype
+{ fetchurl, stdenv, dpkg, xorg, qt4, alsaLib, makeWrapper, openssl, freetype
 , glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
 , libgcrypt, chromium, udev, fontconfig
 , dbus, expat }:
@@ -28,16 +28,16 @@ let
     qt4
     stdenv.cc.cc
     udev
-    xlibs.libX11
-    xlibs.libXcomposite
-    xlibs.libXdamage
-    xlibs.libXext
-    xlibs.libXfixes
-    xlibs.libXi
-    xlibs.libXrandr
-    xlibs.libXrender
-    xlibs.libXrender
-    xlibs.libXScrnSaver
+    xorg.libX11
+    xorg.libXcomposite
+    xorg.libXdamage
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXrender
+    xorg.libXScrnSaver
   ];
 
 in

pkgs/applications/audio/tetraproc/default.nix

@@ -1,6 +1,6 @@
 { stdenv, fetchurl, makeWrapper
 , expat, fftwFloat, fontconfig, freetype, libjack2, jack2Full, libclthreads, libclxclient
-, libsndfile, libxcb, xlibs
+, libsndfile, libxcb, xorg
 }:
 
 stdenv.mkDerivation rec {
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     expat libjack2 libclthreads libclxclient fftwFloat fontconfig libsndfile freetype
-    libxcb xlibs.libX11 xlibs.libXau xlibs.libXdmcp xlibs.libXft xlibs.libXrender
+    libxcb xorg.libX11 xorg.libXau xorg.libXdmcp xorg.libXft xorg.libXrender
   ];
 
   makeFlags = [