Merge branch 'master' into gcc-7

2017-09-25 12:37:31 +02:00 · 2017-09-25 12:37:31 +02:00 · e8bd4102c6
commit e8bd4102c6
parent 38abff8678 a8c97ad23e
5008 changed files with 102396 additions and 69296 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@ -0,0 +1,52 @@
 # CODEOWNERS file
 #
 # This file is used to describe who owns what in this repository. This file does not
 # replace `meta.maintainers` but is instead used for other things than derivations
 # and modules, like documentation, package sets, and other assets.
 #
 # For documentation on this file, see https://help.github.com/articles/about-codeowners/
 # Mentioned users will get code review requests.
 # This file
 .github/CODEOWNERS @edolstra
 # Boostraping and core infra
 pkgs/stdenv/    @edolstra
 pkgs/build-support/cc-wrapper/  @edolstra
 # Libraries
 lib/  @edolstra
 # Python-related code and docs
 pkgs/top-level/python-packages.nix      @FRidh
 pkgs/development/interpreters/python/*  @FRidh
 pkgs/development/python-modules/*       @FRidh
 doc/languages-frameworks/python.md      @FRidh
 # Haskell
 pkgs/development/compilers/ghc                       @peti
 pkgs/development/haskell-modules                     @peti
 pkgs/development/haskell-modules/default.nix         @peti
 pkgs/development/haskell-modules/generic-builder.nix @peti
 pkgs/development/haskell-modules/hoogle.nix          @peti
 # R
 pkgs/applications/science/math/R @peti
 pkgs/development/r-modules       @peti
 # Darwin-related
 pkgs/stdenv/darwin/*    @copumpkin @LnL7
 pkgs/os-specific/darwin/*       @LnL7
 pkgs/os-specific/darwin/apple-source-releases/* @copumpkin
 # Beam-related (Erlang, Elixir, LFE, etc)
 pkgs/development/beam-modules/*	@gleber
 pkgs/development/interpreters/erlang/*	@gleber
 pkgs/development/interpreters/lfe/*	@gleber
 pkgs/development/interpreters/elixir/*	@gleber
 pkgs/development/tools/build-managers/rebar/*	@gleber
 pkgs/development/tools/build-managers/rebar3/*	@gleber
 pkgs/development/tools/erlang/*	@gleber
 # Jetbrains
 pkgs/applications/editors/jetbrains @edwtjo
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@ -23,7 +23,7 @@ under the terms of [COPYING](../COPYING), which is an MIT-like license.
  Examples:
  * nginx: init at 2.0.1
-  * firefox: 3.0 -> 3.1.1
+  * firefox: 54.0.1 -> 55.0
  * nixos/hydra: add bazBaz option
    Dual baz behavior is needed to do foo.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -3,12 +3,9 @@
 ###### Things done
-Please check what applies. Note that these are not hard requirements but mereley serve as information for reviewers.
+<!-- Please check what applies. Note that these are not hard requirements but merely serve as information for reviewers. -->
- [ ] Tested using sandboxing
+- [ ] Tested using sandboxing ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS, or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file) on non-NixOS)
  ([nix.useSandbox](http://nixos.org/nixos/manual/options.html#opt-nix.useSandbox) on NixOS,
    or option `build-use-sandbox` in [`nix.conf`](http://nixos.org/nix/manual/#sec-conf-file)
    on non-NixOS)
 - Built on platform(s)
   - [ ] NixOS
   - [ ] macOS
--- a/.mention-bot
+++ b/.mention-bot
@ -1,14 +0,0 @@
 {
  "userBlacklist": [
    "civodul",
    "jhasse",
    "shlevy",
    "bbenoist"
  ],
  "alwaysNotifyForPaths": [
    { "name": "FRidh", "files": ["pkgs/top-level/python-packages.nix", "pkgs/development/interpreters/python/*", "pkgs/development/python-modules/*" ] },
    { "name": "LnL7", "files": ["pkgs/stdenv/darwin/*", "pkgs/os-specific/darwin/*"] },
    { "name": "copumpkin", "files": ["pkgs/stdenv/darwin/*", "pkgs/os-specific/darwin/apple-source-releases/*"] }
  ],
  "fileBlacklist": ["pkgs/top-level/all-packages.nix"]
 }
--- a/.travis.yml
+++ b/.travis.yml
@ -12,15 +12,21 @@ matrix:
          script:
              - ./maintainers/scripts/travis-nox-review-pr.sh nixpkgs-verify nixpkgs-manual nixpkgs-tarball nixpkgs-unstable
              - ./maintainers/scripts/travis-nox-review-pr.sh nixos-options nixos-manual
          env:
            - BUILD_TYPE="Test Nixpkgs evaluation & NixOS manual build"
        - os: linux
          sudo: required
          dist: trusty
          before_script:
              - sudo mount -o remount,exec,size=2G,mode=755 /run/user
          script: ./maintainers/scripts/travis-nox-review-pr.sh nox pr
          env:
            - BUILD_TYPE="Build affected packages (Linux)"
        - os: osx
          osx_image: xcode7.3
          script: ./maintainers/scripts/travis-nox-review-pr.sh nox pr
          env:
            - BUILD_TYPE="Build affected packages (macOS)"
 env:
    global:
        - GITHUB_TOKEN=5edaaf1017f691ed34e7f80878f8f5fbd071603f
--- a/.version
+++ b/.version
@ -1 +1 @@
-17.09
+18.03
--- a/doc/coding-conventions.xml
+++ b/doc/coding-conventions.xml
@ -254,7 +254,7 @@ bound to the variable name <varname>e2fsprogs</varname> in
  dash) — e.g., <literal>"hello-0.3.1rc2"</literal>.</para></listitem>
  <listitem><para>If a package is not a release but a commit from a repository, then
-  the version part of the name <emphasis>must</emphasis> be the date of that 
+  the version part of the name <emphasis>must</emphasis> be the date of that
  (fetched) commit. The date must be in <literal>"YYYY-MM-DD"</literal> format.
  Also append <literal>"unstable"</literal> to the name - e.g.,
  <literal>"pkgname-unstable-2014-09-23"</literal>.</para></listitem>
@ -365,7 +365,7 @@ splitting up an existing category.</para>
  <varlistentry>
    <term>If it’s a (set of) <emphasis>tool(s)</emphasis>:</term>
    <listitem>
-      <para>(A tool is a relatively small program, especially one intented
+      <para>(A tool is a relatively small program, especially one intended
      to be used non-interactively.)</para>
      <variablelist>
        <varlistentry>
@ -456,7 +456,7 @@ splitting up an existing category.</para>
  <varlistentry>
    <term>If it’s a <emphasis>window manager</emphasis>:</term>
    <listitem>
-      <para><filename>applications/window-managers</filename> (e.g. <filename>awesome</filename>, <filename>compiz</filename>, <filename>stumpwm</filename>)</para>
+      <para><filename>applications/window-managers</filename> (e.g. <filename>awesome</filename>, <filename>stumpwm</filename>)</para>
    </listitem>
  </varlistentry>
  <varlistentry>
@ -608,7 +608,7 @@ evaluate correctly.</para>
 </section>
 <section xml:id="sec-sources"><title>Fetching Sources</title>
  <para>There are multiple ways to fetch a package source in nixpkgs. The
-    general guidline is that you should package sources with a high degree of
+    general guideline is that you should package sources with a high degree of
    availability. Right now there is only one fetcher which has mirroring
    support and that is <literal>fetchurl</literal>. Note that you should also
    prefer protocols which have a corresponding proxy environment variable.
@ -661,9 +661,9 @@ src = fetchFromGitHub {
 </section>
 <section xml:id="sec-patches"><title>Patches</title>
-  <para>Only patches that are unique to <literal>nixpkgs</literal> should be 
+  <para>Only patches that are unique to <literal>nixpkgs</literal> should be
    included in <literal>nixpkgs</literal> source.</para>
-  <para>Patches available online should be retrieved using 
+  <para>Patches available online should be retrieved using
    <literal>fetchpatch</literal>.</para>
  <para>
 <programlisting>
--- a/doc/functions.xml
+++ b/doc/functions.xml
@ -358,8 +358,8 @@
 <para>
  <varname>pkgs.dockerTools</varname> is a set of functions for creating and
  manipulating Docker images according to the
-  <link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#docker-image-specification-v100">
+  <link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#docker-image-specification-v120">
-  Docker Image Specification v1.0.0
+  Docker Image Specification v1.2.0
  </link>. Docker itself is not used to perform any of the operations done by these
  functions.
 </para>
@ -493,8 +493,8 @@
    <varname>config</varname> is used to specify the configuration of the
    containers that will be started off the built image in Docker.
    The available options are listed in the
-    <link xlink:href="https://github.com/docker/docker/blob/master/image/spec/v1.md#container-runconfig-field-descriptions">
+    <link xlink:href="https://github.com/moby/moby/blob/master/image/spec/v1.2.md#image-json-field-descriptions">
-      Docker Image Specification v1.0.0
+      Docker Image Specification v1.2.0
    </link>.
    </para>
  </callout>
--- a/doc/languages-frameworks/haskell.md
+++ b/doc/languages-frameworks/haskell.md
@ -698,33 +698,6 @@ rm /nix/var/nix/manifests/*
 rm /nix/var/nix/channel-cache/*
 ```
 ### How to use the Haste Haskell-to-Javascript transpiler
 Open a shell with `haste-compiler` and `haste-cabal-install` (you don't actually need
 `node`, but it can be useful to test stuff):
 ```shell
 nix-shell \
  -p "haskellPackages.ghcWithPackages (self: with self; [haste-cabal-install haste-compiler])" \
  -p nodejs
 ```
 You may not need the following step but if `haste-boot` fails to compile all the
 packages it needs, this might do the trick
 ```shell
 haste-cabal update
 ```
 `haste-boot` builds a set of core libraries so that they can be used from Javascript
 transpiled programs:
 ```shell
 haste-boot
 ```
 Transpile and run a "Hello world" program:
 ```
 $ echo 'module Main where main = putStrLn "Hello world"' > hello-world.hs
 $ hastec --onexec hello-world.hs
 $ node hello-world.js
 Hello world
 ```
 ### Builds on Darwin fail with `math.h` not found
 Users of GHC on Darwin have occasionally reported that builds fail, because the
@ -854,7 +827,7 @@ the work to be licensed" under the terms of the LGPL (including for free).
 The LGPL licensing for GMP is a problem for the overall licensing of binary
 programs compiled with GHC because most distributions (and builds) of GHC use
-static libraries. (Dynamic libraries are currently distributed only for OS X.)
+static libraries. (Dynamic libraries are currently distributed only for macOS.)
 The LGPL licensing situation may be worse: even though
 [The Glasgow Haskell Compiler License](https://www.haskell.org/ghc/license)
 is essentially a "free software" license (BSD3), according to
@ -894,6 +867,67 @@ use the following to get the `scientific` package build with `integer-simple`:
 nix-build -A haskell.packages.integer-simple.ghc802.scientific
 ```
 ### Quality assurance
 The `haskell.lib` library includes a number of functions for checking for
 various imperfections in Haskell packages. It's useful to apply these functions
 to your own Haskell packages and integrate that in a Continuous Integration
 server like [hydra](https://nixos.org/hydra/) to assure your packages maintain a
 minimum level of quality. This section discusses some of these functions.
 #### failOnAllWarnings
 Applying `haskell.lib.failOnAllWarnings` to a Haskell package enables the
 `-Wall` and `-Werror` GHC options to turn all warnings into build failures.
 #### buildStrictly
 Applying `haskell.lib.buildStrictly` to a Haskell package calls
 `failOnAllWarnings` on the given package to turn all warnings into build
 failures. Additionally the source of your package is gotten from first invoking
 `cabal sdist` to ensure all needed files are listed in the Cabal file.
 #### checkUnusedPackages
 Applying `haskell.lib.checkUnusedPackages` to a Haskell package invokes
 the [packunused](http://hackage.haskell.org/package/packunused) tool on the
 package. `packunused` complains when it finds packages listed as build-depends
 in the Cabal file which are redundant. For example:
 ```
 $ nix-build -E 'let pkgs = import <nixpkgs> {}; in pkgs.haskell.lib.checkUnusedPackages {} pkgs.haskellPackages.scientific'
 these derivations will be built:
  /nix/store/3lc51cxj2j57y3zfpq5i69qbzjpvyci1-scientific-0.3.5.1.drv
 ...
 detected package components
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 - library
 - testsuite(s): test-scientific
 - benchmark(s): bench-scientific*
 (component names suffixed with '*' are not configured to be built)
 library
 ~~~~~~~
 The following package dependencies seem redundant:
 - ghc-prim-0.5.0.0
 testsuite(test-scientific)
 ~~~~~~~~~~~~~~~~~~~~~~~~~~
 no redundant packages dependencies found
 builder for ‘/nix/store/3lc51cxj2j57y3zfpq5i69qbzjpvyci1-scientific-0.3.5.1.drv’ failed with exit code 1
 error: build of ‘/nix/store/3lc51cxj2j57y3zfpq5i69qbzjpvyci1-scientific-0.3.5.1.drv’ failed
 ```
 As you can see, `packunused` finds out that although the testsuite component has
 no redundant dependencies the library component of `scientific-0.3.5.1` depends
 on `ghc-prim` which is unused in the library.
 ## Other resources
  - The Youtube video [Nix Loves Haskell](https://www.youtube.com/watch?v=BsBhi_r-OeE)
--- a/doc/languages-frameworks/python.md
+++ b/doc/languages-frameworks/python.md
@ -2,115 +2,204 @@
 ## User Guide
 Several versions of Python are available on Nix as well as a high amount of
 packages. The default interpreter is CPython 2.7.
 ### Using Python
 #### Overview
 Several versions of the Python interpreter are available on Nix, as well as a
 high amount of packages. The attribute `python` refers to the default
 interpreter, which is currently CPython 2.7. It is also possible to refer to
 specific versions, e.g. `python35` refers to CPython 3.5, and `pypy` refers to
 the default PyPy interpreter.
 Python is used a lot, and in different ways. This affects also how it is
 packaged. In the case of Python on Nix, an important distinction is made between
 whether the package is considered primarily an application, or whether it should
 be used as a library, i.e., of primary interest are the modules in
 `site-packages` that should be importable.
 In the Nixpkgs tree Python applications can be found throughout, depending on
 what they do, and are called from the main package set. Python libraries,
 however, are in separate sets, with one set per interpreter version.
 The interpreters have several common attributes. One of these attributes is
 `pkgs`, which is a package set of Python libraries for this specific
 interpreter. E.g., the `toolz` package corresponding to the default interpreter
 is `python.pkgs.toolz`, and the CPython 3.5 version is `python35.pkgs.toolz`.
 The main package set contains aliases to these package sets, e.g.
 `pythonPackages` refers to `python.pkgs` and `python35Packages` to
 `python35.pkgs`.
 #### Installing Python and packages
-It is important to make a distinction between Python packages that are
+The Nix and NixOS manuals explain how packages are generally installed. In the
-used as libraries, and applications that are written in Python.
+case of Python and Nix, it is important to make a distinction between whether the
 package is considered an application or a library.
-Applications on Nix are installed typically into your user
+Applications on Nix are typically installed into your user
 profile imperatively using `nix-env -i`, and on NixOS declaratively by adding the
 package name to `environment.systemPackages` in `/etc/nixos/configuration.nix`.
 Dependencies such as libraries are automatically installed and should not be
 installed explicitly.
 The same goes for Python applications and libraries. Python applications can be
-installed in your profile, but Python libraries you would like to use to develop
+installed in your profile. But Python libraries you would like to use for
-cannot. If you do install libraries in your profile, then you will end up with
+development cannot be installed, at least not individually, because they won't
-import errors.
+be able to find each other resulting in import errors. Instead, it is possible
 to create an environment with `python.buildEnv` or `python.withPackages` where
 the interpreter and other executables are able to find each other and all of the
 modules.
-#### Python environments using `nix-shell`
+In the following examples we create an environment with Python 3.5, `numpy` and
 `toolz`. As you may imagine, there is one limitation here, and that's that
 you can install only one environment at a time. You will notice the complaints
 about collisions when you try to install a second environment.
-The recommended method for creating Python environments for development is with
+##### Environment defined in separate `.nix` file
 `nix-shell`. Executing
-```sh
+Create a file, e.g. `build.nix`, with the following expression
-$ nix-shell -p python35Packages.numpy python35Packages.toolz
+```nix
 with import <nixpkgs> {};
 python35.withPackages (ps: with ps; [ numpy toolz ])
 ```
 and install it in your profile with
 ```shell
 nix-env -if build.nix
 ```
 Now you can use the Python interpreter, as well as the extra packages (`numpy`,
 `toolz`) that you added to the environment.
 ##### Environment defined in `~/.config/nixpkgs/config.nix`
 If you prefer to, you could also add the environment as a package override to the Nixpkgs set, e.g.
 using `config.nix`,
 ```nix
 { # ...
  packageOverrides = pkgs: with pkgs; {
    myEnv = python35.withPackages (ps: with ps; [ numpy toolz ]);
  };
 }
 ```
 and install it in your profile with
 ```shell
 nix-env -iA nixpkgs.myEnv
 ```
 The environment is is installed by referring to the attribute, and considering
 the `nixpkgs` channel was used.
 ##### Environment defined in `/etc/nixos/configuration.nix`
 For the sake of completeness, here's another example how to install the environment system-wide.
 ```nix
 { # ...
  environment.systemPackages = with pkgs; [
    (python35.withPackages(ps: with ps; [ numpy toolz ]))
  ];
 }
 ```
-opens a Nix shell which has available the requested packages and dependencies.
+#### Temporary Python environment with `nix-shell`
 Now you can launch the Python interpreter (which is itself a dependency)
 The examples in the previous section showed how to install a Python environment
 into a profile. For development you may need to use multiple environments.
 `nix-shell` gives the possibility to temporarily load another environment, akin
 to `virtualenv`.
 There are two methods for loading a shell with Python packages. The first and recommended method
 is to create an environment with `python.buildEnv` or `python.withPackages` and load that. E.g.
 ```sh
 $ nix-shell -p 'python35.withPackages(ps: with ps; [ numpy toolz ])'
 ```
 opens a shell from which you can launch the interpreter
 ```sh
 [nix-shell:~] python3
 ```
 The other method, which is not recommended, does not create an environment and requires you to list the packages directly,
-If the packages were not available yet in the Nix store, Nix would download or
+```sh
-build them automatically. A convenient option with `nix-shell` is the `--run`
+$ nix-shell -p python35.pkgs.numpy python35.pkgs.toolz
-option, with which you can execute a command in the `nix-shell`. Let's say we
+```
-want the above environment and directly run the Python interpreter
+Again, it is possible to launch the interpreter from the shell.
 The Python interpreter has the attribute `pkgs` which contains all Python libraries for that specific interpreter.
 ##### Load environment from `.nix` expression
 As explained in the Nix manual, `nix-shell` can also load an
 expression from a `.nix` file. Say we want to have Python 3.5, `numpy`
 and `toolz`, like before, in an environment. Consider a `shell.nix` file
 with
 ```nix
 with import <nixpkgs> {};
 python35.withPackages (ps: [ps.numpy ps.toolz])
 ```
 Executing `nix-shell` gives you again a Nix shell from which you can run Python.
 What's happening here?
 1. We begin with importing the Nix Packages collections. `import <nixpkgs>` imports the `<nixpkgs>` function, `{}` calls it and the `with` statement brings all attributes of `nixpkgs` in the local scope. These attributes form the main package set.
 2. Then we create a Python 3.5 environment with the `withPackages` function.
 3. The `withPackages` function expects us to provide a function as an argument that takes the set of all python packages and returns a list of packages to include in the environment. Here, we select the packages `numpy` and `toolz` from the package set.
 ##### Execute command with `--run`
 A convenient option with `nix-shell` is the `--run`
 option, with which you can execute a command in the `nix-shell`. We can
 e.g. directly open a Python shell
 ```sh
 $ nix-shell -p python35Packages.numpy python35Packages.toolz --run "python3"
 ```
-
+or run a script
 This way you can use the `--run` option also to directly run a script
 ```sh
 $ nix-shell -p python35Packages.numpy python35Packages.toolz --run "python3 myscript.py"
 ```
-In fact, for this specific use case there is a more convenient method. You can
+##### `nix-shell` as shebang
 In fact, for the second use case, there is a more convenient method. You can
 add a [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) to your script
-specifying which dependencies Nix shell needs. With the following shebang, you
+specifying which dependencies `nix-shell` needs. With the following shebang, you
-can use `nix-shell myscript.py` and it will make available all dependencies and
+can just execute `./myscript.py`, and it will make available all dependencies and
 run the script in the `python3` shell.
 ```py
 #! /usr/bin/env nix-shell
-#! nix-shell -i python3 -p python3Packages.numpy
+#! nix-shell -i 'python3.withPackages(ps: [ps.numpy])'
 import numpy
 print(numpy.__version__)
 ```
 Likely you do not want to type your dependencies each and every time. What you
 can do is write a simple Nix expression which sets up an environment for you,
 requiring you only to type `nix-shell`. Say we want to have Python 3.5, `numpy`
 and `toolz`, like before, in an environment. With a `shell.nix` file
 containing
 ```nix
 with import <nixpkgs> {};
 (pkgs.python35.withPackages (ps: [ps.numpy ps.toolz])).env
 ```
 executing `nix-shell` gives you again a Nix shell from which you can run Python.
 What's happening here?
 1. We begin with importing the Nix Packages collections. `import <nixpkgs>` import the `<nixpkgs>` function, `{}` calls it and the `with` statement brings all attributes of `nixpkgs` in the local scope. Therefore we can now use `pkgs`.
 2. Then we create a Python 3.5 environment with the `withPackages` function.
 3. The `withPackages` function expects us to provide a function as an argument that takes the set of all python packages and returns a list of packages to include in the environment. Here, we select the packages `numpy` and `toolz` from the package set.
 4. And finally, for in interactive use we return the environment by using the `env` attribute.
 ### Developing with Python
 Now that you know how to get a working Python environment with Nix, it is time
 to go forward and start actually developing with Python. We will first have a
 look at how Python packages are packaged on Nix. Then, we will look at how you
 can use development mode with your code.
-Now that you know how to get a working Python environment on Nix, it is time to go forward and start actually developing with Python.
+#### Packaging a library
 We will first have a look at how Python packages are packaged on Nix. Then, we will look how you can use development mode with your code.
-#### Python packaging on Nix
+With Nix all packages are built by functions. The main function in Nix for
-
+building Python libraries is `buildPythonPackage`. Let's see how we can build the
-On Nix all packages are built by functions. The main function in Nix for building Python packages is [`buildPythonPackage`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/interpreters/python/build-python-package.nix).
+`toolz` package.
 Let's see how we would build the `toolz` package. According to [`python-packages.nix`](https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/python-packages.nix) `toolz` is build using
 ```nix
 { # ...
  toolz = buildPythonPackage rec {
-    name = "toolz-${version}";
+    pname = "toolz";
    version = "0.7.4";
    name = "${pname}-${version}";
-    src = pkgs.fetchurl {
+    src = fetchPypi {
-      url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
+      inherit pname version;
      sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
    };
    doCheck = false;
    meta = {
      homepage = "http://github.com/pytoolz/toolz/";
      description = "List processing tools and functional utilities";
@ -122,63 +211,37 @@ Let's see how we would build the `toolz` package. According to [`python-packages
 ```
 What happens here? The function `buildPythonPackage` is called and as argument
-it accepts a set. In this case the set is a recursive set ([`rec`](http://nixos.org/nix/manual/#sec-constructs)).
+it accepts a set. In this case the set is a recursive set, `rec`. One of the
-One of the arguments is the name of the package, which consists of a basename
+arguments is the name of the package, which consists of a basename (generally
-(generally following the name on PyPi) and a version. Another argument, `src`
+following the name on PyPi) and a version. Another argument, `src` specifies the
-specifies the source, which in this case is fetched from an url. `fetchurl` not
+source, which in this case is fetched from PyPI using the helper function
-only downloads the target file, but also validates its hash. Furthermore, we
+`fetchPypi`. The argument `doCheck` is used to set whether tests should be run
-specify some (optional) [meta information](http://nixos.org/nixpkgs/manual/#chap-meta).
+when building the package. Furthermore, we specify some (optional) meta
-
+information. The output of the function is a derivation.
 The output of the function is a derivation, which is an attribute with the name
 `toolz` of the set `pythonPackages`. Actually, sets are created for all interpreter versions,
 so e.g. `python27Packages`, `python35Packages` and `pypyPackages`.
 An expression for `toolz` can be found in the Nixpkgs repository. As explained
 in the introduction of this Python section, a derivation of `toolz` is available
 for each interpreter version, e.g. `python35.pkgs.toolz` refers to the `toolz`
 derivation corresponding to the CPython 3.5 interpreter.
 The above example works when you're directly working on
 `pkgs/top-level/python-packages.nix` in the Nixpkgs repository. Often though,
-you will want to test a Nix expression outside of the Nixpkgs tree. If you
+you will want to test a Nix expression outside of the Nixpkgs tree.
 create a `shell.nix` file with the following contents
-```nix
+The following expression creates a derivation for the `toolz` package,
-with import <nixpkgs> {};
+and adds it along with a `numpy` package to a Python environment.
 pkgs.python35Packages.buildPythonPackage rec {
  name = "toolz-${version}";
  version = "0.8.0";
  src = pkgs.fetchurl {
    url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
    sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
  };
  doCheck = false;
  meta = {
    homepage = "http://github.com/pytoolz/toolz/";
    description = "List processing tools and functional utilities";
    license = licenses.bsd3;
    maintainers = with maintainers; [ fridh ];
  };
 }
 ```
 and then execute `nix-shell` will result in an environment in which you can use
 Python 3.5 and the `toolz` package. As you can see we had to explicitly mention
 for which Python version we want to build a package.
 The above example considered only a single package. Generally you will want to use multiple packages.
 If we create a `shell.nix` file with the following contents
 ```nix
 with import <nixpkgs> {};
 ( let
-    toolz = pkgs.python35Packages.buildPythonPackage rec {
+    my_toolz = python35.pkgs.buildPythonPackage rec {
-      name = "toolz-${version}";
+      pname = "toolz";
-      version = "0.8.0";
+      version = "0.7.4";
      name = "${pname}-${version}";
-      src = pkgs.fetchurl {
+      src = python35.pkgs.fetchPypi {
-        url = "mirror://pypi/t/toolz/toolz-${version}.tar.gz";
+        inherit pname version;
-        sha256 = "e8451af61face57b7c5d09e71c0d27b8005f001ead56e9fdf470417e5cc6d479";
+        sha256 = "43c2c9e5e7a16b6c88ba3088a9bfc82f7db8e13378be7c78d6c14a5f8ed05afd";
      };
      doCheck = false;
@ -189,24 +252,24 @@ with import <nixpkgs> {};
      };
    };
-  in pkgs.python35.withPackages (ps: [ps.numpy toolz])
+  in python35.withPackages (ps: [ps.numpy my_toolz])
 ).env
 ```
 Executing `nix-shell` will result in an environment in which you can use
 Python 3.5 and the `toolz` package. As you can see we had to explicitly mention
 for which Python version we want to build a package.
-and again execute `nix-shell`, then we get a Python 3.5 environment with our
+So, what did we do here? Well, we took the Nix expression that we used earlier
-locally defined package as well as `numpy` which is build according to the
+to build a Python environment, and said that we wanted to include our own
-definition in Nixpkgs. What did we do here? Well, we took the Nix expression
+version of `toolz`, named `my_toolz`. To introduce our own package in the scope
-that we used earlier to build a Python environment, and said that we wanted to
+of `withPackages` we used a `let` expression. You can see that we used
-include our own version of `toolz`. To introduce our own package in the scope of
+`ps.numpy` to select numpy from the nixpkgs package set (`ps`). We did not take
-`withPackages` we used a
+`toolz` from the Nixpkgs package set this time, but instead took our own version
-[`let`](http://nixos.org/nix/manual/#sec-constructs) expression.
+that we introduced with the `let` expression.
 You can see that we used `ps.numpy` to select numpy from the nixpkgs package set (`ps`).
 But we do not take `toolz` from the nixpkgs package set this time.
 Instead, `toolz` will resolve to our local definition that we introduced with `let`.
-### Handling dependencies
+#### Handling dependencies
-Our example, `toolz`, doesn't have any dependencies on other Python
+Our example, `toolz`, does not have any dependencies on other Python
 packages or system libraries. According to the manual,  `buildPythonPackage`
 uses the arguments `buildInputs` and `propagatedBuildInputs` to specify dependencies. If something is
 exclusively a build-time dependency, then the dependency should be included as a
@ -340,7 +403,7 @@ other packages we like to have in the environment, all specified with `propagate
 Indeed, we can just add any package we like to have in our environment to `propagatedBuildInputs`.
 ```nix
-with import <nixpkgs>;
+with import <nixpkgs> {};
 with pkgs.python35Packages;
 buildPythonPackage rec {
@ -423,7 +486,7 @@ and in this case the `python35` interpreter is automatically used.
 ### Interpreters
 Versions 2.7, 3.3, 3.4, 3.5 and 3.6 of the CPython interpreter are available as
-respectively `python27`, `python33`, `python34`, `python35` and `python36`. The PyPy interpreter
+respectively `python27`, `python34`, `python35` and `python36`. The PyPy interpreter
 is available as `pypy`. The aliases `python2` and `python3` correspond to respectively `python27` and
 `python35`. The default interpreter, `python`, maps to `python2`.
 The Nix expressions for the interpreters can be found in
@ -469,7 +532,6 @@ sets are
 * `pkgs.python26Packages`
 * `pkgs.python27Packages`
 * `pkgs.python33Packages`
 * `pkgs.python34Packages`
 * `pkgs.python35Packages`
 * `pkgs.python36Packages`
@ -528,7 +590,7 @@ By default tests are run because `doCheck = true`. Test dependencies, like
 e.g. the test runner, should be added to `buildInputs`.
 By default `meta.platforms` is set to the same value
-as the interpreter unless overriden otherwise.
+as the interpreter unless overridden otherwise.
 ##### `buildPythonPackage` parameters
@ -546,6 +608,35 @@ All parameters from `mkDerivation` function are still supported.
 * `catchConflicts` If `true`, abort package build if a package name appears more than once in dependency tree. Default is `true`.
 * `checkInputs` Dependencies needed for running the `checkPhase`. These are added to `buildInputs` when `doCheck = true`.
 ##### Overriding Python packages
 The `buildPythonPackage` function has a `overridePythonAttrs` method that
 can be used to override the package. In the following example we create an
 environment where we have the `blaze` package using an older version of `pandas`.
 We override first the Python interpreter and pass
 `packageOverrides` which contains the overrides for packages in the package set.
 ```nix
 with import <nixpkgs> {};
 (let
  python = let
    packageOverrides = self: super: {
      pandas = super.pandas.overridePythonAttrs(old: rec {
        version = "0.19.1";
        name = "pandas-${version}";
        src =  super.fetchPypi {
          pname = "pandas";
          inherit version;
          sha256 = "08blshqj9zj1wyjhhw3kl2vas75vhhicvv72flvf1z3jvapgw295";
        };
      });
    };
  in pkgs.python3.override {inherit packageOverrides;};
 in python.withPackages(ps: [ps.blaze])).env
 ```
 #### `buildPythonApplication` function
 The `buildPythonApplication` function is practically the same as `buildPythonPackage`.
@ -622,7 +713,7 @@ attribute. The `shell.nix` file from the previous section can thus be also writt
 ```nix
 with import <nixpkgs> {};
-(python33.withPackages (ps: [ps.numpy ps.requests])).env
+(python36.withPackages (ps: [ps.numpy ps.requests])).env
 ```
 In contrast to `python.buildEnv`, `python.withPackages` does not support the more advanced options
@ -683,65 +774,23 @@ The `buildPythonPackage` function sets `DETERMINISTIC_BUILD=1` and
 Both are also exported in `nix-shell`.
 ### Automatic tests
 It is recommended to test packages as part of the build process.
 Source distributions (`sdist`) often include test files, but not always.
 By default the command `python setup.py test` is run as part of the
 `checkPhase`, but often it is necessary to pass a custom `checkPhase`. An
 example of such a situation is when `py.test` is used.
 #### Common issues
 - Non-working tests can often be deselected. In the case of `py.test`: `py.test -k 'not function_name and not other_function'`.
 - Unicode issues can typically be fixed by including `glibcLocales` in `buildInputs` and exporting `LC_ALL=en_US.utf-8`.
 - Tests that attempt to access `$HOME` can be fixed by using the following work-around before running tests (e.g. `preCheck`): `export HOME=$(mktemp -d)`
 ## FAQ
 ### How can I install a working Python environment?
 As explained in the user's guide installing individual Python packages
 imperatively with `nix-env -i` or declaratively in `environment.systemPackages`
 is not supported. However, it is possible to install a Python environment with packages (`python.buildEnv`).
 In the following examples we create an environment with Python 3.5, `numpy` and `ipython`.
 As you might imagine there is one limitation here, and that's you can install
 only one environment at a time. You will notice the complaints about collisions
 when you try to install a second environment.
 #### Environment defined in separate `.nix` file
 Create a file, e.g. `build.nix`, with the following expression
 ```nix
 with import <nixpkgs> {};
 pkgs.python35.withPackages (ps: with ps; [ numpy ipython ])
 ```
 and install it in your profile with
 ```shell
 nix-env -if build.nix
 ```
 Now you can use the Python interpreter, as well as the extra packages that you added to the environment.
 #### Environment defined in `~/.config/nixpkgs/config.nix`
 If you prefer to, you could also add the environment as a package override to the Nixpkgs set.
 ```nix
 { # ...
  packageOverrides = pkgs: with pkgs; {
    myEnv = python35.withPackages (ps: with ps; [ numpy ipython ]);
  };
 }
 ```
 and install it in your profile with
 ```shell
 nix-env -iA nixpkgs.myEnv
 ```
 We're installing using the attribute path and assume the channels is named `nixpkgs`.
 Note that I'm using the attribute path here.
 #### Environment defined in `/etc/nixos/configuration.nix`
 For the sake of completeness, here's another example how to install the environment system-wide.
 ```nix
 { # ...
  environment.systemPackages = with pkgs; [
    (python35.withPackages(ps: with ps; [ numpy ipython ]))
  ];
 }
 ```
 ### How to solve circular dependencies?
 Consider the packages `A` and `B` that depend on each other. When packaging `B`,
@ -755,17 +804,17 @@ In the following example we rename the `pandas` package and build it.
 ```nix
 with import <nixpkgs> {};
-let
+(let
  python = let
    packageOverrides = self: super: {
-      pandas = super.pandas.override {name="foo";};
+      pandas = super.pandas.overridePythonAttrs(old: {name="foo";});
    };
  in pkgs.python35.override {inherit packageOverrides;};
-in python.pkgs.pandas
+in python.withPackages(ps: [ps.pandas])).env
 ```
-Using `nix-build` on this expression will build the package `pandas`
+Using `nix-build` on this expression will build an environment that contains the
-but with the new name `foo`.
+package `pandas` but with the new name `foo`.
 All packages in the package set will use the renamed package.
 A typical use case is to switch to another version of a certain package.
@ -951,8 +1000,9 @@ rec {
 Following rules are desired to be respected:
-* Python libraries are supposed to be called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
+* Python libraries are called from `python-packages.nix` and packaged with `buildPythonPackage`. The expression of a library should be in `pkgs/development/python-modules/<name>/default.nix`. Libraries in `pkgs/top-level/python-packages.nix` are sorted quasi-alphabetically to avoid merge conflicts.
 * Python applications live outside of `python-packages.nix` and are packaged with `buildPythonApplication`.
 * Make sure libraries build for all Python interpreters.
 * By default we enable tests. Make sure the tests are found and, in the case of libraries, are passing for all interpreters. If certain tests fail they can be disabled individually. Try to avoid disabling the tests altogether. In any case, when you disable tests, leave a comment explaining why.
-* Commit names of Python libraries should include `pythonPackages`, for example `pythonPackages.numpy: 1.11 -> 1.12`.
+* Commit names of Python libraries should reflect that they are Python libraries, so write for example `pythonPackages.numpy: 1.11 -> 1.12`.
--- a/doc/languages-frameworks/ruby.xml
+++ b/doc/languages-frameworks/ruby.xml
@ -4,10 +4,14 @@
 <title>Ruby</title>
-  <para>There currently is support to bundle applications that are packaged as Ruby gems. The utility "bundix" allows you to write a <filename>Gemfile</filename>, let bundler create a <filename>Gemfile.lock</filename>, and then convert
+<para>There currently is support to bundle applications that are packaged as
-  this into a nix expression that contains all Gem dependencies automatically.</para>
+Ruby gems. The utility "bundix" allows you to write a
 <filename>Gemfile</filename>, let bundler create a
 <filename>Gemfile.lock</filename>, and then convert this into a nix
 expression that contains all Gem dependencies automatically.
 </para>
-  <para>For example, to package sensu, we did:</para>
+<para>For example, to package sensu, we did:</para>
 <screen>
 <![CDATA[$ cd pkgs/servers/monitoring
@ -16,7 +20,7 @@ $ cd sensu
 $ cat > Gemfile
 source 'https://rubygems.org'
 gem 'sensu'
-$ $(nix-build '<nixpkgs>' -A bundix)/bin/bundix --magic
+$ $(nix-build '<nixpkgs>' -A bundix --no-out-link)/bin/bundix --magic
 $ cat > default.nix
 { lib, bundlerEnv, ruby }:
@ -38,15 +42,61 @@ bundlerEnv rec {
 }]]>
 </screen>
-<para>Please check in the <filename>Gemfile</filename>, <filename>Gemfile.lock</filename> and the <filename>gemset.nix</filename> so future updates can be run easily.
+<para>Please check in the <filename>Gemfile</filename>,
 <filename>Gemfile.lock</filename> and the
 <filename>gemset.nix</filename> so future updates can be run easily.
 </para>
-<para>Resulting derivations also have two helpful items, <literal>env</literal> and <literal>wrapper</literal>. The first one allows one to quickly drop into
+<para>For tools written in Ruby - i.e. where the desire is to install
-<command>nix-shell</command> with the specified environment present. E.g. <command>nix-shell -A sensu.env</command> would give you an environment with Ruby preset
+a package and then execute e.g. <command>rake</command> at the command
-so it has all the libraries necessary for <literal>sensu</literal> in its paths. The second one can be used to make derivations from custom Ruby scripts which have
+line, there is an alternative builder called <literal>bundlerApp</literal>.
-<filename>Gemfile</filename>s with their dependencies specified. It is a derivation with <command>ruby</command> wrapped so it can find all the needed dependencies.
+Set up the <filename>gemset.nix</filename> the same way, and then, for
-For example, to make a derivation <literal>my-script</literal> for a <filename>my-script.rb</filename> (which should be placed in <filename>bin</filename>) you should
+example:
-run <command>bundix</command> as specified above and then use <literal>bundlerEnv</literal> like this:</para>
+</para>
 <screen>
 <![CDATA[{ lib, bundlerApp }:
 bundlerApp {
  pname = "corundum";
  gemdir = ./.;
  exes = [ "corundum-skel" ];
  meta = with lib; {
    description = "Tool and libraries for maintaining Ruby gems.";
    homepage    = https://github.com/nyarly/corundum;
    license     = licenses.mit;
    maintainers = [ maintainers.nyarly ];
    platforms   = platforms.unix;
  };
 }]]>
 </screen>
 <para>The chief advantage of <literal>bundlerApp</literal> over
 <literal>bundlerEnv</literal> is the executables introduced in the
 environment are precisely those selected in the <literal>exes</literal>
 list, as opposed to <literal>bundlerEnv</literal> which adds all the
 executables made available by gems in the gemset, which can mean e.g.
 <command>rspec</command> or <command>rake</command> in unpredictable
 versions available from various packages.
 </para>
 <para>Resulting derivations for both builders also have two helpful
 attributes, <literal>env</literal> and <literal>wrappedRuby</literal>.
 The first one allows one to quickly drop into
 <command>nix-shell</command> with the specified environment present.
 E.g. <command>nix-shell -A sensu.env</command> would give you an
 environment with Ruby preset so it has all the libraries necessary
 for <literal>sensu</literal> in its paths. The second one can be
 used to make derivations from custom Ruby scripts which have
 <filename>Gemfile</filename>s with their dependencies specified. It is
 a derivation with <command>ruby</command> wrapped so it can find all
 the needed dependencies. For example, to make a derivation
 <literal>my-script</literal> for a <filename>my-script.rb</filename>
 (which should be placed in <filename>bin</filename>) you should run
 <command>bundix</command> as specified above and then use
 <literal>bundlerEnv</literal> like this:
 </para>
 <programlisting>
 <![CDATA[let env = bundlerEnv {
@ -60,13 +110,9 @@ run <command>bundix</command> as specified above and then use <literal>bundlerEn
 in stdenv.mkDerivation {
  name = "my-script";
-
+  buildInputs = [ env.wrappedRuby ];
  buildInputs = [ env.wrapper ];
  script = ./my-script.rb;
  buildCommand = ''
    mkdir -p $out/bin
    install -D -m755 $script $out/bin/my-script
    patchShebangs $out/bin/my-script
  '';
@ -74,4 +120,3 @@ in stdenv.mkDerivation {
 </programlisting>
 </section>
--- a/doc/languages-frameworks/rust.md
+++ b/doc/languages-frameworks/rust.md
@ -17,7 +17,7 @@ into the `environment.systemPackages` or bring them into scope with
 `nix-shell -p rustStable.rustc -p rustStable.cargo`.
 There are also `rustBeta` and `rustNightly` package sets available.
-These are not updated very regulary. For daily builds use either rustup from
+These are not updated very regularly. For daily builds use either rustup from
 nixpkgs or use the [Rust nightlies overlay](#using-the-rust-nightlies-overlay).
 ## Packaging Rust applications
--- a/doc/multiple-output.xml
+++ b/doc/multiple-output.xml
@ -73,7 +73,7 @@
      <varlistentry><term><varname>
        $outputMan</varname></term><listitem><para>
-        is for man pages (except for section 3). They go to <varname>man</varname> or <varname>doc</varname> or <varname>$outputBin</varname> by default.
+        is for man pages (except for section 3). They go to <varname>man</varname> or <varname>$outputBin</varname> by default.
      </para></listitem></varlistentry>
      <varlistentry><term><varname>
@ -83,7 +83,7 @@
      <varlistentry><term><varname>
        $outputInfo</varname></term><listitem><para>
-        is for info pages. They go to <varname>info</varname> or <varname>doc</varname> or <varname>$outputMan</varname> by default.
+        is for info pages. They go to <varname>info</varname> or <varname>$outputBin</varname> by default.
      </para></listitem></varlistentry>
    </variablelist>
--- a/doc/overlays.xml
+++ b/doc/overlays.xml
@ -8,59 +8,88 @@
 overlays. Overlays are used to add layers in the fix-point used by Nixpkgs
 to compose the set of all packages.</para>
 <para>Nixpkgs can be configured with a list of overlays, which are
 applied in order. This means that the order of the overlays can be significant
 if multiple layers override the same package.</para>
 <!--============================================================-->
 <section xml:id="sec-overlays-install">
-<title>Installing Overlays</title>
+<title>Installing overlays</title>
-<para>The set of overlays is looked for in the following places. The
+<para>The list of overlays is determined as follows.</para>
-first one present is considered, and all the rest are ignored:
+
 <para>If the <varname>overlays</varname> argument is not provided explicitly, we look for overlays in a path. The path
 is determined as follows:
 <orderedlist>
  <listitem>
    <para>First, if an <varname>overlays</varname> argument to the nixpkgs function itself is given,
    then that is used.</para>
-    <para>As an argument of the imported attribute set. When importing Nixpkgs,
+    <para>This can be passed explicitly when importing nipxkgs, for example 
-    the <varname>overlays</varname> attribute argument can be set to a list of
+    <literal>import &lt;nixpkgs> { overlays = [ overlay1 overlay2 ]; }</literal>.</para>
    functions, which is described in <xref linkend="sec-overlays-layout"/>.</para>
  </listitem>
  <listitem>
    <para>Otherwise, if the Nix path entry <literal>&lt;nixpkgs-overlays></literal> exists, we look for overlays
    at that path, as described below.</para>
-    <para>In the directory pointed to by the Nix search path entry
+    <para>See the section on <literal>NIX_PATH</literal> in the Nix manual for more details on how to 
-    <literal>&lt;nixpkgs-overlays></literal>.</para>
+    set a value for <literal>&lt;nixpkgs-overlays>.</literal></para>
  </listitem>
  <listitem>
-
+    <para>If one of <filename>~/.config/nixpkgs/overlays.nix</filename> and
-    <para>In the directory <filename>~/.config/nixpkgs/overlays/</filename>.</para>
+    <filename>~/.config/nixpkgs/overlays/</filename> exists, then we look for overlays at that path, as
    described below. It is an error if both exist.</para>
  </listitem>
 </orderedlist>
 </para>
-<para>For the second and third options, the directory should contain Nix expressions defining the
+<para>If we are looking for overlays at a path, then there are two cases:
-overlays. Each overlay can be a file, a directory containing a
+<itemizedlist>
-<filename>default.nix</filename>, or a symlink to one of those. The expressions should follow
+  <listitem>
-the syntax described in <xref linkend="sec-overlays-layout"/>.</para>
+    <para>If the path is a file, then the file is imported as a Nix expression and used as the list of
    overlays.</para>
  </listitem>
-<para>The order of the overlay layers can influence the recipe of packages if multiple layers override
+  <listitem>
-the same recipe. In the case where overlays are loaded from a directory, they are loaded in
+    <para>If the path is a directory, then we take the content of the directory, order it
-alphabetical order.</para>
+    lexicographically, and attempt to interpret each as an overlay by:
    <itemizedlist>
      <listitem>
        <para>Importing the file, if it is a <literal>.nix</literal> file.</para>
      </listitem>
      <listitem>
        <para>Importing a top-level <filename>default.nix</filename> file, if it is a directory.</para>
      </listitem>
    </itemizedlist>
    </para>
  </listitem>
 </itemizedlist>
 </para>
-<para>To install an overlay using the last option, you can clone the overlay's repository and add
+<para>On a NixOS system the value of the <literal>nixpkgs.overlays</literal> option, if present, 
-a symbolic link to it in <filename>~/.config/nixpkgs/overlays/</filename> directory.</para>
+is passed to the system Nixpkgs directly as an argument. Note that this does not affect the overlays for
 non-NixOS operations (e.g. <literal>nix-env</literal>), which are looked up independently.</para>
 <para>The <filename>overlays.nix</filename> option therefore provides a convenient way to use the same
 overlays for a NixOS system configuration and user configuration: the same file can be used
 as <filename>overlays.nix</filename> and imported as the value of <literal>nixpkgs.overlays</literal>.</para>
 </section>
 <!--============================================================-->
-<section xml:id="sec-overlays-layout">
+<section xml:id="sec-overlays-definition">
-<title>Overlays Layout</title>
+<title>Defining overlays</title>
-<para>Overlays are expressed as Nix functions which accept 2 arguments and return a set of
+<para>Overlays are Nix functions which accept two arguments, 
-packages.</para>
+conventionally called <varname>self</varname> and <varname>super</varname>, 
 and return a set of packages. For example, the following is a valid overlay.</para>
 <programlisting>
 self: super:
@ -75,25 +104,31 @@ self: super:
 }
 </programlisting>
-<para>The first argument, usually named <varname>self</varname>, corresponds to the final package
+<para>The first argument (<varname>self</varname>) corresponds to the final package
 set. You should use this set for the dependencies of all packages specified in your
 overlay. For example, all the dependencies of <varname>rr</varname> in the example above come
 from <varname>self</varname>, as well as the overridden dependencies used in the
 <varname>boost</varname> override.</para>
-<para>The second argument, usually named <varname>super</varname>,
+<para>The second argument (<varname>super</varname>)
 corresponds to the result of the evaluation of the previous stages of
 Nixpkgs. It does not contain any of the packages added by the current
-overlay nor any of the following overlays. This set should be used either
+overlay, nor any of the following overlays. This set should be used either
 to refer to packages you wish to override, or to access functions defined
 in Nixpkgs. For example, the original recipe of <varname>boost</varname>
 in the above example, comes from <varname>super</varname>, as well as the
 <varname>callPackage</varname> function.</para>
 <para>The value returned by this function should be a set similar to
-<filename>pkgs/top-level/all-packages.nix</filename>, which contains
+<filename>pkgs/top-level/all-packages.nix</filename>, containing
 overridden and/or new packages.</para>
 <para>Overlays are similar to other methods for customizing Nixpkgs, in particular
 the <literal>packageOverrides</literal> attribute described in <xref linkend="sec-modify-via-packageOverrides"/>.
 Indeed, <literal>packageOverrides</literal> acts as an overlay with only the 
 <varname>super</varname> argument. It is therefore appropriate for basic use, 
 but overlays are more powerful and easier to distribute.</para>
 </section>
 </chapter>
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@ -101,7 +101,7 @@ modulesTree = [kernel]
 $ nix-env -i ncurses
 $ export NIX_CFLAGS_LINK=-lncurses
 $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
-          
+
          </para>
        </listitem>
@ -111,9 +111,9 @@ $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
        </listitem>
      </orderedlist>
-    
+
    </para>
-    
+
  </listitem>
  <listitem>
@ -366,15 +366,33 @@ it. Place the resulting <filename>package.nix</filename> file into
 </section>
-<section xml:id="sec-autojump">
+<section xml:id="sec-shell-helpers">
-<title>Autojump</title>
+<title>Interactive shell helpers</title>
 <para>
-  autojump needs the shell integration to be useful but unlike other systems,
+  Some packages provide the shell integration to be more useful. But
-  nix doesn't have a standard share directory location. This is why a
+  unlike other systems, nix doesn't have a standard share directory
-  <command>autojump-share</command> script is shipped that prints the location
+  location. This is why a bunch <command>PACKAGE-share</command>
-  of the shared folder. This can then be used in the .bashrc like this:
+  scripts are shipped that print the location of the corresponding
  shared folder.
  Current list of such packages is as following:
  <itemizedlist>
    <listitem>
      <para>
        <literal>autojump</literal>: <command>autojump-share</command>
      </para>
    </listitem>
    <listitem>
      <para>
        <literal>fzf</literal>: <command>fzf-share</command>
      </para>
    </listitem>
  </itemizedlist>
  E.g. <literal>autojump</literal> can then used in the .bashrc like this:
 <screen>
  source "$(autojump-share)/autojump.bash"
 </screen>
@ -391,24 +409,24 @@ it. Place the resulting <filename>package.nix</filename> file into
 <title>Steam in Nix</title>
 <para>
-  Steam is distributed as a <filename>.deb</filename> file, for now only 
+  Steam is distributed as a <filename>.deb</filename> file, for now only
-  as an i686 package (the amd64 package only has documentation). 
+  as an i686 package (the amd64 package only has documentation).
-  When unpacked, it has a script called <filename>steam</filename> that 
+  When unpacked, it has a script called <filename>steam</filename> that
  in ubuntu (their target distro) would go to <filename>/usr/bin
-  </filename>. When run for the first time, this script copies some 
+  </filename>. When run for the first time, this script copies some
-  files to the user's home, which include another script that is the 
+  files to the user's home, which include another script that is the
-  ultimate responsible for launching the steam binary, which is also 
+  ultimate responsible for launching the steam binary, which is also
  in $HOME.
 </para>
 <para>
  Nix problems and constraints:
 <itemizedlist>
-  <listitem><para>We don't have <filename>/bin/bash</filename> and many 
+  <listitem><para>We don't have <filename>/bin/bash</filename> and many
  scripts point there. Similarly for <filename>/usr/bin/python</filename>
  .</para></listitem>
  <listitem><para>We don't have the dynamic loader in <filename>/lib
  </filename>.</para></listitem>
-  <listitem><para>The <filename>steam.sh</filename> script in $HOME can 
+  <listitem><para>The <filename>steam.sh</filename> script in $HOME can
  not be patched, as it is checked and rewritten by steam.</para></listitem>
  <listitem><para>The steam binary cannot be patched, it's also checked.</para></listitem>
 </itemizedlist>
@ -428,10 +446,10 @@ it. Place the resulting <filename>package.nix</filename> file into
 <title>How to play</title>
 <para>
-  For 64-bit systems it's important to have 
+  For 64-bit systems it's important to have
-  <programlisting>hardware.opengl.driSupport32Bit = true;</programlisting> 
+  <programlisting>hardware.opengl.driSupport32Bit = true;</programlisting>
-  in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need 
+  in your <filename>/etc/nixos/configuration.nix</filename>. You'll also need
-  <programlisting>hardware.pulseaudio.support32Bit = true;</programlisting> 
+  <programlisting>hardware.pulseaudio.support32Bit = true;</programlisting>
  if you are using PulseAudio - this will enable 32bit ALSA apps integration.
  To use the Steam controller, you need to add
  <programlisting>services.udev.extraRules = ''
@ -452,23 +470,31 @@ it. Place the resulting <filename>package.nix</filename> file into
  <varlistentry>
    <term>Steam fails to start. What do I do?</term>
-    <listitem><para>Try to run 
+    <listitem><para>Try to run
    <programlisting>strace steam</programlisting>
    to see what is causing steam to fail.</para></listitem>
  </varlistentry>
  <varlistentry>
-  <term>Using the FOSS Radeon drivers</term>
+  <term>Using the FOSS Radeon or nouveau (nvidia) drivers</term>
  <listitem><itemizedlist><listitem><para>
-  The open source radeon drivers need a newer libc++ than is provided 
+  Both the open source radeon drivers as well as the nouveau drivers (nvidia)
-  by the default runtime, which leads to a crash on launch. Use
+  need a newer libc++ than is provided by the default runtime, which leads to a
-  <programlisting>environment.systemPackages = [(pkgs.steam.override { newStdcpp = true; })];</programlisting>
+  crash on launch. Use <programlisting>environment.systemPackages =
-  in your config if you get an error like
+  [(pkgs.steam.override { newStdcpp = true; })];</programlisting> in your config
  if you get an error like
  <programlisting>
 libGL error: unable to load driver: radeonsi_dri.so
 libGL error: driver pointer missing
 libGL error: failed to load driver: radeonsi
 libGL error: unable to load driver: swrast_dri.so
 libGL error: failed to load driver: swrast</programlisting>
  or
  <programlisting>
 libGL error: unable to load driver: nouveau_dri.so
 libGL error: driver pointer missing
 libGL error: failed to load driver: nouveau
 libGL error: unable to load driver: swrast_dri.so
 libGL error: failed to load driver: swrast</programlisting></para></listitem>
  <listitem><para>
  Steam ships statically linked with a version of libcrypto that
@ -486,7 +512,7 @@ libGL error: failed to load driver: swrast</programlisting></para></listitem>
  <listitem><para>
  There is no java in steam chrootenv by default. If you get a message like
  <programlisting>/home/foo/.local/share/Steam/SteamApps/common/towns/towns.sh: line 1: java: command not found</programlisting>
-  You need to add  
+  You need to add
  <programlisting> steam.override { withJava = true; };</programlisting>
  to your configuration.
  </para></listitem>
@ -501,14 +527,14 @@ libGL error: failed to load driver: swrast</programlisting></para></listitem>
 <title>steam-run</title>
 <para>
-The FHS-compatible chroot used for steam can also be used to run 
+The FHS-compatible chroot used for steam can also be used to run
 other linux games that expect a FHS environment.
-To do it, add 
+To do it, add
 <programlisting>pkgs.(steam.override {
          nativeOnly = true;
          newStdcpp = true;
        }).run</programlisting>
-to your configuration, rebuild, and run the game with 
+to your configuration, rebuild, and run the game with
 <programlisting>steam-run ./foo</programlisting>
 </para>
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@ -1,3 +1,4 @@
 <chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xml:id="chap-stdenv">
@ -1153,7 +1154,7 @@ makeWrapper $out/bin/foo $wrapperfile --prefix PATH : ${lib.makeBinPath [ hello
    </listitem>
  </varlistentry>
-  
+
  <varlistentry xml:id='fun-substitute'>
    <term><function>substitute</function>
@ -1312,7 +1313,7 @@ someVar=$(stripHash $name)
    </para></listitem>
  </varlistentry>
-  
+
  <varlistentry xml:id='fun-wrapProgram'>
    <term><function>wrapProgram</function>
@ -1342,12 +1343,34 @@ someVar=$(stripHash $name)
 <variablelist>
  <varlistentry>
-    <term>GCC wrapper</term>
+    <term>CC Wrapper</term>
-    <listitem><para>Adds the <filename>include</filename> subdirectory
+    <listitem>
-    of each build input to the <envar>NIX_CFLAGS_COMPILE</envar>
+      <para>
-    environment variable, and the <filename>lib</filename> and
+        CC Wrapper wraps a C toolchain for a bunch of miscellaneous purposes.
-    <filename>lib64</filename> subdirectories to
+        Specifically, a C compiler (GCC or Clang), Binutils (or the CCTools + binutils mashup when targetting Darwin), and a C standard library (glibc or Darwin's libSystem) are all fed in, and dependency finding, hardening (see below), and purity checks for each are handled by CC Wrapper.
-    <envar>NIX_LDFLAGS</envar>.</para></listitem>
+        Packages typically depend on only CC Wrapper, instead of those 3 inputs directly.
      </para>
      <para>
        Dependency finding is undoubtedly the main task of CC wrapper.
        It is currently accomplished by collecting directories of host-platform dependencies (i.e. <varname>buildInputs</varname> and <varname>nativeBuildInputs</varname>) in environment variables.
        CC wrapper's setup hook causes any <filename>include</filename> subdirectory of such a dependency to be added to <envar>NIX_CFLAGS_COMPILE</envar>, and any <filename>lib</filename> and <filename>lib64</filename> subdirectories to <envar>NIX_LDFLAGS</envar>.
        The setup hook itself contains some lengthy comments describing the exact convoluted mechanism by which this is accomplished.
      </para>
      <para>
        A final task of the setup hook is defining a number of standard environment variables to tell build systems which executables full-fill which purpose.
        They are defined to just be the base name of the tools, under the assumption that CC Wrapper's binaries will be on the path.
        Firstly, this helps poorly-written packages, e.g. ones that look for just <command>gcc</command> when <envar>CC</envar> isn't defined yet <command>clang</command> is to be used.
        Secondly, this helps packages not get confused when cross-compiling, in which case multiple CC wrappers may be simultaneous in use (targeting different platforms).
        <envar>BUILD_</envar>- and <envar>TARGET_</envar>-prefixed versions of the normal environment variable are defined for the additional CC Wrappers, properly disambiguating them.
      </para>
      <para>
        A problem with this final task is that CC Wrapper is honest and defines <envar>LD</envar> as <command>ld</command>.
        Most packages, however, firstly use the C compiler for linking, secondly use <envar>LD</envar> anyways, defining it as the C compiler, and thirdly, only so define <envar>LD</envar> when it is undefined as a fallback.
        This triple-threat means CC Wrapper will break those packages, as LD is already defined as the actually linker which the package won't override yet doesn't want to use.
        The workaround is to define, just for the problematic package, <envar>LD</envar> as the C compiler.
        A good way to do this would be <command>preConfigure = "LD=$CC"</command>.
      </para>
    </listitem>
  </varlistentry>
  <varlistentry>
--- a/doc/submitting-changes.xml
+++ b/doc/submitting-changes.xml
@ -61,7 +61,7 @@ $ git checkout -b 'fix/pkg-name-update'
 <listitem>
 <para>Format the commit in a following way:</para>
 <programlisting>
-(pkg-name | service-name): (from -> to | init at version | refactor | etc)
+(pkg-name | nixos/&lt;module>): (from -> to | init at version | refactor | etc)
 Additional information.
 </programlisting>
@ -78,19 +78,19 @@ Additional information.
 <listitem>
 <para>
-<command>firefox: 3.0 -> 3.1.1</command>
+<command>firefox: 54.0.1 -> 55.0</command>
 </para>
 </listitem>
 <listitem>
 <para>
-<command>hydra service: add bazBaz option</command>
+<command>nixos/hydra: add bazBaz option</command>
 </para>
 </listitem>
 <listitem>
 <para>
-<command>nginx service: refactor config generation</command>
+<command>nixos/nginx: refactor config generation</command>
 </para>
 </listitem>
 </itemizedlist>
@ -196,7 +196,7 @@ Additional information.
 <itemizedlist>
 <listitem>
-<para>Write the title in format <command>(pkg-name | service): improvement</command>.
+<para>Write the title in format <command>(pkg-name | nixos/&lt;module>): improvement</command>.
 <itemizedlist>
 <listitem>
@ -223,6 +223,133 @@ Additional information.
 </itemizedlist>
 </section>
 <section>
  <title>Pull Request Template</title>
  <para>
    The pull request template helps determine what steps have been made for a
    contribution so far, and will help guide maintainers on the status of a
    change. The motivation section of the PR should include any extra details
    the title does not address and link any existing issues related to the pull
    request.
  </para>
  <para>When a PR is created, it will be pre-populated with some checkboxes detailed below:
  </para>
  <section>
    <title>Tested using sandboxing</title>
    <para>
      When sandbox builds are enabled, Nix will setup an isolated environment
      for each build process. It is used to remove further hidden dependencies
      set by the build environment to improve reproducibility. This includes
      access to the network during the build outside of
      <function>fetch*</function> functions and files outside the Nix store.
      Depending on the operating system access to other resources are blocked
      as well (ex. inter process communication is isolated on Linux); see <link
      xlink:href="https://nixos.org/nix/manual/#description-45">build-use-sandbox</link>
      in Nix manual for details.
    </para>
    <para>
      Sandboxing is not enabled by default in Nix due to a small performance
      hit on each build.  In pull requests for <link
        xlink:href="https://github.com/NixOS/nixpkgs/">nixpkgs</link> people
      are asked to test builds with sandboxing enabled (see <literal>Tested
        using sandboxing</literal> in the pull request template) because
      in<link
        xlink:href="https://nixos.org/hydra/">https://nixos.org/hydra/</link>
      sandboxing is also used.
    </para>
    <para>
      Depending if you use NixOS or other platforms you can use one of the
      following methods to enable sandboxing <emphasis role="bold">before</emphasis> building the package:
      <itemizedlist>
        <listitem>
          <para>
            <emphasis role="bold">Globally enable sandboxing on NixOS</emphasis>:
            add the following to 
            <filename>configuration.nix</filename>
            <screen>nix.useSandbox = true;</screen>
          </para>
        </listitem>
        <listitem>
          <para>
            <emphasis role="bold">Globally enable sandboxing on non-NixOS platforms</emphasis>:
            add the following to: <filename>/etc/nix/nix.conf</filename>
            <screen>build-use-sandbox = true</screen>
          </para>
        </listitem>
      </itemizedlist>
    </para>
  </section>
  <section>
    <title>Built on platform(s)</title>
    <para>
      Many Nix packages are designed to run on multiple
      platforms. As such, it's important to let the maintainer know which
      platforms your changes have been tested on. It's not always practical to
      test a change on all platforms, and is not required for a pull request to
      be merged. Only check the systems you tested the build on in this
      section.
    </para>
  </section>
  <section>
    <title>Tested via one or more NixOS test(s) if existing and applicable for the change (look inside nixos/tests)</title>
    <para>
      Packages with automated tests are much more likely to be merged in a
      timely fashion because it doesn't require as much manual testing by the
      maintainer to verify the functionality of the package. If there are
      existing tests for the package, they should be run to verify your changes
      do not break the tests. Tests only apply to packages with NixOS modules
      defined and can only be run on Linux. For more details on writing and
      running tests, see the <link
        xlink:href="https://nixos.org/nixos/manual/index.html#sec-nixos-tests">section
        in the NixOS manual</link>.
    </para>
  </section>
  <section>
    <title>Tested compilation of all pkgs that depend on this change using <command>nox-review</command></title>
    <para>
      If you are updating a package's version, you can use nox to make sure all
      packages that depend on the updated package still compile correctly. This
      can be done using the nox utility. The <command>nox-review</command>
      utility can look for and build all dependencies either based on
      uncommited changes with the <literal>wip</literal> option or specifying a
      github pull request number.
    </para>
    <para>
      review uncommitted changes:
      <screen>nix-shell -p nox --run nox-review wip</screen>
    </para>
    <para>
      review changes from pull request number 12345:
      <screen>nix-shell -p nox --run nox-review pr 12345</screen>
    </para>
  </section>
  <section>
    <title>Tested execution of all binary files (usually in <filename>./result/bin/</filename>)</title>
    <para>
      It's important to test any executables generated by a build when you
      change or create a package in nixpkgs. This can be done by looking in
      <filename>./result/bin</filename> and running any files in there, or at a
      minimum, the main executable for the package. For example, if you make a change
      to <package>texlive</package>, you probably would only check the binaries
      associated with the change you made rather than testing all of them.
    </para>
  </section>
  <section>
    <title>Meets nixpkgs contribution standards</title>
    <para>
      The last checkbox is fits <link
        xlink:href="https://github.com/NixOS/nixpkgs/blob/master/.github/CONTRIBUTING.md">CONTRIBUTING.md</link>.
      The contributing document has detailed information on standards the Nix
      community has for commit messages, reviews, licensing of contributions
      you make to the project, etc... Everyone should read and understand the
      standards the community has for contributing before submitting a pull
      request.
    </para>
  </section>
 </section>
 <section>
 <title>Hotfixing pull requests</title>
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@ -1,11 +1,11 @@
 { lib }:
 # Operations on attribute sets.
 let
  inherit (builtins) head tail length;
-  inherit (import ./trivial.nix) and or;
+  inherit (lib.trivial) and or;
-  inherit (import ./default.nix) fold;
+  inherit (lib.strings) concatStringsSep;
-  inherit (import ./strings.nix) concatStringsSep;
+  inherit (lib.lists) fold concatMap concatLists all deepSeqList;
  inherit (import ./lists.nix) concatMap concatLists all deepSeqList;
 in
 rec {
--- a/lib/customisation.nix
+++ b/lib/customisation.nix
@ -1,6 +1,6 @@
 { lib }:
 let
  lib = import ./default.nix;
  inherit (builtins) attrNames isFunction;
 in
--- a/lib/debug.nix
+++ b/lib/debug.nix
@ -1,4 +1,6 @@
-let lib = import ./default.nix;
+{ lib }:
 let
 inherit (builtins) trace attrNamesToStr isAttrs isFunction isList isInt
        isString isBool head substring attrNames;
--- a/lib/default.nix
+++ b/lib/default.nix
@ -5,58 +5,127 @@
 */
 let
-  # often used, or depending on very little
+  callLibs = file: import file { inherit lib; };
  trivial = import ./trivial.nix;
  fixedPoints = import ./fixed-points.nix;
-  # datatypes
+  lib = rec {
  attrsets = import ./attrsets.nix;
  lists = import ./lists.nix;
  strings = import ./strings.nix;
  stringsWithDeps = import ./strings-with-deps.nix;
-  # packaging
+    # often used, or depending on very little
-  customisation = import ./customisation.nix;
+    trivial = callLibs ./trivial.nix;
-  maintainers = import ./maintainers.nix;
+    fixedPoints = callLibs ./fixed-points.nix;
  meta = import ./meta.nix;
  sources = import ./sources.nix;
-  # module system
+    # datatypes
-  modules = import ./modules.nix;
+    attrsets = callLibs ./attrsets.nix;
-  options = import ./options.nix;
+    lists = callLibs ./lists.nix;
-  types = import ./types.nix;
+    strings = callLibs ./strings.nix;
    stringsWithDeps = callLibs ./strings-with-deps.nix;
-  # constants
+    # packaging
-  licenses = import ./licenses.nix;
+    customisation = callLibs ./customisation.nix;
-  systems = import ./systems;
+    maintainers = callLibs ./maintainers.nix;
    meta = callLibs ./meta.nix;
    sources = callLibs ./sources.nix;
  # misc
  debug = import ./debug.nix;
  generators = import ./generators.nix;
  misc = import ./deprecated.nix;
-  # domain-specific
+    # module system
-  sandbox = import ./sandbox.nix;
+    modules = callLibs ./modules.nix;
-  fetchers = import ./fetchers.nix;
+    options = callLibs ./options.nix;
    types = callLibs ./types.nix;
-  # Eval-time filesystem handling
+    # constants
-  filesystem = import ./filesystem.nix;
+    licenses = callLibs ./licenses.nix;
    systems = callLibs ./systems;
-in
+    # misc
-  { inherit trivial fixedPoints
+    debug = callLibs ./debug.nix;
-            attrsets lists strings stringsWithDeps
+
-            customisation maintainers meta sources
+    generators = callLibs ./generators.nix;
-            modules options types
+    misc = callLibs ./deprecated.nix;
-            licenses systems
+    # domain-specific
-            debug generators misc
+    sandbox = callLibs ./sandbox.nix;
-            sandbox fetchers filesystem;
+    fetchers = callLibs ./fetchers.nix;
    # Eval-time filesystem handling
    filesystem = callLibs ./filesystem.nix;
    # back-compat aliases
    platforms = systems.doubles;
-  }
+
-  # !!! don't include everything at top-level; perhaps only the most
+    inherit (builtins) add addErrorContext attrNames
-  # commonly used functions.
+      concatLists deepSeq elem elemAt filter genericClosure genList
-  // trivial // fixedPoints
+      getAttr hasAttr head isAttrs isBool isFunction isInt isList
-  // lists // strings // stringsWithDeps // attrsets // sources
+      isString length lessThan listToAttrs pathExists readFile
-  // options // types // meta // debug // misc // modules
+      replaceStrings seq stringLength sub substring tail;
-  // customisation
+    inherit (trivial) id const concat or and boolToString mergeAttrs
      flip mapNullable inNixShell min max importJSON warn info
      nixpkgsVersion mod;
    inherit (fixedPoints) fix fix' extends composeExtensions
      makeExtensible makeExtensibleWithCustomName;
    inherit (attrsets) attrByPath hasAttrByPath setAttrByPath
      getAttrFromPath attrVals attrValues catAttrs filterAttrs
      filterAttrsRecursive foldAttrs collect nameValuePair mapAttrs
      mapAttrs' mapAttrsToList mapAttrsRecursive mapAttrsRecursiveCond
      genAttrs isDerivation toDerivation optionalAttrs
      zipAttrsWithNames zipAttrsWith zipAttrs recursiveUpdateUntil
      recursiveUpdate matchAttrs overrideExisting getOutput getBin
      getLib getDev chooseDevOutputs zipWithNames zip;
    inherit (lists) singleton foldr fold foldl foldl' imap0 imap1
      concatMap flatten remove findSingle findFirst any all count
      optional optionals toList range partition zipListsWith zipLists
      reverseList listDfs toposort sort take drop sublist last init
      crossLists unique intersectLists subtractLists
      mutuallyExclusive;
    inherit (strings) concatStrings concatMapStrings concatImapStrings
      intersperse concatStringsSep concatMapStringsSep
      concatImapStringsSep makeSearchPath makeSearchPathOutput
      makeLibraryPath makeBinPath makePerlPath optionalString
      hasPrefix hasSuffix stringToCharacters stringAsChars escape
      escapeShellArg escapeShellArgs replaceChars lowerChars upperChars
      toLower toUpper addContextFrom splitString removePrefix
      removeSuffix versionOlder versionAtLeast getVersion nameFromURL
      enableFeature fixedWidthString fixedWidthNumber isStorePath
      toInt readPathsFromFile fileContents;
    inherit (stringsWithDeps) textClosureList textClosureMap
      noDepEntry fullDepEntry packEntry stringAfter;
    inherit (customisation) overrideDerivation makeOverridable
      callPackageWith callPackagesWith addPassthru hydraJob makeScope;
    inherit (meta) addMetaAttrs dontDistribute setName updateName
      appendToName mapDerivationAttrset lowPrio lowPrioSet hiPrio
      hiPrioSet;
    inherit (sources) pathType pathIsDirectory cleanSourceFilter
      cleanSource sourceByRegex sourceFilesBySuffices
      commitIdFromGitRepo;
    inherit (modules) evalModules closeModules unifyModuleSyntax
      applyIfFunction unpackSubmodule packSubmodule mergeModules
      mergeModules' mergeOptionDecls evalOptionValue mergeDefinitions
      pushDownProperties dischargeProperties filterOverrides
      sortProperties fixupOptionType mkIf mkAssert mkMerge mkOverride
      mkOptionDefault mkDefault mkForce mkVMOverride mkStrict
      mkFixStrictness mkOrder mkBefore mkAfter mkAliasDefinitions
      mkAliasAndWrapDefinitions fixMergeModules mkRemovedOptionModule
      mkRenamedOptionModule mkMergedOptionModule mkChangedOptionModule
      mkAliasOptionModule doRename filterModules;
    inherit (options) isOption mkEnableOption mkSinkUndeclaredOptions
      mergeDefaultOption mergeOneOption mergeEqualOption getValues
      getFiles optionAttrSetToDocList optionAttrSetToDocList'
      scrubOptionValue literalExample showOption showFiles
      unknownModule mkOption;
    inherit (types) isType setType defaultTypeMerge defaultFunctor
      isOptionType mkOptionType;
    inherit (debug) addErrorContextToAttrs traceIf traceVal
      traceXMLVal traceXMLValMarked traceSeq traceSeqN traceValSeq
      traceValSeqN traceShowVal traceShowValMarked
      showVal traceCall traceCall2 traceCall3 traceValIfNot runTests
      testAllTrue strict traceCallXml attrNamesToStr;
    inherit (misc) maybeEnv defaultMergeArg defaultMerge foldArgs
      defaultOverridableDelayableArgs composedArgsAndFun
      maybeAttrNullable maybeAttr ifEnable checkFlag getValue
      checkReqs uniqList uniqListExt condConcat lazyGenericClosure
      innerModifySumArgs modifySumArgs innerClosePropagation
      closePropagation mapAttrsFlatten nvs setAttr setAttrMerge
      mergeAttrsWithFunc mergeAttrsConcatenateValues
      mergeAttrsNoOverride mergeAttrByFunc mergeAttrsByFuncDefaults
      mergeAttrsByFuncDefaultsClean mergeAttrBy
      prepareDerivationArgs nixType imap overridableDelayableArgs;
  };
 in lib
--- a/lib/deprecated.nix
+++ b/lib/deprecated.nix
@ -1,11 +1,12 @@
-let lib = import ./default.nix;
+{ lib }:
 let
    inherit (builtins) isFunction head tail isList isAttrs isInt attrNames;
 in
-with import ./lists.nix;
+with lib.lists;
-with import ./attrsets.nix;
+with lib.attrsets;
-with import ./strings.nix;
+with lib.strings;
 rec {
@ -309,48 +310,6 @@ rec {
  mergeAttrsByFuncDefaults = foldl mergeAttrByFunc { inherit mergeAttrBy; };
  mergeAttrsByFuncDefaultsClean = list: removeAttrs (mergeAttrsByFuncDefaults list) ["mergeAttrBy"];
  # merge attrs based on version key into mkDerivation args, see mergeAttrBy to learn about smart merge defaults
  #
  # This function is best explained by an example:
  #
  #     {version ? "2.x"}:
  #
  #     mkDerivation (mergeAttrsByVersion "package-name" version
  #       { # version specific settings
  #         "git" = { src = ..; preConfigre = "autogen.sh"; buildInputs = [automake autoconf libtool];  };
  #         "2.x" = { src = ..; };
  #       }
  #       {  // shared settings
  #          buildInputs = [ common build inputs ];
  #          meta = { .. }
  #       }
  #     )
  #
  # Please note that e.g. Eelco Dolstra usually prefers having one file for
  # each version. On the other hand there are valuable additional design goals
  #  - readability
  #  - do it once only
  #  - try to avoid duplication
  #
  # Marc Weber and Michael Raskin sometimes prefer keeping older
  # versions around for testing and regression tests - as long as its cheap to
  # do so.
  #
  # Very often it just happens that the "shared" code is the bigger part.
  # Then using this function might be appropriate.
  #
  # Be aware that its easy to cause recompilations in all versions when using
  # this function - also if derivations get too complex splitting into multiple
  # files is the way to go.
  #
  # See misc.nix -> versionedDerivation
  # discussion: nixpkgs: pull/310
  mergeAttrsByVersion = name: version: attrsByVersion: base:
    mergeAttrsByFuncDefaultsClean [ { name = "${name}-${version}"; }
                                    base
                                    (maybeAttr version (throw "bad version ${version} for ${name}") attrsByVersion)
                                  ];
  # sane defaults (same name as attr name so that inherit can be used)
  mergeAttrBy = # { buildInputs = concatList; [...]; passthru = mergeAttr; [..]; }
    listToAttrs (map (n: nameValuePair n lib.concat)
--- a/lib/fetchers.nix
+++ b/lib/fetchers.nix
@ -1,4 +1,5 @@
 # snippets that can be shared by multiple fetchers (pkgs/build-support)
 { lib }:
 {
  proxyImpureEnvVars = [
--- a/lib/filesystem.nix
+++ b/lib/filesystem.nix
@ -1,3 +1,4 @@
 { lib }:
 { # haskellPathsInDir : Path -> Map String Path
  # A map of all haskell packages defined in the given path,
  # identified by having a cabal file with the same name as the
--- a/lib/fixed-points.nix
+++ b/lib/fixed-points.nix
@ -1,3 +1,4 @@
 { ... }:
 rec {
  # Compute the fixed point of the given function `f`, which is usually an
  # attribute set that expects its final, non-recursive representation as an
--- a/lib/generators.nix
+++ b/lib/generators.nix
@ -7,10 +7,11 @@
 * Tests can be found in ./tests.nix
 * Documentation in the manual, #sec-generators
 */
-with import ./trivial.nix;
+{ lib }:
 with (lib).trivial;
 let
-  libStr = import ./strings.nix;
+  libStr = lib.strings;
-  libAttr = import ./attrsets.nix;
+  libAttr = lib.attrsets;
  flipMapAttrs = flip libAttr.mapAttrs;
 in
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@ -1,7 +1,6 @@
 { lib }:
 let
  lib = import ./default.nix;
  spdx = lic: lic // {
    url = "http://spdx.org/licenses/${lic.spdxId}";
  };
@ -175,6 +174,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "DOC License";
  };
  eapl = {
    fullName = "EPSON AVASYS PUBLIC LICENSE";
    url = http://avasys.jp/hp/menu000000700/hpg000000603.htm;
    free = false;
  };
  efl10 = spdx {
    spdxId = "EFL-1.0";
    fullName = "Eiffel Forum License v1.0";
@ -198,7 +203,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
  eupl11 = spdx {
    spdxId = "EUPL-1.1";
-    fullname = "European Union Public License 1.1";
+    fullName = "European Union Public License 1.1";
  };
  fdl12 = spdx {
@ -211,6 +216,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "GNU Free Documentation License v1.3";
  };
  ffsl = {
    fullName = "Floodgap Free Software License";
    url = http://www.floodgap.com/software/ffsl/license.html;
  };
  free = {
    fullName = "Unspecified free software license";
  };
@ -282,9 +292,10 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "Independent JPEG Group License";
  };
-  inria = {
+  inria-compcert = {
-    fullName  = "INRIA Non-Commercial License Agreement";
+    fullName  = "INRIA Non-Commercial License Agreement for the CompCert verified compiler";
    url       = "http://compcert.inria.fr/doc/LICENSE";
    free      = false;
  };
  ipa = spdx {
@ -363,7 +374,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
  };
  miros = {
-    fullname = "MirOS License";
+    fullName = "MirOS License";
    url = https://opensource.org/licenses/MirOS;
  };
@ -408,7 +419,7 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    url = "https://raw.githubusercontent.com/raboof/notion/master/LICENSE";
    fullName = "Notion modified LGPL";
  };
-  
+
  ofl = spdx {
    spdxId = "OFL-1.1";
    fullName = "SIL Open Font License 1.1";
@ -546,12 +557,12 @@ lib.mapAttrs (n: v: v // { shortName = n; }) rec {
    fullName = "zlib License";
  };
-  zpt20 = spdx { # FIXME: why zpt* instead of zpl*
+  zpl20 = spdx {
    spdxId = "ZPL-2.0";
    fullName = "Zope Public License 2.0";
  };
-  zpt21 = spdx {
+  zpl21 = spdx {
    spdxId = "ZPL-2.1";
    fullName = "Zope Public License 2.1";
  };
--- a/lib/lists.nix
+++ b/lib/lists.nix
@ -1,6 +1,6 @@
 # General list operations.
-
+{ lib }:
-with import ./trivial.nix;
+with lib.trivial;
 rec {
--- a/lib/maintainers.nix
+++ b/lib/maintainers.nix
@ -1,3 +1,4 @@
 { ...}:
 /* List of NixOS maintainers. The format is:
    handle = "Real Name <address@example.org>";
@ -33,6 +34,7 @@
  algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
  alibabzo = "Alistair Bill <alistair.bill@gmail.com>";
  all = "Nix Committers <nix-commits@lists.science.uu.nl>";
  alunduil = "Alex Brandt <alunduil@alunduil.com>";
  ambrop72 = "Ambroz Bizjak <ambrop7@gmail.com>";
  amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
  amiloradovsky = "Andrew Miloradovsky <miloradovsky@gmail.com>";
@ -75,6 +77,7 @@
  berdario = "Dario Bertini <berdario@gmail.com>";
  bergey = "Daniel Bergey <bergey@teallabs.org>";
  bhipple = "Benjamin Hipple <bhipple@protonmail.com>";
  binarin = "Alexey Lebedeff <binarin@binarin.ru>";
  bjg = "Brian Gough <bjg@gnu.org>";
  bjornfor = "Bjørn Forsman <bjorn.forsman@gmail.com>";
  bluescreen303 = "Mathijs Kwik <mathijs@bluescreen303.nl>";
@ -88,11 +91,14 @@
  bstrik = "Berno Strik <dutchman55@gmx.com>";
  bzizou = "Bruno Bzeznik <Bruno@bzizou.net>";
  c0dehero = "CodeHero <codehero@nerdpol.ch>";
  calbrecht = "Christian Albrecht <christian.albrecht@mayflower.de>";
  calrama = "Moritz Maxeiner <moritz@ucworks.org>";
  calvertvl = "Victor Calvert <calvertvl@gmail.com>";
  campadrenalin = "Philip Horger <campadrenalin@gmail.com>";
  canndrew = "Andrew Cann <shum@canndrew.org>";
  carlsverre = "Carl Sverre <accounts@carlsverre.com>";
  casey = "Casey Rodarmor <casey@rodarmor.net>";
  caugner = "Claas Augner <nixos@caugner.de>";
  cdepillabout = "Dennis Gosnell <cdep.illabout@gmail.com>";
  cfouche = "Chaddaï Fouché <chaddai.fouche@gmail.com>";
  changlinli = "Changlin Li <mail@changlinli.com>";
@ -101,6 +107,7 @@
  choochootrain = "Hurshal Patel <hurshal@imap.cc>";
  chris-martin = "Chris Martin <ch.martin@gmail.com>";
  chrisjefferson = "Christopher Jefferson <chris@bubblescope.net>";
  chrisrosset = "Christopher Rosset <chris@rosset.org.uk>";
  christopherpoole = "Christopher Mark Poole <mail@christopherpoole.net>";
  ciil = "Simon Lackerbauer <simon@lackerbauer.com>";
  ckampka = "Christian Kampka <christian@kampka.net>";
@ -108,6 +115,7 @@
  cleverca22 = "Michael Bishop <cleverca22@gmail.com>";
  cmcdragonkai = "Roger Qiu <roger.qiu@matrix.ai>";
  cmfwyp = "cmfwyp <cmfwyp@riseup.net>";
  cobbal = "Andrew Cobb <andrew.cobb@gmail.com>";
  coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
  codsl = "codsl <codsl@riseup.net>";
  codyopel = "Cody Opel <codyopel@gmail.com>";
@ -135,12 +143,14 @@
  dbrock = "Daniel Brockman <daniel@brockman.se>";
  deepfire = "Kosyrev Serge <_deepfire@feelingofgreen.ru>";
  demin-dmitriy = "Dmitriy Demin <demindf@gmail.com>";
  derchris = "Christian Gerbrandt <derchris@me.com>";
  DerGuteMoritz = "Moritz Heidkamp <moritz@twoticketsplease.de>";
  dermetfan = "Robin Stumm <serverkorken@gmail.com>";
  DerTim1 = "Tim Digel <tim.digel@active-group.de>";
  desiderius = "Didier J. Devroye <didier@devroye.name>";
  devhell = "devhell <\"^\"@regexmail.net>";
  dezgeg = "Tuomas Tynkkynen <tuomas.tynkkynen@iki.fi>";
  dfordivam = "Divam <dfordivam+nixpkgs@gmail.com>";
  dfoxfranke = "Daniel Fox Franke <dfoxfranke@gmail.com>";
  dgonyeo = "Derek Gonyeo <derek@gonyeo.com>";
  dipinhora = "Dipin Hora <dipinhora+github@gmail.com>";
@ -177,6 +187,7 @@
  ellis = "Ellis Whitehead <nixos@ellisw.net>";
  eperuffo = "Emanuele Peruffo <info@emanueleperuffo.com>";
  epitrochoid = "Mabry Cervin <mpcervin@uncg.edu>";
  eqyiel = "Ruben Maher <r@rkm.id.au>";
  ericbmerritt = "Eric Merritt <eric@afiniate.com>";
  ericsagnes = "Eric Sagnes <eric.sagnes@gmail.com>";
  erikryb = "Erik Rybakken <erik.rybakken@math.ntnu.no>";
@ -204,15 +215,18 @@
  fuuzetsu = "Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>";
  fuzzy-id = "Thomas Bach <hacking+nixos@babibo.de>";
  fxfactorial = "Edgar Aroutiounian <edgar.factorial@gmail.com>";
  gabesoft = "Gabriel Adomnicai <gabesoft@gmail.com>";
  gal_bolle = "Florent Becker <florent.becker@ens-lyon.org>";
  garbas = "Rok Garbas <rok@garbas.si>";
  garrison = "Jim Garrison <jim@garrison.cc>";
  gavin = "Gavin Rogers <gavin@praxeology.co.uk>";
  gebner = "Gabriel Ebner <gebner@gebner.org>";
  geistesk = "Alvar Penning <post@0x21.biz>";
  georgewhewell = "George Whewell <georgerw@gmail.com>";
  gilligan = "Tobias Pflug <tobias.pflug@gmail.com>";
  giogadi = "Luis G. Torres <lgtorres42@gmail.com>";
  gleber = "Gleb Peregud <gleber.p@gmail.com>";
  glenns = "Glenn Searby <glenn.searby@gmail.com>";
  globin = "Robin Gloster <mail@glob.in>";
  gnidorah = "Alex Ivanov <yourbestfriend@opmbx.org>";
  goibhniu = "Cillian de Róiste <cillian.deroiste@gmail.com>";
@ -226,6 +240,7 @@
  guillaumekoenig = "Guillaume Koenig <guillaume.edward.koenig@gmail.com>";
  guyonvarch = "Joris Guyonvarch <joris@guyonvarch.me>";
  hakuch = "Jesse Haber-Kucharsky <hakuch@gmail.com>";
  hamhut1066 = "Hamish Hutchings <github@hamhut1066.com>";
  havvy = "Ryan Scheel <ryan.havvy@gmail.com>";
  hbunke = "Hendrik Bunke <bunke.hendrik@gmail.com>";
  hce = "Hans-Christian Esperer <hc@hcesperer.org>";
@ -241,14 +256,15 @@
  ianwookim = "Ian-Woo Kim <ianwookim@gmail.com>";
  igsha = "Igor Sharonov <igor.sharonov@gmail.com>";
  ikervagyok = "Balázs Lengyel <ikervagyok@gmail.com>";
-  infinisil = "Silvan Mosberger <infinisil@icloud.com";
+  infinisil = "Silvan Mosberger <infinisil@icloud.com>";
  ironpinguin = "Michele Catalano <michele@catalano.de>";
  ivan-tkatchev = "Ivan Tkatchev <tkatchev@gmail.com>";
  j-keck = "Jürgen Keck <jhyphenkeck@gmail.com>";
  jagajaga = "Arseniy Seroka <ars.seroka@gmail.com>";
  jammerful = "jammerful <jammerful@gmail.com>";
  jansol = "Jan Solanti <jan.solanti@paivola.fi>";
  javaguirre = "Javier Aguirre <contacto@javaguirre.net>";
-  jb55 = "William Casarin <bill@casarin.me>";
+  jb55 = "William Casarin <jb55@jb55.com>";
  jbedo = "Justin Bedő <cu@cua0.org>";
  jcumming = "Jack Cummings <jack@mudshark.org>";
  jdagilliland = "Jason Gilliland <jdagilliland@gmail.com>";
@ -272,9 +288,9 @@
  johnramsden = "John Ramsden <johnramsden@riseup.net>";
  joko = "Ioannis Koutras <ioannis.koutras@gmail.com>";
  jonafato = "Jon Banafato <jon@jonafato.com>";
  jpbernardy = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
  jpierre03 = "Jean-Pierre PRUNARET <nix@prunetwork.fr>";
  jpotier = "Martin Potier <jpo.contributes.to.nixos@marvid.fr>";
  jyp = "Jean-Philippe Bernardy <jeanphilippe.bernardy@gmail.com>";
  jraygauthier = "Raymond Gauthier <jraygauthier@gmail.com>";
  jtojnar = "Jan Tojnar <jtojnar@gmail.com>";
  juliendehos = "Julien Dehos <dehos@lisic.univ-littoral.fr>";
@ -289,8 +305,10 @@
  khumba = "Bryan Gardiner <bog@khumba.net>";
  KibaFox = "Kiba Fox <kiba.fox@foxypossibilities.com>";
  kierdavis = "Kier Davis <kierdavis@gmail.com>";
  kiloreux = "Kiloreux Emperex <kiloreux@gmail.com>";
  kkallio = "Karn Kallio <tierpluspluslists@gmail.com>";
  knedlsepp = "Josef Kemetmüller <josef.kemetmueller@gmail.com>";
  konimex = "Muhammad Herdiansyah <herdiansyah@netc.eu>";
  koral = "Koral <koral@mailoo.org>";
  kovirobi = "Kovacsics Robert <kovirobi@gmail.com>";
  kragniz = "Louis Taylor <louis@kragniz.eu>";
@ -311,6 +329,7 @@
  lihop = "Leroy Hopson <nixos@leroy.geek.nz>";
  linquize = "Linquize <linquize@yahoo.com.hk>";
  linus = "Linus Arver <linusarver@gmail.com>";
  lluchs = "Lukas Werling <lukas.werling@gmail.com>";
  lnl7 = "Daiderd Jordan <daiderd@gmail.com>";
  loskutov = "Ignat Loskutov <ignat.loskutov@gmail.com>";
  lovek323 = "Jason O'Conal <jason@oconal.id.au>";
@ -374,6 +393,7 @@
  MostAwesomeDude = "Corbin Simpson <cds@corbinsimpson.com>";
  mounium = "Katona László <muoniurn@gmail.com>";
  MP2E = "Cray Elliott <MP2E@archlinux.us>";
  mpcsh = "Mark Cohen <m@mpc.sh>";
  mpscholten = "Marc Scholten <marc@mpscholten.de>";
  mpsyco = "Francis St-Amour <fr.st-amour@gmail.com>";
  msackman = "Matthew Sackman <matthew@wellquite.org>";
@ -405,6 +425,7 @@
  np = "Nicolas Pouillard <np.nix@nicolaspouillard.fr>";
  nslqqq = "Nikita Mikhailov <nslqqq@gmail.com>";
  nthorne = "Niklas Thörne <notrupertthorne@gmail.com>";
  nyarly = "Judson Lester <nyarly@gmail.com>";
  obadz = "obadz <obadz-nixos@obadz.com>";
  ocharles = "Oliver Charles <ollie@ocharles.org.uk>";
  odi = "Oliver Dunkl <oliver.dunkl@gmail.com>";
@ -476,6 +497,7 @@
  renzo = "Renzo Carbonara <renzocarbonara@gmail.com>";
  retrry = "Tadas Barzdžius <retrry@gmail.com>";
  rht = "rht <rhtbot@protonmail.com>";
  richardipsum = "Richard Ipsum <richardipsum@fastmail.co.uk>";
  rick68 = "Wei-Ming Yang <rick68@gmail.com>";
  rickynils = "Rickard Nilsson <rickynils@gmail.com>";
  ris = "Robert Scott <code@humanleg.org.uk>";
@ -499,6 +521,7 @@
  ryanartecona = "Ryan Artecona <ryanartecona@gmail.com>";
  ryansydnor = "Ryan Sydnor <ryan.t.sydnor@gmail.com>";
  ryantm = "Ryan Mulligan <ryan@ryantm.com>";
  rybern = "Ryan Bernstein <ryan.bernstein@columbia.edu>";
  rycee = "Robert Helgesson <robert@rycee.net>";
  ryneeverett = "Ryne Everett <ryneeverett@gmail.com>";
  rzetterberg = "Richard Zetterberg <richard.zetterberg@gmail.com>";
@ -506,10 +529,12 @@
  samuelrivas = "Samuel Rivas <samuelrivas@gmail.com>";
  sander = "Sander van der Burg <s.vanderburg@tudelft.nl>";
  sargon = "Daniel Ehlers <danielehlers@mindeye.net>";
  sauyon = "Sauyon Lee <s@uyon.co>";
  schmitthenner = "Fabian Schmitthenner <development@schmitthenner.eu>";
  schneefux = "schneefux <schneefux+nixos_pkg@schneefux.xyz>";
  schristo = "Scott Christopher <schristopher@konputa.com>";
  scolobb = "Sergiu Ivanov <sivanov@colimite.fr>";
  sdll = "Sasha Illarionov <sasha.delly@gmail.com>";
  sepi = "Raffael Mancini <raffael@mancini.lu>";
  seppeljordan = "Sebastian Jordan <sebastian.jordan.mail@googlemail.com>";
  shanemikel = "Shane Pearlman <shanemikel1@gmail.com>";
@ -530,6 +555,7 @@
  smironov = "Sergey Mironov <grrwlf@gmail.com>";
  snyh = "Xia Bin <snyh@snyh.org>";
  solson = "Scott Olson <scott@solson.me>";
  sorpaas = "Wei Tang <hi@that.world>";
  spacefrogg = "Michael Raitza <spacefrogg-nixos@meterriblecrew.net>";
  spencerjanssen = "Spencer Janssen <spencerjanssen@gmail.com>";
  spinus = "Tomasz Czyż <tomasz.czyz@gmail.com>";
@ -554,15 +580,19 @@
  taku0 = "Takuo Yonezawa <mxxouy6x3m_github@tatapa.org>";
  tari = "Peter Marheine <peter@taricorp.net>";
  tavyc = "Octavian Cerna <octavian.cerna@gmail.com>";
  ltavard = "Laure Tavard <laure.tavard@univ-grenoble-alpes.fr>";
  teh = "Tom Hunger <tehunger@gmail.com>";
  teto = "Matthieu Coudron <mcoudron@hotmail.com>";
  telotortium = "Robert Irelan <rirelan@gmail.com>";
  thall = "Niclas Thall <niclas.thall@gmail.com>";
  thammers = "Tobias Hammerschmidt <jawr@gmx.de>";
  the-kenny = "Moritz Ulrich <moritz@tarn-vedra.de>";
  theuni = "Christian Theune <ct@flyingcircus.io>";
  ThomasMader = "Thomas Mader <thomas.mader@gmail.com>";
  thoughtpolice = "Austin Seipp <aseipp@pobox.com>";
  timbertson = "Tim Cuthbertson <tim@gfxmonk.net>";
  titanous = "Jonathan Rudenberg <jonathan@titanous.com>";
  tnias = "Philipp Bartsch <phil@grmr.de>";
  tohl = "Tomas Hlavaty <tom@logand.com>";
  tokudan = "Daniel Frank <git@danielfrank.net>";
  tomberek = "Thomas Bereknyei <tomberek@gmail.com>";
@ -583,6 +613,7 @@
  uwap = "uwap <me@uwap.name>";
  vaibhavsagar = "Vaibhav Sagar <vaibhavsagar@gmail.com>";
  vandenoever = "Jos van den Oever <jos@vandenoever.info>";
  vanschelven = "Klaas van Schelven <klaas@vanschelven.com>";
  vanzef = "Ivan Solyankin <vanzef@gmail.com>";
  vbgl = "Vincent Laporte <Vincent.Laporte@gmail.com>";
  vbmithr = "Vincent Bernardoff <vb@luminar.eu.org>";
@ -590,6 +621,7 @@
  vdemeester = "Vincent Demeester <vincent@sbr.pm>";
  veprbl = "Dmitry Kalinkin <veprbl@gmail.com>";
  vifino = "Adrian Pistol <vifino@tty.sh>";
  vinymeuh = "VinyMeuh <vinymeuh@gmail.com>";
  viric = "Lluís Batlle i Rossell <viric@viric.name>";
  vizanto = "Danny Wilson <danny@prime.vc>";
  vklquevs = "vklquevs <vklquevs@gmail.com>";
@ -603,12 +635,14 @@
  vrthra = "Rahul Gopinath <rahul@gopinath.org>";
  vyp = "vyp <elisp.vim@gmail.com>";
  wedens = "wedens <kirill.wedens@gmail.com>";
  willibutz = "Willi Butz <willibutz@posteo.de>";
  willtim = "Tim Philip Williams <tim.williams.public@gmail.com>";
  winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
  wizeman = "Ricardo M. Correia <rcorreia@wizy.org>";
  wjlroe = "William Roe <willroe@gmail.com>";
  wkennington = "William A. Kennington III <william@wkennington.com>";
  wmertens = "Wout Mertens <Wout.Mertens@gmail.com>";
  woffs = "Frank Doepper <github@woffs.de>";
  womfoo = "Kranium Gikos Mendoza <kranium@gikos.net>";
  wscott = "Wayne Scott <wsc9tt@gmail.com>";
  wyvie = "Elijah Rum <elijahrum@gmail.com>";
@ -627,8 +661,10 @@
  zauberpony = "Elmar Athmer <elmar@athmer.org>";
  zef = "Zef Hemel <zef@zef.me>";
  zimbatm = "zimbatm <zimbatm@zimbatm.com>";
  Zimmi48 = "Théo Zimmermann <theo.zimmermann@univ-paris-diderot.fr>";
  zohl = "Al Zohali <zohl@fmap.me>";
  zoomulator = "Kim Simmons <zoomulator@gmail.com>";
  zraexy = "David Mell <zraexy@gmail.com>";
  zx2c4 = "Jason A. Donenfeld <Jason@zx2c4.com>";
  zzamboni = "Diego Zamboni <diego@zzamboni.org>";
 }
--- a/lib/meta.nix
+++ b/lib/meta.nix
@ -1,8 +1,7 @@
 /* Some functions for manipulating meta attributes, as well as the
   name attribute. */
-let lib = import ./default.nix;
+{ lib }:
 in
 rec {
--- a/lib/minver.nix
+++ b/lib/minver.nix
@ -1,2 +1,2 @@
 # Expose the minimum required version for evaluating Nixpkgs
-"1.10"
+"1.11"
--- a/lib/modules.nix
+++ b/lib/modules.nix
@ -1,10 +1,12 @@
-with import ./lists.nix;
+{ lib }:
-with import ./strings.nix;
+
-with import ./trivial.nix;
+with lib.lists;
-with import ./attrsets.nix;
+with lib.strings;
-with import ./options.nix;
+with lib.trivial;
-with import ./debug.nix;
+with lib.attrsets;
-with import ./types.nix;
+with lib.options;
 with lib.debug;
 with lib.types;
 rec {
--- a/lib/options.nix
+++ b/lib/options.nix
@ -1,11 +1,10 @@
 # Nixpkgs/NixOS option handling.
 { lib }:
-let lib = import ./default.nix; in
+with lib.trivial;
-
+with lib.lists;
-with import ./trivial.nix;
+with lib.attrsets;
-with import ./lists.nix;
+with lib.strings;
 with import ./attrsets.nix;
 with import ./strings.nix;
 rec {
--- a/lib/sandbox.nix
+++ b/lib/sandbox.nix
@ -1,4 +1,5 @@
-with import ./strings.nix;
+{ lib }:
 with lib.strings;
 /* Helpers for creating lisp S-exprs for the Apple sandbox
--- a/lib/sources.nix
+++ b/lib/sources.nix
@ -1,6 +1,5 @@
 # Functions for copying sources to the Nix store.
-
+{ lib }:
 let lib = import ./default.nix; in
 rec {
@ -15,8 +14,11 @@ rec {
  cleanSourceFilter = name: type: let baseName = baseNameOf (toString name); in ! (
    # Filter out Subversion and CVS directories.
    (type == "directory" && (baseName == ".git" || baseName == ".svn" || baseName == "CVS" || baseName == ".hg")) ||
-    # Filter out backup files.
+    # Filter out editor backup / swap files.
    lib.hasSuffix "~" baseName ||
    builtins.match "^\\.sw[a-z]$" baseName != null ||
    builtins.match "^\\..*\\.sw[a-z]$" baseName != null ||
    # Filter out generates files.
    lib.hasSuffix ".o" baseName ||
    lib.hasSuffix ".so" baseName ||
--- a/lib/strings-with-deps.nix
+++ b/lib/strings-with-deps.nix
@ -1,3 +1,4 @@
 { lib }:
 /*
 Usage:
@ -40,9 +41,9 @@ Usage:
  [1] maybe this behaviour should be removed to keep things simple (?)
 */
-with import ./lists.nix;
+with lib.lists;
-with import ./attrsets.nix;
+with lib.attrsets;
-with import ./strings.nix;
+with lib.strings;
 rec {
--- a/lib/strings.nix
+++ b/lib/strings.nix
@ -1,6 +1,6 @@
 /* String manipulation functions. */
-
+{ lib }:
-let lib = import ./default.nix;
+let
 inherit (builtins) length;
--- a/lib/systems/default.nix
+++ b/lib/systems/default.nix
@ -1,11 +1,12 @@
-let inherit (import ../attrsets.nix) mapAttrs; in
+{ lib }:
  let inherit (lib.attrsets) mapAttrs; in
 rec {
-  doubles = import ./doubles.nix;
+  doubles = import ./doubles.nix { inherit lib; };
-  parse = import ./parse.nix;
+  parse = import ./parse.nix { inherit lib; };
-  inspect = import ./inspect.nix;
+  inspect = import ./inspect.nix { inherit lib; };
-  platforms = import ./platforms.nix;
+  platforms = import ./platforms.nix { inherit lib; };
-  examples = import ./examples.nix;
+  examples = import ./examples.nix { inherit lib; };
  # Elaborate a `localSystem` or `crossSystem` so that it contains everything
  # necessary.
@ -28,6 +29,15 @@ rec {
        else if final.isLinux  then "glibc"
        # TODO(@Ericson2314) think more about other operating systems
        else                        "native/impure";
      extensions = {
        sharedLibrary =
          /**/ if final.isDarwin  then ".dylib"
          else if final.isWindows then ".dll"
          else                         ".so";
        executable =
          /**/ if final.isWindows then ".exe"
          else                         "";
      };
    } // mapAttrs (n: v: v final.parsed) inspect.predicates
      // args;
  in final;
--- a/lib/systems/doubles.nix
+++ b/lib/systems/doubles.nix
@ -1,8 +1,9 @@
 { lib }:
 let
-  lists = import ../lists.nix;
+  inherit (lib) lists;
-  parse = import ./parse.nix;
+  parse = import ./parse.nix { inherit lib; };
-  inherit (import ./inspect.nix) predicates;
+  inherit (import ./inspect.nix { inherit lib; }) predicates;
-  inherit (import ../attrsets.nix) matchAttrs;
+  inherit (lib.attrsets) matchAttrs;
  all = [
    "aarch64-linux"
@ -26,7 +27,7 @@ in rec {
  allBut = platforms: lists.filter (x: !(builtins.elem x platforms)) all;
  none = [];
-  arm     = filterDoubles predicates.isArm32;
+  arm     = filterDoubles predicates.isArm;
  i686    = filterDoubles predicates.isi686;
  mips    = filterDoubles predicates.isMips;
  x86_64  = filterDoubles predicates.isx86_64;
--- a/lib/systems/examples.nix
+++ b/lib/systems/examples.nix
@ -1,8 +1,8 @@
 # These can be passed to nixpkgs as either the `localSystem` or
 # `crossSystem`. They are put here for user convenience, but also used by cross
 # tests and linux cross stdenv building, so handle with care!
-
+{ lib }:
-let platforms = import ./platforms.nix; in
+let platforms = import ./platforms.nix { inherit lib; }; in
 rec {
  #
--- a/lib/systems/inspect.nix
+++ b/lib/systems/inspect.nix
@ -1,6 +1,7 @@
-with import ./parse.nix;
+{ lib }:
-with import ../attrsets.nix;
+with import ./parse.nix { inherit lib; };
-with import ../lists.nix;
+with lib.attrsets;
 with lib.lists;
 rec {
  patterns = rec {
@ -11,6 +12,7 @@ rec {
    PowerPC      = { cpu = cpuTypes.powerpc; };
    x86          = { cpu = { family = "x86"; }; };
    Arm          = { cpu = { family = "arm"; }; };
    Aarch64      = { cpu = { family = "aarch64"; }; };
    Mips         = { cpu = { family = "mips"; }; };
    BigEndian    = { cpu = { significantByte = significantBytes.bigEndian; }; };
    LittleEndian = { cpu = { significantByte = significantBytes.littleEndian; }; };
@ -28,9 +30,6 @@ rec {
    Windows      = { kernel = kernels.windows; };
    Cygwin       = { kernel = kernels.windows; abi = abis.cygnus; };
    MinGW        = { kernel = kernels.windows; abi = abis.gnu; };
    Arm32        = recursiveUpdate Arm patterns."32bit";
    Arm64        = recursiveUpdate Arm patterns."64bit";
  };
  matchAnyAttrs = patterns:
--- a/lib/systems/parse.nix
+++ b/lib/systems/parse.nix
@ -4,14 +4,13 @@
 # http://llvm.org/docs/doxygen/html/Triple_8cpp_source.html especially
 # Triple::normalize. Parsing should essentially act as a more conservative
 # version of that last function.
-
+{ lib }:
-with import ../lists.nix;
+with lib.lists;
-with import ../types.nix;
+with lib.types;
-with import ../attrsets.nix;
+with lib.attrsets;
-with (import ./inspect.nix).predicates;
+with (import ./inspect.nix { inherit lib; }).predicates;
 let
  lib = import ../default.nix;
  setTypesAssert = type: pred:
    mapAttrs (name: value:
      assert pred value;
@ -40,7 +39,7 @@ rec {
    armv6l   = { bits = 32; significantByte = littleEndian; family = "arm"; };
    armv7a   = { bits = 32; significantByte = littleEndian; family = "arm"; };
    armv7l   = { bits = 32; significantByte = littleEndian; family = "arm"; };
-    aarch64  = { bits = 64; significantByte = littleEndian; family = "arm"; };
+    aarch64  = { bits = 64; significantByte = littleEndian; family = "aarch64"; };
    i686     = { bits = 32; significantByte = littleEndian; family = "x86"; };
    x86_64   = { bits = 64; significantByte = littleEndian; family = "x86"; };
    mips64el = { bits = 32; significantByte = littleEndian; family = "mips"; };
--- a/lib/systems/platforms.nix
+++ b/lib/systems/platforms.nix
@ -1,3 +1,4 @@
 { lib }:
 rec {
  pcBase = {
    name = "pc";
@ -543,6 +544,10 @@ rec {
      # Cavium ThunderX stuff.
      PCI_HOST_THUNDER_ECAM y
      # The default (=y) forces us to have the XHCI firmware available in initrd,
      # which our initrd builder can't currently do easily.
      USB_XHCI_TEGRA m
    '';
    uboot = null;
    kernelTarget = "Image";
--- a/lib/trivial.nix
+++ b/lib/trivial.nix
@ -1,3 +1,4 @@
 { lib }:
 rec {
  /* The identity function
@ -55,7 +56,7 @@ rec {
    isInt add sub lessThan
    seq deepSeq genericClosure;
-  inherit (import ./strings.nix) fileContents;
+  inherit (lib.strings) fileContents;
  # Return the Nixpkgs version number.
  nixpkgsVersion =
@ -70,6 +71,16 @@ rec {
  min = x: y: if x < y then x else y;
  max = x: y: if x > y then x else y;
  /* Integer modulus
     Example:
       mod 11 10
       => 1
       mod 1 10
       => 1
  */
  mod = base: int: base - (int * (builtins.div base int));
  /* Reads a JSON file. */
  importJSON = path:
    builtins.fromJSON (builtins.readFile path);
--- a/lib/types.nix
+++ b/lib/types.nix
@ -1,15 +1,16 @@
 # Definitions related to run-time type checking.  Used in particular
 # to type-check NixOS configurations.
 { lib }:
 with lib.lists;
 with lib.attrsets;
 with lib.options;
 with lib.trivial;
 with lib.strings;
 let
-with import ./lists.nix;
+  inherit (lib.modules) mergeDefinitions filterOverrides;
-with import ./attrsets.nix;
+  outer_types =
 with import ./options.nix;
 with import ./trivial.nix;
 with import ./strings.nix;
 let inherit (import ./modules.nix) mergeDefinitions filterOverrides; in
 rec {
  isType = type: x: (x._type or "") == type;
  setType = typeName: value: value // {
@ -95,7 +96,6 @@ rec {
  # When adding new types don't forget to document them in
  # nixos/doc/manual/development/option-types.xml!
  types = rec {
    unspecified = mkOptionType {
      name = "unspecified";
    };
@ -291,7 +291,7 @@ rec {
    submodule = opts:
      let
        opts' = toList opts;
-        inherit (import ./modules.nix) evalModules;
+        inherit (lib.modules) evalModules;
      in
      mkOptionType rec {
        name = "submodule";
@ -395,5 +395,6 @@ rec {
    addCheck = elemType: check: elemType // { check = x: elemType.check x && check x; };
  };
 };
-}
+in outer_types // outer_types.types
--- a/maintainers/scripts/gnome.sh
+++ b/maintainers/scripts/gnome.sh
@ -2,26 +2,24 @@
 set -o pipefail
-GNOME_FTP="ftp.gnome.org/pub/GNOME/sources"
+GNOME_FTP=ftp.gnome.org/pub/GNOME/sources
 # projects that don't follow the GNOME major versioning, or that we don't want to
 # programmatically update
 NO_GNOME_MAJOR="ghex gtkhtml gdm"
 usage() {
-  echo "Usage: $0 gnome_dir <show project>|<update project>|<update-all> [major.minor]" >&2
+  echo "Usage: $0 <show project>|<update project>|<update-all> [major.minor]" >&2
  echo "gnome_dir is for example pkgs/desktops/gnome-3/3.18" >&2
  exit 0
 }
-if [ "$#" -lt 2 ]; then
+if [ "$#" -lt 1 ]; then
  usage
 fi
-GNOME_TOP="$1"
+GNOME_TOP=pkgs/desktops/gnome-3
 shift
-action="$1"
+action=$1
 # curl -l ftp://... doesn't work from my office in HSE, and I don't want to have
 # any conversations with sysadmin. Somehow lftp works.
@ -36,18 +34,18 @@ else
 fi
 find_project() {
-  exec find "$GNOME_TOP" -mindepth 2 -maxdepth 2 -type d $@
+  exec find "$GNOME_TOP" -mindepth 2 -maxdepth 2 -type d "$@"
 }
 show_project() {
-  local project="$1"
+  local project=$1
-  local majorVersion="$2"
+  local majorVersion=$2
-  local version=""
+  local version=
  if [ -z "$majorVersion" ]; then
    echo "Looking for available versions..." >&2
-    local available_baseversions=( `ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n` )
+    local available_baseversions=$(ls_ftp ftp://${GNOME_FTP}/${project} | grep '[0-9]\.[0-9]' | sort -t. -k1,1n -k 2,2n)
-    if [ "$?" -ne "0" ]; then
+    if [ "$?" -ne 0 ]; then
      echo "Project $project not found" >&2
      return 1
    fi
@ -59,11 +57,11 @@ show_project() {
  if echo "$majorVersion" | grep -q "[0-9]\+\.[0-9]\+\.[0-9]\+"; then
    # not a major version
-    version="$majorVersion"
+    version=$majorVersion
    majorVersion=$(echo "$majorVersion" | cut -d '.' -f 1,2)
  fi
-  local FTPDIR="${GNOME_FTP}/${project}/${majorVersion}"
+  local FTPDIR=${GNOME_FTP}/${project}/${majorVersion}
  #version=`curl -l ${FTPDIR}/ 2>/dev/null | grep LATEST-IS | sed -e s/LATEST-IS-//`
  # gnome's LATEST-IS is broken. Do not trust it.
@ -92,7 +90,7 @@ show_project() {
  		esac
  	done
  	echo "Found versions ${!versions[@]}" >&2
-  	version=`echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1`
+  	version=$(echo ${!versions[@]} | sed -e 's/ /\n/g' | sort -t. -k1,1n -k 2,2n -k 3,3n | tail -n1)
        if [ -z "$version" ]; then
          echo "No version available for major $majorVersion" >&2
          return 1
@ -103,7 +101,7 @@ show_project() {
  local name=${project}-${version}
  echo "Fetching .sha256 file" >&2
-  local sha256out=$(curl -s -f http://${FTPDIR}/${name}.sha256sum)
+  local sha256out=$(curl -s -f http://"${FTPDIR}"/"${name}".sha256sum)
  if [ "$?" -ne "0" ]; then
  	echo "Version not found" >&2
@ -136,8 +134,8 @@ fetchurl: {
 }
 update_project() {
-  local project="$1"
+  local project=$1
-  local majorVersion="$2"
+  local majorVersion=$2
  # find project in nixpkgs tree
  projectPath=$(find_project -name "$project" -print)
@ -150,14 +148,14 @@ update_project() {
  if [ "$?" -eq "0" ]; then
    echo "Updating $projectPath/src.nix" >&2
-    echo -e "$src" > "$projectPath/src.nix"
+    echo -e "$src" > "$projectPath"/src.nix
  fi
  return 0
 }
-if [ "$action" == "update-all" ]; then
+if [ "$action" = "update-all" ]; then
-  majorVersion="$2"
+  majorVersion=$2
  if [ -z "$majorVersion" ]; then
    echo "No major version specified" >&2
    usage
@ -170,23 +168,23 @@ if [ "$action" == "update-all" ]; then
      echo "Skipping $project"
    else
      echo "= Updating $project to $majorVersion" >&2
-      update_project $project $majorVersion
+      update_project "$project" "$majorVersion"
      echo >&2
    fi
  done
 else
-  project="$2"
+  project=$2
-  majorVersion="$3"
+  majorVersion=$3
  if [ -z "$project" ]; then
    echo "No project specified, exiting" >&2
    usage
  fi
-  if [ "$action" == "show" ]; then
+  if [ "$action" = show ]; then
-    show_project $project $majorVersion
+    show_project "$project" "$majorVersion"
-  elif [ "$action" == "update" ]; then
+  elif [ "$action" = update ]; then
-    update_project $project $majorVersion
+    update_project "$project" "$majorVersion"
  else
    echo "Unknown action $action" >&2
    usage
--- a/maintainers/scripts/hydra-eval-failures.py
+++ b/maintainers/scripts/hydra-eval-failures.py
@ -13,10 +13,8 @@ from pyquery import PyQuery as pq
 maintainers_json = subprocess.check_output([
-    'nix-instantiate',
+    'nix-instantiate', '-E', 'import ./lib/maintainers.nix {}', '--eval', '--json'
-    'lib/maintainers.nix',
+])
    '--eval',
    '--json'])
 maintainers = json.loads(maintainers_json)
 MAINTAINERS = {v: k for k, v in maintainers.iteritems()}
@ -31,18 +29,21 @@ EVAL_FILE = {
 def get_maintainers(attr_name):
-    nixname = attr_name.split('.')
+    try:
-    meta_json = subprocess.check_output([
+        nixname = attr_name.split('.')
-        'nix-instantiate',
+        meta_json = subprocess.check_output([
-        '--eval',
+            'nix-instantiate',
-        '--strict',
+            '--eval',
-        '-A',
+            '--strict',
-        '.'.join(nixname[1:]) + '.meta',
+            '-A',
-        EVAL_FILE[nixname[0]],
+            '.'.join(nixname[1:]) + '.meta',
-        '--json'])
+            EVAL_FILE[nixname[0]],
-    meta = json.loads(meta_json)
+            '--json'])
-    if meta.get('maintainers'):
+        meta = json.loads(meta_json)
-        return [MAINTAINERS[name] for name in meta['maintainers'] if MAINTAINERS.get(name)]
+        if meta.get('maintainers'):
            return [MAINTAINERS[name] for name in meta['maintainers'] if MAINTAINERS.get(name)]
    except:
       return []
@click.command()
--- a/maintainers/scripts/travis-nox-review-pr.sh
+++ b/maintainers/scripts/travis-nox-review-pr.sh
@ -53,8 +53,8 @@ while test -n "$1"; do
        nox)
            echo "=== Fetching Nox from binary cache"
-            # build nox silently so it's not in the log
+            # build nox (+ a basic nix-shell env) silently so it's not in the log
-            nix-build "<nixpkgs>" -A nox -A stdenv
+            nix-shell -p nox stdenv --command true
            ;;
        pr)
--- a/nixos/doc/manual/administration/declarative-containers.xml
+++ b/nixos/doc/manual/administration/declarative-containers.xml
@ -16,7 +16,7 @@ containers.database =
  { config =
      { config, pkgs, ... }:
      { services.postgresql.enable = true;
-        services.postgresql.package = pkgs.postgresql92;
+        services.postgresql.package = pkgs.postgresql96;
      };
  };
 </programlisting>
--- a/nixos/doc/manual/configuration/summary.xml
+++ b/nixos/doc/manual/configuration/summary.xml
@ -113,7 +113,8 @@ manual</link> for the rest.</para>
      </row>
      <row>
        <entry><literal>assert 1 + 1 == 2; "yes!"</literal></entry>
-        <entry>Assertion check (evaluates to <literal>"yes!"</literal>)</entry>
+        <entry>Assertion check (evaluates to <literal>"yes!"</literal>). See <xref
    linkend="sec-assertions"/> for using assertions in modules</entry>
      </row>
      <row>
        <entry><literal>let x = "foo"; y = "bar"; in x + y</literal></entry>
--- a/nixos/doc/manual/development/assertions.xml
+++ b/nixos/doc/manual/development/assertions.xml
@ -0,0 +1,80 @@
 <section xmlns="http://docbook.org/ns/docbook"
        xmlns:xlink="http://www.w3.org/1999/xlink"
        xmlns:xi="http://www.w3.org/2001/XInclude"
        version="5.0"
        xml:id="sec-assertions">
 <title>Warnings and Assertions</title>
 <para>
  When configuration problems are detectable in a module, it is a good
  idea to write an assertion or warning. Doing so provides clear
  feedback to the user and prevents errors after the build.
 </para>
 <para>
  Although Nix has the <literal>abort</literal> and
  <literal>builtins.trace</literal> <link xlink:href="https://nixos.org/nix/manual/#ssec-builtins">functions</link> to perform such tasks,
  they are not ideally suited for NixOS modules. Instead of these
  functions, you can declare your warnings and assertions using the
  NixOS module system.
 </para>
 <section>
 <title>Warnings</title>
 <para>
  This is an example of using <literal>warnings</literal>.
 </para>
 <programlisting>
 <![CDATA[
 { config, lib, ... }:
 {
  config = lib.mkIf config.services.foo.enable {
    warnings =
      if config.services.foo.bar
      then [ ''You have enabled the bar feature of the foo service.
               This is known to cause some specific problems in certain situations.
               '' ]
      else [];
  }
 }
 ]]>
 </programlisting>
 </section>
 <section>
 <title>Assertions</title>
 <para>
  This example, extracted from the
  <link xlink:href="https://github.com/NixOS/nixpkgs/blob/release-17.09/nixos/modules/services/logging/syslogd.nix">
    <literal>syslogd</literal> module
  </link> shows how to use <literal>assertions</literal>. Since there
  can only be one active syslog daemon at a time, an assertion is useful to
  prevent such a broken system from being built.
 </para>
 <programlisting>
 <![CDATA[
 { config, lib, ... }:
 {
  config = lib.mkIf config.services.syslogd.enable {
    assertions =
      [ { assertion = !config.services.rsyslogd.enable;
          message = "rsyslogd conflicts with syslogd";
        }
      ];
  }
 }
 ]]>
 </programlisting>
 </section>
 </section>
--- a/nixos/doc/manual/development/option-declarations.xml
+++ b/nixos/doc/manual/development/option-declarations.xml
@ -137,8 +137,8 @@ services.xserver.displayManager.enable = mkOption {
 };</screen></example>
 <example xml:id='ex-option-declaration-eot-backend-sddm'><title>Extending
-    <literal>services.foo.backend</literal> in the <literal>sddm</literal>
+    <literal>services.xserver.displayManager.enable</literal> in the 
-    module</title>
+    <literal>sddm</literal> module</title>
 <screen>
 services.xserver.displayManager.enable = mkOption {
  type = with types; nullOr (enum [ "sddm" ]);
--- a/nixos/doc/manual/development/option-types.xml
+++ b/nixos/doc/manual/development/option-types.xml
@ -157,27 +157,26 @@
 <section xml:id='section-option-types-submodule'><title>Submodule</title>
-  <para>Submodule is a very powerful type that defines a set of sub-options that 
+  <para><literal>submodule</literal> is a very powerful type that defines a set
-    are handled like a separate module.
+    of sub-options that are handled like a separate module.</para>
    It is especially interesting when used with composed types like 
    <literal>attrsOf</literal> or <literal>listOf</literal>.</para>
-  <para>The submodule type take a parameter <replaceable>o</replaceable>, that 
+  <para>It takes a parameter <replaceable>o</replaceable>, that should be a set,
-    should be a set, or a function returning a set with an 
+    or a function returning a set with an <literal>options</literal> key
-    <literal>options</literal> key defining the sub-options.
+    defining the sub-options.
-    The option set can be defined directly (<xref linkend='ex-submodule-direct' 
+    Submodule option definitions are type-checked accordingly to the
-      />) or as reference (<xref linkend='ex-submodule-reference' />).</para>
+    <literal>options</literal> declarations.
    Of course, you can nest submodule option definitons for even higher
    modularity.</para>
-  <para>Submodule option definitions are type-checked accordingly to the options 
+  <para>The option set can be defined directly
-    declarations. It is possible to declare submodule options inside a submodule 
+    (<xref linkend='ex-submodule-direct' />) or as reference
-    sub-options for even higher modularity.</para>
+    (<xref linkend='ex-submodule-reference' />).</para>
 <example xml:id='ex-submodule-direct'><title>Directly defined submodule</title>
 <screen>
 options.mod = mkOption {
  name = "mod";
  description = "submodule example";
-  type = with types; listOf (submodule {
+  type = with types; submodule {
    options = {
      foo = mkOption {
        type = int;
@ -186,10 +185,10 @@ options.mod = mkOption {
        type = str;
      };
    };
-  });
+  };
 };</screen></example>
-<example xml:id='ex-submodule-reference'><title>Submodule defined as a 
+<example xml:id='ex-submodule-reference'><title>Submodule defined as a
    reference</title>
 <screen>
 let
@ -206,16 +205,20 @@ let
 in
 options.mod = mkOption {
  description = "submodule example";
-  type = with types; listOf (submodule modOptions);
+  type = with types; submodule modOptions;
 };</screen></example>
-<section><title>Composed with <literal>listOf</literal></title>
+  <para>The <literal>submodule</literal> type is especially interesting when
-
+    used with composed types like <literal>attrsOf</literal> or
-  <para>When composed with <literal>listOf</literal>, submodule allows multiple 
+    <literal>listOf</literal>.
-    definitions of the submodule option set.</para>
+    When composed with <literal>listOf</literal>
    (<xref linkend='ex-submodule-listof-declaration' />),
    <literal>submodule</literal> allows multiple definitions of the submodule
    option set (<xref linkend='ex-submodule-listof-definition' />).</para>
 <example xml:id='ex-submodule-listof-declaration'><title>Declaration of a list 
-    of submodules</title>
+    nof submodules</title>
 <screen>
 options.mod = mkOption {
  description = "submodule example";
@ -239,13 +242,11 @@ config.mod = [
  { foo = 2; bar = "two"; }
 ];</screen></example>
-</section>
+  <para>When composed with <literal>attrsOf</literal>
-
+    (<xref linkend='ex-submodule-attrsof-declaration' />),
-
+    <literal>submodule</literal> allows multiple named definitions of the
-<section><title>Composed with <literal>attrsOf</literal></title>
+    submodule option set (<xref linkend='ex-submodule-attrsof-definition' />).
-
+  </para>
  <para>When composed with <literal>attrsOf</literal>, submodule allows multiple 
    named definitions of the submodule option set.</para>
 <example xml:id='ex-submodule-attrsof-declaration'><title>Declaration of 
    attribute sets of submodules</title>
@ -270,7 +271,6 @@ options.mod = mkOption {
 config.mod.one = { foo = 1; bar = "one"; };
 config.mod.two = { foo = 2; bar = "two"; };</screen></example>
 </section>
 </section>
 <section><title>Extending types</title>
--- a/nixos/doc/manual/development/releases.xml
+++ b/nixos/doc/manual/development/releases.xml
@ -10,7 +10,7 @@
  <title>Release process</title>
  <para>
-    Going through an example of releasing NixOS 15.09:
+    Going through an example of releasing NixOS 17.09:
  </para>
  <section xml:id="one-month-before-the-beta">
@ -18,13 +18,13 @@
    <itemizedlist spacing="compact">
      <listitem>
        <para>
-          Send an email to nix-dev mailinglist as a warning about upcoming beta "feature freeze" in a month.
+          Send an email to the nix-devel mailinglist as a warning about upcoming beta "feature freeze" in a month.
        </para>
      </listitem>
      <listitem>
        <para>
          Discuss with Eelco Dolstra and the community (via IRC, ML) about what will reach the deadline.
-          Any issue or Pull Request targeting the release should have assigned milestone.
+          Any issue or Pull Request targeting the release should be included in the release milestone.
        </para>
      </listitem>
    </itemizedlist>
@ -32,64 +32,6 @@
  <section xml:id="at-beta-release-time">
    <title>At beta release time</title>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Rename <literal>rl-unstable.xml</literal> -&gt;
          <literal>rl-1509.xml</literal>.
        </para>
      </listitem>
      <listitem>
        <para>
          <literal>git tag -a -m &quot;Release 15.09-beta&quot; 15.09-beta &amp;&amp; git push --tags</literal>
        </para>
      </listitem>
      <listitem>
        <para>
          From the master branch run <literal>git checkout -B release-15.09</literal>.
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixos-org-configurations/pull/18">
            Make sure channel is created at http://nixos.org/channels/.
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/settings/branches">
            Lock the branch on github (so developers can’t force push)
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/compare/bdf161ed8d21...6b63c4616790">bump
          <literal>system.defaultChannel</literal> attribute in
          <literal>nixos/modules/misc/version.nix</literal></link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/commit/d6b08acd1ccac0d9d502c4b635e00b04d3387f06">update
          <literal>versionSuffix</literal> in
          <literal>nixos/release.nix</literal></link>, use
          <literal>git log --format=%an|wc -l</literal> to get commit
          count
        </para>
      </listitem>
      <listitem>
        <para>
          <literal>echo -n &quot;16.03&quot; &gt; .version</literal> in
          master.
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/commit/b8a4095003e27659092892a4708bb3698231a842">pick
          a new name for unstable branch.</link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/issues/13559">Create
@ -99,26 +41,81 @@
      </listitem>
      <listitem>
        <para>
-          Use https://lwn.net/Vulnerabilities/ and 
+          <literal>git tag -a -s -m &quot;Release 17.09-beta&quot; 17.09-beta &amp;&amp; git push --tags</literal>
          <link xlink:href="https://github.com/NixOS/nixpkgs/search?utf8=%E2%9C%93&amp;q=vulnerabilities&amp;type=Issues">triage vulnerabilities in an issue</link>.
        </para>
      </listitem>
      <listitem>
        <para>
-          Create two Hydra jobsets: release-15.09 and release-15.09-small with <literal>stableBranch</literal> set to false
+          From the master branch run <literal>git checkout -B release-17.09</literal>.
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixos-org-configurations/pull/18">
            Make sure a channel is created at http://nixos.org/channels/.
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/settings/branches">
            Let a GitHub nixpkgs admin lock the branch on github for you.
            (so developers can’t force push)
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/compare/bdf161ed8d21...6b63c4616790">
            Bump the <literal>system.defaultChannel</literal> attribute in
            <literal>nixos/modules/misc/version.nix</literal>
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/commit/d6b08acd1ccac0d9d502c4b635e00b04d3387f06">
            Update <literal>versionSuffix</literal> in
          <literal>nixos/release.nix</literal></link>, use
          <literal>git log --format=%an|wc -l</literal> to get the commit
          count
        </para>
      </listitem>
      <listitem>
        <para>
          <literal>echo -n &quot;18.03&quot; &gt; .version</literal> on
          master.
        </para>
      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://github.com/NixOS/nixpkgs/commit/b8a4095003e27659092892a4708bb3698231a842">
            Pick a new name for the unstable branch.
          </link>
        </para>
      </listitem>
      <listitem>
        <para>
          Create a new release notes file for the upcoming release + 1, in this
          case <literal>rl-1803.xml</literal>.
        </para>
      </listitem>
      <listitem>
        <para>
          Create two Hydra jobsets: release-17.09 and release-17.09-small with <literal>stableBranch</literal> set to false.
        </para>
      </listitem>
      <listitem>
        <para>
          Edit changelog at
-          <literal>nixos/doc/manual/release-notes/rl-1509.xml</literal>
+          <literal>nixos/doc/manual/release-notes/rl-1709.xml</literal>
          (double check desktop versions are noted)
        </para>
        <itemizedlist spacing="compact">
          <listitem>
            <para>
              Get all new NixOS modules
-              <literal>git diff release-14.12..release-15.09 nixos/modules/module-list.nix|grep ^+</literal>
+              <literal>git diff release-17.03..release-17.09 nixos/modules/module-list.nix|grep ^+</literal>
            </para>
          </listitem>
          <listitem>
@ -130,9 +127,25 @@
      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="during-beta">
    <title>During Beta</title>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Monitor the master branch for bugfixes and minor updates
          and cherry-pick them to the release branch.
        </para>
      </listitem>
    </itemizedlist>
  </section>
  <section xml:id="before-the-final-release">
    <title>Before the final release</title>
    <itemizedlist spacing="compact">
      <listitem>
        <para>
          Re-check that the release notes are complete.
        </para>
      </listitem>
      <listitem>
        <para>
          Release Nix (currently only Eelco Dolstra can do that).
--- a/nixos/doc/manual/development/writing-modules.xml
+++ b/nixos/doc/manual/development/writing-modules.xml
@ -178,6 +178,7 @@ in {
 <xi:include href="option-declarations.xml" />
 <xi:include href="option-types.xml" />
 <xi:include href="option-def.xml" />
 <xi:include href="assertions.xml" />
 <xi:include href="meta-attributes.xml" />
 <xi:include href="replace-modules.xml" />
--- a/nixos/doc/manual/installation/installing-usb.xml
+++ b/nixos/doc/manual/installation/installing-usb.xml
@ -11,7 +11,7 @@ a USB stick. You can use the <command>dd</command> utility to write the image:
 <command>dd if=<replaceable>path-to-image</replaceable>
 of=<replaceable>/dev/sdb</replaceable></command>. Be careful about specifying the
 correct drive; you can use the <command>lsblk</command> command to get a list of
-block devices. If you're on OS X you can run <command>diskutil list</command>
+block devices. If you're on macOS you can run <command>diskutil list</command>
 to see the list of devices; the device you'll use for the USB must be ejected
 before writing the image.</para>
--- a/nixos/doc/manual/man-nixos-option.xml
+++ b/nixos/doc/manual/man-nixos-option.xml
@ -17,11 +17,16 @@
 <refsynopsisdiv>
  <cmdsynopsis>
    <command>nixos-option</command>
-    <arg choice='plain'><replaceable>option.name</replaceable></arg>
+    <arg>
      <option>-I</option>
      <replaceable>path</replaceable>
    </arg>
    <arg><option>--verbose</option></arg>
    <arg><option>--xml</option></arg>
    <arg choice="plain"><replaceable>option.name</replaceable></arg>
  </cmdsynopsis>
 </refsynopsisdiv>
 <refsection><title>Description</title>
 <para>This command evaluates the configuration specified in
@ -33,6 +38,45 @@ attributes contained in the attribute set.</para>
 </refsection>
 <refsection><title>Options</title>
 <para>This command accepts the following options:</para>
 <variablelist>
  <varlistentry>
    <term><option>-I</option> <replaceable>path</replaceable></term>
    <listitem>
      <para>
        This option is passed to the underlying
        <command>nix-instantiate</command> invocation.
      </para>
    </listitem>
  </varlistentry>
  <varlistentry>
    <term><option>--verbose</option></term>
    <listitem>
      <para>
        This option enables verbose mode, which currently is just
        the Bash <command>set</command> <option>-x</option> debug mode.
      </para>
    </listitem>
  </varlistentry>
  <varlistentry>
    <term><option>--xml</option></term>
    <listitem>
      <para>
        This option causes the output to be rendered as XML.
      </para>
    </listitem>
  </varlistentry>
 </variablelist>
 </refsection>
 <refsection><title>Environment</title>
 <variablelist>
--- a/nixos/doc/manual/release-notes/rl-1609.xml
+++ b/nixos/doc/manual/release-notes/rl-1609.xml
@ -176,7 +176,7 @@ following incompatible changes:</para>
  streamlined.  Desktop users should be able to simply set
  <programlisting>security.grsecurity.enable = true</programlisting> to get
  a reasonably secure system without having to sacrifice too much
-  functionality.  See <xref linkend="sec-grsecurity" /> for documentation
+  functionality.
  </para></listitem>
  <listitem><para>Special filesystems, like <literal>/proc</literal>,
--- a/nixos/doc/manual/release-notes/rl-1709.xml
+++ b/nixos/doc/manual/release-notes/rl-1709.xml
@ -10,6 +10,11 @@
 has the following highlights: </para>
 <itemizedlist>
  <listitem>
    <para>
      The GNOME version is now 3.24.
    </para>
  </listitem>
  <listitem>
    <para>
      The user handling now keeps track of deallocated UIDs/GIDs. When a user
@ -101,6 +106,9 @@ rmdir /var/lib/ipfs/.ipfs
    <para>
      The <literal>mysql</literal> default <literal>dataDir</literal> has changed from <literal>/var/mysql</literal> to <literal>/var/lib/mysql</literal>.
    </para>
    <para>
            Radicale's default package has changed from 1.x to 2.x. Instructions to migrate can be found <link xlink:href="http://radicale.org/1to2/"> here </link>. It is also possible to use the newer version by setting the <literal>package</literal> to <literal>radicale2</literal>, which is done automatically when <literal>stateVersion</literal> is 17.09 or higher. The <literal>extraArgs</literal> option has been added to allow passing the data migration arguments specified in the instructions; see the <filename xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/radicale.nix">radicale.nix</filename> NixOS test for an example migration.
    </para>
  </listitem>
  <listitem>
    <para>
@ -130,6 +138,70 @@ rmdir /var/lib/ipfs/.ipfs
      instead. Refer to the description of the options for more details.
    </para>
  </listitem>
  <listitem>
    <para>
      <literal>tlsdate</literal> package and module were removed. This is due to the project
      being dead and not building with openssl 1.1.
    </para>
  </listitem>
  <listitem>
    <para>
      <literal>wvdial</literal> package and module were removed. This is due to the project
      being dead and not building with openssl 1.1.
    </para>
  </listitem>
  <listitem>
    <para>
      <literal>cc-wrapper</literal>'s setup-hook now exports a number of
      environment variables corresponding to binutils binaries,
      (e.g. <envar>LD</envar>, <envar>STRIP</envar>, <envar>RANLIB</envar>,
      etc). This is done to prevent packages' build systems guessing, which is
      harder to predict, especially when cross-compiling. However, some packages
      have broken due to this—their build systems either not supporting, or
      claiming to support without adequate testing, taking such environment
      variables as parameters.
    </para>
  </listitem>
  <listitem>
    <para>
      <literal>services.firefox.syncserver</literal> now runs by default as a
      non-root user. To accomodate this change, the default sqlite database
      location has also been changed. Migration should work automatically.
      Refer to the description of the options for more details.
    </para>
  </listitem>
  <listitem>
    <para>
      The <literal>compiz</literal> window manager and package was
      removed. The system support had been broken for several years.
    </para>
  </listitem>
  <listitem>
    <para>
      Touchpad support should now be enabled through
      <literal>libinput</literal> as <literal>synaptics</literal> is
      now deprecated. See the option
      <literal>services.xserver.libinput.enable</literal>.
    </para>
  </listitem>
  <listitem>
    <para>
      grsecurity/PaX support has been dropped, following upstream's
      decision to cease free support.  See
      <link xlink:href="https://grsecurity.net/passing_the_baton.php">
      upstream's announcement</link> for more information.
      No complete replacement for grsecurity/PaX is available presently.
    </para>
  </listitem>
    <listitem>
    <para>
      The <literal>gnupg</literal> package used to suffix its programs
      with <literal>2</literal>, like <command>gpg2</command> and
      <command>gpgv2</command>. This suffix has since been dropped,
      and the programs are now simply <command>gpg</command>,
      <command>gpgv</command>, etc.
    </para>
  </listitem>
 </itemizedlist>
 <para>Other notable improvements:</para>
@ -157,6 +229,41 @@ rmdir /var/lib/ipfs/.ipfs
      module where user Fontconfig settings are available.
    </para>
  </listitem>
  <listitem>
    <para>
      ZFS/SPL have been updated to 0.7.0, <literal>zfsUnstable, splUnstable</literal>
      have therefore been removed.
    </para>
  </listitem>
  <listitem>
    <para>
      The <option>time.timeZone</option> option now allows the value
      <literal>null</literal> in addition to timezone strings. This value
      allows changing the timezone of a system imperatively using
      <command>timedatectl set-timezone</command>. The default timezone
      is still UTC.
    </para>
  </listitem>
  <listitem>
    <para>
      Nixpkgs overlays may now be specified with a file as well as a directory. The
      value of <literal>&lt;nixpkgs-overlays></literal> may be a file, and
      <filename>~/.config/nixpkgs/overlays.nix</filename> can be used instead of the
      <filename>~/.config/nixpkgs/overalys</filename> directory.
    </para>
    <para>
      See the overlays chapter of the Nixpkgs manual for more details.
    </para>
  </listitem>
  <listitem>
    <para>
      <literal>sha256</literal> argument value of
      <literal>dockerTools.pullImage</literal> expression must be
      updated since the mechanism to download the image has been
      changed. Skopeo is now used to pull the image instead of the
      Docker daemon.
    </para>
  </listitem>
 </itemizedlist>
--- a/nixos/doc/manual/release-notes/rl-1803.xml
+++ b/nixos/doc/manual/release-notes/rl-1803.xml
@ -0,0 +1,46 @@
 <section xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="sec-release-18.03">
 <title>Release 18.03 (“Impala”, 2018/03/??)</title>
 <para>In addition to numerous new and upgraded packages, this release
 has the following highlights: </para>
 <itemizedlist>
  <listitem>
    <para>
    </para>
  </listitem>
 </itemizedlist>
 <para>The following new services were added since the last release:</para>
 <itemizedlist>
  <listitem>
    <para></para>
  </listitem>
 </itemizedlist>
 <para>When upgrading from a previous release, please be aware of the
 following incompatible changes:</para>
 <itemizedlist>
  <listitem>
    <para>
    </para>
  </listitem>
 </itemizedlist>
 <para>Other notable improvements:</para>
 <itemizedlist>
  <listitem>
    <para>
    </para>
  </listitem>
 </itemizedlist>
 </section>
--- a/nixos/lib/make-disk-image.nix
+++ b/nixos/lib/make-disk-image.nix
@ -39,19 +39,13 @@
 with lib;
 let
-  # Copied from https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/installer/cd-dvd/channel.nix
+  extensions = {
-  # TODO: factor out more cleanly
+    qcow2 = "qcow2";
    vpc   = "vhd";
    raw   = "img";
  };
-  # Do not include these things:
+  nixpkgs = lib.cleanSource pkgs.path;
  #   - The '.git' directory
  #   - Result symlinks from nix-build ('result', 'result-2', 'result-bin', ...)
  #   - VIM/Emacs swap/backup files ('.swp', '.swo', '.foo.swp', 'foo~', ...)
  filterFn = path: type: let basename = baseNameOf (toString path); in
    if type == "directory" then basename != ".git"
    else if type == "symlink" then builtins.match "^result(|-.*)$" basename == null
    else builtins.match "^((|\..*)\.sw[a-z]|.*~)$" basename == null;
  nixpkgs = builtins.filterSource filterFn pkgs.path;
  channelSources = pkgs.runCommand "nixos-${config.system.nixosVersion}" {} ''
    mkdir -p $out
@ -142,8 +136,8 @@ in pkgs.vmTools.runInLinuxVM (
          mv $diskImage $out/nixos.img
          diskImage=$out/nixos.img
        '' else ''
-          ${pkgs.qemu}/bin/qemu-img convert -f raw -O qcow2 $diskImage $out/nixos.qcow2
+          ${pkgs.qemu}/bin/qemu-img convert -f raw -O ${format} $diskImage $out/nixos.${extensions.${format}}
-          diskImage=$out/nixos.qcow2
+          diskImage=$out/nixos.${extensions.${format}}
        ''}
        ${postVM}
      '';
--- a/nixos/lib/make-ext4-fs.nix
+++ b/nixos/lib/make-ext4-fs.nix
@ -33,7 +33,7 @@ pkgs.stdenv.mkDerivation {
      echo "Creating an EXT4 image of $bytes bytes (numInodes=$numInodes, numDataBlocks=$numDataBlocks)"
      truncate -s $bytes $out
-      faketime "1970-01-01 00:00:00" mkfs.ext4 -L ${volumeLabel} -U 44444444-4444-4444-8888-888888888888 $out
+      faketime -f "1970-01-01 00:00:01" mkfs.ext4 -L ${volumeLabel} -U 44444444-4444-4444-8888-888888888888 $out
      # Populate the image contents by piping a bunch of commands to the `debugfs` tool from e2fsprogs.
      # For example, to copy /nix/store/abcd...efg-coreutils-8.23/bin/sleep:
@ -76,7 +76,7 @@ pkgs.stdenv.mkDerivation {
          echo sif $file gid 30000 # chgrp to nixbld
        done
-      ) | faketime "1970-01-01 00:00:00" debugfs -w $out -f /dev/stdin > errorlog 2>&1
+      ) | faketime -f "1970-01-01 00:00:01" debugfs -w $out -f /dev/stdin > errorlog 2>&1
      # The debugfs tool doesn't terminate on error nor exit with a non-zero status. Check manually.
      if egrep -q 'Could not allocate|File not found' errorlog; then
--- a/nixos/maintainers/option-usages.nix
+++ b/nixos/maintainers/option-usages.nix
@ -77,7 +77,6 @@ let
  excludedOptions = [
    "boot.systemd.services"
    "systemd.services"
    "environment.gnome3.packageSet"
    "kde.extraPackages"
  ];
  excludeOptions = list:
--- a/nixos/maintainers/scripts/ec2/amazon-image.nix
+++ b/nixos/maintainers/scripts/ec2/amazon-image.nix
@ -22,15 +22,26 @@ in {
        generated image. Glob patterns work.
      '';
    };
    sizeMB = mkOption {
      type = types.int;
      default = if config.ec2.hvm then 2048 else 8192;
      description = "The size in MB of the image";
    };
    format = mkOption {
      type = types.enum [ "raw" "qcow2" "vpc" ];
      default = "qcow2";
      description = "The image format to output";
    };
  };
  config.system.build.amazonImage = import ../../../lib/make-disk-image.nix {
    inherit lib config;
-    inherit (cfg) contents;
+    inherit (cfg) contents format;
    pkgs = import ../../../.. { inherit (pkgs) system; }; # ensure we use the regular qemu-kvm package
    partitioned = config.ec2.hvm;
-    diskSize = if config.ec2.hvm then 2048 else 8192;
+    diskSize = cfg.sizeMB;
    format = "qcow2";
    configFile = pkgs.writeText "configuration.nix"
      ''
        {
@ -41,5 +52,4 @@ in {
        }
      '';
  };
 }
--- a/nixos/maintainers/scripts/openstack/nova-image.nix
+++ b/nixos/maintainers/scripts/openstack/nova-image.nix
@ -1,3 +1,5 @@
 # nix-build '<nixpkgs/nixos>' -A config.system.build.novaImage --arg configuration "{ imports = [ ./nixos/maintainers/scripts/openstack/nova-image.nix ]; }"
 { config, lib, pkgs, ... }:
 with lib;
--- a/nixos/modules/config/fonts/fontconfig-ultimate.nix
+++ b/nixos/modules/config/fonts/fontconfig-ultimate.nix
@ -53,7 +53,7 @@ in
          };
          substitutions = mkOption {
-            type = types.nullOr (types.enum ["free" "combi" "ms"]);
+            type = types.enum ["free" "combi" "ms" "none"];
            default = "free";
            description = ''
              Font substitutions to replace common Type 1 fonts with nicer
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@ -43,7 +43,7 @@ with lib;
          <literal>"all"</literal> means that all locales supported by
          Glibc will be installed.  A full list of supported locales
          can be found at <link
-          xlink:href="http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc"/>.
+          xlink:href="https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED"/>.
        '';
      };
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@ -20,12 +20,26 @@ in
  options = {
    networking.hosts = lib.mkOption {
      type = types.attrsOf ( types.listOf types.str );
      default = {};
      example = literalExample ''
        {
          "127.0.0.1" = [ "foo.bar.baz" ];
          "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
        };
      '';
      description = ''
        Locally defined maps of hostnames to IP addresses.
      '';
    };
    networking.extraHosts = lib.mkOption {
      type = types.lines;
      default = "";
      example = "192.168.0.1 lanlocalhost";
      description = ''
-        Additional entries to be appended to <filename>/etc/hosts</filename>.
+        Additional verbatim entries to be appended to <filename>/etc/hosts</filename>.
      '';
    };
@ -188,11 +202,22 @@ in
        # /etc/hosts: Hostname-to-IP mappings.
        "hosts".text =
          let oneToString = set : ip : ip + " " + concatStringsSep " " ( getAttr ip set );
              allToString = set : concatMapStringsSep "\n" ( oneToString set ) ( attrNames set );
              userLocalHosts = optionalString
                ( builtins.hasAttr "127.0.0.1" cfg.hosts )
                ( concatStringsSep " " ( remove "localhost" cfg.hosts."127.0.0.1" ));
              userLocalHosts6 = optionalString
                ( builtins.hasAttr "::1" cfg.hosts )
                ( concatStringsSep " " ( remove "localhost" cfg.hosts."::1" ));
              otherHosts = allToString ( removeAttrs cfg.hosts [ "127.0.0.1" "::1" ]);
          in
          ''
-            127.0.0.1 localhost
+            127.0.0.1 ${userLocalHosts} localhost
            ${optionalString cfg.enableIPv6 ''
-              ::1 localhost
+              ::1 ${userLocalHosts6} localhost
            ''}
            ${otherHosts}
            ${cfg.extraHosts}
          '';
--- a/nixos/modules/config/no-x-libs.nix
+++ b/nixos/modules/config/no-x-libs.nix
@ -26,7 +26,16 @@ with lib;
    fonts.fontconfig.enable = false;
-    nixpkgs.config.packageOverrides = pkgs:
+    nixpkgs.config.packageOverrides = pkgs: {
-      { dbus = pkgs.dbus.override { x11Support = false; }; };
+      dbus = pkgs.dbus.override { x11Support = false; };
      networkmanager_fortisslvpn = pkgs.networkmanager_fortisslvpn.override { withGnome = false; };
      networkmanager_l2tp = pkgs.networkmanager_l2tp.override { withGnome = false; };
      networkmanager_openconnect = pkgs.networkmanager_openconnect.override { withGnome = false; };
      networkmanager_openvpn = pkgs.networkmanager_openvpn.override { withGnome = false; };
      networkmanager_pptp = pkgs.networkmanager_pptp.override { withGnome = false; };
      networkmanager_vpnc = pkgs.networkmanager_vpnc.override { withGnome = false; };
      networkmanager_iodine = pkgs.networkmanager_iodine.override { withGnome = false; };
      pinentry = pkgs.pinentry.override { gtk2 = null; qt4 = null; };
    };
  };
 }
--- a/nixos/modules/config/nsswitch.nix
+++ b/nixos/modules/config/nsswitch.nix
@ -28,7 +28,8 @@ let
  passwdArray = [ "files" ]
    ++ optional sssd "sss"
    ++ optionals ldap [ "ldap" ]
-    ++ optionals mymachines [ "mymachines" ];
+    ++ optionals mymachines [ "mymachines" ]
    ++ [ "systemd" ];
  shadowArray = [ "files" ]
    ++ optional sssd "sss"
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@ -224,7 +224,7 @@ in {
      # Allow PulseAudio to get realtime priority using rtkit.
      security.rtkit.enable = true;
-      systemd.packages = [ cfg.package ];
+      systemd.packages = [ overriddenPackage ];
    })
    (mkIf hasZeroconf {
--- a/nixos/modules/config/swap.nix
+++ b/nixos/modules/config/swap.nix
@ -5,6 +5,52 @@ with lib;
 let
  randomEncryptionCoerce = enable: { inherit enable; };
  randomEncryptionOpts = { ... }: {
    options = {
      enable = mkOption {
        default = false;
        type = types.bool;
        description = ''
          Encrypt swap device with a random key. This way you won't have a persistent swap device.
          WARNING: Don't try to hibernate when you have at least one swap partition with
          this option enabled! We have no way to set the partition into which hibernation image
          is saved, so if your image ends up on an encrypted one you would lose it!
          WARNING #2: Do not use /dev/disk/by-uuid/… or /dev/disk/by-label/… as your swap device
          when using randomEncryption as the UUIDs and labels will get erased on every boot when
          the partition is encrypted. Best to use /dev/disk/by-partuuid/…
        '';
      };
      cipher = mkOption {
        default = "aes-xts-plain64";
        example = "serpent-xts-plain64";
        type = types.str;
        description = ''
          Use specified cipher for randomEncryption.
          Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine.
        '';
      };
      source = mkOption {
        default = "/dev/urandom";
        example = "/dev/random";
        type = types.str;
        description = ''
          Define the source of randomness to obtain a random key for encryption.
        '';
      };
    };
  };
  swapCfg = {config, options, ...}: {
    options = {
@ -47,10 +93,17 @@ let
      randomEncryption = mkOption {
        default = false;
-        type = types.bool;
+        example = {
          enable = true;
          cipher = "serpent-xts-plain64";
          source = "/dev/random";
        };
        type = types.coercedTo types.bool randomEncryptionCoerce (types.submodule randomEncryptionOpts);
        description = ''
          Encrypt swap device with a random key. This way you won't have a persistent swap device.
          HINT: run "cryptsetup benchmark" to test cipher performance on your machine.
          WARNING: Don't try to hibernate when you have at least one swap partition with
          this option enabled! We have no way to set the partition into which hibernation image
          is saved, so if your image ends up on an encrypted one you would lose it!
@ -77,7 +130,7 @@ let
      device = mkIf options.label.isDefined
        "/dev/disk/by-label/${config.label}";
      deviceName = lib.replaceChars ["\\"] [""] (escapeSystemdPath config.device);
-      realDevice = if config.randomEncryption then "/dev/mapper/${deviceName}" else config.device;
+      realDevice = if config.randomEncryption.enable then "/dev/mapper/${deviceName}" else config.device;
    };
  };
@ -125,14 +178,14 @@ in
        createSwapDevice = sw:
          assert sw.device != "";
-          assert !(sw.randomEncryption && lib.hasPrefix "/dev/disk/by-uuid"  sw.device);
+          assert !(sw.randomEncryption.enable && lib.hasPrefix "/dev/disk/by-uuid"  sw.device);
-          assert !(sw.randomEncryption && lib.hasPrefix "/dev/disk/by-label" sw.device);
+          assert !(sw.randomEncryption.enable && lib.hasPrefix "/dev/disk/by-label" sw.device);
          let realDevice' = escapeSystemdPath sw.realDevice;
          in nameValuePair "mkswap-${sw.deviceName}"
          { description = "Initialisation of swap device ${sw.device}";
            wantedBy = [ "${realDevice'}.swap" ];
            before = [ "${realDevice'}.swap" ];
-            path = [ pkgs.utillinux ] ++ optional sw.randomEncryption pkgs.cryptsetup;
+            path = [ pkgs.utillinux ] ++ optional sw.randomEncryption.enable pkgs.cryptsetup;
            script =
              ''
@ -145,13 +198,11 @@ in
                      truncate --size "${toString sw.size}M" "${sw.device}"
                    fi
                    chmod 0600 ${sw.device}
-                    ${optionalString (!sw.randomEncryption) "mkswap ${sw.realDevice}"}
+                    ${optionalString (!sw.randomEncryption.enable) "mkswap ${sw.realDevice}"}
                  fi
                ''}
-                ${optionalString sw.randomEncryption ''
+                ${optionalString sw.randomEncryption.enable ''
-                  echo "secretkey" | cryptsetup luksFormat --batch-mode ${sw.device}
+                  cryptsetup plainOpen -c ${sw.randomEncryption.cipher} -d ${sw.randomEncryption.source} ${sw.device} ${sw.deviceName}
                  echo "secretkey" | cryptsetup luksOpen ${sw.device} ${sw.deviceName}
                  cryptsetup luksErase --batch-mode ${sw.device}
                  mkswap ${sw.realDevice}
                ''}
              '';
@ -159,12 +210,12 @@ in
            unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ];
            unitConfig.DefaultDependencies = false; # needed to prevent a cycle
            serviceConfig.Type = "oneshot";
-            serviceConfig.RemainAfterExit = sw.randomEncryption;
+            serviceConfig.RemainAfterExit = sw.randomEncryption.enable;
-            serviceConfig.ExecStop = optionalString sw.randomEncryption "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}";
+            serviceConfig.ExecStop = optionalString sw.randomEncryption.enable "${pkgs.cryptsetup}/bin/cryptsetup luksClose ${sw.deviceName}";
            restartIfChanged = false;
          };
-      in listToAttrs (map createSwapDevice (filter (sw: sw.size != null || sw.randomEncryption) config.swapDevices));
+      in listToAttrs (map createSwapDevice (filter (sw: sw.size != null || sw.randomEncryption.enable) config.swapDevices));
  };
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@ -118,6 +118,9 @@ in
        "/share/themes"
        "/share/vim-plugins"
        "/share/vulkan"
        "/share/kservices5"
        "/share/kservicetypes5"
        "/share/kxmlgui5"
      ];
    system.path = pkgs.buildEnv {
--- a/nixos/modules/config/timezone.nix
+++ b/nixos/modules/config/timezone.nix
@ -14,13 +14,16 @@ in
    time = {
      timeZone = mkOption {
-        default = "UTC";
+        default = null;
-        type = types.str;
+        type = types.nullOr types.str;
        example = "America/New_York";
        description = ''
          The time zone used when displaying times and dates. See <link
          xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>
          for a comprehensive list of possible values for this setting.
          If null, the timezone will default to UTC and can be set imperatively
          using timedatectl.
        '';
      };
@ -40,13 +43,14 @@ in
    # This way services are restarted when tzdata changes.
    systemd.globalEnvironment.TZDIR = tzdir;
-    environment.etc.localtime =
+    systemd.services.systemd-timedated.environment = lib.optionalAttrs (config.time.timeZone != null) { NIXOS_STATIC_TIMEZONE = "1"; };
-      { source = "/etc/zoneinfo/${config.time.timeZone}";
+
-        mode = "direct-symlink";
+    environment.etc = {
      zoneinfo.source = tzdir;
    } // lib.optionalAttrs (config.time.timeZone != null) {
        localtime.source = "/etc/zoneinfo/${config.time.timeZone}";
        localtime.mode = "direct-symlink";
      };
    environment.etc.zoneinfo.source = tzdir;
  };
 }
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@ -527,7 +527,7 @@ in {
      input.gid = ids.gids.input;
    };
-    system.activationScripts.users = stringAfter [ "etc" ]
+    system.activationScripts.users = stringAfter [ "stdio" ]
      ''
        ${pkgs.perl}/bin/perl -w \
          -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl \
--- a/nixos/modules/hardware/mcelog.nix
+++ b/nixos/modules/hardware/mcelog.nix
@ -3,7 +3,7 @@
 with lib;
 {
-  meta.maintainers = [ maintainers.grahamc ];
+  meta.maintainers = with maintainers; [ grahamc ];
  options = {
    hardware.mcelog = {
@ -19,19 +19,17 @@ with lib;
  };
  config = mkIf config.hardware.mcelog.enable {
-    systemd.services.mcelog = {
+    systemd = {
-      description = "Machine Check Exception Logging Daemon";
+      packages = [ pkgs.mcelog ];
      wantedBy = [ "multi-user.target" ];
-      serviceConfig = {
+      services.mcelog = {
-        ExecStart = "${pkgs.mcelog}/bin/mcelog --daemon --foreground";
+        wantedBy = [ "multi-user.target" ];
-        SuccessExitStatus = [ 0 15 ];
+        serviceConfig = {
-
+          ProtectHome = true;
-        ProtectHome = true;
+          PrivateNetwork = true;
-        PrivateNetwork = true;
+          PrivateTmp = true;
-        PrivateTmp = true;
+        };
      };
    };
  };
 }
--- a/nixos/modules/hardware/raid/hpsa.nix
+++ b/nixos/modules/hardware/raid/hpsa.nix
@ -0,0 +1,61 @@
 { config, lib, pkgs, ... }:
 with lib;
 let
  hpssacli = pkgs.stdenv.mkDerivation rec {
    name = "hpssacli-${version}";
    version = "2.40-13.0";
    src = pkgs.fetchurl {
      url = "http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/${name}_amd64.deb";
      sha256 = "11w7fwk93lmfw0yya4jpjwdmgjimqxx6412sqa166g1pz4jil4sw";
    };
    nativeBuildInputs = [ pkgs.dpkg ];
    unpackPhase = "dpkg -x $src ./";
    installPhase = ''
      mkdir -p $out/bin $out/share/doc $out/share/man
      mv opt/hp/hpssacli/bld/{hpssascripting,hprmstr,hpssacli} $out/bin/
      mv opt/hp/hpssacli/bld/*.{license,txt}                   $out/share/doc/
      mv usr/man                                               $out/share/
      for file in $out/bin/*; do
        chmod +w $file
        patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" \
                 --set-rpath ${lib.makeLibraryPath [ pkgs.stdenv.cc.cc ]} \
                 $file
      done
    '';
    dontStrip = true;
    meta = with lib; {
      description = "HP Smart Array CLI";
      homepage = http://downloads.linux.hpe.com/SDR/downloads/MCP/Ubuntu/pool/non-free/;
      license = licenses.unfreeRedistributable;
      platforms = [ "x86_64-linux" ];
      maintainers = with maintainers; [ volth ];
    };
  };
 in {
  ###### interface
  options = {
    hardware.raid.HPSmartArray = {
      enable = mkEnableOption "HP Smart Array kernel modules and CLI utility";
    };
  };
  ###### implementation
  config = mkIf config.hardware.raid.HPSmartArray.enable {
    boot.initrd.kernelModules = [ "sg" ]; /* hpssacli wants it */
    boot.initrd.availableKernelModules = [ "hpsa" ];
    environment.systemPackages = [ hpssacli ];
  };
 }
--- a/nixos/modules/installer/cd-dvd/channel.nix
+++ b/nixos/modules/installer/cd-dvd/channel.nix
@ -6,16 +6,7 @@
 with lib;
 let
-  # Do not include these things:
+  nixpkgs = lib.cleanSource pkgs.path;
  #   - The '.git' directory
  #   - Result symlinks from nix-build ('result', 'result-2', 'result-bin', ...)
  #   - VIM/Emacs swap/backup files ('.swp', '.swo', '.foo.swp', 'foo~', ...)
  filterFn = path: type: let basename = baseNameOf (toString path); in
    if type == "directory" then basename != ".git"
    else if type == "symlink" then builtins.match "^result(|-.*)$" basename == null
    else builtins.match "^((|\..*)\.sw[a-z]|.*~)$" basename == null;
  nixpkgs = builtins.filterSource filterFn pkgs.path;
  # We need a copy of the Nix expressions for Nixpkgs and NixOS on the
  # CD.  These are installed into the "nixos" channel of the root
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@ -46,17 +46,24 @@ let
    # A variant to boot with 'nomodeset'
    LABEL boot-nomodeset
-    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (with nomodeset)
+    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (nomodeset)
    LINUX /boot/bzImage
    APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset
    INITRD /boot/initrd
    # A variant to boot with 'copytoram'
    LABEL boot-copytoram
-    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (with copytoram)
+    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (copytoram)
    LINUX /boot/bzImage
    APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} copytoram
    INITRD /boot/initrd
    # A variant to boot with verbose logging to the console
    LABEL boot-nomodeset
    MENU LABEL NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (debug)
    LINUX /boot/bzImage
    APPEND init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} loglevel=7
    INITRD /boot/initrd
  '';
  isolinuxMemtest86Entry = ''
@ -74,25 +81,43 @@ let
    cp -v ${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi
    mkdir -p $out/loader/entries
-    echo "title NixOS Live CD" > $out/loader/entries/nixos-livecd.conf
+    cat << EOF > $out/loader/entries/nixos-iso.conf
-    echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd.conf
+    title NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel}
-    echo "initrd /boot/initrd" >> $out/loader/entries/nixos-livecd.conf
+    linux /boot/bzImage
-    echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> $out/loader/entries/nixos-livecd.conf
+    initrd /boot/initrd
    options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
    EOF
    # A variant to boot with 'nomodeset'
-    echo "title NixOS Live CD (with nomodeset)" > $out/loader/entries/nixos-livecd-nomodeset.conf
+    cat << EOF > $out/loader/entries/nixos-iso-nomodeset.conf
-    echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+    title NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel}
-    echo "initrd /boot/initrd" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+    version nomodeset
-    echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset" >> $out/loader/entries/nixos-livecd-nomodeset.conf
+    linux /boot/bzImage
    initrd /boot/initrd
    options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} nomodeset
    EOF
    # A variant to boot with 'copytoram'
-    echo "title NixOS Live CD (with copytoram)" > $out/loader/entries/nixos-livecd-copytoram.conf
+    cat << EOF > $out/loader/entries/nixos-iso-copytoram.conf
-    echo "linux /boot/bzImage" >> $out/loader/entries/nixos-livecd-copytoram.conf
+    title NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel}
-    echo "initrd /boot/initrd" >> $out/loader/entries/nixos-livecd-copytoram.conf
+    version copytoram
-    echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} copytoram" >> $out/loader/entries/nixos-livecd-copytoram.conf
+    linux /boot/bzImage
    initrd /boot/initrd
    options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} copytoram
    EOF
-    echo "default nixos-livecd" > $out/loader/loader.conf
+    # A variant to boot with verbose logging to the console
-    echo "timeout ${builtins.toString config.boot.loader.timeout}" >> $out/loader/loader.conf
+    cat << EOF > $out/loader/entries/nixos-iso-debug.conf
    title NixOS ${config.system.nixosVersion}${config.isoImage.appendToMenuLabel} (debug)
    linux /boot/bzImage
    initrd /boot/initrd
    options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams} loglevel=7
    EOF
    cat << EOF > $out/loader/loader.conf
    default nixos-iso
    timeout ${builtins.toString config.boot.loader.timeout}
    EOF
  '';
  efiImg = pkgs.runCommand "efi-image_eltorito" { buildInputs = [ pkgs.mtools pkgs.libfaketime ]; }
--- a/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
+++ b/nixos/modules/installer/cd-dvd/sd-image-aarch64.nix
@ -27,7 +27,8 @@ in
  boot.loader.generic-extlinux-compatible.enable = true;
  boot.kernelPackages = pkgs.linuxPackages_latest;
-  boot.kernelParams = ["console=ttyS0,115200n8" "console=tty0"];
+  # Increase the amount of CMA to ensure the virtual console on the RPi3 works.
  boot.kernelParams = ["cma=32M" "console=ttyS0,115200n8" "console=tty0"];
  boot.consoleLogLevel = 7;
  # FIXME: this probably should be in installation-device.nix
--- a/nixos/modules/installer/tools/auto-upgrade.nix
+++ b/nixos/modules/installer/tools/auto-upgrade.nix
@ -76,7 +76,7 @@ let cfg = config.system.autoUpgrade; in
      environment = config.nix.envVars //
        { inherit (config.environment.sessionVariables) NIX_PATH;
          HOME = "/root";
-        };
+        } // config.networking.proxy.envVars;
      path = [ pkgs.gnutar pkgs.xz.bin config.nix.package.out ];
--- a/nixos/modules/installer/tools/nix-fallback-paths.nix
+++ b/nixos/modules/installer/tools/nix-fallback-paths.nix
@ -1,5 +1,5 @@
 {
-  x86_64-linux = "/nix/store/avwiw7hb1qckag864sc6ixfxr8qmf94w-nix-1.11.13";
+  x86_64-linux = "/nix/store/b4s1gxiis1ryvybnjhdjvgc5sr1nq0ys-nix-1.11.15";
-  i686-linux = "/nix/store/8wv3ms0afw95hzsz4lxzv0nj4w3614z9-nix-1.11.13";
+  i686-linux = "/nix/store/kgb5hs7qw13bvb6icramv1ry9dard3h9-nix-1.11.15";
-  x86_64-darwin = "/nix/store/z21lvakv1l7lhasmv5fvaz8mlzxia8k9-nix-1.11.13";
+  x86_64-darwin = "/nix/store/dgwz3dxdzs2wwd7pg7cdhvl8rv0qpnbj-nix-1.11.15";
 }
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@ -583,9 +583,15 @@ $bootLoaderConfig
  # List packages installed in system profile. To search by name, run:
  # \$ nix-env -qaP | grep wget
  # environment.systemPackages = with pkgs; [
-  #   wget
+  #   wget vim
  # ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.bash.enableCompletion = true;
  # programs.mtr.enable = true;
  # programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
@ -605,6 +611,9 @@ $bootLoaderConfig
  # services.xserver.layout = "us";
  # services.xserver.xkbOptions = "eurosign:e";
  # Enable touchpad support.
  # services.xserver.libinput.enable = true;
  # Enable the KDE Desktop Environment.
  # services.xserver.displayManager.sddm.enable = true;
  # services.xserver.desktopManager.plasma5.enable = true;
@ -615,8 +624,11 @@ $bootLoaderConfig
  #   uid = 1000;
  # };
-  # The NixOS release to be compatible with for stateful data such as databases.
+  # This value determines the NixOS release with which your system is to be
-  system.stateVersion = "${\(qw(@nixosRelease@))}";
+  # compatible, in order to avoid breaking some software such as database
  # servers. You should change this only after NixOS release notes say you
  # should.
  system.stateVersion = "${\(qw(@nixosRelease@))}"; # Did you read the comment?
 }
 EOF
--- a/nixos/modules/installer/tools/nixos-install.sh
+++ b/nixos/modules/installer/tools/nixos-install.sh
@ -106,8 +106,11 @@ extraBuildFlags+=(--option "build-users-group" "$buildUsersGroup")
 binary_caches="$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')"
 extraBuildFlags+=(--option "binary-caches" "$binary_caches")
-nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")"
+# We only need nixpkgs in the path if we don't already have a system closure to install
-export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG"
+if [[ -z "$closure" ]]; then
    nixpkgs="$(readlink -f "$(nix-instantiate --find-file nixpkgs)")"
    export NIX_PATH="nixpkgs=$nixpkgs:nixos-config=$mountPoint/$NIXOS_CONFIG"
 fi
 unset NIXOS_CONFIG
 # TODO: do I need to set NIX_SUBSTITUTERS here or is the --option binary-caches above enough?
@ -123,6 +126,9 @@ function closure() {
 }
 system_closure="$tmpdir/system.closure"
 # Use a FIFO for piping nix-store --export into nix-store --import, saving disk
 # I/O and space. nix-store --import is run by nixos-prepare-root.
 mkfifo $system_closure
 if [ -z "$closure" ]; then
    expr="(import <nixpkgs/nixos> {}).system"
@ -132,7 +138,9 @@ else
    system_root=$closure
    # Create a temporary file ending in .closure (so nixos-prepare-root knows to --import it) to transport the store closure
    # to the filesytem we're preparing. Also delete it on exit!
-    nix-store --export $(nix-store -qR $closure) > $system_closure
+    # Run in background to avoid blocking while trying to write to the FIFO
    # $system_closure refers to
    nix-store --export $(nix-store -qR $closure) > $system_closure &
 fi
 channel_root="$(nix-env -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")"
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@ -214,7 +214,7 @@
      plex = 193;
      grafana = 196;
      skydns = 197;
-      ripple-rest = 198;
+      # ripple-rest = 198; # unused, removed 2017-08-12
      nix-serve = 199;
      tvheadend = 200;
      uwsgi = 201;
@ -254,7 +254,6 @@
      hydra-queue-runner = 235;
      hydra-www = 236;
      syncthing = 237;
      mfi = 238;
      caddy = 239;
      taskd = 240;
      factorio = 241;
@ -335,7 +334,7 @@
      dialout = 27;
      #polkituser = 28; # currently unused, polkitd doesn't need a group
      utmp = 29;
-      #ddclient = 30; # unused
+      ddclient = 30;
      davfs2 = 31;
      disnix = 33;
      osgi = 34;
@ -427,7 +426,7 @@
      teamspeak = 124;
      influxdb = 125;
      nsd = 126;
-      #gitolite = 127; # unused
+      gitolite = 127;
      znc = 128;
      polipo = 129;
      mopidy = 130;
@ -489,7 +488,7 @@
      sabnzbd = 194;
      #grafana = 196; #unused
      #skydns = 197; #unused
-      #ripple-rest = 198; #unused
+      # ripple-rest = 198; # unused, removed 2017-08-12
      #nix-serve = 199; #unused
      #tvheadend = 200; #unused
      uwsgi = 201;
@ -522,7 +521,6 @@
      octoprint = 230;
      radicale = 234;
      syncthing = 237;
      #mfi = 238; # unused
      caddy = 239;
      taskd = 240;
      factorio = 241;
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@ -95,7 +95,7 @@ in
      nixosVersionSuffix = mkIf (pathIsDirectory gitRepo) (mkDefault (".git." + gitCommitId));
      # Note: code names must only increase in alphabetical order.
-      nixosCodeName = "Hummingbird";
+      nixosCodeName = "Impala";
    };
    # Generate /etc/os-release.  See
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -43,6 +43,7 @@
  ./hardware/nitrokey.nix
  ./hardware/opengl.nix
  ./hardware/pcmcia.nix
  ./hardware/raid/hpsa.nix
  ./hardware/usb-wwan.nix
  ./hardware/video/amdgpu.nix
  ./hardware/video/amdgpu-pro.nix
@ -91,6 +92,7 @@
  ./programs/mosh.nix
  ./programs/mtr.nix
  ./programs/nano.nix
  ./programs/npm.nix
  ./programs/oblogout.nix
  ./programs/qt5ct.nix
  ./programs/screen.nix
@ -105,7 +107,6 @@
  ./programs/venus.nix
  ./programs/vim.nix
  ./programs/wireshark.nix
  ./programs/wvdial.nix
  ./programs/xfs_quota.nix
  ./programs/xonsh.nix
  ./programs/zsh/oh-my-zsh.nix
@ -121,7 +122,6 @@
  ./security/chromium-suid-sandbox.nix
  ./security/dhparams.nix
  ./security/duosec.nix
  ./security/grsecurity.nix
  ./security/hidepid.nix
  ./security/lock-kernel-modules.nix
  ./security/oath.nix
@ -157,7 +157,9 @@
  ./services/backup/tarsnap.nix
  ./services/backup/znapzend.nix
  ./services/cluster/fleet.nix
-  ./services/cluster/kubernetes.nix
+  ./services/cluster/kubernetes/default.nix
  ./services/cluster/kubernetes/dns.nix
  ./services/cluster/kubernetes/dashboard.nix
  ./services/cluster/panamax.nix
  ./services/computing/boinc/client.nix
  ./services/computing/torque/server.nix
@ -166,6 +168,7 @@
  ./services/continuous-integration/buildbot/master.nix
  ./services/continuous-integration/buildbot/worker.nix
  ./services/continuous-integration/buildkite-agent.nix
  ./services/continuous-integration/hail.nix
  ./services/continuous-integration/hydra/default.nix
  ./services/continuous-integration/gitlab-runner.nix
  ./services/continuous-integration/gocd-agent/default.nix
@ -186,6 +189,7 @@
  ./services/databases/neo4j.nix
  ./services/databases/openldap.nix
  ./services/databases/opentsdb.nix
  ./services/databases/postage.nix
  ./services/databases/postgresql.nix
  ./services/databases/redis.nix
  ./services/databases/riak.nix
@ -203,6 +207,7 @@
  ./services/desktops/gnome3/gnome-online-miners.nix
  ./services/desktops/gnome3/gnome-terminal-server.nix
  ./services/desktops/gnome3/gnome-user-share.nix
  ./services/desktops/gnome3/gpaste.nix
  ./services/desktops/gnome3/gvfs.nix
  ./services/desktops/gnome3/seahorse.nix
  ./services/desktops/gnome3/sushi.nix
@ -224,6 +229,7 @@
  ./services/hardware/brltty.nix
  ./services/hardware/freefall.nix
  ./services/hardware/illum.nix
  ./services/hardware/interception-tools.nix
  ./services/hardware/irqbalance.nix
  ./services/hardware/nvidia-optimus.nix
  ./services/hardware/pcscd.nix
@ -268,6 +274,7 @@
  ./services/mail/rspamd.nix
  ./services/mail/rmilter.nix
  ./services/mail/nullmailer.nix
  ./services/misc/airsonic.nix
  ./services/misc/apache-kafka.nix
  ./services/misc/autofs.nix
  ./services/misc/autorandr.nix
@ -297,10 +304,12 @@
  ./services/misc/gitlab.nix
  ./services/misc/gitolite.nix
  ./services/misc/gogs.nix
  ./services/misc/gollum.nix
  ./services/misc/gpsd.nix
  #./services/misc/ihaskell.nix
  ./services/misc/irkerd.nix
  ./services/misc/jackett.nix
  ./services/misc/logkeys.nix
  ./services/misc/leaps.nix
  ./services/misc/mantisbt.nix
  ./services/misc/mathics.nix
@ -324,7 +333,6 @@
  ./services/misc/radarr.nix
  ./services/misc/redmine.nix
  ./services/misc/rippled.nix
  ./services/misc/ripple-rest.nix
  ./services/misc/ripple-data-api.nix
  ./services/misc/rogue.nix
  ./services/misc/siproxd.nix
@ -356,9 +364,11 @@
  ./services/monitoring/munin.nix
  ./services/monitoring/nagios.nix
  ./services/monitoring/netdata.nix
  ./services/monitoring/osquery.nix
  ./services/monitoring/prometheus/default.nix
  ./services/monitoring/prometheus/alertmanager.nix
  ./services/monitoring/prometheus/blackbox-exporter.nix
  ./services/monitoring/prometheus/collectd-exporter.nix
  ./services/monitoring/prometheus/fritzbox-exporter.nix
  ./services/monitoring/prometheus/json-exporter.nix
  ./services/monitoring/prometheus/nginx-exporter.nix
@ -416,15 +426,16 @@
  ./services/networking/ddclient.nix
  ./services/networking/dhcpcd.nix
  ./services/networking/dhcpd.nix
  ./services/networking/dnscache.nix
  ./services/networking/dnschain.nix
  ./services/networking/dnscrypt-proxy.nix
  ./services/networking/dnscrypt-wrapper.nix
  ./services/networking/dnsmasq.nix
  ./services/networking/ejabberd.nix
  ./services/networking/fan.nix
  ./services/networking/fakeroute.nix
  ./services/networking/ferm.nix
  ./services/networking/firefox/sync-server.nix
  ./services/networking/fireqos.nix
  ./services/networking/firewall.nix
  ./services/networking/flannel.nix
  ./services/networking/flashpolicyd.nix
@ -454,7 +465,7 @@
  ./services/networking/lldpd.nix
  ./services/networking/logmein-hamachi.nix
  ./services/networking/mailpile.nix
-  ./services/networking/mfi.nix
+  ./services/networking/matterbridge.nix
  ./services/networking/mjpg-streamer.nix
  ./services/networking/minidlna.nix
  ./services/networking/miniupnpd.nix
@ -505,6 +516,7 @@
  ./services/networking/smokeping.nix
  ./services/networking/softether.nix
  ./services/networking/spiped.nix
  ./services/networking/squid.nix
  ./services/networking/sslh.nix
  ./services/networking/ssh/lshd.nix
  ./services/networking/ssh/sshd.nix
@ -515,8 +527,8 @@
  ./services/networking/tcpcrypt.nix
  ./services/networking/teamspeak3.nix
  ./services/networking/tinc.nix
  ./services/networking/tinydns.nix
  ./services/networking/tftpd.nix
  ./services/networking/tlsdated.nix
  ./services/networking/tox-bootstrapd.nix
  ./services/networking/toxvpn.nix
  ./services/networking/tvheadend.nix
@ -548,7 +560,6 @@
  ./services/security/fail2ban.nix
  ./services/security/fprintd.nix
  ./services/security/fprot.nix
  ./services/security/frandom.nix
  ./services/security/haka.nix
  ./services/security/haveged.nix
  ./services/security/hologram-server.nix
@ -557,10 +568,12 @@
  ./services/security/oauth2_proxy.nix
  ./services/security/physlock.nix
  ./services/security/shibboleth-sp.nix
  ./services/security/sks.nix
  ./services/security/sshguard.nix
  ./services/security/tor.nix
  ./services/security/torify.nix
  ./services/security/torsocks.nix
  ./services/security/usbguard.nix
  ./services/security/vault.nix
  ./services/system/cgmanager.nix
  ./services/system/cloud-init.nix
@ -584,6 +597,8 @@
  ./services/web-apps/frab.nix
  ./services/web-apps/mattermost.nix
  ./services/web-apps/nixbot.nix
  ./services/web-apps/nexus.nix
  ./services/web-apps/pgpkeyserver-lite.nix
  ./services/web-apps/piwik.nix
  ./services/web-apps/pump.io.nix
  ./services/web-apps/tt-rss.nix
@ -626,7 +641,6 @@
  ./services/x11/redshift.nix
  ./services/x11/urxvtd.nix
  ./services/x11/window-managers/awesome.nix
  #./services/x11/window-managers/compiz.nix
  ./services/x11/window-managers/default.nix
  ./services/x11/window-managers/fluxbox.nix
  ./services/x11/window-managers/icewm.nix
@ -676,6 +690,7 @@
  ./tasks/cpu-freq.nix
  ./tasks/encrypted-devices.nix
  ./tasks/filesystems.nix
  ./tasks/filesystems/bcachefs.nix
  ./tasks/filesystems/btrfs.nix
  ./tasks/filesystems/cifs.nix
  ./tasks/filesystems/exfat.nix
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@ -20,6 +20,7 @@
    # Some networking tools.
    pkgs.fuse
    pkgs.fuse3
    pkgs.sshfs-fuse
    pkgs.socat
    pkgs.screen
--- a/nixos/modules/profiles/graphical.nix
+++ b/nixos/modules/profiles/graphical.nix
@ -8,7 +8,7 @@
    enable = true;
    displayManager.sddm.enable = true;
    desktopManager.plasma5.enable = true;
-    synaptics.enable = true; # for touchpad support on many laptops
+    libinput.enable = true; # for touchpad support on many laptops
  };
  environment.systemPackages = [ pkgs.glxinfo ];
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@ -25,6 +25,13 @@ with lib;
    "nohibernate"
  ];
  boot.blacklistedKernelModules = [
    # Obscure network protocols
    "ax25"
    "netrom"
    "rose"
  ];
  # Restrict ptrace() usage to processes with a pre-defined relationship
  # (e.g., parent/child)
  boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
@ -59,4 +66,20 @@ with lib;
  # the feature at runtime.  Attempting to create a user namespace
  # with unshare will then fail with "no space left on device".
  boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
  # Raise ASLR entropy for 64bit & 32bit, respectively.
  #
  # Note: mmap_rnd_compat_bits may not exist on 64bit.
  boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
  boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;
  # Allowing users to mmap() memory starting at virtual address 0 can turn a
  # NULL dereference bug in the kernel into code execution with elevated
  # privilege.  Mitigate by enforcing a minimum base addr beyond the NULL memory
  # space.  This breaks applications that require mapping the 0 page, such as
  # dosemu or running 16bit applications under wine.  It also breaks older
  # versions of qemu.
  #
  # The value is taken from the KSPP recommendations (Debian uses 4096).
  boot.kernel.sysctl."vm.mmap_min_addr" = mkDefault 65536;
 }
--- a/nixos/modules/profiles/installation-device.nix
+++ b/nixos/modules/profiles/installation-device.nix
@ -28,7 +28,7 @@ with lib;
    services.nixosManual.showManual = true;
    # Let the user play Rogue on TTY 8 during the installation.
-    services.rogue.enable = true;
+    #services.rogue.enable = true;
    # Disable some other stuff we don't need.
    security.sudo.enable = false;
@ -77,7 +77,6 @@ with lib;
    # Show all debug messages from the kernel but don't log refused packets
    # because we have the firewall enabled. This makes installs from the
    # console less cumbersome if the machine has a public IP.
    boot.consoleLogLevel = mkDefault 7;
    networking.firewall.logRefusedConnections = mkDefault false;
    environment.systemPackages = [ pkgs.vim ];
--- a/nixos/modules/programs/gnupg.nix
+++ b/nixos/modules/programs/gnupg.nix
@ -92,7 +92,7 @@ in
    '');
    assertions = [
-      { assertion = cfg.agent.enableSSHSupport && !config.programs.ssh.startAgent;
+      { assertion = cfg.agent.enableSSHSupport -> !config.programs.ssh.startAgent;
        message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
      }
    ];
--- a/nixos/modules/programs/mtr.nix
+++ b/nixos/modules/programs/mtr.nix
@ -19,8 +19,9 @@ in {
  };
  config = mkIf cfg.enable {
-    security.wrappers.mtr = {
+    environment.systemPackages = with pkgs; [ mtr ];
-      source = "${pkgs.mtr}/bin/mtr";
+    security.wrappers.mtr-packet = {
      source = "${pkgs.mtr}/bin/mtr-packet";
      capabilities = "cap_net_raw+p";
    };
  };
--- a/nixos/modules/programs/npm.nix
+++ b/nixos/modules/programs/npm.nix
@ -0,0 +1,44 @@
 { config, lib, ... }:
 with lib;
 let
  cfg = config.programs.npm;
 in
 {
  ###### interface
  options = {
    programs.npm = {
      enable = mkEnableOption "<command>npm</command> global config";
      npmrc = lib.mkOption {
        type = lib.types.lines;
        description = ''
          The system-wide npm configuration.
          See <link xlink:href="https://docs.npmjs.com/misc/config"/>.
        '';
        default = ''
          prefix = ''${HOME}/.npm
        '';
        example = ''
          prefix = ''${HOME}/.npm
          https-proxy=proxy.example.com
          init-license=MIT
          init-author-url=http://npmjs.org
          color=true
        '';
      };
    };
  };
  ###### implementation
  config = lib.mkIf cfg.enable {
    environment.etc."npmrc".text = cfg.npmrc;
    environment.variables.NPM_CONFIG_GLOBALCONFIG = "/etc/npmrc";
  };
 }
--- a/nixos/modules/programs/oblogout.nix
+++ b/nixos/modules/programs/oblogout.nix
@ -27,6 +27,7 @@ in
        type = types.int;
        default = 70;
        description = ''
          Opacity percentage of Cairo rendered backgrounds.
        '';
      };
@ -34,6 +35,7 @@ in
        type = types.str;
        default = "black";
        description = ''
          Colour name or hex code (#ffffff) of the background color.
        '';
      };
@ -41,6 +43,9 @@ in
        type = types.str;
        default = "simplistic";
        description = ''
          Icon theme for the buttons, must be in the themes folder of
          the package, or in
          <filename>~/.themes/&lt;name&gt;/oblogout/</filename>.
        '';
      };
@ -48,6 +53,7 @@ in
        type = types.str;
        default =  "cancel, logout, restart, shutdown, suspend, hibernate";
        description = ''
          List and order of buttons to show.
        '';
      };
@ -55,6 +61,7 @@ in
        type = types.str;
        default =  "Escape";
        description = ''
          Cancel logout/shutdown shortcut.
        '';
      };
@ -62,6 +69,7 @@ in
        type = types.str;
        default = "S";
        description = ''
          Shutdown shortcut.
        '';
      };
@ -69,6 +77,7 @@ in
        type = types.str;
        default = "R";
        description = ''
          Restart shortcut.
        '';
      };
@ -76,6 +85,7 @@ in
        type = types.str;
        default = "U";
        description = ''
          Suspend shortcut.
        '';
      };
@ -83,6 +93,7 @@ in
        type = types.str;
        default = "L";
        description = ''
          Logout shortcut.
        '';
      };
@ -90,6 +101,7 @@ in
        type = types.str;
        default = "K";
        description = ''
          Lock session shortcut.
        '';
      };
@ -97,6 +109,7 @@ in
        type = types.str;
        default =  "H";
        description = ''
          Hibernate shortcut.
        '';
      };
@ -104,6 +117,7 @@ in
        type = types.str;
        default = "openbox --exit";
        description = ''
          Command to logout.
        '';
      };
@ -111,6 +125,7 @@ in
        type = types.str;
        default = "";
        description = ''
          Command to lock screen.
        '';
      };
@ -118,6 +133,7 @@ in
        type = types.str;
        default = "";
        description = ''
          Command to switch user.
        '';
      };
    };
--- a/nixos/modules/programs/qt5ct.nix
+++ b/nixos/modules/programs/qt5ct.nix
@ -26,6 +26,6 @@ with lib;
  ###### implementation
  config = mkIf config.programs.qt5ct.enable {
    environment.variables.QT_QPA_PLATFORMTHEME = "qt5ct";
-    environment.systemPackages = [ pkgs.qt5ct ];
+    environment.systemPackages = with pkgs; [ qt5ct libsForQt5.qtstyleplugins ];
  };
 }
--- a/nixos/modules/programs/thefuck.nix
+++ b/nixos/modules/programs/thefuck.nix
@ -3,7 +3,12 @@
 with lib;
 let
-  cfg = config.programs.thefuck;
+  prg = config.programs;
  cfg = prg.thefuck;
  initScript = ''
    eval $(${pkgs.thefuck}/bin/thefuck --alias ${cfg.alias})
  '';
 in
  {
    options = {
@ -24,8 +29,11 @@ in
    config = mkIf cfg.enable {
      environment.systemPackages = with pkgs; [ thefuck ];
-      environment.shellInit = ''
+      environment.shellInit = initScript;
-        eval $(${pkgs.thefuck}/bin/thefuck --alias ${cfg.alias})
+
      programs.zsh.shellInit = mkIf prg.zsh.enable initScript;
      programs.fish.shellInit = mkIf prg.fish.enable ''
        ${pkgs.thefuck}/bin/thefuck --alias | source
      '';
    };
  }
--- a/nixos/modules/programs/wvdial.nix
+++ b/nixos/modules/programs/wvdial.nix
@ -1,71 +0,0 @@
 # Global configuration for wvdial.
 { config, lib, pkgs, ... }:
 with lib;
 let
  configFile = ''
    [Dialer Defaults]
    PPPD PATH = ${pkgs.ppp}/sbin/pppd
    ${config.environment.wvdial.dialerDefaults}
  '';
  cfg = config.environment.wvdial;
 in
 {
  ###### interface
  options = {
    environment.wvdial = {
      dialerDefaults = mkOption {
        default = "";
        type = types.str;
        example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
        description = ''
          Contents of the "Dialer Defaults" section of
          <filename>/etc/wvdial.conf</filename>.
        '';
      };
      pppDefaults = mkOption {
        default = ''
          noipdefault
          usepeerdns
          defaultroute
          persist
          noauth
        '';
        type = types.str;
        description = "Default ppp settings for wvdial.";
      };
    };
  };
  ###### implementation
  config = mkIf (cfg.dialerDefaults != "") {
    environment = {
      etc =
      [
        { source = pkgs.writeText "wvdial.conf" configFile;
          target = "wvdial.conf";
        }
        { source = pkgs.writeText "wvdial" cfg.pppDefaults;
          target = "ppp/peers/wvdial";
        }
      ];
    };
  };
 }
--- a/nixos/modules/programs/xonsh.nix
+++ b/nixos/modules/programs/xonsh.nix
@ -21,7 +21,7 @@ in
      enable = mkOption {
        default = false;
        description = ''
-          Whether to configure xnosh as an interactive shell.
+          Whether to configure xonsh as an interactive shell.
        '';
        type = types.bool;
      };
--- a/nixos/modules/programs/zsh/zsh.nix
+++ b/nixos/modules/programs/zsh/zsh.nix
@ -158,24 +158,24 @@ in
        HELPDIR="${pkgs.zsh}/share/zsh/$ZSH_VERSION/help"
        # Tell zsh how to find installed completions
        for p in ''${(z)NIX_PROFILES}; do
          fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
        done
        ${optionalString cfg.enableCompletion "autoload -U compinit && compinit"}
        ${optionalString (cfg.enableAutosuggestions)
          "source ${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions/zsh-autosuggestions.zsh"
        }
        ${zshAliases}
        ${cfge.interactiveShellInit}
        ${cfg.interactiveShellInit}
-        ${cfg.promptInit}
+        ${zshAliases}
-        # Tell zsh how to find installed completions
+        ${cfg.promptInit}
        for p in ''${(z)NIX_PROFILES}; do
          fpath+=($p/share/zsh/site-functions $p/share/zsh/$ZSH_VERSION/functions $p/share/zsh/vendor-completions)
        done
        # Read system-wide modifications.
        if test -f /etc/zshrc.local; then
--- a/Show More
+++ b/Show More
`@ -1,2 +1,2 @@`
	`# Expose the minimum required version for evaluating Nixpkgs`	`# Expose the minimum required version for evaluating Nixpkgs`
	`"1.10"`	`"1.11"`