Merge master into #2129

Conflicts (easy, just UID shifted): nixos/modules/misc/ids.nix nixos/modules/module-list.nix
2014-08-12 19:24:08 +02:00 · 2014-08-12 19:24:08 +02:00 · 87c3c0e885
commit 87c3c0e885
parent 177aef8b71 665b2c8247
4409 changed files with 71673 additions and 25537 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,8 +3,11 @@
 .*.swp
 .*.swo
 result
-doc/NEWS.html
+result-*
-doc/NEWS.txt
+/doc/NEWS.html
-doc/manual.html
+/doc/NEWS.txt
-doc/manual.pdf
+/doc/manual.html
 /doc/manual.pdf
 .version-suffix
 .DS_Store
--- a/.version
+++ b/.version
@ -1 +1 @@
-14.04
+14.10
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 Nixpkgs is a collection of packages for [Nix](http://nixos.org/nix/) package
 manager. Nixpkgs also includes [NixOS](http://nixos.org/nixos/) linux distribution source code.
-* [NixOS installation instructions](http://nixos.org/nixos/manual/#installing-nixos)
+* [NixOS installation instructions](http://nixos.org/nixos/manual/#ch-installation)
 * [Manual (How to write packages for Nix)](http://nixos.org/nixpkgs/manual/)
 * [Manual (NixOS)](http://nixos.org/nixos/manual/)
 * [Continuous build](http://hydra.nixos.org/jobset/nixos/trunk-combined)
--- a/doc/Makefile
+++ b/doc/Makefile
@ -21,18 +21,18 @@ all: NEWS.html NEWS.txt manual.html manual.pdf
 NEWS.html: release-notes.xml
 	$(XSLTPROC) --nonet --xinclude --output $@ $(NEWS_OPTS) \
-	  $(docbookxsl)/html/docbook.xsl release-notes.xml
+	  $(docbookxsl)/xhtml/docbook.xsl release-notes.xml
 NEWS.txt: release-notes.xml
 	$(XSLTPROC) --nonet --xinclude quote-literals.xsl release-notes.xml | \
 	  $(XSLTPROC) --nonet --output $@.tmp.html $(NEWS_OPTS) \
-	  $(docbookxsl)/html/docbook.xsl -
+	  $(docbookxsl)/xhtml/docbook.xsl -
 	LANG=en_US w3m -dump $@.tmp.html > $@
 	rm $@.tmp.html
 manual.html: *.xml
 	$(XSLTPROC) --nonet --xinclude --output manual.html \
-	  $(docbookxsl)/html/docbook.xsl manual.xml
+	  $(docbookxsl)/xhtml/docbook.xsl manual.xml
 manual.pdf: *.xml
 	$(dblatex) \
--- a/doc/contributing.xml
+++ b/doc/contributing.xml
@ -0,0 +1,21 @@
 <chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xml:id="chap-contributing">
 <title>Contributing</title>
 <para>If you make modifications to the manual, it's important to build the manual before contributing:</para>
 <orderedlist>
  <listitem><para><command>$ git clone git://github.com/NixOS/nixpkgs.git</command></para></listitem>
  <listitem><para><command>$ cd nixpkgs/pkgs/top-level</command></para></listitem>
  <listitem><para><command>$ nix-build -A tarball release.nix</command></para></listitem>
  <listitem><para>Inside the built derivation you shall see <literal>manual/index.html</literal> file.</para></listitem>
 </orderedlist>
 </chapter>
--- a/doc/manual.xml
+++ b/doc/manual.xml
@ -32,6 +32,7 @@
  <xi:include href="language-support.xml" />
  <xi:include href="package-notes.xml" />
  <xi:include href="coding-conventions.xml" />
  <xi:include href="contributing.xml" />
 </book>
--- a/doc/meta.xml
+++ b/doc/meta.xml
@ -17,7 +17,9 @@ meta = {
    It is fully customizable.
  '';
  homepage = http://www.gnu.org/software/hello/manual/;
-  license = "GPLv3+";
+  license = stdenv.lib.licenses.gpl3Plus;
  maintainers = [ stdenv.lib.maintainers.eelco ];
  platforms = stdenv.lib.platforms.all;
 };
 </programlisting>
@ -31,16 +33,42 @@ the package.  The value of a meta-attribute must a string.</para>
 command-line using <command>nix-env</command>:
 <screen>
-$ nix-env -qa hello --meta --xml
+$ nix-env -qa hello --meta --json
-&lt;?xml version='1.0' encoding='utf-8'?>
+{
-&lt;items>
+    "hello": {
-  &lt;item attrPath="hello" name="hello-2.3" system="i686-linux">
+        "meta": {
-    &lt;meta name="description" value="A program that produces a familiar, friendly greeting" />
+            "description": "A program that produces a familiar, friendly greeting",
-    &lt;meta name="homepage" value="http://www.gnu.org/software/hello/manual/" />
+            "homepage": "http://www.gnu.org/software/hello/manual/",
-    &lt;meta name="license" value="GPLv3+" />
+            "license": {
-    &lt;meta name="longDescription" value="GNU Hello is a program that prints &amp;quot;Hello, world!&amp;quot; when you run it.&amp;#xA;It is fully customizable.&amp;#xA;" />
+                "fullName": "GNU General Public License version 3 or later",
-  &lt;/item>
+                "shortName": "GPLv3+",
-&lt;/items>
+                "url": "http://www.fsf.org/licensing/licenses/gpl.html"
            },
            "longDescription": "GNU Hello is a program that prints \"Hello, world!\" when you run it.\nIt is fully customizable.\n",
            "maintainers": [
                "Ludovic Court\u00e8s &lt;ludo@gnu.org>"
            ],
            "platforms": [
                "i686-linux",
                "x86_64-linux",
                "armv5tel-linux",
                "armv7l-linux",
                "mips64el-linux",
                "x86_64-darwin",
                "i686-cygwin",
                "i686-freebsd",
                "x86_64-freebsd",
                "i686-openbsd",
                "x86_64-openbsd"
            ],
            "position": "/home/user/dev/nixpkgs/pkgs/applications/misc/hello/ex-2/default.nix:14"
        },
        "name": "hello-2.9",
        "system": "x86_64-linux"
    }
 }
 </screen>
 <command>nix-env</command> knows about the
@ -92,20 +120,23 @@ interpretation:</para>
  <varlistentry>
    <term><varname>license</varname></term>
-    <listitem><para>The license for the package.  See below for the
+    <listitem><para>The license for the package. One from attribute set defined in
-    allowed values.</para></listitem>
+      <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
      <filename>nixpkgs/lib/licenses.nix</filename></link>.
      Example:
      <literal>stdenv.lib.licenses.gpl3</literal>.</para></listitem>
      See details in <xref linkend='sec-meta-license'/>,
  </varlistentry>
  <varlistentry>
    <term><varname>maintainers</varname></term>
    <listitem><para>A list of names and e-mail addresses of the
-    maintainers of this Nix expression, e.g. <literal>["Alice
+    maintainers of this Nix expression. If
-    &lt;alice@example.org>" "Bob &lt;bob@example.com>"]</literal>.  If
+    you would like to be a maintainer of a package, you may want to add
    you are the maintainer of multiple packages, you may want to add
    yourself to <link
-    xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/lib/maintainers.nix"><filename>pkgs/lib/maintainers.nix</filename></link>
+    xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/maintainers.nix"><filename>nixpkgs/lib/maintainers.nix</filename></link>
-    and write something like <literal>[stdenv.lib.maintainers.alice
+    and write something like <literal>[ stdenv.lib.maintainers.alice
-    stdenv.lib.maintainers.bob]</literal>.</para></listitem>
+    stdenv.lib.maintainers.bob ]</literal>.</para></listitem>
  </varlistentry>
  <varlistentry>
@ -121,29 +152,25 @@ interpretation:</para>
  <varlistentry>
    <term><varname>platforms</varname></term>
    <listitem><para>The list of Nix platform types on which the
-    package is supported.  If this attribute is set, the package will
+    package is supported. Hydra builds packages according to the
-    refuse to build, and won’t show up in <literal>nix-env
+    platform specified. If no platform is specified, the package does
-    -qa</literal> output, on any platform not listed
+    not have prebuilt binaries. An example is:
    here.  An example is:
 <programlisting>
-meta.platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
+meta.platforms = stdenv.lib.platforms.linux;
 </programlisting>
    The set <varname>lib.platforms</varname> defines various common
    lists of platforms types, so it’s more typical to write:
 <programlisting>
 meta.platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
 </programlisting>
    Attribute Set <varname>stdenv.lib.platforms</varname> in
    <link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/platforms.nix">
    <filename>nixpkgs/lib/platforms.nix</filename></link> defines various common
    lists of platforms types.
    </para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>hydraPlatforms</varname></term>
    <listitem><para>The list of Nix platform types for which the Hydra
-    instance at <literal>hydra.nixos.org</literal> should build the
+    instance at <literal>hydra.nixos.org</literal> will build the
    package.  (Hydra is the Nix-based continuous build system.)  It
    defaults to the value of <varname>meta.platforms</varname>.  Thus,
    the only reason to set <varname>meta.hydraPlatforms</varname> is
@ -176,80 +203,23 @@ meta.hydraPlatforms = [];
 <section xml:id="sec-meta-license"><title>Licenses</title>
-<note><para>This is just a first attempt at standardising the license
+<para>The <varname>meta.license</varname> attribute should preferrably contain
-attribute.</para></note>
+a value from <varname>stdenv.lib.licenses</varname> defined in
-
+<link xlink:href="https://github.com/NixOS/nixpkgs/blob/master/lib/licenses.nix">
-<para>The <varname>meta.license</varname> attribute must be one of the
+<filename>nixpkgs/lib/licenses.nix</filename></link>,
-following:
+or in-place license description of the same format if the license is
 unlikely to be useful in another expression.
 A few generic options are available, although it's typically better
 to indicate the specific license:
 <variablelist>
  <varlistentry>
    <term><varname>GPL</varname></term>
    <listitem><para>GNU General Public License; version not
    specified.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>GPLv2</varname></term>
    <listitem><para>GNU General Public License, version
    2.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>GPLv2+</varname></term>
    <listitem><para>GNU General Public License, version
    2 or higher.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>GPLv3</varname></term>
    <listitem><para>GNU General Public License, version
    3.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>GPLv3+</varname></term>
    <listitem><para>GNU General Public License, version
    3 or higher.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>bsd</varname></term>
    <listitem><para>Catch-all for licenses that are essentially
    similar to <link
    xlink:href="http://www.gnu.org/licenses/license-list.html#ModifiedBSD">the
    original BSD license with the advertising clause removed</link>,
    i.e. permissive non-copyleft free software licenses.  This
    includes the <link
    xlink:href="http://www.gnu.org/licenses/license-list.html#X11License">X11
    (“MIT”) License</link>.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>perl5</varname></term>
    <listitem><para>The Perl 5 license (Artistic License, version 1
    and GPL, version 1 or later).</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>free</varname></term>
    <listitem><para>Catch-all for free software licenses not listed
    above.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>free-copyleft</varname></term>
    <listitem><para>Catch-all for free, copyleft software licenses not
    listed above.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>free-non-copyleft</varname></term>
    <listitem><para>Catch-all for free, non-copyleft software licenses
    not listed above.</para></listitem>
  </varlistentry>
  <varlistentry>
    <term><varname>unfree-redistributable</varname></term>
    <listitem><para>Unfree package that can be redistributed in binary
--- a/doc/quick-start.xml
+++ b/doc/quick-start.xml
@ -155,9 +155,10 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
        </listitem>
        <listitem>
-          <para>You can use <command>nix-prefetch-url</command>
+          <para>You can use <command>nix-prefetch-url</command> (or similar nix-prefetch-git, etc)
          <replaceable>url</replaceable> to get the SHA-256 hash of
-          source distributions.</para>
+          source distributions. There are similar commands as <command>nix-prefetch-git</command> and
          <command>nix-prefetch-hg</command> available in <literal>nix-prefetch-scripts</literal> package.</para>
        </listitem>
        <listitem>
@ -221,17 +222,10 @@ $ nix-env -f . -iA libfoo</screen>
  </listitem>
  <listitem>
-    <para>Optionally commit the new package, or send a patch to
+    <para>Optionally commit the new package and open a pull request, or send a patch to
    <literal>nix-dev@cs.uu.nl</literal>.</para>
  </listitem>
  <listitem>
    <para>If you want the TU Delft build farm to build binaries of the
    package and make them available in the <link
    xlink:href="http://nixos.org/releases/nixpkgs/channels/nixpkgs-unstable/"><literal>nixpkgs</literal>
    channel</link>, add it to <link
    xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/top-level/release.nix"><filename>pkgs/top-level/release.nix</filename></link>.</para>
  </listitem>
 </orderedlist>
--- a/doc/release-notes.xml
+++ b/doc/release-notes.xml
@ -446,7 +446,7 @@ xlink:href='http://nixos.org/releases/nix/nix-0.10/'>Nix
  <literal>stdenv</literal>; the formed changes the C compiler, and
  the latter adds additional packages to the front of
  <literal>stdenv</literal>’s initial <envar>PATH</envar>, allowing
-  tools to be overriden.</para>
+  tools to be overridden.</para>
  <para>For instance, the package <varname>strategoxt</varname>
  doesn’t build with the GNU Make in <literal>stdenv</literal>
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@ -56,7 +56,7 @@ details.)</para>
 <para>Often it is necessary to override or modify some aspect of the
 build.  To make this easier, the standard environment breaks the
 package build into a number of <emphasis>phases</emphasis>, all of
-which can be overriden or modified individually: unpacking the
+which can be overridden or modified individually: unpacking the
 sources, applying patches, configuring, building, and installing.
 (There are some others; see <xref linkend="ssec-stdenv-phases"/>.)
 For instance, a package that doesn’t supply a makefile but instead has
@ -233,7 +233,7 @@ specific parts of the build (e.g., unpacking the sources or installing
 the binaries).  Furthermore, it allows a nicer presentation of build
 logs in the Nix build farm.</para>
-<para>Each phase can be overriden in its entirety either by setting
+<para>Each phase can be overridden in its entirety either by setting
 the environment variable
 <varname><replaceable>name</replaceable>Phase</varname> to a string
 containing some shell commands to be executed, or by redefining the
--- a/lib/composable-derivation.nix
+++ b/lib/composable-derivation.nix
@ -1,15 +1,74 @@
 {lib, pkgs} :
 let inherit (lib) nv nvs; in
 {
-  # see for example:
+
-  # - development/interpreters/php_configurable/default.nix
+  # composableDerivation basically mixes these features:
-  # - .. search composableDerivation in all-packages.nix ..
+  # - fix function
  # - mergeAttrBy
  # - provides shortcuts for "options" such as "--enable-foo" and adding
  #   buildInputs, see php example
  #
-  # You should be able to override anything you like easily
+  # It predates styles which are common today, such as
-  # grep the mailinglist by title "python proposal" (dec 08)
+  #  * the config attr
-  # -> http://mail.cs.uu.nl/pipermail/nix-dev/2008-December/001571.html
+  #  * mkDerivation.override feature
-  # to see why this got complicated when using all its features
+  #  * overrideDerivation (lib/customization.nix)
-  # TODO add newer example using new syntax (kernel derivation proposal -> mailinglist)
+  #
  # Some of the most more important usage examples (which could be rewritten if it was important):
  # * php
  # * postgis
  # * vim_configurable
  #
  # A minimal example illustrating most features would look like this:
  # let base = composableDerivation { (fixed : let inherit (fixed.fixed) name in {
  #    src = fetchurl {
  #    }
  #    buildInputs = [A];
  #    preConfigre = "echo ${name}";
  #    # attention, "name" attr is missing, thus you cannot instantiate "base".
  # }
  # in {
  #  # These all add name attribute, thus you can instantiate those:
  #  v1 = base.merge   ({ name = "foo-add-B"; buildInputs = [B]; });       // B gets merged into buildInputs
  #  v2 = base.merge   ({ name = "mix-in-pre-configure-lines" preConfigre = ""; });
  #  v3 = base.replace ({ name = "foo-no-A-only-B;" buildInputs = [B]; });
  # }
  #
  # So yes, you can think about it being something like nixos modules, and
  # you'd be merging "features" in one at a time using .merge or .replace
  # Thanks Shea for telling me that I rethink the documentation ..
  #
  # issues:
  # * its complicated to understand
  # * some "features" such as exact merge behaviour are burried in mergeAttrBy
  #   and defaultOverridableDelayableArgs assuming the default behaviour does
  #   the right thing in the common case
  # * Eelco once said using such fix style functions are slow to evaluate
  # * Too quick & dirty. Hard to understand for others. The benefit was that
  #   you were able to create a kernel builder like base derivation and replace
  #   / add patches the way you want without having to declare function arguments
  #
  # nice features:
  # declaring "optional featuers" is modular. For instance:
  #   flags.curl = {
  #     configureFlags = ["--with-curl=${curl}" "--with-curlwrappers"];
  #     buildInputs = [curl openssl];
  #   };
  #   flags.other = { .. }
  # (Example taken from PHP)
  #
  # alternative styles / related features:
  #  * Eg see function supporting building the kernel
  #  * versionedDerivation (discussion about this is still going on - or ended)
  #  * composedArgsAndFun
  #  * mkDerivation.override
  #  * overrideDerivation
  #  * using { .., *Support ? false }: like configurable options.
  # To find those examples use grep
  #
  # To sum up: It exists for historical reasons - and for most commonly used
  # tasks the alternatives should be used
  #
  # If you have questions about this code ping Marc Weber.
  composableDerivation = {
        mkDerivation ? pkgs.stdenv.mkDerivation,
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@ -1,25 +1,24 @@
-{
+let
-  /* License identifiers loosely based on: http://fedoraproject.org/wiki/Licensing
+  spdx = lic: lic // {
      url = "http://spdx.org/licenses/${lic.shortName}";
    };
 in
 rec {
  /* License identifiers from spdx.org where possible.
   * If you cannot find your license here, then look for a similar license or
   * add it to this list. The URL mentioned above is a good source for inspiration.
   */
-  artistic2 = {
+  agpl3 = spdx {
-    shortName = "Artistic 2.0";
+    shortName = "AGPL-3.0";
-    fullName = "Artistic 2.0";
+    fullName = "GNU Affero General Public License v3.0";
    url = "http://opensource.org/licenses/artistic-license-2.0.php";
  };
  agpl3 = {
    shortName = "AGPLv3";
    fullName = "GNU Affero General Public License version 3 only";
    url = https://www.gnu.org/licenses/agpl.html;
  };
  agpl3Plus = {
-    shortName = "AGPLv3+";
+    shortName = "AGPL-3.0+";
-    fullName = "GNU Affero General Public License version 3 or later";
+    fullName = "GNU Affero General Public License v3.0 or later";
-    url = https://www.gnu.org/licenses/agpl.html;
+    inherit (agpl3) url;
  };
  amd = {
@ -28,118 +27,149 @@
    url = http://developer.amd.com/amd-license-agreement/;
  };#
-  apsl20 = {
+  apsl20 = spdx {
-    shortName = "APSL 2.0";
+    shortName = "APSL-2.0";
    fullName = "Apple Public Source License 2.0";
    url = http://opensource.org/licenses/APSL-2.0;
  };
-  asl20 = {
+  artistic2 = spdx {
-    shortName = "ASL2.0";
+    shortName = "Artistic-2.0";
-    fullName = "Apache Software License 2.0";
+    fullName = "Artistic License 2.0";
    url = http://www.apache.org/licenses/LICENSE-2.0;
  };
-  boost = {
+  asl20 = spdx {
-    shortName = "boost";
+    shortName = "Apache-2.0";
-    fullName = "Boost Software License";
+    fullName = "Apache License 2.0";
    url = http://www.boost.org/LICENSE_1_0.txt;
  };
-  bsd2 = {
+  boost = spdx {
-    shortName = "BSD-2";
+    shortName = "BSL-1.0";
-    fullName = "BSD license (2 clause)";
+    fullName = "Boost Software License 1.0";
    url = http://opensource.org/licenses/BSD-2-Clause;
  };
-  bsd3 = {
+  bsd2 = spdx {
-    shortName = "BSD-3";
+    shortName = "BSD-2-Clause";
-    fullName = "BSD license (3 clause)";
+    fullName = ''BSD 2-clause "Simplified" License'';
    url = http://opensource.org/licenses/BSD-3-Clause;
  };
-  bsdOriginal = {
+  bsd3 = spdx {
-    shortName = "BSD-original";
+    shortName = "BSD-3-Clause";
-    fullName = "Original BSD license with advertising clause";
+    fullName = ''BSD 3-clause "New" or "Revised" License'';
    url = https://fedoraproject.org/wiki/Licensing/BSD;
  };
-  cc-by-30 = {
+  bsdOriginal = spdx {
-    shortName = "CC BY 3.0";
+    shortName = "BSD-4-Clause";
    fullName = ''BSD 4-clause "Original" or "Old" License'';
  };
  cc-by-30 = spdx {
    shortName = "CC-BY-3.0";
    fullName = "Creative Commons Attribution 3.0";
    url = http://creativecommons.org/licenses/by/3.0;
  };
-  cddl = {
+  cddl = spdx {
-    shortName = "CDDL";
+    shortName = "CDDL-1.0";
-    fullName = "Common Development Distribution License ";
+    fullName = "Common Development and Distribution License 1.0";
    url = http://www.opensolaris.org/os/licensing/cddllicense.txt;
  };
-  cpl10 = {
+  cecill-c = spdx {
-    shortName = "CPL 1.0";
+    shortName = "CECILL-C";
-    fullName = "Common Public License version 1.0";
+    fullName  = "CeCILL-C Free Software License Agreement";
    url = http://www.eclipse.org/legal/cpl-v10.html;
  };
-  epl10 = {
+  cpl10 = spdx {
-    shortName = "EPL 1.0";
+    shortName = "CPL-1.0";
-    fullName = "Eclipse Public License version 1.0";
+    fullName = "Common Public License 1.0";
    url = http://www.eclipse.org/legal/epl-v10.html;
  };
-  gpl2 = {
+  epl10 = spdx {
-    shortName = "GPLv2";
+    shortName = "EPL-1.0";
-    fullName = "GNU General Public License version 2";
+    fullName = "Eclipse Public License 1.0";
-    url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
+  };
  free = "free";
  gpl2 = spdx {
    shortName = "GPL-2.0";
    fullName = "GNU General Public License v2.0 only";
  };
  gpl2Oss = {
-    shortName = "GPLv2+OSS";
+    shortName = "GPL-2.0-with-OSS";
    fullName = "GNU General Public License version 2 only (with OSI approved licenses linking exception)";
    url = http://www.mysql.com/about/legal/licensing/foss-exception;
  };
-  gpl2Plus = {
+  gpl2Plus = spdx {
-    shortName = "GPLv2+";
+    shortName = "GPL-2.0+";
-    fullName = "GNU General Public License version 2 or later";
+    fullName = "GNU General Public License v2.0 or later";
    url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
  };
-  gpl3 = {
+  gpl3 = spdx {
-    shortName = "GPLv3";
+    shortName = "GPL-3.0";
-    fullName = "GNU General Public License version 3 only";
+    fullName = "GNU General Public License v3.0 only";
    url = http://www.fsf.org/licensing/licenses/gpl.html;
  };
-  gpl3Plus = {
+  gpl3Plus = spdx {
-    shortName = "GPLv3+";
+    shortName = "GPL-3.0+";
-    fullName = "GNU General Public License version 3 or later";
+    fullName = "GNU General Public License v3.0 or later";
    url = http://www.fsf.org/licensing/licenses/gpl.html;
  };
  gpl3ClasspathPlus = {
-    shortName = "GPLv3+classpath+";
+    shortName = "GPL-3.0+-with-classpath-exception";
-    fullName = "GNU General Public License version 3 or later (with Classpath exception)";
+    fullName = "GNU General Public License v3.0 or later (with Classpath exception)";
    url = https://fedoraproject.org/wiki/Licensing/GPL_Classpath_Exception;
  };
-  isc = {
+  inria = {
    shortName = "INRIA-NCLA";
    fullName  = "INRIA Non-Commercial License Agreement";
    url       = "http://compcert.inria.fr/doc/LICENSE";
  };
  ipa = spdx {
    shortName = "IPA";
    fullName = "IPA Font License";
  };
  ipl10 = spdx {
    shortName = "IPL-1.0";
    fullName = "IBM Public License v1.0";
  };
  isc = spdx {
    shortName = "ISC";
-    fullName = "Internet Systems Consortium License";
+    fullName = "ISC License";
    url = http://www.opensource.org/licenses/ISC;
  };
-  ipl10 = {
+  lgpl2 = spdx {
-    shortName = "IPL 1.0";
+    shortName = "LGPL-2.0";
-    fullName = "IBM Public License Version 1.0";
+    fullName = "GNU Library General Public License v2 only";
    url = http://www.ibm.com/developerworks/opensource/library/os-i18n2/os-ipl.html;
  };
-  ijg = {
+  lgpl2Plus = spdx {
-    shortName = "IJG";
+    shortName = "LGPL-2.0+";
-    fullName = "Independent JPEG Group License";
+    fullName = "GNU Library General Public License v2 or later";
-    url = https://fedoraproject.org/wiki/Licensing/IJG;
+  };
  lgpl21 = spdx {
    shortName = "LGPL-2.1";
    fullName = "GNU Library General Public License v2.1 only";
  };
  lgpl21Plus = spdx {
    shortName = "LGPL-2.1+";
    fullName = "GNU Library General Public License v2.1 or later";
  };
  lgpl3 = spdx {
    shortName = "LGPL-3.0";
    fullName = "GNU Lesser General Public License v3.0 only";
  };
  lgpl3Plus = spdx {
    shortName = "LGPL-3.0+";
    fullName = "GNU Lesser General Public License v3.0 or later";
  };
  libtiff = {
@ -148,70 +178,47 @@
    url = https://fedoraproject.org/wiki/Licensing/libtiff;
  };
  lgpl2 = {
    shortName = "LGPLv2";
    fullName = "GNU Library General Public License version 2";
    url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
  };
  lgpl2Plus = {
    shortName = "LGPLv2+";
    fullName = "GNU Library General Public License version 2 or later";
    url = http://www.gnu.org/licenses/old-licenses/lgpl-2.0.html;
  };
  lgpl21 = {
    shortName = "LGPLv2.1";
    fullName = "GNU Lesser General Public License version 2.1";
    url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
  };
  lgpl21Plus = {
    shortName = "LGPLv2.1+";
    fullName = "GNU Lesser General Public License version 2.1 or later";
    url = http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html;
  };
  llgpl21 = {
-    shortName = "LLGPLv2.1";
+    shortName = "LLGPL-2.1";
    fullName = "Lisp LGPL; GNU Lesser General Public License version 2.1 with Franz Inc. preamble for clarification of LGPL terms in context of Lisp";
    url = http://opensource.franz.com/preamble.html;
  };
-  lgpl3 = {
+  mit = spdx {
    shortName = "LGPLv3";
    fullName = "GNU Lesser General Public License version 3 only";
    url = http://www.fsf.org/licensing/licenses/lgpl.html;
  };
  lgpl3Plus = {
    shortName = "LGPLv3+";
    fullName = "GNU Lesser General Public License version 3 or later";
    url = http://www.fsf.org/licensing/licenses/lgpl.html;
  };
  mit = {
    shortName = "MIT";
-    fullName = "MIT/X11 license";
+    fullName = "MIT License";
    url = http://www.opensource.org/licenses/mit-license.php;
  };
-  mpl11 = {
+  mpl11 = spdx {
-    shortName = "MPL1.1";
+    shortName = "MPL-1.1";
-    fullName = "Mozilla Public License version 1.1";
+    fullName = "Mozilla Public License 1.1";
    url = http://www.mozilla.org/MPL/MPL-1.1.html;
  };
-  mpl20 = {
+  mpl20 = spdx {
-    shortName = "MPL2.0";
+    shortName = "MPL-2.0";
-    fullName = "Mozilla Public License version 2.0";
+    fullName = "Mozilla Public License 2.0";
    url = https://www.mozilla.org/MPL/2.0;
  };
-  openssl = {
+  msrla = {
-    shortName = "openssl";
+    shortName = "MSR-LA";
-    fullName = "OpenSSL license";
+    fullName  = "Microsoft Research License Agreement";
-    url = http://www.openssl.org/source/license.html;
+    url       = "http://research.microsoft.com/en-us/projects/pex/msr-la.txt";
  };
  ofl = spdx {
    shortName = "OFL-1.1";
    fullName = "SIL Open Font License 1.1";
  };
  openssl = spdx {
    shortName = "OpenSSL";
    fullName = "OpenSSL License";
  };
  psfl = spdx {
    shortName = "Python-2.0";
    fullName = "Python Software Foundation License version 2";
    #url = http://docs.python.org/license.html;
  };
  publicDomain = {
@ -219,10 +226,9 @@
    fullname = "Public Domain";
  };
-  psfl = {
+  sleepycat = spdx {
-    shortName = "PSFL";
+    shortName = "Sleepycat";
-    fullName = "Python Software Foundation License";
+    fullName  = "Sleepycat License";
    url = http://docs.python.org/license.html;
  };
  tcltk = {
@ -237,27 +243,26 @@
  unfreeRedistributableFirmware = "unfree-redistributable-firmware";
-  zlib = {
+  wadalab = {
-    shortName = "zlib";
+    shortName = "wadalab";
-    fullName = "zlib license";
+    fullName = "Wadalab Font License";
-    url = http://www.gzip.org/zlib/zlib_license.html;
+    url = https://fedoraproject.org/wiki/Licensing:Wadalab?rd=Licensing/Wadalab;
  };
-  zpt20 = {
+  zlib = spdx {
-    shortName = "ZPT2.0";
+    shortName = "Zlib";
    fullName = "zlib License";
  };
  zpt20 = spdx { # FIXME: why zpt* instead of zpl*
    shortName = "ZPL-2.0";
    fullName = "Zope Public License 2.0";
    url = "http://old.zope.org/Resources/License/ZPL-2.0";
  };
-  zpt21 = {
+  zpt21 = spdx {
-    shortName = "ZPT2.1";
+    shortName = "ZPL-2.1";
    fullName = "Zope Public License 2.1";
    url = "http://old.zope.org/Resources/License/ZPL-2.1";
  };
  sleepycat = {
    shortName = "Sleepycat";
    fullName  = "Sleepycat Public License";
    url       = "https://en.wikipedia.org/wiki/Sleepycat_License";
  };
 }
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@ -15,31 +15,45 @@
  AndersonTorres = "Anderson Torres <torres.anderson.85@gmail.com>";
  andres = "Andres Loeh <ksnixos@andres-loeh.de>";
  antono = "Antono Vasiljev <self@antono.info>";
  arobyn = "Alexei Robyn <shados@shados.net>";
  astsmtl = "Alexander Tsamutali <astsmtl@yandex.ru>";
  aszlig = "aszlig <aszlig@redmoonstudios.org>";
  auntie = "Jonathan Glines <auntieNeo@gmail.com>";
  bbenoist = "Baptist BENOIST <return_0@live.com>";
  bennofs = "Benno Fünfstück <benno.fuenfstueck@gmail.com>";
  berdario = "Dario Bertini <berdario@gmail.com>";
  bjg = "Brian Gough <bjg@gnu.org>";
  bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
  bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
  bodil = "Bodil Stokke <nix@bodil.org>";
  bosu = "Boris Sukholitko <boriss@gmail.com>";
  calrama = "Moritz Maxeiner <moritz@ucworks.org>";
  cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
  chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
  coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
  coroa = "Jonas Hörsch <jonas@chaoflow.net>";
  cstrahan = "Charles Strahan <charles.c.strahan@gmail.com>";
  DamienCassou = "Damien Cassou <damien.cassou@gmail.com>";
  ederoyd46 = "Matthew Brown <matt@ederoyd.co.uk>";
  edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
  eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
-  emery = "Emery Hemingawy <emery@vfemail.net>";
+  emery = "Emery Hemingway <emery@vfemail.net>";
  ertes = "Ertugrul Söylemez <ertesx@gmx.de>";
  falsifian = "James Cook <james.cook@utoronto.ca>";
  flosse = "Markus Kohlhase <mail@markus-kohlhase.de>";
  fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
  garbas = "Rok Garbas <rok@garbas.si>";
  goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
  guibert = "David Guibert <david.guibert@gmail.com>";
  hinton = "Tom Hinton <t@larkery.com>";
  hrdinka = "Christoph Hrdinka <c.nix@hrdinka.at>";
  ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
  iElectric = "Domen Kozar <domen@dev.si>";
  iyzsong = "Song Wenwu <iyzsong@gmail.com>";
  jcumming = "Jack Cummings <jack@mudshark.org>";
  jgeerds = "Jascha Geerds <jg@ekby.de>";
  joamaki = "Jussi Maki <joamaki@gmail.com>";
  joelteon = "Joel Taylor <me@joelt.io>";
  jwiegley = "John Wiegley <johnw@newartisans.com>";
  kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
  ktosiek = "Tomasz Kontusz <tomasz.kontusz@gmail.com>";
@ -50,9 +64,11 @@
  madjar = "Georges Dubus <georges.dubus@compiletoi.net>";
  marcweber = "Marc Weber <marco-oweber@gmx.de>";
  matejc = "Matej Cotman <cotman.matej@gmail.com>";
  meisternu = "Matt Miemiec <meister@krutt.org>";
  modulistic = "Pablo Costa <modulistic@gmail.com>";
  mornfall = "Petr Ročkai <me@mornfall.net>";
  msackman = "Matthew Sackman <matthew@wellquite.org>";
  notthemessiah = "Brian Cohen <brian.cohen.88@gmail.com>";
  ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
  offline = "Jaka Hudoklin <jakahudoklin@gmail.com>";
  orbitz = "Malcolm Matalka <mmatalka@gmail.com>";
@ -61,10 +77,13 @@
  pierron = "Nicolas B. Pierron <nixos@nbp.name>";
  piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
  pkmx = "Chih-Mao Chen <pkmx.tw@gmail.com>";
  plcplc = "Philip Lykke Carlsen <plcplc@gmail.com>";
  pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
  qknight = "Joachim Schiele <js@lastlog.de>";
  raskin = "Michael Raskin <7c6f434c@mail.ru>";
  redbaron = "Maxim Ivanov <ivanov.maxim@gmail.com>";
  refnil = "Martin Lavoie <broemartino@gmail.com>";
  relrod = "Ricky Elrod <ricky@elrod.me>";
  rickynils = "Rickard Nilsson <rickynils@gmail.com>";
  rob = "Rob Vermaas <rob.vermaas@gmail.com>";
  roconnor = "Russell O'Connor <roconnor@theorem.ca>";
@ -74,20 +93,27 @@
  sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
  shlevy = "Shea Levy <shea@shealevy.com>";
  simons = "Peter Simons <simons@cryp.to>";
  skeidel = "Sven Keidel <svenkeidel@gmail.com>";
  smironov = "Sergey Mironov <ierton@gmail.com>";
  sprock = "Roger Mason <rmason@mun.ca>";
  tailhook = "Paul Colomiets <paul@colomiets.name>";
  thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
  the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
  thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
  tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
  ttuegel = "Thomas Tuegel <ttuegel@gmail.com>";
  tv = "Tomislav Viljetić <tv@shackspace.de>";
  urkud = "Yury G. Kudryashov <urkud+nix@ya.ru>";
  vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
  vcunat = "Vladimír Čunát <vcunat@gmail.com>";
  viric = "Lluís Batlle i Rossell <viric@viric.name>";
  vizanto = "Danny Wilson <danny@prime.vc>";
  vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
  winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
  wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
  wjlroe = "William Roe <willroe@gmail.com>";
  wkennington = "William A. Kennington III <william@wkennington.com>";
  wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
  z77z = "Marco Maggesi <maggesi@math.unifi.it>";
  zef = "Zef Hemel <zef@zef.me>";
  zimbatm = "zimbatm <zimbatm@zimbatm.com>";
--- a/lib/modules.nix
+++ b/lib/modules.nix
@ -194,7 +194,7 @@ rec {
     is transformed into
-       [ { boot = set1; } { boot = mkIf cond set2; services mkIf cond set3; } ].
+       [ { boot = set1; } { boot = mkIf cond set2; services = mkIf cond set3; } ].
     This transform is the critical step that allows mkIf conditions
     to refer to the full configuration without creating an infinite
@ -319,6 +319,8 @@ rec {
  mkForce = mkOverride 50;
  mkVMOverride = mkOverride 10; # used by ‘nixos-rebuild build-vm’
  mkStrict = builtins.trace "`mkStrict' is obsolete; use `mkOverride 0' instead." (mkOverride 0);
  mkFixStrictness = id; # obsolete, no-op
  mkOrder = priority: content:
--- a/lib/platforms.nix
+++ b/lib/platforms.nix
@ -11,6 +11,6 @@ rec {
  unix = linux ++ darwin ++ freebsd ++ openbsd;
  all = linux ++ darwin ++ cygwin ++ freebsd ++ openbsd;
  none = [];
-  allBut = platform: lists.filter (x: platform != x) all;
+  allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
  mesaPlatforms = ["i686-linux" "x86_64-linux" "x86_64-darwin" "armv5tel-linux" "armv6l-linux"];
 }
--- a/lib/strings.nix
+++ b/lib/strings.nix
@ -56,12 +56,15 @@ rec {
  optionalString = cond: string: if cond then string else "";
-  # Determine whether a filename ends in the given suffix.
+  # Determine whether a string has given prefix/suffix.
-  hasSuffix = ext: fileName:
+  hasPrefix = pref: str:
-    let lenFileName = stringLength fileName;
+    eqStrings (substring 0 (stringLength pref) str) pref;
-        lenExt = stringLength ext;
+  hasSuffix = suff: str:
-    in !(lessThan lenFileName lenExt) &&
+    let
-       substring (sub lenFileName lenExt) lenFileName fileName == ext;
+      lenStr = stringLength str;
      lenSuff = stringLength suff;
    in lenStr >= lenSuff &&
       eqStrings (substring (lenStr - lenSuff) lenStr str) suff;
  # Convert a string to a list of characters (i.e. singleton strings).
@ -116,17 +119,21 @@ rec {
  toLower = replaceChars upperChars lowerChars;
  toUpper = replaceChars lowerChars upperChars;
  # Appends string context from another string
  addContextFrom = a: b: (substring 0 0 a)+b;
  # Compares strings not requiring context equality
  # Obviously, a workaround but works on all Nix versions
-  eqStrings = a: b: (a+(substring 0 0 b)) == ((substring 0 0 a)+b);
+  eqStrings = a: b: addContextFrom b a == addContextFrom a b;
  # Cut a string with a separator and produces a list of strings which were
  # separated by this separator. e.g.,
  # `splitString "." "foo.bar.baz"' returns ["foo" "bar" "baz"].
-  splitString = sep: s:
+  splitString = _sep: _s:
    let
      sep = addContextFrom _s _sep;
      s = addContextFrom _sep _s;
      sepLen = stringLength sep;
      sLen = stringLength s;
      lastSearch = sub sLen sepLen;
@ -155,8 +162,18 @@ rec {
      preLen = stringLength pre;
      sLen = stringLength s;
    in
-      if pre == substring 0 preLen s then
+      if hasPrefix pre s then
-        substring preLen (sub sLen preLen) s
+        substring preLen (sLen - preLen) s
      else
        s;
  removeSuffix = suf: s:
    let
      sufLen = stringLength suf;
      sLen = stringLength s;
    in
      if sufLen <= sLen && eqStrings suf (substring (sLen - sufLen) sufLen s) then
        substring 0 (sLen - sufLen) s
      else
        s;
--- a/lib/types.nix
+++ b/lib/types.nix
@ -194,6 +194,12 @@ rec {
            args = { name = ""; }; }).options;
      };
    enum = values: mkOptionType {
      name = "one of ${concatStringsSep ", " values}";
      check = flip elem values;
      merge = mergeOneOption;
    };
    # Obsolete alternative to configOf.  It takes its option
    # declarations from the ‘options’ attribute of containing option
    # declaration.
--- a/maintainers/scripts/copy-tarballs.pl
+++ b/maintainers/scripts/copy-tarballs.pl
@ -75,7 +75,6 @@ foreach my $file (@{$data->{list}->{attrs}}) {
    waitpid($pid, 0) or die;
    if ($? != 0) {
        print STDERR "failed to fetch $url: $?\n";
        last if $? >> 8 == 255;
        next;
    }
    <$fh>; my $storePath = <$fh>; chomp $storePath;
@ -92,4 +91,7 @@ foreach my $file (@{$data->{list}->{attrs}}) {
    my $sha256 = hashFile("sha256", 0, $storePath) or die;
    symlink("../$fn", "$tarballsCache/sha256/$sha256");
    $sha256 = hashFile("sha256", 1, $storePath) or die;
    symlink("../$fn", "$tarballsCache/sha256/$sha256");
 }
--- a/maintainers/scripts/sort-attrs.str
+++ b/maintainers/scripts/sort-attrs.str
@ -1,146 +0,0 @@
 /* Tool to sort attribute sets.  Primarily useful for keeping
   all-packages.nix tidy.
   To compile:
   $ strc -i ../../maintainers/scripts/sort-attrs.str -la stratego-lib
   Typical invocation:
   $ sglr -m -p ~/Dev/nix/src/libexpr/nix.tbl -i all-packages.nix \
     | implode-asfix --lex \
     | ../../maintainers/scripts/sort-attrs \
     | asfix-yield
 */
 module sort-attrs
 imports
  libstratego-lib
  libstratego-sglr
 strategies
  no-wsp = !appl(prod([], cf(opt(layout())), no-attrs()), [])
 rules
  list-sep(s): [] -> []
  list-sep(s): [x | xs] -> [[x | before] | <list-sep(s)> [split | after]]
    where
      <split-fetch-keep(s)> xs => (before, split, after)
  list-sep(s): [x | xs] -> [[x | xs]]
    where
      <not(split-fetch-keep(s))> xs
  list-sep-end(s): xs -> [<conc> (before, [split]) | <list-sep-end(s)> after]
    where
      <split-fetch-keep(s)> xs => (before, split, after)
  list-sep-end(s): xs -> [xs]
    where
      <not(split-fetch-keep(s))> xs
  sort-attrs:
    appl(p@prod(_, _, attrs([term(cons("Attrs"))])),
      [ lit("{")
      , ws1
      , appl(p2@list(cf(iter-star(sort("Bind")))), attrs)
      , ws2
      , lit("}")
      ]
    ) ->
    appl(p, [lit("{"), <no-wsp>, appl(p2, <concat> attrs'), ws2, lit("}")])
    where
      <debug> "found it";
      <attach-wsp> [ws1 | attrs] => withWSP;
      <list-sep(starts-section)> withWSP => groups;
      <length; debug> groups;
      <map({x', x'', x''', xs', starts, starts': \[x | xs] -> [x''' | xs']
        where
          <remove-section-start> x => (x', starts);
          <map(regularise-empty-lines); if !starts; debug; sortable-section; debug then qsort(compare-attrs) else id end> [x' | xs] => [x'' | xs'];
          <[] <+ \x -> ["\n\n\n" | x]\ > starts => starts';
          <prepend-layout> (starts', x'') => x'''
      \ })> groups => attrs';
      <debug> "did it"
  attach-wsp: [a, b | cs] -> [(a, b) | <attach-wsp> cs]
  attach-wsp: [] -> []
 strategies
  starts-section =
    ?x@(appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr);
    <implode-string; is-substring(!"###")> cs;
    !x
 rules
  sortable-section = ?[s]; !s; explode-string; not(fetch({x: ?x; !(x, 97); geq}))
  remove-section-start:
    (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
    ((appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs'), attr), starts)
    where
      !cs;
      list-sep-end(?10); // separate into lines, keeping the \n
      map(implode-string);
      partition(where(is-substring(!"###"))) => (starts, rest);
      <map(explode-string); concat> rest => cs'
  regularise-empty-lines:
    (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr) ->
    (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
    where
      // separate into lines, keeping the \n
      // last whitespace is significant, keep
      <list-sep-end(?10); split-init-last> cs => (init, last);
      <regularise-empty-lines'> init => cs'; // remove whitespace-only lines
      <concat> [<explode-string> "\n\n", <concat> cs', last] => cs'' // add one empty line
  /* Dirty hack: *do* keep the first empty line following a non-empty line. !!! order matters */
  regularise-empty-lines': [] -> []
  regularise-empty-lines': [x, y | xs] -> [x, y | <regularise-empty-lines'> xs]
    where
      <fetch-elem(not(?10 <+ ?32))> x;
      <not(fetch-elem(not(?10 <+ ?32)))> y
  regularise-empty-lines': [x | xs] -> [x | <regularise-empty-lines'> xs]
    where <fetch-elem(not(?10 <+ ?32))> x
  regularise-empty-lines': [x | xs] -> <regularise-empty-lines'> xs
    where <not(fetch-elem(not(?10 <+ ?32)))> x
  prepend-layout:
    (text, (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs), attr)) ->
    (appl(prod([cf(layout())], cf(opt(layout())), no-attrs()), cs''), attr)
    where
      <implode-string> cs => cs';
      <conc-strings; explode-string> (<concat-strings> text, cs') => cs''
  compare-attrs:
    x@
    ( (_, appl(p1@prod(_, _, attrs([term(cons("Bind"))])), [id1 | xs1]))
    , (_, appl(p2@prod(_, _, attrs([term(cons("Bind"))])), [id2 | xs2]))
    )
    -> x
    where
      <string-lt> (id1, id2)
 strategies
  main = io-wrap(
    oncetd(sort-attrs)
  )
--- a/nixos/doc/manual/README
+++ b/nixos/doc/manual/README
@ -0,0 +1,12 @@
 To build the manual, you need Nix installed on your system (no need
 for NixOS). To install Nix, follow the instructions at
    https://nixos.org/nix/download.html
 When you have Nix on your system, in the root directory of the project
 (i.e., `nixpkgs`), run:
    nix-build nixos/release.nix -A manual.x86_64-linux
 When this command successfully finishes, it will tell you where the
 manual got generated.
--- a/nixos/doc/manual/configuration.xml
+++ b/nixos/doc/manual/configuration.xml
@ -873,7 +873,7 @@ Any package in Nixpkgs that depends on <literal>emacs</literal> will
 be passed your customised instance.  (However, the value
 <literal>pkgs.emacs</literal> in
 <varname>nixpkgs.config.packageOverrides</varname> refers to the
-original rather than overriden instance, to prevent an infinite
+original rather than overridden instance, to prevent an infinite
 recursion.)</para>
 </section>
@ -1036,21 +1036,22 @@ users.extraUsers.alice =
  { createHome = true;
    home = "/home/alice";
    description = "Alice Foobar";
-    extraGroups = [ "wheel" ];
+    extraGroups = [ "wheel" "networkmanager" ];
    useDefaultShell = true;
    openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
  };
 </programlisting>
 Note that <literal>alice</literal> is a member of the
-<literal>wheel</literal> group, which allows her to use
+<literal>wheel</literal> and <literal>networkmanager</literal> groups,
-<command>sudo</command> to execute commands as
+which allows her to use <command>sudo</command> to execute commands as
-<literal>root</literal>.  Also note the SSH public key that allows
+<literal>root</literal> and to configure the network, respectively.
-remote logins with the corresponding private key.  Users created in
+Also note the SSH public key that allows remote logins with the
-this way do not have a password by default, so they cannot log in via
+corresponding private key. Users created in this way do not have a
-mechanisms that require a password.  However, you can use the
+password by default, so they cannot log in via mechanisms that require
-<command>passwd</command> program to set a password, which is retained
+a password. However, you can use the <command>passwd</command> program
-across invocations of <command>nixos-rebuild</command>.</para>
+to set a password, which is retained across invocations of
 <command>nixos-rebuild</command>.</para>
 <para>A user ID (uid) is assigned automatically.  You can also specify
 a uid manually by adding
@ -1195,7 +1196,7 @@ driver from a set of X.org drivers (such as <literal>vesa</literal>
 and <literal>intel</literal>).  You can also specify a driver
 manually, e.g.
 <programlisting>
-hardware.opengl.videoDrivers = [ "r128" ];
+services.xserver.videoDrivers = [ "r128" ];
 </programlisting>
 to enable X.org’s <literal>xf86-video-r128</literal> driver.</para>
@ -1238,7 +1239,7 @@ $ systemctl start display-manager.service
 has better 3D performance than the X.org drivers.  It is not enabled
 by default because it’s not free software.  You can enable it as follows:
 <programlisting>
-hardware.opengl.videoDrivers = [ "nvidia" ];
+services.xserver.videoDrivers = [ "nvidia" ];
 </programlisting>
 You may need to reboot after enabling this driver to prevent a clash
 with other kernel modules.</para>
@ -1277,6 +1278,28 @@ services.xserver.synaptics.twoFingerScroll = true;
 <section xml:id="sec-networking"><title>Networking</title>
 <section xml:id="sec-networkmanager"><title>NetworkManager</title>
 <para>To facilitate network configuration, some desktop environments
 use NetworkManager. You can enable NetworkManager by setting:
 <programlisting>
 services.networkmanager.enable = true;
 </programlisting>
 Some desktop managers (e.g., GNOME) enable NetworkManager
 automatically for you.</para>
 <para>All users that should have permission to change network settings
 must belong to the <code>networkmanager</code> group.</para>
 <note><para><code>services.networkmanager</code> and
 <code>services.wireless</code> can not be enabled at the same time:
 you can still connect to the wireless networks using
 NetworkManager.</para></note>
 </section>
 <section xml:id="sec-ssh"><title>Secure shell access</title>
 <para>Secure shell (SSH) access to your machine can be enabled by
@ -1399,6 +1422,11 @@ always allowed.)</para>
 <section xml:id="sec-wireless"><title>Wireless networks</title>
 <para>For a desktop installation using NetworkManager (e.g., GNOME),
 you just have to make sure the user is in the
 <code>networkmanager</code> group and you can skip the rest of this
 section on wireless networks.</para>
 <para>
 NixOS will start wpa_supplicant for you if you enable this setting:
--- a/nixos/doc/manual/containers.xml
+++ b/nixos/doc/manual/containers.xml
@ -213,8 +213,8 @@ $ ping -c1 10.233.4.2
 <para>Networking is implemented using a pair of virtual Ethernet
 devices. The network interface in the container is called
 <literal>eth0</literal>, while the matching interface in the host is
-called <literal>c-<replaceable>container-name</replaceable></literal>
+called <literal>ve-<replaceable>container-name</replaceable></literal>
-(e.g., <literal>c-foo</literal>).  The container has its own network
+(e.g., <literal>ve-foo</literal>).  The container has its own network
 namespace and the <literal>CAP_NET_ADMIN</literal> capability, so it
 can perform arbitrary network configuration such as setting up
 firewall rules, without affecting or having access to the host’s
@ -228,11 +228,11 @@ on the host:
 <programlisting>
 networking.nat.enable = true;
-networking.nat.internalInterfaces = ["c-+"];
+networking.nat.internalInterfaces = ["ve-+"];
 networking.nat.externalInterface = "eth0";
 </programlisting>
 where <literal>eth0</literal> should be replaced with the desired
-external interface. Note that <literal>c-+</literal> is a wildcard
+external interface. Note that <literal>ve-+</literal> is a wildcard
 that matches all container interfaces.</para>
 </section>
--- a/nixos/doc/manual/default.nix
+++ b/nixos/doc/manual/default.nix
@ -1,5 +1,6 @@
 { pkgs, options, version, revision }:
 with pkgs;
 with pkgs.lib;
 let
@ -12,17 +13,17 @@ let
    declarations = map (fn: stripPrefix fn) opt.declarations;
  });
-  prefix = toString pkgs.path;
+  prefix = toString ../../..;
  stripPrefix = fn:
    if substring 0 (stringLength prefix) fn == prefix then
-      substring (add (stringLength prefix) 1) 1000 fn
+      substring (stringLength prefix + 1) 1000 fn
    else
      fn;
  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
-  optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
+  optionsDocBook = runCommand "options-db.xml" {} ''
    if grep /nixpkgs/nixos/modules ${optionsXML}; then
      echo "The manual appears to depend on the location of Nixpkgs, which is bad"
      echo "since this prevents sharing via the NixOS channel.  This is typically"
@ -30,7 +31,7 @@ let
      echo "for hints about the offending path)."
      exit 1
    fi
-    ${pkgs.libxslt}/bin/xsltproc \
+    ${libxslt}/bin/xsltproc \
      --stringparam revision '${revision}' \
      -o $out ${./options-to-docbook.xsl} ${optionsXML}
  '';
@ -38,12 +39,12 @@ let
 in rec {
  # Generate the NixOS manual.
-  manual = pkgs.stdenv.mkDerivation {
+  manual = stdenv.mkDerivation {
    name = "nixos-manual";
    sources = sourceFilesBySuffices ./. [".xml"];
-    buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
+    buildInputs = [ libxml2 libxslt ];
    xsltFlags = ''
      --param section.autolabel 1
@ -62,19 +63,19 @@ in rec {
      # Check the validity of the manual sources.
      xmllint --noout --nonet --xinclude --noxincludenode \
-        --relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
+        --relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
        manual.xml
      # Generate the HTML manual.
      dst=$out/share/doc/nixos
-      ensureDir $dst
+      mkdir -p $dst
      xsltproc $xsltFlags --nonet --xinclude \
        --output $dst/manual.html \
-        ${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
+        ${docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
        ./manual.xml
      mkdir -p $dst/images/callouts
-      cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
+      cp ${docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
      cp ${./style.css} $dst/style.css
@ -86,13 +87,39 @@ in rec {
    meta.description = "The NixOS manual in HTML format";
  };
  manualPDF = stdenv.mkDerivation {
    name = "nixos-manual-pdf";
    sources = sourceFilesBySuffices ./. [".xml"];
    buildInputs = [ libxml2 libxslt dblatex tetex ];
    buildCommand = ''
      # TeX needs a writable font cache.
      export VARTEXFONTS=$TMPDIR/texfonts
      ln -s $sources/*.xml . # */
      ln -s ${optionsDocBook} options-db.xml
      echo "${version}" > version
      dst=$out/share/doc/nixos
      mkdir -p $dst
      xmllint --xinclude manual.xml | dblatex -o $dst/manual.pdf - \
        -P doc.collab.show=0 \
        -P latex.output.revhistory=0
      mkdir -p $out/nix-support
      echo "doc-pdf manual $dst/manual.pdf" >> $out/nix-support/hydra-build-products
    ''; # */
  };
  # Generate the NixOS manpages.
-  manpages = pkgs.stdenv.mkDerivation {
+  manpages = stdenv.mkDerivation {
    name = "nixos-manpages";
    sources = sourceFilesBySuffices ./. [".xml"];
-    buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
+    buildInputs = [ libxml2 libxslt ];
    buildCommand = ''
      ln -s $sources/*.xml . # */
@ -100,7 +127,7 @@ in rec {
      # Check the validity of the manual sources.
      xmllint --noout --nonet --xinclude --noxincludenode \
-        --relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
+        --relaxng ${docbook5}/xml/rng/docbook/docbook.rng \
        ./man-pages.xml
      # Generate manpages.
@ -109,7 +136,7 @@ in rec {
        --param man.output.in.separate.dir 1 \
        --param man.output.base.dir "'$out/share/man/'" \
        --param man.endnotes.are.numbered 0 \
-        ${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
+        ${docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
        ./man-pages.xml
    '';
  };
--- a/nixos/doc/manual/development.xml
+++ b/nixos/doc/manual/development.xml
@ -39,7 +39,37 @@ This will check out the latest NixOS sources to
 and the Nixpkgs sources to
 <filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>.
 (The NixOS source tree lives in a subdirectory of the Nixpkgs
-repository.)  If you want to rebuild your system using your (modified)
+repository.)</para>
 <para>It’s often inconvenient to develop directly on the master
 branch, since if somebody has just committed (say) a change to GCC,
 then the binary cache may not have caught up yet and you’ll have to
 rebuild everything from source. So you may want to create a local
 branch based on your current NixOS version:
 <screen>
 $ nixos-version
 14.04.273.ea1952b (Baboon)
 $ git checkout -b local ea1952b
 </screen>
 Or, to base your local branch on the latest version available in the
 NixOS channel:
 <screen>
 $ curl -sI http://nixos.org/channels/nixos-unstable/ | grep Location
 Location: http://releases.nixos.org/nixos/unstable/nixos-14.10pre43986.acaf4a6/
 $ git checkout -b local acaf4a6
 </screen>
 You can then use <command>git rebase</command> to sync your local
 branch with the upstream branch, and use <command>git
 cherry-pick</command> to copy commits from your local branch to the
 upstream branch.</para>
 <para>If you want to rebuild your system using your (modified)
 sources, you need to tell <command>nixos-rebuild</command> about them
 using the <option>-I</option> flag:
@ -729,18 +759,22 @@ $ mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
 <title>Testing the installer</title>
-<para>Building, burning, and
+<para>Building, burning, and booting from an installation CD is rather
 booting from an installation CD is rather
 tedious, so here is a quick way to see if the installer works
 properly:
 <screen>
 $ nix-build -A config.system.build.nixos-install
-$ dd if=/dev/zero of=diskimage seek=2G count=0 bs=1
+$ mount -t tmpfs none /mnt
 $ yes | mke2fs -j diskimage
 $ mount -o loop diskimage /mnt
 $ ./result/bin/nixos-install</screen>
 To start a login shell in the new NixOS installation in
 <filename>/mnt</filename>:
 <screen>
 $ ./result/bin/nixos-install --chroot
 </screen>
 </para>
 </section>
--- a/nixos/doc/manual/installation.xml
+++ b/nixos/doc/manual/installation.xml
@ -209,7 +209,20 @@ $ nixos-install</screen>
    a network issue while downloading binaries from the NixOS binary
    cache), you can just re-run <command>nixos-install</command>.
    Otherwise, fix your <filename>configuration.nix</filename> and
-    then re-run <command>nixos-install</command>.</para></listitem>
+    then re-run <command>nixos-install</command>.</para>
    <para>As the last step, <command>nixos-install</command> will ask
    you to set the password for the <literal>root</literal> user, e.g.
 <screen>
 setting root password...
 Enter new UNIX password: ***
 Retype new UNIX password: ***
 </screen>
    </para>
  </listitem>
  <listitem><para>If everything went well:
@ -307,7 +320,10 @@ changes:
 <itemizedlist>
  <listitem>
    <para>You should boot the live CD in UEFI mode (consult your
-    specific hardware's documentation for instructions).</para>
+    specific hardware's documentation for instructions). You may find
    the <link
    xlink:href="http://www.rodsbooks.com/refind">rEFInd
    boot manager</link> useful.</para>
  </listitem>
  <listitem>
    <para>Instead of <command>fdisk</command>, you should use
@ -318,11 +334,15 @@ changes:
  </listitem>
  <listitem>
    <para>You must set <option>boot.loader.gummiboot.enable</option> to
-    <literal>true</literal>, and <option>boot.loader.grub.enable</option>
+    <literal>true</literal>. <command>nixos-generate-config</command>
    to <literal>false</literal>. <command>nixos-generate-config</command>
    should do this automatically for new configurations when booted in
    UEFI mode.</para>
  </listitem>
  <listitem>
    <para>After having mounted your installation partition to
    <code>/mnt</code>, you must mount the <code>boot</code> partition
    to <code>/mnt/boot</code>.</para>
  </listitem>
  <listitem>
    <para>You may want to look at the options starting with
    <option>boot.loader.efi</option> and <option>boot.loader.gummiboot</option>
@ -341,7 +361,7 @@ changes:
 <title xml:id="sec-booting-from-usb">Booting from a USB stick</title>
-<para>For systems withoua CD drive, the NixOS livecd can be booted from
+<para>For systems without CD drive, the NixOS livecd can be booted from
 a usb stick. For non-UEFI installations,
 <link xlink:href="http://unetbootin.sourceforge.net/">unetbootin</link>
 will work. For UEFI installations, you should mount the ISO, copy its contents
@ -473,7 +493,7 @@ been built.  These channels are:
 <itemizedlist>
  <listitem>
    <para>Stable channels, such as <literal
-    xlink:href="http://nixos.org/channels/nixos-13.10">nixos-13.10</literal>.
+    xlink:href="http://nixos.org/channels/nixos-14.04">nixos-14.04</literal>.
    These only get conservative bug fixes and package upgrades.  For
    instance, a channel update may cause the Linux kernel on your
    system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
@ -499,8 +519,8 @@ appliances.)</para>
 <para>When you first install NixOS, you’re automatically subscribed to
 the NixOS channel that corresponds to your installation source.   For
-instance, if you installed from a 13.10 ISO, you will be subscribed to
+instance, if you installed from a 14.04 ISO, you will be subscribed to
-the <literal>nixos-13.10</literal> channel.  To see which NixOS
+the <literal>nixos-14.04</literal> channel.  To see which NixOS
 channel you’re subscribed to, run the following as root:
 <screen>
@ -515,10 +535,10 @@ $ nix-channel --add http://nixos.org/channels/<replaceable>channel-name</replace
 </screen>
 (Be sure to include the <literal>nixos</literal> parameter at the
-end.)  For instance, to use the NixOS 13.10 stable channel:
+end.)  For instance, to use the NixOS 14.04 stable channel:
 <screen>
-$ nix-channel --add http://nixos.org/channels/nixos-13.10 nixos
+$ nix-channel --add http://nixos.org/channels/nixos-14.04 nixos
 </screen>
 But it you want to live on the bleeding edge:
--- a/nixos/doc/manual/man-nixos-install.xml
+++ b/nixos/doc/manual/man-nixos-install.xml
@ -42,6 +42,9 @@ the following steps:
  and generates a GRUB configuration file that boots into the NixOS
  configuration just installed.</para></listitem>
  <listitem><para>It prompts you for a password for the root
  account.</para></listitem>
 </itemizedlist>
 </para>
--- a/nixos/doc/manual/manual.xml
+++ b/nixos/doc/manual/manual.xml
@ -7,25 +7,6 @@
    <title>NixOS Manual</title>
    <subtitle>Version <xi:include href="version" parse="text" /></subtitle>
    <author>
      <personname>
        <firstname>Eelco</firstname>
        <surname>Dolstra</surname>
      </personname>
    </author>
    <author>
      <personname>
        <firstname>Nicolas</firstname>
        <surname>Pierron</surname>
      </personname>
    </author>
    <copyright>
      <year>2007-2013</year>
      <holder>Eelco Dolstra</holder>
    </copyright>
  </info>
--- a/nixos/doc/manual/options-to-docbook.xsl
+++ b/nixos/doc/manual/options-to-docbook.xsl
@ -202,4 +202,10 @@
    </simplelist>
  </xsl:template>
  <xsl:template match="function">
    <xsl:text>λ</xsl:text>
  </xsl:template>
 </xsl:stylesheet>
--- a/nixos/doc/manual/release-notes.xml
+++ b/nixos/doc/manual/release-notes.xml
@ -1,16 +1,40 @@
 <appendix xmlns="http://docbook.org/ns/docbook"
          xmlns:xlink="http://www.w3.org/1999/xlink"
          xml:id="ch-release-notes">
 <title>Release notes</title>
 <!--==================================================================-->
 <section xml:id="sec-release-14.10">
 <title>Release 14.10 (“Caterpillar”, 2014/10/??)</title>
 <para>When upgrading from a previous release, please be aware of the
 following incompatible changes:
 <itemizedlist>
  <listitem><para>The host side of a container virtual Ethernet pair
  is now called <literal>ve-<replaceable>container-name</replaceable></literal>
  rather than <literal>c-<replaceable>container-name</replaceable></literal>.</para></listitem>
 </itemizedlist>
 </para>
 </section>
 <!--==================================================================-->
 <section xml:id="sec-release-14.04">
-<title>Release 14.04 (“Baboon”, 2014/04/??)</title>
+<title>Release 14.04 (“Baboon”, 2014/04/30)</title>
-<para>This is the second stable release branch of NixOS.  The main
+<para>This is the second stable release branch of NixOS.  In addition
-enhancements are the following:
+to numerous new and upgraded packages and modules, this release has
 the following highlights:
 <itemizedlist>
@ -18,9 +42,65 @@ enhancements are the following:
  <xref linkend="sec-uefi-installation"/> for
  details.</para></listitem>
  <listitem><para>Systemd has been updated to version 212, which has
  <link xlink:href="http://cgit.freedesktop.org/systemd/systemd/plain/NEWS?id=v212">numerous
  improvements</link>. NixOS now automatically starts systemd user
  instances when you log in. You can define global user units through
  the <option>systemd.unit.*</option> options.</para></listitem>
  <listitem><para>NixOS is now based on Glibc 2.19 and GCC
  4.8.</para></listitem>
  <listitem><para>The default Linux kernel has been updated to
  3.12.</para></listitem>
  <listitem><para>KDE has been updated to 4.12.</para></listitem>
  <listitem><para>GNOME 3.10 experimental support has been added.</para></listitem>
  <listitem><para>Nix has been updated to 1.7 (<link
  xlink:href="http://nixos.org/nix/manual/#ssec-relnotes-1.7">details</link>).</para></listitem>
  <listitem><para>NixOS now supports fully declarative management of
  users and groups. If you set <option>users.mutableUsers</option> to
  <literal>false</literal>, then the contents of
  <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
  will be <link
  xlink:href="https://www.usenix.org/legacy/event/lisa02/tech/full_papers/traugott/traugott_html/">congruent</link>
  to your NixOS configuration. For instance, if you remove a user from
  <option>users.extraUsers</option> and run
  <command>nixos-rebuild</command>, the user account will cease to
  exist. Also, imperative commands for managing users and groups, such
  as <command>useradd</command>, are no longer available. If
  <option>users.mutableUsers</option> is <literal>true</literal> (the
  default), then behaviour is unchanged from NixOS
  13.10.</para></listitem>
  <listitem><para>NixOS now has basic container support, meaning you
  can easily run a NixOS instance as a container in a NixOS host
  system. These containers are suitable for testing and
  experimentation but not production use, since they’re not fully
  isolated from the host. See <xref linkend="ch-containers"/> for
  details.</para></listitem>
  <listitem><para>Systemd units provided by packages can now be
  overridden from the NixOS configuration. For instance, if a package
  <literal>foo</literal> provides systemd units, you can say:
 <programlisting>
 systemd.packages = [ pkgs.foo ];
 </programlisting>
  to enable those units. You can then set or override unit options in
  the usual way, e.g.
 <programlisting>
 systemd.services.foo.wantedBy = [ "multi-user.target" ];
 systemd.services.foo.serviceConfig.MemoryLimit = "512M";
 </programlisting>
  </para></listitem>
 </itemizedlist>
 </para>
@ -47,6 +127,18 @@ error: package ‘nvidia-x11-331.49-3.12.17’ in ‘…/nvidia-x11/default.nix:
  </para></listitem>
  <listitem><para>The Adobe Flash player is no longer enabled by
  default in the Firefox and Chromium wrappers. To enable it, you must
  set:
 <programlisting>
 nixpkgs.config.allowUnfree = true;
 nixpkgs.config.firefox.enableAdobeFlash = true; # for Firefox
 nixpkgs.config.chromium.enableAdobeFlash = true; # for Chromium
 </programlisting>
  </para></listitem>
  <listitem><para>The firewall is now enabled by default. If you don’t
  want this, you need to disable it explicitly:
@ -65,6 +157,28 @@ networking.firewall.enable = false;
  sets a default for the option
  <option>services.mysql.package</option>.</para></listitem>
  <listitem><para>Package variants are now differentiated by suffixing
  the name, rather than the version. For instance,
  <filename>sqlite-3.8.4.3-interactive</filename> is now called
  <filename>sqlite-interactive-3.8.4.3</filename>. This ensures that
  <literal>nix-env -i sqlite</literal> is unambiguous, and that
  <literal>nix-env -u</literal> won’t “upgrade”
  <literal>sqlite</literal> to <literal>sqlite-interactive</literal>
  or vice versa. Notably, this change affects the Firefox wrapper
  (which provides plugins), as it is now called
  <literal>firefox-wrapper</literal>. So when using
  <command>nix-env</command>, you should do <literal>nix-env -e
  firefox; nix-env -i firefox-wrapper</literal> if you want to keep
  using the wrapper. This change does not affect declarative package
  management, since attribute names like
  <literal>pkgs.firefoxWrapper</literal> were already
  unambiguous.</para></listitem>
  <listitem><para>The symlink <filename>/etc/ca-bundle.crt</filename>
  is gone. Programs should instead use the environment variable
  <envar>OPENSSL_X509_CERT_FILE</envar> (which points to
  <filename>/etc/ssl/certs/ca-bundle.crt</filename>).</para></listitem>
 </itemizedlist>
 </para>
--- a/nixos/lib/make-iso9660-image.sh
+++ b/nixos/lib/make-iso9660-image.sh
@ -78,7 +78,7 @@ done
 cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
-ensureDir $out/iso
+mkdir -p $out/iso
 genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
 if test -z "$compressImage"; then
    $genCommand -o $out/iso/$isoName
@ -87,5 +87,5 @@ else
 fi
-ensureDir $out/nix-support
+mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
--- a/nixos/lib/make-system-tarball.sh
+++ b/nixos/lib/make-system-tarball.sh
@ -48,11 +48,11 @@ for ((n = 0; n < ${#objects[*]}; n++)); do
    fi
 done
-ensureDir $out/tarball
+mkdir -p $out/tarball
 tar cvJf $out/tarball/$fileName.tar.xz *
-ensureDir $out/nix-support
+mkdir -p $out/nix-support
 echo $system > $out/nix-support/system
 echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products
--- a/nixos/lib/test-driver/log2html.xsl
+++ b/nixos/lib/test-driver/log2html.xsl
@ -9,8 +9,8 @@
  <xsl:template match="logfile">
    <html>
      <head>
-        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
+        <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
-        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
+        <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
        <script type="text/javascript" src="treebits.js" />
        <link rel="stylesheet" href="logfile.css" type="text/css" />
        <title>Log File</title>
--- a/nixos/lib/test-driver/test-driver.pl
+++ b/nixos/lib/test-driver/test-driver.pl
@ -52,12 +52,12 @@ sub createMachine {
    my ($args) = @_;
    my $vm = Machine->new({%{$args}, log => $log, redirectSerial => ($ENV{USE_SERIAL} // "0") ne "1"});
    $vms{$vm->name} = $vm;
    $context .= "my \$" . $vm->name . " = \$vms{'" . $vm->name . "'}; ";
    return $vm;
 }
 foreach my $vmScript (@ARGV) {
    my $vm = createMachine({startCommand => $vmScript});
    $context .= "my \$" . $vm->name . " = \$vms{'" . $vm->name . "'}; ";
 }
--- a/nixos/lib/testing.nix
+++ b/nixos/lib/testing.nix
@ -37,7 +37,7 @@ rec {
  # `driver' is the script that runs the network.
  runTests = driver:
    stdenv.mkDerivation {
-      name = "vm-test-run";
+      name = "vm-test-run-${driver.testName}";
      requiredSystemFeatures = [ "kvm" "nixos-test" ];
@ -68,9 +68,10 @@ rec {
  makeTest =
-    { testScript, makeCoverageReport ? false, ... } @ t:
+    { testScript, makeCoverageReport ? false, name ? "unnamed", ... } @ t:
    let
      testDriverName = "nixos-test-driver-${name}";
      nodes = buildVirtualNetwork (
        t.nodes or (if t ? machine then { machine = t.machine; } else { }));
@ -88,10 +89,11 @@ rec {
      # Generate onvenience wrappers for running the test driver
      # interactively with the specified network, and for starting the
      # VMs from the command line.
-      driver = runCommand "nixos-test-driver"
+      driver = runCommand testDriverName
        { buildInputs = [ makeWrapper];
          testScript = testScript';
          preferLocalBuild = true;
          testName = name;
        }
        ''
          mkdir -p $out/bin
@ -115,7 +117,7 @@ rec {
      report = releaseTools.gcovReport { coverageRuns = [ test ]; };
-    in (if makeCoverageReport then report else test) // { inherit driver test; };
+    in (if makeCoverageReport then report else test) // { inherit nodes driver test; };
  runInMachine =
@ -196,6 +198,6 @@ rec {
      } // args);
-  simpleTest = as: (makeTest ({ ... }: as)).test;
+  simpleTest = as: (makeTest as).test;
 }
--- a/nixos/maintainers/scripts/ec2/amazon-base-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-base-config.nix
@ -0,0 +1,5 @@
 { modulesPath, ...}:
 {
  imports = [ "${modulesPath}/virtualisation/amazon-config.nix" ];
  services.journald.rateLimitBurst = 0;
 }
--- a/nixos/maintainers/scripts/ec2/amazon-hvm-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-hvm-config.nix
@ -0,0 +1,5 @@
 { config, pkgs, ...}:
 {
  imports = [ ./amazon-base-config.nix ];
  ec2.hvm = true;
 }
--- a/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-hvm-install-config.nix
@ -0,0 +1,33 @@
 { config, pkgs, lib, ...}:
 let
  cloudUtils = pkgs.fetchurl {
    url = "https://launchpad.net/cloud-utils/trunk/0.27/+download/cloud-utils-0.27.tar.gz";
    sha256 = "16shlmg36lidp614km41y6qk3xccil02f5n3r4wf6d1zr5n4v8vd";
  };
  growpart = pkgs.stdenv.mkDerivation {
    name = "growpart";
    src = cloudUtils;
    buildPhase = ''
      cp bin/growpart $out
      sed -i 's|awk|gawk|' $out
      sed -i 's|sed|gnused|' $out
    '';
    dontInstall = true;
    dontPatchShebangs = true;
  };
 in
 {
  imports = [ ./amazon-base-config.nix ];
  ec2.hvm = true;
  boot.loader.grub.device = lib.mkOverride 0 "nodev";
  boot.initrd.extraUtilsCommands = ''
    cp -v ${pkgs.gawk}/bin/gawk $out/bin/gawk
    cp -v ${pkgs.gnused}/bin/sed $out/bin/gnused
    cp -v ${pkgs.utillinux}/sbin/sfdisk $out/bin/sfdisk
    cp -v ${growpart} $out/bin/growpart
  '';
  boot.initrd.postDeviceCommands = ''
    [ -e /dev/xvda ] && [ -e /dev/xvda1 ] && TMPDIR=/run sh $(type -P growpart) /dev/xvda 1
  '';
 }
--- a/nixos/maintainers/scripts/ec2/create-ebs-amis.py
+++ b/nixos/maintainers/scripts/ec2/create-ebs-amis.py
@ -8,15 +8,17 @@ import nixops.util
 from nixops import deployment
 from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
 import boto.ec2
 from nixops.statefile import StateFile, get_default_state_file
 parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI')
 parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in')
 parser.add_argument('--channel', dest='channel', default="13.10", help='Channel to use')
 parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use')
 parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image')
 parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob")
 args = parser.parse_args()
-instance_type = "m3.xlarge" if args.hvm else "m1.small"
+instance_type = "m3.medium" if args.hvm else "m1.small"
 ebs_size = 8 if args.hvm else 20
@ -37,11 +39,11 @@ f.write('''{{
 '''.format(args.region, ebs_size))
 f.close()
-db = deployment.open_database(deployment.get_default_state_file())
+db = StateFile(get_default_state_file())
 try:
-    depl = deployment.open_deployment(db, "ebs-creator")
+    depl = db.open_deployment("ebs-creator")
 except Exception:
-    depl = deployment.create_deployment(db)
+    depl = db.create_deployment()
    depl.name = "ebs-creator"
 depl.auto_response = "y"
 depl.nix_exprs = [os.path.abspath("./ebs-creator.nix"), os.path.abspath("./ebs-creator-config.nix")]
@ -50,7 +52,6 @@ depl.deploy(allow_reboot=True)
 m = depl.machines['machine']
 # Do the installation.
 device="/dev/xvdg"
 if args.hvm:
@ -64,24 +65,27 @@ m.run_command("mkdir -p /mnt")
 m.run_command("mount {0} /mnt".format(device))
 m.run_command("touch /mnt/.ebs")
 m.run_command("mkdir -p /mnt/etc/nixos")
-m.run_command("nix-channel --add http://nixos.org/channels/nixos-unstable")
+
 m.run_command("nix-channel --add http://nixos.org/channels/nixos-{} nixos".format(args.channel))
 m.run_command("nix-channel --update")
-m.run_command("nixos-rebuild switch")
+
-version = m.run_command("nixos-version", capture_stdout=True).split(' ')[0]
+version = m.run_command("nix-instantiate --eval-only -A lib.nixpkgsVersion '<nixpkgs>'", capture_stdout=True).split(' ')[0].replace('"','').strip()
 print >> sys.stderr, "NixOS version is {0}".format(version)
 m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
 m.run_command("nixos-install")
 if args.hvm:
    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/amazon-base-config.nix")
    m.upload_file("./amazon-hvm-config.nix", "/mnt/etc/nixos/configuration.nix")
    m.upload_file("./amazon-hvm-install-config.nix", "/mnt/etc/nixos/amazon-hvm-install-config.nix")
    m.run_command("NIXOS_CONFIG=/etc/nixos/amazon-hvm-install-config.nix nixos-install")
    m.run_command('nix-env -iA nixos.pkgs.grub')
    m.run_command('cp /nix/store/*-grub-0.97*/lib/grub/i386-pc/* /mnt/boot/grub')
    m.run_command('sed -i "s|hd0|hd0,0|" /mnt/boot/grub/menu.lst')
    m.run_command('echo "(hd1) /dev/xvdg" > device.map')
    m.run_command('echo -e "root (hd1,0)\nsetup (hd1)" | grub --device-map=device.map --batch')
-
+else:
    m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
    m.run_command("nixos-install")
 m.run_command("umount /mnt")
 if args.hvm:
    ami_name = "nixos-{0}-x86_64-ebs-hvm".format(version)
    description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
--- a/nixos/maintainers/scripts/ec2/ebs-creator.nix
+++ b/nixos/maintainers/scripts/ec2/ebs-creator.nix
@ -4,10 +4,11 @@
  machine =
    { config, pkgs, resources, ... }:
    { deployment.targetEnv = "ec2";
-      deployment.ec2.instanceType = "m1.large";
+      deployment.ec2.instanceType = "c3.large";
      deployment.ec2.securityGroups = [ "admin" ];
      deployment.ec2.ebsBoot = false;
      deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
      deployment.ec2.zone = "us-east-1e";
      environment.systemPackages = [ pkgs.parted ];
    };
 }
--- a/nixos/modules/config/fonts/corefonts.nix
+++ b/nixos/modules/config/fonts/corefonts.nix
@ -25,7 +25,7 @@ with lib;
  config = mkIf config.fonts.enableCoreFonts {
-    fonts.extraFonts = [ pkgs.corefonts ];
+    fonts.fonts = [ pkgs.corefonts ];
  };
--- a/nixos/modules/config/fonts/fonts.nix
+++ b/nixos/modules/config/fonts/fonts.nix
@ -10,40 +10,37 @@ with lib;
      # TODO: find another name for it.
      fonts = mkOption {
-        default = [
+        type = types.listOf types.path;
          # - the user's .fonts directory
          "~/.fonts"
          # - the user's current profile
          "~/.nix-profile/lib/X11/fonts"
          "~/.nix-profile/share/fonts"
          # - the default profile
          "/nix/var/nix/profiles/default/lib/X11/fonts"
          "/nix/var/nix/profiles/default/share/fonts"
        ];
        description = "List of primary font paths.";
        apply = list: list ++ [
          # - a few statically built locations
          pkgs.xorg.fontbhttf
          pkgs.xorg.fontbhlucidatypewriter100dpi
          pkgs.xorg.fontbhlucidatypewriter75dpi
          pkgs.ttf_bitstream_vera
          pkgs.freefont_ttf
          pkgs.liberation_ttf
          pkgs.xorg.fontbh100dpi
          pkgs.xorg.fontmiscmisc
          pkgs.xorg.fontcursormisc
        ]
        ++ config.fonts.extraFonts;
      };
      extraFonts = mkOption {
        default = [];
        example = [ pkgs.dejavu_fonts ];
-        description = "List of packages with additional fonts.";
+        description = "List of primary font paths.";
        apply = list: list ++
          [ # - the user's current profile
            "~/.nix-profile/lib/X11/fonts"
            "~/.nix-profile/share/fonts"
            # - the default profile
            "/nix/var/nix/profiles/default/lib/X11/fonts"
            "/nix/var/nix/profiles/default/share/fonts"
          ];
      };
    };
  };
  config = {
    fonts.fonts =
      [ pkgs.xorg.fontbhttf
        pkgs.xorg.fontbhlucidatypewriter100dpi
        pkgs.xorg.fontbhlucidatypewriter75dpi
        pkgs.ttf_bitstream_vera
        pkgs.freefont_ttf
        pkgs.liberation_ttf
        pkgs.xorg.fontbh100dpi
        pkgs.xorg.fontmiscmisc
        pkgs.xorg.fontcursormisc
      ];
  };
 }
--- a/nixos/modules/config/fonts/ghostscript.nix
+++ b/nixos/modules/config/fonts/ghostscript.nix
@ -25,7 +25,7 @@ with lib;
  config = mkIf config.fonts.enableGhostscriptFonts {
-    fonts.extraFonts = [ "${pkgs.ghostscript}/share/ghostscript/fonts" ];
+    fonts.fonts = [ "${pkgs.ghostscript}/share/ghostscript/fonts" ];
  };
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@ -76,7 +76,7 @@ in
    environment.systemPackages = [ glibcLocales ];
-    environment.variables =
+    environment.sessionVariables =
      { LANG = config.i18n.defaultLocale;
        LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
      };
--- a/nixos/modules/config/krb5.nix
+++ b/nixos/modules/config/krb5.nix
@ -32,12 +32,12 @@ in
      kdc = mkOption {
        default = "kerberos.mit.edu";
-        description = "Kerberos Domain Controller";
+        description = "Kerberos Domain Controller.";
      };
      kerberosAdminServer = mkOption {
        default = "kerberos.mit.edu";
-        description = "Kerberos Admin Server";
+        description = "Kerberos Admin Server.";
      };
    };
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 with lib;
 with pkgs;
 with lib;
 let
@ -217,9 +217,7 @@ in
    systemd.services = mkIf cfg.daemon.enable {
      nslcd = {
-        wantedBy = [ "nss-user-lookup.target" ];
+        wantedBy = [ "multi-user.target" ];
        before = [ "nss-user-lookup.target" ];
        after = [ "network.target" ];
        preStart = ''
          mkdir -p /run/nslcd
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@ -14,7 +14,7 @@ in
  options = {
-    networking.extraHosts = pkgs.lib.mkOption {
+    networking.extraHosts = lib.mkOption {
      type = types.lines;
      default = "";
      example = "192.168.0.1 lanlocalhost";
@ -23,7 +23,7 @@ in
      '';
    };
-    networking.dnsSingleRequest = pkgs.lib.mkOption {
+    networking.dnsSingleRequest = lib.mkOption {
      type = types.bool;
      default = false;
      description = ''
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 with lib;
 with pkgs;
 with lib;
 let
@ -80,12 +80,12 @@ in {
      package = mkOption {
        type = types.package;
-        default = pulseaudio;
+        default = pulseaudioFull;
-        example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
+        example = literalExample "pulseaudioFull";
        description = ''
-          The PulseAudio derivation to use.  This can be used to enable
+          The PulseAudio derivation to use.  This can be used to disable
-          features (such as JACK support) that are not enabled in the
+          features (such as JACK support, Bluetooth) that are enabled in the
-          default PulseAudio in Nixpkgs.
+          pulseaudioFull package in Nixpkgs.
        '';
      };
--- a/nixos/modules/config/shells-environment.nix
+++ b/nixos/modules/config/shells-environment.nix
@ -19,6 +19,7 @@ in
      default = {};
      description = ''
        A set of environment variables used in the global environment.
        These variables will be set on shell initialisation.
        The value of each variable can be either a string or a list of
        strings.  The latter is concatenated, interspersed with colon
        characters.
@ -148,6 +149,12 @@ in
    system.build.binsh = pkgs.bashInteractive;
    # Set session variables in the shell as well. This is usually
    # unnecessary, but it allows changes to session variables to take
    # effect without restarting the session (e.g. by opening a new
    # terminal instead of logging out of X11).
    environment.variables = config.environment.sessionVariables;
    environment.etc."shells".text =
      ''
        ${concatStringsSep "\n" cfg.shells}
--- a/nixos/modules/config/swap.nix
+++ b/nixos/modules/config/swap.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, utils, ... }:
 with lib;
 with utils;
 with lib;
 {
@ -106,6 +106,7 @@ with utils;
                if [ ! -e "${sw.device}" ]; then
                  fallocate -l ${toString sw.size}M "${sw.device}" ||
                    dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size}
                  chmod 0600 ${sw.device}
                  mkswap ${sw.device}
                fi
              '';
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@ -6,8 +6,12 @@ let
  sysctlOption = mkOptionType {
    name = "sysctl option value";
-    check = x: isBool x || isString x || isInt x || isNull x;
+    check = val:
-    merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
+      let
        checkType = x: isBool x || isString x || isInt x || isNull x;
      in
        checkType val || (val._type or "" == "override" && checkType val.content);
    merge = loc: defs: mergeOneOption loc (filterOverrides defs);
  };
 in
--- a/nixos/modules/config/system-environment.nix
+++ b/nixos/modules/config/system-environment.nix
@ -0,0 +1,56 @@
 # This module defines a system-wide environment that will be
 # initialised by pam_env (that is, not only in shells).
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.environment;
 in
 {
  options = {
    environment.sessionVariables = mkOption {
      default = {};
      description = ''
        A set of environment variables used in the global environment.
        These variables will be set by PAM.
        The value of each variable can be either a string or a list of
        strings.  The latter is concatenated, interspersed with colon
        characters.
      '';
      type = types.attrsOf (mkOptionType {
        name = "a string or a list of strings";
        merge = loc: defs:
          let
            defs' = filterOverrides defs;
            res = (head defs').value;
          in
          if isList res then concatLists (getValues defs')
          else if lessThan 1 (length defs') then
            throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
          else if !isString res then
            throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
          else res;
      });
      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
    };
  };
  config = {
    system.build.pamEnvironment = pkgs.writeText "pam-environment"
       ''
         ${concatStringsSep "\n" (
           (mapAttrsToList (n: v: ''${n}="${concatStringsSep ":" v}"'')
             (zipAttrsWith (const concatLists) ([ (mapAttrs (n: v: [ v ]) cfg.sessionVariables) ]))))}
       '';
  };
 }
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@ -110,6 +110,7 @@ in
        "/man"
        "/sbin"
        "/share/emacs"
        "/share/vim-plugins"
        "/share/org"
        "/share/info"
        "/share/terminfo"
--- a/nixos/modules/config/timezone.nix
+++ b/nixos/modules/config/timezone.nix
@ -2,6 +2,12 @@
 with lib;
 let
  tzdir = "${pkgs.tzdata}/share/zoneinfo";
 in
 {
  options = {
@ -24,10 +30,12 @@ with lib;
  config = {
-    environment.variables.TZDIR = "/etc/zoneinfo";
+    environment.sessionVariables.TZDIR = "/etc/zoneinfo";
    systemd.globalEnvironment.TZDIR = tzdir;
    environment.etc.localtime =
-      { source = "${pkgs.tzdata}/share/zoneinfo/${config.time.timeZone}";
+      { source = "${tzdir}/${config.time.timeZone}";
        mode = "direct-symlink";
      };
--- a/nixos/modules/config/unix-odbc-drivers.nix
+++ b/nixos/modules/config/unix-odbc-drivers.nix
@ -27,7 +27,7 @@ with lib;
    environment.etc."odbcinst.ini".text =
      let inis = config.environment.unixODBCDrivers;
-      in pkgs.lib.concatStringsSep "\n" inis;
+      in lib.concatStringsSep "\n" inis;
  };
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -55,13 +55,27 @@ let
        type = with types; nullOr int;
        default = null;
        description = ''
-          The account UID. If the <literal>mutableUsers</literal> option
+          The account UID. If the <option>mutableUsers</option> option
          is false, the UID cannot be null. Otherwise, the UID might be
          null, in which case a free UID is picked on activation (by the
          useradd command).
        '';
      };
      isSystemUser = mkOption {
        type = types.bool;
        default = false;
        description = ''
          Indicates if the user is a system user or not. This option
          only has an effect if <option>mutableUsers</option> is
          <literal>true</literal> and <option>uid</option> is
          <option>null</option>, in which case it determines whether
          the user's UID is allocated in the range for system users
          (below 500) or in the range for normal users (starting at
          1000).
        '';
      };
      group = mkOption {
        type = types.str;
        default = "nogroup";
@ -360,8 +374,8 @@ in {
    security.initialRootPassword = mkOption {
      type = types.str;
-      default = "";
+      default = "!";
-      example = "!";
+      example = "";
      description = ''
        The (hashed) password for the root account set on initial
        installation. The empty string denotes that root can login
@ -369,9 +383,9 @@ in {
        as SSH, or indirectly via <command>su</command> or
        <command>sudo</command>). The string <literal>!</literal>
        prevents root from logging in using a password.
-        Note, setting this option sets
+        Note that setting this option sets
        <literal>users.extraUsers.root.hashedPassword</literal>.
-        Note, if <literal>users.mutableUsers</literal> is false
+        Also, if <literal>users.mutableUsers</literal> is false
        you cannot change the root password manually, so in that case
        the name of this option is a bit misleading, since it will define
        the root password beyond the user initialisation phase.
@ -459,17 +473,17 @@ in {
        '';
        groupadd = n: g: ''
          if [ -z "$(getent group "${g.name}")" ]; then
            echo "Adding group ${g.name}"
            ${pkgs.shadow}/sbin/groupadd "${g.name}"
          fi
        '';
        useradd = n: u: ''
          if ! id "${u.name}" &>/dev/null; then
            echo "Adding user ${u.name}"
            ${pkgs.shadow}/sbin/useradd \
              -g "${u.group}" \
              -G "${concatStringsSep "," u.extraGroups}" \
              -s "${u.shell}" \
              -d "${u.home}" \
              ${optionalString u.isSystemUser "--system"} \
              "${u.name}"
            echo "${u.name}:x" | ${pkgs.shadow}/sbin/chpasswd -e
          fi
@ -495,7 +509,7 @@ in {
        message = "uids and gids must be unique!";
      }
      { assertion = cfg.mutableUsers || (nonUidUsers == {});
-        message = "When mutableUsers is false, no uid can be null";
+        message = "When mutableUsers is false, no uid can be null: ${toString (attrNames nonUidUsers)}";
      }
      { assertion = cfg.mutableUsers || (nonGidGroups == {});
        message = "When mutableUsers is false, no gid can be null";
--- a/nixos/modules/config/zram.nix
+++ b/nixos/modules/config/zram.nix
@ -0,0 +1,138 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  cfg = config.zramSwap;
  devices = map (nr: "zram${toString nr}") (range 0 (cfg.numDevices - 1));
  modprobe = "${config.system.sbin.modprobe}/sbin/modprobe";
 in
 {
  ###### interface
  options = {
    zramSwap = {
      enable = mkOption {
        default = false;
        type = types.bool;
        description = ''
          Enable in-memory compressed swap space provided by the zram kernel
          module. It is recommended to enable only for kernel 3.14 or higher.
        '';
      };
      numDevices = mkOption {
        default = 4;
        type = types.int;
        description = ''
          Number of zram swap devices to create. It should be equal to the
          number of CPU cores your system has.
        '';
      };
      memoryPercent = mkOption {
        default = 50;
        type = types.int;
        description = ''
          Maximum amount of memory that can be used by the zram swap devices
          (as a percentage of your total memory). Defaults to 1/2 of your total
          RAM.
        '';
      };
      priority = mkOption {
        default = 5;
        type = types.int;
        description = ''
          Priority of the zram swap devices. It should be a number higher than
          the priority of your disk-based swap devices (so that the system will
          fill the zram swap devices before falling back to disk swap).
        '';
      };
    };
  };
  config = mkIf cfg.enable {
    system.requiredKernelConfig = with config.lib.kernelConfig; [
      (isModule "ZRAM")
    ];
    # Disabling this for the moment, as it would create and mkswap devices twice,
    # once in stage 2 boot, and again when the zram-reloader service starts.
    # boot.kernelModules = [ "zram" ];
    boot.extraModprobeConfig = ''
      options zram num_devices=${toString cfg.numDevices}
    '';
    services.udev.extraRules = ''
      KERNEL=="zram[0-9]*", ENV{SYSTEMD_WANTS}="zram-init-%k.service", TAG+="systemd"
    '';
    systemd.services =
      let
        createZramInitService = dev:
          nameValuePair "zram-init-${dev}" {
            description = "Init swap on zram-based device ${dev}";
            bindsTo = [ "dev-${dev}.swap" ];
            after = [ "dev-${dev}.device" "zram-reloader.service" ];
            requires = [ "dev-${dev}.device" "zram-reloader.service" ];
            before = [ "dev-${dev}.swap" ];
            requiredBy = [ "dev-${dev}.swap" ];
            serviceConfig = {
              Type = "oneshot";
              RemainAfterExit = true;
              ExecStop = "${pkgs.stdenv.shell} -c 'echo 1 > /sys/class/block/${dev}/reset'";
            };
            script = ''
              set -u
              set -o pipefail
              PATH=${pkgs.procps}/bin:${pkgs.gnugrep}/bin:${pkgs.gnused}/bin
              # Calculate memory to use for zram
              totalmem=$(free | grep -e "^Mem:" | sed -e 's/^Mem: *//' -e 's/  *.*//')
              mem=$(((totalmem * ${toString cfg.memoryPercent} / 100 / ${toString cfg.numDevices}) * 1024))
              echo $mem > /sys/class/block/${dev}/disksize
              ${pkgs.utillinux}/sbin/mkswap /dev/${dev}
            '';
            restartIfChanged = false;
          };
      in listToAttrs ((map createZramInitService devices) ++ [(nameValuePair "zram-reloader"
        {
          description = "Reload zram kernel module when number of devices changes";
          serviceConfig = {
            Type = "oneshot";
            RemainAfterExit = true;
            ExecStartPre = "${modprobe} -r zram";
            ExecStart = "${modprobe} zram";
            ExecStop = "${modprobe} -r zram";
          };
          restartTriggers = [ cfg.numDevices ];
          restartIfChanged = true;
        })]);
    swapDevices =
      let
        useZramSwap = dev:
          {
            device = "/dev/${dev}";
            priority = cfg.priority;
          };
      in map useZramSwap devices;
  };
 }
--- a/nixos/modules/hardware/network/intel-2100bg.nix
+++ b/nixos/modules/hardware/network/intel-2100bg.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
@ -6,9 +6,9 @@
  options = {
-    networking.enableIntel2100BGFirmware = pkgs.lib.mkOption {
+    networking.enableIntel2100BGFirmware = lib.mkOption {
      default = false;
-      type = pkgs.lib.types.bool;
+      type = lib.types.bool;
      description = ''
        Turn on this option if you want firmware for the Intel
        PRO/Wireless 2100BG to be loaded automatically.  This is
@ -21,7 +21,7 @@
  ###### implementation
-  config = pkgs.lib.mkIf config.networking.enableIntel2100BGFirmware {
+  config = lib.mkIf config.networking.enableIntel2100BGFirmware {
    hardware.enableAllFirmware = true;
--- a/nixos/modules/hardware/network/intel-2200bg.nix
+++ b/nixos/modules/hardware/network/intel-2200bg.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
@ -6,9 +6,9 @@
  options = {
-    networking.enableIntel2200BGFirmware = pkgs.lib.mkOption {
+    networking.enableIntel2200BGFirmware = lib.mkOption {
      default = false;
-      type = pkgs.lib.types.bool;
+      type = lib.types.bool;
      description = ''
        Turn on this option if you want firmware for the Intel
        PRO/Wireless 2200BG to be loaded automatically.  This is
@ -21,7 +21,7 @@
  ###### implementation
-  config = pkgs.lib.mkIf config.networking.enableIntel2200BGFirmware {
+  config = lib.mkIf config.networking.enableIntel2200BGFirmware {
    hardware.enableAllFirmware = true;
--- a/nixos/modules/hardware/network/intel-3945abg.nix
+++ b/nixos/modules/hardware/network/intel-3945abg.nix
@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
@ -6,9 +6,9 @@
  options = {
-    networking.enableIntel3945ABGFirmware = pkgs.lib.mkOption {
+    networking.enableIntel3945ABGFirmware = lib.mkOption {
      default = false;
-      type = pkgs.lib.types.bool;
+      type = lib.types.bool;
      description = ''
        This option enables automatic loading of the firmware for the Intel
        PRO/Wireless 3945ABG.
@ -20,7 +20,7 @@
  ###### implementation
-  config = pkgs.lib.mkIf config.networking.enableIntel3945ABGFirmware {
+  config = lib.mkIf config.networking.enableIntel3945ABGFirmware {
    hardware.enableAllFirmware = true;
--- a/nixos/modules/hardware/network/ralink.nix
+++ b/nixos/modules/hardware/network/ralink.nix
@ -1,4 +1,4 @@
-{pkgs, config, ...}:
+{pkgs, config, lib, ...}:
 {
@ -6,9 +6,9 @@
  options = {
-    networking.enableRalinkFirmware = pkgs.lib.mkOption {
+    networking.enableRalinkFirmware = lib.mkOption {
      default = false;
-      type = pkgs.lib.types.bool;
+      type = lib.types.bool;
      description = ''
        Turn on this option if you want firmware for the RT73 NIC.
      '';
@ -19,7 +19,7 @@
  ###### implementation
-  config = pkgs.lib.mkIf config.networking.enableRalinkFirmware {
+  config = lib.mkIf config.networking.enableRalinkFirmware {
    hardware.enableAllFirmware = true;
  };
--- a/nixos/modules/hardware/network/rtl8192c.nix
+++ b/nixos/modules/hardware/network/rtl8192c.nix
@ -1,4 +1,4 @@
-{pkgs, config, ...}:
+{pkgs, config, lib, ...}:
 {
@ -6,9 +6,9 @@
  options = {
-    networking.enableRTL8192cFirmware = pkgs.lib.mkOption {
+    networking.enableRTL8192cFirmware = lib.mkOption {
      default = false;
-      type = pkgs.lib.types.bool;
+      type = lib.types.bool;
      description = ''
        Turn on this option if you want firmware for the RTL8192c (and related) NICs.
      '';
@ -19,7 +19,7 @@
  ###### implementation
-  config = pkgs.lib.mkIf config.networking.enableRTL8192cFirmware {
+  config = lib.mkIf config.networking.enableRTL8192cFirmware {
    hardware.enableAllFirmware = true;
  };
--- a/nixos/modules/hardware/network/smc-2632w/default.nix
+++ b/nixos/modules/hardware/network/smc-2632w/default.nix
@ -1,9 +1,9 @@
-{pkgs, config, ...}:
+{lib, config, ...}:
 {
  hardware = {
    pcmcia = {
-      firmware = [ (pkgs.lib.cleanSource ./firmware) ];
+      firmware = [ (lib.cleanSource ./firmware) ];
    };
  };
 }
--- a/nixos/modules/hardware/opengl.nix
+++ b/nixos/modules/hardware/opengl.nix
@ -1,14 +1,31 @@
-{ config, pkgs, pkgs_i686, ... }:
+{ config, lib, pkgs, pkgs_i686, ... }:
 with lib;
 let
  inherit (pkgs.lib) mkOption types mkIf optional optionals elem optionalString optionalAttrs;
  cfg = config.hardware.opengl;
  kernelPackages = config.boot.kernelPackages;
-in {
+
  videoDrivers = config.services.xserver.videoDrivers;
  makePackage = p: p.buildEnv {
    name = "mesa-drivers+txc-${p.mesa_drivers.version}";
    paths =
      [ p.mesa_drivers
        p.mesa_noglu # mainly for libGL
        (if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
        p.udev
      ];
  };
 in
 {
  options = {
    hardware.opengl.enable = mkOption {
-      description = "Whether this configuration requires opengl.";
+      description = "Whether this configuration requires OpenGL.";
      type = types.bool;
      default = false;
      internal = true;
@ -45,84 +62,64 @@ in {
      '';
    };
-
+    hardware.opengl.package = mkOption {
-    hardware.opengl.videoDrivers = mkOption {
+      type = types.package;
-      type = types.listOf types.str;
+      internal = true;
      # !!! We'd like "nv" here, but it segfaults the X server.
      default = [ "ati" "cirrus" "intel" "vesa" "vmware" ];
      example = [ "vesa" ];
      description = ''
-        The names of the opengl video drivers the configuration
+        The package that provides the OpenGL implementation.
        supports. They will be tried in order until one that
        supports your card is found.
      '';
    };
    hardware.opengl.package32 = mkOption {
      type = types.package;
      internal = true;
      description = ''
        The package that provides the 32-bit OpenGL implementation on
        64-bit systems.  Used when <option>driSupport32Bit</option> is
        set.
      '';
    };
  };
  config = mkIf cfg.enable {
-    assertions = pkgs.lib.singleton {
+
    assertions = lib.singleton {
      assertion = cfg.driSupport32Bit -> pkgs.stdenv.isx86_64;
-      message = "Option driSupport32Bit only makes sens on a 64-bit system.";
+      message = "Option driSupport32Bit only makes sense on a 64-bit system.";
    };
-    system.activationScripts.setup-opengl.deps = [];
+    system.activationScripts.setup-opengl =
-    system.activationScripts.setup-opengl.text = ''
+      ''
-      rm -f /run/opengl-driver{,-32}
+        ln -sfn ${cfg.package} /run/opengl-driver
-      ${optionalString (pkgs.stdenv.isi686) "ln -sf opengl-driver /run/opengl-driver-32"}
+        ${if pkgs.stdenv.isi686 then ''
-    ''
+          ln -sfn opengl-driver /run/opengl-driver-32
-      #TODO:  The OpenGL driver should depend on what's detected at runtime.
+        '' else if cfg.driSupport32Bit then ''
-     +( if elem "nvidia" cfg.videoDrivers then
+          ln -sfn ${cfg.package32} /run/opengl-driver-32
-          ''
+        '' else ''
-            ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver
+          rm -f /run/opengl-driver-32
-            ${optionalString cfg.driSupport32Bit
+        ''}
-              "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; } } /run/opengl-driver-32"}
+      '';
          ''
        else if elem "nvidiaLegacy173" cfg.videoDrivers then
          "ln -sf ${kernelPackages.nvidia_x11_legacy173} /run/opengl-driver"
        else if elem "nvidiaLegacy304" cfg.videoDrivers then
          ''
            ln -sf ${kernelPackages.nvidia_x11_legacy304} /run/opengl-driver
            ${optionalString cfg.driSupport32Bit
              "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11_legacy304.override { libsOnly = true; kernel = null; } } /run/opengl-driver-32"}
          ''
        else if elem "ati_unfree" cfg.videoDrivers then
          "ln -sf ${kernelPackages.ati_drivers_x11} /run/opengl-driver"
        else
          let
            lib_fun = p: p.buildEnv {
              name = "mesa-drivers+txc-${p.mesa_drivers.version}";
              paths = [
                p.mesa_drivers
                p.mesa_noglu # mainly for libGL
                (if cfg.s3tcSupport then p.libtxc_dxtn else p.libtxc_dxtn_s2tc)
              ];
            };
          in
          ''
            ${optionalString cfg.driSupport "ln -sf ${lib_fun pkgs} /run/opengl-driver"}
            ${optionalString cfg.driSupport32Bit
              "ln -sf ${lib_fun pkgs_i686} /run/opengl-driver-32"}
          ''
      );
-    environment.variables.LD_LIBRARY_PATH =
+    environment.sessionVariables.LD_LIBRARY_PATH =
      [ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ];
    # FIXME: move this into card-specific modules.
    hardware.opengl.package = mkDefault
      (if elem "ati_unfree" videoDrivers then
        kernelPackages.ati_drivers_x11
      else
        makePackage pkgs);
    hardware.opengl.package32 = mkDefault (makePackage pkgs_i686);
    boot.extraModulePackages =
-      optional (elem "nvidia" cfg.videoDrivers) kernelPackages.nvidia_x11 ++
+      optional (elem "virtualbox" videoDrivers) kernelPackages.virtualboxGuestAdditions ++
-      optional (elem "nvidiaLegacy173" cfg.videoDrivers) kernelPackages.nvidia_x11_legacy173 ++
+      optional (elem "ati_unfree" videoDrivers) kernelPackages.ati_drivers_x11;
      optional (elem "nvidiaLegacy304" cfg.videoDrivers) kernelPackages.nvidia_x11_legacy304 ++
      optional (elem "virtualbox" cfg.videoDrivers) kernelPackages.virtualboxGuestAdditions ++
      optional (elem "ati_unfree" cfg.videoDrivers) kernelPackages.ati_drivers_x11;
-    boot.blacklistedKernelModules =
+    environment.etc =
-      optionals (elem "nvidia" cfg.videoDrivers) [ "nouveau" "nvidiafb" ];
+      optionalAttrs (elem "ati_unfree" videoDrivers) {
    environment.etc =  (optionalAttrs (elem "ati_unfree" cfg.videoDrivers) {
        "ati".source = "${kernelPackages.ati_drivers_x11}/etc/ati";
-      })
+      };
      // (optionalAttrs (elem "nvidia" cfg.videoDrivers) {
        "OpenCL/vendors/nvidia.icd".source = "${kernelPackages.nvidia_x11}/lib/vendors/nvidia.icd";
      });
  };
 }
--- a/nixos/modules/hardware/video/bumblebee.nix
+++ b/nixos/modules/hardware/video/bumblebee.nix
@ -17,6 +17,12 @@ with lib;
        Only nvidia driver is supported so far.
      '';
    };
    hardware.bumblebee.group = mkOption {
      default = "wheel";
      example = "video";
      type = types.uniq types.str;
      description = ''Group for bumblebee socket'';
    };
  };
  config = mkIf config.hardware.bumblebee.enable {
@ -29,13 +35,15 @@ with lib;
    systemd.services.bumblebeed = {
      description = "Bumblebee Hybrid Graphics Switcher";
      wantedBy = [ "display-manager.service" ];
-      script = "bumblebeed --use-syslog";
+      script = "bumblebeed --use-syslog -g ${config.hardware.bumblebee.group}";
      path = [ kernel.bbswitch pkgs.bumblebee ];
      serviceConfig = {
        Restart = "always";
        RestartSec = 60;
        CPUSchedulingPolicy = "idle";
      };
      environment.LD_LIBRARY_PATH="/run/opengl-driver/lib/";
      environment.MODULE_DIR="/run/current-system/kernel-modules/lib/modules/";
    };
  };
 }
--- a/nixos/modules/hardware/video/nvidia.nix
+++ b/nixos/modules/hardware/video/nvidia.nix
@ -0,0 +1,54 @@
 # This module provides the proprietary NVIDIA X11 / OpenGL drivers.
 { config, lib, pkgs, pkgs_i686, ... }:
 with lib;
 let
  drivers = config.services.xserver.videoDrivers;
  # FIXME: should introduce an option like
  # ‘hardware.video.nvidia.package’ for overriding the default NVIDIA
  # driver.
  enabled = elem "nvidia" drivers || elem "nvidiaLegacy173" drivers || elem "nvidiaLegacy304" drivers;
  nvidia_x11 =
    if elem "nvidia" drivers then
      config.boot.kernelPackages.nvidia_x11
    else if elem "nvidiaLegacy173" drivers then
      config.boot.kernelPackages.nvidia_x11_legacy173
    else if elem "nvidiaLegacy304" drivers then
      config.boot.kernelPackages.nvidia_x11_legacy304
    else throw "impossible";
 in
 {
  config = mkIf enabled {
    services.xserver.drivers = singleton
      { name = "nvidia"; modules = [ nvidia_x11 ]; libPath = [ nvidia_x11 ]; };
    services.xserver.screenSection =
      ''
        Option "RandRRotation" "on"
      '';
    hardware.opengl.package = nvidia_x11;
    hardware.opengl.package32 = pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernel = null; };
    environment.systemPackages = [ nvidia_x11 ];
    boot.extraModulePackages = [ nvidia_x11 ];
    boot.blacklistedKernelModules = [ "nouveau" "nvidiafb" ];
    services.acpid.enable = true;
    environment.etc."OpenCL/vendors/nvidia.icd".source = "${nvidia_x11}/lib/vendors/nvidia.icd";
  };
 }
--- a/nixos/modules/installer/cd-dvd/installation-cd-base.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
@ -19,7 +19,7 @@ with lib;
  # ISO naming.
  isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosVersion}-${pkgs.stdenv.system}.iso";
-  isoImage.volumeID = substring 0 11 "NIXOS_${config.system.nixosVersion}";
+  isoImage.volumeID = substring 0 11 "NIXOS_ISO";
  # Make the installer more likely to succeed in low memory
  # environments.  The kernel's overcommit heustistics bite us
@ -39,6 +39,9 @@ with lib;
  # Add Memtest86+ to the CD.
  boot.loader.grub.memtest86.enable = true;
-  # Get a console as soon as the initrd loads fbcon on EFI boot
+  # Get a console as soon as the initrd loads fbcon on EFI boot.
  boot.initrd.kernelModules = [ "fbcon" ];
  # Allow the user to log in as root without a password.
  security.initialRootPassword = "";
 }
--- a/nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical-new-kernel.nix
@ -3,6 +3,5 @@
 {
  imports = [ ./installation-cd-graphical.nix ];
-  boot.kernelPackages = pkgs.linuxPackages_3_10;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.vesa = false;
 }
--- a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
+++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
@ -3,6 +3,5 @@
 {
  imports = [ ./installation-cd-minimal.nix ];
-  boot.kernelPackages = pkgs.linuxPackages_3_10;
+  boot.kernelPackages = pkgs.linuxPackages_latest;
  boot.vesa = false;
 }
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@ -67,7 +67,7 @@ let
        ${config.boot.kernelPackages.kernel}/bzImage ::boot/bzImage
      mcopy -v -i "$out" \
        ${config.system.build.initialRamdisk}/initrd ::boot/initrd
-    '';
+    ''; # */
  targetArch = if pkgs.stdenv.isi686 then
    "ia32"
@ -177,41 +177,45 @@ in
    # recognise that.
    boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
    fileSystems."/" =
      { fsType = "tmpfs";
        options = "mode=0755";
      };
    # Note that /dev/root is a symlink to the actual root device
-    # specified on the kernel command line, created in the stage 1 init
+    # specified on the kernel command line, created in the stage 1
-    # script.
+    # init script.
-    fileSystems."/".device = "/dev/root";
+    fileSystems."/iso" =
      { device = "/dev/root";
        neededForBoot = true;
        noCheck = true;
      };
    # In stage 1, mount a tmpfs on top of /nix/store (the squashfs
    # image) to make this a live CD.
    fileSystems."/nix/.ro-store" =
      { fsType = "squashfs";
        device = "/iso/nix-store.squashfs";
        options = "loop";
        neededForBoot = true;
      };
    fileSystems."/nix/.rw-store" =
      { fsType = "tmpfs";
        options = "mode=0755";
        neededForBoot = true;
      };
    fileSystems."/nix/store" =
-      { fsType = "squashfs";
+      { fsType = "unionfs-fuse";
-        device = "/nix-store.squashfs";
+        device = "unionfs";
-        options = "loop";
+        options = "allow_other,cow,nonempty,chroot=/mnt-root,max_files=32768,hide_meta_files,dirs=/nix/.rw-store=rw:/nix/.ro-store=ro";
      };
    boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
    boot.initrd.kernelModules = [ "loop" ];
    # In stage 1, mount a tmpfs on top of / (the ISO image) and
    # /nix/store (the squashfs image) to make this a live CD.
    boot.initrd.postMountCommands =
      ''
        mkdir -p /unionfs-chroot/ro-root
        mount --rbind $targetRoot /unionfs-chroot/ro-root
        mkdir /unionfs-chroot/rw-root
        mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
        mkdir /mnt-root-union
        unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
        oldTargetRoot=$targetRoot
        targetRoot=/mnt-root-union
        mkdir /unionfs-chroot/rw-store
        mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
        mkdir -p $oldTargetRoot/nix/store
        unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
      '';
    # Closures to be copied to the Nix store on the CD, namely the init
    # script and the top-level system configuration directory.
    isoImage.storeContents =
@ -253,10 +257,6 @@ in
        { source = config.system.build.squashfsStore;
          target = "/nix-store.squashfs";
        }
        { # Quick hack: need a mount point for the store.
          source = pkgs.runCommand "empty" {} "mkdir -p $out";
          target = "/nix/store";
        }
      ] ++ optionals config.isoImage.makeEfiBootable [
        { source = efiImg;
          target = "/boot/efi.img";
@ -311,8 +311,8 @@ in
      '';
    # Add vfat support to the initrd to enable people to copy the
-    # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
+    # contents of the CD to a bootable USB stick.
-    boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
+    boot.initrd.supportedFilesystems = [ "vfat" ];
  };
--- a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
@ -152,7 +152,7 @@ in
  # default root password is empty.
  services.openssh.enable = true;
-  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+  jobs.openssh.startOn = lib.mkOverride 50 "";
  boot.loader.grub.enable = false;
  boot.loader.generationsDir.enable = false;
--- a/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
@ -109,7 +109,7 @@ in
  # not be started by default on the installation CD because the
  # default root password is empty.
  services.openssh.enable = true;
-  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+  jobs.openssh.startOn = lib.mkOverride 50 "";
  # To be able to use the systemTarball to catch troubles.
  boot.crashDump = {
--- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
@ -138,7 +138,8 @@ in
  };
  # Setting vesa, we don't get the nvidia driver, which can't work in arm.
-  hardware.opengl.videoDrivers = [ "vesa" ];
+  services.xserver.videoDrivers = [ "vesa" ];
  services.nixosManual.enable = false;
  # Include the firmware for various wireless cards.
@ -164,7 +165,7 @@ in
  # not be started by default on the installation CD because the
  # default root password is empty.
  services.openssh.enable = true;
-  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+  jobs.openssh.startOn = lib.mkOverride 50 "";
  # cpufrequtils fails to build on non-pc
  powerManagement.enable = false;
--- a/nixos/modules/installer/tools/get-version-suffix
+++ b/nixos/modules/installer/tools/get-version-suffix
@ -17,6 +17,6 @@ getVersion() {
 if nixpkgs=$(nix-instantiate --find-file nixpkgs "$@"); then
    getVersion $nixpkgs
    if [ -n "$rev" ]; then
-        echo "pre-$rev"
+        echo ".git.$rev"
    fi
 fi
--- a/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
+++ b/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
@ -6,4 +6,4 @@ let nodes = import networkExpr; in
 with import ../../../../lib/testing.nix { inherit system; };
-(complete { inherit nodes; testScript = ""; }).driver
+(makeTest { inherit nodes; testScript = ""; }).driver
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@ -1,9 +1,11 @@
 #! @perl@
 use Cwd 'abs_path';
 use File::Spec;
 use File::Path;
 use File::Basename;
 use File::Slurp;
 use File::stat;
 sub uniq {
@ -130,13 +132,14 @@ sub pciCheck {
    # broadcom STA driver (wl.ko)
    # list taken from http://www.broadcom.com/docs/linux_sta/README.txt
    # FIXME: still needed?
    if ($vendor eq "0x14e4" &&
        ($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
         $device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
         $device eq "0x4329" || $device eq "0x432a" || $device eq "0x432b" ||
         $device eq "0x432c" || $device eq "0x432d" || $device eq "0x4353" ||
-         $device eq "0x4357" || $device eq "0x4358" || $device eq "0x4359" ) )
+         $device eq "0x4357" || $device eq "0x4358" || $device eq "0x4359" ||
         $device eq "0x4331" || $device eq "0x43a0" || $device eq "0x43b1"
        ) )
     {
        push @modulePackages, "config.boot.kernelPackages.broadcom_sta";
        push @kernelModules, "wl";
@ -158,14 +161,14 @@ sub pciCheck {
    # Assume that all NVIDIA cards are supported by the NVIDIA driver.
    # There may be exceptions (e.g. old cards).
    # FIXME: do we want to enable an unfree driver here?
-    $videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
+    #$videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
 }
 foreach my $path (glob "/sys/bus/pci/devices/*") {
    pciCheck $path;
 }
-push @attrs, "hardware.opengl.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
+push @attrs, "services.xserver.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
 # Idem for USB devices.
@ -218,22 +221,41 @@ foreach my $path (glob "/sys/class/block/*") {
 }
-my $dmi = `@dmidecode@/sbin/dmidecode`;
+my $virt = `systemd-detect-virt`;
 chomp $virt;
 # Check if we're a VirtualBox guest.  If so, enable the guest
 # additions.
-if ($dmi =~ /Manufacturer: innotek/) {
+if ($virt eq "oracle") {
    push @attrs, "services.virtualbox.enable = true;"
 }
 # Likewise for QEMU.
-if ($dmi =~ /Manufacturer: Bochs/) {
+if ($virt eq "qemu" || $virt eq "kvm" || $virt eq "bochs") {
    push @imports, "<nixpkgs/nixos/modules/profiles/qemu-guest.nix>";
 }
 # For a device name like /dev/sda1, find a more stable path like
 # /dev/disk/by-uuid/X or /dev/disk/by-label/Y.
 sub findStableDevPath {
    my ($dev) = @_;
    return $dev if substr($dev, 0, 1) ne "/";
    return $dev unless -e $dev;
    my $st = stat($dev) or return $dev;
    foreach my $dev2 (glob("/dev/disk/by-uuid/*"), glob("/dev/mapper/*"), glob("/dev/disk/by-label/*")) {
        my $st2 = stat($dev2) or next;
        return $dev2 if $st->rdev == $st2->rdev;
    }
    return $dev;
 }
 # Generate the swapDevices option from the currently activated swap
 # devices.
 my @swaps = read_file("/proc/swaps");
@ -241,7 +263,9 @@ shift @swaps;
 my @swapDevices;
 foreach my $swap (@swaps) {
    $swap =~ /^(\S+)\s/;
-    push @swapDevices, "{ device = \"$1\"; }";
+    next unless -e $1;
    my $dev = findStableDevPath $1;
    push @swapDevices, "{ device = \"$dev\"; }";
 }
@ -267,6 +291,7 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
    # Skip special filesystems.
    next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run") || $mountPoint eq "/var/lib/nfs/rpc_pipefs";
    next if $mountPoint eq "/var/setuid-wrappers";
    # Skip the optional fields.
    my $n = 6; $n++ while $fields[$n] ne "-"; $n++;
@ -280,9 +305,11 @@ foreach my $fs (read_file("/proc/self/mountinfo")) {
    # Maybe this is a bind-mount of a filesystem we saw earlier?
    if (defined $fsByDev{$fields[2]}) {
        my $path = $fields[3]; $path = "" if $path eq "/";
        my $base = $fsByDev{$fields[2]};
        $base = "" if $base eq "/";
        $fileSystems .= <<EOF;
  fileSystems.\"$mountPoint\" =
-    { device = \"$fsByDev{$fields[2]}$path\";
+    { device = \"$base$path\";
      fsType = \"none\";
      options = \"bind\";
    };
@ -313,7 +340,7 @@ EOF
    # Emit the filesystem.
    $fileSystems .= <<EOF;
  fileSystems.\"$mountPoint\" =
-    { device = \"$device\";
+    { device = \"${\(findStableDevPath $device)}\";
      fsType = \"$fsType\";
 EOF
@ -342,7 +369,7 @@ sub toNixExpr {
 sub multiLineList {
    my $indent = shift;
-    return "[ ]" if !@_;
+    return " [ ]" if !@_;
    $res = "\n${indent}[ ";
    my $first = 1;
    foreach my $s (@_) {
@ -401,7 +428,6 @@ if ($showHardwareConfig) {
        if (-e "/sys/firmware/efi/efivars") {
            $bootLoaderConfig = <<EOF;
  # Use the gummiboot efi boot loader.
  boot.loader.grub.enable = false;
  boot.loader.gummiboot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
 EOF
@ -439,6 +465,12 @@ $bootLoaderConfig
  #   defaultLocale = "en_US.UTF-8";
  # };
  # List packages installed in system profile. To search by name, run:
  # \$ nix-env -qaP | grep wget
  # environment.systemPackages = with pkgs; [
  #   wget
  # ];
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
@ -455,6 +487,17 @@ $bootLoaderConfig
  # Enable the KDE Desktop Environment.
  # services.xserver.displayManager.kdm.enable = true;
  # services.xserver.desktopManager.kde4.enable = true;
  # Define a user account. Don't forget to set a password with ‘passwd’.
  # users.extraUsers.guest = {
  #   name = "guest";
  #   group = "users";
  #   uid = 1000;
  #   createHome = true;
  #   home = "/home/guest";
  #   shell = "/run/current-system/sw/bin/bash";
  # };
 }
 EOF
    } else {
--- a/nixos/modules/installer/tools/nixos-install.sh
+++ b/nixos/modules/installer/tools/nixos-install.sh
@ -1,15 +1,26 @@
 #! @shell@
 # - [mount target device] <- currently disabled
 # - make Nix store etc.
 # - copy closure of Nix to target device
 # - register validity
 # - with a chroot to the target device:
 #   * nix-env -p /nix/var/nix/profiles/system -i <nix-expr for the configuration>
-#   * run the activation script of the configuration (also installs Grub)
+#   * install the boot loader
 # Re-exec ourselves in a private mount namespace so that our bind
 # mounts get cleaned up automatically.
 if [ "$(id -u)" = 0 ]; then
    if [ -z "$NIXOS_INSTALL_REEXEC" ]; then
        export NIXOS_INSTALL_REEXEC=1
        exec unshare --mount --uts -- "$0" "$@"
    else
        mount --make-rprivate /
    fi
 fi
 # Parse the command line for the -I flag
 extraBuildFlags=()
 chrootCommand=(/run/current-system/sw/bin/bash)
 while [ "$#" -gt 0 ]; do
    i="$1"; shift 1
@ -19,6 +30,14 @@ while [ "$#" -gt 0 ]; do
            absolute_path=$(readlink -m $given_path)
            extraBuildFlags+=("$i" "/mnt$absolute_path")
            ;;
        --show-trace)
            extraBuildFlags+=("$i")
            ;;
        --chroot)
            runChroot=1
            chrootCommand=("$@")
            break
            ;;
        --help)
            exec man nixos-install
            exit 1
@ -37,10 +56,6 @@ if test -z "$mountPoint"; then
    mountPoint=/mnt
 fi
 if test -z "$NIXOS_CONFIG"; then
    NIXOS_CONFIG=/etc/nixos/configuration.nix
 fi
 if ! test -e "$mountPoint"; then
    echo "mount point $mountPoint doesn't exist"
    exit 1
@ -51,53 +66,45 @@ if ! grep -F -q " $mountPoint " /proc/mounts; then
    exit 1
 fi
 # Mount some stuff in the target root directory.
 mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/etc $mountPoint/run $mountPoint/home
 mkdir -m 01777 -p $mountPoint/tmp
 mkdir -m 0755 -p $mountPoint/tmp/root
 mkdir -m 0755 -p $mountPoint/var/setuid-wrappers
 mount --rbind /dev $mountPoint/dev
 mount --rbind /proc $mountPoint/proc
 mount --rbind /sys $mountPoint/sys
 mount --rbind / $mountPoint/tmp/root
 mount -t tmpfs -o "mode=0755" none $mountPoint/run
 mount -t tmpfs -o "mode=0755" none $mountPoint/var/setuid-wrappers
 rm -rf $mountPoint/var/run
 ln -s /run $mountPoint/var/run
 rm -f $mountPoint/etc/{resolv.conf,hosts}
 cp -f /etc/resolv.conf /etc/hosts $mountPoint/etc/
 if [ -n "$runChroot" ]; then
    if ! [ -L $mountPoint/nix/var/nix/profiles/system ]; then
        echo "$0: installation not finished; cannot chroot into installation directory"
        exit 1
    fi
    ln -s /nix/var/nix/profiles/system $mountPoint/run/current-system
    exec chroot $mountPoint "${chrootCommand[@]}"
 fi
 # Get the path of the NixOS configuration file.
 if test -z "$NIXOS_CONFIG"; then
    NIXOS_CONFIG=/etc/nixos/configuration.nix
 fi
 if ! test -e "$mountPoint/$NIXOS_CONFIG"; then
    echo "configuration file $mountPoint/$NIXOS_CONFIG doesn't exist"
    exit 1
 fi
 # Mount some stuff in the target root directory.  We bind-mount /etc
 # into the chroot because we need networking and the nixbld user
 # accounts in /etc/passwd.  But we do need the target's /etc/nixos.
 mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/mnt $mountPoint/mnt2 $mountPoint/mnt-nixpkgs $mountPoint/etc /etc/nixos
 mount --make-private / # systemd makes / shared, which is annoying
 mount --bind / $mountPoint/mnt
 mount --bind /nix $mountPoint/mnt/nix
 mount --bind /nix/store $mountPoint/mnt/nix/store
 mount --bind /dev $mountPoint/dev
 mount --bind /dev/shm $mountPoint/dev/shm
 mount --bind /proc $mountPoint/proc
 mount --bind /sys $mountPoint/sys
 mount --bind /sys/firmware/efi/efivars $mountPoint/sys/firmware/efi/efivars &>/dev/null || true
 mount --bind $mountPoint/etc/nixos $mountPoint/mnt2
 mount --bind /etc $mountPoint/etc
 mount --bind $mountPoint/mnt2 $mountPoint/etc/nixos
 cleanup() {
    set +e
    mountpoint -q $mountPoint/etc/nixos && umount $mountPoint/etc/nixos
    mountpoint -q $mountPoint/etc && umount $mountPoint/etc
    umount $mountPoint/mnt2
    umount $mountPoint/mnt-nixpkgs
    umount $mountPoint/sys/firmware/efi/efivars &>/dev/null || true
    umount $mountPoint/sys
    umount $mountPoint/proc
    umount $mountPoint/dev/shm
    umount $mountPoint/dev
    umount $mountPoint/mnt/nix/store
    umount $mountPoint/mnt/nix
    umount $mountPoint/mnt
    rmdir $mountPoint/mnt $mountPoint/mnt2 $mountPoint/mnt-nixpkgs
 }
 trap "cleanup" EXIT
 mkdir -m 01777 -p $mountPoint/tmp
 mkdir -m 0755 -p $mountPoint/var
 # Create the necessary Nix directories on the target device, if they
 # don't already exist.
 mkdir -m 0755 -p \
@ -110,25 +117,11 @@ mkdir -m 0755 -p \
    $mountPoint/nix/var/log/nix/drvs
 mkdir -m 1775 -p $mountPoint/nix/store
-build_users_group=$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"build-users-group"};')
+chown root:nixbld $mountPoint/nix/store
 if test -n "$build_users_group"; then
    chown root:"$build_users_group" $mountPoint/nix/store
 else
    chown root $mountPoint/nix/store
 fi
-# Get the store paths to copy from the references graph.
+# There is no daemon in the chroot.
-storePaths=$(@perl@/bin/perl @pathsFromGraph@ @nixClosure@)
+unset NIX_REMOTE
 # Copy Nix to the Nix store on the target device.
 echo "copying Nix to $mountPoint...."
 for i in $storePaths; do
    echo "  $i"
    chattr -R -i $mountPoint/$i 2> /dev/null || true # clear immutable bit
    rsync -a $i $mountPoint/nix/store/
 done
 # We don't have locale-archive in the chroot, so clear $LANG.
@ -137,28 +130,36 @@ export LC_ALL=
 export LC_TIME=
 # There is no daemon in the chroot
 unset NIX_REMOTE
 # Create a temporary Nix config file that causes the nixbld users to
 # be used.
-if test -n "$build_users_group"; then
+echo "build-users-group = nixbld" > $mountPoint/tmp/nix.conf # FIXME: remove in Nix 1.8
    echo "build-users-group = $build_users_group" > $mountPoint/tmp/nix.conf
 fi
 binary_caches=$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')
 if test -n "$binary_caches"; then
    echo "binary-caches = $binary_caches" >> $mountPoint/tmp/nix.conf
 fi
 export NIX_CONF_DIR=/tmp
 touch $mountPoint/etc/passwd $mountPoint/etc/group
 mount --bind -o ro /etc/passwd $mountPoint/etc/passwd
 mount --bind -o ro /etc/group $mountPoint/etc/group
-# Register the paths in the Nix closure as valid.  This is necessary
+
-# to prevent them from being deleted the first time we install
+# Copy Nix to the Nix store on the target device, unless it's already there.
-# something.  (I.e., Nix will see that, e.g., the glibc path is not
+if ! NIX_DB_DIR=$mountPoint/nix/var/nix/db nix-store --check-validity @nix@ 2> /dev/null; then
-# valid, delete it to get it out of the way, but as a result nothing
+    echo "copying Nix to $mountPoint...."
-# will work anymore.)
+    for i in $(@perl@/bin/perl @pathsFromGraph@ @nixClosure@); do
-chroot $mountPoint @nix@/bin/nix-store --register-validity < @nixClosure@
+        echo "  $i"
        chattr -R -i $mountPoint/$i 2> /dev/null || true # clear immutable bit
        rsync -a $i $mountPoint/nix/store/
    done
    # Register the paths in the Nix closure as valid.  This is necessary
    # to prevent them from being deleted the first time we install
    # something.  (I.e., Nix will see that, e.g., the glibc path is not
    # valid, delete it to get it out of the way, but as a result nothing
    # will work anymore.)
    chroot $mountPoint @nix@/bin/nix-store --register-validity < @nixClosure@
 fi
 # Create the required /bin/sh symlink; otherwise lots of things
@ -168,15 +169,9 @@ mkdir -m 0755 -p $mountPoint/bin
 ln -sf @shell@ $mountPoint/bin/sh
 if test -n "$NIXOS_PREPARE_CHROOT_ONLY"; then
    echo "User requested only to prepare chroot. Exiting."
    exit 0
 fi
 # Make the build below copy paths from the CD if possible.  Note that
-# /mnt in the chroot is the root of the CD.
+# /tmp/root in the chroot is the root of the CD.
-export NIX_OTHER_STORES=/mnt/nix:$NIX_OTHER_STORES
+export NIX_OTHER_STORES=/tmp/root/nix:$NIX_OTHER_STORES
 p=@nix@/libexec/nix/substituters
 export NIX_SUBSTITUTERS=$p/copy-from-other-stores.pl:$p/download-from-binary-cache.pl
@ -191,15 +186,15 @@ done
 # Get the absolute path to the NixOS/Nixpkgs sources.
-mount --bind $(readlink -f $(nix-instantiate --find-file nixpkgs)) $mountPoint/mnt-nixpkgs
+nixpkgs="$(readlink -f $(nix-instantiate --find-file nixpkgs))"
 # Build the specified Nix expression in the target store and install
 # it into the system configuration profile.
 echo "building the system configuration..."
-NIX_PATH="nixpkgs=/mnt-nixpkgs:nixos=/mnt-nixpkgs/nixos:nixos-config=$NIXOS_CONFIG" NIXOS_CONFIG= \
+NIX_PATH="nixpkgs=/tmp/root/$nixpkgs:nixos-config=$NIXOS_CONFIG" NIXOS_CONFIG= \
    chroot $mountPoint @nix@/bin/nix-env \
-    "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/system -f '<nixos>' --set -A system --show-trace
+    "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/system -f '<nixpkgs/nixos>' --set -A system
 # Copy the NixOS/Nixpkgs sources to the target as the initial contents
@ -217,10 +212,8 @@ mkdir -m 0700 -p $mountPoint/root/.nix-defexpr
 ln -sfn /nix/var/nix/profiles/per-user/root/channels $mountPoint/root/.nix-defexpr/channels
-# We're done building/downloading, so we don't need the /etc bind
+# Get rid of the /etc bind mounts.
-# mount anymore.  In fact, below we want to modify the target's /etc.
+umount $mountPoint/etc/passwd $mountPoint/etc/group
 umount $mountPoint/etc/nixos
 umount $mountPoint/etc
 # Grub needs an mtab.
@ -238,3 +231,17 @@ touch $mountPoint/etc/NIXOS
 echo "finalising the installation..."
 NIXOS_INSTALL_GRUB=1 chroot $mountPoint \
    /nix/var/nix/profiles/system/bin/switch-to-configuration boot
 # Run the activation script.
 chroot $mountPoint /nix/var/nix/profiles/system/activate
 # Ask the user to set a root password.
 if [ -t 0 ] ; then
    echo "setting root password..."
    chroot $mountPoint passwd
 fi
 echo "installation finished!"
--- a/nixos/modules/installer/tools/nixos-rebuild.sh
+++ b/nixos/modules/installer/tools/nixos-rebuild.sh
@ -97,6 +97,16 @@ if [ -n "$upgrade" -a -z "$_NIXOS_REBUILD_REEXEC" ]; then
    nix-channel --update nixos
 fi
 # Make sure that we use the Nix package we depend on, not something
 # else from the PATH for nix-{env,instantiate,build}.  This is
 # important, because NixOS defaults the architecture of the rebuilt
 # system to the architecture of the nix-* binaries used.  So if on an
 # amd64 system the user has an i686 Nix package in her PATH, then we
 # would silently downgrade the whole system to be i686 NixOS on the
 # next reboot.
 if [ -z "$_NIXOS_REBUILD_REEXEC" ]; then
    export PATH=@nix@/bin:$PATH
 fi
 # Re-execute nixos-rebuild from the Nixpkgs tree.
 if [ -z "$_NIXOS_REBUILD_REEXEC" -a -n "$canRun" ]; then
--- a/nixos/modules/installer/tools/tools.nix
+++ b/nixos/modules/installer/tools/tools.nix
@ -1,7 +1,7 @@
 # This module generates nixos-install, nixos-rebuild,
 # nixos-generate-config, etc.
-{ config, pkgs, modulesPath, ... }:
+{ config, pkgs, modulesPath, lib, ... }:
 let
@ -32,13 +32,13 @@ let
  nixos-rebuild = makeProg {
    name = "nixos-rebuild";
    src = ./nixos-rebuild.sh;
    nix = config.nix.package;
  };
  nixos-generate-config = makeProg {
    name = "nixos-generate-config";
    src = ./nixos-generate-config.pl;
    perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
    inherit (pkgs) dmidecode;
  };
  nixos-option = makeProg {
@ -65,7 +65,7 @@ let
        test -e "$out/chrome/content/jquery-1.5.2.js" ||
          cp -f "$jquery" "$out/chrome/content/jquery-1.5.2.js"
      '';
-      gui = pkgs.lib.cleanSource "${modulesPath}/../gui";
+      gui = lib.cleanSource "${modulesPath}/../gui";
      jquery = pkgs.fetchurl {
        url = http://code.jquery.com/jquery-1.5.2.min.js;
        sha256 = "8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a";
--- a/nixos/modules/installer/virtualbox-demo.nix
+++ b/nixos/modules/installer/virtualbox-demo.nix
@ -15,5 +15,5 @@ with lib;
  # Add some more video drivers to give X11 a shot at working in
  # VMware and QEMU.
-  hardware.opengl.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
+  services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
 }
--- a/nixos/modules/misc/assertions.nix
+++ b/nixos/modules/misc/assertions.nix
@ -2,14 +2,6 @@
 with lib;
 let
  failed = map (x: x.message) (filter (x: !x.assertion) config.assertions);
  showWarnings = res: fold (w: x: builtins.trace "[1;31mwarning: ${w}[0m" x) res config.warnings;
 in
 {
  options = {
@ -38,15 +30,5 @@ in
    };
  };
-
+  # impl of assertions is in <nixos/modules/system/activation/top-level.nix>
  config = {
    # This option is evaluated always. Thus the assertions are checked
    # as well. Hacky!
    environment.systemPackages = showWarnings (
      if [] == failed then []
      else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}");
  };
 }
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -1,19 +1,19 @@
 # This module defines the global list of uids and gids.  We keep a
 # central list to prevent id collisions.
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 {
  options = {
-    ids.uids = pkgs.lib.mkOption {
+    ids.uids = lib.mkOption {
      internal = true;
      description = ''
        The user IDs used in NixOS.
      '';
    };
-    ids.gids = pkgs.lib.mkOption {
+    ids.gids = lib.mkOption {
      internal = true;
      description = ''
        The group IDs used in NixOS.
@ -52,13 +52,13 @@
      osgi = 34;
      tor = 35;
      cups = 36;
-      foldingAtHome = 37;
+      foldingathome = 37;
      sabnzbd = 38;
      kdm = 39;
-      ghostOne = 40;
+      ghostone = 40;
      git = 41;
-      fourStore = 42;
+      fourstore = 42;
-      fourStoreEndpoint = 43;
+      fourstorehttp = 43;
      virtuoso = 44;
      rtkit = 45;
      dovecot2 = 46;
@ -84,7 +84,7 @@
      postgres = 71;
      smbguest = 74;
      varnish = 75;
-      dd-agent = 76;
+      datadog = 76;
      lighttpd = 77;
      lightdm = 78;
      freenet = 79;
@ -129,10 +129,19 @@
      foundationdb = 118;
      newrelic = 119;
      starbound = 120;
-      hydra     = 122;
+      hydra = 122;
-      spiped    = 123;
+      spiped = 123;
      teamspeak = 124;
      influxdb = 125;
      nsd = 126;
      gitolite = 127;
      znc = 128;
      polipo = 129;
      mopidy = 130;
      unifi = 131;
      gdm = 132;
-      # When adding a uid, make sure it doesn't match an existing gid.
+      # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
      nixbld = 30000; # start of range of uids
      nobody = 65534;
@ -173,8 +182,8 @@
      osgi = 34;
      ghostOne = 40;
      git = 41;
-      fourStore = 42;
+      fourstore = 42;
-      fourStoreEndpoint = 43;
+      fourstorehttpd = 43;
      virtuoso = 44;
      dovecot2 = 46;
      prayer = 49;
@ -201,7 +210,7 @@
      vboxsf = 73;
      smbguest = 74;
      varnish = 75;
-      dd-agent = 76;
+      datadog = 76;
      lighttpd = 77;
      lightdm = 78;
      freenet = 79;
@ -236,9 +245,18 @@
      grsecurity = 121;
      hydra = 122;
      spiped = 123;
-      tss = 124;
+      teamspeak = 124;
      influxdb = 125;
      nsd = 126;
      firebird = 127;
      znc = 128;
      polipo = 129;
      mopidy = 130;
      docker = 131;
      gdm = 132;
      tss = 133;
-      # When adding a gid, make sure it doesn't match an existing uid.
+      # When adding a gid, make sure it doesn't match an existing uid. And don't use gids above 399!
      users = 100;
      nixbld = 30000;
--- a/nixos/modules/misc/lib.nix
+++ b/nixos/modules/misc/lib.nix
@ -1,11 +1,11 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 {
  options = {
-    lib = pkgs.lib.mkOption {
+    lib = lib.mkOption {
      default = {};
-      type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs;
+      type = lib.types.attrsOf lib.types.attrs;
      description = ''
        This option allows modules to define helper functions, constants, etc.
--- a/nixos/modules/misc/locate.nix
+++ b/nixos/modules/misc/locate.nix
@ -3,12 +3,8 @@
 with lib;
 let
-
+  cfg = config.services.locate;
-  locatedb = "/var/cache/locatedb";
+in {
 in
 {
  ###### interface
@ -35,6 +31,31 @@ in
        '';
      };
      extraFlags = mkOption {
        type = types.listOf types.str;
        default = [ ];
        description = ''
          Extra flags to append to <command>updatedb</command>.
        '';
      };
      output = mkOption {
        type = types.path;
        default = /var/cache/locatedb;
        description = ''
          The database file to build.
        '';
      };
      localuser = mkOption {
        type = types.str;
        default = "nobody";
        description = ''
          The user to search non-network directories as, using
          <command>su</command>.
        '';
      };
    };
  };
@ -48,8 +69,10 @@ in
        path  = [ pkgs.su ];
        script =
          ''
-            mkdir -m 0755 -p $(dirname ${locatedb})
+            mkdir -m 0755 -p $(dirname ${toString cfg.output})
-            exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
+            exec updatedb \
            --localuser=${cfg.localuser} \
            --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags}
          '';
        serviceConfig.Nice = 19;
        serviceConfig.IOSchedulingClass = "idle";
--- a/nixos/modules/misc/nixpkgs.nix
+++ b/nixos/modules/misc/nixpkgs.nix
@ -62,8 +62,7 @@ in
      type = types.str;
      description = ''
        Specifies the Nix platform type for which NixOS should be built.
-        If unset, it defaults to the platform type of your host system
+        If unset, it defaults to the platform type of your host system.
        (<literal>${builtins.currentSystem}</literal>).
        Specifying this option is useful when doing distributed
        multi-platform deployment, or when building virtual machines.
      '';
--- a/nixos/modules/misc/passthru.nix
+++ b/nixos/modules/misc/passthru.nix
@ -1,11 +1,11 @@
 # This module allows you to export something from configuration
 # Use case: export kernel source expression for ease of configuring
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 {
  options = {
-    passthru = pkgs.lib.mkOption {
+    passthru = lib.mkOption {
      visible = false;
      description = ''
        This attribute set will be exported as a system attribute.
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@ -53,7 +53,7 @@ with lib;
      mkDefault (if pathExists fn then readFile fn else "master");
    # Note: code names must only increase in alphabetical order.
-    system.nixosCodeName = "Baboon";
+    system.nixosCodeName = "Caterpillar";
    # Generate /etc/os-release.  See
    # http://0pointer.de/public/systemd-man/os-release.html for the
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -16,13 +16,15 @@
  ./config/shells-environment.nix
  ./config/swap.nix
  ./config/sysctl.nix
  ./config/system-environment.nix
  ./config/system-path.nix
  ./config/timezone.nix
  ./config/unix-odbc-drivers.nix
  ./config/users-groups.nix
  ./config/zram.nix
  ./hardware/all-firmware.nix
  ./hardware/cpu/intel-microcode.nix
  ./hardware/cpu/amd-microcode.nix
  ./hardware/cpu/intel-microcode.nix
  ./hardware/network/b43.nix
  ./hardware/network/intel-2100bg.nix
  ./hardware/network/intel-2200bg.nix
@ -32,6 +34,7 @@
  ./hardware/opengl.nix
  ./hardware/pcmcia.nix
  ./hardware/video/bumblebee.nix
  ./hardware/video/nvidia.nix
  ./installer/tools/nixos-checkout.nix
  ./installer/tools/tools.nix
  ./misc/assertions.nix
@ -47,8 +50,10 @@
  ./programs/bash/bash.nix
  ./programs/bash/command-not-found.nix
  ./programs/blcr.nix
  ./programs/dconf.nix
  ./programs/environment.nix
  ./programs/info.nix
  ./programs/screen.nix
  ./programs/shadow.nix
  ./programs/shell.nix
  ./programs/ssh.nix
@ -56,7 +61,6 @@
  ./programs/venus.nix
  ./programs/wvdial.nix
  ./programs/zsh/zsh.nix
  ./programs/screen.nix
  ./rename.nix
  ./security/apparmor.nix
  ./security/apparmor-suid.nix
@ -76,6 +80,7 @@
  ./services/audio/alsa.nix
  ./services/audio/fuppes.nix
  ./services/audio/mpd.nix
  ./services/audio/mopidy.nix
  ./services/backup/almir.nix
  ./services/backup/bacula.nix
  ./services/backup/mysql-backup.nix
@ -89,20 +94,26 @@
  ./services/databases/4store.nix
  ./services/databases/couchdb.nix
  ./services/databases/firebird.nix
  ./services/databases/influxdb.nix
  ./services/databases/memcached.nix
  ./services/databases/monetdb.nix
  ./services/databases/mongodb.nix
  ./services/databases/redis.nix
  ./services/databases/mysql.nix
  ./services/databases/openldap.nix
  ./services/databases/postgresql.nix
  ./services/databases/redis.nix
  ./services/databases/virtuoso.nix
-  ./services/databases/monetdb.nix
+  ./services/desktops/accountsservice.nix
-  ./services/desktops/accountservice.nix
+  ./services/desktops/geoclue2.nix
  ./services/desktops/gnome3/at-spi2-core.nix
  ./services/desktops/gnome3/evolution-data-server.nix
  ./services/desktops/gnome3/gnome-documents.nix
  ./services/desktops/gnome3/gnome-keyring.nix
  ./services/desktops/gnome3/gnome-online-accounts.nix
  ./services/desktops/gnome3/gnome-online-miners.nix
  ./services/desktops/gnome3/gnome-user-share.nix
  ./services/desktops/gnome3/gvfs.nix
  ./services/desktops/gnome3/seahorse.nix
  ./services/desktops/gnome3/sushi.nix
  ./services/desktops/gnome3/tracker.nix
  ./services/desktops/telepathy.nix
@ -118,32 +129,33 @@
  ./services/hardware/tcsd.nix
  ./services/hardware/thinkfan.nix
  ./services/hardware/udev.nix
  ./services/hardware/udisks.nix
  ./services/hardware/udisks2.nix
  ./services/hardware/upower.nix
  ./services/logging/klogd.nix
  ./services/logging/logcheck.nix
  ./services/logging/logrotate.nix
  ./services/logging/logstash.nix
  ./services/logging/syslogd.nix
  ./services/logging/rsyslogd.nix
  ./services/logging/syslogd.nix
  ./services/logging/syslog-ng.nix
  ./services/mail/dovecot.nix
  ./services/mail/freepops.nix
  ./services/mail/mail.nix
  ./services/mail/opensmtpd.nix
  ./services/mail/postfix.nix
  ./services/mail/spamassassin.nix
-  ./services/misc/autofs.nix
+  #./services/misc/autofs.nix
  ./services/misc/cgminer.nix
  ./services/misc/dictd.nix
  ./services/misc/disnix.nix
  ./services/misc/felix.nix
  ./services/misc/folding-at-home.nix
  ./services/misc/gitolite.nix
  ./services/misc/gpsd.nix
  ./services/misc/nix-daemon.nix
  ./services/misc/nix-gc.nix
  ./services/misc/nix-ssh-serve.nix
  ./services/misc/nixos-manual.nix
  ./services/misc/nix-ssh-serve.nix
  ./services/misc/rippled.nix
  ./services/misc/rogue.nix
  ./services/misc/svnserve.nix
@ -153,7 +165,7 @@
  ./services/monitoring/graphite.nix
  ./services/monitoring/monit.nix
  ./services/monitoring/munin.nix
-  ./services/monitoring/nagios/default.nix
+  ./services/monitoring/nagios.nix
  ./services/monitoring/smartd.nix
  ./services/monitoring/statsd.nix
  ./services/monitoring/systemhealth.nix
@ -171,24 +183,23 @@
  ./services/networking/bind.nix
  ./services/networking/bitlbee.nix
  ./services/networking/btsync.nix
  ./services/networking/cjdns.nix
  ./services/networking/connman.nix
  ./services/networking/cntlm.nix
  ./services/networking/chrony.nix
  ./services/networking/cjdns.nix
  ./services/networking/cntlm.nix
  ./services/networking/connman.nix
  ./services/networking/ddclient.nix
  ./services/networking/dhcpcd.nix
  ./services/networking/dhcpd.nix
  ./services/networking/dnsmasq.nix
  ./services/networking/ejabberd.nix
  ./services/networking/firewall.nix
  ./services/networking/haproxy.nix
  ./services/networking/tcpcrypt.nix
  ./services/networking/flashpolicyd.nix
  ./services/networking/freenet.nix
  ./services/networking/git-daemon.nix
  ./services/networking/gnunet.nix
  ./services/networking/gogoclient.nix
  ./services/networking/gvpe.nix
  ./services/networking/haproxy.nix
  ./services/networking/hostapd.nix
  ./services/networking/ifplugd.nix
  ./services/networking/iodined.nix
@ -200,32 +211,39 @@
  ./services/networking/networkmanager.nix
  ./services/networking/ngircd.nix
  ./services/networking/notbit.nix
  ./services/networking/nsd.nix
  ./services/networking/ntopng.nix
  ./services/networking/ntpd.nix
  ./services/networking/oidentd.nix
  ./services/networking/openfire.nix
  ./services/networking/openvpn.nix
  ./services/networking/polipo.nix
  ./services/networking/prayer.nix
  ./services/networking/privoxy.nix
  ./services/networking/quassel.nix
  ./services/networking/radicale.nix
  ./services/networking/radvd.nix
  ./services/networking/rdnssd.nix
  ./services/networking/rpcbind.nix
  ./services/networking/sabnzbd.nix
  ./services/networking/searx.nix
  ./services/networking/spiped.nix
  ./services/networking/supybot.nix
  ./services/networking/syncthing.nix
  ./services/networking/ssh/lshd.nix
  ./services/networking/ssh/sshd.nix
  ./services/networking/supybot.nix
  ./services/networking/syncthing.nix
  ./services/networking/tcpcrypt.nix
  ./services/networking/teamspeak3.nix
  ./services/networking/tftpd.nix
  ./services/networking/unbound.nix
  ./services/networking/unifi.nix
  ./services/networking/vsftpd.nix
  ./services/networking/wakeonlan.nix
  ./services/networking/websockify.nix
  ./services/networking/wicd.nix
  ./services/networking/wpa_supplicant.nix
  ./services/networking/xinetd.nix
  ./services/networking/znc.nix
  ./services/printing/cupsd.nix
  ./services/scheduling/atd.nix
  ./services/scheduling/cron.nix
@ -233,11 +251,11 @@
  ./services/search/elasticsearch.nix
  ./services/search/solr.nix
  ./services/security/clamav.nix
  ./services/security/haveged.nix
  ./services/security/fprot.nix
  ./services/security/frandom.nix
-  ./services/security/tor.nix
+  ./services/security/haveged.nix
  ./services/security/torify.nix
  ./services/security/tor.nix
  ./services/security/torsocks.nix
  ./services/system/dbus.nix
  ./services/system/kerberos.nix
@ -245,13 +263,14 @@
  ./services/system/uptimed.nix
  ./services/torrent/deluge.nix
  ./services/torrent/transmission.nix
  ./services/ttys/gpm.nix
  ./services/ttys/agetty.nix
  ./services/ttys/gpm.nix
  ./services/ttys/kmscon.nix
  ./services/web-servers/apache-httpd/default.nix
  ./services/web-servers/fcgiwrap.nix
  ./services/web-servers/jboss/default.nix
  ./services/web-servers/lighttpd/default.nix
  ./services/web-servers/lighttpd/cgit.nix
  ./services/web-servers/lighttpd/default.nix
  ./services/web-servers/lighttpd/gitweb.nix
  ./services/web-servers/nginx/default.nix
  ./services/web-servers/phpfpm.nix
@ -262,26 +281,29 @@
  ./services/x11/desktop-managers/default.nix
  ./services/x11/display-managers/auto.nix
  ./services/x11/display-managers/default.nix
  ./services/x11/display-managers/gdm.nix
  ./services/x11/display-managers/kdm.nix
  ./services/x11/display-managers/slim.nix
  ./services/x11/display-managers/lightdm.nix
  ./services/x11/display-managers/slim.nix
  ./services/x11/hardware/multitouch.nix
  ./services/x11/hardware/synaptics.nix
  ./services/x11/hardware/wacom.nix
  ./services/x11/redshift.nix
  ./services/x11/window-managers/awesome.nix
  #./services/x11/window-managers/compiz.nix
  ./services/x11/window-managers/default.nix
  ./services/x11/window-managers/icewm.nix
  ./services/x11/window-managers/bspwm.nix
  ./services/x11/window-managers/metacity.nix
  ./services/x11/window-managers/none.nix
  ./services/x11/window-managers/twm.nix
  ./services/x11/window-managers/wmii.nix
  ./services/x11/window-managers/xmonad.nix
  ./services/x11/redshift.nix
  ./services/x11/xfs.nix
  ./services/x11/xserver.nix
  ./system/activation/activation-script.nix
  ./system/activation/top-level.nix
  ./system/boot/emergency-mode.nix
  ./system/boot/kernel.nix
  ./system/boot/kexec.nix
  ./system/boot/loader/efi.nix
@ -297,12 +319,16 @@
  ./system/boot/stage-1.nix
  ./system/boot/stage-2.nix
  ./system/boot/systemd.nix
  ./system/boot/tmp.nix
  ./system/etc/etc.nix
  ./system/upstart/upstart.nix
  ./tasks/cpu-freq.nix
  ./tasks/encrypted-devices.nix
  ./tasks/filesystems.nix
  ./tasks/filesystems/btrfs.nix
  ./tasks/filesystems/cifs.nix
  ./tasks/filesystems/ext.nix
  ./tasks/filesystems/f2fs.nix
  ./tasks/filesystems/nfs.nix
  ./tasks/filesystems/reiserfs.nix
  ./tasks/filesystems/unionfs-fuse.nix
@ -314,9 +340,11 @@
  ./tasks/network-interfaces.nix
  ./tasks/scsi-link-power-management.nix
  ./tasks/swraid.nix
  ./tasks/trackpoint.nix
  ./testing/service-runner.nix
  ./virtualisation/container-config.nix
  ./virtualisation/containers.nix
  ./virtualisation/docker.nix
  ./virtualisation/libvirtd.nix
  #./virtualisation/nova.nix
  ./virtualisation/virtualbox-guest.nix
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@ -7,7 +7,6 @@
  # Include some utilities that are useful for installing or repairing
  # the system.
  environment.systemPackages = [
    pkgs.subversion # for nixos-checkout
    pkgs.w3m # needed for the manual anyway
    pkgs.testdisk # useful for repairing boot problems
    pkgs.mssys # for writing Microsoft boot sectors / MBRs
@ -34,6 +33,7 @@
    pkgs.dosfstools
    pkgs.xfsprogs
    pkgs.jfsutils
    pkgs.f2fs-tools
    #pkgs.jfsrec # disabled because of Boost dependency
    # Some compression/archiver tools.
@ -50,6 +50,6 @@
  ];
  # Include support for various filesystems.
-  boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" ];
+  boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" "f2fs" ];
 }
--- a/nixos/modules/profiles/headless.nix
+++ b/nixos/modules/profiles/headless.nix
@ -12,6 +12,8 @@ with lib;
  # Don't start a tty on the serial consoles.
  systemd.services."serial-getty@ttyS0".enable = false;
  systemd.services."serial-getty@hvc0".enable = false;
  systemd.services."getty@tty1".enable = false;
  systemd.services."autovt@".enable = false;
  # Since we can't manually respond to a panic, just reboot.
  boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
--- a/nixos/modules/profiles/qemu-guest.nix
+++ b/nixos/modules/profiles/qemu-guest.nix
@ -5,7 +5,7 @@
 {
  boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "9p" "9pnet_virtio" ];
-  boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" ];
+  boot.initrd.kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ];
  boot.initrd.postDeviceCommands =
    ''
--- a/nixos/modules/programs/atop.nix
+++ b/nixos/modules/programs/atop.nix
@ -22,7 +22,7 @@ in
          interval = 5;
        };
        description = ''
-          Parameters to be written to <filename>/etc/atoprc</filename>
+          Parameters to be written to <filename>/etc/atoprc</filename>.
        '';
      };
--- a/nixos/modules/programs/bash/bash.nix
+++ b/nixos/modules/programs/bash/bash.nix
@ -40,6 +40,7 @@ in
    programs.bash = {
      /*
      enable = mkOption {
        default = true;
        description = ''
@ -52,6 +53,7 @@ in
        '';
        type = types.bool;
      };
      */
      shellAliases = mkOption {
        default = config.environment.shellAliases // { which = "type -P"; };
@ -114,7 +116,7 @@ in
  };
-  config = mkIf cfg.enable {
+  config = /* mkIf cfg.enable */ {
    programs.bash = {
--- a/nixos/modules/programs/blcr.nix
+++ b/nixos/modules/programs/blcr.nix
@ -1,7 +1,7 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 let
-  inherit (pkgs.lib) mkOption mkIf;
+  inherit (lib) mkOption mkIf;
  cfg = config.environment.blcr;
  blcrPkg = config.boot.kernelPackages.blcr;
 in
--- a/nixos/modules/programs/dconf.nix
+++ b/nixos/modules/programs/dconf.nix
@ -0,0 +1,34 @@
 { config, lib, ... }:
 let
  inherit (lib) mkOption mkIf types mapAttrsToList;
  cfg = config.programs.dconf;
  mkDconfProfile = name: path:
    { source = path; target = "dconf/profile/${name}"; };
 in
 {
  ###### interface
  options = {
    programs.dconf = {
      profiles = mkOption {
        type = types.attrsOf types.path;
        default = {};
        description = "Set of dconf profile files.";
        internal = true;
      };
    };
  };
  ###### implementation
  config = mkIf (cfg.profiles != {}) {
    environment.etc =
      (mapAttrsToList mkDconfProfile cfg.profiles);
  };
 }
--- a/nixos/modules/programs/environment.nix
+++ b/nixos/modules/programs/environment.nix
@ -19,13 +19,16 @@ in
    environment.variables =
      { LOCATE_PATH = "/var/cache/locatedb";
        NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
-        NIX_PATH =
+        PAGER = mkDefault "less -R";
        EDITOR = mkDefault "nano";
      };
    environment.sessionVariables =
      { NIX_PATH =
          [ "/nix/var/nix/profiles/per-user/root/channels/nixos"
            "nixpkgs=/etc/nixos/nixpkgs"
            "nixos-config=/etc/nixos/configuration.nix"
          ];
        PAGER = "less -R";
        EDITOR = "nano";
      };
    environment.profiles =
--- a/nixos/modules/programs/info.nix
+++ b/nixos/modules/programs/info.nix
@ -2,6 +2,8 @@
 let
  texinfo = pkgs.texinfoInteractive;
  # Quick hack to make the `info' command work properly.  `info' needs
  # a "dir" file containing all the installed Info files, which we
  # don't have (it would be impure to have a package installation
@ -22,15 +24,15 @@ let
      for i in $(IFS=:; echo $INFOPATH); do
          for j in $i/*.info; do
-              ${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir
+              ${texinfo}/bin/install-info --quiet $j $dir/dir
          done
      done
-      INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@"
+      INFOPATH=$dir:$INFOPATH ${texinfo}/bin/info "$@"
    ''; # */
 in
 {
-  environment.systemPackages = [ infoWrapper pkgs.texinfo ];
+  environment.systemPackages = [ infoWrapper texinfo ];
 }
--- a/nixos/modules/programs/screen.nix
+++ b/nixos/modules/programs/screen.nix
@ -1,7 +1,7 @@
-{ config, pkgs, ... }:
+{ config, lib, ... }:
 let
-  inherit (pkgs.lib) mkOption mkIf types;
+  inherit (lib) mkOption mkIf types;
  cfg = config.programs.screen;
 in
--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -10,12 +10,12 @@ let
    ''
      DEFAULT_HOME yes
-      SYS_UID_MIN  100
+      SYS_UID_MIN  400
      SYS_UID_MAX  499
      UID_MIN      1000
      UID_MAX      29999
-      SYS_GID_MIN  100
+      SYS_GID_MIN  400
      SYS_GID_MAX  499
      GID_MIN      1000
      GID_MAX      29999
@ -40,7 +40,7 @@ in
  options = {
-    users.defaultUserShell = pkgs.lib.mkOption {
+    users.defaultUserShell = lib.mkOption {
      description = ''
        This option defines the default shell assigned to user
        accounts.  This must not be a store path, since the path is
@ -48,6 +48,7 @@ in
        Rather, it should be the path of a symlink that points to the
        actual shell in the Nix store.
      '';
      example = "/run/current-system/sw/bin/zsh";
      type = types.path;
    };
@ -59,7 +60,7 @@ in
  config = {
    environment.systemPackages =
-      pkgs.lib.optional config.users.mutableUsers pkgs.shadow;
+      lib.optional config.users.mutableUsers pkgs.shadow;
    environment.etc =
      [ { # /etc/login.defs: global configuration for pwdutils.  You
--- a/nixos/modules/programs/virtualbox.nix
+++ b/nixos/modules/programs/virtualbox.nix
@ -14,6 +14,7 @@ let virtualbox = config.boot.kernelPackages.virtualbox; in
  services.udev.extraRules =
    ''
      KERNEL=="vboxdrv",    OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
      KERNEL=="vboxdrvu",   OWNER="root", GROUP="root",      MODE="0666", TAG+="systemd"
      KERNEL=="vboxnetctl", OWNER="root", GROUP="root",      MODE="0600", TAG+="systemd"
      SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
      SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
--- a/nixos/modules/programs/zsh/zsh.nix
+++ b/nixos/modules/programs/zsh/zsh.nix
@ -26,11 +26,6 @@ in
        default = false;
        description = ''
          Whenever to configure Zsh as an interactive shell.
          Note that this tries to make Zsh the default
          <option>users.defaultUserShell</option>,
          which in turn means that you might need to explicitly
          set this variable if you have another shell configured
          with NixOS.
        '';
        type = types.bool;
      };
@ -168,7 +163,7 @@ in
    environment.systemPackages = [ pkgs.zsh ];
-    users.defaultUserShell = mkDefault "/run/current-system/sw/bin/zsh";
+    #users.defaultUserShell = mkDefault "/run/current-system/sw/bin/zsh";
    environment.shells =
      [ "/run/current-system/sw/bin/zsh"
--- a/Show More
+++ b/Show More
`@ -6,4 +6,4 @@ let nodes = import networkExpr; in`

	`with import ../../../../lib/testing.nix { inherit system; };`	`with import ../../../../lib/testing.nix { inherit system; };`

	`(complete { inherit nodes; testScript = ""; }).driver`	`(makeTest { inherit nodes; testScript = ""; }).driver`