Merge branch 'master' into staging

Hydra nixpkgs: ?compare=1286624

lib/debug.nix

@@ -19,6 +19,10 @@ rec {
   traceXMLVal = x: trace (builtins.toXML x) x;
   traceXMLValMarked = str: x: trace (str + builtins.toXML x) x;
 
+  # strict trace functions (traced structure is fully evaluated and printed)
+  traceSeq = x: y: trace (builtins.deepSeq x x) y;
+  traceValSeq = v: traceVal (builtins.deepSeq v v);
+
   # this can help debug your code as well - designed to not produce thousands of lines
   traceShowVal = x : trace (showVal x) x;
   traceShowValMarked = str: x: trace (str + showVal x) x;
@@ -69,27 +73,9 @@ rec {
   # usage: { testX = allTrue [ true ]; }
   testAllTrue = expr : { inherit expr; expected = map (x: true) expr; };
 
-  # evaluate everything once so that errors will occur earlier
+  strict = v:
-  # hacky: traverse attrs by adding a dummy
+    trace "Warning: strict is deprecated and will be removed in the next release"
-  # ignores functions (should this behavior change?) See strictf
+      (builtins.seq v v);
-  #
-  # Note: This should be a primop! Something like seq of haskell would be nice to
-  # have as well. It's used fore debugging only anyway
-  strict = x :
-    let
-        traverse = x :
-          if isString x then true
-          else if isAttrs x then
-            if x ? outPath then true
-            else all id (mapAttrsFlatten (n: traverse) x)
-          else if isList x then
-            all id (map traverse x)
-          else if isBool x then true
-          else if isFunction x then true
-          else if isInt x then true
-          else if x == null then true
-          else true; # a (store) path?
-    in if traverse x then x else throw "else never reached";
 
   # example: (traceCallXml "myfun" id 3) will output something like
   # calling myfun arg 1: 3 result: 3

lib/maintainers.nix

@@ -259,6 +259,7 @@
   moretea = "Maarten Hoogendoorn <maarten@moretea.nl>";
   mornfall = "Petr Ročkai <me@mornfall.net>";
   MostAwesomeDude = "Corbin Simpson <cds@corbinsimpson.com>";
+  mounium = "Katona László <muoniurn@gmail.com>";
   MP2E = "Cray Elliott <MP2E@archlinux.us>";
   mpscholten = "Marc Scholten <marc@mpscholten.de>";
   msackman = "Matthew Sackman <matthew@wellquite.org>";

lib/sources.nix

@@ -20,7 +20,9 @@ rec {
       lib.hasSuffix "~" baseName ||
       # Filter out generates files.
       lib.hasSuffix ".o" baseName ||
-      lib.hasSuffix ".so" baseName
+      lib.hasSuffix ".so" baseName ||
+      # Filter out nix-build result symlinks
+      (type == "symlink" && lib.hasPrefix "result" baseName)
     );
     in src: builtins.filterSource filter src;
 

maintainers/scripts/generate-kde-plasma.sh

@@ -1,5 +1,5 @@
 #!/bin/sh
 
 ./maintainers/scripts/fetch-kde-qt.sh \
-    http://download.kde.org/stable/plasma/5.7.2/ -A '*.tar.xz' \
+    http://download.kde.org/stable/plasma/5.7.3/ -A '*.tar.xz' \
     >pkgs/desktops/kde-5/plasma/srcs.nix

maintainers/scripts/nixpkgs-lint.nix

@@ -18,5 +18,6 @@ stdenv.mkDerivation {
   meta = {
     maintainers = [ stdenv.lib.maintainers.eelco ];
     description = "A utility for Nixpkgs contributors to check Nixpkgs for common errors";
+    platforms = stdenv.lib.platforms.unix;
   };
 }

maintainers/scripts/travis-nox-review-pr.sh

@@ -29,7 +29,7 @@ while test -n "$1"; do
         nixpkgs-manual)
             echo "=== Checking nixpkgs manuals"
 
-            nix-build $TRAVIS_BUILD_DIR/pkgs/top-level/release.nix --attr manpages --show-trace
+            nix-build $TRAVIS_BUILD_DIR/pkgs/top-level/release.nix --attr manual --show-trace
             ;;
 
         nixpkgs-tarball)

nixos/doc/manual/configuration/grsecurity.xml

@@ -265,6 +265,11 @@
   <sect1 xml:id="sec-grsec-issues"><title>Issues and work-arounds</title>
 
   <itemizedlist>
+    <listitem><para>Access to EFI runtime services is disabled by default:
+    this plugs a potential code injection attack vector; use
+    <option>security.grsecurity.disableEfiRuntimeServices</option> to override
+    this behavior.</para></listitem>
+
     <listitem><para>Virtualization: KVM is the preferred virtualization
     solution. Xen, Virtualbox, and VMWare are
     <emphasis>unsupported</emphasis> and most likely require a custom kernel.

nixos/doc/manual/installation/installing-virtualbox-guest.xml

@@ -0,0 +1,89 @@
+<section xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xmlns:xi="http://www.w3.org/2001/XInclude"
+         version="5.0"
+         xml:id="sec-instaling-virtualbox-guest">
+
+<title>Installing in a Virtualbox guest</title>
+<para>
+  Installing NixOS into a Virtualbox guest is convenient for users who want to
+  try NixOS without installing it on bare metal. If you want to use a pre-made
+  Virtualbox appliance, it is available at <link
+  xlink:href="https://nixos.org/nixos/download.html">the downloads page</link>.
+  If you want to set up a Virtualbox guest manually, follow these instructions:
+</para>
+
+<orderedlist>
+
+  <listitem><para>Add a New Machine in Virtualbox with OS Type "Linux / Other
+  Linux"</para></listitem>
+
+  <listitem><para>Base Memory Size: 768 MB or higher.</para></listitem>
+
+  <listitem><para>New Hard Disk of 8 GB or higher.</para></listitem>
+
+  <listitem><para>Mount the CD-ROM with the NixOS ISO (by clicking on
+  CD/DVD-ROM)</para></listitem>
+
+  <listitem><para>Click on Settings / System / Processor and enable
+  PAE/NX</para></listitem>
+
+  <listitem><para>Click on Settings / System / Acceleration and enable
+  "VT-x/AMD-V" acceleration</para></listitem>
+
+  <listitem><para>Save the settings, start the virtual machine, and continue
+  installation like normal</para></listitem>
+
+</orderedlist>
+
+<para>
+  There are a few modifications you should make in configuration.nix. Enable
+  the virtualbox guest service in the main block:
+</para>
+
+<programlisting>
+virtualisation.virtualbox.guest.enable = true;
+</programlisting>
+
+<para>
+  Enable booting:
+</para>
+
+<programlisting>
+boot.loader.grub.device = "/dev/sda";
+</programlisting>
+
+<para>
+  Also remove the fsck that runs at startup. It will always fail to run,
+  stopping your boot until you press <literal>*</literal>.
+</para>
+
+<programlisting>
+boot.initrd.checkJournalingFS = false;
+</programlisting>
+
+<para>
+  Shared folders can be given a name and a path in the host system in the
+  VirtualBox settings (Machine / Settings / Shared Folders, then click on the
+  "Add" icon). Add the following to the
+  <literal>/etc/nixos/configuration.nix</literal> to auto-mount them:
+</para>
+
+<programlisting>
+{ config, pkgs, ...} :
+{
+  ...
+
+  fileSystems."/virtualboxshare" = {
+    fsType = "vboxsf";
+    device = "nameofthesharedfolder";
+    options = [ "rw" ];
+  };
+}
+</programlisting>
+
+<para>
+  The folder will be available directly under the root directory.
+</para>
+
+</section>

nixos/doc/manual/installation/installing.xml

@@ -271,5 +271,6 @@ drive (here <filename>/dev/sda</filename>).  <xref linkend="ex-config"
 <xi:include href="installing-uefi.xml" />
 <xi:include href="installing-usb.xml" />
 <xi:include href="installing-pxe.xml" />
+<xi:include href="installing-virtualbox-guest.xml" />
 
 </chapter>

nixos/doc/manual/man-nixos-install.xml

@@ -25,6 +25,19 @@
       <arg choice='plain'><option>--root</option></arg>
       <replaceable>root</replaceable>
     </arg>
+    <arg>
+      <arg choice='plain'><option>--closure</option></arg>
+      <replaceable>closure</replaceable>
+    </arg>
+    <arg>
+      <arg choice='plain'><option>--no-channel-copy</option></arg>
+    </arg>
+    <arg>
+      <arg choice='plain'><option>--no-root-passwd</option></arg>
+    </arg>
+    <arg>
+      <arg choice='plain'><option>--no-bootloader</option></arg>
+    </arg>
     <arg>
       <group choice='req'>
         <arg choice='plain'><option>--max-jobs</option></arg>
@@ -71,12 +84,13 @@ the following steps:
   <filename>/mnt/etc/nixos/configuration.nix</filename>.</para></listitem>
 
   <listitem><para>It installs the GRUB boot loader on the device
-  specified in the option <option>boot.loader.grub.device</option>,
+  specified in the option <option>boot.loader.grub.device</option>
+  (unless <option>--no-bootloader</option> is specified),
   and generates a GRUB configuration file that boots into the NixOS
   configuration just installed.</para></listitem>
 
-  <listitem><para>It prompts you for a password for the root
+  <listitem><para>It prompts you for a password for the root account
-  account.</para></listitem>
+  (unless <option>--no-root-passwd</option> is specified).</para></listitem>
 
 </itemizedlist>
 
@@ -103,6 +117,19 @@ it.</para>
     </listitem>
   </varlistentry>
 
+  <varlistentry>
+    <term><option>--closure</option></term>
+    <listitem>
+      <para>If this option is provided, <command>nixos-install</command> will install the specified closure
+      rather than attempt to build one from <filename>/mnt/etc/nixos/configuration.nix</filename>.</para>
+
+      <para>The closure must be an appropriately configured NixOS system, with boot loader and partition
+      configuration that fits the target host. Such a closure is typically obtained with a command such as
+      <command>nix-build -I nixos-config=./configuration.nix '&lt;nixos&gt;' -A system --no-out-link</command>
+      </para>
+    </listitem>
+  </varlistentry>
+
   <varlistentry>
     <term><option>-I</option></term>
     <listitem>

nixos/doc/manual/release-notes/rl-1609.xml

@@ -46,6 +46,11 @@ following incompatible changes:</para>
     behavior of Redis 3.2</para>
   </listitem>
 
+  <listitem>
+    <para>Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer
+      gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI.</para>
+  </listitem>
+
 </itemizedlist>
 
 

nixos/modules/installer/tools/get-git-revision

@@ -17,6 +17,6 @@ getVersion() {
 if nixpkgs=$(nix-instantiate --find-file nixpkgs "$@"); then
     getVersion $nixpkgs
     if [ -n "$rev" ]; then
-        echo ".git.$rev"
+        echo "$rev"
     fi
 fi

nixos/modules/installer/tools/nixos-install.sh

@@ -24,6 +24,7 @@ fi
 # Parse the command line for the -I flag
 extraBuildFlags=()
 chrootCommand=(/run/current-system/sw/bin/bash)
+bootLoader=1
 
 while [ "$#" -gt 0 ]; do
     i="$1"; shift 1
@@ -40,6 +41,18 @@ while [ "$#" -gt 0 ]; do
         --root)
             mountPoint="$1"; shift 1
             ;;
+        --closure)
+            closure="$1"; shift 1
+            ;;
+        --no-channel-copy)
+            noChannelCopy=1
+            ;;
+        --no-root-passwd)
+            noRootPasswd=1
+            ;;
+        --no-bootloader)
+            bootLoader=0
+            ;;
         --show-trace)
             extraBuildFlags+=("$i")
             ;;
@@ -111,7 +124,7 @@ if test -z "$NIXOS_CONFIG"; then
     NIXOS_CONFIG=/etc/nixos/configuration.nix
 fi
 
-if ! test -e "$mountPoint/$NIXOS_CONFIG"; then
+if [ ! -e "$mountPoint/$NIXOS_CONFIG" ] && [ -z "$closure" ]; then
     echo "configuration file $mountPoint/$NIXOS_CONFIG doesn't exist"
     exit 1
 fi
@@ -200,16 +213,22 @@ for i in /nix/var/nix/manifests/*.nixmanifest; do
 done
 
 
+if [ -z "$closure" ]; then
     # Get the absolute path to the NixOS/Nixpkgs sources.
     nixpkgs="$(readlink -f $(nix-instantiate --find-file nixpkgs))"
 
+    nixEnvAction="-f <nixpkgs/nixos> --set -A system"
+else
+    nixpkgs=""
+    nixEnvAction="--set $closure"
+fi
 
 # Build the specified Nix expression in the target store and install
 # it into the system configuration profile.
 echo "building the system configuration..."
 NIX_PATH="nixpkgs=/tmp/root/$nixpkgs:nixos-config=$NIXOS_CONFIG" NIXOS_CONFIG= \
     chroot $mountPoint @nix@/bin/nix-env \
-    "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' --set -A system
+    "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/system $nixEnvAction
 
 
 # Copy the NixOS/Nixpkgs sources to the target as the initial contents
@@ -218,7 +237,7 @@ mkdir -m 0755 -p $mountPoint/nix/var/nix/profiles
 mkdir -m 1777 -p $mountPoint/nix/var/nix/profiles/per-user
 mkdir -m 0755 -p $mountPoint/nix/var/nix/profiles/per-user/root
 srcs=$(nix-env "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")
-if test -n "$srcs"; then
+if [ -z "$noChannelCopy" ] && [ -n "$srcs" ]; then
     echo "copying NixOS/Nixpkgs sources..."
     chroot $mountPoint @nix@/bin/nix-env \
         "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/per-user/root/channels -i "$srcs" --quiet
@@ -244,7 +263,7 @@ touch $mountPoint/etc/NIXOS
 # a menu default pointing at the kernel/initrd/etc of the new
 # configuration.
 echo "finalising the installation..."
-NIXOS_INSTALL_GRUB=1 chroot $mountPoint \
+NIXOS_INSTALL_GRUB="$bootLoader" chroot $mountPoint \
     /nix/var/nix/profiles/system/bin/switch-to-configuration boot
 
 
@@ -253,7 +272,7 @@ chroot $mountPoint /nix/var/nix/profiles/system/activate
 
 
 # Ask the user to set a root password.
-if [ "$(chroot $mountPoint /run/current-system/sw/bin/sh -l -c "nix-instantiate --eval '<nixpkgs/nixos>' -A config.users.mutableUsers")" = true ] && [ -t 0 ] ; then
+if [ -z "$noRootPasswd" ] && [ "$(chroot $mountPoint /run/current-system/sw/bin/sh -l -c "nix-instantiate --eval '<nixpkgs/nixos>' -A config.users.mutableUsers")" = true ] && [ -t 0 ] ; then
     echo "setting root password..."
     chroot $mountPoint /var/setuid-wrappers/passwd
 fi

nixos/modules/installer/tools/nixos-rebuild.sh

@@ -311,9 +311,10 @@ fi
 # nixos-version shows something useful).
 if [ -n "$canRun" ]; then
     if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
-        suffix=$($SHELL $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
+        revision=$($SHELL $nixpkgs/nixos/modules/installer/tools/get-git-revision "${extraBuildFlags[@]}" || true)
-        if [ -n "$suffix" ]; then
+        if [ -n "$revision" ]; then
-            echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
+            echo -n ".git.$revision" > "$nixpkgs/.version-suffix" || true
+            echo -n "$revision"  > "$nixpkgs/.git-revision" || true
         fi
     fi
 fi

nixos/modules/misc/ids.nix

@@ -273,6 +273,7 @@
       smokeping = 250;
       gocd-agent = 251;
       gocd-server = 252;
+      terraria = 253;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -516,6 +517,7 @@
       smokeping = 250;
       gocd-agent = 251;
       gocd-server = 252;
+      terraria = 253;
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal

nixos/modules/module-list.nix

@@ -92,6 +92,7 @@
   ./security/apparmor-suid.nix
   ./security/audit.nix
   ./security/ca.nix
+  ./security/chromium-suid-sandbox.nix
   ./security/duosec.nix
   ./security/grsecurity.nix
   ./security/hidepid.nix
@@ -173,6 +174,7 @@
   ./services/games/ghost-one.nix
   ./services/games/minecraft-server.nix
   ./services/games/minetest-server.nix
+  ./services/games/terraria.nix
   ./services/hardware/acpid.nix
   ./services/hardware/actkbd.nix
   ./services/hardware/amd-hybrid-graphics.nix

nixos/modules/programs/zsh/zsh.nix

@@ -116,6 +116,8 @@ in
         done
 
         ${if cfg.enableCompletion then "autoload -U compinit && compinit" else ""}
+
+        HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
       '';
 
     };

nixos/modules/security/chromium-suid-sandbox.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg     = config.security.chromiumSuidSandbox;
+  sandbox = pkgs.chromium.sandbox;
+in
+{
+  options.security.chromiumSuidSandbox.enable = mkEnableOption ''
+    Whether to install the Chromium SUID sandbox which is an executable that
+    Chromium may use in order to achieve sandboxing.
+
+    If you get the error "The SUID sandbox helper binary was found, but is not
+    configured correctly.", turning this on might help.
+
+    Also, if the URL chrome://sandbox tells you that "You are not adequately
+    sandboxed!", turning this on might resolve the issue.
+
+    Finally, if you have <option>security.grsecurity</option> enabled and you
+    use Chromium, you probably need this.
+  '';
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ sandbox ];
+    security.setuidPrograms    = [ sandbox.passthru.sandboxExecutableName ];
+  };
+}

nixos/modules/security/grsecurity.nix

@@ -37,6 +37,18 @@ in
       '';
     };
 
+    disableEfiRuntimeServices = mkOption {
+      type = types.bool;
+      example = false;
+      default = true;
+      description = ''
+        Whether to disable access to EFI runtime services.  Enabling EFI runtime
+        services creates a venue for code injection attacks on the kernel and
+        should be disabled if at all possible.  Changing this option enters into
+        effect upon reboot.
+      '';
+    };
+
   };
 
   config = mkIf cfg.enable {
@@ -45,6 +57,8 @@ in
     # required kernel config
     boot.kernelPackages = mkDefault pkgs.linuxPackages_grsec_nixos;
 
+    boot.kernelParams = optional cfg.disableEfiRuntimeServices "noefi";
+
     system.requiredKernelConfig = with config.lib.kernelConfig;
       [ (isEnabled "GRKERNSEC")
         (isEnabled "PAX")

nixos/modules/services/games/factorio.nix

@@ -4,14 +4,17 @@ with lib;
 
 let
   cfg = config.services.factorio;
+  factorio = pkgs.factorio-headless;
   name = "Factorio";
   stateDir = "/var/lib/factorio";
+  mkSavePath = name: "${stateDir}/saves/${name}.zip";
   configFile = pkgs.writeText "factorio.conf" ''
     use-system-read-write-data-directories=true
     [path]
-    read-data=${pkgs.factorio-headless}/share/factorio/data
+    read-data=${factorio}/share/factorio/data
     write-data=${stateDir}
   '';
+  modDir = pkgs.factorio-mkModDirDrv cfg.mods;
 in
 {
   options = {
@@ -32,7 +35,8 @@ in
         description = ''
           The name of the savegame that will be used by the server.
 
-          When not present in ${stateDir}/saves, it will be generated before starting the service.
+          When not present in ${stateDir}/saves, a new map with default
+          settings will be generated before starting the service.
         '';
       };
       # TODO Add more individual settings as nixos-options?
@@ -51,6 +55,26 @@ in
           customizations.
         '';
       };
+      mods = mkOption {
+        type = types.listOf types.package;
+        default = [];
+        description = ''
+          Mods the server should install and activate.
+
+          The derivations in this list must "build" the mod by simply copying
+          the .zip, named correctly, into the output directory. Eventually,
+          there will be a way to pull in the most up-to-date list of
+          derivations via nixos-channel. Until then, this is for experts only.
+        '';
+      };
+      autosave-interval = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        example = 2;
+        description = ''
+          The time, in minutes, between autosaves.
+        '';
+      };
     };
   };
 
@@ -74,12 +98,14 @@ in
       wantedBy      = [ "multi-user.target" ];
       after         = [ "network.target" ];
 
-      preStart = ''
+      preStart = toString [
-          test -e ${stateDir}/saves/${cfg.saveName}.zip || \
+        "test -e ${stateDir}/saves/${cfg.saveName}.zip"
-            ${pkgs.factorio-headless}/bin/factorio         \
+        "||"
-              --config=${cfg.configFile}                   \
+        "${factorio}/bin/factorio"
-              --create=${stateDir}/saves/${cfg.saveName}.zip
+          "--config=${cfg.configFile}"
-      '';
+          "--create=${mkSavePath cfg.saveName}"
+          (optionalString (cfg.mods != []) "--mod-directory=${modDir}")
+      ];
 
       serviceConfig = {
         User = "factorio";
@@ -90,10 +116,12 @@ in
         PrivateTmp = true;
         UMask = "0007";
         ExecStart = toString [
-          "${pkgs.factorio-headless}/bin/factorio"
+          "${factorio}/bin/factorio"
           "--config=${cfg.configFile}"
           "--port=${toString cfg.port}"
-          "--start-server=${stateDir}/saves/${cfg.saveName}.zip"
+          "--start-server=${mkSavePath cfg.saveName}"
+          (optionalString (cfg.mods != []) "--mod-directory=${modDir}")
+          (optionalString (cfg.autosave-interval != null) "--autosave-interval ${toString cfg.autosave-interval}")
         ];
       };
     };

nixos/modules/services/games/terraria.nix

@@ -0,0 +1,139 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg   = config.services.terraria;
+  worldSizeMap = { "small" = 1; "medium" = 2; "large" = 3; };
+  valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
+  boolFlag = name: val: optionalString val "-${name}";
+  flags = [ 
+    (valFlag "port" cfg.port)
+    (valFlag "maxPlayers" cfg.maxPlayers)
+    (valFlag "password" cfg.password)
+    (valFlag "motd" cfg.messageOfTheDay)
+    (valFlag "world" cfg.worldPath)
+    (valFlag "autocreate" (builtins.getAttr cfg.autoCreatedWorldSize worldSizeMap))
+    (valFlag "banlist" cfg.banListPath)
+    (boolFlag "secure" cfg.secure)
+    (boolFlag "noupnp" cfg.noUPnP)
+  ];
+in
+{
+  options = {
+    services.terraria = {
+      enable = mkOption {
+        type        = types.bool;
+        default     = false;
+        description = ''
+          If enabled, starts a Terraria server. The server can be connected to via <literal>tmux -S /var/lib/terraria/terraria.sock attach</literal>
+          for administration by users who are a part of the <literal>terraria</literal> group (use <literal>C-b d</literal> shortcut to detach again).
+        '';
+      };
+
+      port = mkOption {
+        type        = types.int;
+        default     = 7777;
+        description = ''
+          Specifies the port to listen on.
+        '';
+      };
+
+      maxPlayers = mkOption {
+        type        = types.int;
+        default     = 255;
+        description = ''
+          Sets the max number of players (between 1 and 255).
+        '';
+      };
+
+      password = mkOption {
+        type        = types.nullOr types.str;
+        default     = null;
+        description = ''
+          Sets the server password. Leave <literal>null</literal> for no password.
+        '';
+      };
+
+      messageOfTheDay = mkOption {
+        type        = types.nullOr types.str;
+        default     = null;
+        description = ''
+          Set the server message of the day text.
+        '';
+      };
+
+      worldPath = mkOption {
+        type        = types.path;
+        default     = null;
+        description = ''
+          The path to the world file (<literal>.wld</literal>) which should be loaded.
+          If no world exists at this path, one will be created with the size
+          specified by <literal>autoCreatedWorldSize</literal>.
+        '';
+      };
+
+      autoCreatedWorldSize = mkOption {
+        type        = types.enum [ "small" "medium" "large" ];
+        default     = "medium";
+        description = ''
+          Specifies the size of the auto-created world if <literal>worldPath</literal> does not
+          point to an existing world.
+        '';
+      };
+
+      banListPath = mkOption {
+        type        = types.nullOr types.path;
+        default     = null;
+        description = ''
+          The path to the ban list.
+        '';
+      };
+
+      secure = mkOption {
+        type        = types.bool;
+        default     = false;
+        description = "Adds additional cheat protection to the server.";
+      };
+
+      noUPnP = mkOption {
+        type        = types.bool;
+        default     = false;
+        description = "Disables automatic Universal Plug and Play.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.extraUsers.terraria = {
+      description = "Terraria server service user";
+      home        = "/var/lib/terraria";
+      createHome  = true;
+      uid         = config.ids.uids.terraria;
+    };
+
+    users.extraGroups.terraria = {
+      gid = config.ids.gids.terraria;
+      members = [ "terraria" ];
+    };
+
+    systemd.services.terraria = {
+      description   = "Terraria Server Service";
+      wantedBy      = [ "multi-user.target" ];
+      after         = [ "network.target" ];
+
+      serviceConfig = {
+        User    = "terraria";
+        Type = "oneshot";
+        RemainAfterExit = true;
+        ExecStart = "${pkgs.tmux.bin}/bin/tmux -S /var/lib/terraria/terraria.sock new -d ${pkgs.terraria-server}/bin/TerrariaServer ${concatStringsSep " " flags}";
+        ExecStop = "${pkgs.tmux.bin}/bin/tmux -S /var/lib/terraria/terraria.sock send-keys Enter \"exit\" Enter";
+      };
+
+      postStart = ''
+        ${pkgs.coreutils}/bin/chmod 660 /var/lib/terraria/terraria.sock
+        ${pkgs.coreutils}/bin/chgrp terraria /var/lib/terraria/terraria.sock
+      '';
+    };
+  };
+}

nixos/modules/services/misc/gitlab.nix

@@ -57,42 +57,23 @@ let
           issues = true;
           merge_requests = true;
           wiki = true;
-          snippets = false;
+          snippets = true;
           builds = true;
+          container_registry = true;
         };
       };
-      artifacts = {
+      repositories.storages.default = "${cfg.statePath}/repositories";
-        enabled = true;
+      artifacts.enabled = true;
-      };
+      lfs.enabled = true;
-      lfs = {
+      gravatar.enabled = true;
-        enabled = true;
+      cron_jobs = { };
-      };
+      gitlab_ci.builds_path = "${cfg.statePath}/builds";
-      gravatar = {
+      ldap.enabled = false;
-        enabled = true;
+      omniauth.enabled = false;
-      };
+      shared.path = "${cfg.statePath}/shared";
-      cron_jobs = {
+      backup.path = "${cfg.backupPath}";
-        stuck_ci_builds_worker = {
-          cron = "0 0 * * *";
-        };
-      };
-      gitlab_ci = {
-        builds_path = "${cfg.statePath}/builds";
-      };
-      ldap = {
-        enabled = false;
-      };
-      omniauth = {
-        enabled = false;
-      };
-      shared = {
-        path = "${cfg.statePath}/shared";
-      };
-      backup = {
-        path = "${cfg.backupPath}";
-      };
       gitlab_shell = {
         path = "${cfg.packages.gitlab-shell}";
-        repos_path = "${cfg.statePath}/repositories";
         hooks_path = "${cfg.statePath}/shell/hooks";
         secret_file = "${cfg.statePath}/config/gitlab_shell_secret";
         upload_pack = true;
@@ -125,21 +106,42 @@ let
 
   unicornConfig = builtins.readFile ./defaultUnicornConfig.rb;
 
-  gitlab-runner = pkgs.stdenv.mkDerivation rec {
+  gitlab-rake = pkgs.stdenv.mkDerivation rec {
-    name = "gitlab-runner";
+    name = "gitlab-rake";
-    buildInputs = [ cfg.packages.gitlab bundler pkgs.makeWrapper ];
+    buildInputs = [ cfg.packages.gitlab cfg.packages.gitlab.env pkgs.makeWrapper ];
     phases = "installPhase fixupPhase";
     buildPhase = "";
     installPhase = ''
       mkdir -p $out/bin
-      makeWrapper ${bundler}/bin/bundle $out/bin/gitlab-runner \
+      makeWrapper ${cfg.packages.gitlab.env}/bin/bundle $out/bin/gitlab-bundle \
-          ${concatStrings (mapAttrsToList (name: value: "--set ${name} '\"${value}\"' ") gitlabEnv)} \
+          ${concatStrings (mapAttrsToList (name: value: "--set ${name} '${value}' ") gitlabEnv)} \
-          --set GITLAB_CONFIG_PATH '"${cfg.statePath}/config"' \
+          --set GITLAB_CONFIG_PATH '${cfg.statePath}/config' \
-          --set PATH '"${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH"' \
+          --set PATH '${pkgs.nodejs}/bin:${pkgs.gzip}/bin:${config.services.postgresql.package}/bin:$PATH' \
-          --set RAKEOPT '"-f ${cfg.packages.gitlab}/share/gitlab/Rakefile"'
+          --set RAKEOPT '-f ${cfg.packages.gitlab}/share/gitlab/Rakefile' \
+          --run 'cd ${cfg.packages.gitlab}/share/gitlab'
+      makeWrapper $out/bin/gitlab-bundle $out/bin/gitlab-rake \
+          --add-flags "exec rake"
      '';
   };
 
+  smtpSettings = pkgs.writeText "gitlab-smtp-settings.rb" ''
+    if Rails.env.production?
+      Rails.application.config.action_mailer.delivery_method = :smtp
+
+      ActionMailer::Base.delivery_method = :smtp
+      ActionMailer::Base.smtp_settings = {
+        address: "${cfg.smtp.address}",
+        port: ${toString cfg.smtp.port},
+        ${optionalString (cfg.smtp.username != null) ''user_name: "${cfg.smtp.username}",''}
+        ${optionalString (cfg.smtp.password != null) ''password: "${cfg.smtp.password}",''}
+        domain: "${cfg.smtp.domain}",
+        ${optionalString (cfg.smtp.authentication != null) "authentication: :${cfg.smtp.authentication},"}
+        enable_starttls_auto: ${toString cfg.smtp.enableStartTLSAuto},
+        openssl_verify_mode: '${cfg.smtp.opensslVerifyMode}'
+      }
+    end
+  '';
+
 in {
 
   options = {
@@ -255,6 +257,62 @@ in {
         '';
       };
 
+      smtp = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Enable gitlab mail delivery over SMTP.";
+        };
+
+        address = mkOption {
+          type = types.str;
+          default = "localhost";
+          description = "Address of the SMTP server for Gitlab.";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default = 465;
+          description = "Port of the SMTP server for Gitlab.";
+        };
+
+        username = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Username of the SMTP server for Gitlab.";
+        };
+
+        password = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Password of the SMTP server for Gitlab.";
+        };
+
+        domain = mkOption {
+          type = types.str;
+          default = "localhost";
+          description = "HELO domain to use for outgoing mail.";
+        };
+
+        authentication = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          description = "Authentitcation type to use, see http://api.rubyonrails.org/classes/ActionMailer/Base.html";
+        };
+
+        enableStartTLSAuto = mkOption {
+          type = types.bool;
+          default = true;
+          description = "Whether to try to use StartTLS.";
+        };
+
+        opensslVerifyMode = mkOption {
+          type = types.str;
+          default = "peer";
+          description = "How OpenSSL checks the certificate, see http://api.rubyonrails.org/classes/ActionMailer/Base.html";
+        };
+      };
+
       extraConfig = mkOption {
         type = types.attrs;
         default = {};
@@ -275,7 +333,7 @@ in {
 
   config = mkIf cfg.enable {
 
-    environment.systemPackages = [ pkgs.git gitlab-runner cfg.packages.gitlab-shell ];
+    environment.systemPackages = [ pkgs.git gitlab-rake cfg.packages.gitlab-shell ];
 
     assertions = [
       { assertion = cfg.databasePassword != "";
@@ -308,6 +366,7 @@ in {
     systemd.services.gitlab-sidekiq = {
       after = [ "network.target" "redis.service" ];
       wantedBy = [ "multi-user.target" ];
+      partOf = [ "gitlab.service" ];
       environment = gitlabEnv;
       path = with pkgs; [
         config.services.postgresql.package
@@ -322,7 +381,7 @@ in {
         Group = cfg.group;
         TimeoutSec = "300";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${bundler}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
+        ExecStart="${cfg.packages.gitlab.env}/bin/bundle exec \"sidekiq -q post_receive -q mailers -q system_hook -q project_web_hook -q gitlab_shell -q common -q default -e production -P ${cfg.statePath}/tmp/sidekiq.pid\"";
       };
     };
 
@@ -397,6 +456,9 @@ in {
         chmod -R u+rwX,go-rwx+X ${gitlabEnv.HOME}/
 
         cp -rf ${cfg.packages.gitlab}/share/gitlab/config.dist/* ${cfg.statePath}/config
+        ${optionalString cfg.smtp.enable ''
+          ln -sf ${smtpSettings} ${cfg.statePath}/config/initializers/smtp_settings.rb
+        ''}
         ln -sf ${cfg.statePath}/config /run/gitlab/config
         cp ${cfg.packages.gitlab}/share/gitlab/VERSION ${cfg.statePath}/VERSION
 
@@ -420,14 +482,14 @@ in {
             touch "${cfg.statePath}/db-created"
 
             # The gitlab:setup task is horribly broken somehow, these two tasks will do the same for setting up the initial database
-            ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
+            ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production
-            ${gitlab-runner}/bin/gitlab-runner exec rake db:seed_fu RAILS_ENV=production \
+            ${gitlab-rake}/bin/gitlab-rake db:seed_fu RAILS_ENV=production \
               GITLAB_ROOT_PASSWORD="${cfg.initialRootPassword}" GITLAB_ROOT_EMAIL="${cfg.initialRootEmail}";
           fi
         fi
 
         # Always do the db migrations just to be sure the database is up-to-date
-        ${gitlab-runner}/bin/gitlab-runner exec rake db:migrate RAILS_ENV=production
+        ${gitlab-rake}/bin/gitlab-rake db:migrate RAILS_ENV=production
 
         # Change permissions in the last step because some of the
         # intermediary scripts like to create directories as root.
@@ -441,8 +503,9 @@ in {
         User = cfg.user;
         Group = cfg.group;
         TimeoutSec = "300";
+        Restart = "on-failure";
         WorkingDirectory = "${cfg.packages.gitlab}/share/gitlab";
-        ExecStart="${bundler}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
+        ExecStart = "${cfg.packages.gitlab.env}/bin/bundle exec \"unicorn -c ${cfg.statePath}/config/unicorn.rb -E production\"";
       };
 
     };

nixos/modules/services/misc/gitlab.xml

@@ -14,29 +14,22 @@
 <literal>/run/gitlab/gitlab-workhorse.socket</literal>. You need to configure a
 webserver to proxy HTTP requests to the socket.</para>
 
-<para>For instance, this could be used for Nginx:
+<para>For instance, the following configuration could be used to use nginx as
+    frontend proxy:
 
 <programlisting>
-services.nginx.httpConfig = ''
+    services.nginx = {
-  server {
+      enable = true;
-    server_name git.example.com;
+      recommendedGzipSettings = true;
-    listen 443 ssl spdy;
+      recommendedOptimisation = true;
-    listen [::]:443 ssl spdy;
+      recommendedProxySettings = true;
-
+      recommendedTlsSettings = true;
-    ssl_certificate /var/lib/acme/git.example.com/fullchain.pem;
+      virtualHosts."git.example.com" = {
-    ssl_certificate_key /var/lib/acme/git.example.com/key.pem;
+        enableACME = true;
-
+        forceSSL = true;
-    location / {
+        locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";
-      proxy_http_version 1.1;
+      };
-      proxy_set_header    Host                $http_host;
+    };
-      proxy_set_header    X-Real-IP           $remote_addr;
-      proxy_set_header    X-Forwarded-Ssl     on;
-      proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
-      proxy_set_header    X-Forwarded-Proto   $scheme;
-
-      proxy_pass http://unix:/run/gitlab/gitlab-workhorse.socket;
-    }
-  }
 '';
 </programlisting>
 </para>
@@ -49,10 +42,10 @@ services.nginx.httpConfig = ''
 both services. In the case of PostgreSQL, a database and a role will be created.
 </para>
 
-<para>The default state dir is /var/gitlab/state. This is where all data like
+<para>The default state dir is <literal>/var/gitlab/state</literal>. This is where
-the repositories and uploads will be stored.</para>
+all data like the repositories and uploads will be stored.</para>
 
-<para>A basic configuration could look like this:
+<para>A basic configuration with some custom settings could look like this:
 
 <programlisting>
 services.gitlab = {
@@ -64,8 +57,16 @@ services.gitlab = {
   port = 443;
   user = "git";
   group = "git";
+  smtp = {
+    enable = true;
+    address = "localhost";
+    port = 25;
+  };
   extraConfig = {
     gitlab = {
+      email_from = "gitlab-no-reply@example.com";
+      email_display_name = "Example GitLab";
+      email_reply_to = "gitlab-no-reply@example.com";
       default_projects_features = { builds = false; };
     };
   };
@@ -80,21 +81,21 @@ options for the <literal>services.gitlab</literal> module.</para>
 
 <section><title>Maintenance</title>
 
-<para>You can run all Gitlab related commands like rake tasks with
+<para>You can run Gitlab's rake tasks with <literal>gitlab-rake</literal>
-<literal>gitlab-runner</literal> which will be available on the system
+which will be available on the system when gitlab is enabled. You will
-when gitlab is enabled. You will have to run the commands as the user that
+have to run the command as the user that you configured to run gitlab
-you configured to run gitlab.</para>
+with.</para>
 
-<para>For instance, to backup a Gitlab instance:
+<para>For example, to backup a Gitlab instance:
 
 <programlisting>
-$ sudo -u git -H gitlab-runner exec rake gitlab:backup:create
+$ sudo -u git -H gitlab-rake gitlab:backup:create
 </programlisting>
 
 A list of all availabe rake tasks can be obtained by running:
 
 <programlisting>
-$ sudo -u git -H gitlab-runner exec rake -T
+$ sudo -u git -H gitlab-rake -T
 </programlisting>
 </para>
 

nixos/modules/services/networking/offlineimap.nix

@@ -54,7 +54,7 @@ in {
       description = "Offlineimap: a software to dispose your mailbox(es) as a local Maildir(s)";
       serviceConfig = {
         Type      = "oneshot";
-        ExecStart = "${cfg.package}/bin/offlineimap -u basic -o -1";
+        ExecStart = "${cfg.package}/bin/offlineimap -u syslog -o -1";
         TimeoutStartSec = cfg.timeoutStartSec;
       };
       path = cfg.path;

nixos/modules/services/networking/ssh/sshd.nix

@@ -263,6 +263,7 @@ in
 
             serviceConfig =
               { ExecStart =
+                  (optionalString cfg.startWhenNeeded "-") +
                   "${cfgc.package}/bin/sshd " + (optionalString cfg.startWhenNeeded "-i ") +
                   "-f ${pkgs.writeText "sshd_config" cfg.extraConfig}";
                 KillMode = "process";

nixos/modules/services/networking/syncthing.nix

@@ -23,6 +23,18 @@ let
     RestartForceExitStatus="3 4";
   };
 
+  iNotifyHeader = {
+    description = "Syncthing Inotify File Watcher service";
+    after = [ "network.target" "syncthing.service" ];
+    requires = [ "syncthing.service" ];
+  };
+
+  iNotifyService = {
+    SuccessExitStatus = "2";
+    RestartForceExitStatus = "3";
+    Restart = "on-failure";
+  };
+
 in
 
 {
@@ -39,6 +51,12 @@ in
         available on http://127.0.0.1:8384/.
       '';
 
+      useInotify = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Provide syncthing-inotify as a service.";
+      };
+
       systemService = mkOption {
         type = types.bool;
         default = true;
@@ -112,10 +130,9 @@ in
         config.ids.gids.syncthing;
     };
 
-    environment.systemPackages = [ cfg.package ];
+    systemd.services = {
-
+      syncthing = mkIf cfg.systemService (header // {
-    systemd.services = mkIf cfg.systemService {
+          wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
-      syncthing = header // {
           wantedBy = [ "multi-user.target" ];
           serviceConfig = service // {
             User = cfg.user;
@@ -123,16 +140,30 @@ in
             PermissionsStartOnly = true;
             ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
           };
+      });
+
+      syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) (iNotifyHeader // {
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = iNotifyService // {
+          User = cfg.user;
+          ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
         };
+      });
     };
 
-    systemd.user.services.syncthing =
+    systemd.user.services = {
-      header // {
+      syncthing = header // {
-        wantedBy = [ "default.target" ];
         serviceConfig = service // {
           ExecStart = "${cfg.package}/bin/syncthing -no-browser";
         };
       };
 
+      syncthing-inotify = mkIf cfg.useInotify (iNotifyHeader // {
+        serviceConfig = iNotifyService // {
+          ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -logflags=0";
+        };
+      });
+    };
+
   };
 }

nixos/modules/services/web-servers/varnish/default.nix

@@ -28,7 +28,7 @@ with lib;
       };
 
       stateDir = mkOption {
-        default = "/var/spool/varnish";
+        default = "/var/spool/varnish/${config.networking.hostName}";
         description = "
           Directory holding all state for Varnish to run.
         ";
@@ -46,6 +46,9 @@ with lib;
         mkdir -p ${cfg.stateDir}
         chown -R varnish:varnish ${cfg.stateDir}
       '';
+      postStop = ''
+        rm -rf ${cfg.stateDir}
+      '';
       path = [ pkgs.gcc ];
       serviceConfig.ExecStart = "${pkgs.varnish}/sbin/varnishd -a ${cfg.http_address} -f ${pkgs.writeText "default.vcl" cfg.config} -n ${cfg.stateDir} -u varnish";
       serviceConfig.Type = "forking";

nixos/modules/services/x11/hardware/libinput.nix

@@ -227,6 +227,14 @@ in {
         EndSection
       '';
 
+    assertions = [
+      # already present in synaptics.nix
+      /* {
+        assertion = !config.services.xserver.synaptics.enable;
+        message = "Synaptics and libinput are incompatible, you cannot enable both (in services.xserver).";
+      } */
+    ];
+
   };
 
 }

nixos/modules/services/x11/hardware/synaptics.nix

@@ -205,6 +205,13 @@ in {
         EndSection
       '';
 
+    assertions = [
+      {
+        assertion = !config.services.xserver.libinput.enable;
+        message = "Synaptics and libinput are incompatible, you cannot enable both (in services.xserver).";
+      }
+    ];
+
   };
 
 }

nixos/modules/services/x11/xserver.nix

@@ -14,6 +14,9 @@ let
   # Map video driver names to driver packages. FIXME: move into card-specific modules.
   knownVideoDrivers = {
     virtualbox = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
+
+    # modesetting does not have a xf86videomodesetting package as it is included in xorgserver
+    modesetting = {};
   };
 
   fontsForXServer =
@@ -443,7 +446,7 @@ in
            then { modules = [xorg.${"xf86video" + name}]; }
            else null)
           knownVideoDrivers;
-      in optional (driver != null) ({ inherit name; driverName = name; } // driver));
+      in optional (driver != null) ({ inherit name; modules = []; driverName = name; } // driver));
 
     assertions =
       [ { assertion = config.security.polkit.enable;

nixos/modules/system/boot/luksroot.nix

@@ -443,7 +443,7 @@ in
         copy_bin_and_libs pbkdf2-sha512
 
         mkdir -p $out/etc/ssl
-        cp -pdv ${pkgs.openssl}/etc/ssl/openssl.cnf $out/etc/ssl
+        cp -pdv ${pkgs.openssl.out}/etc/ssl/openssl.cnf $out/etc/ssl
 
         cat > $out/bin/openssl-wrap <<EOF
         #!$out/bin/sh

pkgs/applications/altcoins/dogecoin.nix

@@ -43,5 +43,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.dogecoin.com/;
     license = licenses.mit;
     maintainers = with maintainers; [ edwtjo offline AndersonTorres ];
+    platforms = with platforms; linux;
   };
 }

pkgs/applications/audio/abcde/default.nix

@@ -72,5 +72,6 @@ in
         Ogg/Vorbis, MP3, FLAC, Ogg/Speex and/or MPP/MP+ (Musepack)
         format, and tags them, all in one go.
       '';
+      platforms = stdenv.lib.platforms.linux;
     };
   }

pkgs/applications/audio/cdparanoia/default.nix

@@ -29,5 +29,6 @@ stdenv.mkDerivation rec {
   meta = {
     homepage = http://xiph.org/paranoia;
     description = "A tool and library for reading digital audio from CDs";
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/audio/cmus/default.nix

@@ -116,5 +116,6 @@ stdenv.mkDerivation rec {
     homepage = https://cmus.github.io/;
     license = stdenv.lib.licenses.gpl2;
     maintainers = [ stdenv.lib.maintainers.oxij ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/audio/dirt/default.nix

@@ -25,5 +25,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/tidalcycles/Dirt";
     license = licenses.gpl3;
     maintainers = with maintainers; [ anderspapitto ];
+    platforms = with platforms; linux;
   };
 }

pkgs/applications/audio/easytag/default.nix

@@ -32,5 +32,6 @@ stdenv.mkDerivation rec {
     homepage = "http://projects.gnome.org/easytag/";
     license = stdenv.lib.licenses.gpl2Plus;
     maintainers = with stdenv.lib.maintainers; [ fuuzetsu ];
+    platforms = with stdenv.lib.platforms; linux;
   };
 }

pkgs/applications/audio/fmit/default.nix

@@ -11,10 +11,10 @@ with stdenv.lib;
 
 stdenv.mkDerivation rec {
   name = "fmit-${version}";
-  version = "1.0.15";
+  version = "1.1.8";
 
   src = fetchFromGitHub {
-    sha256 = "0bakqwgl7xx6khs8993w10a8kvlbr7sbqdaljbsmy8y8mjd6inqb";
+    sha256 = "14vx4p1h3c6frvv8dam4ymz588zpycmg17pxfkmx4m7pszhlin6b";
     rev = "v${version}";
     repo = "fmit";
     owner = "gillesdegottex";

pkgs/applications/audio/gjay/default.nix

@@ -18,5 +18,6 @@ stdenv.mkDerivation {
     homepage = http://gjay.sourceforge.net/;
     license = licenses.gpl2;
     maintainers = with maintainers; [ pSub ];
+    platforms = with platforms; linux;
   };
 }

pkgs/applications/audio/id3v2/default.nix

@@ -24,5 +24,6 @@ stdenv.mkDerivation rec {
     homepage = http://id3v2.sourceforge.net/;
     license = licenses.gpl2Plus;
     maintainers = with maintainers; [ nckx ];
+    platforms = with platforms; unix;
   };
 }

pkgs/applications/audio/kid3/default.nix

@@ -68,6 +68,7 @@ stdenv.mkDerivation rec {
     homepage = http://kid3.sourceforge.net/;
     license = licenses.lgpl2Plus;
     maintainers = [ maintainers.AndersonTorres ];
+    platforms = platforms.linux;
   };
 }
 # TODO: Qt5 support

pkgs/applications/audio/klick/default.nix

@@ -23,6 +23,7 @@ stdenv.mkDerivation rec {
     homepage = "http://das.nasophon.de/klick/";
     description = "Advanced command-line metronome for JACK";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
   };
 }
 

pkgs/applications/audio/mpg123/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation rec {
     homepage = http://mpg123.org;
     license = stdenv.lib.licenses.lgpl21;
     maintainers = [ stdenv.lib.maintainers.ftrvxmtrx ];
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/audio/normalize/default.nix

@@ -13,5 +13,6 @@ stdenv.mkDerivation rec {
     homepage = http://normalize.nongnu.org/;
     description = "Audio file normalizer";
     license = licenses.gpl2;
+    platforms = platforms.unix;
   };
 }

pkgs/applications/audio/nova-filters/default.nix

@@ -31,5 +31,6 @@ stdenv.mkDerivation rec {
     homepage = http://klingt.org/~tim/nova-filters/;
     description = "LADSPA plugins based on filters of nova";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/audio/opus-tools/default.nix

@@ -14,5 +14,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.opus-codec.org/;
     license = stdenv.lib.licenses.bsd2;
     maintainers = with stdenv.lib.maintainers; [ fuuzetsu ];
+    platforms = with stdenv.lib.platforms; unix;
   };
 }

pkgs/applications/audio/puddletag/default.nix

@@ -0,0 +1,49 @@
+{ stdenv, lib, fetchFromGitHub, pythonPackages, makeWrapper, chromaprint }:
+
+with lib;
+with pythonPackages;
+
+buildPythonApplication rec {
+  version = "1.1.1";
+  name = "puddletag-${version}";
+  namePrefix = "";
+
+  src = fetchFromGitHub {
+    owner = "keithgg";
+    repo = "puddletag";
+    rev = "1.1.1";
+    sha256 = "0zmhc01qg64fb825b3kj0mb0r0d9hms30nqvhdks0qnv7ahahqrx";
+  };
+
+  sourceRoot = "${name}-src/source";
+
+  disabled = isPy3k;
+
+  outputs = [ "out" ];
+
+  propagatedBuildInputs = [
+    chromaprint
+    configobj
+    mutagen
+    pyparsing
+    pyqt4
+  ];
+
+  doCheck = false;   # there are no tests
+  dontStrip = true;  # we are not generating any binaries
+
+  installPhase = ''
+    siteDir=$(toPythonPath $out)
+    mkdir -p $siteDir
+    PYTHONPATH=$PYTHONPATH:$siteDir
+    ${python.interpreter} setup.py install --prefix $out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://puddletag.net;
+    description = "An audio tag editor similar to the Windows program, Mp3tag";
+    license = licenses.gpl3;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ peterhoeg ];
+  };
+}

pkgs/applications/audio/rkrlv2/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation rec {
     homepage = https://github.com/ssj71/rkrlv2;
     license = stdenv.lib.licenses.gpl3;
     maintainers = [ stdenv.lib.maintainers.joelmo ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/audio/rubyripper/default.nix

@@ -16,4 +16,8 @@ stdenv.mkDerivation rec {
       --prefix PATH : "${ruby}/bin" \
       --prefix PATH : "${cdparanoia}/bin"
   '';
+
+  meta = {
+    platforms = stdenv.lib.platforms.linux;
+  };
 }

pkgs/applications/audio/spotify/default.nix

@@ -5,7 +5,7 @@
 assert stdenv.system == "x86_64-linux";
 
 let
-  version = "1.0.32.96.g3c8a06e6-37";
+  version = "1.0.34.146.g28f9eda2-19";
 
   deps = [
     alsaLib
@@ -50,7 +50,7 @@ stdenv.mkDerivation {
   src =
     fetchurl {
       url = "http://repository-origin.spotify.com/pool/non-free/s/spotify-client/spotify-client_${version}_amd64.deb";
-      sha256 = "0nk5sf3x9vf5ivm035h7rnjx0wvqlvii1i2mwvv50h86wmc25iih";
+      sha256 = "1pks9b83aj6y3c3jlmll0rs05yk15r49v0v4amm950z68v182a5g";
     };
 
   buildInputs = [ dpkg makeWrapper ];
@@ -104,6 +104,6 @@ stdenv.mkDerivation {
     homepage = https://www.spotify.com/;
     description = "Play music from the Spotify music service";
     license = stdenv.lib.licenses.unfree;
-    maintainers = with stdenv.lib.maintainers; [ eelco ftrvxmtrx sheenobu ];
+    maintainers = with stdenv.lib.maintainers; [ eelco ftrvxmtrx sheenobu mudri ];
   };
 }

pkgs/applications/backup/areca/default.nix

@@ -45,5 +45,6 @@ stdenv.mkDerivation rec {
     description = "An Open Source personal backup solution";
     license = licenses.gpl2;
     maintainers = with maintainers; [ pSub ];
+    platforms = with platforms; linux;
   };
 }

pkgs/applications/editors/aewan/default.nix

@@ -15,5 +15,6 @@ stdenv.mkDerivation rec {
     description = "Ascii-art Editor Without A Name";
     homepage = "http://aewan.sourceforge.net/";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/dhex/default.nix

@@ -28,5 +28,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.dettus.net/dhex/;
     license = stdenv.lib.licenses.gpl2;
     maintainers = with stdenv.lib.maintainers; [qknight];
+    platforms = with stdenv.lib.platforms; linux;
   };
 }

pkgs/applications/editors/eclipse/default.nix

@@ -312,6 +312,36 @@ rec {
   };
   eclipse_sdk_451 = eclipse-sdk-451; # backward compatibility, added 2016-01-30
   
+  eclipse-sdk-452 = buildEclipse {
+    name = "eclipse-sdk-4.5.2";
+    description = "Eclipse Mars Classic";
+    sources = {
+      "x86_64-linux" = fetchurl {
+          url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.5.2-201602121500/eclipse-SDK-4.5.2-linux-gtk-x86_64.tar.gz;
+          sha256 = "87f82b0c13c245ee20928557dbc4435657d1e029f72d9135683c8d585c69ba8d";
+        };
+      "i686-linux" = fetchurl {
+          url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.5.2-201602121500/eclipse-SDK-4.5.2-linux-gtk.tar.gz;
+          sha256 = "78f7e537b34333401fc782fbd1260087c586ff93b17b88da5b177642f3aa5a02";
+        };
+    };
+  };
+  
+  eclipse-sdk-46 = buildEclipse {
+    name = "eclipse-sdk-4.6";
+    description = "Eclipse Neon Classic";
+    sources = {
+      "x86_64-linux" = fetchurl {
+          url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6-201606061100/eclipse-SDK-4.6-linux-gtk-x86_64.tar.gz;
+          sha256 = "4d7a39ce4e04ba1f5179f6a72926eb86ed506d97842a3bf4247814491c508e0a";
+        };
+      "i686-linux" = fetchurl {
+          url = http://www.eclipse.org/downloads/download.php?r=1&nf=1&file=/eclipse/downloads/drops4/R-4.6-201606061100/eclipse-SDK-4.6-linux-gtk.tar.gz;
+          sha256 = "d9e1d390cac504a17a65d4a22ebb8da6a592bcc54491912cbc29577990d77014";
+        };
+    };
+  };
+
   eclipse-platform = eclipse-platform-46;
 
   eclipse-platform-45 = buildEclipse {

pkgs/applications/editors/ed/default.nix

@@ -47,5 +47,6 @@ stdenv.mkDerivation rec {
     homepage = http://www.gnu.org/software/ed/;
 
     maintainers = [ ];
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/edbrowse/default.nix

@@ -33,5 +33,6 @@ stdenv.mkDerivation rec {
     license = licenses.gpl1Plus;
     homepage = http://edbrowse.org/;
     maintainers = [ maintainers.schmitthenner maintainers.vrthra ];
+    platforms = platforms.linux;
   };
 }

pkgs/applications/editors/edit/default.nix

@@ -34,6 +34,7 @@ stdenv.mkDerivation rec {
     homepage = http://c9x.me/edit;
     license = licenses.publicDomain;
     maintainers = [ maintainers.vrthra ];
+    platforms = platforms.linux;
   };
 }
 

pkgs/applications/editors/emacs-25/default.nix

@@ -80,9 +80,6 @@ stdenv.mkDerivation rec {
     mv nextstep/Emacs.app $out/Applications
   '';
 
-  # https://github.com/NixOS/nixpkgs/issues/13573
-  doCheck = false;
-
   meta = with stdenv.lib; {
     description = "GNU Emacs 25 (pre), the extensible, customizable text editor";
     homepage    = http://www.gnu.org/software/emacs/;

pkgs/applications/editors/hexedit/default.nix

@@ -15,5 +15,6 @@ stdenv.mkDerivation rec {
     description = "View and edit files in hexadecimal or in ASCII";
     homepage = "http://prigaux.chez.com/hexedit.html";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/joe/default.nix

@@ -13,5 +13,6 @@ stdenv.mkDerivation rec {
     description = "A full featured terminal-based screen editor";
     homepage = http://joe-editor.sourceforge.net;
     license = licenses.gpl2;
+    platforms = platforms.unix;
   };
 }

pkgs/applications/editors/ne/default.nix

@@ -30,5 +30,6 @@ UN*X machine. ne is easy to use for the beginner, but powerful and fully configu
 and most sparing in its resource usage. See the manual for some highlights of ne's features.      
     '';
     license = stdenv.lib.licenses.gpl3;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/nedit/default.nix

@@ -1,7 +1,5 @@
 { stdenv, fetchurl, xlibsWrapper, motif, libXpm }:
 
-assert stdenv.isLinux;
-
 stdenv.mkDerivation rec {
   name = "nedit-5.6a";
   
@@ -12,7 +10,9 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ xlibsWrapper motif libXpm ];
 
-  buildFlags = if stdenv.isLinux then "linux" else "";
+  buildFlags = if stdenv.isLinux then "linux" else
+               # the linux config works fine on darwin too!
+               if stdenv.isDarwin then "linux" else "";
 
   NIX_CFLAGS_COMPILE="-DBUILD_UNTESTED_NEDIT -L${motif}/lib";
 
@@ -21,7 +21,8 @@ stdenv.mkDerivation rec {
     cp -p source/nedit source/nc $out/bin
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     homepage = http://www.nedit.org;
+    platforms = with platforms; linux ++ darwin;
   };
 }

pkgs/applications/editors/neovim/default.nix

@@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, cmake, gettext, glib, libmsgpack, libtermkey
+{ stdenv, fetchFromGitHub, cmake, gettext, libmsgpack, libtermkey
 , libtool, libuv, luajit, luaPackages, man, ncurses, perl, pkgconfig
 , unibilium, makeWrapper, vimUtils, xsel
 
@@ -72,7 +72,6 @@ let
     enableParallelBuilding = true;
 
     buildInputs = [
-      glib
       libtermkey
       libuv
       libmsgpack

pkgs/applications/editors/neovim/qt.nix

@@ -3,7 +3,7 @@
 }:
 
 let # not very usable ATM
-  version = "0pre-2015-10-18";
+  version = "0.2.1";
 in
 stdenv.mkDerivation {
   name = "neovim-qt-${version}";
@@ -11,8 +11,8 @@ stdenv.mkDerivation {
   src = fetchFromGitHub {
     repo = "neovim-qt";
     owner = "equalsraf";
-    rev = "03236e2";
+    rev = "v${version}";
-    sha256 = "0hhwpnj7yfqdk7yiwrq0x6n4xx30brj9clxmxx796421rlcrxypq";
+    sha256 = "0mqs2f7l05q2ayj77czr5fnpr7fa00qrmjdjxglbwxdxswcsz88n";
   };
 
   # It tries to download libmsgpack; let's use ours.
@@ -22,7 +22,7 @@ stdenv.mkDerivation {
 
     # Similar enough to FindMsgpack
     set(MSGPACK_INCLUDE_DIRS ${libmsgpack}/include PARENT_SCOPE)
-    set(MSGPACK_LIBRARIES msgpack PARENT_SCOPE)
+    set(MSGPACK_LIBRARIES msgpackc PARENT_SCOPE)
   '';
     in "echo '${use-msgpack}' > third-party/CMakeLists.txt";
 
@@ -34,9 +34,7 @@ stdenv.mkDerivation {
 
   enableParallelBuilding = true;
 
-  installPhase = ''
+  postInstall = ''
-    mkdir -p "$out/bin"
-    mv ./bin/nvim-qt "$out/bin/"
     wrapProgram "$out/bin/nvim-qt" --prefix PATH : "${neovim}/bin"
   '';
 

pkgs/applications/editors/netbeans/default.nix

@@ -46,5 +46,6 @@ stdenv.mkDerivation {
   meta = {
     description = "An integrated development environment for Java, C, C++ and PHP";
     maintainers = [ stdenv.lib.maintainers.sander ];
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/sigil/default.nix

@@ -38,5 +38,6 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.gpl3;
     inherit version;
     maintainers = with stdenv.lib.maintainers; [ ramkromberg ];
+    platforms = with stdenv.lib.platforms; linux;
   };
 }

pkgs/applications/editors/tweak/default.nix

@@ -16,6 +16,6 @@ stdenv.mkDerivation rec {
     description = "An efficient hex editor";
     homepage = "http://www.chiark.greenend.org.uk/~sgtatham/tweak";
     license = licenses.mit;
-    platform = platforms.unix;
+    platforms = platforms.linux;
   };
 }

pkgs/applications/editors/vbindiff/default.nix

@@ -15,5 +15,6 @@ stdenv.mkDerivation rec {
     description = "A terminal visual binary diff viewer";
     homepage = "http://www.cjmweb.net/vbindiff/";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/editors/vis/default.nix

@@ -46,5 +46,6 @@ stdenv.mkDerivation rec {
     homepage = http://github.com/martanne/vis;
     license = licenses.isc;
     maintainers = [ maintainers.vrthra ];
+    platforms = platforms.unix;
   };
 }

pkgs/applications/editors/wily/default.nix

@@ -22,5 +22,6 @@ stdenv.mkDerivation rec {
     homepage = http://wily.sourceforge.net;
     license = licenses.artistic1;
     maintainers = [ maintainers.vrthra ];
+    platforms = platforms.unix;
   };
 }

pkgs/applications/graphics/autopanosiftc/default.nix

@@ -14,5 +14,6 @@ stdenv.mkDerivation {
     homepage = http://hugin.sourceforge.net/;
     description = "Implementation in C of the autopano-sift algorithm for automatically stitching panoramas";
     license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/graphics/batik/default.nix

@@ -9,4 +9,8 @@ stdenv.mkDerivation {
   };
 
   buildInputs = [unzip];
+
+  meta = {
+    platforms = stdenv.lib.platforms.unix;
+  };
 }

pkgs/applications/graphics/darktable/default.nix

@@ -11,12 +11,12 @@
 assert stdenv ? glibc;
 
 stdenv.mkDerivation rec {
-  version = "2.0.4";
+  version = "2.0.5";
   name = "darktable-${version}";
 
   src = fetchurl {
     url = "https://github.com/darktable-org/darktable/releases/download/release-${version}/darktable-${version}.tar.xz";
-    sha256 = "0qhyjsjjcd8yirqdnzbbzsldwd6y4wf1bxjbsshvqq7h5xi4ir40";
+    sha256 = "00hap68yvfdif6a4lpbhn4jx1n68mpd2kj473kml1xby9swp32w9";
   };
 
   buildInputs =

pkgs/applications/graphics/fbida/default.nix

@@ -34,5 +34,6 @@ stdenv.mkDerivation rec {
     homepage = https://www.kraxel.org/blog/linux/fbida/;
     license = licenses.gpl2;
     maintainers = with maintainers; [ pSub ];
+    platforms = with platforms; linux;
   };
 }

pkgs/applications/graphics/fontmatrix/default.nix

@@ -15,5 +15,6 @@ stdenv.mkDerivation rec {
     description = "Fontmatrix is a free/libre font explorer for Linux, Windows and Mac";
     homepage = http://fontmatrix.be/;
     license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/graphics/gcolor2/default.nix

@@ -27,5 +27,6 @@ buildInputs = [ gtk perl perlXMLParser pkgconfig ];
     homepage = http://gcolor2.sourceforge.net/;
     license = stdenv.lib.licenses.gpl2Plus;
     maintainers = with stdenv.lib.maintainers; [ notthemessiah ];
+    platforms = with stdenv.lib.platforms; unix;
   };
 }

pkgs/applications/graphics/gqview/default.nix

@@ -18,5 +18,6 @@ stdenv.mkDerivation {
   meta = {
     description = "A fast image viewer";
     homepage = http://gqview.sourceforge.net;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/graphics/minidjvu/default.nix

@@ -22,5 +22,6 @@ stdenv.mkDerivation {
     description = "Black-and-white djvu page encoder and decoder that use interpage information";
     license = stdenv.lib.licenses.gpl2Plus;
     maintainers = [ stdenv.lib.maintainers.viric ];
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/graphics/qiv/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation (rec {
     description = "Quick image viewer";
     homepage = http://spiegl.de/qiv/;
     inherit version;
+    platforms = stdenv.lib.platforms.linux;
   };
 })

pkgs/applications/graphics/screencloud/default.nix

@@ -70,5 +70,6 @@ stdenv.mkDerivation rec {
     description = "Client for Screencloud, an easy to use screenshot sharing tool";
     license = stdenv.lib.licenses.gpl2;
     maintainers = with stdenv.lib.maintainers; [ forkk ];
+    platforms = with stdenv.lib.platforms; linux;
   };
 }

pkgs/applications/graphics/xaos/default.nix

@@ -24,5 +24,6 @@ stdenv.mkDerivation rec {
     homepage = http://xaos.sourceforge.net/;
     description = "Fractal viewer";
     license = stdenv.lib.licenses.gpl2Plus;
+    platforms = [ "x86_64-linux" ];
   };
 }

pkgs/applications/graphics/xournal/default.nix

@@ -26,5 +26,6 @@ stdenv.mkDerivation rec {
     description = "Note-taking application (supposes stylus)";
     maintainers = [ stdenv.lib.maintainers.guibert ];
     license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/graphics/zgrviewer/default.nix

@@ -26,5 +26,6 @@ stdenv.mkDerivation rec {
     maintainers = with stdenv.lib.maintainers; [raskin];
     license = stdenv.lib.licenses.lgpl21Plus;
     description = "GraphViz graph viewer/navigator";
+    platforms = with stdenv.lib.platforms; unix;
   };
 }

pkgs/applications/misc/albert/default.nix

@@ -26,5 +26,6 @@ stdenv.mkDerivation rec {
     description = "Desktop agnostic launcher";
     license     = stdenv.lib.licenses.gpl3Plus;
     maintainers = [ stdenv.lib.maintainers.ericsagnes ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/audio/soxr/default.nix

@@ -22,5 +22,6 @@ stdenv.mkDerivation rec {
     description = "An audio resampling library";
     homepage = http://soxr.sourceforge.net;
     license = stdenv.lib.licenses.lgpl21Plus;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/misc/catclock/default.nix

@@ -26,6 +26,6 @@ stdenv.mkDerivation rec {
     homepage = http://codefromabove.com/2014/05/catclock/;
     license = with licenses; mit;
     maintainers = with maintainers; [ ramkromberg ];
-    platforms = with platforms; linux;
+    platforms = with platforms; linux ++ darwin;
   };
 }

pkgs/applications/misc/cortex/default.nix

@@ -26,6 +26,7 @@ stdenv.mkDerivation {
     description = "An ncurses reddit browser and monitor";
     license = licenses.mit;
     maintainers = with maintainers; [ matthiasbeyer ];
+    platforms = with platforms; unix;
   };
 
 }

pkgs/applications/misc/eterm/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation rec {
     homepage = "http://www.eterm.org";
     license = licenses.bsd2;
     maintainers = [ maintainers.AndersonTorres ];
+    platforms = platforms.linux;
   };
 }

pkgs/applications/misc/garmin-plugin/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation {
     homepage = http://www.andreas-diesner.de/garminplugin;
     license = stdenv.lib.licenses.gpl3;
     maintainers = [ stdenv.lib.maintainers.ocharles ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/gksu/default.nix

@@ -47,5 +47,6 @@ stdenv.mkDerivation rec {
     homepage = "http://www.nongnu.org/gksu/";
     license = stdenv.lib.licenses.gpl2;
     maintainers = [ stdenv.lib.maintainers.romildo ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/gpscorrelate/default.nix

@@ -41,5 +41,6 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.gpl2Plus;
 
     homepage = http://freefoote.dview.net/linux_gpscorr.html;
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/gxneur/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation {
 
   meta = {
     description = "GUI for XNEUR keyboard layout switcher";
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/j4-dmenu-desktop/default.nix

@@ -25,5 +25,6 @@ stdenv.mkDerivation rec {
     homepage    = "https://github.com/enkore/j4-dmenu-desktop";
     license     = licenses.gpl3;
     maintainer  = with maintainers; [ ericsagnes ];
+    platforms = with platforms; unix;
   };
 }

pkgs/applications/misc/jigdo/default.nix

@@ -22,5 +22,6 @@ stdenv.mkDerivation {
     description = "Download utility that can fetch files from several sources simultaneously";
     homepage = http://atterer.net/jigdo/;
     license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/misc/jp2a/default.nix

@@ -17,5 +17,6 @@ stdenv.mkDerivation rec {
     homepage = https://csl.name/jp2a/;
     description = "A small utility that converts JPG images to ASCII";
     license = licenses.gpl2;
+    platforms = platforms.unix;
   };
 }

pkgs/applications/misc/mdp/default.nix

@@ -20,5 +20,6 @@ stdenv.mkDerivation rec {
     description = "A command-line based markdown presentation tool";
     maintainers = with maintainers; [ matthiasbeyer vrthra ];
     license = licenses.gpl3;
+    platforms = with platforms; unix;
   };
 }

pkgs/applications/misc/mrxvt/default.nix

@@ -35,5 +35,6 @@ stdenv.mkDerivation {
     ";
     homepage = http://sourceforge.net/projects/materm;
     license = "GPL";
+    platforms = stdenv.lib.platforms.linux;
   };
 }

pkgs/applications/misc/mupdf/default.nix

@@ -3,14 +3,23 @@
 , libX11, libXcursor, libXrandr, libXinerama, libXext, harfbuzz, mesa }:
 
 stdenv.mkDerivation rec {
-  version = "1.9";
+  version = "1.9a";
   name = "mupdf-${version}";
 
   src = fetchurl {
     url = "http://mupdf.com/downloads/archive/${name}-source.tar.gz";
-    sha256 = "15p2k1n3afc7bnqrc0zfqz31fjfq3rrrrj4fwwy5az26d11ynxhp";
+    sha256 = "1k64pdapyj8a336jw3j61fhn0rp4q6az7d0dqp9r5n3d9rgwa5c0";
   };
 
+  patches = [
+    # http://www.openwall.com/lists/oss-security/2016/08/03/2
+    (fetchpatch {
+      name = "mupdf-fix-CVE-2016-6525.patch";
+      url = "http://git.ghostscript.com/?p=mupdf.git;a=commitdiff_plain;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e;hp=fa1936405b6a84e5c9bb440912c23d532772f958";
+      sha256 = "1g9fkd1f5rx1z043vr9dj4934qf7i4nkvbwjc61my9azjrrc3jv7";
+    })
+  ];
+
   NIX_CFLAGS_COMPILE= [ "-fPIC" ];
   nativeBuildInputs = [ pkgconfig ];
   buildInputs = [ zlib freetype libX11 libXcursor libXext harfbuzz mesa libXrandr libXinerama ];

pkgs/applications/misc/nanoblogger/default.nix

@@ -25,5 +25,6 @@ stdenv.mkDerivation rec {
     description = "Small weblog engine written in Bash for the command line";
     homepage = http://nanoblogger.sourceforge.net/;
     license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.unix;
   };
 }

pkgs/applications/misc/pinfo/default.nix

@@ -18,6 +18,7 @@ stdenv.mkDerivation {
     description = "A viewer for info files";
     homepage = https://alioth.debian.org/projects/pinfo/;
     license = licenses.gpl2Plus;
+    platforms = platforms.unix;
   };
 }