Merge branch 'staging' into staging-next

doc/doc-support/lib-function-locations.nix

@@ -14,10 +14,10 @@ let
     builtins.map
       (subsetname: {
         subsetname = subsetname;
-        functions = libDefPos toplib."${subsetname}";
+        functions = libDefPos toplib.${subsetname};
       })
       (builtins.filter
-        (name: builtins.isAttrs toplib."${name}")
+        (name: builtins.isAttrs toplib.${name})
         (builtins.attrNames toplib));
 
   nixpkgsLib = pkgs.lib;

lib/customisation.nix

@@ -47,7 +47,7 @@ rec {
 
 
   /* `makeOverridable` takes a function from attribute set to attribute set and
-     injects `override` attibute which can be used to override arguments of
+     injects `override` attribute which can be used to override arguments of
      the function.
 
        nix-repl> x = {a, b}: { result = a + b; }

lib/deprecated.nix

@@ -24,7 +24,7 @@ rec {
     let arg = (merger init (defaultMergeArg init x));
         # now add the function with composed args already applied to the final attrs
         base = (setAttrMerge "passthru" {} (f arg)
-                        ( z: z // rec {
+                        ( z: z // {
                             function = foldArgs merger f arg;
                             args = (lib.attrByPath ["passthru" "args"] {} z) // x;
                           } ));

lib/kernel.nix

@@ -1,7 +1,7 @@
 { lib, version }:
 
 with lib;
-rec {
+{
   # Common patterns/legacy
   whenAtLeast = ver: mkIf (versionAtLeast version ver);
   whenOlder   = ver: mkIf (versionOlder version ver);

lib/licenses.nix

@@ -7,7 +7,7 @@ let
 
 in
 
-lib.mapAttrs (n: v: v // { shortName = n; }) rec {
+lib.mapAttrs (n: v: v // { shortName = n; }) {
   /* License identifiers from spdx.org where possible.
    * If you cannot find your license here, then look for a similar license or
    * add it to this list. The URL mentioned above is a good source for inspiration.

lib/lists.nix

@@ -459,11 +459,11 @@ rec {
       if length list < 2
       then # finish
            { result =  list; }
-      else if dfsthis ? "cycle"
+      else if dfsthis ? cycle
            then # there's a cycle, starting from the current vertex, return it
                 { cycle = reverseList ([ dfsthis.cycle ] ++ dfsthis.visited);
                   inherit (dfsthis) loops; }
-           else if toporest ? "cycle"
+           else if toporest ? cycle
                 then # there's a cycle somewhere else in the graph, return it
                      toporest
                 # Slow, but short. Can be made a bit faster with an explicit stack.

lib/systems/default.nix

@@ -58,13 +58,13 @@ rec {
       uname = {
         # uname -s
         system = {
-          "linux" = "Linux";
+          linux = "Linux";
-          "windows" = "Windows";
+          windows = "Windows";
-          "darwin" = "Darwin";
+          darwin = "Darwin";
-          "netbsd" = "NetBSD";
+          netbsd = "NetBSD";
-          "freebsd" = "FreeBSD";
+          freebsd = "FreeBSD";
-          "openbsd" = "OpenBSD";
+          openbsd = "OpenBSD";
-          "wasi" = "Wasi";
+          wasi = "Wasi";
         }.${final.parsed.kernel.name} or null;
 
          # uname -p
@@ -86,10 +86,10 @@ rec {
         else if final.isx86_64 then "x86_64"
         else if final.isx86 then "i386"
         else {
-          "powerpc" = "ppc";
+          powerpc = "ppc";
-          "powerpcle" = "ppc";
+          powerpcle = "ppc";
-          "powerpc64" = "ppc64";
+          powerpc64 = "ppc64";
-          "powerpc64le" = "ppc64le";
+          powerpc64le = "ppc64le";
         }.${final.parsed.cpu.name} or final.parsed.cpu.name;
 
       emulator = pkgs: let

lib/systems/doubles.nix

@@ -33,7 +33,7 @@ let
 
   filterDoubles = f: map parse.doubleFromSystem (lists.filter f allParsed);
 
-in rec {
+in {
   inherit all;
 
   none = [];

lib/systems/examples.nix

@@ -24,27 +24,27 @@ rec {
     platform = platforms.powernv;
   };
 
-  sheevaplug = rec {
+  sheevaplug = {
     config = "armv5tel-unknown-linux-gnueabi";
     platform = platforms.sheevaplug;
   };
 
-  raspberryPi = rec {
+  raspberryPi = {
     config = "armv6l-unknown-linux-gnueabihf";
     platform = platforms.raspberrypi;
   };
 
-  armv7l-hf-multiplatform = rec {
+  armv7l-hf-multiplatform = {
     config = "armv7l-unknown-linux-gnueabihf";
     platform = platforms.armv7l-hf-multiplatform;
   };
 
-  aarch64-multiplatform = rec {
+  aarch64-multiplatform = {
     config = "aarch64-unknown-linux-gnu";
     platform = platforms.aarch64-multiplatform;
   };
 
-  armv7a-android-prebuilt = rec {
+  armv7a-android-prebuilt = {
     config = "armv7a-unknown-linux-androideabi";
     sdkVer = "24";
     ndkVer = "18b";
@@ -52,7 +52,7 @@ rec {
     useAndroidPrebuilt = true;
   };
 
-  aarch64-android-prebuilt = rec {
+  aarch64-android-prebuilt = {
     config = "aarch64-unknown-linux-android";
     sdkVer = "24";
     ndkVer = "18b";
@@ -65,17 +65,17 @@ rec {
     inherit (platform.gcc) fpu;
   };
 
-  pogoplug4 = rec {
+  pogoplug4 = {
     config = "armv5tel-unknown-linux-gnueabi";
     platform = platforms.pogoplug4;
   };
 
-  ben-nanonote = rec {
+  ben-nanonote = {
     config = "mipsel-unknown-linux-uclibc";
     platform = platforms.ben_nanonote;
   };
 
-  fuloongminipc = rec {
+  fuloongminipc = {
     config = "mipsel-unknown-linux-gnu";
     platform = platforms.fuloong2f_n32;
   };
@@ -236,4 +236,9 @@ rec {
     useLLVM = true;
   };
 
+  # Ghcjs
+  ghcjs = {
+    config = "js-unknown-ghcjs";
+    platform = {};
+  };
 }

lib/systems/inspect.nix

@@ -12,7 +12,7 @@ rec {
     isx86_32       = { cpu = { family = "x86"; bits = 32; }; };
     isx86_64       = { cpu = { family = "x86"; bits = 64; }; };
     isPowerPC      = { cpu = cpuTypes.powerpc; };
-    isPower = { cpu = { family = "power"; }; };
+    isPower        = { cpu = { family = "power"; }; };
     isx86          = { cpu = { family = "x86"; }; };
     isAarch32      = { cpu = { family = "arm"; bits = 32; }; };
     isAarch64      = { cpu = { family = "arm"; bits = 64; }; };
@@ -23,6 +23,7 @@ rec {
     isMsp430       = { cpu = { family = "msp430"; }; };
     isAvr          = { cpu = { family = "avr"; }; };
     isAlpha        = { cpu = { family = "alpha"; }; };
+    isJavaScript   = { cpu = cpuTypes.js; };
 
     is32bit        = { cpu = { bits = 32; }; };
     is64bit        = { cpu = { bits = 64; }; };
@@ -44,6 +45,7 @@ rec {
     isCygwin       = { kernel = kernels.windows; abi = abis.cygnus; };
     isMinGW        = { kernel = kernels.windows; abi = abis.gnu; };
     isWasi         = { kernel = kernels.wasi; };
+    isGhcjs        = { kernel = kernels.ghcjs; };
     isNone         = { kernel = kernels.none; };
 
     isAndroid      = [ { abi = abis.android; } { abi = abis.androideabi; } ];

lib/systems/parse.nix

@@ -111,6 +111,8 @@ rec {
 
     msp430   = { bits = 16; significantByte = littleEndian; family = "msp430"; };
     avr      = { bits = 8; family = "avr"; };
+
+    js       = { bits = 32; significantByte = littleEndian; family = "js"; };
   };
 
   # Determine where two CPUs are compatible with each other. That is,
@@ -271,6 +273,7 @@ rec {
     solaris = { execFormat = elf;     families = { }; };
     wasi    = { execFormat = wasm;    families = { }; };
     windows = { execFormat = pe;      families = { }; };
+    ghcjs   = { execFormat = unknown; families = { }; };
   } // { # aliases
     # 'darwin' is the kernel for all of them. We choose macOS by default.
     darwin = kernels.macos;
@@ -384,6 +387,8 @@ rec {
         then { cpu = elemAt l 0; vendor = elemAt l 1;    kernel = elemAt l 2;                }
       else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
         then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
+      else if (elemAt l 2 == "ghcjs")
+        then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
       else throw "Target specification with 3 components is ambiguous";
     "4" =    { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
   }.${toString (length l)}
@@ -403,7 +408,7 @@ rec {
     getKernel = name:  kernels.${name} or (throw "Unknown kernel: ${name}");
     getAbi    = name:     abis.${name} or (throw "Unknown ABI: ${name}");
 
-    parsed = rec {
+    parsed = {
       cpu = getCpu args.cpu;
       vendor =
         /**/ if args ? vendor    then getVendor args.vendor

lib/systems/platforms.nix

@@ -456,16 +456,16 @@ rec {
   };
 
   selectBySystem = system: {
-      "i486-linux" = pc32;
+      i486-linux = pc32;
-      "i586-linux" = pc32;
+      i586-linux = pc32;
-      "i686-linux" = pc32;
+      i686-linux = pc32;
-      "x86_64-linux" = pc64;
+      x86_64-linux = pc64;
-      "armv5tel-linux" = sheevaplug;
+      armv5tel-linux = sheevaplug;
-      "armv6l-linux" = raspberrypi;
+      armv6l-linux = raspberrypi;
-      "armv7a-linux" = armv7l-hf-multiplatform;
+      armv7a-linux = armv7l-hf-multiplatform;
-      "armv7l-linux" = armv7l-hf-multiplatform;
+      armv7l-linux = armv7l-hf-multiplatform;
-      "aarch64-linux" = aarch64-multiplatform;
+      aarch64-linux = aarch64-multiplatform;
-      "mipsel-linux" = fuloong2f_n32;
+      mipsel-linux = fuloong2f_n32;
-      "powerpc64le-linux" = powernv;
+      powerpc64le-linux = powernv;
     }.${system} or pcBase;
 }

lib/types.nix

@@ -42,7 +42,7 @@ rec {
   # Default type functor
   defaultFunctor = name: {
     inherit name;
-    type    = types."${name}" or null;
+    type    = types.${name} or null;
     wrapped = null;
     payload = null;
     binOp   = a: b: null;
@@ -107,7 +107,7 @@ rec {
       merge = mergeEqualOption;
     };
 
-    int = mkOptionType rec {
+    int = mkOptionType {
         name = "int";
         description = "signed integer";
         check = isInt;
@@ -136,7 +136,7 @@ rec {
         sign = bit: range: ign (0 - (range / 2)) (range / 2 - 1)
           "signedInt${toString bit}" "${toString bit} bit signed integer";
 
-      in rec {
+      in {
         /* An int with a fixed range.
         *
         * Example:
@@ -172,7 +172,7 @@ rec {
     # Alias of u16 for a port number
     port = ints.u16;
 
-    float = mkOptionType rec {
+    float = mkOptionType {
         name = "float";
         description = "floating point number";
         check = isFloat;
@@ -217,7 +217,8 @@ rec {
 
     # Deprecated; should not be used because it quietly concatenates
     # strings, which is usually not what you want.
-    string = separatedString "";
+    string = warn "types.string is deprecated because it quietly concatenates strings"
+      (separatedString "");
 
     attrs = mkOptionType {
       name = "attrs";

lib/versions.nix

@@ -7,7 +7,7 @@ let
 
 in
 
-rec {
+{
 
   /* Get the major version string from a string.
 

maintainers/maintainer-list.nix

@@ -2091,7 +2091,7 @@
     githubId = 2817965;
     name = "f--t";
   };
-  f-breidenstein = {
+  fleaz = {
     email = "mail@felixbreidenstein.de";
     github = "fleaz";
     githubId = 2489598;
@@ -5095,6 +5095,12 @@
     githubId = 9568176;
     name = "Piotr Halama";
   };
+  puckipedia = {
+    email = "puck@puckipedia.com";
+    github = "puckipedia";
+    githubId = 488734;
+    name = "Puck Meerburg";
+  };
   puffnfresh = {
     email = "brian@brianmckenna.org";
     github = "puffnfresh";

nixos/doc/manual/configuration/profiles/clone-config.xml

@@ -16,6 +16,6 @@
   On images where the installation media also becomes an installation target,
   copying over <literal>configuration.nix</literal> should be disabled by
   setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
-  This is already done in <literal>sd-image.nix</literal>.
+  For example, this is done in <literal>sd-image-aarch64.nix</literal>.
  </para>
 </section>

nixos/doc/manual/release-notes/rl-1909.xml

@@ -57,6 +57,64 @@
       and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
+      like games.
+      <itemizedlist>
+      <para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
+      <listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem>
+      </itemizedlist>
+      With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
+      disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
+      <option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
+      in the GNOME 3 module.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
+     to match as close as possible to a default reference GNOME 3 experience.
+    </para>
+
+    <bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
+
+    <itemizedlist>
+     <title>Applications removed from defaults:</title>
+     <listitem><para><literal>accerciser</literal></para></listitem>
+     <listitem><para><literal>dconf-editor</literal></para></listitem>
+     <listitem><para><literal>evolution</literal></para></listitem>
+     <listitem><para><literal>gnome-documents</literal></para></listitem>
+     <listitem><para><literal>gnome-nettool</literal></para></listitem>
+     <listitem><para><literal>gnome-power-manager</literal></para></listitem>
+     <listitem><para><literal>gnome-todo</literal></para></listitem>
+     <listitem><para><literal>gnome-tweaks</literal></para></listitem>
+     <listitem><para><literal>gnome-usage</literal></para></listitem>
+     <listitem><para><literal>gucharmap</literal></para></listitem>
+     <listitem><para><literal>nautilus-sendto</literal></para></listitem>
+     <listitem><para><literal>vinagre</literal></para></listitem>
+    </itemizedlist>
+    <itemizedlist>
+     <title>Applications added to defaults:</title>
+     <listitem><para><literal>cheese</literal></para></listitem>
+     <listitem><para><literal>geary</literal></para></listitem>
+    </itemizedlist>
+
+    <bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
+
+    <itemizedlist>
+     <title>Applications added to defaults:</title>
+     <listitem><para><literal>gnome-color-manager</literal></para></listitem>
+     <listitem><para><literal>orca</literal></para></listitem>
+    </itemizedlist>
+    <itemizedlist>
+     <title>Services enabled:</title>
+     <listitem><para><option>services.avahi.enable</option></para></listitem>
+    </itemizedlist>
+   </listitem>
   </itemizedlist>
  </section>
 
@@ -348,6 +406,12 @@
        What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
      </para>
    </listitem>
+   <listitem>
+     <para>
+       <option>services.xserver.desktopManager.xterm</option> is now disabled by default.
+       It was not useful except for debugging purposes and was confusingly set as default in some circumstances.
+     </para>
+   </listitem>
 
   </itemizedlist>
  </section>
@@ -547,8 +611,8 @@
       </para>
      </listitem>
     </itemizedlist>
-
+     This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
-     This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
+     and restricts the SysRq key combinations to the sync command only.
      These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
      and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
      (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
@@ -591,6 +655,51 @@
      The defaults from fontconfig are sufficient.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The <literal>crashplan</literal> package and the
+      <literal>crashplan</literal> service have been removed from nixpkgs due to
+      crashplan shutting down the service, while the <literal>crashplansb</literal>
+      package and <literal>crashplan-small-business</literal> service have been
+      removed from nixpkgs due to lack of maintainer.
+    </para>
+    <para>
+      The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
+      <filename class="directory">/run/redis</filename> as runtime directory and
+      <filename class="directory">/var/lib/redis</filename> as state directory.
+      Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
+      because this features causes major performance problems for Redis,
+      e.g. (https://redis.io/topics/latency).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
+     <itemizedlist>
+      <para>Users of the following options will have this enabled by default:</para>
+      <listitem>
+       <para><option>services.xserver.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>programs.sway.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>programs.way-cooler.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>services.xrdp.enable</option></para>
+      </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+     <para>
+       The <literal>altcoins</literal> categorization of packages has
+       been removed. You now access these packages at the top level,
+       ie. <literal>nix-shell -p dogecoin</literal> instead of
+       <literal>nix-shell -p altcoins.dogecoin</literal>, etc.
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>

nixos/lib/make-options-doc/default.nix

@@ -126,7 +126,7 @@ let
     }
   '';
 
-in rec {
+in {
   inherit optionsNix;
 
   optionsAsciiDoc = lib.concatStringsSep "\n" (lib.mapAttrsToList singleAsciiDoc optionsNix);

nixos/lib/qemu-flags.nix

@@ -17,9 +17,9 @@ in
         else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
 
   qemuBinary = qemuPkg: {
-    "x86_64-linux" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
+    x86_64-linux = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
-    "armv7l-linux" = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
+    armv7l-linux = "${qemuPkg}/bin/qemu-system-arm -enable-kvm -machine virt -cpu host";
-    "aarch64-linux" = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
+    aarch64-linux = "${qemuPkg}/bin/qemu-system-aarch64 -enable-kvm -machine virt,gic-version=host -cpu host";
-    "x86_64-darwin" = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
+    x86_64-darwin = "${qemuPkg}/bin/qemu-kvm -cpu kvm64";
   }.${pkgs.stdenv.hostPlatform.system} or "${qemuPkg}/bin/qemu-kvm";
 }

nixos/lib/utils.nix

@@ -1,6 +1,6 @@
 pkgs: with pkgs.lib;
 
-rec {
+{
 
   # Check whenever fileSystem is needed for boot
   fsNeededForBoot = fs: fs.neededForBoot

nixos/modules/config/fonts/fontconfig-penultimate.nix

@@ -35,8 +35,8 @@ let
                   then "fontconfig"
                   else "fontconfig_${version}";
       makeCache = fontconfig: pkgs.makeFontsCache { inherit fontconfig; fontDirectories = config.fonts.fonts; };
-      cache     = makeCache pkgs."${fcPackage}";
+      cache     = makeCache pkgs.${fcPackage};
-      cache32   = makeCache pkgs.pkgsi686Linux."${fcPackage}";
+      cache32   = makeCache pkgs.pkgsi686Linux.${fcPackage};
     in
     pkgs.writeText "fc-00-nixos-cache.conf" ''
       <?xml version='1.0'?>

nixos/modules/config/fonts/fontconfig-ultimate.nix

@@ -79,7 +79,7 @@ in
   config = mkIf (config.fonts.fontconfig.enable && cfg.enable) {
 
     fonts.fontconfig.confPackages = [ confPkg ];
-    environment.variables."INFINALITY_FT" = cfg.preset;
+    environment.variables.INFINALITY_FT = cfg.preset;
 
   };
 

nixos/modules/config/fonts/fontconfig.nix

@@ -116,7 +116,7 @@ let
   defaultFontsConf =
     let genDefault = fonts: name:
       optionalString (fonts != []) ''
-        <alias>
+        <alias binding="same">
           <family>${name}</family>
           <prefer>
           ${concatStringsSep ""
@@ -139,6 +139,8 @@ let
 
       ${genDefault cfg.defaultFonts.monospace "monospace"}
 
+      ${genDefault cfg.defaultFonts.emoji "emoji"}
+
     </fontconfig>
   '';
 
@@ -344,6 +346,21 @@ in
               in case multiple languages must be supported.
             '';
           };
+
+          emoji = mkOption {
+            type = types.listOf types.str;
+            default = ["Noto Color Emoji"];
+            description = ''
+              System-wide default emoji font(s). Multiple fonts may be listed
+              in case a font does not support all emoji.
+
+              Note that fontconfig matches color emoji fonts preferentially,
+              so if you want to use a black and white font while having
+              a color font installed (eg. Noto Color Emoji installed alongside
+              Noto Emoji), fontconfig will still choose the color font even
+              when it is later in the list.
+            '';
+          };
         };
 
         hinting = {

nixos/modules/config/fonts/fonts.nix

@@ -43,6 +43,7 @@ with lib;
         pkgs.xorg.fontmiscmisc
         pkgs.xorg.fontcursormisc
         pkgs.unifont
+        pkgs.noto-fonts-emoji
       ];
 
   };

nixos/modules/config/krb5/default.nix

@@ -15,7 +15,7 @@ let
     realms = optionalAttrs (lib.all (value: value != null) [
       cfg.defaultRealm cfg.kdc cfg.kerberosAdminServer
     ]) {
-      "${cfg.defaultRealm}" = {
+      ${cfg.defaultRealm} = {
         kdc = cfg.kdc;
         admin_server = cfg.kerberosAdminServer;
       };
@@ -25,7 +25,7 @@ let
       cfg.domainRealm cfg.defaultRealm
     ]) {
       ".${cfg.domainRealm}" = cfg.defaultRealm;
-      "${cfg.domainRealm}" = cfg.defaultRealm;
+      ${cfg.domainRealm} = cfg.defaultRealm;
     };
   };
 

nixos/modules/config/malloc.nix

@@ -6,7 +6,7 @@ let
 
   # The set of alternative malloc(3) providers.
   providers = {
-    "graphene-hardened" = rec {
+    graphene-hardened = {
       libPath = "${pkgs.graphene-hardened-malloc}/lib/libhardened_malloc.so";
       description = ''
         An allocator designed to mitigate memory corruption attacks, such as
@@ -14,7 +14,7 @@ let
       '';
     };
 
-    "jemalloc" = {
+    jemalloc = {
       libPath = "${pkgs.jemalloc}/lib/libjemalloc.so";
       description = ''
         A general purpose allocator that emphasizes fragmentation avoidance
@@ -22,7 +22,7 @@ let
       '';
     };
 
-    "scudo" = {
+    scudo = {
       libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
       description = ''
         A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
@@ -32,7 +32,7 @@ let
     };
   };
 
-  providerConf = providers."${cfg.provider}";
+  providerConf = providers.${cfg.provider};
 
   # An output that contains only the shared library, to avoid
   # needlessly bloating the system closure

nixos/modules/config/networking.nix

@@ -171,13 +171,13 @@ in
 
     environment.etc =
       { # /etc/services: TCP/UDP port assignments.
-        "services".source = pkgs.iana-etc + "/etc/services";
+        services.source = pkgs.iana-etc + "/etc/services";
 
         # /etc/protocols: IP protocol numbers.
-        "protocols".source  = pkgs.iana-etc + "/etc/protocols";
+        protocols.source  = pkgs.iana-etc + "/etc/protocols";
 
         # /etc/hosts: Hostname-to-IP mappings.
-        "hosts".text = let
+        hosts.text = let
           oneToString = set: ip: ip + " " + concatStringsSep " " set.${ip};
           allToString = set: concatMapStringsSep "\n" (oneToString set) (attrNames set);
         in ''
@@ -190,7 +190,7 @@ in
 
       } // optionalAttrs (pkgs.stdenv.hostPlatform.libc == "glibc") {
         # /etc/rpc: RPC program numbers.
-        "rpc".source = pkgs.glibc.out + "/etc/rpc";
+        rpc.source = pkgs.glibc.out + "/etc/rpc";
       };
 
       networking.proxy.envVars =

nixos/modules/config/power-management.nix

@@ -78,7 +78,7 @@ in
     };
 
     # Service executed before suspending/hibernating.
-    systemd.services."pre-sleep" =
+    systemd.services.pre-sleep =
       { description = "Pre-Sleep Actions";
         wantedBy = [ "sleep.target" ];
         before = [ "sleep.target" ];
@@ -89,7 +89,7 @@ in
         serviceConfig.Type = "oneshot";
       };
 
-    systemd.services."post-resume" =
+    systemd.services.post-resume =
       { description = "Post-Resume Actions";
         after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
         script =

nixos/modules/config/shells-environment.nix

@@ -163,7 +163,7 @@ in
       l  = "ls -alh";
     };
 
-    environment.etc."shells".text =
+    environment.etc.shells.text =
       ''
         ${concatStringsSep "\n" (map utils.toShellPath cfg.shells)}
         /bin/sh
@@ -171,7 +171,7 @@ in
 
     # For resetting environment with `. /etc/set-environment` when needed
     # and discoverability (see motivation of #30418).
-    environment.etc."set-environment".source = config.system.build.setEnvironment;
+    environment.etc.set-environment.source = config.system.build.setEnvironment;
 
     system.build.setEnvironment = pkgs.writeText "set-environment"
       ''

nixos/modules/config/terminfo.nix

@@ -8,7 +8,7 @@
       "/share/terminfo"
     ];
 
-    environment.etc."terminfo" = {
+    environment.etc.terminfo = {
       source = "${config.system.path}/share/terminfo";
     };
 

nixos/modules/config/users-groups.nix

@@ -181,7 +181,7 @@ let
       };
 
       hashedPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the hashed password for the user.
@@ -191,7 +191,7 @@ let
       };
 
       password = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the (clear text) password for the user.
@@ -203,7 +203,7 @@ let
       };
 
       passwordFile = mkOption {
-        type = with types; uniq (nullOr string);
+        type = with types; nullOr str;
         default = null;
         description = ''
           The full path to a file that contains the user's password. The password
@@ -215,7 +215,7 @@ let
       };
 
       initialHashedPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the initial hashed password for the user, i.e. the
@@ -230,7 +230,7 @@ let
       };
 
       initialPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the initial password for the user, i.e. the
@@ -304,7 +304,7 @@ let
       };
 
       members = mkOption {
-        type = with types; listOf string;
+        type = with types; listOf str;
         default = [];
         description = ''
           The user names of the group members, added to the
@@ -546,11 +546,11 @@ in {
     environment.systemPackages = systemShells;
 
     environment.etc = {
-      "subuid" = {
+      subuid = {
         text = subuidFile;
         mode = "0644";
       };
-      "subgid" = {
+      subgid = {
         text = subgidFile;
         mode = "0644";
       };

nixos/modules/hardware/nitrokey.nix

@@ -36,6 +36,6 @@ in
         { inherit (cfg) group; }
       ))
     ];
-    users.groups."${cfg.group}" = {};
+    users.groups.${cfg.group} = {};
   };
 }

nixos/modules/hardware/video/ati.nix

@@ -33,7 +33,7 @@ in
 
     boot.blacklistedKernelModules = [ "radeon" ];
 
-    environment.etc."ati".source = "${ati_x11}/etc/ati";
+    environment.etc.ati.source = "${ati_x11}/etc/ati";
 
   };
 

nixos/modules/hardware/video/nvidia.nix

@@ -88,7 +88,7 @@ in
     };
 
     hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
       default = "";
       example = "PCI:1:0:0";
       description = ''
@@ -98,7 +98,7 @@ in
     };
 
     hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
       default = "";
       example = "PCI:0:2:0";
       description = ''

nixos/modules/installer/cd-dvd/sd-image-aarch64.nix

@@ -59,4 +59,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix

@@ -56,4 +56,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix

@@ -45,4 +45,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image.nix

@@ -54,7 +54,7 @@ in
     };
 
     firmwarePartitionID = mkOption {
-      type = types.string;
+      type = types.str;
       default = "0x2178694e";
       description = ''
         Volume ID for the /boot/firmware partition on the SD card. This value
@@ -63,7 +63,7 @@ in
     };
 
     rootPartitionUUID = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
       description = ''
@@ -194,9 +194,5 @@ in
         rm -f /nix-path-registration
       fi
     '';
-
-    # the installation media is also the installation target,
-    # so we don't want to provide the installation configuration.nix.
-    installer.cloneConfig = false;
   };
 }

nixos/modules/installer/cd-dvd/system-tarball-pc.nix

@@ -129,7 +129,7 @@ in
   ];
 
   nixpkgs.config = {
-    packageOverrides = p: rec {
+    packageOverrides = p: {
       linux_3_4 = p.linux_3_4.override {
         extraConfig = ''
           # Enable drivers in kernel for most NICs.

nixos/modules/installer/netboot/netboot.nix

@@ -18,7 +18,7 @@ with lib;
 
   };
 
-  config = rec {
+  config = {
     # Don't build the GRUB menu builder script, since we don't need it
     # here and it causes a cyclic dependency.
     boot.loader.grub.enable = false;

nixos/modules/misc/version.nix

@@ -85,7 +85,7 @@ in
     # Generate /etc/os-release.  See
     # https://www.freedesktop.org/software/systemd/man/os-release.html for the
     # format.
-    environment.etc."os-release".text =
+    environment.etc.os-release.text =
       ''
         NAME=NixOS
         ID=nixos

nixos/modules/module-list.nix

@@ -138,6 +138,7 @@
   ./programs/qt5ct.nix
   ./programs/screen.nix
   ./programs/sedutil.nix
+  ./programs/seahorse.nix
   ./programs/slock.nix
   ./programs/shadow.nix
   ./programs/shell.nix
@@ -216,8 +217,6 @@
   ./services/backup/bacula.nix
   ./services/backup/borgbackup.nix
   ./services/backup/duplicati.nix
-  ./services/backup/crashplan.nix
-  ./services/backup/crashplan-small-business.nix
   ./services/backup/duplicity.nix
   ./services/backup/mysql-backup.nix
   ./services/backup/postgresql-backup.nix
@@ -303,7 +302,6 @@
   ./services/desktops/gnome3/gnome-settings-daemon.nix
   ./services/desktops/gnome3/gnome-user-share.nix
   ./services/desktops/gnome3/rygel.nix
-  ./services/desktops/gnome3/seahorse.nix
   ./services/desktops/gnome3/sushi.nix
   ./services/desktops/gnome3/tracker.nix
   ./services/desktops/gnome3/tracker-miners.nix

nixos/modules/programs/atop.nix

@@ -30,7 +30,7 @@ in
   };
 
   config = mkIf (cfg.settings != {}) {
-    environment.etc."atoprc".text =
+    environment.etc.atoprc.text =
       concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
   };
 }

nixos/modules/programs/bash/bash.nix

@@ -159,7 +159,7 @@ in
 
     };
 
-    environment.etc."profile".text =
+    environment.etc.profile.text =
       ''
         # /etc/profile: DO NOT EDIT -- this file has been generated automatically.
         # This file is read for login shells.
@@ -184,7 +184,7 @@ in
         fi
       '';
 
-    environment.etc."bashrc".text =
+    environment.etc.bashrc.text =
       ''
         # /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
 
@@ -212,7 +212,7 @@ in
 
     # Configuration for readline in bash. We use "option default"
     # priority to allow user override using both .text and .source.
-    environment.etc."inputrc".source = mkOptionDefault ./inputrc;
+    environment.etc.inputrc.source = mkOptionDefault ./inputrc;
 
     users.defaultUserShell = mkDefault pkgs.bashInteractive;
 

nixos/modules/programs/firejail.nix

@@ -5,7 +5,7 @@ with lib;
 let
   cfg = config.programs.firejail;
 
-  wrappedBins = pkgs.stdenv.mkDerivation rec {
+  wrappedBins = pkgs.stdenv.mkDerivation {
     name = "firejail-wrapped-binaries";
     nativeBuildInputs = with pkgs; [ makeWrapper ];
     buildCommand = ''

nixos/modules/programs/less.nix

@@ -54,8 +54,8 @@ in
         type = types.attrsOf types.str;
         default = {};
         example = {
-          "h" = "noaction 5\e(";
+          h = "noaction 5\e(";
-          "l" = "noaction 5\e)";
+          l = "noaction 5\e)";
         };
         description = "Defines new command keys.";
       };
@@ -74,7 +74,7 @@ in
         type = types.attrsOf types.str;
         default = {};
         example = {
-          "\e" = "abort";
+          e = "abort";
         };
         description = "Defines new line-editing keys.";
       };
@@ -111,11 +111,11 @@ in
     environment.systemPackages = [ pkgs.less ];
 
     environment.variables = {
-      "LESSKEY_SYSTEM" = toString lessKey;
+      LESSKEY_SYSTEM = toString lessKey;
     } // optionalAttrs (cfg.lessopen != null) {
-      "LESSOPEN" = cfg.lessopen;
+      LESSOPEN = cfg.lessopen;
     } // optionalAttrs (cfg.lessclose != null) {
-      "LESSCLOSE" = cfg.lessclose;
+      LESSCLOSE = cfg.lessclose;
     };
 
     warnings = optional (

nixos/modules/programs/nano.nix

@@ -35,7 +35,7 @@ in
   ###### implementation
 
   config = lib.mkIf (cfg.nanorc != "" || cfg.syntaxHighlight) {
-    environment.etc."nanorc".text = lib.concatStrings [ cfg.nanorc
+    environment.etc.nanorc.text = lib.concatStrings [ cfg.nanorc
       (lib.optionalString cfg.syntaxHighlight ''${LF}include "${pkgs.nano}/share/nano/*.nanorc"'') ];
   };
 

nixos/modules/programs/npm.nix

@@ -36,7 +36,7 @@ in
   ###### implementation
 
   config = lib.mkIf cfg.enable {
-    environment.etc."npmrc".text = cfg.npmrc;
+    environment.etc.npmrc.text = cfg.npmrc;
 
     environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";
 

nixos/modules/programs/screen.nix

@@ -24,7 +24,7 @@ in
   ###### implementation
 
   config = mkIf (cfg.screenrc != "") {
-    environment.etc."screenrc".text = cfg.screenrc;
+    environment.etc.screenrc.text = cfg.screenrc;
 
     environment.systemPackages = [ pkgs.screen ];
   };

nixos/modules/programs/seahorse.nix

@@ -0,0 +1,44 @@
+# Seahorse.
+
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+{
+
+ # Added 2019-08-27
+  imports = [
+    (mkRenamedOptionModule
+      [ "services" "gnome3" "seahorse" "enable" ]
+      [ "programs" "seahorse" "enable" ])
+  ];
+
+
+  ###### interface
+
+  options = {
+
+    programs.seahorse = {
+
+      enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.programs.seahorse.enable {
+
+    environment.systemPackages = [
+      pkgs.gnome3.seahorse
+    ];
+
+    services.dbus.packages = [
+      pkgs.gnome3.seahorse
+    ];
+
+  };
+
+}

nixos/modules/programs/thefuck.nix

@@ -17,7 +17,7 @@ in
 
         alias = mkOption {
           default = "fuck";
-          type = types.string;
+          type = types.str;
 
           description = ''
             `thefuck` needs an alias to be configured.

nixos/modules/programs/xfs_quota.nix

@@ -61,7 +61,7 @@ in
         description = "Setup of xfs_quota projects. Make sure the filesystem is mounted with the pquota option.";
 
         example = {
-          "projname" = {
+          projname = {
             id = 50;
             path = "/xfsprojects/projname";
             sizeHardLimit = "50g";

nixos/modules/programs/xonsh.nix

@@ -45,7 +45,7 @@ in
 
   config = mkIf cfg.enable {
 
-    environment.etc."xonshrc".text = cfg.config;
+    environment.etc.xonshrc.text = cfg.config;
 
     environment.systemPackages = [ cfg.package ];
 

nixos/modules/programs/xss-lock.nix

@@ -12,7 +12,7 @@ in
     lockerCommand = mkOption {
       default = "${pkgs.i3lock}/bin/i3lock";
       example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
-      type = types.string;
+      type = types.separatedString " ";
       description = "Locker to be used with xsslock";
     };
 

nixos/modules/programs/yabar.nix

@@ -76,7 +76,7 @@ in
             font = mkOption {
               default = "sans bold 9";
               example = "Droid Sans, FontAwesome Bold 9";
-              type = types.string;
+              type = types.str;
 
               description = ''
                 The font that will be used to draw the status bar.
@@ -95,7 +95,7 @@ in
 
             extra = mkOption {
               default = {};
-              type = types.attrsOf types.string;
+              type = types.attrsOf types.str;
 
               description = ''
                 An attribute set which contains further attributes of a bar.
@@ -107,7 +107,7 @@ in
               type = types.attrsOf(types.submodule {
                 options.exec = mkOption {
                   example = "YABAR_DATE";
-                  type = types.string;
+                  type = types.str;
                   description = ''
                      The type of the indicator to be executed.
                   '';
@@ -125,7 +125,7 @@ in
 
                 options.extra = mkOption {
                   default = {};
-                  type = types.attrsOf (types.either types.string types.int);
+                  type = types.attrsOf (types.either types.str types.int);
 
                   description = ''
                     An attribute set which contains further attributes of a indicator.

nixos/modules/programs/zsh/zsh-syntax-highlighting.nix

@@ -33,7 +33,7 @@ in
 
       patterns = mkOption {
         default = {};
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
 
         example = literalExample ''
           {
@@ -50,7 +50,7 @@ in
       };
       styles = mkOption {
         default = {};
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
 
         example = literalExample ''
           {

nixos/modules/programs/zsh/zsh.nix

@@ -133,7 +133,7 @@ in
 
     programs.zsh.shellAliases = mapAttrs (name: mkDefault) cfge.shellAliases;
 
-    environment.etc."zshenv".text =
+    environment.etc.zshenv.text =
       ''
         # /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
         # This file is read for all shells.
@@ -157,7 +157,7 @@ in
         fi
       '';
 
-    environment.etc."zprofile".text =
+    environment.etc.zprofile.text =
       ''
         # /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
         # This file is read for login shells.
@@ -176,7 +176,7 @@ in
         fi
       '';
 
-    environment.etc."zshrc".text =
+    environment.etc.zshrc.text =
       ''
         # /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
         # This file is read for interactive shells.
@@ -225,7 +225,7 @@ in
         fi
       '';
 
-    environment.etc."zinputrc".source = ./zinputrc;
+    environment.etc.zinputrc.source = ./zinputrc;
 
     environment.systemPackages = [ pkgs.zsh ]
       ++ optional cfg.enableCompletion pkgs.nix-zsh-completions;

nixos/modules/rename.nix

@@ -285,6 +285,13 @@ with lib;
           throw "services.redshift.longitude is set to null, you can remove this"
           else builtins.fromJSON value))
 
+    # Redis
+    (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
+    (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
+    (mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
+    (mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
+    (mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
+
   ] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
                    "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
                    "snmpExporter" "unifiExporter" "varnishExporter" ]

nixos/modules/security/acme.nix

@@ -298,6 +298,9 @@ in
           };
         })
       );
+
+      systemd.targets.acme-selfsigned-certificates = mkIf cfg.preliminarySelfsigned {};
+      systemd.targets.acme-certificates = {};
     })
 
   ];

nixos/modules/security/auditd.nix

@@ -6,6 +6,10 @@ with lib;
   options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
 
   config = mkIf config.security.auditd.enable {
+    boot.kernelParams = [ "audit=1" ];
+
+    environment.systemPackages = [ pkgs.audit ];
+
     systemd.services.auditd = {
       description = "Linux Audit daemon";
       wantedBy = [ "basic.target" ];

nixos/modules/security/chromium-suid-sandbox.nix

@@ -24,6 +24,6 @@ in
 
   config = mkIf cfg.enable {
     environment.systemPackages = [ sandbox ];
-    security.wrappers."${sandbox.passthru.sandboxExecutableName}".source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
+    security.wrappers.${sandbox.passthru.sandboxExecutableName}.source = "${sandbox}/bin/${sandbox.passthru.sandboxExecutableName}";
   };
 }

nixos/modules/security/pam.nix

@@ -685,7 +685,7 @@ in
       };
       id = mkOption {
         example = "42";
-        type = types.string;
+        type = types.str;
         description = "client id";
       };
 

nixos/modules/security/polkit.nix

@@ -85,7 +85,7 @@ in
 
     security.wrappers = {
       pkexec.source = "${pkgs.polkit.bin}/bin/pkexec";
-      "polkit-agent-helper-1".source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
+      polkit-agent-helper-1.source = "${pkgs.polkit.out}/lib/polkit-1/polkit-agent-helper-1";
     };
 
     systemd.tmpfiles.rules = [

nixos/modules/security/prey.nix

@@ -4,7 +4,7 @@ with lib;
 
 let
   cfg = config.services.prey;
-  myPrey = pkgs."prey-bash-client".override {
+  myPrey = pkgs.prey-bash-client.override {
     apiKey = cfg.apiKey;
     deviceKey = cfg.deviceKey;
   };

nixos/modules/security/sudo.nix

@@ -91,7 +91,7 @@ in
       type = with types; listOf (submodule {
         options = {
           users = mkOption {
-            type = with types; listOf (either string int);
+            type = with types; listOf (either str int);
             description = ''
               The usernames / UIDs this rule should apply for.
             '';
@@ -99,7 +99,7 @@ in
           };
 
           groups = mkOption {
-            type = with types; listOf (either string int);
+            type = with types; listOf (either str int);
             description = ''
               The groups / GIDs this rule should apply for.
             '';
@@ -107,7 +107,7 @@ in
           };
 
           host = mkOption {
-            type = types.string;
+            type = types.str;
             default = "ALL";
             description = ''
               For what host this rule should apply.
@@ -115,7 +115,7 @@ in
           };
 
           runAs = mkOption {
-            type = with types; string;
+            type = with types; str;
             default = "ALL:ALL";
             description = ''
               Under which user/group the specified command is allowed to run.
@@ -130,11 +130,11 @@ in
             description = ''
               The commands for which the rule should apply.
             '';
-            type = with types; listOf (either string (submodule {
+            type = with types; listOf (either str (submodule {
 
               options = {
                 command = mkOption {
-                  type = with types; string;
+                  type = with types; str;
                   description = ''
                     A command being either just a path to a binary to allow any arguments,
                     the full command with arguments pre-set or with <code>""</code> used as the argument,

nixos/modules/security/wrappers/default.nix

@@ -7,7 +7,7 @@ let
 
   programs =
     (lib.mapAttrsToList
-      (n: v: (if v ? "program" then v else v // {program=n;}))
+      (n: v: (if v ? program then v else v // {program=n;}))
       wrappers);
 
   securityWrapper = pkgs.stdenv.mkDerivation {
@@ -74,15 +74,15 @@ let
 
   mkWrappedPrograms =
     builtins.map
-      (s: if (s ? "capabilities")
+      (s: if (s ? capabilities)
           then mkSetcapProgram
                  ({ owner = "root";
                     group = "root";
                   } // s)
           else if
-             (s ? "setuid" && s.setuid) ||
+             (s ? setuid && s.setuid) ||
-             (s ? "setgid" && s.setgid) ||
+             (s ? setgid && s.setgid) ||
-             (s ? "permissions")
+             (s ? permissions)
           then mkSetuidProgram s
           else mkSetuidProgram
                  ({ owner  = "root";

nixos/modules/services/amqp/activemq/default.nix

@@ -40,7 +40,7 @@ in {
         '';
       };
       configurationURI = mkOption {
-        type = types.string;
+        type = types.str;
         default = "xbean:activemq.xml";
         description = ''
           The URI that is passed along to the BrokerFactory to
@@ -51,7 +51,7 @@ in {
         '';
       };
       baseDir = mkOption {
-        type = types.string;
+        type = types.str;
         default = "/var/activemq";
         description = ''
           The base directory where ActiveMQ stores its persistent data and logs.
@@ -81,7 +81,7 @@ in {
         '';
       };
       extraJavaOptions = mkOption {
-        type = types.string;
+        type = types.separatedString " ";
         default = "";
         example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
         description = ''

nixos/modules/services/audio/alsa.nix

@@ -64,7 +64,7 @@ in
         };
 
         volumeStep = mkOption {
-          type = types.string;
+          type = types.str;
           default = "1";
           example = "1%";
           description = ''
@@ -99,7 +99,7 @@ in
 
     boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
 
-    systemd.services."alsa-store" =
+    systemd.services.alsa-store =
       { description = "Store Sound Card State";
         wantedBy = [ "multi-user.target" ];
         unitConfig.RequiresMountsFor = "/var/lib/alsa";

nixos/modules/services/audio/ympd.nix

@@ -23,7 +23,7 @@ in {
 
       mpd = {
         host = mkOption {
-          type = types.string;
+          type = types.str;
           default = "localhost";
           description = "The host where MPD is listening.";
           example = "localhost";

nixos/modules/services/backup/crashplan-small-business.nix

@@ -1,73 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.crashplansb;
-  crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; };
-in
-
-with lib;
-
-{
-  options = {
-    services.crashplansb = {
-      enable = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Starts crashplan for small business background service.
-        '';
-      };
-      maxRam = mkOption {
-        default = "1024m";
-        example = "2G";
-        type = types.str;
-        description = ''
-          Maximum amount of ram that the crashplan engine should use.
-        '';
-      };
-      openPorts = mkOption {
-        description = "Open ports in the firewall for crashplan.";
-        default = true;
-        type = types.bool;
-      };
-      ports =  mkOption {
-        # https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform
-        # used ports can also be checked in the desktop app console using the command connection.info
-        description = "which ports to open.";
-        default = [ 4242 4243 4244 4247 ];
-        type = types.listOf types.int;
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ crashplansb ];
-    networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports;
-
-    systemd.services.crashplansb = {
-      description = "CrashPlan Backup Engine";
-
-      wantedBy = [ "multi-user.target" ];
-      after    = [ "network.target" "local-fs.target" ];
-
-      preStart = ''
-        install -d -m 755 ${crashplansb.vardir}
-        install -d -m 700 ${crashplansb.vardir}/conf
-        install -d -m 700 ${crashplansb.manifestdir}
-        install -d -m 700 ${crashplansb.vardir}/cache
-        install -d -m 700 ${crashplansb.vardir}/backupArchives
-        install -d -m 777 ${crashplansb.vardir}/log
-        cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
-      '';
-
-      serviceConfig = {
-        Type = "forking";
-        EnvironmentFile = "${crashplansb}/bin/run.conf";
-        ExecStart = "${crashplansb}/bin/CrashPlanEngine start";
-        ExecStop = "${crashplansb}/bin/CrashPlanEngine stop";
-        PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid";
-        WorkingDirectory = crashplansb;
-      };
-    };
-  };
-}

nixos/modules/services/backup/crashplan.nix

@@ -1,67 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.crashplan;
-  crashplan = pkgs.crashplan;
-in
-
-with lib;
-
-{
-  options = {
-    services.crashplan = {
-      enable = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Starts crashplan background service.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ crashplan ];
-
-    systemd.services.crashplan = {
-      description = "CrashPlan Backup Engine";
-
-      wantedBy = [ "multi-user.target" ];
-      after    = [ "network.target" "local-fs.target" ];
-
-      preStart = ''
-        ensureDir() {
-          dir=$1
-          mode=$2
-
-          if ! test -e $dir; then
-            ${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
-          elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
-            ${pkgs.coreutils}/bin/chmod $mode $dir
-          fi
-        }
-
-        ensureDir ${crashplan.vardir} 755
-        ensureDir ${crashplan.vardir}/conf 700
-        ensureDir ${crashplan.manifestdir} 700
-        ensureDir ${crashplan.vardir}/cache 700
-        ensureDir ${crashplan.vardir}/backupArchives 700
-        ensureDir ${crashplan.vardir}/log 777
-        cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
-        for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do
-          rm -f ${crashplan.vardir}/$x;
-          ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
-        done
-      '';
-
-      serviceConfig = {
-        Type = "forking";
-        EnvironmentFile = "${crashplan}/bin/run.conf";
-        ExecStart = "${crashplan}/bin/CrashPlanEngine start";
-        ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
-        PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
-        WorkingDirectory = crashplan;
-      };
-    };
-  };
-}

nixos/modules/services/backup/mysql-backup.nix

@@ -103,7 +103,7 @@ in
     }];
 
     systemd = {
-      timers."mysql-backup" = {
+      timers.mysql-backup = {
         description = "Mysql backup timer";
         wantedBy = [ "timers.target" ];
         timerConfig = {
@@ -112,7 +112,7 @@ in
           Unit = "mysql-backup.service";
         };
       };
-      services."mysql-backup" = {
+      services.mysql-backup = {
         description = "Mysql backup service";
         enable = true;
         serviceConfig = {

nixos/modules/services/backup/postgresql-backup.nix

@@ -81,7 +81,7 @@ in {
       };
 
       pgdumpOptions = mkOption {
-        type = types.string;
+        type = types.separatedString " ";
         default = "-Cbo";
         description = ''
           Command line options for pg_dump. This options is not used

nixos/modules/services/backup/rsnapshot.nix

@@ -52,7 +52,7 @@ in
       cronIntervals = mkOption {
         default = {};
         example = { hourly = "0 * * * *"; daily = "50 21 * * *"; };
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
         description = ''
           Periodicity at which intervals should be run by cron.
           Note that the intervals also have to exist in configuration

nixos/modules/services/backup/tsm.nix

@@ -78,7 +78,7 @@ in
   config = mkIf cfg.enable {
     inherit assertions;
     programs.tsmClient.enable = true;
-    programs.tsmClient.servers."${cfg.servername}".passwdDir =
+    programs.tsmClient.servers.${cfg.servername}.passwdDir =
       mkDefault "/var/lib/tsm-backup/password";
     systemd.services.tsm-backup = {
       description = "IBM Spectrum Protect (Tivoli Storage Manager) Backup";

nixos/modules/services/backup/zfs-replication.nix

@@ -60,7 +60,7 @@ in {
       pkgs.lz4
     ];
 
-    systemd.services."zfs-replication" = {
+    systemd.services.zfs-replication = {
       after = [
         "zfs-snapshot-daily.service"
         "zfs-snapshot-frequent.service"

nixos/modules/services/backup/znapzend.nix

@@ -361,7 +361,7 @@ in
     environment.systemPackages = [ pkgs.znapzend ];
 
     systemd.services = {
-      "znapzend" = {
+      znapzend = {
         description = "ZnapZend - ZFS Backup System";
         wantedBy    = [ "zfs.target" ];
         after       = [ "zfs.target" ];

nixos/modules/services/cluster/hadoop/hdfs.nix

@@ -24,7 +24,7 @@ with lib;
 
   config = mkMerge [
     (mkIf cfg.hdfs.namenode.enabled {
-      systemd.services."hdfs-namenode" = {
+      systemd.services.hdfs-namenode = {
         description = "Hadoop HDFS NameNode";
         wantedBy = [ "multi-user.target" ];
 
@@ -44,7 +44,7 @@ with lib;
       };
     })
     (mkIf cfg.hdfs.datanode.enabled {
-      systemd.services."hdfs-datanode" = {
+      systemd.services.hdfs-datanode = {
         description = "Hadoop HDFS DataNode";
         wantedBy = [ "multi-user.target" ];
 

nixos/modules/services/cluster/hadoop/yarn.nix

@@ -35,7 +35,7 @@ with lib;
     })
 
     (mkIf cfg.yarn.resourcemanager.enabled {
-      systemd.services."yarn-resourcemanager" = {
+      systemd.services.yarn-resourcemanager = {
         description = "Hadoop YARN ResourceManager";
         wantedBy = [ "multi-user.target" ];
 
@@ -53,7 +53,7 @@ with lib;
     })
 
     (mkIf cfg.yarn.nodemanager.enabled {
-      systemd.services."yarn-nodemanager" = {
+      systemd.services.yarn-nodemanager = {
         description = "Hadoop YARN NodeManager";
         wantedBy = [ "multi-user.target" ];
 

nixos/modules/services/cluster/kubernetes/addons/dashboard.nix

@@ -74,7 +74,7 @@ in {
         spec = {
           replicas = 1;
           revisionHistoryLimit = 10;
-          selector.matchLabels."k8s-app" = "kubernetes-dashboard";
+          selector.matchLabels.k8s-app = "kubernetes-dashboard";
           template = {
             metadata = {
               labels = {

nixos/modules/services/cluster/kubernetes/addons/dns.nix

@@ -73,7 +73,7 @@ in {
         metadata = {
           labels = {
             "addonmanager.kubernetes.io/mode" = "Reconcile";
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
             "kubernetes.io/bootstrapping" = "rbac-defaults";
           };
@@ -102,7 +102,7 @@ in {
           };
           labels = {
             "addonmanager.kubernetes.io/mode" = "Reconcile";
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
             "kubernetes.io/bootstrapping" = "rbac-defaults";
           };
@@ -130,7 +130,7 @@ in {
         metadata = {
           labels = {
             "addonmanager.kubernetes.io/mode" = "Reconcile";
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
           };
           name = "coredns";
@@ -144,7 +144,7 @@ in {
         metadata = {
           labels = {
             "addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
           };
           name = "coredns";
@@ -175,7 +175,7 @@ in {
         metadata = {
           labels = {
             "addonmanager.kubernetes.io/mode" = cfg.reconcileMode;
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
             "kubernetes.io/name" = "CoreDNS";
           };
@@ -301,7 +301,7 @@ in {
           };
           labels = {
             "addonmanager.kubernetes.io/mode" = "Reconcile";
-            "k8s-app" = "kube-dns";
+            k8s-app = "kube-dns";
             "kubernetes.io/cluster-service" = "true";
             "kubernetes.io/name" = "CoreDNS";
           };

nixos/modules/services/cluster/kubernetes/default.nix

@@ -261,7 +261,7 @@ in {
         before = [ "kubernetes.target" ];
       };
 
-      systemd.services.kube-control-plane-online = rec {
+      systemd.services.kube-control-plane-online = {
         description = "Kubernetes control plane is online";
         wantedBy = [ "kube-control-plane-online.target" ];
         after = [ "kube-scheduler.service" "kube-controller-manager.service" ];

nixos/modules/services/computing/boinc/client.nix

@@ -111,7 +111,7 @@ in
 
       systemd.services.boinc = {
         description = "BOINC Client";
-        after = ["network.target" "local-fs.target"];
+        after = ["network.target"];
         wantedBy = ["multi-user.target"];
         script = ''
           ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}

nixos/modules/services/continuous-integration/hydra/default.nix

@@ -43,7 +43,7 @@ in
   ###### interface
   options = {
 
-    services.hydra = rec {
+    services.hydra = {
 
       enable = mkOption {
         type = types.bool;

nixos/modules/services/databases/cassandra.nix

@@ -259,7 +259,7 @@ in {
         '';
     };
     incrementalRepairOptions = mkOption {
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       default = [];
       example = [ "--partitioner-range" ];
       description = ''
@@ -267,7 +267,7 @@ in {
         '';
     };
     maxHeapSize = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "4G";
       description = ''
@@ -287,7 +287,7 @@ in {
       '';
     };
     heapNewSize = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "800M";
       description = ''
@@ -352,11 +352,11 @@ in {
       type = types.listOf (types.submodule {
         options = {
           username = mkOption {
-            type = types.string;
+            type = types.str;
             description = "Username for JMX";
           };
           password = mkOption {
-            type = types.string;
+            type = types.str;
             description = "Password for JMX";
           };
         };
@@ -397,14 +397,14 @@ in {
         }
       ];
     users = mkIf (cfg.user == defaultUser) {
-      extraUsers."${defaultUser}" =
+      extraUsers.${defaultUser} =
         {  group = cfg.group;
            home = cfg.homeDir;
            createHome = true;
            uid = config.ids.uids.cassandra;
            description = "Cassandra service user";
         };
-      extraGroups."${defaultUser}".gid = config.ids.gids.cassandra;
+      extraGroups.${defaultUser}.gid = config.ids.gids.cassandra;
     };
 
     systemd.services.cassandra =

nixos/modules/services/databases/couchdb.nix

@@ -56,7 +56,7 @@ in {
 
 
       user = mkOption {
-        type = types.string;
+        type = types.str;
         default = "couchdb";
         description = ''
           User account under which couchdb runs.
@@ -64,7 +64,7 @@ in {
       };
 
       group = mkOption {
-        type = types.string;
+        type = types.str;
         default = "couchdb";
         description = ''
           Group account under which couchdb runs.
@@ -106,7 +106,7 @@ in {
       };
 
       bindAddress = mkOption {
-        type = types.string;
+        type = types.str;
         default = "127.0.0.1";
         description = ''
           Defines the IP address by which CouchDB will be accessible.
@@ -138,7 +138,7 @@ in {
       };
 
       configFile = mkOption {
-        type = types.string;
+        type = types.path;
         description = ''
           Configuration file for persisting runtime changes. File
           needs to be readable and writable from couchdb user/group.

nixos/modules/services/databases/foundationdb.nix

@@ -140,7 +140,7 @@ in
     };
 
     logSize = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "10MiB";
       description = ''
         Roll over to a new log file after the current log file
@@ -149,7 +149,7 @@ in
     };
 
     maxLogSize = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "100MiB";
       description = ''
         Delete the oldest log file when the total size of all log
@@ -171,7 +171,7 @@ in
     };
 
     memory = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "8GiB";
       description = ''
         Maximum memory used by the process. The default value is
@@ -193,7 +193,7 @@ in
     };
 
     storageMemory = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "1GiB";
       description = ''
         Maximum memory used for data storage. The default value is

nixos/modules/services/databases/hbase.nix

@@ -53,7 +53,7 @@ in {
 
 
       user = mkOption {
-        type = types.string;
+        type = types.str;
         default = "hbase";
         description = ''
           User account under which HBase runs.
@@ -61,7 +61,7 @@ in {
       };
 
       group = mkOption {
-        type = types.string;
+        type = types.str;
         default = "hbase";
         description = ''
           Group account under which HBase runs.

nixos/modules/services/databases/influxdb.nix

@@ -129,13 +129,13 @@ in
       user = mkOption {
         default = "influxdb";
         description = "User account under which influxdb runs";
-        type = types.string;
+        type = types.str;
       };
 
       group = mkOption {
         default = "influxdb";
         description = "Group under which influxdb runs";
-        type = types.string;
+        type = types.str;
       };
 
       dataDir = mkOption {

nixos/modules/services/databases/mongodb.nix

@@ -67,7 +67,7 @@ in
       };
 
       initialRootPassword = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = null;
         description = "Password for the root user if auth is enabled.";
       };

nixos/modules/services/databases/openldap.nix

@@ -47,26 +47,26 @@ in
       };
 
       user = mkOption {
-        type = types.string;
+        type = types.str;
         default = "openldap";
         description = "User account under which slapd runs.";
       };
 
       group = mkOption {
-        type = types.string;
+        type = types.str;
         default = "openldap";
         description = "Group account under which slapd runs.";
       };
 
       urlList = mkOption {
-        type = types.listOf types.string;
+        type = types.listOf types.str;
         default = [ "ldap:///" ];
         description = "URL list slapd should listen on.";
         example = [ "ldaps:///" ];
       };
 
       dataDir = mkOption {
-        type = types.string;
+        type = types.path;
         default = "/var/db/openldap";
         description = "The database directory.";
       };

nixos/modules/services/databases/opentsdb.nix

@@ -34,7 +34,7 @@ in {
       };
 
       user = mkOption {
-        type = types.string;
+        type = types.str;
         default = "opentsdb";
         description = ''
           User account under which OpenTSDB runs.
@@ -42,7 +42,7 @@ in {
       };
 
       group = mkOption {
-        type = types.string;
+        type = types.str;
         default = "opentsdb";
         description = ''
           Group account under which OpenTSDB runs.

nixos/modules/services/databases/pgmanage.nix

@@ -59,8 +59,8 @@ in {
       type = types.attrsOf types.str;
       default = {};
       example = {
-        "nuc-server"  = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
+        nuc-server  = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
-        "mini-server" = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
+        mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
       };
       description = ''
         pgmanage requires at least one PostgreSQL server be defined.
@@ -192,13 +192,13 @@ in {
       };
     };
     users = {
-      users."${pgmanage}" = {
+      users.${pgmanage} = {
         name  = pgmanage;
         group = pgmanage;
         home  = cfg.sqlRoot;
         createHome = true;
       };
-      groups."${pgmanage}" = {
+      groups.${pgmanage} = {
         name = pgmanage;
       };
     };

nixos/modules/services/databases/redis.nix

@@ -8,17 +8,19 @@ let
   condOption = name: value: if value != null then "${name} ${toString value}" else "";
 
   redisConfig = pkgs.writeText "redis.conf" ''
-    pidfile ${cfg.pidFile}
     port ${toString cfg.port}
     ${condOption "bind" cfg.bind}
     ${condOption "unixsocket" cfg.unixSocket}
+    daemonize yes
+    supervised systemd
     loglevel ${cfg.logLevel}
     logfile ${cfg.logfile}
     syslog-enabled ${redisBool cfg.syslog}
+    pidfile /run/redis/redis.pid
     databases ${toString cfg.databases}
     ${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
-    dbfilename ${cfg.dbFilename}
+    dbfilename dump.rdb
-    dir ${toString cfg.dbpath}
+    dir /var/lib/redis
     ${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""}
     ${condOption "masterauth" cfg.masterAuth}
     ${condOption "requirepass" cfg.requirePass}
@@ -40,7 +42,12 @@ in
       enable = mkOption {
         type = types.bool;
         default = false;
-        description = "Whether to enable the Redis server.";
+        description = ''
+          Whether to enable the Redis server. Note that the NixOS module for
+          Redis disables kernel support for Transparent Huge Pages (THP),
+          because this features causes major performance problems for Redis,
+          e.g. (https://redis.io/topics/latency).
+        '';
       };
 
       package = mkOption {
@@ -50,18 +57,6 @@ in
         description = "Which Redis derivation to use.";
       };
 
-      user = mkOption {
-        type = types.str;
-        default = "redis";
-        description = "User account under which Redis runs.";
-      };
-
-      pidFile = mkOption {
-        type = types.path;
-        default = "/var/lib/redis/redis.pid";
-        description = "";
-      };
-
       port = mkOption {
         type = types.int;
         default = 6379;
@@ -95,7 +90,7 @@ in
         type = with types; nullOr path;
         default = null;
         description = "The path to the socket to bind to.";
-        example = "/run/redis.sock";
+        example = "/run/redis/redis.sock";
       };
 
       logLevel = mkOption {
@@ -131,18 +126,6 @@ in
         example = [ [900 1] [300 10] [60 10000] ];
       };
 
-      dbFilename = mkOption {
-        type = types.str;
-        default = "dump.rdb";
-        description = "The filename where to dump the DB.";
-      };
-
-      dbpath = mkOption {
-        type = types.path;
-        default = "/var/lib/redis";
-        description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration.";
-      };
-
       slaveOf = mkOption {
         default = null; # { ip, port }
         description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave.";
@@ -170,12 +153,6 @@ in
         description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
       };
 
-      appendOnlyFilename = mkOption {
-        type = types.str;
-        default = "appendonly.aof";
-        description = "Filename for the append-only file (stored inside of dbpath)";
-      };
-
       appendFsync = mkOption {
         type = types.str;
         default = "everysec"; # no, always, everysec
@@ -217,27 +194,30 @@ in
       allowedTCPPorts = [ cfg.port ];
     };
 
-    users.users.redis =
+    users.users.redis.description = "Redis database user";
-      { name = cfg.user;
-        description = "Redis database user";
-      };
 
     environment.systemPackages = [ cfg.package ];
 
+    systemd.services.disable-transparent-huge-pages = {
+      description = "Disable Transparent Huge Pages (required by Redis)";
+      before = [ "redis.service" ];
+      wantedBy = [ "redis.service" ];
+      script = "echo never > /sys/kernel/mm/transparent_hugepage/enabled";
+      serviceConfig.Type = "oneshot";
+    };
+
     systemd.services.redis =
       { description = "Redis Server";
 
         wantedBy = [ "multi-user.target" ];
         after = [ "network.target" ];
 
-        preStart = ''
-          install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
-          chown -R ${cfg.user} ${cfg.dbpath}
-        '';
-
         serviceConfig = {
           ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}";
-          User = cfg.user;
+          RuntimeDirectory = "redis";
+          StateDirectory = "redis";
+          Type = "notify";
+          User = "redis";
         };
       };
 

nixos/modules/services/databases/riak.nix

@@ -29,7 +29,7 @@ in
       };
 
       nodeName = mkOption {
-        type = types.string;
+        type = types.str;
         default = "riak@127.0.0.1";
         description = ''
           Name of the Erlang node.
@@ -37,7 +37,7 @@ in
       };
 
       distributedCookie = mkOption {
-        type = types.string;
+        type = types.str;
         default = "riak";
         description = ''
           Cookie for distributed node communication.  All nodes in the

nixos/modules/services/desktops/geoclue2.nix

@@ -202,14 +202,14 @@ in
     ];
 
     # restart geoclue service when the configuration changes
-    systemd.services."geoclue".restartTriggers = [
+    systemd.services.geoclue.restartTriggers = [
       config.environment.etc."geoclue/geoclue.conf".source
     ];
 
     # this needs to run as a user service, since it's associated with the
     # user who is making the requests
     systemd.user.services = mkIf cfg.enableDemoAgent {
-      "geoclue-agent" = {
+      geoclue-agent = {
         description = "Geoclue agent";
         script = "${package}/libexec/geoclue-2.0/demos/agent";
         # this should really be `partOf = [ "geoclue.service" ]`, but
@@ -219,12 +219,12 @@ in
       };
     };
 
-    services.geoclue2.appConfig."epiphany" = {
+    services.geoclue2.appConfig.epiphany = {
       isAllowed = true;
       isSystem = false;
     };
 
-    services.geoclue2.appConfig."firefox" = {
+    services.geoclue2.appConfig.firefox = {
       isAllowed = true;
       isSystem = false;
     };

nixos/modules/services/desktops/gnome3/seahorse.nix

@@ -1,38 +0,0 @@
-# Seahorse daemon.
-
-{ config, pkgs, lib, ... }:
-
-with lib;
-
-{
-
-  ###### interface
-
-  options = {
-
-    services.gnome3.seahorse = {
-
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Whether to enable Seahorse search provider for the GNOME Shell activity search.
-        '';
-      };
-
-    };
-
-  };
-
-
-  ###### implementation
-
-  config = mkIf config.services.gnome3.seahorse.enable {
-
-    environment.systemPackages = [ pkgs.gnome3.seahorse pkgs.gnome3.dconf ];
-
-    services.dbus.packages = [ pkgs.gnome3.seahorse ];
-
-  };
-
-}

nixos/modules/services/desktops/profile-sync-daemon.nix

@@ -34,7 +34,7 @@ in {
           psd = {
             enable = true;
             description = "Profile Sync daemon";
-            wants = [ "psd-resync.service" "local-fs.target" ];
+            wants = [ "psd-resync.service" ];
             wantedBy = [ "default.target" ];
             path = with pkgs; [ rsync kmod gawk nettools utillinux profile-sync-daemon ];
             unitConfig = {

nixos/modules/services/games/factorio.nix

@@ -55,7 +55,7 @@ in
         '';
       };
       saveName = mkOption {
-        type = types.string;
+        type = types.str;
         default = "default";
         description = ''
           The name of the savegame that will be used by the server.
@@ -81,7 +81,7 @@ in
         '';
       };
       stateDirName = mkOption {
-        type = types.string;
+        type = types.str;
         default = "factorio";
         description = ''
           Name of the directory under /var/lib holding the server's data.
@@ -102,14 +102,14 @@ in
         '';
       };
       game-name = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = "Factorio Game";
         description = ''
           Name of the game as it will appear in the game listing.
         '';
       };
       description = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = "";
         description = ''
           Description of the game that will appear in the listing.
@@ -130,28 +130,28 @@ in
         '';
       };
       username = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = null;
         description = ''
           Your factorio.com login credentials. Required for games with visibility public.
         '';
       };
       password = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = null;
         description = ''
           Your factorio.com login credentials. Required for games with visibility public.
         '';
       };
       token = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = null;
         description = ''
           Authentication token. May be used instead of 'password' above.
         '';
       };
       game-password = mkOption {
-        type = types.nullOr types.string;
+        type = types.nullOr types.str;
         default = null;
         description = ''
           Game password.

nixos/modules/services/games/terraria.nix

@@ -4,7 +4,7 @@ with lib;
 
 let
   cfg   = config.services.terraria;
-  worldSizeMap = { "small" = 1; "medium" = 2; "large" = 3; };
+  worldSizeMap = { small = 1; medium = 2; large = 3; };
   valFlag = name: val: optionalString (val != null) "-${name} \"${escape ["\\" "\""] (toString val)}\"";
   boolFlag = name: val: optionalString val "-${name}";
   flags = [