Merge recent master into staging

Hydra: ?compare=1149952

Conflicts:
	nixos/doc/manual/configuration.xml (changed split file)
	nixos/modules/config/users-groups.nix (choosing filterNull instead of inline definition)
	pkgs/development/libraries/readline/readline6.3.nix (auto-solved)

9 files changed, 184 insertions, 7 deletions

diff --git a/nixos/modules/config/fonts/fonts.nix b/nixos/modules/config/fonts/fonts.nix
index 49b1e1d42a3f..f6060a910a15 100644
--- a/nixos/modules/config/fonts/fonts.nix
+++ b/nixos/modules/config/fonts/fonts.nix
@@ -11,7 +11,7 @@ with lib;
       # TODO: find another name for it.
       fonts = mkOption {
         type = types.listOf types.path;
-        example = [ pkgs.dejavu_fonts ];
+        example = literalExample "[ pkgs.dejavu_fonts ]";
         description = "List of primary font paths.";
         apply = list: list ++
           [ # - the user's current profile
diff --git a/nixos/modules/config/gtk-exe-env.nix b/nixos/modules/config/gtk-exe-env.nix
new file mode 100644
index 000000000000..b565072e3a71
--- /dev/null
+++ b/nixos/modules/config/gtk-exe-env.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+  ];
+
+  options = {
+    gtkPlugins = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
+      default = [];
+      description = ''
+        Plugin packages for GTK+ such as input methods.
+      '';
+    };
+  };
+
+  config = {
+    environment.variables = if builtins.length config.gtkPlugins > 0
+      then
+        let
+          paths = [ pkgs.gtk2 pkgs.gtk3 ] ++ config.gtkPlugins;
+          env = pkgs.buildEnv {
+            name = "gtk-exe-env";
+
+            inherit paths;
+
+            postBuild = lib.concatStringsSep "\n"
+              (map (d: d.gtkExeEnvPostBuild or "") paths);
+
+            ignoreCollisions = true;
+          };
+        in {
+          GTK_EXE_PREFIX = builtins.toString env;
+          GTK_PATH = [
+            "${env}/lib/gtk-2.0"
+            "${env}/lib/gtk-3.0"
+          ];
+        }
+      else {};
+  };
+}
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
index fd1e55f673ae..136a5bda7459 100644
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -7,6 +7,9 @@ with lib;
 let
 
   cfg = config.networking;
+  dnsmasqResolve = config.services.dnsmasq.enable &&
+                   config.services.dnsmasq.resolveLocalQueries;
+  hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
 
 in
 
@@ -74,9 +77,12 @@ in
             '' + optionalString cfg.dnsSingleRequest ''
               # only send one DNS request at a time
               resolv_conf_options='single-request'
-            '' + optionalString config.services.bind.enable ''
+            '' + optionalString hasLocalResolver ''
               # This hosts runs a full-blown DNS resolver.
               name_servers='127.0.0.1'
+            '' + optionalString dnsmasqResolve ''
+              dnsmasq_conf=/etc/dnsmasq-conf.conf
+              dnsmasq_resolv=/etc/dnsmasq-resolv.conf
             '';
       };
 
diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix
index 17f3ed00b9be..32a7987617ad 100644
--- a/nixos/modules/config/power-management.nix
+++ b/nixos/modules/config/power-management.nix
@@ -35,7 +35,9 @@ in
       powerUpCommands = mkOption {
         type = types.lines;
         default = "";
-        example = "${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda";
+        example = literalExample ''
+          "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
+        '';
         description =
           ''
             Commands executed when the machine powers up.  That is,
@@ -47,7 +49,9 @@ in
       powerDownCommands = mkOption {
         type = types.lines;
         default = "";
-        example = "${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda";
+        example = literalExample ''
+          "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
+        '';
         description =
           ''
             Commands executed when the machine powers down.  That is,
diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix
index 96593885e5b7..1b84bbaf10c5 100644
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@@ -81,7 +81,7 @@ in {
       package = mkOption {
         type = types.package;
         default = pulseaudioFull;
-        example = literalExample "pulseaudioFull";
+        example = literalExample "pkgs.pulseaudioFull";
         description = ''
           The PulseAudio derivation to use.  This can be used to disable
           features (such as JACK support, Bluetooth) that are enabled in the
diff --git a/nixos/modules/config/qt-plugin-env.nix b/nixos/modules/config/qt-plugin-env.nix
new file mode 100644
index 000000000000..c59865604165
--- /dev/null
+++ b/nixos/modules/config/qt-plugin-env.nix
@@ -0,0 +1,37 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [
+  ];
+
+  options = {
+    qtPlugins = lib.mkOption {
+      type = lib.types.listOf lib.types.path;
+      default = [];
+      description = ''
+        Plugin packages for Qt such as input methods.
+      '';
+    };
+  };
+
+  config = {
+    environment.variables = if builtins.length config.qtPlugins > 0
+      then
+        let
+          paths = [ pkgs.qt48 ] ++ config.qtPlugins;
+          env = pkgs.buildEnv {
+            name = "qt-plugin-env";
+
+            inherit paths;
+
+            postBuild = lib.concatStringsSep "\n"
+              (map (d: d.qtPluginEnvPostBuild or "") paths);
+
+            ignoreCollisions = true;
+          };
+        in {
+          QT_PLUGIN_PATH = [ (builtins.toString env) ];
+        }
+      else {};
+  };
+}
diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix
index cc079cdc5856..2559c53ac163 100644
--- a/nixos/modules/config/shells-environment.nix
+++ b/nixos/modules/config/shells-environment.nix
@@ -122,7 +122,9 @@ in
 
     environment.binsh = mkOption {
       default = "${config.system.build.binsh}/bin/sh";
-      example = "\${pkgs.dash}/bin/dash";
+      example = literalExample ''
+        "''${pkgs.dash}/bin/dash"
+      '';
       type = types.path;
       description = ''
         The shell executable that is linked system-wide to
diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix
index 6b4c38172e95..f3e86bfd2019 100644
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -63,7 +63,7 @@ in
       systemPackages = mkOption {
         type = types.listOf types.path;
         default = [];
-        example = "[ pkgs.icecat3 pkgs.thunderbird ]";
+        example = literalExample "[ pkgs.firefox pkgs.thunderbird ]";
         description = ''
           The set of packages that appear in
           /run/current-system/sw.  These packages are
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
index afedc8e382e5..d172ddb6bca7 100644
--- a/nixos/modules/config/users-groups.nix
+++ b/nixos/modules/config/users-groups.nix
@@ -109,6 +109,36 @@ let
         description = "The path to the user's shell.";
       };
 
+      subUidRanges = mkOption {
+        type = types.listOf types.optionSet;
+        default = [];
+        example = [
+          { startUid = 1000; count = 1; }
+          { startUid = 100001; count = 65534; }
+        ];
+        options = [ subordinateUidRange ];
+        description = ''
+          Subordinate user ids that user is allowed to use.
+          They are set into <filename>/etc/subuid</filename> and are used
+          by <literal>newuidmap</literal> for user namespaces.
+        '';
+      };
+
+      subGidRanges = mkOption {
+        type = types.listOf types.optionSet;
+        default = [];
+        example = [
+          { startGid = 100; count = 1; }
+          { startGid = 1001; count = 999; }
+        ];
+        options = [ subordinateGidRange ];
+        description = ''
+          Subordinate group ids that user is allowed to use.
+          They are set into <filename>/etc/subgid</filename> and are used
+          by <literal>newgidmap</literal> for user namespaces.
+        '';
+      };
+
       createHome = mkOption {
         type = types.bool;
         default = false;
@@ -216,6 +246,54 @@ let
 
   };
 
+  subordinateUidRange = {
+    startUid = mkOption {
+      type = types.int;
+      description = ''
+        Start of the range of subordinate user ids that user is
+        allowed to use.
+      '';
+    };
+    count = mkOption {
+      type = types.int;
+      default = 1;
+      description = ''Count of subordinate user ids'';
+    };
+  };
+
+  subordinateGidRange = {
+    startGid = mkOption {
+      type = types.int;
+      description = ''
+        Start of the range of subordinate group ids that user is
+        allowed to use.
+      '';
+    };
+    count = mkOption {
+      type = types.int;
+      default = 1;
+      description = ''Count of subordinate group ids'';
+    };
+  };
+
+  filterNull = a: filter (x: hasAttr a x && getAttr a x != null);
+
+      sortOn "gid" (filterNull "gid" (attrValues cfg.extraGroups))
+      sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))
+  mkSubuidEntry = user: concatStrings (
+    map (range: "${user.name}:${toString range.startUid}:${toString range.count}\n")
+        user.subUidRanges);
+
+  subuidFile = concatStrings (map mkSubuidEntry (
+    sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
+
+  mkSubgidEntry = user: concatStrings (
+    map (range: "${user.name}:${toString range.startGid}:${toString range.count}\n")
+        user.subGidRanges);
+
+  subgidFile = concatStrings (map mkSubgidEntry (
+    sortOn "uid" (filterNull "uid" (attrValues cfg.extraUsers))));
+
   idsAreUnique = set: idAttr: !(fold (name: args@{ dup, acc }:
     let
       id = builtins.toString (builtins.getAttr idAttr (builtins.getAttr name set));
@@ -391,6 +469,15 @@ in {
     # for backwards compatibility
     system.activationScripts.groups = stringAfter [ "users" ] "";
 
+    environment.etc."subuid" = {
+      text = subuidFile;
+      mode = "0644";
+    };
+    environment.etc."subgid" = {
+      text = subgidFile;
+      mode = "0644";
+    };
+
     assertions = [
       { assertion = !cfg.enforceIdUniqueness || (uidsAreUnique && gidsAreUnique);
         message = "UIDs and GIDs must be unique!";