1631 files changed, 72375 insertions, 10829 deletions

diff --git a/.gitignore b/.gitignore
index 165e92c7fc32..105e621d7021 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,3 +7,4 @@ doc/NEWS.html
 doc/NEWS.txt
 doc/manual.html
 doc/manual.pdf
+.version-suffix
diff --git a/.version b/.version
new file mode 100644
index 000000000000..381796ec8b7e
--- /dev/null
+++ b/.version
@@ -0,0 +1 @@
+13.10
\ No newline at end of file
diff --git a/VERSION b/VERSION
deleted file mode 100644
index 9f8e9b69a33f..000000000000
--- a/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.0
\ No newline at end of file
diff --git a/doc/manual.xml b/doc/manual.xml
index 927361ba5c8e..d2c07859b281 100644
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -5,7 +5,7 @@
 
     <title>Nixpkgs Manual</title>
 
-    <subtitle>Draft (Version <xi:include href="../VERSION"
+    <subtitle>Draft (Version <xi:include href="../.version"
     parse="text" />)</subtitle>
 
     <author>
diff --git a/maintainers/docs/cross.txt b/doc/old/cross.txt
index 9c117774fc4b..9c117774fc4b 100644
--- a/maintainers/docs/cross.txt
+++ b/doc/old/cross.txt
diff --git a/maintainers/docs/update-upstream-data.txt b/doc/old/update-upstream-data.txt
index 2abce3b40552..2abce3b40552 100644
--- a/maintainers/docs/update-upstream-data.txt
+++ b/doc/old/update-upstream-data.txt
diff --git a/doc/package-notes.xml b/doc/package-notes.xml
index 6dae036b3382..8a35e640324d 100644
--- a/doc/package-notes.xml
+++ b/doc/package-notes.xml
@@ -106,16 +106,6 @@ $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
         </listitem>
 
         <listitem>
-          <para>Make sure that
-          <literal>CONFIG_FB_TILEBLITTING</literal> is <emphasis>not
-          set</emphasis> (otherwise <command>fbsplash</command> won't
-          work).  This option has a tendency to be enabled as a
-          side-effect of other options.  If it is, investigate why
-          (there's probably another option that forces it to be on)
-          and fix it.</para>
-        </listitem>
-
-        <listitem>
           <para>Copy <filename>.config</filename> over the new config
           file (e.g. <filename>config-2.6.22-i686-smp</filename>).</para>
         </listitem>
@@ -137,22 +127,9 @@ $ make menuconfig ARCH=<replaceable>arch</replaceable></screen>
     kernel modules and kernel-dependent packages listed in the
     <varname>kernelPackagesFor</varname> function in
     <filename>all-packages.nix</filename> (such as the NVIDIA drivers,
-    AUFS, splashutils, etc.).  If the updated packages aren’t
-    backwards compatible with older kernels, you need to keep the
-    older versions and use some conditionals.  For example, new
-    kernels require splashutils 1.5 while old kernel require 1.3, so
-    <varname>kernelPackagesFor</varname> says:
-
-      <programlisting>
-splashutils =
-  if kernel.features ? fbSplash then splashutils_13 else
-  if kernel.features ? fbConDecor then splashutils_15 else
-  null;
-
-splashutils_13 = ...;
-splashutils_15 = ...;</programlisting>
-
-    </para>
+    AUFS, etc.).  If the updated packages aren’t backwards compatible
+    with older kernels, you may need to keep the older versions
+    around.</para>
   </listitem>
 
 </orderedlist>
diff --git a/doc/quick-start.xml b/doc/quick-start.xml
index a14de4077dbd..46578619e1f4 100644
--- a/doc/quick-start.xml
+++ b/doc/quick-start.xml
@@ -71,7 +71,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
 
         <listitem>
           <para>GNU Multiple Precision arithmetic library (GMP): <link
-          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/default.nix"><filename>pkgs/development/libraries/gmp/default.nix</filename></link>.
+          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/development/libraries/gmp/5.1.1.nix"><filename>pkgs/development/libraries/gmp/5.1.1.nix</filename></link>.
           Also done by the generic builder, but has a dependency on
           <varname>m4</varname>.</para>
         </listitem>
@@ -86,7 +86,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
 
         <listitem>
           <para>Apache HTTPD: <link
-          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/apache-httpd/default.nix"><filename>pkgs/servers/http/apache-httpd/default.nix</filename></link>.
+          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/apache-httpd/2.4.nix"><filename>pkgs/servers/http/apache-httpd/2.4.nix</filename></link>.
           A bunch of optional features, variable substitutions in the
           configure flags, a post-install hook, and miscellaneous
           hackery.</para>
@@ -105,7 +105,7 @@ $ git add pkgs/development/libraries/libfoo/default.nix</screen>
 
         <listitem>
           <para>Thunderbird: <link
-          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/mailreaders/thunderbird/3.x.nix"><filename>pkgs/applications/networking/mailreaders/thunderbird/3.x.nix</filename></link>.
+          xlink:href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/networking/mailreaders/thunderbird/default.nix"><filename>pkgs/applications/networking/mailreaders/thunderbird/default.nix</filename></link>.
           Lots of dependencies.</para>
         </listitem>
 
diff --git a/pkgs/lib/attrsets.nix b/lib/attrsets.nix
index 01d51779c809..7c93d8698de0 100644
--- a/pkgs/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -29,9 +29,8 @@ rec {
      ["x" "y"] applied with some value v returns `x.y = v;' */
   setAttrByPath = attrPath: value:
     if attrPath == [] then value
-    else listToAttrs [(
-      nameValuePair (head attrPath) (setAttrByPath (tail attrPath) value)
-    )];
+    else listToAttrs
+      [ { name = head attrPath; value = setAttrByPath (tail attrPath) value; } ];
 
 
   getAttrFromPath = attrPath: set:
@@ -133,7 +132,7 @@ rec {
        => { x = "x-foo"; y = "y-bar"; }
   */
   mapAttrs = f: set:
-    listToAttrs (map (attr: nameValuePair attr (f attr (getAttr attr set))) (attrNames set));
+    listToAttrs (map (attr: { name = attr; value = f attr (getAttr attr set); }) (attrNames set));
 
 
   /* Like `mapAttrs', but allows the name of each attribute to be
@@ -240,7 +239,7 @@ rec {
   # names, hopefully this does not affect the system because the maximal
   # laziness avoid computing twice the same expression and listToAttrs does
   # not care about duplicated attribute names.
-  zipAttrsWith = f: sets: zipWithNames (concatMap attrNames sets) f sets;
+  zipAttrsWith = f: sets: zipAttrsWithNames (concatMap attrNames sets) f sets;
 
   zipAttrs = zipAttrsWith (name: values: values);
 
diff --git a/pkgs/lib/composable-derivation.nix b/lib/composable-derivation.nix
index 1099bd152bf6..1099bd152bf6 100644
--- a/pkgs/lib/composable-derivation.nix
+++ b/lib/composable-derivation.nix
diff --git a/pkgs/lib/customisation.nix b/lib/customisation.nix
index bfa61169efb1..bfa61169efb1 100644
--- a/pkgs/lib/customisation.nix
+++ b/lib/customisation.nix
diff --git a/pkgs/lib/debug.nix b/lib/debug.nix
index d627bc861abb..d627bc861abb 100644
--- a/pkgs/lib/debug.nix
+++ b/lib/debug.nix
diff --git a/pkgs/lib/default.nix b/lib/default.nix
index dea82ee077eb..fc92e04503b2 100644
--- a/pkgs/lib/default.nix
+++ b/lib/default.nix
@@ -8,7 +8,6 @@ let
   sources = import ./sources.nix;
   modules = import ./modules.nix;
   options = import ./options.nix;
-  properties = import ./properties.nix;
   types = import ./types.nix;
   meta = import ./meta.nix;
   debug = import ./debug.nix;
@@ -21,11 +20,13 @@ let
 
 in
   { inherit trivial lists strings stringsWithDeps attrsets sources options
-      properties modules types meta debug maintainers licenses platforms systems;
+      modules types meta debug maintainers licenses platforms systems;
+    # Pull in some builtins not included elsewhere.
+    inherit (builtins) pathExists readFile;
   }
   # !!! don't include everything at top-level; perhaps only the most
   # commonly used functions.
   // trivial // lists // strings // stringsWithDeps // attrsets // sources
-  // properties // options // types // meta // debug // misc // modules
+  // options // types // meta // debug // misc // modules
   // systems
   // customisation
diff --git a/pkgs/lib/licenses.nix b/lib/licenses.nix
index c5c9133da6eb..b13a72f3f644 100644
--- a/pkgs/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -34,11 +34,9 @@
     url = "http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/licenses/AMD-ADL?revision=1.1";
   };
 
-  apsl20 = {
-    shortName = "APSL 2.0";
-    fullName = "Apple Public Source License 2.0";
-    url = http://opensource.org/licenses/APSL-2.0;
-  };
+  # Apple Public Source License 2.0;
+  # http://opensource.org/licenses/APSL-2.0
+  apsl20 = "APSL 2.0";
 
   asl20 = {
     shortName = "ASL2.0";
@@ -96,11 +94,9 @@
     url = http://www.mysql.com/about/legal/licensing/foss-exception;
   };
 
-  gpl2Plus = {
-    shortName = "GPLv2+";
-    fullName = "GNU General Public License version 2 or later";
-    url = http://www.gnu.org/licenses/old-licenses/gpl-2.0.html;
-  };
+  # GNU General Public License version 2 or later;
+  # http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
+  gpl2Plus = "GPLv2+";
 
   gpl3 = {
     shortName = "GPLv3";
@@ -190,6 +186,12 @@
     url = http://www.mozilla.org/MPL/MPL-1.1.html;
   };
 
+  mpl20 = {
+    shortName = "MPL2.0";
+    fullName = "Mozilla Public License version 2.0";
+    url = https://www.mozilla.org/MPL/2.0;
+  };
+
   openssl = {
     shortName = "openssl";
     fullName = "OpenSSL license";
diff --git a/pkgs/lib/lists.nix b/lib/lists.nix
index 578686ae3668..d0b09539bf69 100644
--- a/pkgs/lib/lists.nix
+++ b/lib/lists.nix
@@ -1,14 +1,14 @@
 # General list operations.
 let
+
   inherit (import ./trivial.nix) deepSeq;
 
   inc = builtins.add 1;
 
   dec = n: builtins.sub n 1;
 
-  inherit (builtins) elemAt;
 in rec {
-  inherit (builtins) head tail length isList add sub lessThan;
+  inherit (builtins) head tail length isList add sub lessThan elemAt;
 
 
   # Create a list consisting of a single element.  `singleton x' is
@@ -118,6 +118,11 @@ in rec {
   all = pred: fold (x: y: if pred x then y else false) true;
 
 
+  # Count how many times function `pred' returns true for the elements
+  # of `list'.
+  count = pred: fold (x: c: if pred x then inc c else c) 0;
+
+
   # Return a singleton list or an empty list, depending on a boolean
   # value.  Useful when building lists with optional elements
   # (e.g. `++ optional (system == "i686-linux") flashplayer').
@@ -165,10 +170,11 @@ in rec {
 
   zipLists = zipListsWith (fst: snd: { inherit fst snd; });
 
-  
-  # Reverse the order of the elements of a list.
+
+  # Reverse the order of the elements of a list.  FIXME: O(n^2)!
   reverseList = fold (e: acc: acc ++ [ e ]) [];
 
+
   # Sort a list based on a comparator function which compares two
   # elements and returns true if the first argument is strictly below
   # the second argument.  The returned list is sorted in an increasing
diff --git a/pkgs/lib/maintainers.nix b/lib/maintainers.nix
index cd4242b170fd..7f84e11e561c 100644
--- a/pkgs/lib/maintainers.nix
+++ b/lib/maintainers.nix
@@ -5,6 +5,7 @@
      alphabetically sorted.  */
 
   aforemny = "Alexander Foremny <alexanderforemny@googlemail.com>";
+  algorith = "Dries Van Daele <dries_van_daele@telenet.be>";
   all = "Nix Committers <nix-commits@lists.science.uu.nl>";
   amiddelk = "Arie Middelkoop <amiddelk@gmail.com>";
   amorsillo = "Andrew Morsillo <andrew.morsillo@gmail.com>";
@@ -19,6 +20,7 @@
   bodil = "Bodil Stokke <nix@bodil.org>";
   chaoflow = "Florian Friesdorf <flo@chaoflow.net>";
   coconnor = "Corey O'Connor <coreyoconnor@gmail.com>";
+  coroa = "Jonas Hörsch <jonas@chaoflow.net>";
   edwtjo = "Edward Tjörnhammar <ed@cflags.cc>";
   eelco = "Eelco Dolstra <eelco.dolstra@logicblox.com>";
   ertes = "Ertugrul Söylemez <es@ertes.de>";
@@ -41,6 +43,7 @@
   phreedom = "Evgeny Egorochkin <phreedom@yandex.ru>";
   pierron = "Nicolas B. Pierron <nixos@nbp.name>";
   piotr = "Piotr Pietraszkiewicz <ppietrasa@gmail.com>";
+  pSub = "Pascal Wittmann <mail@pascal-wittmann.de>";
   qknight = "Joachim Schiele <js@lastlog.de>";
   raskin = "Michael Raskin <7c6f434c@mail.ru>";
   rickynils = "Rickard Nilsson <rickynils@gmail.com>";
@@ -56,6 +59,8 @@
   vcunat = "Vladimír Čunát <vcunat@gmail.com>";
   viric = "Lluís Batlle i Rossell <viric@viric.name>";
   vizanto = "Danny Wilson <danny@prime.vc>";
+  vlstill = "Vladimír Štill <xstill@fi.muni.cz>";
   winden = "Antonio Vargas Gonzalez <windenntw@gmail.com>";
   z77z = "Marco Maggesi <maggesi@math.unifi.it>";
+  zef = "Zef Hemel <zef@zef.me>";
 }
diff --git a/pkgs/lib/meta.nix b/lib/meta.nix
index a5afce9e0cb1..a5afce9e0cb1 100644
--- a/pkgs/lib/meta.nix
+++ b/lib/meta.nix
diff --git a/pkgs/lib/misc.nix b/lib/misc.nix
index 19e5081009de..c128b9af9d8c 100644
--- a/pkgs/lib/misc.nix
+++ b/lib/misc.nix
@@ -206,9 +206,7 @@ rec {
     in
       work startSet [] [];
 
-  genericClosure =
-    if builtins ? genericClosure then builtins.genericClosure
-    else lazyGenericClosure;
+  genericClosure = builtins.genericClosure or lazyGenericClosure;
 
   innerModifySumArgs = f: x: a: b: if b == null then (f a b) // x else 
         innerModifySumArgs f x (a // b);
diff --git a/lib/modules.nix b/lib/modules.nix
new file mode 100644
index 000000000000..071809daa58e
--- /dev/null
+++ b/lib/modules.nix
@@ -0,0 +1,312 @@
+with import ./lists.nix;
+with import ./trivial.nix;
+with import ./attrsets.nix;
+with import ./options.nix;
+with import ./debug.nix;
+with import ./types.nix;
+
+rec {
+
+  /* Evaluate a set of modules.  The result is a set of two
+     attributes: ‘options’: the nested set of all option declarations,
+     and ‘config’: the nested set of all option values. */
+  evalModules = { modules, prefix ? [], args ? {}, check ? true }:
+    let
+      args' = args // result;
+      closed = closeModules modules args';
+      # Note: the list of modules is reversed to maintain backward
+      # compatibility with the old module system.  Not sure if this is
+      # the most sensible policy.
+      options = mergeModules prefix (reverseList closed);
+      # Traverse options and extract the option values into the final
+      # config set.  At the same time, check whether all option
+      # definitions have matching declarations.
+      config = yieldConfig prefix options;
+      yieldConfig = prefix: set:
+        let res = removeAttrs (mapAttrs (n: v:
+          if isOption v then v.value
+          else yieldConfig (prefix ++ [n]) v) set) ["_definedNames"];
+        in
+        if check && set ? _definedNames then
+          fold (m: res:
+            fold (name: res:
+              if hasAttr name set then res else throw "The option `${showOption (prefix ++ [name])}' defined in `${m.file}' does not exist.")
+              res m.names)
+            res set._definedNames
+        else
+          res;
+      result = { inherit options config; };
+    in result;
+
+  /* Close a set of modules under the ‘imports’ relation. */
+  closeModules = modules: args:
+    let
+      toClosureList = file: parentKey: imap (n: x:
+        if isAttrs x || builtins.isFunction x then
+          unifyModuleSyntax file "${parentKey}:anon-${toString n}" (applyIfFunction x args)
+        else
+          unifyModuleSyntax (toString x) (toString x) (applyIfFunction (import x) args));
+    in
+      builtins.genericClosure {
+        startSet = toClosureList unknownModule "" modules;
+        operator = m: toClosureList m.file m.key m.imports;
+      };
+
+  /* Massage a module into canonical form, that is, a set consisting
+     of ‘options’, ‘config’ and ‘imports’ attributes. */
+  unifyModuleSyntax = file: key: m:
+    if m ? config || m ? options then
+      let badAttrs = removeAttrs m ["imports" "options" "config" "key" "_file"]; in
+      if badAttrs != {} then
+        throw "Module `${key}' has an unsupported attribute `${head (attrNames badAttrs)}'."
+      else
+        { file = m._file or file;
+          key = toString m.key or key;
+          imports = m.imports or [];
+          options = m.options or {};
+          config = m.config or {};
+        }
+    else
+      { file = m._file or file;
+        key = toString m.key or key;
+        imports = m.require or [] ++ m.imports or [];
+        options = {};
+        config = removeAttrs m ["key" "_file" "require" "imports"];
+      };
+
+  applyIfFunction = f: arg: if builtins.isFunction f then f arg else f;
+
+  /* Merge a list of modules.  This will recurse over the option
+     declarations in all modules, combining them into a single set.
+     At the same time, for each option declaration, it will merge the
+     corresponding option definitions in all machines, returning them
+     in the ‘value’ attribute of each option. */
+  mergeModules = prefix: modules:
+    mergeModules' prefix modules
+      (concatMap (m: map (config: { inherit (m) file; inherit config; }) (pushDownProperties m.config)) modules);
+
+  mergeModules' = prefix: options: configs:
+    listToAttrs (map (name: {
+      # We're descending into attribute ‘name’.
+      inherit name;
+      value =
+        let
+          loc = prefix ++ [name];
+          # Get all submodules that declare ‘name’.
+          decls = concatLists (map (m:
+            if hasAttr name m.options
+              then [ { inherit (m) file; options = getAttr name m.options; } ]
+              else []
+            ) options);
+          # Get all submodules that define ‘name’.
+          defns = concatLists (map (m:
+            if hasAttr name m.config
+              then map (config: { inherit (m) file; inherit config; })
+                (pushDownProperties (getAttr name m.config))
+              else []
+            ) configs);
+          nrOptions = count (m: isOption m.options) decls;
+          # Process mkMerge and mkIf properties.
+          defns' = concatMap (m:
+            if hasAttr name m.config
+              then map (m': { inherit (m) file; value = m'; }) (dischargeProperties (getAttr name m.config))
+              else []
+            ) configs;
+        in
+          if nrOptions == length decls then
+            let opt = fixupOptionType loc (mergeOptionDecls loc decls);
+            in evalOptionValue loc opt defns'
+          else if nrOptions != 0 then
+            let
+              firstOption = findFirst (m: isOption m.options) "" decls;
+              firstNonOption = findFirst (m: !isOption m.options) "" decls;
+            in
+              throw "The option `${showOption loc}' in `${firstOption.file}' is a prefix of options in `${firstNonOption.file}'."
+          else
+            mergeModules' loc decls defns;
+    }) (concatMap (m: attrNames m.options) options))
+    // { _definedNames = map (m: { inherit (m) file; names = attrNames m.config; }) configs; };
+
+  /* Merge multiple option declarations into a single declaration.  In
+     general, there should be only one declaration of each option.
+     The exception is the ‘options’ attribute, which specifies
+     sub-options.  These can be specified multiple times to allow one
+     module to add sub-options to an option declared somewhere else
+     (e.g. multiple modules define sub-options for ‘fileSystems’). */
+  mergeOptionDecls = loc: opts:
+    fold (opt: res:
+      if opt.options ? default && res ? default ||
+         opt.options ? example && res ? example ||
+         opt.options ? description && res ? description ||
+         opt.options ? apply && res ? apply ||
+         opt.options ? type && res ? type
+      then
+        throw "The option `${showOption loc}' in `${opt.file}' is already declared in ${showFiles res.declarations}."
+      else
+        opt.options // res //
+          { declarations = [opt.file] ++ res.declarations;
+            options = if opt.options ? options then [(toList opt.options.options ++ res.options)] else [];
+          }
+    ) { inherit loc; declarations = []; options = []; } opts;
+
+  /* Merge all the definitions of an option to produce the final
+     config value. */
+  evalOptionValue = loc: opt: defs:
+    let
+      # Process mkOverride properties, adding in the default
+      # value specified in the option declaration (if any).
+      defsFinal = filterOverrides
+        ((if opt ? default then [{ file = head opt.declarations; value = mkOptionDefault opt.default; }] else []) ++ defs);
+      files = map (def: def.file) defsFinal;
+      # Type-check the remaining definitions, and merge them if
+      # possible.
+      merged =
+        if defsFinal == [] then
+          throw "The option `${showOption loc}' is used but not defined."
+        else
+          fold (def: res:
+            if opt.type.check def.value then res
+            else throw "The option value `${showOption loc}' in `${def.file}' is not a ${opt.type.name}.")
+            (opt.type.merge loc defsFinal) defsFinal;
+      # Finally, apply the ‘apply’ function to the merged
+      # value.  This allows options to yield a value computed
+      # from the definitions.
+      value = (opt.apply or id) merged;
+    in opt //
+      { value = addErrorContext "while evaluating the option `${showOption loc}':" value;
+        definitions = map (def: def.value) defsFinal;
+        isDefined = defsFinal != [];
+        inherit files;
+      };
+
+  /* Given a config set, expand mkMerge properties, and push down the
+     mkIf properties into the children.  The result is a list of
+     config sets that do not have properties at top-level.  For
+     example,
+
+       mkMerge [ { boot = set1; } (mkIf cond { boot = set2; services = set3; }) ]
+
+     is transformed into
+
+       [ { boot = set1; } { boot = mkIf cond set2; services mkIf cond set3; } ].
+
+     This transform is the critical step that allows mkIf conditions
+     to refer to the full configuration without creating an infinite
+     recursion.
+  */
+  pushDownProperties = cfg:
+    if cfg._type or "" == "merge" then
+      concatMap pushDownProperties cfg.contents
+    else if cfg._type or "" == "if" then
+      map (mapAttrs (n: v: mkIf cfg.condition v)) (pushDownProperties cfg.content)
+    else if cfg._type or "" == "override" then
+      map (mapAttrs (n: v: mkOverride cfg.priority v)) (pushDownProperties cfg.content)
+    else
+      [ cfg ];
+
+  /* Given a config value, expand mkMerge properties, and discharge
+     any mkIf conditions.  That is, this is the place where mkIf
+     conditions are actually evaluated.  The result is a list of
+     config values.  For example, ‘mkIf false x’ yields ‘[]’,
+     ‘mkIf true x’ yields ‘[x]’, and
+
+       mkMerge [ 1 (mkIf true 2) (mkIf true (mkIf false 3)) ]
+
+     yields ‘[ 1 2 ]’.
+  */
+  dischargeProperties = def:
+    if def._type or "" == "merge" then
+      concatMap dischargeProperties def.contents
+    else if def._type or "" == "if" then
+      if def.condition then
+        dischargeProperties def.content
+      else
+        [ ]
+    else
+      [ def ];
+
+  /* Given a list of config values, process the mkOverride properties,
+     that is, return the values that have the highest (that is,
+     numerically lowest) priority, and strip the mkOverride
+     properties.  For example,
+
+       [ { file = "/1"; value = mkOverride 10 "a"; }
+         { file = "/2"; value = mkOverride 20 "b"; }
+         { file = "/3"; value = "z"; }
+         { file = "/4"; value = mkOverride 10 "d"; }
+       ]
+
+     yields
+
+       [ { file = "/1"; value = "a"; }
+         { file = "/4"; value = "d"; }
+       ]
+
+     Note that "z" has the default priority 100.
+  */
+  filterOverrides = defs:
+    let
+      defaultPrio = 100;
+      getPrio = def: if def.value._type or "" == "override" then def.value.priority else defaultPrio;
+      min = x: y: if builtins.lessThan x y then x else y;
+      highestPrio = fold (def: prio: min (getPrio def) prio) 9999 defs;
+      strip = def: if def.value._type or "" == "override" then def // { value = def.value.content; } else def;
+    in concatMap (def: if getPrio def == highestPrio then [(strip def)] else []) defs;
+
+  /* Hack for backward compatibility: convert options of type
+     optionSet to configOf.  FIXME: remove eventually. */
+  fixupOptionType = loc: opt:
+    let
+      options' = opt.options or
+        (throw "Option `${showOption loc'}' has type optionSet but has no option attribute.");
+      coerce = x:
+        if builtins.isFunction x then x
+        else { config, ... }: { options = x; };
+      options = map coerce (flatten options');
+      f = tp:
+        if tp.name == "option set" then types.submodule options
+        else if tp.name == "attribute set of option sets" then types.attrsOf (types.submodule options)
+        else if tp.name == "list or attribute set of option sets" then types.loaOf (types.submodule options)
+        else if tp.name == "list of option sets" then types.listOf (types.submodule options)
+        else if tp.name == "null or option set" then types.nullOr (types.submodule options)
+        else tp;
+    in opt // { type = f (opt.type or types.unspecified); };
+
+
+  /* Properties. */
+
+  mkIf = condition: content:
+    { _type = "if";
+      inherit condition content;
+    };
+
+  mkAssert = assertion: message: content:
+    mkIf
+      (if assertion then true else throw "\nFailed assertion: ${message}")
+      content;
+
+  mkMerge = contents:
+    { _type = "merge";
+      inherit contents;
+    };
+
+  mkOverride = priority: content:
+    { _type = "override";
+      inherit priority content;
+    };
+
+  mkOptionDefault = mkOverride 1001; # priority of option defaults
+  mkDefault = mkOverride 1000; # used in config sections of non-user modules to set a default
+  mkForce = mkOverride 50;
+  mkVMOverride = mkOverride 10; # used by ‘nixos-rebuild build-vm’
+
+  mkFixStrictness = id; # obsolete, no-op
+
+  # FIXME: Add mkOrder back in. It's not currently used anywhere in
+  # NixOS, but it should be useful.
+
+
+  /* Compatibility. */
+  fixMergeModules = modules: args: evalModules { inherit modules args; check = false; };
+
+}
diff --git a/lib/options.nix b/lib/options.nix
new file mode 100644
index 000000000000..63798c4faa3b
--- /dev/null
+++ b/lib/options.nix
@@ -0,0 +1,120 @@
+# Nixpkgs/NixOS option handling.
+
+let lib = import ./default.nix; in
+
+with import ./trivial.nix;
+with import ./lists.nix;
+with import ./misc.nix;
+with import ./attrsets.nix;
+with import ./strings.nix;
+
+rec {
+
+  isOption = lib.isType "option";
+  mkOption =
+    { default ? null # Default value used when no definition is given in the configuration.
+    , defaultText ? null # Textual representation of the default, for in the manual.
+    , example ? null # Example value used in the manual.
+    , description ? null # String describing the option.
+    , type ? null # Option type, providing type-checking and value merging.
+    , apply ? null # Function that converts the option value to something else.
+    , internal ? null # Whether the option is for NixOS developers only.
+    , visible ? null # Whether the option shows up in the manual.
+    , options ? null # Obsolete, used by types.optionSet.
+    } @ attrs:
+    attrs // { _type = "option"; };
+
+  mkEnableOption = name: mkOption {
+    default = false;
+    example = true;
+    description = "Whether to enable ${name}.";
+    type = lib.types.bool;
+  };
+
+  mergeDefaultOption = loc: defs:
+    let list = getValues defs; in
+    if length list == 1 then head list
+    else if all builtins.isFunction list then x: mergeDefaultOption loc (map (f: f x) list)
+    else if all isList list then concatLists list
+    else if all isAttrs list then fold lib.mergeAttrs {} list
+    else if all builtins.isBool list then fold lib.or false list
+    else if all builtins.isString list then lib.concatStrings list
+    else if all builtins.isInt list && all (x: x == head list) list then head list
+    else throw "Cannot merge definitions of `${showOption loc}' given in ${showFiles (getFiles defs)}.";
+
+  /* Obsolete, will remove soon.  Specify an option type or apply
+     function instead.  */
+  mergeTypedOption = typeName: predicate: merge: loc: list:
+    let list' = map (x: x.value) list; in
+    if all predicate list then merge list'
+    else throw "Expected a ${typeName}.";
+
+  mergeEnableOption = mergeTypedOption "boolean"
+    (x: true == x || false == x) (fold lib.or false);
+
+  mergeListOption = mergeTypedOption "list" isList concatLists;
+
+  mergeStringOption = mergeTypedOption "string" builtins.isString lib.concatStrings;
+
+  mergeOneOption = loc: defs:
+    if defs == [] then abort "This case should never happen."
+    else if length defs != 1 then
+      throw "The unique option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
+    else (head defs).value;
+
+  getValues = map (x: x.value);
+  getFiles = map (x: x.file);
+
+
+  # Generate documentation template from the list of option declaration like
+  # the set generated with filterOptionSets.
+  optionAttrSetToDocList = optionAttrSetToDocList' [];
+
+  optionAttrSetToDocList' = prefix: options:
+    fold (opt: rest:
+      let
+        docOption = rec {
+          name = showOption opt.loc;
+          description = opt.description or (throw "Option `${name}' has no description.");
+          declarations = filter (x: x != unknownModule) opt.declarations;
+          internal = opt.internal or false;
+          visible = opt.visible or true;
+        }
+        // optionalAttrs (opt ? example) { example = scrubOptionValue opt.example; }
+        // optionalAttrs (opt ? default) { default = scrubOptionValue opt.default; }
+        // optionalAttrs (opt ? defaultText) { default = opt.defaultText; };
+
+        subOptions =
+          let ss = opt.type.getSubOptions opt.loc;
+          in if ss != {} then optionAttrSetToDocList' opt.loc ss else [];
+      in
+        # FIXME: expensive, O(n^2)
+        [ docOption ] ++ subOptions ++ rest) [] (collect isOption options);
+
+
+  /* This function recursively removes all derivation attributes from
+     `x' except for the `name' attribute.  This is to make the
+     generation of `options.xml' much more efficient: the XML
+     representation of derivations is very large (on the order of
+     megabytes) and is not actually used by the manual generator. */
+  scrubOptionValue = x:
+    if isDerivation x then
+      { type = "derivation"; drvPath = x.name; outPath = x.name; name = x.name; }
+    else if isList x then map scrubOptionValue x
+    else if isAttrs x then mapAttrs (n: v: scrubOptionValue v) (removeAttrs x ["_args"])
+    else x;
+
+
+  /* For use in the ‘example’ option attribute.  It causes the given
+     text to be included verbatim in documentation.  This is necessary
+     for example values that are not simple values, e.g.,
+     functions. */
+  literalExample = text: { _type = "literalExample"; inherit text; };
+
+
+  /* Helper functions. */
+  showOption = concatStringsSep ".";
+  showFiles = files: concatStringsSep " and " (map (f: "`${f}'") files);
+  unknownModule = "<unknown-file>";
+
+}
diff --git a/pkgs/lib/platforms.nix b/lib/platforms.nix
index 8be37d7ed1e7..8be37d7ed1e7 100644
--- a/pkgs/lib/platforms.nix
+++ b/lib/platforms.nix
diff --git a/pkgs/lib/sources.nix b/lib/sources.nix
index 6f8554d340be..6f8554d340be 100644
--- a/pkgs/lib/sources.nix
+++ b/lib/sources.nix
diff --git a/pkgs/lib/strings-with-deps.nix b/lib/strings-with-deps.nix
index 3ad3e5991506..3ad3e5991506 100644
--- a/pkgs/lib/strings-with-deps.nix
+++ b/lib/strings-with-deps.nix
diff --git a/pkgs/lib/strings.nix b/lib/strings.nix
index 024a9ac7d7a2..024a9ac7d7a2 100644
--- a/pkgs/lib/strings.nix
+++ b/lib/strings.nix
diff --git a/pkgs/lib/systems.nix b/lib/systems.nix
index 1ef869fb0120..afa2002c6e4e 100644
--- a/pkgs/lib/systems.nix
+++ b/lib/systems.nix
@@ -22,7 +22,7 @@ rec {
   };
 
 
-  isCpuType = x: typeOf x == "cpu-type"
+  isCpuType = x: isType "cpu-type" x
     && elem x.bits [8 16 32 64 128]
     && (builtins.lessThan 8 x.bits -> isSignificantByte x.significantByte);
 
@@ -69,7 +69,7 @@ rec {
   };
 
 
-  isSystem = x: typeOf x == "system"
+  isSystem = x: isType "system" x
     && isCpuType x.cpu
     && isArchitecture x.arch
     && isKernel x.kernel;
diff --git a/pkgs/lib/tests.nix b/lib/tests.nix
index 298bdffc3790..298bdffc3790 100644
--- a/pkgs/lib/tests.nix
+++ b/lib/tests.nix
diff --git a/pkgs/lib/trivial.nix b/lib/trivial.nix
index 8af3474f2a67..8af3474f2a67 100644
--- a/pkgs/lib/trivial.nix
+++ b/lib/trivial.nix
diff --git a/lib/types.nix b/lib/types.nix
new file mode 100644
index 000000000000..09b29a762e1d
--- /dev/null
+++ b/lib/types.nix
@@ -0,0 +1,210 @@
+# Definitions related to run-time type checking.  Used in particular
+# to type-check NixOS configurations.
+
+with import ./lists.nix;
+with import ./attrsets.nix;
+with import ./options.nix;
+with import ./trivial.nix;
+with import ./strings.nix;
+
+rec {
+
+  isType = type: x: (x._type or "") == type;
+  typeOf = x: x._type or "";
+
+  setType = typeName: value: value // {
+    _type = typeName;
+  };
+
+
+  isOptionType = isType "option-type";
+  mkOptionType =
+    { # Human-readable representation of the type.
+      name
+    , # Function applied to each definition that should return true if
+      # its type-correct, false otherwise.
+      check ? (x: true)
+    , # Merge a list of definitions together into a single value.
+      # This function is called with two arguments: the location of
+      # the option in the configuration as a list of strings
+      # (e.g. ["boot" "loader "grub" "enable"]), and a list of
+      # definition values and locations (e.g. [ { file = "/foo.nix";
+      # value = 1; } { file = "/bar.nix"; value = 2 } ]).
+      merge ? mergeDefaultOption
+    , # Return a flat list of sub-options.  Used to generate
+      # documentation.
+      getSubOptions ? prefix: {}
+    }:
+    { _type = "option-type";
+      inherit name check merge getSubOptions;
+    };
+
+
+  types = rec {
+
+    unspecified = mkOptionType {
+      name = "unspecified";
+    };
+
+    bool = mkOptionType {
+      name = "boolean";
+      check = builtins.isBool;
+      merge = loc: fold (x: y: x.value || y) false;
+    };
+
+    int = mkOptionType {
+      name = "integer";
+      check = builtins.isInt;
+      merge = mergeOneOption;
+    };
+
+    str = mkOptionType {
+      name = "string";
+      check = builtins.isString;
+      merge = mergeOneOption;
+    };
+
+    # Merge multiple definitions by concatenating them (with the given
+    # separator between the values).
+    separatedString = sep: mkOptionType {
+      name = "string";
+      check = builtins.isString;
+      merge = loc: defs: concatStringsSep sep (getValues defs);
+    };
+
+    lines = separatedString "\n";
+    commas = separatedString ",";
+    envVar = separatedString ":";
+
+    # Deprecated; should not be used because it quietly concatenates
+    # strings, which is usually not what you want.
+    string = separatedString "";
+
+    attrs = mkOptionType {
+      name = "attribute set";
+      check = isAttrs;
+      merge = loc: fold (def: mergeAttrs def.value) {};
+    };
+
+    # derivation is a reserved keyword.
+    package = mkOptionType {
+      name = "derivation";
+      check = isDerivation;
+      merge = mergeOneOption;
+    };
+
+    path = mkOptionType {
+      name = "path";
+      # Hacky: there is no ‘isPath’ primop.
+      check = x: builtins.unsafeDiscardStringContext (builtins.substring 0 1 (toString x)) == "/";
+      merge = mergeOneOption;
+    };
+
+    # drop this in the future:
+    list = builtins.trace "`types.list' is deprecated; use `types.listOf' instead" types.listOf;
+
+    listOf = elemType: mkOptionType {
+      name = "list of ${elemType.name}s";
+      check = value: isList value && all elemType.check value;
+      merge = loc: defs:
+        concatLists (imap (n: def: imap (m: def':
+          elemType.merge (loc ++ ["[${toString n}-${toString m}]"])
+            [{ inherit (def) file; value = def'; }]) def.value) defs);
+      getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["*"]);
+    };
+
+    attrsOf = elemType: mkOptionType {
+      name = "attribute set of ${elemType.name}s";
+      check = x: isAttrs x && all elemType.check (attrValues x);
+      merge = loc: defs:
+        zipAttrsWith (name: elemType.merge (loc ++ [name]))
+          # Push down position info.
+          (map (def: listToAttrs (mapAttrsToList (n: def':
+            { name = n; value = { inherit (def) file; value = def'; }; }) def.value)) defs);
+      getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name>"]);
+    };
+
+    # List or attribute set of ...
+    loaOf = elemType:
+      let
+        convertIfList = defIdx: def:
+          if isList def.value then
+            { inherit (def) file;
+              value = listToAttrs (
+                imap (elemIdx: elem:
+                  { name = "unnamed-${toString defIdx}.${toString elemIdx}";
+                    value = elem;
+                  }) def.value);
+            }
+          else
+            def;
+        listOnly = listOf elemType;
+        attrOnly = attrsOf elemType;
+      in mkOptionType {
+        name = "list or attribute set of ${elemType.name}s";
+        check = x:
+          if isList x       then listOnly.check x
+          else if isAttrs x then attrOnly.check x
+          else false;
+        merge = loc: defs: attrOnly.merge loc (imap convertIfList defs);
+        getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]);
+      };
+
+    uniq = elemType: mkOptionType {
+      inherit (elemType) name check;
+      merge = mergeOneOption;
+      getSubOptions = elemType.getSubOptions;
+    };
+
+    nullOr = elemType: mkOptionType {
+      name = "null or ${elemType.name}";
+      check = x: builtins.isNull x || elemType.check x;
+      merge = loc: defs:
+        let nrNulls = count (def: isNull def.value) defs; in
+        if nrNulls == length defs then null
+        else if nrNulls != 0 then
+          throw "The option `${showOption loc}' is defined both null and not null, in ${showFiles (getFiles defs)}."
+        else elemType.merge loc defs;
+      getSubOptions = elemType.getSubOptions;
+    };
+
+    functionTo = elemType: mkOptionType {
+      name = "function that evaluates to a(n) ${elemType.name}";
+      check = builtins.isFunction;
+      merge = loc: defs:
+        fnArgs: elemType.merge loc (map (fn: { inherit (fn) file; value = fn.value fnArgs; }) defs);
+      getSubOptions = elemType.getSubOptions;
+    };
+
+    submodule = opts:
+      let
+        opts' = toList opts;
+        inherit (import ./modules.nix) evalModules;
+      in
+      mkOptionType rec {
+        name = "submodule";
+        check = x: isAttrs x || builtins.isFunction x;
+        merge = loc: defs:
+          let
+            coerce = def: if builtins.isFunction def then def else { config = def; };
+            modules = opts' ++ map (def: { _file = def.file; imports = [(coerce def.value)]; }) defs;
+          in (evalModules { inherit modules; args.name = last loc; prefix = loc; }).config;
+        getSubOptions = prefix: (evalModules
+          { modules = opts'; inherit prefix;
+            # FIXME: hack to get shit to evaluate.
+            args = { name = ""; }; }).options;
+      };
+
+    # Obsolete alternative to configOf.  It takes its option
+    # declarations from the ‘options’ attribute of containing option
+    # declaration.
+    optionSet = mkOptionType {
+      name = /* builtins.trace "types.optionSet is deprecated; use types.submodule instead" */ "option set";
+    };
+
+    # Augment the given type with an additional type check function.
+    addCheck = elemType: check: elemType // { check = x: elemType.check x && check x; };
+
+  };
+
+}
diff --git a/maintainers/docs/uclibc-cross.txt b/maintainers/docs/uclibc-cross.txt
deleted file mode 100644
index c32a95eb2b25..000000000000
--- a/maintainers/docs/uclibc-cross.txt
+++ /dev/null
@@ -1,27 +0,0 @@
-Adding uClibc support for a new platform
-
-Sometimes you want to cross-compile to another architecture, for example an
-embedded devices. For embedded devices the uClibc C library is popular.
-In Nixpkgs there is support for uClibc for several architectures but not
-everything is supported.
-
-Adding support is not very difficult, 
-
-* Add your architecture to the buildfiles in
-$nixpkgs/development/tools/misc/binutils-cross
-
-* Add your architecture to the buildfiles in
-$nixpkgs/development/compilers/gcc-4.0-cross
-
-* Add your architecture to the buildfiles in
-$nixpkgs/os-specific/linux/kernel-headers-cross
-
-* Add your architecture to the buildfiles in
-$nixpkgs/development/uclibc
-
-In the latter directory you will also need a configuration file for uClibc.
-You can make these by unpacking the uClibc sources and run a "make menuconfig".
-In the configuration a few things need to be adapted:
-
-- kernel sources -> need to point at our own kernel headers
-- install -> needs to point at $out
diff --git a/maintainers/scripts/eval-release.nix b/maintainers/scripts/eval-release.nix
index 4bd2b0f1fa8b..bb9572cbc795 100644
--- a/maintainers/scripts/eval-release.nix
+++ b/maintainers/scripts/eval-release.nix
@@ -1,7 +1,7 @@
 # Evaluate `release.nix' like Hydra would.  Too bad nix-instantiate
 # can't to do this.
 
-with import ../../pkgs/lib;
+with import ../../lib;
 
 let
   trace = if builtins.getEnv "VERBOSE" == "1" then builtins.trace else (x: y: y);
@@ -10,14 +10,15 @@ let
 
   # Add the ‘recurseForDerivations’ attribute to ensure that
   # nix-instantiate recurses into nested attribute sets.
-  recurse = attrs:
+  recurse = path: attrs:
     if (builtins.tryEval attrs).success then
-      if isDerivation attrs 
+      if isDerivation attrs
       then
-        if (builtins.tryEval attrs.outPath).success
-        then attrs
-        else { }
-      else { recurseForDerivations = true; } // mapAttrs (n: v: recurse v) attrs
+        if (builtins.tryEval attrs.drvPath).success
+        then { inherit (attrs) name drvPath; }
+        else { failed = true; }
+      else { recurseForDerivations = true; } //
+           mapAttrs (n: v: let path' = path ++ [n]; in trace path' (recurse path' v)) attrs
     else { };
 
-in recurse rel
+in recurse [] rel
diff --git a/nixos/.topmsg b/nixos/.topmsg
new file mode 100644
index 000000000000..9632e5926312
--- /dev/null
+++ b/nixos/.topmsg
@@ -0,0 +1 @@
+improvements to vsftpd module
diff --git a/nixos/COPYING b/nixos/COPYING
new file mode 100644
index 000000000000..c9b44cb8aaeb
--- /dev/null
+++ b/nixos/COPYING
@@ -0,0 +1,18 @@
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/nixos/README b/nixos/README
new file mode 100644
index 000000000000..4ecf648a9302
--- /dev/null
+++ b/nixos/README
@@ -0,0 +1,5 @@
+*** NixOS ***
+
+NixOS is a Linux distribution based on the purely functional package
+management system Nix.  More information can be found at
+http://nixos.org/nixos and in the manual in doc/manual.
diff --git a/nixos/default.nix b/nixos/default.nix
new file mode 100644
index 000000000000..5d69b79e13a6
--- /dev/null
+++ b/nixos/default.nix
@@ -0,0 +1,43 @@
+{ configuration ? import ./lib/from-env.nix "NIXOS_CONFIG" <nixos-config>
+, system ? builtins.currentSystem
+}:
+
+let
+
+  eval = import ./lib/eval-config.nix {
+    inherit system;
+    modules = [ configuration ];
+  };
+
+  inherit (eval) pkgs;
+
+  # This is for `nixos-rebuild build-vm'.
+  vmConfig = (import ./lib/eval-config.nix {
+    inherit system;
+    modules = [ configuration ./modules/virtualisation/qemu-vm.nix ];
+  }).config;
+
+  # This is for `nixos-rebuild build-vm-with-bootloader'.
+  vmWithBootLoaderConfig = (import ./lib/eval-config.nix {
+    inherit system;
+    modules =
+      [ configuration
+        ./modules/virtualisation/qemu-vm.nix
+        { virtualisation.useBootLoader = true; }
+      ];
+  }).config;
+
+in
+
+{
+  inherit (eval) config options;
+
+  system = eval.config.system.build.toplevel;
+
+  vm = vmConfig.system.build.vm;
+
+  vmWithBootLoader = vmWithBootLoaderConfig.system.build.vm;
+
+  # The following are used by nixos-rebuild.
+  nixFallback = pkgs.nixUnstable;
+}
diff --git a/nixos/doc/config-examples/basic.nix b/nixos/doc/config-examples/basic.nix
new file mode 100644
index 000000000000..da37cfb8c286
--- /dev/null
+++ b/nixos/doc/config-examples/basic.nix
@@ -0,0 +1,21 @@
+{
+  boot = {
+    loader.grub.device = "/dev/sda";
+  };
+
+  fileSystems = [
+    { mountPoint = "/";
+      device = "/dev/sda1";
+    }
+  ];
+
+  swapDevices = [
+    { device = "/dev/sdb1"; }
+  ];
+
+  services = {
+    openssh = {
+      enable = true;
+    };
+  };
+}
diff --git a/nixos/doc/config-examples/closed-install-configuration.nix b/nixos/doc/config-examples/closed-install-configuration.nix
new file mode 100644
index 000000000000..0cebacdb0ccd
--- /dev/null
+++ b/nixos/doc/config-examples/closed-install-configuration.nix
@@ -0,0 +1,32 @@
+{
+  boot = {
+    loader.grub.device = "/dev/sda";
+    copyKernels = true;
+    bootMount = "(hd0,0)";
+  };
+
+  fileSystems = [
+    { mountPoint = "/";
+      device = "/dev/sda3";
+    }
+    { mountPoint = "/boot";
+      device = "/dev/sda1";
+      neededForBoot = true;
+    }
+  ];
+
+  swapDevices = [
+    { device = "/dev/sda2"; }
+  ];
+
+  services = {
+    sshd = {
+      enable = true;
+    };
+  };
+
+  fonts = {
+    enableFontConfig = false;
+  };
+
+}
diff --git a/nixos/doc/config-examples/root-on-lvm.nix b/nixos/doc/config-examples/root-on-lvm.nix
new file mode 100644
index 000000000000..2ea1e547921f
--- /dev/null
+++ b/nixos/doc/config-examples/root-on-lvm.nix
@@ -0,0 +1,27 @@
+# This configuration has / on a LVM volume.  Since Grub
+# doesn't know about LVM, a separate /boot is therefore
+# needed.
+#
+# In this example, labels are used for file systems and
+# swap devices: "boot" might be /dev/sda1, "root" might be
+# /dev/my-volume-group/root, and "swap" might be /dev/sda2.
+# In particular there is no specific reference to the fact
+# that / is on LVM; that's figured out automatically.
+
+{
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.kernelModules = ["ata_piix"];
+
+  fileSystems = [
+    { mountPoint = "/";
+      label = "root";
+    }
+    { mountPoint = "/boot";
+      label = "boot";
+    }
+  ];
+
+  swapDevices = [
+    { label = "swap"; }
+  ];
+}
diff --git a/nixos/doc/config-examples/svn-server.nix b/nixos/doc/config-examples/svn-server.nix
new file mode 100644
index 000000000000..e727007117b1
--- /dev/null
+++ b/nixos/doc/config-examples/svn-server.nix
@@ -0,0 +1,36 @@
+{
+  boot = {
+    loader.grub.device = "/dev/sda";
+  };
+
+  fileSystems = [
+    { mountPoint = "/";
+      device = "/dev/sda1";
+    }
+  ];
+
+  services = {
+
+    sshd = {
+      enable = true;
+    };
+
+    httpd = {
+      enable = true;
+      adminAddr = "admin@example.org";
+
+      subservices = {
+
+        subversion = {
+          enable = true;
+          dataDir = "/data/subversion";
+          notificationSender = "svn@example.org";
+        };
+
+      };
+
+    };
+
+  };
+
+}
diff --git a/nixos/doc/config-examples/x86_64-usbstick.nix b/nixos/doc/config-examples/x86_64-usbstick.nix
new file mode 100644
index 000000000000..374d3ba3bc74
--- /dev/null
+++ b/nixos/doc/config-examples/x86_64-usbstick.nix
@@ -0,0 +1,20 @@
+# Configuration file used to install NixOS-x86_64 on a USB stick.
+
+{
+  boot = {
+    loader.grub.device = "/dev/sda";
+    initrd = {
+      kernelModules = ["usb_storage" "ehci_hcd" "ohci_hcd"];
+    };
+  };
+
+  fileSystems = [
+    { mountPoint = "/";
+      label = "nixos-usb";
+    }
+  ];
+
+  fonts = {
+    enableFontConfig = false;
+  };
+}
diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml
new file mode 100644
index 000000000000..9bca53ae9040
--- /dev/null
+++ b/nixos/doc/manual/configuration.xml
@@ -0,0 +1,1515 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="ch-configuration">
+
+<title>Configuring NixOS</title>
+
+<para>This chapter describes how to configure various aspects of a
+NixOS machine through the configuration file
+<filename>/etc/nixos/configuration.nix</filename>.  As described in
+<xref linkend="sec-changing-config" />, changes to this file only take
+effect after you run <command>nixos-rebuild</command>.</para>
+
+
+<!--===============================================================-->
+
+<section xml:id="sec-configuration-syntax"><title>Configuration syntax</title>
+
+<section><title>The basics</title>
+
+<para>The NixOS configuration file
+<filename>/etc/nixos/configuration.nix</filename> is actually a
+<emphasis>Nix expression</emphasis>, which is the Nix package
+manager’s purely functional language for describing how to build
+packages and configurations.  This means you have all the expressive
+power of that language at your disposal, including the ability to
+abstract over common patterns, which is very useful when managing
+complex systems.  The syntax and semantics of the Nix language are
+fully described in the <link
+xlink:href="http://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix
+manual</link>, but here we give a short overview of the most important
+constructs useful in NixOS configuration files.</para>
+
+<para>The NixOS configuration file generally looks like this:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ <replaceable>option definitions</replaceable>
+}
+</programlisting>
+
+The first line (<literal>{ config, pkgs, ... }:</literal>) denotes
+that this is actually a function that takes at least the two arguments
+ <varname>config</varname> and <varname>pkgs</varname>.  (These are
+explained later.)  The function returns a <emphasis>set</emphasis> of
+option definitions (<literal>{ <replaceable>...</replaceable> }</literal>).  These definitions have the
+form <literal><replaceable>name</replaceable> =
+<replaceable>value</replaceable></literal>, where
+<replaceable>name</replaceable> is the name of an option and
+<replaceable>value</replaceable> is its value.  For example,
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ services.httpd.enable = true;
+  services.httpd.adminAddr = "alice@example.org";
+  services.httpd.documentRoot = "/webroot";
+}
+</programlisting>
+
+defines a configuration with three option definitions that together
+enable the Apache HTTP Server with <filename>/webroot</filename> as
+the document root.</para>
+
+<para>Sets can be nested, and in fact dots in option names are
+shorthand for defining a set containing another set.  For instance,
+<option>services.httpd.enable</option> defines a set named
+<varname>services</varname> that contains a set named
+<varname>httpd</varname>, which in turn contains an option definition
+named <varname>enable</varname> with value <literal>true</literal>.
+This means that the example above can also be written as:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ services = {
+    httpd = {
+      enable = true;
+      adminAddr = "alice@example.org";
+      documentRoot = "/webroot";
+    };
+  };
+}
+</programlisting>
+
+which may be more convenient if you have lots of option definitions
+that share the same prefix (such as
+<literal>services.httpd</literal>).</para>
+
+<para>NixOS checks your option definitions for correctness.  For
+instance, if you try to define an option that doesn’t exist (that is,
+doesn’t have a corresponding <emphasis>option declaration</emphasis>),
+<command>nixos-rebuild</command> will give an error like:
+<screen>
+The option `services.httpd.enabl' defined in `/etc/nixos/configuration.nix' does not exist.
+</screen>
+Likewise, values in option definitions must have a correct type.  For
+instance, <option>services.httpd.enable</option> must be a Boolean
+(<literal>true</literal> or <literal>false</literal>).  Trying to give
+it a value of another type, such as a string, will cause an error:
+<screen>
+The option value `services.httpd.enable' in `/etc/nixos/configuration.nix' is not a boolean.
+</screen>
+
+</para>
+
+<para>Options have various types of values.  The most important are:
+
+<variablelist>
+  <varlistentry>
+    <term>Strings</term>
+    <listitem>
+      <para>Strings are enclosed in double quotes, e.g.
+
+<programlisting>
+networking.hostName = "dexter";
+</programlisting>
+
+      Special characters can be escaped by prefixing them with a
+      backslash (e.g. <literal>\"</literal>).</para>
+
+      <para>Multi-line strings can be enclosed in <emphasis>double
+      single quotes</emphasis>, e.g.
+
+<programlisting>
+networking.extraHosts =
+  ''
+    127.0.0.2 other-localhost
+    10.0.0.1 server
+  '';
+</programlisting>
+
+      The main difference is that preceding whitespace is
+      automatically stripped from each line, and that characters like
+      <literal>"</literal> and <literal>\</literal> are not special
+      (making it more convenient for including things like shell
+      code).</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term>Booleans</term>
+    <listitem>
+      <para>These can be <literal>true</literal> or
+      <literal>false</literal>, e.g.
+
+<programlisting>
+networking.firewall.enable = true;
+networking.firewall.allowPing = false;
+</programlisting>
+      </para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term>Integers</term>
+    <listitem>
+      <para>For example,
+
+<programlisting>
+boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;
+</programlisting>
+
+      (Note that here the attribute name
+      <literal>net.ipv4.tcp_keepalive_time</literal> is enclosed in
+      quotes to prevent it from being interpreted as a set named
+      <literal>net</literal> containing a set named
+      <literal>ipv4</literal>, and so on.  This is because it’s not a
+      NixOS option but the literal name of a Linux kernel
+      setting.)</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term>Sets</term>
+    <listitem>
+      <para>Sets were introduced above.  They are name/value pairs
+      enclosed in braces, as in the option definition
+
+<programlisting>
+fileSystems."/boot" =
+  { device = "/dev/sda1";
+    fsType = "ext4";
+    options = "rw,data=ordered,relatime";
+  };
+</programlisting>
+      </para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term>Lists</term>
+    <listitem>
+      <para>The important thing to note about lists is that list
+      elements are separated by whitespace, like this:
+
+<programlisting>
+boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
+</programlisting>
+
+      List elements can be any other type, e.g. sets:
+
+<programlisting>
+swapDevices = [ { device = "/dev/disk/by-label/swap"; } ];
+</programlisting>
+      </para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term>Packages</term>
+    <listitem>
+      <para>Usually, the packages you need are already part of the Nix
+      Packages collection, which is a set that can be accessed through
+      the function argument <varname>pkgs</varname>.  Typical uses:
+
+<programlisting>
+environment.systemPackages =
+  [ pkgs.thunderbird
+    pkgs.emacs
+  ];
+
+postgresql.package = pkgs.postgresql90;
+</programlisting>
+
+      The latter option definition changes the default PostgreSQL
+      package used by NixOS’s PostgreSQL service to 9.0.  For more
+      information on packages, including how to add new ones, see
+      <xref linkend="sec-custom-packages"/>.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+</section>
+
+
+<section><title>Abstractions</title>
+
+<para>If you find yourself repeating yourself over and over, it’s time
+to abstract.  Take, for instance, this Apache HTTP Server configuration:
+
+<programlisting>
+{
+  services.httpd.virtualHosts =
+    [ { hostName = "example.org";
+        documentRoot = "/webroot";
+        adminAddr = "alice@example.org";
+        enableUserDir = true;
+      }
+      { hostName = "example.org";
+        documentRoot = "/webroot";
+        adminAddr = "alice@example.org";
+        enableUserDir = true;
+        enableSSL = true;
+        sslServerCert = "/root/ssl-example-org.crt";
+        sslServerKey = "/root/ssl-example-org.key";
+      }
+    ];
+}
+</programlisting>
+
+It defines two virtual hosts with nearly identical configuration; the
+only difference is that the second one has SSL enabled.  To prevent
+this duplication, we can use a <literal>let</literal>:
+
+<programlisting>
+let
+  exampleOrgCommon =
+    { hostName = "example.org";
+      documentRoot = "/webroot";
+      adminAddr = "alice@example.org";
+      enableUserDir = true;
+    };
+in
+{
+  services.httpd.virtualHosts =
+    [ exampleOrgCommon
+      (exampleOrgCommon // {
+        enableSSL = true;
+        sslServerCert = "/root/ssl-example-org.crt";
+        sslServerKey = "/root/ssl-example-org.key";
+      })
+    ];
+}
+</programlisting>
+
+The <literal>let exampleOrgCommon =
+<replaceable>...</replaceable></literal> defines a variable named
+<literal>exampleOrgCommon</literal>.  The <literal>//</literal>
+operator merges two attribute sets, so the configuration of the second
+virtual host is the set <literal>exampleOrgCommon</literal> extended
+with the SSL options.</para>
+
+<para>You can write a <literal>let</literal> wherever an expression is
+allowed.  Thus, you also could have written:
+
+<programlisting>
+{
+  services.httpd.virtualHosts =
+    let exampleOrgCommon = <replaceable>...</replaceable>; in
+    [ exampleOrgCommon
+      (exampleOrgCommon // { <replaceable>...</replaceable> })
+    ];
+}
+</programlisting>
+
+but not <literal>{ let exampleOrgCommon =
+<replaceable>...</replaceable>; in <replaceable>...</replaceable>;
+}</literal> since attributes (as opposed to attribute values) are not
+expressions.</para>
+
+<para><emphasis>Functions</emphasis> provide another method of
+abstraction.  For instance, suppose that we want to generate lots of
+different virtual hosts, all with identical configuration except for
+the host name.  This can be done as follows:
+
+<programlisting>
+{
+  services.httpd.virtualHosts =
+    let
+      makeVirtualHost = name:
+        { hostName = name;
+          documentRoot = "/webroot";
+          adminAddr = "alice@example.org";
+        };
+    in
+      [ (makeVirtualHost "example.org")
+        (makeVirtualHost "example.com")
+        (makeVirtualHost "example.gov")
+        (makeVirtualHost "example.nl")
+      ];
+}
+</programlisting>
+
+Here, <varname>makeVirtualHost</varname> is a function that takes a
+single argument <literal>name</literal> and returns the configuration
+for a virtual host.  That function is then called for several names to
+produce the list of virtual host configurations.</para>
+
+<para>We can further improve on this by using the function
+<varname>map</varname>, which applies another function to every
+element in a list:
+
+<programlisting>
+{
+  services.httpd.virtualHosts =
+    let
+      makeVirtualHost = <replaceable>...</replaceable>;
+    in map makeVirtualHost
+      [ "example.org" "example.com" "example.gov" "example.nl" ];
+}
+</programlisting>
+
+(The function <literal>map</literal> is called a
+<emphasis>higher-order function</emphasis> because it takes another
+function as an argument.)</para>
+
+<para>What if you need more than one argument, for instance, if we
+want to use a different <literal>documentRoot</literal> for each
+virtual host?  Then we can make <varname>makeVirtualHost</varname> a
+function that takes a <emphasis>set</emphasis> as its argument, like this:
+
+<programlisting>
+{
+  services.httpd.virtualHosts =
+    let
+      makeVirtualHost = { name, root }:
+        { hostName = name;
+          documentRoot = root;
+          adminAddr = "alice@example.org";
+        };
+    in map makeVirtualHost
+      [ { name = "example.org"; root = "/sites/example.org"; }
+        { name = "example.com"; root = "/sites/example.com"; }
+        { name = "example.gov"; root = "/sites/example.gov"; }
+        { name = "example.nl"; root = "/sites/example.nl"; }
+      ];
+}
+</programlisting>
+
+But in this case (where every root is a subdirectory of
+<filename>/sites</filename> named after the virtual host), it would
+have been shorter to define <varname>makeVirtualHost</varname> as
+<programlisting>
+makeVirtualHost = name:
+  { hostName = name;
+    documentRoot = "/sites/${name}";
+    adminAddr = "alice@example.org";
+  };
+</programlisting>
+
+Here, the construct
+<literal>${<replaceable>...</replaceable>}</literal> allows the result
+of an expression to be spliced into a string.</para>
+
+</section>
+
+
+<section><title>Modularity</title>
+
+<para>The NixOS configuration mechanism is modular.  If your
+<filename>configuration.nix</filename> becomes too big, you can split
+it into multiple files.  Likewise, if you have multiple NixOS
+configurations (e.g. for different computers) with some commonality,
+you can move the common configuration into a shared file.</para>
+
+<para>Modules have exactly the same syntax as
+<filename>configuration.nix</filename>.  In fact,
+<filename>configuration.nix</filename> is itself a module.  You can
+use other modules by including them from
+<filename>configuration.nix</filename>, e.g.:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ imports = [ ./vpn.nix ./kde.nix ];
+  services.httpd.enable = true;
+  environment.systemPackages = [ pkgs.emacs ];
+  <replaceable>...</replaceable>
+}
+</programlisting>
+
+Here, we include two modules from the same directory,
+<filename>vpn.nix</filename> and <filename>kde.nix</filename>.  The
+latter might look like this:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ services.xserver.enable = true;
+  services.xserver.displayManager.kdm.enable = true;
+  services.xserver.desktopManager.kde4.enable = true;
+  environment.systemPackages = [ pkgs.kde4.kscreensaver ];
+}
+</programlisting>
+
+Note that both <filename>configuration.nix</filename> and
+<filename>kde.nix</filename> define the option
+<option>environment.systemPackages</option>.  When multiple modules
+define an option, NixOS will try to <emphasis>merge</emphasis> the
+definitions.  In the case of
+<option>environment.systemPackages</option>, that’s easy: the lists of
+packages can simply be concatenated.  For other types of options, a
+merge may not be possible: for instance, if two modules define
+<option>services.httpd.adminAddr</option>,
+<command>nixos-rebuild</command> will give an error:
+
+<screen>
+The unique option `services.httpd.adminAddr' is defined multiple times, in `/etc/nixos/httpd.nix' and `/etc/nixos/configuration.nix'.
+</screen>
+
+When that happens, it’s possible to force one definition take
+precedence over the others:
+
+<programlisting>
+services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org";
+</programlisting>
+
+</para>
+
+<para>When using multiple modules, you may need to access
+configuration values defined in other modules.  This is what the
+<varname>config</varname> function argument is for: it contains the
+complete, merged system configuration.  That is,
+<varname>config</varname> is the result of combining the
+configurations returned by every module<footnote><para>If you’re
+wondering how it’s possible that the (indirect)
+<emphasis>result</emphasis> of a function is passed as an
+<emphasis>input</emphasis> to that same function: that’s because Nix
+is a “lazy” language — it only computes values when they are needed.
+This works as long as no individual configuration value depends on
+itself.</para></footnote>.  For example, here is a module that adds
+some packages to <option>environment.systemPackages</option> only if
+<option>services.xserver.enable</option> is set to
+<literal>true</literal> somewhere else:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ environment.systemPackages =
+    if config.services.xserver.enable then
+      [ pkgs.firefox
+        pkgs.thunderbird
+      ]
+    else
+      [ ];
+}
+</programlisting>
+
+</para>
+
+<para>With multiple modules, it may not be obvious what the final
+value of a configuration option is.  The command
+<option>nixos-option</option> allows you to find out:
+
+<screen>
+$ nixos-option services.xserver.enable
+true
+
+$ nixos-option boot.kernelModules
+[ "tun" "ipv6" "loop" <replaceable>...</replaceable> ]
+</screen>
+
+Interactive exploration of the configuration is possible using
+<command
+xlink:href="https://github.com/edolstra/nix-repl">nix-repl</command>,
+a read-eval-print loop for Nix expressions.  It’s not installed by
+default; run <literal>nix-env -i nix-repl</literal> to get it.  A
+typical use:
+
+<screen>
+$ nix-repl '&lt;nixos>'
+
+nix-repl> config.networking.hostName
+"mandark"
+
+nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts
+[ "example.org" "example.gov" ]
+</screen>
+
+</para>
+
+</section>
+
+
+<section><title>Syntax summary</title>
+
+<para>Below is a summary of the most important syntactic constructs in
+the Nix expression language.  It’s not complete.  In particular, there
+are many other built-in functions.  See the <link
+xlink:href="http://nixos.org/nix/manual/#chap-writing-nix-expressions">Nix
+manual</link> for the rest.</para>
+
+<informaltable frame='none'>
+  <tgroup cols='2'>
+    <colspec colname='c1' rowsep='1' colsep='1' />
+    <colspec colname='c2' rowsep='1' />
+    <thead>
+      <row>
+        <entry>Example</entry>
+        <entry>Description</entry>
+      </row>
+    </thead>
+    <tbody>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Basic values</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>"Hello world"</literal></entry>
+        <entry>A string</entry>
+      </row>
+      <row>
+        <entry><literal>"${pkgs.bash}/bin/sh"</literal></entry>
+        <entry>A string containing an expression (expands to <literal>"/nix/store/<replaceable>hash</replaceable>-bash-<replaceable>version</replaceable>/bin/sh"</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>true</literal>, <literal>false</literal></entry>
+        <entry>Booleans</entry>
+      </row>
+      <row>
+        <entry><literal>123</literal></entry>
+        <entry>An integer</entry>
+      </row>
+      <row>
+        <entry><literal>./foo.png</literal></entry>
+        <entry>A path (relative to the containing Nix expression)</entry>
+      </row>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Compound values</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>{ x = 1; y = 2; }</literal></entry>
+        <entry>An set with attributes names <literal>x</literal> and <literal>y</literal></entry>
+      </row>
+      <row>
+        <entry><literal>{ foo.bar = 1; }</literal></entry>
+        <entry>A nested set, equivalent to <literal>{ foo = { bar = 1; }; }</literal></entry>
+      </row>
+      <row>
+        <entry><literal>rec { x = "bla"; y = x + "bar"; }</literal></entry>
+        <entry>A recursive set, equivalent to <literal>{ x = "foo"; y = "foobar"; }</literal></entry>
+      </row>
+      <row>
+        <entry><literal>[ "foo" "bar" ]</literal></entry>
+        <entry>A list with two elements</entry>
+      </row>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Operators</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>"foo" + "bar"</literal></entry>
+        <entry>String concatenation</entry>
+      </row>
+      <row>
+        <entry><literal>1 + 2</literal></entry>
+        <entry>Integer addition</entry>
+      </row>
+      <row>
+        <entry><literal>"foo" == "f" + "oo"</literal></entry>
+        <entry>Equality test (evaluates to <literal>true</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>"foo" != "bar"</literal></entry>
+        <entry>Inequality test (evaluates to <literal>true</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>!true</literal></entry>
+        <entry>Boolean negation</entry>
+      </row>
+      <row>
+        <entry><literal>{ x = 1; y = 2; }.x</literal></entry>
+        <entry>Attribute selection (evaluates to <literal>1</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>{ x = 1; y = 2; }.z or 3</literal></entry>
+        <entry>Attribute selection with default (evaluates to <literal>3</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>{ x = 1; y = 2; } // { z = 3; }</literal></entry>
+        <entry>Merge two sets (attributes in the right-hand set taking precedence)</entry>
+      </row>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Control structures</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>if 1 + 1 == 2 then "yes!" else "no!"</literal></entry>
+        <entry>Conditional expression</entry>
+      </row>
+      <row>
+        <entry><literal>assert 1 + 1 == 2; "yes!"</literal></entry>
+        <entry>Assertion check (evaluates to <literal>"yes!"</literal>)</entry>
+      </row>
+      <row>
+        <entry><literal>let x = "foo"; y = "bar"; in x + y</literal></entry>
+        <entry>Variable definition</entry>
+      </row>
+      <row>
+        <entry><literal>with pkgs.lib; head [ 1 2 3 ]</literal></entry>
+        <entry>Add all attributes from the given set to the scope
+        (evaluates to <literal>1</literal>)</entry>
+      </row>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Functions (lambdas)</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>x: x + 1</literal></entry>
+        <entry>A function that expects an integer and returns it increased by 1</entry>
+      </row>
+      <row>
+        <entry><literal>(x: x + 1) 100</literal></entry>
+        <entry>A function call (evaluates to 101)</entry>
+      </row>
+      <row>
+        <entry><literal>let inc = x: x + 1; in inc (inc (inc 100))</literal></entry>
+        <entry>A function bound to a variable and subsequently called by name (evaluates to 103)</entry>
+      </row>
+      <row>
+        <entry><literal>{ x, y }: x + y</literal></entry>
+        <entry>A function that expects a set with required attributes
+        <literal>x</literal> and <literal>y</literal> and concatenates
+        them</entry>
+      </row>
+      <row>
+        <entry><literal>{ x, y ? "bar" }: x + y</literal></entry>
+        <entry>A function that expects a set with required attribute
+        <literal>x</literal> and optional <literal>y</literal>, using
+        <literal>"bar"</literal> as default value for
+        <literal>y</literal></entry>
+      </row>
+      <row>
+        <entry><literal>{ x, y, ... }: x + y</literal></entry>
+        <entry>A function that expects a set with required attributes
+        <literal>x</literal> and <literal>y</literal> and ignores any
+        other attributes</entry>
+      </row>
+      <row>
+        <entry><literal>{ x, y } @ args: x + y</literal></entry>
+        <entry>A function that expects a set with required attributes
+        <literal>x</literal> and <literal>y</literal>, and binds the
+        whole set to <literal>args</literal></entry>
+      </row>
+
+      <row>
+        <entry namest="c1" nameend="c2"><emphasis>Built-in functions</emphasis></entry>
+      </row>
+      <row>
+        <entry><literal>import ./foo.nix</literal></entry>
+        <entry>Load and return Nix expression in given file</entry>
+      </row>
+      <row>
+        <entry><literal>map (x: x + x) [ 1 2 3 ]</literal></entry>
+        <entry>Apply a function to every element of a list (evaluates to <literal>[ 2 4 6 ]</literal>)</entry>
+      </row>
+      <!--
+      <row>
+        <entry><literal>throw "Urgh"</literal></entry>
+        <entry>Raise an error condition</entry>
+      </row>
+      -->
+
+    </tbody>
+  </tgroup>
+</informaltable>
+
+</section>
+
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Package management</title>
+
+<para>This section describes how to add additional packages to your
+system.  NixOS has two distinct styles of package management:
+
+<itemizedlist>
+
+  <listitem><para><emphasis>Declarative</emphasis>, where you declare
+  what packages you want in your
+  <filename>configuration.nix</filename>.  Every time you run
+  <command>nixos-rebuild</command>, NixOS will ensure that you get a
+  consistent set of binaries corresponding to your
+  specification.</para></listitem>
+
+  <listitem><para><emphasis>Ad hoc</emphasis>, where you install,
+  upgrade and uninstall packages via the <command>nix-env</command>
+  command.  This style allows mixing packages from different Nixpkgs
+  versions.  It’s the only choice for non-root
+  users.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>The next two sections describe these two styles.</para>
+
+
+<section><title>Declarative package management</title>
+
+<para>With declarative package management, you specify which packages
+you want on your system by setting the option
+<option>environment.systemPackages</option>.  For instance, adding the
+following line to <filename>configuration.nix</filename> enables the
+Mozilla Thunderbird email application:
+
+<programlisting>
+environment.systemPackages = [ pkgs.thunderbird ];
+</programlisting>
+
+The effect of this specification is that the Thunderbird package from
+Nixpkgs will be built or downloaded as part of the system when you run
+<command>nixos-rebuild switch</command>.</para>
+
+<para>You can get a list of the available packages as follows:
+<screen>
+$ nix-env -qaP '*' --description
+nixos.pkgs.firefox   firefox-23.0   Mozilla Firefox - the browser, reloaded
+<replaceable>...</replaceable>
+</screen>
+
+The first column in the output is the <emphasis>attribute
+name</emphasis>, such as
+<literal>nixos.pkgs.thunderbird</literal>. (The
+<literal>nixos</literal> prefix allows distinguishing between
+different channels that you might have.)</para>
+
+<para>To “uninstall” a package, simply remove it from
+<option>environment.systemPackages</option> and run
+<command>nixos-rebuild switch</command>.</para>
+
+
+<section xml:id="sec-customising-packages"><title>Customising packages</title>
+
+<para>Some packages in Nixpkgs have options to enable or disable
+optional functionality or change other aspects of the package.  For
+instance, the Firefox wrapper package (which provides Firefox with a
+set of plugins such as the Adobe Flash player) has an option to enable
+the Google Talk plugin.  It can be set in
+<filename>configuration.nix</filename> as follows:
+
+<filename>
+nixpkgs.config.firefox.enableGoogleTalkPlugin = true;
+</filename>
+</para>
+
+<warning><para>Unfortunately, Nixpkgs currently lacks a way to query
+available configuration options.</para></warning>
+
+<para>Apart from high-level options, it’s possible to tweak a package
+in almost arbitrary ways, such as changing or disabling dependencies
+of a package.  For instance, the Emacs package in Nixpkgs by default
+has a dependency on GTK+ 2.  If you want to build it against GTK+ 3,
+you can specify that as follows:
+
+<programlisting>
+environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];
+</programlisting>
+
+The function <varname>override</varname> performs the call to the Nix
+function that produces Emacs, with the original arguments amended by
+the set of arguments specified by you.  So here the function argument
+<varname>gtk</varname> gets the value <literal>pkgs.gtk3</literal>,
+causing Emacs to depend on GTK+ 3.  (The parentheses are necessary
+because in Nix, function application binds more weakly than list
+construction, so without them,
+<literal>environment.systemPackages</literal> would be a list with two
+elements.)</para>
+
+<para>Even greater customisation is possible using the function
+<varname>overrideDerivation</varname>.  While the
+<varname>override</varname> mechanism above overrides the arguments of
+a package function, <varname>overrideDerivation</varname> allows
+changing the <emphasis>result</emphasis> of the function.  This
+permits changing any aspect of the package, such as the source code.
+For instance, if you want to override the source code of Emacs, you
+can say:
+
+<programlisting>
+environment.systemPackages =
+  [ (pkgs.lib.overrideDerivation pkgs.emacs (attrs: {
+      name = "emacs-25.0-pre";
+      src = /path/to/my/emacs/tree;
+    }))
+  ];
+</programlisting>
+
+Here, <varname>overrideDerivation</varname> takes the Nix derivation
+specified by <varname>pkgs.emacs</varname> and produces a new
+derivation in which the original’s <literal>name</literal> and
+<literal>src</literal> attribute have been replaced by the given
+values.  The original attributes are accessible via
+<varname>attrs</varname>.</para>
+
+<para>The overrides shown above are not global.  They do not affect
+the original package; other packages in Nixpkgs continue to depend on
+the original rather than the customised package.  This means that if
+another package in your system depends on the original package, you
+end up with two instances of the package.  If you want to have
+everything depend on your customised instance, you can apply a
+<emphasis>global</emphasis> override as follows:
+
+<screen>
+nixpkgs.config.packageOverrides = pkgs:
+  { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; };
+  };
+</screen>
+
+The effect of this definition is essentially equivalent to modifying
+the <literal>emacs</literal> attribute in the Nixpkgs source tree.
+Any package in Nixpkgs that depends on <literal>emacs</literal> will
+be passed your customised instance.  (However, the value
+<literal>pkgs.emacs</literal> in
+<varname>nixpkgs.config.packageOverrides</varname> refers to the
+original rather than overriden instance, to prevent an infinite
+recursion.)</para>
+
+</section>
+
+<section xml:id="sec-custom-packages"><title>Adding custom packages</title>
+
+<para>It’s possible that a package you need is not available in NixOS.
+In that case, you can do two things.  First, you can clone the Nixpkgs
+repository, add the package to your clone, and (optionally) submit a
+patch or pull request to have it accepted into the main Nixpkgs
+repository.  This is described in detail in the <link
+xlink:href="http://nixos.org/nixpkgs/manual">Nixpkgs manual</link>.
+In short, you clone Nixpkgs:
+
+<screen>
+$ git clone git://github.com/NixOS/nixpkgs.git
+$ cd nixpkgs
+</screen>
+
+Then you write and test the package as described in the Nixpkgs
+manual.  Finally, you add it to
+<literal>environment.systemPackages</literal>, e.g.
+
+<programlisting>
+environment.systemPackages = [ pkgs.my-package ];
+</programlisting>
+
+and you run <command>nixos-rebuild</command>, specifying your own
+Nixpkgs tree:
+
+<screen>
+$ nixos-rebuild switch -I nixpkgs=/path/to/my/nixpkgs</screen>
+
+</para>
+
+<para>The second possibility is to add the package outside of the
+Nixpkgs tree.  For instance, here is how you specify a build of the
+<link xlink:href="http://www.gnu.org/software/hello/">GNU Hello</link>
+package directly in <filename>configuration.nix</filename>:
+
+<programlisting>
+environment.systemPackages =
+  let
+    my-hello = with pkgs; stdenv.mkDerivation rec {
+      name = "hello-2.8";
+      src = fetchurl {
+        url = "mirror://gnu/hello/${name}.tar.gz";
+        sha256 = "0wqd8sjmxfskrflaxywc7gqw7sfawrfvdxd9skxawzfgyy0pzdz6";
+      };
+    };
+  in
+  [ my-hello ];
+</programlisting>
+
+Of course, you can also move the definition of
+<literal>my-hello</literal> into a separate Nix expression, e.g.
+<programlisting>
+environment.systemPackages = [ (import ./my-hello.nix) ];
+</programlisting>
+where <filename>my-hello.nix</filename> contains:
+<programlisting>
+with &lt;nixpkgs> {}; # bring all of Nixpkgs into scope
+
+stdenv.mkDerivation rec {
+  name = "hello-2.8";
+  src = fetchurl {
+    url = "mirror://gnu/hello/${name}.tar.gz";
+    sha256 = "0wqd8sjmxfskrflaxywc7gqw7sfawrfvdxd9skxawzfgyy0pzdz6";
+  };
+}
+</programlisting>
+
+This allows testing the package easily:
+<screen>
+$ nix-build my-hello.nix
+$ ./result/bin/hello
+Hello, world!
+</screen>
+
+</para>
+
+</section>
+
+</section>
+
+
+<section><title>Ad hoc package management</title>
+
+<para>With the command <command>nix-env</command>, you can install and
+uninstall packages from the command line.  For instance, to install
+Mozilla Thunderbird:
+
+<screen>
+$ nix-env -iA nixos.pkgs.thunderbird</screen>
+
+If you invoke this as root, the package is installed in the Nix
+profile <filename>/nix/var/nix/profiles/default</filename> and visible
+to all users of the system; otherwise, the package ends up in
+<filename>/nix/var/nix/profiles/per-user/<replaceable>username</replaceable>/profile</filename>
+and is not visible to other users.  The <option>-A</option> flag
+specifies the package by its attribute name; without it, the package
+is installed by matching against its package name
+(e.g. <literal>thunderbird</literal>).  The latter is slower because
+it requires matching against all available Nix packages, and is
+ambiguous if there are multiple matching packages.</para>
+
+<para>Packages come from the NixOS channel.  You typically upgrade a
+package by updating to the latest version of the NixOS channel:
+<screen>
+$ nix-channel --update nixos
+</screen>
+and then running <literal>nix-env -i</literal> again.  Other packages
+in the profile are <emphasis>not</emphasis> affected; this is the
+crucial difference with the declarative style of package management,
+where running <command>nixos-rebuild switch</command> causes all
+packages to be updated to their current versions in the NixOS channel.
+You can however upgrade all packages for which there is a newer
+version by doing:
+<screen>
+$ nix-env -u '*'
+</screen>
+</para>
+
+<para>A package can be uninstalled using the <option>-e</option>
+flag:
+<screen>
+$ nix-env -e thunderbird
+</screen>
+</para>
+
+<para>Finally, you can roll back an undesirable
+<command>nix-env</command> action:
+<screen>
+$ nix-env --rollback
+</screen>
+</para>
+
+<para><command>nix-env</command> has many more flags.  For details,
+see the
+<citerefentry><refentrytitle>nix-env</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+manpage or the Nix manual.</para>
+
+</section>
+
+
+</section>
+
+
+<!--===============================================================-->
+
+<section xml:id="sec-user-management"><title>User management</title>
+
+<para>NixOS supports both declarative and imperative styles of user
+management.  In the declarative style, users are specified in
+<filename>configuration.nix</filename>.  For instance, the following
+states that a user account named <literal>alice</literal> shall exist:
+
+<programlisting>
+users.extraUsers.alice =
+  { createHome = true;
+    home = "/home/alice";
+    description = "Alice Foobar";
+    extraGroups = [ "wheel" ];
+    isSystemUser = false;
+    useDefaultShell = true;
+    openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];
+  };
+</programlisting>
+
+Note that <literal>alice</literal> is a member of the
+<literal>wheel</literal> group, which allows her to use
+<command>sudo</command> to execute commands as
+<literal>root</literal>.  Also note the SSH public key that allows
+remote logins with the corresponding private key.  Users created in
+this way do not have a password by default, so they cannot log in via
+mechanisms that require a password.  However, you can use the
+<command>passwd</command> program to set a password, which is retained
+across invocations of <command>nixos-rebuild</command>.</para>
+
+<para>A user ID (uid) is assigned automatically.  You can also specify
+a uid manually by adding
+
+<programlisting>
+    uid = 1000;
+</programlisting>
+
+to the user specification.</para>
+
+<para>Groups can be specified similarly.  The following states that a
+group named <literal>students</literal> shall exist:
+
+<programlisting>
+users.extraGroups.students.gid = 1000;
+</programlisting>
+
+As with users, the group ID (gid) is optional and will be assigned
+automatically if it’s missing.</para>
+
+<warning><para>Currently declarative user management is not perfect:
+<command>nixos-rebuild</command> does not know how to realise certain
+configuration changes.  This includes removing a user or group, and
+removing group membership from a user.</para></warning>
+
+<para>In the imperative style, users and groups are managed by
+commands such as <command>useradd</command>,
+<command>groupmod</command> and so on.  For instance, to create a user
+account named <literal>alice</literal>:
+
+<screen>
+$ useradd -m alice</screen>
+
+The flag <option>-m</option> causes the creation of a home directory
+for the new user, which is generally what you want.  The user does not
+have an initial password and therefore cannot log in.  A password can
+be set using the <command>passwd</command> utility:
+
+<screen>
+$ passwd alice
+Enter new UNIX password: ***
+Retype new UNIX password: ***
+</screen>
+
+A user can be deleted using <command>userdel</command>:
+
+<screen>
+$ userdel -r alice</screen>
+
+The flag <option>-r</option> deletes the user’s home directory.
+Accounts can be modified using <command>usermod</command>.  Unix
+groups can be managed using <command>groupadd</command>,
+<command>groupmod</command> and <command>groupdel</command>.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>File systems</title>
+
+<para>You can define file systems using the
+<option>fileSystems</option> configuration option.  For instance, the
+following definition causes NixOS to mount the Ext4 file system on
+device <filename>/dev/disk/by-label/data</filename> onto the mount
+point <filename>/data</filename>:
+
+<programlisting>
+fileSystems."/data" =
+  { device = "/dev/disk/by-label/data";
+    fsType = "ext4";
+  };
+</programlisting>
+
+Mount points are created automatically if they don’t already exist.
+For <option>device</option>, it’s best to use the topology-independent
+device aliases in <filename>/dev/disk/by-label</filename> and
+<filename>/dev/disk/by-uuid</filename>, as these don’t change if the
+topology changes (e.g. if a disk is moved to another IDE
+controller).</para>
+
+<para>You can usually omit the file system type
+(<option>fsType</option>), since <command>mount</command> can usually
+detect the type and load the necessary kernel module automatically.
+However, if the file system is needed at early boot (in the initial
+ramdisk) and is not <literal>ext2</literal>, <literal>ext3</literal>
+or <literal>ext4</literal>, then it’s best to specify
+<option>fsType</option> to ensure that the kernel module is
+available.</para>
+
+<section><title>LUKS-encrypted file systems</title>
+
+<para>NixOS supports file systems that are encrypted using
+<emphasis>LUKS</emphasis> (Linux Unified Key Setup).  For example,
+here is how you create an encrypted Ext4 file system on the device
+<filename>/dev/sda2</filename>:
+
+<screen>
+$ cryptsetup luksFormat /dev/sda2
+
+WARNING!
+========
+This will overwrite data on /dev/sda2 irrevocably.
+
+Are you sure? (Type uppercase yes): YES
+Enter LUKS passphrase: ***
+Verify passphrase: ***
+
+$ cryptsetup luksOpen /dev/sda2 crypted
+Enter passphrase for /dev/sda2: ***
+
+$ mkfs.ext4 /dev/mapper/crypted
+</screen>
+
+To ensure that this file system is automatically mounted at boot time
+as <filename>/</filename>, add the following to
+<filename>configuration.nix</filename>:
+
+<programlisting>
+boot.initrd.luks.devices = [ { device = "/dev/sda2"; name = "crypted"; } ];
+fileSystems."/".device = "/dev/mapper/crypted";
+</programlisting>
+
+</para>
+
+</section>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>X Window System</title>
+
+<para>The X Window System (X11) provides the basis of NixOS’ graphical
+user interface.  It can be enabled as follows:
+<programlisting>
+services.xserver.enable = true;
+</programlisting>
+The X server will automatically detect and use the appropriate video
+driver from a set of X.org drivers (such as <literal>vesa</literal>
+and <literal>intel</literal>).  You can also specify a driver
+manually, e.g.
+<programlisting>
+services.xserver.videoDrivers = [ "r128" ];
+</programlisting>
+to enable X.org’s <literal>xf86-video-r128</literal> driver.</para>
+
+<para>You also need to enable at least one desktop or window manager.
+Otherwise, you can only log into a plain undecorated
+<command>xterm</command> window.  Thus you should pick one or more of
+the following lines:
+<programlisting>
+services.xserver.desktopManager.kde4.enable = true;
+services.xserver.desktopManager.xfce.enable = true;
+services.xserver.windowManager.xmonad.enable = true;
+services.xserver.windowManager.twm.enable = true;
+services.xserver.windowManager.icewm.enable = true;
+</programlisting>
+</para>
+
+<para>NixOS’s default <emphasis>display manager</emphasis> (the
+program that provides a graphical login prompt and manages the X
+server) is SLiM.  You can select KDE’s <command>kdm</command> instead:
+<programlisting>
+services.xserver.displayManager.kdm.enable = true;
+</programlisting>
+</para>
+
+<para>The X server is started automatically at boot time.  If you
+don’t want this to happen, you can set:
+<programlisting>
+services.xserver.autorun = false;
+</programlisting>
+The X server can then be started manually:
+<screen>
+$ systemctl start display-manager.service
+</screen>
+</para>
+
+
+<section><title>NVIDIA graphics cards</title>
+
+<para>NVIDIA provides a proprietary driver for its graphics cards that
+has better 3D performance than the X.org drivers.  It is not enabled
+by default because it’s not free software.  You can enable it as follows:
+<programlisting>
+services.xserver.videoDrivers = [ "nvidia" ];
+</programlisting>
+You may need to reboot after enabling this driver to prevent a clash
+with other kernel modules.</para>
+
+<para>On 64-bit systems, if you want full acceleration for 32-bit
+programs such as Wine, you should also set the following:
+<programlisting>
+service.xserver.driSupport32Bit = true;
+</programlisting>
+</para>
+
+</section>
+
+
+<section><title>Touchpads</title>
+
+<para>Support for Synaptics touchpads (found in many laptops such as
+the Dell Latitude series) can be enabled as follows:
+<programlisting>
+services.xserver.synaptics.enable = true;
+</programlisting>
+The driver has many options (see <xref linkend="ch-options"/>).  For
+instance, the following enables two-finger scrolling:
+<programlisting>
+services.xserver.synaptics.twoFingerScroll = true;
+</programlisting>
+</para>
+
+</section>
+
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Networking</title>
+
+<section><title>Secure shell access</title>
+
+<para>Secure shell (SSH) access to your machine can be enabled by
+setting:
+
+<programlisting>
+services.openssh.enable = true;
+</programlisting>
+
+By default, root logins using a password are disallowed.  They can be
+disabled entirely by setting
+<literal>services.openssh.permitRootLogin</literal> to
+<literal>"no"</literal>.</para>
+
+<para>You can declaratively specify authorised RSA/DSA public keys for
+a user as follows:
+
+<!-- FIXME: this might not work if the user is unmanaged. -->
+<programlisting>
+users.extraUsers.alice.openssh.authorizedKeys.keys =
+  [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];
+</programlisting>
+
+</para>
+
+</section>
+
+
+<section><title>IPv4 configuration</title>
+
+<para>By default, NixOS uses DHCP (specifically,
+<command>dhcpcd</command>) to automatically configure network
+interfaces.  However, you can configure an interface manually as
+follows:
+
+<programlisting>
+networking.interfaces.eth0 = { ipAddress = "192.168.1.2"; prefixLength = 24; };
+</programlisting>
+
+(The network prefix can also be specified using the option
+<literal>subnetMask</literal>,
+e.g. <literal>"255.255.255.0"</literal>, but this is deprecated.)
+Typically you’ll also want to set a default gateway and set of name
+servers:
+
+<programlisting>
+networking.defaultGateway = "192.168.1.1";
+networking.nameservers = [ "8.8.8.8" ];
+</programlisting>
+
+</para>
+
+<note><para>Statically configured interfaces are set up by the systemd
+service
+<replaceable>interface-name</replaceable><literal>-cfg.service</literal>.
+The default gateway and name server configuration is performed by
+<literal>network-setup.service</literal>.</para></note>
+
+<para>The host name is set using <option>networking.hostName</option>:
+
+<programlisting>
+networking.hostName = "cartman";
+</programlisting>
+
+The default host name is <literal>nixos</literal>.  Set it to the
+empty string (<literal>""</literal>) to allow the DHCP server to
+provide the host name.</para>
+
+</section>
+
+
+<section><title>IPv6 configuration</title>
+
+<para>IPv6 is enabled by default.  Stateless address autoconfiguration
+is used to automatically assign IPv6 addresses to all interfaces.  You
+can disable IPv6 support globally by setting:
+
+<programlisting>
+networking.enableIPv6 = false;
+</programlisting>
+
+</para>
+
+</section>
+
+
+<section><title>Firewall</title>
+
+<para>NixOS has a simple stateful firewall that blocks incoming
+connections and other unexpected packets.  The firewall applies to
+both IPv4 and IPv6 traffic.  It can be enabled as follows:
+
+<programlisting>
+networking.firewall.enable = true;
+</programlisting>
+
+You can open specific TCP ports to the outside world:
+
+<programlisting>
+networking.firewall.allowedTCPPorts = [ 80 443 ];
+</programlisting>
+
+Note that TCP port 22 (ssh) is opened automatically if the SSH daemon
+is enabled (<option>services.openssh.enable = true</option>).  UDP
+ports can be opened through
+<option>networking.firewall.allowedUDPPorts</option>.  Also of
+interest is
+
+<programlisting>
+networking.firewall.allowPing = true;
+</programlisting>
+
+to allow the machine to respond to ping requests.  (ICMPv6 pings are
+always allowed.)</para>
+
+</section>
+
+
+<section><title>Wireless networks</title>
+
+<para>
+NixOS will start wpa_supplicant for you if you enable this setting:
+
+<programlisting>
+networking.wireless.enable = true;
+</programlisting>
+
+NixOS currently does not generate wpa_supplicant's
+configuration file, <literal>/etc/wpa_supplicant.conf</literal>. You should edit this file
+yourself to define wireless networks, WPA keys and so on (see
+wpa_supplicant.conf(5)).
+</para>
+
+<para>
+If you are using WPA2 the <command>wpa_passphrase</command> tool might be useful
+to generate the <literal>wpa_supplicant.conf</literal>.
+
+<screen>
+$ wpa_passphrase ESSID PSK > /etc/wpa_supplicant.conf</screen>
+
+After you have edited the <literal>wpa_supplicant.conf</literal>,
+you need to restart the wpa_supplicant service.
+
+<screen>
+$ systemctl restart wpa_supplicant.service</screen>
+</para>
+
+
+</section>
+
+
+<section><title>Ad-hoc configuration</title>
+
+<para>You can use <option>networking.localCommands</option> to specify
+shell commands to be run at the end of
+<literal>network-setup.service</literal>.  This is useful for doing
+network configuration not covered by the existing NixOS modules.  For
+instance, to statically configure an IPv6 address:
+
+<programlisting>
+networking.localCommands =
+  ''
+    ip -6 addr add 2001:610:685:1::1/64 dev eth0
+  '';
+</programlisting>
+
+</para>
+
+</section>
+
+
+<!-- TODO: OpenVPN, NAT -->
+
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Linux kernel</title>
+
+<para>You can override the Linux kernel and associated packages using
+the option <option>boot.kernelPackages</option>.  For instance, this
+selects the Linux 3.10 kernel:
+<programlisting>
+boot.kernelPackages = pkgs.linuxPackages_3_10;
+</programlisting>
+Note that this not only replaces the kernel, but also packages that
+are specific to the kernel version, such as the NVIDIA video drivers.
+This ensures that driver packages are consistent with the
+kernel.</para>
+
+<para>The default Linux kernel configuration should be fine for most
+users.  You can see the configuration of your current kernel in
+<filename>/run/booted-system/kernel-modules/config</filename>.  If you
+want to change the kernel configuration, you can use the
+<option>packageOverrides</option> feature (see <xref
+linkend="sec-customising-packages" />).  For instance, to enable
+support for the kernel debugger KGDB:
+
+<programlisting>
+nixpkgs.config.packageOverrides = pkgs:
+  { linux_3_4 = pkgs.linux_3_4.override {
+      extraConfig =
+        ''
+          KGDB y
+        '';
+    };
+  };
+</programlisting>
+
+<varname>extraConfig</varname> takes a list of Linux kernel
+configuration options, one per line.  The name of the option should
+not include the prefix <literal>CONFIG_</literal>.  The option value
+is typically <literal>y</literal>, <literal>n</literal> or
+<literal>m</literal> (to build something as a kernel module).</para>
+
+<para>Kernel modules for hardware devices are generally loaded
+automatically by <command>udev</command>.  You can force a module to
+be loaded via <option>boot.kernelModules</option>, e.g.
+<programlisting>
+boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];
+</programlisting>
+If the module is required early during the boot (e.g. to mount the
+root file system), you can use
+<option>boot.initrd.extraKernelModules</option>:
+<programlisting>
+boot.initrd.extraKernelModules = [ "cifs" ];
+</programlisting>
+This causes the specified modules and their dependencies to be added
+to the initial ramdark.</para>
+
+<para>Kernel runtime parameters can be set through
+<option>boot.kernel.sysctl</option>, e.g.
+<programlisting>
+boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120;
+</programlisting>
+sets the kernel’s TCP keepalive time to 120 seconds.  To see the
+available parameters, run <command>sysctl -a</command>.</para>
+
+</section>
+
+
+<!-- Apache; libvirtd virtualisation -->
+
+
+</chapter>
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix
new file mode 100644
index 000000000000..db3245fcc07d
--- /dev/null
+++ b/nixos/doc/manual/default.nix
@@ -0,0 +1,118 @@
+{ pkgs, options
+, revision ? "master"
+}:
+
+with pkgs.lib;
+
+let
+
+  # Remove invisible and internal options.
+  options' = filter (opt: opt.visible && !opt.internal) (optionAttrSetToDocList options);
+
+  # Clean up declaration sites to not refer to the NixOS source tree.
+  options'' = flip map options' (opt: opt // {
+    declarations = map (fn: stripPrefix fn) opt.declarations;
+  });
+
+  prefix = toString pkgs.path;
+
+  stripPrefix = fn:
+    if substring 0 (stringLength prefix) fn == prefix then
+      substring (add (stringLength prefix) 1) 1000 fn
+    else
+      fn;
+
+  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
+
+  optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
+    if grep /nixpkgs/nixos/modules ${optionsXML}; then
+      echo "The manual appears to depend on the location of Nixpkgs, which is bad"
+      echo "since this prevents sharing via the NixOS channel.  This is typically"
+      echo "caused by an option default that refers to a relative path (see above"
+      echo "for hints about the offending path)."
+      exit 1
+    fi
+    ${pkgs.libxslt}/bin/xsltproc \
+      --stringparam revision '${revision}' \
+      -o $out ${./options-to-docbook.xsl} ${optionsXML}
+  '';
+
+in rec {
+
+  # Generate the NixOS manual.
+  manual = pkgs.stdenv.mkDerivation {
+    name = "nixos-manual";
+
+    sources = sourceFilesBySuffices ./. [".xml"];
+
+    buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
+
+    xsltFlags = ''
+      --param section.autolabel 1
+      --param section.label.includes.component.label 1
+      --param html.stylesheet 'style.css'
+      --param xref.with.number.and.title 1
+      --param toc.section.depth 3
+      --param admon.style '''
+      --param callout.graphics.extension '.gif'
+    '';
+
+    buildCommand = ''
+      ln -s $sources/*.xml . # */
+      ln -s ${optionsDocBook} options-db.xml
+
+      # Check the validity of the manual sources.
+      xmllint --noout --nonet --xinclude --noxincludenode \
+        --relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
+        manual.xml
+
+      # Generate the HTML manual.
+      dst=$out/share/doc/nixos
+      ensureDir $dst
+      xsltproc $xsltFlags --nonet --xinclude \
+        --output $dst/manual.html \
+        ${pkgs.docbook5_xsl}/xml/xsl/docbook/xhtml/docbook.xsl \
+        ./manual.xml
+
+      mkdir -p $dst/images/callouts
+      cp ${pkgs.docbook5_xsl}/xml/xsl/docbook/images/callouts/*.gif $dst/images/callouts/
+
+      cp ${./style.css} $dst/style.css
+
+      mkdir -p $out/nix-support
+      echo "nix-build out $out" >> $out/nix-support/hydra-build-products
+      echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
+    ''; # */
+
+    meta.description = "The NixOS manual in HTML format";
+  };
+
+  # Generate the NixOS manpages.
+  manpages = pkgs.stdenv.mkDerivation {
+    name = "nixos-manpages";
+
+    sources = sourceFilesBySuffices ./. [".xml"];
+
+    buildInputs = [ pkgs.libxml2 pkgs.libxslt ];
+
+    buildCommand = ''
+      ln -s $sources/*.xml . # */
+      ln -s ${optionsDocBook} options-db.xml
+
+      # Check the validity of the manual sources.
+      xmllint --noout --nonet --xinclude --noxincludenode \
+        --relaxng ${pkgs.docbook5}/xml/rng/docbook/docbook.rng \
+        ./man-pages.xml
+
+      # Generate manpages.
+      mkdir -p $out/share/man
+      xsltproc --nonet --xinclude \
+        --param man.output.in.separate.dir 1 \
+        --param man.output.base.dir "'$out/share/man/'" \
+        --param man.endnotes.are.numbered 0 \
+        ${pkgs.docbook5_xsl}/xml/xsl/docbook/manpages/docbook.xsl \
+        ./man-pages.xml
+    '';
+  };
+
+}
diff --git a/nixos/doc/manual/development.xml b/nixos/doc/manual/development.xml
new file mode 100644
index 000000000000..6bbccac6e5c1
--- /dev/null
+++ b/nixos/doc/manual/development.xml
@@ -0,0 +1,853 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Development</title>
+
+<para>This chapter describes how you can modify and extend
+NixOS.</para>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Getting the sources</title>
+
+<para>By default, NixOS’s <command>nixos-rebuild</command> command
+uses the NixOS and Nixpkgs sources provided by the
+<literal>nixos-unstable</literal> channel (kept in
+<filename>/nix/var/nix/profiles/per-user/root/channels/nixos</filename>).
+To modify NixOS, however, you should check out the latest sources from
+Git.  This is done using the following command:
+
+<screen>
+$ nixos-checkout <replaceable>/my/sources</replaceable>
+</screen>
+
+or
+
+<screen>
+$ mkdir -p <replaceable>/my/sources</replaceable>
+$ cd <replaceable>/my/sources</replaceable>
+$ nix-env -i git
+$ git clone git://github.com/NixOS/nixpkgs.git
+</screen>
+
+This will check out the latest NixOS sources to
+<filename><replaceable>/my/sources</replaceable>/nixpkgs/nixos</filename>
+and the Nixpkgs sources to
+<filename><replaceable>/my/sources</replaceable>/nixpkgs</filename>.
+(The NixOS source tree lives in a subdirectory of the Nixpkgs
+repository.)  If you want to rebuild your system using your (modified)
+sources, you need to tell <command>nixos-rebuild</command> about them
+using the <option>-I</option> flag:
+
+<screen>
+$ nixos-rebuild switch -I nixpkgs=<replaceable>/my/sources</replaceable>/nixpkgs
+</screen>
+
+</para>
+
+<para>If you want <command>nix-env</command> to use the expressions in
+<replaceable>/my/sources</replaceable>, use <command>nix-env -f
+<replaceable>/my/sources</replaceable>/nixpkgs</command>, or change
+the default by adding a symlink in
+<filename>~/.nix-defexpr</filename>:
+
+<screen>
+$ ln -s <replaceable>/my/sources</replaceable>/nixpkgs ~/.nix-defexpr/nixpkgs
+</screen>
+
+You may want to delete the symlink
+<filename>~/.nix-defexpr/channels_root</filename> to prevent root’s
+NixOS channel from clashing with your own tree.</para>
+
+<!-- FIXME: not sure what this means.
+<para>You should not pass the base directory
+<filename><replaceable>/my/sources</replaceable></filename>
+to <command>nix-env</command>, as it will break after interpreting expressions
+in <filename>nixos/</filename> as packages.</para>
+-->
+
+</section>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Writing NixOS modules</title>
+
+<para>NixOS has a modular system for declarative configuration.  This
+system combines multiple <emphasis>modules</emphasis> to produce the
+full system configuration.  One of the modules that constitute the
+configuration is <filename>/etc/nixos/configuration.nix</filename>.
+Most of the others live in the <link
+xlink:href="https://github.com/NixOS/nixpkgs/tree/master/nixos/modules"><filename>nixos/modules</filename></link>
+subdirectory of the Nixpkgs tree.</para>
+
+<para>Each NixOS module is a file that handles one logical aspect of
+the configuration, such as a specific kind of hardware, a service, or
+network settings.  A module configuration does not have to handle
+everything from scratch; it can use the functionality provided by
+other modules for its implementation.  Thus a module can
+<emphasis>declare</emphasis> options that can be used by other
+modules, and conversely can <emphasis>define</emphasis> options
+provided by other modules in its own implementation.  For example, the
+module <link
+xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/pam.nix"><filename>pam.nix</filename></link>
+declares the option <option>security.pam.services</option> that allows
+other modules (e.g. <link
+xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/networking/ssh/sshd.nix"><filename>sshd.nix</filename></link>)
+to define PAM services; and it defines the option
+<option>environment.etc</option> (declared by <link
+xlink:href="https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/etc/etc.nix"><filename>etc.nix</filename></link>)
+to cause files to be created in
+<filename>/etc/pam.d</filename>.</para>
+
+<para xml:id="para-module-syn">In <xref
+linkend="sec-configuration-syntax"/>, we saw the following structure
+of NixOS modules:
+
+<programlisting>
+{ config, pkgs, ... }:
+
+{ <replaceable>option definitions</replaceable>
+}
+</programlisting>
+
+This is actually an <emphasis>abbreviated</emphasis> form of module
+that only defines options, but does not declare any.  The structure of
+full NixOS modules is shown in <xref linkend='ex-module-syntax' />.</para>
+
+<example xml:id='ex-module-syntax'><title>Structure of NixOS modules</title>
+<programlisting>
+{ config, pkgs, ... }: <co xml:id='module-syntax-1' />
+
+{
+  imports =
+    [ <replaceable>paths of other modules</replaceable> <co xml:id='module-syntax-2' />
+    ];
+
+  options = {
+    <replaceable>option declarations</replaceable> <co xml:id='module-syntax-3' />
+  };
+
+  config = {
+    <replaceable>option definitions</replaceable> <co xml:id='module-syntax-4' />
+  };
+}</programlisting>
+</example>
+
+<para>The meaning of each part is as follows.
+
+<calloutlist>
+  <callout arearefs='module-syntax-1'>
+    <para>This line makes the current Nix expression a function.  The
+    variable <varname>pkgs</varname> contains Nixpkgs, while
+    <varname>config</varname> contains the full system configuration.
+    This line can be omitted if there is no reference to
+    <varname>pkgs</varname> and <varname>config</varname> inside the
+    module.</para>
+  </callout>
+
+  <callout arearefs='module-syntax-2'>
+    <para>This list enumerates the paths to other NixOS modules that
+    should be included in the evaluation of the system configuration.
+    A default set of modules is defined in the file
+    <filename>modules/module-list.nix</filename>.  These don't need to
+    be added in the import list.</para>
+  </callout>
+
+  <callout arearefs='module-syntax-3'>
+    <para>The attribute <varname>options</varname> is a nested set of
+    <emphasis>option declarations</emphasis> (described below).</para>
+  </callout>
+
+  <callout arearefs='module-syntax-4'>
+    <para>The attribute <varname>config</varname> is a nested set of
+    <emphasis>option definitions</emphasis> (also described
+    below).</para>
+  </callout>
+</calloutlist>
+
+</para>
+
+<para><xref linkend='locate-example' /> shows a module that handles
+the regular update of the “locate” database, an index of all files in
+the file system.  This module declares two options that can be defined
+by other modules (typically the user’s
+<filename>configuration.nix</filename>):
+<option>services.locate.enable</option> (whether the database should
+be updated) and <option>services.locate.period</option> (when the
+update should be done).  It implements its functionality by defining
+two options declared by other modules:
+<option>systemd.services</option> (the set of all systemd services)
+and <option>services.cron.systemCronJobs</option> (the list of
+commands to be executed periodically by <command>cron</command>).</para>
+
+<example xml:id='locate-example'><title>NixOS module for the “locate” service</title>
+<programlisting>
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let locatedb = "/var/cache/locatedb"; in
+
+{
+  options = {
+
+    services.locate = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          If enabled, NixOS will periodically update the database of
+          files used by the <command>locate</command> command.
+        '';
+      };
+
+      period = mkOption {
+        type = types.str;
+        default = "15 02 * * *";
+        description = ''
+          This option defines (in the format used by cron) when the
+          locate database is updated.  The default is to update at
+          02:15 at night every day.
+        '';
+      };
+
+    };
+
+  };
+
+  config = {
+
+    systemd.services.update-locatedb =
+      { description = "Update Locate Database";
+        path  = [ pkgs.su ];
+        script =
+          ''
+            mkdir -m 0755 -p $(dirname ${locatedb})
+            exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
+          '';
+      };
+
+    services.cron.systemCronJobs = optional config.services.locate.enable
+      "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
+
+  };
+}</programlisting>
+</example>
+
+<section><title>Option declarations</title>
+
+<para>An option declaration specifies the name, type and description
+of a NixOS configuration option.  It is illegal to define an option
+that hasn’t been declared in any module.  A option declaration
+generally looks like this:
+
+<programlisting>
+options = {
+  <replaceable>name</replaceable> = mkOption {
+    type = <replaceable>type specification</replaceable>;
+    default = <replaceable>default value</replaceable>;
+    example = <replaceable>example value</replaceable>;
+    description = "<replaceable>Description for use in the NixOS manual.</replaceable>";
+  };
+};
+</programlisting>
+
+</para>
+
+<para>The function <varname>mkOption</varname> accepts the following arguments.
+
+<variablelist>
+
+  <varlistentry>
+    <term><varname>type</varname></term>
+    <listitem>
+      <para>The type of the option (see below).  It may be omitted,
+      but that’s not advisable since it may lead to errors that are
+      hard to diagnose.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>default</varname></term>
+    <listitem>
+      <para>The default value used if no value is defined by any
+      module.  A default is not required; in that case, if the option
+      value is ever used, an error will be thrown.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>example</varname></term>
+    <listitem>
+      <para>An example value that will be shown in the NixOS manual.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>description</varname></term>
+    <listitem>
+      <para>A textual description of the option, in DocBook format,
+      that will be included in the NixOS manual.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+<para>Here is a non-exhaustive list of option types:
+
+<variablelist>
+
+  <varlistentry>
+    <term><varname>types.bool</varname></term>
+    <listitem>
+      <para>A Boolean.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.int</varname></term>
+    <listitem>
+      <para>An integer.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.str</varname></term>
+    <listitem>
+      <para>A string.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.lines</varname></term>
+    <listitem>
+      <para>A string.  If there are multiple definitions, they are
+      concatenated, with newline characters in between.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.path</varname></term>
+    <listitem>
+      <para>A path, defined as anything that, when coerced to a
+      string, starts with a slash.  This includes derivations.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.listOf</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>A list of elements of type <replaceable>t</replaceable>
+      (e.g., <literal>types.listOf types.str</literal> is a list of
+      strings).  Multiple definitions are concatenated together.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.attrsOf</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>A set of elements of type <replaceable>t</replaceable>
+      (e.g., <literal>types.attrsOf types.int</literal> is a set of
+      name/value pairs, the values being integers).</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>types.nullOr</varname> <replaceable>t</replaceable></term>
+    <listitem>
+      <para>Either the value <literal>null</literal> or something of
+      type <replaceable>t</replaceable>.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+You can also create new types using the function
+<varname>mkOptionType</varname>.  See
+<filename>lib/types.nix</filename> in Nixpkgs for details.</para>
+
+</section>
+
+
+<section><title>Option definitions</title>
+
+<para>Option definitions are generally straight-forward bindings of values to option names, like
+
+<programlisting>
+config = {
+  services.httpd.enable = true;
+};
+</programlisting>
+
+However, sometimes you need to wrap an option definition or set of
+option definitions in a <emphasis>property</emphasis> to achieve
+certain effects:</para>
+
+<simplesect><title>Delaying conditionals</title>
+
+<para>If a set of option definitions is conditional on the value of
+another option, you may need to use <varname>mkIf</varname>.
+Consider, for instance:
+
+<programlisting>
+config = if config.services.httpd.enable then {
+  environment.systemPackages = [ <replaceable>...</replaceable> ];
+  <replaceable>...</replaceable>
+} else {};
+</programlisting>
+
+This definition will cause Nix to fail with an “infinite recursion”
+error.  Why?  Because the value of
+<option>config.services.httpd.enable</option> depends on the value
+being constructed here.  After all, you could also write the clearly
+circular and contradictory:
+<programlisting>
+config = if config.services.httpd.enable then {
+  services.httpd.enable = false;
+} else {
+  services.httpd.enable = true;
+};
+</programlisting>
+
+The solution is to write:
+
+<programlisting>
+config = mkIf config.services.httpd.enable {
+  environment.systemPackages = [ <replaceable>...</replaceable> ];
+  <replaceable>...</replaceable>
+};
+</programlisting>
+
+The special function <varname>mkIf</varname> causes the evaluation of
+the conditional to be “pushed down” into the individual definitions,
+as if you had written:
+
+<programlisting>
+config = {
+  environment.systemPackages = if config.services.httpd.enable then [ <replaceable>...</replaceable> ] else [];
+  <replaceable>...</replaceable>
+};
+</programlisting>
+
+</para>
+
+</simplesect>
+
+<simplesect><title>Setting priorities</title>
+
+<para>A module can override the definitions of an option in other
+modules by setting a <emphasis>priority</emphasis>.  All option
+definitions that do not have the lowest priority value are discarded.
+By default, option definitions have priority 1000.  You can specify an
+explicit priority by using <varname>mkOverride</varname>, e.g.
+
+<programlisting>
+services.openssh.enable = mkOverride 10 false;
+</programlisting>
+
+This definition causes all other definitions with priorities above 10
+to be discarded.  The function <varname>mkForce</varname> is
+equal to <varname>mkOverride 50</varname>.</para>
+
+</simplesect>
+
+<simplesect><title>Merging configurations</title>
+
+<para>In conjunction with <literal>mkIf</literal>, it is sometimes
+useful for a module to return multiple sets of option definitions, to
+be merged together as if they were declared in separate modules.  This
+can be done using <varname>mkMerge</varname>:
+
+<programlisting>
+config = mkMerge
+  [ # Unconditional stuff.
+    { environment.systemPackages = [ <replaceable>...</replaceable> ];
+    }
+    # Conditional stuff.
+    (mkIf config.services.bla.enable {
+      environment.systemPackages = [ <replaceable>...</replaceable> ];
+    })
+  ];
+</programlisting>
+
+</para>
+
+</simplesect>
+
+</section>
+
+
+<section><title>Important options</title>
+
+<para>NixOS has many options, but some are of particular importance to
+module writers.</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>etc.environment</option></term>
+    <listitem>
+      <para>This set defines files in <filename>/etc</filename>.  A
+      typical use is:
+<programlisting>
+environment.etc."os-release".text =
+  ''
+    NAME=NixOS
+    <replaceable>...</replaceable>
+  '';
+</programlisting>
+      which causes a file named <filename>/etc/os-release</filename>
+      to be created with the given contents.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>system.activationScripts</option></term>
+    <listitem>
+      <para>A set of shell script fragments that must be executed
+      whenever the configuration is activated (i.e., at boot time, or
+      after running <command>nixos-rebuild switch</command>).  For instance,
+<programlisting>
+system.activationScripts.media =
+  ''
+    mkdir -m 0755 -p /media
+  '';
+</programlisting>
+      causes the directory <filename>/media</filename> to be created.
+      Activation scripts must be idempotent.  They should not start
+      background processes such as daemons; use
+      <option>systemd.services</option> for that.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>systemd.services</option></term>
+    <listitem>
+      <para>This is the set of systemd services.  Example:
+<programlisting>
+systemd.services.dhcpcd =
+  { description = "DHCP Client";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "systemd-udev-settle.service" ];
+    path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
+    serviceConfig =
+      { Type = "forking";
+        PIDFile = "/run/dhcpcd.pid";
+        ExecStart = "${dhcpcd}/sbin/dhcpcd --config ${dhcpcdConf}";
+        Restart = "always";
+      };
+  };
+</programlisting>
+      which creates the systemd unit
+      <literal>dhcpcd.service</literal>.  The option
+      <option>wantedBy</option> determined which other units pull this
+      one in; <literal>multi-user.target</literal> is the default
+      target of the system, so <literal>dhcpcd.service</literal> will
+      always be started.  The option
+      <option>serviceConfig.ExecStart</option> provides the main
+      command for the service; it’s also possible to provide pre-start
+      actions, stop scripts, and so on.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>users.extraUsers</option></term>
+    <term><option>users.extraGroups</option></term>
+    <listitem>
+      <para>If your service requires special UIDs or GIDs, you can
+      define them with these options.  See <xref
+      linkend="sec-user-management"/> for details.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</section>
+
+
+</section>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Building specific parts of NixOS</title>
+
+<para>With the command <command>nix-build</command>, you can build
+specific parts of your NixOS configuration.  This is done as follows:
+
+<screen>
+$ cd <replaceable>/path/to/nixpkgs/nixos</replaceable>
+$ nix-build -A config.<replaceable>option</replaceable></screen>
+
+where <replaceable>option</replaceable> is a NixOS option with type
+“derivation” (i.e. something that can be built).  Attributes of
+interest include:
+
+<variablelist>
+
+  <varlistentry>
+    <term><varname>system.build.toplevel</varname></term>
+    <listitem>
+      <para>The top-level option that builds the entire NixOS system.
+      Everything else in your configuration is indirectly pulled in by
+      this option.  This is what <command>nixos-rebuild</command>
+      builds and what <filename>/run/current-system</filename> points
+      to afterwards.</para>
+
+      <para>A shortcut to build this is:
+
+<screen>
+$ nix-build -A system</screen>
+      </para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>system.build.manual.manual</varname></term>
+    <listitem><para>The NixOS manual.</para></listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>system.build.etc</varname></term>
+    <listitem><para>A tree of symlinks that form the static parts of
+    <filename>/etc</filename>.</para></listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>system.build.initialRamdisk</varname></term>
+    <term><varname>system.build.kernel</varname></term>
+    <listitem>
+      <para>The initial ramdisk and kernel of the system.  This allows
+      a quick way to test whether the kernel and the initial ramdisk
+      boot correctly, by using QEMU’s <option>-kernel</option> and
+      <option>-initrd</option> options:
+
+<screen>
+$ nix-build -A config.system.build.initialRamdisk -o initrd
+$ nix-build -A config.system.build.kernel -o kernel
+$ qemu-system-x86_64 -kernel ./kernel/bzImage -initrd ./initrd/initrd -hda /dev/null
+</screen>
+
+      </para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>system.build.nixos-rebuild</varname></term>
+    <term><varname>system.build.nixos-install</varname></term>
+    <term><varname>system.build.nixos-generate-config</varname></term>
+    <listitem>
+      <para>These build the corresponding NixOS commands.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Building your own NixOS CD</title>
+
+<para>Building a NixOS CD is as easy as configuring your own computer. The
+idea is to use another module which will replace
+your <filename>configuration.nix</filename> to configure the system that
+would be installed on the CD.</para>
+
+<para>Default CD/DVD configurations are available
+inside <filename>nixos/modules/installer/cd-dvd</filename>.  To build them
+you have to set <envar>NIXOS_CONFIG</envar> before
+running <command>nix-build</command> to build the ISO.
+
+<screen>
+$ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix</screen>
+
+</para>
+
+<para>Before burning your CD/DVD, you can check the content of the image by mounting anywhere like
+suggested by the following command:
+
+<screen>
+$ mount -o loop -t iso9660 ./result/iso/cd.iso /mnt/iso</screen>
+
+</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Testing the installer</title>
+
+<para>Building, burning, and
+booting from an installation CD is rather
+tedious, so here is a quick way to see if the installer works
+properly:
+
+<screen>
+$ nix-build -A config.system.build.nixos-install
+$ dd if=/dev/zero of=diskimage seek=2G count=0 bs=1
+$ yes | mke2fs -j diskimage
+$ mount -o loop diskimage /mnt
+$ ./result/bin/nixos-install</screen>
+
+</para>
+
+</section>
+
+
+
+<!--===============================================================-->
+
+<section><title>Whole-system testing using virtual machines</title>
+
+<para>Complete NixOS GNU/Linux systems can be tested in virtual
+machines (VMs).  This makes it possible to test a system upgrade or
+configuration change before rebooting into it, using the
+<command>nixos-rebuild build-vm</command> or <command>nixos-rebuild
+build-vm-with-bootloader</command> command.</para>
+
+<!-- The following is adapted from
+     http://wiki.nixos.org/wiki/NixOS_VM_tests, by Eelco Dolstra. -->
+<para>The <filename>tests/</filename> directory in the NixOS source
+tree contains several <emphasis>whole-system unit tests</emphasis>.
+These tests can be run<footnote><para>NixOS tests can be run both from
+NixOS and from a non-NixOS GNU/Linux distribution, provided the Nix
+package manager is installed.</para></footnote> from the NixOS source
+tree as follows:
+
+<screen>
+$ nix-build tests/ -A nfs.test
+</screen>
+
+This performs an automated test of the NFS client and server
+functionality in the Linux kernel, including file locking semantics
+(e.g., whether locks are maintained across server crashes).  It will
+first build or download all the dependencies of the test (e.g., all
+packages needed to run a NixOS VM). The test is defined in <link
+xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
+<filename>tests/nfs.nix</filename></link>.  If the test succeeds,
+<command>nix-build</command> will place a symlink
+<filename>./result</filename> in the current directory pointing at the
+location in the Nix store of the test results (e.g., screenshots, test
+reports, and so on).  In particular, a pretty-printed log of the test
+is written to <filename>log.html</filename>, which can be viewed using
+a web browser like this:
+
+<screen>
+$ firefox result/log.html
+</screen>
+</para>
+
+<para>It is also possible to run the test environment interactively,
+allowing you to experiment with the VMs.  For example:
+
+<screen>
+$ nix-build tests/ -A nfs.driver
+$ ./result/bin/nixos-run-vms
+</screen>
+
+The script <command>nixos-run-vms</command> starts the three virtual
+machines defined in the NFS test using QEMU/KVM.  The root file system
+of the VMs is created on the fly and kept across VM restarts in
+<filename>./</filename><varname>hostname</varname><filename>.qcow2</filename>.</para>
+
+<para>Finally, the test itself can be run interactively.  This is
+particularly useful when developing or debugging a test:
+
+<screen>
+$ nix-build tests/ -A nfs.driver
+$ ./result/bin/nixos-test-driver
+starting VDE switch for network 1
+&gt;
+</screen>
+
+Perl statements can now be typed in to start or manipulate the VMs:
+
+<screen>
+&gt; startAll;
+(the VMs start booting)
+&gt; $server-&gt;waitForJob("nfs-kernel-nfsd");
+&gt; $client1-&gt;succeed("flock -x /data/lock -c 'sleep 100000' &amp;");
+&gt; $client2-&gt;fail("flock -n -s /data/lock true");
+&gt; $client1-&gt;shutdown;
+(this releases client1's lock)
+&gt; $client2-&gt;succeed("flock -n -s /data/lock true");
+</screen>
+
+The function <command>testScript</command> executes the entire test
+script and drops you back into the test driver command line upon its
+completion.  This allows you to inspect the state of the VMs after the
+test (e.g. to debug the test script).</para>
+
+<para>This and other tests are continuously run on <link
+xlink:href="http://hydra.nixos.org/jobset/nixos/trunk">the Hydra
+instance at <literal>nixos.org</literal></link>, which allows
+developers to be notified of any regressions introduced by a NixOS or
+Nixpkgs change.</para>
+
+<para>The actual Nix programming interface to VM testing is in NixOS,
+under <link
+xlink:href="https://nixos.org/repos/nix/nixos/trunk/lib/testing.nix">
+<filename>lib/testing.nix</filename></link>.  This file defines a
+function which takes an attribute set containing a
+<literal>nixpkgs</literal> attribute (the path to a Nixpkgs checkout),
+and a <literal>system</literal> attribute (the system type).  It
+returns an attribute set containing several utility functions, among
+which the main entry point is <literal>makeTest</literal>.
+</para>
+
+<para>The <literal>makeTest</literal> function takes a function
+similar to that found in <link
+xlink:href="https://nixos.org/repos/nix/nixos/trunk/tests/nfs.nix">
+<filename>tests/nfs.nix</filename></link> (discussed above).  It
+returns an attribute set containing (among others):
+
+<variablelist>
+
+  <varlistentry>
+    <term><varname>test</varname></term>
+    <listitem><para>A derivation containing the test log as an HTML
+    file, as seen above, suitable for presentation in the Hydra
+    continuous build system.</para></listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>report</varname></term>
+    <listitem><para>A derivation containing a code coverage report, with
+    meta-data suitable for Hydra.</para></listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><varname>driver</varname></term>
+    <listitem><para>A derivation containing scripts to run the VM test or
+    interact with the VM network interactively, as seen above.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+</section>
+
+
+</chapter>
diff --git a/nixos/doc/manual/installation.xml b/nixos/doc/manual/installation.xml
new file mode 100644
index 000000000000..88ef589dd06a
--- /dev/null
+++ b/nixos/doc/manual/installation.xml
@@ -0,0 +1,469 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Installing NixOS</title>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Obtaining NixOS</title>
+
+<para>NixOS ISO images can be downloaded from the <link
+xlink:href="http://nixos.org/nixos/download.html">NixOS
+homepage</link>.  These can be burned onto a CD.  It is also possible
+to copy them onto a USB stick and install NixOS from there.  For
+details, see the <link
+xlink:href="https://nixos.org/wiki/Installing_NixOS_from_a_USB_stick">NixOS
+Wiki</link>.</para>
+
+<para>As an alternative to installing NixOS yourself, you can get a
+running NixOS system through several other means:
+
+<itemizedlist>
+  <listitem>
+    <para>Using virtual appliances in Open Virtualization Format (OVF)
+    that can be imported into VirtualBox.  These are available from
+    the <link xlink:href="http://nixos.org/nixos/download.html">NixOS
+    homepage</link>.</para>
+  </listitem>
+  <listitem>
+    <para>Using AMIs for Amazon’s EC2.  To find one for your region
+    and instance type, please refer to the <link
+    xlink:href="https://github.com/NixOS/nixops/blob/master/nix/ec2-amis.nix">list
+    of most recent AMIs</link>.</para>
+  </listitem>
+  <listitem>
+    <para>Using NixOps, the NixOS-based cloud deployment tool, which
+    allows you to provision VirtualBox and EC2 NixOS instances from
+    declarative specifications.  Check out the <link
+    xlink:href="https://github.com/NixOS/nixops">NixOps
+    homepage</link> for details.</para>
+  </listitem>
+</itemizedlist>
+
+</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section>
+
+<title>Installation</title>
+
+<orderedlist>
+
+  <listitem><para>Boot from the CD.</para></listitem>
+
+  <listitem><para>The CD contains a basic NixOS installation.  (It
+  also contains Memtest86+, useful if you want to test new hardware.)
+  When it’s finished booting, it should have detected most of your
+  hardware and brought up networking (check
+  <command>ifconfig</command>).  Networking is necessary for the
+  installer, since it will download lots of stuff (such as source
+  tarballs or Nixpkgs channel binaries).  It’s best if you have a DHCP
+  server on your network.  Otherwise configure networking manually
+  using <command>ifconfig</command>.</para></listitem>
+
+  <listitem><para>The NixOS manual is available on virtual console 8
+  (press Alt+F8 to access).</para></listitem>
+
+  <listitem><para>Login as <literal>root</literal> and the empty
+  password.</para></listitem>
+
+  <listitem><para>If you downloaded the graphical ISO image, you can
+  run <command>start display-manager</command> to start KDE.</para></listitem>
+
+  <listitem><para>The NixOS installer doesn’t do any partitioning or
+  formatting yet, so you need to that yourself.  Use the following
+  commands:
+
+  <itemizedlist>
+
+    <listitem><para>For partitioning:
+    <command>fdisk</command>.</para></listitem>
+
+    <listitem><para>For initialising Ext4 partitions:
+    <command>mkfs.ext4</command>.  It is recommended that you assign a
+    unique symbolic label to the file system using the option
+    <option>-L <replaceable>label</replaceable></option>, since this
+    makes the file system configuration independent from device
+    changes.  For example:
+
+<screen>
+$ mkfs.ext4 -L nixos /dev/sda1</screen>
+
+    </para></listitem>
+
+    <listitem><para>For creating swap partitions:
+    <command>mkswap</command>.  Again it’s recommended to assign a
+    label to the swap partition: <option>-L
+    <replaceable>label</replaceable></option>.</para></listitem>
+
+    <listitem><para>For creating LVM volumes, the LVM commands, e.g.,
+
+<screen>
+$ pvcreate /dev/sda1 /dev/sdb1
+$ vgcreate MyVolGroup /dev/sda1 /dev/sdb1
+$ lvcreate --size 2G --name bigdisk MyVolGroup
+$ lvcreate --size 1G --name smalldisk MyVolGroup</screen>
+
+    </para></listitem>
+
+    <listitem><para>For creating software RAID devices, use
+    <command>mdadm</command>.</para></listitem>
+
+  </itemizedlist>
+
+  </para></listitem>
+
+  <listitem><para>Mount the target file system on which NixOS should
+  be installed on <filename>/mnt</filename>, e.g.
+
+<screen>
+$ mount /dev/disk/by-label/nixos /mnt
+</screen>
+
+  </para></listitem>
+
+  <listitem><para>If your machine has a limited amount of memory, you
+  may want to activate swap devices now (<command>swapon
+  <replaceable>device</replaceable></command>).  The installer (or
+  rather, the build actions that it may spawn) may need quite a bit of
+  RAM, depending on your configuration.</para></listitem>
+
+  <listitem>
+
+    <para>You now need to create a file
+    <filename>/mnt/etc/nixos/configuration.nix</filename> that
+    specifies the intended configuration of the system.  This is
+    because NixOS has a <emphasis>declarative</emphasis> configuration
+    model: you create or edit a description of the desired
+    configuration of your system, and then NixOS takes care of making
+    it happen.  The syntax of the NixOS configuration file is
+    described in <xref linkend="sec-configuration-syntax"/>, while a
+    list of available configuration options appears in <xref
+    linkend="ch-options"/>.  A minimal example is shown in <xref
+    linkend="ex-config"/>.</para>
+
+    <para>The command <command>nixos-generate-config</command> can
+    generate an initial configuration file for you:
+
+<screen>
+$ nixos-generate-config --root /mnt</screen>
+
+    You should then edit
+    <filename>/mnt/etc/nixos/configuration.nix</filename> to suit your
+    needs:
+
+<screen>
+$ nano /mnt/etc/nixos/configuration.nix
+</screen>
+
+    The <command>vim</command> text editor is also available.</para>
+
+    <para>You <emphasis>must</emphasis> set the option
+    <option>boot.loader.grub.device</option> to specify on which disk
+    the GRUB boot loader is to be installed.  Without it, NixOS cannot
+    boot.</para>
+
+    <para>Another critical option is <option>fileSystems</option>,
+    specifying the file systems that need to be mounted by NixOS.
+    However, you typically don’t need to set it yourself, because
+    <command>nixos-generate-config</command> sets it automatically in
+    <filename>/mnt/etc/nixos/hardware-configuration.nix</filename>
+    from your currently mounted file systems.  (The configuration file
+    <filename>hardware-configuration.nix</filename> is included from
+    <filename>configuration.nix</filename> and will be overwritten by
+    future invocations of <command>nixos-generate-config</command>;
+    thus, you generally should not modify it.)</para>
+
+    <note><para>Depending on your hardware configuration or type of
+    file system, you may need to set the option
+    <option>boot.initrd.kernelModules</option> to include the kernel
+    modules that are necessary for mounting the root file system,
+    otherwise the installed system will not be able to boot.  (If this
+    happens, boot from the CD again, mount the target file system on
+    <filename>/mnt</filename>, fix
+    <filename>/mnt/etc/nixos/configuration.nix</filename> and rerun
+    <filename>nixos-install</filename>.)  In most cases,
+    <command>nixos-generate-config</command> will figure out the
+    required modules.</para></note>
+
+    <para>Examples of real-world NixOS configuration files can be
+    found at <link
+    xlink:href="https://nixos.org/repos/nix/configurations/trunk/"/>.</para>
+
+  </listitem>
+
+  <listitem><para>Do the installation:
+
+<screen>
+$ nixos-install</screen>
+
+    Cross fingers.  If this fails due to a temporary problem (such as
+    a network issue while downloading binaries from the NixOS binary
+    cache), you can just re-run <command>nixos-install</command>.
+    Otherwise, fix your <filename>configuration.nix</filename> and
+    then re-run <command>nixos-install</command>.</para></listitem>
+
+  <listitem><para>If everything went well:
+
+<screen>
+$ reboot</screen>
+
+  </para></listitem>
+
+  <listitem>
+
+    <para>You should now be able to boot into the installed NixOS.
+    The GRUB boot menu shows a list of <emphasis>available
+    configurations</emphasis> (initially just one).  Every time you
+    change the NixOS configuration (see <xref
+    linkend="sec-changing-config" />), a new item appears in the menu.
+    This allows you to easily roll back to another configuration if
+    something goes wrong.</para>
+
+    <para>You should log in and change the <literal>root</literal>
+    password with <command>passwd</command>.</para>
+
+    <para>You’ll probably want to create some user accounts as well,
+    which can be done with <command>useradd</command>:
+
+<screen>
+$ useradd -c 'Eelco Dolstra' -m eelco
+$ passwd eelco</screen>
+
+    </para>
+
+    <para>You may also want to install some software.  For instance,
+
+<screen>
+$ nix-env -qa \*</screen>
+
+    shows what packages are available, and
+
+<screen>
+$ nix-env -i w3m</screen>
+
+    install the <literal>w3m</literal> browser.</para>
+
+  </listitem>
+
+</orderedlist>
+
+<para>To summarise, <xref linkend="ex-install-sequence" /> shows a
+typical sequence of commands for installing NixOS on an empty hard
+drive (here <filename>/dev/sda</filename>).  <xref linkend="ex-config"
+/> shows a corresponding configuration Nix expression.</para>
+
+<example xml:id='ex-install-sequence'><title>Commands for installing NixOS on <filename>/dev/sda</filename></title>
+<screen>
+$ fdisk /dev/sda # <lineannotation>(or whatever device you want to install on)</lineannotation>
+$ mkfs.ext4 -L nixos /dev/sda1
+$ mkswap -L swap /dev/sda2
+$ swapon /dev/sda2
+$ mount /dev/disk/by-label/nixos /mnt
+$ nixos-generate-config --root /mnt
+$ nano /mnt/etc/nixos/configuration.nix
+$ nixos-install
+$ reboot</screen>
+</example>
+
+<example xml:id='ex-config'><title>NixOS configuration</title>
+<screen>
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  boot.loader.grub.device = "/dev/sda";
+
+  # Note: setting fileSystems is generally not
+  # necessary, since nixos-generate-config figures them out
+  # automatically in hardware-configuration.nix.
+  #fileSystems."/".device = "/dev/disk/by-label/nixos";
+
+  # Enable the OpenSSH server.
+  services.sshd.enable = true;
+}</screen>
+</example>
+
+</section>
+
+
+
+<!--===============================================================-->
+
+<section xml:id="sec-changing-config">
+
+<title>Changing the configuration</title>
+
+<para>The file <filename>/etc/nixos/configuration.nix</filename>
+contains the current configuration of your machine.  Whenever you’ve
+changed something to that file, you should do
+
+<screen>
+$ nixos-rebuild switch</screen>
+
+to build the new configuration, make it the default configuration for
+booting, and try to realise the configuration in the running system
+(e.g., by restarting system services).</para>
+
+<warning><para>These commands must be executed as root, so you should
+either run them from a root shell or by prefixing them with
+<literal>sudo -i</literal>.</para></warning>
+
+<para>You can also do
+
+<screen>
+$ nixos-rebuild test</screen>
+
+to build the configuration and switch the running system to it, but
+without making it the boot default.  So if (say) the configuration
+locks up your machine, you can just reboot to get back to a working
+configuration.</para>
+
+<para>There is also
+
+<screen>
+$ nixos-rebuild boot</screen>
+
+to build the configuration and make it the boot default, but not
+switch to it now (so it will only take effect after the next
+reboot).</para>
+
+<para>You can make your configuration show up in a different submenu
+of the GRUB 2 boot screen by giving it a different <emphasis>profile
+name</emphasis>, e.g.
+
+<screen>
+$ nixos-rebuild switch -p test </screen>
+
+which causes the new configuration (and previous ones created using
+<literal>-p test</literal>) to show up in the GRUB submenu “NixOS -
+Profile 'test'”.  This can be useful to separate test configurations
+from “stable” configurations.</para>
+
+<para>Finally, you can do
+
+<screen>
+$ nixos-rebuild build</screen>
+
+to build the configuration but nothing more.  This is useful to see
+whether everything compiles cleanly.</para>
+
+<para>If you have a machine that supports hardware virtualisation, you
+can also test the new configuration in a sandbox by building and
+running a QEMU <emphasis>virtual machine</emphasis> that contains the
+desired configuration.  Just do
+
+<screen>
+$ nixos-rebuild build-vm
+$ ./result/bin/run-*-vm
+</screen>
+
+The VM does not have use any data from your host system, so your
+existing user accounts and home directories will not be
+available.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section xml:id="sec-upgrading">
+
+<title>Upgrading NixOS</title>
+
+<para>The best way to keep your NixOS installation up to date is to
+use one of the NixOS <emphasis>channels</emphasis>.  A channel is a
+Nix mechanism for distributing Nix expressions and associated
+binaries.  The NixOS channels are updated automatically from NixOS’s
+Git repository after certain tests have passed and all packages have
+been built.  These channels are:
+
+<itemizedlist>
+  <listitem>
+    <para>Stable channels, such as <literal
+    xlink:href="http://nixos.org/channels/nixos-13.10">nixos-13.10</literal>.
+    These only get conservative bug fixes and package upgrades.  For
+    instance, a channel update may cause the Linux kernel on your
+    system to be upgraded from 3.4.66 to 3.4.67 (a minor bug fix), but
+    not from 3.4.<replaceable>x</replaceable> to
+    3.11.<replaceable>x</replaceable> (a major change that has the
+    potential to break things).  Stable channels are generally
+    maintained until the next stable branch is created.</para>
+  </listitem>
+  <listitem>
+    <para>The unstable channel, <literal
+    xlink:href="http://nixos.org/channels/nixos-unstable">nixos-unstable</literal>.
+    This corresponds to NixOS’s main development branch, and may thus
+    see radical changes between channel updates.  It’s not recommended
+    for production systems.</para>
+  </listitem>
+</itemizedlist>
+
+To see what channels are available, go to <link
+xlink:href="http://nixos.org/channels"/>.  (Note that the URIs of the
+various channels redirect to a directory that contains the channel’s
+latest version and includes ISO images and VirtualBox
+appliances.)</para>
+
+<para>When you first install NixOS, you’re automatically subscribed to
+the NixOS channel that corresponds to your installation source.   For
+instance, if you installed from a 13.10 ISO, you will be subscribed to
+the <literal>nixos-13.10</literal> channel.  To see which NixOS
+channel you’re subscribed to, run the following as root:
+
+<screen>
+$ nix-channel --list | grep nixos
+nixos https://nixos.org/channels/nixos-unstable
+</screen>
+
+To switch to a different NixOS channel, do
+
+<screen>
+$ nix-channel --add http://nixos.org/channels/<replaceable>channel-name</replaceable> nixos
+</screen>
+
+(Be sure to include the <literal>nixos</literal> parameter at the
+end.)  For instance, to use the NixOS 13.10 stable channel:
+
+<screen>
+$ nix-channel --add http://nixos.org/channels/nixos-13.10 nixos
+</screen>
+
+But it you want to live on the bleeding edge:
+
+<screen>
+$ nix-channel --add http://nixos.org/channels/nixos-unstable nixos
+</screen>
+
+</para>
+
+<para>You can then upgrade NixOS to the latest version in your chosen
+channel by running
+
+<screen>
+$ nixos-rebuild switch --upgrade
+</screen>
+
+which is equivalent to the more verbose <literal>nix-channel --update
+nixos; nixos-rebuild switch</literal>.</para>
+
+<warning><para>It is generally safe to switch back and forth between
+channels.  The only exception is that a newer NixOS may also have a
+newer Nix version, which may involve an upgrade of Nix’s database
+schema.  This cannot be undone easily, so in that case you will not be
+able to go back to your original channel.</para></warning>
+
+</section>
+
+</chapter>
diff --git a/nixos/doc/manual/man-configuration.xml b/nixos/doc/manual/man-configuration.xml
new file mode 100644
index 000000000000..d49369d2c584
--- /dev/null
+++ b/nixos/doc/manual/man-configuration.xml
@@ -0,0 +1,38 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle><filename>configuration.nix</filename></refentrytitle>
+  <manvolnum>5</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><filename>configuration.nix</filename></refname>
+  <refpurpose>NixOS system configuration specification</refpurpose>
+</refnamediv>
+
+
+<refsection><title>Description</title>
+
+<para>The file <filename>/etc/nixos/configuration.nix</filename>
+contains the declarative specification of your NixOS system
+configuration.  The command <command>nixos-rebuild</command> takes
+this file and realises the system configuration specified
+therein.</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>You can use the following options in
+<filename>configuration.nix</filename>.</para>
+
+<xi:include href="options-db.xml" />
+
+</refsection>
+  
+</refentry>
diff --git a/nixos/doc/manual/man-nixos-build-vms.xml b/nixos/doc/manual/man-nixos-build-vms.xml
new file mode 100644
index 000000000000..f37677629d0c
--- /dev/null
+++ b/nixos/doc/manual/man-nixos-build-vms.xml
@@ -0,0 +1,110 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle><command>nixos-build-vms</command></refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><command>nixos-build-vms</command></refname>
+  <refpurpose>build a network of virtual machines from a network of NixOS configurations</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nixos-build-vms</command>
+    <arg><option>--show-trace</option></arg>
+    <arg><option>--no-out-link</option></arg>
+    <arg><option>--help</option></arg>
+    <arg choice="plain"><replaceable>network.nix</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+<refsection><title>Description</title>
+
+<para>This command builds a network of QEMU-KVM virtual machines of a Nix expression
+specifying a network of NixOS machines. The virtual network can be started by
+executing the <filename>bin/run-vms</filename> shell script that is generated by
+this command. By default, a <filename>result</filename> symlink is produced that
+points to the generated virtual network.
+</para>
+
+<para>A network Nix expression has the following structure:
+
+<screen>
+{
+  test1 = {pkgs, config, ...}:
+    {
+      services.openssh.enable = true;
+      nixpkgs.system = "i686-linux";
+      deployment.targetHost = "test1.example.net";
+      
+      # Other NixOS options
+    };
+    
+  test2 = {pkgs, config, ...}:
+    {
+      services.openssh.enable = true;
+      services.httpd.enable = true;
+      environment.systemPackages = [ pkgs.lynx ];
+      nixpkgs.system = "x86_64-linux";
+      deployment.targetHost = "test2.example.net";
+      
+      # Other NixOS options
+    };
+}
+</screen>
+
+Each attribute in the expression represents a machine in the network
+(e.g. <varname>test1</varname> and <varname>test2</varname>)
+referring to a function defining a NixOS configuration.
+In each NixOS configuration, two attributes have a special meaning.
+The <varname>deployment.targetHost</varname> specifies the address
+(domain name or IP address)
+of the system which is used by <command>ssh</command> to perform
+remote deployment operations. The <varname>nixpkgs.system</varname>
+attribute can be used to specify an architecture for the target machine,
+such as <varname>i686-linux</varname> which builds a 32-bit NixOS
+configuration. Omitting this property will build the configuration
+for the same architecture as the host system.
+</para>
+
+</refsection>
+
+<refsection><title>Options</title>
+
+<para>This command accepts the following options:</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--show-trace</option></term>
+    <listitem>
+      <para>Shows a trace of the output.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--no-out-link</option></term>
+    <listitem>
+      <para>Do not create a 'result' symlink.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>-h</option>, <option>--help</option></term>
+    <listitem>
+      <para>Shows the usage of this command to the user.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+</refentry>
diff --git a/nixos/doc/manual/man-nixos-generate-config.xml b/nixos/doc/manual/man-nixos-generate-config.xml
new file mode 100644
index 000000000000..e4fba4a40a97
--- /dev/null
+++ b/nixos/doc/manual/man-nixos-generate-config.xml
@@ -0,0 +1,208 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle><command>nixos-generate-config</command></refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><command>nixos-generate-config</command></refname>
+  <refpurpose>generate NixOS configuration modules</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nixos-generate-config</command>
+    <arg><option>--force</option></arg>
+    <arg>
+      <arg choice='plain'><option>--root</option></arg>
+      <replaceable>root</replaceable>
+    </arg>
+    <arg>
+      <arg choice='plain'><option>--dir</option></arg>
+      <replaceable>dir</replaceable>
+    </arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>This command writes two NixOS configuration modules:
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>/etc/nixos/hardware-configuration.nix</option></term>
+    <listitem>
+      <para>This module sets NixOS configuration options based on your
+      current hardware configuration.  In particular, it sets the
+      <option>fileSystem</option> option to reflect all currently
+      mounted file systems, the <option>swapDevices</option> option to
+      reflect active swap devices, and the
+      <option>boot.initrd.*</option> options to ensure that the
+      initial ramdisk contains any kernel modules necessary for
+      mounting the root file system.</para>
+
+      <para>If this file already exists, it is overwritten.  Thus, you
+      should not modify it manually.  Rather, you should include it
+      from your <filename>/etc/nixos/configuration.nix</filename>, and
+      re-run <command>nixos-generate-config</command> to update it
+      whenever your hardware configuration changes.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>/etc/nixos/configuration.nix</option></term>
+    <listitem>
+      <para>This is the main NixOS system configuration module.  If it
+      already exists, it’s left unchanged.  Otherwise,
+      <command>nixos-generate-config</command> will write a template
+      for you to customise.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>This command accepts the following options:</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--root</option></term>
+    <listitem>
+      <para>If this option is given, treat the directory
+      <replaceable>root</replaceable> as the root of the file system.
+      This means that configuration files will be written to
+      <filename><replaceable>root</replaceable>/etc/nixos</filename>,
+      and that any file systems outside of
+      <replaceable>root</replaceable> are ignored for the purpose of
+      generating the <option>fileSystems</option> option.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--dir</option></term>
+    <listitem>
+      <para>If this option is given, write the configuration files to
+      the directory <replaceable>dir</replaceable> instead of
+      <filename>/etc/nixos</filename>.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--force</option></term>
+    <listitem>
+      <para>Overwrite
+      <filename>/etc/nixos/configuration.nix</filename> if it already
+      exists.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--no-filesystems</option></term>
+    <listitem>
+      <para>Omit everything concerning file system information
+      (which includes swap devices) from the hardware configuration.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--show-hardware-config</option></term>
+    <listitem>
+      <para>Don't generate <filename>configuration.nix</filename> or
+      <filename>hardware-configuration.nix</filename> and print the
+      hardware configuration to stdout only.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>This command is typically used during NixOS installation to
+write initial configuration modules.  For example, if you created and
+mounted the target file systems on <filename>/mnt</filename> and
+<filename>/mnt/boot</filename>, you would run:
+
+<screen>
+$ nixos-generate-config --root /mnt
+</screen>
+
+The resulting file
+<filename>/mnt/etc/nixos/hardware-configuration.nix</filename> might
+look like this:
+
+<programlisting>
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ &lt;nixos/modules/installer/scan/not-detected.nix>
+    ];
+
+  boot.initrd.availableKernelModules = [ "ehci_hcd" "ahci" ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-label/nixos";
+      fsType = "ext3";
+      options = "rw,data=ordered,relatime";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/sda1";
+      fsType = "ext3";
+      options = "rw,errors=continue,user_xattr,acl,barrier=1,data=writeback,relatime";
+    };
+
+  swapDevices =
+    [ { device = "/dev/sda2"; }
+    ];
+
+  nix.maxJobs = 8;
+}
+</programlisting>
+
+It will also create a basic
+<filename>/mnt/etc/nixos/configuration.nix</filename>, which you
+should edit to customise the logical configuration of your system.
+This file includes the result of the hardware scan as follows:
+
+<programlisting>
+  imports = [ ./hardware-configuration.nix ];
+</programlisting>
+</para>
+
+<para>After installation, if your hardware configuration changes, you
+can run:
+
+<screen>
+$ nixos-generate-config
+</screen>
+
+to update <filename>/etc/nixos/hardware-configuration.nix</filename>.
+Your <filename>/etc/nixos/configuration.nix</filename> will
+<emphasis>not</emphasis> be overwritten.</para>
+
+</refsection>
+
+</refentry>
diff --git a/nixos/doc/manual/man-nixos-install.xml b/nixos/doc/manual/man-nixos-install.xml
new file mode 100644
index 000000000000..d5157859857b
--- /dev/null
+++ b/nixos/doc/manual/man-nixos-install.xml
@@ -0,0 +1,78 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+
+<refmeta>
+  <refentrytitle><command>nixos-install</command></refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><command>nixos-install</command></refname>
+  <refpurpose>install NixOS</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nixos-install</command>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>This command installs NixOS in the file system mounted on
+<filename>/mnt</filename>, based on the NixOS configuration specified
+in <filename>/mnt/etc/nixos/configuration.nix</filename>.  It performs
+the following steps:
+
+<itemizedlist>
+
+  <listitem><para>It copies Nix and its dependencies to
+  <filename>/mnt/nix/store</filename>.</para></listitem>
+
+  <listitem><para>It runs Nix in <filename>/mnt</filename> to build
+  the NixOS configuration specified in
+  <filename>/mnt/etc/nixos/configuration.nix</filename>.</para></listitem>
+
+  <listitem><para>It installs the GRUB boot loader on the device
+  specified in the option <option>boot.loader.grub.device</option>,
+  and generates a GRUB configuration file that boots into the NixOS
+  configuration just installed.</para></listitem>
+
+</itemizedlist>
+
+</para>
+
+<para>This command is idempotent: if it is interrupted or fails due to
+a temporary problem (e.g. a network issue), you can safely re-run
+it.</para>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>A typical NixOS installation is done by creating and mounting a
+file system on <filename>/mnt</filename>, generating a NixOS
+configuration in
+<filename>/mnt/etc/nixos/configuration.nix</filename>, and running
+<command>nixos-install</command>.  For instance, if we want to install
+NixOS on an <literal>ext4</literal> file system created in
+<filename>/dev/sda1</filename>:
+
+<screen>
+$ mkfs.ext4 /dev/sda1
+$ mount /dev/sda1 /mnt
+$ nixos-generate-config --root /mnt
+$ # edit /mnt/etc/nixos/configuration.nix
+$ nixos-install
+</screen>
+
+</para>
+
+</refsection>
+
+</refentry>
diff --git a/nixos/doc/manual/man-nixos-option.xml b/nixos/doc/manual/man-nixos-option.xml
new file mode 100644
index 000000000000..7952847d4db5
--- /dev/null
+++ b/nixos/doc/manual/man-nixos-option.xml
@@ -0,0 +1,138 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle><command>nixos-option</command></refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><command>nixos-option</command></refname>
+  <refpurpose>inspect a NixOS configuration</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nixos-option</command>
+    <group choice="opt">
+      <option>-v</option>
+      <option>-d</option>
+      <option>-l</option>
+    </group>
+    <arg choice='plain'><replaceable>option.name</replaceable></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>This command evaluates the configuration specified in
+<filename>/etc/nixos/configuration.nix</filename> and returns the properties
+of the option name given as argument.  By default, it returns the value of
+the option.</para>
+
+<para>When the option name is not an option, the command prints the list of
+attributes contained in the attribute set.</para>
+
+</refsection>
+
+<refsection><title>Options</title>
+
+<para>This command accepts the following options:</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--value</option>, <option>-v</option></term>
+    <listitem>
+      <para>Returns the value of the option.  This is the default operation
+      if no other options are defined.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--description</option>, <option>-d</option></term>
+    <listitem>
+      <para>Return the default value, the example and the description of the
+      option when available.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--lookup</option>, <option>-l</option></term>
+    <listitem>
+      <para>Return the locations where the option is declared and where it
+      is defined.  This is extremely useful to find sources of errors in
+      your configuration.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Environment</title>
+
+<variablelist>
+
+  <varlistentry>
+    <term><envar>NIXOS_CONFIG</envar></term>
+    <listitem>
+      <para>Path to the main NixOS configuration module.  Defaults to
+      <filename>/etc/nixos/configuration.nix</filename>.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Examples</title>
+
+<para>Investigate option values:
+
+<screen>$ nixos-option boot.loader
+This attribute set contains:
+generationsDir
+grub
+initScript
+
+$ nixos-option boot.loader.grub.enable
+true</screen></para>
+
+<para>Prints option information:
+
+<screen>$ nixos-option -d networking.hostName
+Default: "nixos"
+Description:
+The name of the machine. Leave it empty if you want to obtain
+it from a DHCP server (if using DHCP).</screen></para>
+
+<para>Find the locations which are declaring and defining an option:
+
+<screen>$ nixos-option -l hardware.firmware
+Declared by:
+  /mnt/data/nix-sources/nixos/modules/services/hardware/udev.nix
+
+Defined by:
+  /path/to/nixpkgs/nixos/modules/system/boot/kernel.nix
+  /path/to/nixpkgs/nixos/modules/hardware/network/rt73.nix
+  /path/to/nixpkgs/nixos/modules/hardware/network/intel-3945abg.nix
+  /path/to/nixpkgs/nixos/modules/hardware/network/intel-2200bg.nix</screen></para>
+
+</refsection>
+
+<refsection><title>Bugs</title>
+
+<para>The author listed in the following section is wrong.  If there is any
+  other bug, please report to Nicolas Pierron.</para>
+
+</refsection>
+
+
+</refentry>
diff --git a/nixos/doc/manual/man-nixos-rebuild.xml b/nixos/doc/manual/man-nixos-rebuild.xml
new file mode 100644
index 000000000000..afc159dbd5d7
--- /dev/null
+++ b/nixos/doc/manual/man-nixos-rebuild.xml
@@ -0,0 +1,335 @@
+<refentry xmlns="http://docbook.org/ns/docbook"
+          xmlns:xlink="http://www.w3.org/1999/xlink"
+          xmlns:xi="http://www.w3.org/2001/XInclude">
+  
+<refmeta>
+  <refentrytitle><command>nixos-rebuild</command></refentrytitle>
+  <manvolnum>8</manvolnum>
+  <refmiscinfo class="source">NixOS</refmiscinfo>
+  <!-- <refmiscinfo class="version"><xi:include href="version.txt" parse="text"/></refmiscinfo> -->
+</refmeta>
+
+<refnamediv>
+  <refname><command>nixos-rebuild</command></refname>
+  <refpurpose>reconfigure a NixOS machine</refpurpose>
+</refnamediv>
+
+<refsynopsisdiv>
+  <cmdsynopsis>
+    <command>nixos-rebuild</command>
+    <group choice='req'>
+      <arg choice='plain'><option>switch</option></arg>
+      <arg choice='plain'><option>boot</option></arg>
+      <arg choice='plain'><option>test</option></arg>
+      <arg choice='plain'><option>build</option></arg>
+      <arg choice='plain'><option>dry-run</option></arg>
+      <arg choice='plain'><option>build-vm</option></arg>
+      <arg choice='plain'><option>build-vm-with-bootloader</option></arg>
+    </group>
+    <sbr />
+    <arg><option>--upgrade</option></arg>
+    <arg><option>--install-grub</option></arg>
+    <arg><option>--no-build-nix</option></arg>
+    <arg><option>--fast</option></arg>
+    <arg><option>--rollback</option></arg>
+    <sbr />
+    <arg>
+      <group choice='req'>
+        <arg choice='plain'><option>--profile-name</option></arg>
+        <arg choice='plain'><option>-p</option></arg>
+      </group>
+      <replaceable>name</replaceable>
+    </arg>
+    <sbr />
+    <arg><option>--show-trace</option></arg>
+  </cmdsynopsis>
+</refsynopsisdiv>
+
+
+<refsection><title>Description</title>
+
+<para>This command updates the system so that it corresponds to the
+configuration specified in
+<filename>/etc/nixos/configuration.nix</filename>.  Thus, every time
+you modify <filename>/etc/nixos/configuration.nix</filename> or any
+NixOS module, you must run <command>nixos-rebuild</command> to make
+the changes take effect.  It builds the new system in
+<filename>/nix/store</filename>, runs its activation script, and stop
+and (re)starts any system services if needed.</para>
+
+<para>This command has one required argument, which specifies the
+desired operation.  It must be one of the following:
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>switch</option></term>
+    <listitem>
+      <para>Build and activate the new configuration, and make it the
+      boot default.  That is, the configuration is added to the GRUB
+      boot menu as the default meny entry, so that subsequent reboots
+      will boot the system into the new configuration.  Previous
+      configurations activated with <command>nixos-rebuild
+      switch</command> or <command>nixos-rebuild boot</command> remain
+      available in the GRUB menu.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>boot</option></term>
+    <listitem>
+      <para>Build the new configuration and make it the boot default
+      (as with <command>nixos-rebuild switch</command>), but do not
+      activate it.  That is, the system continues to run the previous
+      configuration until the next reboot.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>test</option></term>
+    <listitem>
+      <para>Build and activate the new configuration, but do not add
+      it to the GRUB boot menu.  Thus, if you reboot the system (or if
+      it crashes), you will automatically revert to the default
+      configuration (i.e. the configuration resulting from the last
+      call to <command>nixos-rebuild switch</command> or
+      <command>nixos-rebuild boot</command>).</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>build</option></term>
+    <listitem>
+      <para>Build the new configuration, but neither activate it nor
+      add it to the GRUB boot menu.  It leaves a symlink named
+      <filename>result</filename> in the current directory, which
+      points to the output of the top-level “system” derivation.  This
+      is essentially the same as doing
+<screen>
+$ nix-build /path/to/nixpkgs/nixos -A system
+</screen>
+      Note that you do not need to be <literal>root</literal> to run
+      <command>nixos-rebuild build</command>.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>dry-run</option></term>
+    <listitem>
+      <para>Simply show what store paths would be built or downloaded
+      by any of the operations above.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>build-vm</option></term>
+    <listitem>
+      <para>Build a script that starts a NixOS virtual machine with
+      the desired configuration.  It leaves a symlink
+      <filename>result</filename> in the current directory that points
+      (under
+      <filename>result/bin/run-<replaceable>hostname</replaceable>-vm</filename>)
+      at the script that starts the VM.  Thus, to test a NixOS
+      configuration in a virtual machine, you should do the following:
+<screen>
+$ nixos-rebuild build-vm
+$ ./result/bin/run-*-vm
+</screen></para>
+
+      <para>The VM is implemented using the <literal>qemu</literal>
+      package.  For best performance, you should load the
+      <literal>kvm-intel</literal> or <literal>kvm-amd</literal>
+      kernel modules to get hardware virtualisation.</para>
+
+      <para>The VM mounts the Nix store of the host through the 9P
+      file system.  The host Nix store is read-only, so Nix commands
+      that modify the Nix store will not work in the VM.  This
+      includes commands such as <command>nixos-rebuild</command>; to
+      change the VM’s configuration, you must halt the VM and re-run
+      the commands above.
+      </para>
+
+      <para>The VM has its own <literal>ext3</literal> root file
+      system, which is automatically created when the VM is first
+      started, and is persistent across reboots of the VM.  It is
+      stored in
+      <literal>./<replaceable>hostname</replaceable>.qcow2</literal>.
+      <!-- The entire file system hierarchy of the host is available in
+      the VM under <filename>/hostfs</filename>.--></para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>build-vm-with-bootloader</option></term>
+    <listitem>
+      <para>Like <option>build-vm</option>, but boots using the
+      regular boot loader of your configuration (e.g., GRUB 1 or 2),
+      rather than booting directly into the kernel and initial ramdisk
+      of the system.  This allows you to test whether the boot loader
+      works correctly.  However, it does not guarantee that your NixOS
+      configuration will boot successfully on the host hardware (i.e.,
+      after running <command>nixos-rebuild switch</command>), because
+      the hardware and boot loader configuration in the VM are
+      different.  The boot loader is installed on an automatically
+      generated virtual disk containing a <filename>/boot</filename>
+      partition, which is mounted read-only in the VM.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</para>
+
+
+</refsection>
+
+
+<refsection><title>Options</title>
+
+<para>This command accepts the following options:</para>
+
+<variablelist>
+
+  <varlistentry>
+    <term><option>--upgrade</option></term>
+    <listitem>
+      <para>Fetch the latest version of NixOS from the NixOS
+      channel.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--install-grub</option></term>
+    <listitem>
+      <para>Causes the GRUB boot loader to be (re)installed on the
+      device specified by the
+      <varname>boot.loader.grub.device</varname> configuration
+      option.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--no-build-nix</option></term>
+    <listitem>
+      <para>Normally, <command>nixos-rebuild</command> first builds
+      the <varname>nixUnstable</varname> attribute in Nixpkgs, and
+      uses the resulting instance of the Nix package manager to build
+      the new system configuration.  This is necessary if the NixOS
+      modules use features not provided by the currently installed
+      version of Nix.  This option disables building a new Nix.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--fast</option></term>
+    <listitem>
+      <para>Equivalent to <option>--no-build-nix</option>
+      <option>--show-trace</option>.  This option is useful if you
+      call <command>nixos-rebuild</command> frequently (e.g. if you’re
+      hacking on a NixOS module).</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--rollback</option></term>
+    <listitem>
+      <para>Instead of building a new configuration as specified by
+      <filename>/etc/nixos/configuration.nix</filename>, roll back to
+      the previous configuration.  (The previous configuration is
+      defined as the one before the “current” generation of the
+      Nix profile <filename>/nix/var/nix/profiles/system</filename>.)</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--profile-name</option></term>
+    <term><option>-p</option></term>
+    <listitem>
+      <para>Instead of using the Nix profile
+      <filename>/nix/var/nix/profiles/system</filename> to keep track
+      of the current and previous system configurations, use
+      <filename>/nix/var/nix/profiles/system-profiles/<replaceable>name</replaceable></filename>.
+      When you use GRUB 2, for every system profile created with this
+      flag, NixOS will create a submenu named “NixOS - Profile
+      '<replaceable>name</replaceable>'” in GRUB’s boot menu,
+      containing the current and previous configurations of this
+      profile.</para>
+
+      <para>For instance, if you want to test a configuration file
+      named <filename>test.nix</filename> without affecting the
+      default system profile, you would do:
+
+<screen>
+$ nixos-rebuild switch -p test -I nixos-config=./test.nix
+</screen>
+
+      The new configuration will appear in the GRUB 2 submenu “NixOS - Profile
+      'test'”.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+<para>In addition, <command>nixos-rebuild</command> accepts various
+Nix-related flags, including <option>--max-jobs</option> /
+<option>-j</option>, <option>--show-trace</option>,
+<option>--keep-failed</option>, <option>--keep-going</option> and
+<option>--verbose</option> / <option>-v</option>.  See
+the Nix manual for details.</para>
+
+</refsection>
+
+
+<refsection><title>Environment</title>
+
+<variablelist>
+
+  <varlistentry>
+    <term><envar>NIXOS_CONFIG</envar></term>
+    <listitem>
+      <para>Path to the main NixOS configuration module.  Defaults to
+      <filename>/etc/nixos/configuration.nix</filename>.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Files</title>
+
+<variablelist>
+
+  <varlistentry>
+    <term><filename>/run/current-system</filename></term>
+    <listitem>
+      <para>A symlink to the currently active system configuration in
+      the Nix store.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><filename>/nix/var/nix/profiles/system</filename></term>
+    <listitem>
+      <para>The Nix profile that contains the current and previous
+      system configurations.  Used to generate the GRUB boot
+      menu.</para>
+    </listitem>
+  </varlistentry>
+
+</variablelist>
+
+</refsection>
+
+
+<refsection><title>Bugs</title>
+
+<para>This command should be renamed to something more
+descriptive.</para>
+
+</refsection>
+
+
+
+</refentry>
diff --git a/nixos/doc/manual/man-pages.xml b/nixos/doc/manual/man-pages.xml
new file mode 100644
index 000000000000..467864e208bd
--- /dev/null
+++ b/nixos/doc/manual/man-pages.xml
@@ -0,0 +1,31 @@
+<reference xmlns="http://docbook.org/ns/docbook"
+           xmlns:xlink="http://www.w3.org/1999/xlink"
+           xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <title>NixOS Reference Pages</title>
+
+  <info>
+
+    <author>
+      <personname>
+        <firstname>Eelco</firstname>
+        <surname>Dolstra</surname>
+      </personname>
+      <contrib>Author</contrib>
+    </author>
+
+    <copyright>
+      <year>2007-2013</year>
+      <holder>Eelco Dolstra</holder>
+    </copyright>
+
+  </info>
+
+  <xi:include href="man-configuration.xml" />
+  <xi:include href="man-nixos-build-vms.xml" />
+  <xi:include href="man-nixos-generate-config.xml" />
+  <xi:include href="man-nixos-install.xml" />
+  <xi:include href="man-nixos-option.xml" />
+  <xi:include href="man-nixos-rebuild.xml" />
+
+</reference>
diff --git a/nixos/doc/manual/manual.xml b/nixos/doc/manual/manual.xml
new file mode 100644
index 000000000000..dfbd865b505b
--- /dev/null
+++ b/nixos/doc/manual/manual.xml
@@ -0,0 +1,62 @@
+<book xmlns="http://docbook.org/ns/docbook"
+      xmlns:xlink="http://www.w3.org/1999/xlink"
+      xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <info>
+
+    <title>NixOS Manual</title>
+
+    <author>
+      <personname>
+        <firstname>Eelco</firstname>
+        <surname>Dolstra</surname>
+      </personname>
+    </author>
+
+    <author>
+      <personname>
+        <firstname>Nicolas</firstname>
+        <surname>Pierron</surname>
+      </personname>
+    </author>
+
+    <copyright>
+      <year>2007-2013</year>
+      <holder>Eelco Dolstra</holder>
+    </copyright>
+
+  </info>
+
+
+  <preface>
+    <title>Preface</title>
+
+    <para>This manual describes how to install, use and extend NixOS,
+    a Linux distribution based on the purely functional package
+    management system Nix.</para>
+
+    <para>If you encounter problems, please report them on the
+    <literal
+    xlink:href="http://lists.science.uu.nl/mailman/listinfo/nix-dev">nix-dev@lists.science.uu.nl</literal>
+    mailing list or on the <link
+    xlink:href="irc://irc.freenode.net/#nixos">
+    <literal>#nixos</literal> channel on Freenode</link>.  Bugs should
+    be reported in <link
+    xlink:href="https://github.com/NixOS/nixpkgs/issues">NixOS’ GitHub
+    issue tracker</link>.</para>
+
+  </preface>
+
+
+  <xi:include href="installation.xml" />
+  <xi:include href="configuration.xml" />
+  <xi:include href="running.xml" />
+  <!-- <xi:include href="userconfiguration.xml" /> -->
+  <xi:include href="troubleshooting.xml" />
+  <xi:include href="development.xml" />
+  <chapter xml:id="ch-options">
+    <title>List of options</title>
+    <xi:include href="options-db.xml" />
+  </chapter>
+
+</book>
diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/doc/manual/options-to-docbook.xsl
new file mode 100644
index 000000000000..6d11ad7a6c4a
--- /dev/null
+++ b/nixos/doc/manual/options-to-docbook.xsl
@@ -0,0 +1,207 @@
+<?xml version="1.0"?>
+
+<xsl:stylesheet version="1.0"
+                xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+                xmlns:str="http://exslt.org/strings"
+                xmlns:xlink="http://www.w3.org/1999/xlink"
+                xmlns="http://docbook.org/ns/docbook"
+                extension-element-prefixes="str"
+                >
+
+  <xsl:output method='xml' encoding="UTF-8" />
+
+  <xsl:param name="revision" />
+
+
+  <xsl:template match="/expr/list">
+
+      <variablelist>
+
+        <xsl:for-each select="attrs">
+
+          <varlistentry>
+             <term>
+               <option>
+                 <xsl:for-each select="attr[@name = 'name']/string">
+                   <xsl:value-of select="@value" />
+                   <xsl:if test="position() != last()">.</xsl:if>
+                 </xsl:for-each>
+               </option>
+             </term>
+
+             <listitem>
+
+               <para>
+                 <xsl:value-of disable-output-escaping="yes"
+                               select="attr[@name = 'description']/string/@value" />
+               </para>
+
+               <xsl:if test="attr[@name = 'default']">
+                 <para>
+                   <emphasis>Default:</emphasis>
+                   <xsl:text> </xsl:text>
+                   <xsl:apply-templates select="attr[@name = 'default']" mode="top" />
+                 </para>
+               </xsl:if>
+
+               <xsl:if test="attr[@name = 'example']">
+                 <para>
+                   <emphasis>Example:</emphasis>
+                   <xsl:text> </xsl:text>
+                   <xsl:choose>
+                     <xsl:when test="attr[@name = 'example']/attrs[attr[@name = '_type' and string[@value = 'literalExample']]]">
+                       <programlisting><xsl:value-of select="attr[@name = 'example']/attrs/attr[@name = 'text']/string/@value" /></programlisting>
+                     </xsl:when>
+                     <xsl:otherwise>
+                       <xsl:apply-templates select="attr[@name = 'example']" mode="top" />
+                     </xsl:otherwise>
+                   </xsl:choose>
+                 </para>
+               </xsl:if>
+
+               <xsl:if test="count(attr[@name = 'declarations']/list/*) != 0">
+                 <para>
+                   <emphasis>Declared by:</emphasis>
+                 </para>
+                 <xsl:apply-templates select="attr[@name = 'declarations']" />
+               </xsl:if>
+
+               <xsl:if test="count(attr[@name = 'definitions']/list/*) != 0">
+                 <para>
+                   <emphasis>Defined by:</emphasis>
+                 </para>
+                 <xsl:apply-templates select="attr[@name = 'definitions']" />
+               </xsl:if>
+
+             </listitem>
+
+          </varlistentry>
+
+        </xsl:for-each>
+
+      </variablelist>
+
+  </xsl:template>
+
+
+  <xsl:template match="*" mode="top">
+    <xsl:choose>
+      <xsl:when test="string[contains(@value, '&#010;')]">
+<programlisting>
+<xsl:text>''
+</xsl:text><xsl:value-of select='str:replace(string/@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text></programlisting>
+      </xsl:when>
+      <xsl:otherwise>
+        <literal><xsl:apply-templates /></literal>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+
+  <xsl:template match="null">
+    <xsl:text>null</xsl:text>
+  </xsl:template>
+
+
+  <xsl:template match="string">
+    <xsl:choose>
+      <xsl:when test="(contains(@value, '&quot;') or contains(@value, '\')) and not(contains(@value, '&#010;'))">
+        <xsl:text>''</xsl:text><xsl:value-of select='str:replace(@value, "${", "&apos;&apos;${")' /><xsl:text>''</xsl:text>
+      </xsl:when>
+      <xsl:otherwise>
+        <xsl:text>"</xsl:text><xsl:value-of select="str:replace(str:replace(str:replace(str:replace(@value, '\', '\\'), '&quot;', '\&quot;'), '&#010;', '\n'), '$', '\$')" /><xsl:text>"</xsl:text>
+      </xsl:otherwise>
+    </xsl:choose>
+  </xsl:template>
+
+
+  <xsl:template match="int">
+    <xsl:value-of select="@value" />
+  </xsl:template>
+
+
+  <xsl:template match="bool[@value = 'true']">
+    <xsl:text>true</xsl:text>
+  </xsl:template>
+
+
+  <xsl:template match="bool[@value = 'false']">
+    <xsl:text>false</xsl:text>
+  </xsl:template>
+
+
+  <xsl:template match="list">
+    [
+    <xsl:for-each select="*">
+      <xsl:apply-templates select="." />
+      <xsl:text> </xsl:text>
+    </xsl:for-each>
+    ]
+  </xsl:template>
+
+
+  <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExample']]]">
+    <xsl:value-of select="attr[@name = 'text']/string/@value" />
+  </xsl:template>
+
+
+  <xsl:template match="attrs">
+    {
+    <xsl:for-each select="attr">
+      <xsl:value-of select="@name" />
+      <xsl:text> = </xsl:text>
+      <xsl:apply-templates select="*" /><xsl:text>; </xsl:text>
+    </xsl:for-each>
+    }
+  </xsl:template>
+
+
+  <xsl:template match="derivation">
+    <replaceable>(build of <xsl:value-of select="attr[@name = 'name']/string/@value" />)</replaceable>
+  </xsl:template>
+
+  <xsl:template match="attr[@name = 'declarations' or @name = 'definitions']">
+    <simplelist>
+      <xsl:for-each select="list/string">
+        <member><filename>
+          <!-- Hyperlink the filename either to the NixOS Subversion
+          repository (if it’s a module and we have a revision number),
+          or to the local filesystem. -->
+          <xsl:choose>
+            <xsl:when test="not(starts-with(@value, '/'))">
+              <xsl:choose>
+                <xsl:when test="$revision = 'local'">
+                  <xsl:attribute name="xlink:href">https://github.com/NixOS/nixpkgs/blob/master/<xsl:value-of select="@value"/></xsl:attribute>
+                </xsl:when>
+                <xsl:otherwise>
+                  <xsl:attribute name="xlink:href">https://github.com/NixOS/nixpkgs/blob/<xsl:value-of select="$revision"/>/<xsl:value-of select="@value"/></xsl:attribute>
+                </xsl:otherwise>
+              </xsl:choose>
+            </xsl:when>
+            <xsl:when test="$revision != 'local' and contains(@value, 'nixops') and contains(@value, '/nix/')">
+              <xsl:attribute name="xlink:href">https://github.com/NixOS/nixops/blob/<xsl:value-of select="$revision"/>/nix/<xsl:value-of select="substring-after(@value, '/nix/')"/></xsl:attribute>
+            </xsl:when>
+            <xsl:otherwise>
+              <xsl:attribute name="xlink:href">file://<xsl:value-of select="@value"/></xsl:attribute>
+            </xsl:otherwise>
+          </xsl:choose>
+          <!-- Print the filename and make it user-friendly by replacing the
+          /nix/store/<hash> prefix by the default location of nixos
+          sources. -->
+          <xsl:choose>
+            <xsl:when test="not(starts-with(@value, '/'))">
+              &lt;nixpkgs/<xsl:value-of select="@value"/>&gt;
+            </xsl:when>
+            <xsl:when test="contains(@value, 'nixops') and contains(@value, '/nix/')">
+              &lt;nixops/<xsl:value-of select="substring-after(@value, '/nix/')"/>&gt;
+            </xsl:when>
+            <xsl:otherwise>
+              <xsl:value-of select="@value" />
+            </xsl:otherwise>
+          </xsl:choose>
+        </filename></member>
+      </xsl:for-each>
+    </simplelist>
+  </xsl:template>
+
+</xsl:stylesheet>
diff --git a/nixos/doc/manual/running.xml b/nixos/doc/manual/running.xml
new file mode 100644
index 000000000000..e50099707cc5
--- /dev/null
+++ b/nixos/doc/manual/running.xml
@@ -0,0 +1,369 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink"
+         xml:id="ch-running">
+
+<title>Running NixOS</title>
+
+<para>This chapter describes various aspects of managing a running
+NixOS system, such as how to use the <command>systemd</command>
+service manager.</para>
+
+
+<!--===============================================================-->
+
+<section><title>Service management</title>
+
+<para>In NixOS, all system services are started and monitored using
+the systemd program.  Systemd is the “init” process of the system
+(i.e. PID 1), the parent of all other processes.  It manages a set of
+so-called “units”, which can be things like system services
+(programs), but also mount points, swap files, devices, targets
+(groups of units) and more.  Units can have complex dependencies; for
+instance, one unit can require that another unit must be successfully
+started before the first unit can be started.  When the system boots,
+it starts a unit named <literal>default.target</literal>; the
+dependencies of this unit cause all system services to be started,
+file systems to be mounted, swap files to be activated, and so
+on.</para>
+
+<para>The command <command>systemctl</command> is the main way to
+interact with <command>systemd</command>.  Without any arguments, it
+shows the status of active units:
+
+<screen>
+$ systemctl
+-.mount          loaded active mounted   /
+swapfile.swap    loaded active active    /swapfile
+sshd.service     loaded active running   SSH Daemon
+graphical.target loaded active active    Graphical Interface
+<replaceable>...</replaceable>
+</screen>
+
+</para>
+
+<para>You can ask for detailed status information about a unit, for
+instance, the PostgreSQL database service:
+
+<screen>
+$ systemctl status postgresql.service
+postgresql.service - PostgreSQL Server
+          Loaded: loaded (/nix/store/pn3q73mvh75gsrl8w7fdlfk3fq5qm5mw-unit/postgresql.service)
+          Active: active (running) since Mon, 2013-01-07 15:55:57 CET; 9h ago
+        Main PID: 2390 (postgres)
+          CGroup: name=systemd:/system/postgresql.service
+                  ├─2390 postgres
+                  ├─2418 postgres: writer process
+                  ├─2419 postgres: wal writer process
+                  ├─2420 postgres: autovacuum launcher process
+                  ├─2421 postgres: stats collector process
+                  └─2498 postgres: zabbix zabbix [local] idle
+
+Jan 07 15:55:55 hagbard postgres[2394]: [1-1] LOG:  database system was shut down at 2013-01-07 15:55:05 CET
+Jan 07 15:55:57 hagbard postgres[2390]: [1-1] LOG:  database system is ready to accept connections
+Jan 07 15:55:57 hagbard postgres[2420]: [1-1] LOG:  autovacuum launcher started
+Jan 07 15:55:57 hagbard systemd[1]: Started PostgreSQL Server.
+</screen>
+
+Note that this shows the status of the unit (active and running), all
+the processes belonging to the service, as well as the most recent log
+messages from the service.
+
+</para>
+
+<para>Units can be stopped, started or restarted:
+
+<screen>
+$ systemctl stop postgresql.service
+$ systemctl start postgresql.service
+$ systemctl restart postgresql.service
+</screen>
+
+These operations are synchronous: they wait until the service has
+finished starting or stopping (or has failed).  Starting a unit will
+cause the dependencies of that unit to be started as well (if
+necessary).</para>
+
+<!-- - cgroups: each service and user session is a cgroup
+
+- cgroup resource management -->
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Rebooting and shutting down</title>
+
+<para>The system can be shut down (and automatically powered off) by
+doing:
+
+<screen>
+$ shutdown
+</screen>
+
+This is equivalent to running <command>systemctl
+poweroff</command>.</para>
+
+<para>To reboot the system, run
+
+<screen>
+$ reboot
+</screen>
+
+which is equivalent to <command>systemctl reboot</command>.
+Alternatively, you can quickly reboot the system using
+<literal>kexec</literal>, which bypasses the BIOS by directly loading
+the new kernel into memory:
+
+<screen>
+$ systemctl kexec
+</screen>
+
+</para>
+
+<para>The machine can be suspended to RAM (if supported) using
+<command>systemctl suspend</command>, and suspended to disk using
+<command>systemctl hibernate</command>.</para>
+
+<para>These commands can be run by any user who is logged in locally,
+i.e. on a virtual console or in X11; otherwise, the user is asked for
+authentication.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>User sessions</title>
+
+<para>Systemd keeps track of all users who are logged into the system
+(e.g. on a virtual console or remotely via SSH).  The command
+<command>loginctl</command> allows querying and manipulating user
+sessions.  For instance, to list all user sessions:
+
+<screen>
+$ loginctl
+   SESSION        UID USER             SEAT
+        c1        500 eelco            seat0
+        c3          0 root             seat0
+        c4        500 alice
+</screen>
+
+This shows that two users are logged in locally, while another is
+logged in remotely.  (“Seats” are essentially the combinations of
+displays and input devices attached to the system; usually, there is
+only one seat.)  To get information about a session:
+
+<screen>
+$ loginctl session-status c3
+c3 - root (0)
+           Since: Tue, 2013-01-08 01:17:56 CET; 4min 42s ago
+          Leader: 2536 (login)
+            Seat: seat0; vc3
+             TTY: /dev/tty3
+         Service: login; type tty; class user
+           State: online
+          CGroup: name=systemd:/user/root/c3
+                  ├─ 2536 /nix/store/10mn4xip9n7y9bxqwnsx7xwx2v2g34xn-shadow-4.1.5.1/bin/login --
+                  ├─10339 -bash
+                  └─10355 w3m nixos.org
+</screen>
+
+This shows that the user is logged in on virtual console 3.  It also
+lists the processes belonging to this session.  Since systemd keeps
+track of this, you can terminate a session in a way that ensures that
+all the session’s processes are gone:
+
+<screen>
+$ loginctl terminate-session c3
+</screen>
+
+</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Control groups</title>
+
+<para>To keep track of the processes in a running system, systemd uses
+<emphasis>control groups</emphasis> (cgroups).  A control group is a
+set of processes used to allocate resources such as CPU, memory or I/O
+bandwidth.  There can be multiple control group hierarchies, allowing
+each kind of resource to be managed independently.</para>
+
+<para>The command <command>systemd-cgls</command> lists all control
+groups in the <literal>systemd</literal> hierarchy, which is what
+systemd uses to keep track of the processes belonging to each service
+or user session:
+
+<screen>
+$ systemd-cgls
+├─user
+│ └─eelco
+│   └─c1
+│     ├─ 2567 -:0
+│     ├─ 2682 kdeinit4: kdeinit4 Running...
+│     ├─ <replaceable>...</replaceable>
+│     └─10851 sh -c less -R
+└─system
+  ├─httpd.service
+  │ ├─2444 httpd -f /nix/store/3pyacby5cpr55a03qwbnndizpciwq161-httpd.conf -DNO_DETACH
+  │ └─<replaceable>...</replaceable>
+  ├─dhcpcd.service
+  │ └─2376 dhcpcd --config /nix/store/f8dif8dsi2yaa70n03xir8r653776ka6-dhcpcd.conf
+  └─ <replaceable>...</replaceable>
+</screen>
+
+Similarly, <command>systemd-cgls cpu</command> shows the cgroups in
+the CPU hierarchy, which allows per-cgroup CPU scheduling priorities.
+By default, every systemd service gets its own CPU cgroup, while all
+user sessions are in the top-level CPU cgroup.  This ensures, for
+instance, that a thousand run-away processes in the
+<literal>httpd.service</literal> cgroup cannot starve the CPU for one
+process in the <literal>postgresql.service</literal> cgroup.  (By
+contrast, it they were in the same cgroup, then the PostgreSQL process
+would get 1/1001 of the cgroup’s CPU time.)  You can limit a service’s
+CPU share in <filename>configuration.nix</filename>:
+
+<programlisting>
+systemd.services.httpd.serviceConfig.CPUShares = 512;
+</programlisting>
+
+By default, every cgroup has 1024 CPU shares, so this will halve the
+CPU allocation of the <literal>httpd.service</literal> cgroup.</para>
+
+<para>There also is a <literal>memory</literal> hierarchy that
+controls memory allocation limits; by default, all processes are in
+the top-level cgroup, so any service or session can exhaust all
+available memory.  Per-cgroup memory limits can be specified in
+<filename>configuration.nix</filename>; for instance, to limit
+<literal>httpd.service</literal> to 512 MiB of RAM (excluding swap)
+and 640 MiB of RAM (including swap):
+
+<programlisting>
+systemd.services.httpd.serviceConfig.MemoryLimit = "512M";
+systemd.services.httpd.serviceConfig.ControlGroupAttribute = [ "memory.memsw.limit_in_bytes 640M" ];
+</programlisting>
+
+</para>
+
+<para>The command <command>systemd-cgtop</command> shows a
+continuously updated list of all cgroups with their CPU and memory
+usage.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Logging</title>
+
+<para>System-wide logging is provided by systemd’s
+<emphasis>journal</emphasis>, which subsumes traditional logging
+daemons such as syslogd and klogd.  Log entries are kept in binary
+files in <filename>/var/log/journal/</filename>.  The command
+<literal>journalctl</literal> allows you to see the contents of the
+journal.  For example,
+
+<screen>
+$ journalctl -b
+</screen>
+
+shows all journal entries since the last reboot.  (The output of
+<command>journalctl</command> is piped into <command>less</command> by
+default.)  You can use various options and match operators to restrict
+output to messages of interest.  For instance, to get all messages
+from PostgreSQL:
+
+<screen>
+$ journalctl -u postgresql.service
+-- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. --
+...
+Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG:  database system is shut down
+-- Reboot --
+Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG:  database system was shut down at 2013-01-07 15:44:14 CET
+Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG:  database system is ready to accept connections
+</screen>
+
+Or to get all messages since the last reboot that have at least a
+“critical” severity level:
+
+<screen>
+$ journalctl -b -p crit
+Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice]
+Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1)
+</screen>
+
+</para>
+
+<para>The system journal is readable by root and by users in the
+<literal>wheel</literal> and <literal>systemd-journal</literal>
+groups.  All users have a private journal that can be read using
+<command>journalctl</command>.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Cleaning up the Nix store</title>
+
+<para>Nix has a purely functional model, meaning that packages are
+never upgraded in place.  Instead new versions of packages end up in a
+different location in the Nix store (<filename>/nix/store</filename>).
+You should periodically run Nix’s <emphasis>garbage
+collector</emphasis> to remove old, unreferenced packages.  This is
+easy:
+
+<screen>
+$ nix-collect-garbage
+</screen>
+
+Alternatively, you can use a systemd unit that does the same in the
+background:
+
+<screen>
+$ systemctl start nix-gc.service
+</screen>
+
+You can tell NixOS in <filename>configuration.nix</filename> to run
+this unit automatically at certain points in time, for instance, every
+night at 03:15:
+
+<programlisting>
+nix.gc.automatic = true;
+nix.gc.dates = "03:15";
+</programlisting>
+
+</para>
+
+<para>The commands above do not remove garbage collector roots, such
+as old system configurations.  Thus they do not remove the ability to
+roll back to previous configurations.  The following command deletes
+old roots, removing the ability to roll back to them:
+<screen>
+$ nix-collect-garbage -d
+</screen>
+You can also do this for specific profiles, e.g.
+<screen>
+$ nix-env -p /nix/var/nix/profiles/per-user/eelco/profile --delete-generations old
+</screen>
+Note that NixOS system configurations are stored in the profile
+<filename>/nix/var/nix/profiles/system</filename>.</para>
+
+<para>Another way to reclaim disk space (often as much as 40% of the
+size of the Nix store) is to run Nix’s store optimiser, which seeks
+out identical files in the store and replaces them with hard links to
+a single copy.
+<screen>
+$ nix-store --optimise
+</screen>
+Since this command needs to read the entire Nix store, it can take
+quite a while to finish.</para>
+
+</section>
+
+
+</chapter>
diff --git a/nixos/doc/manual/style.css b/nixos/doc/manual/style.css
new file mode 100644
index 000000000000..e2204c159e22
--- /dev/null
+++ b/nixos/doc/manual/style.css
@@ -0,0 +1,268 @@
+/* Copied from http://bakefile.sourceforge.net/, which appears
+   licensed under the GNU GPL. */
+
+
+/***************************************************************************
+                             Basic headers and text:
+ ***************************************************************************/
+
+body
+{
+    font-family: "Nimbus Sans L", sans-serif;
+    background: white;
+    margin: 2em 1em 2em 1em;
+}
+
+h1, h2, h3, h4
+{
+    color: #005aa0;
+}
+
+h1 /* title */
+{
+    font-size: 200%;
+}
+
+h2 /* chapters, appendices, subtitle */
+{
+    font-size: 180%;
+}
+
+/* Extra space between chapters, appendices. */
+div.chapter > div.titlepage h2, div.appendix > div.titlepage h2 
+{ 
+    margin-top: 1.5em;
+}
+
+div.section > div.titlepage h2 /* sections */
+{
+    font-size: 150%;
+    margin-top: 1.5em;
+}
+
+h3 /* subsections */
+{
+    font-size: 125%;
+}
+
+div.simplesect h2
+{
+    font-size: 110%;
+}
+
+div.appendix h3
+{
+    font-size: 150%;
+    margin-top: 1.5em;
+}
+
+div.refnamediv h2, div.refsynopsisdiv h2, div.refsection h2 /* refentry parts */
+{
+    margin-top: 1.4em;
+    font-size: 125%;
+}
+
+div.refsection h3
+{
+    font-size: 110%;
+}
+
+
+/***************************************************************************
+                               Examples:
+ ***************************************************************************/
+
+div.example
+{
+    border: 1px solid #b0b0b0;
+    padding: 6px 6px;
+    margin-left: 1.5em;
+    margin-right: 1.5em;
+    background: #f4f4f8;
+    border-radius: 0.4em;
+    box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
+}
+
+div.example p.title
+{
+    margin-top: 0em;
+}
+
+div.example pre
+{
+    box-shadow: none;
+}
+
+
+/***************************************************************************
+                            Screen dumps:
+ ***************************************************************************/
+
+pre.screen, pre.programlisting
+{
+    border: 1px solid #b0b0b0;
+    padding: 3px 3px;
+    margin-left: 1.5em;
+    margin-right: 1.5em;
+    color: #600000;
+    background: #f4f4f8;
+    font-family: monospace;
+    border-radius: 0.4em;
+    box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
+}
+
+div.example pre.programlisting
+{
+    border: 0px;
+    padding: 0 0;
+    margin: 0 0 0 0;
+}
+
+
+/***************************************************************************
+                               Notes, warnings etc:
+ ***************************************************************************/
+
+.note, .warning
+{
+    border: 1px solid #b0b0b0;
+    padding: 3px 3px;
+    margin-left: 1.5em;
+    margin-right: 1.5em;
+    margin-bottom: 1em;
+    padding: 0.3em 0.3em 0.3em 0.3em;
+    background: #fffff5;
+    border-radius: 0.4em;
+    box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
+}
+
+div.note, div.warning
+{
+    font-style: italic;
+}
+
+div.note h3, div.warning h3
+{
+    color: red;
+    font-size: 100%;
+    padding-right: 0.5em;
+    display: inline;
+}
+
+div.note p, div.warning p
+{
+    margin-bottom: 0em;
+}
+
+div.note h3 + p, div.warning h3 + p
+{
+    display: inline;
+}
+
+div.note h3
+{
+    color: blue;
+    font-size: 100%;
+}
+
+div.navfooter *
+{
+    font-size: 90%;
+}
+
+
+/***************************************************************************
+                        Links colors and highlighting: 
+ ***************************************************************************/
+
+a { text-decoration: none; }
+a:hover { text-decoration: underline; }
+a:link { color: #0048b3; }
+a:visited { color: #002a6a; }
+
+
+/***************************************************************************
+                              Table of contents:
+ ***************************************************************************/
+
+div.toc
+{
+    font-size: 90%;
+}
+
+div.toc dl
+{
+    margin-top: 0em;
+    margin-bottom: 0em;
+}
+
+
+/***************************************************************************
+                               Special elements:
+ ***************************************************************************/
+
+tt, code
+{
+    color: #400000;
+}
+
+.term
+{
+    font-weight: bold;
+    
+}
+
+div.variablelist dd p, div.glosslist dd p
+{
+    margin-top: 0em;
+}
+
+div.variablelist dd, div.glosslist dd
+{
+    margin-left: 1.5em;
+}
+
+div.glosslist dt
+{
+    font-style: italic;
+}
+
+.varname
+{
+    color: #400000;
+}
+
+span.command strong
+{
+    font-weight: normal;
+    color: #400000;
+}
+
+div.calloutlist table
+{
+    box-shadow: none;
+}
+
+table
+{
+    border-collapse: collapse;
+    box-shadow: 0.4em 0.4em 0.5em #e0e0e0;
+}
+
+table.simplelist
+{
+    text-align: left;
+    color: #005aa0;
+    border: 0;
+    padding: 5px;
+    background: #fffff5;
+    font-weight: normal;
+    font-style: italic;
+    box-shadow: none;
+    margin-bottom: 1em;
+}
+
+div.affiliation
+{
+    font-style: italic;
+}
\ No newline at end of file
diff --git a/nixos/doc/manual/troubleshooting.xml b/nixos/doc/manual/troubleshooting.xml
new file mode 100644
index 000000000000..c6e0a3a7888c
--- /dev/null
+++ b/nixos/doc/manual/troubleshooting.xml
@@ -0,0 +1,198 @@
+<chapter xmlns="http://docbook.org/ns/docbook"
+         xmlns:xlink="http://www.w3.org/1999/xlink">
+
+<title>Troubleshooting</title>
+
+
+<!--===============================================================-->
+
+<section><title>Boot problems</title>
+
+<para>If NixOS fails to boot, there are a number of kernel command
+line parameters that may help you to identify or fix the issue.  You
+can add these parameters in the GRUB boot menu by pressing “e” to
+modify the selected boot entry and editing the line starting with
+<literal>linux</literal>.  The following are some useful kernel command
+line parameters that are recognised by the NixOS boot scripts or by
+systemd:
+
+<variablelist>
+
+  <varlistentry><term><literal>boot.shell_on_fail</literal></term>
+    <listitem><para>Start a root shell if something goes wrong in
+    stage 1 of the boot process (the initial ramdisk).  This is
+    disabled by default because there is no authentication for the
+    root shell.</para></listitem>
+  </varlistentry>
+
+  <varlistentry><term><literal>boot.debug1</literal></term>
+    <listitem><para>Start an interactive shell in stage 1 before
+    anything useful has been done.  That is, no modules have been
+    loaded and no file systems have been mounted, except for
+    <filename>/proc</filename> and
+    <filename>/sys</filename>.</para></listitem>
+  </varlistentry>
+
+  <varlistentry><term><literal>boot.trace</literal></term>
+    <listitem><para>Print every shell command executed by the stage 1
+    and 2 boot scripts.</para></listitem>
+  </varlistentry>
+
+  <varlistentry><term><literal>single</literal></term>
+    <listitem><para>Boot into rescue mode (a.k.a. single user mode).
+    This will cause systemd to start nothing but the unit
+    <literal>rescue.target</literal>, which runs
+    <command>sulogin</command> to prompt for the root password and
+    start a root login shell.  Exiting the shell causes the system to
+    continue with the normal boot process.</para></listitem>
+  </varlistentry>
+
+  <varlistentry><term><literal>systemd.log_level=debug systemd.log_target=console</literal></term>
+    <listitem><para>Make systemd very verbose and send log messages to
+    the console instead of the journal.</para></listitem>
+  </varlistentry>
+
+</variablelist>
+
+For more parameters recognised by systemd, see
+<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
+
+<para>If no login prompts or X11 login screens appear (e.g. due to
+hanging dependencies), you can press Alt+ArrowUp.  If you’re lucky,
+this will start rescue mode (described above).  (Also note that since
+most units have a 90-second timeout before systemd gives up on them,
+the <command>agetty</command> login prompts should appear eventually
+unless something is very wrong.)</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Maintenance mode</title>
+
+<para>You can enter rescue mode by running:
+
+<screen>
+$ systemctl rescue</screen>
+
+This will eventually give you a single-user root shell.  Systemd will
+stop (almost) all system services.  To get out of maintenance mode,
+just exit from the rescue shell.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Rolling back configuration changes</title>
+
+<para>After running <command>nixos-rebuild</command> to switch to a
+new configuration, you may find that the new configuration doesn’t
+work very well.  In that case, there are several ways to return to a
+previous configuration.</para>
+
+<para>First, the GRUB boot manager allows you to boot into any
+previous configuration that hasn’t been garbage-collected.  These
+configurations can be found under the GRUB submenu “NixOS - All
+configurations”.  This is especially useful if the new configuration
+fails to boot.  After the system has booted, you can make the selected
+configuration the default for subsequent boots:
+
+<screen>
+$ /run/current-system/bin/switch-to-configuration boot</screen>
+
+</para>
+
+<para>Second, you can switch to the previous configuration in a running
+system:
+
+<screen>
+$ nixos-rebuild switch --rollback</screen>
+
+This is equivalent to running:
+
+<screen>
+$ /nix/var/nix/profiles/system-<replaceable>N</replaceable>-link/bin/switch-to-configuration switch</screen>
+
+where <replaceable>N</replaceable> is the number of the NixOS system
+configuration.  To get a list of the available configurations, do:
+
+<screen>
+$ ls -l /nix/var/nix/profiles/system-*-link
+<replaceable>...</replaceable>
+lrwxrwxrwx 1 root root 78 Aug 12 13:54 /nix/var/nix/profiles/system-268-link -> /nix/store/202b...-nixos-13.07pre4932_5a676e4-4be1055
+</screen>
+
+</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Nix store corruption</title>
+
+<para>After a system crash, it’s possible for files in the Nix store
+to become corrupted.  (For instance, the Ext4 file system has the
+tendency to replace un-synced files with zero bytes.)  NixOS tries
+hard to prevent this from happening: it performs a
+<command>sync</command> before switching to a new configuration, and
+Nix’s database is fully transactional.  If corruption still occurs,
+you may be able to fix it automatically.</para>
+
+<para>If the corruption is in a path in the closure of the NixOS
+system configuration, you can fix it by doing
+
+<screen>
+$ nixos-rebuild switch --repair
+</screen>
+
+This will cause Nix to check every path in the closure, and if its
+cryptographic hash differs from the hash recorded in Nix’s database,
+the path is rebuilt or redownloaded.</para>
+
+<para>You can also scan the entire Nix store for corrupt paths:
+
+<screen>
+$ nix-store --verify --check-contents --repair
+</screen>
+
+Any corrupt paths will be redownloaded if they’re available in a
+binary cache; otherwise, they cannot be repaired.</para>
+
+</section>
+
+
+<!--===============================================================-->
+
+<section><title>Nix network issues</title>
+
+<para>Nix uses a so-called <emphasis>binary cache</emphasis> to
+optimise building a package from source into downloading it as a
+pre-built binary.  That is, whenever a command like
+<command>nixos-rebuild</command> needs a path in the Nix store, Nix
+will try to download that path from the Internet rather than build it
+from source.  The default binary cache is
+<uri>http://cache.nixos.org/</uri>.  If this cache is unreachable, Nix
+operations may take a long time due to HTTP connection timeouts.  You
+can disable the use of the binary cache by adding <option>--option
+use-binary-caches false</option>, e.g.
+
+<screen>
+$ nixos-rebuild switch --option use-binary-caches false
+</screen>
+
+If you have an alternative binary cache at your disposal, you can use
+it instead:
+
+<screen>
+$ nixos-rebuild switch --option binary-caches http://my-cache.example.org/
+</screen>
+
+</para>
+
+</section>
+
+
+</chapter>
diff --git a/nixos/gui/README b/nixos/gui/README
new file mode 100644
index 000000000000..c038314a0dc7
--- /dev/null
+++ b/nixos/gui/README
@@ -0,0 +1,16 @@
+This file should become a nix expression. (see modules/installer/tools/tools.nix)
+
+you need to:
+- download the latest jQuery from and copy it to chrome/content:
+    http://code.jquery.com/jquery-1.5.2.js
+
+- install 'xulrunner' with nix:
+    nix-env -Ai nixpkgs_sys.firefox40Pkgs.xulrunner
+
+- make sure nixos-option in your path
+
+- have /etc/nixos/nixpkgs
+- have /etc/nixos/nixos
+
+run it:
+- xulrunner /etc/nixos/nixos/gui/application.ini -jsconsole
diff --git a/nixos/gui/application.ini b/nixos/gui/application.ini
new file mode 100644
index 000000000000..d2494a1a5cd5
--- /dev/null
+++ b/nixos/gui/application.ini
@@ -0,0 +1,36 @@
+[App]
+;
+; This field specifies your organization's name.  This field is recommended,
+; but optional.
+Vendor=NixOS
+;
+; This field specifies your application's name.  This field is required.
+Name=NixOS-gui
+;
+; This field specifies your application's version.  This field is optional.
+Version=0.1
+;
+; This field specifies your application's build ID (timestamp).  This field is
+; required.
+BuildID=20110424
+;
+; This field specifies a compact copyright notice for your application.  This
+; field is optional.
+;Copyright=
+
+;
+; This ID is just an example.  Every XUL app ought to have it's own unique ID.
+; You can use the microsoft "guidgen" or "uuidgen" tools, or go on
+; irc.mozilla.org and /msg botbot uuid.  This field is optional.
+;ID=
+
+[Gecko]
+;
+; This field is required.  It specifies the minimum Gecko version that this
+; application requires.
+MinVersion=1.9a5
+;
+; This field is optional.  It specifies the maximum Gecko version that this
+; application requires.  It should be specified if your application uses
+; unfrozen interfaces.
+MaxVersion=2.*
diff --git a/nixos/gui/chrome.manifest b/nixos/gui/chrome.manifest
new file mode 100644
index 000000000000..865d6a88fb48
--- /dev/null
+++ b/nixos/gui/chrome.manifest
@@ -0,0 +1 @@
+manifest chrome/chrome.manifest
diff --git a/nixos/gui/chrome/chrome.manifest b/nixos/gui/chrome/chrome.manifest
new file mode 100644
index 000000000000..775445ee17bf
--- /dev/null
+++ b/nixos/gui/chrome/chrome.manifest
@@ -0,0 +1 @@
+content nixos-gui content/
diff --git a/nixos/gui/chrome/content/io.js b/nixos/gui/chrome/content/io.js
new file mode 100644
index 000000000000..8d9c8c173656
--- /dev/null
+++ b/nixos/gui/chrome/content/io.js
@@ -0,0 +1,137 @@
+
+function inspect(obj, maxLevels, level)
+{
+  var str = '', type, msg;
+
+    // Start Input Validations
+    // Don't touch, we start iterating at level zero
+    if(level == null)  level = 0;
+
+    // At least you want to show the first level
+    if(maxLevels == null) maxLevels = 1;
+    if(maxLevels < 1)
+        return '<font color="red">Error: Levels number must be > 0</font>';
+
+    // We start with a non null object
+    if(obj == null)
+    return '<font color="red">Error: Object <b>NULL</b></font>';
+    // End Input Validations
+
+    // Each Iteration must be indented
+    str += '<ul>';
+
+    // Start iterations for all objects in obj
+    for(property in obj)
+    {
+      try
+      {
+          // Show "property" and "type property"
+          type =  typeof(obj[property]);
+          str += '<li>(' + type + ') ' + property +
+                 ( (obj[property]==null)?(': <b>null</b>'):('')) + '</li>';
+
+          // We keep iterating if this property is an Object, non null
+          // and we are inside the required number of levels
+          if((type == 'object') && (obj[property] != null) && (level+1 < maxLevels))
+          str += inspect(obj[property], maxLevels, level+1);
+      }
+      catch(err)
+      {
+        // Is there some properties in obj we can't access? Print it red.
+        if(typeof(err) == 'string') msg = err;
+        else if(err.message)        msg = err.message;
+        else if(err.description)    msg = err.description;
+        else                        msg = 'Unknown';
+
+        str += '<li><font color="red">(Error) ' + property + ': ' + msg +'</font></li>';
+      }
+    }
+
+      // Close indent
+      str += '</ul>';
+
+    return str;
+}
+
+// Run xulrunner application.ini -jsconsole -console, to see messages.
+function log(str)
+{
+  Components.classes['@mozilla.org/consoleservice;1']
+    .getService(Components.interfaces.nsIConsoleService)
+    .logStringMessage(str);
+}
+
+function makeTempFile(prefix)
+{
+  var file = Components.classes["@mozilla.org/file/directory_service;1"]
+                       .getService(Components.interfaces.nsIProperties)
+                       .get("TmpD", Components.interfaces.nsIFile);
+  file.append(prefix || "xulrunner");
+  file.createUnique(Components.interfaces.nsIFile.NORMAL_FILE_TYPE, 0664);
+  return file;
+}
+
+function writeToFile(file, data)
+{
+  // file is nsIFile, data is a string
+  var foStream = Components.classes["@mozilla.org/network/file-output-stream;1"]
+                           .createInstance(Components.interfaces.nsIFileOutputStream);
+
+  // use 0x02 | 0x10 to open file for appending.
+  foStream.init(file, 0x02 | 0x08 | 0x20, 0664, 0); // write, create, truncate
+  foStream.write(data, data.length);
+  foStream.close();
+}
+
+function readFromFile(file)
+{
+  // |file| is nsIFile
+  var data = "";
+  var fstream = Components.classes["@mozilla.org/network/file-input-stream;1"]
+                          .createInstance(Components.interfaces.nsIFileInputStream);
+  var sstream = Components.classes["@mozilla.org/scriptableinputstream;1"]
+                          .createInstance(Components.interfaces.nsIScriptableInputStream);
+  fstream.init(file, -1, 0, 0);
+  sstream.init(fstream);
+
+  var str = sstream.read(4096);
+  while (str.length > 0) {
+    data += str;
+    str = sstream.read(4096);
+  }
+
+  sstream.close();
+  fstream.close();
+
+  return data;
+}
+
+function runProgram(commandLine)
+{
+  // create an nsILocalFile for the executable
+  var file = Components.classes["@mozilla.org/file/local;1"]
+                       .createInstance(Components.interfaces.nsILocalFile);
+  file.initWithPath("/bin/sh");
+
+  // create an nsIProcess
+  var process = Components.classes["@mozilla.org/process/util;1"]
+                          .createInstance(Components.interfaces.nsIProcess);
+  process.init(file);
+
+  // Run the process.
+  // If first param is true, calling thread will be blocked until
+  // called process terminates.
+  // Second and third params are used to pass command-line arguments
+  // to the process.
+  var args = ["-c", commandLine];
+  process.run(true, args, args.length);
+}
+
+// only for testing...
+function testIO()
+{
+  var f = makeTempFile();
+  writeToFile(f, "essai\ntest");
+  alert(readFromFile(f));
+  runProgram("zenity --info");
+}
diff --git a/nixos/gui/chrome/content/main.js b/nixos/gui/chrome/content/main.js
new file mode 100644
index 000000000000..ecfc5a8c5c99
--- /dev/null
+++ b/nixos/gui/chrome/content/main.js
@@ -0,0 +1,70 @@
+// global variables.
+var gNixOS;
+var gOptionView;
+
+/*
+var gProgressBar;
+function setProgress(current, max)
+{
+  if (gProgressBar) {
+    gProgressBar.value = 100 * current / max;
+    log("progress: " + gProgressBar.value + "%");
+  }
+  else
+    log("unknow progress bar");
+}
+*/
+
+function updateTextbox(id, value)
+{
+  // setting the height cause an overflow which resize the textbox to its
+  // content due to its onoverflow attribute.
+  $(id).attr("value", value).attr("height", 1);
+};
+
+function updatePanel(options)
+{
+  log("updatePanel: " + options.length);
+  if (options.length == 0)
+    return;
+  // FIXME: ignore the rest of the selection for now.
+  var o = options[0];
+  $("#name").attr("label", o.path);
+
+  if (o.typename != null)
+    $("#typename").attr("label", o.typename);
+  else
+    $("#typename").attr("label", "");
+
+  $("#desc").text(o.description);
+
+  if (o.value != null)
+    updateTextbox("#val", o.value);
+  else
+    updateTextbox("#val", "");
+
+  if (o.defaultValue != null)
+    updateTextbox("#def", o.defaultValue);
+  else
+    updateTextbox("#def", "");
+
+  if (o.example != null)
+    updateTextbox("#exp", o.example);
+  else
+    updateTextbox("#exp", "");
+
+  updateTextbox("#decls", o.declarations.join("\n"));
+  updateTextbox("#defs", o.definitions.join("\n"));
+}
+
+
+function onload()
+{
+  var optionTree = document.getElementById("option-tree");
+  // gProgressBar = document.getElementById("progress-bar");
+  // setProgress(0, 1);
+
+  gNixOS = new NixOS();
+  gOptionView = new OptionView(gNixOS.option, updatePanel);
+  optionTree.view = gOptionView;
+}
diff --git a/nixos/gui/chrome/content/myviewer.xul b/nixos/gui/chrome/content/myviewer.xul
new file mode 100644
index 000000000000..2aeb9391d076
--- /dev/null
+++ b/nixos/gui/chrome/content/myviewer.xul
@@ -0,0 +1,63 @@
+<?xml version="1.0"?>
+<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
+
+<!DOCTYPE window>
+
+<!-- To edit this file I recommend you to use:
+     http://xulfr.org/outils/xulediteur.xul
+  -->
+
+<window
+  id     = "nixos-gui"
+  title  = "NixOS gui"
+  width  = "800"
+  height = "600"
+  xmlns  = "http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
+  <script src="jquery-1.5.2.js"/>
+  <script src="io.js"/>
+  <script src="nixos.js"/>
+  <script src="optionView.js"/>
+  <script src="main.js"/>
+  <hbox flex="1">
+    <vbox width="250">
+      <tree flex="1" id="option-tree" persist="height" onselect="gOptionView.selectionChanged()">
+        <treecols>
+          <treecol persist="hidden width" flex="9" id="opt-name"
+                   label="Option" primary="true"/>
+          <!-- Uncomment the following column to see the number of option
+               printed below each options. -->
+          <!--
+          <treecol persist="hidden width" flex="1" id="dbg-size"
+                   label="sz"/>
+          -->
+        </treecols>
+        <treechildren id="first-child" flex="1"/>
+      </tree>
+    </vbox>
+    <vbox flex="3" style="overflow: auto">
+      <caption id="name" label=""/>
+      <caption id="typename" label=""/>
+      <separator/>
+      <description id="desc" hidden="false"></description>
+      <separator/>
+      <caption label="Value:"/>
+      <textbox id="val" readonly="true" multiline="true" value=""
+      class="plain" hidden="false" onoverflow="this.height =
+      this.inputField.scrollHeight;" />
+      <separator/>
+      <caption label="Default:"/>
+      <textbox id="def" readonly="true" multiline="true" value="" class="plain" hidden="false" onoverflow="this.height = this.inputField.scrollHeight;" />
+      <separator/>
+      <caption label="Example:"/>
+      <textbox id="exp" readonly="true" multiline="true" value="" class="plain" hidden="false" onoverflow="this.height = this.inputField.scrollHeight;" />
+      <separator/>
+      <caption label="Declarations:"/>
+      <textbox id="decls" readonly="true" multiline="true" value="" class="plain" hidden="false" onoverflow="this.height = this.inputField.scrollHeight;" />
+      <separator/>
+      <caption label="Definitions:"/>
+      <textbox id="defs" readonly="true" multiline="true" value=""
+      class="plain" hidden="false" onoverflow="this.height = this.inputField.scrollHeight;" />
+    </vbox>
+  </hbox>
+<!--  <progressmeter id="progress-bar" value="0%"/> -->
+</window>
diff --git a/nixos/gui/chrome/content/nixos.js b/nixos/gui/chrome/content/nixos.js
new file mode 100644
index 000000000000..63a3c16a573f
--- /dev/null
+++ b/nixos/gui/chrome/content/nixos.js
@@ -0,0 +1,255 @@
+
+function NixOS () {
+  var env = Components.classes["@mozilla.org/process/environment;1"].
+    getService(Components.interfaces.nsIEnvironment);
+
+  if (env.exists("NIXOS"))
+    this.nixos = env.get("NIXOS");
+  if (env.exists("NIXOS_CONFIG"))
+    this.config = env.get("NIXOS_CONFIG");
+  if (env.exists("NIXPKGS"))
+    this.nixpkgs = env.get("NIXPKGS");
+  if (env.exists("mountPoint"))
+    this.root = env.get("mountPoint");
+  if (env.exists("NIXOS_OPTION"))
+    this.optionBin = env.get("NIXOS_OPTION");
+  this.option = new Option("options", this, null);
+};
+
+NixOS.prototype = {
+  root: "",
+  nixos: "/etc/nixos/nixos",
+  nixpkgs: "/etc/nixos/nixpkgs",
+  config: "/etc/nixos/configuration.nix",
+  instantiateBin: "/run/current-system/sw/bin/nix-instantiate",
+  optionBin: "/run/current-system/sw/bin/nixos-option",
+  tmpFile: "nixos-gui",
+  option: null
+};
+
+function Option (name, context, parent) {
+  this.name = name;
+  this.context_ = context;
+  if (parent == null)
+    this.path = "";
+  else if (parent.path == "")
+    this.path = name;
+  else
+    this.path = parent.path + "." + name;
+};
+
+Option.prototype = {
+  load: function () {
+    var env = "";
+    env += "'NIXOS=" + this.context_.root + this.context_.nixos + "' ";
+    env += "'NIXOS_PKGS=" + this.context_.root + this.context_.nixpkgs + "' ";
+    env += "'NIXOS_CONFIG=" + this.context_.config + "' ";
+    var out = makeTempFile(this.context_.tmpFile);
+    var prog = this.context_.optionBin + " 2>&1 >" + out.path + " ";
+    var args = " --xml " + this.path;
+
+    runProgram(/*env + */ prog + args);
+    var xml = readFromFile(out);
+    out.remove(false);
+
+    // jQuery does a stack overflow when converting a huge XML to a DOM.
+    var dom = DOMParser().parseFromString(xml, "text/xml");
+    var xmlAttrs = $("expr > attrs > attr", dom);
+
+    this.isOption = xmlAttrs.first().attr("name") == "_isOption";
+
+    if (!this.isOption)
+      this.loadSubOptions(xmlAttrs);
+    else
+      this.loadOption(xmlAttrs);
+    this.isLoaded = true;
+  },
+
+  loadSubOptions:  function (xmlAttrs) {
+    var cur = this;
+    var attrs = new Array();
+
+    xmlAttrs.each(
+      function (index) {
+        var name = $(this).attr("name");
+        var attr = new Option(name, cur.context_, cur);
+        attrs.push(attr);
+      }
+    );
+
+    this.subOptions = attrs;
+  },
+
+  optionAttributeMap: {
+    _isOption: function (cur, v) { },
+    value: function (cur, v) { cur.value = xml2nix($(v).children().first()); },
+    default: function (cur, v) { cur.defaultValue = xml2nix($(v).children().first()); },
+    example: function (cur, v) { cur.example = xml2nix($(v).children().first()); },
+    description: function (cur, v) { cur.description = this.string(v); },
+    typename: function (cur, v) { cur.typename = this.string(v); },
+    options: function (cur, v) { cur.loadSubOptions($("attrs", v).children()); },
+    declarations: function (cur, v) { cur.declarations = this.pathList(v); },
+    definitions: function (cur, v) { cur.definitions = this.pathList(v); },
+
+    string: function (v) {
+      return $(v).children("string").first().attr("value");
+    },
+
+    pathList: function (v) {
+      var list = [];
+      $(v).children("list").first().children().each(
+        function (idx) {
+          list.push($(this).attr("value"));
+        }
+      );
+      return list;
+    }
+  },
+
+
+  loadOption: function (attrs) {
+    var cur = this;
+
+    attrs.each(
+      function (index) {
+        var name = $(this).attr("name");
+        log("loadOption: " + name);
+        cur.optionAttributeMap[name](cur, this);
+      }
+    );
+  },
+
+  // keep the context under which this option has been used.
+  context_: null,
+  // name of the option.
+  name: "",
+  // result of nixos-option.
+  value: null,
+  typename: null,
+  defaultValue: null,
+  example: null,
+  description: "",
+  declarations: [],
+  definitions: [],
+  // path to reach this option
+  path: "",
+
+  // list of options accessible from here.
+  isLoaded: false,
+  isOption: false,
+  subOptions: []
+};
+
+var xml2nix_pptable = {
+  attrs: function (node, depth, pp) {
+    var children = node.children().not(
+      function () {
+        var name = $(this).attr("name");
+        return name.charAt(0) == "_";
+      }
+    );
+    var c = 0;
+    var out = "";
+    out += "{";
+    depth += 1;
+    children.each(
+      function (idx) {
+        c += 1;
+        out += pp.indent(depth);
+        out += pp.dispatch($(this), depth, pp);
+      }
+    );
+    depth -= 1;
+    if (c > 0)
+      out += this.indent(depth);
+    else
+      out += " ";
+    out += "}";
+    return out;
+  },
+  list: function (node, depth, pp) {
+    var children = node.children();
+    var c = 0;
+    var out = "";
+    out += "[";
+    depth += 1;
+    children.each(
+      function (idx) {
+        c += 1;
+        out += pp.indent(depth);
+        out += pp.dispatch($(this), depth, pp);
+      }
+    );
+    depth -= 1;
+    if (c > 0)
+      out += this.indent(depth);
+    else
+      out += " ";
+    out += "]";
+    return out;
+  },
+  attr: function (node, depth, pp) {
+    var name = node.attr("name");
+    var out = "";
+    var val = "";
+    out += name + " = ";
+    depth += 1;
+    val = pp.dispatch(node.children().first(), depth, pp);
+    out += val;
+    depth -= 1;
+    out += ";";
+    return out;
+  },
+  string: function (node, depth, pp) {
+    return "\"" + node.attr("value") + "\"";
+  },
+  path: function (node, depth, pp) {
+    return node.attr("value");
+  },
+  bool: function (node, depth, pp) {
+    return node.attr("value");
+  },
+  "int": function (node, depth, pp) {
+    return node.attr("value");
+  },
+  null: function (node, depth, pp) {
+    return "null";
+  },
+  derivation: function (node, depth, pp) {
+    return "<derivation>";
+  },
+  function: function (node, depth, pp) {
+    return "<function>";
+  },
+  unevaluated: function (node, depth, pp) {
+    return "<unevaluated>";
+  },
+
+  dispatch: function (node, depth, pp) {
+    for (var key in pp)
+    {
+      if(node.is(key))
+      {
+        // log(this.indent(depth) + "dispatch: " + key);
+        var out = pp[key](node, depth, pp);
+        // log(this.indent(depth) + "dispatch: => " + out);
+        return out;
+      }
+    }
+    return "<dispatch-error>";
+  },
+  indent: function (depth) {
+    var ret = "\n";
+    while (depth--)
+      ret += "  ";
+    return ret;
+  }
+};
+
+function xml2nix(node) {
+  var depth = 0;
+  var pp = xml2nix_pptable;
+  var out = pp.dispatch(node, depth, pp);
+  // log("pretty:\n" + out);
+  return out;
+}
diff --git a/nixos/gui/chrome/content/optionView.js b/nixos/gui/chrome/content/optionView.js
new file mode 100644
index 000000000000..0d093740fe25
--- /dev/null
+++ b/nixos/gui/chrome/content/optionView.js
@@ -0,0 +1,242 @@
+// extend NixOS options to handle the Tree View.  Should be better to keep a
+// separation of concern here.
+
+Option.prototype.tv_opened = false;
+Option.prototype.tv_size = 1;
+
+Option.prototype.tv_open = function () {
+  this.tv_opened = true;
+  this.tv_size = 1;
+
+  // load an option if it is not loaded yet, and initialize them to be
+  // read by the Option view.
+  if (!this.isLoaded)
+    this.load();
+
+  // If this is not an option, then add it's lits of sub-options size.
+  if (!this.isOption)
+  {
+    for (var i = 0; i < this.subOptions.length; i++)
+      this.tv_size += this.subOptions[i].tv_size;
+  }
+};
+
+Option.prototype.tv_close = function () {
+  this.tv_opened = false;
+  this.tv_size = 1;
+};
+
+
+
+
+function OptionView (root, selCallback) {
+  root.tv_open();
+  this.rootOption = root;
+  this.selCallback = selCallback;
+}
+
+OptionView.prototype = {
+  rootOption: null,
+  selCallback: null,
+
+  // This function returns the path to option which is at the specified row.
+  reach_cache: null,
+  reachRow: function (row) {
+    var o = this.rootOption; // Current option.
+    var r = 0; // Number of rows traversed.
+    var c = 0; // Child index.
+    var path = [{ row: r, opt: o }]; // new Array();
+    // hypothesis: this.rootOption.tv_size is always open and bigger than
+
+    // Use the previous returned value to avoid making to many checks and to
+    // optimize for frequent access of near rows.
+    if (this.reach_cache != null)
+    {
+      for (var i = this.reach_cache.length - 2; i >= 0; i--) {
+        var p = this.reach_cache[i];
+        // If we will have to go the same path.
+        if (row >= p.row && row < p.row + p.opt.tv_size)
+        {
+          path.unshift(p);
+          r = path[0].row;
+          o = path[0].opt;
+        }
+        else
+          break;
+      };
+    }
+
+    while (r != row)
+    {
+      // Go deeper in the child which contains the requested row.  The
+      // tv_size contains the size of the tree starting from each option.
+      c = 0;
+      while (c < o.subOptions.length && r + o.subOptions[c].tv_size < row)
+      {
+        r += o.subOptions[c].tv_size;
+        c += 1;
+      }
+      if (c < o.subOptions.length && r + o.subOptions[c].tv_size >= row)
+      {
+        // Count the current option as a row.
+        o = o.subOptions[c];
+        r += 1;
+      }
+      else
+        alert("WTF: " + o.name + " ask: " + row + " children: " + o.subOptions + " c: " + c);
+      path.unshift({ row: r, opt: o });
+    }
+
+    this.reach_cache = path;
+    return path;
+  },
+
+  // needs to return true if there is a /row/ at the same level /after/ a
+  // given row.
+  hasNextSibling: function(row, after) {
+    log("sibling " + row + " after " + after);
+    var path = reachRow(row);
+    if (path.length > 1)
+    {
+      var last = path[1].row + path[1].opt.tv_size;
+      // Has a next sibling if the row is not over the size of the
+      // parent and if the current one is not the last child.
+      return after + 1 < last && path[0].row + path[0].opt.tv_size < last;
+    }
+    else
+      // The top-level option has no sibling.
+      return false;
+  },
+
+  // Does the current row contain any sub-options?
+  isContainer: function(row) {
+    return !this.reachRow(row)[0].opt.isOption;
+  },
+  isContainerEmpty: function(row) {
+    return this.reachRow(row)[0].opt.subOptions.length == 0;
+  },
+  isContainerOpen: function(row) {
+    return this.reachRow(row)[0].opt.tv_opened;
+  },
+
+  // Open or close an option.
+  toggleOpenState: function (row) {
+    var path = this.reachRow(row);
+    var delta = -path[0].opt.tv_size;
+    if (path[0].opt.tv_opened)
+      path[0].opt.tv_close();
+    else
+      path[0].opt.tv_open();
+    delta += path[0].opt.tv_size;
+
+    // Parents are alreay opened, but we need to update the tv_size
+    // counters.  Thus we have to invalidate the reach cache.
+    this.reach_cache = null;
+    for (var i = 1; i < path.length; i++)
+      path[i].opt.tv_open();
+
+    this.tree.rowCountChanged(row + 1, delta);
+  },
+
+  // Return the identation level of the option at the line /row/.  The
+  // top-level level is 0.
+  getLevel: function(row) {
+    return this.reachRow(row).length - 1;
+  },
+
+  // Obtain the index of a parent row. If there is no parent row,
+  // returns -1.
+  getParentIndex: function(row) {
+    var path = this.reachRow(row);
+    if (path.length > 1)
+      return path[1].row;
+    else
+      return -1;
+  },
+
+
+  // Return the content of each row base on the column name.
+  getCellText: function(row, column) {
+    if (column.id == "opt-name")
+      return this.reachRow(row)[0].opt.name;
+    if (column.id == "dbg-size")
+      return this.reachRow(row)[0].opt.tv_size;
+    return "";
+  },
+
+  // We have no column with images.
+  getCellValue: function(row, column) { },
+
+
+  isSelectable: function(row, column) { return true; },
+
+  // Get the selection out of the tree and give options to the call back
+  // function.
+  selectionChanged: function() {
+    if (this.selCallback == null)
+      return;
+    var opts = [];
+    var start = new Object();
+    var end = new Object();
+    var numRanges = this.tree.view.selection.getRangeCount();
+
+    for (var t = 0; t < numRanges; t++) {
+      this.tree.view.selection.getRangeAt(t,start,end);
+      for (var v = start.value; v <= end.value; v++) {
+        var opt = this.reachRow(v)[0].opt;
+        if (!opt.isLoaded)
+          opt.load();
+        if (opt.isOption)
+          opts.push(opt);
+
+        // FIXME: no need to make things slowing down, because our current
+        // callback do not handle multiple option display.
+        if (!opts.empty)
+          break;
+      }
+      // FIXME: no need to make things slowing down, because our current
+      // callback do not handle multiple option display.
+      if (!opts.empty)
+        break;
+    }
+
+    if (!opts.empty)
+      this.selCallback(opts);
+  },
+
+  set rowCount(c) { throw "rowCount is a readonly property"; },
+  get rowCount() { return this.rootOption.tv_size; },
+
+  // refuse drag-n-drop of options.
+  canDrop: function (index, orientation, dataTransfer) { return false; },
+  drop: function (index, orientation, dataTransfer) { },
+
+  // ?
+  getCellProperties: function(row, column, prop) { },
+  getColumnProperties: function(column, prop) { },
+  getRowProperties: function(row, prop) { },
+  getImageSrc: function(row, column) { },
+
+  // No progress columns are used.
+  getProgressMode: function(row, column) { },
+
+  // Do not add options yet.
+  isEditable: function(row, column) { return false; },
+  setCellValue: function(row, column, value) { },
+  setCellText: function(row, column, value) { },
+
+  // ...
+  isSeparator: function(index) { return false; },
+  isSorted: function() { return false; },
+  performAction: function(action) { },
+  performActionOnCell: function(action, row, column) { },
+  performActionOnRow: function(action, row) { }, // ??
+
+  // ??
+  cycleCell: function (row, col) { },
+  cycleHeader: function(col) { },
+
+  selection: null,
+  tree: null,
+  setTree: function(tree) { this.tree = tree; }
+};
diff --git a/nixos/gui/components/clh.js b/nixos/gui/components/clh.js
new file mode 100644
index 000000000000..fd85422d6c85
--- /dev/null
+++ b/nixos/gui/components/clh.js
@@ -0,0 +1,154 @@
+const nsIAppShellService    = Components.interfaces.nsIAppShellService;
+const nsISupports           = Components.interfaces.nsISupports;
+const nsICategoryManager    = Components.interfaces.nsICategoryManager;
+const nsIComponentRegistrar = Components.interfaces.nsIComponentRegistrar;
+const nsICommandLine        = Components.interfaces.nsICommandLine;
+const nsICommandLineHandler = Components.interfaces.nsICommandLineHandler;
+const nsIFactory            = Components.interfaces.nsIFactory;
+const nsIModule             = Components.interfaces.nsIModule;
+const nsIWindowWatcher      = Components.interfaces.nsIWindowWatcher;
+
+// CHANGEME: to the chrome URI of your extension or application
+const CHROME_URI = "chrome://nixos-gui/content/myviewer.xul";
+
+// CHANGEME: change the contract id, CID, and category to be unique
+// to your application.
+const clh_contractID = "@mozilla.org/commandlinehandler/general-startup;1?type=myapp";
+
+// use uuidgen to generate a unique ID
+const clh_CID = Components.ID("{2991c315-b871-42cd-b33f-bfee4fcbf682}");
+
+// category names are sorted alphabetically. Typical command-line handlers use a
+// category that begins with the letter "m".
+const clh_category = "m-myapp";
+
+/**
+ * Utility functions
+ */
+
+/**
+ * Opens a chrome window.
+ * @param aChromeURISpec a string specifying the URI of the window to open.
+ * @param aArgument an argument to pass to the window (may be null)
+ */
+function openWindow(aChromeURISpec, aArgument)
+{
+  var ww = Components.classes["@mozilla.org/embedcomp/window-watcher;1"].
+    getService(Components.interfaces.nsIWindowWatcher);
+  ww.openWindow(null, aChromeURISpec, "_blank",
+                "chrome,menubar,toolbar,status,resizable,dialog=no",
+                aArgument);
+}
+ 
+/**
+ * The XPCOM component that implements nsICommandLineHandler.
+ * It also implements nsIFactory to serve as its own singleton factory.
+ */
+const myAppHandler = {
+  /* nsISupports */
+  QueryInterface : function clh_QI(iid)
+  {
+    if (iid.equals(nsICommandLineHandler) ||
+        iid.equals(nsIFactory) ||
+        iid.equals(nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  },
+
+  /* nsICommandLineHandler */
+
+  handle : function clh_handle(cmdLine)
+  {
+    openWindow(CHROME_URI, cmdLine);
+    cmdLine.preventDefault = true;
+  },
+
+  // CHANGEME: change the help info as appropriate, but
+  // follow the guidelines in nsICommandLineHandler.idl
+  // specifically, flag descriptions should start at
+  // character 24, and lines should be wrapped at
+  // 72 characters with embedded newlines,
+  // and finally, the string should end with a newline
+  helpInfo : "  <filename>           Open the file in the viewer\n",
+
+  /* nsIFactory */
+
+  createInstance : function clh_CI(outer, iid)
+  {
+    if (outer != null)
+      throw Components.results.NS_ERROR_NO_AGGREGATION;
+
+    return this.QueryInterface(iid);
+  },
+
+  lockFactory : function clh_lock(lock)
+  {
+    /* no-op */
+  }
+};
+
+/**
+ * The XPCOM glue that implements nsIModule
+ */
+const myAppHandlerModule = {
+  /* nsISupports */
+  QueryInterface : function mod_QI(iid)
+  {
+    if (iid.equals(nsIModule) ||
+        iid.equals(nsISupports))
+      return this;
+
+    throw Components.results.NS_ERROR_NO_INTERFACE;
+  },
+
+  /* nsIModule */
+  getClassObject : function mod_gch(compMgr, cid, iid)
+  {
+    if (cid.equals(clh_CID))
+      return myAppHandler.QueryInterface(iid);
+
+    throw Components.results.NS_ERROR_NOT_REGISTERED;
+  },
+
+  registerSelf : function mod_regself(compMgr, fileSpec, location, type)
+  {
+    compMgr.QueryInterface(nsIComponentRegistrar);
+
+    compMgr.registerFactoryLocation(clh_CID,
+                                    "myAppHandler",
+                                    clh_contractID,
+                                    fileSpec,
+                                    location,
+                                    type);
+
+    var catMan = Components.classes["@mozilla.org/categorymanager;1"].
+      getService(nsICategoryManager);
+    catMan.addCategoryEntry("command-line-handler",
+                            clh_category,
+                            clh_contractID, true, true);
+  },
+
+  unregisterSelf : function mod_unreg(compMgr, location, type)
+  {
+    compMgr.QueryInterface(nsIComponentRegistrar);
+    compMgr.unregisterFactoryLocation(clh_CID, location);
+
+    var catMan = Components.classes["@mozilla.org/categorymanager;1"].
+      getService(nsICategoryManager);
+    catMan.deleteCategoryEntry("command-line-handler", clh_category);
+  },
+
+  canUnload : function (compMgr)
+  {
+    return true;
+  }
+};
+
+/* The NSGetModule function is the magic entry point that XPCOM uses to find what XPCOM objects
+ * this component provides
+ */
+function NSGetModule(comMgr, fileSpec)
+{
+  return myAppHandlerModule;
+}
diff --git a/nixos/gui/defaults/preferences/myviewer-prefs.js b/nixos/gui/defaults/preferences/myviewer-prefs.js
new file mode 100644
index 000000000000..e10fa18c0d8e
--- /dev/null
+++ b/nixos/gui/defaults/preferences/myviewer-prefs.js
@@ -0,0 +1,11 @@
+pref("toolkit.defaultChromeURI", "chrome://nixos-gui/content/myviewer.xul");
+pref("general.useragent.extra.myviewer", "NixOS gui/0.0");
+
+/* debugging prefs */
+pref("browser.dom.window.dump.enabled", true);  // enable output to stderr
+pref("javascript.options.showInConsole", true); // show javascript errors from chrome: files in the jsconsole
+pref("javascript.options.strict", true);        // show javascript strict warnings in the jsconsole
+
+/* disable xul cache so that modifications to chrome: files apply without restarting xulrunner */
+pref("nglayout.debug.disable_xul_cache", true); 
+pref("nglayout.debug.disable_xul_fastload", true);
diff --git a/nixos/lib/build-vms.nix b/nixos/lib/build-vms.nix
new file mode 100644
index 000000000000..d20fbc1cc663
--- /dev/null
+++ b/nixos/lib/build-vms.nix
@@ -0,0 +1,87 @@
+{ system, minimal ? false }:
+
+let pkgs = import ./nixpkgs.nix { config = {}; inherit system; }; in
+
+with pkgs.lib;
+with import ../lib/qemu-flags.nix;
+
+rec {
+
+  inherit pkgs;
+
+
+  # Build a virtual network from an attribute set `{ machine1 =
+  # config1; ... machineN = configN; }', where `machineX' is the
+  # hostname and `configX' is a NixOS system configuration.  Each
+  # machine is given an arbitrary IP address in the virtual network.
+  buildVirtualNetwork =
+    nodes: let nodesOut = mapAttrs (n: buildVM nodesOut) (assignIPAddresses nodes); in nodesOut;
+
+
+  buildVM =
+    nodes: configurations:
+
+    import ./eval-config.nix {
+      inherit system;
+      modules = configurations ++
+        [ ../modules/virtualisation/qemu-vm.nix
+          ../modules/testing/test-instrumentation.nix # !!! should only get added for automated test runs
+          { key = "no-manual"; services.nixosManual.enable = false; }
+        ] ++ optional minimal ../modules/testing/minimal-kernel.nix;
+      extraArgs = { inherit nodes; };
+    };
+
+
+  # Given an attribute set { machine1 = config1; ... machineN =
+  # configN; }, sequentially assign IP addresses in the 192.168.1.0/24
+  # range to each machine, and set the hostname to the attribute name.
+  assignIPAddresses = nodes:
+
+    let
+
+      machines = attrNames nodes;
+
+      machinesNumbered = zipTwoLists machines (range 1 254);
+
+      nodes_ = flip map machinesNumbered (m: nameValuePair m.first
+        [ ( { config, pkgs, nodes, ... }:
+            let
+              interfacesNumbered = zipTwoLists config.virtualisation.vlans (range 1 255);
+              interfaces = flip map interfacesNumbered ({ first, second }:
+                nameValuePair "eth${toString second}"
+                  { ipAddress = "192.168.${toString first}.${toString m.second}";
+                    subnetMask = "255.255.255.0";
+                  });
+            in
+            { key = "ip-address";
+              config =
+                { networking.hostName = m.first;
+
+                  networking.interfaces = listToAttrs interfaces;
+
+                  networking.primaryIPAddress =
+                    optionalString (interfaces != []) (head interfaces).value.ipAddress;
+
+                  # Put the IP addresses of all VMs in this machine's
+                  # /etc/hosts file.  If a machine has multiple
+                  # interfaces, use the IP address corresponding to
+                  # the first interface (i.e. the first network in its
+                  # virtualisation.vlans option).
+                  networking.extraHosts = flip concatMapStrings machines
+                    (m: let config = (getAttr m nodes).config; in
+                      optionalString (config.networking.primaryIPAddress != "")
+                        ("${config.networking.primaryIPAddress} " +
+                         "${config.networking.hostName}\n"));
+
+                  virtualisation.qemu.options =
+                    flip map interfacesNumbered
+                      ({ first, second }: qemuNICFlags second first m.second);
+                };
+            }
+          )
+          (getAttr m.first nodes)
+        ] );
+
+    in listToAttrs nodes_;
+
+}
diff --git a/nixos/lib/channel-expr.nix b/nixos/lib/channel-expr.nix
new file mode 100644
index 000000000000..453bdd506b88
--- /dev/null
+++ b/nixos/lib/channel-expr.nix
@@ -0,0 +1,6 @@
+{ system ? builtins.currentSystem }:
+
+{ pkgs =
+    (import nixpkgs/default.nix { inherit system; })
+    // { recurseForDerivations = true; };
+}
diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
new file mode 100644
index 000000000000..5e1ce69158fd
--- /dev/null
+++ b/nixos/lib/eval-config.nix
@@ -0,0 +1,64 @@
+# From an end-user configuration file (`configuration'), build a NixOS
+# configuration object (`config') from which we can retrieve option
+# values.
+
+{ system ? builtins.currentSystem
+, pkgs ? null
+, baseModules ? import ../modules/module-list.nix
+, extraArgs ? {}
+, modules
+, check ? true
+}:
+
+let extraArgs_ = extraArgs; pkgs_ = pkgs; system_ = system; in
+
+rec {
+
+  # Merge the option definitions in all modules, forming the full
+  # system configuration.
+  inherit (pkgs.lib.evalModules {
+    modules = modules ++ baseModules;
+    args = extraArgs;
+    check = check && options.environment.checkConfigurationOptions.value;
+  }) config options;
+
+  # These are the extra arguments passed to every module.  In
+  # particular, Nixpkgs is passed through the "pkgs" argument.
+  extraArgs = extraArgs_ // {
+    inherit pkgs modules baseModules;
+    modulesPath = ../modules;
+    pkgs_i686 = import ./nixpkgs.nix { system = "i686-linux"; };
+    utils = import ./utils.nix pkgs;
+  };
+
+  # Import Nixpkgs, allowing the NixOS option nixpkgs.config to
+  # specify the Nixpkgs configuration (e.g., to set package options
+  # such as firefox.enableGeckoMediaPlayer, or to apply global
+  # overrides such as changing GCC throughout the system), and the
+  # option nixpkgs.system to override the platform type.  This is
+  # tricky, because we have to prevent an infinite recursion: "pkgs"
+  # is passed as an argument to NixOS modules, but the value of "pkgs"
+  # depends on config.nixpkgs.config, which we get from the modules.
+  # So we call ourselves here with "pkgs" explicitly set to an
+  # instance that doesn't depend on nixpkgs.config.
+  pkgs =
+    if pkgs_ != null
+    then pkgs_
+    else import ./nixpkgs.nix (
+      let
+        system = if nixpkgsOptions.system != "" then nixpkgsOptions.system else system_;
+        nixpkgsOptions = (import ./eval-config.nix {
+          inherit system extraArgs modules;
+          # For efficiency, leave out most NixOS modules; they don't
+          # define nixpkgs.config, so it's pointless to evaluate them.
+          baseModules = [ ../modules/misc/nixpkgs.nix ];
+          pkgs = import ./nixpkgs.nix { system = system_; config = {}; };
+          check = false;
+        }).config.nixpkgs;
+      in
+      {
+        inherit system;
+        inherit (nixpkgsOptions) config;
+      });
+
+}
diff --git a/nixos/lib/from-env.nix b/nixos/lib/from-env.nix
new file mode 100644
index 000000000000..6bd71e40e9a1
--- /dev/null
+++ b/nixos/lib/from-env.nix
@@ -0,0 +1,4 @@
+# TODO: remove this file. There is lib.maybeEnv now
+name: default:
+let value = builtins.getEnv name; in
+if value == "" then default else value
diff --git a/nixos/lib/make-iso9660-image.nix b/nixos/lib/make-iso9660-image.nix
new file mode 100644
index 000000000000..5ad546e9534d
--- /dev/null
+++ b/nixos/lib/make-iso9660-image.nix
@@ -0,0 +1,60 @@
+{ stdenv, perl, cdrkit, pathsFromGraph
+
+, # The file name of the resulting ISO image.
+  isoName ? "cd.iso"
+
+, # The files and directories to be placed in the ISO file system.
+  # This is a list of attribute sets {source, target} where `source'
+  # is the file system object (regular file or directory) to be
+  # grafted in the file system at path `target'.
+  contents
+
+, # In addition to `contents', the closure of the store paths listed
+  # in `packages' are also placed in the Nix store of the CD.  This is
+  # a list of attribute sets {object, symlink} where `object' if a
+  # store path whose closure will be copied, and `symlink' is a
+  # symlink to `object' that will be added to the CD.
+  storeContents ? []
+
+, # Whether this should be an El-Torito bootable CD.
+  bootable ? false
+
+, # Whether this should be an efi-bootable El-Torito CD.
+  efiBootable ? false
+
+, # The path (in the ISO file system) of the boot image.
+  bootImage ? ""
+
+, # The path (in the ISO file system) of the efi boot image.
+  efiBootImage ? ""
+
+, # Whether to compress the resulting ISO image with bzip2.
+  compressImage ? false
+
+, # The volume ID.
+  volumeID ? ""
+
+}:
+
+assert bootable -> bootImage != "";
+assert efiBootable -> efiBootImage != "";
+
+stdenv.mkDerivation {
+  name = "iso9660-image";
+  builder = ./make-iso9660-image.sh;
+  buildInputs = [perl cdrkit];
+
+  inherit isoName bootable bootImage compressImage volumeID pathsFromGraph efiBootImage efiBootable;
+
+  # !!! should use XML.
+  sources = map (x: x.source) contents;
+  targets = map (x: x.target) contents;
+
+  # !!! should use XML.
+  objects = map (x: x.object) storeContents;
+  symlinks = map (x: x.symlink) storeContents;
+
+  # For obtaining the closure of `storeContents'.
+  exportReferencesGraph =
+    map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents;
+}
diff --git a/nixos/lib/make-iso9660-image.sh b/nixos/lib/make-iso9660-image.sh
new file mode 100644
index 000000000000..89b681ed2cd5
--- /dev/null
+++ b/nixos/lib/make-iso9660-image.sh
@@ -0,0 +1,91 @@
+source $stdenv/setup
+
+sources_=($sources)
+targets_=($targets)
+
+objects=($objects)
+symlinks=($symlinks)
+
+
+# Remove the initial slash from a path, since genisofs likes it that way.
+stripSlash() {
+    res="$1"
+    if test "${res:0:1}" = /; then res=${res:1}; fi
+}
+
+stripSlash "$bootImage"; bootImage="$res"
+
+
+if test -n "$bootable"; then
+
+    # The -boot-info-table option modifies the $bootImage file, so
+    # find it in `contents' and make a copy of it (since the original
+    # is read-only in the Nix store...).
+    for ((i = 0; i < ${#targets_[@]}; i++)); do
+        stripSlash "${targets_[$i]}"
+        if test "$res" = "$bootImage"; then
+            echo "copying the boot image ${sources_[$i]}"
+            cp "${sources_[$i]}" boot.img
+            chmod u+w boot.img
+            sources_[$i]=boot.img
+        fi
+    done
+
+    bootFlags="-b $bootImage -c .boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table"
+fi
+
+if test -n "$efiBootable"; then
+    bootFlags="$bootFlags -eltorito-alt-boot -e $efiBootImage -no-emul-boot"
+fi
+
+touch pathlist
+
+
+# Add the individual files.
+for ((i = 0; i < ${#targets_[@]}; i++)); do
+    stripSlash "${targets_[$i]}"
+    echo "$res=${sources_[$i]}" >> pathlist
+done
+
+
+# Add the closures of the top-level store objects.
+storePaths=$(perl $pathsFromGraph closure-*)
+for i in $storePaths; do
+    echo "${i:1}=$i" >> pathlist
+done
+
+
+# Also include a manifest of the closures in a format suitable for
+# nix-store --load-db.
+if [ -n "$object" ]; then
+    printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
+    echo "nix-path-registration=nix-path-registration" >> pathlist
+fi
+
+
+# Add symlinks to the top-level store objects.
+for ((n = 0; n < ${#objects[*]}; n++)); do
+    object=${objects[$n]}
+    symlink=${symlinks[$n]}
+    if test "$symlink" != "none"; then
+        mkdir -p $(dirname ./$symlink)
+        ln -s $object ./$symlink
+        echo "$symlink=./$symlink" >> pathlist
+    fi
+done
+
+# !!! what does this do?
+cat pathlist | sed -e 's/=\(.*\)=\(.*\)=/\\=\1=\2\\=/' | tee pathlist.safer
+
+
+ensureDir $out/iso
+genCommand="genisoimage -iso-level 4 -r -J $bootFlags -hide-rr-moved -graft-points -path-list pathlist.safer ${volumeID:+-V $volumeID}"
+if test -z "$compressImage"; then
+    $genCommand -o $out/iso/$isoName
+else
+    $genCommand | bzip2 > $out/iso/$isoName.bz2
+fi
+
+
+ensureDir $out/nix-support
+echo $system > $out/nix-support/system
diff --git a/nixos/lib/make-squashfs.nix b/nixos/lib/make-squashfs.nix
new file mode 100644
index 000000000000..3b640334e17a
--- /dev/null
+++ b/nixos/lib/make-squashfs.nix
@@ -0,0 +1,30 @@
+{ stdenv, squashfsTools, perl, pathsFromGraph
+
+, # The root directory of the squashfs filesystem is filled with the
+  # closures of the Nix store paths listed here.
+  storeContents ? []
+}:
+
+stdenv.mkDerivation {
+  name = "squashfs.img";
+
+  buildInputs = [perl squashfsTools];
+
+  # For obtaining the closure of `storeContents'.
+  exportReferencesGraph =
+    map (x: [("closure-" + baseNameOf x) x]) storeContents;
+
+  buildCommand =
+    ''
+      # Add the closures of the top-level store objects.
+      storePaths=$(perl ${pathsFromGraph} closure-*)
+
+      # Also include a manifest of the closures in a format suitable
+      # for nix-store --load-db.
+      printRegistration=1 perl ${pathsFromGraph} closure-* > nix-path-registration
+
+      # Generate the squashfs image.
+      mksquashfs nix-path-registration $storePaths $out \
+        -keep-as-directory -all-root
+    '';
+}
diff --git a/nixos/lib/make-system-tarball.nix b/nixos/lib/make-system-tarball.nix
new file mode 100644
index 000000000000..8fed9a348827
--- /dev/null
+++ b/nixos/lib/make-system-tarball.nix
@@ -0,0 +1,38 @@
+{ stdenv, perl, xz, pathsFromGraph
+
+, # The file name of the resulting tarball
+  fileName ? "nixos-system-${stdenv.system}"
+
+, # The files and directories to be placed in the tarball.
+  # This is a list of attribute sets {source, target} where `source'
+  # is the file system object (regular file or directory) to be
+  # grafted in the file system at path `target'.
+  contents
+
+, # In addition to `contents', the closure of the store paths listed
+  # in `packages' are also placed in the Nix store of the tarball.  This is
+  # a list of attribute sets {object, symlink} where `object' if a
+  # store path whose closure will be copied, and `symlink' is a
+  # symlink to `object' that will be added to the tarball.
+  storeContents ? []
+}:
+
+stdenv.mkDerivation {
+  name = "tarball";
+  builder = ./make-system-tarball.sh;
+  buildInputs = [perl xz];
+
+  inherit fileName pathsFromGraph;
+
+  # !!! should use XML.
+  sources = map (x: x.source) contents;
+  targets = map (x: x.target) contents;
+
+  # !!! should use XML.
+  objects = map (x: x.object) storeContents;
+  symlinks = map (x: x.symlink) storeContents;
+
+  # For obtaining the closure of `storeContents'.
+  exportReferencesGraph =
+    map (x: [("closure-" + baseNameOf x.object) x.object]) storeContents;
+}
diff --git a/nixos/lib/make-system-tarball.sh b/nixos/lib/make-system-tarball.sh
new file mode 100644
index 000000000000..aadd0f6428c8
--- /dev/null
+++ b/nixos/lib/make-system-tarball.sh
@@ -0,0 +1,58 @@
+source $stdenv/setup
+set -x
+
+sources_=($sources)
+targets_=($targets)
+
+echo $objects
+objects=($objects)
+symlinks=($symlinks)
+
+
+# Remove the initial slash from a path, since genisofs likes it that way.
+stripSlash() {
+    res="$1"
+    if test "${res:0:1}" = /; then res=${res:1}; fi
+}
+
+touch pathlist
+
+# Add the individual files.
+for ((i = 0; i < ${#targets_[@]}; i++)); do
+    stripSlash "${targets_[$i]}"
+    mkdir -p "$(dirname "$res")"
+    cp -a "${sources_[$i]}" "$res"
+done
+
+
+# Add the closures of the top-level store objects.
+mkdir -p nix/store
+storePaths=$(perl $pathsFromGraph closure-*)
+for i in $storePaths; do
+    cp -a "$i" "${i:1}"
+done
+
+
+# TODO tar ruxo 
+# Also include a manifest of the closures in a format suitable for
+# nix-store --load-db.
+printRegistration=1 perl $pathsFromGraph closure-* > nix-path-registration
+
+# Add symlinks to the top-level store objects.
+for ((n = 0; n < ${#objects[*]}; n++)); do
+    object=${objects[$n]}
+    symlink=${symlinks[$n]}
+    if test "$symlink" != "none"; then
+        mkdir -p $(dirname ./$symlink)
+        ln -s $object ./$symlink
+    fi
+done
+
+ensureDir $out/tarball
+
+tar cvJf $out/tarball/$fileName.tar.xz *
+
+ensureDir $out/nix-support
+echo $system > $out/nix-support/system
+echo "file system-tarball $out/tarball/$fileName.tar.xz" > $out/nix-support/hydra-build-products
+
diff --git a/nixos/lib/nixpkgs.nix b/nixos/lib/nixpkgs.nix
new file mode 100644
index 000000000000..10096f58c79a
--- /dev/null
+++ b/nixos/lib/nixpkgs.nix
@@ -0,0 +1,8 @@
+/* Terrible backward compatibility hack to get the path to Nixpkgs
+   from here.  Usually, that's the relative path ‘../..’.  However,
+   when using the NixOS channel, <nixos> resolves to a symlink to
+   nixpkgs/nixos, so ‘../..’ doesn't resolve to the top-level Nixpkgs
+   directory but one above it.  So check for that situation. */
+if builtins.pathExists ../../.version then import ../..
+else if builtins.pathExists ../../nixpkgs then import ../../nixpkgs
+else abort "Can't find Nixpkgs, please set ‘NIX_PATH=nixpkgs=/path/to/nixpkgs’."
diff --git a/nixos/lib/qemu-flags.nix b/nixos/lib/qemu-flags.nix
new file mode 100644
index 000000000000..de355b08918c
--- /dev/null
+++ b/nixos/lib/qemu-flags.nix
@@ -0,0 +1,10 @@
+# QEMU flags shared between various Nix expressions.
+
+{
+
+  qemuNICFlags = nic: net: machine:
+    [ "-net nic,vlan=${toString nic},macaddr=52:54:00:12:${toString net}:${toString machine},model=virtio"
+      "-net vde,vlan=${toString nic},sock=$QEMU_VDE_SOCKET_${toString net}"
+    ];
+
+}
diff --git a/nixos/lib/test-driver/Logger.pm b/nixos/lib/test-driver/Logger.pm
new file mode 100644
index 000000000000..6e62fdfd7708
--- /dev/null
+++ b/nixos/lib/test-driver/Logger.pm
@@ -0,0 +1,70 @@
+package Logger;
+
+use strict;
+use Thread::Queue;
+use XML::Writer;
+
+sub new {
+    my ($class) = @_;
+    
+    my $logFile = defined $ENV{LOGFILE} ? "$ENV{LOGFILE}" : "/dev/null";
+    my $log = new XML::Writer(OUTPUT => new IO::File(">$logFile"));
+    
+    my $self = {
+        log => $log,
+        logQueue => Thread::Queue->new()
+    };
+    
+    $self->{log}->startTag("logfile");
+    
+    bless $self, $class;
+    return $self;
+}
+
+sub close {
+    my ($self) = @_;
+    $self->{log}->endTag("logfile");
+    $self->{log}->end;
+}
+
+sub drainLogQueue {
+    my ($self) = @_;
+    while (defined (my $item = $self->{logQueue}->dequeue_nb())) {
+        $self->{log}->dataElement("line", sanitise($item->{msg}), 'machine' => $item->{machine}, 'type' => 'serial');
+    }
+}
+
+sub maybePrefix {
+    my ($msg, $attrs) = @_;
+    $msg = $attrs->{machine} . ": " . $msg if defined $attrs->{machine};
+    return $msg;
+}
+
+sub nest {
+    my ($self, $msg, $coderef, $attrs) = @_;
+    print STDERR maybePrefix("$msg\n", $attrs);
+    $self->{log}->startTag("nest");
+    $self->{log}->dataElement("head", $msg, %{$attrs});
+    $self->drainLogQueue();
+    eval { &$coderef };
+    my $res = $@;
+    $self->drainLogQueue();
+    $self->{log}->endTag("nest");
+    die $@ if $@;
+}
+
+sub sanitise {
+    my ($s) = @_;
+    $s =~ s/[[:cntrl:]\xff]//g;
+    return $s;
+}
+
+sub log {
+    my ($self, $msg, $attrs) = @_;
+    chomp $msg;
+    print STDERR maybePrefix("$msg\n", $attrs);
+    $self->drainLogQueue();
+    $self->{log}->dataElement("line", $msg, %{$attrs});
+}
+
+1;
diff --git a/nixos/lib/test-driver/Machine.pm b/nixos/lib/test-driver/Machine.pm
new file mode 100644
index 000000000000..a28214ea934f
--- /dev/null
+++ b/nixos/lib/test-driver/Machine.pm
@@ -0,0 +1,568 @@
+package Machine;
+
+use strict;
+use threads;
+use Socket;
+use IO::Handle;
+use POSIX qw(dup2);
+use FileHandle;
+use Cwd;
+use File::Basename;
+use File::Path qw(make_path);
+
+
+my $showGraphics = defined $ENV{'DISPLAY'};
+
+my $sharedDir;
+
+
+sub new {
+    my ($class, $args) = @_;
+
+    my $startCommand = $args->{startCommand};
+    
+    my $name = $args->{name};
+    if (!$name) {
+        $startCommand =~ /run-(.*)-vm$/ if defined $startCommand;
+        $name = $1 || "machine";
+    }
+
+    if (!$startCommand) {
+        # !!! merge with qemu-vm.nix.
+        $startCommand =
+            "qemu-kvm -m 384 " .
+            "-net nic,model=virtio \$QEMU_OPTS ";
+        my $iface = $args->{hdaInterface} || "virtio";
+        $startCommand .= "-drive file=" . Cwd::abs_path($args->{hda}) . ",if=$iface,boot=on,werror=report "
+            if defined $args->{hda};
+        $startCommand .= "-cdrom $args->{cdrom} "
+            if defined $args->{cdrom};
+        $startCommand .= $args->{qemuFlags} || "";
+    } else {
+        $startCommand = Cwd::abs_path $startCommand;
+    }
+
+    my $tmpDir = $ENV{'TMPDIR'} || "/tmp";
+    unless (defined $sharedDir) {
+        $sharedDir = $tmpDir . "/xchg-shared";
+        make_path($sharedDir, { mode => 0700, owner => $< });
+    }
+
+    my $allowReboot = 0;
+    $allowReboot = $args->{allowReboot} if defined $args->{allowReboot};
+
+    my $self = {
+        startCommand => $startCommand,
+        name => $name,
+        allowReboot => $allowReboot,
+        booted => 0,
+        pid => 0,
+        connected => 0,
+        socket => undef,
+        stateDir => "$tmpDir/vm-state-$name",
+        monitor => undef,
+        log => $args->{log},
+        redirectSerial => $args->{redirectSerial} // 1,
+    };
+
+    mkdir $self->{stateDir}, 0700;
+
+    bless $self, $class;
+    return $self;
+}
+
+
+sub log {
+    my ($self, $msg) = @_;
+    $self->{log}->log($msg, { machine => $self->{name} });
+}
+
+
+sub nest {
+    my ($self, $msg, $coderef, $attrs) = @_;
+    $self->{log}->nest($msg, $coderef, { %{$attrs || {}}, machine => $self->{name} });
+}
+
+
+sub name {
+    my ($self) = @_;
+    return $self->{name};
+}
+
+
+sub stateDir {
+    my ($self) = @_;
+    return $self->{stateDir};
+}
+
+
+sub start {
+    my ($self) = @_;
+    return if $self->{booted};
+
+    $self->log("starting vm");
+
+    # Create a socket pair for the serial line input/output of the VM.
+    my ($serialP, $serialC);
+    socketpair($serialP, $serialC, PF_UNIX, SOCK_STREAM, 0) or die;
+
+    # Create a Unix domain socket to which QEMU's monitor will connect.
+    my $monitorPath = $self->{stateDir} . "/monitor";
+    unlink $monitorPath;
+    my $monitorS;
+    socket($monitorS, PF_UNIX, SOCK_STREAM, 0) or die;
+    bind($monitorS, sockaddr_un($monitorPath)) or die "cannot bind monitor socket: $!";
+    listen($monitorS, 1) or die;
+
+    # Create a Unix domain socket to which the root shell in the guest will connect.
+    my $shellPath = $self->{stateDir} . "/shell";
+    unlink $shellPath;
+    my $shellS;
+    socket($shellS, PF_UNIX, SOCK_STREAM, 0) or die;
+    bind($shellS, sockaddr_un($shellPath)) or die "cannot bind shell socket: $!";
+    listen($shellS, 1) or die;
+
+    # Start the VM.
+    my $pid = fork();
+    die if $pid == -1;
+
+    if ($pid == 0) {
+        close $serialP;
+        close $monitorS;
+        close $shellS;
+        if ($self->{redirectSerial}) {
+            open NUL, "</dev/null" or die;
+            dup2(fileno(NUL), fileno(STDIN));
+            dup2(fileno($serialC), fileno(STDOUT));
+            dup2(fileno($serialC), fileno(STDERR));
+        }
+        $ENV{TMPDIR} = $self->{stateDir};
+        $ENV{SHARED_DIR} = $sharedDir;
+        $ENV{USE_TMPDIR} = 1;
+        $ENV{QEMU_OPTS} =
+            ($self->{allowReboot} ? "" : "-no-reboot ") .
+            "-monitor unix:./monitor -chardev socket,id=shell,path=./shell " .
+            "-device virtio-serial -device virtconsole,chardev=shell " .
+            ($showGraphics ? "-serial stdio" : "-nographic") . " " . ($ENV{QEMU_OPTS} || "");
+        chdir $self->{stateDir} or die;
+        exec $self->{startCommand};
+        die "running VM script: $!";
+    }
+
+    # Process serial line output.
+    close $serialC;
+
+    threads->create(\&processSerialOutput, $self, $serialP)->detach;
+
+    sub processSerialOutput {
+        my ($self, $serialP) = @_;
+        while (<$serialP>) {
+            chomp;
+            s/\r$//;
+            print STDERR $self->{name}, "# $_\n";
+            $self->{log}->{logQueue}->enqueue({msg => $_, machine => $self->{name}}); # !!!
+        }
+    }
+
+    eval {
+        local $SIG{CHLD} = sub { die "QEMU died prematurely\n"; };
+        
+        # Wait until QEMU connects to the monitor.
+        accept($self->{monitor}, $monitorS) or die;
+
+        # Wait until QEMU connects to the root shell socket.  QEMU
+        # does so immediately; this doesn't mean that the root shell
+        # has connected yet inside the guest.
+        accept($self->{socket}, $shellS) or die;
+        $self->{socket}->autoflush(1);
+    };
+    die "$@" if $@;
+    
+    $self->waitForMonitorPrompt;
+
+    $self->log("QEMU running (pid $pid)");
+    
+    $self->{pid} = $pid;
+    $self->{booted} = 1;
+}
+
+
+# Send a command to the monitor and wait for it to finish.  TODO: QEMU
+# also has a JSON-based monitor interface now, but it doesn't support
+# all commands yet.  We should use it once it does.
+sub sendMonitorCommand {
+    my ($self, $command) = @_;
+    $self->log("sending monitor command: $command");
+    syswrite $self->{monitor}, "$command\n";
+    return $self->waitForMonitorPrompt;
+}
+
+
+# Wait until the monitor sends "(qemu) ".
+sub waitForMonitorPrompt {
+    my ($self) = @_;
+    my $res = "";
+    my $s;
+    while (sysread($self->{monitor}, $s, 1024)) {
+        $res .= $s;
+        last if $res =~ s/\(qemu\) $//;
+    }
+    return $res;
+}
+
+
+# Call the given code reference repeatedly, with 1 second intervals,
+# until it returns 1 or a timeout is reached.
+sub retry {
+    my ($coderef) = @_;
+    my $n;
+    for ($n = 0; $n < 900; $n++) {
+        return if &$coderef;
+        sleep 1;
+    }
+    die "action timed out after $n seconds";
+}
+
+
+sub connect {
+    my ($self) = @_;
+    return if $self->{connected};
+
+    $self->nest("waiting for the VM to finish booting", sub {
+
+        $self->start;
+
+        local $SIG{ALRM} = sub { die "timed out waiting for the VM to connect\n"; };
+        alarm 300;
+        readline $self->{socket} or die "the VM quit before connecting\n";
+        alarm 0;
+        
+        $self->log("connected to guest root shell");
+        $self->{connected} = 1;
+
+    });
+}
+
+
+sub waitForShutdown {
+    my ($self) = @_;
+    return unless $self->{booted};
+
+    $self->nest("waiting for the VM to power off", sub {
+        waitpid $self->{pid}, 0;
+        $self->{pid} = 0;
+        $self->{booted} = 0;
+        $self->{connected} = 0;
+    });
+}
+
+
+sub isUp {
+    my ($self) = @_;
+    return $self->{booted} && $self->{connected};
+}
+
+
+sub execute_ {
+    my ($self, $command) = @_;
+    
+    $self->connect;
+
+    print { $self->{socket} } ("( $command ); echo '|!=EOF' \$?\n");
+
+    my $out = "";
+
+    while (1) {
+        my $line = readline($self->{socket});
+        die "connection to VM lost unexpectedly" unless defined $line;
+        #$self->log("got line: $line");
+        if ($line =~ /^(.*)\|\!\=EOF\s+(\d+)$/) {
+            $out .= $1;
+            $self->log("exit status $2");
+            return ($2, $out);
+        }
+        $out .= $line;
+    }
+}
+
+
+sub execute {
+    my ($self, $command) = @_;
+    my @res;
+    $self->nest("running command: $command", sub {
+        @res = $self->execute_($command);
+    });
+    return @res;
+}
+
+
+sub succeed {
+    my ($self, @commands) = @_;
+
+    my $res;
+    foreach my $command (@commands) {
+        $self->nest("must succeed: $command", sub {
+            my ($status, $out) = $self->execute_($command);
+            if ($status != 0) {
+                $self->log("output: $out");
+                die "command `$command' did not succeed (exit code $status)\n";
+            }
+            $res .= $out;
+        });
+    }
+
+    return $res;
+}
+
+
+sub mustSucceed {
+    succeed @_;
+}
+
+
+sub waitUntilSucceeds {
+    my ($self, $command) = @_;
+    $self->nest("waiting for success: $command", sub {
+        retry sub {
+            my ($status, $out) = $self->execute($command);
+            return 1 if $status == 0;
+        };
+    });
+}
+
+
+sub waitUntilFails {
+    my ($self, $command) = @_;
+    $self->nest("waiting for failure: $command", sub {
+        retry sub {
+            my ($status, $out) = $self->execute($command);
+            return 1 if $status != 0;
+        };
+    });
+}
+
+
+sub fail {
+    my ($self, $command) = @_;
+    $self->nest("must fail: $command", sub {
+        my ($status, $out) = $self->execute_($command);
+        die "command `$command' unexpectedly succeeded"
+            if $status == 0;
+    });
+}
+
+
+sub mustFail {
+    fail @_;
+}
+
+
+sub getUnitInfo {
+    my ($self, $unit) = @_;
+    my ($status, $lines) = $self->execute("systemctl --no-pager show '$unit'");
+    return undef if $status != 0;
+    my $info = {};
+    foreach my $line (split '\n', $lines) {
+        $line =~ /^([^=]+)=(.*)$/ or next;
+        $info->{$1} = $2;
+    }
+    return $info;
+}
+
+
+# Wait for a systemd unit to reach the "active" state.
+sub waitForUnit {
+    my ($self, $unit) = @_;
+    $self->nest("waiting for unit ‘$unit’", sub {
+        retry sub {
+            my $info = $self->getUnitInfo($unit);
+            my $state = $info->{ActiveState};
+            die "unit ‘$unit’ reached state ‘$state’\n" if $state eq "failed";
+            return 1 if $state eq "active";
+        };
+    });
+}
+
+
+sub waitForJob {
+    my ($self, $jobName) = @_;
+    return $self->waitForUnit($jobName);
+}
+
+
+# Wait until the specified file exists.
+sub waitForFile {
+    my ($self, $fileName) = @_;
+    $self->nest("waiting for file ‘$fileName’", sub {
+        retry sub {
+            my ($status, $out) = $self->execute("test -e $fileName");
+            return 1 if $status == 0;
+        }
+    });
+}
+
+sub startJob {
+    my ($self, $jobName) = @_;
+    $self->execute("systemctl start $jobName");
+    # FIXME: check result
+}
+
+sub stopJob {
+    my ($self, $jobName) = @_;
+    $self->execute("systemctl stop $jobName");
+}
+
+
+# Wait until the machine is listening on the given TCP port.
+sub waitForOpenPort {
+    my ($self, $port) = @_;
+    $self->nest("waiting for TCP port $port", sub {
+        retry sub {
+            my ($status, $out) = $self->execute("nc -z localhost $port");
+            return 1 if $status == 0;
+        }
+    });
+}
+
+
+# Wait until the machine is not listening on the given TCP port.
+sub waitForClosedPort {
+    my ($self, $port) = @_;
+    retry sub {
+        my ($status, $out) = $self->execute("nc -z localhost $port");
+        return 1 if $status != 0;
+    }
+}
+
+
+sub shutdown {
+    my ($self) = @_;
+    return unless $self->{booted};
+
+    print { $self->{socket} } ("poweroff\n");
+
+    $self->waitForShutdown;
+}
+
+
+sub crash {
+    my ($self) = @_;
+    return unless $self->{booted};
+    
+    $self->log("forced crash");
+
+    $self->sendMonitorCommand("quit");
+
+    $self->waitForShutdown;
+}
+
+
+# Make the machine unreachable by shutting down eth1 (the multicast
+# interface used to talk to the other VMs).  We keep eth0 up so that
+# the test driver can continue to talk to the machine.
+sub block {
+    my ($self) = @_;
+    $self->sendMonitorCommand("set_link virtio-net-pci.1 off");
+}
+
+
+# Make the machine reachable.
+sub unblock {
+    my ($self) = @_;
+    $self->sendMonitorCommand("set_link virtio-net-pci.1 on");
+}
+
+
+# Take a screenshot of the X server on :0.0.
+sub screenshot {
+    my ($self, $filename) = @_;
+    my $dir = $ENV{'out'} || Cwd::abs_path(".");
+    $filename = "$dir/${filename}.png" if $filename =~ /^\w+$/;
+    my $tmp = "${filename}.ppm";
+    my $name = basename($filename);
+    $self->nest("making screenshot ‘$name’", sub {
+        $self->sendMonitorCommand("screendump $tmp");
+        system("convert $tmp ${filename}") == 0
+            or die "cannot convert screenshot";
+        unlink $tmp;
+    }, { image => $name } );
+}
+
+
+# Wait until it is possible to connect to the X server.  Note that
+# testing the existence of /tmp/.X11-unix/X0 is insufficient.
+sub waitForX {
+    my ($self, $regexp) = @_;
+    $self->nest("waiting for the X11 server", sub {
+        retry sub {
+            my ($status, $out) = $self->execute("xwininfo -root > /dev/null 2>&1");
+            return 1 if $status == 0;
+        }
+    });
+}
+
+
+sub getWindowNames {
+    my ($self) = @_;
+    my $res = $self->mustSucceed(
+        q{xwininfo -root -tree | sed 's/.*0x[0-9a-f]* \"\([^\"]*\)\".*/\1/; t; d'});
+    return split /\n/, $res;
+}
+
+
+sub waitForWindow {
+    my ($self, $regexp) = @_;
+    $self->nest("waiting for a window to appear", sub {
+        retry sub {
+            my @names = $self->getWindowNames;
+            foreach my $n (@names) {
+                return 1 if $n =~ /$regexp/;
+            }
+        }
+    });
+}
+
+
+sub copyFileFromHost {
+    my ($self, $from, $to) = @_;
+    my $s = `cat $from` or die;
+    $self->mustSucceed("echo '$s' > $to"); # !!! escaping
+}
+
+
+sub sendKeys {
+    my ($self, @keys) = @_;
+    foreach my $key (@keys) {
+        $key = "spc" if $key eq " ";
+        $key = "ret" if $key eq "\n";
+        $self->sendMonitorCommand("sendkey $key");
+    }
+}
+
+
+sub sendChars {
+    my ($self, $chars) = @_;
+    $self->nest("sending keys ‘$chars’", sub {
+        $self->sendKeys(split //, $chars);
+    });
+}
+
+
+# Sleep N seconds (in virtual guest time, not real time).
+sub sleep {
+    my ($self, $time) = @_;
+    $self->succeed("sleep $time");
+}
+
+
+# Forward a TCP port on the host to a TCP port on the guest.  Useful
+# during interactive testing.
+sub forwardPort {
+    my ($self, $hostPort, $guestPort) = @_;
+    $hostPort = 8080 unless defined $hostPort;
+    $guestPort = 80 unless defined $guestPort;
+    $self->sendMonitorCommand("hostfwd_add tcp::$hostPort-:$guestPort");
+}
+
+
+1;
diff --git a/nixos/lib/test-driver/log2html.xsl b/nixos/lib/test-driver/log2html.xsl
new file mode 100644
index 000000000000..8e907d85ffac
--- /dev/null
+++ b/nixos/lib/test-driver/log2html.xsl
@@ -0,0 +1,135 @@
+<?xml version="1.0"?>
+
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+
+  <xsl:output method='html' encoding="UTF-8"
+              doctype-public="-//W3C//DTD HTML 4.01//EN"
+              doctype-system="http://www.w3.org/TR/html4/strict.dtd" />
+
+  <xsl:template match="logfile">
+    <html>
+      <head>
+        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>
+        <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script>
+        <script type="text/javascript" src="treebits.js" />
+        <link rel="stylesheet" href="logfile.css" type="text/css" />
+        <title>Log File</title>
+      </head>
+      <body>
+        <h1>VM build log</h1>
+        <p>
+          <a href="javascript:" class="logTreeExpandAll">Expand all</a> |
+          <a href="javascript:" class="logTreeCollapseAll">Collapse all</a>
+        </p>
+        <ul class='toplevel'>
+          <xsl:for-each select='line|nest'>
+            <li>
+              <xsl:apply-templates select='.'/>
+            </li>
+          </xsl:for-each>
+        </ul>
+
+        <xsl:if test=".//*[@image]">
+          <h1>Screenshots</h1>
+          <ul class="vmScreenshots">
+            <xsl:for-each select='.//*[@image]'>
+              <li><a href="{@image}"><xsl:value-of select="@image" /></a></li>
+            </xsl:for-each>
+          </ul>
+        </xsl:if>
+
+      </body>
+    </html>
+  </xsl:template>
+
+
+  <xsl:template match="nest">
+
+    <!-- The tree should be collapsed by default if all children are
+         unimportant or if the header is unimportant. -->
+    <xsl:variable name="collapsed" select="not(./head[@expanded]) and count(.//*[@error]) = 0"/>
+
+    <xsl:variable name="style"><xsl:if test="$collapsed">display: none;</xsl:if></xsl:variable>
+
+    <xsl:if test="line|nest">
+      <a href="javascript:" class="logTreeToggle">
+        <xsl:choose>
+          <xsl:when test="$collapsed"><xsl:text>+</xsl:text></xsl:when>
+          <xsl:otherwise><xsl:text>-</xsl:text></xsl:otherwise>
+        </xsl:choose>
+      </a>
+      <xsl:text> </xsl:text>
+    </xsl:if>
+
+    <xsl:apply-templates select='head'/>
+
+    <!-- Be careful to only generate <ul>s if there are <li>s, otherwise it’s malformed. -->
+    <xsl:if test="line|nest">
+
+      <ul class='nesting' style="{$style}">
+        <xsl:for-each select='line|nest'>
+
+          <!-- Is this the last line?  If so, mark it as such so that it
+               can be rendered differently. -->
+          <xsl:variable name="class"><xsl:choose><xsl:when test="position() != last()">line</xsl:when><xsl:otherwise>lastline</xsl:otherwise></xsl:choose></xsl:variable>
+
+          <li class='{$class}'>
+            <span class='lineconn' />
+            <span class='linebody'>
+              <xsl:apply-templates select='.'/>
+            </span>
+          </li>
+        </xsl:for-each>
+      </ul>
+    </xsl:if>
+
+  </xsl:template>
+
+
+  <xsl:template match="head|line">
+    <code>
+      <xsl:if test="@error">
+        <xsl:attribute name="class">errorLine</xsl:attribute>
+      </xsl:if>
+      <xsl:if test="@warning">
+        <xsl:attribute name="class">warningLine</xsl:attribute>
+      </xsl:if>
+      <xsl:if test="@priority = 3">
+        <xsl:attribute name="class">prio3</xsl:attribute>
+      </xsl:if>
+
+      <xsl:if test="@type = 'serial'">
+        <xsl:attribute name="class">serial</xsl:attribute>
+      </xsl:if>
+
+      <xsl:if test="@machine">
+        <xsl:choose>
+          <xsl:when test="@type = 'serial'">
+            <span class="machine"><xsl:value-of select="@machine"/># </span>
+          </xsl:when>
+          <xsl:otherwise>
+            <span class="machine"><xsl:value-of select="@machine"/>: </span>
+          </xsl:otherwise>
+        </xsl:choose>
+      </xsl:if>
+
+      <xsl:choose>
+        <xsl:when test="@image">
+          <a href="{@image}"><xsl:apply-templates/></a>
+        </xsl:when>
+        <xsl:otherwise>
+          <xsl:apply-templates/>
+        </xsl:otherwise>
+      </xsl:choose>
+    </code>
+  </xsl:template>
+
+
+  <xsl:template match="storeref">
+    <em class='storeref'>
+      <span class='popup'><xsl:apply-templates/></span>
+      <span class='elided'>/...</span><xsl:apply-templates select='name'/><xsl:apply-templates select='path'/>
+    </em>
+  </xsl:template>
+
+</xsl:stylesheet>
diff --git a/nixos/lib/test-driver/logfile.css b/nixos/lib/test-driver/logfile.css
new file mode 100644
index 000000000000..a54d8504a867
--- /dev/null
+++ b/nixos/lib/test-driver/logfile.css
@@ -0,0 +1,129 @@
+body {
+    font-family: sans-serif;
+    background: white;
+}
+
+h1
+{
+    color: #005aa0;
+    font-size: 180%;
+}
+
+a {
+    text-decoration: none;
+}
+
+
+ul.nesting, ul.toplevel {
+    padding: 0;
+    margin: 0;
+}
+
+ul.toplevel {
+    list-style-type: none;
+}
+
+.line, .head {
+    padding-top: 0em;
+}
+
+ul.nesting li.line, ul.nesting li.lastline {
+    position: relative;
+    list-style-type: none;
+}
+
+ul.nesting li.line {
+    padding-left: 2.0em;
+}
+
+ul.nesting li.lastline {
+    padding-left: 2.1em; /* for the 0.1em border-left in .lastline > .lineconn */
+}
+
+li.line {
+    border-left: 0.1em solid #6185a0;
+}
+
+li.line > span.lineconn, li.lastline > span.lineconn {
+    position: absolute;
+    height: 0.65em;
+    left: 0em;
+    width: 1.5em;
+    border-bottom: 0.1em solid #6185a0;
+}
+
+li.lastline > span.lineconn {
+    border-left: 0.1em solid #6185a0;
+}
+
+
+em.storeref {
+    color: #500000;
+    position: relative; 
+    width: 100%;
+}
+
+em.storeref:hover {
+    background-color: #eeeeee;
+}
+
+*.popup {
+    display: none;
+/*    background: url('http://losser.st-lab.cs.uu.nl/~mbravenb/menuback.png') repeat; */
+    background: #ffffcd;
+    border: solid #555555 1px;
+    position: absolute;
+    top: 0em;
+    left: 0em;
+    margin: 0;
+    padding: 0;
+    z-index: 100;
+}
+
+em.storeref:hover span.popup {
+    display: inline;
+    width: 40em;
+}
+
+
+.logTreeToggle {
+    text-decoration: none;
+    font-family: monospace;
+    font-size: larger;
+}
+
+.errorLine {
+    color: #ff0000;
+    font-weight: bold;
+}
+
+.warningLine {
+    color: darkorange;
+    font-weight: bold;
+}
+
+.prio3 {
+    font-style: italic;
+}
+
+code {
+    white-space: pre-wrap;
+}
+
+.serial {
+    color: #56115c;
+}
+
+.machine {
+    color: #002399;
+    font-style: italic;
+}
+
+ul.vmScreenshots {
+    padding-left: 1em;
+}
+
+ul.vmScreenshots li {
+    font-family: monospace;
+    list-style: square;
+}
diff --git a/nixos/lib/test-driver/test-driver.pl b/nixos/lib/test-driver/test-driver.pl
new file mode 100644
index 000000000000..c6a707cdf6b9
--- /dev/null
+++ b/nixos/lib/test-driver/test-driver.pl
@@ -0,0 +1,178 @@
+#! /somewhere/perl -w
+
+use strict;
+use Machine;
+use Term::ReadLine;
+use IO::File;
+use IO::Pty;
+use Logger;
+use Cwd;
+use POSIX qw(_exit dup2);
+
+$SIG{PIPE} = 'IGNORE'; # because Unix domain sockets may die unexpectedly
+
+STDERR->autoflush(1);
+
+my $log = new Logger;
+
+
+# Start vde_switch for each network required by the test.
+my %vlans;
+foreach my $vlan (split / /, $ENV{VLANS} || "") {
+    next if defined $vlans{$vlan};
+    # Start vde_switch as a child process.  We don't run it in daemon
+    # mode because we want the child process to be cleaned up when we
+    # die.  Since we have to make sure that the control socket is
+    # ready, we send a dummy command to vde_switch (via stdin) and
+    # wait for a reply.  Note that vde_switch requires stdin to be a
+    # TTY, so we create one.
+    $log->log("starting VDE switch for network $vlan");
+    my $socket = Cwd::abs_path "./vde$vlan.ctl";
+    my $pty = new IO::Pty;
+    my ($stdoutR, $stdoutW); pipe $stdoutR, $stdoutW;
+    my $pid = fork(); die "cannot fork" unless defined $pid;
+    if ($pid == 0) {
+        dup2(fileno($pty->slave), 0);
+        dup2(fileno($stdoutW), 1);
+        exec "vde_switch -s $socket" or _exit(1);
+    }
+    close $stdoutW;
+    print $pty "version\n";
+    readline $stdoutR or die "cannot start vde_switch";
+    $ENV{"QEMU_VDE_SOCKET_$vlan"} = $socket;
+    $vlans{$vlan} = $pty;
+    die unless -e "$socket/ctl";
+}
+
+
+my %vms;
+my $context = "";
+
+sub createMachine {
+    my ($args) = @_;
+    my $vm = Machine->new({%{$args}, log => $log, redirectSerial => ($ENV{USE_SERIAL} // "0") ne "1"});
+    $vms{$vm->name} = $vm;
+    return $vm;
+}
+
+foreach my $vmScript (@ARGV) {
+    my $vm = createMachine({startCommand => $vmScript});
+    $context .= "my \$" . $vm->name . " = \$vms{'" . $vm->name . "'}; ";
+}
+
+
+sub startAll {
+    $log->nest("starting all VMs", sub {
+        $_->start foreach values %vms;
+    });
+}
+
+
+# Wait until all VMs have terminated.
+sub joinAll {
+    $log->nest("waiting for all VMs to finish", sub {
+        $_->waitForShutdown foreach values %vms;
+    });
+}
+
+
+# In interactive tests, this allows the non-interactive test script to
+# be executed conveniently.
+sub testScript {
+    eval "$context $ENV{testScript};\n";
+    warn $@ if $@;
+}
+
+
+my $nrTests = 0;
+my $nrSucceeded = 0;
+
+
+sub subtest {
+    my ($name, $coderef) = @_;
+    $log->nest("subtest: $name", sub {
+        $nrTests++;
+        eval { &$coderef };
+        if ($@) {
+            $log->log("error: $@", { error => 1 });
+        } else {
+            $nrSucceeded++;
+        }
+    });
+}
+
+
+sub runTests {
+    if (defined $ENV{tests}) {
+        $log->nest("running the VM test script", sub {
+            eval "$context $ENV{tests}";
+            if ($@) {
+                $log->log("error: $@", { error => 1 });
+                die $@;
+            }
+        }, { expanded => 1 });
+    } else {
+        my $term = Term::ReadLine->new('nixos-vm-test');
+        $term->ReadHistory;
+        while (defined ($_ = $term->readline("> "))) {
+            eval "$context $_\n";
+            warn $@ if $@;
+        }
+        $term->WriteHistory;
+    }
+
+    # Copy the kernel coverage data for each machine, if the kernel
+    # has been compiled with coverage instrumentation.
+    $log->nest("collecting coverage data", sub {
+        foreach my $vm (values %vms) {
+            my $gcovDir = "/sys/kernel/debug/gcov";
+
+            next unless $vm->isUp();
+
+            my ($status, $out) = $vm->execute("test -e $gcovDir");
+            next if $status != 0;
+
+            # Figure out where to put the *.gcda files so that the
+            # report generator can find the corresponding kernel
+            # sources.
+            my $kernelDir = $vm->mustSucceed("echo \$(dirname \$(readlink -f /run/current-system/kernel))/.build/linux-*");
+            chomp $kernelDir;
+            my $coverageDir = "/tmp/xchg/coverage-data/$kernelDir";
+
+            # Copy all the *.gcda files.
+            $vm->execute("for d in $gcovDir/nix/store/*/.build/linux-*; do for i in \$(cd \$d && find -name '*.gcda'); do echo \$i; mkdir -p $coverageDir/\$(dirname \$i); cp -v \$d/\$i $coverageDir/\$i; done; done");
+        }
+    });
+
+    if ($nrTests != 0) {
+        $log->log("$nrSucceeded out of $nrTests tests succeeded",
+            ($nrSucceeded < $nrTests ? { error => 1 } : { }));
+    }
+}
+
+
+# Create an empty raw virtual disk with the given name and size (in
+# MiB).
+sub createDisk {
+    my ($name, $size) = @_;
+    system("qemu-img create -f raw $name ${size}M") == 0
+        or die "cannot create image of size $size";
+}
+
+
+END {
+    $log->nest("cleaning up", sub {
+        foreach my $vm (values %vms) {
+            if ($vm->{pid}) {
+                $log->log("killing " . $vm->{name} . " (pid " . $vm->{pid} . ")");
+                kill 9, $vm->{pid};
+            }
+        }
+    });
+    $log->close();
+}
+
+
+runTests;
+
+exit ($nrSucceeded < $nrTests ? 1 : 0);
diff --git a/nixos/lib/test-driver/treebits.js b/nixos/lib/test-driver/treebits.js
new file mode 100644
index 000000000000..9754093dfd07
--- /dev/null
+++ b/nixos/lib/test-driver/treebits.js
@@ -0,0 +1,30 @@
+$(document).ready(function() {
+
+    /* When a toggle is clicked, show or hide the subtree. */
+    $(".logTreeToggle").click(function() {
+        if ($(this).siblings("ul:hidden").length != 0) {
+            $(this).siblings("ul").show();
+            $(this).text("-");
+        } else {
+            $(this).siblings("ul").hide();
+            $(this).text("+");
+        }
+    });
+
+    /* Implementation of the expand all link. */
+    $(".logTreeExpandAll").click(function() {
+        $(".logTreeToggle", $(this).parent().siblings(".toplevel")).map(function() {
+            $(this).siblings("ul").show();
+            $(this).text("-");
+        });
+    });
+
+    /* Implementation of the collapse all link. */
+    $(".logTreeCollapseAll").click(function() {
+        $(".logTreeToggle", $(this).parent().siblings(".toplevel")).map(function() {
+            $(this).siblings("ul").hide();
+            $(this).text("+");
+        });
+    });
+
+});
diff --git a/nixos/lib/testing.nix b/nixos/lib/testing.nix
new file mode 100644
index 000000000000..3407229e921a
--- /dev/null
+++ b/nixos/lib/testing.nix
@@ -0,0 +1,249 @@
+{ system, minimal ? false }:
+
+with import ./build-vms.nix { inherit system minimal; };
+with pkgs;
+
+rec {
+
+  inherit pkgs;
+
+
+  testDriver = stdenv.mkDerivation {
+    name = "nixos-test-driver";
+
+    buildInputs = [ makeWrapper perl ];
+
+    unpackPhase = "true";
+
+    installPhase =
+      ''
+        mkdir -p $out/bin
+        cp ${./test-driver/test-driver.pl} $out/bin/nixos-test-driver
+        chmod u+x $out/bin/nixos-test-driver
+
+        libDir=$out/lib/perl5/site_perl
+        mkdir -p $libDir
+        cp ${./test-driver/Machine.pm} $libDir/Machine.pm
+        cp ${./test-driver/Logger.pm} $libDir/Logger.pm
+
+        wrapProgram $out/bin/nixos-test-driver \
+          --prefix PATH : "${pkgs.qemu_kvm}/bin:${pkgs.vde2}/bin:${imagemagick}/bin:${coreutils}/bin" \
+          --prefix PERL5LIB : "${lib.makePerlPath [ perlPackages.TermReadLineGnu perlPackages.XMLWriter perlPackages.IOTty ]}:$out/lib/perl5/site_perl"
+      '';
+  };
+
+
+  # Run an automated test suite in the given virtual network.
+  # `driver' is the script that runs the network.
+  runTests = driver:
+    stdenv.mkDerivation {
+      name = "vm-test-run";
+
+      requiredSystemFeatures = [ "kvm" "nixos-test" ];
+
+      buildInputs = [ pkgs.libxslt ];
+
+      buildCommand =
+        ''
+          mkdir -p $out/nix-support
+
+          LOGFILE=$out/log.xml tests='eval $ENV{testScript}; die $@ if $@;' ${driver}/bin/nixos-test-driver || failed=1
+
+          # Generate a pretty-printed log.
+          xsltproc --output $out/log.html ${./test-driver/log2html.xsl} $out/log.xml
+          ln -s ${./test-driver/logfile.css} $out/logfile.css
+          ln -s ${./test-driver/treebits.js} $out/treebits.js
+
+          touch $out/nix-support/hydra-build-products
+          echo "report testlog $out log.html" >> $out/nix-support/hydra-build-products
+
+          for i in */xchg/coverage-data; do
+            mkdir -p $out/coverage-data
+            mv $i $out/coverage-data/$(dirname $(dirname $i))
+          done
+
+          [ -z "$failed" ] || touch $out/nix-support/failed
+        ''; # */
+    };
+
+
+  # Generate a coverage report from the coverage data produced by
+  # runTests.
+  makeReport = x: runCommand "report" { buildInputs = [rsync]; }
+    ''
+      mkdir -p $TMPDIR/gcov/
+
+      for d in ${x}/coverage-data/*; do
+          echo "doing $d"
+          [ -n "$(ls -A "$d")" ] || continue
+
+          for i in $(cd $d/nix/store && ls); do
+              if ! test -e $TMPDIR/gcov/nix/store/$i; then
+                  echo "copying $i"
+                  mkdir -p $TMPDIR/gcov/$(echo $i | cut -c34-)
+                  rsync -rv /nix/store/$i/.build/* $TMPDIR/gcov/
+              fi
+          done
+
+          chmod -R u+w $TMPDIR/gcov
+
+          find $TMPDIR/gcov -name "*.gcda" -exec rm {} \;
+
+          for i in $(cd $d/nix/store && ls); do
+              rsync -rv $d/nix/store/$i/.build/* $TMPDIR/gcov/
+          done
+
+          find $TMPDIR/gcov -name "*.gcda" -exec chmod 644 {} \;
+
+          echo "producing info..."
+          ${pkgs.lcov}/bin/geninfo --ignore-errors source,gcov $TMPDIR/gcov --output-file $TMPDIR/app.info
+          cat $TMPDIR/app.info >> $TMPDIR/full.info
+      done
+
+      echo "making report..."
+      mkdir -p $out/coverage
+      ${pkgs.lcov}/bin/genhtml --show-details $TMPDIR/full.info -o $out/coverage
+      cp $TMPDIR/full.info $out/coverage/
+
+      mkdir -p $out/nix-support
+      cat ${x}/nix-support/hydra-build-products >> $out/nix-support/hydra-build-products
+      echo "report coverage $out/coverage" >> $out/nix-support/hydra-build-products
+      [ ! -e ${x}/nix-support/failed ] || touch $out/nix-support/failed
+    ''; # */
+
+
+  makeTest = testFun: complete (call testFun);
+  makeTests = testsFun: lib.mapAttrs (name: complete) (call testsFun);
+
+  apply = makeTest; # compatibility
+  call = f: f { inherit pkgs system; };
+
+  complete = t: t // rec {
+    nodes = buildVirtualNetwork (
+      if t ? nodes then t.nodes else
+      if t ? machine then { machine = t.machine; }
+      else { } );
+
+    testScript =
+      # Call the test script with the computed nodes.
+      if builtins.isFunction t.testScript
+      then t.testScript { inherit nodes; }
+      else t.testScript;
+
+    vlans = map (m: m.config.virtualisation.vlans) (lib.attrValues nodes);
+
+    vms = map (m: m.config.system.build.vm) (lib.attrValues nodes);
+
+    # Generate onvenience wrappers for running the test driver
+    # interactively with the specified network, and for starting the
+    # VMs from the command line.
+    driver = runCommand "nixos-test-driver"
+      { buildInputs = [ makeWrapper];
+        inherit testScript;
+        preferLocalBuild = true;
+      }
+      ''
+        mkdir -p $out/bin
+        echo "$testScript" > $out/test-script
+        ln -s ${testDriver}/bin/nixos-test-driver $out/bin/
+        vms="$(for i in ${toString vms}; do echo $i/bin/run-*-vm; done)"
+        wrapProgram $out/bin/nixos-test-driver \
+          --add-flags "$vms" \
+          --run "testScript=\"\$(cat $out/test-script)\"" \
+          --set testScript '"$testScript"' \
+          --set VLANS '"${toString vlans}"'
+        ln -s ${testDriver}/bin/nixos-test-driver $out/bin/nixos-run-vms
+        wrapProgram $out/bin/nixos-run-vms \
+          --add-flags "$vms" \
+          --set tests '"startAll; joinAll;"' \
+          --set VLANS '"${toString vlans}"' \
+          ${lib.optionalString (builtins.length vms == 1) "--set USE_SERIAL 1"}
+      ''; # "
+
+    test = runTests driver;
+
+    report = makeReport test;
+  };
+
+
+  runInMachine =
+    { drv
+    , machine
+    , preBuild ? ""
+    , postBuild ? ""
+    , ... # ???
+    }:
+    let
+      vm = buildVM { }
+        [ machine
+          { key = "run-in-machine";
+            networking.hostName = "client";
+            nix.readOnlyStore = false;
+          }
+        ];
+
+      buildrunner = writeText "vm-build" ''
+        source $1
+
+        ${coreutils}/bin/mkdir -p $TMPDIR
+        cd $TMPDIR
+
+        $origBuilder $origArgs
+
+        exit $?
+      '';
+
+      testscript = ''
+        startAll;
+        $client->waitForUnit("multi-user.target");
+        ${preBuild}
+        $client->succeed("env -i ${pkgs.bash}/bin/bash ${buildrunner} /tmp/xchg/saved-env >&2");
+        ${postBuild}
+        $client->succeed("sync"); # flush all data before pulling the plug
+      '';
+
+      vmRunCommand = writeText "vm-run" ''
+        ${coreutils}/bin/mkdir $out
+        ${coreutils}/bin/mkdir -p vm-state-client/xchg
+        export > vm-state-client/xchg/saved-env
+        export tests='${testscript}'
+        ${testDriver}/bin/nixos-test-driver ${vm.config.system.build.vm}/bin/run-*-vm
+      ''; # */
+
+    in
+      lib.overrideDerivation drv (attrs: {
+        requiredSystemFeatures = [ "kvm" ];
+        builder = "${bash}/bin/sh";
+        args = ["-e" vmRunCommand];
+        origArgs = attrs.args;
+        origBuilder = attrs.builder;
+      });
+
+
+  runInMachineWithX = { require ? [], ... } @ args:
+    let
+      client =
+        { config, pkgs, ... }:
+        {
+          inherit require;
+          virtualisation.memorySize = 1024;
+          services.xserver.enable = true;
+          services.xserver.displayManager.slim.enable = false;
+          services.xserver.displayManager.auto.enable = true;
+          services.xserver.windowManager.default = "icewm";
+          services.xserver.windowManager.icewm.enable = true;
+          services.xserver.desktopManager.default = "none";
+        };
+    in
+      runInMachine ({
+        machine = client;
+        preBuild =
+          ''
+            $client->waitForX;
+          '';
+      } // args);
+
+
+  simpleTest = as: (makeTest ({ ... }: as)).test;
+
+}
diff --git a/nixos/lib/utils.nix b/nixos/lib/utils.nix
new file mode 100644
index 000000000000..35c56e8c32bb
--- /dev/null
+++ b/nixos/lib/utils.nix
@@ -0,0 +1,10 @@
+pkgs: with pkgs.lib;
+
+rec {
+
+  # Escape a path according to the systemd rules, e.g. /dev/xyzzy
+  # becomes dev-xyzzy.  FIXME: slow.
+  escapeSystemdPath = s:
+   replaceChars ["/" "-" " "] ["-" "\\x2d" "\\x20"] (substring 1 (stringLength s) s);
+
+}
diff --git a/nixos/maintainers/option-usages.nix b/nixos/maintainers/option-usages.nix
new file mode 100644
index 000000000000..7413b9e18cec
--- /dev/null
+++ b/nixos/maintainers/option-usages.nix
@@ -0,0 +1,99 @@
+{ configuration ? import ../lib/from-env.nix "NIXOS_CONFIG" <nixos-config>
+
+# []: display all options
+# [<option names>]: display the selected options
+, displayOptions ? [
+    "hardware.pcmcia.enable"
+    "environment.systemPackages"
+    "boot.kernelModules"
+    "services.udev.packages"
+    "jobs"
+    "environment.etc"
+    "system.activationScripts"
+  ]
+}:
+
+# This file is used to generate a dot graph which contains all options and
+# there dependencies to track problems and their sources.
+
+let
+
+  evalFun = {
+    extraArgs ? {}
+  }: import ../lib/eval-config.nix {
+       modules = [ configuration ];
+       inherit extraArgs;
+     };
+
+  eval = evalFun {};
+  inherit (eval) pkgs;
+
+  reportNewFailures = old: new: with pkgs.lib;
+    let
+      filterChanges =
+        filter ({fst, snd}:
+          !(fst.config.success -> snd.config.success)
+        );
+
+      keepNames =
+        map ({fst, snd}:
+          assert fst.name == snd.name; snd.name
+        );
+     in
+       keepNames (
+         filterChanges (
+           zipLists (collect isOption old) (collect isOption new)
+         )
+       );
+
+
+  # Create a list of modules where each module contains only one failling
+  # options.
+  introspectionModules = with pkgs.lib;
+    let
+      setIntrospection = opt: rec {
+        name = opt.name;
+        path = splitString "." opt.name;
+        config = setAttrByPath path
+          (throw "Usage introspection of '${name}' by forced failure.");
+      };
+    in
+      map setIntrospection (collect isOption eval.options);
+
+  overrideConfig = thrower:
+    pkgs.lib.recursiveUpdateUntil (path: old: new:
+      path == thrower.path
+    ) eval.config thrower.config;
+
+
+  graph = with pkgs.lib;
+    map (thrower: {
+      option = thrower.name;
+      usedBy = reportNewFailures eval.options (evalFun {
+        extraArgs = {
+          config = overrideConfig thrower;
+        };
+      }).options;
+    }) introspectionModules;
+
+  graphToDot = graph: with pkgs.lib; ''
+    digraph "Option Usages" {
+      ${concatMapStrings ({option, usedBy}:
+          assert __trace option true;
+          if displayOptions == [] || elem option displayOptions then
+            concatMapStrings (user: ''
+              "${option}" -> "${user}"''
+            ) usedBy
+          else ""
+        ) graph}
+    }
+  '';
+
+in
+
+pkgs.texFunctions.dot2pdf {
+  dotGraph = pkgs.writeTextFile {
+    name = "option_usages.dot";
+    text = graphToDot graph;
+  };
+}
diff --git a/nixos/maintainers/scripts/ec2/create-ebs-amis.py b/nixos/maintainers/scripts/ec2/create-ebs-amis.py
new file mode 100755
index 000000000000..93971ac9504d
--- /dev/null
+++ b/nixos/maintainers/scripts/ec2/create-ebs-amis.py
@@ -0,0 +1,220 @@
+#! /usr/bin/env python
+
+import os
+import sys
+import time
+import argparse
+import nixops.util
+from nixops import deployment
+from boto.ec2.blockdevicemapping import BlockDeviceMapping, BlockDeviceType
+import boto.ec2
+
+parser = argparse.ArgumentParser(description='Create an EBS-backed NixOS AMI')
+parser.add_argument('--region', dest='region', required=True, help='EC2 region to create the image in')
+parser.add_argument('--keep', dest='keep', action='store_true', help='Keep NixOps machine after use')
+parser.add_argument('--hvm', dest='hvm', action='store_true', help='Create HVM image')
+parser.add_argument('--key', dest='key_name', action='store_true', help='Keypair used for HVM instance creation', default="rob")
+args = parser.parse_args()
+
+instance_type = "cc1.4xlarge" if args.hvm else "m1.small"
+ebs_size = 8 if args.hvm else 20
+
+
+# Start a NixOS machine in the given region.
+f = open("ebs-creator-config.nix", "w")
+f.write('''{{
+  resources.ec2KeyPairs.keypair.accessKeyId = "logicblox-dev";
+  resources.ec2KeyPairs.keypair.region = "{0}";
+
+  machine =
+    {{ pkgs, ... }}:
+    {{
+      deployment.ec2.accessKeyId = "logicblox-dev";
+      deployment.ec2.region = "{0}";
+      deployment.ec2.blockDeviceMapping."/dev/xvdg".size = pkgs.lib.mkOverride 10 {1};
+    }};
+}}
+'''.format(args.region, ebs_size))
+f.close()
+
+db = deployment.open_database(deployment.get_default_state_file())
+try:
+    depl = deployment.open_deployment(db, "ebs-creator")
+except Exception:
+    depl = deployment.create_deployment(db)
+    depl.name = "ebs-creator"
+depl.auto_response = "y"
+depl.nix_exprs = [os.path.abspath("./ebs-creator.nix"), os.path.abspath("./ebs-creator-config.nix")]
+if not args.keep: depl.destroy_resources()
+depl.deploy(allow_reboot=True)
+
+m = depl.machines['machine']
+
+
+# Do the installation.
+device="/dev/xvdg"
+if args.hvm:
+    m.run_command('parted -s /dev/xvdg -- mklabel msdos')
+    m.run_command('parted -s /dev/xvdg -- mkpart primary ext2 1M -1s')
+    device="/dev/xvdg1"
+
+m.run_command("if mountpoint -q /mnt; then umount /mnt; fi")
+m.run_command("mkfs.ext4 -L nixos {0}".format(device))
+m.run_command("mkdir -p /mnt")
+m.run_command("mount {0} /mnt".format(device))
+m.run_command("touch /mnt/.ebs")
+m.run_command("mkdir -p /mnt/etc/nixos")
+m.run_command("nix-channel --add http://nixos.org/channels/nixos-unstable")
+m.run_command("nix-channel --update")
+m.run_command("nixos-rebuild switch")
+version = m.run_command("nixos-version", capture_stdout=True).replace('"', '').rstrip()
+print >> sys.stderr, "NixOS version is {0}".format(version)
+m.upload_file("./amazon-base-config.nix", "/mnt/etc/nixos/configuration.nix")
+m.run_command("nixos-install")
+if args.hvm:
+    m.run_command('cp /mnt/nix/store/*-grub-0.97*/lib/grub/i386-pc/* /mnt/boot/grub')
+    m.run_command('sed -i "s|hd0|hd0,0|" /mnt/boot/grub/menu.lst')
+    m.run_command('echo "(hd1) /dev/xvdg" > device.map')
+    m.run_command('echo -e "root (hd1,0)\nsetup (hd1)" | grub --device-map=device.map --batch')
+
+
+m.run_command("umount /mnt")
+
+
+if args.hvm:
+    ami_name = "nixos-{0}-x86_64-ebs-hvm".format(version)
+    description = "NixOS {0} (x86_64; EBS root; hvm)".format(version)
+else:
+    ami_name = "nixos-{0}-x86_64-ebs".format(version)
+    description = "NixOS {0} (x86_64; EBS root)".format(version)
+
+
+# Wait for the snapshot to finish.
+def check():
+    status = snapshot.update()
+    print >> sys.stderr, "snapshot status is {0}".format(status)
+    return status == '100%'
+
+m.connect()
+volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': m.resource_id, 'attachment.device': "/dev/sdg"})[0]
+if args.hvm:
+    instance = m._conn.run_instances( image_id="ami-6a9e4503"
+                                    , instance_type=instance_type
+                                    , key_name=args.key_name
+                                    , placement=m.zone
+                                    , security_groups=["eelco-test"]).instances[0]
+    nixops.util.check_wait(lambda: instance.update() == 'running', max_tries=120)
+    instance.stop()
+    nixops.util.check_wait(lambda: instance.update() == 'stopped', max_tries=120)
+    old_root_volume = m._conn.get_all_volumes([], filters={'attachment.instance-id': instance.id, 'attachment.device': "/dev/sda1"})[0]
+    old_root_volume.detach()
+    volume.detach()
+    nixops.util.check_wait(lambda: volume.update() == 'available', max_tries=120)
+    nixops.util.check_wait(lambda: old_root_volume.update() == 'available', max_tries=120)
+    volume.attach(instance.id, '/dev/sda1')
+    nixops.util.check_wait(lambda: volume.update() == 'in-use', max_tries=120)
+
+    ami_id = m._conn.create_image(instance.id, ami_name, description)
+    time.sleep(5)
+    image = m._conn.get_all_images([ami_id])[0]
+    nixops.util.check_wait(lambda: image.update() == 'available', max_tries=120)
+    instance.terminate()
+
+else:
+    # Create a snapshot.
+    snapshot = volume.create_snapshot(description=description)
+    print >> sys.stderr, "created snapshot {0}".format(snapshot.id)
+
+    nixops.util.check_wait(check, max_tries=120)
+
+    m._conn.create_tags([snapshot.id], {'Name': ami_name})
+
+    if not args.keep: depl.destroy_resources()
+
+     # Register the image.
+    aki = m._conn.get_all_images(filters={'manifest-location': '*pv-grub-hd0_1.03-x86_64*'})[0]
+    print >> sys.stderr, "using kernel image {0} - {1}".format(aki.id, aki.location)
+
+    block_map = BlockDeviceMapping()
+    block_map['/dev/sda'] = BlockDeviceType(snapshot_id=snapshot.id, delete_on_termination=True)
+    block_map['/dev/sdb'] = BlockDeviceType(ephemeral_name="ephemeral0")
+    block_map['/dev/sdc'] = BlockDeviceType(ephemeral_name="ephemeral1")
+    block_map['/dev/sdd'] = BlockDeviceType(ephemeral_name="ephemeral2")
+    block_map['/dev/sde'] = BlockDeviceType(ephemeral_name="ephemeral3")
+
+    ami_id = m._conn.register_image(
+        name=ami_name,
+        description=description,
+        architecture="x86_64",
+        root_device_name="/dev/sda",
+        kernel_id=aki.id,
+        block_device_map=block_map)
+
+print >> sys.stderr, "registered AMI {0}".format(ami_id)
+
+print >> sys.stderr, "sleeping a bit..."
+time.sleep(30)
+
+print >> sys.stderr, "setting image name..."
+m._conn.create_tags([ami_id], {'Name': ami_name})
+
+print >> sys.stderr, "making image public..."
+image = m._conn.get_all_images(image_ids=[ami_id])[0]
+image.set_launch_permissions(user_ids=[], group_names=["all"])
+
+# Do a test deployment to make sure that the AMI works.
+f = open("ebs-test.nix", "w")
+f.write(
+    '''
+    {{
+      network.description = "NixOS EBS test";
+
+      resources.ec2KeyPairs.keypair.accessKeyId = "logicblox-dev";
+      resources.ec2KeyPairs.keypair.region = "{0}";
+
+      machine = {{ config, pkgs, resources, ... }}: {{
+        deployment.targetEnv = "ec2";
+        deployment.ec2.accessKeyId = "logicblox-dev";
+        deployment.ec2.region = "{0}";
+        deployment.ec2.instanceType = "{2}";
+        deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
+        deployment.ec2.securityGroups = [ "admin" ];
+        deployment.ec2.ami = "{1}";
+      }};
+    }}
+    '''.format(args.region, ami_id, instance_type))
+f.close()
+
+test_depl = deployment.create_deployment(db)
+test_depl.auto_response = "y"
+test_depl.name = "ebs-creator-test"
+test_depl.nix_exprs = [os.path.abspath("./ebs-test.nix")]
+test_depl.deploy(create_only=True)
+test_depl.machines['machine'].run_command("nixos-version")
+
+if args.hvm:
+    image_type = 'hvm'
+else:
+    image_type = 'ebs'
+
+# Log the AMI ID.
+f = open("{0}.{1}.ami-id".format(args.region, image_type), "w")
+f.write("{0}".format(ami_id))
+f.close()
+
+for dest in [ 'us-east-1', 'us-west-1', 'us-west-2', 'eu-west-1']:
+    if args.region != dest:
+        print >> sys.stderr, "copying image from region {0} to {1}".format(args.region, dest)
+        conn = boto.ec2.connect_to_region(dest)
+        copy_image = conn.copy_image(args.region, ami_id, ami_name, description=None, client_token=None)
+
+        # Log the AMI ID.
+        f = open("{0}.{1}.ami-id".format(dest, image_type), "w")
+        f.write("{0}".format(copy_image.image_id))
+        f.close()
+
+
+if not args.keep:
+    test_depl.destroy_resources()
+    test_depl.delete()
+
diff --git a/nixos/maintainers/scripts/ec2/create-s3-amis.sh b/nixos/maintainers/scripts/ec2/create-s3-amis.sh
new file mode 100755
index 000000000000..1aaac2832394
--- /dev/null
+++ b/nixos/maintainers/scripts/ec2/create-s3-amis.sh
@@ -0,0 +1,49 @@
+#! /bin/sh -e
+
+nixos=$(nix-instantiate --find-file nixos)
+export NIXOS_CONFIG=$(dirname $(readlink -f $0))/amazon-base-config.nix
+
+version=$(nix-instantiate --eval-only '<nixos>' -A config.system.nixosVersion | sed s/'"'//g)
+echo "NixOS version is $version"
+
+buildAndUploadFor() {
+    system="$1"
+    arch="$2"
+
+    echo "building $system image..."
+    nix-build '<nixos>' \
+        -A config.system.build.amazonImage --argstr system "$system" -o ec2-ami
+
+    ec2-bundle-image -i ./ec2-ami/nixos.img --user "$AWS_ACCOUNT" --arch "$arch" \
+        -c "$EC2_CERT" -k "$EC2_PRIVATE_KEY"
+
+    for region in eu-west-1 us-east-1 us-west-1 us-west-2; do
+        echo "uploading $system image for $region..."
+
+        name=nixos-$version-$arch-s3
+        bucket="$(echo $name-$region | tr '[A-Z]_' '[a-z]-')"
+
+        if [ "$region" = eu-west-1 ]; then s3location=EU;
+        elif [ "$region" = us-east-1 ]; then s3location=US;
+        else s3location="$region"
+        fi
+
+        ec2-upload-bundle -b "$bucket" -m /tmp/nixos.img.manifest.xml \
+            -a "$EC2_ACCESS_KEY" -s "$EC2_SECRET_KEY" --location "$s3location" \
+            --url http://s3.amazonaws.com
+
+        kernel=$(ec2-describe-images -o amazon --filter "manifest-location=*pv-grub-hd0_1.03-$arch*" --region "$region" | cut -f 2)
+        echo "using PV-GRUB kernel $kernel"
+
+        ami=$(ec2-register "$bucket/nixos.img.manifest.xml" -n "$name" -d "NixOS $system r$revision" \
+            --region "$region" --kernel "$kernel" | cut -f 2)
+
+        echo "AMI ID is $ami"
+
+        echo $ami >> $region.s3.ami-id
+
+        ec2-modify-image-attribute --region "$region" "$ami" -l -a all
+    done
+}
+
+buildAndUploadFor x86_64-linux x86_64
diff --git a/nixos/maintainers/scripts/ec2/ebs-creator.nix b/nixos/maintainers/scripts/ec2/ebs-creator.nix
new file mode 100644
index 000000000000..43dbd86f6754
--- /dev/null
+++ b/nixos/maintainers/scripts/ec2/ebs-creator.nix
@@ -0,0 +1,13 @@
+{
+  network.description = "NixOS EBS creator";
+
+  machine =
+    { config, pkgs, resources, ... }:
+    { deployment.targetEnv = "ec2";
+      deployment.ec2.instanceType = "m1.large";
+      deployment.ec2.securityGroups = [ "admin" ];
+      deployment.ec2.ebsBoot = false;
+      deployment.ec2.keyPair = resources.ec2KeyPairs.keypair.name;
+      environment.systemPackages = [ pkgs.parted ];
+    };
+}
diff --git a/nixos/modules/config/fonts/corefonts.nix b/nixos/modules/config/fonts/corefonts.nix
new file mode 100644
index 000000000000..7de95200cfa9
--- /dev/null
+++ b/nixos/modules/config/fonts/corefonts.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    fonts = {
+
+      enableCoreFonts = mkOption {
+        default = false;
+        description = ''
+          Whether to include Microsoft's proprietary Core Fonts.  These fonts
+          are redistributable, but only verbatim, among other restrictions.
+          See <link xlink:href="http://corefonts.sourceforge.net/eula.htm"/>
+          for details.
+       '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf config.fonts.enableCoreFonts {
+
+    fonts.extraFonts = [ pkgs.corefonts ];
+
+  };
+
+}
diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix
new file mode 100644
index 000000000000..987bb1088c0d
--- /dev/null
+++ b/nixos/modules/config/fonts/fontconfig.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    fonts = {
+
+      enableFontConfig = mkOption { # !!! should be enableFontconfig
+        type = types.bool;
+        default = true;
+        description = ''
+          If enabled, a Fontconfig configuration file will be built
+          pointing to a set of default fonts.  If you don't care about
+          running X11 applications or any other program that uses
+          Fontconfig, you can turn this option off and prevent a
+          dependency on all those fonts.
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf config.fonts.enableFontConfig {
+
+    # Bring in the default (upstream) fontconfig configuration.
+    environment.etc."fonts/fonts.conf".source =
+      pkgs.makeFontsConf { fontDirectories = config.fonts.fonts; };
+
+    environment.etc."fonts/conf.d/00-nixos.conf".text =
+      ''
+        <?xml version='1.0'?>
+        <!DOCTYPE fontconfig SYSTEM 'fonts.dtd'>
+        <fontconfig>
+
+          <!-- Set the default hinting style to "slight". -->
+          <match target="font">
+            <edit mode="assign" name="hintstyle">
+              <const>hintslight</const>
+            </edit>
+          </match>
+
+        </fontconfig>
+      '';
+
+    # FIXME: This variable is no longer needed, but we'll keep it
+    # around for a while for applications linked against old
+    # fontconfig builds.
+    environment.variables.FONTCONFIG_FILE = "/etc/fonts/fonts.conf";
+
+    environment.systemPackages = [ pkgs.fontconfig ];
+
+  };
+
+}
diff --git a/nixos/modules/config/fonts/fontdir.nix b/nixos/modules/config/fonts/fontdir.nix
new file mode 100644
index 000000000000..a4f69809b2a4
--- /dev/null
+++ b/nixos/modules/config/fonts/fontdir.nix
@@ -0,0 +1,75 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  fontDirs = config.fonts.fonts;
+
+  localDefs = with pkgs.builderDefs; pkgs.builderDefs.passthru.function rec {
+    src = "";/* put a fetchurl here */
+    buildInputs = [pkgs.xorg.mkfontdir pkgs.xorg.mkfontscale];
+    inherit fontDirs;
+    installPhase = fullDepEntry ("
+    list='';
+    for i in ${toString fontDirs} ; do
+      if [ -d \$i/ ]; then
+        list=\"\$list \$i\";
+      fi;
+    done
+    list=\$(find \$list -name fonts.dir -o -name '*.ttf' -o -name '*.otf');
+    fontDirs='';
+    for i in \$list ; do
+      fontDirs=\"\$fontDirs \$(dirname \$i)\";
+    done;
+    mkdir -p \$out/share/X11-fonts/;
+    find \$fontDirs -type f -o -type l | while read i; do
+      j=\"\${i##*/}\"
+      if ! test -e \"\$out/share/X11-fonts/\${j}\"; then
+        ln -s \"\$i\" \"\$out/share/X11-fonts/\${j}\";
+      fi;
+    done;
+    cd \$out/share/X11-fonts/
+    rm fonts.dir
+    rm fonts.scale
+    rm fonts.alias
+    mkfontdir
+    mkfontscale
+    cat \$( find ${pkgs.xorg.fontalias}/ -name fonts.alias) >fonts.alias
+  ") ["minInit" "addInputs"];
+  };
+
+  x11Fonts = with localDefs; stdenv.mkDerivation rec {
+    name = "X11-fonts";
+    builder = writeScript (name + "-builder")
+      (textClosure localDefs
+        [installPhase doForceShare doPropagate]);
+  };
+
+in
+
+{
+
+  options = {
+
+    fonts = {
+
+      enableFontDir = mkOption {
+        default = false;
+        description = ''
+          Whether to create a directory with links to all fonts in
+          <filename>/run/current-system/sw/share/X11-fonts</filename>.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf config.fonts.enableFontDir {
+
+    environment.systemPackages = [ x11Fonts ];
+
+  };
+
+}
diff --git a/nixos/modules/config/fonts/fonts.nix b/nixos/modules/config/fonts/fonts.nix
new file mode 100644
index 000000000000..f43784f6d03e
--- /dev/null
+++ b/nixos/modules/config/fonts/fonts.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    fonts = {
+
+      # TODO: find another name for it.
+      fonts = mkOption {
+        default = [
+          # - the user's .fonts directory
+          "~/.fonts"
+          # - the user's current profile
+          "~/.nix-profile/lib/X11/fonts"
+          "~/.nix-profile/share/fonts"
+          # - the default profile
+          "/nix/var/nix/profiles/default/lib/X11/fonts"
+          "/nix/var/nix/profiles/default/share/fonts"
+        ];
+        description = "List of primary font paths.";
+        apply = list: list ++ [
+          # - a few statically built locations
+          pkgs.xorg.fontbhttf
+          pkgs.xorg.fontbhlucidatypewriter100dpi
+          pkgs.xorg.fontbhlucidatypewriter75dpi
+          pkgs.ttf_bitstream_vera
+          pkgs.freefont_ttf
+          pkgs.liberation_ttf
+          pkgs.xorg.fontbh100dpi
+          pkgs.xorg.fontmiscmisc
+          pkgs.xorg.fontcursormisc
+        ]
+        ++ config.fonts.extraFonts;
+      };
+
+      extraFonts = mkOption {
+        default = [];
+        example = [ pkgs.dejavu_fonts ];
+        description = "List of packages with additional fonts.";
+      };
+
+    };
+
+  };
+
+}
diff --git a/nixos/modules/config/fonts/ghostscript.nix b/nixos/modules/config/fonts/ghostscript.nix
new file mode 100644
index 000000000000..9ef00396808c
--- /dev/null
+++ b/nixos/modules/config/fonts/ghostscript.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    fonts = {
+
+      enableGhostscriptFonts = mkOption {
+        default = false;
+        description = ''
+          Whether to add the fonts provided by Ghostscript (such as
+          various URW fonts and the “Base-14” Postscript fonts) to the
+          list of system fonts, making them available to X11
+          applications.
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf config.fonts.enableGhostscriptFonts {
+
+    fonts.extraFonts = [ "${pkgs.ghostscript}/share/ghostscript/fonts" ];
+
+  };
+
+}
diff --git a/nixos/modules/config/gnu.nix b/nixos/modules/config/gnu.nix
new file mode 100644
index 000000000000..6f5d2950463f
--- /dev/null
+++ b/nixos/modules/config/gnu.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    gnu = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        '' When enabled, GNU software is chosen by default whenever a there is
+           a choice between GNU and non-GNU software (e.g., GNU lsh
+           vs. OpenSSH).
+        '';
+    };
+  };
+
+  config = mkIf config.gnu {
+
+    environment.systemPackages = with pkgs;
+      # TODO: Adjust `requiredPackages' from `system-path.nix'.
+      # TODO: Add Inetutils once it has the new `ifconfig'.
+      [ parted
+        #fdisk  # XXX: GNU fdisk currently fails to build and it's redundant
+                # with the `parted' command.
+        nano zile
+        texinfo # for the stand-alone Info reader
+      ]
+      ++ stdenv.lib.optional (!stdenv.isArm) grub2;
+
+
+    # GNU GRUB, where available.
+    boot.loader.grub.enable = !pkgs.stdenv.isArm;
+    boot.loader.grub.version = 2;
+
+    # GNU lsh.
+    services.openssh.enable = false;
+    services.lshd.enable = true;
+    services.xserver.startOpenSSHAgent = false;
+    services.xserver.startGnuPGAgent = true;
+
+    # TODO: GNU dico.
+    # TODO: GNU Inetutils' inetd.
+    # TODO: GNU Pies.
+  };
+}
diff --git a/nixos/modules/config/i18n.nix b/nixos/modules/config/i18n.nix
new file mode 100644
index 000000000000..56d541cb9b3b
--- /dev/null
+++ b/nixos/modules/config/i18n.nix
@@ -0,0 +1,87 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  glibcLocales = pkgs.glibcLocales.override {
+    allLocales = any (x: x == "all") config.i18n.supportedLocales;
+    locales = config.i18n.supportedLocales;
+  };
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    i18n = {
+      defaultLocale = mkOption {
+        type = types.str;
+        default = "en_US.UTF-8";
+        example = "nl_NL.UTF-8";
+        description = ''
+          The default locale.  It determines the language for program
+          messages, the format for dates and times, sort order, and so on.
+          It also determines the character set, such as UTF-8.
+        '';
+      };
+
+      supportedLocales = mkOption {
+        type = types.listOf types.str;
+        default = ["all"];
+        example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"];
+        description = ''
+          List of locales that the system should support.  The value
+          <literal>"all"</literal> means that all locales supported by
+          Glibc will be installed.  A full list of supported locales
+          can be found at <link
+          xlink:href="http://sourceware.org/cgi-bin/cvsweb.cgi/libc/localedata/SUPPORTED?cvsroot=glibc"/>.
+        '';
+      };
+
+      consoleFont = mkOption {
+        type = types.str;
+        default = "lat9w-16";
+        example = "LatArCyrHeb-16";
+        description = ''
+          The font used for the virtual consoles.  Leave empty to use
+          whatever the <command>setfont</command> program considers the
+          default font.
+        '';
+      };
+
+      consoleKeyMap = mkOption {
+        type = types.str;
+        default = "us";
+        example = "fr";
+        description = ''
+          The keyboard mapping table for the virtual consoles.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages = [ glibcLocales ];
+
+    environment.variables.LANG = config.i18n.defaultLocale;
+
+    # ‘/etc/locale.conf’ is used by systemd.
+    environment.etc = singleton
+      { target = "locale.conf";
+        source = pkgs.writeText "locale.conf"
+          ''
+            LANG=${config.i18n.defaultLocale}
+          '';
+      };
+
+  };
+}
diff --git a/nixos/modules/config/krb5.nix b/nixos/modules/config/krb5.nix
new file mode 100644
index 000000000000..3323046ac5b4
--- /dev/null
+++ b/nixos/modules/config/krb5.nix
@@ -0,0 +1,204 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.krb5;
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    krb5 = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable Kerberos V.";
+      };
+
+      defaultRealm = mkOption {
+        default = "ATENA.MIT.EDU";
+        description = "Default realm.";
+      };
+
+      domainRealm = mkOption {
+        default = "atena.mit.edu";
+        description = "Default domain realm.";
+      };
+
+      kdc = mkOption {
+        default = "kerberos.mit.edu";
+        description = "Kerberos Domain Controller";
+      };
+
+      kerberosAdminServer = mkOption {
+        default = "kerberos.mit.edu";
+        description = "Kerberos Admin Server";
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf config.krb5.enable {
+
+    environment.systemPackages = [ pkgs.krb5 ];
+
+    environment.etc."krb5.conf".text =
+      ''
+        [libdefaults]
+            default_realm = ${cfg.defaultRealm}
+            encrypt = true
+
+        # The following krb5.conf variables are only for MIT Kerberos.
+            krb4_config = /etc/krb.conf
+            krb4_realms = /etc/krb.realms
+            kdc_timesync = 1
+            ccache_type = 4
+            forwardable = true
+            proxiable = true
+
+        # The following encryption type specification will be used by MIT Kerberos
+        # if uncommented.  In general, the defaults in the MIT Kerberos code are
+        # correct and overriding these specifications only serves to disable new
+        # encryption types as they are added, creating interoperability problems.
+
+        #   default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+        #   default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+        #   permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5
+
+        # The following libdefaults parameters are only for Heimdal Kerberos.
+            v4_instance_resolve = false
+            v4_name_convert = {
+                host = {
+                    rcmd = host
+                    ftp = ftp
+                }
+                plain = {
+                    something = something-else
+                }
+            }
+            fcc-mit-ticketflags = true
+
+        [realms]
+            ${cfg.defaultRealm} = {
+                kdc = ${cfg.kdc}
+                admin_server = ${cfg.kerberosAdminServer}
+                #kpasswd_server = ${cfg.kerberosAdminServer}
+            }
+            ATHENA.MIT.EDU = {
+                kdc = kerberos.mit.edu:88
+                kdc = kerberos-1.mit.edu:88
+                kdc = kerberos-2.mit.edu:88
+                admin_server = kerberos.mit.edu
+                default_domain = mit.edu
+            }
+            MEDIA-LAB.MIT.EDU = {
+                kdc = kerberos.media.mit.edu
+                admin_server = kerberos.media.mit.edu
+            }
+            ZONE.MIT.EDU = {
+                kdc = casio.mit.edu
+                kdc = seiko.mit.edu
+                admin_server = casio.mit.edu
+            }
+            MOOF.MIT.EDU = {
+                kdc = three-headed-dogcow.mit.edu:88
+                kdc = three-headed-dogcow-1.mit.edu:88
+                admin_server = three-headed-dogcow.mit.edu
+            }
+            CSAIL.MIT.EDU = {
+                kdc = kerberos-1.csail.mit.edu
+                kdc = kerberos-2.csail.mit.edu
+                admin_server = kerberos.csail.mit.edu
+                default_domain = csail.mit.edu
+                krb524_server = krb524.csail.mit.edu
+            }
+            IHTFP.ORG = {
+                kdc = kerberos.ihtfp.org
+                admin_server = kerberos.ihtfp.org
+            }
+            GNU.ORG = {
+                kdc = kerberos.gnu.org
+                kdc = kerberos-2.gnu.org
+                kdc = kerberos-3.gnu.org
+                admin_server = kerberos.gnu.org
+            }
+            1TS.ORG = {
+                kdc = kerberos.1ts.org
+                admin_server = kerberos.1ts.org
+            }
+            GRATUITOUS.ORG = {
+                kdc = kerberos.gratuitous.org
+                admin_server = kerberos.gratuitous.org
+            }
+            DOOMCOM.ORG = {
+                kdc = kerberos.doomcom.org
+                admin_server = kerberos.doomcom.org
+            }
+            ANDREW.CMU.EDU = {
+                kdc = vice28.fs.andrew.cmu.edu
+                kdc = vice2.fs.andrew.cmu.edu
+                kdc = vice11.fs.andrew.cmu.edu
+                kdc = vice12.fs.andrew.cmu.edu
+                admin_server = vice28.fs.andrew.cmu.edu
+                default_domain = andrew.cmu.edu
+            }
+            CS.CMU.EDU = {
+                kdc = kerberos.cs.cmu.edu
+                kdc = kerberos-2.srv.cs.cmu.edu
+                admin_server = kerberos.cs.cmu.edu
+            }
+            DEMENTIA.ORG = {
+                kdc = kerberos.dementia.org
+                kdc = kerberos2.dementia.org
+                admin_server = kerberos.dementia.org
+            }
+            stanford.edu = {
+                kdc = krb5auth1.stanford.edu
+                kdc = krb5auth2.stanford.edu
+                kdc = krb5auth3.stanford.edu
+                admin_server = krb5-admin.stanford.edu
+                default_domain = stanford.edu
+            }
+
+        [domain_realm]
+            .${cfg.domainRealm} = ${cfg.defaultRealm}
+            ${cfg.domainRealm} = ${cfg.defaultRealm}
+            .mit.edu = ATHENA.MIT.EDU
+            mit.edu = ATHENA.MIT.EDU
+            .media.mit.edu = MEDIA-LAB.MIT.EDU
+            media.mit.edu = MEDIA-LAB.MIT.EDU
+            .csail.mit.edu = CSAIL.MIT.EDU
+            csail.mit.edu = CSAIL.MIT.EDU
+            .whoi.edu = ATHENA.MIT.EDU
+            whoi.edu = ATHENA.MIT.EDU
+            .stanford.edu = stanford.edu
+
+        [logging]
+            kdc = SYSLOG:INFO:DAEMON
+            admin_server = SYSLOG:INFO:DAEMON
+            default = SYSLOG:INFO:DAEMON
+            krb4_convert = true
+            krb4_get_tickets = false
+
+        [appdefaults]
+            pam = {
+                debug = false
+                ticket_lifetime = 36000
+                renew_lifetime = 36000
+                max_timeout = 30
+                timeout_shift = 2
+                initial_timeout = 1
+            }
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/config/ldap.nix b/nixos/modules/config/ldap.nix
new file mode 100644
index 000000000000..113f5d8bcbde
--- /dev/null
+++ b/nixos/modules/config/ldap.nix
@@ -0,0 +1,246 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+with pkgs;
+
+let
+
+  cfg = config.users.ldap;
+
+  # Careful: OpenLDAP seems to be very picky about the indentation of
+  # this file.  Directives HAVE to start in the first column!
+  ldapConfig = {
+    target = "ldap.conf";
+    source = writeText "ldap.conf" ''
+      uri ${config.users.ldap.server}
+      base ${config.users.ldap.base}
+      timelimit ${toString config.users.ldap.timeLimit}
+      bind_timelimit ${toString config.users.ldap.bind.timeLimit}
+      bind_policy ${config.users.ldap.bind.policy}
+      ${optionalString config.users.ldap.useTLS ''
+        ssl start_tls
+        tls_checkpeer no
+      ''}
+      ${optionalString (config.users.ldap.bind.distinguishedName != "") ''
+        binddn ${config.users.ldap.bind.distinguishedName}
+      ''}
+      ${optionalString (cfg.extraConfig != "") cfg.extraConfig }
+    '';
+  };
+
+  nslcdConfig = {
+    target = "nslcd.conf";
+    source = writeText "nslcd.conf" ''
+      uid nslcd
+      gid nslcd
+      uri ${cfg.server}
+      base ${cfg.base}
+      timelimit ${toString cfg.timeLimit}
+      bind_timelimit ${toString cfg.bind.timeLimit}
+      ${optionalString (cfg.bind.distinguishedName != "")
+        "binddn ${cfg.bind.distinguishedName}" }
+      ${optionalString (cfg.daemon.extraConfig != "") cfg.daemon.extraConfig }
+    '';
+  };
+
+  insertLdapPassword = !config.users.ldap.daemon.enable &&
+    config.users.ldap.bind.distinguishedName != "";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    users.ldap = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable authentication against an LDAP server.";
+      };
+
+      server = mkOption {
+        example = "ldap://ldap.example.org/";
+        description = "The URL of the LDAP server.";
+      };
+
+      base = mkOption {
+        example = "dc=example,dc=org";
+        description = "The distinguished name of the search base.";
+      };
+
+      useTLS = mkOption {
+        default = false;
+        description = ''
+          If enabled, use TLS (encryption) over an LDAP (port 389)
+          connection.  The alternative is to specify an LDAPS server (port
+          636) in <option>users.ldap.server</option> or to forego
+          security.
+        '';
+      };
+
+      timeLimit = mkOption {
+        default = 0;
+        type = types.int;
+        description = ''
+          Specifies the time limit (in seconds) to use when performing
+          searches. A value of zero (0), which is the default, is to
+          wait indefinitely for searches to be completed.
+        '';
+      };
+
+      daemon = {
+        enable = mkOption {
+          default = false;
+          description = ''
+            Whether to let the nslcd daemon (nss-pam-ldapd) handle the
+            LDAP lookups for NSS and PAM. This can improve performance,
+            and if you need to bind to the LDAP server with a password,
+            it increases security, since only the nslcd user needs to
+            have access to the bindpw file, not everyone that uses NSS
+            and/or PAM. If this option is enabled, a local nscd user is
+            created automatically, and the nslcd service is started
+            automatically when the network get up.
+          '';
+        };
+
+        extraConfig = mkOption {
+          default =  "";
+          type = types.string;
+          description = ''
+            Extra configuration options that will be added verbatim at
+            the end of the nslcd configuration file (nslcd.conf).
+          '' ;
+        } ;
+      };
+
+      bind = {
+        distinguishedName = mkOption {
+          default = "";
+          example = "cn=admin,dc=example,dc=com";
+          type = types.string;
+          description = ''
+            The distinguished name to bind to the LDAP server with. If this
+            is not specified, an anonymous bind will be done.
+          '';
+        };
+
+        password = mkOption {
+          default = "/etc/ldap/bind.password";
+          type = types.string;
+          description = ''
+            The path to a file containing the credentials to use when binding
+            to the LDAP server (if not binding anonymously).
+          '';
+        };
+
+        timeLimit = mkOption {
+          default = 30;
+          type = types.int;
+          description = ''
+            Specifies the time limit (in seconds) to use when connecting
+            to the directory server. This is distinct from the time limit
+            specified in <literal>users.ldap.timeLimit</literal> and affects
+            the initial server connection only.
+          '';
+        };
+
+        policy = mkOption {
+          default = "hard_open";
+          type = types.string;
+          description = ''
+            Specifies the policy to use for reconnecting to an unavailable
+            LDAP server. The default is <literal>hard_open</literal>, which
+            reconnects if opening the connection to the directory server
+            failed. By contrast, <literal>hard_init</literal> reconnects if
+            initializing the connection failed. Initializing may not
+            actually contact the directory server, and it is possible that
+            a malformed configuration file will trigger reconnection. If
+            <literal>soft</literal> is specified, then
+            <literal>nss_ldap</literal> will return immediately on server
+            failure. All hard reconnect policies block with exponential
+            backoff before retrying.
+          '';
+        };
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        type = types.string;
+        description = ''
+          Extra configuration options that will be added verbatim at
+          the end of the ldap configuration file (ldap.conf).
+          If <literal>users.ldap.daemon</literal> is enabled, this
+          configuration will not be used. In that case, use
+          <literal>users.ldap.daemon.extraConfig</literal> instead.
+        '' ;
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.etc = if cfg.daemon.enable then [nslcdConfig] else [ldapConfig];
+
+    system.activationScripts = mkIf insertLdapPassword {
+      ldap = stringAfter [ "etc" "groups" "users" ] ''
+        if test -f "${cfg.bind.password}" ; then
+          echo "bindpw "$(cat ${cfg.bind.password})"" | cat ${ldapConfig} - > /etc/ldap.conf.bindpw
+          mv -fT /etc/ldap.conf.bindpw /etc/ldap.conf
+          chmod 600 /etc/ldap.conf
+        fi
+      '';
+    };
+
+    system.nssModules = singleton (
+      if cfg.daemon.enable then nss_pam_ldapd else nss_ldap
+    );
+
+    users = mkIf cfg.daemon.enable {
+      extraGroups.nslcd = {
+        gid = config.ids.gids.nslcd;
+      };
+
+      extraUsers.nslcd = {
+        uid = config.ids.uids.nslcd;
+        description = "nslcd user.";
+        group = "nslcd";
+      };
+    };
+
+    systemd.services = mkIf cfg.daemon.enable {
+
+      nslcd = {
+        wantedBy = [ "nss-user-lookup.target" ];
+        before = [ "nss-user-lookup.target" ];
+        after = [ "network.target" ];
+
+        preStart = ''
+          mkdir -p /run/nslcd
+          rm -f /run/nslcd/nslcd.pid;
+          chown nslcd.nslcd /run/nslcd
+          ${optionalString (cfg.bind.distinguishedName != "") ''
+            if test -s "${cfg.bind.password}" ; then
+              ln -sfT "${cfg.bind.password}" /run/nslcd/bindpw
+            fi
+          ''}
+        '';
+
+        serviceConfig = {
+          ExecStart = "${nss_pam_ldapd}/sbin/nslcd";
+          Type = "forking";
+          PIDFile = "/run/nslcd/nslcd.pid";
+          Restart = "always";
+        };
+      };
+
+    };
+
+  };
+}
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
new file mode 100644
index 000000000000..9ac68b428190
--- /dev/null
+++ b/nixos/modules/config/networking.nix
@@ -0,0 +1,90 @@
+# /etc files related to networking, such as /etc/services.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking;
+
+in
+
+{
+
+  options = {
+
+    networking.extraHosts = pkgs.lib.mkOption {
+      type = types.lines;
+      default = "";
+      example = "192.168.0.1 lanlocalhost";
+      description = ''
+        Additional entries to be appended to <filename>/etc/hosts</filename>.
+      '';
+    };
+
+    networking.dnsSingleRequest = pkgs.lib.mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA)
+        address queries at the same time, from the same port. Sometimes upstream
+        routers will systemically drop the ipv4 queries. The symptom of this problem is
+        that 'getent hosts example.com' only returns ipv6 (or perhaps only ipv4) addresses. The
+        workaround for this is to specify the option 'single-request' in
+        /etc/resolv.conf. This option enables that.
+      '';
+    };
+
+  };
+
+  config = {
+
+    environment.etc =
+      { # /etc/services: TCP/UDP port assignments.
+        "services".source = pkgs.iana_etc + "/etc/services";
+
+        # /etc/protocols: IP protocol numbers.
+        "protocols".source  = pkgs.iana_etc + "/etc/protocols";
+
+        # /etc/rpc: RPC program numbers.
+        "rpc".source = pkgs.glibc + "/etc/rpc";
+
+        # /etc/hosts: Hostname-to-IP mappings.
+        "hosts".text =
+          ''
+            127.0.0.1 localhost
+            ${optionalString cfg.enableIPv6 ''
+              ::1 localhost
+            ''}
+            ${cfg.extraHosts}
+          '';
+
+        # /etc/resolvconf.conf: Configuration for openresolv.
+        "resolvconf.conf".text =
+            ''
+              # This is the default, but we must set it here to prevent
+              # a collision with an apparently unrelated environment
+              # variable with the same name exported by dhcpcd.
+              interface_order='lo lo[0-9]*'
+            '' + optionalString config.services.nscd.enable ''
+              # Invalidate the nscd cache whenever resolv.conf is
+              # regenerated.
+              libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service'
+            '' + optionalString cfg.dnsSingleRequest ''
+              # only send one DNS request at a time
+              resolv_conf_options='single-request'
+            '' + optionalString config.services.bind.enable ''
+              # This hosts runs a full-blown DNS resolver.
+              name_servers='127.0.0.1'
+            '';
+      };
+
+    # The ‘ip-up’ target is started when we have IP connectivity.  So
+    # services that depend on IP connectivity (like ntpd) should be
+    # pulled in by this target.
+    systemd.targets.ip-up.description = "Services Requiring IP Connectivity";
+
+  };
+
+}
diff --git a/nixos/modules/config/no-x-libs.nix b/nixos/modules/config/no-x-libs.nix
new file mode 100644
index 000000000000..ec7bf3fea7b5
--- /dev/null
+++ b/nixos/modules/config/no-x-libs.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    environment.noXlibs = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Switch off the options in the default configuration that require X libraries.
+        Currently this includes: ssh X11 forwarding, dbus, fonts.enableCoreFonts,
+        fonts.enableFontConfig
+      '';
+    };
+  };
+
+  config = mkIf config.environment.noXlibs {
+    programs.ssh.setXAuthLocation = false;
+    fonts = {
+      enableCoreFonts = false;
+      enableFontConfig = false;
+    };
+  };
+}
diff --git a/nixos/modules/config/nsswitch.nix b/nixos/modules/config/nsswitch.nix
new file mode 100644
index 000000000000..2e2125d44f7b
--- /dev/null
+++ b/nixos/modules/config/nsswitch.nix
@@ -0,0 +1,63 @@
+# Configuration for the Name Service Switch (/etc/nsswitch.conf).
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (config.services.avahi) nssmdns;
+  inherit (config.services.samba) nsswins;
+
+in
+
+{
+  options = {
+
+    # NSS modules.  Hacky!
+    system.nssModules = mkOption {
+      type = types.listOf types.path;
+      internal = true;
+      default = [];
+      description = ''
+        Search path for NSS (Name Service Switch) modules.  This allows
+        several DNS resolution methods to be specified via
+        <filename>/etc/nsswitch.conf</filename>.
+      '';
+      apply = list:
+        {
+          inherit list;
+          path = makeLibraryPath list;
+        };
+    };
+
+  };
+
+  config = {
+
+    environment.etc =
+      [ # Name Service Switch configuration file.  Required by the C library.
+        # !!! Factor out the mdns stuff.  The avahi module should define
+        # an option used by this module.
+        { source = pkgs.writeText "nsswitch.conf"
+            ''
+              passwd:    files ldap
+              group:     files ldap
+              shadow:    files ldap
+              hosts:     files ${optionalString nssmdns "mdns_minimal [NOTFOUND=return]"} dns ${optionalString nssmdns "mdns"} ${optionalString nsswins "wins"} myhostname
+              networks:  files dns
+              ethers:    files
+              services:  files
+              protocols: files
+            '';
+          target = "nsswitch.conf";
+        }
+      ];
+
+    # Use nss-myhostname to ensure that our hostname always resolves to
+    # a valid IP address.  It returns all locally configured IP
+    # addresses, or ::1 and 127.0.0.2 as fallbacks.
+    system.nssModules = [ pkgs.systemd ];
+
+  };
+}
diff --git a/nixos/modules/config/power-management.nix b/nixos/modules/config/power-management.nix
new file mode 100644
index 000000000000..7299136235ed
--- /dev/null
+++ b/nixos/modules/config/power-management.nix
@@ -0,0 +1,112 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.powerManagement;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    powerManagement = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description =
+          ''
+            Whether to enable power management.  This includes support
+            for suspend-to-RAM and powersave features on laptops.
+          '';
+      };
+
+      resumeCommands = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Commands executed after the system resumes from suspend-to-RAM.";
+      };
+
+      powerUpCommands = mkOption {
+        type = types.lines;
+        default = "";
+        example = "${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda";
+        description =
+          ''
+            Commands executed when the machine powers up.  That is,
+            they're executed both when the system first boots and when
+            it resumes from suspend or hibernation.
+          '';
+      };
+
+      powerDownCommands = mkOption {
+        type = types.lines;
+        default = "";
+        example = "${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda";
+        description =
+          ''
+            Commands executed when the machine powers down.  That is,
+            they're executed both when the system shuts down and when
+            it goes to suspend or hibernation.
+          '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    # Enable the ACPI daemon.  Not sure whether this is essential.
+    services.acpid.enable = true;
+
+    boot.kernelModules =
+      [ "acpi_cpufreq" "powernow-k8" "cpufreq_performance" "cpufreq_powersave" "cpufreq_ondemand"
+        "cpufreq_conservative"
+      ];
+
+    powerManagement.cpuFreqGovernor = mkDefault "ondemand";
+    powerManagement.scsiLinkPolicy = mkDefault "min_power";
+
+    systemd.targets.post-resume = {
+      description = "Post-Resume Actions";
+      requires = [ "post-resume.service" ];
+      after = [ "post-resume.service" ];
+      wantedBy = [ "sleep.target" ];
+      unitConfig.StopWhenUnneeded = true;
+    };
+
+    # Service executed before suspending/hibernating.
+    systemd.services."pre-sleep" =
+      { description = "Pre-Sleep Actions";
+        wantedBy = [ "sleep.target" ];
+        before = [ "sleep.target" ];
+        script =
+          ''
+            ${cfg.powerDownCommands}
+          '';
+        serviceConfig.Type = "oneshot";
+      };
+
+    systemd.services."post-resume" =
+      { description = "Post-Resume Actions";
+        after = [ "suspend.target" "hibernate.target" "hybrid-sleep.target" ];
+        script =
+          ''
+            ${cfg.resumeCommands}
+            ${cfg.powerUpCommands}
+          '';
+        serviceConfig.Type = "oneshot";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/config/pulseaudio.nix b/nixos/modules/config/pulseaudio.nix
new file mode 100644
index 000000000000..7a6cc542273a
--- /dev/null
+++ b/nixos/modules/config/pulseaudio.nix
@@ -0,0 +1,150 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+with pkgs;
+
+let
+
+  cfg = config.hardware.pulseaudio;
+
+  uid = config.ids.uids.pulseaudio;
+  gid = config.ids.gids.pulseaudio;
+
+  pulseRuntimePath = "/var/run/pulse";
+
+  # Create pulse/client.conf even if PulseAudio is disabled so
+  # that we can disable the autospawn feature in programs that
+  # are built with PulseAudio support (like KDE).
+  clientConf = writeText "client.conf" ''
+    autospawn=${if (cfg.enable && !cfg.systemWide) then "yes" else "no"}
+    ${optionalString (cfg.enable && !cfg.systemWide)
+      "daemon-binary=${cfg.package}/bin/pulseaudio"}
+  '';
+
+  # Write an /etc/asound.conf that causes all ALSA applications to
+  # be re-routed to the PulseAudio server through ALSA's Pulse
+  # plugin.
+  alsaConf = writeText "asound.conf" ''
+    pcm_type.pulse {
+      lib ${alsaPlugins}/lib/alsa-lib/libasound_module_pcm_pulse.so
+    }
+    pcm.!default {
+      type pulse
+      hint.description "Default Audio Device (via PulseAudio)"
+    }
+    ctl_type.pulse {
+      lib ${alsaPlugins}/lib/alsa-lib/libasound_module_ctl_pulse.so
+    }
+    ctl.!default {
+      type pulse
+    }
+  '';
+
+in {
+
+  options = {
+
+    hardware.pulseaudio = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable the PulseAudio sound server.
+        '';
+      };
+
+      systemWide = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          If false, a PulseAudio server is launched automatically for
+          each user that tries to use the sound system. The server runs
+          with user privileges. This is the recommended and most secure
+          way to use PulseAudio. If true, one system-wide PulseAudio
+          server is launched on boot, running as the user "pulse".
+          Please read the PulseAudio documentation for more details.
+        '';
+      };
+
+      configFile = mkOption {
+        type = types.uniq types.path;
+        default = "${pulseaudio}/etc/pulse/default.pa";
+        description = ''
+          The path to the configuration the PulseAudio server
+          should use. By default, the "default.pa" configuration
+          from the PulseAudio distribution is used.
+        '';
+      };
+
+      package = mkOption {
+        type = types.path;
+        default = pulseaudio;
+        example = literalExample "pulseaudio.override { jackaudioSupport = true; }";
+        description = ''
+          The PulseAudio derivation to use.  This can be used to enable
+          features (such as JACK support) that are not enabled in the
+          default PulseAudio in Nixpkgs.
+        '';
+      };
+    };
+
+  };
+
+
+  config = mkMerge [
+    {
+      environment.etc = singleton {
+        target = "pulse/client.conf";
+        source = clientConf;
+      };
+    }
+
+    (mkIf cfg.enable {
+      environment.systemPackages = [ cfg.package ];
+
+      environment.etc = singleton {
+        target = "asound.conf";
+        source = alsaConf;
+      };
+
+      # Allow PulseAudio to get realtime priority using rtkit.
+      security.rtkit.enable = true;
+    })
+
+    (mkIf (cfg.enable && !cfg.systemWide) {
+      environment.etc = singleton {
+        target = "pulse/default.pa";
+        source = cfg.configFile;
+      };
+    })
+
+    (mkIf (cfg.enable && cfg.systemWide) {
+      users.extraUsers.pulse = {
+        # For some reason, PulseAudio wants UID == GID.
+        uid = assert uid == gid; uid;
+        group = "pulse";
+        extraGroups = [ "audio" ];
+        description = "PulseAudio system service user";
+        home = pulseRuntimePath;
+      };
+
+      users.extraGroups.pulse.gid = gid;
+
+      systemd.services.pulseaudio = {
+        description = "PulseAudio system-wide server";
+        wantedBy = [ "sound.target" ];
+        before = [ "sound.target" ];
+        path = [ cfg.package ];
+        environment.PULSE_RUNTIME_PATH = pulseRuntimePath;
+        preStart = ''
+          mkdir -p --mode 755 ${pulseRuntimePath}
+          chown -R pulse:pulse ${pulseRuntimePath}
+        '';
+        script = ''
+          exec pulseaudio --system -n --file="${cfg.configFile}"
+        '';
+      };
+    })
+  ];
+
+}
diff --git a/nixos/modules/config/shells-environment.nix b/nixos/modules/config/shells-environment.nix
new file mode 100644
index 000000000000..e3fbdd7aaec1
--- /dev/null
+++ b/nixos/modules/config/shells-environment.nix
@@ -0,0 +1,184 @@
+# This module defines a global environment configuration and
+# a common configuration for all shells.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.environment;
+
+in
+
+{
+
+  options = {
+
+    environment.variables = mkOption {
+      default = {};
+      description = ''
+        A set of environment variables used in the global environment.
+        The value of each variable can be either a string or a list of
+        strings.  The latter is concatenated, interspersed with colon
+        characters.
+      '';
+      type = types.attrsOf (mkOptionType {
+        name = "a string or a list of strings";
+        merge = loc: defs:
+          let
+            defs' = filterOverrides defs;
+            res = (head defs').value;
+          in
+          if isList res then concatLists (getValues defs')
+          else if builtins.lessThan 1 (length defs') then
+            throw "The option `${showOption loc}' is defined multiple times, in ${showFiles (getFiles defs)}."
+          else if !builtins.isString res then
+            throw "The option `${showOption loc}' does not have a string value, in ${showFiles (getFiles defs)}."
+          else res;
+      });
+      apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);
+    };
+
+    environment.profiles = mkOption {
+      default = [];
+      description = ''
+        A list of profiles used to setup the global environment.
+      '';
+      type = types.listOf types.string;
+    };
+
+    environment.profileVariables = mkOption {
+      default = (p: {});
+      description = ''
+        A function which given a profile path should give back
+        a set of environment variables for that profile.
+      '';
+      # !!! this should be of the following type:
+      #type = types.functionTo (types.attrsOf (types.optionSet envVar));
+      # and envVar should be changed to something more like environOpts.
+      # Having unique `value' _or_ multiple `list' is much more useful
+      # than just sticking everything together with ':' unconditionally.
+      # Anyway, to have this type mentioned above
+      # types.optionSet needs to be transformed into a type constructor
+      # (it has a !!! mark on that in nixpkgs)
+      # for now we hack all this to be
+      type = types.functionTo (types.attrsOf (types.listOf types.string));
+    };
+
+    # !!! isn't there a better way?
+    environment.extraInit = mkOption {
+      default = "";
+      description = ''
+        Shell script code called during global environment initialisation
+        after all variables and profileVariables have been set.
+        This code is asumed to be shell-independent, which means you should
+        stick to pure sh without sh word split.
+      '';
+      type = types.lines;
+    };
+
+    environment.shellInit = mkOption {
+      default = "";
+      description = ''
+        Shell script code called during shell initialisation.
+        This code is asumed to be shell-independent, which means you should
+        stick to pure sh without sh word split.
+      '';
+      type = types.lines;
+    };
+
+    environment.loginShellInit = mkOption {
+      default = "";
+      description = ''
+        Shell script code called during login shell initialisation.
+        This code is asumed to be shell-independent, which means you should
+        stick to pure sh without sh word split.
+      '';
+      type = types.lines;
+    };
+
+    environment.interactiveShellInit = mkOption {
+      default = "";
+      description = ''
+        Shell script code called during interactive shell initialisation.
+        This code is asumed to be shell-independent, which means you should
+        stick to pure sh without sh word split.
+      '';
+      type = types.lines;
+    };
+
+    environment.shellAliases = mkOption {
+      default = {};
+      example = { ll = "ls -l"; };
+      description = ''
+        An attribute set that maps aliases (the top level attribute names in
+        this option) to command strings or directly to build outputs. The
+        aliases are added to all users' shells.
+      '';
+      type = types.attrs; # types.attrsOf types.stringOrPath;
+    };
+
+    environment.binsh = mkOption {
+      default = "${config.system.build.binsh}/bin/sh";
+      example = "\${pkgs.dash}/bin/dash";
+      type = types.path;
+      description = ''
+        The shell executable that is linked system-wide to
+        <literal>/bin/sh</literal>. Please note that NixOS assumes all
+        over the place that shell to be Bash, so override the default
+        setting only if you know exactly what you're doing.
+      '';
+    };
+
+    environment.shells = mkOption {
+      default = [];
+      example = [ "/run/current-system/sw/bin/zsh" ];
+      description = ''
+        A list of permissible login shells for user accounts.
+        No need to mention <literal>/bin/sh</literal>
+        here, it is placed into this list implicitly.
+      '';
+      type = types.listOf types.path;
+    };
+
+  };
+
+  config = {
+
+    system.build.binsh = pkgs.bashInteractive;
+
+    environment.etc."shells".text =
+      ''
+        ${concatStringsSep "\n" cfg.shells}
+        /bin/sh
+      '';
+
+    system.build.setEnvironment = pkgs.writeText "set-environment"
+       ''
+         ${concatStringsSep "\n" (
+           (mapAttrsToList (n: v: ''export ${n}="${concatStringsSep ":" v}"'')
+             # This line is a kind of a hack because of !!! note above
+             (zipAttrsWith (const concatLists) ([ (mapAttrs (n: v: [ v ]) cfg.variables) ] ++ map cfg.profileVariables cfg.profiles))))}
+
+         ${cfg.extraInit}
+
+         # The setuid wrappers override other bin directories.
+         export PATH="${config.security.wrapperDir}:$PATH"
+
+         # ~/bin if it exists overrides other bin directories.
+         export PATH="$HOME/bin:$PATH"
+       '';
+
+    system.activationScripts.binsh = stringAfter [ "stdio" ]
+      ''
+        # Create the required /bin/sh symlink; otherwise lots of things
+        # (notably the system() function) won't work.
+        mkdir -m 0755 -p /bin
+        ln -sfn "${cfg.binsh}" /bin/.sh.tmp
+        mv /bin/.sh.tmp /bin/sh # atomically replace /bin/sh
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix
new file mode 100644
index 000000000000..65d7722abfa7
--- /dev/null
+++ b/nixos/modules/config/swap.nix
@@ -0,0 +1,121 @@
+{ config, pkgs, utils, ... }:
+
+with pkgs.lib;
+with utils;
+
+{
+
+  ###### interface
+
+  options = {
+
+    swapDevices = mkOption {
+      default = [];
+      example = [
+        { device = "/dev/hda7"; }
+        { device = "/var/swapfile"; }
+        { label = "bigswap"; }
+      ];
+      description = ''
+        The swap devices and swap files.  These must have been
+        initialised using <command>mkswap</command>.  Each element
+        should be an attribute set specifying either the path of the
+        swap device or file (<literal>device</literal>) or the label
+        of the swap device (<literal>label</literal>, see
+        <command>mkswap -L</command>).  Using a label is
+        recommended.
+      '';
+
+      type = types.listOf types.optionSet;
+
+      options = {config, options, ...}: {
+
+        options = {
+
+          device = mkOption {
+            example = "/dev/sda3";
+            type = types.str;
+            description = "Path of the device.";
+          };
+
+          label = mkOption {
+            example = "swap";
+            type = types.str;
+            description = ''
+              Label of the device.  Can be used instead of <varname>device</varname>.
+            '';
+          };
+
+          size = mkOption {
+            default = null;
+            example = 2048;
+            type = types.nullOr types.int;
+            description = ''
+              If this option is set, ‘device’ is interpreted as the
+              path of a swapfile that will be created automatically
+              with the indicated size (in megabytes) if it doesn't
+              exist.
+            '';
+          };
+
+          priority = mkOption {
+            default = null;
+            example = 2048;
+            type = types.nullOr types.int;
+            description = ''
+              Specify the priority of the swap device. Priority is a value between 0 and 32767.
+              Higher numbers indicate higher priority.
+              null lets the kernel choose a priority, which will show up as a negative value.
+            '';
+          };
+
+        };
+
+        config = {
+          device = mkIf options.label.isDefined
+            "/dev/disk/by-label/${config.label}";
+        };
+
+      };
+
+    };
+
+  };
+
+  config = mkIf ((length config.swapDevices) != 0) {
+
+    system.requiredKernelConfig = with config.lib.kernelConfig; [
+      (isYes "SWAP")
+    ];
+
+    # Create missing swapfiles.
+    # FIXME: support changing the size of existing swapfiles.
+    systemd.services =
+      let
+
+        createSwapDevice = sw:
+          assert sw.device != "";
+          let device' = escapeSystemdPath sw.device; in
+          nameValuePair "mkswap-${escapeSystemdPath sw.device}"
+          { description = "Initialisation of Swapfile ${sw.device}";
+            wantedBy = [ "${device'}.swap" ];
+            before = [ "${device'}.swap" ];
+            path = [ pkgs.utillinux ];
+            script =
+              ''
+                if [ ! -e "${sw.device}" ]; then
+                  fallocate -l ${toString sw.size}M "${sw.device}" ||
+                    dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size}
+                  mkswap ${sw.device}
+                fi
+              '';
+            unitConfig.RequiresMountsFor = [ "${dirOf sw.device}" ];
+            unitConfig.DefaultDependencies = false; # needed to prevent a cycle
+            serviceConfig.Type = "oneshot";
+          };
+
+      in listToAttrs (map createSwapDevice (filter (sw: sw.size != null) config.swapDevices));
+
+  };
+
+}
diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix
new file mode 100644
index 000000000000..31441bad6157
--- /dev/null
+++ b/nixos/modules/config/sysctl.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  sysctlOption = mkOptionType {
+    name = "sysctl option value";
+    check = x: builtins.isBool x || builtins.isString x || builtins.isInt x;
+    merge = args: defs: (last defs).value; # FIXME: hacky way to allow overriding in configuration.nix.
+  };
+
+in
+
+{
+
+  options = {
+
+    boot.kernel.sysctl = mkOption {
+      default = {};
+      example = {
+        "net.ipv4.tcp_syncookies" = false;
+        "vm.swappiness" = 60;
+      };
+      type = types.attrsOf sysctlOption;
+      description = ''
+        Runtime parameters of the Linux kernel, as set by
+        <citerefentry><refentrytitle>sysctl</refentrytitle>
+        <manvolnum>8</manvolnum></citerefentry>.  Note that sysctl
+        parameters names must be enclosed in quotes
+        (e.g. <literal>"vm.swappiness"</literal> instead of
+        <literal>vm.swappiness</literal>).  The value of each parameter
+        may be a string, integer or Boolean.
+      '';
+    };
+
+  };
+
+  config = {
+
+    environment.etc."sysctl.d/nixos.conf".text =
+      concatStrings (mapAttrsToList (n: v: "${n}=${if v == false then "0" else toString v}\n") config.boot.kernel.sysctl);
+
+    systemd.services.systemd-sysctl =
+      { description = "Apply Kernel Variables";
+        before = [ "sysinit.target" "shutdown.target" ];
+        wantedBy = [ "sysinit.target" "multi-user.target" ];
+        restartTriggers = [ config.environment.etc."sysctl.d/nixos.conf".source ];
+        unitConfig.DefaultDependencies = false; # needed to prevent a cycle
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+          ExecStart = "${config.systemd.package}/lib/systemd/systemd-sysctl";
+        };
+      };
+
+    # Enable hardlink and symlink restrictions.  See
+    # https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
+    # for details.
+    boot.kernel.sysctl."fs.protected_hardlinks" = true;
+    boot.kernel.sysctl."fs.protected_symlinks" = true;
+
+    # Hide kernel pointers (e.g. in /proc/modules) for unprivileged
+    # users as these make it easier to exploit kernel vulnerabilities.
+    boot.kernel.sysctl."kernel.kptr_restrict" = 1;
+
+  };
+
+}
diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix
new file mode 100644
index 000000000000..2f61947c3bcc
--- /dev/null
+++ b/nixos/modules/config/system-path.nix
@@ -0,0 +1,141 @@
+# This module defines the packages that appear in
+# /run/current-system/sw.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  extraManpages = pkgs.runCommand "extra-manpages" { buildInputs = [ pkgs.help2man ]; }
+    ''
+      mkdir -p $out/share/man/man1
+      help2man ${pkgs.gnutar}/bin/tar > $out/share/man/man1/tar.1
+    '';
+
+  requiredPackages =
+    [ config.nix.package
+      pkgs.acl
+      pkgs.attr
+      pkgs.bashInteractive # bash with ncurses support
+      pkgs.bzip2
+      pkgs.coreutils
+      pkgs.cpio
+      pkgs.curl
+      pkgs.diffutils
+      pkgs.eject # HAL depends on it anyway
+      pkgs.findutils
+      pkgs.gawk
+      pkgs.glibc # for ldd, getent
+      pkgs.gnugrep
+      pkgs.gnupatch
+      pkgs.gnused
+      pkgs.gnutar
+      pkgs.gzip
+      pkgs.xz
+      pkgs.less
+      pkgs.libcap
+      pkgs.man
+      pkgs.nano
+      pkgs.ncurses
+      pkgs.netcat
+      pkgs.openssh
+      pkgs.pciutils
+      pkgs.perl
+      pkgs.procps
+      pkgs.rsync
+      pkgs.strace
+      pkgs.sysvtools
+      pkgs.time
+      pkgs.usbutils
+      pkgs.utillinux
+      extraManpages
+    ];
+
+in
+
+{
+  options = {
+
+    environment = {
+
+      systemPackages = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        example = "[ pkgs.icecat3 pkgs.thunderbird ]";
+        description = ''
+          The set of packages that appear in
+          /run/current-system/sw.  These packages are
+          automatically available to all users, and are
+          automatically updated every time you rebuild the system
+          configuration.  (The latter is the main difference with
+          installing them in the default profile,
+          <filename>/nix/var/nix/profiles/default</filename>.
+        '';
+      };
+
+      pathsToLink = mkOption {
+        type = types.listOf types.str;
+        # Note: We need `/lib' to be among `pathsToLink' for NSS modules
+        # to work.
+        default = [];
+        example = ["/"];
+        description = "List of directories to be symlinked in `/run/current-system/sw'.";
+      };
+    };
+
+    system = {
+
+      path = mkOption {
+        internal = true;
+        description = ''
+          The packages you want in the boot environment.
+        '';
+      };
+
+    };
+
+  };
+
+  config = {
+
+    environment.systemPackages = requiredPackages;
+
+    environment.pathsToLink =
+      [ "/bin"
+        "/etc/xdg"
+        "/info"
+        "/lib"
+        "/man"
+        "/sbin"
+        "/share/emacs"
+        "/share/org"
+        "/share/info"
+        "/share/terminfo"
+        "/share/man"
+      ];
+
+    system.path = pkgs.buildEnv {
+      name = "system-path";
+      paths = config.environment.systemPackages;
+      inherit (config.environment) pathsToLink;
+      ignoreCollisions = true;
+      # !!! Hacky, should modularise.
+      postBuild =
+        ''
+          if [ -x $out/bin/update-mime-database -a -w $out/share/mime/packages ]; then
+              XDG_DATA_DIRS=$out/share $out/bin/update-mime-database -V $out/share/mime > /dev/null
+          fi
+
+          if [ -x $out/bin/gtk-update-icon-cache -a -f $out/share/icons/hicolor/index.theme ]; then
+              $out/bin/gtk-update-icon-cache $out/share/icons/hicolor
+          fi
+
+          if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
+              $out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
+          fi
+        '';
+    };
+
+  };
+}
diff --git a/nixos/modules/config/timezone.nix b/nixos/modules/config/timezone.nix
new file mode 100644
index 000000000000..07a76d9ad1fa
--- /dev/null
+++ b/nixos/modules/config/timezone.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+
+    time = {
+
+      timeZone = mkOption {
+        default = "CET";
+        type = types.str;
+        example = "America/New_York";
+        description = "The time zone used when displaying times and dates.";
+      };
+
+      hardwareClockInLocalTime = mkOption {
+        default = false;
+        description = "If set, keep the hardware clock in local time instead of UTC.";
+      };
+
+    };
+  };
+
+  config = {
+
+    environment.variables.TZDIR = "/etc/zoneinfo";
+    environment.variables.TZ = config.time.timeZone;
+
+    environment.etc.localtime.source = "${pkgs.tzdata}/share/zoneinfo/${config.time.timeZone}";
+
+    environment.etc.zoneinfo.source = "${pkgs.tzdata}/share/zoneinfo";
+
+  };
+
+}
diff --git a/nixos/modules/config/unix-odbc-drivers.nix b/nixos/modules/config/unix-odbc-drivers.nix
new file mode 100644
index 000000000000..0f6084690589
--- /dev/null
+++ b/nixos/modules/config/unix-odbc-drivers.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+# unixODBC drivers (this solution is not perfect.. Because the user has to
+# ask the admin to add a driver.. but it's simple and works
+
+{
+  ###### interface
+
+  options = {
+    environment.unixODBCDrivers = mkOption {
+      default = [];
+      example = literalExample "map (x : x.ini) (with pkgs.unixODBCDrivers; [ mysql psql psqlng ] )";
+      description = ''
+        Specifies Unix ODBC drivers to be registered in
+        <filename>/etc/odbcinst.ini</filename>.  You may also want to
+        add <literal>pkgs.unixODBC</literal> to the system path to get
+        a command line client to connnect to ODBC databases.
+      '';
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf (config.environment.unixODBCDrivers != []) {
+
+    environment.etc."odbcinst.ini".text =
+      let inis = config.environment.unixODBCDrivers;
+      in pkgs.lib.concatStringsSep "\n" inis;
+
+  };
+
+}
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix
new file mode 100644
index 000000000000..fb8b0229c1da
--- /dev/null
+++ b/nixos/modules/config/users-groups.nix
@@ -0,0 +1,325 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  ids = config.ids;
+  users = config.users;
+
+  userOpts = { name, config, ... }: {
+
+    options = {
+
+      name = mkOption {
+        type = types.str;
+        description = "The name of the user account. If undefined, the name of the attribute set will be used.";
+      };
+
+      description = mkOption {
+        type = types.str;
+        default = "";
+        example = "Alice Q. User";
+        description = ''
+          A short description of the user account, typically the
+          user's full name.  This is actually the “GECOS” or “comment”
+          field in <filename>/etc/passwd</filename>.
+        '';
+      };
+
+      uid = mkOption {
+        type = with types; uniq (nullOr int);
+        default = null;
+        description = "The account UID. If undefined, NixOS will select a free UID.";
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "nogroup";
+        description = "The user's primary group.";
+      };
+
+      extraGroups = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "The user's auxiliary groups.";
+      };
+
+      home = mkOption {
+        type = types.str;
+        default = "/var/empty";
+        description = "The user's home directory.";
+      };
+
+      shell = mkOption {
+        type = types.str;
+        default = "/run/current-system/sw/sbin/nologin";
+        description = "The path to the user's shell.";
+      };
+
+      createHome = mkOption {
+        type = types.bool;
+        default = false;
+        description = "If true, the home directory will be created automatically.";
+      };
+
+      useDefaultShell = mkOption {
+        type = types.bool;
+        default = false;
+        description = "If true, the user's shell will be set to <literal>users.defaultUserShell</literal>.";
+      };
+
+      password = mkOption {
+        type = with types; uniq (nullOr str);
+        default = null;
+        description = ''
+          The user's password. If undefined, no password is set for
+          the user.  Warning: do not set confidential information here
+          because it is world-readable in the Nix store.  This option
+          should only be used for public accounts such as
+          <literal>guest</literal>.
+        '';
+      };
+
+      isSystemUser = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Indicates if the user is a system user or not.";
+      };
+
+      createUser = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Indicates if the user should be created automatically as a local user.
+          Set this to false if the user for instance is an LDAP user. NixOS will
+          then not modify any of the basic properties for the user account.
+        '';
+      };
+
+      isAlias = mkOption {
+        type = types.bool;
+        default = false;
+        description = "If true, the UID of this user is not required to be unique and can thus alias another user.";
+      };
+
+    };
+
+    config = {
+      name = mkDefault name;
+      uid = mkDefault (attrByPath [name] null ids.uids);
+      shell = mkIf config.useDefaultShell (mkDefault users.defaultUserShell);
+    };
+
+  };
+
+  groupOpts = { name, config, ... }: {
+
+    options = {
+
+      name = mkOption {
+        type = types.str;
+        description = "The name of the group. If undefined, the name of the attribute set will be used.";
+      };
+
+      gid = mkOption {
+        type = with types; uniq (nullOr int);
+        default = null;
+        description = "The GID of the group. If undefined, NixOS will select a free GID.";
+      };
+
+    };
+
+    config = {
+      name = mkDefault name;
+      gid = mkDefault (attrByPath [name] null ids.gids);
+    };
+
+  };
+
+  # Note: the 'X' in front of the password is to distinguish between
+  # having an empty password, and not having a password.
+  serializedUser = u: "${u.name}\n${u.description}\n${if u.uid != null then toString u.uid else ""}\n${u.group}\n${toString (concatStringsSep "," u.extraGroups)}\n${u.home}\n${u.shell}\n${toString u.createHome}\n${if u.password != null then "X" + u.password else ""}\n${toString u.isSystemUser}\n${toString u.createUser}\n${toString u.isAlias}\n";
+
+  usersFile = pkgs.writeText "users" (
+    let
+      p = partition (u: u.isAlias) (attrValues config.users.extraUsers);
+    in concatStrings (map serializedUser p.wrong ++ map serializedUser p.right));
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    users.extraUsers = mkOption {
+      default = {};
+      type = types.loaOf types.optionSet;
+      example = {
+        alice = {
+          uid = 1234;
+          description = "Alice Q. User";
+          home = "/home/alice";
+          createHome = true;
+          group = "users";
+          extraGroups = ["wheel"];
+          shell = "/bin/sh";
+        };
+      };
+      description = ''
+        Additional user accounts to be created automatically by the system.
+        This can also be used to set options for root.
+      '';
+      options = [ userOpts ];
+    };
+
+    users.extraGroups = mkOption {
+      default = {};
+      example =
+        { students.gid = 1001;
+          hackers = { };
+        };
+      type = types.loaOf types.optionSet;
+      description = ''
+        Additional groups to be created automatically by the system.
+      '';
+      options = [ groupOpts ];
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    users.extraUsers = {
+      root = {
+        description = "System administrator";
+        home = "/root";
+        shell = config.users.defaultUserShell;
+        group = "root";
+      };
+      nobody = {
+        description = "Unprivileged account (don't use!)";
+      };
+    };
+
+    users.extraGroups = {
+      root = { };
+      wheel = { };
+      disk = { };
+      kmem = { };
+      tty = { };
+      floppy = { };
+      uucp = { };
+      lp = { };
+      cdrom = { };
+      tape = { };
+      audio = { };
+      video = { };
+      dialout = { };
+      nogroup = { };
+      users = { };
+      nixbld = { };
+      utmp = { };
+      adm = { }; # expected by journald
+    };
+
+    system.activationScripts.rootPasswd = stringAfter [ "etc" ]
+      ''
+        # If there is no password file yet, create a root account with an
+        # empty password.
+        if ! test -e /etc/passwd; then
+            rootHome=/root
+            touch /etc/passwd; chmod 0644 /etc/passwd
+            touch /etc/group; chmod 0644 /etc/group
+            touch /etc/shadow; chmod 0600 /etc/shadow
+            # Can't use useradd, since it complains that it doesn't know us
+            # (bootstrap problem!).
+            echo "root:x:0:0:System administrator:$rootHome:${config.users.defaultUserShell}" >> /etc/passwd
+            echo "root::::::::" >> /etc/shadow
+        fi
+      '';
+
+    system.activationScripts.users = stringAfter [ "groups" ]
+      ''
+        echo "updating users..."
+
+        cat ${usersFile} | while true; do
+            read name || break
+            read description
+            read uid
+            read group
+            read extraGroups
+            read home
+            read shell
+            read createHome
+            read password
+            read isSystemUser
+            read createUser
+            read isAlias
+
+            if [ -z "$createUser" ]; then
+                continue
+            fi
+
+            if ! curEnt=$(getent passwd "$name"); then
+                useradd ''${isSystemUser:+--system} \
+                    --comment "$description" \
+                    ''${uid:+--uid $uid} \
+                    --gid "$group" \
+                    --groups "$extraGroups" \
+                    --home "$home" \
+                    --shell "$shell" \
+                    ''${createHome:+--create-home} \
+                    ''${isAlias:+--non-unique} \
+                    "$name"
+                if test "''${password:0:1}" = 'X'; then
+                    (echo "''${password:1}"; echo "''${password:1}") | ${pkgs.shadow}/bin/passwd "$name"
+                fi
+            else
+                #echo "updating user $name..."
+                oldIFS="$IFS"; IFS=:; set -- $curEnt; IFS="$oldIFS"
+                prevUid=$3
+                prevHome=$6
+                # Don't change the home directory if it's the same to prevent
+                # unnecessary warnings about logged in users.
+                if test "$prevHome" = "$home"; then unset home; fi
+                usermod \
+                    --comment "$description" \
+                    --gid "$group" \
+                    --groups "$extraGroups" \
+                    ''${home:+--home "$home"} \
+                    --shell "$shell" \
+                    "$name"
+            fi
+
+        done
+      '';
+
+    system.activationScripts.groups = stringAfter [ "rootPasswd" "binsh" "etc" "var" ]
+      ''
+        echo "updating groups..."
+
+        createGroup() {
+            name="$1"
+            gid="$2"
+
+            if ! curEnt=$(getent group "$name"); then
+                groupadd --system \
+                    ''${gid:+--gid $gid} \
+                    "$name"
+            fi
+        }
+
+        ${flip concatMapStrings (attrValues config.users.extraGroups) (g: ''
+          createGroup '${g.name}' '${toString g.gid}'
+        '')}
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/hardware/all-firmware.nix b/nixos/modules/hardware/all-firmware.nix
new file mode 100644
index 000000000000..027dd827b4dd
--- /dev/null
+++ b/nixos/modules/hardware/all-firmware.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.enableAllFirmware = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Turn on this option if you want to enable all the firmware shipped with Debian/Ubuntu.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.hardware.enableAllFirmware {
+    hardware.firmware = [ "${pkgs.firmwareLinuxNonfree}/lib/firmware" ];
+  };
+
+}
diff --git a/nixos/modules/hardware/cpu/amd-microcode.nix b/nixos/modules/hardware/cpu/amd-microcode.nix
new file mode 100644
index 000000000000..5720a63834f5
--- /dev/null
+++ b/nixos/modules/hardware/cpu/amd-microcode.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.cpu.amd.updateMicrocode = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Update the CPU microcode for AMD processors.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.hardware.cpu.amd.updateMicrocode {
+    hardware.firmware = [ "${pkgs.amdUcode}/lib/firmware" ];
+    boot.kernelModules = [ "microcode" ];
+  };
+
+}
diff --git a/nixos/modules/hardware/cpu/intel-microcode.nix b/nixos/modules/hardware/cpu/intel-microcode.nix
new file mode 100644
index 000000000000..9046ddf83bbf
--- /dev/null
+++ b/nixos/modules/hardware/cpu/intel-microcode.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.cpu.intel.updateMicrocode = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Update the CPU microcode for Intel processors.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.hardware.cpu.intel.updateMicrocode {
+    hardware.firmware = [ "${pkgs.microcodeIntel}/lib/firmware" ];
+    boot.kernelModules = [ "microcode" ];
+  };
+
+}
diff --git a/nixos/modules/hardware/network/b43.nix b/nixos/modules/hardware/network/b43.nix
new file mode 100644
index 000000000000..8f45bd4d3f1a
--- /dev/null
+++ b/nixos/modules/hardware/network/b43.nix
@@ -0,0 +1,32 @@
+{pkgs, config, ...}:
+
+let kernelVersion = config.boot.kernelPackages.kernel.version; in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableB43Firmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Turn on this option if you want firmware for the NICs supported by the b43 module.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableB43Firmware {
+    assertions = [ {
+      assertion = builtins.lessThan 0 (builtins.compareVersions kernelVersion "3.2");
+      message = "b43 firmware for kernels older than 3.2 not packaged yet!";
+    } ];
+    hardware.firmware = [ pkgs.b43Firmware_5_1_138 ];
+  };
+
+}
diff --git a/nixos/modules/hardware/network/broadcom-43xx.nix b/nixos/modules/hardware/network/broadcom-43xx.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/broadcom-43xx.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-2030.nix b/nixos/modules/hardware/network/intel-2030.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-2030.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-2100bg.nix b/nixos/modules/hardware/network/intel-2100bg.nix
new file mode 100644
index 000000000000..1e0033eb414a
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-2100bg.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableIntel2100BGFirmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Turn on this option if you want firmware for the Intel
+        PRO/Wireless 2100BG to be loaded automatically.  This is
+        required if you want to use this device.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableIntel2100BGFirmware {
+
+    hardware.enableAllFirmware = true;
+
+  };
+
+}
diff --git a/nixos/modules/hardware/network/intel-2200bg.nix b/nixos/modules/hardware/network/intel-2200bg.nix
new file mode 100644
index 000000000000..ae5b69b7981d
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-2200bg.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableIntel2200BGFirmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Turn on this option if you want firmware for the Intel
+        PRO/Wireless 2200BG to be loaded automatically.  This is
+        required if you want to use this device.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableIntel2200BGFirmware {
+
+    hardware.enableAllFirmware = true;
+
+  };
+
+}
diff --git a/nixos/modules/hardware/network/intel-3945abg.nix b/nixos/modules/hardware/network/intel-3945abg.nix
new file mode 100644
index 000000000000..80baf260ab9a
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-3945abg.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableIntel3945ABGFirmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        This option enables automatic loading of the firmware for the Intel
+        PRO/Wireless 3945ABG.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableIntel3945ABGFirmware {
+
+    hardware.enableAllFirmware = true;
+
+  };
+
+}
diff --git a/nixos/modules/hardware/network/intel-4965agn.nix b/nixos/modules/hardware/network/intel-4965agn.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-4965agn.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-5000.nix b/nixos/modules/hardware/network/intel-5000.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-5000.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-5150.nix b/nixos/modules/hardware/network/intel-5150.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-5150.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-6000.nix b/nixos/modules/hardware/network/intel-6000.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-6000.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-6000g2a.nix b/nixos/modules/hardware/network/intel-6000g2a.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-6000g2a.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/intel-6000g2b.nix b/nixos/modules/hardware/network/intel-6000g2b.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/network/intel-6000g2b.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/hardware/network/ralink.nix b/nixos/modules/hardware/network/ralink.nix
new file mode 100644
index 000000000000..92f34d8643bc
--- /dev/null
+++ b/nixos/modules/hardware/network/ralink.nix
@@ -0,0 +1,26 @@
+{pkgs, config, ...}:
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableRalinkFirmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Turn on this option if you want firmware for the RT73 NIC.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableRalinkFirmware {
+    hardware.enableAllFirmware = true;
+  };
+
+}
diff --git a/nixos/modules/hardware/network/rtl8192c.nix b/nixos/modules/hardware/network/rtl8192c.nix
new file mode 100644
index 000000000000..3aefb7bdd608
--- /dev/null
+++ b/nixos/modules/hardware/network/rtl8192c.nix
@@ -0,0 +1,26 @@
+{pkgs, config, ...}:
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.enableRTL8192cFirmware = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Turn on this option if you want firmware for the RTL8192c (and related) NICs.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.networking.enableRTL8192cFirmware {
+    hardware.enableAllFirmware = true;
+  };
+
+}
diff --git a/nixos/modules/hardware/network/smc-2632w/default.nix b/nixos/modules/hardware/network/smc-2632w/default.nix
new file mode 100644
index 000000000000..318131be7493
--- /dev/null
+++ b/nixos/modules/hardware/network/smc-2632w/default.nix
@@ -0,0 +1,9 @@
+{pkgs, config, ...}:
+
+{
+  hardware = {
+    pcmcia = {
+      firmware = [ (pkgs.lib.cleanSource ./firmware) ];
+    };
+  };
+}
diff --git a/nixos/modules/hardware/network/smc-2632w/firmware/cis/SMC2632W-v1.02.cis b/nixos/modules/hardware/network/smc-2632w/firmware/cis/SMC2632W-v1.02.cis
new file mode 100644
index 000000000000..5f13088c3735
--- /dev/null
+++ b/nixos/modules/hardware/network/smc-2632w/firmware/cis/SMC2632W-v1.02.cis
@@ -0,0 +1,8 @@
+  vers_1 5.0, "SMC", "SMC2632W", "Version 01.02", ""
+  manfid 0x0156, 0x0002
+  funcid network_adapter
+  cftable_entry 0x01 [default]
+    Vcc Vmin 3000mV Vmax 3300mV Iavg 300mA Ipeak 300mA
+    Idown 10mA
+    io 0x0000-0x003f [lines=6] [16bit]
+    irq mask 0xffff [level] [pulse]
diff --git a/nixos/modules/hardware/network/zydas-zd1211.nix b/nixos/modules/hardware/network/zydas-zd1211.nix
new file mode 100644
index 000000000000..c8428a7241b1
--- /dev/null
+++ b/nixos/modules/hardware/network/zydas-zd1211.nix
@@ -0,0 +1,5 @@
+{pkgs, config, ...}:
+
+{
+  hardware.firmware = [ pkgs.zd1211fw ];
+}
diff --git a/nixos/modules/hardware/pcmcia.nix b/nixos/modules/hardware/pcmcia.nix
new file mode 100644
index 000000000000..206846567505
--- /dev/null
+++ b/nixos/modules/hardware/pcmcia.nix
@@ -0,0 +1,59 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  pcmciaUtils = pkgs.pcmciaUtils.passthru.function {
+    inherit (config.hardware.pcmcia) firmware config;
+  };
+
+in
+
+
+{
+  ###### interface
+
+  options = {
+
+    hardware.pcmcia = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable this option to support PCMCIA card.
+        '';
+      };
+
+      firmware = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          List of firmware used to handle specific PCMCIA card.
+        '';
+      };
+
+      config = mkOption {
+        default = null;
+        description = ''
+          Path to the configuration file which maps the memory, IRQs
+          and ports used by the PCMCIA hardware.
+        '';
+      };
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf config.hardware.pcmcia.enable {
+
+    boot.kernelModules = [ "pcmcia" ];
+
+    services.udev.packages = [ pcmciaUtils ];
+
+    environment.systemPackages = [ pcmciaUtils ];
+
+  };
+
+}
diff --git a/nixos/modules/hardware/video/encoder/wis-go7007.nix b/nixos/modules/hardware/video/encoder/wis-go7007.nix
new file mode 100644
index 000000000000..c0eb2b814b33
--- /dev/null
+++ b/nixos/modules/hardware/video/encoder/wis-go7007.nix
@@ -0,0 +1,15 @@
+{pkgs, config, ...}:
+
+let
+  wis_go7007 = config.boot.kernelPackages.wis_go7007;
+in
+
+{
+  boot.extraModulePackages = [wis_go7007];
+
+  environment.systemPackages = [wis_go7007];
+
+  hardware.firmware = ["${wis_go7007}/firmware"];
+
+  services.udev.packages = [wis_go7007];
+}
diff --git a/nixos/modules/hardware/video/radeon.nix b/nixos/modules/hardware/video/radeon.nix
new file mode 100644
index 000000000000..8fecdae36bf2
--- /dev/null
+++ b/nixos/modules/hardware/video/radeon.nix
@@ -0,0 +1,3 @@
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/installer/cd-dvd/channel.nix b/nixos/modules/installer/cd-dvd/channel.nix
new file mode 100644
index 000000000000..bcf3dbb3f735
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/channel.nix
@@ -0,0 +1,44 @@
+# Provide an initial copy of the NixOS channel so that the user
+# doesn't need to run "nix-channel --update" first.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  # We need a copy of the Nix expressions for Nixpkgs and NixOS on the
+  # CD.  These are installed into the "nixos" channel of the root
+  # user, as expected by nixos-rebuild/nixos-install.
+  channelSources = pkgs.runCommand "nixos-${config.system.nixosVersion}"
+    { expr = builtins.readFile ../../../lib/channel-expr.nix; }
+    ''
+      mkdir -p $out/nixos
+      cp -prd ${pkgs.path} $out/nixos/nixpkgs
+      ln -s nixpkgs/nixos $out/nixos/nixos
+      chmod -R u+w $out/nixos
+      rm -rf $out/nixos/nixpkgs/.git
+      echo -n ${config.system.nixosVersion} > $out/nixos/nixpkgs/.version
+      echo -n "" > $out/nixos/nixpkgs/.version-suffix
+      echo "$expr" > $out/nixos/default.nix
+    '';
+
+in
+
+{
+  # Provide the NixOS/Nixpkgs sources in /etc/nixos.  This is required
+  # for nixos-install.
+  boot.postBootCommands =
+    ''
+      if ! [ -e /var/lib/nixos/did-channel-init ]; then
+        echo "unpacking the NixOS/Nixpkgs sources..."
+        mkdir -p /nix/var/nix/profiles/per-user/root
+        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/per-user/root/channels \
+          -i ${channelSources} --quiet --option use-substitutes false
+        mkdir -m 0700 -p /root/.nix-defexpr
+        ln -s /nix/var/nix/profiles/per-user/root/channels /root/.nix-defexpr/channels
+        mkdir -m 0755 -p /var/lib/nixos
+        touch /var/lib/nixos/did-channel-init
+      fi
+    '';
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-base.nix b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
new file mode 100644
index 000000000000..999871ab074f
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-base.nix
@@ -0,0 +1,37 @@
+# This module contains the basic configuration for building a NixOS
+# installation CD.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  imports =
+    [ ./channel.nix
+      ./iso-image.nix
+
+      # Profiles of this basic installation CD.
+      ../../profiles/all-hardware.nix
+      ../../profiles/base.nix
+      ../../profiles/installation-device.nix
+    ];
+
+  # ISO naming.
+  isoImage.isoName = "${config.isoImage.isoBaseName}-${config.system.nixosVersion}-${pkgs.stdenv.system}.iso";
+
+  isoImage.volumeID = substring 0 32 "NIXOS_${config.system.nixosVersion}";
+
+  # Make the installer more likely to succeed in low memory
+  # environments.  The kernel's overcommit heustistics bite us
+  # fairly often, preventing processes such as nix-worker or
+  # download-using-manifests.pl from forking even if there is
+  # plenty of free memory.
+  boot.kernel.sysctl."vm.overcommit_memory" = "1";
+
+  # To speed up installation a little bit, include the complete stdenv
+  # in the Nix store on the CD.
+  isoImage.storeContents = [ pkgs.stdenv pkgs.busybox ];
+
+  # Add Memtest86+ to the CD.
+  boot.loader.grub.memtest86 = true;
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-efi.nix b/nixos/modules/installer/cd-dvd/installation-cd-efi.nix
new file mode 100644
index 000000000000..4aa788feeae5
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-efi.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+{
+  # Move into base image once using 3.10 or later
+
+  require = [ ./installation-cd-minimal.nix ];
+
+  boot.kernelPackages = pkgs.linuxPackages_3_10;
+
+  # Get a console as soon as the initrd loads fbcon on EFI boot
+  boot.initrd.kernelModules = [ "fbcon" ];
+
+  isoImage.makeEfiBootable = true;
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-graphical.nix b/nixos/modules/installer/cd-dvd/installation-cd-graphical.nix
new file mode 100644
index 000000000000..debf3e7db906
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-graphical.nix
@@ -0,0 +1,30 @@
+# This module defines a NixOS installation CD that contains X11 and
+# KDE 4.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  imports = [ ./installation-cd-base.nix ../../profiles/graphical.nix ];
+
+  # Provide wicd for easy wireless configuration.
+  #networking.wicd.enable = true;
+
+  # KDE complains if power management is disabled (to be precise, if
+  # there is no power management backend such as upower).
+  powerManagement.enable = true;
+
+  # Don't start the X server by default.
+  services.xserver.autorun = mkForce false;
+
+  # Auto-login as root.
+  services.xserver.displayManager.kdm.extraConfig =
+    ''
+      [X-*-Core]
+      AllowRootLogin=true
+      AutoLoginEnable=true
+      AutoLoginUser=root
+      AutoLoginPass=""
+    '';
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
new file mode 100644
index 000000000000..38d02ffd1625
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [ ./installation-cd-minimal.nix ];
+
+  boot.kernelPackages = pkgs.linuxPackages_3_10;
+  boot.vesa = false;
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix b/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
new file mode 100644
index 000000000000..a7498906a86b
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix
@@ -0,0 +1,11 @@
+# This module defines a small NixOS installation CD.  It does not
+# contain any graphical stuff.
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ ./installation-cd-base.nix
+      ../../profiles/minimal.nix
+    ];
+}
diff --git a/nixos/modules/installer/cd-dvd/installation-cd-new-kernel.nix b/nixos/modules/installer/cd-dvd/installation-cd-new-kernel.nix
new file mode 100644
index 000000000000..93bcbf00b258
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/installation-cd-new-kernel.nix
@@ -0,0 +1,8 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [ ./installation-cd-graphical.nix ];
+
+  boot.kernelPackages = pkgs.linuxPackages_3_10;
+  boot.vesa = false;
+}
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
new file mode 100644
index 000000000000..b803a3f188b9
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -0,0 +1,315 @@
+# This module creates a bootable ISO image containing the given NixOS
+# configuration.  The derivation for the ISO image will be placed in
+# config.system.build.isoImage.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  # The Grub image.
+  grubImage = pkgs.runCommand "grub_eltorito" {}
+    ''
+      ${pkgs.grub2}/bin/grub-mkimage -O i386-pc -o tmp biosdisk iso9660 help linux linux16 chain png jpeg echo gfxmenu reboot
+      cat ${pkgs.grub2}/lib/grub/*/cdboot.img tmp > $out
+    ''; # */
+
+
+  # The configuration file for Grub.
+  grubCfg =
+    ''
+      set default=${builtins.toString config.boot.loader.grub.default}
+      set timeout=${builtins.toString config.boot.loader.grub.timeout}
+
+      if loadfont /boot/grub/unicode.pf2; then
+        set gfxmode=640x480
+        insmod gfxterm
+        insmod vbe
+        terminal_output gfxterm
+
+        insmod png
+        if background_image /boot/grub/splash.png; then
+          set color_normal=white/black
+          set color_highlight=black/white
+        else
+          set menu_color_normal=cyan/blue
+          set menu_color_highlight=white/blue
+        fi
+
+      fi
+
+      ${config.boot.loader.grub.extraEntries}
+    '';
+
+
+  # The efi boot image
+  efiImg = pkgs.runCommand "efi-image_eltorito" { buildInputs = [ pkgs.mtools ]; }
+    ''
+      #Let's hope 10M is enough
+      dd bs=2048 count=5120 if=/dev/zero of="$out"
+      ${pkgs.dosfstools}/sbin/mkfs.vfat "$out"
+      mmd -i "$out" efi
+      mmd -i "$out" efi/boot
+      mmd -i "$out" efi/nixos
+      mmd -i "$out" loader
+      mmd -i "$out" loader/entries
+      mcopy -v -i "$out" \
+        ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi \
+        ::efi/boot/boot${targetArch}.efi
+      mcopy -v -i "$out" \
+        ${config.boot.kernelPackages.kernel}/bzImage ::bzImage
+      mcopy -v -i "$out" \
+        ${config.system.build.initialRamdisk}/initrd ::efi/nixos/initrd
+      echo "title NixOS LiveCD" > boot-params
+      echo "linux /bzImage" >> boot-params
+      echo "initrd /efi/nixos/initrd" >> boot-params
+      echo "options init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}" >> boot-params
+      mcopy -v -i "$out" boot-params ::loader/entries/nixos-livecd.conf
+      echo "default nixos-livecd" > boot-params
+      echo "timeout 5" >> boot-params
+      mcopy -v -i "$out" boot-params ::loader/loader.conf
+    '';
+
+  targetArch = if pkgs.stdenv.isi686 then
+    "ia32"
+  else if pkgs.stdenv.isx86_64 then
+    "x64"
+  else
+    throw "Unsupported architecture";
+
+in
+
+{
+  options = {
+
+    isoImage.isoName = mkOption {
+      default = "${config.isoImage.isoName}.iso";
+      description = ''
+        Name of the generated ISO image file.
+      '';
+    };
+
+    isoImage.isoBaseName = mkOption {
+      default = "nixos";
+      description = ''
+        Prefix of the name of the generated ISO image file.
+      '';
+    };
+
+    isoImage.compressImage = mkOption {
+      default = false;
+      description = ''
+        Whether the ISO image should be compressed using
+        <command>bzip2</command>.
+      '';
+    };
+
+    isoImage.volumeID = mkOption {
+      default = "NIXOS_BOOT_CD";
+      description = ''
+        Specifies the label or volume ID of the generated ISO image.
+        Note that the label is used by stage 1 of the boot process to
+        mount the CD, so it should be reasonably distinctive.
+      '';
+    };
+
+    isoImage.contents = mkOption {
+      example =
+        [ { source = pkgs.memtest86 + "/memtest.bin";
+            target = "boot/memtest.bin";
+          }
+        ];
+      description = ''
+        This option lists files to be copied to fixed locations in the
+        generated ISO image.
+      '';
+    };
+
+    isoImage.storeContents = mkOption {
+      example = [pkgs.stdenv];
+      description = ''
+        This option lists additional derivations to be included in the
+        Nix store in the generated ISO image.
+      '';
+    };
+
+    isoImage.includeSystemBuildDependencies = mkOption {
+      default = false;
+      example = true;
+      description = ''
+        Set this option to include all the needed sources etc in the
+        image. It significantly increases image size. Use that when
+        you want to be able to keep all the sources needed to build your
+        system or when you are going to install the system on a computer
+        with slow on non-existent network connection.
+      '';
+    };
+
+    isoImage.makeEfiBootable = mkOption {
+      default = false;
+      description = ''
+        Whether the ISO image should be an efi-bootable volume.
+      '';
+    };
+
+
+  };
+
+
+  config = {
+
+    boot.loader.grub.version = 2;
+
+    # Don't build the GRUB menu builder script, since we don't need it
+    # here and it causes a cyclic dependency.
+    boot.loader.grub.enable = false;
+
+    # !!! Hack - attributes expected by other modules.
+    system.boot.loader.kernelFile = "bzImage";
+    environment.systemPackages = [ pkgs.grub2 ];
+
+    # In stage 1 of the boot, mount the CD as the root FS by label so
+    # that we don't need to know its device.  We pass the label of the
+    # root filesystem on the kernel command line, rather than in
+    # `fileSystems' below.  This allows CD-to-USB converters such as
+    # UNetbootin to rewrite the kernel command line to pass the label or
+    # UUID of the USB stick.  It would be nicer to write
+    # `root=/dev/disk/by-label/...' here, but UNetbootin doesn't
+    # recognise that.
+    boot.kernelParams = [ "root=LABEL=${config.isoImage.volumeID}" ];
+
+    # Note that /dev/root is a symlink to the actual root device
+    # specified on the kernel command line, created in the stage 1 init
+    # script.
+    fileSystems."/".device = "/dev/root";
+
+    fileSystems."/nix/store" =
+      { fsType = "squashfs";
+        device = "/nix-store.squashfs";
+        options = "loop";
+      };
+
+    boot.initrd.availableKernelModules = [ "squashfs" "iso9660" ];
+
+    boot.initrd.kernelModules = [ "loop" ];
+
+    # In stage 1, mount a tmpfs on top of / (the ISO image) and
+    # /nix/store (the squashfs image) to make this a live CD.
+    boot.initrd.postMountCommands =
+      ''
+        mkdir -p /unionfs-chroot/ro-root
+        mount --rbind $targetRoot /unionfs-chroot/ro-root
+
+        mkdir /unionfs-chroot/rw-root
+        mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-root
+        mkdir /mnt-root-union
+        unionfs -o allow_other,cow,chroot=/unionfs-chroot,max_files=32768 /rw-root=RW:/ro-root=RO /mnt-root-union
+        oldTargetRoot=$targetRoot
+        targetRoot=/mnt-root-union
+
+        mkdir /unionfs-chroot/rw-store
+        mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
+        mkdir -p $oldTargetRoot/nix/store
+        unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-store=RW:/ro-root/nix/store=RO /mnt-root-union/nix/store
+      '';
+
+    # Closures to be copied to the Nix store on the CD, namely the init
+    # script and the top-level system configuration directory.
+    isoImage.storeContents =
+      [ config.system.build.toplevel ] ++
+      optional config.isoImage.includeSystemBuildDependencies
+        config.system.build.toplevel.drvPath;
+
+    # Create the squashfs image that contains the Nix store.
+    system.build.squashfsStore = import ../../../lib/make-squashfs.nix {
+      inherit (pkgs) stdenv squashfsTools perl pathsFromGraph;
+      storeContents = config.isoImage.storeContents;
+    };
+
+    # Individual files to be included on the CD, outside of the Nix
+    # store on the CD.
+    isoImage.contents =
+      [ { source = grubImage;
+          target = "/boot/grub/grub_eltorito";
+        }
+        { source = pkgs.substituteAll  {
+            name = "grub.cfg";
+            src = pkgs.writeText "grub.cfg-in" grubCfg;
+            bootRoot = "/boot";
+          };
+          target = "/boot/grub/grub.cfg";
+        }
+        { source = config.boot.kernelPackages.kernel + "/bzImage";
+          target = "/boot/bzImage";
+        }
+        { source = config.system.build.initialRamdisk + "/initrd";
+          target = "/boot/initrd";
+        }
+        { source = "${pkgs.grub2}/share/grub/unicode.pf2";
+          target = "/boot/grub/unicode.pf2";
+        }
+        { source = config.boot.loader.grub.splashImage;
+          target = "/boot/grub/splash.png";
+        }
+        { source = config.system.build.squashfsStore;
+          target = "/nix-store.squashfs";
+        }
+        { # Quick hack: need a mount point for the store.
+          source = pkgs.runCommand "empty" {} "mkdir -p $out";
+          target = "/nix/store";
+        }
+      ] ++ optionals config.isoImage.makeEfiBootable [
+        { source = efiImg;
+          target = "/boot/efi.img";
+        }
+      ] ++ mapAttrsToList (n: v: { source = v; target = "/boot/${n}"; }) config.boot.loader.grub.extraFiles;
+
+    # The Grub menu.
+    boot.loader.grub.extraEntries =
+      ''
+        menuentry "NixOS ${config.system.nixosVersion} Installer" {
+          linux /boot/bzImage init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
+          initrd /boot/initrd
+        }
+
+        menuentry "Boot from hard disk" {
+          set root=(hd0)
+          chainloader +1
+        }
+      '';
+
+    boot.loader.grub.timeout = 10;
+
+    # Create the ISO image.
+    system.build.isoImage = import ../../../lib/make-iso9660-image.nix ({
+      inherit (pkgs) stdenv perl cdrkit pathsFromGraph;
+
+      inherit (config.isoImage) isoName compressImage volumeID contents;
+
+      bootable = true;
+      bootImage = "/boot/grub/grub_eltorito";
+    } // optionalAttrs config.isoImage.makeEfiBootable {
+      efiBootable = true;
+      efiBootImage = "boot/efi.img";
+    });
+
+    boot.postBootCommands =
+      ''
+        # After booting, register the contents of the Nix store on the
+        # CD in the Nix database in the tmpfs.
+        ${config.nix.package}/bin/nix-store --load-db < /nix/store/nix-path-registration
+
+        # nixos-rebuild also requires a "system" profile and an
+        # /etc/NIXOS tag.
+        touch /etc/NIXOS
+        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+      '';
+
+    # Add vfat support to the initrd to enable people to copy the
+    # contents of the CD to a bootable USB stick. Need unionfs-fuse for union mounts
+    boot.initrd.supportedFilesystems = [ "vfat" "unionfs-fuse" ];
+
+  };
+
+}
diff --git a/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
new file mode 100644
index 000000000000..13ed95d4cebd
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/system-tarball-fuloong2f.nix
@@ -0,0 +1,164 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  # A dummy /etc/nixos/configuration.nix in the booted CD that
+  # rebuilds the CD's configuration (and allows the configuration to
+  # be modified, of course, providing a true live CD).  Problem is
+  # that we don't really know how the CD was built - the Nix
+  # expression language doesn't allow us to query the expression being
+  # evaluated.  So we'll just hope for the best.
+  dummyConfiguration = pkgs.writeText "configuration.nix"
+    ''
+      { config, pkgs, ... }:
+
+      { # Add your own options below, e.g.:
+        #   services.openssh.enable = true;
+        nixpkgs.config.platform = pkgs.platforms.fuloong2f_n32;
+      }
+    '';
+
+
+  pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
+
+  # A clue for the kernel loading
+  kernelParams = pkgs.writeText "kernel-params.txt" ''
+    Kernel Parameters:
+      init=/boot/init systemConfig=/boot/init ${toString config.boot.kernelParams}
+  '';
+
+  # System wide nixpkgs config
+  nixpkgsUserConfig = pkgs.writeText "config.nix" ''
+    pkgs:
+    {
+      platform = pkgs.platforms.fuloong2f_n32;
+    }
+  '';
+
+in
+
+{
+  imports = [ ./system-tarball.nix ];
+
+  # Disable some other stuff we don't need.
+  security.sudo.enable = false;
+
+  # Include only the en_US locale.  This saves 75 MiB or so compared to
+  # the full glibcLocales package.
+  i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
+
+  # Include some utilities that are useful for installing or repairing
+  # the system.
+  environment.systemPackages =
+    [ pkgs.subversion # for nixos-checkout
+      pkgs.w3m # needed for the manual anyway
+      pkgs.testdisk # useful for repairing boot problems
+      pkgs.mssys # for writing Microsoft boot sectors / MBRs
+      pkgs.parted
+      pkgs.ddrescue
+      pkgs.ccrypt
+      pkgs.cryptsetup # needed for dm-crypt volumes
+
+      # Some networking tools.
+      pkgs.sshfsFuse
+      pkgs.socat
+      pkgs.screen
+      pkgs.wpa_supplicant # !!! should use the wpa module
+
+      # Hardware-related tools.
+      pkgs.sdparm
+      pkgs.hdparm
+      pkgs.dmraid
+
+      # Tools to create / manipulate filesystems.
+      pkgs.ntfsprogs # for resizing NTFS partitions
+      pkgs.btrfsProgs
+      pkgs.jfsutils
+      pkgs.jfsrec
+
+      # Some compression/archiver tools.
+      pkgs.unrar
+      pkgs.unzip
+      pkgs.zip
+      pkgs.xz
+      pkgs.dar # disk archiver
+
+      # Some editors.
+      pkgs.nvi
+      pkgs.bvi # binary editor
+      pkgs.joe
+    ];
+
+  # The initrd has to contain any module that might be necessary for
+  # mounting the CD/DVD.
+  boot.initrd.availableKernelModules =
+    [ "vfat" "reiserfs" ];
+
+  boot.kernelPackages = pkgs.linuxPackages_3_10;
+  boot.kernelParams = [ "console=tty1" ];
+
+  boot.postBootCommands =
+    ''
+      mkdir -p /mnt
+
+      cp ${dummyConfiguration} /etc/nixos/configuration.nix
+    '';
+
+  # Some more help text.
+  services.mingetty.helpLine =
+    ''
+
+      Log in as "root" with an empty password.  ${
+        if config.services.xserver.enable then
+          "Type `start xserver' to start\nthe graphical user interface."
+        else ""
+      }
+    '';
+
+  # Include the firmware for various wireless cards.
+  networking.enableRalinkFirmware = true;
+  networking.enableIntel2200BGFirmware = true;
+
+  # To speed up further installation of packages, include the complete stdenv
+  # in the Nix store of the tarball.
+  tarball.storeContents = pkgs2storeContents [ pkgs.stdenv ]
+    ++ [
+      {
+        object = config.system.build.bootStage2;
+        symlink = "/boot/init";
+      }
+      {
+        object = config.system.build.toplevel;
+        symlink = "/boot/system";
+      }
+    ];
+
+  tarball.contents = [
+    { source = kernelParams;
+      target = "/kernelparams.txt";
+    }
+    { source = config.boot.kernelPackages.kernel + "/" + config.system.boot.loader.kernelFile;
+      target = "/boot/" + config.system.boot.loader.kernelFile;
+    }
+    { source = nixpkgsUserConfig;
+      target = "/root/.nixpkgs/config.nix";
+    }
+  ];
+
+  # Allow sshd to be started manually through "start sshd".  It should
+  # not be started by default on the installation CD because the
+  # default root password is empty.
+  services.openssh.enable = true;
+
+  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+
+  boot.loader.grub.enable = false;
+  boot.loader.generationsDir.enable = false;
+  system.boot.loader.kernelFile = "vmlinux";
+
+  nixpkgs.config = {
+    platform = pkgs.platforms.fuloong2f_n32;
+  };
+}
diff --git a/nixos/modules/installer/cd-dvd/system-tarball-pc-readme.txt b/nixos/modules/installer/cd-dvd/system-tarball-pc-readme.txt
new file mode 100644
index 000000000000..8f0a8d355c6e
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/system-tarball-pc-readme.txt
@@ -0,0 +1,89 @@
+Let all the files in the system tarball sit in a directory served by NFS (the
+NFS root) like this in exportfs:
+  /home/pcroot    192.168.1.0/24(rw,no_root_squash,no_all_squash)
+
+Run "exportfs -a" after editing /etc/exportfs, for the nfs server to be aware
+of the changes.
+
+Use a tftp server serving the root of boot/ (from the system tarball).
+
+In order to have PXE boot, use the boot/dhcpd.conf-example file for your dhcpd
+server, as it will point your PXE clients to pxelinux.0 from the tftp server.
+Adapt the configuration to your network.
+
+Adapt the pxelinux configuration (boot/pxelinux.cfg/default) to set the path to
+your nfrroot. If you use ip=dhcp in the kernel, the nfs server ip will be taken
+from dhcp and so you don't have to specify it.
+
+The linux in bzImage includes network drivers for some usual cards.
+
+
+QEMU Testing
+---------------
+
+You can test qemu pxe boot without having a DHCP server adapted, but having
+nfsroot, like this:
+  qemu-system-x86_64 -tftp /home/pcroot/boot -net nic -net user,bootfile=pxelinux.0 -boot n
+
+I don't know how to use NFS through the qemu '-net user' though.
+
+
+QEMU Testing with NFS root and bridged network
+-------------------------------------------------
+
+This allows testing with qemu as any other host in your LAN.
+
+Testing with the real dhcpd server requires setting up a bridge and having a
+tap device.
+  tunctl -t tap0
+  brctl addbr br0
+  brctl addif br0 eth0
+  brctl addif tap0 eth0
+  ifconfig eth0 0.0.0.0 up
+  ifconfig tap0 0.0.0.0 up
+  ifconfig br0 up # With your ip configuration
+
+Then you can run qemu:
+  qemu-system-x86_64 -boot n -net tap,ifname=tap0,script=no -net nic,model=e1000
+
+
+Using the system-tarball-pc in a chroot
+--------------------------------------------------
+
+Installation:
+  mkdir nixos-chroot && cd nixos-chroot
+  tar xf your-system-tarball.tar.xz
+  mkdir sys dev proc tmp root var run
+  mount --bind /sys sys
+  mount --bind /dev dev
+  mount --bind /proc proc
+
+Activate the system: look for a directory in nix/store similar to:
+    "/nix/store/y0d1lcj9fppli0hl3x0m0ba5g1ndjv2j-nixos-feb97bx-53f008"
+Having found it, activate that nixos system *twice*:
+  chroot . /nix/store/SOMETHING-nixos-SOMETHING/activate
+  chroot . /nix/store/SOMETHING-nixos-SOMETHING/activate
+  
+This runs a 'hostname' command. Restore your old hostname with:
+  hostname OLDHOSTNAME
+
+Copy your system resolv.conf to the /etc/resolv.conf inside the chroot:
+  cp /etc/resolv.conf etc
+
+Then you can get an interactive shell in the nixos chroot. '*' means
+to run inside the chroot interactive shell
+  chroot . /bin/sh
+*  source /etc/profile
+
+Populate the nix database: that should be done in the init script if you
+had booted this nixos. Run:
+*  `grep local-cmds run/current-system/init`
+
+Then you can proceed normally subscribing to a nixos channel:
+  nix-channel --add http://nixos.org/channels/nixos-unstable
+  nix-channel --update
+
+Testing:
+  nix-env -i hello
+  which hello
+  hello
diff --git a/nixos/modules/installer/cd-dvd/system-tarball-pc.nix b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
new file mode 100644
index 000000000000..fcb96f7a24fe
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
@@ -0,0 +1,164 @@
+# This module contains the basic configuration for building a NixOS
+# tarball, that can directly boot, maybe using PXE or unpacking on a fs.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
+
+  # For PXE kernel loading
+  pxeconfig = pkgs.writeText "pxeconfig-default" ''
+    default menu.c32
+    prompt 0
+
+    label bootlocal
+      menu default
+      localboot 0
+      timeout 80
+      TOTALTIMEOUT 9000
+
+    label nixos
+      MENU LABEL ^NixOS using nfsroot
+      KERNEL bzImage
+      append ip=dhcp nfsroot=/home/pcroot systemConfig=${config.system.build.toplevel} init=${config.system.build.toplevel}/init rw
+
+    # I don't know how to make this boot with nfsroot (using the initrd)
+    label nixos_initrd
+      MENU LABEL NixOS booting the poor ^initrd.
+      KERNEL bzImage
+      append initrd=initrd ip=dhcp nfsroot=/home/pcroot systemConfig=${config.system.build.toplevel} init=${config.system.build.toplevel}/init rw
+
+    label memtest
+      MENU LABEL ^${pkgs.memtest86.name}
+      KERNEL memtest
+  '';
+
+  dhcpdExampleConfig = pkgs.writeText "dhcpd.conf-example" ''
+    # Example configuration for booting PXE.
+    allow booting;
+    allow bootp;
+
+    # Adapt this to your network configuration.
+    option domain-name "local";
+    option subnet-mask 255.255.255.0;
+    option broadcast-address 192.168.1.255;
+    option domain-name-servers 192.168.1.1;
+    option routers 192.168.1.1;
+
+    # PXE-specific configuration directives...
+    # Some BIOS don't accept slashes for paths inside the tftp servers,
+    # and will report Access Violation if they see slashes.
+    filename "pxelinux.0";
+    # For the TFTP and NFS root server. Set the IP of your server.
+    next-server 192.168.1.34;
+
+    subnet 192.168.1.0 netmask 255.255.255.0 {
+      range 192.168.1.50 192.168.1.55;
+    }
+  '';
+
+  readme = ./system-tarball-pc-readme.txt;
+
+in
+
+{
+  imports =
+    [ ./system-tarball.nix
+
+      # Profiles of this basic installation.
+      ../../profiles/all-hardware.nix
+      ../../profiles/base.nix
+      ../../profiles/installation-device.nix
+    ];
+
+  # To speed up further installation of packages, include the complete stdenv
+  # in the Nix store of the tarball.
+  tarball.storeContents = pkgs2storeContents [ pkgs.stdenv ];
+
+  tarball.contents =
+    [ { source = config.boot.kernelPackages.kernel + "/" + config.system.boot.loader.kernelFile;
+        target = "/boot/" + config.system.boot.loader.kernelFile;
+      }
+      { source = "${pkgs.syslinux}/share/syslinux/pxelinux.0";
+        target = "/boot/pxelinux.0";
+      }
+      { source = "${pkgs.syslinux}/share/syslinux/menu.c32";
+        target = "/boot/menu.c32";
+      }
+      { source = pxeconfig;
+        target = "/boot/pxelinux.cfg/default";
+      }
+      { source = readme;
+        target = "/readme.txt";
+      }
+      { source = dhcpdExampleConfig;
+        target = "/boot/dhcpd.conf-example";
+      }
+      { source = "${pkgs.memtest86}/memtest.bin";
+        # We can't leave '.bin', because pxelinux interprets this specially,
+        # and it would not load the image fine.
+        # http://forum.canardpc.com/threads/46464-0104-when-launched-via-pxe
+        target = "/boot/memtest";
+      }
+    ];
+
+  # Allow sshd to be started manually through "start sshd".  It should
+  # not be started by default on the installation CD because the
+  # default root password is empty.
+  services.openssh.enable = true;
+  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+
+  # To be able to use the systemTarball to catch troubles.
+  boot.crashDump = {
+    enable = true;
+    kernelPackages = pkgs.linuxPackages_3_4;
+  };
+
+  # No grub for the tarball.
+  boot.loader.grub.enable = false;
+
+  /* fake entry, just to have a happy stage-1. Users
+     may boot without having stage-1 though */
+  fileSystems = [
+    { mountPoint = "/";
+      device = "/dev/something";
+      }
+  ];
+
+  nixpkgs.config = {
+    packageOverrides = p: rec {
+      linux_3_4 = p.linux_3_4.override {
+        extraConfig = ''
+          # Enable drivers in kernel for most NICs.
+          E1000 y
+          # E1000E y
+          # ATH5K y
+          8139TOO y
+          NE2K_PCI y
+          ATL1 y
+          ATL1E y
+          ATL1C y
+          VORTEX y
+          VIA_RHINE y
+          R8169 y
+
+          # Enable nfs root boot
+          UNIX y # http://www.linux-mips.org/archives/linux-mips/2006-11/msg00113.html
+          IP_PNP y
+          IP_PNP_DHCP y
+          FSCACHE y
+          NFS_FS y
+          NFS_FSCACHE y
+          ROOT_NFS y
+
+          # Enable devtmpfs
+          DEVTMPFS y
+          DEVTMPFS_MOUNT y
+        '';
+      };
+    };
+  };
+}
diff --git a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
new file mode 100644
index 000000000000..7f253d595dc3
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
@@ -0,0 +1,176 @@
+# This module contains the basic configuration for building a NixOS
+# tarball for the sheevaplug.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  # A dummy /etc/nixos/configuration.nix in the booted CD that
+  # rebuilds the CD's configuration (and allows the configuration to
+  # be modified, of course, providing a true live CD).  Problem is
+  # that we don't really know how the CD was built - the Nix
+  # expression language doesn't allow us to query the expression being
+  # evaluated.  So we'll just hope for the best.
+  dummyConfiguration = pkgs.writeText "configuration.nix"
+    ''
+      { config, pkgs, ... }:
+
+      {
+        # Add your own options below and run "nixos-rebuild switch".
+        # E.g.,
+        #   services.openssh.enable = true;
+      }
+    '';
+
+
+  pkgs2storeContents = l : map (x: { object = x; symlink = "none"; }) l;
+
+  # A clue for the kernel loading
+  kernelParams = pkgs.writeText "kernel-params.txt" ''
+    Kernel Parameters:
+      init=${config.system.build.toplevel}/init ${toString config.boot.kernelParams}
+  '';
+
+
+in
+
+{
+  imports = [ ./system-tarball.nix ];
+
+  # Disable some other stuff we don't need.
+  security.sudo.enable = false;
+
+  # Include only the en_US locale.  This saves 75 MiB or so compared to
+  # the full glibcLocales package.
+  i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
+
+  # Include some utilities that are useful for installing or repairing
+  # the system.
+  environment.systemPackages =
+    [ pkgs.subversion # for nixos-checkout
+      pkgs.w3m # needed for the manual anyway
+      pkgs.ddrescue
+      pkgs.ccrypt
+      pkgs.cryptsetup # needed for dm-crypt volumes
+
+      # Some networking tools.
+      pkgs.sshfsFuse
+      pkgs.socat
+      pkgs.screen
+      pkgs.wpa_supplicant # !!! should use the wpa module
+
+      # Hardware-related tools.
+      pkgs.sdparm
+      pkgs.hdparm
+      pkgs.dmraid
+
+      # Tools to create / manipulate filesystems.
+      pkgs.btrfsProgs
+
+      # Some compression/archiver tools.
+      pkgs.unrar
+      pkgs.unzip
+      pkgs.zip
+      pkgs.xz
+      pkgs.dar # disk archiver
+
+      # Some editors.
+      pkgs.nvi
+      pkgs.bvi # binary editor
+      pkgs.joe
+    ];
+
+  boot.loader.grub.enable = false;
+  boot.loader.generationsDir.enable = false;
+  system.boot.loader.kernelFile = "uImage";
+
+  boot.initrd.availableKernelModules =
+    [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ums-cypress" "rtc_mv"
+      "ext4" ];
+
+  boot.postBootCommands =
+    ''
+      mkdir -p /mnt
+
+      cp ${dummyConfiguration} /etc/nixos/configuration.nix
+    '';
+
+  boot.initrd.extraUtilsCommands =
+    ''
+      cp ${pkgs.utillinux}/sbin/hwclock $out/bin
+    '';
+
+  boot.initrd.postDeviceCommands =
+    ''
+      hwclock -s
+    '';
+
+  boot.kernelParams =
+    [
+      "selinux=0"
+      "console=tty1"
+      # "console=ttyS0,115200n8"  # serial console
+    ];
+
+  boot.kernelPackages = pkgs.linuxPackages_3_4;
+
+  boot.supportedFilesystems = [ "reiserfs" ];
+
+  /* fake entry, just to have a happy stage-1. Users
+     may boot without having stage-1 though */
+  fileSystems = [
+    { mountPoint = "/";
+      device = "/dev/something";
+      }
+  ];
+
+  services.mingetty = {
+    # Some more help text.
+    helpLine = ''
+      Log in as "root" with an empty password.  ${
+        if config.services.xserver.enable then
+          "Type `start xserver' to start\nthe graphical user interface."
+        else ""
+      }
+    '';
+  };
+
+  # Setting vesa, we don't get the nvidia driver, which can't work in arm.
+  services.xserver.videoDriver = "vesa";
+  services.xserver.videoDrivers = [];
+  services.nixosManual.enable = false;
+
+  # Include the firmware for various wireless cards.
+  networking.enableRalinkFirmware = true;
+  networking.enableIntel2200BGFirmware = true;
+
+  # To speed up further installation of packages, include the complete stdenv
+  # in the Nix store of the tarball.
+  tarball.storeContents = pkgs2storeContents [ pkgs.stdenv ];
+  tarball.contents = [
+    { source = kernelParams;
+      target = "/kernelparams.txt";
+    }
+    { source = config.boot.kernelPackages.kernel + "/" + config.system.boot.loader.kernelFile;
+      target = "/boot/" + config.system.boot.loader.kernelFile;
+    }
+    { source = pkgs.ubootSheevaplug;
+      target = "/boot/uboot";
+    }
+  ];
+
+  # Allow sshd to be started manually through "start sshd".  It should
+  # not be started by default on the installation CD because the
+  # default root password is empty.
+  services.openssh.enable = true;
+  jobs.openssh.startOn = pkgs.lib.mkOverride 50 "";
+
+  # cpufrequtils fails to build on non-pc
+  powerManagement.enable = false;
+
+  nixpkgs.config = {
+    platform = pkgs.platforms.sheevaplug;
+  };
+}
diff --git a/nixos/modules/installer/cd-dvd/system-tarball.nix b/nixos/modules/installer/cd-dvd/system-tarball.nix
new file mode 100644
index 000000000000..8d678fba71f5
--- /dev/null
+++ b/nixos/modules/installer/cd-dvd/system-tarball.nix
@@ -0,0 +1,92 @@
+# This module creates a bootable ISO image containing the given NixOS
+# configuration.  The derivation for the ISO image will be placed in
+# config.system.build.tarball.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  versionFile = pkgs.writeText "nixos-version" config.system.nixosVersion;
+
+in
+
+{
+  options = {
+    tarball.contents = mkOption {
+      example =
+        [ { source = pkgs.memtest86 + "/memtest.bin";
+            target = "boot/memtest.bin";
+          }
+        ];
+      description = ''
+        This option lists files to be copied to fixed locations in the
+        generated ISO image.
+      '';
+    };
+
+    tarball.storeContents = mkOption {
+      example = [pkgs.stdenv];
+      description = ''
+        This option lists additional derivations to be included in the
+        Nix store in the generated ISO image.
+      '';
+    };
+
+  };
+
+  config = {
+
+    # In stage 1 of the boot, mount the CD/DVD as the root FS by label
+    # so that we don't need to know its device.
+    fileSystems = [ ];
+
+    # boot.initrd.availableKernelModules = [ "mvsdio" "mmc_block" "reiserfs" "ext3" "ext4" ];
+
+    # boot.initrd.kernelModules = [ "rtc_mv" ];
+
+    # Closures to be copied to the Nix store on the CD, namely the init
+    # script and the top-level system configuration directory.
+    tarball.storeContents =
+      [ { object = config.system.build.toplevel;
+          symlink = "/run/current-system";
+        }
+      ];
+
+    # Individual files to be included on the CD, outside of the Nix
+    # store on the CD.
+    tarball.contents =
+      [ { source = config.system.build.initialRamdisk + "/initrd";
+          target = "/boot/initrd";
+        }
+        { source = versionFile;
+          target = "/nixos-version.txt";
+        }
+      ];
+
+    # Create the tarball
+    system.build.tarball = import ../../../lib/make-system-tarball.nix {
+      inherit (pkgs) stdenv perl xz pathsFromGraph;
+
+      inherit (config.tarball) contents storeContents;
+    };
+
+    boot.postBootCommands =
+      ''
+        # After booting, register the contents of the Nix store on the
+        # CD in the Nix database in the tmpfs.
+        if [ -f /nix-path-registration ]; then
+          ${config.nix.package}/bin/nix-store --load-db < /nix-path-registration &&
+          rm /nix-path-registration
+        fi
+
+        # nixos-rebuild also requires a "system" profile and an
+        # /etc/NIXOS tag.
+        touch /etc/NIXOS
+        ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/installer/scan/detected.nix b/nixos/modules/installer/scan/detected.nix
new file mode 100644
index 000000000000..09d04608e685
--- /dev/null
+++ b/nixos/modules/installer/scan/detected.nix
@@ -0,0 +1,13 @@
+# List all devices which are detected by nixos-hardware-scan.
+# Common devices are enabled by default.
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+{
+  config = mkDefault {
+    # Wireless card firmware
+    networking.enableIntel2200BGFirmware = true;
+    networking.enableIntel3945ABGFirmware = true;
+  };
+}
diff --git a/nixos/modules/installer/scan/not-detected.nix b/nixos/modules/installer/scan/not-detected.nix
new file mode 100644
index 000000000000..814858fdffda
--- /dev/null
+++ b/nixos/modules/installer/scan/not-detected.nix
@@ -0,0 +1,9 @@
+# List all devices which are _not_ detected by nixos-hardware-scan.
+# Common devices are enabled by default.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  hardware.enableAllFirmware = true;
+}
diff --git a/nixos/modules/installer/tools/get-version-suffix b/nixos/modules/installer/tools/get-version-suffix
new file mode 100644
index 000000000000..461fbf4d3d8f
--- /dev/null
+++ b/nixos/modules/installer/tools/get-version-suffix
@@ -0,0 +1,22 @@
+getVersion() {
+    local dir="$1"
+    rev=
+    if [ -e "$dir/.git" ]; then
+        if [ -z "$(type -P git)" ]; then
+            echo "warning: Git not found; cannot figure out revision of $dir" >&2
+            return
+        fi
+        cd "$dir"
+        rev=$(git rev-parse --short HEAD)
+        if git describe --always --dirty | grep -q dirty; then
+            rev+=M
+        fi
+    fi
+}
+
+if nixpkgs=$(nix-instantiate --find-file nixpkgs "$@"); then
+    getVersion $nixpkgs
+    if [ -n "$rev" ]; then
+        echo "pre-$rev"
+    fi
+fi
diff --git a/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix b/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
new file mode 100644
index 000000000000..5e77b701ff5a
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-build-vms/build-vms.nix
@@ -0,0 +1,9 @@
+{ system ? builtins.currentSystem
+, networkExpr
+}:
+
+let nodes = import networkExpr; in
+
+with import ../../../../lib/testing.nix { inherit system; };
+
+(complete { inherit nodes; testScript = ""; }).driver
diff --git a/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh b/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh
new file mode 100644
index 000000000000..f9cbfffde704
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-build-vms/nixos-build-vms.sh
@@ -0,0 +1,57 @@
+#! @shell@ -e
+
+# Shows the usage of this command to the user
+
+showUsage() {
+    exec man nixos-build-vms
+    exit 1
+}
+
+# Parse valid argument options
+
+PARAMS=`getopt -n $0 -o h -l no-out-link,show-trace,help -- "$@"`
+
+if [ $? != 0 ]
+then
+    showUsage
+    exit 1
+fi
+
+eval set -- "$PARAMS"
+
+# Evaluate valid options
+
+while [ "$1" != "--" ]
+do
+    case "$1" in
+	--no-out-link)
+	    noOutLinkArg="--no-out-link"
+	    ;;
+	--show-trace)
+	    showTraceArg="--show-trace"
+	    ;;
+	-h|--help)
+	    showUsage
+	    exit 0
+	    ;;
+    esac
+    
+    shift
+done
+
+shift
+
+# Validate the given options
+
+if [ "$1" = "" ]
+then
+    echo "ERROR: A network expression must be specified!" >&2
+    exit 1
+else
+    networkExpr=$(readlink -f $1)
+fi
+
+# Build a network of VMs
+
+nix-build '<nixos/modules/installer/tools/nixos-build-vms/build-vms.nix>' \
+    --argstr networkExpr $networkExpr $noOutLinkArg $showTraceArg
diff --git a/nixos/modules/installer/tools/nixos-checkout.nix b/nixos/modules/installer/tools/nixos-checkout.nix
new file mode 100644
index 000000000000..418998556864
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-checkout.nix
@@ -0,0 +1,49 @@
+# This module generates the nixos-checkout script, which replaces the
+# Nixpkgs source trees in /etc/nixos/nixpkgs with a Git checkout.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  nixosCheckout = pkgs.substituteAll {
+    name = "nixos-checkout";
+    dir = "bin";
+    isExecutable = true;
+    src = pkgs.writeScript "nixos-checkout"
+      ''
+        #! ${pkgs.stdenv.shell} -e
+
+        if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
+          echo "Usage: `basename $0` [PREFIX]. See NixOS Manual for more info."
+          exit 0
+        fi
+
+        prefix="$1"
+        if [ -z "$prefix" ]; then prefix=/etc/nixos; fi
+        mkdir -p "$prefix"
+        cd "$prefix"
+
+        if [ -z "$(type -P git)" ]; then
+            echo "installing Git..."
+            nix-env -iA nixos.pkgs.git || nix-env -i git
+        fi
+
+        # Move any old nixpkgs directories out of the way.
+        backupTimestamp=$(date "+%Y%m%d%H%M%S")
+
+        if [ -e nixpkgs -a ! -e nixpkgs/.git ]; then
+            mv nixpkgs nixpkgs-$backupTimestamp
+        fi
+
+        # Check out the NixOS and Nixpkgs sources.
+        git clone git://github.com/NixOS/nixpkgs.git nixpkgs
+      '';
+   };
+
+in
+
+{
+  environment.systemPackages = [ nixosCheckout ];
+}
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
new file mode 100644
index 000000000000..0f9142990ec1
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -0,0 +1,450 @@
+#! @perl@
+
+use File::Spec;
+use File::Path;
+use File::Basename;
+use File::Slurp;
+
+
+sub uniq {
+    my %seen;
+    my @res = ();
+    foreach my $s (@_) {
+        if (!defined $seen{$s}) {
+            $seen{$s} = 1;
+            push @res, $s;
+        }
+    }
+    return @res;
+}
+
+
+# Process the command line.
+my $outDir = "/etc/nixos";
+my $rootDir = ""; # = /
+my $force = 0;
+my $noFilesystems = 0;
+my $showHardwareConfig = 0;
+
+for (my $n = 0; $n < scalar @ARGV; $n++) {
+    my $arg = $ARGV[$n];
+    if ($arg eq "--help") {
+        exec "man nixos-generate-config" or die;
+    }
+    elsif ($arg eq "--dir") {
+        $n++;
+        $outDir = $ARGV[$n];
+        die "$0: ‘--dir’ requires an argument\n" unless defined $outDir;
+    }
+    elsif ($arg eq "--root") {
+        $n++;
+        $rootDir = $ARGV[$n];
+        die "$0: ‘--root’ requires an argument\n" unless defined $rootDir;
+        $rootDir =~ s/\/*$//; # remove trailing slashes
+    }
+    elsif ($arg eq "--force") {
+        $force = 1;
+    }
+    elsif ($arg eq "--no-filesystems") {
+        $noFilesystems = 1;
+    }
+    elsif ($arg eq "--show-hardware-config") {
+        $showHardwareConfig = 1;
+    }
+    else {
+        die "$0: unrecognized argument ‘$arg’\n";
+    }
+}
+
+
+my @attrs = ();
+my @kernelModules = ();
+my @initrdKernelModules = ();
+my @modulePackages = ();
+my @imports = ("<nixos/modules/installer/scan/not-detected.nix>");
+
+
+sub debug {
+    return unless defined $ENV{"DEBUG"};
+    print STDERR @_;
+}
+
+
+my $cpuinfo = read_file "/proc/cpuinfo";
+
+
+sub hasCPUFeature {
+    my $feature = shift;
+    return $cpuinfo =~ /^flags\s*:.* $feature( |$)/m;
+}
+
+
+# Detect the number of CPU cores.
+my $cpus = scalar (grep {/^processor\s*:/} (split '\n', $cpuinfo));
+
+
+# Virtualization support?
+push @kernelModules, "kvm-intel" if hasCPUFeature "vmx";
+push @kernelModules, "kvm-amd" if hasCPUFeature "svm";
+
+
+# Look at the PCI devices and add necessary modules.  Note that most
+# modules are auto-detected so we don't need to list them here.
+# However, some are needed in the initrd to boot the system.
+
+my $videoDriver;
+
+sub pciCheck {
+    my $path = shift;
+    my $vendor = read_file "$path/vendor";
+    my $device = read_file "$path/device";
+    my $class = read_file "$path/class";
+
+    my $module;
+    if (-e "$path/driver/module") {
+        $module = basename `readlink -f $path/driver/module`;
+        chomp $module;
+    }
+
+    debug "$path: $vendor $device $class";
+    debug " $module" if defined $module;
+    debug "\n";
+
+    if (defined $module) {
+        # See the bottom of http://pciids.sourceforge.net/pci.ids for
+        # device classes.
+        if (# Mass-storage controller.  Definitely important.
+            $class =~ /^0x01/ ||
+
+            # Firewire controller.  A disk might be attached.
+            $class =~ /^0x0c00/ ||
+
+            # USB controller.  Needed if we want to use the
+            # keyboard when things go wrong in the initrd.
+            $class =~ /^0x0c03/
+            )
+        {
+            push @initrdAvailableKernelModules, $module;
+        }
+    }
+
+    # broadcom STA driver (wl.ko)
+    # list taken from http://www.broadcom.com/docs/linux_sta/README.txt
+    if ($vendor eq "0x14e4" &&
+        ($device eq "0x4311" || $device eq "0x4312" || $device eq "0x4313" ||
+         $device eq "0x4315" || $device eq "0x4327" || $device eq "0x4328" ||
+         $device eq "0x4329" || $device eq "0x432a" || $device eq "0x432b" ||
+         $device eq "0x432c" || $device eq "0x432d" || $device eq "0x4353" ||
+         $device eq "0x4357" || $device eq "0x4358" || $device eq "0x4359" ) )
+     {
+        push @modulePackages, "config.boot.kernelPackages.broadcom_sta";
+        push @kernelModules, "wl";
+     }
+
+    # Can't rely on $module here, since the module may not be loaded
+    # due to missing firmware.  Ideally we would check modules.pcimap
+    # here.
+    push @attrs, "networking.enableIntel2200BGFirmware = true;" if
+        $vendor eq "0x8086" &&
+        ($device eq "0x1043" || $device eq "0x104f" || $device eq "0x4220" ||
+         $device eq "0x4221" || $device eq "0x4223" || $device eq "0x4224");
+
+    push @attrs, "networking.enableIntel3945ABGFirmware = true;" if
+        $vendor eq "0x8086" &&
+        ($device eq "0x4229" || $device eq "0x4230" ||
+         $device eq "0x4222" || $device eq "0x4227");
+
+    # Assume that all NVIDIA cards are supported by the NVIDIA driver.
+    # There may be exceptions (e.g. old cards).
+    $videoDriver = "nvidia" if $vendor eq "0x10de" && $class =~ /^0x03/;
+}
+
+foreach my $path (glob "/sys/bus/pci/devices/*") {
+    pciCheck $path;
+}
+
+push @attrs, "services.xserver.videoDrivers = [ \"$videoDriver\" ];" if $videoDriver;
+
+
+# Idem for USB devices.
+
+sub usbCheck {
+    my $path = shift;
+    my $class = read_file "$path/bInterfaceClass";
+    my $subclass = read_file "$path/bInterfaceSubClass";
+    my $protocol = read_file "$path/bInterfaceProtocol";
+
+    my $module;
+    if (-e "$path/driver/module") {
+        $module = basename `readlink -f $path/driver/module`;
+        chomp $module;
+    }
+
+    debug "$path: $class $subclass $protocol";
+    debug " $module" if defined $module;
+    debug "\n";
+
+    if (defined $module) {
+        if (# Mass-storage controller.  Definitely important.
+            $class eq "08" ||
+
+            # Keyboard.  Needed if we want to use the
+            # keyboard when things go wrong in the initrd.
+            ($class eq "03" && $protocol eq "01")
+            )
+        {
+            push @initrdAvailableKernelModules, $module;
+        }
+    }
+}
+
+foreach my $path (glob "/sys/bus/usb/devices/*") {
+    if (-e "$path/bInterfaceClass") {
+        usbCheck $path;
+    }
+}
+
+
+# Add the modules for all block devices.
+foreach my $path (glob "/sys/class/block/*") {
+    my $module;
+    if (-e "$path/device/driver/module") {
+        $module = basename `readlink -f $path/device/driver/module`;
+        chomp $module;
+        push @initrdAvailableKernelModules, $module;
+    }
+}
+
+
+# Check if we're a VirtualBox guest.  If so, enable the guest
+# additions.
+my $dmi = `@dmidecode@/sbin/dmidecode`;
+if ($dmi =~ /Manufacturer: innotek/) {
+    push @attrs, "services.virtualbox.enable = true;"
+}
+
+
+# Generate the swapDevices option from the currently activated swap
+# devices.
+my @swaps = read_file("/proc/swaps");
+shift @swaps;
+my @swapDevices;
+foreach my $swap (@swaps) {
+    $swap =~ /^(\S+)\s/;
+    push @swapDevices, "{ device = \"$1\"; }";
+}
+
+
+# Generate the fileSystems option from the currently mounted
+# filesystems.
+sub in {
+    my ($d1, $d2) = @_;
+    return $d1 eq $d2 || substr($d1, 0, length($d2) + 1) eq "$d2/";
+}
+
+my $fileSystems;
+my %fsByDev;
+foreach my $fs (read_file("/proc/self/mountinfo")) {
+    chomp $fs;
+    my @fields = split / /, $fs;
+    my $mountPoint = $fields[4];
+    next unless -d $mountPoint;
+    my @mountOptions = split /,/, $fields[5];
+
+    next if !in($mountPoint, $rootDir);
+    $mountPoint = substr($mountPoint, length($rootDir)); # strip the root directory (e.g. /mnt)
+    $mountPoint = "/" if $mountPoint eq "";
+
+    # Skip special filesystems.
+    next if in($mountPoint, "/proc") || in($mountPoint, "/dev") || in($mountPoint, "/sys") || in($mountPoint, "/run");
+
+    # Skip the optional fields.
+    my $n = 6; $n++ while $fields[$n] ne "-"; $n++;
+    my $fsType = $fields[$n];
+    my $device = $fields[$n + 1];
+    my @superOptions = split /,/, $fields[$n + 2];
+
+    # Skip the read-only bind-mount on /nix/store.
+    next if $mountPoint eq "/nix/store" && (grep { $_ eq "rw" } @superOptions) && (grep { $_ eq "ro" } @mountOptions);
+
+    # Maybe this is a bind-mount of a filesystem we saw earlier?
+    if (defined $fsByDev{$fields[2]}) {
+        my $path = $fields[3]; $path = "" if $path eq "/";
+        $fileSystems .= <<EOF;
+  fileSystems.\"$mountPoint\" =
+    { device = \"$fsByDev{$fields[2]}$path\";
+      fsType = \"none\";
+      options = \"bind\";
+    };
+
+EOF
+        next;
+    }
+    $fsByDev{$fields[2]} = $mountPoint;
+
+    # We don't know how to handle FUSE filesystems.
+    if ($fsType eq "fuseblk" || $fsType eq "fuse") {
+        print STDERR "warning: don't know how to emit ‘fileSystem’ option for FUSE filesystem ‘$mountPoint’\n";
+        next;
+    }
+
+    # Is this a mount of a loopback device?
+    my @extraOptions;
+    if ($device =~ /\/dev\/loop(\d+)/) {
+        my $loopnr = $1;
+        my $backer = read_file "/sys/block/loop$loopnr/loop/backing_file";
+        if (defined $backer) {
+            chomp $backer;
+            $device = $backer;
+            push @extraOptions, "loop";
+        }
+    }
+
+    # Emit the filesystem.
+    $fileSystems .= <<EOF;
+  fileSystems.\"$mountPoint\" =
+    { device = \"$device\";
+      fsType = \"$fsType\";
+      options = \"${\join ",", uniq(@extraOptions, @superOptions, @mountOptions)}\";
+    };
+
+EOF
+}
+
+
+# Generate the hardware configuration file.
+
+sub toNixExpr {
+    my $res = "";
+    foreach my $s (@_) {
+        $res .= " \"$s\"";
+    }
+    return $res;
+}
+
+sub multiLineList {
+    my $indent = shift;
+    return "[ ]" if !@_;
+    $res = "\n${indent}[ ";
+    my $first = 1;
+    foreach my $s (@_) {
+        $res .= "$indent  " if !$first;
+        $first = 0;
+        $res .= "$s\n";
+    }
+    $res .= "$indent]";
+    return $res;
+}
+
+my $initrdAvailableKernelModules = toNixExpr(uniq @initrdAvailableKernelModules);
+my $kernelModules = toNixExpr(uniq @kernelModules);
+my $modulePackages = toNixExpr(uniq @modulePackages);
+
+my $fsAndSwap = "";
+if (!$noFilesystems) {
+    $fsAndSwap = "\n${fileSystems}  ";
+    $fsAndSwap .= "swapDevices =" . multiLineList("    ", @swapDevices) . ";\n";
+}
+
+my $hwConfig = <<EOF;
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, pkgs, ... }:
+
+{
+  imports =${\multiLineList("    ", @imports)};
+
+  boot.initrd.availableKernelModules = [$initrdAvailableKernelModules ];
+  boot.kernelModules = [$kernelModules ];
+  boot.extraModulePackages = [$modulePackages ];
+$fsAndSwap
+  nix.maxJobs = $cpus;
+${\join "", (map { "  $_\n" } (uniq @attrs))}}
+EOF
+
+
+if ($showHardwareConfig) {
+    print STDOUT $hwConfig;
+} else {
+    $outDir = "$rootDir$outDir";
+
+    my $fn = "$outDir/hardware-configuration.nix";
+    print STDERR "writing $fn...\n";
+    mkpath($outDir, 0, 0755);
+    write_file($fn, $hwConfig);
+
+    # Generate a basic configuration.nix, unless one already exists.
+    $fn = "$outDir/configuration.nix";
+    if ($force || ! -e $fn) {
+        print STDERR "writing $fn...\n";
+
+        my $bootloaderConfig;
+        if (-e "/sys/firmware/efi/efivars") {
+            $bootLoaderConfig = <<EOF;
+  # Use the gummiboot efi boot loader.
+  boot.loader.grub.enable = false;
+  boot.loader.gummiboot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+  # !!! Remove this when nixos is on 3.10 or greater by default
+  # EFI booting requires kernel >= 3.10
+  boot.kernelPackages = pkgs.linuxPackages_3_10;
+EOF
+        } else {
+            $bootLoaderConfig = <<EOF;
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # Define on which hard drive you want to install Grub.
+  # boot.loader.grub.device = "/dev/sda";
+EOF
+        }
+
+        write_file($fn, <<EOF);
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+$bootLoaderConfig
+  # networking.hostName = "nixos"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless.
+
+  # Select internationalisation properties.
+  # i18n = {
+  #   consoleFont = "lat9w-16";
+  #   consoleKeyMap = "us";
+  #   defaultLocale = "en_US.UTF-8";
+  # };
+
+  # List services that you want to enable:
+
+  # Enable the OpenSSH daemon.
+  # services.openssh.enable = true;
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable the KDE Desktop Environment.
+  # services.xserver.displayManager.kdm.enable = true;
+  # services.xserver.desktopManager.kde4.enable = true;
+}
+EOF
+    } else {
+        print STDERR "warning: not overwriting existing $fn\n";
+    }
+}
+
+# workaround for a bug in substituteAll
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh
new file mode 100644
index 000000000000..126d5b185e81
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-install.sh
@@ -0,0 +1,240 @@
+#! @shell@
+
+# - [mount target device] <- currently disabled
+# - make Nix store etc.
+# - copy closure of Nix to target device
+# - register validity
+# - with a chroot to the target device:
+#   * nix-env -p /nix/var/nix/profiles/system -i <nix-expr for the configuration>
+#   * run the activation script of the configuration (also installs Grub)
+
+# Parse the command line for the -I flag
+extraBuildFlags=()
+
+while [ "$#" -gt 0 ]; do
+    i="$1"; shift 1
+    case "$i" in
+        -I)
+            given_path="$1"; shift 1
+            absolute_path=$(readlink -m $given_path)
+            extraBuildFlags+=("$i" "/mnt$absolute_path")
+            ;;
+        --help)
+            exec man nixos-install
+            exit 1
+            ;;
+        *)
+            echo "$0: unknown option \`$i'"
+            exit 1
+            ;;
+    esac
+done
+
+set -e
+shopt -s nullglob
+
+if test -z "$mountPoint"; then
+    mountPoint=/mnt
+fi
+
+if test -z "$NIXOS_CONFIG"; then
+    NIXOS_CONFIG=/etc/nixos/configuration.nix
+fi
+
+if ! test -e "$mountPoint"; then
+    echo "mount point $mountPoint doesn't exist"
+    exit 1
+fi
+
+if ! grep -F -q " $mountPoint " /proc/mounts; then
+    echo "$mountPoint doesn't appear to be a mount point"
+    exit 1
+fi
+
+if ! test -e "$mountPoint/$NIXOS_CONFIG"; then
+    echo "configuration file $mountPoint/$NIXOS_CONFIG doesn't exist"
+    exit 1
+fi
+
+
+
+# Mount some stuff in the target root directory.  We bind-mount /etc
+# into the chroot because we need networking and the nixbld user
+# accounts in /etc/passwd.  But we do need the target's /etc/nixos.
+mkdir -m 0755 -p $mountPoint/dev $mountPoint/proc $mountPoint/sys $mountPoint/mnt $mountPoint/mnt2 $mountPoint/mnt-nixpkgs $mountPoint/etc /etc/nixos
+mount --make-private / # systemd makes / shared, which is annoying
+mount --bind / $mountPoint/mnt
+mount --bind /nix $mountPoint/mnt/nix
+mount --bind /nix/store $mountPoint/mnt/nix/store
+mount --bind /dev $mountPoint/dev
+mount --bind /dev/shm $mountPoint/dev/shm
+mount --bind /proc $mountPoint/proc
+mount --bind /sys $mountPoint/sys
+mount --bind /sys/firmware/efi/efivars $mountPoint/sys/firmware/efi/efivars &>/dev/null || true
+mount --bind $mountPoint/etc/nixos $mountPoint/mnt2
+mount --bind /etc $mountPoint/etc
+mount --bind $mountPoint/mnt2 $mountPoint/etc/nixos
+
+cleanup() {
+    set +e
+    mountpoint -q $mountPoint/etc/nixos && umount $mountPoint/etc/nixos
+    mountpoint -q $mountPoint/etc && umount $mountPoint/etc
+    umount $mountPoint/mnt2
+    umount $mountPoint/mnt-nixpkgs
+    umount $mountPoint/sys/firmware/efi/efivars &>/dev/null || true
+    umount $mountPoint/sys
+    umount $mountPoint/proc
+    umount $mountPoint/dev/shm
+    umount $mountPoint/dev
+    umount $mountPoint/mnt/nix/store
+    umount $mountPoint/mnt/nix
+    umount $mountPoint/mnt
+    rmdir $mountPoint/mnt $mountPoint/mnt2 $mountPoint/mnt-nixpkgs
+}
+
+trap "cleanup" EXIT
+
+mkdir -m 01777 -p $mountPoint/tmp
+mkdir -m 0755 -p $mountPoint/var
+
+
+# Create the necessary Nix directories on the target device, if they
+# don't already exist.
+mkdir -m 0755 -p \
+    $mountPoint/nix/var/nix/gcroots \
+    $mountPoint/nix/var/nix/temproots \
+    $mountPoint/nix/var/nix/manifests \
+    $mountPoint/nix/var/nix/userpool \
+    $mountPoint/nix/var/nix/profiles \
+    $mountPoint/nix/var/nix/db \
+    $mountPoint/nix/var/log/nix/drvs
+
+mkdir -m 1775 -p $mountPoint/nix/store
+build_users_group=$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"build-users-group"};')
+if test -n "$build_users_group"; then
+    chown root:"$build_users_group" $mountPoint/nix/store
+else
+    chown root $mountPoint/nix/store
+fi
+
+
+# Get the store paths to copy from the references graph.
+storePaths=$(@perl@/bin/perl @pathsFromGraph@ @nixClosure@)
+
+
+# Copy Nix to the Nix store on the target device.
+echo "copying Nix to $mountPoint...."
+for i in $storePaths; do
+    echo "  $i"
+    chattr -R -i $mountPoint/$i 2> /dev/null || true # clear immutable bit
+    rsync -a $i $mountPoint/nix/store/
+done
+
+
+# We don't have locale-archive in the chroot, so clear $LANG.
+export LANG=
+export LC_ALL=
+export LC_TIME=
+
+
+# There is no daemon in the chroot
+unset NIX_REMOTE
+
+
+# Create a temporary Nix config file that causes the nixbld users to
+# be used.
+if test -n "$build_users_group"; then
+    echo "build-users-group = $build_users_group" > $mountPoint/tmp/nix.conf
+fi
+binary_caches=$(@perl@/bin/perl -I @nix@/lib/perl5/site_perl/*/* -e 'use Nix::Config; Nix::Config::readConfig; print $Nix::Config::config{"binary-caches"};')
+if test -n "$binary_caches"; then
+    echo "binary-caches = $binary_caches" >> $mountPoint/tmp/nix.conf
+fi
+export NIX_CONF_DIR=/tmp
+
+
+# Register the paths in the Nix closure as valid.  This is necessary
+# to prevent them from being deleted the first time we install
+# something.  (I.e., Nix will see that, e.g., the glibc path is not
+# valid, delete it to get it out of the way, but as a result nothing
+# will work anymore.)
+chroot $mountPoint @nix@/bin/nix-store --register-validity < @nixClosure@
+
+
+# Create the required /bin/sh symlink; otherwise lots of things
+# (notably the system() function) won't work.
+mkdir -m 0755 -p $mountPoint/bin
+# !!! assuming that @shell@ is in the closure
+ln -sf @shell@ $mountPoint/bin/sh
+
+
+if test -n "$NIXOS_PREPARE_CHROOT_ONLY"; then
+    echo "User requested only to prepare chroot. Exiting."
+    exit 0
+fi
+
+
+# Make the build below copy paths from the CD if possible.  Note that
+# /mnt in the chroot is the root of the CD.
+export NIX_OTHER_STORES=/mnt/nix:$NIX_OTHER_STORES
+
+p=@nix@/libexec/nix/substituters
+export NIX_SUBSTITUTERS=$p/copy-from-other-stores.pl:$p/download-from-binary-cache.pl
+
+
+# Make manifests available in the chroot.
+rm -f $mountPoint/nix/var/nix/manifests/*
+for i in /nix/var/nix/manifests/*.nixmanifest; do
+    chroot $mountPoint @nix@/bin/nix-store -r "$(readlink -f "$i")" > /dev/null
+    cp -pd "$i" $mountPoint/nix/var/nix/manifests/
+done
+
+
+# Get the absolute path to the NixOS/Nixpkgs sources.
+mount --bind $(readlink -f $(nix-instantiate --find-file nixpkgs)) $mountPoint/mnt-nixpkgs
+
+
+# Build the specified Nix expression in the target store and install
+# it into the system configuration profile.
+echo "building the system configuration..."
+NIX_PATH="nixpkgs=/mnt-nixpkgs:nixos=/mnt-nixpkgs/nixos:nixos-config=$NIXOS_CONFIG" NIXOS_CONFIG= \
+    chroot $mountPoint @nix@/bin/nix-env \
+    "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/system -f '<nixos>' --set -A system --show-trace
+
+
+# Copy the NixOS/Nixpkgs sources to the target as the initial contents
+# of the NixOS channel.
+mkdir -m 0755 -p $mountPoint/nix/var/nix/profiles
+mkdir -m 1777 -p $mountPoint/nix/var/nix/profiles/per-user
+mkdir -m 0755 -p $mountPoint/nix/var/nix/profiles/per-user/root
+srcs=$(nix-env "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/per-user/root/channels -q nixos --no-name --out-path 2>/dev/null || echo -n "")
+if test -n "$srcs"; then
+    echo "copying NixOS/Nixpkgs sources..."
+    chroot $mountPoint @nix@/bin/nix-env \
+        "${extraBuildFlags[@]}" -p /nix/var/nix/profiles/per-user/root/channels -i "$srcs" --quiet
+fi
+mkdir -m 0700 -p $mountPoint/root/.nix-defexpr
+ln -sfn /nix/var/nix/profiles/per-user/root/channels $mountPoint/root/.nix-defexpr/channels
+
+
+# We're done building/downloading, so we don't need the /etc bind
+# mount anymore.  In fact, below we want to modify the target's /etc.
+umount $mountPoint/etc/nixos
+umount $mountPoint/etc
+
+
+# Grub needs an mtab.
+ln -sfn /proc/mounts $mountPoint/etc/mtab
+
+
+# Mark the target as a NixOS installation, otherwise
+# switch-to-configuration will chicken out.
+touch $mountPoint/etc/NIXOS
+
+
+# Switch to the new system configuration.  This will install Grub with
+# a menu default pointing at the kernel/initrd/etc of the new
+# configuration.
+echo "finalising the installation..."
+NIXOS_INSTALL_GRUB=1 chroot $mountPoint \
+    /nix/var/nix/profiles/system/bin/switch-to-configuration boot
diff --git a/nixos/modules/installer/tools/nixos-option.sh b/nixos/modules/installer/tools/nixos-option.sh
new file mode 100644
index 000000000000..60cee2519da0
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-option.sh
@@ -0,0 +1,234 @@
+#! @shell@ -e
+
+# FIXME: rewrite this in a more suitable language.
+
+usage () {
+    exec man nixos-option
+    exit 1
+}
+
+#####################
+# Process Arguments #
+#####################
+
+desc=false
+defs=false
+value=false
+xml=false
+verbose=false
+
+option=""
+
+argfun=""
+for arg; do
+  if test -z "$argfun"; then
+    case $arg in
+      -*)
+        longarg=""
+        sarg="$arg"
+        while test "$sarg" != "-"; do
+          case $sarg in
+            --*) longarg=$arg; sarg="--";;
+            -d*) longarg="$longarg --description";;
+            -v*) longarg="$longarg --value";;
+            -l*) longarg="$longarg --lookup";;
+            -*) usage;;
+          esac
+          # remove the first letter option
+          sarg="-${sarg#??}"
+        done
+        ;;
+      *) longarg=$arg;;
+    esac
+    for larg in $longarg; do
+      case $larg in
+        --description) desc=true;;
+        --value) value=true;;
+        --lookup) defs=true;;
+        --xml) xml=true;;
+        --verbose) verbose=true;;
+        --help) usage;;
+        -*) usage;;
+        *) if test -z "$option"; then
+             option="$larg"
+           else
+             usage
+           fi;;
+      esac
+    done
+  else
+    case $argfun in
+      set_*)
+        var=$(echo $argfun | sed 's,^set_,,')
+        eval $var=$arg
+        ;;
+    esac
+    argfun=""
+  fi
+done
+
+if $xml; then
+  value=true
+  desc=true
+  defs=true
+fi
+
+if ! $defs && ! $desc; then
+  value=true
+fi
+
+if $verbose; then
+  set -x
+else
+  set +x
+fi
+
+#############################
+# Process the configuration #
+#############################
+
+evalNix(){
+  nix-instantiate - --eval-only "$@"
+}
+
+evalAttr(){
+  local prefix="$1"
+  local strict="$2"
+  local suffix="$3"
+  echo "(import <nixos> {}).$prefix${option:+.$option}${suffix:+.$suffix}" |
+    evalNix ${strict:+--strict}
+}
+
+evalOpt(){
+  evalAttr "options" "" "$@"
+}
+
+evalCfg(){
+  local strict="$1"
+  evalAttr "config" "$strict"
+}
+
+findSources(){
+  local suffix=$1
+  echo "(import <nixos> {}).options${option:+.$option}.$suffix" |
+    evalNix --strict
+}
+
+# Given a result from nix-instantiate, recover the list of attributes it
+# contains.
+attrNames() {
+  local attributeset=$1
+  # sed is used to replace un-printable subset by 0s, and to remove most of
+  # the inner-attribute set, which reduce the likelyhood to encounter badly
+  # pre-processed input.
+  echo "builtins.attrNames $attributeset" | \
+    sed 's,<[A-Z]*>,0,g; :inner; s/{[^\{\}]*};/0;/g; t inner;' | \
+    evalNix --strict
+}
+
+# map a simple list which contains strings or paths.
+nixMap() {
+  local fun="$1"
+  local list="$2"
+  local elem
+  for elem in $list; do
+    test $elem = '[' -o $elem = ']' && continue;
+    $fun $elem
+  done
+}
+
+# This duplicates the work made below, but it is useful for processing
+# the output of nixos-option with other tools such as nixos-gui.
+if $xml; then
+  evalNix --xml --no-location <<EOF
+let
+  reach = attrs: attrs${option:+.$option};
+  nixos = import <nixos> {};
+  nixpkgs = import <nixpkgs> {};
+  sources = builtins.map (f: f.source);
+  opt = reach nixos.options;
+  cfg = reach nixos.config;
+in
+
+with nixpkgs.lib;
+
+let
+  optStrict = v:
+    let
+      traverse = x :
+        if isAttrs x then
+          if x ? outPath then true
+          else all id (mapAttrsFlatten (n: traverseNoAttrs) x)
+        else traverseNoAttrs x;
+      traverseNoAttrs = x:
+        # do not continue in attribute sets
+        if isAttrs x then true
+        else if isList x then all id (map traverse x)
+        else true;
+    in assert traverse v; v;
+in
+
+if isOption opt then
+  optStrict ({}
+  // optionalAttrs (opt ? default) { inherit (opt) default; }
+  // optionalAttrs (opt ? example) { inherit (opt) example; }
+  // optionalAttrs (opt ? description) { inherit (opt) description; }
+  // optionalAttrs (opt ? type) { typename = opt.type.name; }
+  // optionalAttrs (opt ? options) { inherit (opt) options; }
+  // {
+    # to disambiguate the xml output.
+    _isOption = true;
+    declarations = sources opt.declarations;
+    definitions = sources opt.definitions;
+    value = cfg;
+  })
+else
+  opt
+EOF
+  exit $?
+fi
+
+if test "$(evalOpt "_type" 2> /dev/null)" = '"option"'; then
+  $value && evalCfg 1
+
+  if $desc; then
+    $value && echo;
+
+    if default=$(evalOpt "default" - 2> /dev/null); then
+      echo "Default: $default"
+    else
+      echo "Default: <None>"
+    fi
+    if example=$(evalOpt "example" - 2> /dev/null); then
+      echo "Example: $example"
+    fi
+    echo "Description:"
+    eval printf $(evalOpt "description")
+  fi
+
+  if $defs; then
+    $desc || $value && echo;
+
+    printPath () { echo "  $1"; }
+
+    echo "Declared by:"
+    nixMap printPath "$(findSources "declarations")"
+    echo ""
+    echo "Defined by:"
+    nixMap printPath "$(findSources "files")"
+    echo ""
+  fi
+
+else
+  # echo 1>&2 "Warning: This value is not an option."
+
+  result=$(evalCfg "")
+  if names=$(attrNames "$result" 2> /dev/null); then
+    echo 1>&2 "This attribute set contains:"
+    escapeQuotes () { eval echo "$1"; }
+    nixMap escapeQuotes "$names"
+  else
+    echo 1>&2 "An error occured while looking for attribute names."
+    echo $result
+  fi
+fi
diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh
new file mode 100644
index 000000000000..5c89394abceb
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-rebuild.sh
@@ -0,0 +1,185 @@
+#! @shell@ -e
+
+showSyntax() {
+    exec man nixos-rebuild
+    exit 1
+}
+
+
+# Parse the command line.
+extraBuildFlags=()
+action=
+buildNix=1
+rollback=
+upgrade=
+repair=
+profile=/nix/var/nix/profiles/system
+
+while [ "$#" -gt 0 ]; do
+    i="$1"; shift 1
+    case "$i" in
+      --help)
+        showSyntax
+        ;;
+      switch|boot|test|build|dry-run|build-vm|build-vm-with-bootloader)
+        action="$i"
+        ;;
+      --install-grub)
+        export NIXOS_INSTALL_GRUB=1
+        ;;
+      --no-build-nix)
+        buildNix=
+        ;;
+      --rollback)
+        rollback=1
+        ;;
+      --upgrade)
+        upgrade=1
+        ;;
+      --repair)
+        repair=1
+        extraBuildFlags+=("$i")
+        ;;
+      --show-trace|--no-build-hook|--keep-failed|-K|--keep-going|-k|--verbose|-v|-vv|-vvv|-vvvv|-vvvvv|--fallback|--repair)
+        extraBuildFlags+=("$i")
+        ;;
+      --max-jobs|-j|--cores|-I)
+        j="$1"; shift 1
+        extraBuildFlags+=("$i" "$j")
+        ;;
+      --option)
+        j="$1"; shift 1
+        k="$1"; shift 1
+        extraBuildFlags+=("$i" "$j" "$k")
+        ;;
+      --fast)
+        buildNix=
+        extraBuildFlags+=(--show-trace)
+        ;;
+      --profile-name|-p)
+        if [ -z "$1" ]; then
+            echo "$0: ‘--profile-name’ requires an argument"
+            exit 1
+        fi
+        if [ "$1" != system ]; then
+            profile="/nix/var/nix/profiles/system-profiles/$1"
+            mkdir -p -m 0755 "$(dirname "$profile")"
+        fi
+        shift 1
+        ;;
+      *)
+        echo "$0: unknown option \`$i'"
+        exit 1
+        ;;
+    esac
+done
+
+if [ -z "$action" ]; then showSyntax; fi
+
+if [ -n "$rollback" ]; then
+    buildNix=
+fi
+
+
+tmpDir=$(mktemp -t -d nixos-rebuild.XXXXXX)
+trap 'rm -rf "$tmpDir"' EXIT
+
+
+# If the Nix daemon is running, then use it.  This allows us to use
+# the latest Nix from Nixpkgs (below) for expression evaluation, while
+# still using the old Nix (via the daemon) for actual store access.
+# This matters if the new Nix in Nixpkgs has a schema change.  It
+# would upgrade the schema, which should only happen once we actually
+# switch to the new configuration.
+# If --repair is given, don't try to use the Nix daemon, because the
+# flag can only be used directly.
+if [ -z "$repair" ] && systemctl show nix-daemon.socket nix-daemon.service | grep -q ActiveState=active; then
+    export NIX_REMOTE=${NIX_REMOTE:-daemon}
+fi
+
+
+# If ‘--upgrade’ is given, run ‘nix-channel --update nixos’.
+if [ -n "$upgrade" ]; then
+    nix-channel --update nixos
+fi
+
+
+# First build Nix, since NixOS may require a newer version than the
+# current one.  Of course, the same goes for Nixpkgs, but Nixpkgs is
+# more conservative.
+if [ "$action" != dry-run -a -n "$buildNix" ]; then
+    echo "building Nix..." >&2
+    if ! nix-build '<nixpkgs/nixos>' -A config.nix.package -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
+        if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
+            nix-build '<nixpkgs>' -A nixUnstable -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null
+        fi
+    fi
+    PATH=$tmpDir/nix/bin:$PATH
+fi
+
+
+# Update the version suffix if we're building from Git (so that
+# nixos-version shows something useful).
+if nixpkgs=$(nix-instantiate --find-file nixpkgs "${extraBuildFlags[@]}"); then
+    suffix=$(@shell@ $nixpkgs/nixos/modules/installer/tools/get-version-suffix "${extraBuildFlags[@]}" || true)
+    if [ -n "$suffix" ]; then
+        echo -n "$suffix" > "$nixpkgs/.version-suffix" || true
+    fi
+fi
+
+
+if [ "$action" = dry-run ]; then
+    extraBuildFlags+=(--dry-run)
+fi
+
+
+# Either upgrade the configuration in the system profile (for "switch"
+# or "boot"), or just build it and create a symlink "result" in the
+# current directory (for "build" and "test").
+if [ -z "$rollback" ]; then
+    echo "building the system configuration..." >&2
+    if [ "$action" = switch -o "$action" = boot ]; then
+        nix-env "${extraBuildFlags[@]}" -p "$profile" -f '<nixpkgs/nixos>' --set -A system
+        pathToConfig="$profile"
+    elif [ "$action" = test -o "$action" = build -o "$action" = dry-run ]; then
+        nix-build '<nixpkgs/nixos>' -A system -K -k "${extraBuildFlags[@]}" > /dev/null
+        pathToConfig=./result
+    elif [ "$action" = build-vm ]; then
+        nix-build '<nixpkgs/nixos>' -A vm -K -k "${extraBuildFlags[@]}" > /dev/null
+        pathToConfig=./result
+    elif [ "$action" = build-vm-with-bootloader ]; then
+        nix-build '<nixpkgs/nixos>' -A vmWithBootLoader -K -k "${extraBuildFlags[@]}" > /dev/null
+        pathToConfig=./result
+    else
+        showSyntax
+    fi
+else # [ -n "$rollback" ]
+    if [ "$action" = switch -o "$action" = boot ]; then
+        nix-env --rollback -p "$profile"
+        pathToConfig="$profile"
+    elif [ "$action" = test -o "$action" = build ]; then
+        systemNumber=$(
+            nix-env -p "$profile" --list-generations |
+            sed -n '/current/ {g; p;}; s/ *\([0-9]*\).*/\1/; h'
+        )
+        ln -sT "$profile"-${systemNumber}-link ./result
+        pathToConfig=./result
+    else
+        showSyntax
+    fi
+fi
+
+
+# If we're not just building, then make the new configuration the boot
+# default and/or activate it now.
+if [ "$action" = switch -o "$action" = boot -o "$action" = test ]; then
+    $pathToConfig/bin/switch-to-configuration "$action"
+fi
+
+
+if [ "$action" = build-vm ]; then
+    cat >&2 <<EOF
+
+Done.  The virtual machine can be started by running $(echo $pathToConfig/bin/run-*-vm).
+EOF
+fi
diff --git a/nixos/modules/installer/tools/nixos-version.sh b/nixos/modules/installer/tools/nixos-version.sh
new file mode 100644
index 000000000000..5dbf277fe4c4
--- /dev/null
+++ b/nixos/modules/installer/tools/nixos-version.sh
@@ -0,0 +1,2 @@
+#! @shell@
+echo "@nixosVersion@ (@nixosCodeName@)"
diff --git a/nixos/modules/installer/tools/tools.nix b/nixos/modules/installer/tools/tools.nix
new file mode 100644
index 000000000000..652bfa917dfa
--- /dev/null
+++ b/nixos/modules/installer/tools/tools.nix
@@ -0,0 +1,109 @@
+# This module generates nixos-install, nixos-rebuild,
+# nixos-generate-config, etc.
+
+{ config, pkgs, modulesPath, ... }:
+
+let
+
+  cfg = config.installer;
+
+  makeProg = args: pkgs.substituteAll (args // {
+    dir = "bin";
+    isExecutable = true;
+  });
+
+  nixos-build-vms = makeProg {
+    name = "nixos-build-vms";
+    src = ./nixos-build-vms/nixos-build-vms.sh;
+  };
+
+  nixos-install = makeProg {
+    name = "nixos-install";
+    src = ./nixos-install.sh;
+
+    inherit (pkgs) perl pathsFromGraph;
+    nix = config.nix.package;
+
+    nixClosure = pkgs.runCommand "closure"
+      { exportReferencesGraph = ["refs" config.nix.package]; }
+      "cp refs $out";
+  };
+
+  nixos-rebuild = makeProg {
+    name = "nixos-rebuild";
+    src = ./nixos-rebuild.sh;
+  };
+
+  nixos-generate-config = makeProg {
+    name = "nixos-generate-config";
+    src = ./nixos-generate-config.pl;
+    perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
+    inherit (pkgs) dmidecode;
+  };
+
+  nixos-option = makeProg {
+    name = "nixos-option";
+    src = ./nixos-option.sh;
+  };
+
+  nixos-version = makeProg {
+    name = "nixos-version";
+    src = ./nixos-version.sh;
+    inherit (config.system) nixosVersion nixosCodeName;
+  };
+
+  /*
+  nixos-gui = pkgs.xulrunnerWrapper {
+    launcher = "nixos-gui";
+    application = pkgs.stdenv.mkDerivation {
+      name = "nixos-gui";
+      buildCommand = ''
+        cp -r "$gui" "$out"
+
+        # Do not force the copy if the file exists in the sources (this
+        # happens for developpers)
+        test -e "$out/chrome/content/jquery-1.5.2.js" ||
+          cp -f "$jquery" "$out/chrome/content/jquery-1.5.2.js"
+      '';
+      gui = pkgs.lib.cleanSource "${modulesPath}/../gui";
+      jquery = pkgs.fetchurl {
+        url = http://code.jquery.com/jquery-1.5.2.min.js;
+        sha256 = "8f0a19ee8c606b35a10904951e0a27da1896eafe33c6e88cb7bcbe455f05a24a";
+      };
+    };
+  };
+  */
+
+in
+
+{
+  /*
+  options = {
+
+    installer.enableGraphicalTools = pkgs.lib.mkOption {
+      default = false;
+      type = with pkgs.lib.types; bool;
+      example = true;
+      description = ''
+        Enable the installation of graphical tools.
+      '';
+    };
+
+  };
+  */
+
+  config = {
+    environment.systemPackages =
+      [ nixos-build-vms
+        nixos-install
+        nixos-rebuild
+        nixos-generate-config
+        nixos-option
+        nixos-version
+      ];
+
+    system.build = {
+      inherit nixos-install nixos-generate-config nixos-option nixos-rebuild;
+    };
+  };
+}
diff --git a/nixos/modules/installer/virtualbox-demo.nix b/nixos/modules/installer/virtualbox-demo.nix
new file mode 100644
index 000000000000..76cc29a1facd
--- /dev/null
+++ b/nixos/modules/installer/virtualbox-demo.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  imports =
+    [ ../virtualisation/virtualbox-image.nix
+      ../installer/cd-dvd/channel.nix
+      ../profiles/demo.nix
+      ../profiles/clone-config.nix
+    ];
+
+  # Allow mounting of shared folders.
+  users.extraUsers.demo.extraGroups = [ "vboxsf" ];
+
+  # Add some more video drivers to give X11 a shot at working in
+  # VMware and QEMU.
+  services.xserver.videoDrivers = mkOverride 40 [ "virtualbox" "vmware" "cirrus" "vesa" ];
+}
diff --git a/nixos/modules/misc/assertions.nix b/nixos/modules/misc/assertions.nix
new file mode 100644
index 000000000000..5fb88308b776
--- /dev/null
+++ b/nixos/modules/misc/assertions.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  failed = map (x: x.message) (filter (x: !x.assertion) config.assertions);
+
+  showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
+
+in
+
+{
+
+  options = {
+
+    assertions = mkOption {
+      type = types.listOf types.unspecified;
+      internal = true;
+      default = [];
+      example = [ { assertion = false; message = "you can't enable this for that reason"; } ];
+      description = ''
+        This option allows modules to express conditions that must
+        hold for the evaluation of the system configuration to
+        succeed, along with associated error messages for the user.
+      '';
+    };
+
+    warnings = mkOption {
+      internal = true;
+      default = [];
+      type = types.listOf types.string;
+      example = [ "The `foo' service is deprecated and will go away soon!" ];
+      description = ''
+        This option allows modules to show warnings to users during
+        the evaluation of the system configuration.
+      '';
+    };
+
+  };
+
+  config = {
+
+    # This option is evaluated always. Thus the assertions are checked
+    # as well. Hacky!
+    environment.systemPackages = showWarnings (
+      if [] == failed then []
+      else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}");
+
+  };
+
+}
diff --git a/nixos/modules/misc/check-config.nix b/nixos/modules/misc/check-config.nix
new file mode 100644
index 000000000000..f759c88d3a1f
--- /dev/null
+++ b/nixos/modules/misc/check-config.nix
@@ -0,0 +1,15 @@
+{ pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    environment.checkConfigurationOptions = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to check the validity of the entire configuration.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/misc/crashdump.nix b/nixos/modules/misc/crashdump.nix
new file mode 100644
index 000000000000..6e71baa9a431
--- /dev/null
+++ b/nixos/modules/misc/crashdump.nix
@@ -0,0 +1,78 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+  crashdump = config.boot.crashDump;
+
+  kernelParams = concatStringsSep " " crashdump.kernelParams;
+
+in
+###### interface
+{
+  options = {
+    boot = {
+      crashDump = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            If enabled, NixOS will set up a kernel that will
+            boot on crash, and leave the user to a stage1 debug1devices
+            interactive shell to be able to save the crashed kernel dump.
+            It also activates the NMI watchdog.
+          '';
+        };
+        kernelPackages = mkOption {
+          default = pkgs.linuxPackages;
+          # We don't want to evaluate all of linuxPackages for the manual
+          # - some of it might not even evaluate correctly.
+          defaultText = "pkgs.linuxPackages";
+          example = "pkgs.linuxPackages_2_6_25";
+          description = ''
+            This will override the boot.kernelPackages, and will add some
+            kernel configuration parameters for the crash dump to work.
+          '';
+        };
+        kernelParams = mkOption {
+          type = types.listOf types.str;
+          default = [ "debug1devices" ];
+          description = ''
+            Parameters that will be passed to the kernel kexec-ed on crash.
+          '';
+        };
+      };
+    };
+  };
+
+###### implementation
+
+  config = mkIf crashdump.enable {
+    boot = {
+      postBootCommands = ''
+        ${pkgs.kexectools}/sbin/kexec -p /run/current-system/kernel \
+        --initrd=/run/current-system/initrd \
+        --append="init=$(readlink -f /run/current-system/init) system=$(readlink -f /run/current-system) irqpoll maxcpus=1 reset_devices ${kernelParams}" --reset-vga --console-vga
+      '';
+      kernelParams = [
+       "crashkernel=64M"
+       "nmi_watchdog=panic"
+       "softlockup_panic=1"
+       "idle=poll"
+      ];
+      kernelPackages = mkOverride 50 (crashdump.kernelPackages // {
+        kernel = crashdump.kernelPackages.kernel.override 
+          (attrs: {
+            extraConfig = (optionalString (attrs ? extraConfig) attrs.extraConfig) +
+              ''
+                CRASH_DUMP y
+                DEBUG_INFO y
+                PROC_VMCORE y
+                LOCKUP_DETECTOR y
+                HARDLOCKUP_DETECTOR y
+              '';
+          });
+      });
+    };
+  };
+}
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
new file mode 100644
index 000000000000..e3edc9dda6b6
--- /dev/null
+++ b/nixos/modules/misc/ids.nix
@@ -0,0 +1,206 @@
+# This module defines the global list of uids and gids.  We keep a
+# central list to prevent id collisions.
+
+{ config, pkgs, ... }:
+
+{
+  options = {
+
+    ids.uids = pkgs.lib.mkOption {
+      internal = true;
+      description = ''
+        The user IDs used in NixOS.
+      '';
+    };
+
+    ids.gids = pkgs.lib.mkOption {
+      internal = true;
+      description = ''
+        The group IDs used in NixOS.
+      '';
+    };
+
+  };
+
+
+  config = {
+
+    ids.uids = {
+      root = 0;
+      nscd = 1;
+      sshd = 2;
+      ntp = 3;
+      messagebus = 4; # D-Bus
+      haldaemon = 5;
+      nagios = 6;
+      vsftpd = 7;
+      ftp = 8;
+      bitlbee = 9;
+      avahi = 10;
+      atd = 12;
+      zabbix = 13;
+      postfix = 14;
+      dovecot = 15;
+      tomcat = 16;
+      pulseaudio = 22; # must match `pulseaudio' GID
+      gpsd = 23;
+      polkituser = 28;
+      uptimed = 29;
+      ddclient = 30;
+      davfs2 = 31;
+      privoxy = 32;
+      osgi = 34;
+      tor = 35;
+      cups = 36;
+      foldingAtHome = 37;
+      sabnzbd = 38;
+      kdm = 39;
+      ghostOne = 40;
+      git = 41;
+      fourStore = 42;
+      fourStoreEndpoint = 43;
+      virtuoso = 44;
+      rtkit = 45;
+      dovecot2 = 46;
+      dovenull2 = 47;
+      unbound = 48;
+      prayer = 49;
+      mpd = 50;
+      clamav = 51;
+      fprot = 52;
+      bind = 53;
+      wwwrun = 54;
+      spamd = 56;
+      nslcd = 58;
+      nginx = 60;
+      chrony = 61;
+      smtpd = 63;
+      smtpq = 64;
+      supybot = 65;
+      iodined = 66;
+      graphite = 68;
+      statsd = 69;
+      transmission = 70;
+      postgres = 71;
+      smbguest = 74;
+      varnish = 75;
+      dd-agent = 76;
+      lighttpd = 77;
+      lightdm = 78;
+      freenet = 79;
+      ircd = 80;
+      bacula = 81;
+      almir = 82;
+      deluge = 83;
+      mysql = 84;
+      rabbitmq = 85;
+      activemq = 86;
+      gnunet = 87;
+      oidentd = 88;
+      quassel = 89;
+      amule = 90;
+      minidlna = 91;
+      elasticsearch = 92;
+      tcpcryptd = 93; # tcpcryptd uses a hard-coded uid. We patch it in Nixpkgs to match this choice.
+      zope2 = 94;
+      firebird = 95;
+      redis = 96;
+      haproxy = 97;
+
+      # When adding a uid, make sure it doesn't match an existing gid.
+
+      nixbld = 30000; # start of range of uids
+      nobody = 65534;
+    };
+
+    ids.gids = {
+      root = 0;
+      wheel = 1;
+      kmem = 2;
+      tty = 3;
+      messagebus = 4; # D-Bus
+      haldaemon = 5;
+      disk = 6;
+      vsftpd = 7;
+      ftp = 8;
+      bitlbee = 9;
+      avahi = 10;
+      atd = 12;
+      postfix = 13;
+      postdrop = 14;
+      dovecot = 15;
+      audio = 17;
+      floppy = 18;
+      uucp = 19;
+      lp = 20;
+      tomcat = 21;
+      pulseaudio = 22; # must match `pulseaudio' UID
+      gpsd = 23;
+      cdrom = 24;
+      tape = 25;
+      video = 26;
+      dialout = 27;
+      polkituser = 28;
+      utmp = 29;
+      davfs2 = 31;
+      privoxy = 32;
+      disnix = 33;
+      osgi = 34;
+      ghostOne = 40;
+      git = 41;
+      fourStore = 42;
+      fourStoreEndpoint = 43;
+      virtuoso = 44;
+      dovecot2 = 46;
+      prayer = 49;
+      mpd = 50;
+      clamav = 51;
+      fprot = 52;
+      wwwrun = 54;
+      adm = 55;
+      spamd = 56;
+      networkmanager = 57;
+      nslcd = 58;
+      scanner = 59;
+      nginx = 60;
+      systemd-journal = 62;
+      smtpd = 63;
+      smtpq = 64;
+      supybot = 65;
+      iodined = 66;
+      libvirtd = 67;
+      graphite = 68;
+      transmission = 70;
+      postgres = 71;
+      vboxusers = 72;
+      vboxsf = 73;
+      smbguest = 74;
+      varnish = 75;
+      dd-agent = 76;
+      lighttpd = 77;
+      lightdm = 78;
+      freenet = 79;
+      ircd = 80;
+      bacula = 81;
+      almir = 82;
+      deluge = 83;
+      mysql = 84;
+      rabbitmq = 85;
+      activemq = 86;
+      gnunet = 87;
+      oidentd = 88;
+      quassel = 89;
+      amule = 90;
+      minidlna = 91;
+      haproxy = 92;
+
+      # When adding a gid, make sure it doesn't match an existing uid.
+
+      users = 100;
+      nixbld = 30000;
+      nogroup = 65534;
+    };
+
+  };
+
+}
diff --git a/nixos/modules/misc/lib.nix b/nixos/modules/misc/lib.nix
new file mode 100644
index 000000000000..18fc68a69883
--- /dev/null
+++ b/nixos/modules/misc/lib.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+  options = {
+    lib = pkgs.lib.mkOption {
+      default = {};
+
+      type = pkgs.lib.types.attrsOf pkgs.lib.types.attrs;
+
+      description = ''
+        This option allows modules to define helper functions, constants, etc.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix
new file mode 100644
index 000000000000..b6408be5844f
--- /dev/null
+++ b/nixos/modules/misc/locate.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  locatedb = "/var/cache/locatedb";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.locate = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          If enabled, NixOS will periodically update the database of
+          files used by the <command>locate</command> command.
+        '';
+      };
+
+      period = mkOption {
+        type = types.str;
+        default = "15 02 * * *";
+        description = ''
+          This option defines (in the format used by cron) when the
+          locate database is updated.
+          The default is to update at 02:15 at night every day.
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = {
+
+    systemd.services.update-locatedb =
+      { description = "Update Locate Database";
+        path  = [ pkgs.su ];
+        script =
+          ''
+            mkdir -m 0755 -p $(dirname ${locatedb})
+            exec updatedb --localuser=nobody --output=${locatedb} --prunepaths='/tmp /var/tmp /media /run'
+          '';
+        serviceConfig.Nice = 19;
+        serviceConfig.IOSchedulingClass = "idle";
+      };
+
+    services.cron.systemCronJobs = optional config.services.locate.enable
+      "${config.services.locate.period} root ${config.systemd.package}/bin/systemctl start update-locatedb.service";
+
+  };
+
+}
diff --git a/nixos/modules/misc/nixpkgs.nix b/nixos/modules/misc/nixpkgs.nix
new file mode 100644
index 000000000000..7433fab168e2
--- /dev/null
+++ b/nixos/modules/misc/nixpkgs.nix
@@ -0,0 +1,77 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  isConfig = x:
+    builtins.isAttrs x || builtins.isFunction x;
+
+  optCall = f: x:
+    if builtins.isFunction f
+    then f x
+    else f;
+
+  mergeConfig = lhs_: rhs_:
+    let
+      lhs = optCall lhs_ { inherit pkgs; };
+      rhs = optCall rhs_ { inherit pkgs; };
+    in
+    lhs // rhs //
+    optionalAttrs (lhs ? packageOverrides) {
+      packageOverrides = pkgs:
+        optCall lhs.packageOverrides pkgs //
+        optCall (attrByPath ["packageOverrides"] ({}) rhs) pkgs;
+    };
+
+  configType = mkOptionType {
+    name = "nixpkgs config";
+    check = traceValIfNot isConfig;
+    merge = args: fold (def: mergeConfig def.value) {};
+  };
+
+in
+
+{
+  options = {
+
+    nixpkgs.config = mkOption {
+      default = {};
+      example = literalExample
+        ''
+          { firefox.enableGeckoMediaPlayer = true;
+            packageOverrides = pkgs: {
+              firefox60Pkgs = pkgs.firefox60Pkgs.override {
+                enableOfficialBranding = true;
+              };
+            };
+          }
+        '';
+      type = configType;
+      description = ''
+        The configuration of the Nix Packages collection.  (For
+        details, see the Nixpkgs documentation.)  It allows you to set
+        package configuration options, and to override packages
+        globally through the <varname>packageOverrides</varname>
+        option.  The latter is a function that takes as an argument
+        the <emphasis>original</emphasis> Nixpkgs, and must evaluate
+        to a set of new or overridden packages.
+      '';
+    };
+
+    nixpkgs.system = mkOption {
+      type = types.str;
+      description = ''
+        Specifies the Nix platform type for which NixOS should be built.
+        If unset, it defaults to the platform type of your host system
+        (<literal>${builtins.currentSystem}</literal>).
+        Specifying this option is useful when doing distributed
+        multi-platform deployment, or when building virtual machines.
+      '';
+    };
+
+  };
+
+  config = {
+    nixpkgs.system = mkDefault pkgs.stdenv.system;
+  };
+}
diff --git a/nixos/modules/misc/passthru.nix b/nixos/modules/misc/passthru.nix
new file mode 100644
index 000000000000..b65f20d62f2d
--- /dev/null
+++ b/nixos/modules/misc/passthru.nix
@@ -0,0 +1,16 @@
+# This module allows you to export something from configuration
+# Use case: export kernel source expression for ease of configuring
+
+{ config, pkgs, ... }:
+
+{
+  options = {
+    passthru = pkgs.lib.mkOption {
+      visible = false;
+      description = ''
+        This attribute set will be exported as a system attribute.
+        You can put whatever you want here.
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix
new file mode 100644
index 000000000000..2fa95563e9ab
--- /dev/null
+++ b/nixos/modules/misc/version.nix
@@ -0,0 +1,73 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    system.nixosVersion = mkOption {
+      internal = true;
+      type = types.str;
+      description = "NixOS version.";
+    };
+
+    system.nixosVersionSuffix = mkOption {
+      internal = true;
+      type = types.str;
+      description = "NixOS version suffix.";
+    };
+
+    system.nixosRevision = mkOption {
+      internal = true;
+      type = types.str;
+      description = "NixOS Git revision hash.";
+    };
+
+    system.nixosCodeName = mkOption {
+      internal = true;
+      type = types.str;
+      description = "NixOS release code name.";
+    };
+
+    system.defaultChannel = mkOption {
+      internal = true;
+      type = types.str;
+      default = https://nixos.org/channels/nixos-unstable;
+      description = "Default NixOS channel to which the root user is subscribed.";
+    };
+
+  };
+
+  config = {
+
+    system.nixosVersion =
+      mkDefault (readFile "${toString pkgs.path}/.version" + config.system.nixosVersionSuffix);
+
+    system.nixosVersionSuffix =
+      let suffixFile = "${toString pkgs.path}/.version-suffix"; in
+      mkDefault (if pathExists suffixFile then readFile suffixFile else "pre-git");
+
+    system.nixosRevision =
+      let fn = "${toString pkgs.path}/.git-revision"; in
+      mkDefault (if pathExists fn then readFile fn else "master");
+
+    # Note: code names must only increase in alphabetical order.
+    system.nixosCodeName = "Aardvark";
+
+    # Generate /etc/os-release.  See
+    # http://0pointer.de/public/systemd-man/os-release.html for the
+    # format.
+    environment.etc."os-release".text =
+      ''
+        NAME=NixOS
+        ID=nixos
+        VERSION="${config.system.nixosVersion} (${config.system.nixosCodeName})"
+        VERSION_ID="${config.system.nixosVersion}"
+        PRETTY_NAME="NixOS ${config.system.nixosVersion} (${config.system.nixosCodeName})"
+        HOME_URL="http://nixos.org/"
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
new file mode 100644
index 000000000000..8b76e1f21cba
--- /dev/null
+++ b/nixos/modules/module-list.nix
@@ -0,0 +1,282 @@
+[
+  ./config/fonts/corefonts.nix
+  ./config/fonts/fontconfig.nix
+  ./config/fonts/fontdir.nix
+  ./config/fonts/fonts.nix
+  ./config/fonts/ghostscript.nix
+  ./config/gnu.nix
+  ./config/i18n.nix
+  ./config/krb5.nix
+  ./config/ldap.nix
+  ./config/networking.nix
+  ./config/no-x-libs.nix
+  ./config/nsswitch.nix
+  ./config/power-management.nix
+  ./config/pulseaudio.nix
+  ./config/shells-environment.nix
+  ./config/swap.nix
+  ./config/sysctl.nix
+  ./config/system-path.nix
+  ./config/timezone.nix
+  ./config/unix-odbc-drivers.nix
+  ./config/users-groups.nix
+  ./hardware/all-firmware.nix
+  ./hardware/cpu/intel-microcode.nix
+  ./hardware/cpu/amd-microcode.nix
+  ./hardware/network/b43.nix
+  ./hardware/network/intel-2100bg.nix
+  ./hardware/network/intel-2200bg.nix
+  ./hardware/network/intel-3945abg.nix
+  ./hardware/network/ralink.nix
+  ./hardware/network/rtl8192c.nix
+  ./hardware/pcmcia.nix
+  ./installer/tools/nixos-checkout.nix
+  ./installer/tools/tools.nix
+  ./misc/assertions.nix
+  ./misc/check-config.nix
+  ./misc/crashdump.nix
+  ./misc/ids.nix
+  ./misc/lib.nix
+  ./misc/locate.nix
+  ./misc/nixpkgs.nix
+  ./misc/passthru.nix
+  ./misc/version.nix
+  ./programs/atop.nix
+  ./programs/bash/bash.nix
+  ./programs/bash/command-not-found.nix
+  ./programs/blcr.nix
+  ./programs/environment.nix
+  ./programs/gurobi.nix
+  ./programs/info.nix
+  ./programs/shadow.nix
+  ./programs/shell.nix
+  ./programs/ssh.nix
+  ./programs/ssmtp.nix
+  ./programs/venus.nix
+  ./programs/wvdial.nix
+  ./programs/zsh/zsh.nix
+  ./rename.nix
+  ./security/apparmor.nix
+  ./security/apparmor-suid.nix
+  ./security/ca.nix
+  ./security/pam.nix
+  ./security/pam_usb.nix
+  ./security/polkit.nix
+  ./security/prey.nix
+  ./security/rngd.nix
+  ./security/rtkit.nix
+  ./security/setuid-wrappers.nix
+  ./security/sudo.nix
+  ./services/amqp/activemq/default.nix
+  ./services/amqp/rabbitmq.nix
+  ./services/audio/alsa.nix
+  ./services/audio/fuppes.nix
+  ./services/audio/mpd.nix
+  ./services/backup/almir.nix
+  ./services/backup/bacula.nix
+  ./services/backup/mysql-backup.nix
+  ./services/backup/postgresql-backup.nix
+  ./services/backup/sitecopy-backup.nix
+  ./services/backup/rsnapshot.nix
+  ./services/databases/4store-endpoint.nix
+  ./services/databases/4store.nix
+  ./services/databases/firebird.nix
+  ./services/databases/memcached.nix
+  ./services/databases/mongodb.nix
+  ./services/databases/redis.nix
+  ./services/databases/mysql.nix
+  ./services/databases/mysql55.nix
+  ./services/databases/openldap.nix
+  ./services/databases/postgresql.nix
+  ./services/databases/virtuoso.nix
+  ./services/games/ghost-one.nix
+  ./services/hardware/acpid.nix
+  ./services/hardware/bluetooth.nix
+  ./services/hardware/nvidia-optimus.nix
+  ./services/hardware/pcscd.nix
+  ./services/hardware/pommed.nix
+  ./services/hardware/sane.nix
+  ./services/hardware/udev.nix
+  ./services/hardware/udisks.nix
+  ./services/hardware/udisks2.nix
+  ./services/hardware/upower.nix
+  ./services/hardware/thinkfan.nix
+  ./services/logging/klogd.nix
+  ./services/logging/logcheck.nix
+  ./services/logging/logrotate.nix
+  ./services/logging/logstash.nix
+  ./services/logging/syslogd.nix
+  ./services/logging/rsyslogd.nix
+  ./services/mail/dovecot.nix
+  ./services/mail/freepops.nix
+  ./services/mail/mail.nix
+  ./services/mail/opensmtpd.nix
+  ./services/mail/postfix.nix
+  ./services/mail/spamassassin.nix
+  ./services/misc/autofs.nix
+  ./services/misc/cgminer.nix
+  ./services/misc/disnix.nix
+  ./services/misc/felix.nix
+  ./services/misc/folding-at-home.nix
+  ./services/misc/gpsd.nix
+  ./services/misc/gurobi.nix
+  ./services/misc/nix-daemon.nix
+  ./services/misc/nix-gc.nix
+  ./services/misc/nixos-manual.nix
+  ./services/misc/rogue.nix
+  ./services/misc/svnserve.nix
+  ./services/misc/synergy.nix
+  ./services/monitoring/apcupsd.nix
+  ./services/monitoring/dd-agent.nix
+  ./services/monitoring/graphite.nix
+  ./services/monitoring/monit.nix
+  ./services/monitoring/munin.nix
+  ./services/monitoring/nagios/default.nix
+  ./services/monitoring/smartd.nix
+  ./services/monitoring/statsd.nix
+  ./services/monitoring/systemhealth.nix
+  ./services/monitoring/ups.nix
+  ./services/monitoring/uptime.nix
+  ./services/monitoring/zabbix-agent.nix
+  ./services/monitoring/zabbix-server.nix
+  ./services/network-filesystems/drbd.nix
+  ./services/network-filesystems/nfsd.nix
+  ./services/network-filesystems/openafs-client/default.nix
+  ./services/network-filesystems/samba.nix
+  ./services/networking/amuled.nix
+  ./services/networking/avahi-daemon.nix
+  ./services/networking/bind.nix
+  ./services/networking/bitlbee.nix
+  ./services/networking/cntlm.nix
+  ./services/networking/chrony.nix
+  ./services/networking/ddclient.nix
+  ./services/networking/dhcpcd.nix
+  ./services/networking/dhcpd.nix
+  ./services/networking/dnsmasq.nix
+  ./services/networking/ejabberd.nix
+  ./services/networking/firewall.nix
+  ./services/networking/haproxy.nix
+  ./services/networking/tcpcrypt.nix
+  ./services/networking/flashpolicyd.nix
+  ./services/networking/freenet.nix
+  ./services/networking/git-daemon.nix
+  ./services/networking/gnunet.nix
+  ./services/networking/gogoclient.nix
+  ./services/networking/gvpe.nix
+  ./services/networking/hostapd.nix
+  ./services/networking/ifplugd.nix
+  ./services/networking/iodined.nix
+  ./services/networking/ircd-hybrid/default.nix
+  ./services/networking/minidlna.nix
+  ./services/networking/nat.nix
+  ./services/networking/networkmanager.nix
+  ./services/networking/ntpd.nix
+  ./services/networking/oidentd.nix
+  ./services/networking/openfire.nix
+  ./services/networking/openvpn.nix
+  ./services/networking/prayer.nix
+  ./services/networking/privoxy.nix
+  ./services/networking/quassel.nix
+  ./services/networking/radvd.nix
+  ./services/networking/rdnssd.nix
+  ./services/networking/rpcbind.nix
+  ./services/networking/sabnzbd.nix
+  ./services/networking/supybot.nix
+  ./services/networking/ssh/lshd.nix
+  ./services/networking/ssh/sshd.nix
+  ./services/networking/tftpd.nix
+  ./services/networking/unbound.nix
+  ./services/networking/vsftpd.nix
+  ./services/networking/wakeonlan.nix
+  ./services/networking/websockify.nix
+  ./services/networking/wicd.nix
+  ./services/networking/wpa_supplicant.nix
+  ./services/networking/xinetd.nix
+  ./services/printing/cupsd.nix
+  ./services/scheduling/atd.nix
+  ./services/scheduling/cron.nix
+  ./services/scheduling/fcron.nix
+  ./services/search/elasticsearch.nix
+  ./services/security/clamav.nix
+  ./services/security/fprot.nix
+  ./services/security/frandom.nix
+  ./services/security/tor.nix
+  ./services/security/torify.nix
+  ./services/security/torsocks.nix
+  ./services/system/dbus.nix
+  ./services/system/kerberos.nix
+  ./services/system/nscd.nix
+  ./services/system/uptimed.nix
+  ./services/torrent/deluge.nix
+  ./services/torrent/transmission.nix
+  ./services/ttys/gpm.nix
+  ./services/ttys/agetty.nix
+  ./services/web-servers/apache-httpd/default.nix
+  ./services/web-servers/jboss/default.nix
+  ./services/web-servers/lighttpd/default.nix
+  ./services/web-servers/lighttpd/cgit.nix
+  ./services/web-servers/lighttpd/gitweb.nix
+  ./services/web-servers/nginx/default.nix
+  ./services/web-servers/tomcat.nix
+  ./services/web-servers/varnish/default.nix
+  ./services/web-servers/zope2.nix
+  ./services/x11/desktop-managers/default.nix
+  ./services/x11/display-managers/auto.nix
+  ./services/x11/display-managers/default.nix
+  ./services/x11/display-managers/kdm.nix
+  ./services/x11/display-managers/slim.nix
+  ./services/x11/display-managers/lightdm.nix
+  ./services/x11/hardware/multitouch.nix
+  ./services/x11/hardware/synaptics.nix
+  ./services/x11/hardware/wacom.nix
+  ./services/x11/window-managers/awesome.nix
+  #./services/x11/window-managers/compiz.nix
+  ./services/x11/window-managers/default.nix
+  ./services/x11/window-managers/icewm.nix
+  ./services/x11/window-managers/metacity.nix
+  ./services/x11/window-managers/none.nix
+  ./services/x11/window-managers/twm.nix
+  ./services/x11/window-managers/wmii.nix
+  ./services/x11/window-managers/xmonad.nix
+  ./services/x11/redshift.nix
+  ./services/x11/xfs.nix
+  ./services/x11/xserver.nix
+  ./system/activation/activation-script.nix
+  ./system/activation/top-level.nix
+  ./system/boot/kernel.nix
+  ./system/boot/kexec.nix
+  ./system/boot/loader/efi.nix
+  ./system/boot/loader/generations-dir/generations-dir.nix
+  ./system/boot/loader/gummiboot/gummiboot.nix
+  ./system/boot/loader/raspberrypi/raspberrypi.nix
+  ./system/boot/loader/grub/grub.nix
+  ./system/boot/loader/grub/memtest.nix
+  ./system/boot/loader/init-script/init-script.nix
+  ./system/boot/luksroot.nix
+  ./system/boot/modprobe.nix
+  ./system/boot/shutdown.nix
+  ./system/boot/stage-1.nix
+  ./system/boot/stage-2.nix
+  ./system/boot/systemd.nix
+  ./system/etc/etc.nix
+  ./system/upstart/upstart.nix
+  ./tasks/cpu-freq.nix
+  ./tasks/filesystems.nix
+  ./tasks/filesystems/btrfs.nix
+  ./tasks/filesystems/ext.nix
+  ./tasks/filesystems/nfs.nix
+  ./tasks/filesystems/reiserfs.nix
+  ./tasks/filesystems/unionfs-fuse.nix
+  ./tasks/filesystems/vfat.nix
+  ./tasks/filesystems/xfs.nix
+  ./tasks/filesystems/zfs.nix
+  ./tasks/kbd.nix
+  ./tasks/lvm.nix
+  ./tasks/network-interfaces.nix
+  ./tasks/scsi-link-power-management.nix
+  ./tasks/swraid.nix
+  ./virtualisation/libvirtd.nix
+  #./virtualisation/nova.nix
+  ./virtualisation/virtualbox-guest.nix
+  ./virtualisation/xen-dom0.nix
+]
diff --git a/nixos/modules/profiles/all-hardware.nix b/nixos/modules/profiles/all-hardware.nix
new file mode 100644
index 000000000000..511c118e2bf5
--- /dev/null
+++ b/nixos/modules/profiles/all-hardware.nix
@@ -0,0 +1,55 @@
+# This module enables all hardware supported by NixOS: i.e., all
+# firmware is included, and all devices from which one may boot are
+# enabled in the initrd.  Its primary use is in the NixOS installation
+# CDs.
+
+{ config, pkgs, ... }:
+
+{
+
+  # The initrd has to contain any module that might be necessary for
+  # mounting the CD/DVD.
+  boot.initrd.availableKernelModules =
+    [ # SATA/PATA support.
+      "ahci"
+
+      "ata_piix"
+
+      "sata_inic162x" "sata_nv" "sata_promise" "sata_qstor"
+      "sata_sil" "sata_sil24" "sata_sis" "sata_svw" "sata_sx4"
+      "sata_uli" "sata_via" "sata_vsc"
+
+      "pata_ali" "pata_amd" "pata_artop" "pata_atiixp"
+      "pata_cs5520" "pata_cs5530" "pata_cs5535" "pata_efar"
+      "pata_hpt366" "pata_hpt37x" "pata_hpt3x2n" "pata_hpt3x3"
+      "pata_it8213" "pata_it821x" "pata_jmicron" "pata_marvell"
+      "pata_mpiix" "pata_netcell" "pata_ns87410" "pata_oldpiix"
+      "pata_pcmcia" "pata_pdc2027x" "pata_qdi" "pata_rz1000"
+      "pata_sc1200" "pata_serverworks" "pata_sil680" "pata_sis"
+      "pata_sl82c105" "pata_triflex" "pata_via"
+      "pata_winbond"
+
+      # SCSI support (incomplete).
+      "3w-9xxx" "3w-xxxx" "aic79xx" "aic7xxx" "arcmsr"
+
+      # USB support, especially for booting from USB CD-ROM
+      # drives.
+      "usb_storage"
+
+      # Firewire support.  Not tested.
+      "ohci1394" "sbp2"
+
+      # Virtio (QEMU, KVM etc.) support.
+      "virtio_net" "virtio_pci" "virtio_blk" "virtio_balloon" "virtio_console"
+
+      # Keyboards
+      "hid_apple"
+    ];
+
+  # Include lots of firmware.
+  hardware.enableAllFirmware = true;
+
+  imports =
+    [ ../hardware/network/zydas-zd1211.nix ];
+
+}
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
new file mode 100644
index 000000000000..20b808c29e08
--- /dev/null
+++ b/nixos/modules/profiles/base.nix
@@ -0,0 +1,55 @@
+# This module defines the software packages included in the "minimal"
+# installation CD.  It might be useful elsewhere.
+
+{ config, pkgs, ... }:
+
+{
+  # Include some utilities that are useful for installing or repairing
+  # the system.
+  environment.systemPackages = [
+    pkgs.subversion # for nixos-checkout
+    pkgs.w3m # needed for the manual anyway
+    pkgs.testdisk # useful for repairing boot problems
+    pkgs.mssys # for writing Microsoft boot sectors / MBRs
+    pkgs.parted
+    pkgs.gptfdisk
+    pkgs.ddrescue
+    pkgs.ccrypt
+    pkgs.cryptsetup # needed for dm-crypt volumes
+
+    # Some networking tools.
+    pkgs.fuse
+    pkgs.sshfsFuse
+    pkgs.socat
+    pkgs.screen
+
+    # Hardware-related tools.
+    pkgs.sdparm
+    pkgs.hdparm
+    pkgs.dmraid
+    pkgs.smartmontools # for diagnosing hard disks
+
+    # Tools to create / manipulate filesystems.
+    pkgs.ntfsprogs # for resizing NTFS partitions
+    pkgs.dosfstools
+    pkgs.xfsprogs
+    pkgs.jfsutils
+    #pkgs.jfsrec # disabled because of Boost dependency
+
+    # Some compression/archiver tools.
+    pkgs.unrar
+    pkgs.unzip
+    pkgs.zip
+    pkgs.dar # disk archiver
+    pkgs.cabextract
+
+    # Some editors.
+    pkgs.vim
+    pkgs.bvi # binary editor
+    pkgs.joe
+  ];
+
+  # Include support for various filesystems.
+  boot.supportedFilesystems = [ "btrfs" "reiserfs" "vfat" ];
+
+}
diff --git a/nixos/modules/profiles/clone-config.nix b/nixos/modules/profiles/clone-config.nix
new file mode 100644
index 000000000000..04ee76d8d3e9
--- /dev/null
+++ b/nixos/modules/profiles/clone-config.nix
@@ -0,0 +1,101 @@
+{ config, pkgs, modules, ... }:
+
+with pkgs.lib;
+
+let
+
+  # Location of the repository on the harddrive
+  nixosPath = toString ../..;
+
+  # Check if the path is from the NixOS repository
+  isNixOSFile = path:
+    let s = toString path; in
+      removePrefix nixosPath s != s;
+
+  # Copy modules given as extra configuration files.  Unfortunately, we
+  # cannot serialized attribute set given in the list of modules (that's why
+  # you should use files).
+  moduleFiles =
+    # FIXME: use typeOf (Nix 1.6.1).
+    filter (x: !isAttrs x && !builtins.isFunction x) modules;
+
+  # Partition module files because between NixOS and non-NixOS files.  NixOS
+  # files may change if the repository is updated.
+  partitionedModuleFiles =
+    let p = partition isNixOSFile moduleFiles; in
+    { nixos = p.right; others = p.wrong; };
+
+  # Path transformed to be valid on the installation device.  Thus the
+  # device configuration could be rebuild.
+  relocatedModuleFiles =
+    let
+      relocateNixOS = path:
+        "<nixos" + removePrefix nixosPath (toString path) + ">";
+      relocateOthers = null;
+    in
+      { nixos = map relocateNixOS partitionedModuleFiles.nixos;
+        others = []; # TODO: copy the modules to the install-device repository.
+      };
+
+  # A dummy /etc/nixos/configuration.nix in the booted CD that
+  # rebuilds the CD's configuration (and allows the configuration to
+  # be modified, of course, providing a true live CD).  Problem is
+  # that we don't really know how the CD was built - the Nix
+  # expression language doesn't allow us to query the expression being
+  # evaluated.  So we'll just hope for the best.
+  configClone = pkgs.writeText "configuration.nix"
+    ''
+      { config, pkgs, ... }:
+
+      {
+        imports = [ ${toString config.installer.cloneConfigIncludes} ];
+      }
+    '';
+
+in
+
+{
+
+  options = {
+
+    installer.cloneConfig = mkOption {
+      default = true;
+      description = ''
+        Try to clone the installation-device configuration by re-using it's
+        profile from the list of imported modules.
+      '';
+    };
+
+    installer.cloneConfigIncludes = mkOption {
+      default = [];
+      example = [ "./nixos/modules/hardware/network/rt73.nix" ];
+      description = ''
+        List of modules used to re-build this installation device profile.
+      '';
+    };
+
+  };
+
+  config = {
+
+    installer.cloneConfigIncludes =
+      relocatedModuleFiles.nixos ++ relocatedModuleFiles.others;
+
+    boot.postBootCommands =
+      ''
+        # Provide a mount point for nixos-install.
+        mkdir -p /mnt
+
+        ${optionalString config.installer.cloneConfig ''
+          # Provide a configuration for the CD/DVD itself, to allow users
+          # to run nixos-rebuild to change the configuration of the
+          # running system on the CD/DVD.
+          if ! [ -e /etc/nixos/configuration.nix ]; then
+            cp ${configClone} /etc/nixos/configuration.nix
+          fi
+       ''}
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/profiles/demo.nix b/nixos/modules/profiles/demo.nix
new file mode 100644
index 000000000000..396dcf6c5d3b
--- /dev/null
+++ b/nixos/modules/profiles/demo.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [ ./graphical.nix ];
+
+  users.extraUsers.demo =
+    { description = "Demo user account";
+      group = "users";
+      extraGroups = [ "wheel" ];
+      home = "/home/demo";
+      createHome = true;
+      useDefaultShell = true;
+      password = "demo";
+      isSystemUser = false;
+    };
+}
diff --git a/nixos/modules/profiles/graphical.nix b/nixos/modules/profiles/graphical.nix
new file mode 100644
index 000000000000..75ac5e41f83e
--- /dev/null
+++ b/nixos/modules/profiles/graphical.nix
@@ -0,0 +1,14 @@
+# This module defines a NixOS configuration that contains X11 and
+# KDE 4.  It's used by the graphical installation CD.
+
+{ config, pkgs, ... }:
+
+{
+  services.xserver = {
+    enable = true;
+    displayManager.kdm.enable = true;
+    desktopManager.kde4.enable = true;
+  };
+
+  environment.systemPackages = [ pkgs.glxinfo ];
+}
diff --git a/nixos/modules/profiles/headless.nix b/nixos/modules/profiles/headless.nix
new file mode 100644
index 000000000000..541c46ca50c2
--- /dev/null
+++ b/nixos/modules/profiles/headless.nix
@@ -0,0 +1,21 @@
+# Common configuration for headless machines (e.g., Amazon EC2
+# instances).
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  sound.enable = false;
+  boot.vesa = false;
+
+  # Don't start a tty on the serial consoles.
+  systemd.services."serial-getty@ttyS0".enable = false;
+  systemd.services."serial-getty@hvc0".enable = false;
+
+  # Since we can't manually respond to a panic, just reboot.
+  boot.kernelParams = [ "panic=1" "boot.panic_on_fail" ];
+
+  # Don't allow emergency mode, because we don't have a console.
+  systemd.enableEmergencyMode = false;
+}
diff --git a/nixos/modules/profiles/installation-device.nix b/nixos/modules/profiles/installation-device.nix
new file mode 100644
index 000000000000..3b058c6e9715
--- /dev/null
+++ b/nixos/modules/profiles/installation-device.nix
@@ -0,0 +1,56 @@
+# Provide a basic configuration for installation devices like CDs.
+{ config, pkgs, modules, ... }:
+
+with pkgs.lib;
+
+{
+  imports =
+    [ # Enable devices which are usually scanned, because we don't know the
+      # target system.
+      ../installer/scan/detected.nix
+      ../installer/scan/not-detected.nix
+
+      # Allow "nixos-rebuild" to work properly by providing
+      # /etc/nixos/configuration.nix.
+      ./clone-config.nix
+    ];
+
+  config = {
+
+    # Show the manual.
+    services.nixosManual.showManual = true;
+
+    # Let the user play Rogue on TTY 8 during the installation.
+    services.rogue.enable = true;
+
+    # Disable some other stuff we don't need.
+    security.sudo.enable = false;
+
+    # Include only the en_US locale.  This saves 75 MiB or so compared to
+    # the full glibcLocales package.
+    i18n.supportedLocales = ["en_US.UTF-8/UTF-8" "en_US/ISO-8859-1"];
+
+    # Some more help text.
+    services.mingetty.helpLine =
+      ''
+
+        Log in as "root" with an empty password.  ${
+          optionalString config.services.xserver.enable
+            "Type `start display-manager' to\nstart the graphical user interface."}
+      '';
+
+    # Allow sshd to be started manually through "start sshd".
+    services.openssh.enable = true;
+    systemd.services.sshd.wantedBy = mkOverride 50 [];
+
+    # Enable wpa_supplicant, but don't start it by default.
+    networking.wireless.enable = true;
+    jobs.wpa_supplicant.startOn = pkgs.lib.mkOverride 50 "";
+
+    # Tell the Nix evaluator to garbage collect more aggressively.
+    # This is desirable in memory-constrained environments that don't
+    # (yet) have swap set up.
+    environment.variables.GC_INITIAL_HEAP_SIZE = "100000";
+
+  };
+}
diff --git a/nixos/modules/profiles/minimal.nix b/nixos/modules/profiles/minimal.nix
new file mode 100644
index 000000000000..821b9f93465a
--- /dev/null
+++ b/nixos/modules/profiles/minimal.nix
@@ -0,0 +1,11 @@
+# This module defines a small NixOS configuration.  It does not
+# contain any graphical stuff.
+
+{ config, pkgs, ... }:
+
+{
+  # Don't include X libraries.
+  programs.ssh.setXAuthLocation = false;
+  fonts.enableFontConfig = false;
+  fonts.enableCoreFonts = false;
+}
diff --git a/nixos/modules/profiles/qemu-guest.nix b/nixos/modules/profiles/qemu-guest.nix
new file mode 100644
index 000000000000..c8e6fd4aa768
--- /dev/null
+++ b/nixos/modules/profiles/qemu-guest.nix
@@ -0,0 +1,9 @@
+# Common configuration for virtual machines running under QEMU (using
+# virtio).
+
+{ config, pkgs, ... }:
+
+{
+  boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_blk" "9p" "9pnet_virtio" ];
+  boot.kernelModules = [ "virtio_balloon" "virtio_console" ];
+}
diff --git a/nixos/modules/programs/atop.nix b/nixos/modules/programs/atop.nix
new file mode 100644
index 000000000000..7fdaab9d67df
--- /dev/null
+++ b/nixos/modules/programs/atop.nix
@@ -0,0 +1,36 @@
+# Global configuration for atop.
+
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let cfg = config.programs.atop;
+
+in
+{
+  ###### interface
+
+  options = {
+
+    programs.atop = {
+
+      settings = mkOption {
+        type = types.attrs;
+        default = {};
+        example = {
+          flags = "a1f";
+          interval = 5;
+        };
+        description = ''
+          Parameters to be written to <filename>/etc/atoprc</filename>
+        '';
+      };
+
+    };
+  };
+
+  config = mkIf (cfg.settings != {}) {
+    environment.etc."atoprc".text =
+      concatStrings (mapAttrsToList (n: v: "${n} ${toString v}\n") cfg.settings);
+  };
+}
diff --git a/nixos/modules/programs/bash/bash.nix b/nixos/modules/programs/bash/bash.nix
new file mode 100644
index 000000000000..9d33e26c4959
--- /dev/null
+++ b/nixos/modules/programs/bash/bash.nix
@@ -0,0 +1,217 @@
+# This module defines global configuration for the Bash shell, in
+# particular /etc/bashrc and /etc/profile.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfge = config.environment;
+
+  cfg = config.programs.bash;
+
+  bashCompletion = optionalString cfg.enableCompletion ''
+    # Check whether we're running a version of Bash that has support for
+    # programmable completion. If we do, enable all modules installed in
+    # the system (and user profile).
+    if shopt -q progcomp &>/dev/null; then
+      . "${pkgs.bashCompletion}/etc/profile.d/bash_completion.sh"
+      nullglobStatus=$(shopt -p nullglob)
+      shopt -s nullglob
+      for p in $NIX_PROFILES; do
+        for m in "$p/etc/bash_completion.d/"* "$p/share/bash-completion/completions/"*; do
+          . $m
+        done
+      done
+      eval "$nullglobStatus"
+      unset nullglobStatus p m
+    fi
+  '';
+
+  bashAliases = concatStringsSep "\n" (
+    mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases
+  );
+
+in
+
+{
+  options = {
+
+    programs.bash = {
+
+      enable = mkOption {
+        default = true;
+        description = ''
+          Whenever to configure Bash as an interactive shell.
+          Note that this tries to make Bash the default
+          <option>users.defaultUserShell</option>,
+          which in turn means that you might need to explicitly
+          set this variable if you have another shell configured
+          with NixOS.
+        '';
+        type = types.bool;
+      };
+
+      shellAliases = mkOption {
+        default = config.environment.shellAliases // { which = "type -P"; };
+        description = ''
+          Set of aliases for bash shell. See <option>environment.shellAliases</option>
+          for an option format description.
+        '';
+        type = types.attrs; # types.attrsOf types.stringOrPath;
+      };
+
+      shellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during bash shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      loginShellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during login bash shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      interactiveShellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during interactive bash shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      promptInit = mkOption {
+        default = ''
+          # Provide a nice prompt.
+          PROMPT_COLOR="1;31m"
+          let $UID && PROMPT_COLOR="1;32m"
+          PS1="\n\[\033[$PROMPT_COLOR\][\u@\h:\w]\\$\[\033[0m\] "
+          if test "$TERM" = "xterm"; then
+            PS1="\[\033]2;\h:\u:\w\007\]$PS1"
+          fi
+        '';
+        description = ''
+          Shell script code used to initialise the bash prompt.
+        '';
+        type = types.lines;
+      };
+
+      enableCompletion = mkOption {
+        default = false;
+        description = ''
+          Enable Bash completion for all interactive bash shells.
+        '';
+        type = types.bool;
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    programs.bash = {
+
+      shellInit = ''
+        . ${config.system.build.setEnvironment}
+
+        ${cfge.shellInit}
+      '';
+
+      loginShellInit = cfge.loginShellInit;
+
+      interactiveShellInit = ''
+        # Check the window size after every command.
+        shopt -s checkwinsize
+
+        # Disable hashing (i.e. caching) of command lookups.
+        set +h
+
+        ${cfg.promptInit}
+        ${bashCompletion}
+        ${bashAliases}
+
+        ${cfge.interactiveShellInit}
+      '';
+
+    };
+
+    environment.etc."profile".text =
+      ''
+        # /etc/profile: DO NOT EDIT -- this file has been generated automatically.
+        # This file is read for login shells.
+
+        # Only execute this file once per shell.
+        if [ -n "$__ETC_PROFILE_SOURCED" ]; then return; fi
+        __ETC_PROFILE_SOURCED=1
+
+        # Prevent this file from being sourced by interactive non-login child shells.
+        export __ETC_PROFILE_DONE=1
+
+        ${cfg.shellInit}
+        ${cfg.loginShellInit}
+
+        # Read system-wide modifications.
+        if test -f /etc/profile.local; then
+          . /etc/profile.local
+        fi
+
+        if [ -n "''${BASH_VERSION:-}" ]; then
+          . /etc/bashrc
+        fi
+      '';
+
+    environment.etc."bashrc".text =
+      ''
+        # /etc/bashrc: DO NOT EDIT -- this file has been generated automatically.
+
+        # Only execute this file once per shell.
+        if [ -n "$__ETC_BASHRC_SOURCED" -o -n "$NOSYSBASHRC" ]; then return; fi
+        __ETC_BASHRC_SOURCED=1
+
+        # If the profile was not loaded in a parent process, source
+        # it.  But otherwise don't do it because we don't want to
+        # clobber overridden values of $PATH, etc.
+        if [ -z "$__ETC_PROFILE_DONE" ]; then
+            . /etc/profile
+        fi
+
+        # We are not always an interactive shell.
+        if [ -n "$PS1" ]; then
+          ${cfg.interactiveShellInit}
+        fi
+
+        # Read system-wide modifications.
+        if test -f /etc/bashrc.local; then
+          . /etc/bashrc.local
+        fi
+      '';
+
+    # Configuration for readline in bash.
+    environment.etc."inputrc".source = ./inputrc;
+
+    users.defaultUserShell = mkDefault "/run/current-system/sw/bin/bash";
+
+    environment.pathsToLink = optionals cfg.enableCompletion [
+      "/etc/bash_completion.d"
+      "/share/bash-completion"
+    ];
+
+    environment.shells =
+      [ "/run/current-system/sw/bin/bash"
+        "/var/run/current-system/sw/bin/bash"
+        "/run/current-system/sw/bin/sh"
+        "/var/run/current-system/sw/bin/sh"
+        "${pkgs.bashInteractive}/bin/bash"
+        "${pkgs.bashInteractive}/bin/sh"
+      ];
+
+  };
+
+}
diff --git a/nixos/modules/programs/bash/command-not-found.nix b/nixos/modules/programs/bash/command-not-found.nix
new file mode 100644
index 000000000000..502320446a37
--- /dev/null
+++ b/nixos/modules/programs/bash/command-not-found.nix
@@ -0,0 +1,51 @@
+# This module provides suggestions of packages to install if the user
+# tries to run a missing command in Bash.  This is implemented using a
+# SQLite database that maps program names to Nix package names (e.g.,
+# "pdflatex" is mapped to "tetex").
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  commandNotFound = pkgs.substituteAll {
+    name = "command-not-found";
+    dir = "bin";
+    src = ./command-not-found.pl;
+    isExecutable = true;
+    inherit (pkgs) perl;
+    perlFlags = concatStrings (map (path: "-I ${path}/lib/perl5/site_perl ")
+      [ pkgs.perlPackages.DBI pkgs.perlPackages.DBDSQLite ]);
+  };
+
+in
+
+{
+
+  programs.bash.interactiveShellInit =
+    ''
+      # This function is called whenever a command is not found.
+      command_not_found_handle() {
+        local p=/run/current-system/sw/bin/command-not-found
+        if [ -x $p -a -f /nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite ]; then
+          # Run the helper program.
+          $p "$1"
+          # Retry the command if we just installed it.
+          if [ $? = 126 ]; then
+            "$@"
+          else
+            return 127
+          fi
+        else
+          echo "$1: command not found" >&2
+          return 127
+        fi
+      }
+    '';
+
+  environment.systemPackages = [ commandNotFound ];
+
+  # TODO: tab completion for uninstalled commands! :-)
+
+}
diff --git a/nixos/modules/programs/bash/command-not-found.pl b/nixos/modules/programs/bash/command-not-found.pl
new file mode 100644
index 000000000000..916649059d37
--- /dev/null
+++ b/nixos/modules/programs/bash/command-not-found.pl
@@ -0,0 +1,48 @@
+#! @perl@/bin/perl -w @perlFlags@
+
+use strict;
+use DBI;
+use DBD::SQLite;
+use Config;
+
+my $program = $ARGV[0];
+
+my $dbPath = "/nix/var/nix/profiles/per-user/root/channels/nixos/programs.sqlite";
+
+my $dbh = DBI->connect("dbi:SQLite:dbname=$dbPath", "", "")
+    or die "cannot open database `$dbPath'";
+$dbh->{RaiseError} = 0;
+$dbh->{PrintError} = 0;
+
+my $system = $ENV{"NIX_SYSTEM"} // $Config{myarchname};
+
+my $res = $dbh->selectall_arrayref(
+    "select package from Programs where system = ? and name = ?",
+    { Slice => {} }, $system, $program);
+
+if (!defined $res || scalar @$res == 0) {
+    print STDERR "$program: command not found\n";
+} elsif (scalar @$res == 1) {
+    my $package = @$res[0]->{package};
+    if ($ENV{"NIX_AUTO_INSTALL"} // "") {
+        print STDERR <<EOF;
+The program ‘$program’ is currently not installed. It is provided by
+the package ‘$package’, which I will now install for you.
+EOF
+        ;
+        exit 126 if system("nix-env", "-i", $package) == 0;
+    } else {
+        print STDERR <<EOF;
+The program ‘$program’ is currently not installed. You can install it by typing:
+  nix-env -i $package
+EOF
+    }
+} else {
+    print STDERR <<EOF;
+The program ‘$program’ is currently not installed. It is provided by
+several packages. You can install it by typing one of the following:
+EOF
+    print STDERR "  nix-env -i $_->{package}\n" foreach @$res;
+}
+
+exit 127;
diff --git a/nixos/modules/programs/bash/inputrc b/nixos/modules/programs/bash/inputrc
new file mode 100644
index 000000000000..e4eabc052c5f
--- /dev/null
+++ b/nixos/modules/programs/bash/inputrc
@@ -0,0 +1,36 @@
+# inputrc borrowed from CentOS (RHEL).
+
+set bell-style none
+
+set meta-flag on
+set input-meta on
+set convert-meta off
+set output-meta on
+
+#set mark-symlinked-directories on
+
+$if mode=emacs
+
+# for linux console and RH/Debian xterm
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+"\e[5~": beginning-of-history
+"\e[6~": end-of-history
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+"\e[5C": forward-word
+"\e[5D": backward-word
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+
+# for rxvt
+"\e[8~": end-of-line
+
+# for non RH/Debian xterm, can't hurt for RH/DEbian xterm
+"\eOH": beginning-of-line
+"\eOF": end-of-line
+
+# for freebsd console
+"\e[H": beginning-of-line
+"\e[F": end-of-line
+$endif
diff --git a/nixos/modules/programs/blcr.nix b/nixos/modules/programs/blcr.nix
new file mode 100644
index 000000000000..e1e31b4a56aa
--- /dev/null
+++ b/nixos/modules/programs/blcr.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+  cfg = config.environment.blcr;
+  blcrPkg = config.boot.kernelPackages.blcr;
+in
+
+{
+  ###### interface
+
+  options = {
+    environment.blcr.enable = mkOption {
+      default = false;
+      description =
+        "Whether to enable support for the BLCR checkpointing tool.";
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    boot.kernelModules = [ "blcr" "blcr_imports" ];
+    boot.extraModulePackages = [ blcrPkg ];
+    environment.systemPackages = [ blcrPkg ];
+  };
+}
diff --git a/nixos/modules/programs/environment.nix b/nixos/modules/programs/environment.nix
new file mode 100644
index 000000000000..7c1922cdfd89
--- /dev/null
+++ b/nixos/modules/programs/environment.nix
@@ -0,0 +1,77 @@
+# This module defines a standard configuration for NixOS global environment.
+
+# Most of the stuff here should probably be moved elsewhere sometime.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.environment;
+
+in
+
+{
+
+  config = {
+
+    environment.variables =
+      { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+        LOCATE_PATH = "/var/cache/locatedb";
+        NIXPKGS_CONFIG = "/etc/nix/nixpkgs-config.nix";
+        NIX_PATH =
+          [ "/nix/var/nix/profiles/per-user/root/channels/nixos"
+            "nixpkgs=/etc/nixos/nixpkgs"
+            "nixos-config=/etc/nixos/configuration.nix"
+          ];
+        PAGER = "less -R";
+        EDITOR = "nano";
+      };
+
+    environment.profiles =
+      [ "$HOME/.nix-profile"
+        "/nix/var/nix/profiles/default"
+        "/run/current-system/sw"
+      ];
+
+    # !!! fix environment.profileVariables definition and then move
+    # most of these elsewhere
+    environment.profileVariables = (i:
+      { PATH = [ "${i}/bin" "${i}/sbin" "${i}/lib/kde4/libexec" ];
+        MANPATH = [ "${i}/man" "${i}/share/man" ];
+        INFOPATH = [ "${i}/info" "${i}/share/info" ];
+        PKG_CONFIG_PATH = [ "${i}/lib/pkgconfig" ];
+        TERMINFO_DIRS = [ "${i}/share/terminfo" ];
+        PERL5LIB = [ "${i}/lib/perl5/site_perl" ];
+        ALSA_PLUGIN_DIRS = [ "${i}/lib/alsa-lib" ];
+        GST_PLUGIN_PATH = [ "${i}/lib/gstreamer-0.10" ];
+        KDEDIRS = [ "${i}" ];
+        STRIGI_PLUGIN_PATH = [ "${i}/lib/strigi/" ];
+        QT_PLUGIN_PATH = [ "${i}/lib/qt4/plugins" "${i}/lib/kde4/plugins" ];
+        QTWEBKIT_PLUGIN_PATH = [ "${i}/lib/mozilla/plugins/" ];
+        GTK_PATH = [ "${i}/lib/gtk-2.0" ];
+        XDG_CONFIG_DIRS = [ "${i}/etc/xdg" ];
+        XDG_DATA_DIRS = [ "${i}/share" ];
+        MOZ_PLUGIN_PATH = [ "${i}/lib/mozilla/plugins" ];
+      });
+
+    environment.extraInit =
+      ''
+         # reset TERM with new TERMINFO available (if any)
+         export TERM=$TERM
+
+         unset ASPELL_CONF
+         for i in ${concatStringsSep " " (reverseList cfg.profiles)} ; do
+           if [ -d "$i/lib/aspell" ]; then
+             export ASPELL_CONF="dict-dir $i/lib/aspell"
+           fi
+         done
+
+         export NIX_USER_PROFILE_DIR="/nix/var/nix/profiles/per-user/$USER"
+         export NIX_PROFILES="${concatStringsSep " " (reverseList cfg.profiles)}"
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/programs/gurobi.nix b/nixos/modules/programs/gurobi.nix
new file mode 100644
index 000000000000..7fa099b0884f
--- /dev/null
+++ b/nixos/modules/programs/gurobi.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.programs.gurobi;
+in {
+  options = {
+    programs.gurobi = {
+      license = mkOption {
+        default = null;
+
+        description = "Path to the Gurobi license file if not using a token server";
+
+        type = types.nullOr types.path;
+      };
+
+      tokenServerAddress = mkOption {
+        default = null;
+
+        description = "Address of the token server";
+
+        type = types.nullOr types.string;
+      };
+    };
+  };
+
+  config = mkIf (cfg.license != null || cfg.tokenServerAddress != null) {
+    assertions = [ {
+      assertion = cfg.license == null || cfg.tokenServerAddress == null;
+      message = "Please only set one of a gurobi license file and a gurobi token server address";
+    } ];
+
+    environment.variables.GRB_LICENSE_FILE = if cfg.license != null
+      then cfg.license
+      else pkgs.writeTextFile {
+        name = "gurobi-generated-license";
+        text = "TOKENSERVER=${cfg.tokenServerAddress}";
+      };
+
+    environment.systemPackages = [ pkgs.gurobi ];
+  };
+}
diff --git a/nixos/modules/programs/info.nix b/nixos/modules/programs/info.nix
new file mode 100644
index 000000000000..30c25cf34206
--- /dev/null
+++ b/nixos/modules/programs/info.nix
@@ -0,0 +1,36 @@
+{config, pkgs, ...}:
+
+let
+
+  # Quick hack to make the `info' command work properly.  `info' needs
+  # a "dir" file containing all the installed Info files, which we
+  # don't have (it would be impure to have a package installation
+  # update some global "dir" file).  So this wrapper script around
+  # "info" builds a temporary "dir" file on the fly.  This is a bit
+  # slow (on a cold cache) but not unacceptably so.
+  infoWrapper = pkgs.writeScriptBin "info"
+    ''
+      #! ${pkgs.stdenv.shell}
+
+      dir=$(mktemp --tmpdir -d "info.dir.XXXXXX")
+
+      if test -z "$dir"; then exit 1; fi
+
+      trap 'rm -rf "$dir"' EXIT
+
+      shopt -s nullglob
+
+      for i in $(IFS=:; echo $INFOPATH); do
+          for j in $i/*.info; do
+              ${pkgs.texinfo}/bin/install-info --quiet $j $dir/dir
+          done
+      done
+
+      INFOPATH=$dir:$INFOPATH ${pkgs.texinfo}/bin/info "$@"
+    ''; # */
+
+in
+
+{
+  environment.systemPackages = [ infoWrapper pkgs.texinfo ];
+}
diff --git a/nixos/modules/programs/shadow.nix b/nixos/modules/programs/shadow.nix
new file mode 100644
index 000000000000..9e46ab8b298f
--- /dev/null
+++ b/nixos/modules/programs/shadow.nix
@@ -0,0 +1,103 @@
+# Configuration for the pwdutils suite of tools: passwd, useradd, etc.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  loginDefs =
+    ''
+      DEFAULT_HOME yes
+
+      SYS_UID_MIN  100
+      SYS_UID_MAX  499
+      UID_MIN      1000
+      UID_MAX      29999
+
+      SYS_GID_MIN  100
+      SYS_GID_MAX  499
+      GID_MIN      1000
+      GID_MAX      29999
+
+      TTYGROUP     tty
+      TTYPERM      0620
+
+      # Ensure privacy for newly created home directories.
+      UMASK        077
+
+      # Uncomment this to allow non-root users to change their account
+      #information.  This should be made configurable.
+      #CHFN_RESTRICT frwh
+
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    users.defaultUserShell = pkgs.lib.mkOption {
+      description = ''
+        This option defines the default shell assigned to user
+        accounts.  This must not be a store path, since the path is
+        used outside the store (in particular in /etc/passwd).
+        Rather, it should be the path of a symlink that points to the
+        actual shell in the Nix store.
+      '';
+      type = types.path;
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages = [ pkgs.shadow ];
+
+    environment.etc =
+      [ { # /etc/login.defs: global configuration for pwdutils.  You
+          # cannot login without it!
+          source = pkgs.writeText "login.defs" loginDefs;
+          target = "login.defs";
+        }
+
+        { # /etc/default/useradd: configuration for useradd.
+          source = pkgs.writeText "useradd"
+            ''
+              GROUP=100
+              HOME=/home
+              SHELL=${config.users.defaultUserShell}
+            '';
+          target = "default/useradd";
+        }
+      ];
+
+    security.pam.services =
+      { chsh = { rootOK = true; };
+        chfn = { rootOK = true; };
+        su = { rootOK = true; forwardXAuth = true; };
+        passwd = {};
+        # Note: useradd, groupadd etc. aren't setuid root, so it
+        # doesn't really matter what the PAM config says as long as it
+        # lets root in.
+        useradd = { rootOK = true; };
+        usermod = { rootOK = true; };
+        userdel = { rootOK = true; };
+        groupadd = { rootOK = true; };
+        groupmod = { rootOK = true; };
+        groupmems = { rootOK = true; };
+        groupdel = { rootOK = true; };
+        login = { startSession = true; allowNullPassword = true; showMotd = true; updateWtmp = true; };
+      };
+
+    security.setuidPrograms = [ "passwd" "chfn" "su" "newgrp" ];
+
+  };
+
+}
diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
new file mode 100644
index 000000000000..8052502c21ea
--- /dev/null
+++ b/nixos/modules/programs/shell.nix
@@ -0,0 +1,64 @@
+# This module defines a standard configuration for NixOS shells.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.environment;
+
+in
+
+{
+
+  config = {
+
+    environment.shellAliases =
+      { ls = "ls --color=tty";
+        ll = "ls -l";
+        l  = "ls -alh";
+      };
+
+    environment.shellInit =
+      ''
+        # Set up the per-user profile.
+        mkdir -m 0755 -p $NIX_USER_PROFILE_DIR
+        if test "$(stat --printf '%u' $NIX_USER_PROFILE_DIR)" != "$(id -u)"; then
+            echo "WARNING: bad ownership on $NIX_USER_PROFILE_DIR" >&2
+        fi
+
+        if ! test -L $HOME/.nix-profile; then
+            if test "$USER" != root; then
+                ln -s $NIX_USER_PROFILE_DIR/profile $HOME/.nix-profile
+            else
+                # Root installs in the system-wide profile by default.
+                ln -s /nix/var/nix/profiles/default $HOME/.nix-profile
+            fi
+        fi
+
+        # Subscribe the root user to the NixOS channel by default.
+        if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
+            echo "${config.system.defaultChannel} nixos" > $HOME/.nix-channels
+        fi
+
+        # Create the per-user garbage collector roots directory.
+        NIX_USER_GCROOTS_DIR=/nix/var/nix/gcroots/per-user/$USER
+        mkdir -m 0755 -p $NIX_USER_GCROOTS_DIR
+        if test "$(stat --printf '%u' $NIX_USER_GCROOTS_DIR)" != "$(id -u)"; then
+            echo "WARNING: bad ownership on $NIX_USER_GCROOTS_DIR" >&2
+        fi
+
+        # Set up a default Nix expression from which to install stuff.
+        if [ ! -e $HOME/.nix-defexpr -o -L $HOME/.nix-defexpr ]; then
+            rm -f $HOME/.nix-defexpr
+            mkdir $HOME/.nix-defexpr
+            if [ "$USER" != root ]; then
+                ln -s /nix/var/nix/profiles/per-user/root/channels $HOME/.nix-defexpr/channels_root
+            fi
+        fi
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
new file mode 100644
index 000000000000..a66679dff90d
--- /dev/null
+++ b/nixos/modules/programs/ssh.nix
@@ -0,0 +1,75 @@
+# Global configuration for the SSH client.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg  = config.programs.ssh;
+    cfgd = config.services.openssh;
+
+in
+{
+  ###### interface
+
+  options = {
+
+    programs.ssh = {
+
+      forwardX11 = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to request X11 forwarding on outgoing connections by default.
+          This is useful for running graphical programs on the remote machine and have them display to your local X11 server.
+          Historically, this value has depended on the value used by the local sshd daemon, but there really isn't a relation between the two.
+          Note: there are some security risks to forwarding an X11 connection.
+          NixOS's X server is built with the SECURITY extension, which prevents some obvious attacks.
+          To enable or disable forwarding on a per-connection basis, see the -X and -x options to ssh.
+          The -Y option to ssh enables trusted forwarding, which bypasses the SECURITY extension.
+        '';
+      };
+
+      setXAuthLocation = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to set the path to <command>xauth</command> for X11-forwarded connections.
+          This causes a dependency on X11 packages.
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Extra configuration text appended to <filename>ssh_config</filename>.
+          See <citerefentry><refentrytitle>ssh_config</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+          for help.
+        '';
+      };
+    };
+  };
+
+  config = {
+
+    assertions = singleton
+      { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
+        message = "cannot enable X11 forwarding without setting XAuth location";
+      };
+
+    environment.etc =
+      [ { # SSH configuration.  Slight duplication of the sshd_config
+          # generation in the sshd service.
+          source = pkgs.writeText "ssh_config" ''
+            AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+            ${optionalString cfg.setXAuthLocation ''
+              XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+            ''}
+            ForwardX11 ${if cfg.forwardX11 then "yes" else "no"}
+            ${cfg.extraConfig}
+          '';
+          target = "ssh/ssh_config";
+        }
+      ];
+  };
+}
diff --git a/nixos/modules/programs/ssmtp.nix b/nixos/modules/programs/ssmtp.nix
new file mode 100644
index 000000000000..904989d57a09
--- /dev/null
+++ b/nixos/modules/programs/ssmtp.nix
@@ -0,0 +1,111 @@
+# Configuration for `ssmtp', a trivial mail transfer agent that can
+# replace sendmail/postfix on simple systems.  It delivers email
+# directly to an SMTP server defined in its configuration file, wihout
+# queueing mail locally.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking.defaultMailServer;
+
+in
+
+{
+
+  options = {
+
+    networking.defaultMailServer = {
+
+      directDelivery = mkOption {
+        default = false;
+        example = true;
+        description = ''
+          Use the trivial Mail Transfer Agent (MTA)
+          <command>ssmtp</command> package to allow programs to send
+          e-mail.  If you don't want to run a “real” MTA like
+          <command>sendmail</command> or <command>postfix</command> on
+          your machine, set this option to <literal>true</literal>, and
+          set the option
+          <option>networking.defaultMailServer.hostName</option> to the
+          host name of your preferred mail server.
+        '';
+      };
+
+      hostName = mkOption {
+        example = "mail.example.org";
+        description = ''
+          The host name of the default mail server to use to deliver
+          e-mail.
+        '';
+      };
+
+      domain = mkOption {
+        default = "";
+        example = "example.org";
+        description = ''
+          The domain from which mail will appear to be sent.
+        '';
+      };
+
+      useTLS = mkOption {
+        default = false;
+        example = true;
+        description = ''
+          Whether TLS should be used to connect to the default mail
+          server.
+        '';
+      };
+
+      useSTARTTLS = mkOption {
+        default = false;
+        example = true;
+        description = ''
+          Whether the STARTTLS should be used to connect to the default
+          mail server.  (This is needed for TLS-capable mail servers
+          running on the default SMTP port 25.)
+        '';
+      };
+
+      authUser = mkOption {
+        default = "";
+        example = "foo@example.org";
+        description = ''
+          Username used for SMTP auth. Leave blank to disable.
+        '';
+      };
+
+      authPass = mkOption {
+        default = "";
+        example = "correctHorseBatteryStaple";
+        description = ''
+          Password used for SMTP auth. (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf cfg.directDelivery {
+
+    environment.etc."ssmtp/ssmtp.conf".text =
+      ''
+        MailHub=${cfg.hostName}
+        FromLineOverride=YES
+        ${if cfg.domain != "" then "rewriteDomain=${cfg.domain}" else ""}
+        UseTLS=${if cfg.useTLS then "YES" else "NO"}
+        UseSTARTTLS=${if cfg.useSTARTTLS then "YES" else "NO"}
+        #Debug=YES
+        ${if cfg.authUser != "" then "AuthUser=${cfg.authUser}" else ""}
+        ${if cfg.authPass != "" then "AuthPass=${cfg.authPass}" else ""}
+      '';
+
+    environment.systemPackages = [pkgs.ssmtp];
+
+  };
+
+}
diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix
new file mode 100644
index 000000000000..2b3bfbc6c188
--- /dev/null
+++ b/nixos/modules/programs/venus.nix
@@ -0,0 +1,174 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+let
+  cfg = config.services.venus;
+
+  configFile = pkgs.writeText "venus.ini"
+    ''
+      [Planet]
+      name = ${cfg.name}
+      link = ${cfg.link}
+      owner_name = ${cfg.ownerName}
+      owner_email = ${cfg.ownerEmail}
+      output_theme = ${cfg.cacheDirectory}/theme
+      output_dir = ${cfg.outputDirectory}
+      cache_directory = ${cfg.cacheDirectory}
+      items_per_page = ${toString cfg.itemsPerPage}
+      ${(concatStringsSep "\n\n"
+            (map ({ name, feedUrl, homepageUrl }:
+            ''
+              [${feedUrl}]
+              name = ${name}
+              link = ${homepageUrl}
+            '') cfg.feeds))}
+    '';
+
+in
+{
+
+  options = {
+    services.venus = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Planet Venus is an awesome ‘river of news’ feed reader. It downloads
+          news feeds published by web sites and aggregates their content
+          together into a single combined feed, latest news first.
+        '';
+      };
+
+      dates = mkOption {
+        default = "*:0,15,30,45";
+        type = types.string;
+        description = ''
+          Specification (in the format described by
+          <citerefentry><refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>) of the time at
+          which the Venus will collect feeds.
+        '';
+      };
+
+      user = mkOption {
+        default = "root";
+        type = types.string;
+        description = ''
+          User for running venus script.
+        '';
+      };
+
+      group = mkOption {
+        default = "root";
+        type = types.string;
+        description = ''
+          Group for running venus script.
+        '';
+      };
+
+      name = mkOption {
+        default = "NixOS Planet";
+        type = types.string;
+        description = ''
+          Your planet's name.
+        '';
+      };
+
+      link = mkOption {
+        default = "http://planet.nixos.org";
+        type = types.string;
+        description = ''
+          Link to the main page.
+        '';
+      };
+
+      ownerName = mkOption {
+        default = "Rok Garbas";
+        type = types.string;
+        description = ''
+          Your name.
+        '';
+      };
+
+      ownerEmail = mkOption {
+        default = "some@example.com";
+        type = types.string;
+        description = ''
+          Your e-mail address.
+        '';
+      };
+
+      outputTheme = mkOption {
+        default = "${pkgs.venus}/themes/classic_fancy";
+        type = types.path;
+        description = ''
+          Directory containing a config.ini file which is merged with this one.
+          This is typically used to specify templating and bill of material
+          information.
+        '';
+      };
+
+      outputDirectory = mkOption {
+        type = types.path;
+        description = ''
+          Directory to place output files.
+        '';
+      };
+
+      cacheDirectory = mkOption {
+        default = "/var/cache/venus";
+        type = types.path;
+        description = ''
+            Where cached feeds are stored.
+        '';
+      };
+
+      itemsPerPage = mkOption {
+        default = 15;
+        type = types.int;
+        description = ''
+          How many items to put on each page.
+        '';
+      };
+
+      feeds = mkOption {
+        default = [];
+        example = [
+          {
+            name = "Rok Garbas";
+            feedUrl= "http://url/to/rss/feed.xml";
+            homepageUrl = "http://garbas.si";
+          }
+        ];
+        description = ''
+          List of feeds.
+        '';
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    system.activationScripts.venus =
+      ''
+        mkdir -p ${cfg.outputDirectory}
+        chown ${cfg.user}:${cfg.group} ${cfg.outputDirectory} -R
+        rm -rf ${cfg.cacheDirectory}/theme
+        mkdir -p ${cfg.cacheDirectory}/theme
+        cp -R ${cfg.outputTheme}/* ${cfg.cacheDirectory}/theme
+        chown ${cfg.user}:${cfg.group} ${cfg.cacheDirectory} -R
+      '';
+
+    systemd.services.venus =
+      { description = "Planet Venus, an awesome ‘river of news’ feed reader";
+        path  = [ pkgs.venus ];
+        script = "exec venus-planet ${configFile}";
+        serviceConfig.User = "${cfg.user}";
+        serviceConfig.Group = "${cfg.group}";
+        environment.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+        startOn = cfg.dates;
+      };
+
+  };
+}
diff --git a/nixos/modules/programs/virtualbox.nix b/nixos/modules/programs/virtualbox.nix
new file mode 100644
index 000000000000..340fec0496ae
--- /dev/null
+++ b/nixos/modules/programs/virtualbox.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let virtualbox = config.boot.kernelPackages.virtualbox; in
+
+{
+  boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
+  boot.extraModulePackages = [ virtualbox ];
+  environment.systemPackages = [ virtualbox ];
+
+  users.extraGroups.vboxusers.gid = config.ids.gids.vboxusers;
+
+  services.udev.extraRules =
+    ''
+      KERNEL=="vboxdrv",    OWNER="root", GROUP="vboxusers", MODE="0660", TAG+="systemd"
+      KERNEL=="vboxnetctl", OWNER="root", GROUP="root",      MODE="0600", TAG+="systemd"
+      SUBSYSTEM=="usb_device", ACTION=="add", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
+      SUBSYSTEM=="usb", ACTION=="add", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh $major $minor $attr{bDeviceClass}"
+      SUBSYSTEM=="usb_device", ACTION=="remove", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
+      SUBSYSTEM=="usb", ACTION=="remove", ENV{DEVTYPE}=="usb_device", RUN+="${virtualbox}/libexec/virtualbox/VBoxCreateUSBNode.sh --remove $major $minor"
+    '';
+
+  # Since we lack the right setuid binaries, set up a host-only network by default.
+
+  systemd.services."vboxnet0" =
+    { description = "VirtualBox vboxnet0 Interface";
+      requires = [ "dev-vboxnetctl.device" ];
+      after = [ "dev-vboxnetctl.device" ];
+      wantedBy = [ "network.target" "sys-subsystem-net-devices-vboxnet0.device" ];
+      path = [ virtualbox ];
+      serviceConfig.RemainAfterExit = true;
+      serviceConfig.Type = "oneshot";
+      script =
+        ''
+          if ! [ -e /sys/class/net/vboxnet0 ]; then
+            VBoxManage hostonlyif create
+          fi
+        '';
+      postStop =
+        ''
+          VBoxManage hostonlyif remove vboxnet0
+        '';
+    };
+
+  networking.interfaces.vboxnet0 = { ipAddress = "192.168.56.1"; prefixLength = 24; };
+}
diff --git a/nixos/modules/programs/wvdial.nix b/nixos/modules/programs/wvdial.nix
new file mode 100644
index 000000000000..da3f7dce98a1
--- /dev/null
+++ b/nixos/modules/programs/wvdial.nix
@@ -0,0 +1,71 @@
+# Global configuration for wvdial.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  configFile = ''
+    [Dialer Defaults]
+    PPPD PATH = ${pkgs.ppp}/sbin/pppd
+    ${config.environment.wvdial.dialerDefaults}
+  '';
+
+  cfg = config.environment.wvdial;
+
+in
+{
+  ###### interface
+
+  options = {
+
+    environment.wvdial = {
+
+      dialerDefaults = mkOption {
+        default = "";
+        type = types.string;
+        example = ''Init1 = AT+CGDCONT=1,"IP","internet.t-mobile"'';
+        description = ''
+          Contents of the "Dialer Defaults" section of
+          <filename>/etc/wvdial.conf</filename>.
+        '';
+      };
+
+      pppDefaults = mkOption {
+        default = ''
+          noipdefault
+          usepeerdns
+          defaultroute
+          persist
+          noauth
+        '';
+        type = types.string;
+        description = "Default ppp settings for wvdial.";
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf (cfg.dialerDefaults != "") {
+
+    environment = {
+
+      etc =
+      [
+        { source = pkgs.writeText "wvdial.conf" configFile;
+          target = "wvdial.conf";
+        }
+        { source = pkgs.writeText "wvdial" cfg.pppDefaults;
+          target = "ppp/peers/wvdial";
+        }
+      ];
+
+    };
+
+  };
+
+}
diff --git a/nixos/modules/programs/zsh/zinputrc b/nixos/modules/programs/zsh/zinputrc
new file mode 100644
index 000000000000..6121f3e21f16
--- /dev/null
+++ b/nixos/modules/programs/zsh/zinputrc
@@ -0,0 +1,42 @@
+# Stolen from ArchWiki
+
+# create a zkbd compatible hash;
+# to add other keys to this hash, see: man 5 terminfo
+typeset -A key
+
+key[Home]=${terminfo[khome]}
+
+key[End]=${terminfo[kend]}
+key[Insert]=${terminfo[kich1]}
+key[Delete]=${terminfo[kdch1]}
+key[Up]=${terminfo[kcuu1]}
+key[Down]=${terminfo[kcud1]}
+key[Left]=${terminfo[kcub1]}
+key[Right]=${terminfo[kcuf1]}
+key[PageUp]=${terminfo[kpp]}
+key[PageDown]=${terminfo[knp]}
+
+# setup key accordingly
+[[ -n "${key[Home]}"     ]]  && bindkey  "${key[Home]}"     beginning-of-line
+[[ -n "${key[End]}"      ]]  && bindkey  "${key[End]}"      end-of-line
+[[ -n "${key[Insert]}"   ]]  && bindkey  "${key[Insert]}"   overwrite-mode
+[[ -n "${key[Delete]}"   ]]  && bindkey  "${key[Delete]}"   delete-char
+[[ -n "${key[Up]}"       ]]  && bindkey  "${key[Up]}"       up-line-or-history
+[[ -n "${key[Down]}"     ]]  && bindkey  "${key[Down]}"     down-line-or-history
+[[ -n "${key[Left]}"     ]]  && bindkey  "${key[Left]}"     backward-char
+[[ -n "${key[Right]}"    ]]  && bindkey  "${key[Right]}"    forward-char
+[[ -n "${key[PageUp]}"   ]]  && bindkey  "${key[PageUp]}"   beginning-of-buffer-or-history
+[[ -n "${key[PageDown]}" ]]  && bindkey  "${key[PageDown]}" end-of-buffer-or-history
+
+# Finally, make sure the terminal is in application mode, when zle is
+# active. Only then are the values from $terminfo valid.
+if (( ${+terminfo[smkx]} )) && (( ${+terminfo[rmkx]} )); then
+    function zle-line-init () {
+        printf '%s' "${terminfo[smkx]}"
+    }
+    function zle-line-finish () {
+        printf '%s' "${terminfo[rmkx]}"
+    }
+    zle -N zle-line-init
+    zle -N zle-line-finish
+fi
diff --git a/nixos/modules/programs/zsh/zsh.nix b/nixos/modules/programs/zsh/zsh.nix
new file mode 100644
index 000000000000..cff751934d7d
--- /dev/null
+++ b/nixos/modules/programs/zsh/zsh.nix
@@ -0,0 +1,180 @@
+# This module defines global configuration for the zshell.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfge = config.environment;
+
+  cfg = config.programs.zsh;
+
+  zshAliases = concatStringsSep "\n" (
+    mapAttrsFlatten (k: v: "alias ${k}='${v}'") cfg.shellAliases
+  );
+
+in
+
+{
+
+  options = {
+
+    programs.zsh = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whenever to configure Zsh as an interactive shell.
+          Note that this tries to make Zsh the default
+          <option>users.defaultUserShell</option>,
+          which in turn means that you might need to explicitly
+          set this variable if you have another shell configured
+          with NixOS.
+        '';
+        type = types.bool;
+      };
+
+      shellAliases = mkOption {
+        default = config.environment.shellAliases;
+        description = ''
+          Set of aliases for zsh shell. See <option>environment.shellAliases</option>
+          for an option format description.
+        '';
+        type = types.attrs; # types.attrsOf types.stringOrPath;
+      };
+
+      shellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during zsh shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      loginShellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during zsh login shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      interactiveShellInit = mkOption {
+        default = "";
+        description = ''
+          Shell script code called during interactive zsh shell initialisation.
+        '';
+        type = types.lines;
+      };
+
+      promptInit = mkOption {
+        default = ''
+          autoload -U promptinit && promptinit && prompt walters
+        '';
+        description = ''
+          Shell script code used to initialise the zsh prompt.
+        '';
+        type = types.lines;
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    programs.zsh = {
+
+      shellInit = ''
+        . ${config.system.build.setEnvironment}
+
+        ${cfge.shellInit}
+      '';
+
+      loginShellInit = cfge.loginShellInit;
+
+      interactiveShellInit = ''
+        ${cfge.interactiveShellInit}
+
+        ${cfg.promptInit}
+        ${zshAliases}
+
+        # Some sane history defaults
+        export SAVEHIST=2000
+        export HISTSIZE=2000
+        export HISTFILE=$HOME/.zsh_history
+
+        setopt HIST_IGNORE_DUPS SHARE_HISTORY
+      '';
+
+    };
+
+    environment.etc."zshenv".text =
+      ''
+        # /etc/zshenv: DO NOT EDIT -- this file has been generated automatically.
+        # This file is read for all shells.
+
+        # Only execute this file once per shell.
+        if [ -n "$__ETC_ZSHENV_SOURCED" ]; then return; fi
+        __ETC_ZSHENV_SOURCED=1
+
+        ${cfg.shellInit}
+
+        # Read system-wide modifications.
+        if test -f /etc/zshenv.local; then
+          . /etc/zshenv.local
+        fi
+      '';
+
+    environment.etc."zprofile".text =
+      ''
+        # /etc/zprofile: DO NOT EDIT -- this file has been generated automatically.
+        # This file is read for login shells.
+
+        # Only execute this file once per shell.
+        if [ -n "$__ETC_ZPROFILE_SOURCED" ]; then return; fi
+        __ETC_ZPROFILE_SOURCED=1
+
+        ${cfg.loginShellInit}
+
+        # Read system-wide modifications.
+        if test -f /etc/zprofile.local; then
+          . /etc/zprofile.local
+        fi
+      '';
+
+    environment.etc."zshrc".text =
+      ''
+        # /etc/zshrc: DO NOT EDIT -- this file has been generated automatically.
+        # This file is read for interactive shells.
+
+        # Only execute this file once per shell.
+        if [ -n "$__ETC_ZSHRC_SOURCED" -o -n "$NOSYSZSHRC" ]; then return; fi
+        __ETC_ZSHRC_SOURCED=1
+
+        . /etc/zinputrc
+
+        ${cfg.interactiveShellInit}
+
+        # Read system-wide modifications.
+        if test -f /etc/zshrc.local; then
+          . /etc/zshrc.local
+        fi
+      '';
+
+    environment.etc."zinputrc".source = ./zinputrc;
+
+    environment.systemPackages = [ pkgs.zsh ];
+
+    users.defaultUserShell = mkDefault "/run/current-system/sw/bin/zsh";
+
+    environment.shells =
+      [ "/run/current-system/sw/bin/zsh"
+        "/var/run/current-system/sw/bin/zsh"
+        "${pkgs.zsh}/bin/zsh"
+      ];
+
+  };
+
+}
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
new file mode 100644
index 000000000000..ae3c9faeea68
--- /dev/null
+++ b/nixos/modules/rename.nix
@@ -0,0 +1,120 @@
+{ config, pkgs, options, ... }:
+
+with pkgs.lib;
+
+let
+
+  alias = from: to: rename {
+    inherit from to;
+    name = "Alias";
+    use = id;
+    define = id;
+    visible = true;
+  };
+
+  obsolete = from: to: rename {
+    inherit from to;
+    name = "Obsolete name";
+    use = x: builtins.trace "Obsolete option `${showOption from}' is used instead of `${showOption to}'." x;
+    define = x: builtins.trace "Obsolete option `${showOption from}' is defined instead of `${showOption to}'." x;
+  };
+
+  deprecated = from: to: rename {
+    inherit from to;
+    name = "Deprecated name";
+    use = x: abort "Deprecated option `${showOption from}' is used instead of `${showOption to}'.";
+    define = x: abort "Deprecated option `${showOption from}' is defined instead of `${showOption to}'.";
+  };
+
+  showOption = concatStringsSep ".";
+
+  zipModules = list:
+    zipAttrsWith (n: v:
+      if tail v != [] then
+        if n == "_type" then (head v)
+        else if n == "warnings" then concatLists v
+        else if n == "description" || n == "apply" then
+          abort "Cannot rename an option to multiple options."
+        else zipModules v
+      else head v
+    ) list;
+
+  rename = { from, to, name, use, define, visible ? false }:
+    let
+      setTo = setAttrByPath to;
+      setFrom = setAttrByPath from;
+      toOf = attrByPath to
+        (abort "Renaming error: option `${showOption to}' does not exists.");
+      fromOf = attrByPath from
+        (abort "Internal error: option `${showOption from}' should be declared.");
+    in
+      [ { options = setFrom (mkOption {
+            description = "${name} of <option>${showOption to}</option>.";
+            apply = x: use (toOf config);
+            inherit visible;
+          });
+        }
+        { config = setTo (mkIf (fromOf options).isDefined (define (mkMerge (fromOf options).definitions)));
+        }
+      ];
+
+  obsolete' = option: singleton
+    { options = setAttrByPath option (mkOption {
+        default = null;
+        visible = false;
+      });
+      config.warnings = optional (getAttrFromPath option config != null)
+        "The option `${showOption option}' defined in your configuration no longer has any effect; please remove it.";
+    };
+
+in zipModules ([]
+
+++ obsolete [ "environment" "x11Packages" ] [ "environment" "systemPackages" ]
+++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
+++ obsolete [ "environment" "nix" ] [ "nix" "package" ]
+
+++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
+++ obsolete [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]
+++ obsolete [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]
+
+# FIXME: Remove these eventually.
+++ obsolete [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ]
+++ obsolete [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]
+++ obsolete [ "boot" "systemd" "services" ] [ "systemd" "services" ]
+
+# Old Grub-related options.
+++ obsolete [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]
+++ obsolete [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]
+++ obsolete [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]
+++ obsolete [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ]
+++ obsolete [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ]
+
+++ obsolete [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]
+++ obsolete [ "boot" "extraKernelParams" ] [ "boot" "kernelParams" ]
+
+# OpenSSH
+++ obsolete [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ]
+++ alias [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ]
+++ obsolete [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ]
+++ obsolete [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ]
+++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
+++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
+++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
+
+# KDE
+++ deprecated [ "kde" "extraPackages" ] [ "environment" "kdePackages" ]
+# ++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] # !!! doesn't work!
+
+# Multiple efi bootloaders now
+++ obsolete [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ]
+
+# NixOS environment changes
+# !!! this hardcodes bash, could we detect from config which shell is actually used?
+++ obsolete [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ]
+
+# Options that are obsolete and have no replacement.
+++ obsolete' [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete' [ "boot" "initrd" "luks" "enable" ]
+
+)
diff --git a/nixos/modules/security/apparmor-suid.nix b/nixos/modules/security/apparmor-suid.nix
new file mode 100644
index 000000000000..bc661164fdc2
--- /dev/null
+++ b/nixos/modules/security/apparmor-suid.nix
@@ -0,0 +1,46 @@
+{pkgs, config, ...}:
+let
+  cfg = config.security.apparmor;
+in
+with pkgs.lib;
+{
+
+  options.security.apparmor.confineSUIDApplications = mkOption {
+    default = true;
+    description = ''
+      Install AppArmor profiles for commonly-used SUID application
+      to mitigate potential privilege escalation attacks due to bugs
+      in such applications.
+
+      Currently available profiles: ping
+    '';
+  };
+
+  config = mkIf (cfg.confineSUIDApplications) {
+    security.apparmor.profiles = [ (pkgs.writeText "ping" ''
+      #include <tunables/global>
+      /var/setuid-wrappers/ping {
+        #include <abstractions/base>
+        #include <abstractions/consoles>
+        #include <abstractions/nameservice>
+
+        capability net_raw,
+        capability setuid,
+        network inet raw,
+
+        ${pkgs.glibc}/lib/*.so mr,
+        ${pkgs.libcap}/lib/libcap.so* mr,
+        ${pkgs.attr}/lib/libattr.so* mr,
+
+        ${pkgs.iputils}/bin/ping mixr,
+        /var/setuid-wrappers/ping.real r,
+
+        #/etc/modules.conf r,
+
+        ## Site-specific additions and overrides. See local/README for details.
+        ##include <local/bin.ping>
+      }
+    '') ];
+  };
+
+}
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
new file mode 100644
index 000000000000..b9f151590028
--- /dev/null
+++ b/nixos/modules/security/apparmor.nix
@@ -0,0 +1,69 @@
+{pkgs, config, ...}:
+
+let
+  cfg = config.security.apparmor;
+in
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    security.apparmor = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable AppArmor application security system. Enable only if
+          you want to further improve AppArmor.
+        '';
+      };
+
+      profiles = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          List of file names of AppArmor profiles.
+        '';
+      };
+
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf (cfg.enable) {
+
+    assertions = [ { assertion = config.boot.kernelPackages.kernel.features ? apparmor
+                               && config.boot.kernelPackages.kernel.features.apparmor;
+                     message = "AppArmor is enabled, but the kernel doesn't have AppArmor support"; }
+                 ];
+
+    environment.systemPackages = [ pkgs.apparmor ];
+
+    systemd.services.apparmor = {
+      #wantedBy = [ "basic.target" ];
+      wantedBy = [ "local-fs.target" ];
+      path = [ pkgs.apparmor ];
+
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = "yes";
+        ExecStart = concatMapStrings (profile:
+          ''${pkgs.apparmor}/sbin/apparmor_parser -rKv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}" ; ''
+        ) cfg.profiles;
+        ExecStop = concatMapStrings (profile:
+          ''${pkgs.apparmor}/sbin/apparmor_parser -Rv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}" ; ''
+        ) cfg.profiles;
+      };
+
+    };
+
+  };
+
+}
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix
new file mode 100644
index 000000000000..2e93fb36b450
--- /dev/null
+++ b/nixos/modules/security/ca.nix
@@ -0,0 +1,26 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  config = {
+
+    environment.etc =
+      [ { source = "${pkgs.cacert}/etc/ca-bundle.crt";
+          target = "ssl/certs/ca-bundle.crt";
+        }
+
+        # Backward compatibility; may remove at some point.
+        { source = "${pkgs.cacert}/etc/ca-bundle.crt";
+          target = "ca-bundle.crt";
+        }
+      ];
+
+    environment.variables.OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+    environment.variables.CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt";
+    environment.variables.GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt";
+
+  };
+
+}
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix
new file mode 100644
index 000000000000..93d12d292e4d
--- /dev/null
+++ b/nixos/modules/security/pam.nix
@@ -0,0 +1,353 @@
+# This module provides configuration for the PAM (Pluggable
+# Authentication Modules) system.
+
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+
+  pamOpts = args: {
+
+    options = {
+
+      name = mkOption {
+        example = "sshd";
+        type = types.str;
+        description = "Name of the PAM service.";
+      };
+
+      unixAuth = mkOption {
+        default = true;
+        type = types.bool;
+        description = ''
+          Whether users can log in with passwords defined in
+          <filename>/etc/shadow</filename>.
+        '';
+      };
+
+      rootOK = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If set, root doesn't need to authenticate (e.g. for the
+          <command>useradd</command> service).
+        '';
+      };
+
+      usbAuth = mkOption {
+        default = config.security.pam.usb.enable;
+        type = types.bool;
+        description = ''
+          If set, users listed in
+          <filename>/etc/pamusb.conf</filename> are able to log in
+          with the associated USB key.
+        '';
+      };
+
+      otpwAuth = mkOption {
+        default = config.security.pam.enableOTPW;
+        type = types.bool;
+        description = ''
+          If set, the OTPW system will be used (if
+          <filename>~/.otpw</filename> exists).
+        '';
+      };
+
+      sshAgentAuth = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If set, the calling user's SSH agent is used to authenticate
+          against the keys in the calling user's
+          <filename>~/.ssh/authorized_keys</filename>.  This is useful
+          for <command>sudo</command> on password-less remote systems.
+        '';
+      };
+
+      startSession = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If set, the service will register a new session with
+          systemd's login manager.  For local sessions, this will give
+          the user access to audio devices, CD-ROM drives.  In the
+          default PolicyKit configuration, it also allows the user to
+          reboot the system.
+        '';
+      };
+
+      setLoginUid = mkOption {
+        type = types.bool;
+        description = ''
+          Set the login uid of the process
+          (<filename>/proc/self/loginuid</filename>) for auditing
+          purposes.  The login uid is only set by ‘entry points’ like
+          <command>login</command> and <command>sshd</command>, not by
+          commands like <command>sudo</command>.
+        '';
+      };
+
+      forwardXAuth = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether X authentication keys should be passed from the
+          calling user to the target user (e.g. for
+          <command>su</command>)
+        '';
+      };
+
+      allowNullPassword = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether to allow logging into accounts that have no password
+          set (i.e., have an empty password field in
+          <filename>/etc/passwd</filename> or
+          <filename>/etc/group</filename>).  This does not enable
+          logging into disabled accounts (i.e., that have the password
+          field set to <literal>!</literal>).  Note that regardless of
+          what the pam_unix documentation says, accounts with hashed
+          empty passwords are always allowed to log in.
+        '';
+      };
+
+      limits = mkOption {
+        description = ''
+          Attribute set describing resource limits.  Defaults to the
+          value of <option>security.pam.loginLimits</option>.
+        '';
+      };
+
+      showMotd = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Whether to show the message of the day.";
+      };
+
+      updateWtmp = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Whether to update <filename>/var/log/wtmp</filename>.";
+      };
+
+      text = mkOption {
+        type = types.nullOr types.lines;
+        description = "Contents of the PAM service file.";
+      };
+
+    };
+
+    config = let cfg = args.config; in {
+      name = mkDefault args.name;
+      setLoginUid = mkDefault cfg.startSession;
+      limits = mkDefault config.security.pam.loginLimits;
+
+      # !!! TODO: move the LDAP stuff to the LDAP module, and the
+      # Samba stuff to the Samba module.  This requires that the PAM
+      # module provides the right hooks.
+      text = mkDefault
+        ''
+          # Account management.
+          account sufficient pam_unix.so
+          ${optionalString config.users.ldap.enable
+              "account sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
+          ${optionalString config.krb5.enable
+              "account sufficient ${pam_krb5}/lib/security/pam_krb5.so"}
+
+          # Authentication management.
+          ${optionalString cfg.rootOK
+              "auth sufficient pam_rootok.so"}
+          ${optionalString (config.security.pam.enableSSHAgentAuth && cfg.sshAgentAuth)
+              "auth sufficient ${pkgs.pam_ssh_agent_auth}/libexec/pam_ssh_agent_auth.so file=~/.ssh/authorized_keys:~/.ssh/authorized_keys2:/etc/ssh/authorized_keys.d/%u"}
+          ${optionalString cfg.usbAuth
+              "auth sufficient ${pkgs.pam_usb}/lib/security/pam_usb.so"}
+          ${optionalString cfg.unixAuth
+              "auth sufficient pam_unix.so ${optionalString cfg.allowNullPassword "nullok"} likeauth"}
+          ${optionalString cfg.otpwAuth
+              "auth sufficient ${pkgs.otpw}/lib/security/pam_otpw.so"}
+          ${optionalString config.users.ldap.enable
+              "auth sufficient ${pam_ldap}/lib/security/pam_ldap.so use_first_pass"}
+          ${optionalString config.krb5.enable ''
+            auth [default=ignore success=1 service_err=reset] ${pam_krb5}/lib/security/pam_krb5.so use_first_pass
+            auth [default=die success=done] ${pam_ccreds}/lib/security/pam_ccreds.so action=validate use_first_pass
+            auth sufficient ${pam_ccreds}/lib/security/pam_ccreds.so action=store use_first_pass
+          ''}
+          auth required   pam_deny.so
+
+          # Password management.
+          password requisite pam_unix.so nullok sha512
+          ${optionalString config.users.ldap.enable
+              "password sufficient ${pam_ldap}/lib/security/pam_ldap.so"}
+          ${optionalString config.krb5.enable
+              "password sufficient ${pam_krb5}/lib/security/pam_krb5.so use_first_pass"}
+          ${optionalString config.services.samba.syncPasswordsByPam
+              "password optional ${pkgs.samba}/lib/security/pam_smbpass.so nullok use_authtok try_first_pass"}
+
+          # Session management.
+          session required pam_unix.so
+          ${optionalString cfg.updateWtmp
+              "session required ${pkgs.pam}/lib/security/pam_lastlog.so silent"}
+          ${optionalString config.users.ldap.enable
+              "session optional ${pam_ldap}/lib/security/pam_ldap.so"}
+          ${optionalString config.krb5.enable
+              "session optional ${pam_krb5}/lib/security/pam_krb5.so"}
+          ${optionalString cfg.otpwAuth
+              "session optional ${pkgs.otpw}/lib/security/pam_otpw.so"}
+          ${optionalString cfg.startSession
+              "session optional ${pkgs.systemd}/lib/security/pam_systemd.so"}
+          ${optionalString cfg.setLoginUid
+              "session required pam_loginuid.so"}
+          ${optionalString cfg.forwardXAuth
+              "session optional pam_xauth.so xauthpath=${pkgs.xorg.xauth}/bin/xauth systemuser=99"}
+          ${optionalString (cfg.limits != [])
+              "session required ${pkgs.pam}/lib/security/pam_limits.so conf=${makeLimitsConf cfg.limits}"}
+          ${optionalString (cfg.showMotd && config.users.motd != null)
+              "session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"}
+        '';
+    };
+
+  };
+
+
+  inherit (pkgs) pam_krb5 pam_ccreds;
+
+  pam_ldap = if config.users.ldap.daemon.enable then pkgs.nss_pam_ldapd else pkgs.pam_ldap;
+
+  # Create a limits.conf(5) file.
+  makeLimitsConf = limits:
+    pkgs.writeText "limits.conf"
+       (concatMapStrings ({ domain, type, item, value }:
+         "${domain} ${type} ${item} ${toString value}\n")
+         limits);
+
+  motd = pkgs.writeText "motd" config.users.motd;
+
+  makePAMService = pamService:
+    { source = pkgs.writeText "${pamService.name}.pam" pamService.text;
+      target = "pam.d/${pamService.name}";
+    };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    security.pam.loginLimits = mkOption {
+      default = [];
+      example =
+        [ { domain = "ftp";
+            type   = "hard";
+            item   = "nproc";
+            value  = "0";
+          }
+          { domain = "@student";
+            type   = "-";
+            item   = "maxlogins";
+            value  = "4";
+          }
+       ];
+
+     description =
+       '' Define resource limits that should apply to users or groups.
+          Each item in the list should be an attribute set with a
+          <varname>domain</varname>, <varname>type</varname>,
+          <varname>item</varname>, and <varname>value</varname>
+          attribute.  The syntax and semantics of these attributes
+          must be that described in the limits.conf(5) man page.
+       '';
+    };
+
+    security.pam.services = mkOption {
+      default = [];
+      type = types.loaOf types.optionSet;
+      options = [ pamOpts ];
+      description =
+        ''
+          This option defines the PAM services.  A service typically
+          corresponds to a program that uses PAM,
+          e.g. <command>login</command> or <command>passwd</command>.
+          Each attribute of this set defines a PAM service, with the attribute name
+          defining the name of the service.
+        '';
+    };
+
+    security.pam.enableSSHAgentAuth = mkOption {
+      default = false;
+      description =
+        ''
+          Enable sudo logins if the user's SSH agent provides a key
+          present in <filename>~/.ssh/authorized_keys</filename>.
+          This allows machines to exclusively use SSH keys instead of
+          passwords.
+        '';
+    };
+
+    security.pam.enableOTPW = mkOption {
+      default = false;
+      description = ''
+        Enable the OTPW (one-time password) PAM module.
+      '';
+    };
+
+    users.motd = mkOption {
+      default = null;
+      example = "Today is Sweetmorn, the 4th day of The Aftermath in the YOLD 3178.";
+      type = types.nullOr types.string;
+      description = "Message of the day shown to users when they log in.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages =
+      # Include the PAM modules in the system path mostly for the manpages.
+      [ pkgs.pam ]
+      ++ optional config.users.ldap.enable pam_ldap
+      ++ optionals config.krb5.enable [pam_krb5 pam_ccreds]
+      ++ optionals config.security.pam.enableOTPW [ pkgs.otpw ];
+
+    environment.etc =
+      mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
+
+    security.setuidOwners = [ {
+      program = "unix_chkpwd";
+      source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
+      owner = "root";
+      setuid = true;
+    } ];
+
+    security.pam.services =
+      { other.text =
+          ''
+            auth     required pam_warn.so
+            auth     required pam_deny.so
+            account  required pam_warn.so
+            account  required pam_deny.so
+            password required pam_warn.so
+            password required pam_deny.so
+            session  required pam_warn.so
+            session  required pam_deny.so
+          '';
+
+        # Most of these should be moved to specific modules.
+        cups = {};
+        ftp = {};
+        i3lock = {};
+        screen = {};
+        vlock = {};
+        xlock = {};
+        xscreensaver = {};
+      };
+
+  };
+
+}
diff --git a/nixos/modules/security/pam_usb.nix b/nixos/modules/security/pam_usb.nix
new file mode 100644
index 000000000000..4cc99995fbca
--- /dev/null
+++ b/nixos/modules/security/pam_usb.nix
@@ -0,0 +1,42 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) pam_usb;
+
+  cfg = config.security.pam.usb;
+
+  anyUsbAuth = any (attrByPath ["usbAuth"] false) (attrValues config.security.pam.services);
+
+in
+
+{
+  options = {
+
+    security.pam.usb = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable USB login for all login systems that support it.  For
+          more information, visit <link
+          xlink:href="http://pamusb.org/doc/quickstart#setting_up" />.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf (cfg.enable || anyUsbAuth) {
+
+    # pmount need to have a set-uid bit to make pam_usb works in user
+    # environment. (like su, sudo)
+
+    security.setuidPrograms = [ "pmount" "pumount" ];
+    environment.systemPackages = [ pkgs.pmount ];
+
+  };
+}
diff --git a/nixos/modules/security/polkit.nix b/nixos/modules/security/polkit.nix
new file mode 100644
index 000000000000..cafa9f82d5e4
--- /dev/null
+++ b/nixos/modules/security/polkit.nix
@@ -0,0 +1,124 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.security.polkit;
+
+in
+
+{
+
+  options = {
+
+    security.polkit.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Whether to enable PolKit.";
+    };
+
+    security.polkit.permissions = mkOption {
+      type = types.lines;
+      default = "";
+      example =
+        ''
+          [Disallow Users To Suspend]
+          Identity=unix-group:users
+          Action=org.freedesktop.upower.*
+          ResultAny=no
+          ResultInactive=no
+          ResultActive=no
+
+          [Allow Anybody To Eject Disks]
+          Identity=unix-user:*
+          Action=org.freedesktop.udisks.drive-eject
+          ResultAny=yes
+          ResultInactive=yes
+          ResultActive=yes
+
+          [Allow Alice To Mount Filesystems After Admin Authentication]
+          Identity=unix-user:alice
+          Action=org.freedesktop.udisks.filesystem-mount
+          ResultAny=auth_admin
+          ResultInactive=auth_admin
+          ResultActive=auth_admin
+        '';
+      description =
+        ''
+          Allows the default permissions of privileged actions to be overridden.
+        '';
+    };
+
+    security.polkit.adminIdentities = mkOption {
+      type = types.str;
+      default = "unix-user:0;unix-group:wheel";
+      example = "";
+      description =
+        ''
+          Specifies which users are considered “administrators”, for those
+          actions that require the user to authenticate as an
+          administrator (i.e. have an <literal>auth_admin</literal>
+          value).  By default, this is the <literal>root</literal>
+          user and all users in the <literal>wheel</literal> group.
+        '';
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.polkit ];
+
+    # The polkit daemon reads action files
+    environment.pathsToLink = [ "/share/polkit-1/actions" ];
+
+    environment.etc =
+      [ # No idea what the "null backend" is, but it seems to need this.
+        { source = "${pkgs.polkit}/etc/polkit-1/nullbackend.conf.d";
+          target = "polkit-1/nullbackend.conf.d";
+        }
+
+        # This file determines what users are considered
+        # "administrators".
+        { source = pkgs.writeText "10-nixos.conf"
+            ''
+              [Configuration]
+              AdminIdentities=${cfg.adminIdentities}
+            '';
+          target = "polkit-1/localauthority.conf.d/10-nixos.conf";
+        }
+
+        { source = pkgs.writeText "org.nixos.pkla" cfg.permissions;
+          target = "polkit-1/localauthority/10-vendor.d/org.nixos.pkla";
+        }
+      ];
+
+    services.dbus.packages = [ pkgs.polkit ];
+
+    security.pam.services.polkit-1 = {};
+
+    security.setuidPrograms = [ "pkexec" ];
+
+    security.setuidOwners = singleton
+      { program = "polkit-agent-helper-1";
+        owner = "root";
+        group = "root";
+        setuid = true;
+        source = "${pkgs.polkit}/libexec/polkit-1/polkit-agent-helper-1";
+      };
+
+    system.activationScripts.polkit =
+      ''
+        mkdir -p /var/lib/polkit-1/localauthority
+        chmod 700 /var/lib/polkit-1{/localauthority,}
+
+        # Force polkitd to be restarted so that it reloads its
+        # configuration.
+        ${pkgs.procps}/bin/pkill -INT -u root -x polkitd
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/security/prey.nix b/nixos/modules/security/prey.nix
new file mode 100644
index 000000000000..75b95d5fbb04
--- /dev/null
+++ b/nixos/modules/security/prey.nix
@@ -0,0 +1,42 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.prey;
+  myPrey = pkgs."prey-bash-client".override {
+    apiKey = cfg.apiKey;
+    deviceKey = cfg.deviceKey;
+  };
+in {
+  options = {
+
+    services.prey = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Enables http://preyproject.com/ bash client. Be sure to specify api and device keys.
+          Once setup, cronjob will run evert 15 minutes and report status.
+        '';
+      };
+
+      deviceKey = mkOption {
+        type = types.string;
+        description = "Device Key obtained from https://panel.preyproject.com/devices (and clicking on the device)";
+      };
+
+      apiKey = mkOption {
+        type = types.string;
+        description = "API key obtained from https://panel.preyproject.com/profile";
+      };
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+      environment.systemPackages = [ myPrey ];
+      services.cron.systemCronJobs = [ "*/15 * * * * root ${myPrey}/prey.sh" ];
+  };
+
+}
diff --git a/nixos/modules/security/rngd.nix b/nixos/modules/security/rngd.nix
new file mode 100644
index 000000000000..720ac02f2e81
--- /dev/null
+++ b/nixos/modules/security/rngd.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    security.rngd.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to enable the rng daemon, which adds entropy from
+        hardware sources of randomness to the kernel entropy pool when
+        available.
+      '';
+    };
+  };
+
+  config = mkIf config.security.rngd.enable {
+    services.udev.extraRules = ''
+      KERNEL=="random", TAG+="systemd"
+      SUBSYSTEM=="cpu", ENV{MODALIAS}=="x86cpu:*feature:*009E*", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+      KERNEL=="hw_random", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+      KERNEL=="tmp0", TAG+="systemd", ENV{SYSTEMD_WANTS}+="rngd.service"
+    '';
+
+    systemd.services.rngd = {
+      bindsTo = [ "dev-random.device" ];
+
+      after = [ "dev-random.device" ];
+
+      description = "Hardware RNG Entropy Gatherer Daemon";
+
+      serviceConfig.ExecStart = "${pkgs.rng_tools}/sbin/rngd -f";
+
+      restartTriggers = [ pkgs.rng_tools ];
+    };
+  };
+}
diff --git a/nixos/modules/security/rtkit.nix b/nixos/modules/security/rtkit.nix
new file mode 100644
index 000000000000..164ad9b3aa7d
--- /dev/null
+++ b/nixos/modules/security/rtkit.nix
@@ -0,0 +1,40 @@
+# A module for ‘rtkit’, a DBus system service that hands out realtime
+# scheduling priority to processes that ask for it.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options = {
+
+    security.rtkit.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable the RealtimeKit system service, which hands
+        out realtime scheduling priority to user processes on
+        demand. For example, the PulseAudio server uses this to
+        acquire realtime priority.
+      '';
+    };
+
+  };
+
+
+  config = mkIf config.security.rtkit.enable {
+
+    environment.systemPackages = [ pkgs.rtkit ];
+
+    services.dbus.packages = [ pkgs.rtkit ];
+
+    users.extraUsers = singleton
+      { name = "rtkit";
+        uid = config.ids.uids.rtkit;
+        description = "RealtimeKit daemon";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/security/setuid-wrapper.c b/nixos/modules/security/setuid-wrapper.c
new file mode 100644
index 000000000000..007ffbc34fe9
--- /dev/null
+++ b/nixos/modules/security/setuid-wrapper.c
@@ -0,0 +1,81 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <dirent.h>
+#include <assert.h>
+#include <string.h>
+#include <errno.h>
+
+/* Make sure assertions are not compiled out.  */
+#undef NDEBUG
+
+extern char **environ;
+
+static char * wrapperDir = WRAPPER_DIR;
+
+int main(int argc, char * * argv)
+{
+    char self[PATH_MAX];
+
+    int len = readlink("/proc/self/exe", self, sizeof(self) - 1);
+    assert (len > 0);
+    self[len] = 0;
+
+    /* Make sure that we are being executed from the right location,
+       i.e., `wrapperDir'.  This is to prevent someone from
+       creating hard link `X' from some other location, along with a
+       false `X.real' file, to allow arbitrary programs from being
+       executed setuid.  */
+    assert ((strncmp(self, wrapperDir, sizeof(wrapperDir)) == 0) &&
+	    (self[strlen(wrapperDir)] == '/'));
+
+    /* Make *really* *really* sure that we were executed as `self',
+       and not, say, as some other setuid program.  That is, our
+       effective uid/gid should match the uid/gid of `self'. */
+    //printf("%d %d\n", geteuid(), getegid());
+
+    struct stat st;
+    assert (lstat(self, &st) != -1);
+
+    //printf("%d %d\n", st.st_uid, st.st_gid);
+    
+    assert ((st.st_mode & S_ISUID) == 0 ||
+	    (st.st_uid == geteuid()));
+
+    assert ((st.st_mode & S_ISGID) == 0 ||
+	    st.st_gid == getegid());
+
+    /* And, of course, we shouldn't be writable. */
+    assert (!(st.st_mode & (S_IWGRP | S_IWOTH)));
+
+
+    /* Read the path of the real (wrapped) program from <self>.real. */
+    char realFN[PATH_MAX + 10];
+    int realFNSize = snprintf (realFN, sizeof(realFN), "%s.real", self);
+    assert (realFNSize < sizeof(realFN));
+
+    int fdSelf = open(realFN, O_RDONLY);
+    assert (fdSelf != -1);
+
+    char real[PATH_MAX];
+    len = read(fdSelf, real, PATH_MAX);
+    assert (len != -1);
+    assert (len < sizeof (real));
+    assert (len > 0);
+    real[len] = 0;
+
+    close(fdSelf);
+    
+    //printf("real = %s, len = %d\n", real, len);
+
+    execve(real, argv, environ);
+
+    fprintf(stderr, "%s: cannot run `%s': %s\n",
+        argv[0], real, strerror(errno));
+    
+    exit(1);
+}
diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix
new file mode 100644
index 000000000000..62df85816e50
--- /dev/null
+++ b/nixos/modules/security/setuid-wrappers.nix
@@ -0,0 +1,126 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  inherit (config.security) wrapperDir;
+
+  setuidWrapper = pkgs.stdenv.mkDerivation {
+    name = "setuid-wrapper";
+    buildCommand = ''
+      ensureDir $out/bin
+      gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
+          ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
+      strip -s $out/bin/setuid-wrapper
+    '';
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    security.setuidPrograms = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = ["passwd"];
+      description = ''
+        The Nix store cannot contain setuid/setgid programs directly.
+        For this reason, NixOS can automatically generate wrapper
+        programs that have the necessary privileges.  This option
+        lists the names of programs in the system environment for
+        which setuid root wrappers should be created.
+      '';
+    };
+
+    security.setuidOwners = mkOption {
+      type = types.listOf types.attrs;
+      default = [];
+      example =
+        [ { program = "sendmail";
+            owner = "nobody";
+            group = "postdrop";
+            setuid = false;
+            setgid = true;
+          }
+        ];
+      description = ''
+        This option allows the ownership and permissions on the setuid
+        wrappers for specific programs to be overridden from the
+        default (setuid root, but not setgid root).
+      '';
+    };
+
+    security.wrapperDir = mkOption {
+      internal = true;
+      type = types.path;
+      default = "/var/setuid-wrappers";
+      description = ''
+        This option defines the path to the setuid wrappers.  It
+        should generally not be overriden. Some packages in Nixpkgs
+        expect that <option>wrapperDir</option> is
+        <filename>/var/setuid-wrappers</filename>.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    security.setuidPrograms =
+      [ "fusermount" "wodim" "cdrdao" "growisofs" ];
+
+    system.activationScripts.setuid =
+      let
+        setuidPrograms =
+          (map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
+            config.security.setuidPrograms)
+          ++ config.security.setuidOwners;
+
+        makeSetuidWrapper =
+          { program
+          , source ? ""
+          , owner ? "nobody"
+          , group ? "nogroup"
+          , setuid ? false
+          , setgid ? false
+          , permissions ? "u+rx,g+x,o+x"
+          }:
+
+          ''
+            source=${if source != "" then source else "$(PATH=$SETUID_PATH type -tP ${program})"}
+            if test -z "$source"; then
+                # If we can't find the program, fall back to the
+                # system profile.
+                source=/nix/var/nix/profiles/default/bin/${program}
+            fi
+
+            cp ${setuidWrapper}/bin/setuid-wrapper ${wrapperDir}/${program}
+            echo -n "$source" > ${wrapperDir}/${program}.real
+            chmod 0000 ${wrapperDir}/${program} # to prevent races
+            chown ${owner}.${group} ${wrapperDir}/${program}
+            chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program}
+          '';
+
+      in stringAfter [ "users" ]
+        ''
+          # Look in the system path and in the default profile for
+          # programs to be wrapped.
+          SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin
+
+          if test -d ${wrapperDir}; then rm -f ${wrapperDir}/*; fi # */
+          mkdir -p ${wrapperDir}
+
+          ${concatMapStrings makeSetuidWrapper setuidPrograms}
+        '';
+
+  };
+
+}
diff --git a/nixos/modules/security/sudo.nix b/nixos/modules/security/sudo.nix
new file mode 100644
index 000000000000..215a8ecd6018
--- /dev/null
+++ b/nixos/modules/security/sudo.nix
@@ -0,0 +1,93 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.security.sudo;
+
+  inherit (pkgs) sudo;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    security.sudo.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description =
+        ''
+          Whether to enable the <command>sudo</command> command, which
+          allows non-root users to execute commands as root.
+        '';
+    };
+
+    security.sudo.wheelNeedsPassword = mkOption {
+      type = types.bool;
+      default = true;
+      description =
+        ''
+          Whether users of the <code>wheel</code> group can execute
+          commands as super user without entering a password.
+        '';
+      };
+
+    security.sudo.configFile = mkOption {
+      type = types.lines;
+      # Note: if syntax errors are detected in this file, the NixOS
+      # configuration will fail to build.
+      description =
+        ''
+          This string contains the contents of the
+          <filename>sudoers</filename> file.
+        '';
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    security.sudo.configFile =
+      ''
+        # Don't edit this file. Set the NixOS option ‘security.sudo.configFile’ instead.
+
+        # Environment variables to keep for root and %wheel.
+        Defaults:root,%wheel env_keep+=LOCALE_ARCHIVE
+        Defaults:root,%wheel env_keep+=NIX_CONF_DIR
+        Defaults:root,%wheel env_keep+=NIX_PATH
+        Defaults:root,%wheel env_keep+=TERMINFO_DIRS
+
+        # Keep SSH_AUTH_SOCK so that pam_ssh_agent_auth.so can do its magic.
+        Defaults env_keep+=SSH_AUTH_SOCK
+
+        # "root" is allowed to do anything.
+        root        ALL=(ALL) SETENV: ALL
+
+        # Users in the "wheel" group can do anything.
+        %wheel      ALL=(ALL) ${if cfg.wheelNeedsPassword then "" else "NOPASSWD: ALL, "}SETENV: ALL
+      '';
+
+    security.setuidPrograms = [ "sudo" "sudoedit" ];
+
+    environment.systemPackages = [ sudo ];
+
+    security.pam.services.sudo = { sshAgentAuth = true; };
+
+    environment.etc = singleton
+      { source = pkgs.writeText "sudoers-in" cfg.configFile;
+          # Make sure that the sudoers file is syntactically valid.
+          # (currently disabled - NIXOS-66)
+          #"${pkgs.sudo}/sbin/visudo -f $src -c && cp $src $out";
+        target = "sudoers";
+        mode = "0440";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/amqp/activemq/ActiveMQBroker.java b/nixos/modules/services/amqp/activemq/ActiveMQBroker.java
new file mode 100644
index 000000000000..c0f5d16ea11a
--- /dev/null
+++ b/nixos/modules/services/amqp/activemq/ActiveMQBroker.java
@@ -0,0 +1,19 @@
+import org.apache.activemq.broker.BrokerService;
+import org.apache.activemq.broker.BrokerFactory;
+import java.net.URI;
+
+public class ActiveMQBroker {
+
+  public static void main(String[] args) throws Throwable {
+    URI uri = new URI((args.length > 0) ? args[0] : "xbean:activemq.xml");
+    BrokerService broker = BrokerFactory.createBroker(uri);
+    broker.start();
+    if (broker.waitUntilStarted()) {
+      broker.waitUntilStopped();
+    } else {
+      System.out.println("Failed starting broker");
+      System.exit(-1);
+    };
+  }
+
+}
diff --git a/nixos/modules/services/amqp/activemq/default.nix b/nixos/modules/services/amqp/activemq/default.nix
new file mode 100644
index 000000000000..915d179e6999
--- /dev/null
+++ b/nixos/modules/services/amqp/activemq/default.nix
@@ -0,0 +1,131 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+with pkgs;
+
+let
+
+  cfg = config.services.activemq;
+
+  activemqBroker = stdenv.mkDerivation {
+    name = "activemq-broker";
+    phases = [ "installPhase" ];
+    buildInputs = [ jdk ];
+    installPhase = ''
+      ensureDir $out/lib
+      source ${activemq}/lib/classpath.env
+      export CLASSPATH
+      ln -s "${./ActiveMQBroker.java}" ActiveMQBroker.java
+      javac -d $out/lib ActiveMQBroker.java
+    '';
+  };
+
+in {
+
+  options = {
+    services.activemq = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable the Apache ActiveMQ message broker service.
+        '';
+      };
+      configurationDir = mkOption {
+        default = "${activemq}/conf";
+        description = ''
+          The base directory for ActiveMQ's configuration.
+          By default, this directory is searched for a file named activemq.xml,
+          which should contain the configuration for the broker service.
+        '';
+      };
+      configurationURI = mkOption {
+        type = types.string;
+        default = "xbean:activemq.xml";
+        description = ''
+          The URI that is passed along to the BrokerFactory to
+          set up the configuration of the ActiveMQ broker service.
+          You should not need to change this. For custom configuration,
+          set the <literal>configurationDir</literal> instead, and create
+          an activemq.xml configuration file in it.
+        '';
+      };
+      baseDir = mkOption {
+        type = types.string;
+        default = "/var/activemq";
+        description = ''
+          The base directory where ActiveMQ stores its persistent data and logs.
+          This will be overridden if you set "activemq.base" and "activemq.data"
+          in the <literal>javaProperties</literal> option. You can also override
+          this in activemq.xml.
+        '';
+      };
+      javaProperties = mkOption {
+        type = types.attrs;
+        default = { };
+        example = {
+          "java.net.preferIPv4Stack" = "true";
+        };
+        apply = attrs: {
+          "activemq.base" = "${cfg.baseDir}";
+          "activemq.data" = "${cfg.baseDir}/data";
+          "activemq.conf" = "${cfg.configurationDir}";
+          "activemq.home" = "${activemq}";
+        } // attrs;
+        description = ''
+          Specifies Java properties that are sent to the ActiveMQ
+          broker service with the "-D" option. You can set properties
+          here to change the behaviour and configuration of the broker.
+          All essential properties that are not set here are automatically
+          given reasonable defaults.
+        '';
+      };
+      extraJavaOptions = mkOption {
+        type = types.string;
+        default = "";
+        example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
+        description = ''
+          Add extra options here that you want to be sent to the
+          Java runtime when the broker service is started.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    users.extraUsers.activemq = {
+      description = "ActiveMQ server user";
+      group = "activemq";
+      uid = config.ids.uids.activemq;
+    };
+
+    users.extraGroups.activemq.gid = config.ids.gids.activemq;
+
+    systemd.services.activemq_init = {
+      wantedBy = [ "activemq.service" ];
+      partOf = [ "activemq.service" ];
+      before = [ "activemq.service" ];
+      serviceConfig.Type = "oneshot";
+      script = ''
+        mkdir -p "${cfg.javaProperties."activemq.data"}"
+        chown -R activemq "${cfg.javaProperties."activemq.data"}"
+      '';
+    };
+
+    systemd.services.activemq = {
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      path = [ jre ];
+      serviceConfig.User = "activemq";
+      script = ''
+        source ${activemq}/lib/classpath.env
+        export CLASSPATH=${activemqBroker}/lib:${cfg.configurationDir}:$CLASSPATH
+        exec java \
+          ${concatStringsSep " \\\n" (mapAttrsToList (name: value: "-D${name}=${value}") cfg.javaProperties)} \
+          ${cfg.extraJavaOptions} ActiveMQBroker "${cfg.configurationURI}"
+      '';
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/amqp/rabbitmq.nix b/nixos/modules/services/amqp/rabbitmq.nix
new file mode 100644
index 000000000000..696b5ad43797
--- /dev/null
+++ b/nixos/modules/services/amqp/rabbitmq.nix
@@ -0,0 +1,94 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.rabbitmq;
+
+  run = cmd: "${pkgs.sudo}/bin/sudo -E -u rabbitmq ${cmd}";
+
+in
+
+{
+
+
+  ###### interface
+
+  options = {
+
+    services.rabbitmq = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the RabbitMQ server, an Advanced Message
+          Queuing Protocol (AMQP) broker.
+        '';
+      };
+
+      listenAddress = mkOption {
+        default = "127.0.0.1";
+        example = "";
+        description = ''
+          IP address on which RabbitMQ will listen for AMQP
+          connections.  Set to the empty string to listen on all
+          interfaces.  Note that RabbitMQ creates a user named
+          <literal>guest</literal> with password
+          <literal>guest</literal> by default, so you should delete
+          this user if you intend to allow external access.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.rabbitmq_server ];
+
+    users.extraUsers.rabbitmq = {
+      description = "RabbitMQ server user";
+      home = "/var/empty";
+      group = "rabbitmq";
+      uid = config.ids.uids.rabbitmq;
+    };
+
+    users.extraGroups.rabbitmq.gid = config.ids.gids.rabbitmq;
+
+    jobs.rabbitmq = {
+        description = "RabbitMQ server";
+
+        startOn = "started network-interfaces";
+
+        preStart =
+          ''
+            mkdir -m 0700 -p /var/lib/rabbitmq
+            chown rabbitmq /var/lib/rabbitmq
+
+            mkdir -m 0700 -p /var/log/rabbitmq
+            chown rabbitmq /var/log/rabbitmq
+          '';
+
+        environment.HOME = "/var/lib/rabbitmq";
+        environment.RABBITMQ_NODE_IP_ADDRESS = cfg.listenAddress;
+        environment.SYS_PREFIX = "";
+
+        exec =
+          ''
+            ${run "${pkgs.rabbitmq_server}/sbin/rabbitmq-server"}
+          '';
+
+        preStop =
+          ''
+            ${run "${pkgs.rabbitmq_server}/sbin/rabbitmqctl stop"}
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/audio/alsa.nix b/nixos/modules/services/audio/alsa.nix
new file mode 100644
index 000000000000..d021b8bd3ba9
--- /dev/null
+++ b/nixos/modules/services/audio/alsa.nix
@@ -0,0 +1,68 @@
+# ALSA sound support.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) alsaUtils;
+
+  soundState = "/var/lib/alsa/asound.state";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    sound = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to enable ALSA sound.
+        '';
+      };
+
+      enableOSSEmulation = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to enable ALSA OSS emulation (with certain cards sound mixing may not work!).
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.sound.enable {
+
+    environment.systemPackages = [ alsaUtils ];
+
+    # ALSA provides a udev rule for restoring volume settings.
+    services.udev.packages = [ alsaUtils ];
+
+    boot.kernelModules = optional config.sound.enableOSSEmulation "snd_pcm_oss";
+
+    systemd.services."alsa-store" =
+      { description = "Store Sound Card State";
+        wantedBy = [ "multi-user.target" ];
+        unitConfig.RequiresMountsFor = "/var/lib/alsa";
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+          ExecStart = "${pkgs.coreutils}/bin/mkdir -p /var/lib/alsa";
+          ExecStop = "${alsaUtils}/sbin/alsactl store --ignore";
+        };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/audio/fuppes.nix b/nixos/modules/services/audio/fuppes.nix
new file mode 100644
index 000000000000..3eb0732bae2e
--- /dev/null
+++ b/nixos/modules/services/audio/fuppes.nix
@@ -0,0 +1,115 @@
+{config, pkgs, ...}:
+
+let
+  cfg = config.services.fuppesd;
+in
+
+with pkgs.lib;
+
+{
+  options = {
+    services.fuppesd = {
+      enable = mkOption {
+        default = false;
+        type = with types; bool;
+        description = ''
+          Enables Fuppes (UPnP A/V Media Server).  Can be used to watch
+          photos, video and listen to music from a phone/tv connected to the
+          local network.
+        '';
+      };
+
+      name = mkOption {
+        example = "Media Center";
+        type = types.str;
+        description = ''
+          Enables Fuppes (UPnP A/V Media Server).  Can be used to watch
+          photos, video and listen to music from a phone/tv connected to the
+          local network.
+        '';
+      };
+
+      log = {
+        level = mkOption {
+          default = 0;
+          example = 3;
+          type = with types; uniq int;
+          description = ''
+            Logging level of fuppes, An integer between 0 and 3.
+          '';
+        };
+
+        file = mkOption {
+          default = "/var/log/fuppes.log";
+          type = types.str;
+          description = ''
+            File which will contains the log produced by the daemon.
+          '';
+        };
+      };
+
+      config = mkOption {
+        example = "/etc/fuppes/fuppes.cfg";
+        type = types.str;
+        description = ''
+          Mutable configuration file which can be edited with the web
+          interface.  Due to possible modification, double quote the full
+          path of the filename stored in your filesystem to avoid attempts
+          to modify the content of the nix store.
+        '';
+      };
+
+      vfolder = mkOption {
+        example = literalExample "/etc/fuppes/vfolder.cfg";
+        description = ''
+          XML file describing the layout of virtual folder visible by the
+          client.
+        '';
+      };
+
+      database = mkOption {
+        default = "/var/lib/fuppes/fuppes.db";
+        type = types.str;
+        description = ''
+          Database file which index all shared files.
+        '';
+      };
+
+      ## At the moment, no plugins are packaged.
+      /*
+      plugins = mkOption {
+        type = with types; listOf package;
+        description = ''
+          List of Fuppes plugins.
+        '';
+      };
+      */
+
+      user = mkOption {
+        default = "root"; # The default is not secure.
+        example = "fuppes";
+        type = types.str;
+        description = ''
+          Name of the user which own the configuration files and under which
+          the fuppes daemon will be executed.
+        '';
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+    jobs.fuppesd = {
+      description = "UPnP A/V Media Server. (${cfg.name})";
+      startOn = "ip-up";
+      daemonType = "fork";
+      exec = ''/var/setuid-wrappers/sudo -u ${cfg.user} -- ${pkgs.fuppes}/bin/fuppesd --friendly-name ${cfg.name} --log-level ${toString cfg.log.level} --log-file ${cfg.log.file} --config-file ${cfg.config} --vfolder-config-file ${cfg.vfolder} --database-file ${cfg.database}'';
+    };
+
+    services.fuppesd.name = mkDefault config.networking.hostName;
+
+    services.fuppesd.vfolder = mkDefault ./fuppes/vfolder.cfg;
+
+    security.sudo.enable = true;
+  };
+}
diff --git a/nixos/modules/services/audio/fuppes/vfolder.cfg b/nixos/modules/services/audio/fuppes/vfolder.cfg
new file mode 100644
index 000000000000..35ec3bffeb0a
--- /dev/null
+++ b/nixos/modules/services/audio/fuppes/vfolder.cfg
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<fuppes_vfolder_config version="0.2">
+
+ <vfolder_layout device="default" enabled="false">
+
+    <vfolder name="Genre">
+      <vfolders property="genre">
+        <items type="audioItem" />
+      </vfolders>
+    </vfolder>
+
+    <vfolder name="Genre/Artists">
+      <vfolders property="genre">
+        <vfolders property="artist">
+          <items type="audioItem" />
+        </vfolders>
+      </vfolders>
+    </vfolder>
+
+    <vfolder name="Artists/Albums">
+      <vfolders property="artist">
+        <vfolders property="album">
+          <items type="audioItem" />
+        </vfolders>
+      </vfolders>
+    </vfolder> 
+    
+    <vfolder name="ABC/Artists/Albums">
+      <vfolders split="ABC">
+        <vfolders property="artist">
+          <vfolders property="album">
+            <items type="audioItem" />
+          </vfolders>
+        </vfolders>
+      </vfolders>
+    </vfolder>
+       
+    <vfolder name="Photos">
+      <vfolder name="All">
+        <items type="imageItem" />
+      </vfolder>
+      <vfolder name="Folders">
+        <folders filter="contains(imageItem)" />
+      </vfolder>      
+    </vfolder>
+
+    <vfolder name="Videos">
+      <vfolder name="All">
+        <items type="videoItem" />
+      </vfolder>
+      <vfolder name="Folders">
+        <folders filter="contains(videoItem)" />
+      </vfolder>
+    </vfolder>
+    
+    <vfolder name="shared dirs">
+      <shared_dirs full_extend="true" />
+    </vfolder>
+    
+  </vfolder_layout>
+
+  <vfolder_layout device="Xbox 360" enabled="false">
+
+    <vfolder name="Music" id="1">
+      <vfolder name="Album" id="7">
+        <vfolders property="album">
+          <items type="audioItem" />
+        </vfolders>
+      </vfolder>
+            
+      <vfolder name="All Music" id="4">
+        <items type="audioItem" />
+      </vfolder>
+      
+      <vfolder name="Artist" id="6">
+        <vfolders property="artist">
+          <items type="audioItem" />
+        </vfolders>
+      </vfolder>
+      
+      <vfolder name="Folders" id="20">
+        <folders filter="contains(audioItem)" />
+      </vfolder>
+      
+      <vfolder name="Genre" id="5">
+        <vfolders property="genre">
+          <items type="audioItem" />
+        </vfolders>
+      </vfolder>
+      
+      <vfolder name="Playlist" id="15" />
+    </vfolder>
+   
+    <vfolder name="Pictures" id="3">
+      <vfolder name="Album" id="13" />
+      
+      <vfolder name="All Pictures" id="11">
+        <items type="imageItem" />
+      </vfolder>
+      
+      <vfolder name="Date Taken" id="12" />
+      
+      <vfolder name="Folders" id="22">
+        <folders filter="contains(imageItem)" />
+      </vfolder>
+    </vfolder>
+
+    <vfolder name="Playlists" id="18">
+      <vfolder name="All Playlists" id="19" />
+      <vfolder name="Folders" id="23" />
+    </vfolder>
+
+    <vfolder name="Video" id="2">
+      <vfolder name="Actor" id="10" />
+      <vfolder name="Album" id="14" />
+      <vfolder name="All Video" id="8">
+				<items type="videoItem" />
+			</vfolder>
+      <vfolder name="Folders" id="21">
+			   <folders filter="contains(videoItem)" />
+			</vfolder>
+      <vfolder name="Genre" id="9" />
+    </vfolder>
+
+  </vfolder_layout>
+
+  <vfolder_layout device="Yamaha" enabled="false" create_references="true" >
+
+    <vfolder name="Playlists" />
+
+    <vfolder name="Artists">
+      <vfolders property="artist">
+        <items type="audioItem" />
+      </vfolders>
+    </vfolder>
+
+    <vfolder name="Albums">
+      <vfolders property="album">
+        <items type="audioItem" />
+      </vfolders>
+    </vfolder>
+
+    <vfolder name="Songs">
+      <items type="audioItem" />
+    </vfolder>
+
+    <vfolder name="Genres">
+      <vfolders property="genre">
+        <items type="audioItem" />
+      </vfolders>
+    </vfolder>
+
+  </vfolder_layout>
+
+</fuppes_vfolder_config>
diff --git a/nixos/modules/services/audio/mpd.nix b/nixos/modules/services/audio/mpd.nix
new file mode 100644
index 000000000000..a9880dee20c4
--- /dev/null
+++ b/nixos/modules/services/audio/mpd.nix
@@ -0,0 +1,92 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  uid = config.ids.uids.mpd;
+  gid = config.ids.gids.mpd;
+  cfg = config.services.mpd;
+
+  mpdConf = pkgs.writeText "mpd.conf" ''
+    music_directory     "${cfg.musicDirectory}"
+    playlist_directory  "${cfg.dataDir}/playlists"
+    db_file             "${cfg.dataDir}/tag_cache"
+    state_file          "${cfg.dataDir}/state"
+    sticker_file        "${cfg.dataDir}/sticker.sql"
+    log_file            "syslog"
+    user                "mpd"
+    ${cfg.extraConfig}
+  ''; 
+
+in {
+
+  ###### interface
+
+  options = { 
+
+    services.mpd = { 
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable MPD, the music player daemon.
+        ''; 
+      };  
+
+      musicDirectory = mkOption {
+        default = "${cfg.dataDir}/music";
+        description = ''
+          Extra configuration added to the end of MPD's
+          configuration file, mpd.conf.
+        ''; 
+      };  
+
+      extraConfig = mkOption {
+        default = ""; 
+        description = ''
+          Extra directives added to to the end of MPD's configuration file,
+          mpd.conf. Basic configuration like file location and uid/gid
+          is added automatically to the beginning of the file.
+        ''; 
+      };  
+
+      dataDir = mkOption {
+        default = "/var/lib/mpd/";
+        description = ''
+          The directory where MPD stores its state, tag cache,
+          playlists etc.
+        ''; 
+      };  
+
+    };  
+
+  };  
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    systemd.services.mpd = {
+      after = [ "network.target" "sound.target" ];
+      description = "Music Player Daemon";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.mpd ];
+      preStart = "mkdir -p ${cfg.dataDir} && chown -R mpd:mpd  ${cfg.dataDir}";
+      script = "exec mpd --no-daemon ${mpdConf}";
+    };
+
+    users.extraUsers.mpd = {
+      inherit uid;
+      group = "mpd";
+      extraGroups = [ "audio" ];
+      description = "Music Player Daemon user";
+      home = "${cfg.dataDir}";
+    };
+
+    users.extraGroups.mpd.gid = gid;
+
+  };
+
+}
diff --git a/nixos/modules/services/backup/almir.nix b/nixos/modules/services/backup/almir.nix
new file mode 100644
index 000000000000..d5bc932c6b96
--- /dev/null
+++ b/nixos/modules/services/backup/almir.nix
@@ -0,0 +1,171 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.almir;
+
+  bconsoleconf = pkgs.writeText "bconsole.conf"
+    ''
+      Director {
+        Name = ${cfg.director_name}
+        DIRport = ${toString cfg.director_port}
+        address = ${cfg.director_address}
+        Password = "${cfg.director_password}"
+      }
+    '';
+
+  productionini = pkgs.writeText "production.ini"
+    ''
+[app:main]
+use = egg:almir
+
+pyramid.reload_templates = false
+pyramid.debug_authorization = false
+pyramid.debug_notfound = false
+pyramid.debug_routematch = false
+pyramid.debug_templates = false
+pyramid.default_locale_name = en
+pyramid.includes =
+    pyramid_exclog
+exclog.extra_info = true
+
+sqlalchemy.url = ${cfg.sqlalchemy_engine_url}
+timezone = ${cfg.timezone}
+bconsole_config = ${bconsoleconf}
+
+[server:main]
+use = egg:waitress#main
+host = 127.0.0.1
+port = ${toString cfg.port}
+
+
+# Begin logging configuration
+
+[loggers]
+keys = root, almir, sqlalchemy, exc_logger
+
+[handlers]
+keys = console
+
+[formatters]
+keys = generic
+
+[logger_root]
+level = WARN
+handlers = console
+
+[logger_almir]
+level = WARN
+handlers =
+qualname = almir
+
+[logger_exc_logger]
+level = ERROR
+handlers =
+qualname = exc_logger
+
+[logger_sqlalchemy]
+level = WARN
+handlers =
+qualname = sqlalchemy.engine
+# "level = INFO" logs SQL queries.
+# "level = DEBUG" logs SQL queries and results.
+# "level = WARN" logs neither.  (Recommended for production systems.)
+
+[handler_console]
+class = StreamHandler
+args = (sys.stderr,)
+level = NOTSET
+formatter = generic
+
+[formatter_generic]
+format = %(asctime)s %(levelname)-5.5s [%(name)s][%(threadName)s] %(message)s
+    '';
+in {
+  options = {
+    services.almir = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Enable Almir web server. Also configures postgresql database and installs bacula.
+        '';
+      };
+
+      port = mkOption {
+        default = 35000;
+        type = types.uniq types.int;
+        description = ''
+          Port for Almir web server to listen on.
+        '';
+      };
+
+      timezone = mkOption {
+	description = ''
+         Timezone as specified in https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+        '';
+        example = "Europe/Ljubljana";
+      };
+
+      sqlalchemy_engine_url = mkOption {
+        example = ''
+          postgresql://bacula:bacula@localhost:5432/bacula
+          mysql+mysqlconnector://<user>:<password>@<hostname>/<database>'
+          sqlite:////var/lib/bacula/bacula.db'
+        '';
+	description = ''
+         Define SQL database connection to bacula catalog as specified in http://docs.sqlalchemy.org/en/latest/core/engines.html#database-urls
+        '';
+      };
+
+      director_name = mkOption {
+        description = ''
+          Name of the Director to connect with bconsole.
+        '';
+      };
+
+      director_password = mkOption {
+        description = ''
+          Password for Director to connect with bconsole.
+        '';
+      };
+
+      director_port = mkOption {
+        default = 9101;
+        type = types.int;
+        description = ''
+          Port for Director to connect with bconsole.
+        '';
+      };
+
+      director_address = mkOption {
+        default = "127.0.0.1";
+        description = ''
+          IP/Hostname for Director to connect with bconsole.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.almir = {
+      after = [ "network.target" "postgresql.service" ];
+      description = "Almir web app";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.pythonPackages.almir ];
+      serviceConfig.ExecStart = "${pkgs.pythonPackages.almir}/bin/pserve ${productionini}";
+    };
+
+    environment.systemPackages = [ pkgs.pythonPackages.almir ];
+
+    users.extraUsers.almir = {
+      group = "almir";
+      uid = config.ids.uids.almir;
+      createHome = true;
+      shell = "${pkgs.bash}/bin/bash";
+    };
+
+    users.extraGroups.almir.gid = config.ids.gids.almir;
+  };
+}
diff --git a/nixos/modules/services/backup/bacula.nix b/nixos/modules/services/backup/bacula.nix
new file mode 100644
index 000000000000..272903c99e33
--- /dev/null
+++ b/nixos/modules/services/backup/bacula.nix
@@ -0,0 +1,408 @@
+{ config, pkgs, ... }:
+
+# TODO: test configuration when building nixexpr (use -t parameter)
+# TODO: support sqlite3 (it's deprecate?) and mysql
+
+with pkgs.lib;
+
+let
+  libDir = "/var/lib/bacula";
+
+  fd_cfg = config.services.bacula-fd;
+  fd_conf = pkgs.writeText "bacula-fd.conf"
+    ''
+      Client {
+        Name = "${fd_cfg.name}";
+        FDPort = ${toString fd_cfg.port};
+        WorkingDirectory = "${libDir}";
+        Pid Directory = "/var/run";
+        ${fd_cfg.extraClientConfig}
+      }
+     
+      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
+      Director {
+        Name = "${name}";
+        Password = "${value.password}";
+        Monitor = "${value.monitor}";
+      }
+      '') fd_cfg.director)}
+     
+      Messages {
+        Name = Standard;
+        syslog = all, !skipped, !restored
+        ${fd_cfg.extraMessagesConfig}
+      }
+    '';
+
+  sd_cfg = config.services.bacula-sd;
+  sd_conf = pkgs.writeText "bacula-sd.conf" 
+    ''
+      Storage {
+        Name = "${sd_cfg.name}";
+        SDPort = ${toString sd_cfg.port};
+        WorkingDirectory = "${libDir}";
+        Pid Directory = "/var/run";
+        ${sd_cfg.extraStorageConfig}
+      }
+ 
+      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
+      Device {
+        Name = "${name}";
+        Archive Device = "${value.archiveDevice}";
+        Media Type = "${value.mediaType}";
+        ${value.extraDeviceConfig}
+      }
+      '') sd_cfg.device)}
+
+      ${concatStringsSep "\n" (mapAttrsToList (name: value: ''
+      Director {
+        Name = "${name}";
+        Password = "${value.password}";
+        Monitor = "${value.monitor}";
+      }
+      '') sd_cfg.director)}
+
+      Messages {
+        Name = Standard;
+        syslog = all, !skipped, !restored
+        ${sd_cfg.extraMessagesConfig}
+      }
+    '';
+
+  dir_cfg = config.services.bacula-dir;
+  dir_conf = pkgs.writeText "bacula-dir.conf" 
+    ''
+    Director {
+      Name = "${dir_cfg.name}";
+      Password = "${dir_cfg.password}";
+      DirPort = ${toString dir_cfg.port};
+      Working Directory = "${libDir}";
+      Pid Directory = "/var/run/";
+      QueryFile = "${pkgs.bacula}/etc/query.sql";
+      ${dir_cfg.extraDirectorConfig}
+    }
+
+    Catalog {
+      Name = "PostgreSQL";
+      dbname = "bacula";
+      user = "bacula";
+    }
+
+    Messages {
+      Name = Standard;
+      syslog = all, !skipped, !restored
+      ${dir_cfg.extraMessagesConfig}
+    }
+
+    ${dir_cfg.extraConfig}
+    '';
+
+  # TODO: by default use this config
+  bconsole_conf = pkgs.writeText "bconsole.conf"
+    ''
+    Director {
+      Name = ${dir_cfg.name};
+      Address = "localhost";
+      DirPort = ${toString dir_cfg.port};
+      Password = "${dir_cfg.password}";
+    }
+    '';
+
+  directorOptions = {name, config, ...}:
+  {
+    options = {
+      password = mkOption {
+        # TODO: required?
+        description = ''
+           Specifies the password that must be supplied for a Director to b
+        '';
+      };
+      
+      monitor = mkOption {
+        default = "no";
+        example = "yes";
+        description = ''
+           If Monitor is set to no (default), this director will have full 
+        '';
+      };
+    };
+  };
+
+  deviceOptions = {name, config, ...}:
+  {
+    options = {
+      archiveDevice = mkOption {
+        # TODO: required?
+        description = ''
+          The specified name-string gives the system file name of the storage device managed by this storage daemon. This will usually be the device file name of a removable storage device (tape drive), for example " /dev/nst0" or "/dev/rmt/0mbn". For a DVD-writer, it will be for example /dev/hdc. It may also be a directory name if you are archiving to disk storage.
+        '';
+      };
+
+      mediaType = mkOption {
+        # TODO: required?
+        description = ''
+          The specified name-string names the type of media supported by this device, for example, "DLT7000". Media type names are arbitrary in that you set them to anything you want, but they must be known to the volume database to keep track of which storage daemons can read which volumes. In general, each different storage type should have a unique Media Type associated with it. The same name-string must appear in the appropriate Storage resource definition in the Director's configuration file.
+        '';
+      };
+
+      extraDeviceConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Device directive.
+        '';
+        example = ''
+          LabelMedia = yes
+          Random Access = no
+          AutomaticMount = no
+          RemovableMedia = no
+          MaximumOpenWait = 60
+          AlwaysOpen = no
+        '';
+      };
+    };
+  };
+
+in {
+  options = {
+    services.bacula-fd = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Bacula File Daemon.
+        '';
+      };
+ 
+      name = mkOption {
+        default = "${config.networking.hostName}-fd";
+        description = ''
+        	The client name that must be used by the Director when connecting. Generally, it is a good idea to use a name related to the machine so that error messages can be easily identified if you have multiple Clients. This directive is required.
+        '';
+      };
+ 
+      port = mkOption {
+        default = 9102;
+        type = types.uniq types.int;
+        description = ''
+        	This specifies the port number on which the Client listens for Director connections. It must agree with the FDPort specified in the Client resource of the Director's configuration file. The default is 9102.
+        '';
+      };
+ 
+      director = mkOption {
+        default = {};
+        description = ''
+          This option defines director resources in Bacula File Daemon.
+        '';
+        type = types.attrsOf types.optionSet;
+        options = [ directorOptions ];
+      };
+
+      extraClientConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Client directive.
+        '';
+        example = ''
+          Maximum Concurrent Jobs = 20;
+          Heartbeat Interval = 30;
+        '';
+      };
+
+      extraMessagesConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Messages directive.
+        '';
+        example = ''
+          console = all
+        '';
+      };
+    };
+
+    services.bacula-sd = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Bacula Storage Daemon.
+        '';
+      };
+ 
+      name = mkOption {
+        default = "${config.networking.hostName}-sd";
+        description = ''
+          Specifies the Name of the Storage daemon.
+        '';
+      };
+ 
+      port = mkOption {
+        default = 9103;
+        type = types.uniq types.int;
+        description = ''
+          Specifies port number on which the Storage daemon listens for Director connections. The default is 9103.
+        '';
+      };
+
+      director = mkOption {
+        default = {};
+        description = ''
+          This option defines Director resources in Bacula Storage Daemon.
+        '';
+        type = types.attrsOf types.optionSet;
+        options = [ directorOptions ];
+      };
+
+      device = mkOption {
+        default = {};
+        description = ''
+          This option defines Device resources in Bacula Storage Daemon.
+        '';
+        type = types.attrsOf types.optionSet;
+        options = [ deviceOptions ];
+      };
+ 
+      extraStorageConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Storage directive.
+        '';
+        example = ''
+          Maximum Concurrent Jobs = 20;
+          Heartbeat Interval = 30;
+        '';
+      };
+
+      extraMessagesConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Messages directive.
+        '';
+        example = ''
+          console = all
+        '';
+      };
+ 
+    };
+
+    services.bacula-dir = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Bacula Director Daemon.
+        '';
+      };
+
+      name = mkOption {
+        default = "${config.networking.hostName}-dir";
+        description = ''
+          The director name used by the system administrator. This directive is required.
+        '';
+      };
+ 
+      port = mkOption {
+        default = 9101;
+        type = types.uniq types.int;
+        description = ''
+          Specify the port (a positive integer) on which the Director daemon will listen for Bacula Console connections. This same port number must be specified in the Director resource of the Console configuration file. The default is 9101, so normally this directive need not be specified. This directive should not be used if you specify DirAddresses (N.B plural) directive.
+        '';
+      };
+ 
+      password = mkOption {
+        # TODO: required?
+        description = ''
+           Specifies the password that must be supplied for a Director.
+        '';
+      };
+
+      extraMessagesConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Messages directive.
+        '';
+        example = ''
+          console = all
+        '';
+      };
+
+      extraDirectorConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration to be passed in Director directive.
+        '';
+        example = ''
+          Maximum Concurrent Jobs = 20;
+          Heartbeat Interval = 30;
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration for Bacula Director Daemon.
+        '';
+        example = ''
+          TODO
+        '';
+      };
+    };
+  };
+
+  config = mkIf (fd_cfg.enable || sd_cfg.enable || dir_cfg.enable) {
+    systemd.services.bacula-fd = mkIf fd_cfg.enable {
+      after = [ "network.target" ];
+      description = "Bacula File Daemon";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.bacula ];
+      serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-fd -f -u root -g bacula -c ${fd_conf}";
+      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+    };
+
+    systemd.services.bacula-sd = mkIf sd_cfg.enable {
+      after = [ "network.target" ];
+      description = "Bacula Storage Daemon";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.bacula ];
+      serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-sd -f -u bacula -g bacula -c ${sd_conf}";
+      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+    };
+
+    services.postgresql.enable = dir_cfg.enable == true;
+
+    systemd.services.bacula-dir = mkIf dir_cfg.enable {
+      after = [ "network.target" "postgresql.service" ];
+      description = "Bacula Director Daemon";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.bacula ];
+      serviceConfig.ExecStart = "${pkgs.bacula}/sbin/bacula-dir -f -u bacula -g bacula -c ${dir_conf}";
+      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      preStart = ''
+        if ! test -e "${libDir}/db-created"; then
+            ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole bacula
+            #${pkgs.postgresql}/bin/createdb --owner bacula bacula
+
+            # populate DB
+            ${pkgs.bacula}/etc/create_bacula_database postgresql
+            ${pkgs.bacula}/etc/make_bacula_tables postgresql
+            ${pkgs.bacula}/etc/grant_bacula_privileges postgresql
+            touch "${libDir}/db-created"
+        else
+            ${pkgs.bacula}/etc/update_bacula_tables postgresql || true
+        fi
+      '';
+    };
+
+    environment.systemPackages = [ pkgs.bacula ];
+
+    users.extraUsers.bacula = {
+      group = "bacula";
+      uid = config.ids.uids.bacula;
+      home = "${libDir}";
+      createHome = true;
+      description = "Bacula Daemons user";
+      shell = "${pkgs.bash}/bin/bash";
+    };
+
+    users.extraGroups.bacula.gid = config.ids.gids.bacula;
+  };
+}
diff --git a/nixos/modules/services/backup/mysql-backup.nix b/nixos/modules/services/backup/mysql-backup.nix
new file mode 100644
index 000000000000..3ff9978fbb96
--- /dev/null
+++ b/nixos/modules/services/backup/mysql-backup.nix
@@ -0,0 +1,81 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) mysql gzip;
+
+  cfg = config.services.mysqlBackup ;
+  location = cfg.location ;
+  mysqlBackupCron = db : ''
+    ${cfg.period} ${cfg.user} ${mysql}/bin/mysqldump ${if cfg.singleTransaction then "--single-transaction" else ""} ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
+  '';
+
+in
+
+{
+  options = {
+
+    services.mysqlBackup = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable MySQL backups.
+        '';
+      };
+
+      period = mkOption {
+        default = "15 01 * * *";
+        description = ''
+          This option defines (in the format used by cron) when the
+          databases should be dumped.
+          The default is to update at 01:15 (at night) every day.
+        '';
+      };
+
+      user = mkOption {
+        default = "mysql";
+        description = ''
+          User to be used to perform backup.
+        '';
+      };
+
+      databases = mkOption {
+        default = [];
+        description = ''
+          List of database names to dump.
+        '';
+      };
+
+      location = mkOption {
+        default = "/var/backup/mysql";
+        description = ''
+          Location to put the gzipped MySQL database dumps.
+        '';
+      };
+
+      singleTransaction = mkOption {
+        default = false;
+        description = ''
+          Whether to create database dump in a single transaction
+        '';
+      };
+    };
+
+  };
+
+  config = mkIf config.services.mysqlBackup.enable {
+
+    services.cron.systemCronJobs = map mysqlBackupCron config.services.mysqlBackup.databases;
+
+    system.activationScripts.mysqlBackup = stringAfter [ "stdio" "users" ]
+      ''
+        mkdir -m 0700 -p ${config.services.mysqlBackup.location}
+        chown ${config.services.mysqlBackup.user} ${config.services.mysqlBackup.location}
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/backup/postgresql-backup.nix b/nixos/modules/services/backup/postgresql-backup.nix
new file mode 100644
index 000000000000..e68ad794a96b
--- /dev/null
+++ b/nixos/modules/services/backup/postgresql-backup.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  inherit (pkgs) postgresql gzip;
+
+  location = config.services.postgresqlBackup.location ;
+
+  postgresqlBackupCron = db:
+    ''
+      ${config.services.postgresqlBackup.period} root ${postgresql}/bin/pg_dump ${db} | ${gzip}/bin/gzip -c > ${location}/${db}.gz
+    '';
+
+in
+
+{
+
+  options = {
+
+    services.postgresqlBackup = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable PostgreSQL dumps.
+        '';
+      };
+
+      period = mkOption {
+        default = "15 01 * * *";
+        description = ''
+          This option defines (in the format used by cron) when the
+          databases should be dumped.
+          The default is to update at 01:15 (at night) every day.
+        '';
+      };
+
+      databases = mkOption {
+        default = [];
+        description = ''
+          List of database names to dump.
+        '';
+      };
+
+      location = mkOption {
+        default = "/var/backup/postgresql";
+        description = ''
+          Location to put the gzipped PostgreSQL database dumps.
+        '';
+      };
+    };
+
+  };
+
+  config = mkIf config.services.postgresqlBackup.enable {
+    services.cron.systemCronJobs = map postgresqlBackupCron config.services.postgresqlBackup.databases;
+
+    system.activationScripts.postgresqlBackup = stringAfter [ "stdio" "users" ]
+      ''
+        mkdir -m 0700 -p ${config.services.postgresqlBackup.location}
+        chown root ${config.services.postgresqlBackup.location}
+      '';
+  };
+
+}
diff --git a/nixos/modules/services/backup/rsnapshot.nix b/nixos/modules/services/backup/rsnapshot.nix
new file mode 100644
index 000000000000..178ba3ec7207
--- /dev/null
+++ b/nixos/modules/services/backup/rsnapshot.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.rsnapshot;
+in
+{
+  options = {
+    services.rsnapshot = {
+      enable = mkEnableOption "rsnapshot backups";
+
+      extraConfig = mkOption {
+        default = "";
+        example = ''
+          retains	hourly	24
+          retain	daily	365
+          backup	/home/	localhost/
+        '';
+        type = types.lines;
+        description = ''
+          rsnapshot configuration option in addition to the defaults from
+          rsnapshot and this module.
+
+          Note that tabs are required to separate option arguments, and
+          directory names require trailing slashes.
+
+          The "extra" in the option name might be a little misleading right
+          now, as it is required to get a functional configuration.
+        '';
+      };
+
+      cronIntervals = mkOption {
+        default = {};
+        example = { "hourly" = "0 * * * *"; "daily" = "50 21 * * *"; };
+        type = types.attrsOf types.string;
+        description = ''
+          Periodicity at which intervals should be run by cron.
+          Note that the intervals also have to exist in configuration
+          as retain options.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable (let
+    myRsnapshot = pkgs.rsnapshot.override { configFile = rsnapshotCfg; };
+    rsnapshotCfg = with pkgs; writeText "gen-rsnapshot.conf" (''
+        config_version	1.2
+        cmd_cp	${coreutils}/bin/cp
+        cmd_rsync	${rsync}/bin/rsync
+        cmd_ssh	${openssh}/bin/ssh
+        cmd_logger	${inetutils}/bin/logger
+        cmd_du	${coreutils}/bin/du
+        lockfile	/run/rsnapshot.pid
+
+        ${cfg.extraConfig}
+      '');
+    in {
+      environment.systemPackages = [ myRsnapshot ];
+
+      services.cron.systemCronJobs =
+        mapAttrsToList (interval: time: "${time} root ${myRsnapshot}/bin/rsnapshot ${interval}") cfg.cronIntervals;
+    }
+  );
+}
diff --git a/nixos/modules/services/backup/sitecopy-backup.nix b/nixos/modules/services/backup/sitecopy-backup.nix
new file mode 100644
index 000000000000..5c7f7ffae5b3
--- /dev/null
+++ b/nixos/modules/services/backup/sitecopy-backup.nix
@@ -0,0 +1,104 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  inherit (pkgs) sitecopy;
+
+  stateDir = "/var/spool/sitecopy";
+
+  sitecopyCron = backup : ''
+    ${if backup ? period then backup.period else config.services.sitecopy.period} root ${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${backup.name}.conf --update ${backup.name} >> /var/log/sitecopy.log 2>&1
+  '';
+in
+
+{
+
+  options = {
+
+    services.sitecopy = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable sitecopy backups of specified directories.
+        '';
+      };
+
+      period = mkOption {
+        default = "15 04 * * *";
+        description = ''
+          This option defines (in the format used by cron) when the
+          sitecopy backup are being run.
+          The default is to update at 04:15 (at night) every day.
+        '';
+      };
+
+      backups = mkOption {
+        example = [
+          { name = "test";
+            local = "/tmp/backup";
+            remote = "/staff-groups/ewi/st/strategoxt/backup/test";
+            server = "webdata.tudelft.nl";
+            protocol = "webdav";
+            https = true ;
+            symlinks = "maintain" ;
+          }
+        ];
+        default = [];
+        description = ''
+           List of attributesets describing the backups.
+
+           Username/password are extracted from <filename>${stateDir}/sitecopy.secrets</filename> at activation
+           time. The secrets file lines should have the following structure:
+           <screen>
+             server username password
+           </screen>
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf config.services.sitecopy.enable {
+    environment.systemPackages = [ sitecopy ];
+
+    services.cron.systemCronJobs = map sitecopyCron config.services.sitecopy.backups;
+
+    system.activationScripts.sitecopyBackup = stringAfter [ "stdio" "users" ]
+      ''
+        mkdir -m 0700 -p ${stateDir}
+        chown root ${stateDir}
+        touch ${stateDir}/sitecopy.secrets
+        chown root ${stateDir}/sitecopy.secrets
+
+        ${pkgs.lib.concatStrings (map ( b: ''
+            unset secrets
+            unset secret
+            secrets=`grep '^${b.server}' ${stateDir}/sitecopy.secrets | head -1`
+            secret=($secrets)
+            cat > ${stateDir}/${b.name}.conf << EOF
+              site ${b.name}
+              server ${b.server}
+              protocol ${b.protocol}
+              username ''${secret[1]}
+              password ''${secret[2]}
+              local ${b.local}
+              remote ${b.remote}
+              symlinks ${b.symlinks}
+              ${if b.https then "http secure" else ""}
+            EOF
+            chmod 0600 ${stateDir}/${b.name}.conf
+            if ! test -e ${stateDir}/${b.name} ; then
+              echo " * Initializing sitecopy '${b.name}'"
+              ${sitecopy}/bin/sitecopy --storepath=${stateDir} --rcfile=${stateDir}/${b.name}.conf --initialize ${b.name}
+            else
+              echo " * Sitecopy '${b.name}' already initialized"
+            fi
+          '' ) config.services.sitecopy.backups
+        )}
+      '';
+  };
+
+}
diff --git a/nixos/modules/services/databases/4store-endpoint.nix b/nixos/modules/services/databases/4store-endpoint.nix
new file mode 100644
index 000000000000..7872ea2dc6a3
--- /dev/null
+++ b/nixos/modules/services/databases/4store-endpoint.nix
@@ -0,0 +1,75 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.fourStoreEndpoint;
+  endpointUser = "fourstorehttp";
+  run = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${endpointUser} -c";
+in
+with pkgs.lib;
+{
+
+  ###### interface
+
+  options = {
+
+    services.fourStoreEndpoint = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable 4Store SPARQL endpoint.";
+      };
+
+      database = mkOption {
+        default = config.services.fourStore.database;
+        description = "RDF database name to expose via the endpoint. Defaults to local 4Store database name.";
+      };
+
+      listenAddress = mkOption {
+        default = null;
+        description = "IP address to listen on.";
+      };
+
+      port = mkOption {
+        default = 8080;
+        description = "port to listen on.";
+      };
+
+      options = mkOption {
+        default = "";
+        description = "Extra CLI options to pass to 4Store's 4s-httpd process.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions = singleton
+      { assertion = cfg.enable -> cfg.database != "";
+        message = "Must specify 4Store database name";
+      };
+
+    users.extraUsers = singleton
+      { name = endpointUser;
+        uid = config.ids.uids.fourStoreEndpoint;
+        description = "4Store SPARQL endpoint user";
+#        home = stateDir;
+      };
+
+    services.avahi.enable = true;
+
+    jobs.fourStoreEndpoint = {
+      name = "4store-endpoint";
+      startOn = "filesystem";
+
+      exec = ''
+        ${run} '${pkgs.rdf4store}/bin/4s-httpd -D ${cfg.options} ${if cfg.listenAddress!=null then "-H ${cfg.listenAddress}" else "" } -p ${toString cfg.port} ${cfg.database}'
+      '';
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/4store.nix b/nixos/modules/services/databases/4store.nix
new file mode 100644
index 000000000000..412d14b050cb
--- /dev/null
+++ b/nixos/modules/services/databases/4store.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.fourStore;
+  stateDir = "/var/lib/4store";
+  fourStoreUser = "fourstore";
+  run = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fourStoreUser}";
+in
+with pkgs.lib;
+{
+
+  ###### interface
+
+  options = {
+
+    services.fourStore = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable 4Store RDF database server.";
+      };
+
+      database = mkOption {
+        default = "";
+        description = "RDF database name. If it doesn't exist, it will be created. Databases are stored in ${stateDir}.";
+      };
+
+      options = mkOption {
+        default = "";
+        description = "Extra CLI options to pass to 4Store.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions = singleton
+      { assertion = cfg.enable -> cfg.database != "";
+        message = "Must specify 4Store database name.";
+      };
+
+    users.extraUsers = singleton
+      { name = fourStoreUser;
+        uid = config.ids.uids.fourStore;
+        description = "4Store database user";
+        home = stateDir;
+      };
+
+    services.avahi.enable = true;
+
+    jobs.fourStore = {
+      name = "4store";
+      startOn = "filesystem";
+
+      preStart = ''
+        mkdir -p ${stateDir}/
+        chown ${fourStoreUser} ${stateDir}
+        if ! test -e "${stateDir}/${cfg.database}"; then
+          ${run} -c '${pkgs.rdf4store}/bin/4s-backend-setup ${cfg.database}'
+        fi
+      '';
+
+      exec = ''
+        ${run} -c '${pkgs.rdf4store}/bin/4s-backend -D ${cfg.options} ${cfg.database}'
+      '';
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix
new file mode 100644
index 000000000000..75c225bdb67b
--- /dev/null
+++ b/nixos/modules/services/databases/firebird.nix
@@ -0,0 +1,162 @@
+{ config, pkgs, ... }:
+
+# TODO: This may file may need additional review, eg which configuartions to
+# expose to the user.
+#
+# I only used it to access some simple databases.
+
+# test:
+# isql, then type the following commands:
+# CREATE DATABASE '/var/db/firebird/data/test.fdb' USER 'SYSDBA' PASSWORD 'masterkey';
+# CONNECT '/var/db/firebird/data/test.fdb' USER 'SYSDBA' PASSWORD 'masterkey';
+# CREATE TABLE test ( text varchar(100) );
+# DROP DATABASE;
+#
+# Be careful, virtuoso-opensource also provides a different isql command !
+
+# There are at least two ways to run firebird. superserver has been choosen
+# however there are no strong reasons to prefer this or the other one AFAIK
+# Eg superserver is said to be most efficiently using resources according to
+# http://www.firebirdsql.org/manual/qsg25-classic-or-super.html
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.firebird;
+
+  firebird = cfg.package;
+
+  dataDir = "${cfg.baseDir}/data";
+  systemDir = "${cfg.baseDir}/system";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.firebird = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the Firebird super server.
+        '';
+      };
+
+      package = mkOption {
+        default = pkgs.firebirdSuper;
+        /*
+          Example: <code>package = pkgs.firebirdSuper.override { icu =
+            pkgs.icu; };</code> which is not recommended for compatibility
+            reasons. See comments at the firebirdSuper derivation
+        */
+
+        description = ''
+          Which firebird derivation to use.
+        '';
+      };
+
+      port = mkOption {
+        default = "3050";
+        description = ''
+          Port Firebird uses.
+        '';
+      };
+
+      user = mkOption {
+        default = "firebird";
+        description = ''
+          User account under which firebird runs.
+        '';
+      };
+
+      baseDir = mkOption {
+        default = "/var/db/firebird"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
+        description = ''
+          Location containing data/ and system/ directories.
+          data/ stores the databases, system/ stores the password database security2.fdb.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.firebird.enable {
+
+    environment.systemPackages = [cfg.package];
+
+    systemd.services.firebird =
+      { description = "Firebird Super-Server";
+
+        wantedBy = [ "multi-user.target" ];
+
+        # TODO: moving security2.fdb into the data directory works, maybe there
+        # is a better way
+        preStart =
+          ''
+            mkdir -m 0700 -p \
+              "${dataDir}" \
+              "${systemDir}" \
+              /var/log/firebird
+
+            if ! test -e "${systemDir}/security2.fdb"; then
+                cp ${firebird}/security2.fdb "${systemDir}"
+            fi
+
+            chown -R ${cfg.user} "${dataDir}" "${systemDir}" /var/log/firebird
+            chmod -R 700         "${dataDir}" "${systemDir}" /var/log/firebird
+          '';
+
+        serviceConfig.PermissionsStartOnly = true; # preStart must be run as root
+        serviceConfig.User = cfg.user;
+        serviceConfig.ExecStart = ''${firebird}/bin/fbserver -d'';
+
+        # TODO think about shutdown
+      };
+
+    environment.etc."firebird/firebird.msg".source = "${firebird}/firebird.msg";
+
+    # think about this again - and eventually make it an option
+    environment.etc."firebird/firebird.conf".text = ''
+      # RootDirectory = Restrict ${dataDir}
+      DatabaseAccess = Restrict ${dataDir}
+      ExternalFileAccess = Restrict ${dataDir}
+      # what is this? is None allowed?
+      UdfAccess = None
+      # "Native" =  traditional interbase/firebird, "mixed" is windows only
+      Authentication = Native
+
+      # defaults to -1 on non Win32
+      #MaxUnflushedWrites = 100
+      #MaxUnflushedWriteTime = 100
+
+      # show trace if trouble occurs (does this require debug build?)
+      # BugcheckAbort = 0
+      # ConnectionTimeout = 180
+
+      #RemoteServiceName = gds_db
+      RemoteServicePort = ${cfg.port}
+
+      # randomly choose port for server Event Notification
+      #RemoteAuxPort = 0
+      # rsetrict connections to a network card:
+      #RemoteBindAddress =
+      # there are some additional settings which should be reviewed
+    '';
+
+    users.extraUsers.firebird = {
+      description = "Firebird server user";
+      group = "firebird";
+      uid = config.ids.uids.firebird;
+    };
+
+  };
+}
diff --git a/nixos/modules/services/databases/memcached.nix b/nixos/modules/services/databases/memcached.nix
new file mode 100644
index 000000000000..a0e264f22990
--- /dev/null
+++ b/nixos/modules/services/databases/memcached.nix
@@ -0,0 +1,97 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.memcached;
+
+  memcached = pkgs.memcached;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.memcached = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable Memcached.
+        ";
+      };
+
+      user = mkOption {
+        default = "memcached";
+        description = "The user to run Memcached as";
+      };
+
+      listen = mkOption {
+        default = "127.0.0.1";
+        description = "The IP address to bind to";
+      };
+
+      port = mkOption {
+        default = 11211;
+        description = "The port to bind to";
+      };
+
+      socket = mkOption {
+        default = "";
+        description = "Unix socket path to listen on. Setting this will disable network support";
+        example = "/var/run/memcached";
+      };
+
+      maxMemory = mkOption {
+        default = 64;
+        description = "The maximum amount of memory to use for storage, in megabytes.";
+      };
+
+      maxConnections = mkOption {
+        default = 1024;
+        description = "The maximum number of simultaneous connections";
+      };
+
+      extraOptions = mkOption {
+        default = [];
+        description = "A list of extra options that will be added as a suffix when running memcached";
+      };
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf config.services.memcached.enable {
+
+    users.extraUsers = singleton
+      { name = cfg.user;
+        description = "Memcached server user";
+      };
+
+    environment.systemPackages = [ memcached ];
+
+    systemd.services.memcached =
+      { description = "Memcached server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart =
+            let
+              networking = if cfg.socket != ""
+                then "-s ${cfg.socket}"
+                else "-l ${cfg.listen} -p ${toString cfg.port}";
+            in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
+
+          User = cfg.user;
+        };
+      };
+  };
+
+}
diff --git a/nixos/modules/services/databases/mongodb.nix b/nixos/modules/services/databases/mongodb.nix
new file mode 100644
index 000000000000..d62994158939
--- /dev/null
+++ b/nixos/modules/services/databases/mongodb.nix
@@ -0,0 +1,130 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  b2s = x: if x then "true" else "false";
+
+  cfg = config.services.mongodb;
+
+  mongodb = cfg.package;
+
+  mongoCnf = pkgs.writeText "mongodb.conf"
+  ''
+    bind_ip = ${cfg.bind_ip}
+    ${optionalString cfg.quiet "quiet = true"}
+    dbpath = ${cfg.dbpath}
+    logpath = ${cfg.logpath}
+    logappend = ${b2s cfg.logappend}
+    ${optionalString (cfg.replSetName != "") "replSet = ${cfg.replSetName}"}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.mongodb = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the MongoDB server.
+        ";
+      };
+
+      package = mkOption {
+        default = pkgs.mongodb;
+        description = "
+          Which MongoDB derivation to use.
+        ";
+      };
+
+      user = mkOption {
+        default = "mongodb";
+        description = "User account under which MongoDB runs";
+      };
+
+      bind_ip = mkOption {
+        default = "127.0.0.1";
+        description = "IP to bind to";
+      };
+
+      quiet = mkOption {
+        default = false;
+        description = "quieter output";
+      };
+
+      dbpath = mkOption {
+        default = "/var/db/mongodb";
+        description = "Location where MongoDB stores its files";
+      };
+
+      logpath = mkOption {
+        default = "/var/log/mongodb/mongod.log";
+        description = "Location where MongoDB stores its logfile";
+      };
+
+      logappend = mkOption {
+        default = true;
+        description = "Append logfile instead over overwriting";
+      };
+
+      replSetName = mkOption {
+        default = "";
+        description = ''
+          If this instance is part of a replica set, set its name here.
+          Otherwise, leave empty to run as single node.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.mongodb.enable {
+
+    users.extraUsers = singleton
+      { name = cfg.user;
+        description = "MongoDB server user";
+      };
+
+    environment.systemPackages = [ mongodb ];
+
+    systemd.services.mongodb_init =
+      { description = "MongoDB server initialisation";
+
+        wantedBy = [ "mongodb.service" ];
+        before = [ "mongodb.service" ];
+
+        serviceConfig.Type = "oneshot";
+
+        script = ''
+          if ! test -e ${cfg.dbpath}; then
+              install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
+              install -d -m0755 -o ${cfg.user} `dirname ${cfg.logpath}`
+          fi
+        '';
+      };
+
+    systemd.services.mongodb =
+      { description = "MongoDB server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart = "${mongodb}/bin/mongod --quiet --config ${mongoCnf}";
+          User = cfg.user;
+        };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix
new file mode 100644
index 000000000000..8be05a27cdcb
--- /dev/null
+++ b/nixos/modules/services/databases/mysql.nix
@@ -0,0 +1,245 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.mysql;
+
+  mysql = cfg.package;
+
+  pidFile = "${cfg.pidDir}/mysqld.pid";
+
+  mysqldOptions =
+    "--user=${cfg.user} --datadir=${cfg.dataDir} " +
+    "--pid-file=${pidFile}";
+
+  myCnf = pkgs.writeText "my.cnf"
+  ''
+    [mysqld]
+    ${optionalString (cfg.replication.role == "master" || cfg.replication.role == "slave") "log-bin=mysql-bin"}
+    ${optionalString (cfg.replication.role == "master" || cfg.replication.role == "slave") "server-id = ${toString cfg.replication.serverId}"}
+    ${optionalString (cfg.replication.role == "slave")
+    ''
+      master-host = ${cfg.replication.masterHost}
+      master-user = ${cfg.replication.masterUser}
+      master-password = ${cfg.replication.masterPassword}
+      master-port = ${toString cfg.replication.masterPort}
+    ''}
+    ${cfg.extraOptions}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.mysql = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the MySQL server.
+        ";
+      };
+
+      package = mkOption {
+        default = pkgs.mysql;
+        description = "
+          Which MySQL derivation to use.
+        ";
+      };
+
+      port = mkOption {
+        default = "3306";
+        description = "Port of MySQL";
+      };
+
+      user = mkOption {
+        default = "mysql";
+        description = "User account under which MySQL runs";
+      };
+
+      dataDir = mkOption {
+        default = "/var/mysql"; # !!! should be /var/db/mysql
+        description = "Location where MySQL stores its table files";
+      };
+
+      pidDir = mkOption {
+        default = "/var/run/mysql";
+        description = "Location of the file which stores the PID of the MySQL server";
+      };
+
+      extraOptions = mkOption {
+        default = "";
+        example = ''
+          key_buffer_size = 6G
+          table_cache = 1600
+          log-error = /var/log/mysql_err.log
+        '';
+        description = ''
+          Provide extra options to the MySQL configuration file.
+
+          Please note, that these options are added to the
+          <literal>[mysqld]</literal> section so you don't need to explicitly
+          state it again.
+        '';
+      };
+
+      initialDatabases = mkOption {
+        default = [];
+        description = "List of database names and their initial schemas that should be used to create databases on the first startup of MySQL";
+        example = [
+          { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; }
+          { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; }
+        ];
+      };
+
+      initialScript = mkOption {
+        default = null;
+        description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database";
+      };
+
+      # FIXME: remove this option; it's a really bad idea.
+      rootPassword = mkOption {
+        default = null;
+        description = "Path to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.";
+      };
+
+      replication = {
+        role = mkOption {
+          default = "none";
+          description = "Role of the MySQL server instance. Can be either: master, slave or none";
+        };
+
+        serverId = mkOption {
+          default = 1;
+          description = "Id of the MySQL server instance. This number must be unique for each instance";
+        };
+
+        masterHost = mkOption {
+          description = "Hostname of the MySQL master server";
+        };
+
+        masterUser = mkOption {
+          description = "Username of the MySQL replication user";
+        };
+
+        masterPassword = mkOption {
+          description = "Password of the MySQL replication user";
+        };
+
+        masterPort = mkOption {
+          default = 3306;
+          description = "Port number on which the MySQL master server runs";
+        };
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.mysql.enable {
+
+    users.extraUsers.mysql = {
+      description = "MySQL server user";
+      group = "mysql";
+      uid = config.ids.uids.mysql;
+    };
+
+    users.extraGroups.mysql.gid = config.ids.gids.mysql;
+
+    environment.systemPackages = [mysql];
+
+    systemd.services.mysql =
+      { description = "MySQL Server";
+
+        wantedBy = [ "multi-user.target" ];
+
+        unitConfig.RequiresMountsFor = "${cfg.dataDir}";
+
+        preStart =
+          ''
+            if ! test -e ${cfg.dataDir}/mysql; then
+                mkdir -m 0700 -p ${cfg.dataDir}
+                chown -R ${cfg.user} ${cfg.dataDir}
+                ${mysql}/bin/mysql_install_db ${mysqldOptions}
+                touch /tmp/mysql_init
+            fi
+
+            mkdir -m 0700 -p ${cfg.pidDir}
+            chown -R ${cfg.user} ${cfg.pidDir}
+          '';
+
+        serviceConfig.ExecStart = "${mysql}/libexec/mysqld --defaults-extra-file=${myCnf} ${mysqldOptions}";
+
+        postStart =
+          ''
+            # Wait until the MySQL server is available for use
+            count=0
+            while [ ! -e /tmp/mysql.sock ]
+            do
+                if [ $count -eq 30 ]
+                then
+                    echo "Tried 30 times, giving up..."
+                    exit 1
+                fi
+
+                echo "MySQL daemon not yet started. Waiting for 1 second..."
+                count=$((count++))
+                sleep 1
+            done
+
+            if [ -f /tmp/mysql_init ]
+            then
+                ${concatMapStrings (database:
+                  ''
+                    # Create initial databases
+                    if ! test -e "${cfg.dataDir}/${database.name}"; then
+                        echo "Creating initial database: ${database.name}"
+                        ( echo "create database ${database.name};"
+                          echo "use ${database.name};"
+
+                          if [ -f "${database.schema}" ]
+                          then
+                              cat ${database.schema}
+                          elif [ -d "${database.schema}" ]
+                          then
+                              cat ${database.schema}/mysql-databases/*.sql
+                          fi
+                        ) | ${mysql}/bin/mysql -u root -N
+                    fi
+                  '') cfg.initialDatabases}
+
+                ${optionalString (cfg.initialScript != null)
+                  ''
+                    # Execute initial script
+                    cat ${cfg.initialScript} | ${mysql}/bin/mysql -u root -N
+                  ''}
+
+                ${optionalString (cfg.rootPassword != null)
+                  ''
+                    # Change root password
+
+                    ( echo "use mysql;"
+                      echo "update user set Password=password('$(cat ${cfg.rootPassword})') where User='root';"
+                      echo "flush privileges;"
+                    ) | ${mysql}/bin/mysql -u root -N
+                  ''}
+
+              rm /tmp/mysql_init
+            fi
+          ''; # */
+
+        serviceConfig.ExecStop =
+          "${mysql}/bin/mysqladmin ${optionalString (cfg.rootPassword != null) "--user=root --password=\"$(cat ${cfg.rootPassword})\""} shutdown";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/mysql55.nix b/nixos/modules/services/databases/mysql55.nix
new file mode 100644
index 000000000000..fe8b29e3c6b7
--- /dev/null
+++ b/nixos/modules/services/databases/mysql55.nix
@@ -0,0 +1,248 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.mysql55;
+
+  mysql = cfg.package;
+
+  pidFile = "${cfg.pidDir}/mysqld.pid";
+
+  mysqldOptions =
+    "--user=${cfg.user} --datadir=${cfg.dataDir} " +
+    "--pid-file=${pidFile}";
+
+  myCnf = pkgs.writeText "my.cnf"
+  ''
+    [mysqld]
+    ${optionalString (cfg.replication.role == "master" || cfg.replication.role == "slave") "log-bin=mysql-bin"}
+    ${optionalString (cfg.replication.role == "master" || cfg.replication.role == "slave") "server-id = ${toString cfg.replication.serverId}"}
+    ${cfg.extraOptions}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.mysql55 = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the MySQL server.
+        ";
+      };
+
+      package = mkOption {
+        default = pkgs.mysql55;
+        description = "
+          Which MySQL derivation to use.
+        ";
+      };
+
+      port = mkOption {
+        default = "3306";
+        description = "Port of MySQL";
+      };
+
+      user = mkOption {
+        default = "mysql";
+        description = "User account under which MySQL runs";
+      };
+
+      dataDir = mkOption {
+        default = "/var/mysql"; # !!! should be /var/db/mysql
+        description = "Location where MySQL stores its table files";
+      };
+
+      pidDir = mkOption {
+        default = "/var/run/mysql";
+        description = "Location of the file which stores the PID of the MySQL server";
+      };
+
+      extraOptions = mkOption {
+        default = "";
+        example = ''
+          key_buffer_size = 6G
+          table_cache = 1600
+          log-error = /var/log/mysql_err.log
+        '';
+        description = ''
+          Provide extra options to the MySQL configuration file.
+
+          Please note, that these options are added to the
+          <literal>[mysqld]</literal> section so you don't need to explicitly
+          state it again.
+        '';
+      };
+
+      initialDatabases = mkOption {
+        default = [];
+        description = "List of database names and their initial schemas that should be used to create databases on the first startup of MySQL";
+        example = [
+          { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; }
+          { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; }
+        ];
+      };
+
+      initialScript = mkOption {
+        default = null;
+        description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database";
+      };
+
+      # FIXME: remove this option; it's a really bad idea.
+      rootPassword = mkOption {
+        default = null;
+        description = "Path to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty.";
+      };
+
+      replication = {
+        role = mkOption {
+          default = "none";
+          description = "Role of the MySQL server instance. Can be either: master, slave or none";
+        };
+
+        serverId = mkOption {
+          default = 1;
+          description = "Id of the MySQL server instance. This number must be unique for each instance";
+        };
+
+        masterHost = mkOption {
+          description = "Hostname of the MySQL master server";
+        };
+
+        masterUser = mkOption {
+          description = "Username of the MySQL replication user";
+        };
+
+        masterPassword = mkOption {
+          description = "Password of the MySQL replication user";
+        };
+
+        masterPort = mkOption {
+          default = 3306;
+          description = "Port number on which the MySQL master server runs";
+        };
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.mysql55.enable {
+
+    users.extraUsers.mysql = {
+      description = "MySQL server user";
+      group = "mysql";
+      uid = config.ids.uids.mysql;
+    };
+
+    users.extraGroups.mysql.gid = config.ids.gids.mysql;
+
+    environment.systemPackages = [mysql];
+
+    systemd.services.mysql =
+      { description = "MySQL Server";
+
+        wantedBy = [ "multi-user.target" ];
+
+        unitConfig.RequiresMountsFor = "${cfg.dataDir}";
+
+        preStart =
+          ''
+            if ! test -e ${cfg.dataDir}/mysql; then
+                mkdir -m 0700 -p ${cfg.dataDir}
+                chown -R ${cfg.user} ${cfg.dataDir}
+                ${mysql}/bin/mysql_install_db ${mysqldOptions}
+                touch /tmp/mysql_init
+            fi
+
+            mkdir -m 0700 -p ${cfg.pidDir}
+            chown -R ${cfg.user} ${cfg.pidDir}
+          '';
+
+        serviceConfig.ExecStart = "${mysql}/bin/mysqld --defaults-extra-file=${myCnf} ${mysqldOptions}";
+
+        postStart =
+          ''
+            # Wait until the MySQL server is available for use
+            count=0
+            while [ ! -e /tmp/mysql.sock ]
+            do
+                if [ $count -eq 30 ]
+                then
+                    echo "Tried 30 times, giving up..."
+                    exit 1
+                fi
+
+                echo "MySQL daemon not yet started. Waiting for 1 second..."
+                count=$((count++))
+                sleep 1
+            done
+
+            if [ -f /tmp/mysql_init ]
+            then
+                ${concatMapStrings (database:
+                  ''
+                    # Create initial databases
+                    if ! test -e "${cfg.dataDir}/${database.name}"; then
+                        echo "Creating initial database: ${database.name}"
+                        ( echo "create database ${database.name};"
+                          echo "use ${database.name};"
+
+                          if [ -f "${database.schema}" ]
+                          then
+                              cat ${database.schema}
+                          elif [ -d "${database.schema}" ]
+                          then
+                              cat ${database.schema}/mysql-databases/*.sql
+                          fi
+                        ) | ${mysql}/bin/mysql -u root -N
+                    fi
+                  '') cfg.initialDatabases}
+                
+                ${optionalString (cfg.replication.role == "slave")
+                  ''
+                    # Set up the replication master
+                    
+                    ( echo "stop slave;"
+                      echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';"
+                      echo "start slave;"
+                    ) | ${mysql}/bin/mysql -u root -N
+                  ''}
+
+                ${optionalString (cfg.initialScript != null)
+                  ''
+                    # Execute initial script
+                    cat ${cfg.initialScript} | ${mysql}/bin/mysql -u root -N
+                  ''}
+
+                ${optionalString (cfg.rootPassword != null)
+                  ''
+                    # Change root password
+
+                    ( echo "use mysql;"
+                      echo "update user set Password=password('$(cat ${cfg.rootPassword})') where User='root';"
+                      echo "flush privileges;"
+                    ) | ${mysql}/bin/mysql -u root -N
+                  ''}
+
+              rm /tmp/mysql_init
+            fi
+          ''; # */
+
+        serviceConfig.ExecStop =
+          "${mysql}/bin/mysqladmin ${optionalString (cfg.rootPassword != null) "--user=root --password=\"$(cat ${cfg.rootPassword})\""} shutdown";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/openldap.nix b/nixos/modules/services/databases/openldap.nix
new file mode 100644
index 000000000000..a4dd30be1fb7
--- /dev/null
+++ b/nixos/modules/services/databases/openldap.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.openldap;
+  openldap = pkgs.openldap;
+
+  configFile = pkgs.writeText "slapd.conf" cfg.extraConfig;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.openldap = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the ldap server.
+        ";
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = "
+          sldapd.conf configuration
+        ";
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.openldap.enable {
+
+    environment.systemPackages = [ openldap ];
+
+    systemd.services.openldap = {
+      description = "LDAP server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+      preStart = ''
+        mkdir -p /var/run/slapd
+      '';
+      serviceConfig.ExecStart = "${openldap}/libexec/slapd -d 0 -f ${configFile}";
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
new file mode 100644
index 000000000000..73447e3cf0d8
--- /dev/null
+++ b/nixos/modules/services/databases/postgresql.nix
@@ -0,0 +1,233 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.postgresql;
+
+  # see description of extraPlugins
+  postgresqlAndPlugins = pg:
+    if cfg.extraPlugins == [] then pg
+    else pkgs.buildEnv {
+      name = "postgresql-and-plugins-${(builtins.parseDrvName pg.name).version}";
+      paths = [ pg ] ++ cfg.extraPlugins;
+      postBuild =
+        ''
+          mkdir -p $out/bin
+          rm $out/bin/{pg_config,postgres,pg_ctl}
+          cp --target-directory=$out/bin ${pg}/bin/{postgres,pg_config,pg_ctl}
+        '';
+    };
+
+  postgresql = postgresqlAndPlugins cfg.package;
+
+  flags = optional cfg.enableTCPIP "-i";
+
+  # The main PostgreSQL configuration file.
+  configFile = pkgs.writeText "postgresql.conf"
+    ''
+      hba_file = '${pkgs.writeText "pg_hba.conf" cfg.authentication}'
+      ident_file = '${pkgs.writeText "pg_ident.conf" cfg.identMap}'
+      log_destination = 'stderr'
+      ${cfg.extraConfig}
+    '';
+
+  pre84 = versionOlder (builtins.parseDrvName postgresql.name).version "8.4";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.postgresql = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run PostgreSQL.
+        '';
+      };
+
+      package = mkOption {
+        type = types.path;
+        example = literalExample "pkgs.postgresql92";
+        description = ''
+          PostgreSQL package to use.
+        '';
+      };
+
+      port = mkOption {
+        type = types.int;
+        default = "5432";
+        description = ''
+          Port for PostgreSQL.
+        '';
+      };
+
+      dataDir = mkOption {
+        type = types.path;
+        default = "/var/db/postgresql";
+        description = ''
+          Data directory for PostgreSQL.
+        '';
+      };
+
+      authentication = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Defines how users authenticate themselves to the server.
+        '';
+      };
+
+      identMap = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Defines the mapping from system users to database users.
+        '';
+      };
+
+      initialScript = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        description = ''
+          A file containing SQL statements to execute on first startup.
+        '';
+      };
+
+      enableTCPIP = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to run PostgreSQL with -i flag to enable TCP/IP connections.
+        '';
+      };
+
+      extraPlugins = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        example = literalExample "pkgs.postgis";
+        description = ''
+          When this list contains elements a new store path is created.
+          PostgreSQL and the elments are symlinked into it. Then pg_config,
+          postgres and pc_ctl are copied to make them use the new
+          $out/lib directory as pkglibdir. This makes it possible to use postgis
+          without patching the .sql files which reference $libdir/postgis-1.5.
+        '';
+        # Note: the duplication of executables is about 4MB size.
+        # So a nicer solution was patching postgresql to allow setting the
+        # libdir explicitely.
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Additional text to be appended to <filename>postgresql.conf</filename>.";
+      };
+
+      recoveryConfig = mkOption {
+        type = types.nullOr types.lines;
+        default = null;
+        description = ''
+          Contents of the <filename>recovery.conf</filename> file.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.postgresql.enable {
+
+    services.postgresql.authentication =
+      ''
+        # Generated file; do not edit!
+        local all all              ident ${optionalString pre84 "sameuser"}
+        host  all all 127.0.0.1/32 md5
+        host  all all ::1/128      md5
+      '';
+
+    users.extraUsers.postgres =
+      { name = "postgres";
+        uid = config.ids.uids.postgres;
+        group = "postgres";
+        description = "PostgreSQL server user";
+      };
+
+    users.extraGroups.postgres.gid = config.ids.gids.postgres;
+
+    environment.systemPackages = [postgresql];
+
+    systemd.services.postgresql =
+      { description = "PostgreSQL Server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        environment.PGDATA = cfg.dataDir;
+
+        path = [ pkgs.su postgresql ];
+
+        preStart =
+          ''
+            # Initialise the database.
+            if ! test -e ${cfg.dataDir}; then
+                mkdir -m 0700 -p ${cfg.dataDir}
+                chown -R postgres ${cfg.dataDir}
+                su -s ${pkgs.stdenv.shell} postgres -c 'initdb -U root'
+                rm -f ${cfg.dataDir}/*.conf
+                touch "${cfg.dataDir}/.first_startup"
+            fi
+
+            ln -sfn "${configFile}" "${cfg.dataDir}/postgresql.conf"
+            ${optionalString (cfg.recoveryConfig != null) ''
+              ln -sfn "${pkgs.writeText "recovery.conf" cfg.recoveryConfig}" \
+                "${cfg.dataDir}/recovery.conf"
+            ''}
+          ''; # */
+
+        serviceConfig =
+          { ExecStart = "@${postgresql}/bin/postgres postgres ${toString flags}";
+            User = "postgres";
+            Group = "postgres";
+            PermissionsStartOnly = true;
+
+            # Shut down Postgres using SIGINT ("Fast Shutdown mode").  See
+            # http://www.postgresql.org/docs/current/static/server-shutdown.html
+            KillSignal = "SIGINT";
+
+            # Give Postgres a decent amount of time to clean up after
+            # receiving systemd's SIGINT.
+            TimeoutSec = 120;
+          };
+
+        # Wait for PostgreSQL to be ready to accept connections.
+        postStart =
+          ''
+            while ! psql postgres -c "" 2> /dev/null; do
+                if ! kill -0 "$MAINPID"; then exit 1; fi
+                sleep 0.1
+            done
+
+            if test -e "${cfg.dataDir}/.first_startup"; then
+              ${optionalString (cfg.initialScript != null) ''
+                cat "${cfg.initialScript}" | psql postgres
+              ''}
+              rm -f "${cfg.dataDir}/.first_startup"
+            fi
+          '';
+
+        unitConfig.RequiresMountsFor = "${cfg.dataDir}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
new file mode 100644
index 000000000000..ea6399ba4f44
--- /dev/null
+++ b/nixos/modules/services/databases/redis.nix
@@ -0,0 +1,224 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.redis;
+  redisBool = b: if b then "yes" else "no";
+  condOption = name: value: if value != null then "${name} ${toString value}" else "";
+
+  redisConfig = pkgs.writeText "redis.conf" ''
+    pidfile ${cfg.pidFile}
+    port ${toString cfg.port}
+    ${condOption "bind" cfg.bind}
+    ${condOption "unixsocket" cfg.unixSocket}
+    loglevel ${cfg.logLevel}
+    logfile ${cfg.logfile}
+    syslog-enabled ${redisBool cfg.syslog}
+    databases ${toString cfg.databases}
+    ${concatMapStrings (d: "save ${toString (builtins.elemAt d 0)} ${toString (builtins.elemAt d 1)}\n") cfg.save}
+    dbfilename ${cfg.dbFilename}
+    dir ${toString cfg.dbpath}
+    ${if cfg.slaveOf != null then "slaveof ${cfg.slaveOf.ip} ${toString cfg.slaveOf.port}" else ""}
+    ${condOption "masterauth" cfg.masterAuth}
+    ${condOption "requirepass" cfg.requirePass}
+    appendOnly ${redisBool cfg.appendOnly}
+    appendfsync ${cfg.appendFsync}
+    slowlog-log-slower-than ${toString cfg.slowLogLogSlowerThan}
+    slowlog-max-len ${toString cfg.slowLogMaxLen}
+    ${cfg.extraConfig}
+  '';
+in
+{
+
+  ###### interface
+
+  options = {
+
+    services.redis = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the Redis server.";
+      };
+
+      package = mkOption {
+        default = pkgs.redis;
+        description = "Which Redis derivation to use.";
+      };
+
+      user = mkOption {
+        default = "redis";
+        description = "User account under which Redis runs";
+      };
+
+      pidFile = mkOption {
+        default = "/var/lib/redis/redis.pid";
+        description = "";
+      };
+
+      port = mkOption {
+        default = 6379;
+        description = "The port for Redis to listen to";
+        type = with types; int;
+      };
+
+      bind = mkOption {
+        default = null; # All interfaces
+        description = "The IP interface to bind to";
+        example = "127.0.0.1";
+      };
+
+      unixSocket = mkOption {
+        default = null;
+        description = "The path to the socket to bind to";
+        example = "/var/run/redis.sock";
+      };
+
+      logLevel = mkOption {
+        default = "notice"; # debug, verbose, notice, warning
+        example = "debug";
+        description = "Specify the server verbosity level, options: debug, verbose, notice, warning";
+        type = with types; string;
+      };
+
+      logfile = mkOption {
+        default = "/dev/null";
+        description = "Specify the log file name. Also 'stdout' can be used to force Redis to log on the standard output.";
+        example = "/var/log/redis.log";
+        type = with types; string;
+      };
+
+      syslog = mkOption {
+        default = true;
+        description = "Enable logging to the system logger.";
+        type = with types; bool;
+      };
+
+      databases = mkOption {
+        default = 16;
+        description = "Set the number of databases.";
+        type = with types; int;
+      };
+
+      save = mkOption {
+        default = [ [900 1] [300 10] [60 10000] ];
+        description = "The schedule in which data is persisted to disk, represented as a list of lists where the first element represent the amount of seconds and the second the number of changes.";
+        example = [ [900 1] [300 10] [60 10000] ];
+      };
+
+      dbFilename = mkOption {
+        default = "dump.rdb";
+        description = "The filename where to dump the DB";
+        type = with types; string;
+      };
+
+      dbpath = mkOption {
+        default = "/var/lib/redis";
+        description = "The DB will be written inside this directory, with the filename specified using the 'dbFilename' configuration";
+        type = with types; string;
+      };
+
+      slaveOf = mkOption {
+        default = null; # { ip, port }
+        description = "An attribute set with two attributes: ip and port to which this redis instance acts as a slave";
+        example = { ip = "192.168.1.100"; port = 6379; };
+      };
+
+      masterAuth = mkOption {
+        default = null;
+        description = ''If the master is password protected (using the requirePass configuration)
+        it is possible to tell the slave to authenticate before starting the replication synchronization
+        process, otherwise the master will refuse the slave request.
+        (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)'';
+      };
+
+      requirePass = mkOption {
+        default = null;
+        description = "Password for database (STORED PLAIN TEXT, WORLD-READABLE IN NIX STORE)";
+        example = "letmein!";
+      };
+
+      appendOnly = mkOption {
+        default = false;
+        description = "By default data is only periodically persisted to disk, enable this option to use an append-only file for improved persistence.";
+        type = with types; bool;
+      };
+
+      appendOnlyFilename = mkOption {
+        default = "appendonly.aof";
+        description = "Filename for the append-only file (stored inside of dbpath)";
+        type = with types; string;
+      };
+
+      appendFsync = mkOption {
+        default = "everysec"; # no, always, everysec
+        description = "How often to fsync the append-only log, options: no, always, everysec";
+        type = with types; string;
+      };
+
+      slowLogLogSlowerThan = mkOption {
+        default = 10000;
+        description = "Log queries whose execution take longer than X in milliseconds";
+        example = 1000;
+        type = with types; int;
+      };
+
+      slowLogMaxLen = mkOption {
+        default = 128;
+        description = "Maximum number of items to keep in slow log";
+        type = with types; int;
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = "Extra configuration options for redis.conf";
+        type = with types; string;
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.redis.enable {
+
+    users.extraUsers.redis =
+      { name = cfg.user;
+        uid = config.ids.uids.redis;
+        description = "Redis database user";
+      };
+
+    environment.systemPackages = [ cfg.package ];
+
+    systemd.services.redis_init =
+      { description = "Redis server initialisation";
+
+        wantedBy = [ "redis.service" ];
+        before = [ "redis.service" ];
+
+        serviceConfig.Type = "oneshot";
+
+        script = ''
+          if ! test -e ${cfg.dbpath}; then
+              install -d -m0700 -o ${cfg.user} ${cfg.dbpath}
+          fi
+        '';
+      };
+
+    systemd.services.redis =
+      { description = "Redis server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        serviceConfig = {
+          ExecStart = "${cfg.package}/bin/redis-server ${redisConfig}";
+          User = cfg.user;
+        };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/databases/virtuoso.nix b/nixos/modules/services/databases/virtuoso.nix
new file mode 100644
index 000000000000..6a29fc132114
--- /dev/null
+++ b/nixos/modules/services/databases/virtuoso.nix
@@ -0,0 +1,98 @@
+{ config, pkgs, ... }:
+let
+  cfg = config.services.virtuoso;
+  virtuosoUser = "virtuoso";
+  stateDir = "/var/lib/virtuoso";
+in
+with pkgs.lib;
+{
+
+  ###### interface
+
+  options = {
+
+    services.virtuoso = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable Virtuoso Opensource database server.";
+      };
+
+      config = mkOption {
+        default = "";
+        description = "Extra options to put into Virtuoso configuration file.";
+      };
+
+      parameters = mkOption {
+        default = "";
+        description = "Extra options to put into [Parameters] section of Virtuoso configuration file.";
+      };
+
+      listenAddress = mkOption {
+	default = "1111";
+	example = "myserver:1323";
+        description = "ip:port or port to listen on.";
+      };
+
+      httpListenAddress = mkOption {
+	default = null;
+	example = "myserver:8080";
+        description = "ip:port or port for Virtuoso HTTP server to listen on.";
+      };
+
+      dirsAllowed = mkOption {
+	default = null;
+	example = "/www, /home/";
+        description = "A list of directories Virtuoso is allowed to access";
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = virtuosoUser;
+        uid = config.ids.uids.virtuoso;
+        description = "virtuoso user";
+        home = stateDir;
+      };
+
+    jobs.virtuoso = {
+      name = "virtuoso";
+      startOn = "filesystem";
+
+      preStart = ''
+	mkdir -p ${stateDir}
+	chown ${virtuosoUser} ${stateDir}
+      '';
+
+      script = ''
+	cd ${stateDir}
+	${pkgs.virtuoso}/bin/virtuoso-t +foreground +configfile ${pkgs.writeText "virtuoso.ini" cfg.config}
+      '';
+    };
+
+    services.virtuoso.config = ''
+      [Database]
+      DatabaseFile=${stateDir}/x-virtuoso.db
+      TransactionFile=${stateDir}/x-virtuoso.trx
+      ErrorLogFile=${stateDir}/x-virtuoso.log
+      xa_persistent_file=${stateDir}/x-virtuoso.pxa
+
+      [Parameters]
+      ServerPort=${cfg.listenAddress}
+      RunAs=${virtuosoUser}
+      ${optionalString (cfg.dirsAllowed != null) "DirsAllowed=${cfg.dirsAllowed}"}
+      ${cfg.parameters}
+
+      [HTTPServer]
+      ${optionalString (cfg.httpListenAddress != null) "ServerPort=${cfg.httpListenAddress}"}
+    '';
+
+  };
+
+}
diff --git a/nixos/modules/services/games/ghost-one.nix b/nixos/modules/services/games/ghost-one.nix
new file mode 100644
index 000000000000..92c9112eeb6c
--- /dev/null
+++ b/nixos/modules/services/games/ghost-one.nix
@@ -0,0 +1,106 @@
+{pkgs, config, ...}:
+with pkgs.lib;
+let
+
+  cfg = config.services.ghostOne;
+  ghostUser = "ghostone";
+  stateDir = "/var/lib/ghost-one";
+
+in
+{
+
+  ###### interface
+
+  options = {
+    services.ghostOne = {
+
+      enable = mkOption {
+        default = false;
+        description = "Enable Ghost-One Warcraft3 game hosting server.";
+      };
+
+      language = mkOption {
+        default = "English";
+        type = types.addCheck types.str
+          (lang: elem lang [ "English" "Spanish" "Russian" "Serbian" "Turkish" ]);
+        description = "The language of bot messages: English, Spanish, Russian, Serbian or Turkish.";
+      };
+
+      war3path = mkOption {
+        default = "";
+        description = ''
+          The path to your local Warcraft III directory, which must contain war3.exe, storm.dll, and game.dll.
+        '';
+      };
+
+      mappath = mkOption {
+        default = "";
+        description = ''
+          The path to the directory where you keep your map files. GHost One doesn't require
+          map files but if it has access to them it can send them to players and automatically
+          calculate most map config values. GHost One will search [bot_mappath + map_localpath]
+          for the map file (map_localpath is set in each map's config file).
+        '';
+      };
+
+      config = mkOption {
+        default = "";
+        description = "Extra configuration options.";
+      };
+
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = ghostUser;
+        uid = config.ids.uids.ghostOne;
+        description = "Ghost One game server user";
+        home = stateDir;
+      };
+
+    users.extraGroups = singleton
+      { name = ghostUser;
+        gid = config.ids.gids.ghostOne;
+      };
+
+    services.ghostOne.config = ''
+#      bot_log = /dev/stderr
+      bot_language = ${pkgs.ghostOne}/share/ghost-one/languages/${cfg.language}.cfg
+      bot_war3path = ${cfg.war3path}
+
+      bot_mapcfgpath = mapcfgs
+      bot_savegamepath = savegames
+      bot_mappath = ${cfg.mappath}
+      bot_replaypath = replays
+    '';
+
+    jobs.ghostOne = {
+      name = "ghost-one";
+      script = ''
+        mkdir -p ${stateDir}
+        cd ${stateDir}
+        chown ${ghostUser}:${ghostUser} .
+
+        mkdir -p mapcfgs
+        chown ${ghostUser}:${ghostUser} mapcfgs
+
+        mkdir -p replays
+        chown ${ghostUser}:${ghostUser} replays
+
+        mkdir -p savegames
+        chown ${ghostUser}:${ghostUser} savegames
+
+        ln -sf ${pkgs.writeText "ghost.cfg" cfg.config} ghost.cfg
+        ln -sf ${pkgs.ghostOne}/share/ghost-one/ip-to-country.csv
+        ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${ghostUser} \
+          -c "LANG=C ${pkgs.ghostOne}/bin/ghost++"
+      '';
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/acpid.nix b/nixos/modules/services/hardware/acpid.nix
new file mode 100644
index 000000000000..adba6394dcf5
--- /dev/null
+++ b/nixos/modules/services/hardware/acpid.nix
@@ -0,0 +1,118 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  acpiConfDir = pkgs.runCommand "acpi-events" {}
+    ''
+      ensureDir $out
+      ${
+        # Generate a configuration file for each event. (You can't have
+        # multiple events in one config file...)
+        let f = event:
+          ''
+            fn=$out/${event.name}
+            echo "event=${event.event}" > $fn
+            echo "action=${pkgs.writeScript "${event.name}.sh" event.action}" >> $fn
+          '';
+        in pkgs.lib.concatMapStrings f events
+      }
+    '';
+
+  events = [powerEvent lidEvent acEvent];
+
+  # Called when the power button is pressed.
+  powerEvent =
+    { name = "power-button";
+      event = "button/power.*";
+      action =
+        ''
+          #! ${pkgs.bash}/bin/sh
+          ${config.services.acpid.powerEventCommands}
+        '';
+    };
+
+  # Called when the laptop lid is opened/closed.
+  lidEvent =
+    { name = "lid";
+      event = "button/lid.*";
+      action =
+        ''
+          #! ${pkgs.bash}/bin/sh
+          ${config.services.acpid.lidEventCommands}
+        '';
+    };
+
+  # Called when the AC power is connected or disconnected.
+  acEvent =
+    { name = "ac-power";
+      event = "ac_adapter.*";
+      action =
+        ''
+          #! ${pkgs.bash}/bin/sh
+          ${config.services.acpid.acEventCommands}
+        '';
+    };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.acpid = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the ACPI daemon.";
+      };
+
+      powerEventCommands = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Shell commands to execute on a button/power.* event.";
+      };
+
+      lidEventCommands = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Shell commands to execute on a button/lid.* event.";
+      };
+
+      acEventCommands = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Shell commands to execute on an ac_adapter.* event.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.acpid.enable {
+
+    jobs.acpid =
+      { description = "ACPI Daemon";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "systemd-udev-settle.service" ];
+
+        path = [ pkgs.acpid ];
+
+        daemonType = "fork";
+
+        exec = "acpid --confdir ${acpiConfDir}";
+
+        unitConfig.ConditionPathExists = [ "/proc/acpi" ];
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/bluetooth.nix b/nixos/modules/services/hardware/bluetooth.nix
new file mode 100644
index 000000000000..b0714a3ce800
--- /dev/null
+++ b/nixos/modules/services/hardware/bluetooth.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.bluetooth.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Whether to enable support for Bluetooth.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.hardware.bluetooth.enable {
+
+    environment.systemPackages = [ pkgs.bluez pkgs.openobex pkgs.obexftp ];
+
+    services.udev.packages = [ pkgs.bluez ];
+
+    services.dbus.packages = [ pkgs.bluez ];
+
+    systemd.services."dbus-org.bluez" = {
+      description = "Bluetooth service";
+      serviceConfig = {
+        Type = "dbus";
+        BusName = "org.bluez";
+        ExecStart = "${pkgs.bluez}/sbin/bluetoothd -n";
+      };
+      wantedBy = [ "bluetooth.target" ];
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/nvidia-optimus.nix b/nixos/modules/services/hardware/nvidia-optimus.nix
new file mode 100644
index 000000000000..4c0ce794d4f7
--- /dev/null
+++ b/nixos/modules/services/hardware/nvidia-optimus.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+let kernel = config.boot.kernelPackages; in
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.nvidiaOptimus.disable = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        Completely disable the NVIDIA graphics card and use the
+        integrated graphics processor instead.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.hardware.nvidiaOptimus.disable {
+    boot.blacklistedKernelModules = ["nouveau" "nvidia" "nvidiafb"];
+    boot.kernelModules = [ "bbswitch" ];
+    boot.extraModulePackages = [ kernel.bbswitch ];
+
+    systemd.services.bbswitch = {
+      description = "Disable NVIDIA Card";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        ExecStart = "${kernel.bbswitch}/bin/discrete_vga_poweroff";
+        ExecStop = "${kernel.bbswitch}/bin/discrete_vga_poweron";
+      };
+      path = [ kernel.bbswitch ];
+    };
+  };
+
+}
diff --git a/nixos/modules/services/hardware/pcscd.nix b/nixos/modules/services/hardware/pcscd.nix
new file mode 100644
index 000000000000..9f389efc06d4
--- /dev/null
+++ b/nixos/modules/services/hardware/pcscd.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.pcscd = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the PCSC-Lite daemon.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.pcscd.enable {
+
+    jobs.pcscd =
+      { description = "PCSC-Lite daemon";
+
+        startOn = "started udev";
+
+        daemonType = "fork";
+
+        # Add to the drivers directory the only drivers we have by now: ccid
+        preStart = ''
+            mkdir -p /var/lib/pcsc
+            rm -Rf /var/lib/pcsc/drivers
+            ln -s ${pkgs.ccid}/pcsc/drivers /var/lib/pcsc/
+        '';
+
+        exec = "${pkgs.pcsclite}/sbin/pcscd";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/pommed.nix b/nixos/modules/services/hardware/pommed.nix
new file mode 100644
index 000000000000..32599554fc12
--- /dev/null
+++ b/nixos/modules/services/hardware/pommed.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  options.services.hardware.pommed = {
+    enable = mkOption {
+      default = false;
+       description = ''
+        Whether to use the pommed tool to handle Apple laptop keyboard hotkeys.
+      '';
+    };
+
+    configFile = mkOption {
+      default = "${pkgs.pommed}/etc/pommed.conf";
+      description = ''
+        The contents of the pommed.conf file.
+      '';
+    };
+  };
+
+  config = mkIf config.services.hardware.pommed.enable {
+    environment.systemPackages = [ pkgs.polkit ];
+
+    environment.etc = [
+      { source = config.services.hardware.pommed.configFile;
+        target = "pommed.conf";
+      }
+    ];
+
+    services.dbus.packages = [ pkgs.pommed ];
+
+    jobs.pommed = { name = "pommed";
+
+      description = "Pommed hotkey management";
+
+      startOn = "started dbus";
+
+      postStop = "rm -f /var/run/pommed.pid";
+
+      exec = "${pkgs.pommed}/bin/pommed";
+
+      daemonType = "fork";
+
+      path = [ pkgs.eject ];
+    };
+  };
+}
diff --git a/nixos/modules/services/hardware/sane.nix b/nixos/modules/services/hardware/sane.nix
new file mode 100644
index 000000000000..5979feb82409
--- /dev/null
+++ b/nixos/modules/services/hardware/sane.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  pkg = if config.hardware.sane.snapshot then pkgs.saneBackendsGit else pkgs.saneBackends;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    hardware.sane.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable support for SANE scanners.";
+    };
+
+    hardware.sane.snapshot = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Use a development snapshot of SANE scanner drivers.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.hardware.sane.enable {
+
+    environment.systemPackages = [ pkg ];
+    services.udev.packages = [ pkg ];
+
+    users.extraGroups."scanner".gid = config.ids.gids.scanner;
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/thinkfan.nix b/nixos/modules/services/hardware/thinkfan.nix
new file mode 100644
index 000000000000..b39c9cb1d9bb
--- /dev/null
+++ b/nixos/modules/services/hardware/thinkfan.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.thinkfan;
+  configFile = pkgs.writeText "thinkfan.conf" ''
+    # ATTENTION: There is only very basic sanity checking on the configuration.
+    # That means you can set your temperature limits as insane as you like. You
+    # can do anything stupid, e.g. turn off your fan when your CPU reaches 70°C.
+    #
+    # That's why this program is called THINKfan: You gotta think for yourself.
+    #
+    ######################################################################
+    #
+    # IBM/Lenovo Thinkpads (thinkpad_acpi, /proc/acpi/ibm)
+    # ====================================================
+    #
+    # IMPORTANT:
+    #
+    # To keep your HD from overheating, you have to specify a correction value for
+    # the sensor that has the HD's temperature. You need to do this because
+    # thinkfan uses only the highest temperature it can find in the system, and
+    # that'll most likely never be your HD, as most HDs are already out of spec
+    # when they reach 55 °C.
+    # Correction values are applied from left to right in the same order as the
+    # temperatures are read from the file.
+    #
+    # For example:
+    # sensor /proc/acpi/ibm/thermal (0, 0, 10)
+    # will add a fixed value of 10 °C the 3rd value read from that file. Check out
+    # http://www.thinkwiki.org/wiki/Thermal_Sensors to find out how much you may
+    # want to add to certain temperatures.
+    
+    #  Syntax:
+    #  (LEVEL, LOW, HIGH)
+    #  LEVEL is the fan level to use (0-7 with thinkpad_acpi)
+    #  LOW is the temperature at which to step down to the previous level
+    #  HIGH is the temperature at which to step up to the next level
+    #  All numbers are integers.
+    #
+
+    sensor ${cfg.sensor} (0, 10, 15, 2, 10, 5, 0, 3, 0, 3)
+    
+    (0,     0,      55)
+    (1,     48,     60)
+    (2,     50,     61)
+    (3,     52,     63)
+    (6,     56,     65)
+    (7,     60,     85)
+    (127,   80,     32767)
+  '';
+
+in {
+
+  options = {
+
+    services.thinkfan = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable thinkfan, fan controller for ibm/lenovo thinkpads.
+        '';
+      };
+
+      sensor = mkOption {
+        default = "/proc/acpi/ibm/thermal";
+        description =''
+          Sensor used by thinkfan
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.thinkfan ];
+
+    systemd.services.thinkfan = {
+      description = "Thinkfan";
+      after = [ "basic.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.thinkfan ];
+      serviceConfig.ExecStart = "${pkgs.thinkfan}/bin/thinkfan -n -c ${configFile}";
+    };
+
+    boot.extraModprobeConfig = "options thinkpad_acpi experimental=1 fan_control=1";
+
+  };
+
+}
diff --git a/nixos/modules/services/hardware/udev.nix b/nixos/modules/services/hardware/udev.nix
new file mode 100644
index 000000000000..516569c02808
--- /dev/null
+++ b/nixos/modules/services/hardware/udev.nix
@@ -0,0 +1,240 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) stdenv writeText procps;
+
+  udev = config.systemd.package;
+
+  cfg = config.services.udev;
+
+  extraUdevRules = pkgs.writeTextFile {
+    name = "extra-udev-rules";
+    text = cfg.extraRules;
+    destination = "/etc/udev/rules.d/10-local.rules";
+  };
+
+  nixosRules = ''
+    # Miscellaneous devices.
+    KERNEL=="kvm",                  MODE="0666"
+    KERNEL=="kqemu",                MODE="0666"
+  '';
+
+  # Perform substitutions in all udev rules files.
+  udevRules = stdenv.mkDerivation {
+    name = "udev-rules";
+    buildCommand = ''
+      mkdir -p $out
+      shopt -s nullglob
+
+      # Set a reasonable $PATH for programs called by udev rules.
+      echo 'ENV{PATH}="${udevPath}/bin:${udevPath}/sbin"' > $out/00-path.rules
+
+      # Add the udev rules from other packages.
+      for i in ${toString cfg.packages}; do
+        echo "Adding rules for package $i"
+        for j in $i/{etc,lib}/udev/rules.d/*; do
+          echo "Copying $j to $out/$(basename $j)"
+          cat $j > $out/$(basename $j)
+        done
+      done
+
+      # Fix some paths in the standard udev rules.  Hacky.
+      for i in $out/*.rules; do
+        substituteInPlace $i \
+          --replace \"/sbin/modprobe \"${config.system.sbin.modprobe}/sbin/modprobe \
+          --replace \"/sbin/mdadm \"${pkgs.mdadm}/sbin/mdadm \
+          --replace \"/sbin/blkid \"${pkgs.utillinux}/sbin/blkid \
+          --replace \"/bin/mount \"${pkgs.utillinux}/bin/mount
+      done
+
+      echo -n "Checking that all programs called by relative paths in udev rules exist in ${udev}/lib/udev... "
+      import_progs=$(grep 'IMPORT{program}="[^/$]' $out/* |
+        sed -e 's/.*IMPORT{program}="\([^ "]*\)[ "].*/\1/' | uniq)
+      run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="[^/$]' |
+        sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq)
+      for i in $import_progs $run_progs; do
+        if [[ ! -x ${pkgs.udev}/lib/udev/$i && ! $i =~ socket:.* ]]; then
+          echo "FAIL"
+          echo "$i is called in udev rules but not installed by udev"
+          exit 1
+        fi
+      done
+      echo "OK"
+
+      echo -n "Checking that all programs called by absolute paths in udev rules exist... "
+      import_progs=$(grep 'IMPORT{program}="\/' $out/* |
+        sed -e 's/.*IMPORT{program}="\([^ "]*\)[ "].*/\1/' | uniq)
+      run_progs=$(grep -v '^[[:space:]]*#' $out/* | grep 'RUN+="/' |
+        sed -e 's/.*RUN+="\([^ "]*\)[ "].*/\1/' | uniq)
+      for i in $import_progs $run_progs; do
+        if [[ ! -x $i ]]; then
+          echo "FAIL"
+          echo "$i is called in udev rules but not installed by udev"
+          exit 1
+        fi
+      done
+      echo "OK"
+
+      echo "Consider fixing the following udev rules:"
+      for i in ${toString cfg.packages}; do
+        grep -l '\(RUN+\|IMPORT{program}\)="\(/usr\)\?/s\?bin' $i/*/udev/rules.d/* || true
+      done
+
+      ${optionalString (!config.networking.usePredictableInterfaceNames) ''
+        ln -s /dev/null $out/80-net-name-slot.rules
+      ''}
+
+      # If auto-configuration is disabled, then remove
+      # udev's 80-drivers.rules file, which contains rules for
+      # automatically calling modprobe.
+      ${optionalString (!config.boot.hardwareScan) ''
+        ln -s /dev/null $out/80-drivers.rules
+      ''}
+    ''; # */
+  };
+
+  # Udev has a 512-character limit for ENV{PATH}, so create a symlink
+  # tree to work around this.
+  udevPath = pkgs.buildEnv {
+    name = "udev-path";
+    paths = cfg.path;
+    pathsToLink = [ "/bin" "/sbin" ];
+    ignoreCollisions = true;
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    boot.hardwareScan = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to try to load kernel modules for all detected hardware.
+        Usually this does a good job of providing you with the modules
+        you need, but sometimes it can crash the system or cause other
+        nasty effects.
+      '';
+    };
+
+    services.udev = {
+
+      packages = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          List of packages containing <command>udev</command> rules.
+          All files found in
+          <filename><replaceable>pkg</replaceable>/etc/udev/rules.d</filename> and
+          <filename><replaceable>pkg</replaceable>/lib/udev/rules.d</filename>
+          will be included.
+        '';
+      };
+
+      path = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          Packages added to the <envar>PATH</envar> environment variable when
+          executing programs from Udev rules.
+        '';
+      };
+
+      extraRules = mkOption {
+        default = "";
+        example = ''
+          KERNEL=="eth*", ATTR{address}=="00:1D:60:B9:6D:4F", NAME="my_fast_network_card"
+        '';
+        type = types.lines;
+        description = ''
+          Additional <command>udev</command> rules. They'll be written
+          into file <filename>10-local.rules</filename>. Thus they are
+          read before all other rules.
+        '';
+      };
+
+    };
+
+    hardware.firmware = mkOption {
+      type = types.listOf types.path;
+      default = [];
+      example = [ "/root/my-firmware" ];
+      description = ''
+        List of directories containing firmware files.  Such files
+        will be loaded automatically if the kernel asks for them
+        (i.e., when it has detected specific hardware that requires
+        firmware to function).  If more than one path contains a
+        firmware file with the same name, the first path in the list
+        takes precedence.  Note that you must rebuild your system if
+        you add files to any of these directories.  For quick testing,
+        put firmware files in /root/test-firmware and add that
+        directory to the list.
+        Note that you can also add firmware packages to this
+        list as these are directories in the nix store.
+      '';
+      apply = list: pkgs.buildEnv {
+        name = "firmware";
+        paths = list;
+        pathsToLink = [ "/" ];
+        ignoreCollisions = true;
+      };
+    };
+
+    networking.usePredictableInterfaceNames = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        Whether to assign <link
+        xlink:href='http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames'>predictable
+        names to network interfaces</link>.  If enabled, interfaces
+        are assigned names that contain topology information
+        (e.g. <literal>wlp3s0</literal>) and thus should be stable
+        across reboots.  If disabled, names depend on the order in
+        which interfaces are discovered by the kernel, which may
+        change randomly across reboots; for instance, you may find
+        <literal>eth0</literal> and <literal>eth1</literal> flipping
+        unpredictably.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    services.udev.extraRules = nixosRules;
+
+    services.udev.packages = [ extraUdevRules ];
+
+    services.udev.path = [ pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.utillinux udev ];
+
+    environment.etc =
+      [ { source = udevRules;
+          target = "udev/rules.d";
+        }
+      ];
+
+    system.requiredKernelConfig = with config.lib.kernelConfig; [
+      (isEnabled "UNIX")
+      (isYes "INOTIFY_USER")
+      (isYes "NET")
+    ];
+
+    boot.extraModprobeConfig = "options firmware_class path=${config.hardware.firmware}";
+
+    system.activationScripts.clearHotplug =
+      ''
+        echo "" > /proc/sys/kernel/hotplug
+      '';
+
+  };
+}
diff --git a/nixos/modules/services/hardware/udisks.nix b/nixos/modules/services/hardware/udisks.nix
new file mode 100644
index 000000000000..531ee192573a
--- /dev/null
+++ b/nixos/modules/services/hardware/udisks.nix
@@ -0,0 +1,45 @@
+# Udisks daemon.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.udisks = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Udisks, a DBus service that allows
+          applications to query and manipulate storage devices.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.udisks.enable {
+
+    environment.systemPackages = [ pkgs.udisks ];
+
+    services.dbus.packages = [ pkgs.udisks ];
+
+    system.activationScripts.udisks =
+      ''
+        mkdir -m 0755 -p /var/lib/udisks
+      '';
+
+    services.udev.packages = [ pkgs.udisks ];
+  };
+
+}
diff --git a/nixos/modules/services/hardware/udisks2.nix b/nixos/modules/services/hardware/udisks2.nix
new file mode 100644
index 000000000000..178ec379ff1b
--- /dev/null
+++ b/nixos/modules/services/hardware/udisks2.nix
@@ -0,0 +1,54 @@
+# Udisks daemon.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.udisks2 = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Udisks, a DBus service that allows
+          applications to query and manipulate storage devices.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.udisks2.enable {
+
+    environment.systemPackages = [ pkgs.udisks2 ];
+
+    services.dbus.packages = [ pkgs.udisks2 ];
+
+    system.activationScripts.udisks2 =
+      ''
+        mkdir -m 0755 -p /var/lib/udisks2
+      '';
+
+    #services.udev.packages = [ pkgs.udisks2 ];
+    
+    systemd.services.udisks2 = {
+      description = "Udisks2 service";
+      serviceConfig = {
+        Type = "dbus";
+        BusName = "org.freedesktop.UDisks2";
+        ExecStart = "${pkgs.udisks2}/lib/udisks2/udisksd --no-debug";
+      };
+    };
+  };
+
+}
diff --git a/nixos/modules/services/hardware/upower.nix b/nixos/modules/services/hardware/upower.nix
new file mode 100644
index 000000000000..4a9b13d4aa09
--- /dev/null
+++ b/nixos/modules/services/hardware/upower.nix
@@ -0,0 +1,65 @@
+# Upower daemon.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.upower = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable Upower, a DBus service that provides power
+          management support to applications.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.upower.enable {
+
+    environment.systemPackages = [ pkgs.upower ];
+
+    services.dbus.packages = [ pkgs.upower ];
+
+    services.udev.packages = [ pkgs.upower ];
+
+    systemd.services.upower =
+      { description = "Power Management Daemon";
+        path = [ pkgs.glib ]; # needed for gdbus
+        serviceConfig =
+          { Type = "dbus";
+            BusName = "org.freedesktop.UPower";
+            ExecStart = "@${pkgs.upower}/libexec/upowerd upowerd";
+          };
+      };
+
+    system.activationScripts.upower =
+      ''
+        mkdir -m 0755 -p /var/lib/upower
+      '';
+
+    # The upower daemon seems to get stuck after doing a suspend
+    # (i.e. subsequent suspend requests will say "Sleep has already
+    # been requested and is pending").  So as a workaround, restart
+    # the daemon.
+    powerManagement.resumeCommands =
+      ''
+        ${config.systemd.package}/bin/systemctl try-restart upower
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/logging/klogd.nix b/nixos/modules/services/logging/klogd.nix
new file mode 100644
index 000000000000..d7d0bbf89a54
--- /dev/null
+++ b/nixos/modules/services/logging/klogd.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  ###### interface
+
+  options = {
+
+    services.klogd.enable = mkOption {
+      type = types.bool;
+      default = versionOlder (getVersion config.boot.kernelPackages.kernel) "3.5";
+      description = ''
+        Whether to enable klogd, the kernel log message processing
+        daemon.  Since systemd handles logging of kernel messages on
+        Linux 3.5 and later, this is only useful if you're running an
+        older kernel.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.klogd.enable {
+
+    jobs.klogd =
+      { description = "Kernel Log Daemon";
+
+        wantedBy = [ "multi-user.target" ];
+
+        path = [ pkgs.sysklogd ];
+
+        exec =
+          "klogd -c 1 -2 -n " +
+          "-k $(dirname $(readlink -f /run/booted-system/kernel))/System.map";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/logging/logcheck.nix b/nixos/modules/services/logging/logcheck.nix
new file mode 100644
index 000000000000..2a6a6516f488
--- /dev/null
+++ b/nixos/modules/services/logging/logcheck.nix
@@ -0,0 +1,231 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.logcheck;
+
+  defaultRules = pkgs.runCommand "logcheck-default-rules" {} ''
+                   cp -prd ${pkgs.logcheck}/etc/logcheck $out
+                   chmod u+w $out
+                   rm $out/logcheck.*
+                 '';
+
+  rulesDir = pkgs.symlinkJoin "logcheck-rules-dir" ([ defaultRules ] ++ cfg.extraRulesDirs);
+
+  configFile = pkgs.writeText "logcheck.conf" cfg.config;
+
+  logFiles = pkgs.writeText "logcheck.logfiles" cfg.files;
+
+  flags = "-r ${rulesDir} -c ${configFile} -L ${logFiles} -${levelFlag} -m ${cfg.mailTo}";
+
+  levelFlag = getAttrFromPath [cfg.level]
+    { "paranoid"    = "p";
+      "server"      = "s";
+      "workstation" = "w";
+    };
+
+  cronJob = ''
+    @reboot   logcheck env PATH=/var/setuid-wrappers:$PATH nice -n10 ${pkgs.logcheck}/sbin/logcheck -R ${flags}
+    2 ${cfg.timeOfDay} * * * logcheck env PATH=/var/setuid-wrappers:$PATH nice -n10 ${pkgs.logcheck}/sbin/logcheck ${flags}
+  '';
+
+  writeIgnoreRule = name: {level, regex, ...}:
+    pkgs.writeTextFile
+      { inherit name;
+        destination = "/ignore.d.${level}/${name}";
+        text = ''
+          ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ${regex}
+        '';
+      };
+
+  writeIgnoreCronRule = name: {level, user, regex, cmdline, ...}:
+    let escapeRegex = escape (stringToCharacters "\\[]{}()^$?*+|.");
+        cmdline_ = builtins.unsafeDiscardStringContext cmdline;
+        re = if regex != "" then regex else if cmdline_ == "" then ".*" else escapeRegex cmdline_;
+    in writeIgnoreRule "cron-${name}" {
+      inherit level;
+      regex = ''
+        (/usr/bin/)?cron\[[0-9]+\]: \(${user}\) CMD \(${re}\)$
+      '';
+    };
+
+  levelOption = mkOption {
+    default = "server";
+    type = types.str;
+    description = ''
+      Set the logcheck level. Either "workstation", "server", or "paranoid".
+    '';
+  };
+
+  ignoreOptions = {
+    level = levelOption;
+
+    regex = mkOption {
+      default = "";
+      type = types.str;
+      description = ''
+        Regex specifying which log lines to ignore.
+      '';
+    };
+  };
+
+  ignoreCronOptions = {
+    user = mkOption {
+      default = "root";
+      type = types.str;
+      description = ''
+        User that runs the cronjob.
+      '';
+    };
+
+    cmdline = mkOption {
+      default = "";
+      type = types.str;
+      description = ''
+        Command line for the cron job. Will be turned into a regex for the logcheck ignore rule.
+      '';
+    };
+
+    timeArgs = mkOption {
+      default = null;
+      type = types.nullOr (types.str);
+      example = "02 06 * * *";
+      description = ''
+        "min hr dom mon dow" crontab time args, to auto-create a cronjob too.
+        Leave at null to not do this and just add a logcheck ignore rule.
+      '';
+    };
+  };
+
+in
+{
+  options = {
+    services.logcheck = {
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Enable the logcheck cron job.
+        '';
+      };
+
+      user = mkOption {
+        default = "logcheck";
+        type = types.str;
+        description = ''
+          Username for the logcheck user.
+        '';
+      };
+
+      timeOfDay = mkOption {
+        default = "*";
+        example = "6";
+        type = types.str;
+        description = ''
+          Time of day to run logcheck. A logcheck will be scheduled at xx:02 each day.
+          Leave default (*) to run every hour. Of course when nothing special was logged,
+          logcheck will be silent.
+        '';
+      };
+
+      mailTo = mkOption {
+        default = "root";
+        example = "you@domain.com";
+        type = types.str;
+        description = ''
+          Email address to send reports to.
+        '';
+      };
+
+      level = mkOption {
+        default = "server";
+        type = types.str;
+        description = ''
+          Set the logcheck level. Either "workstation", "server", or "paranoid".
+        '';
+      };
+
+      config = mkOption {
+        default = "FQDN=1";
+        type = types.string;
+        description = ''
+          Config options that you would like in logcheck.conf.
+        '';
+      };
+
+      files = mkOption {
+        default = [ "/var/log/messages" ];
+        type = types.listOf types.path;
+        example = [ "/var/log/messages" "/var/log/mail" ];
+        description = ''
+          Which log files to check.
+        '';
+      };
+
+      extraRulesDirs = mkOption {
+        default = [];
+        example = "/etc/logcheck";
+        type = types.listOf types.path;
+        description = ''
+          Directories with extra rules.
+        '';
+      };
+
+      ignore = mkOption {
+        default = {};
+        description = ''
+          This option defines extra ignore rules.
+        '';
+        type = types.loaOf types.optionSet;
+        options = [ ignoreOptions ];
+      };
+
+      ignoreCron = mkOption {
+        default = {};
+        description = ''
+          This option defines extra ignore rules for cronjobs.
+        '';
+        type = types.loaOf types.optionSet;
+        options = [ ignoreOptions ignoreCronOptions ];
+      };
+
+      extraGroups = mkOption {
+        default = [];
+        type = types.listOf types.string;
+        example = [ "postdrop" "mongodb" ];
+        description = ''
+          Extra groups for the logcheck user, for example to be able to use sendmail,
+          or to access certain log files.
+        '';
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.logcheck.extraRulesDirs =
+        mapAttrsToList writeIgnoreRule cfg.ignore
+        ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;
+
+    users.extraUsers = singleton
+      { name = cfg.user;
+        shell = "/bin/sh";
+        description = "Logcheck user account";
+        extraGroups = cfg.extraGroups;
+      };
+
+    system.activationScripts.logcheck = ''
+      mkdir -m 700 -p /var/{lib,lock}/logcheck
+      chown ${cfg.user} /var/{lib,lock}/logcheck
+    '';
+
+    services.cron.systemCronJobs =
+        let withTime = name: {timeArgs, ...}: ! (builtins.isNull timeArgs);
+            mkCron = name: {user, cmdline, timeArgs, ...}: ''
+              ${timeArgs} ${user} ${cmdline}
+            '';
+        in mapAttrsToList mkCron (filterAttrs withTime cfg.ignoreCron)
+           ++ [ cronJob ];
+  };
+}
diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix
new file mode 100644
index 000000000000..c6c0d2ea2382
--- /dev/null
+++ b/nixos/modules/services/logging/logrotate.nix
@@ -0,0 +1,38 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.logrotate;
+
+  configFile = pkgs.writeText "logrotate.conf"
+    cfg.config;
+
+  cronJob = ''
+    5 * * * * root ${pkgs.logrotate}/sbin/logrotate ${configFile}
+  '';
+
+in
+{
+  options = {
+    services.logrotate = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable the logrotate cron job
+        '';
+      };
+
+      config = mkOption {
+        default = "";
+        description = ''
+          The contents of the logrotate config file
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.cron.systemCronJobs = [ cronJob ];
+  };
+}
diff --git a/nixos/modules/services/logging/logstash.nix b/nixos/modules/services/logging/logstash.nix
new file mode 100644
index 000000000000..79bdf4f7bbca
--- /dev/null
+++ b/nixos/modules/services/logging/logstash.nix
@@ -0,0 +1,161 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.logstash;
+
+  listToConfig = list: "[ " + (concatStringsSep ", " (map exprToConfig list)) + " ]";
+
+  hashToConfig = attrs:
+    let
+      attrNameToConfigList = name:
+        [ (exprToConfig name)  (exprToConfig (getAttr name attrs)) ];
+    in
+      "[ " +
+      (concatStringsSep ", " (map attrNameToConfigList (attrNames attrs))) +
+      " ]";
+
+  valueToConfig = nvpair: let name = nvpair.name; value = nvpair.value; in
+    if (isAttrs value) && ((!(value ? __type)) || value.__type == "repeated")
+      then ''
+        ${name} {
+          ${exprToConfig value}
+        }
+      ''
+      else "${name} => ${exprToConfig value}";
+
+  repeatedAttrsToConfig = values:
+      concatStringsSep "\n" (map valueToConfig values);
+
+  attrsToConfig = attrs:
+    let
+      attrToConfig = name: valueToConfig {
+        inherit name;
+        value = (getAttr name attrs);
+      };
+    in
+      concatStringsSep "\n" (map attrToConfig (attrNames attrs));
+
+  exprToConfig = expr:
+    let
+      isCustomType = expr: (isAttrs expr) && (expr ? __type);
+
+      isFloat = expr: (isCustomType expr) && (expr.__type == "float");
+
+      isHash = expr: (isCustomType expr) && (expr.__type == "hash");
+
+      isRepeatedAttrs = expr: (isCustomType expr) && (expr.__type == "repeated");
+    in
+      if builtins.isBool expr then (if expr then "true" else "false") else
+      if builtins.isString expr then ''"${expr}"'' else
+      if builtins.isInt expr then toString expr else
+      if isFloat expr then expr.value else
+      if isList expr then listToConfig expr else
+      if isHash expr then hashToConfig expr.value else
+      if isRepeatedAttrs expr then repeatedAttrsToConfig expr.values
+      else attrsToConfig expr;
+
+  mergeConfigs = configs:
+    let
+      op = attrs: newAttrs:
+        let
+          isRepeated = newAttrs ? __type && newAttrs.__type == "repeated";
+        in {
+            values = attrs.values ++ (if isRepeated then newAttrs.values else
+              map (name: { inherit name; value = getAttr name newAttrs; })
+              (attrNames newAttrs));
+          };
+    in (foldl op { values = []; } configs) // { __type = "repeated"; };
+
+in
+
+{
+  ###### interface
+
+  options = {
+    services.logstash = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable logstash.
+        '';
+      };
+
+      inputConfig = mkOption {
+        default = {};
+        description = ''
+          An attribute set (or an expression generated by mkNameValuePairs)
+          representing a logstash configuration's input section.
+          Logstash configs are name-value pairs, where values can be bools,
+          strings, numbers, arrays, hashes, or other name-value pairs,
+          and names are strings that can be repeated. Name-value pairs with no
+          repeats are represented by attr sets. Bools, strings, ints, and
+          arrays are mapped directly. Name-value pairs with repeats can be
+          generated by the config.lib.logstash.mkNameValuePairs function, which
+          takes a list of attrsets and combines them while preserving attribute
+          name duplicates if they occur. Similarly, there are the mkFloat and
+          mkHash functions, which take a string representation of a float and an
+          attrset, respectively.
+        '';
+        apply = mergeConfigs;
+      };
+
+      filterConfig = mkOption {
+        default = {};
+        description = ''
+          An attribute set (or an expression generated by mkNameValuePairs)
+          representing a logstash configuration's filter section.
+          See inputConfig description for details.
+        '';
+        apply = mergeConfigs;
+      };
+
+      outputConfig = mkOption {
+        default = {};
+        description = ''
+          An attribute set (or an expression generated by mkNameValuePairs)
+          representing a logstash configuration's output section.
+          See inputConfig description for details.
+        '';
+        apply = mergeConfigs;
+      };
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkMerge [ {
+    lib.logstash = {
+      mkFloat = stringRep: { __type = "float"; value = stringRep; };
+
+      mkHash = attrs: { __type = "hash"; value = attrs; };
+
+      mkNameValuePairs = mergeConfigs;
+    };
+  } ( mkIf cfg.enable {
+    systemd.services.logstash = with pkgs; {
+      description = "Logstash daemon";
+
+      wantedBy = [ "multi-user.target" ];
+
+      path = [ jre ];
+
+      script = "cd /tmp && exec java -jar ${logstash} agent -f ${writeText "logstash.conf" ''
+        input {
+          ${exprToConfig cfg.inputConfig}
+        }
+
+        filter {
+          ${exprToConfig cfg.filterConfig}
+        }
+
+        output {
+          ${exprToConfig cfg.outputConfig}
+        }
+      ''} &> /var/log/logstash.log";
+    };
+  })];
+}
diff --git a/nixos/modules/services/logging/rsyslogd.nix b/nixos/modules/services/logging/rsyslogd.nix
new file mode 100644
index 000000000000..680c7a912c1f
--- /dev/null
+++ b/nixos/modules/services/logging/rsyslogd.nix
@@ -0,0 +1,105 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.rsyslogd;
+
+  syslogConf = pkgs.writeText "syslog.conf" ''
+    $ModLoad imuxsock
+    $SystemLogSocketName /run/systemd/journal/syslog
+    $WorkDirectory /var/spool/rsyslog
+
+    ${cfg.defaultConfig}
+    ${cfg.extraConfig}
+  '';
+
+  defaultConf = ''
+    # "local1" is used for dhcpd messages.
+    local1.*                     -/var/log/dhcpd
+
+    mail.*                       -/var/log/mail
+
+    *.=warning;*.=err            -/var/log/warn
+    *.crit                        /var/log/warn
+
+    *.*;mail.none;local1.none    -/var/log/messages
+  '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.rsyslogd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable syslogd.  Note that systemd also logs
+          syslog messages, so you normally don't need to run syslogd.
+        '';
+      };
+
+      defaultConfig = mkOption {
+        type = types.string;
+        default = defaultConf;
+        description = ''
+          The default <filename>syslog.conf</filename> file configures a
+          fairly standard setup of log files, which can be extended by
+          means of <varname>extraConfig</varname>.
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.string;
+        default = "";
+        example = "news.* -/var/log/news";
+        description = ''
+          Additional text appended to <filename>syslog.conf</filename>,
+          i.e. the contents of <varname>defaultConfig</varname>.
+        '';
+      };
+
+      extraParams = mkOption {
+        type = types.listOf types.string;
+        default = [ ];
+        example = [ "-m 0" ];
+        description = ''
+          Additional parameters passed to <command>rsyslogd</command>.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.rsyslog ];
+
+    systemd.services.syslog =
+      { description = "Syslog Daemon";
+
+        requires = [ "syslog.socket" ];
+
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig =
+          { ExecStart = "${pkgs.rsyslog}/sbin/rsyslogd ${toString cfg.extraParams} -f ${syslogConf} -n";
+            ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /var/spool/rsyslog";
+            # Prevent syslogd output looping back through journald.
+            StandardOutput = "null";
+          };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/logging/syslogd.nix b/nixos/modules/services/logging/syslogd.nix
new file mode 100644
index 000000000000..36a0ace927ae
--- /dev/null
+++ b/nixos/modules/services/logging/syslogd.nix
@@ -0,0 +1,124 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.syslogd;
+
+  syslogConf = pkgs.writeText "syslog.conf" ''
+    ${if (cfg.tty != "") then "kern.warning;*.err;authpriv.none /dev/${cfg.tty}" else ""}
+    ${cfg.defaultConfig}
+    ${cfg.extraConfig}
+  '';
+
+  defaultConf = ''
+    # Send emergency messages to all users.
+    *.emerg                       *
+
+    # "local1" is used for dhcpd messages.
+    local1.*                     -/var/log/dhcpd
+
+    mail.*                       -/var/log/mail
+
+    *.=warning;*.=err            -/var/log/warn
+    *.crit                        /var/log/warn
+
+    *.*;mail.none;local1.none    -/var/log/messages
+  '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.syslogd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable syslogd.  Note that systemd also logs
+          syslog messages, so you normally don't need to run syslogd.
+        '';
+      };
+
+      tty = mkOption {
+        type = types.str;
+        default = "tty10";
+        description = ''
+          The tty device on which syslogd will print important log
+          messages. Leave this option blank to disable tty logging.
+        '';
+      };
+
+      defaultConfig = mkOption {
+        type = types.lines;
+        default = defaultConf;
+        description = ''
+          The default <filename>syslog.conf</filename> file configures a
+          fairly standard setup of log files, which can be extended by
+          means of <varname>extraConfig</varname>.
+        '';
+      };
+
+      enableNetworkInput = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Accept logging through UDP. Option -r of syslogd(8).
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        example = "news.* -/var/log/news";
+        description = ''
+          Additional text appended to <filename>syslog.conf</filename>,
+          i.e. the contents of <varname>defaultConfig</varname>.
+        '';
+      };
+
+      extraParams = mkOption {
+        type = types.listOf types.string;
+        default = [ ];
+        example = [ "-m 0" ];
+        description = ''
+          Additional parameters passed to <command>syslogd</command>.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.sysklogd ];
+
+    services.syslogd.extraParams = optional cfg.enableNetworkInput "-r";
+
+    # FIXME: restarting syslog seems to break journal logging.
+    systemd.services.syslog =
+      { description = "Syslog Daemon";
+
+        requires = [ "syslog.socket" ];
+
+        wantedBy = [ "multi-user.target" ];
+
+        serviceConfig =
+          { ExecStart = "${pkgs.sysklogd}/sbin/syslogd ${toString cfg.extraParams} -f ${syslogConf} -n";
+            # Prevent syslogd output looping back through journald.
+            StandardOutput = "null";
+          };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/mail/dovecot.nix b/nixos/modules/services/mail/dovecot.nix
new file mode 100644
index 000000000000..92682d644f41
--- /dev/null
+++ b/nixos/modules/services/mail/dovecot.nix
@@ -0,0 +1,168 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.dovecot2;
+
+  dovecotConf =
+    ''
+      base_dir = /var/run/dovecot2/
+
+      protocols = ${optionalString cfg.enableImap "imap"} ${optionalString cfg.enablePop3 "pop3"}
+    ''
+    + (if cfg.sslServerCert!="" then
+    ''
+      ssl_cert = <${cfg.sslServerCert}
+      ssl_key = <${cfg.sslServerKey}
+      ssl_ca = <${cfg.sslCACert}
+      disable_plaintext_auth = yes
+    '' else ''
+      ssl = no
+      disable_plaintext_auth = no
+    '')
+
+    + ''
+      default_internal_user = ${cfg.user}
+
+      mail_location = ${cfg.mailLocation}
+
+      maildir_copy_with_hardlinks = yes
+
+      auth_mechanisms = plain login
+      service auth {
+        user = root
+      }
+      userdb {
+        driver = passwd
+      }
+      passdb {
+        driver = pam
+        args = ${optionalString cfg.showPAMFailure "failure_show_msg=yes"} dovecot2
+      }
+
+      pop3_uidl_format = %08Xv%08Xu
+    '' + cfg.extraConfig;
+
+  confFile = pkgs.writeText "dovecot.conf" dovecotConf;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.dovecot2 = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the Dovecot 2.x POP3/IMAP server.";
+      };
+
+      enablePop3 = mkOption {
+        default = true;
+        description = "Start the POP3 listener (when Dovecot is enabled).";
+      };
+
+      enableImap = mkOption {
+        default = true;
+        description = "Start the IMAP listener (when Dovecot is enabled).";
+      };
+
+      user = mkOption {
+        default = "dovecot2";
+        description = "Dovecot user name.";
+      };
+
+      group = mkOption {
+        default = "dovecot2";
+        description = "Dovecot group name.";
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        example = "mail_debug = yes";
+        description = "Additional entries to put verbatim into Dovecot's config file.";
+      };
+
+      mailLocation = mkOption {
+        default = "maildir:/var/spool/mail/%u"; /* Same as inbox, as postfix */
+        example = "maildir:~/mail:INBOX=/var/spool/mail/%u";
+        description = ''
+          Location that dovecot will use for mail folders. Dovecot mail_location option.
+        '';
+      };
+
+      sslServerCert = mkOption {
+        default = "";
+        description = "Server certificate";
+      };
+
+      sslCACert = mkOption {
+        default = "";
+        description = "CA certificate used by the server certificate.";
+      };
+
+      sslServerKey = mkOption {
+        default = "";
+        description = "Server key.";
+      };
+
+      showPAMFailure = mkOption {
+        default = false;
+        description = "Show the PAM failure message on authentication error (useful for OTPW).";
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.dovecot2.enable {
+
+    security.pam.services.dovecot2 = {};
+
+    users.extraUsers = [
+      { name = cfg.user;
+        uid = config.ids.uids.dovecot2;
+        description = "Dovecot user";
+        group = cfg.group;
+      }
+      { name = "dovenull";
+        uid = config.ids.uids.dovenull2;
+        description = "Dovecot user for untrusted logins";
+        group = cfg.group;
+      }
+    ];
+
+    users.extraGroups = singleton
+      { name = cfg.group;
+        gid = config.ids.gids.dovecot2;
+      };
+
+    jobs.dovecot2 =
+      { description = "Dovecot IMAP/POP3 server";
+
+        startOn = "started networking";
+
+        preStart =
+          ''
+            ${pkgs.coreutils}/bin/mkdir -p /var/run/dovecot2 /var/run/dovecot2/login
+            ${pkgs.coreutils}/bin/chown -R ${cfg.user}:${cfg.group} /var/run/dovecot2
+          '';
+
+        exec = "${pkgs.dovecot}/sbin/dovecot -F -c ${confFile}";
+      };
+
+    environment.systemPackages = [ pkgs.dovecot ];
+
+    assertions = [{ assertion = cfg.enablePop3 || cfg.enableImap;
+                    message = "dovecot needs at least one of the IMAP or POP3 listeners enabled";}];
+
+  };
+
+}
diff --git a/nixos/modules/services/mail/freepops.nix b/nixos/modules/services/mail/freepops.nix
new file mode 100644
index 000000000000..79f211ad86e3
--- /dev/null
+++ b/nixos/modules/services/mail/freepops.nix
@@ -0,0 +1,87 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.mail.freepopsd;
+in
+
+{
+  options = {
+    services.mail.freepopsd = {
+      enable = mkOption {
+        default = false;
+        type = with types; bool;
+        description = ''
+          Enables Freepops, a POP3 webmail wrapper.
+        '';
+      };
+
+      port = mkOption {
+        default = 2000;
+        type = with types; uniq int;
+        description = ''
+          Port on which the pop server will listen.
+        '';
+      };
+
+      threads = mkOption {
+        default = 5;
+        type = with types; uniq int;
+        description = ''
+          Max simultaneous connections.
+        '';
+      };
+
+      bind = mkOption {
+        default = "0.0.0.0";
+        type = types.str;
+        description = ''
+          Bind over an IPv4 address instead of any.
+        '';
+      };
+
+      logFile = mkOption {
+        default = "/var/log/freepopsd";
+        example = "syslog";
+        type = types.str;
+        description = ''
+          Filename of the log file or syslog to rely on the logging daemon.
+        '';
+      };
+
+      suid = {
+        user = mkOption {
+          default = "nobody";
+          type = types.str;
+          description = ''
+            User name under which freepopsd will be after binding the port.
+          '';
+        };
+
+        group = mkOption {
+          default = "nogroup";
+          type = types.str;
+          description = ''
+            Group under which freepopsd will be after binding the port.
+          '';
+        };
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+    jobs.freepopsd = {
+      description = "Freepopsd (webmail over POP3)";
+      startOn = "ip-up";
+      exec = ''${pkgs.freepops}/bin/freepopsd \
+        -p ${toString cfg.port} \
+        -t ${toString cfg.threads} \
+        -b ${cfg.bind} \
+        -vv -l ${cfg.logFile} \
+        -s ${cfg.suid.user}.${cfg.suid.group}
+      '';
+    };
+  };
+}
diff --git a/nixos/modules/services/mail/mail.nix b/nixos/modules/services/mail/mail.nix
new file mode 100644
index 000000000000..bad0b22625dc
--- /dev/null
+++ b/nixos/modules/services/mail/mail.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.mail = {
+
+      sendmailSetuidWrapper = mkOption {
+        default = null;
+        description = ''
+          Configuration for the sendmail setuid wrwapper (like an element of
+          security.setuidOwners)";
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf (config.services.mail.sendmailSetuidWrapper != null) {
+
+    security.setuidOwners = [ config.services.mail.sendmailSetuidWrapper ];
+
+  };
+
+}
diff --git a/nixos/modules/services/mail/opensmtpd.nix b/nixos/modules/services/mail/opensmtpd.nix
new file mode 100644
index 000000000000..2732fd602004
--- /dev/null
+++ b/nixos/modules/services/mail/opensmtpd.nix
@@ -0,0 +1,83 @@
+{ pkgs, config, ... }:
+
+with pkgs;
+with pkgs.lib;
+
+let
+
+  cfg = config.services.opensmtpd;
+  conf = writeText "smtpd.conf" cfg.serverConfiguration;
+  args = concatStringsSep " " cfg.extraServerArgs;
+
+in {
+
+  ###### interface
+
+  options = {
+
+    services.opensmtpd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the OpenSMTPD server.";
+      };
+
+      extraServerArgs = mkOption {
+        type = types.listOf types.string;
+        default = [];
+        example = [ "-v" "-P mta" ];
+        description = ''
+          Extra command line arguments provided when the smtpd process
+          is started.
+        '';
+      };
+
+      serverConfiguration = mkOption {
+        type = types.string;
+        default = "";
+        example = ''
+          listen on lo
+          accept for any deliver to lmtp localhost:24
+        ''; 
+        description = ''
+          The contents of the smtpd.conf configuration file. See the
+          OpenSMTPD documentation for syntax information. If this option
+          is left empty, the OpenSMTPD server will not start.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.opensmtpd.enable {
+    users.extraGroups = {
+      smtpd.gid = config.ids.gids.smtpd;
+      smtpq.gid = config.ids.gids.smtpq;
+    };
+
+    users.extraUsers = {
+      smtpd = {
+        description = "OpenSMTPD process user";
+        uid = config.ids.uids.smtpd;
+        group = "smtpd";
+      };
+      smtpq = {
+        description = "OpenSMTPD queue user";
+        uid = config.ids.uids.smtpq;
+        group = "smtpq";
+      };
+    };
+
+    systemd.services.opensmtpd = {
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "network.target" ];
+      after = [ "network.target" ];
+      preStart = "mkdir -p /var/spool";
+      serviceConfig.ExecStart = "${opensmtpd}/sbin/smtpd -d -f ${conf} ${args}";
+    };
+  };
+}
diff --git a/nixos/modules/services/mail/postfix.nix b/nixos/modules/services/mail/postfix.nix
new file mode 100644
index 000000000000..2633289b46d5
--- /dev/null
+++ b/nixos/modules/services/mail/postfix.nix
@@ -0,0 +1,405 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.postfix;
+  user = cfg.user;
+  group = cfg.group;
+  setgidGroup = cfg.setgidGroup;
+
+  mainCf =
+    ''
+      queue_directory = /var/postfix/queue
+      command_directory = ${pkgs.postfix}/sbin
+      daemon_directory = ${pkgs.postfix}/libexec/postfix
+
+      mail_owner = ${user}
+      default_privs = nobody
+
+    ''
+    + optionalString config.networking.enableIPv6 ''
+      inet_protocols = all
+    ''
+    + (if cfg.networks != null then
+        ''
+          mynetworks = ${concatStringsSep ", " cfg.networks}
+        ''
+      else if cfg.networksStyle != "" then
+        ''
+          mynetworks_style = ${cfg.networksStyle}
+        ''
+      else
+        # Postfix default is subnet, but let's play safe
+        ''
+          mynetworks_style = host
+        '')
+    + optionalString (cfg.hostname != "") ''
+      myhostname = ${cfg.hostname}
+    ''
+    + optionalString (cfg.domain != "") ''
+      mydomain = ${cfg.domain}
+    ''
+    + optionalString (cfg.origin != "") ''
+      myorigin = ${cfg.origin}
+    ''
+    + optionalString (cfg.destination != null) ''
+      mydestination = ${concatStringsSep ", " cfg.destination}
+    ''
+    + optionalString (cfg.relayDomains != null) ''
+      relay_domains = ${concatStringsSep ", " cfg.relayDomains}
+    ''
+    + ''
+      local_recipient_maps =
+
+      relayhost = ${if cfg.lookupMX || cfg.relayHost == "" then
+          cfg.relayHost
+        else
+          "[" + cfg.relayHost + "]"}
+
+      alias_maps = hash:/var/postfix/conf/aliases
+
+      mail_spool_directory = /var/spool/mail/
+
+      setgid_group = ${setgidGroup}
+    ''
+    + optionalString (cfg.sslCert != "") ''
+
+      smtp_tls_CAfile = ${cfg.sslCACert}
+      smtp_tls_cert_file = ${cfg.sslCert}
+      smtp_tls_key_file = ${cfg.sslKey}
+
+      smtp_use_tls = yes
+
+      smtpd_tls_CAfile = ${cfg.sslCACert}
+      smtpd_tls_cert_file = ${cfg.sslCert}
+      smtpd_tls_key_file = ${cfg.sslKey}
+
+      smtpd_use_tls = yes
+
+      recipientDelimiter = ${cfg.recipientDelimiter}
+    ''
+    + optionalString (cfg.virtual != "") ''
+      virtual_alias_maps = hash:/etc/postfix/virtual
+    ''
+    + cfg.extraConfig;
+
+  masterCf = ''
+    # ==========================================================================
+    # service type  private unpriv  chroot  wakeup  maxproc command + args
+    #               (yes)   (yes)   (yes)   (never) (100)
+    # ==========================================================================
+    smtp      inet  n       -       n       -       -       smtpd
+    #submission inet n       -       n       -       -       smtpd
+    #  -o smtpd_tls_security_level=encrypt
+    #  -o smtpd_sasl_auth_enable=yes
+    #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+    #  -o milter_macro_daemon_name=ORIGINATING
+    pickup    fifo  n       -       n       60      1       pickup
+    cleanup   unix  n       -       n       -       0       cleanup
+    qmgr      fifo  n       -       n       300     1       qmgr
+    tlsmgr    unix  -       -       n       1000?   1       tlsmgr
+    rewrite   unix  -       -       n       -       -       trivial-rewrite
+    bounce    unix  -       -       n       -       0       bounce
+    defer     unix  -       -       n       -       0       bounce
+    trace     unix  -       -       n       -       0       bounce
+    verify    unix  -       -       n       -       1       verify
+    flush     unix  n       -       n       1000?   0       flush
+    proxymap  unix  -       -       n       -       -       proxymap
+    proxywrite unix -       -       n       -       1       proxymap
+    smtp      unix  -       -       n       -       -       smtp
+    relay     unix  -       -       n       -       -       smtp
+    	      -o smtp_fallback_relay=
+    #       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+    showq     unix  n       -       n       -       -       showq
+    error     unix  -       -       n       -       -       error
+    retry     unix  -       -       n       -       -       error
+    discard   unix  -       -       n       -       -       discard
+    local     unix  -       n       n       -       -       local
+    virtual   unix  -       n       n       -       -       virtual
+    lmtp      unix  -       -       n       -       -       lmtp
+    anvil     unix  -       -       n       -       1       anvil
+    scache    unix  -       -       n       -       1       scache
+    ${cfg.extraMasterConf}
+  '';
+
+  aliases =
+    optionalString (cfg.postmasterAlias != "") ''
+      postmaster: ${cfg.postmasterAlias}
+    ''
+    + optionalString (cfg.rootAlias != "") ''
+      root: ${cfg.rootAlias}
+    ''
+    + cfg.extraAliases
+  ;
+
+  aliasesFile = pkgs.writeText "postfix-aliases" aliases;
+  virtualFile = pkgs.writeText "postfix-virtual" cfg.virtual;
+  mainCfFile = pkgs.writeText "postfix-main.cf" mainCf;
+  masterCfFile = pkgs.writeText "postfix-master.cf" masterCf;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.postfix = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to run the Postfix mail server.";
+      };
+
+      setSendmail = mkOption {
+        default = true;
+        description = "Whether to set the system sendmail to postfix's.";
+      };
+
+      user = mkOption {
+        default = "postfix";
+        description = "What to call the Postfix user (must be used only for postfix).";
+      };
+
+      group = mkOption {
+        default = "postfix";
+        description = "What to call the Postfix group (must be used only for postfix).";
+      };
+
+      setgidGroup = mkOption {
+        default = "postdrop";
+        description = "
+          How to call postfix setgid group (for postdrop). Should
+          be uniquely used group.
+        ";
+      };
+
+      networks = mkOption {
+        default = null;
+        example = ["192.168.0.1/24"];
+        description = "
+          Net masks for trusted - allowed to relay mail to third parties -
+          hosts. Leave empty to use mynetworks_style configuration or use
+          default (localhost-only).
+        ";
+      };
+
+      networksStyle = mkOption {
+        default = "";
+        description = "
+          Name of standard way of trusted network specification to use,
+          leave blank if you specify it explicitly or if you want to use
+          default (localhost-only).
+        ";
+      };
+
+      hostname = mkOption {
+        default = "";
+        description ="
+          Hostname to use. Leave blank to use just the hostname of machine.
+          It should be FQDN.
+        ";
+      };
+
+      domain = mkOption {
+        default = "";
+        description ="
+          Domain to use. Leave blank to use hostname minus first component.
+        ";
+      };
+
+      origin = mkOption {
+        default = "";
+        description ="
+          Origin to use in outgoing e-mail. Leave blank to use hostname.
+        ";
+      };
+
+      destination = mkOption {
+        default = null;
+        example = ["localhost"];
+        description = "
+          Full (!) list of domains we deliver locally. Leave blank for
+          acceptable Postfix default.
+        ";
+      };
+
+      relayDomains = mkOption {
+        default = null;
+        example = ["localdomain"];
+        description = "
+          List of domains we agree to relay to. Default is the same as
+          destination.
+        ";
+      };
+
+      relayHost = mkOption {
+        default = "";
+        description = "
+          Mail relay for outbound mail.
+        ";
+      };
+
+      lookupMX = mkOption {
+        default = false;
+        description = "
+          Whether relay specified is just domain whose MX must be used.
+        ";
+      };
+
+      postmasterAlias = mkOption {
+        default = "root";
+        description = "Who should receive postmaster e-mail.";
+      };
+
+      rootAlias = mkOption {
+        default = "";
+        description = "
+          Who should receive root e-mail. Blank for no redirection.
+        ";
+      };
+
+      extraAliases = mkOption {
+        default = "";
+        description = "
+          Additional entries to put verbatim into aliases file.
+        ";
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = "
+          Extra lines to be added verbatim to the main.cf configuration file.
+        ";
+      };
+
+      sslCert = mkOption {
+        default = "";
+        description = "SSL certificate to use.";
+      };
+
+      sslCACert = mkOption {
+        default = "";
+        description = "SSL certificate of CA.";
+      };
+
+      sslKey = mkOption {
+        default = "";
+        description = "SSL key to use.";
+      };
+
+      recipientDelimiter = mkOption {
+        default = "";
+        example = "+";
+        description = "
+          Delimiter for address extension: so mail to user+test can be handled by ~user/.forward+test
+        ";
+      };
+
+      virtual = mkOption {
+        default = "";
+        description = "
+          Entries for the virtual alias map.
+        ";
+      };
+
+      extraMasterConf = mkOption {
+        default = "";
+        example = "submission inet n - n - - smtpd";
+        description = "Extra lines to append to the generated master.cf file.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.postfix.enable {
+
+    environment = {
+      etc = singleton
+        { source = "/var/postfix/conf";
+          target = "postfix";
+        };
+
+      # This makes comfortable for root to run 'postqueue' for example.
+      systemPackages = [ pkgs.postfix ];
+    };
+
+    services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
+      program = "sendmail";
+      source = "${pkgs.postfix}/bin/sendmail";
+      owner = "nobody";
+      group = "postdrop";
+      setuid = false;
+      setgid = true;
+    };
+
+    users.extraUsers = singleton
+      { name = user;
+        description = "Postfix mail server user";
+        uid = config.ids.uids.postfix;
+        group = group;
+      };
+
+    users.extraGroups =
+      [ { name = group;
+          gid = config.ids.gids.postfix;
+        }
+        { name = setgidGroup;
+          gid = config.ids.gids.postdrop;
+        }
+      ];
+
+    jobs.postfix =
+      # I copy _lots_ of shipped configuration filed
+      # that can be left as is. I am afraid the exact
+      # will list slightly change in next Postfix
+      # release, so listing them all one-by-one in an
+      # accurate way is unlikely to be better.
+      { description = "Postfix mail server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        daemonType = "fork";
+
+        preStart =
+          ''
+            if ! [ -d /var/spool/postfix ]; then
+              ${pkgs.coreutils}/bin/mkdir -p /var/spool/mail /var/postfix/conf /var/postfix/queue
+            fi
+
+            ${pkgs.coreutils}/bin/chown -R ${user}:${group} /var/postfix
+            ${pkgs.coreutils}/bin/chown -R ${user}:${setgidGroup} /var/postfix/queue
+            ${pkgs.coreutils}/bin/chmod -R ug+rwX /var/postfix/queue
+            ${pkgs.coreutils}/bin/chown root:root /var/spool/mail
+            ${pkgs.coreutils}/bin/chmod a+rwxt /var/spool/mail
+
+            ln -sf "${pkgs.postfix}/share/postfix/conf/"* /var/postfix/conf
+
+            ln -sf ${aliasesFile} /var/postfix/conf/aliases
+            ln -sf ${virtualFile} /var/postfix/conf/virtual
+            ln -sf ${mainCfFile} /var/postfix/conf/main.cf
+            ln -sf ${masterCfFile} /var/postfix/conf/master.cf
+
+            ${pkgs.postfix}/sbin/postalias -c /var/postfix/conf /var/postfix/conf/aliases
+            ${pkgs.postfix}/sbin/postmap -c /var/postfix/conf /var/postfix/conf/virtual
+
+            ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf start
+          '';
+
+        preStop = ''
+            ${pkgs.postfix}/sbin/postfix -c /var/postfix/conf stop
+        '';
+
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/mail/spamassassin.nix b/nixos/modules/services/mail/spamassassin.nix
new file mode 100644
index 000000000000..aaf1dfcc210c
--- /dev/null
+++ b/nixos/modules/services/mail/spamassassin.nix
@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.spamassassin;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.spamassassin = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to run the SpamAssassin daemon.";
+      };
+
+      debug = mkOption {
+        default = false;
+        description = "Whether to run the SpamAssassin daemon in debug mode.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    # Allow users to run 'spamc'.
+    environment.systemPackages = [ pkgs.spamassassin ];
+
+    users.extraUsers = singleton {
+    name = "spamd";
+      description = "Spam Assassin Daemon";
+      uid = config.ids.uids.spamd;
+      group = "spamd";
+    };
+
+    users.extraGroups = singleton {
+      name = "spamd";
+      gid = config.ids.gids.spamd;
+    };
+
+    jobs.spamd = {
+      description = "Spam Assassin Server";
+
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      exec = "${pkgs.spamassassin}/bin/spamd ${optionalString cfg.debug "-D"} --username=spamd --groupname=spamd --nouser-config --virtual-config-dir=/var/lib/spamassassin/user-%u --allow-tell --pidfile=/var/run/spamd.pid";
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/autofs.nix b/nixos/modules/services/misc/autofs.nix
new file mode 100644
index 000000000000..50491c556e8a
--- /dev/null
+++ b/nixos/modules/services/misc/autofs.nix
@@ -0,0 +1,120 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.autofs;
+
+  autoMaster = pkgs.writeText "auto.master" cfg.autoMaster;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.autofs = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Mount filesystems on demand. Unmount them automatically.
+          You may also be interested in afuese.
+        ";
+      };
+
+      autoMaster = mkOption {
+        example = literalExample ''
+          autoMaster = let
+            mapConf = pkgs.writeText "auto" '''
+             kernel    -ro,soft,intr       ftp.kernel.org:/pub/linux
+             boot      -fstype=ext2        :/dev/hda1
+             windoze   -fstype=smbfs       ://windoze/c
+             removable -fstype=ext2        :/dev/hdd
+             cd        -fstype=iso9660,ro  :/dev/hdc
+             floppy    -fstype=auto        :/dev/fd0
+             server    -rw,hard,intr       / -ro myserver.me.org:/ \
+                                           /usr myserver.me.org:/usr \
+                                           /home myserver.me.org:/home
+            ''';
+          in '''
+            /auto file:''${mapConf}
+          '''
+        '';
+        description = "
+          file contents of /etc/auto.master. See man auto.master
+          See man 5 auto.master and man 5 autofs.
+        ";
+      };
+
+      timeout = mkOption {
+        default = 600;
+        description = "Set the global minimum timeout, in seconds, until directories are unmounted";
+      };
+
+      debug = mkOption {
+        default = false;
+        description = "
+        pass -d and -7 to automount and write log to /var/log/autofs
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.etc = singleton
+      { target = "auto.master";
+        source = pkgs.writeText "auto.master" cfg.autoMaster;
+      };
+
+    boot.kernelModules = [ "autofs4" ];
+
+    jobs.autofs =
+      { description = "Filesystem automounter";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        path = [ pkgs.nfsUtils pkgs.sshfsFuse ];
+
+        preStop =
+          ''
+            set -e; while :; do pkill -TERM automount; sleep 1; done
+          '';
+
+        # automount doesn't clean up when receiving SIGKILL.
+        # umount -l should unmount the directories recursively when they are no longer used
+        # It does, but traces are left in /etc/mtab. So unmount recursively..
+        postStop =
+          ''
+          PATH=${pkgs.gnused}/bin:${pkgs.coreutils}/bin
+          exec &> /tmp/logss
+          # double quote for sed:
+          escapeSpaces(){ sed 's/ /\\\\040/g'; }
+          unescapeSpaces(){ sed 's/\\040/ /g'; }
+          sed -n 's@^\s*\(\([^\\ ]\|\\ \)*\)\s.*@\1@p' ${autoMaster} | sed 's/[\\]//' | while read mountPoint; do
+            sed -n "s@[^ ]\+\s\+\($(echo "$mountPoint"| escapeSpaces)[^ ]*\).*@\1@p" /proc/mounts | sort -r | unescapeSpaces| while read smountP; do
+              ${pkgs.utillinux}/bin/umount -l "$smountP" || true
+            done
+          done
+          '';
+
+        script =
+          ''
+            ${if cfg.debug then "exec &> /var/log/autofs" else ""}
+            exec ${pkgs.autofs5}/sbin/automount ${if cfg.debug then "-d" else ""} -f -t ${builtins.toString cfg.timeout} "${autoMaster}" ${if cfg.debug then "-l7" else ""}
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/cgminer.nix b/nixos/modules/services/misc/cgminer.nix
new file mode 100644
index 000000000000..890d7a4020bc
--- /dev/null
+++ b/nixos/modules/services/misc/cgminer.nix
@@ -0,0 +1,140 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.cgminer;
+
+  convType = with builtins;
+    v: if isBool v then (if v then "true" else "false") else toString v;
+  mergedHwConfig =
+    mapAttrsToList (n: v: ''"${n}": "${(concatStringsSep "," (map convType v))}"'')
+      (foldAttrs (n: a: [n] ++ a) [] cfg.hardware);
+  mergedConfig = with builtins;
+    mapAttrsToList (n: v: ''"${n}":  ${if isBool v then "" else ''"''}${convType v}${if isBool v then "" else ''"''}'')
+      cfg.config;
+
+  cgminerConfig = pkgs.writeText "cgminer.conf" ''
+  {
+  ${concatStringsSep ",\n" mergedHwConfig},
+  ${concatStringsSep ",\n" mergedConfig},
+  "pools": [
+  ${concatStringsSep ",\n"
+    (map (v: ''{"url": "${v.url}", "user": "${v.user}", "pass": "${v.pass}"}'')
+          cfg.pools)}]
+  }
+  '';
+in
+{
+  ###### interface
+  options = {
+
+    services.cgminer = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable cgminer, an ASIC/FPGA/GPU miner for bitcoin and
+          litecoin.
+        '';
+      };
+
+      package = mkOption {
+        default = pkgs.cgminer;
+        description = "Which cgminer derivation to use.";
+      };
+
+      user = mkOption {
+        default = "cgminer";
+        description = "User account under which cgminer runs";
+      };
+
+      pools = mkOption {
+        default = [];  # Run benchmark
+        description = "List of pools where to mine";
+        example = [{
+          url = "http://p2pool.org:9332";
+          username = "17EUZxTvs9uRmPsjPZSYUU3zCz9iwstudk";
+          password="X";
+        }];
+      };
+
+      hardware = mkOption {
+        default = []; # Run without options
+        description= "List of config options for every GPU";
+        example = [
+        {
+          intensity = 9;
+          gpu-engine = "0-985";
+          gpu-fan = "0-85";
+          gpu-memclock = 860;
+          gpu-powertune = 20;
+          temp-cutoff = 95;
+          temp-overheat = 85;
+          temp-target = 75;
+        }
+        {
+          intensity = 9;
+          gpu-engine = "0-950";
+          gpu-fan = "0-85";
+          gpu-memclock = 825;
+          gpu-powertune = 20;
+          temp-cutoff = 95;
+          temp-overheat = 85;
+          temp-target = 75;
+        }];
+      };
+
+      config = mkOption {
+        default = {};
+        description = "Additional config";
+        example = {
+          auto-fan = true;
+          auto-gpu = true;
+          expiry = 120;
+          failover-only = true;
+          gpu-threads = 2;
+          log = 5;
+          queue = 1;
+          scan-time = 60;
+          temp-histeresys = 3;
+        };
+      };
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.cgminer.enable {
+
+    users.extraUsers = singleton
+      { name = cfg.user;
+        description = "Cgminer user";
+      };
+
+    environment.systemPackages = [ cfg.package ];
+
+    systemd.services.cgminer = {
+      path = [ pkgs.cgminer ];
+
+      after = [ "display-manager.target" "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      environment = { 
+        LD_LIBRARY_PATH = ''/run/opengl-driver/lib:/run/opengl-driver-32/lib'';
+        DISPLAY = ":0";
+        GPU_MAX_ALLOC_PERCENT = "100";
+        GPU_USE_SYNC_OBJECTS = "1";
+      };
+
+      serviceConfig = {
+        ExecStart = "${pkgs.cgminer}/bin/cgminer -T -c ${cgminerConfig}";
+        User = cfg.user;
+        RestartSec = 10;
+      };
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/disnix.nix b/nixos/modules/services/misc/disnix.nix
new file mode 100644
index 000000000000..6419e6f8fc7b
--- /dev/null
+++ b/nixos/modules/services/misc/disnix.nix
@@ -0,0 +1,164 @@
+# Disnix server
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.disnix;
+
+  dysnomia = pkgs.dysnomia.override (origArgs: {
+    enableApacheWebApplication = config.services.httpd.enable;
+    enableAxis2WebService = config.services.tomcat.axis2.enable;
+    enableEjabberdDump = config.services.ejabberd.enable;
+    enableMySQLDatabase = config.services.mysql.enable;
+    enablePostgreSQLDatabase = config.services.postgresql.enable;
+    enableSubversionRepository = config.services.svnserve.enable;
+    enableTomcatWebApplication = config.services.tomcat.enable;
+  });
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.disnix = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable Disnix";
+      };
+
+      useWebServiceInterface = mkOption {
+        default = false;
+        description = "Whether to enable the DisnixWebService interface running on Apache Tomcat";
+      };
+
+      publishInfrastructure = {
+        enable = mkOption {
+          default = false;
+          description = "Whether to publish capabilities/properties of this machine in as attributes in the infrastructure option";
+        };
+
+        enableAuthentication = mkOption {
+          default = false;
+          description = "Whether to publish authentication credentials through the infrastructure attribute (not recommended in combination with Avahi)";
+        };
+      };
+
+      infrastructure = mkOption {
+        default = {};
+        description = "List of name value pairs containing properties for the infrastructure model";
+      };
+
+      publishAvahi = mkOption {
+        default = false;
+        description = "Whether to publish capabilities/properties as a Disnix service through Avahi";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.disnix ] ++ optional cfg.useWebServiceInterface pkgs.DisnixWebService;
+
+    services.dbus.enable = true;
+    services.dbus.packages = [ pkgs.disnix ];
+
+    services.avahi.enable = cfg.publishAvahi;
+
+    services.tomcat.enable = cfg.useWebServiceInterface;
+    services.tomcat.extraGroups = [ "disnix" ];
+    services.tomcat.javaOpts = "${optionalString cfg.useWebServiceInterface "-Djava.library.path=${pkgs.libmatthew_java}/lib/jni"} ";
+    services.tomcat.sharedLibs = optional cfg.useWebServiceInterface "${pkgs.DisnixWebService}/share/java/DisnixConnection.jar"
+                                 ++ optional cfg.useWebServiceInterface "${pkgs.dbus_java}/share/java/dbus.jar";
+    services.tomcat.webapps = optional cfg.useWebServiceInterface pkgs.DisnixWebService;
+
+    users.extraGroups = singleton
+      { name = "disnix";
+        gid = config.ids.gids.disnix;
+      };
+
+    services.disnix.infrastructure =
+      optionalAttrs (cfg.publishInfrastructure.enable)
+      ( { hostname = config.networking.hostName;
+          #targetHost = config.deployment.targetHost;
+          system = if config.nixpkgs.system == "" then builtins.currentSystem else config.nixpkgs.system;
+          
+          supportedTypes = (import "${pkgs.stdenv.mkDerivation {
+            name = "supportedtypes";
+            buildCommand = ''
+              ( echo -n "[ "
+                cd ${dysnomia}/libexec/dysnomia
+                for i in *
+                do
+                    echo -n "\"$i\" "
+                done
+                echo -n " ]") > $out
+            '';
+          }}");
+        }
+        #// optionalAttrs (cfg.useWebServiceInterface) { targetEPR = "http://${config.deployment.targetHost}:8080/DisnixWebService/services/DisnixWebService"; }
+        // optionalAttrs (config.services.httpd.enable) { documentRoot = config.services.httpd.documentRoot; }
+        // optionalAttrs (config.services.mysql.enable) { mysqlPort = config.services.mysql.port; }
+        // optionalAttrs (config.services.tomcat.enable) { tomcatPort = 8080; }
+        // optionalAttrs (config.services.svnserve.enable) { svnBaseDir = config.services.svnserve.svnBaseDir; }
+        // optionalAttrs (cfg.publishInfrastructure.enableAuthentication) (
+          optionalAttrs (config.services.mysql.enable) { mysqlUsername = "root"; mysqlPassword = builtins.readFile config.services.mysql.rootPassword; })
+        )
+    ;
+
+    services.disnix.publishInfrastructure.enable = cfg.publishAvahi;
+
+    jobs = {
+      disnix =
+        { description = "Disnix server";
+        
+          wantedBy = [ "multi-user.target" ];
+          after = [ "dbus.service" ]
+            ++ optional config.services.httpd.enable "httpd.service"
+            ++ optional config.services.mysql.enable "mysql.service"
+            ++ optional config.services.tomcat.enable "tomcat.service"
+            ++ optional config.services.svnserve.enable "svnserve.service";
+
+          restartIfChanged = false;
+          
+          path = [ pkgs.nix pkgs.disnix ];
+        
+          script =
+          ''
+            export HOME=/root
+            disnix-service --dysnomia-modules-dir=${dysnomia}/libexec/dysnomia
+          '';
+        };
+    } // optionalAttrs cfg.publishAvahi {
+      disnixAvahi =
+        { description = "Disnix Avahi publisher";
+
+          startOn = "started avahi-daemon";
+
+          exec =
+          ''
+            ${pkgs.avahi}/bin/avahi-publish-service disnix-${config.networking.hostName} _disnix._tcp 22 \
+              "mem=$(grep 'MemTotal:' /proc/meminfo | sed -e 's/kB//' -e 's/MemTotal://' -e 's/ //g')" \
+              ${concatMapStrings (infrastructureAttrName:
+                let infrastructureAttrValue = getAttr infrastructureAttrName (cfg.infrastructure);
+                in
+                if builtins.isInt infrastructureAttrValue then
+                ''${infrastructureAttrName}=${toString infrastructureAttrValue} \
+                ''
+                else
+                ''${infrastructureAttrName}=\"${infrastructureAttrValue}\" \
+                ''
+                ) (attrNames (cfg.infrastructure))}
+          '';
+        };
+    };
+  };
+}
diff --git a/nixos/modules/services/misc/felix.nix b/nixos/modules/services/misc/felix.nix
new file mode 100644
index 000000000000..2da50fc85957
--- /dev/null
+++ b/nixos/modules/services/misc/felix.nix
@@ -0,0 +1,110 @@
+# Felix server
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.felix;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.felix = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the Apache Felix OSGi service";
+      };
+
+      bundles = mkOption {
+        default = [ pkgs.felix_remoteshell ];
+        description = "List of bundles that should be activated on startup";
+      };
+
+      user = mkOption {
+        default = "osgi";
+        description = "User account under which Apache Felix runs.";
+      };
+
+      group = mkOption {
+        default = "osgi";
+        description = "Group account under which Apache Felix runs.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    users.extraGroups = singleton
+      { name = "osgi";
+        gid = config.ids.gids.osgi;
+      };
+
+    users.extraUsers = singleton
+      { name = "osgi";
+        uid = config.ids.uids.osgi;
+        description = "OSGi user";
+        home = "/homeless-shelter";
+      };
+
+    jobs.felix =
+      { description = "Felix server";
+
+        preStart =
+	  ''
+	    # Initialise felix instance on first startup
+	    if [ ! -d /var/felix ]
+	    then
+	        # Symlink system files
+
+	        mkdir -p /var/felix
+		chown ${cfg.user}:${cfg.group} /var/felix
+
+		for i in ${pkgs.felix}/*
+		do
+		    if [ "$i" != "${pkgs.felix}/bundle" ]
+		    then
+		        ln -sfn $i /var/felix/$(basename $i)
+		    fi
+		done
+
+		# Symlink bundles
+		mkdir -p /var/felix/bundle
+		chown ${cfg.user}:${cfg.group} /var/felix/bundle
+
+		for i in ${pkgs.felix}/bundle/* ${toString cfg.bundles}
+		do
+		    if [ -f $i ]
+		    then
+		        ln -sfn $i /var/felix/bundle/$(basename $i)
+		    elif [ -d $i ]
+		    then
+		        for j in $i/bundle/*
+			do
+			    ln -sfn $j /var/felix/bundle/$(basename $j)
+			done
+		    fi
+		done
+	    fi
+	  '';
+
+        script =
+          ''
+	    cd /var/felix
+            ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c '${pkgs.jre}/bin/java -jar bin/felix.jar'
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/folding-at-home.nix b/nixos/modules/services/misc/folding-at-home.nix
new file mode 100644
index 000000000000..9f4c4645279f
--- /dev/null
+++ b/nixos/modules/services/misc/folding-at-home.nix
@@ -0,0 +1,74 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  stateDir = "/var/lib/foldingathome";
+  cfg = config.services.foldingAtHome;
+  fahUser = "foldingathome";
+in {
+
+  ###### interface
+
+  options = {
+
+    services.foldingAtHome = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the Folding@Home to use idle CPU time.
+        '';
+      };
+
+      nickname = mkOption {
+        default = "Anonymous";
+        description = ''
+          A unique handle for statistics.
+        '';
+      };
+
+      config = mkOption {
+        default = "";
+        description = ''
+          Extra configuration. Contents will be added verbatim to the
+          configuration file.
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = fahUser;
+        uid = config.ids.uids.foldingAtHome;
+        description = "Folding@Home user";
+        home = stateDir;
+      };
+
+    jobs.foldingAtHome =
+      { name = "foldingathome";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${fahUser} ${stateDir}
+            cp -f ${pkgs.writeText "client.cfg" cfg.config} ${stateDir}/client.cfg
+          '';
+        exec = "${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${fahUser} -c 'cd ${stateDir}; ${pkgs.foldingathome}/bin/fah6'";
+      };
+
+      services.foldingAtHome.config = ''
+          [settings]
+          username=${cfg.nickname}
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/gpsd.nix b/nixos/modules/services/misc/gpsd.nix
new file mode 100644
index 000000000000..bc1d1f4575a8
--- /dev/null
+++ b/nixos/modules/services/misc/gpsd.nix
@@ -0,0 +1,104 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  uid = config.ids.uids.gpsd;
+  gid = config.ids.gids.gpsd;
+  cfg = config.services.gpsd;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.gpsd = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable `gpsd', a GPS service daemon.
+        '';
+      };
+
+      device = mkOption {
+        default = "/dev/ttyUSB0";
+        description = ''
+          A device may be a local serial device for GPS input, or a URL of the form:
+               <literal>[{dgpsip|ntrip}://][user:passwd@]host[:port][/stream]</literal>
+          in which case it specifies an input source for DGPS or ntrip data.
+        '';
+      };
+
+      readonly = mkOption {
+        default = true;
+        description = ''
+          Whether to enable the broken-device-safety, otherwise
+          known as read-only mode.  Some popular bluetooth and USB
+          receivers lock up or become totally inaccessible when
+          probed or reconfigured.  This switch prevents gpsd from
+          writing to a receiver.  This means that gpsd cannot
+          configure the receiver for optimal performance, but it
+          also means that gpsd cannot break the receiver.  A better
+          solution would be for Bluetooth to not be so fragile.  A
+          platform independent method to identify
+          serial-over-Bluetooth devices would also be nice.
+        '';
+      };
+
+      port = mkOption {
+        default = 2947;
+        description = ''
+          The port where to listen for TCP connections.
+        '';
+      };
+
+      debugLevel = mkOption {
+        default = 0;
+        description = ''
+          The debugging level.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = "gpsd";
+        inherit uid;
+        description = "gpsd daemon user";
+        home = "/var/empty";
+      };
+
+    users.extraGroups = singleton
+      { name = "gpsd";
+        inherit gid;
+      };
+
+    jobs.gpsd =
+      { description = "GPSD daemon";
+
+        startOn = "ip-up";
+
+        exec =
+          ''
+            ${pkgs.gpsd}/sbin/gpsd -D "${toString cfg.debugLevel}"  \
+              -S "${toString cfg.port}"                             \
+              ${if cfg.readonly then "-b" else ""}                  \
+              "${cfg.device}"
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/gurobi.nix b/nixos/modules/services/misc/gurobi.nix
new file mode 100644
index 000000000000..9cd76a1e78f7
--- /dev/null
+++ b/nixos/modules/services/misc/gurobi.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.gurobi.tokenServer;
+in {
+  options = {
+    services.gurobi.tokenServer = {
+      enable = mkOption {
+        default = false;
+
+        description = "Whether to enable the Gurobi token server";
+
+        type = types.bool;
+      };
+
+      license = mkOption {
+        description = "Path to the Gurobi license file";
+
+        type = types.path;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.gurobi-token-server = {
+      description = "Gurobi token server";
+
+      wantedBy = [ "multi-user.target" ];
+
+      environment.GRB_LICENSE_FILE = cfg.license;
+
+      serviceConfig = {
+        ExecStart = "${pkgs.gurobi}/bin/grb_ts";
+
+        Type = "forking";
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
new file mode 100644
index 000000000000..1707828d0db6
--- /dev/null
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -0,0 +1,367 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.nix;
+
+  nix = cfg.package;
+
+  makeNixBuildUser = nr:
+    { name = "nixbld${toString nr}";
+      description = "Nix build user ${toString nr}";
+
+      /* For consistency with the setgid(2), setuid(2), and setgroups(2)
+         calls in `libstore/build.cc', don't add any supplementary group
+         here except "nixbld".  */
+      uid = builtins.add config.ids.uids.nixbld nr;
+      group = "nixbld";
+      extraGroups = [ "nixbld" ];
+    };
+
+  nixConf =
+    let
+      # Tricky: if we're using a chroot for builds, then we need
+      # /bin/sh in the chroot (our own compromise to purity).
+      # However, since /bin/sh is a symlink to some path in the
+      # Nix store, which furthermore has runtime dependencies on
+      # other paths in the store, we need the closure of /bin/sh
+      # in `build-chroot-dirs' - otherwise any builder that uses
+      # /bin/sh won't work.
+      binshDeps = pkgs.writeReferencesToFile config.system.build.binsh;
+    in
+      pkgs.runCommand "nix.conf" {extraOptions = cfg.extraOptions; } ''
+        extraPaths=$(for i in $(cat ${binshDeps}); do if test -d $i; then echo $i; fi; done)
+        cat > $out <<END
+        # WARNING: this file is generated from the nix.* options in
+        # your NixOS configuration, typically
+        # /etc/nixos/configuration.nix.  Do not edit it!
+        build-users-group = nixbld
+        build-max-jobs = ${toString (cfg.maxJobs)}
+        build-use-chroot = ${if cfg.useChroot then "true" else "false"}
+        build-chroot-dirs = ${toString cfg.chrootDirs} $(echo $extraPaths)
+        binary-caches = ${toString cfg.binaryCaches}
+        trusted-binary-caches = ${toString cfg.trustedBinaryCaches}
+        $extraOptions
+        END
+      '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    nix = {
+
+      package = mkOption {
+        type = types.path;
+        default = pkgs.nix;
+        description = ''
+          This option specifies the Nix package instance to use throughout the system.
+        '';
+      };
+
+      maxJobs = mkOption {
+        type = types.int;
+        default = 1;
+        example = 64;
+        description = "
+          This option defines the maximum number of jobs that Nix will try
+          to build in parallel.  The default is 1.  You should generally
+          set it to the number of CPUs in your system (e.g., 2 on an Athlon
+          64 X2).
+        ";
+      };
+
+      useChroot = mkOption {
+        type = types.bool;
+        default = false;
+        description = "
+          If set, Nix will perform builds in a chroot-environment that it
+          will set up automatically for each build.  This prevents
+          impurities in builds by disallowing access to dependencies
+          outside of the Nix store.
+        ";
+      };
+
+      chrootDirs = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = [ "/dev" "/proc" ];
+        description =
+          ''
+            Directories from the host filesystem to be included
+            in the chroot.
+          '';
+      };
+
+      extraOptions = mkOption {
+        type = types.lines;
+        default = "";
+        example = ''
+          gc-keep-outputs = true
+          gc-keep-derivations = true
+        '';
+        description = "Additional text appended to <filename>nix.conf</filename>.";
+      };
+
+      distributedBuilds = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to distribute builds to the machines listed in
+          <option>nix.buildMachines</option>.
+        '';
+      };
+
+      daemonNiceLevel = mkOption {
+        type = types.int;
+        default = 0;
+        description = ''
+          Nix daemon process priority. This priority propagates to build processes.
+          0 is the default Unix process priority, 20 is the lowest.
+        '';
+      };
+
+      daemonIONiceLevel = mkOption {
+        type = types.int;
+        default = 0;
+        description = ''
+          Nix daemon process I/O priority. This priority propagates to build processes.
+          0 is the default Unix process I/O priority, 7 is the lowest.
+        '';
+      };
+
+      buildMachines = mkOption {
+        type = types.listOf types.attrs;
+        default = [];
+        example = [
+          { hostName = "voila.labs.cs.uu.nl";
+            sshUser = "nix";
+            sshKey = "/root/.ssh/id_buildfarm";
+            system = "powerpc-darwin";
+            maxJobs = 1;
+          }
+          { hostName = "linux64.example.org";
+            sshUser = "buildfarm";
+            sshKey = "/root/.ssh/id_buildfarm";
+            system = "x86_64-linux";
+            maxJobs = 2;
+            supportedFeatures = "kvm";
+            mandatoryFeatures = "perf";
+          }
+        ];
+        description = ''
+          This option lists the machines to be used if distributed
+          builds are enabled (see
+          <option>nix.distributedBuilds</option>).  Nix will perform
+          derivations on those machines via SSH by copying the inputs
+          to the Nix store on the remote machine, starting the build,
+          then copying the output back to the local Nix store.  Each
+          element of the list should be an attribute set containing
+          the machine's host name (<varname>hostname</varname>), the
+          user name to be used for the SSH connection
+          (<varname>sshUser</varname>), the Nix system type
+          (<varname>system</varname>, e.g.,
+          <literal>"i686-linux"</literal>), the maximum number of
+          jobs to be run in parallel on that machine
+          (<varname>maxJobs</varname>), the path to the SSH private
+          key to be used to connect (<varname>sshKey</varname>), a
+          list of supported features of the machine
+          (<varname>supportedFeatures</varname>) and a list of
+          mandatory features of the machine
+          (<varname>mandatoryFeatures</varname>). The SSH private key
+          should not have a passphrase, and the corresponding public
+          key should be added to
+          <filename>~<replaceable>sshUser</replaceable>/authorized_keys</filename>
+          on the remote machine.
+        '';
+      };
+
+      proxy = mkOption {
+        type = types.str;
+        default = "";
+        description = ''
+          This option specifies the proxy to use for fetchurl. The real effect
+          is just exporting http_proxy, https_proxy and ftp_proxy with that
+          value.
+        '';
+        example = "http://127.0.0.1:3128";
+      };
+
+      # Environment variables for running Nix.
+      envVars = mkOption {
+        type = types.attrs;
+        internal = true;
+        default = {};
+        description = "Environment variables used by Nix.";
+      };
+
+      nrBuildUsers = mkOption {
+        type = types.int;
+        default = 10;
+        description = ''
+          Number of <literal>nixbld</literal> user accounts created to
+          perform secure concurrent builds.  If you receive an error
+          message saying that “all build users are currently in use”,
+          you should increase this value.
+        '';
+      };
+
+      readOnlyStore = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          If set, NixOS will enforce the immutability of the Nix store
+          by making <filename>/nix/store</filename> a read-only bind
+          mount.  Nix will automatically make the store writable when
+          needed.
+        '';
+      };
+
+      binaryCaches = mkOption {
+        type = types.listOf types.str;
+        default = [ http://cache.nixos.org/ ];
+        description = ''
+          List of binary cache URLs used to obtain pre-built binaries
+          of Nix packages.
+        '';
+      };
+
+      trustedBinaryCaches = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        example = [ http://hydra.nixos.org/ ];
+        description = ''
+          List of binary cache URLs that non-root users can use (in
+          addition to those specified using
+          <option>nix.binaryCaches</option> by passing
+          <literal>--option binary-caches</literal> to Nix commands.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    nix.chrootDirs = [ "/dev" "/dev/pts" "/proc" "/bin" ];
+
+    environment.etc."nix/nix.conf".source = nixConf;
+
+    # List of machines for distributed Nix builds in the format
+    # expected by build-remote.pl.
+    environment.etc."nix/machines" =
+      { enable = cfg.buildMachines != [];
+        text =
+          concatMapStrings (machine:
+            "${machine.sshUser}@${machine.hostName} "
+            + (if machine ? system then machine.system else concatStringsSep "," machine.systems)
+            + " ${machine.sshKey} ${toString machine.maxJobs} "
+            + (if machine ? speedFactor then toString machine.speedFactor else "1" )
+            + " "
+            + (if machine ? supportedFeatures then concatStringsSep "," machine.supportedFeatures else "" )
+            + " "
+            + (if machine ? mandatoryFeatures then concatStringsSep "," machine.mandatoryFeatures else "" )
+            + "\n"
+          ) cfg.buildMachines;
+      };
+
+    systemd.sockets."nix-daemon" =
+      { description = "Nix Daemon Socket";
+        wantedBy = [ "sockets.target" ];
+        before = [ "multi-user.target" ];
+        socketConfig.ListenStream = "/nix/var/nix/daemon-socket/socket";
+      };
+
+    systemd.services."nix-daemon" =
+      { description = "Nix Daemon";
+
+        path = [ nix pkgs.openssl pkgs.utillinux ]
+          ++ optionals cfg.distributedBuilds [ pkgs.openssh pkgs.gzip ];
+
+        environment = cfg.envVars // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; };
+
+        serviceConfig =
+          { ExecStart = "@${nix}/bin/nix-daemon nix-daemon --daemon";
+            KillMode = "process";
+            Nice = cfg.daemonNiceLevel;
+            IOSchedulingPriority = cfg.daemonIONiceLevel;
+            LimitNOFILE = 4096;
+          };
+
+        restartTriggers = [ nixConf ];
+      };
+
+    nix.envVars =
+      { NIX_CONF_DIR = "/etc/nix";
+
+        # Enable the copy-from-other-stores substituter, which allows
+        # builds to be sped up by copying build results from remote
+        # Nix stores.  To do this, mount the remote file system on a
+        # subdirectory of /run/nix/remote-stores.
+        NIX_OTHER_STORES = "/run/nix/remote-stores/*/nix";
+      }
+
+      // optionalAttrs cfg.distributedBuilds {
+        NIX_BUILD_HOOK = "${nix}/libexec/nix/build-remote.pl";
+        NIX_REMOTE_SYSTEMS = "/etc/nix/machines";
+        NIX_CURRENT_LOAD = "/run/nix/current-load";
+      }
+
+      # !!! These should not be defined here, but in some general proxy configuration module!
+      // optionalAttrs (cfg.proxy != "") {
+        http_proxy = cfg.proxy;
+        https_proxy = cfg.proxy;
+        ftp_proxy = cfg.proxy;
+      };
+
+    # Set up the environment variables for running Nix.
+    environment.variables = cfg.envVars;
+
+    environment.extraInit =
+      ''
+        # Set up secure multi-user builds: non-root users build through the
+        # Nix daemon.
+        if test "$USER" != root; then
+            export NIX_REMOTE=daemon
+        else
+            export NIX_REMOTE=
+        fi
+      '';
+
+    users.extraUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
+
+    system.activationScripts.nix = stringAfter [ "etc" "users" ]
+      ''
+        # Nix initialisation.
+        mkdir -m 0755 -p \
+          /nix/var/nix/gcroots \
+          /nix/var/nix/temproots \
+          /nix/var/nix/manifests \
+          /nix/var/nix/userpool \
+          /nix/var/nix/profiles \
+          /nix/var/nix/db \
+          /nix/var/log/nix/drvs \
+          /nix/var/nix/channel-cache \
+          /nix/var/nix/chroots
+        mkdir -m 1777 -p \
+          /nix/var/nix/gcroots/per-user \
+          /nix/var/nix/profiles/per-user \
+          /nix/var/nix/gcroots/tmp
+
+        ln -sf /nix/var/nix/profiles /nix/var/nix/gcroots/
+        ln -sf /nix/var/nix/manifests /nix/var/nix/gcroots/
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/nix-gc.nix b/nixos/modules/services/misc/nix-gc.nix
new file mode 100644
index 000000000000..fa20e0956f59
--- /dev/null
+++ b/nixos/modules/services/misc/nix-gc.nix
@@ -0,0 +1,61 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.nix.gc;
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    nix.gc = {
+
+      automatic = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Automatically run the garbage collector at a specific time.";
+      };
+
+      dates = mkOption {
+        default = "03:15";
+        type = types.str;
+        description = ''
+          Specification (in the format described by
+          <citerefentry><refentrytitle>systemd.time</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>) of the time at
+          which the garbage collector will run.
+        '';
+      };
+
+      options = mkOption {
+        default = "";
+        example = "--max-freed $((64 * 1024**3))";
+        type = types.str;
+        description = ''
+          Options given to <filename>nix-collect-garbage</filename> when the
+          garbage collector is run automatically.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    systemd.services.nix-gc =
+      { description = "Nix Garbage Collector";
+        script = "exec ${config.nix.package}/bin/nix-collect-garbage ${cfg.options}";
+        startAt = optionalString cfg.automatic cfg.dates;
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix
new file mode 100644
index 000000000000..885b8fa2d0ca
--- /dev/null
+++ b/nixos/modules/services/misc/nixos-manual.nix
@@ -0,0 +1,119 @@
+# This module includes the NixOS man-pages in the system environment,
+# and optionally starts a browser that shows the NixOS manual on one
+# of the virtual consoles.  The latter is useful for the installation
+# CD.
+
+{ config, pkgs, baseModules, ... } @ extraArgs:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.nixosManual;
+
+  versionModule =
+    { system.nixosVersionSuffix = config.system.nixosVersionSuffix;
+      system.nixosRevision = config.system.nixosRevision;
+    };
+
+  eval = evalModules {
+    modules = [ versionModule ] ++ baseModules;
+    args = (removeAttrs extraArgs ["config" "options"]) // { modules = [ ]; };
+  };
+
+  manual = import ../../../doc/manual {
+    inherit pkgs;
+    revision = config.system.nixosRevision;
+    options = eval.options;
+  };
+
+  entry = "${manual.manual}/share/doc/nixos/manual.html";
+
+  help = pkgs.writeScriptBin "nixos-help"
+    ''
+      #! ${pkgs.stdenv.shell} -e
+      browser="$BROWSER"
+      if [ -z "$browser" ]; then
+        browser="$(type -P xdg-open || true)"
+        if [ -z "$browser" ]; then
+          browser="$(type -P w3m || true)"
+          if [ -z "$browser" ]; then
+            echo "$0: unable to start a web browser; please set \$BROWSER"
+            exit 1
+          fi
+        fi
+      fi
+      exec "$browser" ${entry}
+    '';
+
+in
+
+{
+
+  options = {
+
+    services.nixosManual.enable = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to build the NixOS manual pages.
+      '';
+    };
+
+    services.nixosManual.showManual = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to show the NixOS manual on one of the virtual
+        consoles.
+      '';
+    };
+
+    services.nixosManual.ttyNumber = mkOption {
+      default = "8";
+      description = ''
+        Virtual console on which to show the manual.
+      '';
+    };
+
+    services.nixosManual.browser = mkOption {
+      type = types.path;
+      default = "${pkgs.w3m}/bin/w3m";
+      description = ''
+        Browser used to show the manual.
+      '';
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    system.build.manual = manual;
+
+    environment.systemPackages = [ manual.manpages help ];
+
+    boot.extraTTYs = mkIf cfg.showManual ["tty${cfg.ttyNumber}"];
+
+    systemd.services = optionalAttrs cfg.showManual
+      { "nixos-manual" =
+        { description = "NixOS Manual";
+          wantedBy = [ "multi-user.target" ];
+          serviceConfig =
+            { ExecStart = "${cfg.browser} ${entry}";
+              StandardInput = "tty";
+              StandardOutput = "tty";
+              TTYPath = "/dev/tty${cfg.ttyNumber}";
+              TTYReset = true;
+              TTYVTDisallocate = true;
+              Restart = "always";
+            };
+        };
+      };
+
+    services.mingetty.helpLine = mkIf cfg.showManual
+      "\nPress <Alt-F${toString cfg.ttyNumber}> for the NixOS manual.";
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/rogue.nix b/nixos/modules/services/misc/rogue.nix
new file mode 100644
index 000000000000..de25cc0fb982
--- /dev/null
+++ b/nixos/modules/services/misc/rogue.nix
@@ -0,0 +1,61 @@
+# Execute the game `rogue' on tty 9.  Mostly used by the NixOS
+# installation CD.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.rogue;
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.rogue.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable the Rogue game on one of the virtual
+        consoles.
+      '';
+    };
+
+    services.rogue.tty = mkOption {
+      type = types.str;
+      default = "tty9";
+      description = ''
+        Virtual console on which to run Rogue.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    boot.extraTTYs = [ cfg.tty ];
+
+    systemd.services.rogue =
+      { description = "Rogue dungeon crawling game";
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig =
+          { ExecStart = "${pkgs.rogue}/bin/rogue";
+            StandardInput = "tty";
+            StandardOutput = "tty";
+            TTYPath = "/dev/${cfg.tty}";
+            TTYReset = true;
+            TTYVTDisallocate = true;
+            Restart = "always";
+          };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/misc/svnserve.nix b/nixos/modules/services/misc/svnserve.nix
new file mode 100644
index 000000000000..b0806d14738b
--- /dev/null
+++ b/nixos/modules/services/misc/svnserve.nix
@@ -0,0 +1,46 @@
+# SVN server
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.svnserve;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.svnserve = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable svnserve to serve Subversion repositories through the SVN protocol.";
+      };
+
+      svnBaseDir = mkOption {
+        default = "/repos";
+	description = "Base directory from which Subversion repositories are accessed.";
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    jobs.svnserve = {
+      startOn = "started network-interfaces";
+      stopOn = "stopping network-interfaces";
+
+      preStart = "mkdir -p ${cfg.svnBaseDir}";
+
+      exec = "${pkgs.subversion}/bin/svnserve -r ${cfg.svnBaseDir} -d --foreground --pid-file=/var/run/svnserve.pid";
+    };
+  };
+}
diff --git a/nixos/modules/services/misc/synergy.nix b/nixos/modules/services/misc/synergy.nix
new file mode 100644
index 000000000000..63e7c7667e57
--- /dev/null
+++ b/nixos/modules/services/misc/synergy.nix
@@ -0,0 +1,129 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfgC = config.services.synergy.client;
+  cfgS = config.services.synergy.server;
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.synergy = {
+
+      # !!! All these option descriptions needs to be cleaned up.
+
+      client = {
+        enable = mkOption {
+          default = false;
+          description = "
+            Whether to enable the Synergy client (receive keyboard and mouse events from a Synergy server).
+          ";
+        };
+        screenName = mkOption {
+          default = "";
+          description = ''
+            Use the given name instead of the hostname to identify
+            ourselves to the server.
+          '';
+        };
+        serverAddress = mkOption {
+          description = ''
+            The server address is of the form: [hostname][:port].  The
+            hostname must be the address or hostname of the server.  The
+            port overrides the default port, 24800.
+          '';
+        };
+        autoStart = mkOption {
+          default = true;
+          type = types.bool;
+          description = "Whether the Synergy client should be started automatically.";
+        };
+      };
+
+      server = {
+        enable = mkOption {
+          default = false;
+          description = ''
+            Whether to enable the Synergy server (send keyboard and mouse events).
+          '';
+        };
+        configFile = mkOption {
+          default = "/etc/synergy-server.conf";
+          description = "The Synergy server configuration file.";
+        };
+        screenName = mkOption {
+          default = "";
+          description = ''
+            Use the given name instead of the hostname to identify
+            this screen in the configuration.
+          '';
+        };
+        address = mkOption {
+          default = "";
+          description = "Address on which to listen for clients.";
+        };
+        autoStart = mkOption {
+          default = true;
+          type = types.bool;
+          description = "Whether the Synergy server should be started automatically.";
+        };
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    systemd.services."synergy-client" = mkIf cfgC.enable {
+      after = [ "network.target" ];
+      description = "Synergy client";
+      wantedBy = optional cfgC.autoStart "multi-user.target";
+      path = [ pkgs.synergy ];
+      serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergyc -f ${optionalString (cfgC.screenName != "") "-n ${cfgC.screenName}"} ${cfgC.serverAddress}'';
+    };
+
+    systemd.services."synergy-server" = mkIf cfgS.enable {
+      after = [ "network.target" ];
+      description = "Synergy server";
+      wantedBy = optional cfgS.autoStart "multi-user.target";
+      path = [ pkgs.synergy ];
+      serviceConfig.ExecStart = ''${pkgs.synergy}/bin/synergys -c ${cfgS.configFile} -f ${optionalString (cfgS.address != "") "-a ${cfgS.address}"} ${optionalString (cfgS.screenName != "") "-n ${cfgS.screenName}" }'';
+    };
+
+  };
+
+}
+
+/* SYNERGY SERVER example configuration file
+section: screens
+  laptop:
+  dm:
+  win:
+end
+section: aliases
+    laptop:
+      192.168.5.5
+    dm:
+      192.168.5.78
+    win:
+      192.168.5.54
+end
+section: links
+   laptop:
+       left = dm
+   dm:
+       right = laptop
+       left = win
+  win:
+      right = dm
+end
+*/
diff --git a/nixos/modules/services/monitoring/apcupsd.nix b/nixos/modules/services/monitoring/apcupsd.nix
new file mode 100644
index 000000000000..114bad5c947e
--- /dev/null
+++ b/nixos/modules/services/monitoring/apcupsd.nix
@@ -0,0 +1,190 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.apcupsd;
+
+  configFile = pkgs.writeText "apcupsd.conf" ''
+    ## apcupsd.conf v1.1 ##
+    # apcupsd complains if the first line is not like above.
+    ${cfg.configText}
+    SCRIPTDIR ${toString scriptDir}
+  '';
+
+  # List of events from "man apccontrol"
+  eventList = [
+    "annoyme"
+    "battattach"
+    "battdetach"
+    "changeme"
+    "commfailure"
+    "commok"
+    "doreboot"
+    "doshutdown"
+    "emergency"
+    "failing"
+    "killpower"
+    "loadlimit"
+    "mainsback"
+    "onbattery"
+    "offbattery"
+    "powerout"
+    "remotedown"
+    "runlimit"
+    "timeout"
+    "startselftest"
+    "endselftest"
+  ];
+
+  shellCmdsForEventScript = eventname: commands: ''
+    echo "#!${pkgs.stdenv.shell}" > "$out/${eventname}"
+    echo "${commands}" >> "$out/${eventname}"
+    chmod a+x "$out/${eventname}"
+  '';
+
+  eventToShellCmds = event: if builtins.hasAttr event cfg.hooks then (shellCmdsForEventScript event (builtins.getAttr event cfg.hooks)) else "";
+
+  scriptDir = pkgs.runCommand "apcupsd-scriptdir" {} (''
+    mkdir "$out"
+    # Copy SCRIPTDIR from apcupsd package
+    cp -r ${pkgs.apcupsd}/etc/apcupsd/* "$out"/
+    # Make the files writeable (nix will unset the write bits afterwards)
+    chmod u+w "$out"/*
+    # Remove the sample event notification scripts, because they don't work
+    # anyways (they try to send mail to "root" with the "mail" command)
+    (cd "$out" && rm changeme commok commfailure onbattery offbattery)
+    # Remove the sample apcupsd.conf file (we're generating our own)
+    rm "$out/apcupsd.conf"
+    # Set the SCRIPTDIR= line in apccontrol to the dir we're creating now
+    sed -i -e "s|^SCRIPTDIR=.*|SCRIPTDIR=$out|" "$out/apccontrol"
+    '' + concatStringsSep "\n" (map eventToShellCmds eventList)
+
+  );
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.apcupsd = {
+
+      enable = mkOption {
+        default = false;
+        type = types.uniq types.bool;
+        description = ''
+          Whether to enable the APC UPS daemon. apcupsd monitors your UPS and
+          permits orderly shutdown of your computer in the event of a power
+          failure. User manual: http://www.apcupsd.com/manual/manual.html.
+          Note that apcupsd runs as root (to allow shutdown of computer).
+          You can check the status of your UPS with the "apcaccess" command.
+        '';
+      };
+
+      configText = mkOption {
+        default = ''
+          UPSTYPE usb
+          NISIP 127.0.0.1
+          BATTERYLEVEL 50
+          MINUTES 5
+        '';
+        type = types.string;
+        description = ''
+          Contents of the runtime configuration file, apcupsd.conf. The default
+          settings makes apcupsd autodetect USB UPSes, limit network access to
+          localhost and shutdown the system when the battery level is below 50
+          percent, or when the UPS has calculated that it has 5 minutes or less
+          of remaining power-on time. See man apcupsd.conf for details.
+        '';
+      };
+
+      hooks = mkOption {
+        default = {};
+        example = {
+          doshutdown = ''# shell commands to notify that the computer is shutting down'';
+        };
+        type = types.attrsOf types.string;
+        description = ''
+          Each attribute in this option names an apcupsd event and the string
+          value it contains will be executed in a shell, in response to that
+          event (prior to the default action). See "man apccontrol" for the
+          list of events and what they represent.
+
+          A hook script can stop apccontrol from doing its default action by
+          exiting with value 99. Do not do this unless you know what you're
+          doing.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions = [ {
+      assertion = let hooknames = builtins.attrNames cfg.hooks; in all (x: elem x eventList) hooknames;
+      message = ''
+        One (or more) attribute names in services.apcupsd.hooks are invalid.
+        Current attribute names: ${toString (builtins.attrNames cfg.hooks)}
+        Valid attribute names  : ${toString eventList}
+      '';
+    } ];
+
+    # Give users access to the "apcaccess" tool
+    environment.systemPackages = [ pkgs.apcupsd ];
+
+    # NOTE 1: apcupsd runs as root because it needs permission to run
+    # "shutdown"
+    #
+    # NOTE 2: When apcupsd calls "wall", it prints an error because stdout is
+    # not connected to a tty (it is connected to the journal):
+    #   wall: cannot get tty name: Inappropriate ioctl for device
+    # The message still gets through.
+    systemd.services.apcupsd = {
+      description = "APC UPS daemon";
+      wantedBy = [ "multi-user.target" ];
+      preStart = "mkdir -p /run/apcupsd/";
+      serviceConfig = {
+        ExecStart = "${pkgs.apcupsd}/bin/apcupsd -b -f ${configFile} -d1";
+        # TODO: When apcupsd has initiated a shutdown, systemd always ends up
+        # waiting for it to stop ("A stop job is running for UPS daemon"). This
+        # is weird, because in the journal one can clearly see that apcupsd has
+        # received the SIGTERM signal and has already quit (or so it seems).
+        # This reduces the wait time from 90 seconds (default) to just 5. Then
+        # systemd kills it with SIGKILL.
+        TimeoutStopSec = 5;
+      };
+    };
+
+    # A special service to tell the UPS to power down/hibernate just before the
+    # computer shuts down. (The UPS has a built in delay before it actually
+    # shuts off power.) Copied from here:
+    # http://forums.opensuse.org/english/get-technical-help-here/applications/479499-apcupsd-systemd-killpower-issues.html
+    systemd.services.apcupsd-killpower = {
+      after = [ "shutdown.target" ]; # append umount.target?
+      before = [ "final.target" ];
+      wantedBy = [ "shutdown.target" ];
+      unitConfig = {
+        Description = "APC UPS killpower";
+        ConditionPathExists = "/run/apcupsd/powerfail";
+        DefaultDependencies = "no";
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "${pkgs.apcupsd}/bin/apcupsd --killpower -f ${configFile}";
+        TimeoutSec = 0;
+        StandardOutput = "tty";
+        RemainAfterExit = "yes";
+      };
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/monitoring/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent.nix
new file mode 100644
index 000000000000..f99114ac9ad7
--- /dev/null
+++ b/nixos/modules/services/monitoring/dd-agent.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.dd-agent;
+
+  datadog_conf = pkgs.runCommand "datadog.conf" {} ''
+    sed -e 's|^api_key:|api_key: ${cfg.api_key}|' ${optionalString (cfg.hostname != null)
+      "-e 's|^#hostname: mymachine.mydomain|hostname: ${cfg.hostname}|'"
+    } ${pkgs.dd-agent}/etc/dd-agent/datadog.conf.example > $out
+  '';
+in {
+  options.services.dd-agent = {
+    enable = mkOption {
+      description = "Whether to enable the dd-agent montioring service";
+
+      default = false;
+
+      type = types.bool;
+    };
+
+    # !!! This gets stored in the store (world-readable), wish we had https://github.com/NixOS/nix/issues/8
+    api_key = mkOption {
+      description = "The Datadog API key to associate the agent with your account";
+
+      example = "ae0aa6a8f08efa988ba0a17578f009ab";
+
+      type = types.str;
+    };
+
+    hostname = mkOption {
+      description = "The hostname to show in the Datadog dashboard (optional)";
+
+      default = null;
+
+      example = "mymachine.mydomain";
+
+      type = types.uniq (types.nullOr types.string);
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.etc = [ { source = datadog_conf; target = "dd-agent/datadog.conf"; } ];
+    environment.systemPackages = [ pkgs."dd-agent" pkgs.sysstat pkgs.procps ];
+
+    users.extraUsers."dd-agent" = {
+      description = "Datadog Agent User";
+      uid = config.ids.uids.dd-agent;
+      group = "dd-agent";
+      home = "/var/log/datadog/";
+      createHome = true;
+    };
+
+    users.extraGroups.dd-agent.gid = config.ids.gids.dd-agent;
+
+    systemd.services.dd-agent = {
+      description = "Datadog agent monitor";
+      path = [ pkgs."dd-agent" pkgs.python pkgs.sysstat pkgs.procps];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.dd-agent}/bin/dd-agent foreground";
+        User = "dd-agent";
+        Group = "dd-agent";
+      };
+      restartTriggers = [ pkgs.dd-agent datadog_conf ];
+    };
+
+    systemd.services.dogstatsd = {
+      description = "Datadog statsd";
+      path = [ pkgs."dd-agent" pkgs.python ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.dd-agent}/bin/dogstatsd start";
+        User = "dd-agent";
+        Group = "dd-agent";
+        Type = "forking";
+        PIDFile = "/tmp/dogstatsd.pid";
+      };
+      restartTriggers = [ pkgs.dd-agent datadog_conf ];
+    };
+  };
+}
diff --git a/nixos/modules/services/monitoring/graphite.nix b/nixos/modules/services/monitoring/graphite.nix
new file mode 100644
index 000000000000..08e6ef662cc3
--- /dev/null
+++ b/nixos/modules/services/monitoring/graphite.nix
@@ -0,0 +1,265 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.graphite;
+  writeTextOrNull = f: t: if t == null then null else pkgs.writeText f t;
+
+  dataDir = "/var/db/graphite";
+  carbonOpts = name: with config.ids; ''
+    --nodaemon --syslog --prefix=${name} --pidfile /var/run/${name}.pid \
+    --uid ${toString uids.graphite} --gid ${toString uids.graphite} ${name}
+  '';
+  carbonEnv = {
+    PYTHONPATH = "${pkgs.python27Packages.carbon}/lib/python2.7/site-packages";
+    GRAPHITE_ROOT = dataDir;
+    GRAPHITE_CONF_DIR = "/etc/graphite/";
+  };
+
+in {
+
+  ###### interface
+
+  options.services.graphite = {
+    web = {
+      enable = mkOption {
+        description = "Whether to enable graphite web frontend";
+        default = false;
+        type = types.uniq types.bool;
+      };
+
+      host = mkOption {
+        description = "Graphite web frontend listen address";
+        default = "127.0.0.1";
+        type = types.str;
+      };
+
+      port = mkOption {
+        description = "Graphite web frontend port";
+        default = "8080";
+        type = types.str;
+      };
+    };
+
+    carbon = {
+      config = mkOption {
+        description = "Content of carbon configuration file";
+        default = ''
+          [cache]
+          # Listen on localhost by default for security reasons
+          UDP_RECEIVER_INTERFACE = 127.0.0.1
+          PICKLE_RECEIVER_INTERFACE = 127.0.0.1
+          LINE_RECEIVER_INTERFACE = 127.0.0.1
+          CACHE_QUERY_INTERFACE = 127.0.0.1
+          # Do not log every update
+          LOG_UPDATES = False
+          LOG_CACHE_HITS = False
+        '';
+        type = types.str;
+      };
+
+      enableCache = mkOption {
+        description = "Whether to enable carbon cache, the graphite storage daemon";
+        default = false;
+        type = types.uniq types.bool;
+      };
+
+      storageAggregation = mkOption {
+        description = "Defines how to aggregate data to lower-precision retentions";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = ''
+          [all_min]
+          pattern = \.min$
+          xFilesFactor = 0.1
+          aggregationMethod = min
+        '';
+      };
+
+      storageSchemas = mkOption {
+        description = "Defines retention rates for storing metrics";
+        default = "";
+        type = types.uniq (types.nullOr types.string);
+        example = ''
+          [apache_busyWorkers]
+          pattern = ^servers\.www.*\.workers\.busyWorkers$
+          retentions = 15s:7d,1m:21d,15m:5y
+        '';
+      };
+
+      blacklist = mkOption {
+        description = "Any metrics received which match one of the experssions will be dropped";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = "^some\.noisy\.metric\.prefix\..*";
+      };
+
+      whitelist = mkOption {
+        description = "Only metrics received which match one of the experssions will be persisted";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = ".*";
+      };
+
+      rewriteRules = mkOption {
+        description = "Regular expression patterns that can be used to rewrite metric names in a search and replace fashion";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = ''
+          [post]
+          _sum$ =
+          _avg$ =
+        '';
+      };
+
+      enableRelay = mkOption {
+        description = "Whether to enable carbon relay, the carbon replication and sharding service";
+        default = false;
+        type = types.uniq types.bool;
+      };
+
+      relayRules = mkOption {
+        description = "Relay rules are used to send certain metrics to a certain backend.";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = ''
+          [example]
+          pattern = ^mydata\.foo\..+
+          servers = 10.1.2.3, 10.1.2.4:2004, myserver.mydomain.com
+        '';
+      };
+
+      enableAggregator = mkOption {
+        description = "Whether to enable carbon agregator, the carbon buffering service";
+        default = false;
+        type = types.uniq types.bool;
+      };
+
+      aggregationRules = mkOption {
+        description = "Defines if and how received metrics will be agregated";
+        default = null;
+        type = types.uniq (types.nullOr types.string);
+        example = ''
+          <env>.applications.<app>.all.requests (60) = sum <env>.applications.<app>.*.requests
+          <env>.applications.<app>.all.latency (60) = avg <env>.applications.<app>.*.latency
+        '';
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf (cfg.carbon.enableAggregator || cfg.carbon.enableCache || cfg.carbon.enableRelay || cfg.web.enable) {
+    environment.etc = lists.filter (el: el.source != null) [
+      { source = writeTextOrNull "carbon.conf" cfg.carbon.config;
+        target = "graphite/carbon.conf"; }
+      { source = writeTextOrNull "storage-agregation.conf" cfg.carbon.storageAggregation;
+        target = "graphite/storage-agregation.conf"; }
+      { source = writeTextOrNull "storage-schemas.conf" cfg.carbon.storageSchemas;
+        target = "graphite/storage-schemas.conf"; }
+      { source = writeTextOrNull "blacklist.conf" cfg.carbon.blacklist;
+        target = "graphite/blacklist.conf"; }
+      { source = writeTextOrNull "whitelist.conf" cfg.carbon.whitelist;
+        target = "graphite/whitelist.conf"; }
+      { source = writeTextOrNull "rewrite-rules.conf" cfg.carbon.rewriteRules;
+        target = "graphite/rewrite-rules.conf"; }
+      { source = writeTextOrNull "relay-rules.conf" cfg.carbon.relayRules;
+        target = "graphite/relay-rules.conf"; }
+      { source = writeTextOrNull "aggregation-rules.conf" cfg.carbon.aggregationRules;
+        target = "graphite/aggregation-rules.conf"; }
+    ];
+
+    systemd.services.carbonCache = mkIf cfg.carbon.enableCache {
+      description = "Graphite data storage backend";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" ];
+      environment = carbonEnv;
+      serviceConfig.ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-cache"}";
+      restartTriggers = [
+        pkgs.pythonPackages.carbon
+        cfg.carbon.config
+        cfg.carbon.storageAggregation
+        cfg.carbon.storageSchemas
+        cfg.carbon.rewriteRules
+      ];
+      preStart = ''
+        mkdir -p ${dataDir}/whisper
+      '';
+    };
+
+    systemd.services.carbonAggregator = mkIf cfg.carbon.enableAggregator {
+      description = "Carbon data aggregator";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" ];
+      environment = carbonEnv;
+      serviceConfig.ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-aggregator"}";
+      restartTriggers = [
+        pkgs.pythonPackages.carbon cfg.carbon.config cfg.carbon.aggregationRules
+      ];
+    };
+
+    systemd.services.carbonRelay = mkIf cfg.carbon.enableRelay {
+      description = "Carbon data relay";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" ];
+      environment = carbonEnv;
+      serviceConfig.ExecStart = "${pkgs.twisted}/bin/twistd ${carbonOpts "carbon-relay"}";
+      restartTriggers = [
+        pkgs.pythonPackages.carbon cfg.carbon.config cfg.carbon.relayRules
+      ];
+    };
+
+    systemd.services.graphiteWeb = mkIf cfg.web.enable {
+      description = "Graphite web interface";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" ];
+      environment = {
+        PYTHONPATH = "${pkgs.python27Packages.graphite_web}/lib/python2.7/site-packages";
+        DJANGO_SETTINGS_MODULE = "graphite.settings";
+        GRAPHITE_CONF_DIR = "/etc/graphite/";
+        GRAPHITE_STORAGE_DIR = dataDir;
+      };
+      serviceConfig = {
+        ExecStart = ''
+          ${pkgs.python27Packages.waitress}/bin/waitress-serve \
+          --host=${cfg.web.host} --port=${cfg.web.port} \
+          --call django.core.handlers.wsgi:WSGIHandler'';
+        User = "graphite";
+        Group = "graphite";
+      };
+      preStart = ''
+        if ! test -e ${dataDir}/db-created; then
+          mkdir -p ${dataDir}/{whisper/,log/webapp/}
+
+          # populate database
+          ${pkgs.python27Packages.graphite_web}/bin/manage-graphite.py syncdb --noinput
+
+          # create index
+          ${pkgs.python27Packages.graphite_web}/bin/build-index.sh
+
+          touch ${dataDir}/db-created
+        fi
+      '';
+      restartTriggers = [
+        pkgs.python27Packages.graphite_web
+        pkgs.python27Packages.waitress
+      ];
+    };
+
+    environment.systemPackages = [
+      pkgs.pythonPackages.carbon
+      pkgs.python27Packages.graphite_web
+      pkgs.python27Packages.waitress
+    ];
+
+    users.extraUsers = singleton {
+      name = "graphite";
+      uid = config.ids.uids.graphite;
+      description = "Graphite daemon user";
+      home = dataDir;
+      createHome = true;
+    };
+    users.extraGroups.graphite.gid = config.ids.gids.graphite;
+  };
+}
diff --git a/nixos/modules/services/monitoring/monit.nix b/nixos/modules/services/monitoring/monit.nix
new file mode 100644
index 000000000000..2acc51c64a6a
--- /dev/null
+++ b/nixos/modules/services/monitoring/monit.nix
@@ -0,0 +1,52 @@
+# Monit system watcher
+# http://mmonit.org/monit/
+
+{config, pkgs, ...}:
+
+let inherit (pkgs.lib) mkOption mkIf;
+in
+
+{
+  options = {
+    services.monit = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run Monit system watcher.
+        '';
+      };
+      config = mkOption {
+        default = "";
+        description = "monit.conf content";
+      };
+      startOn = mkOption {
+        default = "started network-interfaces";
+        description = "What Monit supposes to be already present";
+      };
+    };
+  };
+
+  config = mkIf config.services.monit.enable {
+
+    environment.etc = [
+      {
+        source = pkgs.writeTextFile {
+          name = "monit.conf";
+          text = config.services.monit.config;
+        };
+        target = "monit.conf";
+        mode = "0400";
+      }
+    ];
+
+    jobs.monit = {
+      description = "Monit system watcher";
+
+      startOn = config.services.monit.startOn;
+
+      exec = "${pkgs.monit}/bin/monit -I -c /etc/monit.conf";
+
+      respawn = true;
+    };
+  };
+}
diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix
new file mode 100644
index 000000000000..42d5f61af308
--- /dev/null
+++ b/nixos/modules/services/monitoring/munin.nix
@@ -0,0 +1,215 @@
+{ config, pkgs, ... }:
+
+# TODO: support munin-async
+# TODO: LWP/Pg perl libs aren't recognized
+
+# TODO: support fastcgi
+# http://munin-monitoring.org/wiki/CgiHowto2
+# spawn-fcgi -s /var/run/munin/fastcgi-graph.sock -U www-data   -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph
+# spawn-fcgi -s /var/run/munin/fastcgi-html.sock  -U www-data   -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html
+# https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum
+# nginx http://munin.readthedocs.org/en/latest/example/webserver/nginx.html
+
+
+with pkgs.lib;
+
+let
+  nodeCfg = config.services.munin-node;
+  cronCfg = config.services.munin-cron;
+
+  muninPlugins = pkgs.stdenv.mkDerivation {
+    name = "munin-available-plugins";
+    buildCommand = ''
+      mkdir -p $out
+
+      cp --preserve=mode ${pkgs.munin}/lib/plugins/* $out/
+
+      for file in $out/*; do
+        case "$file" in
+            plugin.sh) continue;;
+        esac
+
+        # read magic makers from the file
+        family=$(sed -nr 's/.*#%#\s+family\s*=\s*(\S+)\s*/\1/p' $file)
+        cap=$(sed -nr 's/.*#%#\s+capabilities\s*=\s*(.+)/\1/p' $file)
+
+        wrapProgram $file \
+          --set PATH "/run/current-system/sw/bin:/run/current-system/sw/sbin" \
+          --set MUNIN_LIBDIR "${pkgs.munin}/lib" \
+          --set MUNIN_PLUGSTATE "/var/run/munin"
+ 
+        # munin uses markers to tell munin-node-configure what a plugin can do
+        echo "#%# family=$family" >> $file
+        echo "#%# capabilities=$cap" >> $file
+      done
+
+      # NOTE: we disable disktstats because plugin seems to fail and it hangs html generation (100% CPU + memory leak)
+      rm -f $out/diskstats
+    '';
+    buildInputs = [ pkgs.makeWrapper ];
+  };
+
+  muninConf = pkgs.writeText "munin.conf"
+    ''
+      dbdir     /var/lib/munin
+      htmldir   /var/www/munin
+      logdir    /var/log/munin
+      rundir    /var/run/munin
+
+      ${cronCfg.extraGlobalConfig}
+      
+      ${cronCfg.hosts}
+    '';
+
+  nodeConf = pkgs.writeText "munin-node.conf"
+    ''
+      log_level 3
+      log_file Sys::Syslog
+      port 4949
+      host *
+      background 0
+      user root
+      group root
+      host_name ${config.networking.hostName}
+      setsid 0
+  
+      # wrapped plugins by makeWrapper being with dots
+      ignore_file ^\.
+      
+      allow ^127\.0\.0\.1$
+
+      ${nodeCfg.extraConfig}
+    '';
+in
+
+{
+
+  options = {
+
+    services.munin-node = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable Munin Node agent. Munin node listens on 0.0.0.0 and
+          by default accepts connections only from 127.0.0.1 for security reasons.
+
+          See <link xlink:href='http://munin-monitoring.org/wiki/munin-node.conf' />.
+        '';
+      };
+      
+      extraConfig = mkOption {
+        default = "";
+        description = ''
+          <filename>munin-node.conf</filename> extra configuration. See
+          <link xlink:href='http://munin-monitoring.org/wiki/munin-node.conf' />
+        '';
+      };
+
+      # TODO: add option to add additional plugins
+
+    };
+
+    services.munin-cron = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable munin-cron. Takes care of all heavy lifting to collect data from
+          nodes and draws graphs to html. Runs munin-update, munin-limits,
+          munin-graphs and munin-html in that order.
+ 
+          HTML output is in <filename>/var/www/munin/</filename>, configure your
+          favourite webserver to serve static files.
+        '';
+        example = literalExample ''
+          services = {
+             munin-node.enable = true;
+             munin-cron = {
+               enable = true;
+               hosts = '''
+                 [''${config.networking.hostName}]
+                 address localhost
+               ''';
+               extraGlobalConfig = '''
+                 contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
+               ''';
+             };
+          };
+        '';
+      };
+      
+      extraGlobalConfig = mkOption {
+        default = "";
+        description = ''
+          <filename>munin.conf</filename> extra global configuration.
+          See <link xlink:href='http://munin-monitoring.org/wiki/munin.conf' />.
+          Useful to setup notifications, see
+          <link xlink:href='http://munin-monitoring.org/wiki/HowToContact' />
+        '';
+      };
+
+      hosts = mkOption {
+        example = ''
+          [''${config.networking.hostName}]
+          address localhost
+        '';
+        description = ''
+          Definitions of hosts of nodes to collect data from. Needs at least one
+          hosts for cron to succeed. See
+          <link xlink:href='http://munin-monitoring.org/wiki/munin.conf' />
+        '';
+      };
+ 
+    };
+
+  };
+
+  config = mkMerge [ (mkIf (nodeCfg.enable || cronCfg.enable)  {
+
+    environment.systemPackages = [ pkgs.munin ];
+
+    users.extraUsers = [{
+      name = "munin";
+      description = "Munin monitoring user";
+      group = "munin";
+    }];
+
+    users.extraGroups = [{
+      name = "munin";
+    }];
+
+  }) (mkIf nodeCfg.enable {
+
+    systemd.services.munin-node = {
+      description = "Munin node, the agent process";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.munin ];
+      environment.MUNIN_PLUGSTATE = "/var/run/munin";
+      serviceConfig = {
+        ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
+      };
+    };
+
+    system.activationScripts.munin-node = ''
+      echo "updating munin plugins..."
+
+      mkdir -p /etc/munin/plugins
+      rm -rf /etc/munin/plugins/*
+      PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
+    '';
+
+  }) (mkIf cronCfg.enable {
+
+    services.cron.systemCronJobs = [
+      "*/5 * * * * munin ${pkgs.munin}/bin/munin-cron --config ${muninConf}"
+    ];
+
+    system.activationScripts.munin-cron = stringAfter [ "users" "groups" ] ''
+      mkdir -p /var/{run,log,www,lib}/munin
+      chown -R munin:munin /var/{run,log,www,lib}/munin
+    '';
+
+  })];
+}
diff --git a/nixos/modules/services/monitoring/nagios/commands.cfg b/nixos/modules/services/monitoring/nagios/commands.cfg
new file mode 100644
index 000000000000..6efdefcd37dc
--- /dev/null
+++ b/nixos/modules/services/monitoring/nagios/commands.cfg
@@ -0,0 +1,34 @@
+define command {
+    command_name host-notify-by-email
+    command_line printf "%b" "To: $CONTACTEMAIL$\nSubject: [Nagios] Host $HOSTSTATE$ alert for $HOSTNAME$\n\n***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nHost: $HOSTNAME$\nState: $HOSTSTATE$\nAddress: $HOSTADDRESS$\nInfo: $HOSTOUTPUT$\n\nDate/Time: $LONGDATETIME$\n" | sendmail $CONTACTEMAIL$
+}
+
+
+define command {
+    command_name notify-by-email
+    command_line printf "%b" "To: $CONTACTEMAIL$\nSubject: [Nagios] $NOTIFICATIONTYPE$ alert - $HOSTALIAS$/$SERVICEDESC$ is $SERVICESTATE$\n\n***** Nagios *****\n\nNotification Type: $NOTIFICATIONTYPE$\nService: $SERVICEDESC$\nHost: $HOSTALIAS$\nAddress: $HOSTADDRESS$\nState: $SERVICESTATE$\n\nDate/Time: $LONGDATETIME$\n\nAdditional Info:\n\n$SERVICEOUTPUT$" | sendmail $CONTACTEMAIL$
+}
+
+
+define command {
+    command_name dummy-ok
+    command_line true
+}
+
+
+define command {
+    command_name check-host-alive
+    command_line check_ping -H $HOSTADDRESS$ -w 3000.0,80% -c 5000.0,100% -p 1
+}
+
+
+define command {
+    command_name check_local_disk
+    command_line check_disk -w $ARG1$ -c $ARG2$ -p $ARG3$
+}
+
+
+define command {
+    command_name check_ssh
+    command_line check_ssh $HOSTADDRESS$
+}
diff --git a/nixos/modules/services/monitoring/nagios/default.nix b/nixos/modules/services/monitoring/nagios/default.nix
new file mode 100644
index 000000000000..c809a3b84573
--- /dev/null
+++ b/nixos/modules/services/monitoring/nagios/default.nix
@@ -0,0 +1,186 @@
+# Nagios system/network monitoring daemon.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.nagios;
+
+  nagiosUser = "nagios";
+  nagiosGroup = "nogroup";
+
+  nagiosState = "/var/lib/nagios";
+  nagiosLogDir = "/var/log/nagios";
+
+  nagiosObjectDefs =
+    [ ./timeperiods.cfg
+      ./host-templates.cfg
+      ./service-templates.cfg
+      ./commands.cfg
+    ] ++ cfg.objectDefs;
+
+  nagiosObjectDefsDir = pkgs.runCommand "nagios-objects" {inherit nagiosObjectDefs;}
+    "ensureDir $out; ln -s $nagiosObjectDefs $out/";
+
+  nagiosCfgFile = pkgs.writeText "nagios.cfg"
+    ''
+      # Paths for state and logs.
+      log_file=${nagiosLogDir}/current
+      log_archive_path=${nagiosLogDir}/archive
+      status_file=${nagiosState}/status.dat
+      object_cache_file=${nagiosState}/objects.cache
+      comment_file=${nagiosState}/comment.dat
+      downtime_file=${nagiosState}/downtime.dat
+      temp_file=${nagiosState}/nagios.tmp
+      lock_file=/var/run/nagios.lock # Not used I think.
+      state_retention_file=${nagiosState}/retention.dat
+
+      # Configuration files.
+      #resource_file=resource.cfg
+      cfg_dir=${nagiosObjectDefsDir}
+
+      # Uid/gid that the daemon runs under.
+      nagios_user=${nagiosUser}
+      nagios_group=${nagiosGroup}
+
+      # Misc. options.
+      illegal_macro_output_chars=`~$&|'"<>
+      retain_state_information=1
+    ''; # "
+
+  # Plain configuration for the Nagios web-interface with no
+  # authentication.
+  nagiosCGICfgFile = pkgs.writeText "nagios.cgi.conf"
+    ''
+      main_config_file=${nagiosCfgFile}
+      use_authentication=0
+      url_html_path=/nagios
+    '';
+
+  urlPath = cfg.urlPath;
+
+  extraHttpdConfig =
+    ''
+      ScriptAlias ${urlPath}/cgi-bin ${pkgs.nagios}/sbin
+
+      <Directory "${pkgs.nagios}/sbin">
+        Options ExecCGI
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+        SetEnv NAGIOS_CGI_CONFIG ${nagiosCGICfgFile}
+      </Directory>
+
+      Alias ${urlPath} ${pkgs.nagios}/share
+
+      <Directory "${pkgs.nagios}/share">
+        Options None
+        AllowOverride None
+        Order allow,deny
+        Allow from all
+      </Directory>
+    '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.nagios = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to use <link
+          xlink:href='http://www.nagios.org/'>Nagios</link> to monitor
+          your system or network.
+        ";
+      };
+
+      objectDefs = mkOption {
+        description = "
+          A list of Nagios object configuration files that must define
+          the hosts, host groups, services and contacts for the
+          network that you want Nagios to monitor.
+        ";
+      };
+
+      plugins = mkOption {
+        default = [pkgs.nagiosPluginsOfficial pkgs.ssmtp];
+        description = "
+          Packages to be added to the Nagios <envar>PATH</envar>.
+          Typically used to add plugins, but can be anything.
+        ";
+      };
+
+      enableWebInterface = mkOption {
+        default = false;
+        description = "
+          Whether to enable the Nagios web interface.  You should also
+          enable Apache (<option>services.httpd.enable</option>).
+        ";
+      };
+
+      urlPath = mkOption {
+        default = "/nagios";
+        description = "
+          The URL path under which the Nagios web interface appears.
+          That is, you can access the Nagios web interface through
+          <literal>http://<replaceable>server</replaceable>/<replaceable>urlPath</replaceable></literal>.
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = nagiosUser;
+        uid = config.ids.uids.nagios;
+        description = "Nagios monitoring daemon";
+        home = nagiosState;
+      };
+
+    # This isn't needed, it's just so that the user can type "nagiostats
+    # -c /etc/nagios.cfg".
+    environment.etc = singleton
+      { source = nagiosCfgFile;
+        target = "nagios.cfg";
+      };
+
+    environment.systemPackages = [ pkgs.nagios ];
+
+    jobs.nagios =
+      { description = "Nagios monitoring daemon";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${nagiosState} ${nagiosLogDir}
+            chown ${nagiosUser} ${nagiosState} ${nagiosLogDir}
+          '';
+
+        script =
+          ''
+            for i in ${toString config.services.nagios.plugins}; do
+              export PATH=$i/bin:$i/sbin:$i/libexec:$PATH
+            done
+            exec ${pkgs.nagios}/bin/nagios ${nagiosCfgFile}
+          '';
+      };
+
+    services.httpd.extraConfig = optionalString cfg.enableWebInterface extraHttpdConfig;
+
+  };
+
+}
diff --git a/nixos/modules/services/monitoring/nagios/host-templates.cfg b/nixos/modules/services/monitoring/nagios/host-templates.cfg
new file mode 100644
index 000000000000..3a4c269e2572
--- /dev/null
+++ b/nixos/modules/services/monitoring/nagios/host-templates.cfg
@@ -0,0 +1,27 @@
+define host {
+    name                            generic-host
+    notifications_enabled           1
+    event_handler_enabled           1
+    flap_detection_enabled          1
+    failure_prediction_enabled      1
+    process_perf_data               1
+    retain_status_information       1
+    retain_nonstatus_information    1
+    notification_period             24x7
+    register                        0
+}
+
+
+define host {
+    name                            generic-server
+    use                             generic-host
+    check_period                    24x7
+    max_check_attempts              10
+    check_command                   check-host-alive
+    notification_period             24x7
+    notification_interval           120
+    notification_options            d,u,r
+    contact_groups                  admins
+    register                        0
+    #check_interval                 1
+}
diff --git a/nixos/modules/services/monitoring/nagios/service-templates.cfg b/nixos/modules/services/monitoring/nagios/service-templates.cfg
new file mode 100644
index 000000000000..e729ea77675d
--- /dev/null
+++ b/nixos/modules/services/monitoring/nagios/service-templates.cfg
@@ -0,0 +1,32 @@
+define service {
+    name                            generic-service
+    active_checks_enabled           1
+    passive_checks_enabled          1
+    parallelize_check               1
+    obsess_over_service             1
+    check_freshness                 0
+    notifications_enabled           1
+    event_handler_enabled           1
+    flap_detection_enabled          1
+    failure_prediction_enabled      1
+    process_perf_data               1
+    retain_status_information       1
+    retain_nonstatus_information    1
+    is_volatile                     0
+    register                        0
+}
+
+
+define service {
+    name                            local-service
+    use                             generic-service
+    check_period                    24x7
+    max_check_attempts              4
+    normal_check_interval           5
+    retry_check_interval            1
+    contact_groups                  admins
+    notification_options            w,u,c,r
+    notification_interval           0 # notify only once
+    notification_period             24x7
+    register                        0
+}
diff --git a/nixos/modules/services/monitoring/nagios/timeperiods.cfg b/nixos/modules/services/monitoring/nagios/timeperiods.cfg
new file mode 100644
index 000000000000..2669be54d3db
--- /dev/null
+++ b/nixos/modules/services/monitoring/nagios/timeperiods.cfg
@@ -0,0 +1,11 @@
+define timeperiod {
+    timeperiod_name 24x7
+    alias           24 Hours A Day, 7 Days A Week
+    sunday          00:00-24:00
+    monday          00:00-24:00
+    tuesday         00:00-24:00
+    wednesday       00:00-24:00
+    thursday        00:00-24:00
+    friday          00:00-24:00
+    saturday        00:00-24:00
+}
diff --git a/nixos/modules/services/monitoring/smartd.nix b/nixos/modules/services/monitoring/smartd.nix
new file mode 100644
index 000000000000..512e639721e4
--- /dev/null
+++ b/nixos/modules/services/monitoring/smartd.nix
@@ -0,0 +1,116 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.smartd;
+
+  smartdOpts = { name, ... }: {
+
+    options = {
+
+      device = mkOption {
+        example = "/dev/sda";
+        type = types.str;
+        description = "Location of the device.";
+      };
+
+      options = mkOption {
+        default = "";
+        example = "-d sat";
+        type = types.separatedString " ";
+        description = "Options that determine how smartd monitors the device.";
+      };
+    };
+
+  };
+
+  smartdMail = pkgs.writeScript "smartdmail.sh" ''
+    #! ${pkgs.stdenv.shell}
+    TMPNAM=/tmp/smartd-message.$$.tmp
+    if test -n "$SMARTD_ADDRESS"; then
+      echo  >"$TMPNAM" "From: smartd <root>"
+      echo >>"$TMPNAM" 'To: undisclosed-recipients:;'
+      echo >>"$TMPNAM" "Subject: $SMARTD_SUBJECT"
+      echo >>"$TMPNAM"
+      echo >>"$TMPNAM" "Failure on $SMARTD_DEVICESTRING: $SMARTD_FAILTYPE"
+      echo >>"$TMPNAM"
+      cat  >>"$TMPNAM"
+      ${pkgs.smartmontools}/sbin/smartctl >>"$TMPNAM" -a -d "$SMARTD_DEVICETYPE" "$SMARTD_DEVICE"
+      /var/setuid-wrappers/sendmail  <"$TMPNAM" -f "$SENDER" -i "$SMARTD_ADDRESS"
+    fi
+  '';
+
+  smartdConf = pkgs.writeText "smartd.conf" (concatMapStrings (device:
+    ''
+      ${device.device} -a -m root -M exec ${smartdMail} ${device.options} ${cfg.deviceOpts}
+    ''
+    ) cfg.devices);
+
+  smartdFlags = if (cfg.devices == []) then "" else "--configfile=${smartdConf}";
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.smartd = {
+
+      enable = mkOption {
+        default = false;
+        type = types.bool;
+        example = "true";
+        description = ''
+          Run smartd from the smartmontools package. Note that e-mail
+          notifications will not be enabled unless you configure the list of
+          devices with <varname>services.smartd.devices</varname> as well.
+        '';
+      };
+
+      deviceOpts = mkOption {
+        default = "";
+        type = types.string;
+        example = "-o on -s (S/../.././02|L/../../7/04)";
+        description = ''
+          Additional options for each device that is monitored. The example
+          turns on SMART Automatic Offline Testing on startup, and schedules short
+          self-tests daily, and long self-tests weekly.
+        '';
+      };
+
+      devices = mkOption {
+        default = [];
+        example = [ { device = "/dev/sda"; } { device = "/dev/sdb"; options = "-d sat"; } ];
+        type = types.listOf types.optionSet;
+        options = [ smartdOpts ];
+        description = ''
+          List of devices to monitor. By default -- if this list is empty --,
+          smartd will monitor all devices connected to the machine at the time
+          it's being run. Configuring this option has the added benefit of
+          enabling e-mail notifications to "root" every time smartd detects an
+          error.
+        '';
+       };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    systemd.services.smartd = {
+      description = "S.M.A.R.T. Daemon";
+
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig.ExecStart = "${pkgs.smartmontools}/sbin/smartd --no-fork ${smartdFlags}";
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/monitoring/statsd.nix b/nixos/modules/services/monitoring/statsd.nix
new file mode 100644
index 000000000000..979debefdd9f
--- /dev/null
+++ b/nixos/modules/services/monitoring/statsd.nix
@@ -0,0 +1,108 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.statsd;
+
+  configFile = pkgs.writeText "statsd.conf" ''
+    {
+      host: "${cfg.host}",
+      port: "${toString cfg.port}",
+      mgmt_address: "${cfg.mgmt_address}",
+      mgmt_port: "${toString cfg.mgmt_port}",
+      backends: [${concatMapStrings (el: ''"./backends/${el}",'') cfg.backends}],
+      graphiteHost: "${cfg.graphiteHost}",
+      graphitePort: "${toString cfg.graphitePort}",
+      ${cfg.extraConfig}
+    }
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options.services.statsd = {
+
+    enable = mkOption {
+      description = "Whether to enable statsd stats aggregation service";
+      default = false;
+      type = types.uniq types.bool;
+    };
+
+    host = mkOption {
+      description = "Address that statsd listens on over UDP";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    port = mkOption {
+      description = "Port that stats listens for messages on over UDP";
+      default = 8125;
+      type = types.uniq types.int;
+    };
+
+    mgmt_address = mkOption {
+      description = "Address to run managment TCP interface on";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    mgmt_port = mkOption {
+      description = "Port to run the management TCP interface on";
+      default = 8126;
+      type = types.uniq types.int;
+    };
+
+    backends = mkOption {
+      description = "List of backends statsd will use for data persistance";
+      default = ["graphite"];
+    };
+
+    graphiteHost = mkOption {
+      description = "Hostname or IP of Graphite server";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    graphitePort = mkOption {
+      description = "Port of Graphite server";
+      default = 2003;
+      type = types.uniq types.int;
+    };
+
+    extraConfig = mkOption {
+      default = "";
+      description = "Extra configuration options for statsd";
+      type = types.str;
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton {
+      name = "statsd";
+      uid = config.ids.uids.statsd;
+      description = "Statsd daemon user";
+    };
+
+    systemd.services.statsd = {
+      description = "Statsd Server";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = "${pkgs.nodePackages.statsd}/bin/statsd ${configFile}";
+        User = "statsd";
+      };
+    };
+
+    environment.systemPackages = [pkgs.nodePackages.statsd];
+
+  };
+
+}
diff --git a/nixos/modules/services/monitoring/systemhealth.nix b/nixos/modules/services/monitoring/systemhealth.nix
new file mode 100644
index 000000000000..0a3e666ad4e7
--- /dev/null
+++ b/nixos/modules/services/monitoring/systemhealth.nix
@@ -0,0 +1,133 @@
+{config, pkgs, ...}:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.systemhealth;
+
+  systemhealth = with pkgs; stdenv.mkDerivation {
+    name = "systemhealth-1.0";
+    src = fetchurl {
+      url = "http://www.brianlane.com/static/downloads/systemhealth/systemhealth-1.0.tar.bz2";
+      sha256 = "1q69lz7hmpbdpbz36zb06nzfkj651413n9icx0njmyr3xzq1j9qy";
+    };
+    buildInputs = [ python ];
+    installPhase = ''
+      ensureDir $out/bin
+      # Make it work for kernels 3.x, not so different than 2.6
+      sed -i 's/2\.6/4.0/' system_health.py
+      cp system_health.py $out/bin
+    '';
+  };
+
+  rrdDir = "/var/lib/health/rrd";
+  htmlDir = "/var/lib/health/html";
+
+  configFile = rrdDir + "/.syshealthrc";
+  # The program will try to read $HOME/.syshealthrc, so we set the proper home.
+  command = "HOME=${rrdDir} ${systemhealth}/bin/system_health.py";
+
+  cronJob = ''
+    */5 * * * * wwwrun ${command} --log
+    5 * * * * wwwrun ${command} --graph
+  '';
+
+  nameEqualName = s: "${s} = ${s}";
+  interfacesSection = concatStringsSep "\n" (map nameEqualName cfg.interfaces);
+
+  driveLine = d: "${d.path} = ${d.name}";
+  drivesSection = concatStringsSep "\n" (map driveLine cfg.drives);
+
+in
+{
+  options = {
+    services.systemhealth = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable the system health monitor and its generation of graphs.
+        '';
+      };
+
+      urlPrefix = mkOption {
+        default = "/health";
+        description = ''
+          The URL prefix under which the System Health web pages appear in httpd.
+        '';
+      };
+
+      interfaces = mkOption {
+        default = [ "lo" ];
+        example = [ "lo" "eth0" "eth1" ];
+        description = ''
+          Interfaces to monitor (minimum one).
+        '';
+      };
+
+      drives = mkOption {
+        default = [ ];
+        example = [ { name = "root"; path = "/"; } ];
+        description = ''
+          Drives to monitor.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.cron.systemCronJobs = [ cronJob ];
+
+    system.activationScripts.systemhealth = stringAfter [ "var" ]
+      ''
+        mkdir -p ${rrdDir} ${htmlDir}
+        chown wwwrun:wwwrun ${rrdDir} ${htmlDir}
+
+        cat >${configFile} << EOF
+        [paths]
+        rrdtool = ${pkgs.rrdtool}/bin/rrdtool
+        loadavg_rrd = loadavg
+        ps = /run/current-system/sw/bin/ps
+        df = /run/current-system/sw/bin/df
+        meminfo_rrd = meminfo
+        uptime_rrd = uptime
+        rrd_path = ${rrdDir}
+        png_path = ${htmlDir}
+
+        [processes]
+
+        [interfaces]
+        ${interfacesSection}
+
+        [drives]
+        ${drivesSection}
+
+        [graphs]
+        width = 400
+        time = ['-3hours', '-32hours', '-8days', '-5weeks', '-13months']
+        height = 100
+
+        [external]
+
+        EOF
+
+        chown wwwrun:wwwrun ${configFile}
+
+        ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --check" wwwrun
+        ${pkgs.su}/bin/su -s "/bin/sh" -c "${command} --html" wwwrun
+      '';
+
+    services.httpd.extraSubservices = [
+      { function = f: {
+          extraConfig = ''
+            Alias ${cfg.urlPrefix} ${htmlDir}
+
+            <Directory ${htmlDir}>
+                Order allow,deny
+                Allow from all
+            </Directory>
+          '';
+        };
+      }
+    ];
+  };
+}
diff --git a/nixos/modules/services/monitoring/ups.nix b/nixos/modules/services/monitoring/ups.nix
new file mode 100644
index 000000000000..c00f4bad9351
--- /dev/null
+++ b/nixos/modules/services/monitoring/ups.nix
@@ -0,0 +1,275 @@
+{config, pkgs, ...}:
+
+# TODO: This is not secure, have a look at the file docs/security.txt inside
+# the project sources.
+with pkgs.lib;
+
+let
+  cfg = config.power.ups;
+in
+
+let
+  upsOptions = {name, config, ...}:
+  {
+    options = {
+      # This can be infered from the UPS model by looking at
+      # /nix/store/nut/share/driver.list
+      driver = mkOption {
+        type = types.str;
+        description = ''
+          Specify the program to run to talk to this UPS.  apcsmart,
+          bestups, and sec are some examples.
+        '';
+      };
+
+      port = mkOption {
+        type = types.str;
+        description = ''
+          The serial port to which your UPS is connected.  /dev/ttyS0 is
+          usually the first port on Linux boxes, for example.
+        '';
+      };
+
+      shutdownOrder = mkOption {
+        default = 0;
+        type = types.uniq types.int;
+        description = ''
+          When you have multiple UPSes on your system, you usually need to
+          turn them off in a certain order.  upsdrvctl shuts down all the
+          0s, then the 1s, 2s, and so on.  To exclude a UPS from the
+          shutdown sequence, set this to -1.
+        '';
+      };
+
+      maxStartDelay = mkOption {
+        default = null;
+        type = types.uniq (types.nullOr types.int);
+        description = ''
+          This can be set as a global variable above your first UPS
+          definition and it can also be set in a UPS section.  This value
+          controls how long upsdrvctl will wait for the driver to finish
+          starting.  This keeps your system from getting stuck due to a
+          broken driver or UPS.
+        '';
+      };
+
+      description = mkOption {
+        default = "";
+        type = types.string;
+        description = ''
+          Description of the UPS.
+        '';
+      };
+
+      directives = mkOption {
+        default = [];
+        type = types.listOf types.string;
+        description = ''
+          List of configuration directives for this UPS.
+        '';
+      };
+
+      summary = mkOption {
+        default = "";
+        type = types.string;
+        description = ''
+          Lines which would be added inside ups.conf for handling this UPS.
+        '';
+      };
+
+    };
+
+    config = {
+      directives = mkHeader ([
+        "driver = ${config.driver}"
+        "port = ${config.port}"
+        ''desc = "${config.description}"''
+        "sdorder = ${toString config.shutdownOrder}"
+      ] ++ (optional (config.maxStartDelay != null)
+            "maxstartdelay = ${toString config.maxStartDelay}")
+      );
+
+      summary =
+        concatStringsSep "\n      "
+          (["[${name}]"] ++ config.directives);
+    };
+  };
+
+in
+
+
+{
+  options = {
+    # powerManagement.powerDownCommands
+
+    power.ups = {
+      enable = mkOption {
+        default = false;
+        type = with types; bool;
+        description = ''
+          Enables support for Power Devices, such as Uninterruptible Power
+          Supplies, Power Distribution Units and Solar Controllers.
+        '';
+      };
+
+      # This option is not used yet.
+      mode = mkOption {
+        default = "standalone";
+        type = types.str;
+        description = ''
+          The MODE determines which part of the NUT is to be started, and
+          which configuration files must be modified.
+
+          The values of MODE can be:
+
+          - none: NUT is not configured, or use the Integrated Power
+            Management, or use some external system to startup NUT
+            components. So nothing is to be started.
+
+          - standalone: This mode address a local only configuration, with 1
+            UPS protecting the local system. This implies to start the 3 NUT
+            layers (driver, upsd and upsmon) and the matching configuration
+            files. This mode can also address UPS redundancy.
+
+          - netserver: same as for the standalone configuration, but also
+            need some more ACLs and possibly a specific LISTEN directive in
+            upsd.conf.  Since this MODE is opened to the network, a special
+            care should be applied to security concerns.
+
+          - netclient: this mode only requires upsmon.
+        '';
+      };
+
+      schedulerRules = mkOption {
+        example = "/etc/nixos/upssched.conf";
+        type = types.str;
+        description = ''
+          File which contains the rules to handle UPS events.
+        '';
+      };
+
+
+      maxStartDelay = mkOption {
+        default = 45;
+        type = types.uniq types.int;
+        description = ''
+          This can be set as a global variable above your first UPS
+          definition and it can also be set in a UPS section.  This value
+          controls how long upsdrvctl will wait for the driver to finish
+          starting.  This keeps your system from getting stuck due to a
+          broken driver or UPS.
+        '';
+      };
+
+      ups = mkOption {
+        default = {};
+        # see nut/etc/ups.conf.sample
+        description = ''
+          This is where you configure all the UPSes that this system will be
+          monitoring directly.  These are usually attached to serial ports,
+          but USB devices are also supported.
+        '';
+        type = types.attrsOf types.optionSet;
+        options = [ upsOptions ];
+      };
+
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.nut ];
+
+    jobs.upsmon = {
+      description = "Uninterruptible Power Supplies (Monitor)";
+      startOn = "ip-up";
+      daemonType = "fork";
+      exec = ''${pkgs.nut}/sbin/upsmon'';
+      environment.NUT_CONFPATH = "/etc/nut/";
+      environment.NUT_STATEPATH = "/var/lib/nut/";
+    };
+
+    jobs.upsd = {
+      description = "Uninterruptible Power Supplies (Daemon)";
+      startOn = "started network-interfaces and started upsmon";
+      daemonType = "fork";
+      # TODO: replace 'root' by another username.
+      exec = ''${pkgs.nut}/sbin/upsd -u root'';
+      environment.NUT_CONFPATH = "/etc/nut/";
+      environment.NUT_STATEPATH = "/var/lib/nut/";
+    };
+
+    jobs.upsdrv = {
+      description = "Uninterruptible Power Supplies (Register all UPS)";
+      startOn = "started upsd";
+      # TODO: replace 'root' by another username.
+      exec = ''${pkgs.nut}/bin/upsdrvctl -u root start'';
+      task = true;
+      environment.NUT_CONFPATH = "/etc/nut/";
+      environment.NUT_STATEPATH = "/var/lib/nut/";
+    };
+
+    environment.etc = [
+      { source = pkgs.writeText "nut.conf"
+        ''
+          MODE = ${cfg.mode}
+        '';
+        target = "nut/nut.conf";
+      }
+      { source = pkgs.writeText "ups.conf"
+        ''
+          maxstartdelay = ${toString cfg.maxStartDelay}
+
+          ${flip concatStringsSep (flip map (attrValues cfg.ups) (ups: ups.summary)) "
+
+          "}
+        '';
+        target = "nut/ups.conf";
+      }
+      { source = cfg.schedulerRules;
+        target = "nut/upssched.conf";
+      }
+      # These file are containing private informations and thus should not
+      # be stored inside the Nix store.
+      /*
+      { source = ;
+        target = "nut/upsd.conf";
+      }
+      { source = ;
+        target = "nut/upsd.users";
+      }
+      { source = ;
+        target = "nut/upsmon.conf;
+      }
+      */
+    ];
+
+    power.ups.schedulerRules = mkDefault "${pkgs.nut}/etc/upssched.conf.sample";
+
+    system.activationScripts.upsSetup = stringAfter [ "users" "groups" ]
+      ''
+        # Used to store pid files of drivers.
+        mkdir -p /var/state/ups
+      '';
+
+
+/*
+    users.extraUsers = [
+      { name = "nut";
+        uid = 84;
+        home = "/var/lib/nut";
+        createHome = true;
+        group = "nut";
+        description = "UPnP A/V Media Server user";
+      }
+    ];
+
+    users.extraGroups = [
+      { name = "nut";
+        gid = 84;
+      }
+    ];
+*/
+
+  };
+}
diff --git a/nixos/modules/services/monitoring/uptime.nix b/nixos/modules/services/monitoring/uptime.nix
new file mode 100644
index 000000000000..553110d7b80c
--- /dev/null
+++ b/nixos/modules/services/monitoring/uptime.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+let
+  inherit (pkgs.lib) mkOption mkEnableOption mkIf mkMerge types optionalAttrs optional;
+
+  cfg = config.services.uptime;
+
+  configDir = pkgs.runCommand "config" {} (if cfg.configFile != null then ''
+    mkdir $out
+    ext=`echo ${cfg.configFile} | grep -o \\..*`
+    ln -sv ${cfg.configFile} $out/default$ext
+    ln -sv /var/lib/uptime/runtime.json $out/runtime.json
+  '' else ''
+    mkdir $out
+    cat ${pkgs.nodePackages.node-uptime}/lib/node_modules/node-uptime/config/default.yaml > $out/default.yaml
+    cat >> $out/default.yaml <<EOF
+
+    autoStartMonitor: false
+
+    mongodb:
+      connectionString: 'mongodb://localhost/uptime'
+    EOF
+    ln -sv /var/lib/uptime/runtime.json $out/runtime.json
+  '');
+in {
+  options.services.uptime = {
+    configFile = mkOption {
+      description = ''
+        The uptime configuration file
+
+        If mongodb: server != localhost, please set usesRemoteMongo = true
+
+        If you only want to run the monitor, please set enableWebService = false
+        and enableSeparateMonitoringService = true
+
+        If autoStartMonitor: false (recommended) and you want to run both
+        services, please set enableSeparateMonitoringService = true
+      '';
+
+      type = types.nullOr types.path;
+
+      default = null;
+    };
+
+    usesRemoteMongo = mkOption {
+      description = "Whether the configuration file specifies a remote mongo instance";
+
+      default = false;
+
+      type = types.bool;
+    };
+
+    enableWebService = mkEnableOption "the uptime monitoring program web service";
+
+    enableSeparateMonitoringService = mkEnableOption "the uptime monitoring service" // { default = cfg.enableWebService; };
+
+    nodeEnv = mkOption {
+      description = "The node environment to run in (development, production, etc.)";
+
+      type = types.string;
+
+      default = "production";
+    };
+  };
+
+  config = mkMerge [ (mkIf cfg.enableWebService {
+    systemd.services.uptime = {
+      description = "uptime web service";
+      wantedBy = [ "multi-user.target" ];
+      environment = {
+        NODE_CONFIG_DIR = configDir;
+        NODE_ENV = cfg.nodeEnv;
+        NODE_PATH = "${pkgs.nodePackages.node-uptime}/lib/node_modules/node-uptime/node_modules";
+      };
+      preStart = "mkdir -p /var/lib/uptime";
+      serviceConfig.ExecStart = "${pkgs.nodejs}/bin/node ${pkgs.nodePackages.node-uptime}/lib/node_modules/node-uptime/app.js";
+    };
+
+    services.mongodb.enable = mkIf (!cfg.usesRemoteMongo) true;
+  }) (mkIf cfg.enableSeparateMonitoringService {
+    systemd.services.uptime-monitor = {
+      description = "uptime monitoring service";
+      wantedBy = [ "multi-user.target" ];
+      requires = optional cfg.enableWebService "uptime.service";
+      after = optional cfg.enableWebService "uptime.service";
+      environment = {
+        NODE_CONFIG_DIR = configDir;
+        NODE_ENV = cfg.nodeEnv;
+        NODE_PATH = "${pkgs.nodePackages.node-uptime}/lib/node_modules/node-uptime/node_modules";
+      };
+      # Ugh, need to wait for web service to be up
+      preStart = if cfg.enableWebService then "sleep 1s" else "mkdir -p /var/lib/uptime";
+      serviceConfig.ExecStart = "${pkgs.nodejs}/bin/node ${pkgs.nodePackages.node-uptime}/lib/node_modules/node-uptime/monitor.js";
+    };
+  }) ];
+}
diff --git a/nixos/modules/services/monitoring/zabbix-agent.nix b/nixos/modules/services/monitoring/zabbix-agent.nix
new file mode 100644
index 000000000000..229236c1bbd4
--- /dev/null
+++ b/nixos/modules/services/monitoring/zabbix-agent.nix
@@ -0,0 +1,100 @@
+# Zabbix agent daemon.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.zabbixAgent;
+
+  stateDir = "/var/run/zabbix";
+
+  logDir = "/var/log/zabbix";
+
+  pidFile = "${stateDir}/zabbix_agentd.pid";
+
+  configFile = pkgs.writeText "zabbix_agentd.conf"
+    ''
+      Server = ${cfg.server}
+
+      LogFile = ${logDir}/zabbix_agentd
+
+      PidFile = ${pidFile}
+
+      StartAgents = 1
+
+      ${config.services.zabbixAgent.extraConfig}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.zabbixAgent = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the Zabbix monitoring agent on this machine.
+          It will send monitoring data to a Zabbix server.
+        '';
+      };
+
+      server = mkOption {
+        default = "127.0.0.1";
+        description = ''
+          The IP address or hostname of the Zabbix server to connect to.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = ''
+          Configuration that is injected verbatim into the configuration file.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = "zabbix";
+        uid = config.ids.uids.zabbix;
+        description = "Zabbix daemon user";
+      };
+
+    systemd.services."zabbix-agent" =
+      { description = "Zabbix Agent";
+
+        wantedBy = [ "multi-user.target" ];
+
+        path = [ pkgs.nettools ];
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir} ${logDir}
+            chown zabbix ${stateDir} ${logDir}
+          '';
+
+        serviceConfig.ExecStart = "@${pkgs.zabbix.agent}/sbin/zabbix_agentd zabbix_agentd --config ${configFile}";
+        serviceConfig.Type = "forking";
+        serviceConfig.RemainAfterExit = true;
+        serviceConfig.Restart = "always";
+        serviceConfig.RestartSec = 2;
+      };
+
+    environment.systemPackages = [ pkgs.zabbix.agent ];
+
+  };
+
+}
diff --git a/nixos/modules/services/monitoring/zabbix-server.nix b/nixos/modules/services/monitoring/zabbix-server.nix
new file mode 100644
index 000000000000..6735b4ca3279
--- /dev/null
+++ b/nixos/modules/services/monitoring/zabbix-server.nix
@@ -0,0 +1,113 @@
+# Zabbix server daemon.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.zabbixServer;
+
+  stateDir = "/var/run/zabbix";
+
+  logDir = "/var/log/zabbix";
+
+  libDir = "/var/lib/zabbix";
+
+  pidFile = "${stateDir}/zabbix_server.pid";
+
+  configFile = pkgs.writeText "zabbix_server.conf"
+    ''
+      LogFile = ${logDir}/zabbix_server
+
+      PidFile = ${pidFile}
+
+      ${optionalString (cfg.dbServer != "localhost") ''
+        DBHost = ${cfg.dbServer}
+      ''}
+
+      DBName = zabbix
+
+      DBUser = zabbix
+
+      ${optionalString (cfg.dbPassword != "") ''
+        DBPassword = ${cfg.dbPassword}
+      ''}
+    '';
+
+  useLocalPostgres = cfg.dbServer == "localhost" || cfg.dbServer == "";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.zabbixServer.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to run the Zabbix server on this machine.
+      '';
+    };
+
+    services.zabbixServer.dbServer = mkOption {
+      default = "localhost";
+      description = ''
+        Hostname or IP address of the database server.
+        Use an empty string ("") to use peer authentication.
+      '';
+    };
+
+    services.zabbixServer.dbPassword = mkOption {
+      default = "";
+      description = "Password used to connect to the database server.";
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.postgresql.enable = useLocalPostgres;
+
+    users.extraUsers = singleton
+      { name = "zabbix";
+        uid = config.ids.uids.zabbix;
+        description = "Zabbix daemon user";
+      };
+
+    systemd.services."zabbix-server" =
+      { description = "Zabbix Server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = optional useLocalPostgres "postgresql.service";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir} ${logDir} ${libDir}
+            chown zabbix ${stateDir} ${logDir} ${libDir}
+
+            if ! test -e "${libDir}/db-created"; then
+                ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole zabbix || true
+                ${pkgs.postgresql}/bin/createdb --owner zabbix zabbix || true
+                cat ${pkgs.zabbix.server}/share/zabbix/db/schema/postgresql.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix'
+                cat ${pkgs.zabbix.server}/share/zabbix/db/data/images_pgsql.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix'
+                cat ${pkgs.zabbix.server}/share/zabbix/db/data/data.sql | ${pkgs.su}/bin/su -s "$SHELL" zabbix -c '${pkgs.postgresql}/bin/psql zabbix'
+                touch "${libDir}/db-created"
+            fi
+          '';
+
+        path = [ pkgs.nettools ];
+
+        serviceConfig.ExecStart = "@${pkgs.zabbix.server}/sbin/zabbix_server zabbix_server --config ${configFile}";
+        serviceConfig.Type = "forking";
+        serviceConfig.Restart = "always";
+        serviceConfig.RestartSec = 2;
+        serviceConfig.PIDFile = pidFile;
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/network-filesystems/drbd.nix b/nixos/modules/services/network-filesystems/drbd.nix
new file mode 100644
index 000000000000..1a00ccab0a61
--- /dev/null
+++ b/nixos/modules/services/network-filesystems/drbd.nix
@@ -0,0 +1,77 @@
+# Support for DRBD, the Distributed Replicated Block Device.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.drbd; in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.drbd.enable = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Whether to enable support for DRBD, the Distributed Replicated
+        Block Device.
+      '';
+    };
+
+    services.drbd.config = mkOption {
+      default = "";
+      type = types.string;
+      description = ''
+        Contents of the <filename>drbd.conf</filename> configuration file.
+      '';
+    };
+
+  };
+
+  
+  ###### implementation
+
+  config = mkIf cfg.enable {
+  
+    environment.systemPackages = [ pkgs.drbd ];
+    
+    services.udev.packages = [ pkgs.drbd ];
+
+    boot.kernelModules = [ "drbd" ];
+
+    boot.extraModprobeConfig =
+      ''
+        options drbd usermode_helper=/run/current-system/sw/sbin/drbdadm
+      '';
+
+    environment.etc = singleton
+      { source = pkgs.writeText "drbd.conf" cfg.config;
+        target = "drbd.conf";
+      };
+
+    jobs.drbd_up =
+      { name = "drbd-up";
+        startOn = "stopped udevtrigger or ip-up";
+        task = true;
+        script =
+          ''
+            ${pkgs.drbd}/sbin/drbdadm up all
+          '';
+      };
+    
+    jobs.drbd_down =
+      { name = "drbd-down";
+        startOn = "starting shutdown";
+        task = true;
+        script =
+          ''
+            ${pkgs.drbd}/sbin/drbdadm down all
+          '';
+      };
+    
+  };
+  
+}
diff --git a/nixos/modules/services/network-filesystems/nfsd.nix b/nixos/modules/services/network-filesystems/nfsd.nix
new file mode 100644
index 000000000000..4daa5e9d0639
--- /dev/null
+++ b/nixos/modules/services/network-filesystems/nfsd.nix
@@ -0,0 +1,147 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.nfs.server;
+
+  exports = pkgs.writeText "exports" cfg.exports;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.nfs = {
+
+      server = {
+        enable = mkOption {
+          default = false;
+          description = ''
+            Whether to enable the kernel's NFS server.
+          '';
+        };
+
+        exports = mkOption {
+          default = "";
+          description = ''
+            Contents of the /etc/exports file.  See
+            <citerefentry><refentrytitle>exports</refentrytitle>
+            <manvolnum>5</manvolnum></citerefentry> for the format.
+          '';
+        };
+
+        hostName = mkOption {
+          default = null;
+          description = ''
+            Hostname or address on which NFS requests will be accepted.
+            Default is all.  See the <option>-H</option> option in
+            <citerefentry><refentrytitle>nfsd</refentrytitle>
+            <manvolnum>8</manvolnum></citerefentry>.
+          '';
+        };
+
+        nproc = mkOption {
+          default = 8;
+          description = ''
+            Number of NFS server threads.  Defaults to the recommended value of 8.
+          '';
+        };
+
+        createMountPoints = mkOption {
+          default = false;
+          description = "Whether to create the mount points in the exports file at startup time.";
+        };
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.rpcbind.enable = true;
+
+    boot.supportedFilesystems = [ "nfs" ]; # needed for statd and idmapd
+
+    environment.systemPackages = [ pkgs.nfsUtils ];
+
+    environment.etc = singleton
+      { source = exports;
+        target = "exports";
+      };
+
+    boot.kernelModules = [ "nfsd" ];
+
+    systemd.services.nfsd =
+      { description = "NFS Server";
+
+        wantedBy = [ "multi-user.target" ];
+
+        requires = [ "rpcbind.service" "mountd.service" ];
+        after = [ "rpcbind.service" "mountd.service" "idmapd.service" ];
+        before = [ "statd.service" ];
+
+        path = [ pkgs.nfsUtils ];
+
+        script =
+          ''
+            # Create a state directory required by NFSv4.
+            mkdir -p /var/lib/nfs/v4recovery
+
+            rpc.nfsd \
+              ${if cfg.hostName != null then "-H ${cfg.hostName}" else ""} \
+              ${builtins.toString cfg.nproc}
+          '';
+
+        postStop = "rpc.nfsd 0";
+
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
+      };
+
+    systemd.services.mountd =
+      { description = "NFSv3 Mount Daemon";
+
+        requires = [ "rpcbind.service" ];
+        after = [ "rpcbind.service" ];
+
+        path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];
+
+        preStart =
+          ''
+            mkdir -p /var/lib/nfs
+            touch /var/lib/nfs/rmtab
+
+            mountpoint -q /proc/fs/nfsd || mount -t nfsd none /proc/fs/nfsd
+
+            ${optionalString cfg.createMountPoints
+              ''
+                # create export directories:
+                # skip comments, take first col which may either be a quoted
+                # "foo bar" or just foo (-> man export)
+                sed '/^#.*/d;s/^"\([^"]*\)".*/\1/;t;s/[ ].*//' ${exports} \
+                | xargs -d '\n' mkdir -p
+              ''
+            }
+
+            exportfs -rav
+          '';
+
+        restartTriggers = [ exports ];
+
+        serviceConfig.Type = "forking";
+        serviceConfig.ExecStart = "@${pkgs.nfsUtils}/sbin/rpc.mountd rpc.mountd";
+        serviceConfig.Restart = "always";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/network-filesystems/openafs-client/default.nix b/nixos/modules/services/network-filesystems/openafs-client/default.nix
new file mode 100644
index 000000000000..4a888b64bd34
--- /dev/null
+++ b/nixos/modules/services/network-filesystems/openafs-client/default.nix
@@ -0,0 +1,90 @@
+{ config, pkgs, ... }:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+
+  cfg = config.services.openafsClient;
+
+  cellServDB = pkgs.fetchurl {
+    url = http://dl.central.org/dl/cellservdb/CellServDB.2009-06-29;
+    sha256 = "be566f850e88130333ab8bc3462872ad90c9482e025c60a92f728b5bac1b4fa9";
+  };
+
+  afsConfig = pkgs.runCommand "afsconfig" {} ''
+    ensureDir $out
+    echo ${cfg.cellName} > $out/ThisCell
+    cp ${cellServDB} $out/CellServDB
+    echo "/afs:${cfg.cacheDirectory}:${cfg.cacheSize}" > $out/cacheinfo
+  '';
+
+  openafsPkgs = config.boot.kernelPackages.openafsClient;
+in
+{
+  ###### interface
+
+  options = {
+
+    services.openafsClient = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the OpenAFS client.";
+      };
+
+      cellName = mkOption {
+        default = "grand.central.org";
+        description = "Cell name.";
+      };
+
+      cacheSize = mkOption {
+        default = "100000";
+        description = "Cache size.";
+      };
+
+      cacheDirectory = mkOption {
+        default = "/var/cache/openafs";
+        description = "Cache directory.";
+      };
+
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ openafsPkgs ];
+
+    environment.etc = [
+      { source = afsConfig;
+        target = "openafs";
+      }
+    ];
+
+    jobs.openafsClient =
+      { name = "afsd";
+
+        description = "AFS client";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+	preStart = ''
+	  mkdir -m 0755 /afs || true
+	  mkdir -m 0755 -p ${cfg.cacheDirectory} || true
+          ${pkgs.module_init_tools}/sbin/insmod ${openafsPkgs}/lib/openafs/libafs-*.ko || true
+          ${openafsPkgs}/sbin/afsd -confdir ${afsConfig} -cachedir ${cfg.cacheDirectory} -dynroot -fakestat
+	'';
+
+	postStop = ''
+	  umount /afs
+          ${openafsPkgs}/sbin/afsd -shutdown
+	  rmmod libafs
+	'';
+
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/network-filesystems/samba.nix b/nixos/modules/services/network-filesystems/samba.nix
new file mode 100644
index 000000000000..e18d9d7b67b5
--- /dev/null
+++ b/nixos/modules/services/network-filesystems/samba.nix
@@ -0,0 +1,237 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.samba;
+
+  user = "smbguest";
+  group = "smbguest";
+
+  logDir = "/var/log/samba";
+  privateDir = "/var/samba/private";
+
+  inherit (pkgs) samba;
+
+  setupScript =
+    ''
+      if ! test -d /home/smbd ; then
+        mkdir -p /home/smbd
+        chown ${user} /home/smbd
+        chmod a+rwx /home/smbd
+      fi
+
+      if ! test -d /var/samba ; then
+        mkdir -p /var/samba/locks /var/samba/cores/nmbd  /var/samba/cores/smbd /var/samba/cores/winbindd
+      fi
+
+      passwdFile="$(${pkgs.gnused}/bin/sed -n 's/^.*smb[ ]\+passwd[ ]\+file[ ]\+=[ ]\+\(.*\)/\1/p' ${configFile})"
+      if [ -n "$passwdFile" ]; then
+        echo 'INFO: [samba] creating directory containing passwd file'
+        mkdir -p "$(dirname "$passwdFile")"
+      fi
+
+      mkdir -p ${logDir}
+      mkdir -p ${privateDir}
+    '';
+
+  configFile = pkgs.writeText "smb.conf"
+    ''
+      [ global ]
+      log file = ${logDir}/log.%m
+      private dir = ${privateDir}
+      ${optionalString cfg.syncPasswordsByPam "pam password change = true"}
+
+      ${if cfg.defaultShare.enable then ''
+      [default]
+      path = /home/smbd
+      read only = ${if cfg.defaultShare.writeable then "no" else "yes"}
+      guest ok = ${if cfg.defaultShare.guest then "yes" else "no"}
+      ''else ""}
+
+      ${cfg.extraConfig}
+    '';
+
+  # This may include nss_ldap, needed for samba if it has to use ldap.
+  nssModulesPath = config.system.nssModules.path;
+
+  daemonService = appName: args:
+    { description = "Samba Service daemon ${appName}";
+
+      wantedBy = [ "samba.target" ];
+      partOf = [ "samba.target" ];
+
+      environment = {
+        LD_LIBRARY_PATH = nssModulesPath;
+        LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+      };
+
+      serviceConfig = {
+        ExecStart = "${samba}/sbin/${appName} ${args}";
+        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      };
+
+      restartTriggers = [ configFile ];
+    };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    # !!! clean up the descriptions.
+
+    services.samba = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable Samba, which provides file and print
+          services to Windows clients through the SMB/CIFS protocol.
+        ";
+      };
+
+      syncPasswordsByPam = mkOption {
+        default = false;
+        description = "
+          enabling this will add a line directly after pam_unix.so.
+          Whenever a password is changed the samba password will be updated as well.
+          However you still yave to add the samba password once using smbpasswd -a user
+          If you don't want to maintain an extra pwd database you still can send plain text
+          passwords which is not secure.
+        ";
+      };
+
+      extraConfig = mkOption {
+        # !!! Bad default.
+        default = ''
+          # [global] continuing global section here, section is started by nix to set pids etc
+
+            smb passwd file = /etc/samba/passwd
+
+            # is this useful ?
+            domain master = auto
+
+            encrypt passwords = Yes
+            client plaintext auth = No
+
+            # yes: if you use this you probably also want to enable syncPasswordsByPam
+            # no: You can still use the pam password database. However
+            # passwords will be sent plain text on network (discouraged)
+
+            workgroup = Users
+            server string = %h
+            comment = Samba
+            log file = /var/log/samba/log.%m
+            log level = 10
+            max log size = 50000
+            security = ${cfg.securityType}
+
+            client lanman auth = Yes
+            dns proxy = no
+            invalid users = root
+            passdb backend = tdbsam
+            passwd program = /usr/bin/passwd %u
+        '';
+
+        description = "
+          additional global section and extra section lines go in here.
+        ";
+      };
+
+      configFile = mkOption {
+        description = "
+          internal use to pass filepath to samba pam module
+        ";
+      };
+
+      defaultShare = {
+        enable = mkOption {
+          description = "Whether to share /home/smbd as 'default'.";
+          default = false;
+        };
+        writeable = mkOption {
+          description = "Whether to allow write access to default share.";
+          default = false;
+        };
+        guest = mkOption {
+          description = "Whether to allow guest access to default share.";
+          default = true;
+        };
+      };
+
+      securityType = mkOption {
+        description = "Samba security type";
+        default = "user";
+        example = "share";
+      };
+
+      nsswins = mkOption {
+        default = false;
+        type = types.uniq types.bool;
+        description = ''
+          Whether to enable the WINS NSS (Name Service Switch) plug-in.
+          Enabling it allows applications to resolve WINS/NetBIOS names (a.k.a.
+          Windows machine names) by transparently querying the winbindd daemon.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkMerge
+    [ { # Always provide a smb.conf to shut up programs like smbclient and smbspool.
+        environment.etc = singleton
+          { source =
+              if cfg.enable then configFile
+              else pkgs.writeText "smb-dummy.conf" "# Samba is disabled.";
+            target = "samba/smb.conf";
+          };
+      }
+
+      (mkIf config.services.samba.enable {
+
+        users.extraUsers.smbguest = {
+          description = "Samba service user";
+          group = group;
+          uid = config.ids.uids.smbguest;
+        };
+
+        users.extraGroups.smbguest.gid = config.ids.uids.smbguest;
+
+        system.nssModules = optional cfg.nsswins samba;
+
+        systemd = {
+          targets.samba = {
+            description = "Samba server";
+            requires = [ "samba-setup.service" ];
+            after = [ "samba-setup.service" "network.target" ];
+            wantedBy = [ "multi-user.target" ];
+          };
+
+          services = {
+            "samba-nmbd" = daemonService "nmbd" "-F";
+            "samba-smbd" = daemonService "smbd" "-F";
+            "samba-winbindd" = daemonService "winbindd" "-F";
+            "samba-setup" = {
+              description = "Samba setup task";
+              script = setupScript;
+              unitConfig.RequiresMountsFor = "/home/smbd /var/samba /var/log/samba";
+            };
+          };
+        };
+
+        security.pam.services.sambda = {};
+
+      })
+    ];
+
+}
diff --git a/nixos/modules/services/networking/amuled.nix b/nixos/modules/services/networking/amuled.nix
new file mode 100644
index 000000000000..8652d0daf4c8
--- /dev/null
+++ b/nixos/modules/services/networking/amuled.nix
@@ -0,0 +1,78 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.amule;
+  user = if cfg.user != null then cfg.user else "amule";
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.amule = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the AMule daemon. You need to manually run "amuled --ec-config" to configure the service for the first time.
+        '';
+      };
+
+      dataDir = mkOption {
+        default = ''/home/${user}/'';
+        description = ''
+          The directory holding configuration, incoming and temporary files.
+        '';
+      };
+
+      user = mkOption {
+        default = null;
+        description = ''
+          The user the AMule daemon should run as.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = mkIf (cfg.user == null) [
+      { name = "amule";
+        description = "AMule daemon";
+        group = "amule";
+        uid = config.ids.uids.amule;
+      } ];
+
+    users.extraGroups = mkIf (cfg.user == null) [
+      { name = "amule";
+        gid = config.ids.gids.amule;
+      } ];
+
+    jobs.amuled =
+      { description = "AMule daemon";
+
+        startOn = "ip-up";
+
+        preStart = ''
+            mkdir -p ${cfg.dataDir}
+            chown ${user} ${cfg.dataDir}
+        '';
+
+        exec = ''
+            ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
+                -c 'HOME="${cfg.dataDir}" ${pkgs.amuleDaemon}/bin/amuled'
+        '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/avahi-daemon.nix b/nixos/modules/services/networking/avahi-daemon.nix
new file mode 100644
index 000000000000..effd1a62bd91
--- /dev/null
+++ b/nixos/modules/services/networking/avahi-daemon.nix
@@ -0,0 +1,144 @@
+# Avahi daemon.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.avahi;
+
+  inherit (pkgs) avahi;
+
+  avahiDaemonConf = with cfg; pkgs.writeText "avahi-daemon.conf" ''
+    [server]
+    ${# Users can set `networking.hostName' to the empty string, when getting
+      # a host name from DHCP.  In that case, let Avahi take whatever the
+      # current host name is; setting `host-name' to the empty string in
+      # `avahi-daemon.conf' would be invalid.
+      if hostName != ""
+      then "host-name=${hostName}"
+      else ""}
+    browse-domains=${concatStringsSep ", " browseDomains}
+    use-ipv4=${if ipv4 then "yes" else "no"}
+    use-ipv6=${if ipv6 then "yes" else "no"}
+
+    [wide-area]
+    enable-wide-area=${if wideArea then "yes" else "no"}
+
+    [publish]
+    disable-publishing=${if publishing then "no" else "yes"}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.avahi = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the Avahi daemon, which allows Avahi clients
+          to use Avahi's service discovery facilities and also allows
+          the local machine to advertise its presence and services
+          (through the mDNS responder implemented by `avahi-daemon').
+        '';
+      };
+
+      hostName = mkOption {
+        type = types.str;
+        description = ''Host name advertised on the LAN.'';
+      };
+
+      browseDomains = mkOption {
+        default = [ "0pointer.de" "zeroconf.org" ];
+        description = ''
+          List of non-local DNS domains to be browsed.
+        '';
+      };
+
+      ipv4 = mkOption {
+        default = true;
+        description = ''Whether to use IPv4'';
+      };
+
+      ipv6 = mkOption {
+        default = false;
+        description = ''Whether to use IPv6'';
+      };
+
+      wideArea = mkOption {
+        default = true;
+        description = ''Whether to enable wide-area service discovery.'';
+      };
+
+      publishing = mkOption {
+        default = true;
+        description = ''Whether to allow publishing.'';
+      };
+
+      nssmdns = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the mDNS NSS (Name Service Switch) plug-in.
+          Enabling it allows applications to resolve names in the `.local'
+          domain by transparently querying the Avahi daemon.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.avahi.hostName = mkDefault config.networking.hostName;
+
+    users.extraUsers = singleton
+      { name = "avahi";
+        uid = config.ids.uids.avahi;
+        description = "`avahi-daemon' privilege separation user";
+        home = "/var/empty";
+      };
+
+    users.extraGroups = singleton
+      { name = "avahi";
+        gid = config.ids.gids.avahi;
+      };
+
+    system.nssModules = optional cfg.nssmdns pkgs.nssmdns;
+
+    environment.systemPackages = [ avahi ];
+
+    jobs.avahi_daemon =
+      { name = "avahi-daemon";
+
+        startOn = "ip-up";
+
+        script =
+          ''
+            export PATH="${avahi}/bin:${avahi}/sbin:$PATH"
+
+            # Make NSS modules visible so that `avahi_nss_support ()' can
+            # return a sensible value.
+            export LD_LIBRARY_PATH="${config.system.nssModules.path}"
+
+            mkdir -p /var/run/avahi-daemon
+
+            exec ${avahi}/sbin/avahi-daemon --syslog -f "${avahiDaemonConf}"
+          '';
+      };
+
+    services.dbus.enable = true;
+    services.dbus.packages = [avahi];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/bind.nix b/nixos/modules/services/networking/bind.nix
new file mode 100644
index 000000000000..765dc014dcb7
--- /dev/null
+++ b/nixos/modules/services/networking/bind.nix
@@ -0,0 +1,152 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.bind;
+
+  bindUser = "named";
+
+  confFile = pkgs.writeText "named.conf"
+    ''
+      acl cachenetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.cacheNetworks} };
+      acl badnetworks { ${concatMapStrings (entry: " ${entry}; ") cfg.blockedNetworks} };
+
+      options {
+        listen-on {any;};
+        listen-on-v6 {any;};
+        allow-query { cachenetworks; };
+        blackhole { badnetworks; };
+        forward first;
+        forwarders { ${concatMapStrings (entry: " ${entry}; ") cfg.forwarders} };
+        directory "/var/run/named";
+        pid-file "/var/run/named/named.pid";
+      };
+
+      ${ concatMapStrings
+          ({ name, file, master ? true, slaves ? [], masters ? [] }:
+            ''
+              zone "${name}" {
+                type ${if master then "master" else "slave"};
+                file "${file}";
+                ${ if master then
+                   ''
+                     allow-transfer {
+                       ${concatMapStrings (ip: "${ip};\n") slaves}
+                     };
+                   ''
+                   else
+                   ''
+                     masters {
+                       ${concatMapStrings (ip: "${ip};\n") masters}
+                     };
+                   ''
+                }
+                allow-query { any; };
+              };
+            '')
+          cfg.zones }
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.bind = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable BIND domain name server.
+        ";
+      };
+
+      cacheNetworks = mkOption {
+        default = ["127.0.0.0/24"];
+        description = "
+          What networks are allowed to use us as a resolver.
+        ";
+      };
+
+      blockedNetworks = mkOption {
+        default = [];
+        description = "
+          What networks are just blocked.
+        ";
+      };
+
+      ipv4Only = mkOption {
+        default = false;
+        description = "
+          Only use ipv4, even if the host supports ipv6.
+        ";
+      };
+
+      forwarders = mkOption {
+        default = config.networking.nameservers;
+        description = "
+          List of servers we should forward requests to.
+        ";
+      };
+
+      zones = mkOption {
+        default = [];
+        description = "
+          List of zones we claim authority over.
+            master=false means slave server; slaves means addresses
+           who may request zone transfer.
+        ";
+        example = [{
+          name = "example.com";
+          master = false;
+          file = "/var/dns/example.com";
+          masters = ["192.168.0.1"];
+          slaves = [];
+        }];
+      };
+
+      configFile = mkOption {
+        default = confFile;
+        description = "
+          Overridable config file to use for named. By default, that
+          generated by nixos.
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.bind.enable {
+
+    users.extraUsers = singleton
+      { name = bindUser;
+        uid = config.ids.uids.bind;
+        description = "BIND daemon user";
+      };
+
+    jobs.bind =
+      { description = "BIND name server job";
+
+        startOn = "started network-interfaces";
+
+        preStart =
+          ''
+            ${pkgs.coreutils}/bin/mkdir -p /var/run/named
+            chown ${bindUser} /var/run/named
+          '';
+
+        exec = "${pkgs.bind}/sbin/named -u ${bindUser} ${optionalString cfg.ipv4Only "-4"} -c ${cfg.configFile} -f";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/bitlbee.nix b/nixos/modules/services/networking/bitlbee.nix
new file mode 100644
index 000000000000..fe37e8ea0120
--- /dev/null
+++ b/nixos/modules/services/networking/bitlbee.nix
@@ -0,0 +1,123 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.bitlbee;
+  bitlbeeUid = config.ids.uids.bitlbee;
+
+  authModeCheck = v:
+    v == "Open" ||
+    v == "Closed" ||
+    v == "Registered";
+
+  bitlbeeConfig = pkgs.writeText "bitlbee.conf"
+    ''
+    [settings]
+    RunMode = Daemon
+    User = bitlbee  
+    ConfigDir = /var/lib/bitlbee      
+    DaemonInterface = ${cfg.interface}
+    DaemonPort = ${toString cfg.portNumber}
+    AuthMode = ${cfg.authMode}
+    ${cfg.extraSettings}
+
+    [defaults]
+    ${cfg.extraDefaults}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.bitlbee = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the BitlBee IRC to other chat network gateway.
+          Running it allows you to access the MSN, Jabber, Yahoo! and ICQ chat
+          networks via an IRC client.
+        '';
+      };
+
+      interface = mkOption {
+        default = "127.0.0.1";
+        description = ''
+          The interface the BitlBee deamon will be listening to.  If `127.0.0.1',
+          only clients on the local host can connect to it; if `0.0.0.0', clients
+          can access it from any network interface.
+        '';
+      };
+
+      portNumber = mkOption {
+        default = 6667;
+        description = ''
+          Number of the port BitlBee will be listening to.
+        '';
+      };
+
+      authMode = mkOption {
+        default = "Open";
+        type = types.addCheck types.str authModeCheck;
+        description = ''
+          The following authentication modes are available:
+            Open -- Accept connections from anyone, use NickServ for user authentication.
+            Closed -- Require authorization (using the PASS command during login) before allowing the user to connect at all.
+            Registered -- Only allow registered users to use this server; this disables the register- and the account command until the user identifies himself.
+        ''; 
+      };
+
+      extraSettings = mkOption {
+        default = "";
+        description = ''
+          Will be inserted in the Settings section of the config file.
+        ''; 
+      };
+
+      extraDefaults = mkOption {
+        default = "";
+        description = ''
+          Will be inserted in the Default section of the config file.
+        ''; 
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf config.services.bitlbee.enable {
+
+    users.extraUsers = singleton
+      { name = "bitlbee";
+        uid = bitlbeeUid;
+        description = "BitlBee user";
+        home = "/var/lib/bitlbee";
+        createHome = true;
+      };
+
+    users.extraGroups = singleton
+      { name = "bitlbee";
+        gid = config.ids.gids.bitlbee;
+      };
+
+    systemd.services.bitlbee = 
+      { description = "BitlBee IRC to other chat networks gateway";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig.User = "bitlbee";
+        serviceConfig.ExecStart = "${pkgs.bitlbee}/sbin/bitlbee -F -n -c ${bitlbeeConfig}";
+      };
+
+    environment.systemPackages = [ pkgs.bitlbee ];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/chrony.nix b/nixos/modules/services/networking/chrony.nix
new file mode 100644
index 000000000000..5e9818858e0c
--- /dev/null
+++ b/nixos/modules/services/networking/chrony.nix
@@ -0,0 +1,118 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) chrony;
+
+  stateDir = "/var/lib/chrony";
+
+  chronyUser = "chrony";
+
+  cfg = config.services.chrony;
+
+  configFile = pkgs.writeText "chrony.conf" ''
+    ${toString (map (server: "server " + server + "\n") cfg.servers)}
+
+    ${optionalString cfg.initstepslew.enabled ''
+      initstepslew ${toString cfg.initstepslew.threshold} ${toString (map (server: server + " ") cfg.initstepslew.servers)}
+    ''}
+
+    driftfile ${stateDir}/chrony.drift
+
+    ${optionalString (!config.time.hardwareClockInLocalTime) "rtconutc"}
+
+    ${cfg.extraConfig}
+  '';
+
+  chronyFlags = "-m -f ${configFile} -u ${chronyUser}";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.chrony = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to synchronise your machine's time using chrony.
+          Make sure you disable NTP if you enable this service.
+        '';
+      };
+
+      servers = mkOption {
+        default = [
+          "0.pool.ntp.org"
+          "1.pool.ntp.org"
+          "2.pool.ntp.org"
+        ];
+        description = ''
+          The set of NTP servers from which to synchronise.
+        '';
+      };
+
+      initstepslew = mkOption {
+        default = {
+          enabled = true;
+          threshold = 1000; # by default, same threshold as 'ntpd -g' (1000s)
+          servers = cfg.servers;
+        };
+        description = ''
+          Allow chronyd to make a rapid measurement of the system clock error at
+          boot time, and to correct the system clock by stepping before normal
+          operation begins.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = ''
+          Extra configuration directives that should be added to
+          <literal>chrony.conf</literal>
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.chrony.enable {
+
+    # Make chronyc available in the system path
+    environment.systemPackages = [ pkgs.chrony ];
+
+    users.extraUsers = singleton
+      { name = chronyUser;
+        uid = config.ids.uids.chrony;
+        description = "chrony daemon user";
+        home = stateDir;
+      };
+
+    jobs.chronyd =
+      { description = "chrony daemon";
+
+        wantedBy = [ "ip-up.target" ];
+        partOf = [ "ip-up.target" ];
+
+        path = [ chrony ];
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${chronyUser} ${stateDir}
+          '';
+
+        exec = "chronyd -n ${chronyFlags}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/cntlm.nix b/nixos/modules/services/networking/cntlm.nix
new file mode 100644
index 000000000000..96396878afc9
--- /dev/null
+++ b/nixos/modules/services/networking/cntlm.nix
@@ -0,0 +1,115 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.cntlm;
+  uid = config.ids.uids.cntlm;
+
+in
+
+{
+
+  options = {
+
+    services.cntlm = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the cntlm, which start a local proxy.
+        '';
+      };
+
+      username = mkOption {
+        description = ''
+          Proxy account name, without the possibility to include domain name ('at' sign is interpreted literally).
+        '';
+      };
+
+      domain = mkOption {
+        description = ''Proxy account domain/workgroup name.'';
+      };
+
+      password = mkOption {
+        default = "/etc/cntlm.password";
+        type = with pkgs.lib.types; string;
+        description = ''Proxy account password. Note: use chmod 0600 on /etc/cntlm.password for security.'';
+      };
+
+      netbios_hostname = mkOption {
+        type = types.str;
+        description = ''
+          The hostname of your machine.
+        '';
+      };
+
+      proxy = mkOption {
+        description = ''
+          A list of NTLM/NTLMv2 authenticating HTTP proxies.
+
+          Parent proxy, which requires authentication. The same as proxy on the command-line, can be used more than  once  to  specify  unlimited
+          number  of  proxies.  Should  one proxy fail, cntlm automatically moves on to the next one. The connect request fails only if the whole
+          list of proxies is scanned and (for each request) and found to be invalid. Command-line takes precedence over the configuration file.
+        '';
+      };
+
+      port = mkOption {
+        default = [3128];
+        description = "Specifies on which ports the cntlm daemon listens.";
+      };
+
+     extraConfig = mkOption {
+        default = "";
+        description = "Verbatim contents of <filename>cntlm.conf</filename>.";
+     };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.cntlm.enable {
+
+    services.cntlm.netbios_hostname = mkDefault config.networking.hostName;
+  
+    users.extraUsers = singleton { 
+      name = "cntlm";
+      description = "cntlm system-wide daemon";
+      home = "/var/empty";
+    };
+
+    jobs.cntlm =
+      { description = "CNTLM is an NTLM / NTLM Session Response / NTLMv2 authenticating HTTP proxy";
+      
+        startOn = "started network-interfaces";
+
+        daemonType = "fork";
+
+        exec =
+          ''
+            ${pkgs.cntlm}/bin/cntlm -U cntlm \
+            -c ${pkgs.writeText "cntlm_config" cfg.extraConfig}
+          '';
+      };
+
+    services.cntlm.extraConfig =
+      ''
+        # Cntlm Authentication Proxy Configuration
+        Username        ${cfg.username}
+        Domain          ${cfg.domain}
+        Password        ${cfg.password}
+        Workstation     ${cfg.netbios_hostname}
+        ${concatMapStrings (entry: "Proxy ${entry}\n") cfg.proxy}
+    
+        ${concatMapStrings (port: ''
+          Listen ${toString port}
+        '') cfg.port}
+      '';
+      
+  };
+  
+}
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix
new file mode 100644
index 000000000000..62709a040a1f
--- /dev/null
+++ b/nixos/modules/services/networking/ddclient.nix
@@ -0,0 +1,127 @@
+{ config, pkgs, ... }:
+
+let
+
+  inherit (pkgs.lib) mkOption mkIf singleton;
+
+  inherit (pkgs) ddclient;
+
+  stateDir = "/var/spool/ddclient";
+
+  ddclientUser = "ddclient";
+
+  ddclientFlags = "-foreground -file ${ddclientCfg}";
+
+  ddclientCfg = pkgs.writeText "ddclient.conf" ''
+    daemon=600
+    cache=${stateDir}/ddclient.cache
+    pid=${stateDir}/ddclient.pid
+    use=${config.services.ddclient.web}
+    login=${config.services.ddclient.username}
+    password=${config.services.ddclient.password}
+    protocol=${config.services.ddclient.protocol}
+    server=${config.services.ddclient.server}
+    wildcard=YES
+    ${config.services.ddclient.domain}
+    ${config.services.ddclient.extraConfig}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.ddclient = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
+        '';
+      };
+
+      domain = mkOption {
+        default = "";
+        description = ''
+          Domain name to synchronize.
+        '';
+      };
+
+      username = mkOption {
+        default = "";
+        description = ''
+          Username.
+        '';
+      };
+
+      password = mkOption {
+        default = "" ;
+        description = ''
+          Password.
+        '';
+      };
+
+      protocol = mkOption {
+        default = "dyndns2" ;
+        description = ''
+          Protocol to use with dynamic DNS provider. (see also, http://sourceforge.net/apps/trac/ddclient/wiki/Protocols)
+        '';
+      };
+
+      server = mkOption {
+        default = "members.dyndns.org" ;
+        description = ''
+          Server
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "" ;
+        description = ''
+          Extra configuration. Contents will be added verbatim to the configuration file.
+        '';
+      };
+
+      web = mkOption {
+        default = "web, web=checkip.dyndns.com/, web-skip='IP Address'" ;
+        description = "";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.ddclient.enable {
+  
+    environment.systemPackages = [ ddclient ];
+
+    users.extraUsers = singleton
+      { name = ddclientUser;
+        uid = config.ids.uids.ddclient;
+        description = "ddclient daemon user";
+        home = stateDir;
+      };
+
+    jobs.ddclient =
+      { name = "ddclient";
+
+        startOn = "startup";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${ddclientUser} ${stateDir}
+          '';
+
+        exec = "${ddclient}/bin/ddclient ${ddclientFlags}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/dhcpcd.nix b/nixos/modules/services/networking/dhcpcd.nix
new file mode 100644
index 000000000000..07b5606eacaa
--- /dev/null
+++ b/nixos/modules/services/networking/dhcpcd.nix
@@ -0,0 +1,143 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) dhcpcd;
+
+  # Don't start dhcpcd on explicitly configured interfaces or on
+  # interfaces that are part of a bridge.
+  ignoredInterfaces =
+    map (i: i.name) (filter (i: i.ipAddress != null) (attrValues config.networking.interfaces))
+    ++ concatLists (attrValues (mapAttrs (n: v: v.interfaces) config.networking.bridges))
+    ++ config.networking.dhcpcd.denyInterfaces;
+
+  # Config file adapted from the one that ships with dhcpcd.
+  dhcpcdConf = pkgs.writeText "dhcpcd.conf"
+    ''
+      # Inform the DHCP server of our hostname for DDNS.
+      hostname
+
+      # A list of options to request from the DHCP server.
+      option domain_name_servers, domain_name, domain_search, host_name
+      option classless_static_routes, ntp_servers, interface_mtu
+
+      # A ServerID is required by RFC2131.
+      # Commented out because of many non-compliant DHCP servers in the wild :(
+      #require dhcp_server_identifier
+
+      # A hook script is provided to lookup the hostname if not set by
+      # the DHCP server, but it should not be run by default.
+      nohook lookup-hostname
+
+      # Ignore peth* devices; on Xen, they're renamed physical
+      # Ethernet cards used for bridging.  Likewise for vif* and tap*
+      # (Xen) and virbr* and vnet* (libvirt).
+      denyinterfaces ${toString ignoredInterfaces} peth* vif* tap* tun* virbr* vnet* vboxnet*
+
+      ${config.networking.dhcpcd.extraConfig}
+    '';
+
+  # Hook for emitting ip-up/ip-down events.
+  exitHook = pkgs.writeText "dhcpcd.exit-hook"
+    ''
+      #exec >> /var/log/dhcpcd 2>&1
+      #set -x
+
+      params="IFACE=$interface REASON=$reason"
+
+      # only works when interface is wireless and wpa_supplicant has a control socket
+      # but we allow it to fail silently
+      ${optionalString config.networking.wireless.enable ''
+        params+=" $(${pkgs.wpa_supplicant}/sbin/wpa_cli -i$interface status 2>/dev/null | grep ssid | sed 's|^b|B|;s|ssid|SSID|' | xargs)"
+      ''}
+
+      if [ "$reason" = BOUND -o "$reason" = REBOOT ]; then
+          # Restart ntpd.  We need to restart it to make sure that it
+          # will actually do something: if ntpd cannot resolve the
+          # server hostnames in its config file, then it will never do
+          # anything ever again ("couldn't resolve ..., giving up on
+          # it"), so we silently lose time synchronisation.
+          ${config.systemd.package}/bin/systemctl try-restart ntpd.service
+
+          ${config.systemd.package}/bin/systemctl start ip-up.target
+      fi
+
+      #if [ "$reason" = EXPIRE -o "$reason" = RELEASE -o "$reason" = NOCARRIER ] ; then
+      #    ${config.systemd.package}/bin/systemctl start ip-down.target
+      #fi
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.dhcpcd.denyInterfaces = mkOption {
+      default = [];
+      description = ''
+         Disable the DHCP client for any interface whose name matches
+         any of the shell glob patterns in this list. The purpose of
+         this option is to blacklist virtual interfaces such as those
+         created by Xen, libvirt, LXC, etc.
+      '';
+    };
+
+    networking.dhcpcd.extraConfig = mkOption {
+      default = "";
+      description = ''
+         Literal string to append to the config file generated for dhcpcd.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.networking.useDHCP {
+
+    systemd.services.dhcpcd =
+      { description = "DHCP Client";
+
+        wantedBy = [ "network.target" ];
+        after = [ "systemd-udev-settle.service" ];
+
+        # Stopping dhcpcd during a reconfiguration is undesirable
+        # because it brings down the network interfaces configured by
+        # dhcpcd.  So do a "systemctl restart" instead.
+        stopIfChanged = false;
+
+        path = [ dhcpcd pkgs.nettools pkgs.openresolv ];
+
+        serviceConfig =
+          { Type = "forking";
+            PIDFile = "/run/dhcpcd.pid";
+            ExecStart = "@${dhcpcd}/sbin/dhcpcd dhcpcd --config ${dhcpcdConf}";
+            ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind";
+            StandardError = "null";
+            Restart = "always";
+          };
+      };
+
+    environment.systemPackages = [ dhcpcd ];
+
+    environment.etc =
+      [ { source = exitHook;
+          target = "dhcpcd.exit-hook";
+        }
+      ];
+
+    powerManagement.resumeCommands =
+      ''
+        # Tell dhcpcd to rebind its interfaces if it's running.
+        ${config.systemd.package}/bin/systemctl reload dhcpcd.service
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/dhcpd.nix b/nixos/modules/services/networking/dhcpd.nix
new file mode 100644
index 000000000000..5b2058e4e129
--- /dev/null
+++ b/nixos/modules/services/networking/dhcpd.nix
@@ -0,0 +1,131 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.dhcpd;
+
+  stateDir = "/var/lib/dhcp"; # Don't use /var/state/dhcp; not FHS-compliant.
+
+  configFile = if cfg.configFile != null then cfg.configFile else pkgs.writeText "dhcpd.conf"
+    ''
+      default-lease-time 600;
+      max-lease-time 7200;
+      authoritative;
+      ddns-update-style ad-hoc;
+      log-facility local1; # see dhcpd.nix
+
+      ${cfg.extraConfig}
+
+      ${pkgs.lib.concatMapStrings
+          (machine: ''
+            host ${machine.hostName} {
+              hardware ethernet ${machine.ethernetAddress};
+              fixed-address ${machine.ipAddress};
+            }
+          '')
+          cfg.machines
+      }
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.dhcpd = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the DHCP server.
+        ";
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        example = ''
+          option subnet-mask 255.255.255.0;
+          option broadcast-address 192.168.1.255;
+          option routers 192.168.1.5;
+          option domain-name-servers 130.161.158.4, 130.161.33.17, 130.161.180.1;
+          option domain-name "example.org";
+          subnet 192.168.1.0 netmask 255.255.255.0 {
+            range 192.168.1.100 192.168.1.200;
+          }
+        '';
+        description = "
+          Extra text to be appended to the DHCP server configuration
+          file.  Currently, you almost certainly need to specify
+          something here, such as the options specifying the subnet
+          mask, DNS servers, etc.
+        ";
+      };
+
+      configFile = mkOption {
+        default = null;
+        description = "
+          The path of the DHCP server configuration file.  If no file
+          is specified, a file is generated using the other options.
+        ";
+      };
+
+      interfaces = mkOption {
+        default = ["eth0"];
+        description = "
+          The interfaces on which the DHCP server should listen.
+        ";
+      };
+
+      machines = mkOption {
+        default = [];
+        example = [
+          { hostName = "foo";
+            ethernetAddress = "00:16:76:9a:32:1d";
+            ipAddress = "192.168.1.10";
+          }
+          { hostName = "bar";
+            ethernetAddress = "00:19:d1:1d:c4:9a";
+            ipAddress = "192.168.1.11";
+          }
+        ];
+        description = "
+          A list mapping ethernet addresses to IP addresses for the
+          DHCP server.
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.dhcpd.enable {
+
+    jobs.dhcpd =
+      { description = "DHCP server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        script =
+          ''
+            mkdir -m 755 -p ${stateDir}
+
+            touch ${stateDir}/dhcpd.leases
+
+            exec ${pkgs.dhcp}/sbin/dhcpd -f -cf ${configFile} \
+                -lf ${stateDir}/dhcpd.leases \
+                ${toString cfg.interfaces}
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/dnsmasq.nix b/nixos/modules/services/networking/dnsmasq.nix
new file mode 100644
index 000000000000..b726493d421f
--- /dev/null
+++ b/nixos/modules/services/networking/dnsmasq.nix
@@ -0,0 +1,70 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.dnsmasq;
+  dnsmasq = pkgs.dnsmasq;
+
+  serversParam = concatMapStrings (s: "-S ${s} ") cfg.servers;
+
+  dnsmasqConf = pkgs.writeText "dnsmasq.conf" ''
+    ${cfg.extraConfig}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.dnsmasq = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run dnsmasq.
+        '';
+      };
+
+      servers = mkOption {
+        default = [];
+        example = [ "8.8.8.8" "8.8.4.4" ];
+        description = ''
+          The parameter to dnsmasq -S.
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.string;
+        default = "";
+        description = ''
+          Extra configuration directives that should be added to
+          <literal>dnsmasq.conf</literal>
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.dnsmasq.enable {
+
+    jobs.dnsmasq =
+      { description = "dnsmasq daemon";
+
+        startOn = "ip-up";
+
+        daemonType = "daemon";
+
+        exec = "${dnsmasq}/bin/dnsmasq -R ${serversParam} -o -C ${dnsmasqConf}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix
new file mode 100644
index 000000000000..75950f55a279
--- /dev/null
+++ b/nixos/modules/services/networking/ejabberd.nix
@@ -0,0 +1,137 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.ejabberd;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.ejabberd = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable ejabberd server";
+      };
+
+      spoolDir = mkOption {
+        default = "/var/lib/ejabberd";
+        description = "Location of the spooldir of ejabberd";
+      };
+
+      logsDir = mkOption {
+        default = "/var/log/ejabberd";
+        description = "Location of the logfile directory of ejabberd";
+      };
+
+      confDir = mkOption {
+        default = "/var/ejabberd";
+        description = "Location of the config directory of ejabberd";
+      };
+
+      virtualHosts = mkOption {
+        default = "\"localhost\"";
+        description = "Virtualhosts that ejabberd should host. Hostnames are surrounded with doublequotes and separated by commas";
+      };
+
+      loadDumps = mkOption {
+        default = [];
+        description = "Configuration dump that should be loaded on the first startup";
+        example = literalExample "[ ./myejabberd.dump ]";
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.ejabberd ];
+
+    jobs.ejabberd =
+      { description = "EJabberd server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        environment = {
+          PATH = "$PATH:${pkgs.ejabberd}/sbin:${pkgs.ejabberd}/bin:${pkgs.coreutils}/bin:${pkgs.bash}/bin:${pkgs.gnused}/bin";
+        };
+
+        preStart =
+          ''
+            # Initialise state data
+            mkdir -p ${cfg.logsDir}
+
+            if ! test -d ${cfg.spoolDir}
+            then
+                initialize=1
+                cp -av ${pkgs.ejabberd}/var/lib/ejabberd /var/lib
+            fi
+
+            if ! test -d ${cfg.confDir}
+            then
+                mkdir -p ${cfg.confDir}
+                cp ${pkgs.ejabberd}/etc/ejabberd/* ${cfg.confDir}
+                sed -e 's|{hosts, \["localhost"\]}.|{hosts, \[${cfg.virtualHosts}\]}.|' ${pkgs.ejabberd}/etc/ejabberd/ejabberd.cfg > ${cfg.confDir}/ejabberd.cfg
+            fi
+
+            ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} start
+
+            ${if cfg.loadDumps == [] then "" else
+              ''
+                if [ "$initialize" = "1" ]
+                then
+                    # Wait until the ejabberd server is available for use
+                    count=0
+                    while ! ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} status
+                    do
+                        if [ $count -eq 30 ]
+                        then
+                            echo "Tried 30 times, giving up..."
+                            exit 1
+                        fi
+
+                        echo "Ejabberd daemon not yet started. Waiting for 1 second..."
+                        count=$((count++))
+                        sleep 1
+                    done
+
+                    ${concatMapStrings (dump:
+                      ''
+                        echo "Importing dump: ${dump}"
+
+                        if [ -f ${dump} ]
+                        then
+                            ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load ${dump}
+                        elif [ -d ${dump} ]
+                        then
+                            for i in ${dump}/ejabberd-dump/*
+                            do
+                                ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} load $i
+                            done
+                        fi
+                      '') cfg.loadDumps}
+                fi
+              ''}
+          '';
+
+        postStop =
+          ''
+            ejabberdctl --config-dir ${cfg.confDir} --logs ${cfg.logsDir} --spool ${cfg.spoolDir} stop
+          '';
+      };
+
+    security.pam.services.ejabberd = {};
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/firewall.nix b/nixos/modules/services/networking/firewall.nix
new file mode 100644
index 000000000000..3c0c51e6ec8a
--- /dev/null
+++ b/nixos/modules/services/networking/firewall.nix
@@ -0,0 +1,371 @@
+/* This module enables a simple firewall.
+
+   The firewall can be customised in arbitrary ways by setting
+   ‘networking.firewall.extraCommands’.  For modularity, the firewall
+   uses several chains:
+
+   - ‘nixos-fw-input’ is the main chain for input packet processing.
+
+   - ‘nixos-fw-log-refuse’ and ‘nixos-fw-refuse’ are called for
+     refused packets.  (The former jumps to the latter after logging
+     the packet.)  If you want additional logging, or want to accept
+     certain packets anyway, you can insert rules at the start of
+     these chain.
+
+   - ‘nixos-fw-accept’ is called for accepted packets.  If you want
+     additional logging, or want to reject certain packets anyway, you
+     can insert rules at the start of this chain.
+
+*/
+
+
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking.firewall;
+
+  helpers =
+    ''
+      # Helper command to manipulate both the IPv4 and IPv6 tables.
+      ip46tables() {
+        iptables "$@"
+        ${optionalString config.networking.enableIPv6 ''
+          ip6tables "$@"
+        ''}
+      }
+    '';
+
+  kernelPackages = config.boot.kernelPackages;
+
+  kernelHasRPFilter = kernelPackages.kernel.features.netfilterRPFilter or false;
+  kernelCanDisableHelpers = kernelPackages.kernel.features.canDisableNetfilterConntrackHelpers or false;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.firewall.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        ''
+          Whether to enable the firewall.  This is a simple stateful
+          firewall that blocks connection attempts to unauthorised TCP
+          or UDP ports on this machine.  It does not affect packet
+          forwarding.
+        '';
+    };
+
+    networking.firewall.logRefusedConnections = mkOption {
+      type = types.bool;
+      default = true;
+      description =
+        ''
+          Whether to log rejected or dropped incoming connections.
+        '';
+    };
+
+    networking.firewall.logRefusedPackets = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        ''
+          Whether to log all rejected or dropped incoming packets.
+          This tends to give a lot of log messages, so it's mostly
+          useful for debugging.
+        '';
+    };
+
+    networking.firewall.logRefusedUnicastsOnly = mkOption {
+      type = types.bool;
+      default = true;
+      description =
+        ''
+          If <option>networking.firewall.logRefusedPackets</option>
+          and this option are enabled, then only log packets
+          specifically directed at this machine, i.e., not broadcasts
+          or multicasts.
+        '';
+    };
+
+    networking.firewall.rejectPackets = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        ''
+          If set, forbidden packets are rejected rather than dropped
+          (ignored).  This means that an ICMP "port unreachable" error
+          message is sent back to the client.  Rejecting packets makes
+          port scanning somewhat easier.
+        '';
+    };
+
+    networking.firewall.trustedInterfaces = mkOption {
+      type = types.listOf types.string;
+      description =
+        ''
+          Traffic coming in from these interfaces will be accepted
+          unconditionally.
+        '';
+    };
+
+    networking.firewall.allowedTCPPorts = mkOption {
+      default = [];
+      example = [ 22 80 ];
+      type = types.listOf types.int;
+      description =
+        ''
+          List of TCP ports on which incoming connections are
+          accepted.
+        '';
+    };
+
+    networking.firewall.allowedUDPPorts = mkOption {
+      default = [];
+      example = [ 53 ];
+      type = types.listOf types.int;
+      description =
+        ''
+          List of open UDP ports.
+        '';
+    };
+
+    networking.firewall.allowPing = mkOption {
+      default = false;
+      type = types.bool;
+      description =
+        ''
+          Whether to respond to incoming ICMPv4 echo requests
+          ("pings").  ICMPv6 pings are always allowed because the
+          larger address space of IPv6 makes network scanning much
+          less effective.
+        '';
+    };
+
+    networking.firewall.checkReversePath = mkOption {
+      default = kernelHasRPFilter;
+      type = types.bool;
+      description =
+        ''
+          Performs a reverse path filter test on a packet.
+          If a reply to the packet would not be sent via the same interface
+          that the packet arrived on, it is refused.
+
+          If using asymmetric routing or other complicated routing,
+          disable this setting and setup your own counter-measures.
+
+          (needs kernel 3.3+)
+        '';
+    };
+
+    networking.firewall.connectionTrackingModules = mkOption {
+      default = [ "ftp" ];
+      example = [ "ftp" "irc" "sane" "sip" "tftp" "amanda" "h323" "netbios_sn" "pptp" "snmp" ];
+      type = types.listOf types.string;
+      description =
+        ''
+          List of connection-tracking helpers that are auto-loaded.
+          The complete list of possible values is given in the example.
+
+          As helpers can pose as a security risk, it is advised to
+          set this to an empty list and disable the setting
+          networking.firewall.autoLoadConntrackHelpers
+
+          Loading of helpers is recommended to be done through the new
+          CT target. More info:
+          https://home.regit.org/netfilter-en/secure-use-of-helpers/
+        '';
+    };
+
+    networking.firewall.autoLoadConntrackHelpers = mkOption {
+      default = true;
+      type = types.bool;
+      description =
+        ''
+          Whether to auto-load connection-tracking helpers.
+          See the description at networking.firewall.connectionTrackingModules
+
+          (needs kernel 3.5+)
+        '';
+    };
+
+    networking.firewall.extraCommands = mkOption {
+      type = types.lines;
+      default = "";
+      example = "iptables -A INPUT -p icmp -j ACCEPT";
+      description =
+        ''
+          Additional shell commands executed as part of the firewall
+          initialisation script.  These are executed just before the
+          final "reject" firewall rule is added, so they can be used
+          to allow packets that would otherwise be refused.
+        '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  # FIXME: Maybe if `enable' is false, the firewall should still be
+  # built but not started by default?
+  config = mkIf cfg.enable {
+
+    networking.firewall.trustedInterfaces = [ "lo" ];
+
+    environment.systemPackages = [ pkgs.iptables ];
+
+    boot.kernelModules = map (x: "nf_conntrack_${x}") cfg.connectionTrackingModules;
+    boot.extraModprobeConfig = optionalString (!cfg.autoLoadConntrackHelpers) ''
+      options nf_conntrack nf_conntrack_helper=0
+    '';
+
+    assertions = [ { assertion = ! cfg.checkReversePath || kernelHasRPFilter;
+                     message = "This kernel does not support rpfilter"; }
+                   { assertion = cfg.autoLoadConntrackHelpers || kernelCanDisableHelpers;
+                     message = "This kernel does not support disabling conntrack helpers"; }
+                 ];
+
+    jobs.firewall =
+      { description = "Firewall";
+
+        startOn = "started network-interfaces";
+
+        path = [ pkgs.iptables ];
+
+        preStart =
+          ''
+            ${helpers}
+
+            # Flush the old firewall rules.  !!! Ideally, updating the
+            # firewall would be atomic.  Apparently that's possible
+            # with iptables-restore.
+            ip46tables -D INPUT -j nixos-fw 2> /dev/null || true
+            for chain in nixos-fw nixos-fw-accept nixos-fw-log-refuse nixos-fw-refuse FW_REFUSE; do
+              ip46tables -F "$chain" 2> /dev/null || true
+              ip46tables -X "$chain" 2> /dev/null || true
+            done
+
+
+            # The "nixos-fw-accept" chain just accepts packets.
+            ip46tables -N nixos-fw-accept
+            ip46tables -A nixos-fw-accept -j ACCEPT
+
+
+            # The "nixos-fw-refuse" chain rejects or drops packets.
+            ip46tables -N nixos-fw-refuse
+
+            ${if cfg.rejectPackets then ''
+              # Send a reset for existing TCP connections that we've
+              # somehow forgotten about.  Send ICMP "port unreachable"
+              # for everything else.
+              ip46tables -A nixos-fw-refuse -p tcp ! --syn -j REJECT --reject-with tcp-reset
+              ip46tables -A nixos-fw-refuse -j REJECT
+            '' else ''
+              ip46tables -A nixos-fw-refuse -j DROP
+            ''}
+
+
+            # The "nixos-fw-log-refuse" chain performs logging, then
+            # jumps to the "nixos-fw-refuse" chain.
+            ip46tables -N nixos-fw-log-refuse
+
+            ${optionalString cfg.logRefusedConnections ''
+              ip46tables -A nixos-fw-log-refuse -p tcp --syn -j LOG --log-level info --log-prefix "rejected connection: "
+            ''}
+            ${optionalString (cfg.logRefusedPackets && !cfg.logRefusedUnicastsOnly) ''
+              ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type broadcast \
+                -j LOG --log-level info --log-prefix "rejected broadcast: "
+              ip46tables -A nixos-fw-log-refuse -m pkttype --pkt-type multicast \
+                -j LOG --log-level info --log-prefix "rejected multicast: "
+            ''}
+            ip46tables -A nixos-fw-log-refuse -m pkttype ! --pkt-type unicast -j nixos-fw-refuse
+            ${optionalString cfg.logRefusedPackets ''
+              ip46tables -A nixos-fw-log-refuse \
+                -j LOG --log-level info --log-prefix "rejected packet: "
+            ''}
+            ip46tables -A nixos-fw-log-refuse -j nixos-fw-refuse
+
+
+            # The "nixos-fw" chain does the actual work.
+            ip46tables -N nixos-fw
+
+            # Perform a reverse-path test to refuse spoofers
+            # For now, we just drop, as the raw table doesn't have a log-refuse yet
+            ${optionalString (kernelHasRPFilter && cfg.checkReversePath) ''
+              if ! ip46tables -A PREROUTING -t raw -m rpfilter --invert -j DROP; then
+                echo "<2>failed to initialise rpfilter support" >&2
+              fi
+            ''}
+
+            # Accept all traffic on the trusted interfaces.
+            ${flip concatMapStrings cfg.trustedInterfaces (iface: ''
+              ip46tables -A nixos-fw -i ${iface} -j nixos-fw-accept
+            '')}
+
+            # Accept packets from established or related connections.
+            ip46tables -A nixos-fw -m conntrack --ctstate ESTABLISHED,RELATED -j nixos-fw-accept
+
+            # Accept connections to the allowed TCP ports.
+            ${concatMapStrings (port:
+                ''
+                  ip46tables -A nixos-fw -p tcp --dport ${toString port} -j nixos-fw-accept
+                ''
+              ) cfg.allowedTCPPorts
+            }
+
+            # Accept packets on the allowed UDP ports.
+            ${concatMapStrings (port:
+                ''
+                  ip46tables -A nixos-fw -p udp --dport ${toString port} -j nixos-fw-accept
+                ''
+              ) cfg.allowedUDPPorts
+            }
+
+            # Accept IPv4 multicast.  Not a big security risk since
+            # probably nobody is listening anyway.
+            #iptables -A nixos-fw -d 224.0.0.0/4 -j nixos-fw-accept
+
+            # Optionally respond to ICMPv4 pings.
+            ${optionalString cfg.allowPing ''
+              iptables -A nixos-fw -p icmp --icmp-type echo-request -j nixos-fw-accept
+            ''}
+
+            # Accept all ICMPv6 messages except redirects and node
+            # information queries (type 139).  See RFC 4890, section
+            # 4.4.
+            ${optionalString config.networking.enableIPv6 ''
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type redirect -j DROP
+              ip6tables -A nixos-fw -p icmpv6 --icmpv6-type 139 -j DROP
+              ip6tables -A nixos-fw -p icmpv6 -j nixos-fw-accept
+            ''}
+
+            ${cfg.extraCommands}
+
+            # Reject/drop everything else.
+            ip46tables -A nixos-fw -j nixos-fw-log-refuse
+
+
+            # Enable the firewall.
+            ip46tables -A INPUT -j nixos-fw
+          '';
+
+        postStop =
+          ''
+            ${helpers}
+            ip46tables -D INPUT -j nixos-fw || true
+            #ip46tables -P INPUT ACCEPT
+          '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/flashpolicyd.nix b/nixos/modules/services/networking/flashpolicyd.nix
new file mode 100644
index 000000000000..f5bc550ab5f8
--- /dev/null
+++ b/nixos/modules/services/networking/flashpolicyd.nix
@@ -0,0 +1,84 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.flashpolicyd;
+
+  flashpolicyd = pkgs.stdenv.mkDerivation {
+    name = "flashpolicyd-0.6";
+
+    src = pkgs.fetchurl {
+      name = "flashpolicyd_v0.6.zip";
+      url = "http://www.adobe.com/content/dotcom/en/devnet/flashplayer/articles/socket_policy_files/_jcr_content/articlePrerequistes/multiplefiles/node_1277808777771/file.res/flashpolicyd_v0.6%5B1%5D.zip";
+      sha256 = "16zk237233npwfq1m4ksy4g5lzy1z9fp95w7pz0cdlpmv0fv9sm3";
+    };
+
+    buildInputs = [ pkgs.unzip pkgs.perl ];
+
+    installPhase = "mkdir $out; cp -pr * $out/; chmod +x $out/*/*.pl";
+  };
+
+  flashpolicydWrapper = pkgs.writeScriptBin "flashpolicyd"
+    ''
+      #! ${pkgs.stdenv.shell}
+      exec ${flashpolicyd}/Perl_xinetd/in.flashpolicyd.pl \
+        --file=${pkgs.writeText "flashpolixy.xml" cfg.policy} \
+        2> /dev/null
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+  
+    services.flashpolicyd = {
+    
+      enable = mkOption {
+        default = false;
+        description =
+          ''
+            Whether to enable the Flash Policy server.  This is
+            necessary if you want Flash applications to make
+            connections to your server.
+          '';
+      };
+      
+      policy = mkOption {
+        default =
+          ''
+            <?xml version="1.0"?>
+            <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
+            <cross-domain-policy> 
+              <site-control permitted-cross-domain-policies="master-only"/>
+              <allow-access-from domain="*" to-ports="*" />
+            </cross-domain-policy>
+          '';
+        description = "The policy to be served.  The default is to allow connections from any domain to any port.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xinetd.enable = true;
+
+    services.xinetd.services = singleton
+      { name = "flashpolicy";
+        port = 843;
+        unlisted = true;
+        server = "${flashpolicydWrapper}/bin/flashpolicyd";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/freenet.nix b/nixos/modules/services/networking/freenet.nix
new file mode 100644
index 000000000000..a4bd2098986d
--- /dev/null
+++ b/nixos/modules/services/networking/freenet.nix
@@ -0,0 +1,64 @@
+# NixOS module for Freenet daemon
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.freenet;
+  varDir = "/var/lib/freenet";
+
+in
+
+{
+
+  ### configuration
+
+  options = {
+
+    services.freenet = {
+
+      enable = mkOption {
+        type = types.uniq types.bool;
+        default = false;
+        description = "Enable the Freenet daemon";
+      };
+
+      nice = mkOption {
+        type = types.uniq types.int;
+        default = 10;
+        description = "Set the nice level for the Freenet daemon";
+      };
+
+    };
+
+  };
+
+  ### implementation
+
+  config = mkIf cfg.enable {
+
+    systemd.services.freenet = {
+      description = "Freenet daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.freenet}/bin/freenet";
+      serviceConfig.User = "freenet";
+      serviceConfig.UMask = "0007";
+      serviceConfig.WorkingDirectory = varDir;
+      serviceConfig.Nice = cfg.nice;
+    };
+
+    users.extraUsers.freenet = {
+      group = "freenet";
+      description = "Freenet daemon user";
+      home = varDir;
+      createHome = true;
+      uid = config.ids.uids.freenet;
+    };
+
+    users.extraGroups.freenet.gid = config.ids.gids.freenet;
+  };
+
+}
diff --git a/nixos/modules/services/networking/git-daemon.nix b/nixos/modules/services/networking/git-daemon.nix
new file mode 100644
index 000000000000..a7c7c206198f
--- /dev/null
+++ b/nixos/modules/services/networking/git-daemon.nix
@@ -0,0 +1,112 @@
+{pkgs, config, ...}:
+with pkgs.lib;
+let
+
+  cfg = config.services.gitDaemon;
+  gitUser = "git";
+
+in
+{
+
+  ###### interface
+
+  options = {
+    services.gitDaemon = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable Git daemon, which allows public hosting  of git repositories
+          without any access controls. This is mostly intended for read-only access.
+
+          You can allow write access by setting daemon.receivepack configuration
+          item of the repository to true. This is solely meant for a closed LAN setting
+          where everybody is friendly.
+
+          If you need any access controls, use something else.
+        '';
+      };
+
+      basePath = mkOption {
+        default = "";
+        example = "/srv/git/";
+        description = ''
+          Remap all the path requests as relative to the given path. For example,
+          if you set base-path to /srv/git, then if you later try to pull
+          git://example.com/hello.git, Git daemon will interpret the path as /srv/git/hello.git.
+        '';
+      };
+
+      exportAll = mkOption {
+        default = false;
+        description = ''
+          Publish all directories that look like Git repositories (have the objects
+          and refs subdirectories), even if they do not have the git-daemon-export-ok file.
+
+          If disabled, you need to touch .git/git-daemon-export-ok in each repository
+          you want the daemon to publish.
+
+          Warning: enabling this without a repository whitelist or basePath
+          publishes every git repository you have.
+        '';
+      };
+
+      repositories = mkOption {
+        default = [];
+        example = [ "/srv/git" "/home/user/git/repo2" ];
+        description = ''
+          A whitelist of paths of git repositories, or directories containing repositories
+          all of which would be published. Paths must not end in "/".
+
+          Warning: leaving this empty and enabling exportAll publishes all
+          repositories in your filesystem or basePath if specified.
+        '';
+      };
+
+      listenAddress = mkOption {
+        default = "";
+        example = "example.com";
+        description = "Listen on a specific IP address or hostname.";
+      };
+
+      port = mkOption {
+        default = 9418;
+        description = "Port to listen on.";
+      };
+
+      options = mkOption {
+        default = "";
+        description = "Extra configuration options to be passed to Git daemon.";
+      };
+
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = gitUser;
+        uid = config.ids.uids.git;
+        description = "Git daemon user";
+      };
+
+    users.extraGroups = singleton
+      { name = gitUser;
+        gid = config.ids.gids.git;
+      };
+
+    jobs.gitDaemon = {
+      name = "git-daemon";
+      startOn = "ip-up";
+      exec = "${pkgs.git}/bin/git daemon --reuseaddr "
+        + (optionalString (cfg.basePath != "") "--basepath=${cfg.basePath} ")
+        + (optionalString (cfg.listenAddress != "") "--listen=${cfg.listenAddress} ")
+        + "--port=${toString cfg.port} --user=${gitUser} --group=${gitUser} ${cfg.options} "
+        + "--verbose " + (optionalString cfg.exportAll "--export-all")  + concatStringsSep " " cfg.repositories;
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/gnunet.nix b/nixos/modules/services/networking/gnunet.nix
new file mode 100644
index 000000000000..421c0d9bb697
--- /dev/null
+++ b/nixos/modules/services/networking/gnunet.nix
@@ -0,0 +1,148 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.gnunet;
+
+  homeDir = "/var/lib/gnunet";
+
+  configFile = with cfg; pkgs.writeText "gnunetd.conf"
+    ''
+      [PATHS]
+      SERVICEHOME = ${homeDir}
+
+      [ats]
+      WAN_QUOTA_IN = ${toString load.maxNetDownBandwidth} b
+      WAN_QUOTA_OUT = ${toString load.maxNetUpBandwidth} b
+
+      [datastore]
+      QUOTA = ${toString fileSharing.quota} MB
+
+      [transport-udp]
+      PORT = ${toString udp.port}
+      ADVERTISED_PORT = ${toString udp.port}
+
+      [transport-tcp]
+      PORT = ${toString tcp.port}
+      ADVERTISED_PORT = ${toString tcp.port}
+
+      ${extraOptions}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.gnunet = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the GNUnet daemon.  GNUnet is GNU's anonymous
+          peer-to-peer communication and file sharing framework.
+        '';
+      };
+
+      fileSharing = {
+        quota = mkOption {
+          default = 1024;
+          description = ''
+            Maximum file system usage (in MiB) for file sharing.
+          '';
+        };
+      };
+
+      udp = {
+        port = mkOption {
+          default = 2086;  # assigned by IANA
+          description = ''
+            The UDP port for use by GNUnet.
+          '';
+        };
+      };
+
+      tcp = {
+        port = mkOption {
+          default = 2086;  # assigned by IANA
+          description = ''
+            The TCP port for use by GNUnet.
+          '';
+        };
+      };
+
+      load = {
+        maxNetDownBandwidth = mkOption {
+          default = 50000;
+          description = ''
+            Maximum bandwidth usage (in bits per second) for GNUnet
+            when downloading data.
+          '';
+        };
+
+        maxNetUpBandwidth = mkOption {
+          default = 50000;
+          description = ''
+            Maximum bandwidth usage (in bits per second) for GNUnet
+            when downloading data.
+          '';
+        };
+
+        hardNetUpBandwidth = mkOption {
+          default = 0;
+          description = ''
+            Hard bandwidth limit (in bits per second) when uploading
+            data.
+          '';
+        };
+      };
+
+      extraOptions = mkOption {
+        default = "";
+        description = ''
+          Additional options that will be copied verbatim in `gnunet.conf'.
+          See `gnunet.conf(5)' for details.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.gnunet.enable {
+
+    users.extraUsers.gnunet = {
+      group = "gnunet";
+      description = "GNUnet User";
+      home = homeDir;
+      createHome = true; 
+      uid = config.ids.uids.gnunet;
+    };
+
+    users.extraGroups.gnunet.gid = config.ids.gids.gnunet;
+
+    # The user tools that talk to `gnunetd' should come from the same source,
+    # so install them globally.
+    environment.systemPackages = [ pkgs.gnunet ];
+
+    systemd.services.gnunet = {
+      description = "GNUnet";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.gnunet pkgs.miniupnpc ];
+      serviceConfig.ExecStart = "${pkgs.gnunet}/lib/gnunet/libexec/gnunet-service-arm -c ${configFile}";
+      serviceConfig.User = "gnunet";
+      serviceConfig.UMask = "0007";
+      serviceConfig.WorkingDirectory = homeDir;
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/gogoclient.nix b/nixos/modules/services/networking/gogoclient.nix
new file mode 100644
index 000000000000..3b92eb8b06bd
--- /dev/null
+++ b/nixos/modules/services/networking/gogoclient.nix
@@ -0,0 +1,85 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let cfg = config.services.gogoclient;
+in
+
+{
+
+  ###### interface
+
+  options = {
+    services.gogoclient = {
+      enable = mkOption {
+        default = false;
+        type =  types.bool;
+        description = ''
+          Enable the gogoCLIENT IPv6 tunnel.
+        '';
+      };
+      autorun = mkOption {
+        default = true;
+        description = ''
+          Whether to automatically start the tunnel.
+        '';
+      };
+
+      username = mkOption {
+        default = "";
+        description = ''
+          Your Gateway6 login name, if any.
+        '';
+      };
+
+      password = mkOption {
+        default = "";
+        type = types.string;
+        description = ''
+          Path to a file (as a string), containing your gogoNET password, if any.
+        '';
+      };
+
+      server = mkOption {
+        default = "anonymous.freenet6.net";
+        example = "broker.freenet6.net";
+        description = "The Gateway6 server to be used.";
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    boot.kernelModules = [ "tun" ];
+
+    networking.enableIPv6 = true;
+
+    systemd.services.gogoclient = {
+      description = "ipv6 tunnel";
+
+      after = [ "network.target" ];
+      requires = [ "network.target" ];
+
+      unitConfig.RequiresMountsFor = "/var/lib/gogoc";
+
+      script = let authMethod = if cfg.password == "" then "anonymous" else "any"; in ''
+        mkdir -p -m 700 /var/lib/gogoc
+        cat ${pkgs.gogoclient}/share/${pkgs.gogoclient.name}/gogoc.conf.sample | \
+          ${pkgs.gnused}/bin/sed \
+            -e "s|^userid=|&${cfg.username}|" \
+            -e "s|^passwd=|&${optionalString (cfg.password != "") "$(cat ${cfg.password})"}|" \
+            -e "s|^server=.*|server=${cfg.server}|" \
+            -e "s|^auth_method=.*|auth_method=${authMethod}|" \
+            -e "s|^#log_file=|log_file=1|" > /var/lib/gogoc/gogoc.conf
+        cd /var/lib/gogoc
+        exec ${pkgs.gogoclient}/bin/gogoc -y -f /var/lib/gogoc/gogoc.conf
+      '';
+    } // optionalAttrs cfg.autorun {
+      wantedBy = [ "ip-up.target" ];
+      partOf = [ "ip-up.target" ];
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/gvpe.nix b/nixos/modules/services/networking/gvpe.nix
new file mode 100644
index 000000000000..594a2e80f345
--- /dev/null
+++ b/nixos/modules/services/networking/gvpe.nix
@@ -0,0 +1,144 @@
+# GNU Virtual Private Ethernet
+
+{config, pkgs, ...}:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+
+  cfg = config.services.gvpe;
+
+  finalConfig = if cfg.configFile != null then
+    cfg.configFile
+  else if cfg.configText != null then
+    pkgs.writeTextFile {
+      name = "gvpe.conf";
+      text = cfg.configText;
+    }
+  else
+    throw "You must either specify contents of the config file or the config file itself for GVPE";
+
+  ifupScript = if cfg.ipAddress == null || cfg.subnet == null then
+     throw "Specify IP address and subnet (with mask) for GVPE"
+   else if cfg.nodename == null then
+     throw "You must set node name for GVPE"
+   else
+   (pkgs.writeTextFile {
+    name = "gvpe-if-up";
+    text = ''
+      #! /bin/sh
+
+      export PATH=$PATH:${pkgs.iproute}/sbin
+
+      ip link set $IFNAME up
+      ip address add ${cfg.ipAddress} dev $IFNAME
+      ip route add ${cfg.subnet} dev $IFNAME
+
+      ${cfg.customIFSetup}
+    '';
+    executable = true;
+  });
+
+  exec = "${pkgs.gvpe}/sbin/gvpe -c /var/gvpe -D ${cfg.nodename} "
+    + " ${cfg.nodename}.pid-file=/var/gvpe/gvpe.pid"
+    + " ${cfg.nodename}.if-up=if-up"
+    + " &> /var/log/gvpe";
+
+  inherit (cfg) startOn stopOn;
+in
+
+{
+  options = {
+    services.gvpe = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run gvpe
+        '';
+      };
+      startOn = mkOption {
+        default = "started network-interfaces";
+        description = ''
+          Condition to start GVPE
+        '';
+      };
+      stopOn = mkOption {
+        default = "stopping network-interfaces";
+        description = ''
+          Condition to stop GVPE
+        '';
+      };
+      nodename = mkOption {
+        default = null;
+        description =''
+          GVPE node name
+        '';
+      };
+      configText = mkOption {
+        default = null;
+        example = ''
+          tcp-port = 655
+          udp-port = 655
+          mtu = 1480
+          ifname = vpn0
+
+          node = alpha
+          hostname = alpha.example.org
+          connect = always
+          enable-udp = true
+          enable-tcp = true
+          on alpha if-up = if-up-0
+          on alpha pid-file = /var/gvpe/gvpe.pid
+        '';
+        description = ''
+          GVPE config contents
+        '';
+      };
+      configFile = mkOption {
+        default = null;
+        example = "/root/my-gvpe-conf";
+        description = ''
+          GVPE config file, if already present
+        '';
+      };
+      ipAddress = mkOption {
+        default = null;
+        description = ''
+          IP address to assign to GVPE interface
+        '';
+      };
+      subnet = mkOption {
+        default = null;
+        example = "10.0.0.0/8";
+        description = ''
+          IP subnet assigned to GVPE network
+        '';
+      };
+      customIFSetup = mkOption {
+        default = "";
+        description = ''
+          Additional commands to apply in ifup script
+        '';
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    jobs.gvpe = {
+      description = "GNU Virtual Private Ethernet node";
+
+      inherit startOn stopOn;
+
+      preStart = ''
+        mkdir -p /var/gvpe
+        mkdir -p /var/gvpe/pubkey
+        chown root /var/gvpe
+        chmod 700 /var/gvpe
+        cp ${finalConfig} /var/gvpe/gvpe.conf
+        cp ${ifupScript} /var/gvpe/if-up
+      '';
+
+      inherit exec;
+
+      respawn = true;
+    };
+  };
+}
diff --git a/nixos/modules/services/networking/haproxy.nix b/nixos/modules/services/networking/haproxy.nix
new file mode 100644
index 000000000000..c8345a528a72
--- /dev/null
+++ b/nixos/modules/services/networking/haproxy.nix
@@ -0,0 +1,87 @@
+{ config, pkgs, ...}:
+let
+  cfg = config.services.haproxy;
+  haproxyCfg = pkgs.writeText "haproxy.conf" cfg.config;
+in
+with pkgs.lib;
+{
+  options = {
+    services.haproxy = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Enable the HAProxy.
+        ";
+      };
+
+      config = mkOption {
+        default =
+          ''
+          global
+            log 127.0.0.1 local6
+            maxconn  24000
+            daemon
+            nbproc 1
+
+          defaults
+            mode http
+            option httpclose
+
+            # Remove requests from the queue if people press stop button
+            option abortonclose
+
+            # Try to connect this many times on failure
+            retries 3
+
+            # If a client is bound to a particular backend but it goes down,
+            # send them to a different one
+            option redispatch
+
+            monitor-uri /haproxy-ping
+
+            timeout connect 7s
+            timeout queue   300s
+            timeout client  300s
+            timeout server  300s
+
+            # Enable status page at this URL, on the port HAProxy is bound to
+            stats enable
+            stats uri /haproxy-status
+            stats refresh 5s
+            stats realm Haproxy statistics
+          '';
+        description = "
+          Default configuration.
+        ";
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.haproxy = {
+      description = "HAProxy";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "forking";
+        PIDFile = "/var/run/haproxy.pid";
+        ExecStartPre = "${pkgs.haproxy}/sbin/haproxy -c -q -f ${haproxyCfg}";
+        ExecStart = "${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /var/run/haproxy.pid";
+        ExecReload = "-${pkgs.bash}/bin/bash -c \"exec ${pkgs.haproxy}/sbin/haproxy -D -f ${haproxyCfg} -p /var/run/haproxy.pid -sf $MAINPID\"";
+      };
+    };
+
+    environment.systemPackages = [ pkgs.haproxy ];
+
+    users.extraUsers.haproxy = {
+      group = "haproxy";
+      uid = config.ids.uids.haproxy;
+    };
+
+    users.extraGroups.haproxy.gid = config.ids.uids.haproxy;
+  };
+}
diff --git a/nixos/modules/services/networking/hostapd.nix b/nixos/modules/services/networking/hostapd.nix
new file mode 100644
index 000000000000..4edea12b6be8
--- /dev/null
+++ b/nixos/modules/services/networking/hostapd.nix
@@ -0,0 +1,163 @@
+{ config, pkgs, ... }:
+
+# TODO:
+#
+# asserts 
+#   ensure that the nl80211 module is loaded/compiled in the kernel
+#   hwMode must be a/b/g
+#   channel must be between 1 and 13 (maybe)
+#   wpa_supplicant and hostapd on the same wireless interface doesn't make any sense
+#   perhaps an assertion that there is a dhcp server and a dns server on the IP address serviced by the hostapd?
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.hostapd;
+  
+  configFile = pkgs.writeText "hostapd.conf"  
+    ''
+    interface=${cfg.interface}
+    driver=${cfg.driver}
+    ssid=${cfg.ssid}
+    hw_mode=${cfg.hwMode}
+    channel=${toString cfg.channel}
+
+    # logging (debug level)
+    logger_syslog=-1
+    logger_syslog_level=2
+    logger_stdout=-1
+    logger_stdout_level=2
+
+    ctrl_interface=/var/run/hostapd
+    ctrl_interface_group=${cfg.group}
+
+    ${if cfg.wpa then ''
+      wpa=1
+      wpa_passphrase=${cfg.wpaPassphrase}
+      '' else ""}
+
+    ${cfg.extraCfg}
+    '' ;
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    services.hostapd = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable putting a wireless interface into infrastructure mode,
+          allowing other wireless devices to associate with the wireless interface and do
+          wireless networking. A simple access point will enable hostapd.wpa, and
+          hostapd.wpa_passphrase, hostapd.ssid, dhcpd on the wireless interface to
+          provide IP addresses to the associated stations, and nat (from the wireless
+          interface to an upstream interface). 
+        '';
+      };
+
+      interface = mkOption {
+        default = "";
+        example = "wlan0";
+        description = ''
+          The interfaces <command>hostapd</command> will use. 
+        '';
+      };
+
+      driver = mkOption {
+        default = "nl80211";
+        example = "hostapd";
+        type = types.string;
+        description = "Which driver hostapd will use. Most things will probably use the default.";
+      };
+
+      ssid = mkOption {
+        default = "nixos";
+        example = "mySpecialSSID";
+        type = types.string;
+        description = "SSID to be used in IEEE 802.11 management frames.";
+      };
+
+      hwMode = mkOption {
+        default = "b";
+        example = "g";
+        type = types.string;
+        description = "Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g";
+      };
+
+      channel = mkOption { 
+        default = 7;
+        example = 11;
+        type = types.int;
+        description = 
+          ''
+          Channel number (IEEE 802.11)
+          Please note that some drivers do not use this value from hostapd and the
+          channel will need to be configured separately with iwconfig.
+          '';
+      };
+
+      group = mkOption {
+        default = "wheel";
+        example = "network";
+        type = types.string;
+        description = "members of this group can control hostapd";
+      };
+
+      wpa = mkOption {
+        default = true;
+        description = "enable WPA (IEEE 802.11i/D3.0) to authenticate to the access point";
+      };
+
+      wpaPassphrase = mkOption {
+        default = "my_sekret";
+        example = "any_64_char_string";
+        type = types.string;
+        description = 
+          ''
+          WPA-PSK (pre-shared-key) passphrase. Clients will need this
+          passphrase to associate with this access point. Warning: This passphrase will
+          get put into a world-readable file in the nix store. 
+          '';
+      };
+
+      extraCfg = mkOption {
+        default = "";
+        example = ''
+          auth_algo=0
+          ieee80211n=1
+          ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]
+          '';
+        type = types.string;
+        description = "Extra configuration options to put in the hostapd.conf";
+      };
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages =  [ pkgs.hostapd ];
+
+    systemd.services.hostapd =
+      { description = "hostapd wireless AP";
+
+        path = [ pkgs.hostapd ]; 
+        wantedBy = [ "network.target" ];
+
+        after = [ "${cfg.interface}-cfg.service" "nat.service" "bind.service" "dhcpd.service"];
+
+        serviceConfig = 
+          { ExecStart = "${pkgs.hostapd}/bin/hostapd ${configFile}";
+            Restart = "always";
+          };
+      };
+  };
+}
diff --git a/nixos/modules/services/networking/ifplugd.nix b/nixos/modules/services/networking/ifplugd.nix
new file mode 100644
index 000000000000..4e939d603542
--- /dev/null
+++ b/nixos/modules/services/networking/ifplugd.nix
@@ -0,0 +1,88 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) ifplugd;
+
+  cfg = config.networking.interfaceMonitor;
+
+  # The ifplugd action script, which is called whenever the link
+  # status changes (i.e., a cable is plugged in or unplugged).
+  plugScript = pkgs.writeScript "ifplugd.action"
+    ''
+      #! ${pkgs.stdenv.shell}
+      iface="$1"
+      status="$2"
+      ${cfg.commands}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.interfaceMonitor.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If <literal>true</literal>, monitor Ethernet interfaces for
+        cables being plugged in or unplugged.  When this occurs, the
+        commands specified in
+        <option>networking.interfaceMonitor.commands</option> are
+        executed.
+      '';
+    };
+
+    networking.interfaceMonitor.beep = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If <literal>true</literal>, beep when an Ethernet cable is
+        plugged in or unplugged.
+      '';
+    };
+
+    networking.interfaceMonitor.commands = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Shell commands to be executed when the link status of an
+        interface changes.  On invocation, the shell variable
+        <varname>iface</varname> contains the name of the interface,
+        while the variable <varname>status</varname> contains either
+        <literal>up</literal> or <literal>down</literal> to indicate
+        the new status.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    jobs.ifplugd =
+      { description = "Network interface connectivity monitor";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        exec =
+          ''
+            ${ifplugd}/sbin/ifplugd --no-daemon --no-startup --no-shutdown \
+              ${if config.networking.interfaceMonitor.beep then "" else "--no-beep"} \
+              --run ${plugScript}
+          '';
+      };
+
+    environment.systemPackages = [ ifplugd ];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/iodined.nix b/nixos/modules/services/networking/iodined.nix
new file mode 100644
index 000000000000..cd150fe63fd3
--- /dev/null
+++ b/nixos/modules/services/networking/iodined.nix
@@ -0,0 +1,87 @@
+# NixOS module for iodine, ip over dns daemon
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.iodined;
+
+  iodinedUser = "iodined";
+
+in
+
+{
+
+  ### configuration
+
+  options = {
+
+    services.iodined = {
+
+      enable = mkOption {
+        type = types.uniq types.bool;
+        default = false;
+        description = "Enable iodine, ip over dns daemon";
+      };
+
+      client = mkOption {
+        type = types.uniq types.bool;
+        default = false;
+        description = "Start iodine in client mode";
+      };
+
+      ip = mkOption {
+        type = types.str;
+        default = "";
+        description = "Assigned ip address or ip range";
+        example = "172.16.10.1/24";
+      };
+
+      domain = mkOption {
+        type = types.str;
+        default = "";
+        description = "Domain or subdomain of which nameservers point to us";
+        example = "tunnel.mydomain.com";
+      };
+
+      extraConfig = mkOption {
+        type = types.str;
+        default = "";
+        description = "Additional command line parameters";
+        example = "-P mysecurepassword -l 192.168.1.10 -p 23";
+      };
+
+    };
+
+  };
+
+  ### implementation
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ pkgs.iodine ];
+    boot.kernelModules = [ "tun" ];
+
+    systemd.services.iodined = {
+      description = "iodine, ip over dns daemon";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.ExecStart = "${pkgs.iodine}/sbin/iodined -f -u ${iodinedUser} ${cfg.extraConfig} ${cfg.ip} ${cfg.domain}";
+    };
+
+
+    users.extraUsers = singleton {
+      name = iodinedUser;
+      uid = config.ids.uids.iodined;
+      description = "Iodine daemon user";
+    };
+    users.extraGroups.iodined.gid = config.ids.gids.iodined;
+
+    assertions = [{ assertion = if !cfg.client then cfg.ip != "" else true;
+                    message = "cannot start iodined without ip set";}
+                  { assertion = cfg.domain != "";
+                    message = "cannot start iodined without domain name set";}];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/ircd-hybrid/builder.sh b/nixos/modules/services/networking/ircd-hybrid/builder.sh
new file mode 100644
index 000000000000..b8cb836db95e
--- /dev/null
+++ b/nixos/modules/services/networking/ircd-hybrid/builder.sh
@@ -0,0 +1,31 @@
+source $stdenv/setup
+
+doSub() {
+    local src=$1
+    local dst=$2
+    ensureDir $(dirname $dst)
+    substituteAll $src $dst
+}
+
+subDir=/
+for i in $scripts; do
+    if test "$(echo $i | cut -c1-2)" = "=>"; then
+        subDir=$(echo $i | cut -c3-)
+    else
+        dst=$out/$subDir/$((stripHash $i; echo $strippedName) | sed 's/\.in//')
+        doSub $i $dst
+        chmod +x $dst # !!!
+    fi
+done
+
+subDir=/
+for i in $substFiles; do
+    if test "$(echo $i | cut -c1-2)" = "=>"; then
+        subDir=$(echo $i | cut -c3-)
+    else
+        dst=$out/$subDir/$((stripHash $i; echo $strippedName) | sed 's/\.in//')
+        doSub $i $dst
+    fi
+done
+
+ensureDir $out/bin
diff --git a/nixos/modules/services/networking/ircd-hybrid/control.in b/nixos/modules/services/networking/ircd-hybrid/control.in
new file mode 100644
index 000000000000..312dfaada329
--- /dev/null
+++ b/nixos/modules/services/networking/ircd-hybrid/control.in
@@ -0,0 +1,26 @@
+#! @shell@ -e
+
+# Make sure that the environment is deterministic.
+export PATH=@coreutils@/bin
+
+if test "$1" = "start"; then
+	if ! @procps@/bin/pgrep ircd; then
+	if @ipv6Enabled@; then 
+		while ! @iproute@/sbin/ip addr | 
+			@gnugrep@/bin/grep inet6 | 
+			@gnugrep@/bin/grep global; do
+			sleep 1;
+		done;
+	fi;
+	rm -rf /home/ircd
+	mkdir -p /home/ircd
+	chown ircd: /home/ircd
+	cd /home/ircd
+    env - HOME=/homeless-shelter $extraEnv \
+        @su@/bin/su ircd --shell=/bin/sh -c ' @ircdHybrid@/bin/ircd -configfile @out@/conf/ircd.conf </dev/null -logfile /home/ircd/ircd.log' 2>&1 >/var/log/ircd-hybrid.out
+	fi;
+fi
+
+if test "$1" = "stop" ; then 
+	@procps@/bin/pkill ircd;
+fi;
diff --git a/nixos/modules/services/networking/ircd-hybrid/default.nix b/nixos/modules/services/networking/ircd-hybrid/default.nix
new file mode 100644
index 000000000000..cd82a41ef7af
--- /dev/null
+++ b/nixos/modules/services/networking/ircd-hybrid/default.nix
@@ -0,0 +1,137 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.ircdHybrid;
+
+  ircdService = pkgs.stdenv.mkDerivation rec {
+    name = "ircd-hybrid-service";
+    scripts = [ "=>/bin" ./control.in ];
+    substFiles = [ "=>/conf" ./ircd.conf ];
+    inherit (pkgs) ircdHybrid coreutils su iproute gnugrep procps;
+
+    ipv6Enabled = if config.networking.enableIPv6 then "true" else "false";
+
+    inherit (cfg) serverName sid description adminEmail
+            extraPort;
+
+    cryptoSettings =
+      (optionalString (cfg.rsaKey != null) "rsa_private_key_file = \"${cfg.rsaKey}\";\n") +
+      (optionalString (cfg.certificate != null) "ssl_certificate_file = \"${cfg.certificate}\";\n");
+
+    extraListen = map (ip: "host = \""+ip+"\";\nport = 6665 .. 6669, "+extraPort+"; ") cfg.extraIPs;
+
+    builder = ./builder.sh;
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.ircdHybrid = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Enable IRCD.
+        ";
+      };
+
+      serverName = mkOption {
+        default = "hades.arpa";
+        description = "
+          IRCD server name.
+        ";
+      };
+
+      sid = mkOption {
+        default = "0NL";
+        description = "
+          IRCD server unique ID in a net of servers.
+        ";
+      };
+
+      description = mkOption {
+        default = "Hybrid-7 IRC server.";
+        description = "
+          IRCD server description.
+        ";
+      };
+
+      rsaKey = mkOption {
+        default = null;
+        example = /root/certificates/irc.key;
+        description = "
+          IRCD server RSA key.
+        ";
+      };
+
+      certificate = mkOption {
+        default = null;
+        example = /root/certificates/irc.pem;
+        description = "
+          IRCD server SSL certificate. There are some limitations - read manual.
+        ";
+      };
+
+      adminEmail = mkOption {
+        default = "<bit-bucket@example.com>";
+        example = "<name@domain.tld>";
+        description = "
+          IRCD server administrator e-mail.
+        ";
+      };
+
+      extraIPs = mkOption {
+        default = [];
+        example = ["127.0.0.1"];
+        description = "
+          Extra IP's to bind.
+        ";
+      };
+
+      extraPort = mkOption {
+        default = "7117";
+        description = "
+          Extra port to avoid filtering.
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.ircdHybrid.enable {
+
+    users.extraUsers = singleton
+      { name = "ircd";
+        description = "IRCD owner";
+        group = "ircd";
+        uid = config.ids.uids.ircd;
+      };
+
+    users.extraGroups.ircd.gid = config.ids.gids.ircd;
+
+    jobs.ircd_hybrid =
+      { name = "ircd-hybrid";
+
+        description = "IRCD Hybrid server";
+
+        startOn = "started networking";
+        stopOn = "stopping networking";
+
+        exec = "${ircdService}/bin/control start";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/ircd-hybrid/ircd.conf b/nixos/modules/services/networking/ircd-hybrid/ircd.conf
new file mode 100644
index 000000000000..bb22832dbdb2
--- /dev/null
+++ b/nixos/modules/services/networking/ircd-hybrid/ircd.conf
@@ -0,0 +1,1051 @@
+/* doc/example.conf - ircd-hybrid-7 Example configuration file
+ * Copyright (C) 2000-2006 Hybrid Development Team
+ *
+ * Written by ejb, wcampbel, db, leeh and others
+ * Other example configurations can be found in the source dir under
+ * etc/.
+ *
+ * $Id: example.conf 639 2006-06-01 14:12:21Z michael $
+ */
+
+/* IMPORTANT NOTES:
+ *
+ * auth {} blocks MUST be specified in order of precedence.  The first one
+ * that matches a user will be used.  So place spoofs first, then specials,
+ * then general access.
+ *
+ * Shell style (#), C++ style (//) and C style comments are supported.
+ *
+ * Files may be included by either:
+ *        .include "filename"
+ *        .include <filename>
+ *
+ * Times/durations are written as:
+ *        12 hours 30 minutes 1 second
+ *        
+ * Valid units of time:
+ *        month, week, day, hour, minute, second
+ *
+ * Valid units of size:
+ *        megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
+ *
+ * Sizes and times may be singular or plural.  
+ */ 
+
+/* EFNET NOTE:
+ *
+ * This config file is NOT suitable for EFNet.  EFNet admins should use
+ * example.efnet.conf
+ */
+ 
+/*
+ * serverinfo {}:  contains information about the server. (OLD M:)
+ */
+serverinfo {
+	/*
+	 * name: the name of our server.  This cannot be changed at runtime.
+	 */
+	name = "@serverName@";
+
+	/*
+	 * sid: a server's unique ID.  This is three characters long and must
+	 * be in the form [0-9][A-Z0-9][A-Z0-9].  The first character must be
+	 * a digit, followed by 2 alpha-numerical letters.
+	 * NOTE: The letters must be capitalized.  This cannot be changed at runtime.
+	 */
+	sid = "@sid@";
+
+	/*
+	 * description: the description of the server.  '[' and ']' may not
+	 * be used here for compatibility with older servers.
+	 */
+	description = "@description@";
+
+	/*
+	 * network info: the name and description of the network this server
+	 * is on.  Shown in the 005 reply and used with serverhiding.
+	 */
+	network_name = "JustIRCNetwork";
+	network_desc = "This is My Network";
+
+	/*
+	 * hub: allow this server to act as a hub and have multiple servers
+	 * connected to it.  This may not be changed if there are active
+	 * LazyLink servers.
+	 */
+	hub = no;
+
+	/*
+	 * vhost: the IP to bind to when we connect outward to ipv4 servers.
+	 * This should be an ipv4 IP only, or "* for INADDR_ANY.
+	 */
+	#vhost = "192.169.0.1";
+
+	/*
+	 * vhost6: the IP to bind to when we connect outward to ipv6 servers.
+	 * This should be an ipv6 IP only, or "* for INADDR_ANY.
+	 */
+	#vhost6 = "3ffe:80e8:546::2";
+
+	/* max_clients: the maximum number of clients allowed to connect */
+	max_clients = 512;
+
+	/*
+	 * rsa key: the path to the file containing our rsa key for cryptlink.
+	 *
+	 * Example command to store a 2048 bit RSA keypair in
+	 * rsa.key, and the public key in rsa.pub:
+	 * 
+	 * 	openssl genrsa -out rsa.key 2048
+	 *	openssl rsa -in rsa.key -pubout -out rsa.pub
+	 *	chown <ircd-user>.<ircd.group> rsa.key rsa.pub
+	 *	chmod 0600 rsa.key
+	 *	chmod 0644 rsa.pub
+	 */
+	#rsa_private_key_file = "/usr/local/ircd/etc/rsa.key";
+
+	/*
+	 * ssl certificate: the path to the file containing our ssl certificate
+	 * for encrypted client connection.
+	 *
+	 * This assumes your private RSA key is stored in rsa.key. You
+	 * MUST have an RSA key in order to generate the certificate
+	 *
+	 *	openssl req -new -days 365 -x509 -key rsa.key -out cert.pem
+	 *
+	 * See http://www.openssl.org/docs/HOWTO/certificates.txt
+	 *
+	 * Please use the following values when generating the cert
+	 *
+	 *	Organization Name: Network Name
+	 *	Organization Unit Name: changme.someirc.net
+	 *	Common Name: irc.someirc.net
+	 *	E-mail: you@domain.com
+	 */
+	#ssl_certificate_file = "/usr/local/ircd/etc/cert.pem";
+
+	@cryptoSettings@
+};
+
+/*
+ * admin {}:  contains admin information about the server. (OLD A:)
+ */
+admin {
+	name = "Anonymous Hero";
+	description = "Main Server Administrator";
+	email = "@adminEmail@";
+};
+
+/*
+ * log {}:  contains information about logfiles.
+ */
+log {
+	/* Do you want to enable logging to ircd.log? */
+	use_logging = yes;
+
+	/*
+	 * logfiles: the logfiles to use for user connects, /oper uses,
+	 * and failed /oper.  These files must exist for logging to be used.
+	 */
+	fname_userlog = "/home/ircd/logs/userlog";
+	fname_operlog = "/home/ircd/logs/operlog";
+	fname_killlog = "/home/ircd/logs/kill";
+	fname_klinelog = "/home/ircd/logs/kline";
+	fname_glinelog = "/home/ircd/logs/gline";
+
+	/*
+	 * log_level: the amount of detail to log in ircd.log.  The
+	 * higher, the more information is logged.  May be changed
+	 * once the server is running via /quote SET LOG.  Either:
+	 * L_CRIT, L_ERROR, L_WARN, L_NOTICE, L_TRACE, L_INFO or L_DEBUG
+	 */
+	log_level = L_INFO;
+};
+
+/*
+ * class {}:  contains information about classes for users (OLD Y:)
+ */
+class {
+	/* name: the name of the class.  classes are text now */
+	name = "users";
+
+	/*
+	 * ping_time: how often a client must reply to a PING from the
+	 * server before they are dropped.
+	 */
+	ping_time = 90 seconds;
+
+	/*
+	 * number_per_ip: how many local users are allowed to connect
+	 * from one IP  (optional)
+	 */
+	number_per_ip = 10;
+
+	/*
+	 * max_local: how many local users are allowed to connect
+	 * from one ident@host  (optional)
+	 */
+	max_local = 50;
+
+	/*
+	 * max_global: network-wide limit of users per ident@host  (optional)
+	 */
+	max_global = 50;
+
+	/*
+	 * max_number: the maximum number of users allowed in this class (optional)
+	 */
+	max_number = 10000;
+
+	/*
+	 * the following lines are optional and allow you to define
+	 * how many users can connect from one /NN subnet
+	 */
+	/*cidr_bitlen_ipv4 = 24;
+	 *cidr_bitlen_ipv6 = 120;
+	 *number_per_cidr = 16;*/
+
+	/*
+	 * sendq: the amount of data allowed in a clients queue before
+	 * they are dropped.
+	 */
+	sendq = 100 kbytes;
+};
+
+class {
+	name = "opers";
+	ping_time = 90 seconds;
+	number_per_ip = 10;
+	max_number = 100;
+	sendq = 100kbytes;
+};
+
+class {
+	name = "server";
+	ping_time = 90 seconds;
+
+	/*
+	 * ping_warning: how fast a server must reply to a PING before
+	 * a warning to opers is generated.
+	 */
+	ping_warning = 15 seconds;
+
+	/*
+	 * connectfreq: only used in server classes.  Specifies the delay
+	 * between autoconnecting to servers.
+	 */
+	connectfreq = 5 minutes;
+
+	/* max number: the amount of servers to autoconnect to */
+	max_number = 1;
+
+	/* sendq: servers need a higher sendq as they send more data */
+	sendq = 2 megabytes;
+};
+
+/*
+ * listen {}:  contains information about the ports ircd listens on (OLD P:)
+ */
+listen {
+	/*
+	 * port: the specific port to listen on.  If no host is specified
+	 * before, it will listen on all available IPs.
+	 *
+	 * Ports are separated via a comma, a range may be specified using ".."
+	 */
+	
+	/* port: listen on all available IPs, ports 6665 to 6669 */
+	port = 6665 .. 6669;
+
+	/*
+	 * Listen on 192.168.0.1/6697 with ssl enabled and hidden from STATS P
+	 * unless you are an administrator.
+	 *
+	 * NOTE: The "flags" directive has to come before "port".  Always!
+	 */
+	#flags = hidden, ssl;
+	#host = "192.168.0.1";
+	#port = 6697;
+
+	/*
+	 * host: set a specific IP/host the ports after the line will listen 
+	 * on.  This may be ipv4 or ipv6.
+	 */
+	#host = "1.2.3.4";
+	#port = 7000, 7001;
+
+	#host = "3ffe:1234:a:b:c::d";
+	#port = 7002;
+	
+	@extraListen@
+};
+
+auth {
+	user = "*@*";
+	class = "users";
+	#flags = need_ident;
+};
+
+/*
+ * operator {}:  defines ircd operators. (OLD O:)
+ *
+ * ircd-hybrid no longer supports local operators, privileges are
+ * controlled via flags.
+ */
+operator {
+	/* name: the name of the oper */
+	/* NOTE: operator "opername"{} is also supported */
+	name = "god";
+
+	/*
+	 * user: the user@host required for this operator.  CIDR is not
+	 * supported.  Multiple user="" lines are supported.
+	 */
+	user = "*god@*";
+	user = "*@127.0.0.1";
+
+	/*
+	 * password: the password required to oper.  By default this will
+	 * need to be encrypted using 'mkpasswd'.  MD5 is supported.
+	 */
+	password = "iamoperator";
+
+	/*
+	 * encrypted: controls whether the oper password above has been
+	 * encrypted.  (OLD CRYPT_OPER_PASSWORD now optional per operator)
+	 */
+	encrypted = no;
+
+	/*
+	 * rsa_public_key_file: the public key for this oper when using Challenge.
+	 * A password should not be defined when this is used, see 
+	 * doc/challenge.txt for more information.
+	 */
+#	rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
+
+	/* class: the class the oper joins when they successfully /oper */
+	class = "opers";
+
+	/*
+	 * umodes: default usermodes opers get when they /oper.  If defined,
+	 * it will override oper_umodes settings in general {}.
+	 * Available usermodes:
+	 *
+	 * +b - bots         - See bot and drone flooding notices
+	 * +c - cconn        - Client connection/quit notices
+	 * +D - deaf         - Don't receive channel messages
+	 * +d - debug        - See debugging notices
+	 * +f - full         - See I: line full notices
+	 * +G - softcallerid - Server Side Ignore for users not on your channels
+	 * +g - callerid     - Server Side Ignore (for privmsgs etc)
+	 * +i - invisible    - Not shown in NAMES or WHO unless you share a
+	 *                     a channel
+	 * +k - skill        - See server generated KILL messages
+	 * +l - locops       - See LOCOPS messages
+	 * +n - nchange      - See client nick changes
+	 * +r - rej          - See rejected client notices
+	 * +s - servnotice   - See general server notices
+	 * +u - unauth       - See unauthorized client notices
+	 * +w - wallop       - See server generated WALLOPS
+	 * +x - external     - See remote server connection and split notices
+	 * +y - spy          - See LINKS, STATS, TRACE notices etc.
+	 * +z - operwall     - See oper generated WALLOPS
+	 */
+#	umodes = locops, servnotice, operwall, wallop;
+
+	/*
+	 * privileges: controls the activities and commands an oper is 
+	 * allowed to do on the server.  All options default to no.
+	 * Available options:
+	 *
+	 * global_kill:  allows remote users to be /KILL'd (OLD 'O' flag)
+	 * remote:       allows remote SQUIT and CONNECT   (OLD 'R' flag)
+	 * remoteban:    allows remote KLINE/UNKLINE
+	 * kline:        allows KILL, KLINE and DLINE      (OLD 'K' flag)
+	 * unkline:      allows UNKLINE and UNDLINE        (OLD 'U' flag)
+	 * gline:        allows GLINE                      (OLD 'G' flag)
+	 * xline:         allows XLINE                     (OLD 'X' flag)
+	 * operwall:     allows OPERWALL
+	 * nick_changes: allows oper to see nickchanges    (OLD 'N' flag)
+	 *               via usermode +n
+	 * rehash:       allows oper to REHASH config      (OLD 'H' flag)
+	 * die:          allows DIE and RESTART            (OLD 'D' flag)
+	 * admin:        gives admin privileges.  admins
+	 *               may (un)load modules and see the
+	 *               real IPs of servers.
+	 * hidden_admin: same as 'admin', but noone can recognize you as
+	 *               being an admin
+	 * hidden_oper:  not shown in /stats p (except for other operators)
+	 */
+	/* You can either use
+	 * die = yes;
+	 * rehash = yes;
+	 *
+	 * or in a flags statement i.e.
+	 * flags = die, rehash;
+	 *
+	 * You can also negate a flag with ~ i.e.
+	 * flags = ~remote;
+	 *
+	 */
+	flags = global_kill, remote, kline, unkline, xline,
+		die, rehash, nick_changes, admin, operwall;
+};
+
+/*
+ * shared {}: users that are allowed to remote kline (OLD U:)
+ *
+ * NOTE: This can be effectively used for remote klines.
+ *       Please note that there is no password authentication
+ *       for users setting remote klines.  You must also be
+ *       /oper'd in order to issue a remote kline.
+ */
+shared {
+	/*
+	 * name: the server the user must be on to set klines.  If this is not
+	 * specified, the user will be allowed to kline from all servers.
+	 */
+	name = "irc2.some.server";
+
+	/*
+	 * user: the user@host mask that is allowed to set klines.  If this is
+	 * not specified, all users on the server above will be allowed to set
+	 * a remote kline.
+	 */
+	user = "oper@my.host.is.spoofed";
+
+	/*
+	 * type: list of what to share, options are as follows:
+	 *	kline	- allow oper/server to kline
+	 *	tkline	- allow temporary klines
+	 *	unkline	- allow oper/server to unkline
+	 *	xline	- allow oper/server to xline
+	 * 	txline	- allow temporary xlines
+	 *	unxline	- allow oper/server to unxline
+	 *	resv	- allow oper/server to resv
+	 * 	tresv	- allow temporary resvs
+	 *	unresv	- allow oper/server to unresv
+	 *      locops  - allow oper/server to locops - only used for servers that cluster
+	 *	all	- allow oper/server to do all of the above (default)
+	 */
+	type = kline, unkline, resv;
+};
+
+/*
+ * kill {}:  users that are not allowed to connect (OLD K:)
+ * Oper issued klines will be added to the specified kline config
+ */
+kill {
+	user = "bad@*.hacked.edu";
+	reason = "Obviously hacked account";
+};
+
+kill {
+	user = "^O[[:alpha:]]?[[:digit:]]+(x\.o|\.xo)$@^[[:alnum:]]{4}\.evilnet.org$";
+	type = regex;
+};
+
+/*
+ * deny {}:  IPs that are not allowed to connect (before DNS/ident lookup)
+ * Oper issued dlines will be added to the specified dline config
+ */
+deny {
+	ip = "10.0.1.0/24";
+	reason = "Reconnecting vhosted bots";
+};
+
+/*
+ * exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:)
+ */
+exempt {
+	ip = "192.168.0.0/16";
+};
+
+/*
+ * resv {}:  nicks and channels users may not use/join (OLD Q:)
+ */
+resv {
+	/* reason: the reason for the proceeding resv's */
+	reason = "There are no services on this network";
+
+	/* resv: the nicks and channels users may not join/use */
+	nick = "nickserv";
+	nick = "chanserv";
+	channel = "#services";
+
+	/* resv: wildcard masks are also supported in nicks only */
+	reason = "Clone bots";
+	nick = "clone*";
+};
+
+/*
+ * gecos {}:  The X: replacement, used for banning users based on
+ * their "realname".
+ */
+gecos {
+	name = "*sex*";
+	reason = "Possible spambot";
+};
+
+gecos {
+	name = "sub7server";
+	reason = "Trojan drone";
+};
+
+gecos {
+	name = "*http*";
+	reason = "Spambot";
+};
+
+gecos {
+	name = "^\[J[0o]hn Do[3e]\]-[0-9]{2,5}$";
+	type = regex;
+};
+
+/*
+ * channel {}:  The channel block contains options pertaining to channels
+ */
+channel {
+	/*
+	 * disable_fake_channels: this option, if set to 'yes', will
+	 * disallow clients to create or join channels that have one
+	 * of the following ASCII characters in their name:
+	 *
+	 *   2 | bold
+	 *   3 | mirc color
+         *  15 | plain text
+	 *  22 | reverse
+	 *  31 | underline
+	 * 160 | non-breaking space
+	 */
+	disable_fake_channels = yes;
+
+	/*
+	 * restrict_channels: reverse channel RESVs logic, only reserved
+	 * channels are allowed
+	 */
+	restrict_channels = no;
+
+	/*
+	 * disable_local_channels: prevent users from joining &channels.
+	 */
+	disable_local_channels = no;
+
+	/*
+	 * use_invex: Enable/disable channel mode +I, a n!u@h list of masks
+	 * that can join a +i channel without an invite.
+	 */
+	use_invex = yes;
+
+	/*
+	 * use_except: Enable/disable channel mode +e, a n!u@h list of masks
+	 * that can join a channel through a ban (+b).
+	 */
+	use_except = yes;
+
+	/*
+	 * use_knock: Allows users to request an invite to a channel that
+	 * is locked somehow (+ikl).  If the channel is +p or you are banned
+	 * the knock will not be sent.
+	 */
+	use_knock = yes;
+
+	/*
+	 * knock_delay: The amount of time a user must wait between issuing
+	 * the knock command.
+	 */
+	knock_delay = 1 minutes;
+
+	/*
+	 * knock_delay_channel: How often a knock to any specific channel
+	 * is permitted, regardless of the user sending the knock.
+	 */
+	knock_delay_channel = 1 minute;
+
+	/*
+	 * burst_topicwho: enable sending of who set topic on topicburst
+	 * default is yes
+	 */
+	burst_topicwho = yes;
+
+	/*
+	 * max_chans_per_user: The maximum number of channels a user can
+	 * join/be on.
+	 */
+	max_chans_per_user = 25;
+
+	/* quiet_on_ban: stop banned people talking in channels. */
+	quiet_on_ban = yes;
+
+	/* max_bans: maximum number of +b/e/I modes in a channel */
+	max_bans = 1000;
+
+	/*
+	 * how many joins in how many seconds constitute a flood, use 0 to
+	 * disable. +b opers will be notified (changeable via /set)
+	 */
+	join_flood_count = 100;
+	join_flood_time = 10 seconds;
+
+	/*
+	 * splitcode: The ircd will now check splitmode every few seconds.
+	 *
+	 * Either split users or split servers can activate splitmode, but
+	 * both conditions must be met for the ircd to deactivate splitmode.
+	 * 
+	 * You may force splitmode to be permanent by /quote set splitmode on
+	 */
+
+	/*
+	 * default_split_user_count: when the usercount is lower than this level,
+	 * consider ourselves split.  This must be set for automatic splitmode.
+	 */
+	default_split_user_count = 0;
+
+	/*
+	 * default_split_server_count: when the servercount is lower than this,
+	 * consider ourselves split.  This must be set for automatic splitmode.
+	 */
+	default_split_server_count = 0;
+
+	/* split no create: disallow users creating channels on split. */
+	no_create_on_split = yes;
+
+	/* split: no join: disallow users joining channels at all on a split */
+	no_join_on_split = no;
+};
+
+/*
+ * serverhide {}:  The serverhide block contains the options regarding
+ * serverhiding
+ */
+serverhide {
+	/*
+	 * flatten_links: this option will show all servers in /links appear
+	 * that they are linked to this current server
+	 */
+	flatten_links = no;
+
+	/*
+	 * links_delay: how often to update the links file when it is
+	 * flattened.
+	 */
+	links_delay = 5 minutes;
+
+	/*
+	 * hidden: hide this server from a /links output on servers that
+	 * support it.  This allows hub servers to be hidden etc.
+	 */
+	hidden = no;
+
+	/*
+	 * disable_hidden: prevent servers hiding themselves from a
+	 * /links output.
+	 */
+	disable_hidden = no;
+
+	/*
+	 * hide_servers: hide remote servernames everywhere and instead use
+	 * hidden_name and network_desc.
+	 */
+	hide_servers = no;
+
+	/*
+	 * Use this as the servername users see if hide_servers = yes.
+	 */
+	hidden_name = "*.hidden.com";
+
+	/*
+	 * hide_server_ips: If this is disabled, opers will be unable to see servers
+	 * ips and will be shown a masked ip, admins will be shown the real ip.
+	 *
+	 * If this is enabled, nobody can see a servers ip.  *This is a kludge*, it
+	 * has the side effect of hiding the ips everywhere, including logfiles.
+	 *
+	 * We recommend you leave this disabled, and just take care with who you
+	 * give admin=yes; to.
+	 */
+	hide_server_ips = no;
+};
+
+/*
+ * general {}:  The general block contains many of the options that were once
+ * compiled in options in config.h.  The general block is read at start time.
+ */
+general {
+	/*
+	 * gline_min_cidr: the minimum required length of a CIDR bitmask
+	 * for IPv4 based glines
+	 */
+	gline_min_cidr = 16;
+
+	/*
+	 * gline_min_cidr6: the minimum required length of a CIDR bitmask
+	 * for IPv6 based glines
+	 */
+	gline_min_cidr6 = 48;
+
+	/*
+	 * Whether to automatically set mode +i on connecting users.
+	 */
+	invisible_on_connect = yes;
+
+	/*
+	 * If you don't explicitly specify burst_away in your connect blocks, then
+	 * they will default to the burst_away value below.
+	 */
+	burst_away = no;
+
+	/*
+	 * Show "actually using host <ip>" on /whois when possible.
+	 */
+	use_whois_actually = yes;
+
+	/*
+	 * Max time from the nickname change that still causes KILL
+	 * automatically to switch for the current nick of that user. (seconds)
+	 */
+	kill_chase_time_limit = 90;
+
+	/*
+	 * If hide_spoof_ips is disabled, opers will be allowed to see the real IP of spoofed
+	 * users in /trace etc.  If this is defined they will be shown a masked IP.
+	 */
+	hide_spoof_ips = yes;
+
+	/*
+	 * Ignore bogus timestamps from other servers.  Yes, this will desync
+	 * the network, but it will allow chanops to resync with a valid non TS 0
+	 *
+	 * This should be enabled network wide, or not at all.
+	 */
+	ignore_bogus_ts = no;
+
+	/*
+	 * disable_auth: completely disable ident lookups; if you enable this,
+	 * be careful of what you set need_ident to in your auth {} blocks
+	 */
+	disable_auth = no;
+
+	/* disable_remote_commands: disable users doing commands on remote servers */
+	disable_remote_commands = no;
+
+	/*
+	 * tkline_expire_notices: enables or disables temporary kline/xline
+	 * expire notices.
+	 */
+	tkline_expire_notices = no;
+
+	/*
+	 * default_floodcount: the default value of floodcount that is configurable
+	 * via /quote set floodcount.  This is the amount of lines a user
+	 * may send to any other user/channel in one second.
+	 */
+	default_floodcount = 10;
+
+	/*
+	 * failed_oper_notice: send a notice to all opers on the server when 
+	 * someone tries to OPER and uses the wrong password, host or ident.
+	 */
+	failed_oper_notice = yes;
+
+	/*
+	 * dots_in_ident: the amount of '.' characters permitted in an ident
+	 * reply before the user is rejected.
+	 */
+	dots_in_ident = 2;
+
+	/*
+	 * dot_in_ip6_addr: ircd-hybrid-6.0 and earlier will disallow hosts 
+	 * without a '.' in them.  This will add one to the end.  Only needed
+	 * for older servers.
+	 */
+	dot_in_ip6_addr = no;
+
+	/*
+	 * min_nonwildcard: the minimum non wildcard characters in k/d/g lines
+	 * placed via the server.  klines hand placed are exempt from limits.
+	 * wildcard chars: '.' ':' '*' '?' '@' '!' '#'
+	 */
+	min_nonwildcard = 4;
+
+	/*
+	 * min_nonwildcard_simple: the minimum non wildcard characters in 
+	 * gecos bans.  wildcard chars: '*' '?' '#'
+	 */
+	min_nonwildcard_simple = 3;
+
+	/* max_accept: maximum allowed /accept's for +g usermode */
+	max_accept = 20;
+
+	/* anti_nick_flood: enable the nickflood control code */
+	anti_nick_flood = yes;
+
+	/* nick flood: the nick changes allowed in the specified period */
+	max_nick_time = 20 seconds;
+	max_nick_changes = 5;
+
+	/*
+	 * anti_spam_exit_message_time: the minimum time a user must be connected
+	 * before custom quit messages are allowed.
+	 */
+	anti_spam_exit_message_time = 5 minutes;
+
+	/*
+	 * ts delta: the time delta allowed between server clocks before
+	 * a warning is given, or before the link is dropped.  all servers
+	 * should run ntpdate/rdate to keep clocks in sync
+	 */
+	ts_warn_delta = 30 seconds;
+	ts_max_delta = 5 minutes;
+
+	/*
+	 * kline_with_reason: show the user the reason why they are k/d/glined 
+	 * on exit.  May give away who set k/dline when set via tcm.
+	 */
+	kline_with_reason = yes;
+
+	/*
+	 * kline_reason: show this message to users on channel
+	 * instead of the oper reason.
+	 */
+	kline_reason = "Connection closed";
+
+	/*
+	 * reject_hold_time: wait this amount of time before disconnecting
+	 * a rejected client. Use 0 to disable.
+	 */
+	reject_hold_time = 0;
+
+	/*
+	 * warn_no_nline: warn opers about servers that try to connect but
+	 * we don't have a connect {} block for.  Twits with misconfigured 
+	 * servers can get really annoying with this enabled.
+	 */
+	warn_no_nline = yes;
+
+	/*
+	 * stats_e_disabled: set this to 'yes' to disable "STATS e" for both
+	 * operators and administrators.  Doing so is a good idea in case
+	 * there are any exempted (exempt{}) server IPs you don't want to
+	 * see leaked.
+	 */
+	stats_e_disabled = no;
+
+	/* stats_o_oper only: make stats o (opers) oper only */
+	stats_o_oper_only = yes;
+
+	/* stats_P_oper_only: make stats P (ports) oper only */
+	stats_P_oper_only = yes;
+
+	/*
+	 * stats i oper only: make stats i (auth {}) oper only. set to:
+	 *     yes:    show users no auth blocks, made oper only.
+	 *     masked: show users first matching auth block
+	 *     no:     show users all auth blocks.
+	 */
+	stats_i_oper_only = yes;
+
+	/*
+	 * stats_k_oper_only: make stats k/K (klines) oper only.  set to:
+	 *     yes:    show users no auth blocks, made oper only
+	 *     masked: show users first matching auth block
+	 *     no:     show users all auth blocks.
+	 */
+	stats_k_oper_only = yes;
+
+	/*
+	 * caller_id_wait: time between notifying a +g user that somebody
+	 * is messaging them.
+	 */
+	caller_id_wait = 1 minute;
+
+	/*
+	 * opers_bypass_callerid: allows operators to bypass +g and message
+	 * anyone who has it set (useful if you use services).
+	 */
+	opers_bypass_callerid = no;
+
+	/*
+	 * pace_wait_simple: time between use of less intensive commands
+	 * (ADMIN, HELP, (L)USERS, VERSION, remote WHOIS)
+	 */
+	pace_wait_simple = 1 second;
+
+	/*
+	 * pace_wait: time between more intensive commands
+	 * (INFO, LINKS, LIST, MAP, MOTD, STATS, WHO, wildcard WHOIS, WHOWAS)
+	 */
+	pace_wait = 10 seconds;
+
+	/*
+	 * short_motd: send clients a notice telling them to read the motd
+	 * instead of forcing a motd to clients who may simply ignore it.
+	 */
+	short_motd = no;
+
+	/*
+	 * ping_cookie: require clients to respond exactly to a ping command,
+	 * can help block certain types of drones and FTP PASV mode spoofing.
+	 */
+	ping_cookie = no;
+
+	/* no_oper_flood: increase flood limits for opers. */
+	no_oper_flood = yes;
+
+	/*
+	 * true_no_oper_flood: completely eliminate flood limits for opers
+	 * and for clients with can_flood = yes in their auth {} blocks
+	 */
+	true_no_oper_flood = yes;
+
+	/* oper_pass_resv: allow opers to over-ride RESVs on nicks/channels */
+	oper_pass_resv = yes;
+
+	/*
+	 * idletime: the maximum amount of time a user may idle before
+	 * they are disconnected
+	 */
+	idletime = 0;
+
+	/* REMOVE ME.  The following line checks you've been reading. */
+	#havent_read_conf = 1;
+
+	/*
+	 * max_targets: the maximum amount of targets in a single 
+	 * PRIVMSG/NOTICE.  Set to 999 NOT 0 for unlimited.
+	 */
+	max_targets = 4;
+
+	/*
+	 * client_flood: maximum amount of data in a clients queue before
+	 * they are dropped for flooding.
+	 */
+	client_flood = 2560 bytes;
+
+	/*
+	 * message_locale: the default message locale
+	 * Use "standard" for the compiled in defaults.
+	 * To install the translated messages, go into messages/ in the
+	 * source directory and run `make install'.
+	 */
+	message_locale = "standard";
+
+	/*
+	 * usermodes configurable: a list of usermodes for the options below
+	 *
+	 * +b - bots         - See bot and drone flooding notices
+	 * +c - cconn        - Client connection/quit notices
+	 * +D - deaf         - Don't receive channel messages
+	 * +d - debug        - See debugging notices
+	 * +f - full         - See I: line full notices
+	 * +G - softcallerid - Server Side Ignore for users not on your channels
+	 * +g - callerid     - Server Side Ignore (for privmsgs etc)
+	 * +i - invisible    - Not shown in NAMES or WHO unless you share a 
+	 *                     a channel
+	 * +k - skill        - See server generated KILL messages
+	 * +l - locops       - See LOCOPS messages
+	 * +n - nchange      - See client nick changes
+	 * +r - rej          - See rejected client notices
+	 * +s - servnotice   - See general server notices
+	 * +u - unauth       - See unauthorized client notices
+	 * +w - wallop       - See server generated WALLOPS
+	 * +x - external     - See remote server connection and split notices
+	 * +y - spy          - See LINKS, STATS, TRACE notices etc.
+	 * +z - operwall     - See oper generated WALLOPS
+	 */
+
+	/* oper_only_umodes: usermodes only opers may set */
+	oper_only_umodes = bots, cconn, debug, full, skill, nchange, 
+			   rej, spy, external, operwall, locops, unauth;
+
+	/* oper_umodes: default usermodes opers get when they /oper */
+	oper_umodes = bots, locops, servnotice, operwall, wallop;
+
+	/*
+	 * servlink_path: path to 'servlink' program used by ircd to handle
+	 * encrypted/compressed server <-> server links.
+	 *
+	 * only define if servlink is not in same directory as ircd itself.
+	 */
+	#servlink_path = "/usr/local/ircd/bin/servlink";
+
+	/*
+	 * default_cipher_preference: default cipher to use for cryptlink when none is
+	 * specified in connect block.
+	 */
+	#default_cipher_preference = "BF/168";
+
+	/*
+	 * use_egd: if your system does not have *random devices yet you
+	 * want to use OpenSSL and encrypted links, enable this.  Beware -
+	 * EGD is *very* CPU intensive when gathering data for its pool
+	 */
+#	use_egd = yes;
+
+	/*
+	 * egdpool_path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
+	 * which automatically finds the path.
+	 */
+#	egdpool_path = "/var/run/egd-pool";
+
+
+	/*
+	 * compression_level: level of compression for compressed links between
+	 * servers.  
+	 *
+	 * values are between: 1 (least compression, fastest)
+	 *                and: 9 (most compression, slowest).
+	 */
+#	compression_level = 6;
+
+	/*
+	 * throttle_time: the minimum amount of time between connections from
+	 * the same ip.  exempt {} blocks are excluded from this throttling.
+	 * Offers protection against flooders who reconnect quickly.  
+	 * Set to 0 to disable.
+	 */
+	throttle_time = 10;
+};
+
+glines {
+	/* enable: enable glines, network wide temp klines */
+	enable = yes;
+
+	/*
+	 * duration: the amount of time a gline will remain on your
+	 * server before expiring
+	 */
+	duration = 1 day;
+
+	/*
+	 * logging: which types of rules you want to log when triggered
+	 * (choose reject or block)
+	 */
+	logging = reject, block;
+
+	/*
+	 * NOTE: gline ACLs can cause a desync of glines throughout the
+	 * network, meaning some servers may have a gline triggered, and
+	 * others may not. Also, you only need insert rules for glines
+	 * that you want to block and/or reject. If you want to accept and
+	 * propagate the gline, do NOT put a rule for it.
+	 */
+
+	/* user@host for rule to apply to */
+	user = "god@I.still.hate.packets";
+	/* server for rule to apply to */
+	name = "hades.arpa";
+
+	/*
+	 * action: action to take when a matching gline is found. options are:
+	 *  reject	- do not apply the gline locally
+	 *  block	- do not propagate the gline
+	 */
+	action = reject, block;
+
+	user = "god@*";
+	name = "*";
+	action = block;
+};
+
diff --git a/nixos/modules/services/networking/minidlna.nix b/nixos/modules/services/networking/minidlna.nix
new file mode 100644
index 000000000000..e31d77f13fed
--- /dev/null
+++ b/nixos/modules/services/networking/minidlna.nix
@@ -0,0 +1,112 @@
+# Module for MiniDLNA, a simple DLNA server.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.minidlna;
+
+  port = 8200;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.minidlna.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        ''
+          Whether to enable MiniDLNA, a simple DLNA server.  It serves
+          media files such as video and music to DLNA client devices
+          such as televisions and media players.
+        '';
+    };
+
+    services.minidlna.mediaDirs = mkOption {
+      type = types.listOf types.string;
+      default = [];
+      example = [ "/data/media" "V,/home/alice/video" ];
+      description =
+        ''
+          Directories to be scanned for media files.  The prefixes
+          <literal>A,</literal>, <literal>V,</literal> and
+          <literal>P,</literal> restrict a directory to audio, video
+          or image files.  The directories must be accessible to the
+          <literal>minidlna</literal> user account.
+        '';
+    };
+
+    services.minidlna.config = mkOption {
+      type = types.lines;
+      description = "The contents of MiniDLNA's configuration file.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    # Running minidlna only makes sense for serving files to the
+    # outside, so open up the required ports by default.
+    networking.firewall.allowedTCPPorts = [ port ];
+    networking.firewall.allowedUDPPorts = [ 1900 ]; # SSDP
+
+    services.minidlna.config =
+      ''
+        port=${toString port}
+        friendly_name=NixOS Media Server
+        db_dir=/var/cache/minidlna
+        log_dir=/var/log/minidlna
+        inotify=yes
+        ${concatMapStrings (dir: ''
+          media_dir=${dir}
+        '') cfg.mediaDirs}
+      '';
+
+    users.extraUsers.minidlna = {
+      description = "MiniDLNA daemon user";
+      group = "minidlna";
+      uid = config.ids.uids.minidlna;
+    };
+
+    users.extraGroups.minidlna.gid = config.ids.gids.minidlna;
+
+    systemd.services.minidlna =
+      { description = "MiniDLNA Server";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        preStart =
+          ''
+            mkdir -p /var/cache/minidlna /var/log/minidlna /run/minidlna
+            chown minidlna /var/cache/minidlna /var/log/minidlna /run/minidlna
+          '';
+
+        # FIXME: log through the journal rather than
+        # /var/log/minidlna.  The -d flag does that, but also raises
+        # the log level to debug...
+        serviceConfig =
+          { User = "minidlna";
+            Group = "nogroup";
+            PermissionsStartOnly = true;
+            Type = "forking";
+            PIDFile = "/run/minidlna/pid";
+            ExecStart =
+              "@${pkgs.minidlna}/sbin/minidlna minidlna -P /run/minidlna/pid" +
+              " -f ${pkgs.writeText "minidlna.conf" cfg.config}";
+          };
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/nat.nix b/nixos/modules/services/networking/nat.nix
new file mode 100644
index 000000000000..ce28f0188284
--- /dev/null
+++ b/nixos/modules/services/networking/nat.nix
@@ -0,0 +1,105 @@
+# This module enables Network Address Translation (NAT).
+# XXX: todo: support multiple upstream links
+# see http://yesican.chsoft.biz/lartc/MultihomedLinuxNetworking.html
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking.nat;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.nat.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description =
+        ''
+          Whether to enable Network Address Translation (NAT).
+        '';
+    };
+
+    networking.nat.internalIPs = mkOption {
+      type = types.listOf types.str;
+      example = [ "192.168.1.0/24" ] ;
+      description =
+        ''
+          The IP address ranges for which to perform NAT.  Packets
+          coming from these networks and destined for the external
+          interface will be rewritten.
+        '';
+    };
+
+    networking.nat.externalInterface = mkOption {
+      type = types.str;
+      example = "eth1";
+      description =
+        ''
+          The name of the external network interface.
+        '';
+    };
+
+    networking.nat.externalIP = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "203.0.113.123";
+      description =
+        ''
+          The public IP address to which packets from the local
+          network are to be rewritten.  If this is left empty, the
+          IP address associated with the external interface will be
+          used.
+        '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.networking.nat.enable {
+
+    environment.systemPackages = [ pkgs.iptables ];
+
+    boot.kernelModules = [ "nf_nat_ftp" ];
+
+    jobs.nat =
+      { description = "Network Address Translation";
+
+        startOn = "started network-interfaces";
+
+        path = [ pkgs.iptables ];
+
+        preStart =
+          ''
+            iptables -t nat -F POSTROUTING
+            iptables -t nat -X
+          ''
+          + (concatMapStrings (network:
+            ''
+            iptables -t nat -A POSTROUTING \
+              -s ${network} -o ${cfg.externalInterface} \
+              ${if cfg.externalIP == null
+                then "-j MASQUERADE"
+                else "-j SNAT --to-source ${cfg.externalIP}"}
+            ''
+          ) cfg.internalIPs) +
+          ''
+            echo 1 > /proc/sys/net/ipv4/ip_forward
+          '';
+
+        postStop =
+          ''
+            iptables -t nat -F POSTROUTING
+          '';
+      };
+  };
+}
diff --git a/nixos/modules/services/networking/networkmanager.nix b/nixos/modules/services/networking/networkmanager.nix
new file mode 100644
index 000000000000..ad6f9858aaf6
--- /dev/null
+++ b/nixos/modules/services/networking/networkmanager.nix
@@ -0,0 +1,193 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+with pkgs;
+
+let
+  cfg = config.networking.networkmanager;
+
+  stateDirs = "/var/lib/NetworkManager /var/lib/dhclient";
+
+  configFile = writeText "NetworkManager.conf" ''
+    [main]
+    plugins=keyfile
+
+    [keyfile]
+    ${optionalString (config.networking.hostName != "") ''
+      hostname=${config.networking.hostName}
+    ''}
+
+    [logging]
+    level=WARN
+  '';
+
+  polkitConf = ''
+    [network-manager]
+    Identity=unix-group:networkmanager
+    Action=org.freedesktop.NetworkManager.*
+    ResultAny=yes
+    ResultInactive=no
+    ResultActive=yes
+
+    [modem-manager]
+    Identity=unix-group:networkmanager
+    Action=org.freedesktop.ModemManager.*
+    ResultAny=yes
+    ResultInactive=no
+    ResultActive=yes
+  '';
+
+  ipUpScript = writeScript "01nixos-ip-up" ''
+    #!/bin/sh
+    if test "$2" = "up"; then
+      ${config.systemd.package}/bin/systemctl start ip-up.target
+    fi
+  '';
+
+  overrideNameserversScript = writeScript "02overridedns" ''
+    #!/bin/sh
+    ${optionalString cfg.overrideNameservers "${gnused}/bin/sed -i '/nameserver /d' /etc/resolv.conf"}
+    ${concatStrings (map (s: ''
+      ${optionalString cfg.appendNameservers
+        "${gnused}/bin/sed -i '/nameserver ${s}/d' /etc/resolv.conf"
+      }
+      echo 'nameserver ${s}' >> /etc/resolv.conf
+    '') config.networking.nameservers)}
+  '';
+
+in {
+
+  ###### interface
+
+  options = {
+
+    networking.networkmanager = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to use NetworkManager to obtain an IP address and other
+          configuration for all network interfaces that are not manually
+          configured. If enabled, a group <literal>networkmanager</literal>
+          will be created. Add all users that should have permission
+          to change network settings to this group.
+        '';
+      };
+  
+      packages = mkOption {
+        type = types.listOf types.path;
+        default = [ ];
+        description = ''
+          Extra packages that provide NetworkManager plugins.
+        '';
+        apply = list: [ networkmanager modemmanager wpa_supplicant ] ++ list;
+      };
+
+      overrideNameservers = mkOption {
+        default = false;
+        description = ''
+          If enabled, any nameservers received by DHCP or configured in
+          NetworkManager will be replaced by the nameservers configured
+          in the <literal>networking.nameservers</literal> option. This
+          option overrides the <literal>appendNameservers</literal> option
+          if both are enabled.
+        '';
+      };
+
+      appendNameservers = mkOption {
+        default = false;
+        description = ''
+          If enabled, the name servers configured in the
+          <literal>networking.nameservers</literal> option will be appended
+          to the ones configured in NetworkManager or received by DHCP.
+        '';
+      };
+
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions = [{
+      assertion = config.networking.wireless.enable == false;
+      message = "You can not use networking.networkmanager with services.networking.wireless";
+    }];
+
+    environment.etc = [
+      { source = ipUpScript;
+        target = "NetworkManager/dispatcher.d/01nixos-ip-up";
+      }
+      { source = configFile;
+        target = "NetworkManager/NetworkManager.conf";
+      }
+      { source = "${networkmanager_openvpn}/etc/NetworkManager/VPN/nm-openvpn-service.name";
+        target = "NetworkManager/VPN/nm-openvpn-service.name";
+      }
+      { source = "${networkmanager_vpnc}/etc/NetworkManager/VPN/nm-vpnc-service.name";
+        target = "NetworkManager/VPN/nm-vpnc-service.name";
+      }
+      { source = "${networkmanager_openconnect}/etc/NetworkManager/VPN/nm-openconnect-service.name";
+        target = "NetworkManager/VPN/nm-openconnect-service.name";
+      }
+    ] ++ pkgs.lib.optional (cfg.overrideNameservers || cfg.appendNameservers)
+           { source = overrideNameserversScript;
+             target = "NetworkManager/dispatcher.d/02overridedns";
+           };
+
+    environment.systemPackages = cfg.packages ++ [
+        networkmanager_openvpn
+        networkmanager_vpnc
+        networkmanager_openconnect
+        ];
+
+    users.extraGroups = singleton {
+      name = "networkmanager";
+      gid = config.ids.gids.networkmanager;
+    };
+
+    systemd.packages = cfg.packages;
+
+    # Create an initialisation service that both starts
+    # NetworkManager when network.target is reached,
+    # and sets up necessary directories for NM.
+    systemd.services."networkmanager-init" = {
+      description = "NetworkManager initialisation";
+      wantedBy = [ "network.target" ];
+      partOf = [ "NetworkManager.service" ];
+      wants = [ "NetworkManager.service" ];
+      before = [ "NetworkManager.service" ];
+      script = ''
+        mkdir -m 700 -p /etc/NetworkManager/system-connections
+        mkdir -m 755 -p ${stateDirs}
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+      };
+    };
+
+    # Turn off NixOS' network management
+    networking = {
+      useDHCP = false;
+      wireless.enable = false;
+    };
+
+    powerManagement.resumeCommands = ''
+      systemctl restart NetworkManager
+    '';
+
+    security.polkit.permissions = polkitConf;
+
+    # openvpn plugin has only dbus interface
+    services.dbus.packages = cfg.packages ++ [
+        networkmanager_openvpn
+        networkmanager_vpnc
+        networkmanager_openconnect
+        ];
+
+    services.udev.packages = cfg.packages;
+  };
+}
diff --git a/nixos/modules/services/networking/ntpd.nix b/nixos/modules/services/networking/ntpd.nix
new file mode 100644
index 000000000000..e5e164021d3a
--- /dev/null
+++ b/nixos/modules/services/networking/ntpd.nix
@@ -0,0 +1,90 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) ntp;
+
+  stateDir = "/var/lib/ntp";
+
+  ntpUser = "ntp";
+
+  configFile = pkgs.writeText "ntp.conf" ''
+    # Keep the drift file in ${stateDir}/ntp.drift.  However, since we
+    # chroot to ${stateDir}, we have to specify it as /ntp.drift.
+    driftfile /ntp.drift
+
+    ${toString (map (server: "server " + server + " iburst\n") config.services.ntp.servers)}
+  '';
+
+  ntpFlags = "-c ${configFile} -u ${ntpUser}:nogroup -i ${stateDir}";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.ntp = {
+
+      enable = mkOption {
+        default = true;
+        description = ''
+          Whether to synchronise your machine's time using the NTP
+          protocol.
+        '';
+      };
+
+      servers = mkOption {
+        default = [
+          "0.pool.ntp.org"
+          "1.pool.ntp.org"
+          "2.pool.ntp.org"
+        ];
+        description = ''
+          The set of NTP servers from which to synchronise.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.ntp.enable {
+
+    # Make tools such as ntpq available in the system path
+    environment.systemPackages = [ pkgs.ntp ];
+
+    users.extraUsers = singleton
+      { name = ntpUser;
+        uid = config.ids.uids.ntp;
+        description = "NTP daemon user";
+        home = stateDir;
+      };
+
+    jobs.ntpd =
+      { description = "NTP Daemon";
+
+        wantedBy = [ "ip-up.target" ];
+        partOf = [ "ip-up.target" ];
+
+        path = [ ntp ];
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${ntpUser} ${stateDir}
+          '';
+
+        exec = "ntpd -g -n ${ntpFlags}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/oidentd.nix b/nixos/modules/services/networking/oidentd.nix
new file mode 100644
index 000000000000..a2a555a8ad1b
--- /dev/null
+++ b/nixos/modules/services/networking/oidentd.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.oidentd.enable = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Whether to enable ‘oidentd’, an implementation of the Ident
+        protocol (RFC 1413).  It allows remote systems to identify the
+        name of the user associated with a TCP connection.
+      '';
+    };
+
+  };
+
+  
+  ###### implementation
+
+  config = mkIf config.services.oidentd.enable {
+
+    jobs.oidentd =
+      { startOn = "started network-interfaces";
+        daemonType = "fork";
+        exec = "${pkgs.oidentd}/sbin/oidentd -u oidentd -g nogroup";
+      };
+
+    users.extraUsers.oidentd = {
+      description = "Ident Protocol daemon user";
+      group = "oidentd";
+      uid = config.ids.uids.oidentd;
+    };
+
+    users.extraGroups.oidentd.gid = config.ids.gids.oidentd;
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/openfire.nix b/nixos/modules/services/networking/openfire.nix
new file mode 100644
index 000000000000..b2efb5e9c123
--- /dev/null
+++ b/nixos/modules/services/networking/openfire.nix
@@ -0,0 +1,72 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) jre openfire coreutils which gnugrep gawk gnused;
+
+  extraStartDependency =
+    if config.services.openfire.usePostgreSQL then "and started postgresql" else "";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.openfire = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable OpenFire XMPP server.
+        ";
+      };
+
+      usePostgreSQL = mkOption {
+        default = true;
+        description = "
+          Whether you use PostgreSQL service for your storage back-end.
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.openfire.enable {
+
+    assertions = singleton
+      { assertion = !(config.services.openfire.usePostgreSQL -> config.services.postgresql.enable);
+        message = "OpenFire assertion failed.";
+      };
+
+    jobs.openfire =
+      { description = "OpenFire XMPP server";
+
+        startOn = "started networking ${extraStartDependency}";
+
+        script =
+          ''
+            export PATH=${jre}/bin:${openfire}/bin:${coreutils}/bin:${which}/bin:${gnugrep}/bin:${gawk}/bin:${gnused}/bin
+            export HOME=/tmp
+            mkdir /var/log/openfire || true
+            mkdir /etc/openfire || true
+            for i in ${openfire}/conf.inst/*; do
+                if ! test -f /etc/openfire/$(basename $i); then
+                    cp $i /etc/openfire/
+                fi
+            done
+            openfire start
+          ''; # */
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/openvpn.nix b/nixos/modules/services/networking/openvpn.nix
new file mode 100644
index 000000000000..292d45f43475
--- /dev/null
+++ b/nixos/modules/services/networking/openvpn.nix
@@ -0,0 +1,172 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.openvpn;
+
+  inherit (pkgs) openvpn;
+
+  makeOpenVPNJob = cfg: name:
+    let
+
+      path = (getAttr "openvpn-${name}" config.systemd.services).path;
+
+      upScript = ''
+        #! /bin/sh
+        export PATH=${path}
+
+        # For convenience in client scripts, extract the remote domain
+        # name and name server.
+        for var in ''${!foreign_option_*}; do
+          x=(''${!var})
+          if [ "''${x[0]}" = dhcp-option ]; then
+            if [ "''${x[1]}" = DOMAIN ]; then domain="''${x[2]}"
+            elif [ "''${x[1]}" = DNS ]; then nameserver="''${x[2]}"
+            fi
+          fi
+        done
+
+        ${cfg.up}
+      '';
+
+      downScript = ''
+        #! /bin/sh
+        export PATH=${path}
+        ${cfg.down}
+      '';
+
+      configFile = pkgs.writeText "openvpn-config-${name}"
+        ''
+          errors-to-stderr
+          ${optionalString (cfg.up != "" || cfg.down != "") "script-security 2"}
+          ${cfg.config}
+          ${optionalString (cfg.up != "") "up ${pkgs.writeScript "openvpn-${name}-up" upScript}"}
+          ${optionalString (cfg.down != "") "down ${pkgs.writeScript "openvpn-${name}-down" downScript}"}
+        '';
+
+    in {
+      description = "OpenVPN instance ‘${name}’";
+
+      wantedBy = optional cfg.autoStart "multi-user.target";
+      after = [ "network-interfaces.target" ];
+
+      path = [ pkgs.iptables pkgs.iproute pkgs.nettools ];
+
+      serviceConfig.ExecStart = "@${openvpn}/sbin/openvpn openvpn --config ${configFile}";
+      serviceConfig.Restart = "always";
+    };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    /* !!! Obsolete. */
+    services.openvpn.enable = mkOption {
+      default = true;
+      description = "Whether to enable OpenVPN.";
+    };
+
+    services.openvpn.servers = mkOption {
+      default = {};
+
+      example = literalExample ''
+        {
+          server = {
+            config = '''
+              # Simplest server configuration: http://openvpn.net/index.php/documentation/miscellaneous/static-key-mini-howto.html.
+              # server :
+              dev tun
+              ifconfig 10.8.0.1 10.8.0.2
+              secret /root/static.key
+            ''';
+            up = "ip route add ...";
+            down = "ip route del ...";
+          };
+
+          client = {
+            config = '''
+              client
+              remote vpn.example.org
+              dev tun
+              proto tcp-client
+              port 8080
+              ca /root/.vpn/ca.crt
+              cert /root/.vpn/alice.crt
+              key /root/.vpn/alice.key
+            ''';
+            up = "echo nameserver $nameserver | ''${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
+            down = "''${pkgs.openresolv}/sbin/resolvconf -d $dev";
+          };
+        }
+      '';
+
+      description = ''
+        Each attribute of this option defines a systemd service that
+        runs an OpenVPN instance.  These can be OpenVPN servers or
+        clients.  The name of each systemd service is
+        <literal>openvpn-<replaceable>name</replaceable>.service</literal>,
+        where <replaceable>name</replaceable> is the corresponding
+        attribute name.
+      '';
+
+      type = types.attrsOf types.optionSet;
+
+      options = {
+
+        config = mkOption {
+          type = types.lines;
+          description = ''
+            Configuration of this OpenVPN instance.  See
+            <citerefentry><refentrytitle>openvpn</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+            for details.
+          '';
+        };
+
+        up = mkOption {
+          default = "";
+          type = types.lines;
+          description = ''
+            Shell commands executed when the instance is starting.
+          '';
+        };
+
+        down = mkOption {
+          default = "";
+          type = types.lines;
+          description = ''
+            Shell commands executed when the instance is shutting down.
+          '';
+        };
+
+        autoStart = mkOption {
+          default = true;
+          type = types.bool;
+          description = "Whether this OpenVPN instance should be started automatically.";
+        };
+
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf (cfg.servers != {}) {
+
+    systemd.services = listToAttrs (mapAttrsFlatten (name: value: nameValuePair "openvpn-${name}" (makeOpenVPNJob value name)) cfg.servers);
+
+    environment.systemPackages = [ openvpn ];
+
+    boot.kernelModules = [ "tun" ];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/prayer.nix b/nixos/modules/services/networking/prayer.nix
new file mode 100644
index 000000000000..fb541bf101ae
--- /dev/null
+++ b/nixos/modules/services/networking/prayer.nix
@@ -0,0 +1,103 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) prayer;
+
+  cfg = config.services.prayer;
+
+  stateDir = "/var/lib/prayer";
+
+  prayerUser = "prayer";
+  prayerGroup = "prayer";
+
+  prayerExtraCfg = pkgs.writeText "extraprayer.cf" ''
+    prefix = "${prayer}"
+    var_prefix = "${stateDir}"
+    prayer_user = "${prayerUser}"
+    prayer_group = "${prayerGroup}"
+    sendmail_path = "/var/setuid-wrappers/sendmail"
+
+    use_http_port ${cfg.port}
+
+    ${cfg.extraConfig}
+  '';
+
+  prayerCfg = pkgs.runCommand "prayer.cf" { } ''
+    # We have to remove the http_port 80, or it will start a server there
+    cat ${prayer}/etc/prayer.cf | grep -v http_port > $out
+    cat ${prayerExtraCfg} >> $out
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.prayer = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the prayer webmail http server.
+        '';
+      };
+
+      port = mkOption {
+        default = "2080";
+        description = ''
+          Port the prayer http server is listening to.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "" ;
+        description = ''
+          Extra configuration. Contents will be added verbatim to the configuration file.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.prayer.enable {
+    environment.systemPackages = [ prayer ];
+
+    users.extraUsers = singleton
+      { name = prayerUser;
+        uid = config.ids.uids.prayer;
+        description = "Prayer daemon user";
+        home = stateDir;
+      };
+
+    users.extraGroups = singleton
+      { name = prayerGroup;
+        gid = config.ids.gids.prayer;
+      };
+
+    jobs.prayer =
+      { name = "prayer";
+
+        startOn = "startup";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${prayerUser}.${prayerGroup} ${stateDir}
+          '';
+
+        daemonType = "daemon";
+
+        exec = "${prayer}/sbin/prayer --config-file=${prayerCfg}";
+      };
+  };
+
+}
diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
new file mode 100644
index 000000000000..89c40c531579
--- /dev/null
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) privoxy;
+
+  stateDir = "/var/spool/privoxy";
+
+  privoxyUser = "privoxy";
+
+  privoxyFlags = "--no-daemon --user ${privoxyUser} ${privoxyCfg}";
+
+  privoxyCfg = pkgs.writeText "privoxy.conf" ''
+    listen-address  ${config.services.privoxy.listenAddress}
+    logdir          ${config.services.privoxy.logDir}
+    confdir         ${privoxy}/etc
+    filterfile      default.filter
+
+    ${config.services.privoxy.extraConfig}
+  '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.privoxy = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the machine as a HTTP proxy server.
+        '';
+      };
+
+      listenAddress = mkOption {
+        default = "127.0.0.1:8118";
+        description = ''
+          Address the proxy server is listening to.
+        '';
+      };
+
+      logDir = mkOption {
+        default = "/var/log/privoxy" ;
+        description = ''
+          Location for privoxy log files.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "" ;
+        description = ''
+          Extra configuration. Contents will be added verbatim to the configuration file.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.privoxy.enable {
+  
+    environment.systemPackages = [ privoxy ];
+
+    users.extraUsers = singleton
+      { name = privoxyUser;
+        uid = config.ids.uids.privoxy;
+        description = "Privoxy daemon user";
+        home = stateDir;
+      };
+
+    jobs.privoxy =
+      { name = "privoxy";
+
+        startOn = "startup";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${privoxyUser} ${stateDir}
+          '';
+
+        exec = "${privoxy}/sbin/privoxy ${privoxyFlags}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/quassel.nix b/nixos/modules/services/networking/quassel.nix
new file mode 100644
index 000000000000..f3a4e457ec84
--- /dev/null
+++ b/nixos/modules/services/networking/quassel.nix
@@ -0,0 +1,96 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  quassel = pkgs.kde4.quasselDaemon;
+  cfg = config.services.quassel;
+  user = if cfg.user != null then cfg.user else "quassel";
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.quassel = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to run the Quassel IRC client daemon.
+        '';
+      };
+
+      interface = mkOption {
+        default = "127.0.0.1";
+        description = ''
+          The interface the Quassel daemon will be listening to.  If `127.0.0.1',
+          only clients on the local host can connect to it; if `0.0.0.0', clients
+          can access it from any network interface.
+        '';
+      };
+
+      portNumber = mkOption {
+        default = 4242;
+        description = ''
+          The port number the Quassel daemon will be listening to.
+        '';
+      };
+
+      dataDir = mkOption {
+        default = ''/home/${user}/.config/quassel-irc.org'';
+        description = ''
+          The directory holding configuration files, the SQlite database and the SSL Cert.
+        '';
+      };
+
+      user = mkOption {
+        default = null;
+        description = ''
+          The existing user the Quassel daemon should run as. If left empty, a default "quassel" user will be created.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = mkIf (cfg.user == null) [
+      { name = "quassel";
+        description = "Quassel IRC client daemon";
+        group = "quassel";
+        uid = config.ids.uids.quassel;
+      }];
+
+    users.extraGroups = mkIf (cfg.user == null) [
+      { name = "quassel";
+        gid = config.ids.gids.quassel;
+      }];
+
+    jobs.quassel =
+      { description = "Quassel IRC client daemon";
+
+        startOn = "ip-up";
+
+        preStart = ''
+            mkdir -p ${cfg.dataDir}
+            chown ${user} ${cfg.dataDir}
+        '';
+
+        exec = ''
+            ${pkgs.su}/bin/su -s ${pkgs.stdenv.shell} ${user} \
+                -c '${quassel}/bin/quasselcore --listen=${cfg.interface}\
+                    --port=${toString cfg.portNumber} --configdir=${cfg.dataDir}'
+        '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/radvd.nix b/nixos/modules/services/networking/radvd.nix
new file mode 100644
index 000000000000..8d586ce6e46b
--- /dev/null
+++ b/nixos/modules/services/networking/radvd.nix
@@ -0,0 +1,77 @@
+# Module for the IPv6 Router Advertisement Daemon.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.radvd;
+
+  confFile = pkgs.writeText "radvd.conf" cfg.config;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.radvd.enable = mkOption {
+      default = false;
+      description =
+        ''
+          Whether to enable the Router Advertisement Daemon
+          (<command>radvd</command>), which provides link-local
+          advertisements of IPv6 router addresses and prefixes using
+          the Neighbor Discovery Protocol (NDP).  This enables
+          stateless address autoconfiguration in IPv6 clients on the
+          network.
+        '';
+    };
+
+    services.radvd.config = mkOption {
+      example =
+        ''
+          interface eth0 {
+            AdvSendAdvert on;
+            prefix 2001:db8:1234:5678::/64 { };
+          };
+        '';
+      description =
+        ''
+          The contents of the radvd configuration file.
+        '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.radvd ];
+
+    jobs.radvd =
+      { description = "IPv6 Router Advertisement Daemon";
+
+        startOn = "started network-interfaces";
+
+        preStart =
+          ''
+            # !!! Radvd only works if IPv6 forwarding is enabled.  But
+            # this should probably be done somewhere else (and not
+            # necessarily for all interfaces).
+            echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
+          '';
+
+        exec = "${pkgs.radvd}/sbin/radvd -m syslog -s -C ${confFile}";
+
+        daemonType = "fork";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/rdnssd.nix b/nixos/modules/services/networking/rdnssd.nix
new file mode 100644
index 000000000000..f797206ad5c7
--- /dev/null
+++ b/nixos/modules/services/networking/rdnssd.nix
@@ -0,0 +1,48 @@
+# Module for rdnssd, a daemon that configures DNS servers in
+# /etc/resolv/conf from IPv6 RDNSS advertisements.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.rdnssd.enable = mkOption {
+      default = false;
+      #default = config.networking.enableIPv6;
+      description =
+        ''
+          Whether to enable the RDNSS daemon
+          (<command>rdnssd</command>), which configures DNS servers in
+          <filename>/etc/resolv.conf</filename> from RDNSS
+          advertisements sent by IPv6 routers.
+        '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.rdnssd.enable {
+
+    jobs.rdnssd =
+      { description = "RDNSS daemon";
+
+        # Start before the network interfaces are brought up so that
+        # the daemon receives RDNSS advertisements from the kernel.
+        startOn = "starting network-interfaces";
+
+        # !!! Should write to /var/run/rdnssd/resolv.conf and run the daemon under another uid.
+        exec = "${pkgs.ndisc6}/sbin/rdnssd --resolv-file /etc/resolv.conf -u root";
+
+        daemonType = "fork";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/rpcbind.nix b/nixos/modules/services/networking/rpcbind.nix
new file mode 100644
index 000000000000..c966f85e260d
--- /dev/null
+++ b/nixos/modules/services/networking/rpcbind.nix
@@ -0,0 +1,82 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  netconfigFile = {
+    target = "netconfig";
+    source = pkgs.writeText "netconfig" ''
+      #
+      # The network configuration file. This file is currently only used in
+      # conjunction with the TI-RPC code in the libtirpc library.
+      #
+      # Entries consist of:
+      #
+      #       <network_id> <semantics> <flags> <protofamily> <protoname> \
+      #               <device> <nametoaddr_libs>
+      #
+      # The <device> and <nametoaddr_libs> fields are always empty in this
+      # implementation.
+      #
+      udp        tpi_clts      v     inet     udp     -       -
+      tcp        tpi_cots_ord  v     inet     tcp     -       -
+      udp6       tpi_clts      v     inet6    udp     -       -
+      tcp6       tpi_cots_ord  v     inet6    tcp     -       -
+      rawip      tpi_raw       -     inet      -      -       -
+      local      tpi_cots_ord  -     loopback  -      -       -
+      unix       tpi_cots_ord  -     loopback  -      -       -
+    '';
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.rpcbind = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable `rpcbind', an ONC RPC directory service
+          notably used by NFS and NIS, and which can be queried
+          using the rpcinfo(1) command. `rpcbind` is a replacement for
+          `portmap`.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.rpcbind.enable {
+
+    environment.systemPackages = [ pkgs.rpcbind ];
+
+    environment.etc = [ netconfigFile ];
+
+    systemd.services.rpcbind =
+      { description = "ONC RPC Directory Service";
+
+        wantedBy = [ "multi-user.target" ];
+
+        requires = [ "basic.target" ];
+        after = [ "basic.target" ];
+
+        unitConfig.DefaultDependencies = false; # don't stop during shutdown
+
+        serviceConfig.Type = "forking";
+        serviceConfig.ExecStart = "@${pkgs.rpcbind}/bin/rpcbind rpcbind";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/sabnzbd.nix b/nixos/modules/services/networking/sabnzbd.nix
new file mode 100644
index 000000000000..8816ac0d2f83
--- /dev/null
+++ b/nixos/modules/services/networking/sabnzbd.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.sabnzbd;
+  inherit (pkgs) sabnzbd;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+    services.sabnzbd = {
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the sabnzbd FTP server.";
+      };
+      configFile = mkOption {
+        default = "/var/sabnzbd/sabnzbd.ini";
+        description = "Path to config file. (You need to create this file yourself!)";
+      };
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers =
+      [ { name = "sabnzbd";
+          uid = config.ids.uids.sabnzbd;
+          description = "sabnzbd user";
+          home = "/homeless-shelter";
+        }
+      ];
+
+    jobs.sabnzbd =
+      { description = "sabnzbd server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        exec = "${sabnzbd}/bin/sabnzbd -d -f ${cfg.configFile}";
+      };
+
+  };
+}
diff --git a/nixos/modules/services/networking/ssh/lshd.nix b/nixos/modules/services/networking/ssh/lshd.nix
new file mode 100644
index 000000000000..04ef76f1e4d4
--- /dev/null
+++ b/nixos/modules/services/networking/ssh/lshd.nix
@@ -0,0 +1,177 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) lsh;
+
+  cfg = config.services.lshd;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.lshd = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the GNU lshd SSH2 daemon, which allows
+          secure remote login.
+        '';
+      };
+
+      portNumber = mkOption {
+        default = 22;
+        description = ''
+          The port on which to listen for connections.
+        '';
+      };
+
+      interfaces = mkOption {
+        default = [];
+        description = ''
+          List of network interfaces where listening for connections.
+          When providing the empty list, `[]', lshd listens on all
+          network interfaces.
+        '';
+        example = [ "localhost" "1.2.3.4:443" ];
+      };
+
+      hostKey = mkOption {
+        default = "/etc/lsh/host-key";
+        description = ''
+          Path to the server's private key.  Note that this key must
+          have been created, e.g., using "lsh-keygen --server |
+          lsh-writekey --server", so that you can run lshd.
+        '';
+      };
+
+      syslog = mkOption {
+        default = true;
+        description = ''Whether to enable syslog output.'';
+      };
+
+      passwordAuthentication = mkOption {
+        default = true;
+        description = ''Whether to enable password authentication.'';
+      };
+
+      publicKeyAuthentication = mkOption {
+        default = true;
+        description = ''Whether to enable public key authentication.'';
+      };
+
+      rootLogin = mkOption {
+        default = false;
+        description = ''Whether to enable remote root login.'';
+      };
+
+      loginShell = mkOption {
+        default = null;
+        description = ''
+          If non-null, override the default login shell with the
+          specified value.
+        '';
+        example = "/nix/store/xyz-bash-10.0/bin/bash10";
+      };
+
+      srpKeyExchange = mkOption {
+        default = false;
+        description = ''
+          Whether to enable SRP key exchange and user authentication.
+        '';
+      };
+
+      tcpForwarding = mkOption {
+        default = true;
+        description = ''Whether to enable TCP/IP forwarding.'';
+      };
+
+      x11Forwarding = mkOption {
+        default = true;
+        description = ''Whether to enable X11 forwarding.'';
+      };
+
+      subsystems = mkOption {
+        default = [ ["sftp" "${pkgs.lsh}/sbin/sftp-server"] ];
+        description = ''
+          List of subsystem-path pairs, where the head of the pair
+          denotes the subsystem name, and the tail denotes the path to
+          an executable implementing it.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    jobs.lshd =
+      { description = "GNU lshd SSH2 daemon";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        environment =
+          { LD_LIBRARY_PATH = config.system.nssModules.path; };
+
+        preStart =
+          ''
+            test -d /etc/lsh || mkdir -m 0755 -p /etc/lsh
+            test -d /var/spool/lsh || mkdir -m 0755 -p /var/spool/lsh
+
+            if ! test -f /var/spool/lsh/yarrow-seed-file
+            then
+                # XXX: It would be nice to provide feedback to the
+                # user when this fails, so that they can retry it
+                # manually.
+                ${lsh}/bin/lsh-make-seed --sloppy \
+                   -o /var/spool/lsh/yarrow-seed-file
+            fi
+
+            if ! test -f "${cfg.hostKey}"
+            then
+                ${lsh}/bin/lsh-keygen --server | \
+                ${lsh}/bin/lsh-writekey --server -o "${cfg.hostKey}"
+            fi
+          '';
+
+        exec = with cfg;
+          ''
+            ${lsh}/sbin/lshd --daemonic \
+              --password-helper="${lsh}/sbin/lsh-pam-checkpw" \
+              -p ${toString portNumber} \
+              ${if interfaces == [] then ""
+                else (concatStrings (map (i: "--interface=\"${i}\"")
+                                         interfaces))} \
+              -h "${hostKey}" \
+              ${if !syslog then "--no-syslog" else ""} \
+              ${if passwordAuthentication then "--password" else "--no-password" } \
+              ${if publicKeyAuthentication then "--publickey" else "--no-publickey" } \
+              ${if rootLogin then "--root-login" else "--no-root-login" } \
+              ${if loginShell != null then "--login-shell=\"${loginShell}\"" else "" } \
+              ${if srpKeyExchange then "--srp-keyexchange" else "--no-srp-keyexchange" } \
+              ${if !tcpForwarding then "--no-tcpip-forward" else "--tcpip-forward"} \
+              ${if x11Forwarding then "--x11-forward" else "--no-x11-forward" } \
+              --subsystems=${concatStringsSep ","
+                                              (map (pair: (head pair) + "=" +
+                                                          (head (tail pair)))
+                                                   subsystems)}
+          '';
+      };
+
+    security.pam.services.lshd = {};
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
new file mode 100644
index 000000000000..7a2335847e3a
--- /dev/null
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -0,0 +1,342 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg  = config.services.openssh;
+  cfgc = config.programs.ssh;
+
+  nssModulesPath = config.system.nssModules.path;
+
+  permitRootLoginCheck = v:
+    v == "yes" ||
+    v == "without-password" ||
+    v == "forced-commands-only" ||
+    v == "no";
+
+  knownHosts = map (h: getAttr h cfg.knownHosts) (attrNames cfg.knownHosts);
+
+  knownHostsFile = pkgs.writeText "ssh_known_hosts" (
+    flip concatMapStrings knownHosts (h:
+      "${concatStringsSep "," h.hostNames} ${builtins.readFile h.publicKeyFile}"
+    )
+  );
+
+  userOptions = {
+
+    openssh.authorizedKeys = {
+      keys = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = ''
+          A list of verbatim OpenSSH public keys that should be added to the
+          user's authorized keys. The keys are added to a file that the SSH
+          daemon reads in addition to the the user's authorized_keys file.
+          You can combine the <literal>keys</literal> and
+          <literal>keyFiles</literal> options.
+        '';
+      };
+
+      keyFiles = mkOption {
+        type = types.listOf types.unspecified;
+        default = [];
+        description = ''
+          A list of files each containing one OpenSSH public key that should be
+          added to the user's authorized keys. The contents of the files are
+          read at build time and added to a file that the SSH daemon reads in
+          addition to the the user's authorized_keys file. You can combine the
+          <literal>keyFiles</literal> and <literal>keys</literal> options.
+        '';
+      };
+    };
+
+  };
+
+  authKeysFiles = let
+    mkAuthKeyFile = u: {
+      target = "ssh/authorized_keys.d/${u.name}";
+      mode = "0444";
+      source = pkgs.writeText "${u.name}-authorized_keys" ''
+        ${concatStringsSep "\n" u.openssh.authorizedKeys.keys}
+        ${concatMapStrings (f: builtins.readFile f + "\n") u.openssh.authorizedKeys.keyFiles}
+      '';
+    };
+    usersWithKeys = attrValues (flip filterAttrs config.users.extraUsers (n: u:
+      length u.openssh.authorizedKeys.keys != 0 || length u.openssh.authorizedKeys.keyFiles != 0
+    ));
+  in map mkAuthKeyFile usersWithKeys;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.openssh = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable the OpenSSH secure shell daemon, which
+          allows secure remote logins.
+        '';
+      };
+
+      forwardX11 = mkOption {
+        type = types.bool;
+        default = cfgc.setXAuthLocation;
+        description = ''
+          Whether to allow X11 connections to be forwarded.
+        '';
+      };
+
+      allowSFTP = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to enable the SFTP subsystem in the SSH daemon.  This
+          enables the use of commands such as <command>sftp</command> and
+          <command>sshfs</command>.
+        '';
+      };
+
+      permitRootLogin = mkOption {
+        default = "without-password";
+        type = types.addCheck types.str permitRootLoginCheck;
+        description = ''
+          Whether the root user can login using ssh. Valid values are
+          <literal>yes</literal>, <literal>without-password</literal>,
+          <literal>forced-commands-only</literal> or
+          <literal>no</literal>.
+        '';
+      };
+
+      gatewayPorts = mkOption {
+        type = types.str;
+        default = "no";
+        description = ''
+          Specifies whether remote hosts are allowed to connect to
+          ports forwarded for the client.  See
+          <citerefentry><refentrytitle>sshd_config</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>.
+        '';
+      };
+
+      ports = mkOption {
+        type = types.listOf types.int;
+        default = [22];
+        description = ''
+          Specifies on which ports the SSH daemon listens.
+        '';
+      };
+
+      passwordAuthentication = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Specifies whether password authentication is allowed.
+        '';
+      };
+
+      challengeResponseAuthentication = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Specifies whether challenge/response authentication is allowed.
+        '';
+      };
+
+      hostKeys = mkOption {
+        type = types.listOf types.attrs;
+        default =
+          [ { path = "/etc/ssh/ssh_host_dsa_key";
+              type = "dsa";
+              bits = 1024;
+            }
+            { path = "/etc/ssh/ssh_host_ecdsa_key";
+              type = "ecdsa";
+              bits = 521;
+            }
+          ];
+        description = ''
+          NixOS can automatically generate SSH host keys.  This option
+          specifies the path, type and size of each key.  See
+          <citerefentry><refentrytitle>ssh-keygen</refentrytitle>
+          <manvolnum>1</manvolnum></citerefentry> for supported types
+          and sizes.
+        '';
+      };
+
+      authorizedKeysFiles = mkOption {
+        type = types.listOf types.unspecified;
+        default = [];
+        description = "Files from with authorized keys are read.";
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = "Verbatim contents of <filename>sshd_config</filename>.";
+      };
+
+      knownHosts = mkOption {
+        default = {};
+        type = types.loaOf types.optionSet;
+        description = ''
+          The set of system-wide known SSH hosts.
+        '';
+        example = [
+          {
+            hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
+            publicKeyFile = literalExample "./pubkeys/myhost_ssh_host_dsa_key.pub";
+          }
+          {
+            hostNames = [ "myhost2" ];
+            publicKeyFile = literalExample "./pubkeys/myhost2_ssh_host_dsa_key.pub";
+          }
+        ];
+        options = {
+          hostNames = mkOption {
+            type = types.listOf types.string;
+            default = [];
+            description = ''
+              A list of host names and/or IP numbers used for accessing
+              the host's ssh service.
+            '';
+          };
+          publicKeyFile = mkOption {
+            description = ''
+              The path to the public key file for the host. The public
+              key file is read at build time and saved in the Nix store.
+              You can fetch a public key file from a running SSH server
+              with the <command>ssh-keyscan</command> command.
+            '';
+          };
+        };
+      };
+
+    };
+
+    users.extraUsers = mkOption {
+      options = [ userOptions ];
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton
+      { name = "sshd";
+        uid = config.ids.uids.sshd;
+        description = "SSH privilege separation user";
+        home = "/var/empty";
+      };
+
+    environment.etc = authKeysFiles ++ [
+      { source = "${pkgs.openssh}/etc/ssh/moduli";
+        target = "ssh/moduli";
+      }
+      { source = knownHostsFile;
+        target = "ssh/ssh_known_hosts";
+      }
+    ];
+
+    systemd.services.sshd =
+      { description = "SSH Daemon";
+
+        wantedBy = [ "multi-user.target" ];
+
+        stopIfChanged = false;
+
+        path = [ pkgs.openssh pkgs.gawk ];
+
+        environment.LD_LIBRARY_PATH = nssModulesPath;
+        environment.LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p /etc/ssh
+
+            ${flip concatMapStrings cfg.hostKeys (k: ''
+              if ! [ -f "${k.path}" ]; then
+                  ssh-keygen -t "${k.type}" -b "${toString k.bits}" -f "${k.path}" -N ""
+              fi
+            '')}
+          '';
+
+        serviceConfig =
+          { ExecStart =
+              "${pkgs.openssh}/sbin/sshd " +
+              "-f ${pkgs.writeText "sshd_config" cfg.extraConfig}";
+            Restart = "always";
+            Type = "forking";
+            KillMode = "process";
+            PIDFile = "/run/sshd.pid";
+          };
+      };
+
+    networking.firewall.allowedTCPPorts = cfg.ports;
+
+    security.pam.services.sshd =
+      { startSession = true;
+        showMotd = true;
+        unixAuth = cfg.passwordAuthentication;
+      };
+
+    services.openssh.authorizedKeysFiles =
+      [ ".ssh/authorized_keys" ".ssh/authorized_keys2" "/etc/ssh/authorized_keys.d/%u" ];
+
+    services.openssh.extraConfig =
+      ''
+        PidFile /run/sshd.pid
+
+        Protocol 2
+
+        UsePAM yes
+
+        AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+        ${concatMapStrings (port: ''
+          Port ${toString port}
+        '') cfg.ports}
+
+        ${optionalString cfgc.setXAuthLocation ''
+            XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+        ''}
+
+        ${if cfg.forwardX11 then ''
+          X11Forwarding yes
+        '' else ''
+          X11Forwarding no
+        ''}
+
+        ${optionalString cfg.allowSFTP ''
+          Subsystem sftp ${pkgs.openssh}/libexec/sftp-server
+        ''}
+
+        PermitRootLogin ${cfg.permitRootLogin}
+        GatewayPorts ${cfg.gatewayPorts}
+        PasswordAuthentication ${if cfg.passwordAuthentication then "yes" else "no"}
+        ChallengeResponseAuthentication ${if cfg.challengeResponseAuthentication then "yes" else "no"}
+
+        PrintMotd no # handled by pam_motd
+
+        AuthorizedKeysFile ${toString cfg.authorizedKeysFiles}
+
+        ${flip concatMapStrings cfg.hostKeys (k: ''
+          HostKey ${k.path}
+        '')}
+      '';
+
+    assertions = [{ assertion = if cfg.forwardX11 then cfgc.setXAuthLocation else true;
+                    message = "cannot enable X11 forwarding without setting xauth location";}];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/supybot.nix b/nixos/modules/services/networking/supybot.nix
new file mode 100644
index 000000000000..fa8b7556de5d
--- /dev/null
+++ b/nixos/modules/services/networking/supybot.nix
@@ -0,0 +1,88 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg  = config.services.supybot;
+
+in
+
+{
+
+  options = {
+
+    services.supybot = {
+
+      enable = mkOption {
+        default = false;
+        description = "Enable Supybot, an IRC bot";
+      };
+
+      stateDir = mkOption {
+        # Setting this to /var/lib/supybot caused useradd to fail
+        default = "/home/supybot";
+        description = "The root directory, logs and plugins are stored here";
+      };
+
+      configFile = mkOption {
+        type = types.path;
+        description = ''
+          Path to a supybot config file. This can be generated by
+          running supybot-wizard.
+
+          Note: all paths should include the full path to the stateDir
+          directory (backup conf data logs logs/plugins plugins tmp web).
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.pythonPackages.limnoria ];
+
+    users.extraUsers = singleton {
+      name = "supybot";
+      uid = config.ids.uids.supybot;
+      group = "supybot";
+      description = "Supybot IRC bot user";
+      home = cfg.stateDir;
+      createHome = true;
+    };
+
+    users.extraGroups.supybot = {
+      name = "supybot";
+      gid = config.ids.gids.supybot;
+    };
+
+    systemd.services.supybot = {
+      description = "Supybot, an IRC bot";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.pythonPackages.limnoria ];
+      preStart = ''
+        cd ${cfg.stateDir}
+        mkdir -p backup conf data plugins logs/plugins tmp web
+        ln -sf ${cfg.configFile} supybot.cfg
+        # This needs to be created afresh every time
+        rm -f supybot.cfg.bak
+      '';
+
+      serviceConfig = {
+        ExecStart = "${pkgs.pythonPackages.limnoria}/bin/supybot ${cfg.stateDir}/supybot.cfg";
+        PIDFile = "/run/supybot.pid";
+        User = "supybot";
+        Group = "supybot";
+        UMask = "0007";
+        Restart = "on-abort";
+        StartLimitInterval = "5m";
+        StartLimitBurst = "1";
+      };
+    };
+
+  };
+}
diff --git a/nixos/modules/services/networking/tcpcrypt.nix b/nixos/modules/services/networking/tcpcrypt.nix
new file mode 100644
index 000000000000..48cb884f2466
--- /dev/null
+++ b/nixos/modules/services/networking/tcpcrypt.nix
@@ -0,0 +1,78 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking.tcpcrypt;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.tcpcrypt.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to enable opportunistic TCP encryption. If the other end
+        speaks Tcpcrypt, then your traffic will be encrypted; otherwise
+        it will be sent in clear text. Thus, Tcpcrypt alone provides no
+        guarantees -- it is best effort. If, however, a Tcpcrypt
+        connection is successful and any attackers that exist are
+        passive, then Tcpcrypt guarantees privacy.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    users.extraUsers = singleton {
+      name = "tcpcryptd";
+      uid = config.ids.uids.tcpcryptd;
+      description = "tcpcrypt daemon user";
+    };
+
+    jobs.tcpcrypt = {
+      description = "tcpcrypt";
+
+      wantedBy = ["multi-user.target"];
+      after = ["network-interfaces.target"];
+
+      path = [ pkgs.iptables pkgs.tcpcrypt pkgs.procps ];
+
+      preStart = ''
+        sysctl -n net.ipv4.tcp_ecn >/run/pre-tcpcrypt-ecn-state
+        sysctl -w net.ipv4.tcp_ecn=0
+
+        iptables -t raw -N nixos-tcpcrypt
+        iptables -t raw -A nixos-tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
+        iptables -t raw -I PREROUTING -j nixos-tcpcrypt
+
+        iptables -t mangle -N nixos-tcpcrypt
+        iptables -t mangle -A nixos-tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
+        iptables -t mangle -I POSTROUTING -j nixos-tcpcrypt
+      '';
+
+      exec = "tcpcryptd -x 0x10";
+
+      postStop = ''
+        if [ -f /run/pre-tcpcrypt-ecn-state ]; then
+          sysctl -w net.ipv4.tcp_ecn=$(cat /run/pre-tcpcrypt-ecn-state)
+        fi
+
+        iptables -t mangle -D POSTROUTING -j nixos-tcpcrypt || true
+        iptables -t raw -D PREROUTING -j nixos-tcpcrypt || true
+
+        iptables -t raw -F nixos-tcpcrypt || true
+        iptables -t raw -X nixos-tcpcrypt || true
+
+        iptables -t mangle -F nixos-tcpcrypt || true
+        iptables -t mangle -X nixos-tcpcrypt || true
+      '';
+    };
+  };
+
+}
diff --git a/nixos/modules/services/networking/tftpd.nix b/nixos/modules/services/networking/tftpd.nix
new file mode 100644
index 000000000000..37935496c597
--- /dev/null
+++ b/nixos/modules/services/networking/tftpd.nix
@@ -0,0 +1,43 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.tftpd.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to enable the anonymous FTP user.
+      '';
+    };
+
+    services.tftpd.path = mkOption {
+      default = "/home/tftp";
+      description = ''
+        Where the tftp server files are stored
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.tftpd.enable {
+
+    services.xinetd.enable = true;
+
+    services.xinetd.services = singleton
+      { name = "tftp";
+        protocol = "udp";
+        server = "${pkgs.netkittftp}/sbin/in.tftpd";
+        serverArgs = "${config.services.tftpd.path}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/unbound.nix b/nixos/modules/services/networking/unbound.nix
new file mode 100644
index 000000000000..fb75b4ed069a
--- /dev/null
+++ b/nixos/modules/services/networking/unbound.nix
@@ -0,0 +1,118 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.unbound;
+
+  username = "unbound";
+
+  stateDir = "/var/lib/unbound";
+
+  access = concatMapStrings (x: "  access-control: ${x} allow\n") cfg.allowedAccess;
+
+  interfaces = concatMapStrings (x: "  interface: ${x}\n") cfg.interfaces;
+
+  forward = optionalString (length cfg.forwardAddresses != 0)
+    "forward-zone:\n  name: .\n" +
+    concatMapStrings (x: "  forward-addr: ${x}\n") cfg.forwardAddresses;
+
+  confFile = pkgs.writeText "unbound.conf"
+    ''
+      server:
+        directory: "${stateDir}"
+        username: ${username}
+        # make sure unbound can access entropy from inside the chroot.
+        # e.g. on linux the use these commands (on BSD, devfs(8) is used):
+        #      mount --bind -n /dev/random /etc/unbound/dev/random
+        # and  mount --bind -n /dev/log /etc/unbound/dev/log
+        chroot: "${stateDir}"
+        # logfile: "${stateDir}/unbound.log"  #uncomment to use logfile.
+        pidfile: "${stateDir}/unbound.pid"
+        verbosity: 1      # uncomment and increase to get more logging.
+        # listen on all interfaces, answer queries from the local subnet.
+      ${interfaces}
+      ${access}
+      ${forward}
+      ${cfg.extraConfig}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.unbound = {
+
+      enable = mkOption {
+        default = false;
+        description = "
+          Whether to enable the Unbound domain name server.
+        ";
+      };
+
+      allowedAccess = mkOption {
+        default = ["127.0.0.0/24"];
+        description = "
+          What networks are allowed to use us as a resolver.
+        ";
+      };
+
+      interfaces = mkOption {
+        default = [ "127.0.0.0" "::1" ];
+        description = "
+          What addresses the server should listen to.
+        ";
+      };
+
+      forwardAddresses = mkOption {
+        default = [ ];
+        description = "
+          What servers to forward the queries to.
+        ";
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        description = "
+          Extra unbound config
+        ";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.unbound.enable {
+    environment.systemPackages = [ pkgs.unbound ];
+
+    users.extraUsers = singleton
+      { name = username;
+        uid = config.ids.uids.unbound;
+        description = "unbound daemon user";
+        home = "/tmp";
+      };
+
+    jobs.unbound =
+      { description = "Unbound name server job";
+
+        preStart =
+          ''
+            ${pkgs.coreutils}/bin/mkdir -p ${stateDir}
+          '';
+
+        daemonType = "fork";
+
+        exec = "${pkgs.unbound}/sbin/unbound -c ${confFile}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix
new file mode 100644
index 000000000000..0a6355e6ff17
--- /dev/null
+++ b/nixos/modules/services/networking/vsftpd.nix
@@ -0,0 +1,207 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  /* minimal secure setup:
+
+   enable = true;
+   forceLocalLoginsSSL = true;
+   forceLocalDataSSL = true;
+   userlistDeny = false;
+   localUsers = true;
+   userlist = ["non-root-user" "other-non-root-user"];
+   rsaCertFile = "/var/vsftpd/vsftpd.pem";
+
+  */
+
+  cfg = config.services.vsftpd;
+
+  inherit (pkgs) vsftpd;
+
+  yesNoOption = nixosName: vsftpdName: default: description: {
+    cfgText = "${vsftpdName}=${if getAttr nixosName cfg then "YES" else "NO"}";
+
+    nixosOption = {
+      name = nixosName;
+      value = mkOption {
+        inherit description default;
+        type = types.bool;
+      };
+    };
+  };
+
+  optionDescription = [
+
+    (yesNoOption "anonymousUser" "anonymous_enable" false ''
+     Whether to enable the anonymous FTP user.
+    '')
+    (yesNoOption "localUsers" "local_enable" false ''
+     Whether to enable FTP for local users.
+    '')
+    (yesNoOption "writeEnable" "write_enable" false ''
+    Whether any write activity is permitted to users.
+    '')
+    (yesNoOption "anonymousUploadEnable" "anon_upload_enable" false ''
+    Whether any uploads are permitted to anonymous users.
+    '')
+    (yesNoOption "anonymousMkdirEnable" "anon_mkdir_write_enable" false ''
+    Whether any uploads are permitted to anonymous users.
+    '')
+    (yesNoOption "chrootlocalUser" "chroot_local_user" false ''
+    Whether local users are confined to their home directory.
+    '')
+    (yesNoOption "userlistEnable" "userlist_enable" false ''
+    Whether users are included.
+    '')
+    (yesNoOption "userlistDeny" "userlist_deny" false ''
+      Specifies whether <option>userlistFile</option> is a list of user
+      names to allow or deny access.
+      The default <literal>false</literal> means whitelist/allow.
+    '')
+    (yesNoOption "forceLocalLoginsSSL" "force_local_logins_ssl" false ''
+    Only applies if <option>sslEnable</option> is true. Non anonymous (local) users
+    must use a secure SSL connection to send a password.
+    '')
+    (yesNoOption "forceLocalDataSSL" "force_local_data_ssl" false ''
+    Only applies if <option>sslEnable</option> is true. Non anonymous (local) users
+    must use a secure SSL connection for sending/receiving data on data connection.
+    '')
+    (yesNoOption "ssl_tlsv1" "ssl_tlsv1" true  '' '')
+    (yesNoOption "ssl_sslv2" "ssl_sslv2" false '' '')
+    (yesNoOption "ssl_sslv3" "ssl_sslv3" false '' '')
+
+    {
+      cfgText = if cfg.rsaCertFile == null then ""
+        else ''
+        ssl_enable=YES
+        rsa_cert_file=${cfg.rsaCertFile}
+      '';
+
+      nixosOption = {
+        name = "rsaCertFile";
+        value = mkOption {
+          default = null;
+          description = ''
+            rsa certificate file.
+          '';
+        };
+      };
+    }
+    ];
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.vsftpd = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the vsftpd FTP server.";
+      };
+
+      userlist = mkOption {
+        default = [];
+
+        description = ''
+          See <option>userlistFile</option>.
+        '';
+      };
+
+      userlistFile = mkOption {
+        default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist);
+        description = ''
+          Newline separated list of names to be allowed/denied if <option>userlistEnable</option>
+          is <literal>true</literal>. Meaning see <option>userlistDeny</option>.
+
+          The default is a file containing the users from <option>userlist</option>.
+
+          If explicitely set to null userlist_file will not be set in vsftpd's config file.
+        '';
+      };
+
+      anonymousUserHome = mkOption {
+        default = "/home/ftp/";
+	description = ''
+	  Directory to consider the HOME of the anonymous user.
+	'';
+      };
+
+    } // (listToAttrs (catAttrs "nixosOption" optionDescription)) ;
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions = [
+      {
+        assertion =
+              (cfg.forceLocalLoginsSSL -> cfg.rsaCertFile != null)
+          &&  (cfg.forceLocalDataSSL -> cfg.rsaCertFile != null);
+        message = "vsftpd: If forceLocalLoginsSSL or forceLocalDataSSL is true then a rsaCertFile must be provided!";
+      }
+    ];
+
+    users.extraUsers =
+      [ { name = "vsftpd";
+          uid = config.ids.uids.vsftpd;
+          description = "VSFTPD user";
+          home = "/homeless-shelter";
+        }
+      ] ++ pkgs.lib.optional cfg.anonymousUser
+        { name = "ftp";
+          uid = config.ids.uids.ftp;
+          group = "ftp";
+          description = "Anonymous FTP user";
+          home = cfg.anonymousUserHome;
+        };
+
+    users.extraGroups = singleton
+      { name = "ftp";
+        gid = config.ids.gids.ftp;
+      };
+
+    # If you really have to access root via FTP use mkOverride or userlistDeny
+    # = false and whitelist root
+    services.vsftpd.userlist = if cfg.userlistDeny then ["root"] else [];
+
+    environment.etc."vsftpd.conf".text =
+      concatMapStrings (x: "${x.cfgText}\n") optionDescription
+      + ''
+      ${if cfg.userlistFile == null then ""
+        else "userlist_file=${cfg.userlistFile}"}
+      background=NO
+      listen=YES
+      nopriv_user=vsftpd
+      secure_chroot_dir=/var/empty
+    '';
+
+    jobs.vsftpd =
+      { description = "vsftpd server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        preStart =
+          ''
+            ${if cfg.anonymousUser then ''
+              mkdir -p -m 555 ${cfg.anonymousUserHome}
+              chown -R ftp:ftp ${cfg.anonymousUserHome}
+            '' else ""}
+          '';
+
+        exec = "${vsftpd}/sbin/vsftpd /etc/vsftpd.conf";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/wakeonlan.nix b/nixos/modules/services/networking/wakeonlan.nix
new file mode 100644
index 000000000000..1fc54986b16f
--- /dev/null
+++ b/nixos/modules/services/networking/wakeonlan.nix
@@ -0,0 +1,56 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  interfaces = config.services.wakeonlan.interfaces;
+
+  ethtool = "${pkgs.ethtool}/sbin/ethtool";
+
+  passwordParameter = password : if (password == "") then "" else
+    "sopass ${password}";
+
+  methodParameter = {method, password} :
+    if method == "magicpacket" then "wol g"
+    else if method == "password" then "wol s so ${passwordParameter password}"
+    else throw "Wake-On-Lan method not supported";
+
+  line = { interface, method ? "magicpacket", password ? "" }: ''
+    ${ethtool} -s ${interface} ${methodParameter {inherit method password;}}
+  '';
+
+  concatStrings = fold (x: y: x + y) "";
+  lines = concatStrings (map (l: line l) interfaces);
+
+in
+{
+
+  ###### interface
+
+  options = {
+
+    services.wakeonlan.interfaces = mkOption {
+      default = [ ];
+      example = [
+        {
+          interface = "eth0";
+          method = "password";
+          password = "00:11:22:33:44:55";
+        }
+      ];
+      description = ''
+        Interfaces where to enable Wake-On-LAN, and how. Two methods available:
+        "magickey" and "password". The password has the shape of six bytes
+        in hexadecimal separated by a colon each. For more information,
+        check the ethtool manual.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config.powerManagement.powerDownCommands = lines;
+
+}
diff --git a/nixos/modules/services/networking/websockify.nix b/nixos/modules/services/networking/websockify.nix
new file mode 100644
index 000000000000..12042bbad6c9
--- /dev/null
+++ b/nixos/modules/services/networking/websockify.nix
@@ -0,0 +1,54 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.networking.websockify; in {
+  options = {
+    services.networking.websockify = {
+      enable = mkOption {  
+        description = "Whether to enable websockify to forward websocket connections to TCP connections.";
+
+        default = false;   
+
+        type = types.bool; 
+      };
+
+      sslCert = mkOption {
+        description = "Path to the SSL certificate.";
+        type = types.path;
+      };
+
+      sslKey = mkOption {
+        description = "Path to the SSL key.";
+        default = cfg.sslCert;
+        defaultText = "config.services.networking.websockify.sslCert";
+        type = types.path;
+      };
+
+      portMap = mkOption {
+        description = "Ports to map by default.";
+        default = {};
+        type = types.attrsOf types.int;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services."websockify@" = {
+      description = "Service to forward websocket connections to TCP connections (from port:to port %I)";
+      script = ''
+        IFS=':' read -a array <<< "$1"
+        ${pkgs.pythonPackages.websockify}/bin/websockify --ssl-only \
+          --cert=${cfg.sslCert} --key=${cfg.sslKey} 0.0.0.0:''${array[0]} 0.0.0.0:''${array[1]}
+      '';
+      scriptArgs = "%i";
+    };
+
+    systemd.targets."default-websockify" = {
+      description = "Target to start all default websockify@ services";
+      unitConfig."X-StopOnReconfiguration" = true;
+      wants = mapAttrsToList (name: value: "websockify@${name}:${toString value}.service") cfg.portMap;
+      wantedBy = [ "multi-user.target" ];
+    };
+  };
+}
diff --git a/nixos/modules/services/networking/wicd.nix b/nixos/modules/services/networking/wicd.nix
new file mode 100644
index 000000000000..8e0122732164
--- /dev/null
+++ b/nixos/modules/services/networking/wicd.nix
@@ -0,0 +1,41 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.wicd.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to start <command>wicd</command>. Wired and
+        wireless network configurations can then be managed by
+        wicd-client.
+      '';
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.networking.wicd.enable {
+
+    environment.systemPackages = [pkgs.wicd];
+
+    jobs.wicd =
+      { startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        script =
+          "${pkgs.wicd}/sbin/wicd -f";
+      };
+
+    services.dbus.enable = true;
+    services.dbus.packages = [pkgs.wicd];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/wpa_supplicant.nix b/nixos/modules/services/networking/wpa_supplicant.nix
new file mode 100644
index 000000000000..5e5f81ed5a0b
--- /dev/null
+++ b/nixos/modules/services/networking/wpa_supplicant.nix
@@ -0,0 +1,140 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking.wireless;
+  configFile = "/etc/wpa_supplicant.conf";
+
+  ifaces =
+    cfg.interfaces ++
+    optional (config.networking.WLANInterface != "") config.networking.WLANInterface;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.WLANInterface = mkOption {
+      default = "";
+      description = "Obsolete. Use <option>networking.wireless.interfaces</option> instead.";
+    };
+
+    networking.wireless = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to start <command>wpa_supplicant</command> to scan for
+          and associate with wireless networks.  Note: NixOS currently
+          does not generate <command>wpa_supplicant</command>'s
+          configuration file, <filename>${configFile}</filename>.  You
+          should edit this file yourself to define wireless networks,
+          WPA keys and so on (see
+          <citerefentry><refentrytitle>wpa_supplicant.conf</refentrytitle>
+          <manvolnum>5</manvolnum></citerefentry>).
+        '';
+      };
+
+      interfaces = mkOption {
+        type = types.listOf types.string;
+        default = [];
+        example = [ "wlan0" "wlan1" ];
+        description = ''
+          The interfaces <command>wpa_supplicant</command> will use.  If empty, it will
+          automatically use all wireless interfaces. (Note that auto-detection is currently
+          broken on Linux 3.4.x kernels. See http://github.com/NixOS/nixos/issues/10 for
+          further details.)
+        '';
+      };
+
+      driver = mkOption {
+        type = types.str;
+        default = "nl80211,wext";
+        description = "Force a specific wpa_supplicant driver.";
+      };
+
+      userControlled = {
+        enable = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Allow normal users to control wpa_supplicant through wpa_gui or wpa_cli.
+            This is useful for laptop users that switch networks a lot.
+
+            When you want to use this, make sure ${configFile} doesn't exist.
+            It will be created for you.
+
+            Currently it is also necessary to explicitly specify networking.wireless.interfaces.
+          '';
+        };
+
+        group = mkOption {
+          type = types.str;
+          default = "wheel";
+          example = "network";
+          description = "Members of this group can control wpa_supplicant.";
+        };
+      };
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages =  [ pkgs.wpa_supplicant ];
+
+    services.dbus.packages = [ pkgs.wpa_supplicant ];
+
+    jobs.wpa_supplicant =
+      { description = "WPA Supplicant";
+
+        wantedBy = [ "network.target" ];
+        after = [ "systemd-udev-settle.service" ];
+
+        path = [ pkgs.wpa_supplicant ];
+
+        preStart = ''
+          touch -a ${configFile}
+          chmod 600 ${configFile}
+        '' + optionalString cfg.userControlled.enable ''
+          if [ ! -s ${configFile} ]; then
+            echo "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=${cfg.userControlled.group}" >> ${configFile}
+            echo "update_config=1" >> ${configFile}
+          fi
+        '';
+
+        script =
+          ''
+            ${if ifaces == [] then ''
+              for i in $(cd /sys/class/net && echo *); do
+                DEVTYPE=
+                source /sys/class/net/$i/uevent
+                if [ "$DEVTYPE" = "wlan" -o -e /sys/class/net/$i/wireless ]; then
+                  ifaces="$ifaces''${ifaces:+ -N} -i$i"
+                fi
+              done
+            '' else ''
+              ifaces="${concatStringsSep " -N " (map (i: "-i${i}") ifaces)}"
+            ''}
+            exec wpa_supplicant -s -u -D${cfg.driver} -c ${configFile} $ifaces
+          '';
+      };
+
+    powerManagement.resumeCommands =
+      ''
+        ${config.systemd.package}/bin/systemctl try-restart wpa_supplicant
+      '';
+
+    assertions = [{ assertion = !cfg.userControlled.enable || cfg.interfaces != [];
+                    message = "user controlled wpa_supplicant needs explicit networking.wireless.interfaces";}];
+
+  };
+
+}
diff --git a/nixos/modules/services/networking/xinetd.nix b/nixos/modules/services/networking/xinetd.nix
new file mode 100644
index 000000000000..626183b810f1
--- /dev/null
+++ b/nixos/modules/services/networking/xinetd.nix
@@ -0,0 +1,158 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xinetd;
+
+  inherit (pkgs) xinetd;
+
+  configFile = pkgs.writeText "xinetd.conf"
+    ''
+      defaults
+      {
+        log_type       = SYSLOG daemon info
+        log_on_failure = HOST
+        log_on_success = PID HOST DURATION EXIT
+        ${cfg.extraDefaults}
+      }
+
+      ${concatMapStrings makeService cfg.services}
+    '';
+
+  makeService = srv:
+    ''
+      service ${srv.name}
+      {
+        protocol    = ${srv.protocol}
+        ${optionalString srv.unlisted "type        = UNLISTED"}
+        ${optionalString (srv.flags != "") "flags = ${srv.flags}"}
+        socket_type = ${if srv.protocol == "udp" then "dgram" else "stream"}
+        ${if srv.port != 0 then "port        = ${toString srv.port}" else ""}
+        wait        = ${if srv.protocol == "udp" then "yes" else "no"}
+        user        = ${srv.user}
+        server      = ${srv.server}
+        ${optionalString (srv.serverArgs != "") "server_args = ${srv.serverArgs}"}
+        ${srv.extraConfig}
+      }
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xinetd.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to enable the xinetd super-server daemon.
+      '';
+    };
+
+    services.xinetd.extraDefaults = mkOption {
+      default = "";
+      type = types.string;
+      description = ''
+        Additional configuration lines added to the default section of xinetd's configuration.
+      '';
+    };
+
+    services.xinetd.services = mkOption {
+      default = [];
+      description = ''
+        A list of services provided by xinetd.
+      '';
+
+      type = types.listOf types.optionSet;
+
+      options = {
+
+        name = mkOption {
+          type = types.string;
+          example = "login";
+          description = "Name of the service.";
+        };
+
+        protocol = mkOption {
+          type = types.string;
+          default = "tcp";
+          description =
+            "Protocol of the service.  Usually <literal>tcp</literal> or <literal>udp</literal>.";
+        };
+
+        port = mkOption {
+          type = types.int;
+          default = 0;
+          example = 123;
+          description = "Port number of the service.";
+        };
+
+        user = mkOption {
+          type = types.string;
+          default = "nobody";
+          description = "User account for the service";
+        };
+
+        server = mkOption {
+          type = types.string;
+          example = "/foo/bin/ftpd";
+          description = "Path of the program that implements the service.";
+        };
+
+        serverArgs = mkOption {
+          type = types.string;
+          default = "";
+          description = "Command-line arguments for the server program.";
+        };
+
+        flags = mkOption {
+          type = types.string;
+          default = "";
+          description = "";
+        };
+
+        unlisted = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Whether this server is listed in
+            <filename>/etc/services</filename>.  If so, the port
+            number can be omitted.
+          '';
+        };
+
+        extraConfig = mkOption {
+          type = types.string;
+          default = "";
+          description = "Extra configuration-lines added to the section of the service.";
+        };
+
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    jobs.xinetd =
+      { description = "xinetd server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        path = [ xinetd ];
+
+        exec = "xinetd -syslog daemon -dontfork -stayalive -f ${configFile}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/printing/cupsd.nix b/nixos/modules/services/printing/cupsd.nix
new file mode 100644
index 000000000000..951cef3eac07
--- /dev/null
+++ b/nixos/modules/services/printing/cupsd.nix
@@ -0,0 +1,232 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) cups;
+
+  cfg = config.services.printing;
+
+  additionalBackends = pkgs.runCommand "additional-cups-backends" { }
+    ''
+      mkdir -p $out
+      if [ ! -e ${pkgs.cups}/lib/cups/backend/smb ]; then
+        mkdir -p $out/lib/cups/backend
+        ln -sv ${pkgs.samba}/bin/smbspool $out/lib/cups/backend/smb
+      fi
+
+      # Provide support for printing via HTTPS.
+      if [ ! -e ${pkgs.cups}/lib/cups/backend/https ]; then
+        mkdir -p $out/lib/cups/backend
+        ln -sv ${pkgs.cups}/lib/cups/backend/ipp $out/lib/cups/backend/https
+      fi
+
+      # Import filter configuration from Ghostscript.
+      mkdir -p $out/share/cups/mime/
+      ln -v -s "${pkgs.ghostscript}/etc/cups/"* $out/share/cups/mime/
+    '';
+
+  # Here we can enable additional backends, filters, etc. that are not
+  # part of CUPS itself, e.g. the SMB backend is part of Samba.  Since
+  # we can't update ${cups}/lib/cups itself, we create a symlink tree
+  # here and add the additional programs.  The ServerBin directive in
+  # cupsd.conf tells cupsd to use this tree.
+  bindir = pkgs.buildEnv {
+    name = "cups-progs";
+    paths = cfg.drivers;
+    pathsToLink = [ "/lib/cups" "/share/cups" "/bin" ];
+    postBuild = cfg.bindirCmds;
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+    services.printing = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable printing support through the CUPS daemon.
+        '';
+      };
+
+      bindirCmds = mkOption {
+        type = types.lines;
+        internal = true;
+        default = "";
+        description = ''
+          Additional commands executed while creating the directory
+          containing the CUPS server binaries.
+        '';
+      };
+
+      cupsdConf = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            BrowsePoll cups.example.com
+            LogLevel debug
+          '';
+        description = ''
+          The contents of the configuration file of the CUPS daemon
+          (<filename>cupsd.conf</filename>).
+        '';
+      };
+
+      drivers = mkOption {
+        type = types.listOf types.path;
+        example = literalExample "[ pkgs.splix ]";
+        description = ''
+          CUPS drivers to use. Drivers provided by CUPS, Ghostscript
+          and Samba are added unconditionally.
+        '';
+      };
+
+      tempDir = mkOption {
+        type = types.path;
+        default = "/tmp";
+        example = "/tmp/cups";
+        description = ''
+          CUPSd temporary directory.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.printing.enable {
+
+    users.extraUsers = singleton
+      { name = "cups";
+        uid = config.ids.uids.cups;
+        group = "lp";
+        description = "CUPS printing services";
+      };
+
+    environment.systemPackages = [ cups ];
+
+    services.dbus.packages = [ cups ];
+
+    # Cups uses libusb to talk to printers, and does not use the
+    # linux kernel driver. If the driver is not in a black list, it
+    # gets loaded, and then cups cannot access the printers.
+    boot.blacklistedKernelModules = [ "usblp" ];
+
+    systemd.services.cupsd =
+      { description = "CUPS Printing Daemon";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network-interfaces.target" ];
+
+        path = [ cups ];
+
+        preStart =
+          ''
+            mkdir -m 0755 -p /etc/cups
+            mkdir -m 0700 -p /var/cache/cups
+            mkdir -m 0700 -p /var/spool/cups
+            mkdir -m 0755 -p ${cfg.tempDir}
+          '';
+
+        serviceConfig.Type = "forking";
+        serviceConfig.ExecStart = "@${cups}/sbin/cupsd cupsd -c ${pkgs.writeText "cupsd.conf" cfg.cupsdConf}";
+      };
+
+    services.printing.drivers =
+      [ pkgs.cups pkgs.cups_pdf_filter pkgs.ghostscript additionalBackends pkgs.perl pkgs.coreutils pkgs.gnused ];
+
+    services.printing.cupsdConf =
+      ''
+        LogLevel info
+
+        SystemGroup root
+
+        Listen localhost:631
+        Listen /var/run/cups/cups.sock
+
+        # Note: we can't use ${cups}/etc/cups as the ServerRoot, since
+        # CUPS will write in the ServerRoot when e.g. adding new printers
+        # through the web interface.
+        ServerRoot /etc/cups
+
+        ServerBin ${bindir}/lib/cups
+        DataDir ${bindir}/share/cups
+
+        SetEnv PATH ${bindir}/lib/cups/filter:${bindir}/bin:${bindir}/sbin
+
+        AccessLog syslog
+        ErrorLog syslog
+        PageLog syslog
+
+        TempDir ${cfg.tempDir}
+
+        # User and group used to run external programs, including
+        # those that actually send the job to the printer.  Note that
+        # Udev sets the group of printer devices to `lp', so we want
+        # these programs to run as `lp' as well.
+        User cups
+        Group lp
+
+        Browsing On
+        BrowseOrder allow,deny
+        BrowseAllow @LOCAL
+
+        DefaultAuthType Basic
+
+        <Location />
+          Order allow,deny
+          Allow localhost
+        </Location>
+
+        <Location /admin>
+          Order allow,deny
+          Allow localhost
+        </Location>
+
+        <Location /admin/conf>
+          AuthType Basic
+          Require user @SYSTEM
+          Order allow,deny
+          Allow localhost
+        </Location>
+
+        <Policy default>
+          <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
+            Require user @OWNER @SYSTEM
+            Order deny,allow
+          </Limit>
+
+          <Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
+            AuthType Basic
+            Require user @SYSTEM
+            Order deny,allow
+          </Limit>
+
+          <Limit Cancel-Job CUPS-Authenticate-Job>
+            Require user @OWNER @SYSTEM
+            Order deny,allow
+          </Limit>
+
+          <Limit All>
+            Order deny,allow
+          </Limit>
+        </Policy>
+      '';
+
+    # Allow CUPS to receive IPP printer announcements via UDP.
+    networking.firewall.allowedUDPPorts = [ 631 ];
+
+    security.pam.services.cups = {};
+
+  };
+}
diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix
new file mode 100644
index 000000000000..c516c5889f12
--- /dev/null
+++ b/nixos/modules/services/scheduling/atd.nix
@@ -0,0 +1,114 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.atd;
+
+  inherit (pkgs) at;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.atd.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable the <command>at</command> daemon, a command scheduler.
+      '';
+    };
+
+    services.atd.allowEveryone = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to make <filename>/var/spool/at{jobs,spool}</filename>
+        writeable by everyone (and sticky).  This is normally not
+        needed since the <command>at</command> commands are
+        setuid/setgid <literal>atd</literal>.
+     '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    security.setuidOwners = map (program: {
+      inherit program;
+      owner = "atd";
+      group = "atd";
+      setuid = true;
+      setgid = true;
+    }) [ "at" "atq" "atrm" "batch" ];
+
+    environment.systemPackages = [ at ];
+
+    security.pam.services.atd = {};
+
+    users.extraUsers = singleton
+      { name = "atd";
+        uid = config.ids.uids.atd;
+        description = "atd user";
+        home = "/var/empty";
+      };
+
+    users.extraGroups = singleton
+      { name = "atd";
+        gid = config.ids.gids.atd;
+      };
+
+    jobs.atd =
+      { description = "Job Execution Daemon (atd)";
+
+        startOn = "stopped udevtrigger";
+
+        path = [ at ];
+
+        preStart =
+          ''
+            # Snippets taken and adapted from the original `install' rule of
+            # the makefile.
+
+            # We assume these values are those actually used in Nixpkgs for
+            # `at'.
+            spooldir=/var/spool/atspool
+            jobdir=/var/spool/atjobs
+            etcdir=/etc/at
+
+            for dir in "$spooldir" "$jobdir" "$etcdir"; do
+              if [ ! -d "$dir" ]; then
+                  mkdir -p "$dir"
+                  chown atd:atd "$dir"
+              fi
+            done
+            chmod 1770 "$spooldir" "$jobdir"
+            ${if cfg.allowEveryone then ''chmod a+rwxt "$spooldir" "$jobdir" '' else ""}
+            if [ ! -f "$etcdir"/at.deny ]; then
+                touch "$etcdir"/at.deny
+                chown root:atd "$etcdir"/at.deny
+                chmod 640 "$etcdir"/at.deny
+            fi
+            if [ ! -f "$jobdir"/.SEQ ]; then
+                touch "$jobdir"/.SEQ
+                chown atd:atd "$jobdir"/.SEQ
+                chmod 600 "$jobdir"/.SEQ
+            fi
+          '';
+
+        exec = "atd";
+
+        daemonType = "fork";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix
new file mode 100644
index 000000000000..44ed1ba5a078
--- /dev/null
+++ b/nixos/modules/services/scheduling/cron.nix
@@ -0,0 +1,117 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (config.services) jobsTags;
+
+  # Put all the system cronjobs together.
+  systemCronJobsFile = pkgs.writeText "system-crontab"
+    ''
+      SHELL=${pkgs.bash}/bin/bash
+      PATH=${config.system.path}/bin:${config.system.path}/sbin
+      ${optionalString (config.services.cron.mailto != null) ''
+        MAILTO="${config.services.cron.mailto}"
+      ''}
+      NIX_CONF_DIR=/etc/nix
+      ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)}
+    '';
+
+  # Vixie cron requires build-time configuration for the sendmail path.
+  cronNixosPkg = pkgs.cron.override {
+    # The mail.nix nixos module, if there is any local mail system enabled,
+    # should have sendmail in this path.
+    sendmailPath = "/var/setuid-wrappers/sendmail";
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.cron = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to enable the Vixie cron daemon.";
+      };
+
+      mailto = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Email address to which job output will be mailed.";
+      };
+
+      systemCronJobs = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = literalExample ''
+          [ "* * * * *  test   ls -l / > /tmp/cronout 2>&1"
+            "* * * * *  eelco  echo Hello World > /home/eelco/cronout"
+          ]
+        '';
+        description = ''
+          A list of Cron jobs to be appended to the system-wide
+          crontab.  See the manual page for crontab for the expected
+          format. If you want to get the results mailed you must setuid
+          sendmail. See <option>security.setuidOwners</option>
+
+          If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root
+          will is allowed to have its own crontab file. The /var/cron/cron.deny file
+          is created automatically for you. So every user can use a crontab.
+
+          Many nixos modules set systemCronJobs, so if you decide to disable vixie cron
+          and enable another cron daemon, you may want it to get its system crontab
+          based on systemCronJobs.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.cron.enable {
+
+    environment.etc = singleton
+      # The system-wide crontab.
+      { source = systemCronJobsFile;
+        target = "crontab";
+        mode = "0600"; # Cron requires this.
+      };
+
+    security.setuidPrograms = [ "crontab" ];
+
+    environment.systemPackages = [ cronNixosPkg ];
+
+    jobs.cron =
+      { description = "Cron Daemon";
+
+        startOn = "startup";
+
+        path = [ cronNixosPkg ];
+
+        preStart =
+          ''
+            mkdir -m 710 -p /var/cron
+
+            # By default, allow all users to create a crontab.  This
+            # is denoted by the existence of an empty cron.deny file.
+            if ! test -e /var/cron/cron.allow -o -e /var/cron/cron.deny; then
+                touch /var/cron/cron.deny
+            fi
+          '';
+
+        exec = "cron -n";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/scheduling/fcron.nix b/nixos/modules/services/scheduling/fcron.nix
new file mode 100644
index 000000000000..0c0811ca6e0e
--- /dev/null
+++ b/nixos/modules/services/scheduling/fcron.nix
@@ -0,0 +1,133 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.fcron;
+
+  queuelen = if cfg.queuelen == null then "" else "-q ${toString cfg.queuelen}";
+
+  systemCronJobs =
+    ''
+      SHELL=${pkgs.bash}/bin/bash
+      PATH=${config.system.path}/bin:${config.system.path}/sbin
+      MAILTO="${config.services.cron.mailto}"
+      NIX_CONF_DIR=/etc/nix
+      ${pkgs.lib.concatStrings (map (job: job + "\n") config.services.cron.systemCronJobs)}
+    '';
+
+  allowdeny = target: users:
+    { source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users);
+      target = "fcron.${target}";
+      mode = "600"; # fcron has some security issues.. So I guess this is most safe
+    };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.fcron = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the <command>fcron</command> daemon.";
+      };
+
+      allow = mkOption {
+        type = types.listOf types.str;
+        default = [ "all" ];
+        description = ''
+          Users allowed to use fcrontab and fcrondyn (one name per
+          line, <literal>all</literal> for everyone).
+        '';
+      };
+
+      deny = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        description = "Users forbidden from using fcron.";
+      };
+
+      maxSerialJobs = mkOption {
+        type = types.int;
+        default = 1;
+        description = "Maximum number of serial jobs which can run simultaneously.";
+      };
+
+      queuelen = mkOption {
+        type = types.nullOr types.int;
+        default = null;
+        description = "Number of jobs the serial queue and the lavg queue can contain.";
+      };
+
+      systab = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''The "system" crontab contents.'';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.fcron.systab = systemCronJobs;
+
+    environment.etc =
+      [ (allowdeny "allow" (cfg.allow))
+        (allowdeny "deny" cfg.deny)
+        # see man 5 fcron.conf
+        { source = pkgs.writeText "fcon.conf" ''
+            fcrontabs   =       /var/spool/fcron
+            pidfile     =       /var/run/fcron.pid
+            fifofile    =       /var/run/fcron.fifo
+            fcronallow  =       /etc/fcron.allow
+            fcrondeny   =       /etc/fcron.deny
+            shell       =       /bin/sh
+            sendmail    =       /var/setuid-wrappers/sendmail
+            editor      =       /run/current-system/sw/bin/vi
+          '';
+          target = "fcron.conf";
+          mode = "0600"; # max allowed is 644
+        }
+      ];
+
+    environment.systemPackages = [ pkgs.fcron ];
+
+    security.setuidPrograms = [ "fcrontab" ];
+
+    jobs.fcron =
+      { description = "fcron daemon";
+
+        startOn = "startup";
+
+        after = [ "local-fs.target" ];
+
+        environment =
+          { PATH = "/run/current-system/sw/bin";
+          };
+
+        preStart =
+          ''
+            ${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron
+            # load system crontab file
+            ${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
+          '';
+
+        daemonType = "fork";
+
+        exec = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/search/elasticsearch.nix b/nixos/modules/services/search/elasticsearch.nix
new file mode 100644
index 000000000000..9d345e30361e
--- /dev/null
+++ b/nixos/modules/services/search/elasticsearch.nix
@@ -0,0 +1,115 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.elasticsearch;
+
+  es_home = "/var/lib/elasticsearch";
+
+  configFile = pkgs.writeText "elasticsearch.yml" ''
+    network.host: ${cfg.host}
+    network.port: ${cfg.port}
+    network.tcp.port: ${cfg.tcp_port}
+    cluster.name: ${cfg.cluster_name}
+    ${cfg.extraConf}
+  '';
+
+in {
+
+  ###### interface
+
+  options.services.elasticsearch = {
+    enable = mkOption {
+      description = "Whether to enable elasticsearch";
+      default = false;
+      type = types.uniq types.bool;
+    };
+
+    host = mkOption {
+      description = "Elasticsearch listen address";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    port = mkOption {
+      description = "Elasticsearch port to listen for HTTP traffic";
+      default = "9200";
+      type = types.str;
+    };
+
+    tcp_port = mkOption {
+      description = "Elasticsearch port for the node to node communication";
+      default = "9300";
+      type = types.str;
+    };
+
+    cluster_name = mkOption {
+      description = "Elasticsearch name that identifies your cluster for auto-discovery";
+      default = "elasticsearch";
+      type = types.str;
+    };
+
+    extraConf = mkOption {
+      description = "Extra configuration for elasticsearch";
+      default = "";
+      type = types.str;
+      example = ''
+        node.name: "elasticsearch"
+        node.master: true
+        node.data: false
+        index.number_of_shards: 5
+        index.number_of_replicas: 1
+      '';
+    };
+
+    logging = mkOption {
+      description = "Elasticsearch logging configuration";
+      default = ''
+        rootLogger: INFO, console
+        logger:
+          action: INFO
+          com.amazonaws: WARN
+        appender:
+          console:
+            type: console
+            layout:
+              type: consolePattern
+              conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"
+      '';
+      type = types.str;
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+    environment.etc = [
+      { source = configFile;
+        target = "elasticsearch/elasticsearch.yml"; }
+      { source = pkgs.writeText "logging.yml" cfg.logging;
+        target = "elasticsearch/logging.yml"; }
+    ];
+
+    systemd.services.elasticsearch = mkIf cfg.enable {
+      description = "Elasticsearch daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-interfaces.target" ];
+      environment = { ES_HOME = es_home; };
+      serviceConfig = {
+        ExecStart = "${pkgs.elasticsearch}/bin/elasticsearch -f -Des.path.conf=/etc/elasticsearch";
+        User = "elasticsearch";
+      };
+    };
+
+    environment.systemPackages = [ pkgs.elasticsearch ];
+
+    users.extraUsers = singleton {
+      name = "elasticsearch";
+      uid = config.ids.uids.elasticsearch;
+      description = "Elasticsearch daemon user";
+      home = es_home;
+      createHome = true;
+    };
+  };
+}
diff --git a/nixos/modules/services/security/clamav.nix b/nixos/modules/services/security/clamav.nix
new file mode 100644
index 000000000000..5ccb4927fcb7
--- /dev/null
+++ b/nixos/modules/services/security/clamav.nix
@@ -0,0 +1,80 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  clamavUser = "clamav";
+  stateDir = "/var/lib/clamav";
+  clamavGroup = clamavUser;
+  cfg = config.services.clamav;
+in
+{
+  ###### interface
+
+  options = {
+
+    services.clamav = {
+      updater = {
+	enable = mkOption {
+	  default = false;
+	  description = ''
+	    Whether to enable automatic ClamAV virus definitions database updates.
+	  '';
+	};
+
+	frequency = mkOption {
+	  default = 12;
+	  description = ''
+	    Number of database checks per day.
+	  '';
+	};
+
+	config = mkOption {
+	  default = "";
+	  description = ''
+	    Extra configuration for freshclam. Contents will be added verbatim to the
+	    configuration file.
+	  '';
+	};
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.updater.enable {
+    environment.systemPackages = [ pkgs.clamav ];
+    users.extraUsers = singleton
+      { name = clamavUser;
+        uid = config.ids.uids.clamav;
+        description = "ClamAV daemon user";
+        home = stateDir;
+      };
+
+    users.extraGroups = singleton
+      { name = clamavGroup;
+        gid = config.ids.gids.clamav;
+      };
+
+    services.clamav.updater.config = ''
+      DatabaseDirectory ${stateDir}
+      Foreground yes
+      Checks ${toString cfg.updater.frequency}
+      DatabaseMirror database.clamav.net
+    '';
+
+    jobs = {
+      clamav_updater = {
+	name = "clamav-updater";
+          startOn = "started network-interfaces";
+          stopOn = "stopping network-interfaces";
+
+          preStart = ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${clamavUser}:${clamavGroup} ${stateDir}
+          '';
+          exec = "${pkgs.clamav}/bin/freshclam --config-file=${pkgs.writeText "freshclam.conf" cfg.updater.config}";
+      }; 
+    };
+
+  };
+
+}
\ No newline at end of file
diff --git a/nixos/modules/services/security/fail2ban.nix b/nixos/modules/services/security/fail2ban.nix
new file mode 100644
index 000000000000..395a5df8af07
--- /dev/null
+++ b/nixos/modules/services/security/fail2ban.nix
@@ -0,0 +1,148 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.fail2ban;
+
+  fail2banConf = pkgs.writeText "fail2ban.conf" cfg.daemonConfig;
+
+  jailConf = pkgs.writeText "jail.conf"
+    (concatStringsSep "\n" (attrValues (flip mapAttrs cfg.jails (name: def:
+      optionalString (def != "")
+        ''
+          [${name}]
+          ${def}
+        ''))));
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.fail2ban = {
+
+      daemonConfig = mkOption {
+        default =
+          ''
+            [Definition]
+            loglevel  = 3
+            logtarget = SYSLOG
+            socket    = /run/fail2ban/fail2ban.sock
+            pidfile   = /run/fail2ban/fail2ban.pid
+          '';
+        type = types.string;
+        description =
+          ''
+            The contents of Fail2ban's main configuration file.  It's
+            generally not necessary to change it.
+          '';
+      };
+
+      jails = mkOption {
+        default = { };
+        example =
+          { "apache-nohome-iptables" =
+              ''
+                # Block an IP address if it accesses a non-existent
+                # home directory more than 5 times in 10 minutes,
+                # since that indicates that it's scanning.
+                filter   = apache-nohome
+                action   = iptables-multiport[name=HTTP, port="http,https"]
+                logpath  = /var/log/httpd/error_log*
+                findtime = 600
+                bantime  = 600
+                maxretry = 5
+              '';
+          };
+        type = types.attrsOf types.string;
+        description =
+          ''
+            The configuration of each Fail2ban “jail”.  A jail
+            consists of an action (such as blocking a port using
+            <command>iptables</command>) that is triggered when a
+            filter applied to a log file triggers more than a certain
+            number of times in a certain time period.  Actions are
+            defined in <filename>/etc/fail2ban/action.d</filename>,
+            while filters are defined in
+            <filename>/etc/fail2ban/filter.d</filename>.
+          '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages = [ pkgs.fail2ban ];
+
+    environment.etc."fail2ban/fail2ban.conf".source = fail2banConf;
+    environment.etc."fail2ban/jail.conf".source = jailConf;
+    environment.etc."fail2ban/action.d".source = "${pkgs.fail2ban}/etc/fail2ban/action.d/*.conf";
+    environment.etc."fail2ban/filter.d".source = "${pkgs.fail2ban}/etc/fail2ban/filter.d/*.conf";
+
+    systemd.services.fail2ban =
+      { description = "Fail2ban intrusion prevention system";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network.target" ];
+
+        restartTriggers = [ fail2banConf jailConf ];
+        path = [ pkgs.fail2ban pkgs.iptables ];
+
+        preStart =
+          ''
+            mkdir -p /run/fail2ban -m 0755
+          '';
+
+        serviceConfig =
+          { ExecStart = "${pkgs.fail2ban}/bin/fail2ban-server -f";
+            ReadOnlyDirectories = "/";
+            ReadWriteDirectories = "/run/fail2ban /var/tmp";
+            CapabilityBoundingSet = "CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW";
+          };
+
+        postStart =
+          ''
+            # Wait for the server to start listening.
+            for ((n = 0; n < 20; n++)); do
+              if fail2ban-client ping; then break; fi
+              sleep 0.5
+            done
+
+            # Reload its configuration.
+            fail2ban-client reload
+          '';
+      };
+
+    # Add some reasonable default jails.  The special "DEFAULT" jail
+    # sets default values for all other jails.
+    services.fail2ban.jails.DEFAULT =
+      ''
+        ignoreip = 127.0.0.1/8
+        bantime  = 600
+        findtime = 600
+        maxretry = 3
+        backend  = auto
+      '';
+
+    # Block SSH if there are too many failing connection attempts.
+    services.fail2ban.jails.ssh-iptables =
+      ''
+        filter   = sshd
+        action   = iptables[name=SSH, port=ssh, protocol=tcp]
+        logpath  = /var/log/warn
+        maxretry = 5
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/security/fprot.nix b/nixos/modules/services/security/fprot.nix
new file mode 100644
index 000000000000..9f1fc4ed6d8b
--- /dev/null
+++ b/nixos/modules/services/security/fprot.nix
@@ -0,0 +1,88 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  fprotUser = "fprot";
+  stateDir = "/var/lib/fprot";
+  fprotGroup = fprotUser;
+  cfg = config.services.fprot;
+in {
+  options = {
+
+    services.fprot = {
+      updater = {
+	enable = mkOption {
+	  default = false;
+	  description = ''
+	    Whether to enable automatic F-Prot virus definitions database updates.
+	  '';
+	};
+
+	productData = mkOption {
+	  default = "${pkgs.fprot}/opt/f-prot/product.data";
+	  description = ''
+	    product.data file. Defaults to the one supplied with installation package.
+	  '';
+	};
+
+	frequency = mkOption {
+	  default = 30;
+	  description = ''
+	    Update virus definitions every X minutes.
+	  '';
+	};
+
+	licenseKeyfile = mkOption {
+	  default = "${pkgs.fprot}/opt/f-prot/license.key";
+	  description = ''
+	    License keyfile. Defaults to the one supplied with installation package.
+	  '';
+	};
+
+      };
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.updater.enable {
+    environment.systemPackages = [ pkgs.fprot ];
+    environment.etc = singleton {
+      source = "${pkgs.fprot}/opt/f-prot/f-prot.conf";
+      target = "f-prot.conf";
+    };
+
+    users.extraUsers = singleton
+      { name = fprotUser;
+        uid = config.ids.uids.fprot;
+        description = "F-Prot daemon user";
+        home = stateDir;
+      };
+
+    users.extraGroups = singleton
+      { name = fprotGroup;
+        gid = config.ids.gids.fprot;
+      };
+
+    services.cron.systemCronJobs = [ "*/${toString cfg.updater.frequency} * * * * root start fprot-updater" ];
+
+    jobs = {
+      fprot_updater = {
+	name = "fprot-updater";
+	  task = true;
+
+	  # have to copy fpupdate executable because it insists on storing the virus database in the same dir
+          preStart = ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${fprotUser}:${fprotGroup} ${stateDir}
+	    cp ${pkgs.fprot}/opt/f-prot/fpupdate ${stateDir}
+	    ln -sf ${cfg.updater.productData} ${stateDir}/product.data
+          '';
+	  #setuid = fprotUser;
+	  #setgid = fprotGroup;
+          exec = "/var/lib/fprot/fpupdate --keyfile ${cfg.updater.licenseKeyfile}";
+      }; 
+    };
+
+ };
+
+}
\ No newline at end of file
diff --git a/nixos/modules/services/security/frandom.nix b/nixos/modules/services/security/frandom.nix
new file mode 100644
index 000000000000..9aae7b33a430
--- /dev/null
+++ b/nixos/modules/services/security/frandom.nix
@@ -0,0 +1,31 @@
+{pkgs, config, ...}:
+
+let kernel = config.boot.kernelPackages;
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.frandom.enable = pkgs.lib.mkOption {
+      default = false;
+      type = pkgs.lib.types.bool;
+      description = ''
+        enable the /dev/frandom device (a very fast random number generator)
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = pkgs.lib.mkIf config.services.frandom.enable {
+    boot.kernelModules = [ "frandom" ];
+    boot.extraModulePackages = [ kernel.frandom ];
+    services.udev.packages = [ kernel.frandom ];
+  };
+
+}
diff --git a/nixos/modules/services/security/tor.nix b/nixos/modules/services/security/tor.nix
new file mode 100644
index 000000000000..e70eb8511a63
--- /dev/null
+++ b/nixos/modules/services/security/tor.nix
@@ -0,0 +1,323 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inherit (pkgs) tor privoxy;
+
+  stateDir = "/var/lib/tor";
+  privoxyDir = stateDir+"/privoxy";
+
+  cfg = config.services.tor;
+
+  torUser = "tor";
+
+  opt = name: value: if value != "" then "${name} ${value}" else "";
+  optint = name: value: if value != 0 then "${name} ${toString value}" else "";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.tor = {
+
+      config = mkOption {
+        default = "";
+        description = ''
+          Extra configuration. Contents will be added verbatim to the
+          configuration file.
+        '';
+      };
+
+      client = {
+
+        enable = mkOption {
+          default = false;
+          description = ''
+            Whether to enable Tor daemon to route application connections.
+            You might want to disable this if you plan running a dedicated Tor relay.
+          '';
+        };
+
+        socksListenAddress = mkOption {
+          default = "127.0.0.1:9050";
+          example = "192.168.0.1:9100";
+          description = ''
+            Bind to this address to listen for connections from Socks-speaking
+            applications.
+          '';
+        };
+
+        socksListenAddressFaster = mkOption {
+          default = "127.0.0.1:9063";
+          description = ''
+            Same as socksListenAddress but uses weaker circuit isolation to provide
+            performance suitable for a web browser.
+          '';
+        };
+
+        socksPolicy = mkOption {
+          default = "";
+          example = "accept 192.168.0.0/16, reject *";
+          description = ''
+            Entry policies to allow/deny SOCKS requests based on IP address.
+            First entry that matches wins. If no SocksPolicy is set, we accept
+            all (and only) requests from SocksListenAddress.
+          '';
+        };
+
+        privoxy = {
+
+          enable = mkOption {
+            default = true;
+            description = ''
+              Whether to enable a special instance of privoxy dedicated to Tor.
+              To have anonymity, protocols need to be scrubbed of identifying
+              information.
+              Most people using Tor want to anonymize their web traffic, so by
+              default we enable an special instance of privoxy specifically for
+              Tor.
+              However, if you are only going to use Tor only for other kinds of
+              traffic then you can disable this option.
+            '';
+          };
+
+          listenAddress = mkOption {
+            default = "127.0.0.1:8118";
+            description = ''
+              Address that Tor's instance of privoxy is listening to.
+              *This does not configure the standard NixOS instance of privoxy.*
+              This is for Tor connections only!
+              See services.privoxy.listenAddress to configure the standard NixOS
+              instace of privoxy.
+            '';
+          };
+
+          config = mkOption {
+            default = "";
+            description = ''
+              Extra configuration for Tor's instance of privoxy. Contents will be
+              added verbatim to the configuration file.
+              *This does not configure the standard NixOS instance of privoxy.*
+              This is for Tor connections only!
+              See services.privoxy.extraConfig to configure the standard NixOS
+              instace of privoxy.
+            '';
+          };
+
+        };
+
+      };
+
+      relay = {
+
+        enable = mkOption {
+          default = false;
+          description = ''
+            Whether to enable relaying TOR traffic for others.
+
+            See https://www.torproject.org/docs/tor-doc-relay for details.
+          '';
+        };
+
+        isBridge = mkOption {
+          default = false;
+          description = ''
+            Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
+            main directory. Since there is no complete public list of them, even if an
+            ISP is filtering connections to all the known Tor relays, they probably
+            won't be able to block all the bridges.
+
+            A bridge relay can't be an exit relay.
+
+            You need to set relay.enable to true for this option to take effect.
+
+            The bridge is set up with an obfuscated transport proxy.
+
+            See https://www.torproject.org/bridges.html.en for more info.
+          '';
+        };
+
+        isExit = mkOption {
+          default = false;
+          description = ''
+            An exit relay allows Tor users to access regular Internet services.
+
+            Unlike running a non-exit relay, running an exit relay may expose
+            you to abuse complaints. See https://www.torproject.org/faq.html.en#ExitPolicies for more info.
+
+            You can specify which services Tor users may access via your exit relay using exitPolicy option.
+          '';
+        };
+
+        nickname = mkOption {
+          default = "anonymous";
+          description = ''
+            A unique handle for your TOR relay.
+          '';
+        };
+
+        bandwidthRate = mkOption {
+          default = 0;
+          example = 100;
+          description = ''
+            Specify this to limit the bandwidth usage of relayed (server)
+            traffic. Your own traffic is still unthrottled. Units: bytes/second.
+          '';
+        };
+
+        bandwidthBurst = mkOption {
+          default = cfg.relay.bandwidthRate;
+          example = 200;
+          description = ''
+            Specify this to allow bursts of the bandwidth usage of relayed (server)
+            traffic. The average usage will still be as specified in relayBandwidthRate.
+            Your own traffic is still unthrottled. Units: bytes/second.
+          '';
+        };
+
+        port = mkOption {
+          default = 9001;
+          description = ''
+            What port to advertise for Tor connections.
+          '';
+        };
+
+        listenAddress = mkOption {
+          default = "";
+          example = "0.0.0.0:9090";
+          description = ''
+            Set this if you need to listen on a port other than the one advertised
+            in relayPort (e.g. to advertise 443 but bind to 9090). You'll need to do
+            ipchains or other port forwsarding yourself to make this work.
+          '';
+        };
+
+        exitPolicy = mkOption {
+          default = "";
+          example = "accept *:6660-6667,reject *:*";
+          description = ''
+            A comma-separated list of exit policies. They're considered first
+            to last, and the first match wins. If you want to _replace_
+            the default exit policy, end this with either a reject *:* or an
+            accept *:*. Otherwise, you're _augmenting_ (prepending to) the
+            default exit policy. Leave commented to just use the default, which is
+            available in the man page or at https://www.torproject.org/documentation.html
+
+            Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+            for issues you might encounter if you use the default exit policy.
+
+            If certain IPs and ports are blocked externally, e.g. by your firewall,
+            you should update your exit policy to reflect this -- otherwise Tor
+            users will be told that those destinations are down.
+          '';
+        };
+
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf (cfg.client.enable || cfg.relay.enable) {
+
+    assertions = singleton
+      { assertion = cfg.relay.enable -> !(cfg.relay.isBridge && cfg.relay.isExit);
+        message = "Can't be both an exit and a bridge relay at the same time";
+      };
+
+    users.extraUsers = singleton
+      { name = torUser;
+        uid = config.ids.uids.tor;
+        description = "Tor daemon user";
+        home = stateDir;
+      };
+
+    jobs = {
+      tor = { name = "tor";
+
+              startOn = "started network-interfaces";
+              stopOn = "stopping network-interfaces";
+
+              preStart = ''
+                mkdir -m 0755 -p ${stateDir}
+                chown ${torUser} ${stateDir}
+              '';
+              exec = "${tor}/bin/tor -f ${pkgs.writeText "torrc" cfg.config}";
+    }; }
+    // optionalAttrs (cfg.client.privoxy.enable && cfg.client.enable) {
+      torPrivoxy = { name = "tor-privoxy";
+
+                     startOn = "started network-interfaces";
+                     stopOn = "stopping network-interfaces";
+
+                     preStart = ''
+                       mkdir -m 0755 -p ${privoxyDir}
+                       chown ${torUser} ${privoxyDir}
+                     '';
+                     exec = "${privoxy}/sbin/privoxy --no-daemon --user ${torUser} ${pkgs.writeText "torPrivoxy.conf" cfg.client.privoxy.config}";
+    }; };
+
+      services.tor.config = ''
+        DataDirectory ${stateDir}
+        User ${torUser}
+      ''
+      + optionalString cfg.client.enable  ''
+        SOCKSPort ${cfg.client.socksListenAddress} IsolateDestAddr
+        SOCKSPort ${cfg.client.socksListenAddressFaster}
+        ${opt "SocksPolicy" cfg.client.socksPolicy}
+      ''
+      + optionalString cfg.relay.enable ''
+        ORPort ${toString cfg.relay.port}
+        ${opt "ORListenAddress" cfg.relay.listenAddress }
+        ${opt "Nickname" cfg.relay.nickname}
+        ${optint "RelayBandwidthRate" cfg.relay.bandwidthRate}
+        ${optint "RelayBandwidthBurst" cfg.relay.bandwidthBurst}
+        ${if cfg.relay.isExit then opt "ExitPolicy" cfg.relay.exitPolicy else "ExitPolicy reject *:*"}
+        ${if cfg.relay.isBridge then ''
+          BridgeRelay 1
+          ServerTransportPlugin obfs2,obfs3 exec ${pkgs.pythonPackages.obfsproxy}/bin/obfsproxy managed
+        '' else ""}
+      '';
+
+      services.tor.client.privoxy.config = ''
+        # Generally, this file goes in /etc/privoxy/config
+        #
+        # Tor listens as a SOCKS4a proxy here:
+        forward-socks4a / ${cfg.client.socksListenAddressFaster} .
+        confdir ${privoxy}/etc
+        logdir ${privoxyDir}
+        # actionsfile standard  # Internal purpose, recommended
+        actionsfile default.action   # Main actions file
+        actionsfile user.action      # User customizations
+        filterfile default.filter
+
+        # Don't log interesting things, only startup messages, warnings and errors
+        logfile logfile
+        #jarfile jarfile
+        #debug   0    # show each GET/POST/CONNECT request
+        debug   4096 # Startup banner and warnings
+        debug   8192 # Errors - *we highly recommended enabling this*
+
+        user-manual ${privoxy}/doc/privoxy/user-manual
+        listen-address  ${cfg.client.privoxy.listenAddress}
+        toggle  1
+        enable-remote-toggle 0
+        enable-edit-actions 0
+        enable-remote-http-toggle 0
+        buffer-limit 4096
+
+        # Extra config goes here
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/security/torify.nix b/nixos/modules/services/security/torify.nix
new file mode 100644
index 000000000000..1c158906a911
--- /dev/null
+++ b/nixos/modules/services/security/torify.nix
@@ -0,0 +1,69 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+
+  cfg = config.services.tor;
+
+  torify = pkgs.writeTextFile {
+    name = "torify";
+    text = ''
+        #!${pkgs.stdenv.shell}
+        TSOCKS_CONF_FILE=${pkgs.writeText "tsocks.conf" cfg.torify.config} LD_PRELOAD="${pkgs.tsocks}/lib/libtsocks.so $LD_PRELOAD" "$@"
+    '';
+    executable = true;
+    destination = "/bin/torify";
+  };
+
+in
+
+{
+
+  ###### interface
+  
+  options = {
+  
+    services.tor.torify = {
+
+      enable = mkOption {
+        default = cfg.client.enable;
+        description = ''
+          Whether to build torify scipt to relay application traffic via TOR.
+        '';
+      };
+
+      server = mkOption {
+        default = "localhost:9050";
+        example = "192.168.0.20";
+        description = ''
+          IP address of TOR client to use.
+        '';
+      };
+
+      config = mkOption {
+        default = "";
+        description = ''
+          Extra configuration. Contents will be added verbatim to TSocks
+          configuration file.
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.torify.enable {
+
+    environment.systemPackages = [ torify ];  # expose it to the users
+
+    services.tor.torify.config = ''
+      server = ${toString(head (splitString ":" cfg.torify.server))}
+      server_port = ${toString(tail (splitString ":" cfg.torify.server))}
+
+      local = 127.0.0.0/255.128.0.0
+      local = 127.128.0.0/255.192.0.0
+    '';
+  };
+
+}
diff --git a/nixos/modules/services/security/torsocks.nix b/nixos/modules/services/security/torsocks.nix
new file mode 100644
index 000000000000..d6974282a6b5
--- /dev/null
+++ b/nixos/modules/services/security/torsocks.nix
@@ -0,0 +1,85 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+
+  cfg = config.services.tor;
+
+  makeConfig = server: ''
+      server = ${toString(head (splitString ":" server))}
+      server_port = ${toString(tail (splitString ":" server))}
+
+      local = 127.0.0.0/255.128.0.0
+      local = 127.128.0.0/255.192.0.0
+      local = 169.254.0.0/255.255.0.0
+      local = 172.16.0.0/255.240.0.0
+      local = 192.168.0.0/255.255.0.0
+
+      ${cfg.torsocks.config}
+    '';
+  makeTorsocks = name: server: pkgs.writeTextFile {
+    name = name;
+    text = ''
+        #!${pkgs.stdenv.shell}
+        TORSOCKS_CONF_FILE=${pkgs.writeText "torsocks.conf" (makeConfig server)} LD_PRELOAD="${pkgs.torsocks}/lib/torsocks/libtorsocks.so $LD_PRELOAD" "$@"
+    '';
+    executable = true;
+    destination = "/bin/${name}";
+  };
+
+  torsocks = makeTorsocks "torsocks" cfg.torsocks.server;
+  torsocksFaster = makeTorsocks "torsocks-faster" cfg.torsocks.serverFaster;
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.tor.torsocks = {
+
+      enable = mkOption {
+        default = cfg.client.enable;
+        description = ''
+          Whether to build torsocks scipt to relay application traffic via TOR.
+        '';
+      };
+
+      server = mkOption {
+        default = cfg.client.socksListenAddress;
+        example = "192.168.0.20:9050";
+        description = ''
+          IP address of TOR client to use.
+        '';
+      };
+
+      serverFaster = mkOption {
+        default = cfg.client.socksListenAddressFaster;
+        example = "192.168.0.20:9063";
+        description = ''
+          IP address of TOR client to use for applications like web browsers which
+	  need less circuit isolation to achive satisfactory performance.
+        '';
+      };
+
+      config = mkOption {
+        default = "";
+        description = ''
+          Extra configuration. Contents will be added verbatim to torsocks
+          configuration file.
+        '';
+      };
+
+    };
+
+  };
+
+  ###### implementation
+
+  config = mkIf cfg.torsocks.enable {
+
+    environment.systemPackages = [ torsocks torsocksFaster ];  # expose it to the users
+
+  };
+
+}
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix
new file mode 100644
index 000000000000..cb5110f6feb3
--- /dev/null
+++ b/nixos/modules/services/system/dbus.nix
@@ -0,0 +1,160 @@
+# D-Bus configuration and system bus daemon.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.dbus;
+
+  homeDir = "/var/run/dbus";
+
+  configDir = pkgs.stdenv.mkDerivation {
+    name = "dbus-conf";
+    preferLocalBuild = true;
+    buildCommand = ''
+      ensureDir $out
+
+      cp -v ${pkgs.dbus_daemon}/etc/dbus-1/system.conf $out/system.conf
+
+      # !!! Hm, these `sed' calls are rather error-prone...
+
+      # Tell the daemon where the setuid wrapper around
+      # dbus-daemon-launch-helper lives.
+      sed -i $out/system.conf \
+          -e 's|<servicehelper>.*/libexec/dbus-daemon-launch-helper|<servicehelper>${config.security.wrapperDir}/dbus-daemon-launch-helper|'
+
+      # Add the system-services and system.d directories to the system
+      # bus search path.
+      sed -i $out/system.conf \
+          -e 's|<standard_system_servicedirs/>|${systemServiceDirs}|' \
+          -e 's|<includedir>system.d</includedir>|${systemIncludeDirs}|'
+
+      cp ${pkgs.dbus_daemon}/etc/dbus-1/session.conf $out/session.conf
+
+      # Add the services and session.d directories to the session bus
+      # search path.
+      sed -i $out/session.conf \
+          -e 's|<standard_session_servicedirs />|${sessionServiceDirs}&|' \
+          -e 's|<includedir>session.d</includedir>|${sessionIncludeDirs}|'
+    ''; # */
+  };
+
+  systemServiceDirs = concatMapStrings
+    (d: "<servicedir>${d}/share/dbus-1/system-services</servicedir> ")
+    cfg.packages;
+
+  systemIncludeDirs = concatMapStrings
+    (d: "<includedir>${d}/etc/dbus-1/system.d</includedir> ")
+    cfg.packages;
+
+  sessionServiceDirs = concatMapStrings
+    (d: "<servicedir>${d}/share/dbus-1/services</servicedir> ")
+    cfg.packages;
+
+  sessionIncludeDirs = concatMapStrings
+    (d: "<includedir>${d}/etc/dbus-1/session.d</includedir> ")
+    cfg.packages;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.dbus = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to start the D-Bus message bus daemon, which is
+          required by many other system services and applications.
+        '';
+      };
+
+      packages = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        description = ''
+          Packages whose D-Bus configuration files should be included in
+          the configuration of the D-Bus system-wide message bus.
+          Specifically, every file in
+          <filename><replaceable>pkg</replaceable>/etc/dbus-1/system.d</filename>
+          is included.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.dbus_daemon pkgs.dbus_tools ];
+
+    environment.etc = singleton
+      { source = configDir;
+        target = "dbus-1";
+      };
+
+    users.extraUsers.messagebus = {
+      uid = config.ids.uids.messagebus;
+      description = "D-Bus system message bus daemon user";
+      home = homeDir;
+      group = "messagebus";
+    };
+
+    users.extraGroups.messagebus.gid = config.ids.gids.messagebus;
+
+    # FIXME: these are copied verbatim from the dbus source tree.  We
+    # should install and use the originals.
+    systemd.units."dbus.socket".text =
+      ''
+        [Unit]
+        Description=D-Bus System Message Bus Socket
+
+        [Socket]
+        ListenStream=/var/run/dbus/system_bus_socket
+      '';
+
+    systemd.units."dbus.service".text =
+      ''
+        [Unit]
+        Description=D-Bus System Message Bus
+        Requires=dbus.socket
+
+        [Service]
+        ExecStartPre=${pkgs.dbus_tools}/bin/dbus-uuidgen --ensure
+        ExecStartPre=-${pkgs.coreutils}/bin/rm -f /var/run/dbus/pid
+        ExecStart=${pkgs.dbus_daemon}/bin/dbus-daemon --system --address=systemd: --nofork --systemd-activation
+        ExecReload=${pkgs.dbus_tools}/bin/dbus-send --print-reply --system --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
+        OOMScoreAdjust=-900
+      '';
+
+    security.setuidOwners = singleton
+      { program = "dbus-daemon-launch-helper";
+        source = "${pkgs.dbus_daemon}/libexec/dbus-daemon-launch-helper";
+        owner = "root";
+        group = "messagebus";
+        setuid = true;
+        setgid = false;
+        permissions = "u+rx,g+rx,o-rx";
+      };
+
+    services.dbus.packages =
+      [ "/nix/var/nix/profiles/default"
+        config.system.path
+      ];
+
+    environment.pathsToLink = [ "/etc/dbus-1" "/share/dbus-1" ];
+
+  };
+
+}
diff --git a/nixos/modules/services/system/kerberos.nix b/nixos/modules/services/system/kerberos.nix
new file mode 100644
index 000000000000..8fb5debd20e4
--- /dev/null
+++ b/nixos/modules/services/system/kerberos.nix
@@ -0,0 +1,71 @@
+{pkgs, config, ...}:
+
+let
+
+  inherit (pkgs.lib) mkOption mkIf singleton;
+
+  inherit (pkgs) heimdal;
+
+  stateDir = "/var/heimdal";
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.kerberos_server = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable the kerberos authentification server.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.kerberos_server.enable {
+
+    environment.systemPackages = [ heimdal ];
+
+    services.xinetd.enable = true;
+    services.xinetd.services = pkgs.lib.singleton
+      { name = "kerberos-adm";
+        flags = "REUSE NAMEINARGS";
+        protocol = "tcp";
+        user = "root";
+        server = "${pkgs.tcp_wrappers}/sbin/tcpd";
+        serverArgs = "${pkgs.heimdal}/sbin/kadmind";
+      };
+
+    jobs.kdc =
+      { description = "Kerberos Domain Controller daemon";
+
+        startOn = "ip-up";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+          '';
+
+        exec = "${heimdal}/sbin/kdc";
+
+      };
+
+    jobs.kpasswdd =
+      { description = "Kerberos Domain Controller daemon";
+
+        startOn = "ip-up";
+
+        exec = "${heimdal}/sbin/kpasswdd";
+      };
+  };
+
+}
diff --git a/nixos/modules/services/system/nscd.conf b/nixos/modules/services/system/nscd.conf
new file mode 100644
index 000000000000..6d0dcacf9778
--- /dev/null
+++ b/nixos/modules/services/system/nscd.conf
@@ -0,0 +1,28 @@
+server-user             nscd
+threads                 1
+paranoia                no
+debug-level             0
+
+enable-cache            passwd          yes
+positive-time-to-live   passwd          600
+negative-time-to-live   passwd          20
+suggested-size          passwd          211
+check-files             passwd          yes
+persistent              passwd          no
+shared                  passwd          yes
+
+enable-cache            group           yes
+positive-time-to-live   group           3600
+negative-time-to-live   group           60
+suggested-size          group           211
+check-files             group           yes
+persistent              group           no
+shared                  group           yes
+
+enable-cache            hosts           yes
+positive-time-to-live   hosts           600
+negative-time-to-live   hosts           5
+suggested-size          hosts           211
+check-files             hosts           yes
+persistent              hosts           no
+shared                  hosts           yes
diff --git a/nixos/modules/services/system/nscd.nix b/nixos/modules/services/system/nscd.nix
new file mode 100644
index 000000000000..b817b1df779f
--- /dev/null
+++ b/nixos/modules/services/system/nscd.nix
@@ -0,0 +1,72 @@
+{pkgs, config, ...}:
+
+with pkgs.lib;
+
+let
+
+  nssModulesPath = config.system.nssModules.path;
+
+  inherit (pkgs.lib) singleton;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.nscd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to enable the Name Service Cache Daemon.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.nscd.enable {
+
+    users.extraUsers = singleton
+      { name = "nscd";
+        uid = config.ids.uids.nscd;
+        description = "Name service cache daemon user";
+      };
+
+    systemd.services.nscd =
+      { description = "Name Service Cache Daemon";
+
+        wantedBy = [ "nss-lookup.target" "nss-user-lookup.target" ];
+
+        environment = { LD_LIBRARY_PATH = nssModulesPath; };
+
+        preStart =
+          ''
+            mkdir -m 0755 -p /run/nscd
+            rm -f /run/nscd/nscd.pid
+            mkdir -m 0755 -p /var/db/nscd
+          '';
+
+        restartTriggers = [ config.environment.etc.hosts.source ];
+
+        serviceConfig =
+          { ExecStart = "@${pkgs.glibc}/sbin/nscd nscd -f ${./nscd.conf}";
+            Type = "forking";
+            PIDFile = "/run/nscd/nscd.pid";
+            Restart = "always";
+            ExecReload =
+              [ "${pkgs.glibc}/sbin/nscd --invalidate passwd"
+                "${pkgs.glibc}/sbin/nscd --invalidate group"
+                "${pkgs.glibc}/sbin/nscd --invalidate hosts"
+              ];
+          };
+      };
+
+  };
+}
diff --git a/nixos/modules/services/system/uptimed.nix b/nixos/modules/services/system/uptimed.nix
new file mode 100644
index 000000000000..61eecd5c9ba8
--- /dev/null
+++ b/nixos/modules/services/system/uptimed.nix
@@ -0,0 +1,68 @@
+{pkgs, config, ...}:
+
+let
+
+  inherit (pkgs.lib) mkOption mkIf singleton;
+
+  inherit (pkgs) uptimed;
+
+  stateDir = "/var/spool/uptimed";
+
+  uptimedUser = "uptimed";
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.uptimed = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Uptimed allows you to track your highest uptimes.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.uptimed.enable {
+
+    environment.systemPackages = [ uptimed ];
+
+    users.extraUsers = singleton
+      { name = uptimedUser;
+        uid = config.ids.uids.uptimed;
+        description = "Uptimed daemon user";
+        home = stateDir;
+      };
+
+    jobs.uptimed =
+      { description = "Uptimed daemon";
+
+        startOn = "startup";
+
+        preStart =
+          ''
+            mkdir -m 0755 -p ${stateDir}
+            chown ${uptimedUser} ${stateDir}
+
+            if ! test -f ${stateDir}/bootid ; then
+              ${uptimed}/sbin/uptimed -b
+            fi
+          '';
+
+        exec = "${uptimed}/sbin/uptimed";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/torrent/deluge.nix b/nixos/modules/services/torrent/deluge.nix
new file mode 100644
index 000000000000..e0c212e5661f
--- /dev/null
+++ b/nixos/modules/services/torrent/deluge.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.deluge;
+  cfg_web = config.services.deluge.web;
+in {
+  options = {
+    services.deluge = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = ''
+          Start Deluge daemon.
+        ''; 
+      };  
+    };
+
+    services.deluge.web = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = ''
+          Start Deluge Web daemon.
+        ''; 
+      };  
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.deluged = {
+      after = [ "network.target" ];
+      description = "Deluge BitTorrent Daemon";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.pythonPackages.deluge ];
+      serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluged -d";
+      serviceConfig.User = "deluge";
+      serviceConfig.Group = "deluge";
+    };
+
+    systemd.services.delugeweb = mkIf cfg_web.enable {
+      after = [ "network.target" ];
+      description = "Deluge BitTorrent WebUI";
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.pythonPackages.deluge ];
+      serviceConfig.ExecStart = "${pkgs.pythonPackages.deluge}/bin/deluge --ui web";
+      serviceConfig.User = "deluge";
+      serviceConfig.Group = "deluge";
+    };
+
+    environment.systemPackages = [ pkgs.pythonPackages.deluge ];
+
+    users.extraUsers.deluge = {
+      group = "deluge";
+      uid = config.ids.uids.deluge;
+      home = "/var/lib/deluge/";
+      createHome = true;
+      description = "Deluge Daemon user";
+    };
+
+    users.extraGroups.deluge.gid = config.ids.gids.deluge;
+  };
+}
diff --git a/nixos/modules/services/torrent/transmission.nix b/nixos/modules/services/torrent/transmission.nix
new file mode 100644
index 000000000000..063332d48628
--- /dev/null
+++ b/nixos/modules/services/torrent/transmission.nix
@@ -0,0 +1,173 @@
+# NixOS module for Transmission BitTorrent daemon
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.transmission;
+  homeDir = "/var/lib/transmission";
+  settingsDir = "${homeDir}/.config/transmission-daemon";
+  settingsFile = "${settingsDir}/settings.json";
+
+  # Strings must be quoted, ints and bools must not (for settings.json).
+  toOption = x:
+    if x == true then "true"
+    else if x == false then "false"
+    else if builtins.isInt x then toString x
+    else toString ''\"${x}\"'';
+
+  # All lines in settings.json end with a ',' (comma), except for the last
+  # line. This is standard JSON. But a comma can also appear *inside* some
+  # fields, notably the "rpc-whitelist" field. This is difficult to handle in
+  # sed so we simply ignore it and say that if you want to change the option at
+  # the last line of settings.json, you have to do it manually. At this time of
+  # writing, the last option is "utp-enable":true.
+  attrsToSedArgs = as:
+    concatStrings (concatLists (mapAttrsToList (name: value:
+      #map (x: '' -e 's=\(\"${name}\":\)[^,]*\(.*\)=\1 ${toOption x}\2=' '') # breaks if comma inside value field
+      map (x: '' -e 's=\(\"${name}\":\).*=\1 ${toOption x},=' '') # always append ',' (breaks last line in settings.json)
+        (if isList value then value else [value]))
+        as));
+
+in
+
+{
+
+  ### configuration
+
+  options = {
+
+    services.transmission = {
+
+      enable = mkOption {
+        type = types.uniq types.bool;
+        default = false;
+        description = ''
+          Whether or not to enable the headless Transmission BitTorrent daemon.
+
+          Transmission daemon can be controlled via the RPC interface using
+          transmission-remote or the WebUI (http://localhost:9091/ by default).
+
+          Torrents are downloaded to ${homeDir}/Downloads/ by default and are
+          accessible to users in the "transmission" group.
+        '';
+      };
+
+      settings = mkOption {
+        type = types.attrs;
+        default =
+          {
+            # for users in group "transmission" to have access to torrents
+            umask = 2;
+          }
+        ;
+        example =
+          {
+            download-dir = "/srv/torrents/";
+            incomplete-dir = "/srv/torrents/.incomplete/";
+            incomplete-dir-enabled = true;
+            rpc-whitelist = "127.0.0.1,192.168.*.*";
+            # for users in group "transmission" to have access to torrents
+            umask = 2;
+          }
+        ;
+        description = ''
+          Attribute set whos fields overwrites fields in settings.json (each
+          time the service starts). String values must be quoted, integer and
+          boolean values must not.
+
+          See https://trac.transmissionbt.com/wiki/EditConfigFiles for documentation
+          and/or look at ${settingsFile}."
+        '';
+      };
+
+      rpc_port = mkOption {
+        type = types.uniq types.int;
+        default = 9091;
+        description = "TCP port number to run the RPC/web interface.";
+      };
+
+      apparmor = mkOption {
+        type = types.uniq types.bool;
+        default = true;
+        description = "Generate apparmor profile for transmission-daemon.";
+      };
+    };
+
+  };
+
+  ### implementation
+
+  config = mkIf cfg.enable {
+
+    systemd.services.transmission = {
+      description = "Transmission BitTorrent Daemon";
+      after = [ "network.target" ] ++ optional (config.security.apparmor.enable && cfg.apparmor) "apparmor.service";
+      requires = mkIf (config.security.apparmor.enable && cfg.apparmor) [ "apparmor.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      # 1) Only the "transmission" user and group have access to torrents.
+      # 2) Optionally update/force specific fields into the configuration file.
+      serviceConfig.ExecStartPre =
+        if cfg.settings != {} then ''
+          ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir} && mkdir -p ${settingsDir} && ${pkgs.transmission}/bin/transmission-daemon -d |& sed ${attrsToSedArgs cfg.settings} > ${settingsFile}.tmp && mv ${settingsFile}.tmp ${settingsFile}"
+        ''
+        else ''
+          ${pkgs.stdenv.shell} -c "chmod 770 ${homeDir}"
+        '';
+      serviceConfig.ExecStart = "${pkgs.transmission}/bin/transmission-daemon -f --port ${toString config.services.transmission.rpc_port}";
+      serviceConfig.ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+      serviceConfig.User = "transmission";
+      # NOTE: transmission has an internal umask that also must be set (in settings.json)
+      serviceConfig.UMask = "0002";
+    };
+
+    # It's useful to have transmission in path, e.g. for remote control
+    environment.systemPackages = [ pkgs.transmission ];
+
+    users.extraUsers.transmission = {
+      group = "transmission";
+      uid = config.ids.uids.transmission;
+      description = "Transmission BitTorrent user";
+      home = homeDir;
+      createHome = true;
+    };
+
+    users.extraGroups.transmission.gid = config.ids.gids.transmission;
+
+    # AppArmor profile
+    security.apparmor.profiles = mkIf (config.security.apparmor.enable && cfg.apparmor) [
+      (pkgs.writeText "apparmor-transmission-daemon" ''
+        #include <tunables/global>
+
+        ${pkgs.transmission}/bin/transmission-daemon {
+          #include <abstractions/base>
+          #include <abstractions/nameservice>
+
+          ${pkgs.glibc}/lib/*.so             mr,
+          ${pkgs.libevent}/lib/libevent*.so* mr,
+          ${pkgs.curl}/lib/libcurl*.so*      mr,
+          ${pkgs.openssl}/lib/libssl*.so*    mr,
+          ${pkgs.openssl}/lib/libcrypto*.so* mr,
+          ${pkgs.zlib}/lib/libz*.so*         mr,
+          ${pkgs.libssh2}/lib/libssh2*.so*   mr,
+
+          @{PROC}/sys/kernel/random/uuid   r,
+          @{PROC}/sys/vm/overcommit_memory r,
+
+          ${pkgs.transmission}/share/transmission/** r,
+
+          owner ${settingsDir}/** rw,
+
+          ${cfg.settings.download-dir}/** rw,
+          ${optionalString cfg.settings.incomplete-dir-enabled ''
+            ${cfg.settings.incomplete-dir}/** rw,
+          ''}
+        }
+      '')
+    ];
+  };
+
+}
diff --git a/nixos/modules/services/ttys/agetty.nix b/nixos/modules/services/ttys/agetty.nix
new file mode 100644
index 000000000000..ae4fa87d4b7b
--- /dev/null
+++ b/nixos/modules/services/ttys/agetty.nix
@@ -0,0 +1,129 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.mingetty = {
+
+      greetingLine = mkOption {
+        type = types.str;
+        default = ''<<< Welcome to NixOS ${config.system.nixosVersion} (\m) - \l >>>'';
+        description = ''
+          Welcome line printed by mingetty.
+        '';
+      };
+
+      helpLine = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Help line printed by mingetty below the welcome line.
+          Used by the installation CD to give some hints on
+          how to proceed.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    # FIXME: these are mostly copy/pasted from the systemd sources,
+    # which some small modifications, which is annoying.
+
+    # Generate a separate job for each tty.
+    systemd.units."getty@.service".text =
+      ''
+        [Unit]
+        Description=Getty on %I
+        Documentation=man:agetty(8)
+        After=systemd-user-sessions.service plymouth-quit-wait.service
+
+        # If additional gettys are spawned during boot then we should make
+        # sure that this is synchronized before getty.target, even though
+        # getty.target didn't actually pull it in.
+        Before=getty.target
+        IgnoreOnIsolate=yes
+
+        ConditionPathExists=/dev/tty0
+
+        [Service]
+        Environment=TERM=linux
+        Environment=LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
+        ExecStart=@${pkgs.utillinux}/sbin/agetty agetty --noclear --login-program ${pkgs.shadow}/bin/login %I 38400
+        Type=idle
+        Restart=always
+        RestartSec=0
+        UtmpIdentifier=%I
+        TTYPath=/dev/%I
+        TTYReset=yes
+        TTYVHangup=yes
+        TTYVTDisallocate=yes # set to no to prevent clearing the screen
+        KillMode=process
+        IgnoreSIGPIPE=no
+
+        # Some login implementations ignore SIGTERM, so we send SIGHUP
+        # instead, to ensure that login terminates cleanly.
+        KillSignal=SIGHUP
+
+        X-RestartIfChanged=false
+      '';
+    
+    systemd.units."serial-getty@.service".text =
+      ''
+        [Unit]
+        Description=Serial Getty on %I
+        Documentation=man:agetty(8) man:systemd-getty-generator(8)
+        BindsTo=dev-%i.device
+        After=dev-%i.device systemd-user-sessions.service plymouth-quit-wait.service
+
+        # If additional gettys are spawned during boot then we should make
+        # sure that this is synchronized before getty.target, even though
+        # getty.target didn't actually pull it in.
+        Before=getty.target
+        IgnoreOnIsolate=yes
+
+        [Service]
+        Environment=TERM=linux
+        Environment=LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive
+        ExecStart=@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login %I 115200,57600,38400,9600
+        Type=idle
+        Restart=always
+        RestartSec=0
+        UtmpIdentifier=%I
+        TTYPath=/dev/%I
+        TTYReset=yes
+        TTYVHangup=yes
+        KillMode=process
+        IgnoreSIGPIPE=no
+
+        # Some login implementations ignore SIGTERM, so we send SIGHUP
+        # instead, to ensure that login terminates cleanly.
+        KillSignal=SIGHUP
+        
+        X-RestartIfChanged=false
+      '';
+
+    environment.etc = singleton
+      { # Friendly greeting on the virtual consoles.
+        source = pkgs.writeText "issue" ''
+
+          ${config.services.mingetty.greetingLine}
+          ${config.services.mingetty.helpLine}
+
+        '';
+        target = "issue";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/ttys/gpm.nix b/nixos/modules/services/ttys/gpm.nix
new file mode 100644
index 000000000000..74cee67aeae9
--- /dev/null
+++ b/nixos/modules/services/ttys/gpm.nix
@@ -0,0 +1,53 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.gpm;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.gpm = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable GPM, the General Purpose Mouse daemon,
+          which enables mouse support in virtual consoles.
+        '';
+      };
+
+      protocol = mkOption {
+        type = types.str;
+        default = "ps/2";
+        description = "Mouse protocol to use.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    jobs.gpm =
+      { description = "General purpose mouse";
+
+        startOn = "started udev";
+
+        exec = "${pkgs.gpm}/sbin/gpm -m /dev/input/mice -t ${cfg.protocol} -D &>/dev/null";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/default.nix b/nixos/modules/services/web-servers/apache-httpd/default.nix
new file mode 100644
index 000000000000..d21b6da0e772
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/default.nix
@@ -0,0 +1,667 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  mainCfg = config.services.httpd;
+
+  httpd = mainCfg.package;
+
+  version24 = !versionOlder httpd.version "2.4";
+
+  httpdConf = mainCfg.configFile;
+
+  php = pkgs.php.override { apacheHttpd = httpd; };
+
+  getPort = cfg: if cfg.port != 0 then cfg.port else if cfg.enableSSL then 443 else 80;
+
+  extraModules = attrByPath ["extraModules"] [] mainCfg;
+  extraForeignModules = filter builtins.isAttrs extraModules;
+  extraApacheModules = filter (x: !(builtins.isAttrs x)) extraModules; # I'd prefer using builtins.isString here, but doesn't exist yet
+
+
+  makeServerInfo = cfg: {
+    # Canonical name must not include a trailing slash.
+    canonicalName =
+      (if cfg.enableSSL then "https" else "http") + "://" +
+      cfg.hostName +
+      (if getPort cfg != (if cfg.enableSSL then 443 else 80) then ":${toString (getPort cfg)}" else "");
+
+    # Admin address: inherit from the main server if not specified for
+    # a virtual host.
+    adminAddr = if cfg.adminAddr != null then cfg.adminAddr else mainCfg.adminAddr;
+
+    vhostConfig = cfg;
+    serverConfig = mainCfg;
+    fullConfig = config; # machine config
+  };
+
+
+  allHosts = [mainCfg] ++ mainCfg.virtualHosts;
+
+
+  callSubservices = serverInfo: defs:
+    let f = svc:
+      let
+        svcFunction =
+          if svc ? function then svc.function
+          else import (toString "${toString ./.}/${if svc ? serviceType then svc.serviceType else svc.serviceName}.nix");
+        config = (evalModules
+          { modules = [ { options = res.options; config = svc.config or svc; } ];
+            check = false;
+          }).config;
+        defaults = {
+          extraConfig = "";
+          extraModules = [];
+          extraModulesPre = [];
+          extraPath = [];
+          extraServerPath = [];
+          globalEnvVars = [];
+          robotsEntries = "";
+          startupScript = "";
+          enablePHP = false;
+          phpOptions = "";
+          options = {};
+        };
+        res = defaults // svcFunction { inherit config pkgs serverInfo php; };
+      in res;
+    in map f defs;
+
+
+  # !!! callSubservices is expensive
+  subservicesFor = cfg: callSubservices (makeServerInfo cfg) cfg.extraSubservices;
+
+  mainSubservices = subservicesFor mainCfg;
+
+  allSubservices = mainSubservices ++ concatMap subservicesFor mainCfg.virtualHosts;
+
+
+  # !!! should be in lib
+  writeTextInDir = name: text:
+    pkgs.runCommand name {inherit text;} "ensureDir $out; echo -n \"$text\" > $out/$name";
+
+
+  enableSSL = any (vhost: vhost.enableSSL) allHosts;
+
+
+  # Names of modules from ${httpd}/modules that we want to load.
+  apacheModules =
+    [ # HTTP authentication mechanisms: basic and digest.
+      "auth_basic" "auth_digest"
+
+      # Authentication: is the user who he claims to be?
+      "authn_file" "authn_dbm" "authn_anon"
+      (if version24 then "authn_core" else "authn_alias")
+
+      # Authorization: is the user allowed access?
+      "authz_user" "authz_groupfile" "authz_host"
+
+      # Other modules.
+      "ext_filter" "include" "log_config" "env" "mime_magic"
+      "cern_meta" "expires" "headers" "usertrack" /* "unique_id" */ "setenvif"
+      "mime" "dav" "status" "autoindex" "asis" "info" "dav_fs"
+      "vhost_alias" "negotiation" "dir" "imagemap" "actions" "speling"
+      "userdir" "alias" "rewrite" "proxy" "proxy_http"
+    ]
+    ++ optionals version24 [
+      "mpm_${mainCfg.multiProcessingModule}"
+      "authz_core"
+      "unixd"
+    ]
+    ++ (if mainCfg.multiProcessingModule == "prefork" then [ "cgi" ] else [ "cgid" ])
+    ++ optional enableSSL "ssl"
+    ++ extraApacheModules;
+
+
+  allDenied = if version24 then ''
+    Require all denied
+  '' else ''
+    Order deny,allow
+    Deny from all
+  '';
+
+  allGranted = if version24 then ''
+    Require all granted
+  '' else ''
+    Order allow,deny
+    Allow from all
+  '';
+
+
+  loggingConf = ''
+    ErrorLog ${mainCfg.logDir}/error_log
+
+    LogLevel notice
+
+    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+    LogFormat "%h %l %u %t \"%r\" %>s %b" common
+    LogFormat "%{Referer}i -> %U" referer
+    LogFormat "%{User-agent}i" agent
+
+    CustomLog ${mainCfg.logDir}/access_log ${mainCfg.logFormat}
+  '';
+
+
+  browserHacks = ''
+    BrowserMatch "Mozilla/2" nokeepalive
+    BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+    BrowserMatch "RealPlayer 4\.0" force-response-1.0
+    BrowserMatch "Java/1\.0" force-response-1.0
+    BrowserMatch "JDK/1\.0" force-response-1.0
+    BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+    BrowserMatch "^WebDrive" redirect-carefully
+    BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+    BrowserMatch "^gnome-vfs" redirect-carefully
+  '';
+
+
+  sslConf = ''
+    SSLSessionCache shm:${mainCfg.stateDir}/ssl_scache(512000)
+
+    SSLMutex posixsem
+
+    SSLRandomSeed startup builtin
+    SSLRandomSeed connect builtin
+  '';
+
+
+  mimeConf = ''
+    TypesConfig ${httpd}/conf/mime.types
+
+    AddType application/x-x509-ca-cert .crt
+    AddType application/x-pkcs7-crl    .crl
+    AddType application/x-httpd-php    .php .phtml
+
+    <IfModule mod_mime_magic.c>
+        MIMEMagicFile ${httpd}/conf/magic
+    </IfModule>
+
+    AddEncoding x-compress Z
+    AddEncoding x-gzip gz tgz
+  '';
+
+
+  perServerConf = isMainServer: cfg: let
+
+    serverInfo = makeServerInfo cfg;
+
+    subservices = callSubservices serverInfo cfg.extraSubservices;
+
+    documentRoot = if cfg.documentRoot != null then cfg.documentRoot else
+      pkgs.runCommand "empty" {} "ensureDir $out";
+
+    documentRootConf = ''
+      DocumentRoot "${documentRoot}"
+
+      <Directory "${documentRoot}">
+          Options Indexes FollowSymLinks
+          AllowOverride None
+          ${allGranted}
+      </Directory>
+    '';
+
+    robotsTxt = pkgs.writeText "robots.txt" ''
+      ${# If this is a vhost, the include the entries for the main server as well.
+        if isMainServer then ""
+        else concatMapStrings (svc: svc.robotsEntries) mainSubservices}
+      ${concatMapStrings (svc: svc.robotsEntries) subservices}
+    '';
+
+    robotsConf = ''
+      Alias /robots.txt ${robotsTxt}
+    '';
+
+  in ''
+    ServerName ${serverInfo.canonicalName}
+
+    ${concatMapStrings (alias: "ServerAlias ${alias}\n") cfg.serverAliases}
+
+    ${if cfg.sslServerCert != null then ''
+      SSLCertificateFile ${cfg.sslServerCert}
+      SSLCertificateKeyFile ${cfg.sslServerKey}
+    '' else ""}
+
+    ${if cfg.enableSSL then ''
+      SSLEngine on
+    '' else if enableSSL then /* i.e., SSL is enabled for some host, but not this one */
+    ''
+      SSLEngine off
+    '' else ""}
+
+    ${if isMainServer || cfg.adminAddr != null then ''
+      ServerAdmin ${cfg.adminAddr}
+    '' else ""}
+
+    ${if !isMainServer && mainCfg.logPerVirtualHost then ''
+      ErrorLog ${mainCfg.logDir}/error_log-${cfg.hostName}
+      CustomLog ${mainCfg.logDir}/access_log-${cfg.hostName} ${cfg.logFormat}
+    '' else ""}
+
+    ${robotsConf}
+
+    ${if isMainServer || cfg.documentRoot != null then documentRootConf else ""}
+
+    ${if cfg.enableUserDir then ''
+
+      UserDir public_html
+      UserDir disabled root
+
+      <Directory "/home/*/public_html">
+          AllowOverride FileInfo AuthConfig Limit Indexes
+          Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+          <Limit GET POST OPTIONS>
+              ${allGranted}
+          </Limit>
+          <LimitExcept GET POST OPTIONS>
+              ${allDenied}
+          </LimitExcept>
+      </Directory>
+
+    '' else ""}
+
+    ${if cfg.globalRedirect != null then ''
+      RedirectPermanent / ${cfg.globalRedirect}
+    '' else ""}
+
+    ${
+      let makeFileConf = elem: ''
+            Alias ${elem.urlPath} ${elem.file}
+          '';
+      in concatMapStrings makeFileConf cfg.servedFiles
+    }
+
+    ${
+      let makeDirConf = elem: ''
+            Alias ${elem.urlPath} ${elem.dir}/
+            <Directory ${elem.dir}>
+                Options +Indexes
+                ${allGranted}
+                AllowOverride All
+            </Directory>
+          '';
+      in concatMapStrings makeDirConf cfg.servedDirs
+    }
+
+    ${concatMapStrings (svc: svc.extraConfig) subservices}
+
+    ${cfg.extraConfig}
+  '';
+
+
+  confFile = pkgs.writeText "httpd.conf" ''
+
+    ServerRoot ${httpd}
+
+    ${optionalString version24 ''
+      DefaultRuntimeDir ${mainCfg.stateDir}/runtime
+    ''}
+
+    PidFile ${mainCfg.stateDir}/httpd.pid
+
+    ${optionalString (mainCfg.multiProcessingModule != "prefork") ''
+      # mod_cgid requires this.
+      ScriptSock ${mainCfg.stateDir}/cgisock
+    ''}
+
+    <IfModule prefork.c>
+        MaxClients           ${toString mainCfg.maxClients}
+        MaxRequestsPerChild  ${toString mainCfg.maxRequestsPerChild}
+    </IfModule>
+
+    ${let
+        ports = map getPort allHosts;
+        uniquePorts = uniqList {inputList = ports;};
+      in concatMapStrings (port: "Listen ${toString port}\n") uniquePorts
+    }
+
+    User ${mainCfg.user}
+    Group ${mainCfg.group}
+
+    ${let
+        load = {name, path}: "LoadModule ${name}_module ${path}\n";
+        allModules =
+          concatMap (svc: svc.extraModulesPre) allSubservices
+          ++ map (name: {inherit name; path = "${httpd}/modules/mod_${name}.so";}) apacheModules
+          ++ optional enablePHP { name = "php5"; path = "${php}/modules/libphp5.so"; }
+          ++ concatMap (svc: svc.extraModules) allSubservices
+          ++ extraForeignModules;
+      in concatMapStrings load allModules
+    }
+
+    AddHandler type-map var
+
+    <Files ~ "^\.ht">
+        ${allDenied}
+    </Files>
+
+    ${mimeConf}
+    ${loggingConf}
+    ${browserHacks}
+
+    Include ${httpd}/conf/extra/httpd-default.conf
+    Include ${httpd}/conf/extra/httpd-autoindex.conf
+    Include ${httpd}/conf/extra/httpd-multilang-errordoc.conf
+    Include ${httpd}/conf/extra/httpd-languages.conf
+
+    ${if enableSSL then sslConf else ""}
+
+    # Fascist default - deny access to everything.
+    <Directory />
+        Options FollowSymLinks
+        AllowOverride None
+        ${allDenied}
+    </Directory>
+
+    # But do allow access to files in the store so that we don't have
+    # to generate <Directory> clauses for every generated file that we
+    # want to serve.
+    <Directory /nix/store>
+        ${allGranted}
+    </Directory>
+
+    # Generate directives for the main server.
+    ${perServerConf true mainCfg}
+
+    # Always enable virtual hosts; it doesn't seem to hurt.
+    ${let
+        ports = map getPort allHosts;
+        uniquePorts = uniqList {inputList = ports;};
+        directives = concatMapStrings (port: "NameVirtualHost *:${toString port}\n") uniquePorts;
+      in optionalString (!version24) directives
+    }
+
+    ${let
+        makeVirtualHost = vhost: ''
+          <VirtualHost *:${toString (getPort vhost)}>
+              ${perServerConf false vhost}
+          </VirtualHost>
+        '';
+      in concatMapStrings makeVirtualHost mainCfg.virtualHosts
+    }
+  '';
+
+
+  enablePHP = any (svc: svc.enablePHP) allSubservices;
+
+
+  # Generate the PHP configuration file.  Should probably be factored
+  # out into a separate module.
+  phpIni = pkgs.runCommand "php.ini"
+    { options = concatStringsSep "\n"
+        ([ mainCfg.phpOptions ] ++ (map (svc: svc.phpOptions) allSubservices));
+    }
+    ''
+      cat ${php}/etc/php-recommended.ini > $out
+      echo "$options" >> $out
+    '';
+
+in
+
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.httpd = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the Apache HTTP Server.";
+      };
+
+      package = mkOption {
+        type = types.path;
+        default = pkgs.apacheHttpd.override { mpm = mainCfg.multiProcessingModule; };
+        example = "pkgs.apacheHttpd_2_4";
+        description = ''
+          Overridable attribute of the Apache HTTP Server package to use.
+        '';
+      };
+
+      configFile = mkOption {
+        type = types.path;
+        default = confFile;
+        example = literalExample ''pkgs.writeText "httpd.conf" "# my custom config file ...";'';
+        description = ''
+          Override the configuration file used by Apache. By default,
+          NixOS generates one automatically.
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Cnfiguration lines appended to the generated Apache
+          configuration file. Note that this mechanism may not work
+          when <option>configFile</option> is overridden.
+        '';
+      };
+
+      extraModules = mkOption {
+        type = types.listOf types.unspecified;
+        default = [];
+        example = literalExample ''[ "proxy_connect" { name = "php5"; path = "''${php}/modules/libphp5.so"; } ]'';
+        description = ''
+          Additional Apache modules to be used.  These can be
+          specified as a string in the case of modules distributed
+          with Apache, or as an attribute set specifying the
+          <varname>name</varname> and <varname>path</varname> of the
+          module.
+        '';
+      };
+
+      logPerVirtualHost = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          If enabled, each virtual host gets its own
+          <filename>access_log</filename> and
+          <filename>error_log</filename>, namely suffixed by the
+          <option>hostName</option> of the virtual host.
+        '';
+      };
+
+      user = mkOption {
+        type = types.str;
+        default = "wwwrun";
+        description = ''
+          User account under which httpd runs.  The account is created
+          automatically if it doesn't exist.
+        '';
+      };
+
+      group = mkOption {
+        type = types.str;
+        default = "wwwrun";
+        description = ''
+          Group under which httpd runs.  The account is created
+          automatically if it doesn't exist.
+        '';
+      };
+
+      logDir = mkOption {
+        type = types.path;
+        default = "/var/log/httpd";
+        description = ''
+          Directory for Apache's log files.  It is created automatically.
+        '';
+      };
+
+      stateDir = mkOption {
+        type = types.path;
+        default = "/run/httpd";
+        description = ''
+          Directory for Apache's transient runtime state (such as PID
+          files).  It is created automatically.  Note that the default,
+          <filename>/run/httpd</filename>, is deleted at boot time.
+        '';
+      };
+
+      virtualHosts = mkOption {
+        type = types.listOf (types.submodule (
+          { options = import ./per-server-options.nix {
+              inherit pkgs;
+              forMainServer = false;
+            };
+          }));
+        default = [];
+        example = [
+          { hostName = "foo";
+            documentRoot = "/data/webroot-foo";
+          }
+          { hostName = "bar";
+            documentRoot = "/data/webroot-bar";
+          }
+        ];
+        description = ''
+          Specification of the virtual hosts served by Apache.  Each
+          element should be an attribute set specifying the
+          configuration of the virtual host.  The available options
+          are the non-global options permissible for the main host.
+        '';
+      };
+
+      phpOptions = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            date.timezone = "CET"
+          '';
+        description =
+          "Options appended to the PHP configuration file <filename>php.ini</filename>.";
+      };
+
+      multiProcessingModule = mkOption {
+        type = types.str;
+        default = "prefork";
+        example = "worker";
+        description =
+          ''
+            Multi-processing module to be used by Apache.  Available
+            modules are <literal>prefork</literal> (the default;
+            handles each request in a separate child process),
+            <literal>worker</literal> (hybrid approach that starts a
+            number of child processes each running a number of
+            threads) and <literal>event</literal> (a recent variant of
+            <literal>worker</literal> that handles persistent
+            connections more efficiently).
+          '';
+      };
+
+      maxClients = mkOption {
+        type = types.int;
+        default = 150;
+        example = 8;
+        description = "Maximum number of httpd processes (prefork)";
+      };
+
+      maxRequestsPerChild = mkOption {
+        type = types.int;
+        default = 0;
+        example = 500;
+        description =
+          "Maximum number of httpd requests answered per httpd child (prefork), 0 means unlimited";
+      };
+    }
+
+    # Include the options shared between the main server and virtual hosts.
+    // (import ./per-server-options.nix {
+      inherit pkgs;
+      forMainServer = true;
+    });
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.httpd.enable {
+
+    users.extraUsers = optionalAttrs (mainCfg.user == "wwwrun") singleton
+      { name = "wwwrun";
+        group = "wwwrun";
+        description = "Apache httpd user";
+        uid = config.ids.uids.wwwrun;
+      };
+
+    users.extraGroups = optionalAttrs (mainCfg.group == "wwwrun") singleton
+      { name = "wwwrun";
+        gid = config.ids.gids.wwwrun;
+      };
+
+    environment.systemPackages = [httpd] ++ concatMap (svc: svc.extraPath) allSubservices;
+
+    services.httpd.phpOptions =
+      ''
+        ; Needed for PHP's mail() function.
+        sendmail_path = sendmail -t -i
+
+        ; Apparently PHP doesn't use $TZ.
+        date.timezone = "${config.time.timeZone}"
+      '';
+
+    systemd.services.httpd =
+      { description = "Apache HTTPD";
+
+        wantedBy = [ "multi-user.target" ];
+        requires = [ "keys.target" ];
+        after = [ "network.target" "fs.target" "postgresql.service" "keys.target" ];
+
+        path =
+          [ httpd pkgs.coreutils pkgs.gnugrep ]
+          ++ # Needed for PHP's mail() function.  !!! Probably the
+             # ssmtp module should export the path to sendmail in
+             # some way.
+             optional config.networking.defaultMailServer.directDelivery pkgs.ssmtp
+          ++ concatMap (svc: svc.extraServerPath) allSubservices;
+
+        environment =
+          { PHPRC = if enablePHP then phpIni else "";
+          } // (listToAttrs (concatMap (svc: svc.globalEnvVars) allSubservices));
+
+        preStart =
+          ''
+            mkdir -m 0750 -p ${mainCfg.stateDir}
+            chown root.${mainCfg.group} ${mainCfg.stateDir}
+            ${optionalString version24 ''
+              mkdir -m 0750 -p "${mainCfg.stateDir}/runtime"
+              chown root.${mainCfg.group} "${mainCfg.stateDir}/runtime"
+            ''}
+            mkdir -m 0700 -p ${mainCfg.logDir}
+
+            ${optionalString (mainCfg.documentRoot != null)
+            ''
+              # Create the document root directory if does not exists yet
+              mkdir -p ${mainCfg.documentRoot}
+            ''
+            }
+
+            # Get rid of old semaphores.  These tend to accumulate across
+            # server restarts, eventually preventing it from restarting
+            # successfully.
+            for i in $(${pkgs.utillinux}/bin/ipcs -s | grep ' ${mainCfg.user} ' | cut -f2 -d ' '); do
+                ${pkgs.utillinux}/bin/ipcrm -s $i
+            done
+
+            # Run the startup hooks for the subservices.
+            for i in ${toString (map (svn: svn.startupScript) allSubservices)}; do
+                echo Running Apache startup hook $i...
+                $i
+            done
+          '';
+
+        serviceConfig.ExecStart = "@${httpd}/bin/httpd httpd -f ${httpdConf}";
+        serviceConfig.ExecStop = "${httpd}/bin/httpd -f ${httpdConf} -k graceful-stop";
+        serviceConfig.Type = "forking";
+        serviceConfig.Restart = "always";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
new file mode 100644
index 000000000000..dcc05b03891b
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/mediawiki.nix
@@ -0,0 +1,303 @@
+{ config, pkgs, serverInfo, php, ... }:
+
+with pkgs.lib;
+
+let
+
+  mediawikiConfig = pkgs.writeText "LocalSettings.php"
+    ''
+      <?php
+        # Copied verbatim from the default (generated) LocalSettings.php.
+        if( defined( 'MW_INSTALL_PATH' ) ) {
+                $IP = MW_INSTALL_PATH;
+        } else {
+                $IP = dirname( __FILE__ );
+        }
+
+        $path = array( $IP, "$IP/includes", "$IP/languages" );
+        set_include_path( implode( PATH_SEPARATOR, $path ) . PATH_SEPARATOR . get_include_path() );
+
+        require_once( "$IP/includes/DefaultSettings.php" );
+
+        if ( $wgCommandLineMode ) {
+                if ( isset( $_SERVER ) && array_key_exists( 'REQUEST_METHOD', $_SERVER ) ) {
+                        die( "This script must be run from the command line\n" );
+                }
+        }
+
+        $wgScriptPath = "${config.urlPrefix}";
+
+        # We probably need to set $wgSecretKey and $wgCacheEpoch.
+
+        # Paths to external programs.
+        $wgDiff3 = "${pkgs.diffutils}/bin/diff3";
+        $wgDiff = "${pkgs.diffutils}/bin/diff";
+        $wgImageMagickConvertCommand = "${pkgs.imagemagick}/bin/convert";
+
+        #$wgDebugLogFile = "/tmp/mediawiki_debug_log.txt";
+
+        # Database configuration.
+        $wgDBtype = "${config.dbType}";
+        $wgDBserver = "${config.dbServer}";
+        $wgDBuser = "${config.dbUser}";
+        $wgDBpassword = "${config.dbPassword}";
+        $wgDBname = "${config.dbName}";
+
+        # E-mail.
+        $wgEmergencyContact = "${config.emergencyContact}";
+        $wgPasswordSender = "${config.passwordSender}";
+
+        $wgSitename = "${config.siteName}";
+
+        ${optionalString (config.logo != "") ''
+          $wgLogo = "${config.logo}";
+        ''}
+
+        ${optionalString (config.articleUrlPrefix != "") ''
+          $wgArticlePath = "${config.articleUrlPrefix}/$1";
+        ''}
+
+        ${optionalString config.enableUploads ''
+          $wgEnableUploads = true;
+          $wgUploadDirectory = "${config.uploadDir}";
+        ''}
+
+        ${optionalString (config.defaultSkin != "") ''
+          $wgDefaultSkin = "${config.defaultSkin}";
+        ''}
+
+        ${config.extraConfig}
+      ?>
+    '';
+
+  # Unpack Mediawiki and put the config file in its root directory.
+  mediawikiRoot = pkgs.stdenv.mkDerivation rec {
+    name= "mediawiki-1.20.5";
+
+    src = pkgs.fetchurl {
+      url = "http://download.wikimedia.org/mediawiki/1.20/${name}.tar.gz";
+      sha256 = "0ix6khrilfdncjqnh41xjs0bd49i1q0rywycjaixjfpwj6vjbqbl";
+    };
+
+    skins = config.skins;
+
+    buildPhase =
+      ''
+        for skin in $skins; do
+          cp -prvd $skin/* skins/
+        done
+      ''; # */
+
+    installPhase =
+      ''
+        ensureDir $out
+        cp -r * $out
+        cp ${mediawikiConfig} $out/LocalSettings.php
+      '';
+  };
+
+  mediawikiScripts = pkgs.runCommand "mediawiki-${config.id}-scripts"
+    { buildInputs = [ pkgs.makeWrapper ]; }
+    ''
+      ensureDir $out/bin
+      for i in changePassword.php createAndPromote.php userOptions.php edit.php nukePage.php update.php; do
+        makeWrapper ${php}/bin/php $out/bin/mediawiki-${config.id}-$(basename $i .php) \
+          --add-flags ${mediawikiRoot}/maintenance/$i
+      done
+    '';
+
+in
+
+{
+
+  extraConfig =
+    ''
+      ${optionalString config.enableUploads ''
+        Alias ${config.urlPrefix}/images ${config.uploadDir}
+
+        <Directory ${config.uploadDir}>
+            Order allow,deny
+            Allow from all
+            Options -Indexes
+        </Directory>
+      ''}
+
+      Alias ${config.urlPrefix} ${mediawikiRoot}
+
+      <Directory ${mediawikiRoot}>
+          Order allow,deny
+          Allow from all
+          DirectoryIndex index.php
+      </Directory>
+
+      ${optionalString (config.articleUrlPrefix != "") ''
+        Alias ${config.articleUrlPrefix} ${mediawikiRoot}/index.php
+      ''}
+    '';
+
+  enablePHP = true;
+
+  options = {
+
+    id = mkOption {
+      default = "main";
+      description = ''
+        A unique identifier necessary to keep multiple MediaWiki server
+        instances on the same machine apart.  This is used to
+        disambiguate the administrative scripts, which get names like
+        mediawiki-$id-change-password.
+      '';
+    };
+
+    dbType = mkOption {
+      default = "postgres";
+      example = "mysql";
+      description = "Database type.";
+    };
+
+    dbName = mkOption {
+      default = "mediawiki";
+      description = "Name of the database that holds the MediaWiki data.";
+    };
+
+    dbServer = mkOption {
+      default = ""; # use a Unix domain socket
+      example = "10.0.2.2";
+      description = ''
+        The location of the database server.  Leave empty to use a
+        database server running on the same machine through a Unix
+        domain socket.
+      '';
+    };
+
+    dbUser = mkOption {
+      default = "mediawiki";
+      description = "The user name for accessing the database.";
+    };
+
+    dbPassword = mkOption {
+      default = "";
+      example = "foobar";
+      description = ''
+        The password of the database user.  Warning: this is stored in
+        cleartext in the Nix store!
+      '';
+    };
+
+    emergencyContact = mkOption {
+      default = serverInfo.serverConfig.adminAddr;
+      example = "admin@example.com";
+      description = ''
+        Emergency contact e-mail address.  Defaults to the Apache
+        admin address.
+      '';
+    };
+
+    passwordSender = mkOption {
+      default = serverInfo.serverConfig.adminAddr;
+      example = "password@example.com";
+      description = ''
+        E-mail address from which password confirmations originate.
+        Defaults to the Apache admin address.
+      '';
+    };
+
+    siteName = mkOption {
+      default = "MediaWiki";
+      example = "Foobar Wiki";
+      description = "Name of the wiki";
+    };
+
+    logo = mkOption {
+      default = "";
+      example = "/images/logo.png";
+      description = "The URL of the site's logo (which should be a 135x135px image).";
+    };
+
+    urlPrefix = mkOption {
+      default = "/w";
+      description = ''
+        The URL prefix under which the Mediawiki service appears.
+      '';
+    };
+
+    articleUrlPrefix = mkOption {
+      default = "/wiki";
+      example = "";
+      description = ''
+        The URL prefix under which article pages appear,
+        e.g. http://server/wiki/Page.  Leave empty to use the main URL
+        prefix, e.g. http://server/w/index.php?title=Page.
+      '';
+    };
+
+    enableUploads = mkOption {
+      default = false;
+      description = "Whether to enable file uploads.";
+    };
+
+    uploadDir = mkOption {
+      default = throw "You must specify `uploadDir'.";
+      example = "/data/mediawiki-upload";
+      description = "The directory that stores uploaded files.";
+    };
+
+    defaultSkin = mkOption {
+      default = "";
+      example = "nostalgia";
+      description = "Set this value to change the default skin used by MediaWiki.";
+    };
+
+    skins = mkOption {
+      default = [];
+      type = types.listOf types.path;
+      description =
+        ''
+          List of paths whose content is copied to the ‘skins’
+          subdirectory of the MediaWiki installation.
+        '';
+    };
+
+    extraConfig = mkOption {
+      default = "";
+      example =
+        ''
+          $wgEnableEmail = false;
+        '';
+      description = ''
+        Any additional text to be appended to MediaWiki's
+        configuration file.  This is a PHP script.  For configuration
+        settings, see <link xlink:href='http://www.mediawiki.org/wiki/Manual:Configuration_settings'/>.
+      '';
+    };
+
+  };
+
+  extraPath = [ mediawikiScripts ];
+
+  # !!! Need to specify that Apache has a dependency on PostgreSQL!
+
+  startupScript = pkgs.writeScript "mediawiki_startup.sh"
+    # Initialise the database automagically if we're using a Postgres
+    # server on localhost.
+    (optionalString (config.dbType == "postgres" && config.dbServer == "") ''
+      if ! ${pkgs.postgresql}/bin/psql -l | grep -q ' ${config.dbName} ' ; then
+          ${pkgs.postgresql}/bin/createuser --no-superuser --no-createdb --no-createrole "${config.dbUser}" || true
+          ${pkgs.postgresql}/bin/createdb "${config.dbName}" -O "${config.dbUser}"
+          ( echo 'CREATE LANGUAGE plpgsql;'
+            cat ${mediawikiRoot}/maintenance/postgres/tables.sql
+            echo 'CREATE TEXT SEARCH CONFIGURATION public.default ( COPY = pg_catalog.english );'
+            echo COMMIT
+          ) | ${pkgs.postgresql}/bin/psql -U "${config.dbUser}" "${config.dbName}"
+      fi
+    '');
+
+  robotsEntries = optionalString (config.articleUrlPrefix != "")
+    ''
+      User-agent: *
+      Disallow: ${config.urlPrefix}/
+      Disallow: ${config.articleUrlPrefix}/Special:Search
+      Disallow: ${config.articleUrlPrefix}/Special:Random
+    '';
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/mercurial.nix b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix
new file mode 100644
index 000000000000..755b595c783d
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/mercurial.nix
@@ -0,0 +1,75 @@
+{ config, pkgs, serverInfo, ... }:
+
+let
+  inherit (pkgs) mercurial;
+  inherit (pkgs.lib) mkOption;
+
+  urlPrefix = config.urlPrefix;
+
+  cgi = pkgs.stdenv.mkDerivation {
+    name = "mercurial-cgi";
+    buildCommand = ''
+      ensureDir $out
+      cp -v ${mercurial}/share/cgi-bin/hgweb.cgi $out
+      sed -i "s|/path/to/repo/or/config|$out/hgweb.config|" $out/hgweb.cgi
+      echo "
+      [collections]
+      ${config.dataDir} = ${config.dataDir}
+      [web]
+      style = gitweb
+      allow_push = *
+      " > $out/hgweb.config
+    '';
+  };
+
+in {
+
+  extraConfig = ''
+    RewriteEngine on
+    RewriteRule /(.*) ${cgi}/hgweb.cgi/$1
+
+    <Location "${urlPrefix}">
+        AuthType Basic
+        AuthName "Mercurial repositories"
+        AuthUserFile ${config.dataDir}/hgusers
+        <LimitExcept GET>
+            Require valid-user
+        </LimitExcept>
+    </Location>
+    <Directory "${cgi}">
+        Order allow,deny
+        Allow from all
+        AllowOverride All
+        Options ExecCGI
+        AddHandler cgi-script .cgi
+        PassEnv PYTHONPATH
+    </Directory>
+  '';
+
+  robotsEntries = ''
+    User-agent: *
+    Disallow: ${urlPrefix}
+  '';
+
+  extraServerPath = [ pkgs.python ];
+
+  globalEnvVars = [ { name = "PYTHONPATH"; value = "${mercurial}/lib/${pkgs.python.libPrefix}/site-packages"; } ];
+
+  options = {
+    urlPrefix = mkOption {
+      default = "/hg";
+      description = "
+        The URL prefix under which the Mercurial service appears.
+        Use the empty string to have it appear in the server root.
+      ";
+    };
+
+    dataDir = mkOption {
+      example = "/data/mercurial";
+      description = "
+        Path to the directory that holds the repositories.
+      ";
+    };
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix
new file mode 100644
index 000000000000..53f34e28c27e
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/per-server-options.nix
@@ -0,0 +1,150 @@
+# This file defines the options that can be used both for the Apache
+# main server configuration, and for the virtual hosts.  (The latter
+# has additional options that affect the web server as a whole, like
+# the user/group to run under.)
+
+{ forMainServer, pkgs }:
+
+with pkgs.lib;
+
+{
+
+  hostName = mkOption {
+    type = types.str;
+    default = "localhost";
+    description = "Canonical hostname for the server.";
+  };
+
+  serverAliases = mkOption {
+    type = types.listOf types.str;
+    default = [];
+    example = ["www.example.org" "www.example.org:8080" "example.org"];
+    description = ''
+      Additional names of virtual hosts served by this virtual host configuration.
+    '';
+  };
+
+  port = mkOption {
+    type = types.int;
+    default = 0;
+    description = ''
+      Port for the server.  0 means use the default port: 80 for http
+      and 443 for https (i.e. when enableSSL is set).
+    '';
+  };
+
+  enableSSL = mkOption {
+    type = types.bool;
+    default = false;
+    description = "Whether to enable SSL (https) support.";
+  };
+
+  # Note: sslServerCert and sslServerKey can be left empty, but this
+  # only makes sense for virtual hosts (they will inherit from the
+  # main server).
+
+  sslServerCert = mkOption {
+    type = types.nullOr types.path;
+    default = null;
+    example = "/var/host.cert";
+    description = "Path to server SSL certificate.";
+  };
+
+  sslServerKey = mkOption {
+    type = types.path;
+    example = "/var/host.key";
+    description = "Path to server SSL certificate key.";
+  };
+
+  adminAddr = mkOption ({
+    type = types.nullOr types.str;
+    example = "admin@example.org";
+    description = "E-mail address of the server administrator.";
+  } // (if forMainServer then {} else {default = null;}));
+
+  documentRoot = mkOption {
+    type = types.nullOr types.path;
+    default = null;
+    example = "/data/webserver/docs";
+    description = ''
+      The path of Apache's document root directory.  If left undefined,
+      an empty directory in the Nix store will be used as root.
+    '';
+  };
+
+  servedDirs = mkOption {
+    type = types.listOf types.attrs;
+    default = [];
+    example = [
+      { urlPath = "/nix";
+        dir = "/home/eelco/Dev/nix-homepage";
+      }
+    ];
+    description = ''
+      This option provides a simple way to serve static directories.
+    '';
+  };
+
+  servedFiles = mkOption {
+    type = types.listOf types.attrs;
+    default = [];
+    example = [
+      { urlPath = "/foo/bar.png";
+        dir = "/home/eelco/some-file.png";
+      }
+    ];
+    description = ''
+      This option provides a simple way to serve individual, static files.
+    '';
+  };
+
+  extraConfig = mkOption {
+    type = types.lines;
+    default = "";
+    example = ''
+      <Directory /home>
+        Options FollowSymlinks
+        AllowOverride All
+      </Directory>
+    '';
+    description = ''
+      These lines go to httpd.conf verbatim. They will go after
+      directories and directory aliases defined by default.
+    '';
+  };
+
+  extraSubservices = mkOption {
+    type = types.listOf types.unspecified;
+    default = [];
+    description = "Extra subservices to enable in the webserver.";
+  };
+
+  enableUserDir = mkOption {
+    type = types.bool;
+    default = false;
+    description = ''
+      Whether to enable serving <filename>~/public_html</filename> as
+      <literal>/~<replaceable>username</replaceable></literal>.
+    '';
+  };
+
+  globalRedirect = mkOption {
+    type = types.nullOr types.str;
+    default = null;
+    example = http://newserver.example.org/;
+    description = ''
+      If set, all requests for this host are redirected permanently to
+      the given URL.
+    '';
+  };
+
+  logFormat = mkOption {
+    type = types.str;
+    default = "common";
+    example = "combined";
+    description = "
+      Log format for Apache's log files. Possible values are: combined, common, referer, agent.
+    ";
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix b/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix
new file mode 100644
index 000000000000..1b754cf025eb
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/tomcat-connector.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, serverInfo, ... }:
+
+let
+  extraWorkersProperties = pkgs.lib.optionalString (config ? extraWorkersProperties) config.extraWorkersProperties;
+  
+  workersProperties = pkgs.writeText "workers.properties" ''
+# Define list of workers that will be used
+# for mapping requests
+# The configuration directives are valid
+# for the mod_jk version 1.2.18 and later
+#
+worker.list=loadbalancer,status
+
+# Define Node1
+# modify the host as your host IP or DNS name.
+worker.node1.port=8009
+worker.node1.host=localhost
+worker.node1.type=ajp13
+worker.node1.lbfactor=1
+
+# Load-balancing behaviour
+worker.loadbalancer.type=lb
+worker.loadbalancer.balance_workers=node1
+
+# Status worker for managing load balancer
+worker.status.type=status
+
+${extraWorkersProperties}
+  '';
+in
+{
+  extraModules = [
+    { name = "jk"; path = "${pkgs.tomcat_connectors}/modules/mod_jk.so"; }
+  ];
+
+  extraConfig = ''
+# Where to find workers.properties
+JkWorkersFile ${workersProperties}
+
+# Where to put jk logs
+JkLogFile ${serverInfo.serverConfig.logDir}/mod_jk.log
+
+# Set the jk log level [debug/error/info]
+JkLogLevel info
+
+# Select the log format
+JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
+
+# JkOptions indicates to send SSK KEY SIZE
+# Note: Changed from +ForwardURICompat.
+# See http://tomcat.apache.org/security-jk.html
+JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories
+
+# JkRequestLogFormat
+JkRequestLogFormat "%w %V %T"
+
+# Mount your applications
+JkMount /__application__/* loadbalancer
+
+# You can use external file for mount points.
+# It will be checked for updates each 60 seconds.
+# The format of the file is: /url=worker
+# /examples/*=loadbalancer
+#JkMountFile uriworkermap.properties
+
+# Add shared memory.
+# This directive is present with 1.2.10 and
+# later versions of mod_jk, and is needed for
+# for load balancing to work properly
+# Note: Replaced JkShmFile logs/jk.shm due to SELinux issues. Refer to
+# https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=225452
+JkShmFile ${serverInfo.serverConfig.stateDir}/jk.shm
+
+# Static files in all Tomcat webapp context directories are served by apache
+JkAutoAlias /var/tomcat/webapps
+
+# All requests go to worker by default
+JkMount /* loadbalancer
+# Serve some static files using httpd
+#JkUnMount /*.html loadbalancer
+#JkUnMount /*.jpg  loadbalancer
+#JkUnMount /*.gif  loadbalancer
+#JkUnMount /*.css  loadbalancer
+#JkUnMount /*.png  loadbalancer
+#JkUnMount /*.js  loadbalancer
+
+# Add jkstatus for managing runtime data
+<Location /jkstatus/>
+JkMount status
+Order deny,allow
+Deny from all
+Allow from 127.0.0.1
+</Location>
+  '';
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/trac.nix b/nixos/modules/services/web-servers/apache-httpd/trac.nix
new file mode 100644
index 000000000000..dc82fd34f2fa
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/trac.nix
@@ -0,0 +1,121 @@
+{ config, pkgs, serverInfo, ... }:
+
+with pkgs.lib;
+
+let
+
+  # Build a Subversion instance with Apache modules and Swig/Python bindings.
+  subversion = pkgs.subversion.override (origArgs: {
+    bdbSupport = true;
+    httpServer = true;
+    sslSupport = true;
+    compressionSupport = true;
+    pythonBindings = true;
+  });
+
+  pythonLib = p: "${p}/";
+
+in
+
+{
+
+  options = {
+
+    projectsLocation = mkOption {
+      description = "URL path in which Trac projects can be accessed";
+      default = "/projects";
+    };
+
+    projects = mkOption {
+      description = "List of projects that should be provided by Trac. If they are not defined yet empty projects are created.";
+      default = [];
+      example =
+        [ { identifier = "myproject";
+            name = "My Project";
+            databaseURL="postgres://root:password@/tracdb";
+            subversionRepository="/data/subversion/myproject";
+          }
+        ];
+    };
+
+    user = mkOption {
+      default = "wwwrun";
+      description = "User account under which Trac runs.";
+    };
+
+    group = mkOption {
+      default = "wwwrun";
+      description = "Group under which Trac runs.";
+    };
+
+    ldapAuthentication = {
+      enable = mkOption {
+        default = false;
+        description = "Enable the ldap authentication in trac";
+      };
+
+      url = mkOption {
+        default = "ldap://127.0.0.1/dc=example,dc=co,dc=ke?uid?sub?(objectClass=inetOrgPerson)";
+        description = "URL of the LDAP authentication";
+      };
+
+      name = mkOption {
+        default = "Trac server";
+        description = "AuthName";
+      };
+    };
+
+  };
+
+  extraModules = singleton
+    { name = "python"; path = "${pkgs.mod_python}/modules/mod_python.so"; };
+
+  extraConfig = ''
+    <Location ${config.projectsLocation}>
+      SetHandler mod_python
+      PythonHandler trac.web.modpython_frontend
+      PythonOption TracEnvParentDir /var/trac/projects
+      PythonOption TracUriRoot ${config.projectsLocation}
+      PythonOption PYTHON_EGG_CACHE /var/trac/egg-cache
+    </Location>
+    ${if config.ldapAuthentication.enable then ''
+      <LocationMatch "^${config.projectsLocation}[^/]+/login$">
+        AuthType Basic
+        AuthName "${config.ldapAuthentication.name}"
+        AuthBasicProvider "ldap"
+        AuthLDAPURL "${config.ldapAuthentication.url}"
+        authzldapauthoritative Off
+        require valid-user
+      </LocationMatch>
+    '' else ""}
+  '';
+
+  globalEnvVars = singleton
+    { name = "PYTHONPATH";
+      value =
+        makeSearchPath "lib/${pkgs.python.libPrefix}/site-packages"
+          [ pkgs.mod_python
+            pkgs.pythonPackages.trac
+            pkgs.setuptools
+            pkgs.pythonPackages.genshi
+            pkgs.pythonPackages.psycopg2
+            pkgs.python.modules.sqlite3
+            subversion
+          ];
+    };
+
+  startupScript = pkgs.writeScript "activateTrac" ''
+    mkdir -p /var/trac
+    chown ${config.user}:${config.group} /var/trac
+
+    ${concatMapStrings (project:
+      ''
+        if [ ! -d /var/trac/${project.identifier} ]
+        then
+            export PYTHONPATH=${pkgs.pythonPackages.psycopg2}/lib/${pkgs.python.libPrefix}/site-packages
+            ${pkgs.pythonPackages.trac}/bin/trac-admin /var/trac/${project.identifier} initenv "${project.name}" "${project.databaseURL}" svn "${project.subversionRepository}"
+        fi
+      '' ) (config.projects)}
+  '';
+
+}
diff --git a/nixos/modules/services/web-servers/apache-httpd/zabbix.nix b/nixos/modules/services/web-servers/apache-httpd/zabbix.nix
new file mode 100644
index 000000000000..a6e6042fdf6d
--- /dev/null
+++ b/nixos/modules/services/web-servers/apache-httpd/zabbix.nix
@@ -0,0 +1,82 @@
+{ config, pkgs, serverInfo, ... }:
+
+let
+
+  # The Zabbix PHP frontend needs to be able to write its
+  # configuration settings (the connection info to the database) to
+  # the "conf" subdirectory.  So symlink $out/conf to some directory
+  # outside of the Nix store where we want to keep this stateful info.
+  # Note that different instances of the frontend will therefore end
+  # up with their own copies of the PHP sources.  !!! Alternatively,
+  # we could generate zabbix.conf.php declaratively.
+  zabbixPHP = pkgs.runCommand "${pkgs.zabbix.server.name}-php" {}
+    ''
+      cp -rs ${pkgs.zabbix.server}/share/zabbix/php "$out"
+      chmod -R u+w $out
+      ln -s "${if config.configFile == null
+               then "${config.stateDir}/zabbix.conf.php"
+               else config.configFile}" "$out/conf/zabbix.conf.php"
+    '';
+
+in
+
+{
+
+  enablePHP = true;
+
+  phpOptions =
+    ''
+      post_max_size = 32M
+      max_execution_time = 300
+      max_input_time = 300
+    '';
+
+  extraConfig = ''
+    Alias ${config.urlPrefix}/ ${zabbixPHP}/
+
+    <Directory ${zabbixPHP}>
+      DirectoryIndex index.php
+      Order deny,allow
+      Allow from *
+    </Directory>
+  '';
+
+  startupScript = pkgs.writeScript "zabbix-startup-hook" ''
+    mkdir -p ${config.stateDir}
+    chown -R ${serverInfo.serverConfig.user} ${config.stateDir}
+  '';
+
+  # The frontend needs "ps" to find out whether zabbix_server is running.
+  extraServerPath = [ pkgs.procps ];
+
+  options = {
+
+    urlPrefix = pkgs.lib.mkOption {
+      default = "/zabbix";
+      description = "
+        The URL prefix under which the Zabbix service appears.
+        Use the empty string to have it appear in the server root.
+      ";
+    };
+
+    configFile = pkgs.lib.mkOption {
+      default = null;
+      type = with pkgs.lib.types; nullOr path;
+      description = ''
+        The configuration file (zabbix.conf.php) which contains the database
+        connection settings. If not set, the configuration settings will created
+        by the web installer.
+      '';
+    };
+
+    stateDir = pkgs.lib.mkOption {
+      default = "/var/lib/zabbix/frontend";
+      description = "
+        Directory where the dynamically generated configuration data
+        of the PHP frontend will be stored.
+      ";
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/jboss/builder.sh b/nixos/modules/services/web-servers/jboss/builder.sh
new file mode 100644
index 000000000000..2eb89a90f67d
--- /dev/null
+++ b/nixos/modules/services/web-servers/jboss/builder.sh
@@ -0,0 +1,72 @@
+set -e
+
+source $stdenv/setup
+
+mkdir -p $out/bin
+
+cat > $out/bin/control <<EOF
+mkdir -p $logDir
+chown -R $user $logDir
+export PATH=$PATH:$su/bin
+
+start()
+{
+  su $user -s /bin/sh -c "$jboss/bin/run.sh \
+      -Djboss.server.base.dir=$serverDir \
+      -Djboss.server.base.url=file://$serverDir \
+      -Djboss.server.temp.dir=$tempDir \
+      -Djboss.server.log.dir=$logDir \
+      -Djboss.server.lib.url=$libUrl \
+      -c default"
+}
+
+stop()
+{
+  su $user -s /bin/sh -c "$jboss/bin/shutdown.sh -S"
+}
+
+if test "\$1" = start
+then
+  trap stop 15
+  
+  start
+elif test "\$1" = stop
+then
+  stop  
+elif test "\$1" = init
+then
+  echo "Are you sure you want to create a new server instance (old server instance will be lost!)?"
+  read answer
+
+  if ! test \$answer = "yes"
+  then
+    exit 1
+  fi
+  
+  rm -rf $serverDir
+  mkdir -p $serverDir
+  cd $serverDir
+  cp -av $jboss/server/default .
+  sed -i -e "s|deploy/|$deployDir|" default/conf/jboss-service.xml
+  
+  if ! test "$useJK" = ""
+  then
+    sed -i -e 's|<attribute name="UseJK">false</attribute>|<attribute name="UseJK">true</attribute>|' default/deploy/jboss-web.deployer/META-INF/jboss-service.xml
+    sed -i -e 's|<Engine name="jboss.web" defaultHost="localhost">|<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1">|' default/deploy/jboss-web.deployer/server.xml
+  fi
+  
+  # Make files accessible for the server user
+  
+  chown -R $user $serverDir
+  for i in \`find $serverDir -type d\`
+  do
+    chmod 755 \$i
+  done
+  for i in \`find $serverDir -type f\`
+  do
+    chmod 644 \$i
+  done
+fi
+EOF
+
+chmod +x $out/bin/*
diff --git a/nixos/modules/services/web-servers/jboss/default.nix b/nixos/modules/services/web-servers/jboss/default.nix
new file mode 100644
index 000000000000..e1bcede6563c
--- /dev/null
+++ b/nixos/modules/services/web-servers/jboss/default.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.jboss;
+
+  jbossService = pkgs.stdenv.mkDerivation {
+    name = "jboss-server";
+    builder = ./builder.sh;
+    inherit (pkgs) jboss su;
+    inherit (cfg) tempDir logDir libUrl deployDir serverDir user useJK;
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.jboss = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable jboss";
+      };
+
+      tempDir = mkOption {
+        default = "/tmp";
+        description = "Location where JBoss stores its temp files";
+      };
+
+      logDir = mkOption {
+        default = "/var/log/jboss";
+        description = "Location of the logfile directory of JBoss";
+      };
+
+      serverDir = mkOption {
+        description = "Location of the server instance files";
+        default = "/var/jboss/server";
+      };
+
+      deployDir = mkOption {
+        description = "Location of the deployment files";
+        default = "/nix/var/nix/profiles/default/server/default/deploy/";
+      };
+
+      libUrl = mkOption {
+        default = "file:///nix/var/nix/profiles/default/server/default/lib";
+        description = "Location where the shared library JARs are stored";
+      };
+
+      user = mkOption {
+        default = "nobody";
+        description = "User account under which jboss runs.";
+      };
+
+      useJK = mkOption {
+        default = false;
+        description = "Whether to use to connector to the Apache HTTP server";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.jboss.enable {
+
+    jobs.jboss =
+      { description = "JBoss server";
+
+        exec = "${jbossService}/bin/control start";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/lighttpd/cgit.nix b/nixos/modules/services/web-servers/lighttpd/cgit.nix
new file mode 100644
index 000000000000..62264f1db452
--- /dev/null
+++ b/nixos/modules/services/web-servers/lighttpd/cgit.nix
@@ -0,0 +1,65 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.lighttpd.cgit;
+  configFile = pkgs.writeText "cgitrc"
+    ''
+      ${cfg.configText}
+    '';
+in
+{
+
+  options.services.lighttpd.cgit = {
+
+    enable = mkOption {
+      default = false;
+      type = types.uniq types.bool;
+      description = ''
+        If true, enable cgit (fast web interface for git repositories) as a
+        sub-service in lighttpd. cgit will be accessible at
+        http://yourserver/cgit
+      '';
+    };
+
+    configText = mkOption {
+      default = "";
+      example = ''
+        cache-size=1000
+        scan-path=/srv/git
+      '';
+      type = types.string;
+      description = ''
+        Verbatim contents of the cgit runtime configuration file. Documentation
+        (with cgitrc example file) is available in "man cgitrc". Or online:
+        http://git.zx2c4.com/cgit/tree/cgitrc.5.txt
+      '';
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    # make the cgitrc manpage available
+    environment.systemPackages = [ pkgs.cgit ];
+
+    services.lighttpd.extraConfig = ''
+      $HTTP["url"] =~ "^/cgit" {
+          cgi.assign = (
+              "cgit.cgi" => "${pkgs.cgit}/cgit/cgit.cgi"
+          )
+          alias.url = (
+              "/cgit.css" => "${pkgs.cgit}/cgit/cgit.css",
+              "/cgit.png" => "${pkgs.cgit}/cgit/cgit.png",
+              "/cgit"     => "${pkgs.cgit}/cgit/cgit.cgi"
+          )
+          setenv.add-environment = (
+              "CGIT_CONFIG" => "${configFile}"
+          )
+      }
+    '';
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/lighttpd/default.nix b/nixos/modules/services/web-servers/lighttpd/default.nix
new file mode 100644
index 000000000000..4cc34c65d843
--- /dev/null
+++ b/nixos/modules/services/web-servers/lighttpd/default.nix
@@ -0,0 +1,178 @@
+# NixOS module for lighttpd web server
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.lighttpd;
+
+  needModRedirect = cfg.gitweb.enable;
+  needModAlias = cfg.cgit.enable or cfg.gitweb.enable;
+  needModSetenv = cfg.cgit.enable or cfg.gitweb.enable;
+  needModCgi = cfg.cgit.enable or cfg.gitweb.enable;
+  needModStatus = cfg.mod_status;
+  needModUserdir = cfg.mod_userdir;
+
+  configFile = if cfg.configText != "" then
+    pkgs.writeText "lighttpd.conf" ''
+      ${cfg.configText}
+    ''
+    else
+    pkgs.writeText "lighttpd.conf" ''
+      server.document-root = "${cfg.document-root}"
+      server.port = ${toString cfg.port}
+      server.username = "lighttpd"
+      server.groupname = "lighttpd"
+
+      # As for why all modules are loaded here, instead of having small
+      # server.modules += () entries in each sub-service extraConfig snippet,
+      # read this:
+      #
+      #   http://redmine.lighttpd.net/projects/1/wiki/Server_modulesDetails
+      #   http://redmine.lighttpd.net/issues/2337
+      #
+      # Basically, lighttpd doesn't want to load (or even silently ignore) a
+      # module for a second time, and there is no way to check if a module has
+      # been loaded already. So if two services were to put the same module in
+      # server.modules += (), that would break the lighttpd configuration.
+      server.modules = (
+          ${optionalString needModRedirect ''"mod_redirect",''}
+          ${optionalString needModAlias ''"mod_alias",''}
+          ${optionalString needModSetenv ''"mod_setenv",''}
+          ${optionalString needModCgi ''"mod_cgi",''}
+          ${optionalString needModStatus ''"mod_status",''}
+          ${optionalString needModUserdir ''"mod_userdir",''}
+          "mod_accesslog"
+      )
+
+      # Logging (logs end up in systemd journal)
+      accesslog.use-syslog = "enable"
+      server.errorlog-use-syslog = "enable"
+
+      mimetype.assign = (
+          ".html" => "text/html",
+          ".htm" => "text/html",
+          ".txt" => "text/plain",
+          ".jpg" => "image/jpeg",
+          ".png" => "image/png",
+          ".css" => "text/css"
+          )
+
+      static-file.exclude-extensions = ( ".fcgi", ".php", ".rb", "~", ".inc" )
+      index-file.names = ( "index.html" )
+
+      ${if cfg.mod_userdir then ''
+        userdir.path = "public_html"
+      '' else ""}
+
+      ${if cfg.mod_status then ''
+        status.status-url = "/server-status"
+        status.statistics-url = "/server-statistics"
+        status.config-url = "/server-config"
+      '' else ""}
+
+      ${cfg.extraConfig}
+    '';
+
+in
+
+{
+
+  options = {
+
+    services.lighttpd = {
+
+      enable = mkOption {
+        default = false;
+        type = types.uniq types.bool;
+        description = ''
+          Enable the lighttpd web server.
+        '';
+      };
+
+      port = mkOption {
+        default = 80;
+        type = types.uniq types.int;
+        description = ''
+          TCP port number for lighttpd to bind to.
+        '';
+      };
+
+      document-root = mkOption {
+        default = "/srv/www";
+        type = types.str;
+        description = ''
+          Document-root of the web server. Must be readable by the "lighttpd" user.
+        '';
+      };
+
+      mod_userdir = mkOption {
+        default = false;
+        type = types.uniq types.bool;
+        description = ''
+          If true, requests in the form /~user/page.html are rewritten to take
+          the file public_html/page.html from the home directory of the user.
+        '';
+      };
+
+      mod_status = mkOption {
+        default = false;
+        type = types.uniq types.bool;
+        description = ''
+          Show server status overview at /server-status, statistics at
+          /server-statistics and list of loaded modules at /server-config.
+        '';
+      };
+
+      configText = mkOption {
+        default = "";
+        type = types.string;
+	example = ''...verbatim config file contents...'';
+        description = ''
+          Overridable config file contents to use for lighttpd. By default, use
+          the contents automatically generated by NixOS.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        type = types.string;
+        description = ''
+          These configuration lines will be appended to the generated lighttpd
+          config file. Note that this mechanism does not work when the manual
+          <option>configText</option> option is used.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.lighttpd = {
+      description = "Lighttpd Web Server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      preStart = ''
+        ${if cfg.cgit.enable then ''
+          mkdir -p /var/cache/cgit
+          chown lighttpd:lighttpd /var/cache/cgit
+        '' else ""}
+      '';
+      serviceConfig.ExecStart = "${pkgs.lighttpd}/sbin/lighttpd -D -f ${configFile}";
+      # SIGINT => graceful shutdown
+      serviceConfig.KillSignal = "SIGINT";
+    };
+
+    users.extraUsers.lighttpd = {
+      group = "lighttpd";
+      description = "lighttpd web server privilege separation user";
+      uid = config.ids.uids.lighttpd;
+    };
+
+    users.extraGroups.lighttpd.gid = config.ids.gids.lighttpd;
+  };
+}
diff --git a/nixos/modules/services/web-servers/lighttpd/gitweb.nix b/nixos/modules/services/web-servers/lighttpd/gitweb.nix
new file mode 100644
index 000000000000..f02bd4db2645
--- /dev/null
+++ b/nixos/modules/services/web-servers/lighttpd/gitweb.nix
@@ -0,0 +1,67 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.lighttpd.gitweb;
+  gitwebConfigFile = pkgs.writeText "gitweb.conf" ''
+    # path to git projects (<project>.git)
+    $projectroot = "${cfg.projectroot}";
+    ${cfg.extraConfig}
+  '';
+
+in
+{
+
+  options.services.lighttpd.gitweb = {
+
+    enable = mkOption {
+      default = false;
+      type = types.uniq types.bool;
+      description = ''
+        If true, enable gitweb in lighttpd. Access it at http://yourserver/gitweb
+      '';
+    };
+
+    projectroot = mkOption {
+      default = "/srv/git";
+      type = types.str;
+      description = ''
+        Path to git projects (bare repositories) that should be served by
+        gitweb. Must not end with a slash.
+      '';
+    };
+
+    extraConfig = mkOption {
+      default = "";
+      type = types.str;
+      description = ''
+        Verbatim configuration text appended to the generated gitweb.conf file.
+      '';
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.lighttpd.extraConfig = ''
+      $HTTP["url"] =~ "^/gitweb" {
+          cgi.assign = (
+              ".cgi" => "${pkgs.perl}/bin/perl"
+          )
+          url.redirect = (
+              "^/gitweb$" => "/gitweb/"
+          )
+          alias.url = (
+              "/gitweb/static/" => "${pkgs.git}/share/gitweb/static/",
+              "/gitweb/"        => "${pkgs.git}/share/gitweb/gitweb.cgi"
+          )
+          setenv.add-environment = (
+              "GITWEB_CONFIG" => "${gitwebConfigFile}"
+          )
+      }
+    '';
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
new file mode 100644
index 000000000000..b26af1aa7445
--- /dev/null
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -0,0 +1,88 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.nginx;
+  nginx = pkgs.nginx.override { fullWebDAV = cfg.fullWebDAV; };
+  configFile = pkgs.writeText "nginx.conf" ''
+    user ${cfg.user} ${cfg.group};
+    daemon off;
+    ${cfg.config}
+  '';
+in
+
+{
+  options = {
+    services.nginx = {
+      enable = mkOption {
+        default = false;
+        description = "
+          Enable the nginx Web Server.
+        ";
+      };
+
+      config = mkOption {
+        default = "events {}";
+        description = "
+          Verbatim nginx.conf configuration.
+        ";
+      };
+
+      stateDir = mkOption {
+        default = "/var/spool/nginx";
+        description = "
+          Directory holding all state for nginx to run.
+        ";
+      };
+
+      user = mkOption {
+        default = "nginx";
+        description = "User account under which nginx runs.";
+      };
+
+      group = mkOption {
+        default = "nginx";
+        description = "Group account under which nginx runs.";
+      };
+
+      fullWebDAV = mkOption {
+        default = false;
+        description = "Compile in a third party module providing full WebDAV support";
+      };
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = [ nginx ];
+
+    # TODO: test user supplied config file pases syntax test
+
+    systemd.services.nginx = {
+      description = "Nginx Web Server";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ nginx ];
+      preStart =
+        ''
+        mkdir -p ${cfg.stateDir}/logs
+        chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
+        '';
+      serviceConfig = {
+        ExecStart = "${nginx}/bin/nginx -c ${configFile} -p ${cfg.stateDir}";
+      };
+    };
+
+    users.extraUsers = optionalAttrs (cfg.user == "nginx") (singleton
+      { name = "nginx";
+        group = "nginx";
+        uid = config.ids.uids.nginx;
+      });
+
+    users.extraGroups = optionalAttrs (cfg.group == "nginx") (singleton
+      { name = "nginx";
+        gid = config.ids.gids.nginx;
+      });
+  };
+}
diff --git a/nixos/modules/services/web-servers/tomcat.nix b/nixos/modules/services/web-servers/tomcat.nix
new file mode 100644
index 000000000000..a68828de5d8e
--- /dev/null
+++ b/nixos/modules/services/web-servers/tomcat.nix
@@ -0,0 +1,344 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.tomcat;
+  tomcat = pkgs.tomcat6;
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.tomcat = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable Apache Tomcat";
+      };
+
+      baseDir = mkOption {
+        default = "/var/tomcat";
+        description = "Location where Tomcat stores configuration files, webapplications and logfiles";
+      };
+
+      extraGroups = mkOption {
+        default = [];
+        example = [ "users" ];
+        description = "Defines extra groups to which the tomcat user belongs.";
+      };
+
+      user = mkOption {
+        default = "tomcat";
+        description = "User account under which Apache Tomcat runs.";
+      };
+
+      group = mkOption {
+        default = "tomcat";
+        description = "Group account under which Apache Tomcat runs.";
+      };
+
+      javaOpts = mkOption {
+        default = "";
+        description = "Parameters to pass to the Java Virtual Machine which spawns Apache Tomcat";
+      };
+
+      catalinaOpts = mkOption {
+        default = "";
+        description = "Parameters to pass to the Java Virtual Machine which spawns the Catalina servlet container";
+      };
+
+      sharedLibs = mkOption {
+        default = [];
+        description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications";
+      };
+
+      commonLibs = mkOption {
+        default = [];
+        description = "List containing JAR files or directories with JAR files which are libraries shared by the web applications and the servlet container";
+      };
+
+      webapps = mkOption {
+        default = [ tomcat ];
+        description = "List containing WAR files or directories with WAR files which are web applications to be deployed on Tomcat";
+      };
+
+      virtualHosts = mkOption {
+        default = [];
+        description = "List consisting of a virtual host name and a list of web applications to deploy on each virtual host";
+      };
+
+      logPerVirtualHost = mkOption {
+        default = false;
+        description = "Whether to enable logging per virtual host.";
+      };
+
+      axis2 = {
+
+        enable = mkOption {
+          default = false;
+          description = "Whether to enable an Apache Axis2 container";
+        };
+
+        services = mkOption {
+          default = [];
+          description = "List containing AAR files or directories with AAR files which are web services to be deployed on Axis2";
+        };
+
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.tomcat.enable {
+
+    users.extraGroups = singleton
+      { name = "tomcat";
+        gid = config.ids.gids.tomcat;
+      };
+
+    users.extraUsers = singleton
+      { name = "tomcat";
+        uid = config.ids.uids.tomcat;
+        description = "Tomcat user";
+        home = "/homeless-shelter";
+        extraGroups = cfg.extraGroups;
+      };
+
+    jobs.tomcat =
+      { description = "Apache Tomcat server";
+
+        startOn = "started network-interfaces";
+        stopOn = "stopping network-interfaces";
+
+        preStart =
+          ''
+            # Create the base directory
+            mkdir -p ${cfg.baseDir}
+
+            # Create a symlink to the bin directory of the tomcat component
+            ln -sfn ${tomcat}/bin ${cfg.baseDir}/bin
+
+            # Create a conf/ directory
+            mkdir -p ${cfg.baseDir}/conf
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/conf
+
+            # Symlink the config files in the conf/ directory (except for catalina.properties and server.xml)
+            for i in $(ls ${tomcat}/conf | grep -v catalina.properties | grep -v server.xml)
+            do
+                ln -sfn ${tomcat}/conf/$i ${cfg.baseDir}/conf/`basename $i`
+            done
+
+            # Create subdirectory for virtual hosts
+            mkdir -p ${cfg.baseDir}/virtualhosts
+
+            # Create a modified catalina.properties file
+            # Change all references from CATALINA_HOME to CATALINA_BASE and add support for shared libraries
+            sed -e 's|''${catalina.home}|''${catalina.base}|g' \
+                -e 's|shared.loader=|shared.loader=''${catalina.base}/shared/lib/*.jar|' \
+                ${tomcat}/conf/catalina.properties > ${cfg.baseDir}/conf/catalina.properties
+
+            # Create a modified server.xml which also includes all virtual hosts
+            sed -e "/<Engine name=\"Catalina\" defaultHost=\"localhost\">/a\  ${
+                         toString (map (virtualHost: ''<Host name=\"${virtualHost.name}\" appBase=\"virtualhosts/${virtualHost.name}/webapps\" unpackWARs=\"true\" autoDeploy=\"true\" xmlValidation=\"false\" xmlNamespaceAware=\"false\" >${if cfg.logPerVirtualHost then ''<Valve className=\"org.apache.catalina.valves.AccessLogValve\" directory=\"logs/${virtualHost.name}\"  prefix=\"${virtualHost.name}_access_log.\" pattern=\"combined\" resolveHosts=\"false\"/>'' else ""}</Host>'') cfg.virtualHosts)}" \
+                ${tomcat}/conf/server.xml > ${cfg.baseDir}/conf/server.xml
+
+            # Create a logs/ directory
+            mkdir -p ${cfg.baseDir}/logs
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs
+            ${if cfg.logPerVirtualHost then
+               toString (map (h: ''
+                                    mkdir -p ${cfg.baseDir}/logs/${h.name}
+                                    chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/logs/${h.name}
+                                 '') cfg.virtualHosts) else ''''}
+
+            # Create a temp/ directory
+            mkdir -p ${cfg.baseDir}/temp
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/temp
+
+            # Create a lib/ directory
+            mkdir -p ${cfg.baseDir}/lib
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/lib
+
+            # Create a shared/lib directory
+            mkdir -p ${cfg.baseDir}/shared/lib
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/shared/lib
+
+            # Create a webapps/ directory
+            mkdir -p ${cfg.baseDir}/webapps
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps
+
+            # Symlink all the given common libs files or paths into the lib/ directory
+            for i in ${tomcat} ${toString cfg.commonLibs}
+            do
+                if [ -f $i ]
+                then
+                    # If the given web application is a file, symlink it into the common/lib/ directory
+                    ln -sfn $i ${cfg.baseDir}/lib/`basename $i`
+                elif [ -d $i ]
+                then
+                    # If the given web application is a directory, then iterate over the files
+                    # in the special purpose directories and symlink them into the tomcat tree
+
+                    for j in $i/lib/*
+                    do
+                        ln -sfn $j ${cfg.baseDir}/lib/`basename $j`
+                    done
+                fi
+            done
+
+            # Symlink all the given shared libs files or paths into the shared/lib/ directory
+            for i in ${toString cfg.sharedLibs}
+            do
+                if [ -f $i ]
+                then
+                    # If the given web application is a file, symlink it into the common/lib/ directory
+                    ln -sfn $i ${cfg.baseDir}/shared/lib/`basename $i`
+                elif [ -d $i ]
+                then
+                    # If the given web application is a directory, then iterate over the files
+                    # in the special purpose directories and symlink them into the tomcat tree
+
+                    for j in $i/shared/lib/*
+                    do
+                        ln -sfn $j ${cfg.baseDir}/shared/lib/`basename $j`
+                    done
+                fi
+            done
+
+            # Symlink all the given web applications files or paths into the webapps/ directory
+            for i in ${toString cfg.webapps}
+            do
+                if [ -f $i ]
+                then
+                    # If the given web application is a file, symlink it into the webapps/ directory
+                    ln -sfn $i ${cfg.baseDir}/webapps/`basename $i`
+                elif [ -d $i ]
+                then
+                    # If the given web application is a directory, then iterate over the files
+                    # in the special purpose directories and symlink them into the tomcat tree
+
+                    for j in $i/webapps/*
+                    do
+                        ln -sfn $j ${cfg.baseDir}/webapps/`basename $j`
+                    done
+
+                    # Also symlink the configuration files if they are included
+                    if [ -d $i/conf/Catalina ]
+                    then
+                        for j in $i/conf/Catalina/*
+                        do
+                            mkdir -p ${cfg.baseDir}/conf/Catalina/localhost
+                            ln -sfn $j ${cfg.baseDir}/conf/Catalina/localhost/`basename $j`
+                        done
+                    fi
+                fi
+            done
+
+            ${toString (map (virtualHost: ''
+              # Create webapps directory for the virtual host
+              mkdir -p ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
+
+              # Modify ownership
+              chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps
+
+              # Symlink all the given web applications files or paths into the webapps/ directory
+              # of this virtual host
+              for i in "${if virtualHost ? webapps then toString virtualHost.webapps else ""}"
+              do
+                  if [ -f $i ]
+                  then
+                      # If the given web application is a file, symlink it into the webapps/ directory
+                      ln -sfn $i ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $i`
+                  elif [ -d $i ]
+                  then
+                      # If the given web application is a directory, then iterate over the files
+                      # in the special purpose directories and symlink them into the tomcat tree
+
+                      for j in $i/webapps/*
+                      do
+                          ln -sfn $j ${cfg.baseDir}/virtualhosts/${virtualHost.name}/webapps/`basename $j`
+                      done
+
+                      # Also symlink the configuration files if they are included
+                      if [ -d $i/conf/Catalina ]
+                      then
+                          for j in $i/conf/Catalina/*
+                          do
+                              mkdir -p ${cfg.baseDir}/conf/Catalina/${virtualHost.name}
+                              ln -sfn $j ${cfg.baseDir}/conf/Catalina/${virtualHost.name}/`basename $j`
+                          done
+                      fi
+                  fi
+              done
+
+              ''
+            ) cfg.virtualHosts) }
+
+            # Create a work/ directory
+            mkdir -p ${cfg.baseDir}/work
+            chown ${cfg.user}:${cfg.group} ${cfg.baseDir}/work
+
+            ${if cfg.axis2.enable then
+                ''
+                # Copy the Axis2 web application
+                cp -av ${pkgs.axis2}/webapps/axis2 ${cfg.baseDir}/webapps
+
+                # Turn off addressing, which causes many errors
+                sed -i -e 's%<module ref="addressing"/>%<!-- <module ref="addressing"/> -->%' ${cfg.baseDir}/webapps/axis2/WEB-INF/conf/axis2.xml
+
+                # Modify permissions on the Axis2 application
+                chown -R ${cfg.user}:${cfg.group} ${cfg.baseDir}/webapps/axis2
+
+                # Symlink all the given web service files or paths into the webapps/axis2/WEB-INF/services directory
+                for i in ${toString cfg.axis2.services}
+                do
+                    if [ -f $i ]
+                    then
+                        # If the given web service is a file, symlink it into the webapps/axis2/WEB-INF/services
+                        ln -sfn $i ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $i`
+                    elif [ -d $i ]
+                    then
+                        # If the given web application is a directory, then iterate over the files
+                        # in the special purpose directories and symlink them into the tomcat tree
+
+                        for j in $i/webapps/axis2/WEB-INF/services/*
+                        do
+                            ln -sfn $j ${cfg.baseDir}/webapps/axis2/WEB-INF/services/`basename $j`
+                        done
+
+                        # Also symlink the configuration files if they are included
+                        if [ -d $i/conf/Catalina ]
+                        then
+                            for j in $i/conf/Catalina/*
+                            do
+                                ln -sfn $j ${cfg.baseDir}/conf/Catalina/localhost/`basename $j`
+                            done
+                        fi
+                    fi
+                done
+                ''
+            else ""}
+
+            ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c 'CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} JAVA_OPTS="${cfg.javaOpts}" CATALINA_OPTS="${cfg.catalinaOpts}" ${tomcat}/bin/startup.sh'
+          '';
+
+        postStop =
+          ''
+            echo "Stopping tomcat..."
+            CATALINA_BASE=${cfg.baseDir} JAVA_HOME=${pkgs.jdk} ${pkgs.su}/bin/su -s ${pkgs.bash}/bin/sh ${cfg.user} -c ${tomcat}/bin/shutdown.sh
+          '';
+
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/web-servers/varnish/default.nix b/nixos/modules/services/web-servers/varnish/default.nix
new file mode 100644
index 000000000000..7e327120c3d1
--- /dev/null
+++ b/nixos/modules/services/web-servers/varnish/default.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, ...}:
+let
+  cfg = config.services.varnish;
+
+in
+with pkgs.lib;
+{
+  options = {
+    services.varnish = {
+      enable = mkOption {
+        default = false;
+        description = "
+          Enable the Varnish Server.
+        ";
+      };
+
+      http_address = mkOption {
+        default = "*:6081";
+        description = "
+          HTTP listen address and port.
+        ";
+      };
+
+      config = mkOption {
+        description = "
+          Verbatim default.vcl configuration.
+        ";
+      };
+
+      stateDir = mkOption {
+        default = "/var/spool/varnish";
+        description = "
+          Directory holding all state for Varnish to run.
+        ";
+      };
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    systemd.services.varnish = {
+      description = "Varnish";
+      wantedBy = [ "multi-user.target" ];
+      preStart = ''
+        mkdir -p ${cfg.stateDir}
+        chown -R varnish:varnish ${cfg.stateDir}
+      '';
+      path = [ pkgs.gcc ];
+      serviceConfig.ExecStart = "${pkgs.varnish}/sbin/varnishd -a ${cfg.http_address} -f ${pkgs.writeText "default.vcl" cfg.config} -n ${cfg.stateDir} -u varnish";
+      serviceConfig.Type = "forking";
+    };
+
+    environment.systemPackages = [ pkgs.varnish ];
+
+    users.extraUsers.varnish = {
+      group = "varnish";
+      uid = config.ids.uids.varnish;
+    };
+
+    users.extraGroups.varnish.gid = config.ids.uids.varnish;
+  };
+}
diff --git a/nixos/modules/services/web-servers/zope2.nix b/nixos/modules/services/web-servers/zope2.nix
new file mode 100644
index 000000000000..576f4b08fb90
--- /dev/null
+++ b/nixos/modules/services/web-servers/zope2.nix
@@ -0,0 +1,258 @@
+{ pkgs, config, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.zope2;
+
+  zope2Opts = { name, config, ... }: {
+    options = {
+
+      name = mkOption {
+        default = "${name}";
+        type = types.string;
+        description = "The name of the zope2 instance. If undefined, the name of the attribute set will be used.";
+      };
+
+      threads = mkOption {
+        default = 2;
+        type = types.int;
+        description = "Specify the number of threads that Zope's ZServer web server will use to service requests. ";
+      };
+
+      http_address = mkOption {
+        default = "localhost:8080";
+        type = types.string;
+        description = "Give a port and adress for the HTTP server.";
+      };
+
+      user = mkOption {
+        default = "zope2";
+        type = types.string;
+        description = "The name of the effective user for the Zope process.";
+      };
+
+      clientHome = mkOption {
+        default = "/var/lib/zope2/${name}";
+        type = types.string;
+        description = "Home directory of zope2 instance.";
+      };
+      extra = mkOption {
+        default =
+          ''
+          <zodb_db main>
+            mount-point /
+            cache-size 30000
+            <blobstorage>
+                blob-dir /var/lib/zope2/${name}/blobstorage
+                <filestorage>
+                path /var/lib/zope2/${name}/filestorage/Data.fs
+                </filestorage>
+            </blobstorage>
+          </zodb_db>
+          '';
+        type = types.string;
+        description = "Extra zope.conf";
+      };
+
+      packages = mkOption {
+        type = types.listOf types.package;
+        description = "The list of packages you want to make available to the zope2 instance.";
+      };
+
+    };
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.zope2.instances = mkOption {
+      default = {};
+      type = types.loaOf types.optionSet;
+      example = {
+        plone01 = {
+          http_address = "127.0.0.1:8080";
+          extra =
+            ''
+            <zodb_db main>
+              mount-point /
+              cache-size 30000
+              <blobstorage>
+                  blob-dir /var/lib/zope2/plone01/blobstorage
+                  <filestorage>
+                  path /var/lib/zope2/plone01/filestorage/Data.fs
+                  </filestorage>
+              </blobstorage>
+            </zodb_db>
+            '';
+
+        };
+      };
+      description = "zope2 instances to be created automaticaly by the system.";
+      options = [ zope2Opts ];
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf (cfg.instances != {}) {
+
+    users.extraUsers.zope2.uid = config.ids.uids.zope2;
+
+    systemd.services =
+      let
+
+        createZope2Instance = opts: name:
+          let
+            interpreter = pkgs.writeScript "interpreter"
+              ''
+              import sys
+
+              _interactive = True
+              if len(sys.argv) > 1:
+                  _options, _args = __import__("getopt").getopt(sys.argv[1:], 'ic:m:')
+                  _interactive = False
+                  for (_opt, _val) in _options:
+                      if _opt == '-i':
+                          _interactive = True
+                      elif _opt == '-c':
+                          exec _val
+                      elif _opt == '-m':
+                          sys.argv[1:] = _args
+                          _args = []
+                          __import__("runpy").run_module(
+                              _val, {}, "__main__", alter_sys=True)
+
+                  if _args:
+                      sys.argv[:] = _args
+                      __file__ = _args[0]
+                      del _options, _args
+                      execfile(__file__)
+
+              if _interactive:
+                  del _interactive
+                  __import__("code").interact(banner="", local=globals())
+              '';
+            env = pkgs.buildEnv {
+              name = "zope2-${name}-env";
+              paths = [
+                pkgs.python27
+                pkgs.python27Packages.recursivePthLoader
+                pkgs.python27Packages."plone.recipe.zope2instance"
+              ] ++ attrValues pkgs.python27.modules
+                ++ opts.packages;
+              postBuild =
+                ''
+                echo "#!$out/bin/python" > $out/bin/interpreter
+                cat ${interpreter} >> $out/bin/interpreter
+                '';
+            };
+            conf = pkgs.writeText "zope2-${name}-conf"
+              ''
+              %define INSTANCEHOME ${env}
+              instancehome $INSTANCEHOME
+              %define CLIENTHOME ${opts.clientHome}/${opts.name}
+              clienthome $CLIENTHOME
+
+              debug-mode off
+              security-policy-implementation C
+              verbose-security off
+              default-zpublisher-encoding utf-8
+              zserver-threads ${toString opts.threads}
+              effective-user ${opts.user}
+
+              pid-filename ${opts.clientHome}/${opts.name}/pid
+              lock-filename ${opts.clientHome}/${opts.name}/lock
+              python-check-interval 1000
+              enable-product-installation off
+
+              <environment>
+                zope_i18n_compile_mo_files false
+              </environment>
+
+              <eventlog>
+              level INFO
+              <logfile>
+                  path /var/log/zope2/${name}.log
+                  level INFO
+              </logfile>
+              </eventlog>
+
+              <logger access>
+              level WARN
+              <logfile>
+                  path /var/log/zope2/${name}-Z2.log
+                  format %(message)s
+              </logfile>
+              </logger>
+
+              <http-server>
+              address ${opts.http_address}
+              </http-server>
+
+              <zodb_db temporary>
+              <temporarystorage>
+                  name temporary storage for sessioning
+              </temporarystorage>
+              mount-point /temp_folder
+              container-class Products.TemporaryFolder.TemporaryContainer
+              </zodb_db>
+
+              ${opts.extra}
+              '';
+            ctlScript = pkgs.writeScript "zope2-${name}-ctl-script"
+              ''
+              #!${env}/bin/python
+
+              import sys
+              import plone.recipe.zope2instance.ctl
+
+              if __name__ == '__main__':
+                  sys.exit(plone.recipe.zope2instance.ctl.main(
+                      ["-C", "${conf}"]
+                      + sys.argv[1:]))
+              '';
+
+            ctl = pkgs.writeScript "zope2-${name}-ctl"
+              ''
+              #!${pkgs.bash}/bin/bash -e
+              export PYTHONHOME=${env}
+              exec ${ctlScript} "$@"
+              '';
+          in {
+            #description = "${name} instance";
+            after = [ "network.target" ];  # with RelStorage also add "postgresql.service"
+            wantedBy = [ "multi-user.target" ];
+            path = opts.packages;
+            preStart =
+              ''
+              mkdir -p /var/log/zope2/
+              touch /var/log/zope2/${name}.log
+              touch /var/log/zope2/${name}-Z2.log
+              chown ${opts.user} /var/log/zope2/${name}.log
+              chown ${opts.user} /var/log/zope2/${name}-Z2.log
+
+              mkdir -p ${opts.clientHome}/filestorage ${opts.clientHome}/blobstorage
+              mkdir -p ${opts.clientHome}/${opts.name}
+              chown ${opts.user} ${opts.clientHome} -R
+
+              ${ctl} adduser admin admin
+              '';
+
+            serviceConfig.Type = "forking";
+            serviceConfig.ExecStart = "${ctl} start";
+            serviceConfig.ExecStop = "${ctl} stop";
+            serviceConfig.ExecReload = "${ctl} restart";
+          };
+
+      in listToAttrs (map (name: { name = "zope2-${name}"; value = createZope2Instance (builtins.getAttr name cfg.instances) name; }) (builtins.attrNames cfg.instances));
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/desktop-managers/default.nix b/nixos/modules/services/x11/desktop-managers/default.nix
new file mode 100644
index 000000000000..ab3ced4c9e2c
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/default.nix
@@ -0,0 +1,76 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  xcfg = config.services.xserver;
+  cfg = xcfg.desktopManager;
+
+  # Whether desktop manager `d' is capable of setting a background.
+  # If it isn't, the `feh' program is used as a fallback.
+  needBGCond = d: ! (d ? bgSupport && d.bgSupport);
+
+in
+
+{
+  # Note: the order in which desktop manager modules are imported here
+  # determines the default: later modules (if enabled) are preferred.
+  # E.g., if KDE is enabled, it supersedes xterm.
+  imports = [ ./none.nix ./xterm.nix ./xfce.nix ./gnome.nix ./kde4.nix ./e17.nix ];
+
+  options = {
+
+    services.xserver.desktopManager = {
+
+      session = mkOption {
+        internal = true;
+        default = [];
+        example = singleton
+          { name = "kde";
+            bgSupport = true;
+            start = "...";
+          };
+        description = ''
+          Internal option used to add some common line to desktop manager
+          scripts before forwarding the value to the
+          <varname>displayManager</varname>.
+        '';
+        apply = list: {
+          list = map (d: d // {
+            manage = "desktop";
+            start = d.start
+            + optionalString (needBGCond d) ''
+              if test -e $HOME/.background-image; then
+                ${pkgs.feh}/bin/feh --bg-scale $HOME/.background-image
+              fi
+            '';
+          }) list;
+          needBGPackages = [] != filter needBGCond list;
+        };
+      };
+
+      default = mkOption {
+        type = types.str;
+        default = "";
+        example = "none";
+        description = "Default desktop manager loaded if none have been chosen.";
+        apply = defaultDM:
+          if defaultDM == "" && cfg.session.list != [] then
+            (head cfg.session.list).name
+          else if any (w: w.name == defaultDM) cfg.session.list then
+            defaultDM
+          else
+            throw "Default desktop manager ($(defaultDM)) not found.";
+      };
+
+    };
+
+  };
+
+  config = {
+    services.xserver.displayManager.session = cfg.session.list;
+    environment.systemPackages =
+      mkIf cfg.session.needBGPackages [ pkgs.feh ];
+  };
+}
diff --git a/nixos/modules/services/x11/desktop-managers/e17.nix b/nixos/modules/services/x11/desktop-managers/e17.nix
new file mode 100644
index 000000000000..3d91617c62aa
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/e17.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  xcfg = config.services.xserver;
+  cfg = xcfg.desktopManager.e17;
+
+in
+
+{
+  options = {
+
+    services.xserver.desktopManager.e17.enable = mkOption {
+      default = false;
+      example = true;
+      description = "Enable support for the E17 desktop environment.";
+    };
+
+  };
+
+
+  config = mkIf (xcfg.enable && cfg.enable) {
+
+    services.dbus.packages = [ pkgs.e17.ethumb ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/desktop-managers/gnome.nix b/nixos/modules/services/x11/desktop-managers/gnome.nix
new file mode 100644
index 000000000000..b0212446ad36
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/gnome.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.desktopManager.gnome;
+  gnome = pkgs.gnome;
+
+in
+
+{
+
+  options = {
+
+    services.xserver.desktopManager.gnome.enable = mkOption {
+      default = false;
+      example = true;
+      description = "Enable a gnome terminal as a desktop manager.";
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.desktopManager.session = singleton
+      { name = "gnome";
+        start = ''
+          ${gnome.gnometerminal}/bin/gnome-terminal -ls &
+          waitPID=$!
+        '';
+      };
+
+    environment.systemPackages =
+      [ gnome.gnometerminal
+        gnome.GConf
+        gnome.gconfeditor
+      ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix
new file mode 100644
index 000000000000..108b52bb951d
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/kde4.nix
@@ -0,0 +1,169 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  xcfg = config.services.xserver;
+  cfg = xcfg.desktopManager.kde4;
+  xorg = pkgs.xorg;
+
+  # Disable Nepomuk and Strigi by default.  As of KDE 4.7, they don't
+  # really work very well (e.g. searching files often fails to find
+  # files), segfault sometimes and consume significant resources.
+  # They can be re-enabled in the KDE System Settings under "Desktop
+  # Search".
+  nepomukConfig = pkgs.writeTextFile
+    { name = "nepomuk-config";
+      destination = "/share/config/nepomukserverrc";
+      text =
+        ''
+          [Basic Settings]
+          Start Nepomuk=false
+
+          [Service-nepomukstrigiservice]
+          autostart=false
+        '';
+    };
+
+  phononBackends = {
+    gstreamer = [
+      pkgs.phonon_backend_gstreamer
+      pkgs.gst_all.gstPluginsBase
+      pkgs.gst_all.gstPluginsGood
+      pkgs.gst_all.gstPluginsUgly
+      pkgs.gst_all.gstPluginsBad
+      pkgs.gst_all.gstFfmpeg # for mp3 playback
+      pkgs.gst_all.gstreamer # needed?
+    ];
+
+    vlc = [pkgs.phonon_backend_vlc];
+  };
+
+  phononBackendPackages = flip concatMap cfg.phononBackends
+    (name: attrByPath [name] (throw "unknown phonon backend `${name}'") phononBackends);
+
+  wantsUdisks2 = pkgs.kde4.kdelibs.wantsUdisks2 or false;
+in
+
+{
+  options = {
+
+    services.xserver.desktopManager.kde4 = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable the KDE 4 desktop environment.";
+      };
+
+      phononBackends = mkOption {
+        type = types.listOf types.str;
+        default = ["gstreamer"];
+        example = ["gstreamer" "vlc"];
+        description = "Which phonon multimedia backend kde should use";
+      };
+    };
+
+    environment.kdePackages = mkOption {
+      default = [];
+      example = "[ pkgs.kde4.kdesdk ]";
+      type = types.listOf types.package;
+      description = "This option is obsolete.  Please use <option>environment.systemPackages</option> instead.";
+    };
+
+  };
+
+
+  config = mkIf (xcfg.enable && cfg.enable) {
+
+    # If KDE 4 is enabled, make it the default desktop manager (unless
+    # overridden by the user's configuration).
+    # !!! doesn't work yet ("Multiple definitions. Only one is allowed
+    # for this option.")
+    # services.xserver.desktopManager.default = mkOverride 900 "kde4";
+
+    services.xserver.desktopManager.session = singleton
+      { name = "kde4";
+        bgSupport = true;
+        start =
+          ''
+            # The KDE icon cache is supposed to update itself
+            # automatically, but it uses the timestamp on the icon
+            # theme directory as a trigger.  Since in Nix the
+            # timestamp is always the same, this doesn't work.  So as
+            # a workaround, nuke the icon cache on login.  This isn't
+            # perfect, since it may require logging out after
+            # installing new applications to update the cache.
+            # See http://lists-archives.org/kde-devel/26175-what-when-will-icon-cache-refresh.html
+            rm -fv $HOME/.kde/cache-*/icon-cache.kcache
+
+            # Qt writes a weird ‘libraryPath’ line to
+            # ~/.config/Trolltech.conf that causes the KDE plugin
+            # paths of previous KDE invocations to be searched.
+            # Obviously using mismatching KDE libraries is potentially
+            # disastrous, so here we nuke references to the Nix store
+            # in Trolltech.conf.  A better solution would be to stop
+            # Qt from doing this wackiness in the first place.
+            if [ -e $HOME/.config/Trolltech.conf ]; then
+                sed -e '/nix\\store\|nix\/store/ d' -i $HOME/.config/Trolltech.conf
+            fi
+
+            # Start KDE.
+            exec ${pkgs.kde4.kdebase_workspace}/bin/startkde
+          '';
+      };
+
+    security.setuidOwners = singleton
+      { program = "kcheckpass";
+        source = "${pkgs.kde4.kdebase_workspace}/lib/kde4/libexec/kcheckpass";
+        owner = "root";
+        group = "root";
+        setuid = true;
+      };
+
+    environment.systemPackages =
+        [ pkgs.kde4.kdelibs
+
+          pkgs.kde4.kde_baseapps # Splitted kdebase
+          pkgs.kde4.kde_workspace
+          pkgs.kde4.kde_runtime
+          pkgs.kde4.konsole
+          pkgs.kde4.kate
+
+          pkgs.kde4.kde_wallpapers # contains kdm's default background
+          pkgs.kde4.oxygen_icons
+          pkgs.virtuoso # to enable Nepomuk to find Virtuoso
+
+          # Starts KDE's Polkit authentication agent.
+          pkgs.kde4.polkit_kde_agent
+
+          # Miscellaneous runtime dependencies.
+          pkgs.kde4.qt4 # needed for qdbus
+          pkgs.shared_mime_info
+          xorg.xmessage # so that startkde can show error messages
+          xorg.xset # used by startkde, non-essential
+          xorg.xauth # used by kdesu
+          pkgs.shared_desktop_ontologies # used by nepomuk
+          pkgs.strigi # used by nepomuk
+          pkgs.mysql # used by akonadi
+        ]
+      ++ [ nepomukConfig ] ++ phononBackendPackages
+      ++ config.environment.kdePackages;
+
+    environment.pathsToLink = [ "/share" ];
+
+    environment.etc = singleton
+      { source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
+        target = "X11/xkb";
+      };
+
+    # Enable helpful DBus services.
+    services.udisks.enable = ! wantsUdisks2;
+    services.udisks2.enable = wantsUdisks2;
+    services.upower.enable = config.powerManagement.enable;
+
+    security.pam.services.kde = { allowNullPassword = true; };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/desktop-managers/none.nix b/nixos/modules/services/x11/desktop-managers/none.nix
new file mode 100644
index 000000000000..af7a376ae029
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/none.nix
@@ -0,0 +1,7 @@
+{
+  services.xserver.desktopManager.session =
+    [ { name = "none";
+        start = "";
+      }
+    ];
+}
diff --git a/nixos/modules/services/x11/desktop-managers/xfce.nix b/nixos/modules/services/x11/desktop-managers/xfce.nix
new file mode 100644
index 000000000000..8199829ef90f
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/xfce.nix
@@ -0,0 +1,89 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  xcfg = config.services.xserver;
+  cfg = xcfg.desktopManager.xfce;
+
+in
+
+{
+  options = {
+
+    services.xserver.desktopManager.xfce.enable = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable the Xfce desktop environment.";
+    };
+
+  };
+
+
+  config = mkIf (xcfg.enable && cfg.enable) {
+
+    services.xserver.desktopManager.session = singleton
+      { name = "xfce";
+        bgSupport = true;
+        start =
+          ''
+            # Set GTK_PATH so that GTK+ can find the theme engines.
+            export GTK_PATH=${config.system.path}/lib/gtk-2.0
+
+            # Set GTK_DATA_PREFIX so that GTK+ can find the Xfce themes.
+            export GTK_DATA_PREFIX=${config.system.path}
+
+            # Necessary to get xfce4-mixer to find GST's ALSA plugin.
+            # Ugly.
+            export GST_PLUGIN_PATH=${config.system.path}/lib
+
+            exec ${pkgs.stdenv.shell} ${pkgs.xfce.xinitrc}
+          '';
+      };
+
+    environment.systemPackages =
+      [ pkgs.gtk # To get GTK+'s themes.
+        pkgs.hicolor_icon_theme
+        pkgs.tango-icon-theme
+        pkgs.shared_mime_info
+        pkgs.which # Needed by the xfce's xinitrc script.
+        pkgs.xfce.exo
+        pkgs.xfce.gtk_xfce_engine
+        pkgs.xfce.libxfcegui4 # For the icons.
+        pkgs.xfce.mousepad
+        pkgs.xfce.ristretto
+        pkgs.xfce.terminal
+        pkgs.xfce.thunar
+        pkgs.xfce.xfce4icontheme
+        pkgs.xfce.xfce4panel
+        pkgs.xfce.xfce4session
+        pkgs.xfce.xfce4settings
+        pkgs.xfce.xfce4mixer
+        pkgs.xfce.xfconf
+        pkgs.xfce.xfdesktop
+        pkgs.xfce.xfwm4
+        # This supplies some "abstract" icons such as
+        # "utilities-terminal" and "accessories-text-editor".
+        pkgs.gnome.gnomeicontheme
+        pkgs.desktop_file_utils
+        pkgs.xfce.libxfce4ui
+        pkgs.xfce.garcon
+        pkgs.xfce.thunar_volman
+        pkgs.xfce.gvfs
+        pkgs.xfce.xfce4_appfinder
+      ]
+      ++ optional config.powerManagement.enable pkgs.xfce.xfce4_power_manager;
+
+    environment.pathsToLink =
+      [ "/share/xfce4" "/share/themes" "/share/mime" "/share/desktop-directories" "/share/gtksourceview-2.0" ];
+
+    environment.variables.GIO_EXTRA_MODULES = "${pkgs.xfce.gvfs}/lib/gio/modules";
+
+    # Enable helpful DBus services.
+    services.udisks2.enable = true;
+    services.upower.enable = config.powerManagement.enable;
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/desktop-managers/xterm.nix b/nixos/modules/services/x11/desktop-managers/xterm.nix
new file mode 100644
index 000000000000..edc61c103ea9
--- /dev/null
+++ b/nixos/modules/services/x11/desktop-managers/xterm.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.desktopManager.xterm;
+
+in
+
+{
+  options = {
+
+    services.xserver.desktopManager.xterm.enable = mkOption {
+      default = true;
+      example = false;
+      description = "Enable a xterm terminal as a desktop manager.";
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.desktopManager.session = singleton
+      { name = "xterm";
+        start = ''
+          ${pkgs.xterm}/bin/xterm -ls &
+          waitPID=$!
+        '';
+      };
+
+    environment.systemPackages = [ pkgs.xterm ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/display-managers/auto.nix b/nixos/modules/services/x11/display-managers/auto.nix
new file mode 100644
index 000000000000..33d97e0e07a9
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/auto.nix
@@ -0,0 +1,52 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  dmcfg = config.services.xserver.displayManager;
+  cfg = dmcfg.auto;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.displayManager.auto = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the fake "auto" display manager, which
+          automatically logs in the user specified in the
+          <option>user</option> option.  This is mostly useful for
+          automated tests.
+        '';
+      };
+
+      user = mkOption {
+        default = "root";
+        description = "The user account to login automatically.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.displayManager.slim = {
+      enable = true;
+      autoLogin = true;
+      defaultUser = cfg.user;
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/display-managers/default.nix b/nixos/modules/services/x11/display-managers/default.nix
new file mode 100644
index 000000000000..c4fce3706dcd
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/default.nix
@@ -0,0 +1,285 @@
+# This module declares the options to define a *display manager*, the
+# program responsible for handling X logins (such as xdm, kdm, gdb, or
+# SLiM).  The display manager allows the user to select a *session
+# type*.  When the user logs in, the display manager starts the
+# *session script* ("xsession" below) to launch the selected session
+# type.  The session type defines two things: the *desktop manager*
+# (e.g., KDE, Gnome or a plain xterm), and optionally the *window
+# manager* (e.g. kwin or twm).
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver;
+  xorg = pkgs.xorg;
+
+  vaapiDrivers = pkgs.buildEnv {
+    name = "vaapi-drivers";
+    paths = cfg.vaapiDrivers;
+    # We only want /lib/dri, but with a single input path, we need "/" for it to work
+    pathsToLink = [ "/" ];
+  };
+
+  # file provided by services.xserver.displayManager.session.script
+  xsession = wm: dm: pkgs.writeScript "xsession"
+    ''
+      #! /bin/sh
+
+      . /etc/profile
+      cd "$HOME"
+
+      # The first argument of this script is the session type.
+      sessionType="$1"
+      if [ "$sessionType" = default ]; then sessionType=""; fi
+
+      ${optionalString (!cfg.displayManager.job.logsXsession) ''
+        exec > ~/.xsession-errors 2>&1
+      ''}
+
+      ${optionalString cfg.displayManager.desktopManagerHandlesLidAndPower ''
+        # Stop systemd from handling the power button and lid switch,
+        # since presumably the desktop environment will handle these.
+        if [ -z "$_INHIBITION_LOCK_TAKEN" ]; then
+          export _INHIBITION_LOCK_TAKEN=1
+          exec ${config.systemd.package}/bin/systemd-inhibit --what=handle-lid-switch:handle-power-key "$0" "$sessionType"
+        fi
+
+      ''}
+
+      ${optionalString cfg.startOpenSSHAgent ''
+        if test -z "$SSH_AUTH_SOCK"; then
+            # Restart this script as a child of the SSH agent.  (It is
+            # also possible to start the agent as a child that prints
+            # the required environment variabled on stdout, but in
+            # that mode ssh-agent is not terminated when we log out.)
+            export SSH_ASKPASS=${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass
+            exec ${pkgs.openssh}/bin/ssh-agent "$0" "$sessionType"
+        fi
+      ''}
+
+      ${optionalString cfg.startGnuPGAgent ''
+        if test -z "$SSH_AUTH_SOCK"; then
+            # Restart this script as a child of the GnuPG agent.
+            exec "${pkgs.gnupg}/bin/gpg-agent"                         \
+              --enable-ssh-support --daemon                             \
+              --pinentry-program "${pkgs.pinentry}/bin/pinentry-gtk-2"  \
+              --write-env-file "$HOME/.gpg-agent-info"                  \
+              "$0" "$sessionType"
+        fi
+      ''}
+
+      # Handle being called by kdm.
+      if test "''${1:0:1}" = /; then eval exec "$1"; fi
+
+      # Start PulseAudio if enabled.
+      ${optionalString (config.hardware.pulseaudio.enable) ''
+        ${optionalString (!config.hardware.pulseaudio.systemWide)
+          "${pkgs.pulseaudio}/bin/pulseaudio --start"
+        }
+
+        # Publish access credentials in the root window.
+        ${pkgs.pulseaudio}/bin/pactl load-module module-x11-publish "display=$DISPLAY"
+
+        # Keep track of devices.  Mostly useful for Phonon/KDE.
+        ${pkgs.pulseaudio}/bin/pactl load-module module-device-manager "do_routing=1"
+      ''}
+
+      # Load X defaults.
+      if test -e ~/.Xdefaults; then
+          ${xorg.xrdb}/bin/xrdb -merge ~/.Xdefaults
+      fi
+
+      export LIBVA_DRIVERS_PATH=${vaapiDrivers}/lib/dri
+
+      # Speed up application start by 50-150ms according to
+      # http://kdemonkey.blogspot.nl/2008/04/magic-trick.html
+      rm -rf $HOME/.compose-cache
+      mkdir $HOME/.compose-cache
+
+      ${cfg.displayManager.sessionCommands}
+
+      # Allow the user to setup a custom session type.
+      if test -x ~/.xsession; then
+          exec ~/.xsession
+      else
+          if test "$sessionType" = "custom"; then
+              sessionType="" # fall-thru if there is no ~/.xsession
+          fi
+      fi
+
+      # The session type is "<desktop-manager> + <window-manager>", so
+      # extract those.
+      windowManager="''${sessionType##* + }"
+      : ''${windowManager:=${cfg.windowManager.default}}
+      desktopManager="''${sessionType% + *}"
+      : ''${desktopManager:=${cfg.desktopManager.default}}
+
+      # Start the window manager.
+      case $windowManager in
+        ${concatMapStrings (s: ''
+          (${s.name})
+            ${s.start}
+            ;;
+        '') wm}
+        (*) echo "$0: Window manager '$windowManager' not found.";;
+      esac
+
+      # Start the desktop manager.
+      case $desktopManager in
+        ${concatMapStrings (s: ''
+          (${s.name})
+            ${s.start}
+            ;;
+        '') dm}
+        (*) echo "$0: Desktop manager '$desktopManager' not found.";;
+      esac
+
+      test -n "$waitPID" && wait "$waitPID"
+      exit 0
+    '';
+
+  mkDesktops = names: pkgs.runCommand "desktops" {}
+    ''
+      mkdir -p $out
+      ${concatMapStrings (n: ''
+        cat - > "$out/${n}.desktop" << EODESKTOP
+        [Desktop Entry]
+        Version=1.0
+        Type=XSession
+        TryExec=${cfg.displayManager.session.script}
+        Exec=${cfg.displayManager.session.script} '${n}'
+        Name=${n}
+        Comment=
+        EODESKTOP
+      '') names}
+    '';
+
+in
+
+{
+
+  options = {
+
+    services.xserver.displayManager = {
+
+      xauthBin = mkOption {
+        internal = true;
+        default = "${xorg.xauth}/bin/xauth";
+        description = "Path to the <command>xauth</command> program used by display managers.";
+      };
+
+      xserverBin = mkOption {
+        type = types.path;
+        default = "${xorg.xorgserver}/bin/X";
+        description = "Path to the X server used by display managers.";
+      };
+
+      xserverArgs = mkOption {
+        type = types.listOf types.str;
+        default = [];
+        example = [ "-ac" "-logverbose" "-nolisten tcp" ];
+        description = "List of arguments for the X server.";
+        apply = toString;
+      };
+
+      sessionCommands = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            xmessage "Hello World!" &
+          '';
+        description = "Shell commands executed just before the window or desktop manager is started.";
+      };
+
+      desktopManagerHandlesLidAndPower = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether the display manager should prevent systemd from handling
+          lid and power events. This is normally handled by the desktop
+          environment's power manager. Turn this off when using a minimal
+          X11 setup without a full power manager.
+        '';
+      };
+
+      session = mkOption {
+        default = [];
+        example = literalExample
+          ''
+            [ { manage = "desktop";
+                name = "xterm";
+                start = '''
+                  ''${pkgs.xterm}/bin/xterm -ls &
+                  waitPID=$!
+                ''';
+              }
+            ]
+          '';
+        description = ''
+          List of sessions supported with the command used to start each
+          session.  Each session script can set the
+          <varname>waitPID</varname> shell variable to make this script
+          wait until the end of the user session.  Each script is used
+          to define either a windows manager or a desktop manager.  These
+          can be differentiated by setting the attribute
+          <varname>manage</varname> either to <literal>"window"</literal>
+          or <literal>"desktop"</literal>.
+
+          The list of desktop manager and window manager should appear
+          inside the display manager with the desktop manager name
+          followed by the window manager name.
+        '';
+        apply = list: rec {
+          wm = filter (s: s.manage == "window") list;
+          dm = filter (s: s.manage == "desktop") list;
+          names = flip concatMap dm
+            (d: map (w: d.name + optionalString (w.name != "none") (" + " + w.name))
+              (filter (w: d.name != "none" || w.name != "none") wm));
+          desktops = mkDesktops names;
+          script = xsession wm dm;
+        };
+      };
+
+      job = {
+
+        preStart = mkOption {
+          type = types.lines;
+          default = "";
+          example = "rm -f /var/log/my-display-manager.log";
+          description = "Script executed before the display manager is started.";
+        };
+
+        execCmd = mkOption {
+          type = types.str;
+          example = "${pkgs.slim}/bin/slim";
+          description = "Command to start the display manager.";
+        };
+
+        environment = mkOption {
+          type = types.attrsOf types.unspecified;
+          default = {};
+          example = { SLIM_CFGFILE = /etc/slim.conf; };
+          description = "Additional environment variables needed by the display manager.";
+        };
+
+        logsXsession = mkOption {
+          type = types.bool;
+          default = false;
+          description = ''
+            Whether the display manager redirects the
+            output of the session script to
+            <filename>~/.xsession-errors</filename>.
+          '';
+        };
+
+      };
+
+    };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/display-managers/kdm.nix b/nixos/modules/services/x11/display-managers/kdm.nix
new file mode 100644
index 000000000000..c51e7edfddf3
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/kdm.nix
@@ -0,0 +1,156 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  dmcfg = config.services.xserver.displayManager;
+  cfg = dmcfg.kdm;
+
+  inherit (pkgs.kde4) kdebase_workspace;
+
+  defaultConfig =
+    ''
+      [Shutdown]
+      HaltCmd=${config.systemd.package}/sbin/shutdown -h now
+      RebootCmd=${config.systemd.package}/sbin/shutdown -r now
+      ${optionalString (config.system.boot.loader.id == "grub") ''
+        BootManager=${if config.boot.loader.grub.version == 2 then "Grub2" else "Grub"}
+      ''}
+
+      [X-*-Core]
+      Xrdb=${pkgs.xlibs.xrdb}/bin/xrdb
+      SessionsDirs=${dmcfg.session.desktops}
+      Session=${dmcfg.session.script}
+      FailsafeClient=${pkgs.xterm}/bin/xterm
+
+      [X-:*-Core]
+      ServerCmd=${dmcfg.xserverBin} ${dmcfg.xserverArgs}
+      # KDM calls `rm' somewhere to clean up some temporary directory.
+      SystemPath=${pkgs.coreutils}/bin
+      # The default timeout (15) is too short in a heavily loaded boot process.
+      ServerTimeout=60
+      # Needed to prevent the X server from dying on logout and not coming back:
+      TerminateServer=true
+      ${optionalString (cfg.setupScript != "")
+      ''
+        Setup=${cfg.setupScript}
+      ''} 
+
+      [X-*-Greeter]
+      HiddenUsers=root,nixbld1,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9,nixbld10
+      PluginsLogin=${kdebase_workspace}/lib/kde4/kgreet_classic.so
+      ${optionalString (cfg.themeDirectory != null)
+      ''
+        UseTheme=true
+        Theme=${cfg.themeDirectory}
+      ''
+      }
+
+      ${optionalString (cfg.enableXDMCP)
+      ''
+        [Xdmcp]
+        Enable=true
+      ''}
+    '';
+
+  kdmrc = pkgs.stdenv.mkDerivation {
+    name = "kdmrc";
+    config = defaultConfig + cfg.extraConfig;
+    buildCommand =
+      ''
+        echo "$config" > $out
+
+        # The default kdmrc would add "-nolisten tcp", and we already
+        # have that managed by nixos. Hence the grep.
+        cat ${kdebase_workspace}/share/config/kdm/kdmrc | grep -v nolisten >> $out
+      '';
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.displayManager.kdm = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable the KDE display manager.
+        '';
+      };
+
+      enableXDMCP = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable XDMCP, which allows remote logins.
+        '';
+      };
+
+      themeDirectory = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          The path to a KDM theme directory. This theme
+          will be used by the KDM greeter.
+        '';
+      };
+
+      setupScript = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          The path to a KDM setup script. This script is run as root just
+          before KDM starts. Can be used for setting up
+          monitors with xrandr, for example.
+        '';
+      };
+
+      extraConfig = mkOption {
+        type = types.lines;
+        default = "";
+        description = ''
+          Options appended to <filename>kdmrc</filename>, the
+          configuration file of KDM.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.displayManager.slim.enable = false;
+
+    services.xserver.displayManager.job =
+      { execCmd =
+          ''
+            mkdir -m 0755 -p /var/lib/kdm
+            chown kdm /var/lib/kdm
+            ${(optionalString (config.system.boot.loader.id == "grub" && config.system.build.grub != null) "PATH=${config.system.build.grub}/sbin:$PATH ") +
+              "KDEDIRS=/run/current-system/sw exec ${kdebase_workspace}/bin/kdm -config ${kdmrc} -nodaemon"}
+          '';
+        logsXsession = true;
+      };
+
+    security.pam.services.kde = { allowNullPassword = true; startSession = true; };
+
+    users.extraUsers = singleton
+      { name = "kdm";
+        uid = config.ids.uids.kdm;
+        description = "KDM user";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/display-managers/lightdm.nix b/nixos/modules/services/x11/display-managers/lightdm.nix
new file mode 100644
index 000000000000..e4125891e6cb
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/lightdm.nix
@@ -0,0 +1,120 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  dmcfg = config.services.xserver.displayManager;
+  xEnv = config.systemd.services."display-manager".environment;
+  cfg = dmcfg.lightdm;
+
+  inherit (pkgs) stdenv lightdm writeScript writeText;
+
+  # lightdm runs with clearenv(), but we need a few things in the enviornment for X to startup
+  xserverWrapper = writeScript "xserver-wrapper"
+    ''
+      #! /bin/sh
+      ${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
+      exec ${dmcfg.xserverBin} ${dmcfg.xserverArgs}
+    '';
+
+  # The default greeter provided with this expression is the GTK greeter.
+  # Again, we need a few things in the environment for the greeter to run with
+  # fonts/icons.
+  wrappedGtkGreeter = stdenv.mkDerivation {
+    name = "lightdm-gtk-greeter";
+    buildInputs = [ pkgs.makeWrapper ];
+
+    buildCommand = ''
+      ensureDir $out/gtk-3.0/
+
+      # This wrapper ensures that we actually get fonts
+      makeWrapper ${pkgs.lightdm_gtk_greeter}/sbin/lightdm-gtk-greeter \
+        $out/greeter \
+        --set XDG_DATA_DIRS ${pkgs.gnome2.gnome_icon_theme}/share \
+        --set FONTCONFIG_FILE /etc/fonts/fonts.conf \
+        --set XDG_CONFIG_HOME $out/
+
+      # We need this to ensure that it actually tries to find icons from gnome-icon-theme
+      cat - > $out/gtk-3.0/settings.ini << EOF
+      [Settings]
+      gtk-icon-theme-name=gnome
+      EOF
+
+      cat - > $out/lightdm-gtk-greeter.desktop << EOF
+      [Desktop Entry]
+      Name=LightDM Greeter
+      Comment=This runs the LightDM Greeter
+      Exec=$out/greeter
+      Type=Application
+      EOF
+    '';
+  };
+
+  lightdmConf = writeText "lightdm.conf"
+    ''
+      [LightDM]
+      greeter-user = ${config.users.extraUsers.lightdm.name}
+      xgreeters-directory = ${cfg.greeter.package}
+      xsessions-directory = ${dmcfg.session.desktops}
+
+      [SeatDefaults]
+      xserver-command = ${xserverWrapper}
+      session-wrapper = ${dmcfg.session.script}
+      greeter-session = ${cfg.greeter.name}
+    '';
+
+in
+{
+  options = {
+    services.xserver.displayManager.lightdm = {
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable lightdm as the display manager.
+        '';
+      };
+
+      greeter = mkOption {
+        description = ''
+          The LightDM greeter to login via. The package should be a directory
+          containing a .desktop file matching the name in the 'name' option.
+        '';
+        default = {
+          name = "lightdm-gtk-greeter";
+          package = wrappedGtkGreeter;
+        };
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.displayManager.slim.enable = false;
+
+    services.xserver.displayManager.job = {
+      logsXsession = true;
+
+      # lightdm relaunches itself via just `lightdm`, so needs to be on the PATH
+      execCmd = ''
+        export PATH=${lightdm}/sbin:$PATH
+        ${lightdm}/sbin/lightdm --log-dir=/var/log --run-dir=/run --config=${lightdmConf}
+      '';
+    };
+
+    services.dbus.enable = true;
+    services.dbus.packages = [ lightdm ];
+
+    security.pam.services.lightdm = { allowNullPassword = true; startSession = true; };
+    security.pam.services.lightdm-greeter = { allowNullPassword = true; startSession = true; };
+
+    users.extraUsers.lightdm = {
+      createHome = true;
+      home = "/var/lib/lightdm";
+      group = "lightdm";
+      uid = config.ids.uids.lightdm;
+    };
+
+    users.extraGroups.lightdm.gid = config.ids.gids.lightdm;
+  };
+}
diff --git a/nixos/modules/services/x11/display-managers/slim.nix b/nixos/modules/services/x11/display-managers/slim.nix
new file mode 100644
index 000000000000..35834ef3764b
--- /dev/null
+++ b/nixos/modules/services/x11/display-managers/slim.nix
@@ -0,0 +1,123 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  dmcfg = config.services.xserver.displayManager;
+  cfg = dmcfg.slim;
+
+  slimConfig = pkgs.writeText "slim.cfg"
+    ''
+      xauth_path ${dmcfg.xauthBin}
+      default_xserver ${dmcfg.xserverBin}
+      xserver_arguments ${dmcfg.xserverArgs}
+      sessiondir ${dmcfg.session.desktops}
+      login_cmd exec ${pkgs.stdenv.shell} ${dmcfg.session.script} "%session"
+      halt_cmd ${config.systemd.package}/sbin/shutdown -h now
+      reboot_cmd ${config.systemd.package}/sbin/shutdown -r now
+      ${optionalString (cfg.defaultUser != null) ("default_user " + cfg.defaultUser)}
+      ${optionalString cfg.autoLogin "auto_login yes"}
+    '';
+
+  # Unpack the SLiM theme, or use the default.
+  slimThemesDir =
+    let
+      unpackedTheme = pkgs.stdenv.mkDerivation {
+        name = "slim-theme";
+        buildCommand = ''
+          ensureDir $out
+          cd $out
+          unpackFile ${cfg.theme}
+          ln -s * default
+        '';
+      };
+    in if cfg.theme == null then "${pkgs.slim}/share/slim/themes" else unpackedTheme;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.displayManager.slim = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = config.services.xserver.enable;
+        description = ''
+          Whether to enable SLiM as the display manager.
+        '';
+      };
+
+      theme = mkOption {
+        type = types.nullOr types.path;
+        default = null;
+        example = literalExample ''
+          pkgs.fetchurl {
+            url = http://download.berlios.de/slim/slim-wave.tar.gz;
+            sha256 = "0ndr419i5myzcylvxb89m9grl2xyq6fbnyc3lkd711mzlmnnfxdy";
+          }
+        '';
+        description = ''
+          The theme for the SLiM login manager.  If not specified, SLiM's
+          default theme is used.  See <link
+          xlink:href='http://slim.berlios.de/themes01.php'/> for a
+          collection of themes.
+        '';
+      };
+
+      defaultUser = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "login";
+        description = ''
+          The default user to load. If you put a username here you
+          get it automatically loaded into the username field, and
+          the focus is placed on the password.
+        '';
+      };
+
+      autoLogin = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Automatically log in as the default user.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.displayManager.job =
+      { preStart =
+          ''
+            rm -f /var/log/slim.log
+          '';
+        environment =
+          { SLIM_CFGFILE = slimConfig;
+            SLIM_THEMESDIR = slimThemesDir;
+          };
+        execCmd = "exec ${pkgs.slim}/bin/slim";
+      };
+
+    # Allow null passwords so that the user can login as root on the
+    # installation CD.
+    security.pam.services.slim = { allowNullPassword = true; startSession = true; };
+
+    # Allow slimlock to work.
+    security.pam.services.slimlock = {};
+
+    environment.systemPackages = [ pkgs.slim ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/hardware/multitouch.nix b/nixos/modules/services/x11/hardware/multitouch.nix
new file mode 100644
index 000000000000..4f9048bfd910
--- /dev/null
+++ b/nixos/modules/services/x11/hardware/multitouch.nix
@@ -0,0 +1,60 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.xserver.multitouch; in
+
+{
+
+  options = {
+
+    services.xserver.multitouch = {
+
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Whether to enable multitouch touchpad support.";
+      };
+
+      invertScroll = mkOption {
+        default = false;
+        example = true;
+        type = types.bool;
+        description = "Whether to invert scrolling direction à la OSX Lion";
+      };
+
+      ignorePalm = mkOption {
+        default = false;
+        example = true;
+        type = types.bool;
+        description = "Whether to ignore touches detected as being the palm (i.e when typing)";
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.modules = [ pkgs.xf86_input_mtrack ];
+
+    services.xserver.config =
+      ''
+        # Automatically enable the multitouch driver
+        Section "InputClass"
+          MatchIsTouchpad "on"
+          Identifier "Touchpads"
+          Driver "mtrack"
+          Option "IgnorePalm" "${if cfg.ignorePalm then "true" else "false"}"
+          ${optionalString cfg.invertScroll ''
+            Option "ScrollUpButton" "5"
+            Option "ScrollDownButton" "4"
+            Option "ScrollLeftButton" "7"
+            Option "ScrollRightButton" "6"
+          ''}
+        EndSection
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/hardware/synaptics.nix b/nixos/modules/services/x11/hardware/synaptics.nix
new file mode 100644
index 000000000000..5884e9aa31c8
--- /dev/null
+++ b/nixos/modules/services/x11/hardware/synaptics.nix
@@ -0,0 +1,122 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let cfg = config.services.xserver.synaptics; in
+
+{
+
+  options = {
+
+    services.xserver.synaptics = {
+
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Whether to enable touchpad support.";
+      };
+
+      dev = mkOption {
+        default = null;
+        example = "/dev/input/event0";
+        description =
+          ''
+            Path for touchpad device.  Set to null to apply to any
+            auto-detected touchpad.
+          '';
+      };
+
+      accelFactor = mkOption {
+        default = "0.001";
+        description = "Cursor acceleration (how fast speed increases from minSpeed to maxSpeed).";
+      };
+
+      minSpeed = mkOption {
+        default = "0.6";
+        description = "Cursor speed factor for precision finger motion.";
+      };
+
+      maxSpeed = mkOption {
+        default = "1.0";
+        description = "Cursor speed factor for highest-speed finger motion.";
+      };
+
+      twoFingerScroll = mkOption {
+        default = false;
+        description = "Whether to enable two-finger drag-scrolling.";
+      };
+
+      vertEdgeScroll = mkOption {
+        default = ! cfg.twoFingerScroll;
+        description = "Whether to enable vertical edge drag-scrolling.";
+      };
+
+      tapButtons = mkOption {
+        default = true;
+        example = false;
+        description = "Whether to enable tap buttons.";
+      };
+
+      palmDetect = mkOption {
+        default = false;
+        example = true;
+        description = "Whether to enable palm detection (hardware support required)";
+      };
+
+      horizontalScroll = mkOption {
+        default = true;
+        example = false;
+        description = "Whether to enable horizontal scrolling (on touchpad)";
+      };
+
+      additionalOptions = mkOption {
+        default = "";
+        example = ''
+          Option "RTCornerButton" "2"
+          Option "RBCornerButton" "3"
+        '';
+        description = ''
+          Additional options for synaptics touchpad driver.
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    services.xserver.modules = [ pkgs.xorg.xf86inputsynaptics ];
+
+    environment.systemPackages = [ pkgs.xorg.xf86inputsynaptics ];
+
+    services.xserver.config =
+      ''
+        # Automatically enable the synaptics driver for all touchpads.
+        Section "InputClass"
+          Identifier "synaptics touchpad catchall"
+          MatchIsTouchpad "on"
+          ${optionalString (cfg.dev != null) ''MatchDevicePath "${cfg.dev}"''}
+          Driver "synaptics"
+          Option "MaxTapTime" "180"
+          Option "MaxTapMove" "220"
+          Option "MinSpeed" "${cfg.minSpeed}"
+          Option "MaxSpeed" "${cfg.maxSpeed}"
+          Option "AccelFactor" "${cfg.accelFactor}"
+          Option "TapButton1" "${if cfg.tapButtons then "1" else "0"}"
+          Option "TapButton2" "${if cfg.tapButtons then "2" else "0"}"
+          Option "TapButton3" "${if cfg.tapButtons then "3" else "0"}"
+          ${if cfg.tapButtons then "" else ''Option "MaxTapTime" "0"''}
+          Option "VertTwoFingerScroll" "${if cfg.twoFingerScroll then "1" else "0"}"
+          Option "HorizTwoFingerScroll" "${if cfg.twoFingerScroll then "1" else "0"}"
+          Option "VertEdgeScroll" "${if cfg.vertEdgeScroll then "1" else "0"}"
+          ${if cfg.palmDetect then ''Option "PalmDetect" "1"'' else ""}
+          ${if cfg.horizontalScroll then "" else ''Option "HorizScrollDelta" "0"''}
+          ${cfg.additionalOptions}
+        EndSection
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/hardware/wacom.nix b/nixos/modules/services/x11/hardware/wacom.nix
new file mode 100644
index 000000000000..dfc588cd2132
--- /dev/null
+++ b/nixos/modules/services/x11/hardware/wacom.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.wacom;
+
+in
+
+{
+
+  options = {
+
+    services.xserver.wacom = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to enable the Wacom touchscreen/digitizer/tablet.
+          If you ever have any issues such as, try switching to terminal (ctrl-alt-F1) and back
+          which will make Xorg reconfigure the device ?
+
+          If you're not satisfied by the default behaviour you can override
+          <option>environment.etc."X11/xorg.conf.d/50-wacom.conf"</option> in
+          configuration.nix easily.
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ pkgs.xf86_input_wacom ]; # provides xsetwacom
+
+    services.xserver.modules = [ pkgs.xf86_input_wacom ];
+
+    services.udev.packages = [ pkgs.xf86_input_wacom ];
+
+    environment.etc."X11/xorg.conf.d/50-wacom.conf".source = "${pkgs.xf86_input_wacom}/share/X11/xorg.conf.d/50-wacom.conf";
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix
new file mode 100644
index 000000000000..bf7f974edc7b
--- /dev/null
+++ b/nixos/modules/services/x11/redshift.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  cfg = config.services.redshift;
+
+in {
+  options = {
+    services.redshift.enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Enable Redshift to change your screen's colour temperature depending on the time of day";
+    };
+
+    services.redshift.latitude = mkOption {
+      description = "Your current latitude";
+      type = types.string;
+    };
+
+    services.redshift.longitude = mkOption {
+      description = "Your current longitude";
+      type = types.string;
+    };
+
+    services.redshift.temperature = {
+      day = mkOption {
+        description = "Colour temperature to use during day time";
+        default = 5500;
+        type = types.int;
+      };
+      night = mkOption {
+        description = "Colour temperature to use during night time";
+        default = 3700;
+        type = types.int;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.redshift = {
+      description = "Redshift colour temperature adjuster";
+      requires = [ "display-manager.service" ];
+      script = ''
+        ${pkgs.redshift}/bin/redshift \
+          -l ${cfg.latitude}:${cfg.longitude} \
+          -t ${toString cfg.temperature.day}:${toString cfg.temperature.night}
+      '';
+      environment = { DISPLAY = ":0"; };
+    };
+  };
+}
diff --git a/nixos/modules/services/x11/terminal-server.nix b/nixos/modules/services/x11/terminal-server.nix
new file mode 100644
index 000000000000..ab05639aeca6
--- /dev/null
+++ b/nixos/modules/services/x11/terminal-server.nix
@@ -0,0 +1,66 @@
+# This module implements a terminal service based on ‘x11vnc’.  It
+# listens on port 5900 for VNC connections.  It then presents a login
+# screen to the user.  If the user successfully authenticates, x11vnc
+# checks to see if a X server is already running for that user.  If
+# not, a X server (Xvfb) is started for that user.  The Xvfb instances
+# persist across VNC sessions.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  # Wrap Xvfb to set some flags/variables.
+  xvfbWrapper = pkgs.writeScriptBin "Xvfb"
+    ''
+      #! ${pkgs.stdenv.shell}
+      export XKB_BINDIR=${pkgs.xorg.xkbcomp}/bin
+      export XORG_DRI_DRIVER_PATH=${pkgs.mesa}/lib/dri
+      exec ${pkgs.xorg.xorgserver}/bin/Xvfb "$@" -xkbdir "${pkgs.xkeyboard_config}/etc/X11/xkb"
+    '';
+
+  # ‘xinetd’ is insanely braindamaged in that it sends stderr to
+  # stdout.  Thus requires just about any xinetd program to be
+  # wrapped to redirect its stderr.  Sigh.
+  x11vncWrapper = pkgs.writeScriptBin "x11vnc-wrapper"
+    ''
+      #! ${pkgs.stdenv.shell}
+      export PATH=${makeSearchPath "bin" [ xvfbWrapper pkgs.gawk pkgs.which pkgs.openssl pkgs.xorg.xauth pkgs.nettools pkgs.shadow pkgs.procps pkgs.utillinux pkgs.bash ]}:$PATH
+      export FD_GEOM=1024x786x24
+      exec ${pkgs.x11vnc}/bin/x11vnc -inetd -display WAIT:1024x786:cmd=FINDCREATEDISPLAY-Xvfb.xdmcp -unixpw -ssl SAVE 2> /var/log/x11vnc.log
+    '';
+
+in 
+
+{
+
+  config = {
+  
+    services.xserver.enable = true;
+
+    # Enable KDM.  Any display manager will do as long as it supports XDMCP.
+    services.xserver.displayManager.kdm.enable = true;
+    services.xserver.displayManager.kdm.enableXDMCP = true;
+    services.xserver.displayManager.kdm.extraConfig =
+      ''
+        [General]
+        # We're headless, so don't bother starting an X server.
+        StaticServers=
+
+        [Xdmcp]
+        Xaccess=${pkgs.writeText "Xaccess" "localhost"}
+      '';
+
+    services.xinetd.enable = true;
+    services.xinetd.services = singleton
+      { name = "x11vnc";
+        port = 5900;
+        unlisted = true;
+        user = "root";
+        server = "${x11vncWrapper}/bin/x11vnc-wrapper";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/awesome.nix b/nixos/modules/services/x11/window-managers/awesome.nix
new file mode 100644
index 000000000000..1c61419a44c0
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/awesome.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.awesome;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.windowManager.awesome.enable = mkOption {
+      default = false;
+      description = "Enable the Awesome window manager.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      { name = "awesome";
+        start =
+          ''
+            ${pkgs.awesome}/bin/awesome &
+            waitPID=$!
+          '';
+      };
+
+    environment.systemPackages = [ pkgs.awesome ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/compiz.nix b/nixos/modules/services/x11/window-managers/compiz.nix
new file mode 100644
index 000000000000..209401f26468
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/compiz.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.compiz;
+  xorg = config.services.xserver.package;
+
+in
+
+{
+
+  options = {
+
+    services.xserver.windowManager.compiz = {
+
+      enable = mkOption {
+        default = false;
+        description = "Enable the Compiz window manager.";
+      };
+
+      renderingFlag = mkOption {
+        default = "";
+        example = "--indirect-rendering";
+        description = "Pass the <option>--indirect-rendering</option> flag to Compiz.";
+      };
+
+    };
+
+  };
+
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      { name = "compiz";
+        start =
+          ''
+            # Start Compiz using the flat-file configuration backend
+            # (ccp).
+            export COMPIZ_PLUGINDIR=${config.system.path}/lib/compiz
+            export COMPIZ_METADATADIR=${config.system.path}/share/compiz
+            ${pkgs.compiz}/bin/compiz ccp ${cfg.renderingFlag} &
+
+            # Start GTK-style window decorator.
+            ${pkgs.compiz}/bin/gtk-window-decorator &
+          '';
+      };
+
+    environment.systemPackages =
+      [ pkgs.compiz
+        pkgs.compiz_ccsm
+        pkgs.compiz_plugins_main
+        pkgs.compiz_plugins_extra
+        pkgs.libcompizconfig # for the "ccp" plugin
+      ];
+
+    environment.pathsToLink = [ "/lib/compiz" "/share/compiz" ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/default.nix b/nixos/modules/services/x11/window-managers/default.nix
new file mode 100644
index 000000000000..93e3b6ddf4c4
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/default.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.xserver.windowManager;
+in
+
+{
+  imports =
+    [ ./compiz.nix
+      ./openbox.nix
+      ./metacity.nix
+      ./none.nix
+      ./twm.nix
+      ./wmii.nix
+      ./xmonad.nix
+      ./i3.nix
+      ./xbmc.nix
+    ];
+
+  options = {
+
+    services.xserver.windowManager = {
+
+      session = mkOption {
+        internal = true;
+        default = [];
+        example = [{
+          name = "wmii";
+          start = "...";
+        }];
+        description = ''
+          Internal option used to add some common line to window manager
+          scripts before forwarding the value to the
+          <varname>displayManager</varname>.
+        '';
+        apply = map (d: d // {
+          manage = "window";
+        });
+      };
+
+      default = mkOption {
+        type = types.str;
+        default = "none";
+        example = "wmii";
+        description = "Default window manager loaded if none have been chosen.";
+        apply = defaultWM:
+          if any (w: w.name == defaultWM) cfg.session then
+            defaultWM
+          else
+            throw "Default window manager (${defaultWM}) not found.";
+      };
+
+    };
+
+  };
+
+  config = {
+    services.xserver.displayManager.session = cfg.session;
+  };
+}
diff --git a/nixos/modules/services/x11/window-managers/i3.nix b/nixos/modules/services/x11/window-managers/i3.nix
new file mode 100644
index 000000000000..e53d86187ae6
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/i3.nix
@@ -0,0 +1,43 @@
+{ pkgs, config, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.services.xserver.windowManager.i3;
+in
+
+{
+  options = {
+    services.xserver.windowManager.i3 = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Enable the i3 tiling window manager.";
+      };
+
+      configFile = mkOption {
+        default = null;
+        type = types.nullOr types.path;
+        description = ''
+          Path to the i3 configuration file.
+          If left at the default value, $HOME/.i3/config will be used.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver.windowManager = {
+      session = [{
+        name = "i3";
+        start = ''
+          ${pkgs.i3}/bin/i3 ${optionalString (cfg.configFile != null)
+            "-c \"${cfg.configFile}\""
+          } &
+          waitPID=$!
+        '';
+      }];
+    };
+    environment.systemPackages = [ pkgs.i3 ];
+  };
+}
diff --git a/nixos/modules/services/x11/window-managers/icewm.nix b/nixos/modules/services/x11/window-managers/icewm.nix
new file mode 100644
index 000000000000..b7da4051c141
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/icewm.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.icewm;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.windowManager.icewm.enable = mkOption {
+      default = false;
+      description = "Enable the IceWM window manager.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      { name = "icewm";
+        start =
+          ''
+            ${pkgs.icewm}/bin/icewm &
+            waitPID=$!
+          '';
+      };
+
+    environment.systemPackages = [ pkgs.icewm ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/metacity.nix b/nixos/modules/services/x11/window-managers/metacity.nix
new file mode 100644
index 000000000000..712e2038594e
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/metacity.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.metacity;
+  xorg = config.services.xserver.package;
+  gnome = pkgs.gnome;
+
+in
+
+{
+  options = {
+
+    services.xserver.windowManager.metacity.enable = mkOption {
+      default = false;
+      example = true;
+      description = "Enable the metacity window manager.";
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      { name = "metacity";
+        start = ''
+          env LD_LIBRARY_PATH=${xorg.libX11}/lib:${xorg.libXext}/lib:/usr/lib/
+          # !!! Hack: load the schemas for Metacity.
+          GCONF_CONFIG_SOURCE=xml::~/.gconf ${gnome.GConf}/bin/gconftool-2 \
+            --makefile-install-rule ${gnome.metacity}/etc/gconf/schemas/*.schemas # */
+          ${gnome.metacity}/bin/metacity &
+          waitPID=$!
+        '';
+      };
+
+    environment.systemPackages = [ gnome.metacity ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/none.nix b/nixos/modules/services/x11/window-managers/none.nix
new file mode 100644
index 000000000000..84cf1d770776
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/none.nix
@@ -0,0 +1,12 @@
+{
+  services = {
+    xserver = {
+      windowManager = {
+        session = [{
+          name = "none";
+          start = "";
+        }];
+      };
+    };
+  };
+}
diff --git a/nixos/modules/services/x11/window-managers/openbox.nix b/nixos/modules/services/x11/window-managers/openbox.nix
new file mode 100644
index 000000000000..46b1945d33e8
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/openbox.nix
@@ -0,0 +1,30 @@
+{pkgs, config, ...}:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+  cfg = config.services.xserver.windowManager.openbox;
+in
+
+{
+  options = {
+    services.xserver.windowManager.openbox = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Enable the Openbox window manager.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver.windowManager = {
+      session = [{
+        name = "openbox";
+        start = "
+          ${pkgs.openbox}/bin/openbox-session
+        ";
+      }];
+    };
+    environment.systemPackages = [ pkgs.openbox ];
+  };
+}
diff --git a/nixos/modules/services/x11/window-managers/twm.nix b/nixos/modules/services/x11/window-managers/twm.nix
new file mode 100644
index 000000000000..d80ffe4942fb
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/twm.nix
@@ -0,0 +1,42 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.twm;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xserver.windowManager.twm.enable = mkOption {
+      default = false;
+      description = "Enable the twm window manager.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      { name = "twm";
+        start =
+          ''
+            ${pkgs.xorg.twm}/bin/twm &
+            waitPID=$!
+          '';
+      };
+
+    environment.systemPackages = [ pkgs.xorg.twm ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/wmii.nix b/nixos/modules/services/x11/window-managers/wmii.nix
new file mode 100644
index 000000000000..b61521274fba
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/wmii.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.xserver.windowManager.wmii;
+
+in
+
+{
+  options = {
+
+    services.xserver.windowManager.wmii.enable = mkOption {
+      default = false;
+      example = true;
+      description = "Enable the wmii window manager.";
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    services.xserver.windowManager.session = singleton
+      # stop wmii by
+      #   $wmiir xwrite /ctl quit
+      # this will cause wmii exiting with exit code 0
+      #
+      # why this loop?
+      # wmii crashes once a month here. That doesn't matter that much
+      # wmii can recover very well. However without loop the x session terminates and then your workspace setup is
+      # lost and all applications running on X will terminate.
+      # Another use case is kill -9 wmii; after rotating screen.
+      # Note: we don't like kill for that purpose. But it works (-> subject "wmii and xrandr" on mailinglist)
+      { name = "wmii";
+        start = ''
+          while :; do
+            ${pkgs.wmiiSnap}/bin/wmii && break
+          done
+        '';
+      };
+
+    environment.systemPackages = [ pkgs.wmiiSnap ];
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/window-managers/xbmc.nix b/nixos/modules/services/x11/window-managers/xbmc.nix
new file mode 100644
index 000000000000..46494202b404
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/xbmc.nix
@@ -0,0 +1,31 @@
+{pkgs, config, ...}:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+  cfg = config.services.xserver.windowManager.xbmc;
+in
+
+{
+  options = {
+    services.xserver.windowManager.xbmc = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Enable the xbmc multimedia center.";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.xserver.windowManager = {
+      session = [{
+        name = "xbmc";
+        start = "
+          ${pkgs.xbmc}/bin/xbmc --lircdev /var/run/lirc/lircd --standalone &
+          waitPID=$!
+        ";
+      }];
+    };
+    environment.systemPackages = [ pkgs.xbmc ];
+  };
+}
diff --git a/nixos/modules/services/x11/window-managers/xmonad.nix b/nixos/modules/services/x11/window-managers/xmonad.nix
new file mode 100644
index 000000000000..2cbb5002d6cf
--- /dev/null
+++ b/nixos/modules/services/x11/window-managers/xmonad.nix
@@ -0,0 +1,30 @@
+{pkgs, config, ...}:
+
+let
+  inherit (pkgs.lib) mkOption mkIf;
+  cfg = config.services.xserver.windowManager.xmonad;
+in
+
+{
+  options = {
+    services.xserver.windowManager.xmonad = {
+      enable = mkOption {
+        default = false;
+        example = true;
+        description = "Enable the xmonad window manager.";
+      };
+    };
+  };
+
+  config = {
+    services.xserver.windowManager = {
+      session = mkIf cfg.enable [{
+        name = "xmonad";
+        start = "
+          ${pkgs.haskellPackages.xmonad}/bin/xmonad &
+          waitPID=$!
+        ";
+      }];
+    };
+  };
+}
diff --git a/nixos/modules/services/x11/xfs.conf b/nixos/modules/services/x11/xfs.conf
new file mode 100644
index 000000000000..13dcf803db29
--- /dev/null
+++ b/nixos/modules/services/x11/xfs.conf
@@ -0,0 +1,15 @@
+# font server configuration file
+# $Xorg: config.cpp,v 1.3 2000/08/17 19:54:19 cpqbld Exp $
+
+clone-self = on
+use-syslog = off
+error-file = /var/log/xfs.log
+# in decipoints
+default-point-size = 120
+default-resolutions = 75,75,100,100
+
+# font cache control, specified in KB
+cache-hi-mark = 2048
+cache-low-mark = 1433
+cache-balance = 70
+catalogue = /run/current-system/sw/share/X11-fonts/
diff --git a/nixos/modules/services/x11/xfs.nix b/nixos/modules/services/x11/xfs.nix
new file mode 100644
index 000000000000..44c1d533c3ac
--- /dev/null
+++ b/nixos/modules/services/x11/xfs.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  configFile = ./xfs.conf;
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    services.xfs = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Whether to enable the X Font Server.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.services.xfs.enable {
+
+    assertions = singleton
+      { assertion = config.fonts.enableFontDir;
+        message = "Please enable fonts.enableFontDir to use the X Font Server.";
+      };
+
+    jobs.xfs =
+      { description = "X Font Server";
+
+        startOn = "started networking";
+
+        exec = "${pkgs.xorg.xfs}/bin/xfs -config ${configFile}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
new file mode 100644
index 000000000000..da94f7cad53a
--- /dev/null
+++ b/nixos/modules/services/x11/xserver.nix
@@ -0,0 +1,677 @@
+{ config, pkgs, pkgs_i686, ... }:
+
+with pkgs.lib;
+
+let
+
+  kernelPackages = config.boot.kernelPackages;
+
+  # Abbreviations.
+  cfg = config.services.xserver;
+  xorg = pkgs.xorg;
+
+
+  # Map video driver names to driver packages.
+  knownVideoDrivers = {
+    ati_unfree   = { modules = [ kernelPackages.ati_drivers_x11 ]; driverName = "fglrx"; };
+    nouveau       = { modules = [ pkgs.xf86_video_nouveau ]; };
+    nvidia       = { modules = [ kernelPackages.nvidia_x11 ]; };
+    nvidiaLegacy96 = { modules = [ kernelPackages.nvidia_x11_legacy96 ]; driverName = "nvidia"; };
+    nvidiaLegacy173 = { modules = [ kernelPackages.nvidia_x11_legacy173 ]; driverName = "nvidia"; };
+    nvidiaLegacy304 = { modules = [ kernelPackages.nvidia_x11_legacy304 ]; driverName = "nvidia"; };
+    unichrome    = { modules = [ pkgs.xorgVideoUnichrome ]; };
+    virtualbox   = { modules = [ kernelPackages.virtualboxGuestAdditions ]; driverName = "vboxvideo"; };
+  };
+
+  driverNames =
+    optional (cfg.videoDriver != null) cfg.videoDriver ++ cfg.videoDrivers;
+
+  drivers = flip map driverNames
+    (name: { inherit name; driverName = name; } //
+      attrByPath [name] (if (hasAttr ("xf86video" + name) xorg) then { modules = [(getAttr ("xf86video" + name) xorg) ]; } else throw "unknown video driver `${name}'") knownVideoDrivers);
+
+  fontsForXServer =
+    config.fonts.fonts ++
+    # We don't want these fonts in fonts.conf, because then modern,
+    # fontconfig-based applications will get horrible bitmapped
+    # Helvetica fonts.  It's better to get a substitution (like Nimbus
+    # Sans) than that horror.  But we do need the Adobe fonts for some
+    # old non-fontconfig applications.  (Possibly this could be done
+    # better using a fontconfig rule.)
+    [ pkgs.xorg.fontadobe100dpi
+      pkgs.xorg.fontadobe75dpi
+    ];
+
+
+  # Just enumerate all heads without discarding XRandR output information.
+  xrandrHeads = let
+    mkHead = num: output: {
+      name = "multihead${toString num}";
+      inherit output;
+    };
+  in imap mkHead cfg.xrandrHeads;
+
+  xrandrDeviceSection = flip concatMapStrings xrandrHeads (h: ''
+    Option "monitor-${h.output}" "${h.name}"
+  '');
+
+  # Here we chain every monitor from the left to right, so we have:
+  # m4 right of m3 right of m2 right of m1   .----.----.----.----.
+  # Which will end up in reverse ----------> | m1 | m2 | m3 | m4 |
+  #                                          `----^----^----^----'
+  xrandrMonitorSections = let
+    mkMonitor = previous: current: previous ++ singleton {
+      inherit (current) name;
+      value = ''
+        Section "Monitor"
+          Identifier "${current.name}"
+          ${optionalString (previous != []) ''
+          Option "RightOf" "${(head previous).name}"
+          ''}
+        EndSection
+      '';
+    };
+    monitors = foldl mkMonitor [] xrandrHeads;
+  in concatMapStrings (getAttr "value") monitors;
+
+
+  configFile = pkgs.stdenv.mkDerivation {
+    name = "xserver.conf";
+
+    xfs = optionalString (cfg.useXFS != false)
+      ''FontPath "${toString cfg.useXFS}"'';
+
+    inherit (cfg) config;
+
+    buildCommand =
+      ''
+        echo 'Section "Files"' >> $out
+        echo $xfs >> $out
+
+        for i in ${toString fontsForXServer}; do
+          if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
+            for j in $(find $i -name fonts.dir); do
+              echo "  FontPath \"$(dirname $j)\"" >> $out
+            done
+          fi
+        done
+
+        for i in $(find ${toString cfg.modules} -type d); do
+          if test $(echo $i/*.so* | wc -w) -ne 0; then
+            echo "  ModulePath \"$i\"" >> $out
+          fi
+        done
+
+        echo 'EndSection' >> $out
+
+        echo "$config" >> $out
+      ''; # */
+  };
+
+in
+
+{
+
+  imports =
+    [ ./display-managers/default.nix
+      ./window-managers/default.nix
+      ./desktop-managers/default.nix
+    ];
+
+
+  ###### interface
+
+  options = {
+
+    services.xserver = {
+
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to enable the X server.
+        '';
+      };
+
+      autorun = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to start the X server automatically.
+        '';
+      };
+
+      exportConfiguration = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to symlink the X server configuration under
+          <filename>/etc/X11/xorg.conf</filename>.
+        '';
+      };
+
+      enableTCP = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to allow the X server to accept TCP connections.
+        '';
+      };
+
+      modules = mkOption {
+        type = types.listOf types.path;
+        default = [];
+        example = [ pkgs.xf86_input_wacom ];
+        description = "Packages to be added to the module search path of the X server.";
+      };
+
+      resolutions = mkOption {
+        type = types.listOf types.attrs;
+        default = [];
+        example = [ { x = 1600; y = 1200; } { x = 1024; y = 786; } ];
+        description = ''
+          The screen resolutions for the X server.  The first element
+          is the default resolution.  If this list is empty, the X
+          server will automatically configure the resolution.
+        '';
+      };
+
+      videoDriver = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        example = "i810";
+        description = ''
+          The name of the video driver for your graphics card.  This
+          option is obsolete; please set the
+          <option>videoDrivers</option> instead.
+        '';
+      };
+
+      videoDrivers = mkOption {
+        type = types.listOf types.str;
+        # !!! We'd like "nv" here, but it segfaults the X server.
+        default = [ "ati" "cirrus" "intel" "vesa" "vmware" ];
+        example = [ "vesa" ];
+        description = ''
+          The names of the video drivers that the X server should
+          support.  The X server will try all of the drivers listed
+          here until it finds one that supports your video card.
+        '';
+      };
+
+      vaapiDrivers = mkOption {
+        type = types.listOf types.path;
+        default = [ ];
+        example = "[ pkgs.vaapiIntel pkgs.vaapiVdpau ]";
+        description = ''
+          Packages providing libva acceleration drivers.
+        '';
+      };
+
+      driSupport = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to enable accelerated OpenGL rendering through the
+          Direct Rendering Interface (DRI).
+        '';
+      };
+
+      driSupport32Bit = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          On 64-bit systems, whether to support Direct Rendering for
+          32-bit applications (such as Wine).  This is currently only
+          supported for the <literal>nvidia</literal> driver and for
+          <literal>mesa</literal>.
+        '';
+      };
+
+      s3tcSupport = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Make S3TC(S3 Texture Compression) via libtxc_dxtn available
+          to OpenGL drivers. It is essential for many games to work
+          with FOSS GPU drivers.
+
+          Using this library may require a patent license depending on your location.
+        '';
+      };
+
+      startOpenSSHAgent = mkOption {
+        type = types.bool;
+        default = true;
+        description = ''
+          Whether to start the OpenSSH agent when you log in.  The OpenSSH agent
+          remembers private keys for you so that you don't have to type in
+          passphrases every time you make an SSH connection.  Use
+          <command>ssh-add</command> to add a key to the agent.
+        '';
+      };
+
+      startGnuPGAgent = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to start the GnuPG agent when you log in.  The GnuPG agent
+          remembers private keys for you so that you don't have to type in
+          passphrases every time you make an SSH connection or sign/encrypt
+          data.  Use <command>ssh-add</command> to add a key to the agent.
+        '';
+      };
+
+      layout = mkOption {
+        type = types.str;
+        default = "us";
+        description = ''
+          Keyboard layout.
+        '';
+      };
+
+      xkbModel = mkOption {
+        type = types.str;
+        default = "pc104";
+        example = "presario";
+        description = ''
+          Keyboard model.
+        '';
+      };
+
+      xkbOptions = mkOption {
+        type = types.str;
+        default = "terminate:ctrl_alt_bksp";
+        example = "grp:caps_toggle, grp_led:scroll";
+        description = ''
+          X keyboard options; layout switching goes here.
+        '';
+      };
+
+      xkbVariant = mkOption {
+        type = types.str;
+        default = "";
+        example = "colemak";
+        description = ''
+          X keyboard variant.
+        '';
+      };
+
+      config = mkOption {
+        type = types.lines;
+        description = ''
+          The contents of the configuration file of the X server
+          (<filename>xorg.conf</filename>).
+        '';
+      };
+
+      deviceSection = mkOption {
+        type = types.lines;
+        default = "";
+        example = "VideoRAM 131072";
+        description = "Contents of the first Device section of the X server configuration file.";
+      };
+
+      screenSection = mkOption {
+        type = types.lines;
+        default = "";
+        example = ''
+          Option "RandRRotation" "on"
+        '';
+        description = "Contents of the first Screen section of the X server configuration file.";
+      };
+
+      monitorSection = mkOption {
+        type = types.lines;
+        default = "";
+        example = "HorizSync 28-49";
+        description = "Contents of the first Monitor section of the X server configuration file.";
+      };
+
+      xrandrHeads = mkOption {
+        default = [];
+        example = [ "HDMI-0" "DVI-0" ];
+        type = with types; listOf string;
+        description = ''
+          Simple multiple monitor configuration, just specify a list of XRandR
+          outputs which will be mapped from left to right in the order of the
+          list.
+
+          Be careful using this option with multiple graphic adapters or with
+          drivers that have poor support for XRandR, unexpected things might
+          happen with those.
+        '';
+      };
+
+      moduleSection = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            SubSection "extmod"
+            EndSubsection
+          '';
+        description = "Contents of the Module section of the X server configuration file.";
+      };
+
+      serverLayoutSection = mkOption {
+        type = types.lines;
+        default = "";
+        example =
+          ''
+            Option "AIGLX" "true"
+          '';
+        description = "Contents of the ServerLayout section of the X server configuration file.";
+      };
+
+      extraDisplaySettings = mkOption {
+        type = types.lines;
+        default = "";
+        example = "Virtual 2048 2048";
+        description = "Lines to be added to every Display subsection of the Screen section.";
+      };
+
+      defaultDepth = mkOption {
+        type = types.int;
+        default = 0;
+        example = 8;
+        description = "Default colour depth.";
+      };
+
+      useXFS = mkOption {
+        # FIXME: what's the type of this option?
+        default = false;
+        example = "unix/:7100";
+        description = "Determines how to connect to the X Font Server.";
+      };
+
+      tty = mkOption {
+        type = types.int;
+        default = 7;
+        description = "Virtual console for the X server.";
+      };
+
+      display = mkOption {
+        type = types.int;
+        default = 0;
+        description = "Display number for the X server.";
+      };
+
+      virtualScreen = mkOption {
+        type = types.nullOr types.attrs;
+        default = null;
+        example = { x = 2048; y = 2048; };
+        description = ''
+          Virtual screen size for Xrandr.
+        '';
+      };
+
+    };
+
+  };
+
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    assertions =
+      [ { assertion = !(cfg.startOpenSSHAgent && cfg.startGnuPGAgent);
+          message =
+            ''
+              The OpenSSH agent and GnuPG agent cannot be started both.
+              Choose between `startOpenSSHAgent' and `startGnuPGAgent'.
+            '';
+        }
+        { assertion = config.security.polkit.enable;
+          message = "X11 requires Polkit to be enabled (‘security.polkit.enable = true’).";
+        }
+      ];
+
+    boot.extraModulePackages =
+      optional (elem "nvidia" driverNames) kernelPackages.nvidia_x11 ++
+      optional (elem "nvidiaLegacy96" driverNames) kernelPackages.nvidia_x11_legacy96 ++
+      optional (elem "nvidiaLegacy173" driverNames) kernelPackages.nvidia_x11_legacy173 ++
+      optional (elem "nvidiaLegacy304" driverNames) kernelPackages.nvidia_x11_legacy304 ++
+      optional (elem "virtualbox" driverNames) kernelPackages.virtualboxGuestAdditions ++
+      optional (elem "ati_unfree" driverNames) kernelPackages.ati_drivers_x11;
+
+    boot.blacklistedKernelModules =
+      optionals (elem "nvidia" driverNames) [ "nouveau" "nvidiafb" ];
+
+    environment.variables.LD_LIBRARY_PATH =
+      [ "/run/opengl-driver/lib" "/run/opengl-driver-32/lib" ]
+      ++ pkgs.lib.optional cfg.s3tcSupport "${pkgs.libtxc_dxtn}/lib"
+      ++ pkgs.lib.optional (cfg.s3tcSupport && cfg.driSupport32Bit) "${pkgs_i686.libtxc_dxtn}/lib";
+
+    environment.etc =
+      (optionals cfg.exportConfiguration
+        [ { source = "${configFile}";
+            target = "X11/xorg.conf";
+          }
+          # -xkbdir command line option does not seems to be passed to xkbcomp.
+          { source = "${pkgs.xkeyboard_config}/etc/X11/xkb";
+            target = "X11/xkb";
+          }
+        ])
+      ++ (optionals (elem "ati_unfree" driverNames) [
+
+          # according toiive on #ati you don't need the pcs, it is like registry... keeps old stuff to make your
+          # life harder ;) Still it seems to be required
+          { source = "${kernelPackages.ati_drivers_x11}/etc/ati";
+            target = "ati";
+          }
+      ])
+      ++ (optionals (elem "nvidia" driverNames) [
+
+          { source = "${kernelPackages.nvidia_x11}/lib/vendors/nvidia.icd";
+            target = "OpenCL/vendors/nvidia.icd";
+          }
+      ]);
+
+    environment.systemPackages =
+      [ xorg.xorgserver
+        xorg.xrandr
+        xorg.xrdb
+        xorg.setxkbmap
+        xorg.iceauth # required for KDE applications (it's called by dcopserver)
+        xorg.xlsclients
+        xorg.xset
+        xorg.xsetroot
+        xorg.xinput
+        xorg.xprop
+        pkgs.xterm
+        pkgs.xdg_utils
+      ]
+      ++ optional (elem "nvidia" driverNames) kernelPackages.nvidia_x11
+      ++ optional (elem "nvidiaLegacy96" driverNames) kernelPackages.nvidia_x11_legacy96
+      ++ optional (elem "nvidiaLegacy173" driverNames) kernelPackages.nvidia_x11_legacy173
+      ++ optional (elem "nvidiaLegacy304" driverNames) kernelPackages.nvidia_x11_legacy304
+      ++ optional (elem "virtualbox" driverNames) xorg.xrefresh
+      ++ optional (elem "ati_unfree" driverNames) kernelPackages.ati_drivers_x11;
+
+    environment.pathsToLink =
+      [ "/etc/xdg" "/share/xdg" "/share/applications" "/share/icons" "/share/pixmaps" ];
+
+    systemd.defaultUnit = mkIf cfg.autorun "graphical.target";
+
+    systemd.services."display-manager" =
+      { description = "X11 Server";
+
+        after = [ "systemd-udev-settle.service" "local-fs.target" ];
+
+        restartIfChanged = false;
+
+        environment =
+          { FONTCONFIG_FILE = "/etc/fonts/fonts.conf"; # !!! cleanup
+            XKB_BINDIR = "${xorg.xkbcomp}/bin"; # Needed for the Xkb extension.
+            XORG_DRI_DRIVER_PATH = "/run/opengl-driver/lib/dri"; # !!! Depends on the driver selected at runtime.
+          } // optionalAttrs (elem "nvidia" driverNames) {
+            LD_LIBRARY_PATH = "${xorg.libX11}/lib:${xorg.libXext}/lib:${kernelPackages.nvidia_x11}/lib";
+          } // optionalAttrs (elem "nvidiaLegacy96" driverNames) {
+            LD_LIBRARY_PATH = "${xorg.libX11}/lib:${xorg.libXext}/lib:${kernelPackages.nvidia_x11_legacy96}/lib";
+          } // optionalAttrs (elem "nvidiaLegacy173" driverNames) {
+            LD_LIBRARY_PATH = "${xorg.libX11}/lib:${xorg.libXext}/lib:${kernelPackages.nvidia_x11_legacy173}/lib";
+          } // optionalAttrs (elem "nvidiaLegacy304" driverNames) {
+            LD_LIBRARY_PATH = "${xorg.libX11}/lib:${xorg.libXext}/lib:${kernelPackages.nvidia_x11_legacy304}/lib";
+          } // optionalAttrs (elem "ati_unfree" driverNames) {
+            LD_LIBRARY_PATH = "${xorg.libX11}/lib:${xorg.libXext}/lib:${kernelPackages.ati_drivers_x11}/lib:${kernelPackages.ati_drivers_x11}/X11R6/lib64/modules/linux";
+            #XORG_DRI_DRIVER_PATH = "${kernelPackages.ati_drivers_x11}/lib/dri"; # is ignored because ati drivers ship their own unpatched libglx.so !
+          } // cfg.displayManager.job.environment;
+
+        preStart =
+          ''
+            rm -f /run/opengl-driver{,-32}
+            ${optionalString (!cfg.driSupport32Bit) "ln -sf opengl-driver /run/opengl-driver-32"}
+
+            ${# !!! The OpenGL driver depends on what's detected at runtime.
+              if elem "nvidia" driverNames then
+                ''
+                  ln -sf ${kernelPackages.nvidia_x11} /run/opengl-driver
+                  ${optionalString cfg.driSupport32Bit
+                    "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11.override { libsOnly = true; kernelDev = null; } } /run/opengl-driver-32"}
+                ''
+              else if elem "nvidiaLegacy96" driverNames then
+                "ln -sf ${kernelPackages.nvidia_x11_legacy96} /run/opengl-driver"
+              else if elem "nvidiaLegacy173" driverNames then
+                "ln -sf ${kernelPackages.nvidia_x11_legacy173} /run/opengl-driver"
+              else if elem "nvidiaLegacy304" driverNames then
+                ''
+                  ln -sf ${kernelPackages.nvidia_x11_legacy304} /run/opengl-driver
+                  ${optionalString cfg.driSupport32Bit
+                    "ln -sf ${pkgs_i686.linuxPackages.nvidia_x11_legacy304.override { libsOnly = true; kernelDev = null; } } /run/opengl-driver-32"}
+                ''
+              else if elem "ati_unfree" driverNames then
+                "ln -sf ${kernelPackages.ati_drivers_x11} /run/opengl-driver"
+              else
+                ''
+                  ${optionalString cfg.driSupport "ln -sf ${pkgs.mesa_drivers} /run/opengl-driver"}
+                  ${optionalString cfg.driSupport32Bit
+                    "ln -sf ${pkgs_i686.mesa_drivers} /run/opengl-driver-32"}
+                ''
+            }
+
+            ${cfg.displayManager.job.preStart}
+
+            rm -f /tmp/.X0-lock
+          '';
+
+        script = "${cfg.displayManager.job.execCmd}";
+
+        serviceConfig = {
+          Restart = "always";
+          RestartSec = "200ms";
+        };
+      };
+
+    services.xserver.displayManager.xserverArgs =
+      [ "-ac"
+        "-logverbose"
+        "-verbose"
+        "-terminate"
+        "-logfile" "/var/log/X.${toString cfg.display}.log"
+        "-config ${configFile}"
+        ":${toString cfg.display}" "vt${toString cfg.tty}"
+        "-xkbdir" "${pkgs.xkeyboard_config}/etc/X11/xkb"
+      ] ++ optional (!cfg.enableTCP) "-nolisten tcp";
+
+    services.xserver.modules =
+      concatLists (catAttrs "modules" drivers) ++
+      [ xorg.xorgserver
+        xorg.xf86inputevdev
+      ];
+
+    services.xserver.config =
+      ''
+        Section "ServerFlags"
+          Option "AllowMouseOpenFail" "on"
+        EndSection
+
+        Section "Module"
+          ${cfg.moduleSection}
+        EndSection
+
+        Section "Monitor"
+          Identifier "Monitor[0]"
+          ${cfg.monitorSection}
+        EndSection
+
+        Section "InputClass"
+          Identifier "Keyboard catchall"
+          MatchIsKeyboard "on"
+          Option "XkbRules" "base"
+          Option "XkbModel" "${cfg.xkbModel}"
+          Option "XkbLayout" "${cfg.layout}"
+          Option "XkbOptions" "${cfg.xkbOptions}"
+          Option "XkbVariant" "${cfg.xkbVariant}"
+        EndSection
+
+        Section "ServerLayout"
+          Identifier "Layout[all]"
+          ${cfg.serverLayoutSection}
+          # Reference the Screen sections for each driver.  This will
+          # cause the X server to try each in turn.
+          ${flip concatMapStrings drivers (d: ''
+            Screen "Screen-${d.name}[0]"
+          '')}
+        EndSection
+
+        # For each supported driver, add a "Device" and "Screen"
+        # section.
+        ${flip concatMapStrings drivers (driver: ''
+
+          Section "Device"
+            Identifier "Device-${driver.name}[0]"
+            Driver "${driver.driverName}"
+            ${cfg.deviceSection}
+            ${xrandrDeviceSection}
+          EndSection
+
+          Section "Screen"
+            Identifier "Screen-${driver.name}[0]"
+            Device "Device-${driver.name}[0]"
+            ${optionalString (cfg.monitorSection != "") ''
+              Monitor "Monitor[0]"
+            ''}
+
+            ${cfg.screenSection}
+
+            ${optionalString (cfg.defaultDepth != 0) ''
+              DefaultDepth ${toString cfg.defaultDepth}
+            ''}
+
+            ${optionalString (driver.name == "nvidia") ''
+              Option "RandRRotation" "on"
+            ''}
+
+            ${optionalString
+                (driver.name != "virtualbox" &&
+                 (cfg.resolutions != [] ||
+                  cfg.extraDisplaySettings != "" ||
+                  cfg.virtualScreen != null))
+              (let
+                f = depth:
+                  ''
+                    SubSection "Display"
+                      Depth ${toString depth}
+                      ${optionalString (cfg.resolutions != [])
+                        "Modes ${concatMapStrings (res: ''"${toString res.x}x${toString res.y}"'') cfg.resolutions}"}
+                      ${cfg.extraDisplaySettings}
+                      ${optionalString (cfg.virtualScreen != null)
+                        "Virtual ${toString cfg.virtualScreen.x} ${toString cfg.virtualScreen.y}"}
+                    EndSubSection
+                  '';
+              in concatMapStrings f [8 16 24]
+            )}
+
+          EndSection
+        '')}
+
+        ${xrandrMonitorSections}
+      '';
+
+  };
+
+}
+
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix
new file mode 100644
index 000000000000..e012c977164e
--- /dev/null
+++ b/nixos/modules/system/activation/activation-script.nix
@@ -0,0 +1,151 @@
+# generate the script used to activate the configuration.
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  addAttributeName = mapAttrs (a: v: v // {
+    text = ''
+      #### Activation script snippet ${a}:
+      ${v.text}
+    '';
+  });
+
+  path =
+    [ pkgs.coreutils pkgs.gnugrep pkgs.findutils
+      pkgs.glibc # needed for getent
+      pkgs.shadow
+      pkgs.nettools # needed for hostname
+    ];
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    system.activationScripts = mkOption {
+      default = {};
+
+      example = {
+        stdio = {
+          text = ''
+            # Needed by some programs.
+            ln -sfn /proc/self/fd /dev/fd
+            ln -sfn /proc/self/fd/0 /dev/stdin
+            ln -sfn /proc/self/fd/1 /dev/stdout
+            ln -sfn /proc/self/fd/2 /dev/stderr
+          '';
+          deps = [];
+        };
+      };
+
+      description = ''
+        A set of shell script fragments that are executed when a NixOS
+        system configuration is activated.  Examples are updating
+        /etc, creating accounts, and so on.  Since these are executed
+        every time you boot the system or run
+        <command>nixos-rebuild</command>, it's important that they are
+        idempotent and fast.
+      '';
+
+      type = types.attrsOf types.unspecified; # FIXME
+
+      apply = set: {
+        script =
+          ''
+            #! ${pkgs.stdenv.shell}
+
+            systemConfig=@out@
+
+            export PATH=/empty
+            for i in ${toString path}; do
+                PATH=$PATH:$i/bin:$i/sbin
+            done
+
+            # Ensure a consistent umask.
+            umask 0022
+
+            ${
+              let
+                set' = mapAttrs (n: v: if builtins.isString v then noDepEntry v else v) set;
+                withHeadlines = addAttributeName set';
+              in textClosureMap id (withHeadlines) (attrNames withHeadlines)
+            }
+
+            # Make this configuration the current configuration.
+            # The readlink is there to ensure that when $systemConfig = /system
+            # (which is a symlink to the store), /run/current-system is still
+            # used as a garbage collection root.
+            ln -sfn "$(readlink -f "$systemConfig")" /run/current-system
+
+            # Prevent the current configuration from being garbage-collected.
+            ln -sfn /run/current-system /nix/var/nix/gcroots/current-system
+          '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    system.activationScripts.stdio =
+      ''
+        # Needed by some programs.
+        ln -sfn /proc/self/fd /dev/fd
+        ln -sfn /proc/self/fd/0 /dev/stdin
+        ln -sfn /proc/self/fd/1 /dev/stdout
+        ln -sfn /proc/self/fd/2 /dev/stderr
+      '';
+
+    system.activationScripts.var =
+      ''
+        # Various log/runtime directories.
+
+        touch /var/run/utmp # must exist
+        chgrp ${toString config.ids.gids.utmp} /var/run/utmp
+        chmod 664 /var/run/utmp
+
+        mkdir -m 0755 -p /var/run/nix/current-load # for distributed builds
+        mkdir -m 0700 -p /var/run/nix/remote-stores
+
+        mkdir -m 0755 -p /var/log
+
+        touch /var/log/wtmp /var/log/lastlog # must exist
+        chmod 644 /var/log/wtmp /var/log/lastlog
+
+        mkdir -m 1777 -p /var/tmp
+
+        # Empty, read-only home directory of many system accounts.
+        mkdir -m 0555 -p /var/empty
+      '';
+
+    system.activationScripts.media =
+      ''
+        mkdir -m 0755 -p /media
+      '';
+
+    system.activationScripts.usrbinenv =
+      ''
+        mkdir -m 0755 -p /usr/bin
+        ln -sfn ${pkgs.coreutils}/bin/env /usr/bin/.env.tmp
+        mv /usr/bin/.env.tmp /usr/bin/env # atomically replace /usr/bin/env
+      '';
+
+    system.activationScripts.tmpfs =
+      ''
+        ${pkgs.utillinux}/bin/mount -o "remount,size=${config.boot.devSize}" none /dev
+        ${pkgs.utillinux}/bin/mount -o "remount,size=${config.boot.devShmSize}" none /dev/shm
+        ${pkgs.utillinux}/bin/mount -o "remount,size=${config.boot.runSize}" none /run
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/system/activation/no-clone.nix b/nixos/modules/system/activation/no-clone.nix
new file mode 100644
index 000000000000..c9ab691ce477
--- /dev/null
+++ b/nixos/modules/system/activation/no-clone.nix
@@ -0,0 +1,9 @@
+{pkgs, ...}:
+
+with pkgs.lib;
+
+{
+  boot.loader.grub.device = mkOverride 0 "nodev";
+  nesting.children = mkOverride 0 [];
+  nesting.clone = mkOverride 0 [];
+}
diff --git a/nixos/modules/system/activation/switch-to-configuration.pl b/nixos/modules/system/activation/switch-to-configuration.pl
new file mode 100644
index 000000000000..33ae3aef9fca
--- /dev/null
+++ b/nixos/modules/system/activation/switch-to-configuration.pl
@@ -0,0 +1,362 @@
+#! @perl@
+
+use strict;
+use warnings;
+use File::Basename;
+use File::Slurp;
+use Sys::Syslog qw(:standard :macros);
+use Cwd 'abs_path';
+
+my $out = "@out@";
+
+my $startListFile = "/run/systemd/start-list";
+my $restartListFile = "/run/systemd/restart-list";
+my $reloadListFile = "/run/systemd/reload-list";
+
+my $action = shift @ARGV;
+
+if (!defined $action || ($action ne "switch" && $action ne "boot" && $action ne "test")) {
+    print STDERR <<EOF;
+Usage: $0 [switch|boot|test]
+
+switch: make the configuration the boot default and activate now
+boot:   make the configuration the boot default
+test:   activate the configuration, but don\'t make it the boot default
+EOF
+    exit 1;
+}
+
+die "This is not a NixOS installation (/etc/NIXOS is missing)!\n" unless -f "/etc/NIXOS";
+
+openlog("nixos", "", LOG_USER);
+
+# Install or update the bootloader.
+if ($action eq "switch" || $action eq "boot") {
+    system("@installBootLoader@ $out") == 0 or exit 1;
+}
+
+# Just in case the new configuration hangs the system, do a sync now.
+system("@coreutils@/bin/sync") unless ($ENV{"NIXOS_NO_SYNC"} // "") eq "1";
+
+exit 0 if $action eq "boot";
+
+# Check if we can activate the new configuration.
+my $oldVersion = read_file("/run/current-system/init-interface-version", err_mode => 'quiet') // "";
+my $newVersion = read_file("$out/init-interface-version");
+
+if ($newVersion ne $oldVersion) {
+    print STDERR <<EOF;
+Warning: the new NixOS configuration has an ‘init’ that is
+incompatible with the current configuration.  The new configuration
+won\'t take effect until you reboot the system.
+EOF
+    exit 100;
+}
+
+syslog(LOG_NOTICE, "switching to system configuration $out");
+
+# Ignore SIGHUP so that we're not killed if we're running on (say)
+# virtual console 1 and we restart the "tty1" unit.
+$SIG{PIPE} = "IGNORE";
+
+sub getActiveUnits {
+    # FIXME: use D-Bus or whatever to query this, since parsing the
+    # output of list-units is likely to break.
+    my $lines = `@systemd@/bin/systemctl list-units --full`;
+    my $res = {};
+    foreach my $line (split '\n', $lines) {
+        chomp $line;
+        last if $line eq "";
+        $line =~ /^(\S+)\s+(\S+)\s+(\S+)\s+(\S+)\s/ or next;
+        next if $1 eq "UNIT";
+        $res->{$1} = { load => $2, state => $3, substate => $4 };
+    }
+    return $res;
+}
+
+sub parseFstab {
+    my ($filename) = @_;
+    my ($fss, $swaps);
+    foreach my $line (read_file($filename, err_mode => 'quiet')) {
+        chomp $line;
+        $line =~ s/^\s*#.*//;
+        next if $line =~ /^\s*$/;
+        my @xs = split / /, $line;
+        if ($xs[2] eq "swap") {
+            $swaps->{$xs[0]} = { options => $xs[3] // "" };
+        } else {
+            $fss->{$xs[1]} = { device => $xs[0], fsType => $xs[2], options => $xs[3] // "" };
+        }
+    }
+    return ($fss, $swaps);
+}
+
+sub parseUnit {
+    my ($filename) = @_;
+    my $info = {};
+    foreach my $line (read_file($filename)) {
+        # FIXME: not quite correct.
+        $line =~ /^([^=]+)=(.*)$/ or next;
+        $info->{$1} = $2;
+    }
+    return $info;
+}
+
+sub boolIsTrue {
+    my ($s) = @_;
+    return $s eq "yes" || $s eq "true";
+}
+
+# Stop all services that no longer exist or have changed in the new
+# configuration.
+my (@unitsToStop, @unitsToSkip);
+my $activePrev = getActiveUnits;
+while (my ($unit, $state) = each %{$activePrev}) {
+    my $baseUnit = $unit;
+
+    # Recognise template instances.
+    $baseUnit = "$1\@.$2" if $unit =~ /^(.*)@[^\.]*\.(.*)$/;
+    my $prevUnitFile = "/etc/systemd/system/$baseUnit";
+    my $newUnitFile = "$out/etc/systemd/system/$baseUnit";
+
+    my $baseName = $baseUnit;
+    $baseName =~ s/\.[a-z]*$//;
+
+    if (-e $prevUnitFile && ($state->{state} eq "active" || $state->{state} eq "activating")) {
+        if (! -e $newUnitFile) {
+            push @unitsToStop, $unit;
+        }
+
+        elsif ($unit =~ /\.target$/) {
+            my $unitInfo = parseUnit($newUnitFile);
+
+            # Cause all active target units to be restarted below.
+            # This should start most changed units we stop here as
+            # well as any new dependencies (including new mounts and
+            # swap devices).  FIXME: the suspend target is sometimes
+            # active after the system has resumed, which probably
+            # should not be the case.  Just ignore it.
+            if ($unit ne "suspend.target" && $unit ne "hibernate.target" && $unit ne "hybrid-sleep.target") {
+                unless (boolIsTrue($unitInfo->{'RefuseManualStart'} // "no")) {
+                    write_file($startListFile, { append => 1 }, "$unit\n");
+                }
+            }
+
+            # Stop targets that have X-StopOnReconfiguration set.
+            # This is necessary to respect dependency orderings
+            # involving targets: if unit X starts after target Y and
+            # target Y starts after unit Z, then if X and Z have both
+            # changed, then X should be restarted after Z.  However,
+            # if target Y is in the "active" state, X and Z will be
+            # restarted at the same time because X's dependency on Y
+            # is already satisfied.  Thus, we need to stop Y first.
+            # Stopping a target generally has no effect on other units
+            # (unless there is a PartOf dependency), so this is just a
+            # bookkeeping thing to get systemd to do the right thing.
+            if (boolIsTrue($unitInfo->{'X-StopOnReconfiguration'} // "no")) {
+                push @unitsToStop, $unit;
+            }
+        }
+
+        elsif (abs_path($prevUnitFile) ne abs_path($newUnitFile)) {
+            if ($unit eq "sysinit.target" || $unit eq "basic.target" || $unit eq "multi-user.target" || $unit eq "graphical.target") {
+                # Do nothing.  These cannot be restarted directly.
+            } elsif ($unit =~ /\.mount$/) {
+                # Reload the changed mount unit to force a remount.
+                write_file($reloadListFile, { append => 1 }, "$unit\n");
+            } elsif ($unit =~ /\.socket$/ || $unit =~ /\.path$/) {
+                # FIXME: do something?
+            } else {
+                my $unitInfo = parseUnit($newUnitFile);
+                if (!boolIsTrue($unitInfo->{'X-RestartIfChanged'} // "yes")) {
+                    push @unitsToSkip, $unit;
+                } else {
+                    # If this unit is socket-activated, then stop the
+                    # socket unit(s) as well, and restart the
+                    # socket(s) instead of the service.
+                    my $socketActivated = 0;
+                    if ($unit =~ /\.service$/) {
+                        my @sockets = split / /, ($unitInfo->{Sockets} // "");
+                        if (scalar @sockets == 0) {
+                            @sockets = ("$baseName.socket");
+                        }
+                        foreach my $socket (@sockets) {
+                            if (defined $activePrev->{$socket}) {
+                                push @unitsToStop, $socket;
+                                write_file($startListFile, { append => 1 }, "$socket\n");
+                                $socketActivated = 1;
+                            }
+                        }
+                    }
+
+                    if (!boolIsTrue($unitInfo->{'X-StopIfChanged'} // "yes")) {
+
+                        # This unit should be restarted instead of
+                        # stopped and started.
+                        write_file($restartListFile, { append => 1 }, "$unit\n");
+
+                    } else {
+
+                        # If the unit is not socket-activated, record
+                        # that this unit needs to be started below.
+                        # We write this to a file to ensure that the
+                        # service gets restarted if we're interrupted.
+                        if (!$socketActivated) {
+                            write_file($startListFile, { append => 1 }, "$unit\n");
+                        }
+
+                        push @unitsToStop, $unit;
+
+                    }
+                }
+            }
+        }
+    }
+}
+
+sub pathToUnitName {
+    my ($path) = @_;
+    die unless substr($path, 0, 1) eq "/";
+    return "-" if $path eq "/";
+    $path = substr($path, 1);
+    $path =~ s/\//-/g;
+    # FIXME: handle - and unprintable characters.
+    return $path;
+}
+
+sub unique {
+    my %seen;
+    my @res;
+    foreach my $name (@_) {
+        next if $seen{$name};
+        $seen{$name} = 1;
+        push @res, $name;
+    }
+    return @res;
+}
+
+# Compare the previous and new fstab to figure out which filesystems
+# need a remount or need to be unmounted.  New filesystems are mounted
+# automatically by starting local-fs.target.  FIXME: might be nicer if
+# we generated units for all mounts; then we could unify this with the
+# unit checking code above.
+my ($prevFss, $prevSwaps) = parseFstab "/etc/fstab";
+my ($newFss, $newSwaps) = parseFstab "$out/etc/fstab";
+foreach my $mountPoint (keys %$prevFss) {
+    my $prev = $prevFss->{$mountPoint};
+    my $new = $newFss->{$mountPoint};
+    my $unit = pathToUnitName($mountPoint) . ".mount";
+    if (!defined $new) {
+        # Filesystem entry disappeared, so unmount it.
+        push @unitsToStop, $unit;
+    } elsif ($prev->{fsType} ne $new->{fsType} || $prev->{device} ne $new->{device}) {
+        # Filesystem type or device changed, so unmount and mount it.
+        write_file($startListFile, { append => 1 }, "$unit\n");
+        push @unitsToStop, $unit;
+    } elsif ($prev->{options} ne $new->{options}) {
+        # Mount options changes, so remount it.
+        write_file($reloadListFile, { append => 1 }, "$unit\n");
+    }
+}
+
+# Also handles swap devices.
+foreach my $device (keys %$prevSwaps) {
+    my $prev = $prevSwaps->{$device};
+    my $new = $newSwaps->{$device};
+    if (!defined $new) {
+        # Swap entry disappeared, so turn it off.  Can't use
+        # "systemctl stop" here because systemd has lots of alias
+        # units that prevent a stop from actually calling
+        # "swapoff".
+        print STDERR "stopping swap device: $device\n";
+        system("@utillinux@/sbin/swapoff", $device);
+    }
+    # FIXME: update swap options (i.e. its priority).
+}
+
+if (scalar @unitsToStop > 0) {
+    @unitsToStop = unique(@unitsToStop);
+    print STDERR "stopping the following units: ", join(", ", sort(@unitsToStop)), "\n";
+    system("@systemd@/bin/systemctl", "stop", "--", @unitsToStop); # FIXME: ignore errors?
+}
+
+print STDERR "NOT restarting the following units: ", join(", ", sort(@unitsToSkip)), "\n"
+    if scalar @unitsToSkip > 0;
+
+# Activate the new configuration (i.e., update /etc, make accounts,
+# and so on).
+my $res = 0;
+print STDERR "activating the configuration...\n";
+system("$out/activate", "$out") == 0 or $res = 2;
+
+# Restart systemd if necessary.
+if (abs_path("/proc/1/exe") ne abs_path("@systemd@/lib/systemd/systemd")) {
+    print STDERR "restarting systemd...\n";
+    system("@systemd@/bin/systemctl", "daemon-reexec") == 0 or $res = 2;
+}
+
+# Forget about previously failed services.
+system("@systemd@/bin/systemctl", "reset-failed");
+
+# Make systemd reload its units.
+system("@systemd@/bin/systemctl", "daemon-reload") == 0 or $res = 3;
+
+# Restart changed services (those that have to be restarted rather
+# than stopped and started).
+my @restart = unique(split('\n', read_file($restartListFile, err_mode => 'quiet') // ""));
+if (scalar @restart > 0) {
+    print STDERR "restarting the following units: ", join(", ", sort(@restart)), "\n";
+    system("@systemd@/bin/systemctl", "restart", "--", @restart) == 0 or $res = 4;
+    unlink($restartListFile);
+}
+
+# Start all active targets, as well as changed units we stopped above.
+# The latter is necessary because some may not be dependencies of the
+# targets (i.e., they were manually started).  FIXME: detect units
+# that are symlinks to other units.  We shouldn't start both at the
+# same time because we'll get a "Failed to add path to set" error from
+# systemd.
+my @start = unique("default.target", "timers.target", split('\n', read_file($startListFile, err_mode => 'quiet') // ""));
+print STDERR "starting the following units: ", join(", ", sort(@start)), "\n";
+system("@systemd@/bin/systemctl", "start", "--", @start) == 0 or $res = 4;
+unlink($startListFile);
+
+# Reload units that need it.  This includes remounting changed mount
+# units.
+my @reload = unique(split '\n', read_file($reloadListFile, err_mode => 'quiet') // "");
+if (scalar @reload > 0) {
+    print STDERR "reloading the following units: ", join(", ", sort(@reload)), "\n";
+    system("@systemd@/bin/systemctl", "reload", "--", @reload) == 0 or $res = 4;
+    unlink($reloadListFile);
+}
+
+# Signal dbus to reload its configuration.
+system("@systemd@/bin/systemctl", "reload", "dbus.service");
+
+# Print failed and new units.
+my (@failed, @new, @restarting);
+my $activeNew = getActiveUnits;
+while (my ($unit, $state) = each %{$activeNew}) {
+    push @failed, $unit if $state->{state} eq "failed" || $state->{substate} eq "auto-restart";
+    push @new, $unit if $state->{state} ne "failed" && !defined $activePrev->{$unit};
+}
+
+print STDERR "the following new units were started: ", join(", ", sort(@new)), "\n"
+    if scalar @new > 0;
+
+if (scalar @failed > 0) {
+    print STDERR "warning: the following units failed: ", join(", ", sort(@failed)), "\n";
+    foreach my $unit (@failed) {
+        print STDERR "\n";
+        system("COLUMNS=1000 @systemd@/bin/systemctl status --no-pager '$unit' >&2");
+    }
+    $res = 4;
+}
+
+if ($res == 0) {
+    syslog(LOG_NOTICE, "finished switching to system configuration $out");
+} else {
+    syslog(LOG_ERR, "switching to system configuration $out failed (status $res)");
+}
+
+exit $res;
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix
new file mode 100644
index 000000000000..ada961316755
--- /dev/null
+++ b/nixos/modules/system/activation/top-level.nix
@@ -0,0 +1,188 @@
+{ config, pkgs, modules, baseModules, ... }:
+
+with pkgs.lib;
+
+let
+
+
+  # This attribute is responsible for creating boot entries for
+  # child configuration. They are only (directly) accessible
+  # when the parent configuration is boot default. For example,
+  # you can provide an easy way to boot the same configuration
+  # as you use, but with another kernel
+  # !!! fix this
+  cloner = inheritParent: list: with pkgs.lib;
+    map (childConfig:
+      (import ../../../lib/eval-config.nix {
+        inherit baseModules;
+        modules =
+           (optionals inheritParent modules)
+        ++ [ ./no-clone.nix ]
+        ++ [ childConfig ];
+      }).config.system.build.toplevel
+    ) list;
+
+  children =
+     cloner false config.nesting.children
+  ++ cloner true config.nesting.clone;
+
+
+  systemBuilder =
+    let
+      kernelPath = "${config.boot.kernelPackages.kernel}/" +
+        "${config.system.boot.loader.kernelFile}";
+    in ''
+      mkdir $out
+
+      if [ ! -f ${kernelPath} ]; then
+        echo "The bootloader cannot find the proper kernel image."
+        echo "(Expecting ${kernelPath})"
+        false
+      fi
+
+      ln -s ${kernelPath} $out/kernel
+      ln -s ${config.system.modulesTree} $out/kernel-modules
+
+      ln -s ${config.system.build.initialRamdisk}/initrd $out/initrd
+
+      echo "$activationScript" > $out/activate
+      substituteInPlace $out/activate --subst-var out
+      chmod u+x $out/activate
+      unset activationScript
+
+      cp ${config.system.build.bootStage2} $out/init
+      substituteInPlace $out/init --subst-var-by systemConfig $out
+
+      ln -s ${config.system.build.etc}/etc $out/etc
+      ln -s ${config.system.path} $out/sw
+      ln -s "$systemd" $out/systemd
+      ln -s ${config.hardware.firmware} $out/firmware
+
+      echo -n "$kernelParams" > $out/kernel-params
+      echo -n "$configurationName" > $out/configuration-name
+      echo -n "systemd ${toString config.systemd.package.interfaceVersion}" > $out/init-interface-version
+      echo -n "$nixosVersion" > $out/nixos-version
+
+      mkdir $out/fine-tune
+      childCount=0
+      for i in $children; do
+        childCount=$(( childCount + 1 ))
+        ln -s $i $out/fine-tune/child-$childCount
+      done
+
+      mkdir $out/bin
+      substituteAll ${./switch-to-configuration.pl} $out/bin/switch-to-configuration
+      chmod +x $out/bin/switch-to-configuration
+
+      ${config.system.extraSystemBuilderCmds}
+    '';
+
+
+  # Putting it all together.  This builds a store path containing
+  # symlinks to the various parts of the built configuration (the
+  # kernel, systemd units, init scripts, etc.) as well as a script
+  # `switch-to-configuration' that activates the configuration and
+  # makes it bootable.
+  system = pkgs.stdenv.mkDerivation {
+    name = "nixos-${config.system.nixosVersion}";
+    preferLocalBuild = true;
+    buildCommand = systemBuilder;
+
+    inherit (pkgs) utillinux coreutils;
+    systemd = config.systemd.package;
+
+    inherit children;
+    kernelParams = config.boot.kernelParams;
+    installBootLoader =
+      config.system.build.installBootLoader
+      or "echo 'Warning: do not know how to make this configuration bootable; please enable a boot loader.' 1>&2; true";
+    activationScript = config.system.activationScripts.script;
+    nixosVersion = config.system.nixosVersion;
+
+    configurationName = config.boot.loader.grub.configurationName;
+
+    # Needed by switch-to-configuration.
+    perl = "${pkgs.perl}/bin/perl -I${pkgs.perlPackages.FileSlurp}/lib/perl5/site_perl";
+  };
+
+
+in
+
+{
+  options = {
+
+    system.build = mkOption {
+      internal = true;
+      default = {};
+      description = ''
+        Attribute set of derivations used to setup the system.
+      '';
+    };
+
+    nesting.children = mkOption {
+      default = [];
+      description = ''
+        Additional configurations to build.
+      '';
+    };
+
+    nesting.clone = mkOption {
+      default = [];
+      description = ''
+        Additional configurations to build based on the current
+        configuration which is has a lower priority.
+      '';
+    };
+
+    system.boot.loader.id = mkOption {
+      internal = true;
+      default = "";
+      description = ''
+        Id string of the used bootloader.
+      '';
+    };
+
+    system.boot.loader.kernelFile = mkOption {
+      internal = true;
+      default = pkgs.stdenv.platform.kernelTarget;
+      type = types.str;
+      description = ''
+        Name of the kernel file to be passed to the bootloader.
+      '';
+    };
+
+    system.copySystemConfiguration = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        If enabled, copies the NixOS configuration file
+        <literal>$NIXOS_CONFIG</literal> (usually
+        <filename>/etc/nixos/configuration.nix</filename>)
+        to the system store path.
+      '';
+    };
+
+    system.extraSystemBuilderCmds = mkOption {
+      type = types.lines;
+      internal = true;
+      default = "";
+      description = ''
+        This code will be added to the builder creating the system store path.
+      '';
+    };
+
+  };
+
+
+  config = {
+
+    system.extraSystemBuilderCmds =
+      optionalString
+        config.system.copySystemConfiguration
+        "cp ${maybeEnv "NIXOS_CONFIG" "/etc/nixos/configuration.nix"} $out";
+
+    system.build.toplevel = system;
+
+  };
+
+}
diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix
new file mode 100644
index 000000000000..006909fbd0c8
--- /dev/null
+++ b/nixos/modules/system/boot/kernel.nix
@@ -0,0 +1,300 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  kernel = config.boot.kernelPackages.kernel;
+
+  kernelModulesConf = pkgs.writeText "nixos.conf"
+    ''
+      ${concatStringsSep "\n" config.boot.kernelModules}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    boot.kernelPackages = mkOption {
+      default = pkgs.linuxPackages;
+      # We don't want to evaluate all of linuxPackages for the manual
+      # - some of it might not even evaluate correctly.
+      defaultText = "pkgs.linuxPackages";
+      example = literalExample "pkgs.linuxPackages_2_6_25";
+      description = ''
+        This option allows you to override the Linux kernel used by
+        NixOS.  Since things like external kernel module packages are
+        tied to the kernel you're using, it also overrides those.
+        This option is a function that takes Nixpkgs as an argument
+        (as a convenience), and returns an attribute set containing at
+        the very least an attribute <varname>kernel</varname>.
+        Additional attributes may be needed depending on your
+        configuration.  For instance, if you use the NVIDIA X driver,
+        then it also needs to contain an attribute
+        <varname>nvidia_x11</varname>.
+      '';
+    };
+
+    boot.kernelParams = mkOption {
+      type = types.listOf types.str;
+      default = [ ];
+      description = "Parameters added to the kernel command line.";
+    };
+
+    boot.consoleLogLevel = mkOption {
+      type = types.int;
+      default = 4;
+      description = ''
+        The kernel console log level.  Only log messages with a
+        priority numerically less than this will appear on the
+        console.
+      '';
+    };
+
+    boot.vesa = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to activate VESA video mode on boot.
+      '';
+    };
+
+    boot.extraModulePackages = mkOption {
+      type = types.listOf types.path;
+      default = [];
+      example = literalExample "[ pkgs.linuxPackages.nvidia_x11 ]";
+      description = "A list of additional packages supplying kernel modules.";
+    };
+
+    boot.kernelModules = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = ''
+        The set of kernel modules to be loaded in the second stage of
+        the boot process.  Note that modules that are needed to
+        mount the root file system should be added to
+        <option>boot.initrd.availableKernelModules</option> or
+        <option>boot.initrd.kernelModules</option>.
+      '';
+    };
+
+    boot.initrd.availableKernelModules = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [ "sata_nv" "ext3" ];
+      description = ''
+        The set of kernel modules in the initial ramdisk used during the
+        boot process.  This set must include all modules necessary for
+        mounting the root device.  That is, it should include modules
+        for the physical device (e.g., SCSI drivers) and for the file
+        system (e.g., ext3).  The set specified here is automatically
+        closed under the module dependency relation, i.e., all
+        dependencies of the modules list here are included
+        automatically.  The modules listed here are available in the
+        initrd, but are only loaded on demand (e.g., the ext3 module is
+        loaded automatically when an ext3 filesystem is mounted, and
+        modules for PCI devices are loaded when they match the PCI ID
+        of a device in your system).  To force a module to be loaded,
+        include it in <option>boot.initrd.kernelModules</option>.
+      '';
+    };
+
+    boot.initrd.kernelModules = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      description = "List of modules that are always loaded by the initrd.";
+    };
+
+    system.modulesTree = mkOption {
+      type = types.listOf types.path;
+      internal = true;
+      default = [];
+      description = ''
+        Tree of kernel modules.  This includes the kernel, plus modules
+        built outside of the kernel.  Combine these into a single tree of
+        symlinks because modprobe only supports one directory.
+      '';
+      # Convert the list of path to only one path.
+      apply = pkgs.aggregateModules;
+    };
+
+    system.requiredKernelConfig = mkOption {
+      default = [];
+      example = literalExample ''
+        with config.lib.kernelConfig; [
+          (isYes "MODULES")
+          (isEnabled "FB_CON_DECOR")
+          (isEnabled "BLK_DEV_INITRD")
+        ]
+      '';
+      internal = true;
+      type = types.listOf types.attrs;
+      description = ''
+        This option allows modules to specify the kernel config options that
+        must be set (or unset) for the module to work. Please use the
+        lib.kernelConfig functions to build list elements.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    system.build = { inherit kernel; };
+
+    system.modulesTree = [ kernel ] ++ config.boot.extraModulePackages;
+
+    # Implement consoleLogLevel both in early boot and using sysctl
+    # (so you don't need to reboot to have changes take effect).
+    boot.kernelParams =
+      [ "loglevel=${toString config.boot.consoleLogLevel}" ] ++
+      optionals config.boot.vesa [ "vga=0x317" ];
+
+    boot.kernel.sysctl."kernel.printk" = config.boot.consoleLogLevel;
+
+    boot.kernelModules = [ "loop" ];
+
+    boot.initrd.availableKernelModules =
+      [ # Note: most of these (especially the SATA/PATA modules)
+        # shouldn't be included by default since nixos-hardware-scan
+        # detects them, but I'm keeping them for now for backwards
+        # compatibility.
+
+        # Some SATA/PATA stuff.
+        "ahci"
+        "sata_nv"
+        "sata_via"
+        "sata_sis"
+        "sata_uli"
+        "ata_piix"
+        "pata_marvell"
+
+        # Standard SCSI stuff.
+        "sd_mod"
+        "sr_mod"
+
+        # Standard IDE stuff.
+        "ide_cd"
+        "ide_disk"
+        "ide_generic"
+
+        # Support USB keyboards, in case the boot fails and we only have
+        # a USB keyboard.
+        "uhci_hcd"
+        "ehci_hcd"
+        "ehci_pci"
+        "ohci_hcd"
+        "xhci_hcd"
+        "usbhid"
+        "hid_generic"
+
+        # Unix domain sockets (needed by udev).
+        "unix"
+
+        # Misc. stuff.
+        "pcips2" "xtkbd"
+
+        # To wait for SCSI devices to appear.
+        "scsi_wait_scan"
+      ];
+
+    boot.initrd.kernelModules =
+      [ # For LVM.
+        "dm_mod"
+      ];
+
+    # The Linux kernel >= 2.6.27 provides firmware.
+    hardware.firmware = [ "${kernel}/lib/firmware" ];
+
+    # Create /etc/modules-load.d/nixos.conf, which is read by
+    # systemd-modules-load.service to load required kernel modules.
+    # FIXME: ensure that systemd-modules-load.service is restarted if
+    # this file changes.
+    environment.etc = singleton
+      { target = "modules-load.d/nixos.conf";
+        source = kernelModulesConf;
+      };
+
+    # Sigh.  This overrides systemd's systemd-modules-load.service
+    # just so we can set a restart trigger.  Also make
+    # multi-user.target pull it in so that it gets started if it
+    # failed earlier.
+    systemd.services."systemd-modules-load" =
+      { description = "Load Kernel Modules";
+        wantedBy = [ "sysinit.target" "multi-user.target" ];
+        before = [ "sysinit.target" "shutdown.target" ];
+        unitConfig =
+          { DefaultDependencies = "no";
+            Conflicts = "shutdown.target";
+          };
+        serviceConfig =
+          { Type = "oneshot";
+            RemainAfterExit = true;
+            ExecStart = "${config.systemd.package}/lib/systemd/systemd-modules-load";
+            # Ignore failed module loads.  Typically some of the
+            # modules in ‘boot.kernelModules’ are "nice to have but
+            # not required" (e.g. acpi-cpufreq), so we don't want to
+            # barf on those.
+            SuccessExitStatus = "0 1";
+          };
+        restartTriggers = [ kernelModulesConf ];
+      };
+
+    lib.kernelConfig = {
+      isYes = option: {
+        assertion = config: config.isYes option;
+        message = "CONFIG_${option} is not yes!";
+        configLine = "CONFIG_${option}=y";
+      };
+
+      isNo = option: {
+        assertion = config: config.isNo option;
+        message = "CONFIG_${option} is not no!";
+        configLine = "CONFIG_${option}=n";
+      };
+
+      isModule = option: {
+        assertion = config: config.isModule option;
+        message = "CONFIG_${option} is not built as a module!";
+        configLine = "CONFIG_${option}=m";
+      };
+
+      ### Usually you will just want to use these two
+      # True if yes or module
+      isEnabled = option: {
+        assertion = config: config.isEnabled option;
+        message = "CONFIG_${option} is not enabled!";
+        configLine = "CONFIG_${option}=y";
+      };
+
+      # True if no or omitted
+      isDisabled = option: {
+        assertion = config: config.isDisabled option;
+        message = "CONFIG_${option} is not disabled!";
+        configLine = "CONFIG_${option}=n";
+      };
+    };
+
+    # The config options that all modules can depend upon
+    system.requiredKernelConfig = with config.lib.kernelConfig; [
+      # !!! Should this really be needed?
+      (isYes "MODULES")
+      (isYes "BINFMT_ELF")
+    ];
+
+    # nixpkgs kernels are assumed to have all required features
+    assertions = if config.boot.kernelPackages.kernel ? features then [] else
+      let cfg = config.boot.kernelPackages.kernel.config; in map (attrs:
+        { assertion = attrs.assertion cfg; inherit (attrs) message; }
+      ) config.system.requiredKernelConfig;
+
+  };
+
+}
diff --git a/nixos/modules/system/boot/kexec.nix b/nixos/modules/system/boot/kexec.nix
new file mode 100644
index 000000000000..b7821f9509f1
--- /dev/null
+++ b/nixos/modules/system/boot/kexec.nix
@@ -0,0 +1,21 @@
+{ config, pkgs, ... }:
+
+{
+  environment.systemPackages = [ pkgs.kexectools ];
+
+  systemd.services."prepare-kexec" =
+    { description = "Preparation for kexec";
+      wantedBy = [ "kexec.target" ];
+      before = [ "systemd-kexec.service" ];
+      unitConfig.DefaultDependencies = false;
+      serviceConfig.Type = "oneshot";
+      path = [ pkgs.kexectools ];
+      script =
+        ''
+          p=$(readlink -f /nix/var/nix/profiles/system)
+          if ! [ -d $p ]; then exit 1; fi
+          exec kexec --load $p/kernel --initrd=$p/initrd --append="$(cat $p/kernel-params) init=$p/init"
+        '';
+    };
+
+}
\ No newline at end of file
diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix
new file mode 100644
index 000000000000..7e739173f9a3
--- /dev/null
+++ b/nixos/modules/system/boot/loader/efi.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options.boot.loader.efi = {
+    canTouchEfiVariables = mkOption {
+      default = false;
+
+      type = types.bool;
+
+      description = "Whether or not the installation process should modify efi boot variables.";
+    };
+
+    efiSysMountPoint = mkOption {
+      default = "/boot";
+
+      type = types.string;
+
+      description = "Where the EFI System Partition is mounted.";
+    };
+  };
+}
diff --git a/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh b/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh
new file mode 100644
index 000000000000..e723b9eb7cb3
--- /dev/null
+++ b/nixos/modules/system/boot/loader/generations-dir/generations-dir-builder.sh
@@ -0,0 +1,106 @@
+#! @bash@/bin/sh -e
+
+shopt -s nullglob
+
+export PATH=/empty
+for i in @path@; do PATH=$PATH:$i/bin; done
+
+default=$1
+if test -z "$1"; then
+    echo "Syntax: generations-dir-builder.sh <DEFAULT-CONFIG>"
+    exit 1
+fi
+
+echo "updating the boot generations directory..."
+
+mkdir -p /boot
+
+rm -Rf /boot/system* || true
+
+target=/boot/grub/menu.lst
+tmp=$target.tmp
+
+# Convert a path to a file in the Nix store such as
+# /nix/store/<hash>-<name>/file to <hash>-<name>-<file>.
+cleanName() {
+    local path="$1"
+    echo "$path" | sed 's|^/nix/store/||' | sed 's|/|-|g'
+}
+
+# Copy a file from the Nix store to /boot/kernels.
+declare -A filesCopied
+
+copyToKernelsDir() {
+    local src="$1"
+    local dst="/boot/kernels/$(cleanName $src)"
+    # Don't copy the file if $dst already exists.  This means that we
+    # have to create $dst atomically to prevent partially copied
+    # kernels or initrd if this script is ever interrupted.
+    if ! test -e $dst; then
+        local dstTmp=$dst.tmp.$$
+        cp $src $dstTmp
+        mv $dstTmp $dst
+    fi
+    filesCopied[$dst]=1
+    result=$dst
+}
+
+
+# Copy its kernel and initrd to /boot/kernels.
+addEntry() {
+    local path="$1"
+    local generation="$2"
+    local outdir=/boot/system-$generation
+
+    if ! test -e $path/kernel -a -e $path/initrd; then
+        return
+    fi
+
+    local kernel=$(readlink -f $path/kernel)
+    local initrd=$(readlink -f $path/initrd)
+
+    if test -n "@copyKernels@"; then
+        copyToKernelsDir $kernel; kernel=$result
+        copyToKernelsDir $initrd; initrd=$result
+    fi
+    
+    mkdir -p $outdir
+    ln -sf $(readlink -f $path) $outdir/system
+    ln -sf $(readlink -f $path/init) $outdir/init
+    ln -sf $initrd $outdir/initrd
+    ln -sf $kernel $outdir/kernel
+
+    if test $(readlink -f "$path") = "$default"; then
+      cp "$kernel" /boot/nixos-kernel
+      cp "$initrd" /boot/nixos-initrd
+      cp "$(readlink -f "$path/init")" /boot/nixos-init
+
+      mkdir -p /boot/default
+      # ln -sfT: overrides target even if it exists.
+      ln -sfT $(readlink -f $path) /boot/default/system
+      ln -sfT $(readlink -f $path/init) /boot/default/init
+      ln -sfT $initrd /boot/default/initrd
+      ln -sfT $kernel /boot/default/kernel
+    fi
+}
+
+if test -n "@copyKernels@"; then
+    mkdir -p /boot/kernels
+fi
+
+# Add all generations of the system profile to the menu, in reverse
+# (most recent to least recent) order.
+for generation in $(
+    (cd /nix/var/nix/profiles && ls -d system-*-link) \
+    | sed 's/system-\([0-9]\+\)-link/\1/' \
+    | sort -n -r); do
+    link=/nix/var/nix/profiles/system-$generation-link
+    addEntry $link $generation
+done
+
+# Remove obsolete files from /boot/kernels.
+for fn in /boot/kernels/*; do
+    if ! test "${filesCopied[$fn]}" = 1; then
+        rm -vf -- "$fn"
+    fi
+done
diff --git a/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix
new file mode 100644
index 000000000000..9855c8c19dd0
--- /dev/null
+++ b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix
@@ -0,0 +1,63 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  generationsDirBuilder = pkgs.substituteAll {
+    src = ./generations-dir-builder.sh;
+    isExecutable = true;
+    inherit (pkgs) bash;
+    path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
+    inherit (config.boot.loader.generationsDir) copyKernels;
+  };
+
+  # Temporary check, for nixos to cope both with nixpkgs stdenv-updates and trunk
+  platform = pkgs.stdenv.platform;
+
+in
+
+{
+  options = {
+
+    boot.loader.generationsDir = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Whether to create symlinks to the system generations under
+          <literal>/boot</literal>.  When enabled,
+          <literal>/boot/default/kernel</literal>,
+          <literal>/boot/default/initrd</literal>, etc., are updated to
+          point to the current generation's kernel image, initial RAM
+          disk, and other bootstrap files.
+
+          This optional is not necessary with boot loaders such as GNU GRUB
+          for which the menu is updated to point to the latest bootstrap
+          files.  However, it is needed for U-Boot on platforms where the
+          boot command line is stored in flash memory rather than in a
+          menu file.
+        '';
+      };
+
+      copyKernels = mkOption {
+        default = false;
+        description = "
+          Whether copy the necessary boot files into /boot, so
+          /nix/store is not needed by the boot loader.
+        ";
+      };
+
+    };
+
+  };
+
+
+  config = mkIf config.boot.loader.generationsDir.enable {
+
+    system.build.installBootLoader = generationsDirBuilder;
+    system.boot.loader.id = "generationsDir";
+    system.boot.loader.kernelFile = platform.kernelTarget;
+
+  };
+}
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix
new file mode 100644
index 000000000000..8b3923e30a05
--- /dev/null
+++ b/nixos/modules/system/boot/loader/grub/grub.nix
@@ -0,0 +1,261 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.boot.loader.grub;
+
+  realGrub = if cfg.version == 1 then pkgs.grub else pkgs.grub2;
+
+  grub =
+    # Don't include GRUB if we're only generating a GRUB menu (e.g.,
+    # in EC2 instances).
+    if cfg.devices == ["nodev"]
+    then null
+    else realGrub;
+
+  f = x: if x == null then "" else "" + x;
+
+  grubConfig = pkgs.writeText "grub-config.xml" (builtins.toXML
+    { splashImage = f config.boot.loader.grub.splashImage;
+      grub = f grub;
+      shell = "${pkgs.stdenv.shell}";
+      fullVersion = (builtins.parseDrvName realGrub.name).version;
+      inherit (cfg)
+        version extraConfig extraPerEntryConfig extraEntries
+        extraEntriesBeforeNixOS extraPrepareConfig configurationLimit copyKernels timeout
+        default devices;
+      path = (makeSearchPath "bin" [
+        pkgs.coreutils pkgs.gnused pkgs.gnugrep pkgs.findutils pkgs.diffutils
+      ]) + ":" + (makeSearchPath "sbin" [
+        pkgs.mdadm
+      ]);
+    });
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    boot.loader.grub = {
+
+      enable = mkOption {
+        default = true;
+        type = types.bool;
+        description = ''
+          Whether to enable the GNU GRUB boot loader.
+        '';
+      };
+
+      version = mkOption {
+        default = 2;
+        example = 1;
+        type = types.int;
+        description = ''
+          The version of GRUB to use: <literal>1</literal> for GRUB
+          Legacy (versions 0.9x), or <literal>2</literal> (the
+          default) for GRUB 2.
+        '';
+      };
+
+      device = mkOption {
+        default = "";
+        example = "/dev/hda";
+        type = types.str;
+        description = ''
+          The device on which the GRUB boot loader will be installed.
+          The special value <literal>nodev</literal> means that a GRUB
+          boot menu will be generated, but GRUB itself will not
+          actually be installed.  To install GRUB on multiple devices,
+          use <literal>boot.loader.grub.devices</literal>.
+        '';
+      };
+
+      devices = mkOption {
+        default = [];
+        example = [ "/dev/hda" ];
+        type = types.listOf types.str;
+        description = ''
+          The devices on which the boot loader, GRUB, will be
+          installed. Can be used instead of <literal>device</literal> to
+          install grub into multiple devices (e.g., if as softraid arrays holding /boot).
+        '';
+      };
+
+      configurationName = mkOption {
+        default = "";
+        example = "Stable 2.6.21";
+        type = types.str;
+        description = ''
+          GRUB entry name instead of default.
+        '';
+      };
+
+      extraPrepareConfig = mkOption {
+        default = "";
+        type = types.lines;
+        description = ''
+          Additional bash commands to be run at the script that
+          prepares the grub menu entries.
+        '';
+      };
+
+      extraConfig = mkOption {
+        default = "";
+        example = "serial; terminal_output.serial";
+        type = types.lines;
+        description = ''
+          Additional GRUB commands inserted in the configuration file
+          just before the menu entries.
+        '';
+      };
+
+      extraPerEntryConfig = mkOption {
+        default = "";
+        example = "root (hd0)";
+        type = types.lines;
+        description = ''
+          Additional GRUB commands inserted in the configuration file
+          at the start of each NixOS menu entry.
+        '';
+      };
+
+      extraEntries = mkOption {
+        default = "";
+        type = types.lines;
+        example = ''
+          # GRUB 1 example (not GRUB 2 compatible)
+          title Windows
+            chainloader (hd0,1)+1
+
+          # GRUB 2 example
+          menuentry "Windows7" {
+            title Windows7
+            insmod ntfs
+            set root='(hd1,1)'
+            chainloader +1
+          }
+        '';
+        description = ''
+          Any additional entries you want added to the GRUB boot menu.
+        '';
+      };
+
+      extraEntriesBeforeNixOS = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether extraEntries are included before the default option.
+        '';
+      };
+
+      extraFiles = mkOption {
+        default = {};
+        example = literalExample ''
+          { "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; }
+        '';
+        description = ''
+          A set of files to be copied to <filename>/boot</filename>.
+          Each attribute name denotes the destination file name in
+          <filename>/boot</filename>, while the corresponding
+          attribute value specifies the source file.
+        '';
+      };
+
+      splashImage = mkOption {
+        example = literalExample "./my-background.png";
+        description = ''
+          Background image used for GRUB.  It must be a 640x480,
+          14-colour image in XPM format, optionally compressed with
+          <command>gzip</command> or <command>bzip2</command>.  Set to
+          <literal>null</literal> to run GRUB in text mode.
+        '';
+      };
+
+      configurationLimit = mkOption {
+        default = 100;
+        example = 120;
+        type = types.int;
+        description = ''
+          Maximum of configurations in boot menu. GRUB has problems when
+          there are too many entries.
+        '';
+      };
+
+      copyKernels = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether the GRUB menu builder should copy kernels and initial
+          ramdisks to /boot.  This is done automatically if /boot is
+          on a different partition than /.
+        '';
+      };
+
+      timeout = mkOption {
+        default = 5;
+        type = types.int;
+        description = ''
+          Timeout (in seconds) until GRUB boots the default menu item.
+        '';
+      };
+
+      default = mkOption {
+        default = 0;
+        type = types.int;
+        description = ''
+          Index of the default menu item to be booted.
+        '';
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkMerge [
+
+    { boot.loader.grub.splashImage = mkDefault (
+        if cfg.version == 1 then pkgs.fetchurl {
+          url = http://www.gnome-look.org/CONTENT/content-files/36909-soft-tux.xpm.gz;
+          sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59";
+        }
+        # GRUB 1.97 doesn't support gzipped XPMs.
+        else ./winkler-gnu-blue-640x480.png);
+    }
+
+    (mkIf cfg.enable {
+
+      boot.loader.grub.devices = optional (cfg.device != "") cfg.device;
+
+      system.build.installBootLoader =
+        if cfg.devices == [] then
+          throw "You must set the option ‘boot.loader.grub.device’ to make the system bootable."
+        else
+          "PERL5LIB=${makePerlPath [ pkgs.perlPackages.XMLLibXML pkgs.perlPackages.XMLSAX ]} " +
+          "${pkgs.perl}/bin/perl ${./install-grub.pl} ${grubConfig}";
+
+      system.build.grub = grub;
+
+      # Common attribute for boot loaders so only one of them can be
+      # set at once.
+      system.boot.loader.id = "grub";
+
+      environment.systemPackages = optional (grub != null) grub;
+
+      boot.loader.grub.extraPrepareConfig =
+        concatStrings (mapAttrsToList (n: v: ''
+          ${pkgs.coreutils}/bin/cp -pf "${v}" "/boot/${n}"
+        '') config.boot.loader.grub.extraFiles);
+
+    })
+
+  ];
+
+}
diff --git a/nixos/modules/system/boot/loader/grub/install-grub.pl b/nixos/modules/system/boot/loader/grub/install-grub.pl
new file mode 100644
index 000000000000..a83733db63b0
--- /dev/null
+++ b/nixos/modules/system/boot/loader/grub/install-grub.pl
@@ -0,0 +1,265 @@
+use strict;
+use warnings;
+use XML::LibXML;
+use File::Basename;
+use File::Path;
+use File::stat;
+use File::Copy;
+use POSIX;
+use Cwd;
+
+my $defaultConfig = $ARGV[1] or die;
+
+my $dom = XML::LibXML->load_xml(location => $ARGV[0]);
+
+sub get { my ($name) = @_; return $dom->findvalue("/expr/attrs/attr[\@name = '$name']/*/\@value"); }
+
+sub readFile {
+    my ($fn) = @_; local $/ = undef;
+    open FILE, "<$fn" or return undef; my $s = <FILE>; close FILE;
+    local $/ = "\n"; chomp $s; return $s;
+}
+
+sub writeFile {
+    my ($fn, $s) = @_;
+    open FILE, ">$fn" or die "cannot create $fn: $!\n";
+    print FILE $s or die;
+    close FILE or die;
+}
+
+my $grub = get("grub");
+my $grubVersion = int(get("version"));
+my $extraConfig = get("extraConfig");
+my $extraPrepareConfig = get("extraPrepareConfig");
+my $extraPerEntryConfig = get("extraPerEntryConfig");
+my $extraEntries = get("extraEntries");
+my $extraEntriesBeforeNixOS = get("extraEntriesBeforeNixOS") eq "true";
+my $splashImage = get("splashImage");
+my $configurationLimit = int(get("configurationLimit"));
+my $copyKernels = get("copyKernels") eq "true";
+my $timeout = int(get("timeout"));
+my $defaultEntry = int(get("default"));
+$ENV{'PATH'} = get("path");
+
+die "unsupported GRUB version\n" if $grubVersion != 1 && $grubVersion != 2;
+
+print STDERR "updating GRUB $grubVersion menu...\n";
+
+mkpath("/boot/grub", 0, 0700);
+
+
+# Discover whether /boot is on the same filesystem as / and
+# /nix/store.  If not, then all kernels and initrds must be copied to
+# /boot, and all paths in the GRUB config file must be relative to the
+# root of the /boot filesystem.  `$bootRoot' is the path to be
+# prepended to paths under /boot.
+my $bootRoot = "/boot";
+if (stat("/")->dev != stat("/boot")->dev) {
+    $bootRoot = "";
+    $copyKernels = 1;
+} elsif (stat("/boot")->dev != stat("/nix/store")->dev) {
+    $copyKernels = 1;
+}
+
+
+# Generate the header.
+my $conf .= "# Automatically generated.  DO NOT EDIT THIS FILE!\n";
+
+if ($grubVersion == 1) {
+    $conf .= "
+        default $defaultEntry
+        timeout $timeout
+    ";
+    if ($splashImage) {
+        copy $splashImage, "/boot/background.xpm.gz" or die "cannot copy $splashImage to /boot\n";
+        $conf .= "splashimage $bootRoot/background.xpm.gz\n";
+    }
+}
+
+else {
+    $conf .= "
+        if [ -s \$prefix/grubenv ]; then
+          load_env
+        fi
+
+        # ‘grub-reboot’ sets a one-time saved entry, which we process here and
+        # then delete.
+        if [ \"\${saved_entry}\" ]; then
+          # The next line *has* to look exactly like this, otherwise KDM's
+          # reboot feature won't work properly with GRUB 2.
+          set default=\"\${saved_entry}\"
+          set saved_entry=
+          set prev_saved_entry=
+          save_env saved_entry
+          save_env prev_saved_entry
+          set timeout=1
+        else
+          set default=$defaultEntry
+          set timeout=$timeout
+        fi
+
+        if loadfont $bootRoot/grub/fonts/unicode.pf2; then
+          set gfxmode=640x480
+          insmod gfxterm
+          insmod vbe
+          terminal_output gfxterm
+        fi
+    ";
+
+    if ($splashImage) {
+        # FIXME: GRUB 1.97 doesn't resize the background image if it
+        # doesn't match the video resolution.
+        copy $splashImage, "/boot/background.png" or die "cannot copy $splashImage to /boot\n";
+        $conf .= "
+            insmod png
+            if background_image $bootRoot/background.png; then
+              set color_normal=white/black
+              set color_highlight=black/white
+            else
+              set menu_color_normal=cyan/blue
+              set menu_color_highlight=white/blue
+            fi
+        ";
+    }
+}
+
+$conf .= "$extraConfig\n";
+
+
+# Generate the menu entries.
+$conf .= "\n";
+
+my %copied;
+mkpath("/boot/kernels", 0, 0755) if $copyKernels;
+
+sub copyToKernelsDir {
+    my ($path) = @_;
+    return $path unless $copyKernels;
+    $path =~ /\/nix\/store\/(.*)/ or die;
+    my $name = $1; $name =~ s/\//-/g;
+    my $dst = "/boot/kernels/$name";
+    # Don't copy the file if $dst already exists.  This means that we
+    # have to create $dst atomically to prevent partially copied
+    # kernels or initrd if this script is ever interrupted.
+    if (! -e $dst) {
+        my $tmp = "$dst.tmp";
+        copy $path, $tmp or die "cannot copy $path to $tmp\n";
+        rename $tmp, $dst or die "cannot rename $tmp to $dst\n";
+    }
+    $copied{$dst} = 1;
+    return "$bootRoot/kernels/$name";
+}
+
+sub addEntry {
+    my ($name, $path) = @_;
+    return unless -e "$path/kernel" && -e "$path/initrd";
+
+    my $kernel = copyToKernelsDir(Cwd::abs_path("$path/kernel"));
+    my $initrd = copyToKernelsDir(Cwd::abs_path("$path/initrd"));
+    my $xen = -e "$path/xen.gz" ? copyToKernelsDir(Cwd::abs_path("$path/xen.gz")) : undef;
+
+    # FIXME: $confName
+
+    my $kernelParams =
+        "systemConfig=" . Cwd::abs_path($path) . " " .
+        "init=" . Cwd::abs_path("$path/init") . " " .
+        readFile("$path/kernel-params");
+    my $xenParams = $xen && -e "$path/xen-params" ? readFile("$path/xen-params") : "";
+
+    if ($grubVersion == 1) {
+        $conf .= "title $name\n";
+        $conf .= "  $extraPerEntryConfig\n" if $extraPerEntryConfig;
+        $conf .= "  kernel $xen $xenParams\n" if $xen;
+        $conf .= "  " . ($xen ? "module" : "kernel") . " $kernel $kernelParams\n";
+        $conf .= "  " . ($xen ? "module" : "initrd") . " $initrd\n\n";
+    } else {
+        $conf .= "menuentry \"$name\" {\n";
+        $conf .= "  $extraPerEntryConfig\n" if $extraPerEntryConfig;
+        $conf .= "  multiboot $xen $xenParams\n" if $xen;
+        $conf .= "  " . ($xen ? "module" : "linux") . " $kernel $kernelParams\n";
+        $conf .= "  " . ($xen ? "module" : "initrd") . " $initrd\n";
+        $conf .= "}\n\n";
+    }
+}
+
+
+# Add default entries.
+$conf .= "$extraEntries\n" if $extraEntriesBeforeNixOS;
+
+addEntry("NixOS - Default", $defaultConfig);
+
+$conf .= "$extraEntries\n" unless $extraEntriesBeforeNixOS;
+
+# extraEntries could refer to @bootRoot@, which we have to substitute
+$conf =~ s/\@bootRoot\@/$bootRoot/g;
+
+# Emit submenus for all system profiles.
+sub addProfile {
+    my ($profile, $description) = @_;
+
+    # Add entries for all generations of this profile.
+    $conf .= "submenu \"$description\" {\n" if $grubVersion == 2;
+
+    sub nrFromGen { my ($x) = @_; $x =~ /\/\w+-(\d+)-link/; return $1; }
+
+    my @links = sort
+        { nrFromGen($b) <=> nrFromGen($a) }
+        (glob "$profile-*-link");
+
+    my $curEntry = 0;
+    foreach my $link (@links) {
+        last if $curEntry++ >= $configurationLimit;
+        my $date = strftime("%F", localtime(lstat($link)->mtime));
+        my $version =
+            -e "$link/nixos-version"
+            ? readFile("$link/nixos-version")
+            : basename((glob(dirname(Cwd::abs_path("$link/kernel")) . "/lib/modules/*"))[0]);
+        addEntry("NixOS - Configuration " . nrFromGen($link) . " ($date - $version)", $link);
+    }
+
+    $conf .= "}\n" if $grubVersion == 2;
+}
+
+addProfile "/nix/var/nix/profiles/system", "NixOS - All configurations";
+
+if ($grubVersion == 2) {
+    for my $profile (glob "/nix/var/nix/profiles/system-profiles/*") {
+        my $name = basename($profile);
+        next unless $name =~ /^\w+$/;
+        addProfile $profile, "NixOS - Profile '$name'";
+    }
+}
+
+# Run extraPrepareConfig in sh
+if ($extraPrepareConfig ne "") {
+  system((get("shell"), "-c", $extraPrepareConfig));
+}
+
+# Atomically update the GRUB config.
+my $confFile = $grubVersion == 1 ? "/boot/grub/menu.lst" : "/boot/grub/grub.cfg";
+my $tmpFile = $confFile . ".tmp";
+writeFile($tmpFile, $conf);
+rename $tmpFile, $confFile or die "cannot rename $tmpFile to $confFile\n";
+
+
+# Remove obsolete files from /boot/kernels.
+foreach my $fn (glob "/boot/kernels/*") {
+    next if defined $copied{$fn};
+    print STDERR "removing obsolete file $fn\n";
+    unlink $fn;
+}
+
+
+# Install GRUB if the version changed from the last time we installed
+# it.  FIXME: shouldn't we reinstall if ‘devices’ changed?
+my $prevVersion = readFile("/boot/grub/version") // "";
+if (($ENV{'NIXOS_INSTALL_GRUB'} // "") eq "1" || get("fullVersion") ne $prevVersion) {
+    foreach my $dev ($dom->findnodes('/expr/attrs/attr[@name = "devices"]/list/string/@value')) {
+        $dev = $dev->findvalue(".") or die;
+        next if $dev eq "nodev";
+        print STDERR "installing the GRUB $grubVersion boot loader on $dev...\n";
+        system("$grub/sbin/grub-install", "--recheck", Cwd::abs_path($dev)) == 0
+            or die "$0: installation of GRUB on $dev failed\n";
+    }
+    writeFile("/boot/grub/version", get("fullVersion"));
+}
diff --git a/nixos/modules/system/boot/loader/grub/memtest.nix b/nixos/modules/system/boot/loader/grub/memtest.nix
new file mode 100644
index 000000000000..80c1a160cfde
--- /dev/null
+++ b/nixos/modules/system/boot/loader/grub/memtest.nix
@@ -0,0 +1,39 @@
+# This module adds Memtest86+ to the GRUB boot menu.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  memtest86 = pkgs.memtest86plus;
+in
+
+{
+  options = {
+
+    boot.loader.grub.memtest86 = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Make Memtest86+, a memory testing program, available from the
+        GRUB boot menu.
+      '';
+    };
+  };
+
+  config = mkIf config.boot.loader.grub.memtest86 {
+
+    boot.loader.grub.extraEntries =
+      if config.boot.loader.grub.version == 2 then
+        ''
+          menuentry "Memtest86+" {
+            linux16 @bootRoot@/memtest.bin
+          }
+        ''
+      else
+        throw "Memtest86+ is not supported with GRUB 1.";
+
+    boot.loader.grub.extraFiles."memtest.bin" = "${memtest86}/memtest.bin";
+
+  };
+}
diff --git a/nixos/modules/system/boot/loader/grub/winkler-gnu-blue-640x480.png b/nixos/modules/system/boot/loader/grub/winkler-gnu-blue-640x480.png
new file mode 100644
index 000000000000..35bbb57b51ee
--- /dev/null
+++ b/nixos/modules/system/boot/loader/grub/winkler-gnu-blue-640x480.png
Binary files differdiff --git a/nixos/modules/system/boot/loader/grub/winkler-gnu-blue.README b/nixos/modules/system/boot/loader/grub/winkler-gnu-blue.README
new file mode 100644
index 000000000000..9616362dce2a
--- /dev/null
+++ b/nixos/modules/system/boot/loader/grub/winkler-gnu-blue.README
@@ -0,0 +1,6 @@
+This is a resized version of
+
+  http://www.gnu.org/graphics/winkler-gnu-blue.png
+
+by Kyle Winkler and released under the Free Art License
+(http://artlibre.org/licence.php/lalgb.html).
diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
new file mode 100644
index 000000000000..9ea224b51f63
--- /dev/null
+++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
@@ -0,0 +1,114 @@
+#! @python@/bin/python
+import argparse
+import shutil
+import os
+import errno
+import subprocess
+import glob
+import tempfile
+import errno
+
+def copy_if_not_exists(source, dest):
+    known_paths.append(dest)
+    if not os.path.exists(dest):
+        shutil.copyfile(source, dest)
+
+system_dir = lambda generation: "/nix/var/nix/profiles/system-%d-link" % (generation)
+
+def write_entry(generation, kernel, initrd):
+    entry_file = "@efiSysMountPoint@/loader/entries/nixos-generation-%d.conf" % (generation)
+    generation_dir = os.readlink(system_dir(generation))
+    tmp_path = "%s.tmp" % (entry_file)
+    kernel_params = "systemConfig=%s init=%s/init " % (generation_dir, generation_dir)
+    with open("%s/kernel-params" % (generation_dir)) as params_file:
+        kernel_params = kernel_params + params_file.read()
+    with open(tmp_path, 'w') as f:
+        print >> f, "title NixOS"
+        print >> f, "version Generation %d" % (generation)
+        if machine_id is not None: print >> f, "machine-id %s" % (machine_id)
+        print >> f, "linux %s" % (kernel)
+        print >> f, "initrd %s" % (initrd)
+        print >> f, "options %s" % (kernel_params)
+    os.rename(tmp_path, entry_file)
+
+def write_loader_conf(generation):
+    with open("@efiSysMountPoint@/loader/loader.conf.tmp", 'w') as f:
+        if "@timeout@" != "":
+            print >> f, "timeout @timeout@"
+        print >> f, "default nixos-generation-%d" % (generation)
+    os.rename("@efiSysMountPoint@/loader/loader.conf.tmp", "@efiSysMountPoint@/loader/loader.conf")
+
+def copy_from_profile(generation, name):
+    store_file_path = os.readlink("%s/%s" % (system_dir(generation), name))
+    suffix = os.path.basename(store_file_path)
+    store_dir = os.path.basename(os.path.dirname(store_file_path))
+    efi_file_path = "/efi/nixos/%s-%s.efi" % (store_dir, suffix)
+    copy_if_not_exists(store_file_path, "@efiSysMountPoint@%s" % (efi_file_path))
+    return efi_file_path
+
+def add_entry(generation):
+    efi_kernel_path = copy_from_profile(generation, "kernel")
+    efi_initrd_path = copy_from_profile(generation, "initrd")
+    write_entry(generation, efi_kernel_path, efi_initrd_path)
+
+def mkdir_p(path):
+    try:
+        os.makedirs(path)
+    except OSError as e:
+        if e.errno != errno.EEXIST or not os.path.isdir(path):
+            raise
+
+def get_generations(profile):
+    gen_list = subprocess.check_output([
+        "@nix@/bin/nix-env",
+        "--list-generations",
+        "-p",
+        "/nix/var/nix/profiles/%s" % (profile)
+        ])
+    gen_lines = gen_list.split('\n')
+    gen_lines.pop()
+    return [ int(line.split()[0]) for line in gen_lines ]
+
+def remove_old_entries(gens):
+    slice_start = len("@efiSysMountPoint@/loader/entries/nixos-generation-")
+    slice_end = -1 * len(".conf")
+    for path in glob.iglob("@efiSysMountPoint@/loader/entries/nixos-generation-[1-9]*.conf"):
+        try:
+            gen = int(path[slice_start:slice_end])
+            if not gen in gens:
+                os.unlink(path)
+        except ValueError:
+            pass
+    for path in glob.iglob("@efiSysMountPoint@/efi/nixos/*"):
+        if not path in known_paths:
+            os.unlink(path)
+
+parser = argparse.ArgumentParser(description='Update NixOS-related gummiboot files')
+parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default NixOS config to boot')
+args = parser.parse_args()
+
+# We deserve our own env var!
+if os.getenv("NIXOS_INSTALL_GRUB") == "1":
+    if "@canTouchEfiVariables@" == "1":
+        subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "install"])
+    else:
+        subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "--no-variables", "install"])
+
+known_paths = []
+mkdir_p("@efiSysMountPoint@/efi/nixos")
+mkdir_p("@efiSysMountPoint@/loader/entries")
+try:
+    with open("/etc/machine-id") as machine_file:
+        machine_id = machine_file.readlines()[0]
+except IOError as e:
+    if e.errno != errno.ENOENT:
+        raise
+    machine_id = None
+
+gens = get_generations("system")
+for gen in gens:
+    add_entry(gen)
+    if os.readlink(system_dir(gen)) == args.default_config:
+        write_loader_conf(gen)
+
+remove_old_entries(gens)
diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
new file mode 100644
index 000000000000..9193cd3bc533
--- /dev/null
+++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
@@ -0,0 +1,67 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  cfg = config.boot.loader.gummiboot;
+
+  efi = config.boot.loader.efi;
+
+  gummibootBuilder = pkgs.substituteAll {
+    src = ./gummiboot-builder.py;
+
+    isExecutable = true;
+
+    inherit (pkgs) python gummiboot;
+
+    inherit (config.environment) nix;
+
+    inherit (cfg) timeout;
+
+    inherit (efi) efiSysMountPoint canTouchEfiVariables;
+  };
+in {
+  options.boot.loader.gummiboot = {
+    enable = mkOption {
+      default = false;
+
+      type = types.bool;
+
+      description = "Whether to enable the gummiboot UEFI boot manager";
+    };
+
+    timeout = mkOption {
+      default = null;
+
+      example = 4;
+
+      type = types.nullOr types.int;
+
+      description = ''
+        Timeout (in seconds) for how long to show the menu (null if none).
+        Note that even with no timeout the menu can be forced if the space
+        key is pressed during bootup
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = (config.boot.kernelPackages.kernel.features or { efiBootStub = true; }) ? efiBootStub;
+
+        message = "This kernel does not support the EFI boot stub";
+      }
+    ];
+
+    system = {
+      build.installBootLoader = gummibootBuilder;
+
+      boot.loader.id = "gummiboot";
+
+      requiredKernelConfig = with config.lib.kernelConfig; [
+        (isYes "EFI_STUB")
+      ];
+    };
+  };
+}
diff --git a/nixos/modules/system/boot/loader/init-script/init-script-builder.sh b/nixos/modules/system/boot/loader/init-script/init-script-builder.sh
new file mode 100644
index 000000000000..502b3b63af2f
--- /dev/null
+++ b/nixos/modules/system/boot/loader/init-script/init-script-builder.sh
@@ -0,0 +1,88 @@
+#! @bash@/bin/sh -e
+
+shopt -s nullglob
+
+export PATH=/empty
+for i in @path@; do PATH=$PATH:$i/bin; done
+
+if test $# -ne 1; then
+    echo "Usage: init-script-builder.sh DEFAULT-CONFIG"
+    exit 1
+fi
+
+defaultConfig="$1"
+
+
+[ "$(stat -f -c '%i' /)" = "$(stat -f -c '%i' /boot)" ] || {
+  # see grub-menu-builder.sh
+  echo "WARNING: /boot being on a different filesystem not supported by init-script-builder.sh"
+}
+
+
+
+target="/sbin/init"
+targetOther="/boot/init-other-configurations-contents.txt"
+
+tmp="$target.tmp"
+tmpOther="$targetOther.tmp"
+
+
+configurationCounter=0
+numAlienEntries=`cat <<EOF | egrep '^[[:space:]]*title' | wc -l
+@extraEntries@
+EOF`
+
+
+
+
+# Add an entry to $targetOther
+addEntry() {
+    local name="$1"
+    local path="$2"
+    local shortSuffix="$3"
+
+    configurationCounter=$((configurationCounter + 1))
+
+    local stage2=$path/init
+
+    content="$(
+      echo "#!/bin/sh"
+      echo "# $name"
+      echo "# created by init-script-builder.sh"
+      echo "export systemConfig=$(readlink -f $path)"
+      echo "exec $stage2"
+    )"
+
+    [ "$path" != "$defaultConfig" ] || { 
+      echo "$content" > $tmp
+      echo "# older configurations: $targetOther" >> $tmp
+      chmod +x $tmp
+    }
+
+    echo -e "$content\n\n" >> $tmpOther
+}
+
+
+mkdir -p /boot /sbin
+
+addEntry "NixOS - Default" $defaultConfig ""
+
+# Add all generations of the system profile to the menu, in reverse
+# (most recent to least recent) order.
+for link in $((ls -d $defaultConfig/fine-tune/* ) | sort -n); do
+    date=$(stat --printf="%y\n" $link | sed 's/\..*//')
+    addEntry "NixOS - variation" $link ""
+done
+
+for generation in $(
+    (cd /nix/var/nix/profiles && ls -d system-*-link) \
+    | sed 's/system-\([0-9]\+\)-link/\1/' \
+    | sort -n -r); do
+    link=/nix/var/nix/profiles/system-$generation-link
+    date=$(stat --printf="%y\n" $link | sed 's/\..*//')
+    kernelVersion=$(cd $(dirname $(readlink -f $link/kernel))/lib/modules && echo *)
+    addEntry "NixOS - Configuration $generation ($date - $kernelVersion)" $link "$generation ($date)"
+done
+
+mv $tmpOther $targetOther
+mv $tmp $target
diff --git a/nixos/modules/system/boot/loader/init-script/init-script.nix b/nixos/modules/system/boot/loader/init-script/init-script.nix
new file mode 100644
index 000000000000..4b0fcd85b4b5
--- /dev/null
+++ b/nixos/modules/system/boot/loader/init-script/init-script.nix
@@ -0,0 +1,50 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  initScriptBuilder = pkgs.substituteAll {
+    src = ./init-script-builder.sh;
+    isExecutable = true;
+    inherit (pkgs) bash;
+    path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    boot.loader.initScript = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Some systems require a /sbin/init script which is started.
+          Or having it makes starting NixOS easier.
+          This applies to some kind of hosting services and user mode linux.
+
+          Additionally this script will create
+          /boot/init-other-configurations-contents.txt containing
+          contents of remaining configurations. You can copy paste them into
+          /sbin/init manually running a rescue system or such.
+        '';
+      };
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.boot.loader.initScript.enable {
+
+    system.build.installBootLoader = initScriptBuilder;
+
+  };
+
+}
diff --git a/nixos/modules/system/boot/loader/raspberrypi/builder.sh b/nixos/modules/system/boot/loader/raspberrypi/builder.sh
new file mode 100644
index 000000000000..f6ccfe493d8a
--- /dev/null
+++ b/nixos/modules/system/boot/loader/raspberrypi/builder.sh
@@ -0,0 +1,109 @@
+#! @bash@/bin/sh -e
+
+shopt -s nullglob
+
+export PATH=/empty
+for i in @path@; do PATH=$PATH:$i/bin; done
+
+default=$1
+if test -z "$1"; then
+    echo "Syntax: builder.sh <DEFAULT-CONFIG>"
+    exit 1
+fi
+
+echo "updating the boot generations directory..."
+
+mkdir -p /boot/old
+
+# Convert a path to a file in the Nix store such as
+# /nix/store/<hash>-<name>/file to <hash>-<name>-<file>.
+cleanName() {
+    local path="$1"
+    echo "$path" | sed 's|^/nix/store/||' | sed 's|/|-|g'
+}
+
+# Copy a file from the Nix store to /boot/kernels.
+declare -A filesCopied
+
+copyToKernelsDir() {
+    local src="$1"
+    local dst="/boot/old/$(cleanName $src)"
+    # Don't copy the file if $dst already exists.  This means that we
+    # have to create $dst atomically to prevent partially copied
+    # kernels or initrd if this script is ever interrupted.
+    if ! test -e $dst; then
+        local dstTmp=$dst.tmp.$$
+        cp $src $dstTmp
+        mv $dstTmp $dst
+    fi
+    filesCopied[$dst]=1
+    result=$dst
+}
+
+copyForced() {
+    local src="$1"
+    local dst="$2"
+    cp $src $dst.tmp
+    mv $dst.tmp $dst
+}
+
+outdir=/boot/old
+mkdir -p $outdir || true
+
+# Copy its kernel and initrd to /boot/kernels.
+addEntry() {
+    local path="$1"
+    local generation="$2"
+
+    if ! test -e $path/kernel -a -e $path/initrd; then
+        return
+    fi
+
+    local kernel=$(readlink -f $path/kernel)
+    # local initrd=$(readlink -f $path/initrd)
+
+    if test -n "@copyKernels@"; then
+        copyToKernelsDir $kernel; kernel=$result
+        # copyToKernelsDir $initrd; initrd=$result
+    fi
+    
+    echo $(readlink -f $path) > $outdir/$generation-system
+    echo $(readlink -f $path/init) > $outdir/$generation-init
+    cp $path/kernel-params $outdir/$generation-cmdline.txt
+    # echo $initrd > $outdir/$generation-initrd
+    echo $kernel > $outdir/$generation-kernel
+
+    if test $(readlink -f "$path") = "$default"; then
+      copyForced $kernel /boot/kernel.img
+      # copyForced $initrd /boot/initrd
+      cp "$(readlink -f "$path/init")" /boot/nixos-init
+      echo "`cat $path/kernel-params` init=$path/init" >/boot/cmdline.txt
+
+      echo "$2" > /boot/defaultgeneration
+    fi
+}
+
+# Add all generations of the system profile to the menu, in reverse
+# (most recent to least recent) order.
+for generation in $(
+    (cd /nix/var/nix/profiles && ls -d system-*-link) \
+    | sed 's/system-\([0-9]\+\)-link/\1/' \
+    | sort -n -r); do
+    link=/nix/var/nix/profiles/system-$generation-link
+    addEntry $link $generation
+done
+
+# Add the firmware files
+fwdir=@firmware@/share/raspberrypi/boot/
+copyForced $fwdir/bootcode.bin  /boot/bootcode.bin
+copyForced $fwdir/fixup.dat     /boot/fixup.dat
+copyForced $fwdir/fixup_cd.dat  /boot/fixup_cd.dat
+copyForced $fwdir/start.elf     /boot/start.elf
+copyForced $fwdir/start_cd.elf  /boot/start_cd.elf
+
+# Remove obsolete files from /boot/old.
+for fn in /boot/old/*linux* /boot/old/*initrd*; do
+    if ! test "${filesCopied[$fn]}" = 1; then
+        rm -vf -- "$fn"
+    fi
+done
diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix
new file mode 100644
index 000000000000..5bc856c3df0b
--- /dev/null
+++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  builder = pkgs.substituteAll {
+    src = ./builder.sh;
+    isExecutable = true;
+    inherit (pkgs) bash;
+    path = [pkgs.coreutils pkgs.gnused pkgs.gnugrep];
+    firmware = pkgs.raspberrypifw;
+  };
+
+  platform = pkgs.stdenv.platform;
+
+in
+
+{
+  options = {
+
+    boot.loader.raspberryPi.enable = mkOption {
+      default = false;
+      description = ''
+        Whether to create files with the system generations in
+        <literal>/boot</literal>.
+        <literal>/boot/old</literal> will hold files from old generations.
+      '';
+    };
+
+  };
+
+  config = mkIf config.boot.loader.raspberryPi.enable {
+    system.build.installBootLoader = builder;
+    system.boot.loader.id = "raspberrypi";
+    system.boot.loader.kernelFile = platform.kernelTarget;
+  };
+}
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
new file mode 100644
index 000000000000..ba357f5d2de3
--- /dev/null
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -0,0 +1,176 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+  luks = config.boot.initrd.luks;
+
+  openCommand = { name, device, keyFile, keyFileSize, allowDiscards, ... }: ''
+    # Wait for luksRoot to appear, e.g. if on a usb drive.
+    # XXX: copied and adapted from stage-1-init.sh - should be
+    # available as a function.
+    if ! test -e ${device}; then
+        echo -n "waiting 10 seconds for device ${device} to appear..."
+        for try in $(seq 10); do
+            sleep 1
+            if test -e ${device}; then break; fi
+            echo -n .
+        done
+        echo "ok"
+    fi
+
+    ${optionalString (keyFile != null) ''
+    if ! test -e ${keyFile}; then
+        echo -n "waiting 10 seconds for key file ${keyFile} to appear..."
+        for try in $(seq 10); do
+            sleep 1
+            if test -e ${keyFile}; then break; fi
+            echo -n .
+        done
+        echo "ok"
+    fi
+    ''}
+
+    # open luksRoot and scan for logical volumes
+    cryptsetup luksOpen ${device} ${name} ${optionalString allowDiscards "--allow-discards"} \
+      ${optionalString (keyFile != null) "--key-file=${keyFile} ${optionalString (keyFileSize != null) "--keyfile-size=${toString keyFileSize}"}"}
+  '';
+
+  isPreLVM = f: f.preLVM;
+  preLVM = filter isPreLVM luks.devices;
+  postLVM = filter (f: !(isPreLVM f)) luks.devices;
+
+in
+{
+
+  options = {
+
+    boot.initrd.luks.mitigateDMAAttacks = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Unless enabled, encryption keys can be easily recovered by an attacker with physical
+        access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port.
+        More information: http://en.wikipedia.org/wiki/DMA_attack
+
+        This option blacklists FireWire drivers, but doesn't remove them. You can manually
+        load the drivers if you need to use a FireWire device, but don't forget to unload them!
+      '';
+    };
+
+    boot.initrd.luks.cryptoModules = mkOption {
+      type = types.listOf types.string;
+      default =
+        [ "aes" "aes_generic" "blowfish" "twofish"
+          "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
+          (if pkgs.stdenv.system == "x86_64-linux" then "aes_x86_64" else "aes_i586")
+        ];
+      description = ''
+        A list of cryptographic kernel modules needed to decrypt the root device(s).
+        The default includes all common modules.
+      '';
+    };
+
+    boot.initrd.luks.devices = mkOption {
+      default = [ ];
+      example = [ { name = "luksroot"; device = "/dev/sda3"; preLVM = true; } ];
+      description = ''
+        The list of devices that should be decrypted using LUKS before trying to mount the
+        root partition. This works for both LVM-over-LUKS and LUKS-over-LVM setups.
+
+        The devices are decrypted to the device mapper names defined.
+
+        Make sure that initrd has the crypto modules needed for decryption.
+      '';
+
+      type = types.listOf types.optionSet;
+
+      options = {
+
+        name = mkOption {
+          example = "luksroot";
+          type = types.string;
+          description = "Named to be used for the generated device in /dev/mapper.";
+        };
+
+        device = mkOption {
+          example = "/dev/sda2";
+          type = types.string;
+          description = "Path of the underlying block device.";
+        };
+
+        keyFile = mkOption {
+          default = null;
+          example = "/dev/sdb1";
+          type = types.nullOr types.string;
+          description = ''
+            The name of the file (can be a raw device or a partition) that
+            should be used as the decryption key for the encrypted device. If
+            not specified, you will be prompted for a passphrase instead.
+          '';
+        };
+
+        keyFileSize = mkOption {
+          default = null;
+          example = 4096;
+          type = types.nullOr types.int;
+          description = ''
+            The size of the key file. Use this if only the beginning of the
+            key file should be used as a key (often the case if a raw device
+            or partition is used as key file). If not specified, the whole
+            <literal>keyFile</literal> will be used decryption, instead of just
+            the first <literal>keyFileSize</literal> bytes.
+          '';
+        };
+
+        preLVM = mkOption {
+          default = true;
+          type = types.bool;
+          description = "Whether the luksOpen will be attempted before LVM scan or after it.";
+        };
+
+        allowDiscards = mkOption {
+          default = false;
+          type = types.bool;
+          description = ''
+            Whether to allow TRIM requests to the underlying device. This option
+            has security implications, please read the LUKS documentation before
+            activating in.
+          '';
+        };
+
+      };
+
+    };
+
+  };
+
+  config = mkIf (luks.devices != []) {
+
+    # actually, sbp2 driver is the one enabling the DMA attack, but this needs to be tested
+    boot.blacklistedKernelModules = optionals luks.mitigateDMAAttacks
+      ["firewire_ohci" "firewire_core" "firewire_sbp2"];
+
+    # Some modules that may be needed for mounting anything ciphered
+    boot.initrd.availableKernelModules = [ "dm_mod" "dm_crypt" "cryptd" ] ++ luks.cryptoModules;
+
+    # copy the cryptsetup binary and it's dependencies
+    boot.initrd.extraUtilsCommands = ''
+      cp -pdv ${pkgs.cryptsetup}/sbin/cryptsetup $out/bin
+      # XXX: do we have a function that does this?
+      for lib in $(ldd $out/bin/cryptsetup |grep '=>' |grep /nix/store/ |cut -d' ' -f3); do
+        cp -pdvn $lib $out/lib
+        cp -pvn $(readlink -f $lib) $out/lib
+      done
+    '';
+
+    boot.initrd.extraUtilsCommandsTest = ''
+      $out/bin/cryptsetup --version
+    '';
+
+    boot.initrd.preLVMCommands = concatMapStrings openCommand preLVM;
+    boot.initrd.postDeviceCommands = concatMapStrings openCommand postLVM;
+
+    environment.systemPackages = [ pkgs.cryptsetup ];
+  };
+}
diff --git a/nixos/modules/system/boot/modprobe.nix b/nixos/modules/system/boot/modprobe.nix
new file mode 100644
index 000000000000..39928da8d190
--- /dev/null
+++ b/nixos/modules/system/boot/modprobe.nix
@@ -0,0 +1,113 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  ###### interface
+
+  options = {
+
+    system.sbin.modprobe = mkOption {
+      internal = true;
+      default = pkgs.writeTextFile {
+        name = "modprobe";
+        destination = "/sbin/modprobe";
+        executable = true;
+        text =
+          ''
+            #! ${pkgs.stdenv.shell}
+            export MODULE_DIR=/run/current-system/kernel-modules/lib/modules
+
+            # Fall back to the kernel modules used at boot time if the
+            # modules in the current configuration don't match the
+            # running kernel.
+            if [ ! -d "$MODULE_DIR/$(${pkgs.coreutils}/bin/uname -r)" ]; then
+                MODULE_DIR=/run/booted-system/kernel-modules/lib/modules/
+            fi
+
+            exec ${pkgs.kmod}/sbin/modprobe "$@"
+          '';
+      };
+      description = ''
+        Wrapper around modprobe that sets the path to the modules
+        tree.
+      '';
+    };
+
+    boot.blacklistedKernelModules = mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [ "cirrusfb" "i2c_piix4" ];
+      description = ''
+        List of names of kernel modules that should not be loaded
+        automatically by the hardware probing code.
+      '';
+    };
+
+    boot.extraModprobeConfig = mkOption {
+      default = "";
+      example =
+        ''
+          options parport_pc io=0x378 irq=7 dma=1
+        '';
+      description = ''
+        Any additional configuration to be appended to the generated
+        <filename>modprobe.conf</filename>.  This is typically used to
+        specify module options.  See
+        <citerefentry><refentrytitle>modprobe.conf</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+      type = types.lines;
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.etc = singleton
+      { source = pkgs.writeText "modprobe.conf"
+          ''
+            ${flip concatMapStrings config.boot.blacklistedKernelModules (name: ''
+              blacklist ${name}
+            '')}
+            ${config.boot.extraModprobeConfig}
+          '';
+        target = "modprobe.d/nixos.conf";
+      };
+
+    environment.systemPackages = [ config.system.sbin.modprobe pkgs.kmod ];
+
+    boot.blacklistedKernelModules =
+      [ # This module is for debugging and generates gigantic amounts
+        # of log output, so it should never be loaded automatically.
+        "evbug"
+
+        # This module causes ALSA to occassionally select the wrong
+        # default sound device, and is little more than an annoyance
+        # on modern machines.
+        "snd_pcsp"
+
+        # The cirrusfb module prevents X11 from starting.  FIXME:
+        # Ubuntu blacklists all framebuffer devices because they're
+        # "buggy" and cause suspend problems.  Maybe we should too?
+        "cirrusfb"
+      ];
+
+    system.activationScripts.modprobe =
+      ''
+        # Allow the kernel to find our wrapped modprobe (which searches
+        # in the right location in the Nix store for kernel modules).
+        # We need this when the kernel (or some module) auto-loads a
+        # module.
+        echo ${config.system.sbin.modprobe}/sbin/modprobe > /proc/sys/kernel/modprobe
+      '';
+
+    environment.variables.MODULE_DIR = "/run/current-system/kernel-modules/lib/modules";
+
+  };
+
+}
diff --git a/nixos/modules/system/boot/readonly-mountpoint.c b/nixos/modules/system/boot/readonly-mountpoint.c
new file mode 100644
index 000000000000..27b666873821
--- /dev/null
+++ b/nixos/modules/system/boot/readonly-mountpoint.c
@@ -0,0 +1,20 @@
+#include <sys/statvfs.h>
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char ** argv) {
+	struct statvfs stat;
+	if (argc != 2) {
+		fprintf(stderr, "Usage: %s PATH", argv[0]);
+		exit(2);
+	}
+	if (statvfs(argv[1], &stat) != 0) {
+		perror("statvfs");
+		exit(3);
+	}
+	if (stat.f_flag & ST_RDONLY)
+		exit(0);
+	else
+		exit(1);
+}
+
diff --git a/nixos/modules/system/boot/shutdown.nix b/nixos/modules/system/boot/shutdown.nix
new file mode 100644
index 000000000000..ad71a2e816e3
--- /dev/null
+++ b/nixos/modules/system/boot/shutdown.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+
+  # This unit saves the value of the system clock to the hardware
+  # clock on shutdown.
+  systemd.units."save-hwclock.service" =
+    { wantedBy = [ "shutdown.target" ];
+
+      text =
+        ''
+          [Unit]
+          Description=Save Hardware Clock
+          DefaultDependencies=no
+          Before=shutdown.target
+
+          [Service]
+          Type=oneshot
+          ExecStart=${pkgs.utillinux}/sbin/hwclock --systohc ${if config.time.hardwareClockInLocalTime then "--localtime" else "--utc"}
+        '';
+    };
+
+  boot.kernel.sysctl."kernel.poweroff_cmd" = "${config.systemd.package}/sbin/poweroff";
+
+}
diff --git a/nixos/modules/system/boot/stage-1-init.sh b/nixos/modules/system/boot/stage-1-init.sh
new file mode 100644
index 000000000000..1f65026b5def
--- /dev/null
+++ b/nixos/modules/system/boot/stage-1-init.sh
@@ -0,0 +1,374 @@
+#! @shell@
+
+targetRoot=/mnt-root
+console=tty1
+
+export LD_LIBRARY_PATH=@extraUtils@/lib
+export PATH=@extraUtils@/bin:@extraUtils@/sbin
+
+
+fail() {
+    if [ -n "$panicOnFail" ]; then exit 1; fi
+
+    # If starting stage 2 failed, allow the user to repair the problem
+    # in an interactive shell.
+    cat <<EOF
+
+An error occured in stage 1 of the boot process, which must mount the
+root filesystem on \`$targetRoot' and then start stage 2.  Press one
+of the following keys:
+
+EOF
+    if [ -n "$allowShell" ]; then cat <<EOF
+  i) to launch an interactive shell
+  f) to start an interactive shell having pid 1 (needed if you want to
+     start stage 2's init manually)
+EOF
+    fi
+    cat <<EOF
+  r) to reboot immediately
+  *) to ignore the error and continue
+EOF
+
+    read reply
+
+    if [ -n "$allowShell" -a "$reply" = f ]; then
+        exec setsid @shell@ -c "@shell@ < /dev/$console >/dev/$console 2>/dev/$console"
+    elif [ -n "$allowShell" -a "$reply" = i ]; then
+        echo "Starting interactive shell..."
+        setsid @shell@ -c "@shell@ < /dev/$console >/dev/$console 2>/dev/$console" || fail
+    elif [ "$reply" = r ]; then
+        echo "Rebooting..."
+        reboot -f
+    else
+        echo "Continuing..."
+    fi
+}
+
+trap 'fail' 0
+
+
+# Print a greeting.
+echo
+echo "<<< NixOS Stage 1 >>>"
+echo
+
+
+# Mount special file systems.
+mkdir -p /etc
+touch /etc/fstab # to shut up mount
+touch /etc/mtab # to shut up mke2fs
+mkdir -p /proc
+mount -t proc none /proc
+mkdir -p /sys
+mount -t sysfs none /sys
+mount -t devtmpfs -o "size=@devSize@" none /dev
+mkdir -p /run
+mount -t tmpfs -o "mode=0755,size=@runSize@" none /run
+
+
+# Process the kernel command line.
+export stage2Init=/init
+for o in $(cat /proc/cmdline); do
+    case $o in
+        console=*)
+            set -- $(IFS==; echo $o)
+            params=$2
+            set -- $(IFS=,; echo $params)
+            console=$1
+            ;;
+        init=*)
+            set -- $(IFS==; echo $o)
+            stage2Init=$2
+            ;;
+        boot.trace|debugtrace)
+            # Show each command.
+            set -x
+            ;;
+        boot.shell_on_fail)
+            allowShell=1
+            ;;
+        boot.debug1|debug1) # stop right away
+            allowShell=1
+            fail
+            ;;
+        boot.debug1devices) # stop after loading modules and creating device nodes
+            allowShell=1
+            debug1devices=1
+            ;;
+        boot.debug1mounts) # stop after mounting file systems
+            allowShell=1
+            debug1mounts=1
+            ;;
+        boot.panic_on_fail|stage1panic=1)
+            panicOnFail=1
+            ;;
+        root=*)
+            # If a root device is specified on the kernel command
+            # line, make it available through the symlink /dev/root.
+            # Recognise LABEL= and UUID= to support UNetbootin.
+            set -- $(IFS==; echo $o)
+            if [ $2 = "LABEL" ]; then
+                root="/dev/disk/by-label/$3"
+            elif [ $2 = "UUID" ]; then
+                root="/dev/disk/by-uuid/$3"
+            else
+                root=$2
+            fi
+            ln -s "$root" /dev/root
+            ;;
+    esac
+done
+
+
+# Load the required kernel modules.
+mkdir -p /lib
+ln -s @modulesClosure@/lib/modules /lib/modules
+echo @extraUtils@/bin/modprobe > /proc/sys/kernel/modprobe
+for i in @kernelModules@; do
+    echo "loading module $(basename $i)..."
+    modprobe $i || true
+done
+
+
+# Create device nodes in /dev.
+echo "running udev..."
+mkdir -p /etc/udev
+ln -sfn @udevRules@ /etc/udev/rules.d
+mkdir -p /dev/.mdadm
+systemd-udevd --daemon
+udevadm trigger --action=add
+udevadm settle || true
+modprobe scsi_wait_scan || true
+udevadm settle || true
+
+
+# Load boot-time keymap before any LVM/LUKS initialization
+@extraUtils@/bin/busybox loadkmap < "@busyboxKeymap@"
+
+
+# XXX: Use case usb->lvm will still fail, usb->luks->lvm is covered
+@preLVMCommands@
+
+
+echo "starting device mapper and LVM..."
+lvm vgchange -ay
+
+if test -n "$debug1devices"; then fail; fi
+
+
+@postDeviceCommands@
+
+
+# Try to resume - all modules are loaded now, and devices exist
+if test -e /sys/power/tuxonice/resume; then
+    if test -n "$(cat /sys/power/tuxonice/resume)"; then
+        echo 0 > /sys/power/tuxonice/user_interface/enabled
+        echo 1 > /sys/power/tuxonice/do_resume || echo "failed to resume..."
+    fi
+fi
+
+if test -n "@resumeDevice@" -a -e /sys/power/resume -a -e /sys/power/disk; then
+    echo "@resumeDevice@" > /sys/power/resume 2> /dev/null || echo "failed to resume..."
+    echo shutdown > /sys/power/disk
+fi
+
+
+# Return true if the machine is on AC power, or if we can't determine
+# whether it's on AC power.
+onACPower() {
+    ! test -d "/proc/acpi/battery" ||
+    ! ls /proc/acpi/battery/BAT[0-9]* > /dev/null 2>&1 ||
+    ! cat /proc/acpi/battery/BAT*/state | grep "^charging state" | grep -q "discharg"
+}
+
+
+# Check the specified file system, if appropriate.
+checkFS() {
+    local device="$1"
+    local fsType="$2"
+
+    # Only check block devices.
+    if [ ! -b "$device" ]; then return 0; fi
+
+    # Don't check ROM filesystems.
+    if [ "$fsType" = iso9660 -o "$fsType" = udf ]; then return 0; fi
+
+    # If we couldn't figure out the FS type, then skip fsck.
+    if [ "$fsType" = auto ]; then
+        echo 'cannot check filesystem with type "auto"!'
+        return 0
+    fi
+
+    # Optionally, skip fsck on journaling filesystems.  This option is
+    # a hack - it's mostly because e2fsck on ext3 takes much longer to
+    # recover the journal than the ext3 implementation in the kernel
+    # does (minutes versus seconds).
+    if test -z "@checkJournalingFS@" -a \
+        \( "$fsType" = ext3 -o "$fsType" = ext4 -o "$fsType" = reiserfs \
+        -o "$fsType" = xfs -o "$fsType" = jfs \)
+    then
+        return 0
+    fi
+
+    # Don't run `fsck' if the machine is on battery power.  !!! Is
+    # this a good idea?
+    if ! onACPower; then
+        echo "on battery power, so no \`fsck' will be performed on \`$device'"
+        return 0
+    fi
+
+    echo "checking $device..."
+
+    fsckFlags=
+    if test "$fsType" != "btrfs"; then
+        fsckFlags="-V -a"
+    fi
+    fsck $fsckFlags "$device"
+    fsckResult=$?
+
+    if test $(($fsckResult | 2)) = $fsckResult; then
+        echo "fsck finished, rebooting..."
+        sleep 3
+        reboot -f
+    fi
+
+    if test $(($fsckResult | 4)) = $fsckResult; then
+        echo "$device has unrepaired errors, please fix them manually."
+        fail
+    fi
+
+    if test $fsckResult -ge 8; then
+        echo "fsck on $device failed."
+        fail
+    fi
+
+    return 0
+}
+
+
+# Function for mounting a file system.
+mountFS() {
+    local device="$1"
+    local mountPoint="$2"
+    local options="$3"
+    local fsType="$4"
+
+    if [ "$fsType" = auto ]; then
+        fsType=$(blkid -o value -s TYPE "$device")
+        if [ -z "$fsType" ]; then fsType=auto; fi
+    fi
+
+    echo "$device /mnt-root$mountPoint $fsType $options" >> /etc/fstab
+
+    checkFS "$device" "$fsType"
+
+    echo "mounting $device on $mountPoint..."
+
+    mkdir -p "/mnt-root$mountPoint" || true
+
+    # For CIFS mounts, retry a few times before giving up.
+    local n=0
+    while true; do
+        mount "/mnt-root$mountPoint" && break
+        if [ "$fsType" != cifs -o "$n" -ge 10 ]; then fail; break; fi
+        echo "retrying..."
+        n=$((n + 1))
+    done
+}
+
+
+# Try to find and mount the root device.
+mkdir /mnt-root
+
+exec 3< @fsInfo@
+
+while read -u 3 mountPoint; do
+    read -u 3 device
+    read -u 3 fsType
+    read -u 3 options
+
+    # !!! Really quick hack to support bind mounts, i.e., where the
+    # "device" should be taken relative to /mnt-root, not /.  Assume
+    # that every device that starts with / but doesn't start with /dev
+    # is a bind mount.
+    pseudoDevice=
+    case $device in
+        /dev/*)
+            ;;
+        //*)
+            # Don't touch SMB/CIFS paths.
+            pseudoDevice=1
+            ;;
+        /*)
+            device=/mnt-root$device
+            ;;
+        *)
+            # Not an absolute path; assume that it's a pseudo-device
+            # like an NFS path (e.g. "server:/path").
+            pseudoDevice=1
+            ;;
+    esac
+
+    # USB storage devices tend to appear with some delay.  It would be
+    # great if we had a way to synchronously wait for them, but
+    # alas...  So just wait for a few seconds for the device to
+    # appear.  If it doesn't appear, try to mount it anyway (and
+    # probably fail).  This is a fallback for non-device "devices"
+    # that we don't properly recognise.
+    if test -z "$pseudoDevice" -a ! -e $device; then
+        echo -n "waiting for device $device to appear..."
+        for try in $(seq 1 20); do
+            sleep 1
+            if test -e $device; then break; fi
+            echo -n "."
+        done
+        echo
+    fi
+
+    # Wait once more for the udev queue to empty, just in case it's
+    # doing something with $device right now.
+    udevadm settle || true
+
+    mountFS "$device" "$mountPoint" "$options" "$fsType"
+done
+
+exec 3>&-
+
+
+@postMountCommands@
+
+
+# Stop udevd.
+udevadm control --exit || true
+
+# Kill any remaining processes, just to be sure we're not taking any
+# with us into stage 2. unionfs-fuse mounts require the unionfs process.
+pkill -9 -v '(1|unionfs)'
+
+
+if test -n "$debug1mounts"; then fail; fi
+
+
+# Restore /proc/sys/kernel/modprobe to its original value.
+echo /sbin/modprobe > /proc/sys/kernel/modprobe
+
+
+# Start stage 2.  `switch_root' deletes all files in the ramfs on the
+# current root.  Note that $stage2Init might be an absolute symlink,
+# in which case "-e" won't work because we're not in the chroot yet.
+if ! test -e "$targetRoot/$stage2Init" -o -L "$targetRoot/$stage2Init"; then
+    echo "stage 2 init script ($targetRoot/$stage2Init) not found"
+    fail
+fi
+
+mkdir -m 0755 -p $targetRoot/proc $targetRoot/sys $targetRoot/dev $targetRoot/run
+
+mount --move /proc $targetRoot/proc
+mount --move /sys $targetRoot/sys
+mount --move /dev $targetRoot/dev
+mount --move /run $targetRoot/run
+
+exec env -i $(type -P switch_root) "$targetRoot" "$stage2Init"
+
+fail # should never be reached
diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix
new file mode 100644
index 000000000000..b2b662803728
--- /dev/null
+++ b/nixos/modules/system/boot/stage-1.nix
@@ -0,0 +1,343 @@
+# This module builds the initial ramdisk, which contains an init
+# script that performs the first stage of booting the system: it loads
+# the modules necessary to mount the root file system, then calls the
+# init in the root file system to start the second boot stage.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  udev = config.systemd.package;
+
+  kernelPackages = config.boot.kernelPackages;
+  modulesTree = config.system.modulesTree;
+
+
+  # Determine the set of modules that we need to mount the root FS.
+  modulesClosure = pkgs.makeModulesClosure {
+    rootModules = config.boot.initrd.availableKernelModules ++ config.boot.initrd.kernelModules;
+    kernel = modulesTree;
+    allowMissing = true;
+  };
+
+
+  needsCifsUtils = kernelPackages.kernel ? features
+                && kernelPackages.kernel.features ? needsCifsUtils
+                && kernelPackages.kernel.features.needsCifsUtils
+                && any (fs: fs.fsType == "cifs") fileSystems;
+
+  busybox =
+    if needsCifsUtils
+    then pkgs.busybox.override {
+           extraConfig = ''
+             CONFIG_FEATURE_MOUNT_CIFS n
+             CONFIG_FEATURE_MOUNT_HELPERS y
+           '';
+         }
+    else pkgs.busybox;
+
+
+  # Some additional utilities needed in stage 1, like mount, lvm, fsck
+  # etc.  We don't want to bring in all of those packages, so we just
+  # copy what we need.  Instead of using statically linked binaries,
+  # we just copy what we need from Glibc and use patchelf to make it
+  # work.
+  extraUtils = pkgs.runCommand "extra-utils"
+    { buildInputs = [pkgs.nukeReferences];
+      allowedReferences = [ "out" ]; # prevent accidents like glibc being included in the initrd
+      doublePatchelf = pkgs.stdenv.isArm;
+    }
+    ''
+      mkdir -p $out/bin $out/lib
+
+      # Copy what we need from Glibc.
+      cp -pv ${pkgs.glibc}/lib/ld*.so.? $out/lib
+      cp -pv ${pkgs.glibc}/lib/libc.so.* $out/lib
+      cp -pv ${pkgs.glibc}/lib/libm.so.* $out/lib
+      cp -pv ${pkgs.glibc}/lib/libpthread.so.* $out/lib
+      cp -pv ${pkgs.glibc}/lib/librt.so.* $out/lib
+      cp -pv ${pkgs.glibc}/lib/libdl.so.* $out/lib
+      cp -pv ${pkgs.gcc.gcc}/lib*/libgcc_s.so.* $out/lib
+
+      # Copy BusyBox.
+      cp -rvd ${busybox}/{bin,sbin} $out/
+      chmod -R u+w $out
+
+      # Copy some utillinux stuff.
+      cp -v ${pkgs.utillinux}/sbin/blkid $out/bin
+      cp -pdv ${pkgs.utillinux}/lib/libblkid*.so.* $out/lib
+      cp -pdv ${pkgs.utillinux}/lib/libuuid*.so.* $out/lib
+
+      # Copy dmsetup and lvm.
+      cp -v ${pkgs.lvm2}/sbin/dmsetup $out/bin/dmsetup
+      cp -v ${pkgs.lvm2}/sbin/lvm $out/bin/lvm
+      cp -v ${pkgs.lvm2}/lib/libdevmapper.so.*.* $out/lib
+      cp -v ${pkgs.systemd}/lib/libsystemd-daemon.so.* $out/lib
+
+      # Add RAID mdadm tool.
+      cp -v ${pkgs.mdadm}/sbin/mdadm $out/bin/mdadm
+
+      # Copy udev.
+      cp -v ${udev}/lib/systemd/systemd-udevd ${udev}/bin/udevadm $out/bin
+      cp -v ${udev}/lib/udev/*_id $out/bin
+      cp -pdv ${udev}/lib/libudev.so.* $out/lib
+      cp -v ${pkgs.kmod}/lib/libkmod.so.* $out/lib
+      cp -v ${pkgs.acl}/lib/libacl.so.* $out/lib
+      cp -v ${pkgs.attr}/lib/libattr.so.* $out/lib
+
+      # Copy modprobe.
+      cp -v ${pkgs.kmod}/bin/kmod $out/bin/
+      ln -s kmod $out/bin/modprobe
+
+      # Maybe copy cifs utils
+      ${optionalString needsCifsUtils ''
+        cp -v ${pkgs.cifs_utils}/sbin/mount.cifs $out/bin
+      ''}
+
+      ${config.boot.initrd.extraUtilsCommands}
+
+      # Strip binaries further than normal.
+      chmod -R u+w $out
+      stripDirs "lib bin" "-s"
+
+      # Run patchelf to make the programs refer to the copied libraries.
+      for i in $out/bin/* $out/lib/*; do if ! test -L $i; then nuke-refs $i; fi; done
+
+      for i in $out/bin/*; do
+          if ! test -L $i; then
+              echo "patching $i..."
+              patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
+              if [ -n "$doublePatchelf" ]; then
+                  patchelf --set-interpreter $out/lib/ld*.so.? --set-rpath $out/lib $i || true
+              fi
+          fi
+      done
+
+      # Make sure that the patchelf'ed binaries still work.
+      echo "testing patched programs..."
+      $out/bin/ash -c 'echo hello world' | grep "hello world"
+      export LD_LIBRARY_PATH=$out/lib
+      $out/bin/mount --help 2>&1 | grep "BusyBox"
+      $out/bin/udevadm --version
+      $out/bin/dmsetup --version 2>&1 | tee -a log | grep "version:"
+      LVM_SYSTEM_DIR=$out $out/bin/lvm version 2>&1 | tee -a log | grep "LVM"
+      $out/bin/mdadm --version
+
+      ${config.boot.initrd.extraUtilsCommandsTest}
+    ''; # */
+
+
+  # The initrd only has to mount / or any FS marked as necessary for
+  # booting (such as the FS containing /nix/store, or an FS needed for
+  # mounting /, like / on a loopback).
+  fileSystems = filter
+    (fs: fs.neededForBoot || elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ])
+    (attrValues config.fileSystems);
+
+
+  udevRules = pkgs.stdenv.mkDerivation {
+    name = "udev-rules";
+    buildCommand = ''
+      ensureDir $out
+
+      echo 'ENV{LD_LIBRARY_PATH}="${extraUtils}/lib"' > $out/00-env.rules
+
+      cp -v ${udev}/lib/udev/rules.d/60-cdrom_id.rules $out/
+      cp -v ${udev}/lib/udev/rules.d/60-persistent-storage.rules $out/
+      cp -v ${udev}/lib/udev/rules.d/80-drivers.rules $out/
+      cp -v ${pkgs.lvm2}/lib/udev/rules.d/*.rules $out/
+      cp -v ${pkgs.mdadm}/lib/udev/rules.d/*.rules $out/
+
+      for i in $out/*.rules; do
+          substituteInPlace $i \
+            --replace ata_id ${extraUtils}/bin/ata_id \
+            --replace scsi_id ${extraUtils}/bin/scsi_id \
+            --replace cdrom_id ${extraUtils}/bin/cdrom_id \
+            --replace ${pkgs.utillinux}/sbin/blkid ${extraUtils}/bin/blkid \
+            --replace /sbin/blkid ${extraUtils}/bin/blkid \
+            --replace ${pkgs.lvm2}/sbin ${extraUtils}/bin \
+            --replace /sbin/mdadm ${extraUtils}/bin/mdadm
+      done
+
+      # Work around a bug in QEMU, which doesn't implement the "READ
+      # DISC INFORMATION" SCSI command:
+      #   https://bugzilla.redhat.com/show_bug.cgi?id=609049
+      # As a result, `cdrom_id' doesn't print
+      # ID_CDROM_MEDIA_TRACK_COUNT_DATA, which in turn prevents the
+      # /dev/disk/by-label symlinks from being created.  We need these
+      # in the NixOS installation CD, so use ID_CDROM_MEDIA in the
+      # corresponding udev rules for now.  This was the behaviour in
+      # udev <= 154.  See also
+      #   http://www.spinics.net/lists/hotplug/msg03935.html
+      substituteInPlace $out/60-persistent-storage.rules \
+        --replace ID_CDROM_MEDIA_TRACK_COUNT_DATA ID_CDROM_MEDIA
+    ''; # */
+  };
+
+
+  # The binary keymap for busybox to load at boot.
+  busyboxKeymap = pkgs.runCommand "boottime-keymap"
+    { preferLocalBuild = true; }
+    ''
+      ${pkgs.kbd}/bin/loadkeys -qb "${config.i18n.consoleKeyMap}" > $out ||
+        ${pkgs.kbd}/bin/loadkeys -qbu "${config.i18n.consoleKeyMap}" > $out
+    '';
+
+
+  # The init script of boot stage 1 (loading kernel modules for
+  # mounting the root FS).
+  bootStage1 = pkgs.substituteAll {
+    src = ./stage-1-init.sh;
+
+    shell = "${extraUtils}/bin/ash";
+
+    isExecutable = true;
+
+    inherit udevRules extraUtils modulesClosure busyboxKeymap;
+
+    inherit (config.boot) resumeDevice devSize runSize;
+
+    inherit (config.boot.initrd) checkJournalingFS
+      preLVMCommands postDeviceCommands postMountCommands kernelModules;
+
+    fsInfo =
+      let f = fs: [ fs.mountPoint (if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}") fs.fsType fs.options ];
+      in pkgs.writeText "initrd-fsinfo" (concatStringsSep "\n" (concatMap f fileSystems));
+  };
+
+
+  # The closure of the init script of boot stage 1 is what we put in
+  # the initial RAM disk.
+  initialRamdisk = pkgs.makeInitrd {
+    inherit (config.boot.initrd) compressor;
+
+    contents =
+      [ { object = bootStage1;
+          symlink = "/init";
+        }
+        { object = pkgs.writeText "mdadm.conf" config.boot.initrd.mdadmConf;
+          symlink = "/etc/mdadm.conf";
+        }
+      ];
+  };
+
+in
+
+{
+  options = {
+
+    boot.resumeDevice = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "8:2";
+      description = ''
+        Device for manual resume attempt during boot, specified using
+        the device's major and minor number as
+        <literal><replaceable>major</replaceable>:<replaceable>minor</replaceable></literal>.
+      '';
+    };
+
+    boot.initrd.checkJournalingFS = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        Whether to run <command>fsck</command> on journaling filesystems such as ext3.
+      '';
+    };
+
+    boot.initrd.mdadmConf = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        Contents of <filename>/etc/mdadm.conf</filename> in stage 1.
+      '';
+    };
+
+    boot.initrd.preLVMCommands = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed immediately before LVM discovery.
+      '';
+    };
+
+    boot.initrd.postDeviceCommands = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed immediately after stage 1 of the
+        boot has loaded kernel modules and created device nodes in
+        <filename>/dev</filename>.
+      '';
+    };
+
+    boot.initrd.postMountCommands = mkOption {
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed immediately after the stage 1
+        filesystems have been mounted.
+      '';
+    };
+
+    boot.initrd.extraUtilsCommands = mkOption {
+      internal = true;
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed in the builder of the
+        extra-utils derivation.  This can be used to provide
+        additional utilities in the initial ramdisk.
+      '';
+    };
+
+    boot.initrd.extraUtilsCommandsTest = mkOption {
+      internal = true;
+      default = "";
+      type = types.lines;
+      description = ''
+        Shell commands to be executed in the builder of the
+        extra-utils derivation after patchelf has done its
+        job.  This can be used to test additional utilities
+        copied in extraUtilsCommands.
+      '';
+    };
+
+    boot.initrd.compressor = mkOption {
+      internal = true;
+      default = "gzip -9";
+      type = types.str;
+      description = "The compressor to use on the initrd image.";
+      example = "xz";
+    };
+
+    fileSystems = mkOption {
+      options.neededForBoot = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If set, this file system will be mounted in the initial
+          ramdisk.  By default, this applies to the root file system
+          and to the file system containing
+          <filename>/nix/store</filename>.
+        '';
+      };
+    };
+
+  };
+
+  config = {
+
+    system.build.bootStage1 = bootStage1;
+    system.build.initialRamdisk = initialRamdisk;
+    system.build.extraUtils = extraUtils;
+
+    system.requiredKernelConfig = with config.lib.kernelConfig; [
+      (isYes "TMPFS")
+      (isYes "BLK_DEV_INITRD")
+    ];
+
+  };
+}
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
new file mode 100644
index 000000000000..2fadd3de1f0f
--- /dev/null
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -0,0 +1,173 @@
+#! @shell@
+
+systemConfig=@systemConfig@
+
+export HOME=/root
+
+
+# Print a greeting.
+echo
+echo -e "\e[1;32m<<< NixOS Stage 2 >>>\e[0m"
+echo
+
+
+# Set the PATH.
+setPath() {
+    local dirs="$1"
+    export PATH=/empty
+    for i in $dirs; do
+        PATH=$PATH:$i/bin
+        if test -e $i/sbin; then
+            PATH=$PATH:$i/sbin
+        fi
+    done
+}
+
+setPath "@path@"
+
+
+# Normally, stage 1 mounts the root filesystem read/writable.
+# However, in some environments, stage 2 is executed directly, and the
+# root is read-only.  So make it writable here.
+mount -n -o remount,rw /
+
+
+# Likewise, stage 1 mounts /proc, /dev and /sys, so if we don't have a
+# stage 1, we need to do that here.
+if [ ! -e /proc/1 ]; then
+    mkdir -m 0755 -p /proc
+    mount -n -t proc none /proc
+    mkdir -m 0755 -p /dev
+    mount -t devtmpfs none /dev
+fi
+
+
+echo "booting system configuration $systemConfig" > /dev/kmsg
+
+
+# Make /nix/store a read-only bind mount to enforce immutability of
+# the Nix store.  Note that we can't use "chown root:nixbld" here
+# because users/groups might not exist yet.
+chown 0:30000 /nix/store
+chmod 1775 /nix/store
+if [ -n "@readOnlyStore@" ]; then
+    if ! readonly-mountpoint /nix/store; then
+        mount --bind /nix/store /nix/store
+        mount -o remount,ro,bind /nix/store
+    fi
+fi
+
+
+# Provide a /etc/mtab.
+mkdir -m 0755 -p /etc
+test -e /etc/fstab || touch /etc/fstab # to shut up mount
+rm -f /etc/mtab* # not that we care about stale locks
+ln -s /proc/mounts /etc/mtab
+
+
+# Process the kernel command line.
+for o in $(cat /proc/cmdline); do
+    case $o in
+        boot.debugtrace)
+            # Show each command.
+            set -x
+            ;;
+        resume=*)
+            set -- $(IFS==; echo $o)
+            resumeDevice=$2
+            ;;
+    esac
+done
+
+
+# More special file systems, initialise required directories.
+mkdir -m 0755 /dev/shm
+mount -t tmpfs -o "rw,nosuid,nodev,size=@devShmSize@" tmpfs /dev/shm
+mkdir -m 0755 -p /dev/pts
+[ -e /proc/bus/usb ] && mount -t usbfs none /proc/bus/usb # UML doesn't have USB by default
+mkdir -m 01777 -p /tmp
+mkdir -m 0755 -p /var /var/log /var/lib /var/db
+mkdir -m 0755 -p /nix/var
+mkdir -m 0700 -p /root
+mkdir -m 0755 -p /bin # for the /bin/sh symlink
+mkdir -m 0755 -p /home
+mkdir -m 0755 -p /etc/nixos
+
+
+# Miscellaneous boot time cleanup.
+rm -rf /var/run /var/lock
+rm -f /etc/resolv.conf
+touch /etc/resolv.conf
+rm -f /etc/{group,passwd,shadow}.lock
+
+if test -n "@cleanTmpDir@"; then
+    echo -n "cleaning \`/tmp'..."
+    find /tmp -maxdepth 1 -mindepth 1 -print0 | xargs -0r rm -rf --one-file-system
+    echo " done"
+else
+    # Get rid of ICE locks...
+    rm -rf /tmp/.ICE-unix
+fi
+
+# ... and ensure that it's owned by root.
+mkdir -m 1777 /tmp/.ICE-unix
+
+# This is a good time to clean up /nix/var/nix/chroots.  Doing an `rm
+# -rf' on it isn't safe in general because it can contain bind mounts
+# to /nix/store and other places.  But after rebooting these are all
+# gone, of course.
+rm -rf /nix/var/nix/chroots # recreated in activate-configuration.sh
+
+
+# Also get rid of temporary GC roots.
+rm -rf /nix/var/nix/gcroots/tmp /nix/var/nix/temproots
+
+
+# Create a tmpfs on /run to hold runtime state for programs such as
+# udev (if stage 1 hasn't already done so).
+if ! mountpoint -q /run; then
+    rm -rf /run
+    mkdir -m 0755 -p /run
+    mount -t tmpfs -o "mode=0755,size=@runSize@" none /run
+fi
+
+mkdir -m 0755 -p /run/lock
+
+
+# For backwards compatibility, symlink /var/run to /run, and /var/lock
+# to /run/lock.
+ln -s /run /var/run
+ln -s /run/lock /var/lock
+
+
+# Clear the resume device.
+if test -n "$resumeDevice"; then
+    mkswap "$resumeDevice" || echo 'Failed to clear saved image.'
+fi
+
+
+# Run the script that performs all configuration activation that does
+# not have to be done at boot time.
+echo "running activation script..."
+$systemConfig/activate
+
+
+# Record the boot configuration.
+ln -sfn "$systemConfig" /run/booted-system
+
+# Prevent the booted system form being garbage-collected If it weren't
+# a gcroot, if we were running a different kernel, switched system,
+# and garbage collected all, we could not load kernel modules anymore.
+ln -sfn /run/booted-system /nix/var/nix/gcroots/booted-system
+
+
+# Run any user-specified commands.
+@shell@ @postBootCommands@
+
+
+# Start systemd.
+echo "starting systemd..."
+PATH=/run/current-system/systemd/lib/systemd \
+    MODULE_DIR=/run/booted-system/kernel-modules/lib/modules \
+    LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \
+    exec systemd --log-target=journal # --log-level=debug --log-target=console --crash-shell
diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix
new file mode 100644
index 000000000000..aa0d7e0c138b
--- /dev/null
+++ b/nixos/modules/system/boot/stage-2.nix
@@ -0,0 +1,100 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  kernel = config.boot.kernelPackages.kernel;
+  activateConfiguration = config.system.activationScripts.script;
+
+  readonlyMountpoint = pkgs.runCommand "readonly-mountpoint" {} ''
+    mkdir -p $out/bin
+    cc -O3 ${./readonly-mountpoint.c} -o $out/bin/readonly-mountpoint
+    strip -s $out/bin/readonly-mountpoint
+  '';
+
+  bootStage2 = pkgs.substituteAll {
+    src = ./stage-2-init.sh;
+    shellDebug = "${pkgs.bashInteractive}/bin/bash";
+    isExecutable = true;
+    inherit (config.boot) devShmSize runSize cleanTmpDir;
+    inherit (config.nix) readOnlyStore;
+    ttyGid = config.ids.gids.tty;
+    path =
+      [ pkgs.coreutils
+        pkgs.utillinux
+        pkgs.sysvtools
+      ] ++ (optional config.boot.cleanTmpDir pkgs.findutils)
+      ++ optional config.nix.readOnlyStore readonlyMountpoint;
+    postBootCommands = pkgs.writeText "local-cmds"
+      ''
+        ${config.boot.postBootCommands}
+        ${config.powerManagement.powerUpCommands}
+      '';
+  };
+
+in
+
+{
+  options = {
+
+    boot = {
+
+      postBootCommands = mkOption {
+        default = "";
+        example = "rm -f /var/log/messages";
+        type = types.lines;
+        description = ''
+          Shell commands to be executed just before systemd is started.
+        '';
+      };
+
+      devSize = mkOption {
+        default = "5%";
+        example = "32m";
+        type = types.str;
+        description = ''
+          Size limit for the /dev tmpfs. Look at mount(8), tmpfs size option,
+          for the accepted syntax.
+        '';
+      };
+
+      devShmSize = mkOption {
+        default = "50%";
+        example = "256m";
+        type = types.str;
+        description = ''
+          Size limit for the /dev/shm tmpfs. Look at mount(8), tmpfs size option,
+          for the accepted syntax.
+        '';
+      };
+
+      runSize = mkOption {
+        default = "25%";
+        example = "256m";
+        type = types.str;
+        description = ''
+          Size limit for the /run tmpfs. Look at mount(8), tmpfs size option,
+          for the accepted syntax.
+        '';
+      };
+
+      cleanTmpDir = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to delete all files in <filename>/tmp</filename> during boot.
+        '';
+      };
+
+    };
+
+  };
+
+
+  config = {
+
+    system.build.bootStage2 = bootStage2;
+
+  };
+}
diff --git a/nixos/modules/system/boot/systemd-unit-options.nix b/nixos/modules/system/boot/systemd-unit-options.nix
new file mode 100644
index 000000000000..a1faea886f98
--- /dev/null
+++ b/nixos/modules/system/boot/systemd-unit-options.nix
@@ -0,0 +1,365 @@
+{ config, pkgs }:
+
+with pkgs.lib;
+
+let
+
+  checkService = v:
+    let assertValueOneOf = name: values: attr:
+          let val = getAttr name attr;
+          in optional ( hasAttr name attr && !elem val values) "Systemd service field `${name}' cannot have value `${val}'.";
+        checkType = assertValueOneOf "Type" ["simple" "forking" "oneshot" "dbus" "notify" "idle"];
+        checkRestart = assertValueOneOf "Restart" ["no" "on-success" "on-failure" "on-abort" "always"];
+        errors = concatMap (c: c v) [checkType checkRestart];
+    in if errors == [] then true
+       else builtins.trace (concatStringsSep "\n" errors) false;
+
+in rec {
+
+  unitOptions = {
+
+    enable = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        If set to false, this unit will be a symlink to
+        /dev/null. This is primarily useful to prevent specific
+        template instances (e.g. <literal>serial-getty@ttyS0</literal>)
+        from being started.
+      '';
+    };
+
+    description = mkOption {
+      default = "";
+      type = types.str;
+      description = "Description of this unit used in systemd messages and progress indicators.";
+    };
+
+    requires = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        Start the specified units when this unit is started, and stop
+        this unit when the specified units are stopped or fail.
+      '';
+    };
+
+    wants = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        Start the specified units when this unit is started.
+      '';
+    };
+
+    after = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        If the specified units are started at the same time as
+        this unit, delay this unit until they have started.
+      '';
+    };
+
+    before = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        If the specified units are started at the same time as
+        this unit, delay them until this unit has started.
+      '';
+    };
+
+    bindsTo = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        Like ‘requires’, but in addition, if the specified units
+        unexpectedly disappear, this unit will be stopped as well.
+      '';
+    };
+
+    partOf = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        If the specified units are stopped or restarted, then this
+        unit is stopped or restarted as well.
+      '';
+    };
+
+    conflicts = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = ''
+        If the specified units are started, then this unit is stopped
+        and vice versa.
+      '';
+    };
+
+    requiredBy = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = "Units that require (i.e. depend on and need to go down with) this unit.";
+    };
+
+    wantedBy = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      description = "Units that want (i.e. depend on) this unit.";
+    };
+
+    unitConfig = mkOption {
+      default = {};
+      example = { RequiresMountsFor = "/data"; };
+      type = types.attrs;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Unit]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.unit</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+
+    restartTriggers = mkOption {
+      default = [];
+      description = ''
+        An arbitrary list of items such as derivations.  If any item
+        in the list changes between reconfigurations, the service will
+        be restarted.
+      '';
+    };
+
+  };
+
+
+  serviceOptions = unitOptions // {
+
+    environment = mkOption {
+      default = {};
+      type = types.attrs;
+      example = { PATH = "/foo/bar/bin"; LANG = "nl_NL.UTF-8"; };
+      description = "Environment variables passed to the service's processes.";
+    };
+
+    path = mkOption {
+      default = [];
+      apply = ps: "${makeSearchPath "bin" ps}:${makeSearchPath "sbin" ps}";
+      description = ''
+        Packages added to the service's <envar>PATH</envar>
+        environment variable.  Both the <filename>bin</filename>
+        and <filename>sbin</filename> subdirectories of each
+        package are added.
+      '';
+    };
+
+    serviceConfig = mkOption {
+      default = {};
+      example =
+        { StartLimitInterval = 10;
+          RestartSec = 5;
+        };
+      type = types.addCheck types.attrs checkService;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Service]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.service</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+
+    script = mkOption {
+      type = types.str;
+      default = "";
+      description = "Shell commands executed as the service's main process.";
+    };
+
+    scriptArgs = mkOption {
+      type = types.str;
+      default = "";
+      description = "Arguments passed to the main process script.";
+    };
+
+    preStart = mkOption {
+      type = types.string;
+      default = "";
+      description = ''
+        Shell commands executed before the service's main process
+        is started.
+      '';
+    };
+
+    postStart = mkOption {
+      type = types.string;
+      default = "";
+      description = ''
+        Shell commands executed after the service's main process
+        is started.
+      '';
+    };
+
+    postStop = mkOption {
+      type = types.string;
+      default = "";
+      description = ''
+        Shell commands executed after the service's main process
+        has exited.
+      '';
+    };
+
+    restartIfChanged = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether the service should be restarted during a NixOS
+        configuration switch if its definition has changed.
+      '';
+    };
+
+    stopIfChanged = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        If set, a changed unit is restarted by calling
+        <command>systemctl stop</command> in the old configuration,
+        then <command>systemctl start</command> in the new one.
+        Otherwise, it is restarted in a single step using
+        <command>systemctl restart</command> in the new configuration.
+        The latter is less correct because it runs the
+        <literal>ExecStop</literal> commands from the new
+        configuration.
+      '';
+    };
+
+    startAt = mkOption {
+      type = types.str;
+      default = "";
+      example = "Sun 14:00:00";
+      description = ''
+        Automatically start this unit at the given date/time, which
+        must be in the format described in
+        <citerefentry><refentrytitle>systemd.time</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry>.  This is equivalent
+        to adding a corresponding timer unit with
+        <option>OnCalendar</option> set to the value given here.
+      '';
+    };
+
+  };
+
+
+  socketOptions = unitOptions // {
+
+    listenStreams = mkOption {
+      default = [];
+      type = types.listOf types.string;
+      example = [ "0.0.0.0:993" "/run/my-socket" ];
+      description = ''
+        For each item in this list, a <literal>ListenStream</literal>
+        option in the <literal>[Socket]</literal> section will be created.
+      '';
+    };
+
+    socketConfig = mkOption {
+      default = {};
+      example = { ListenStream = "/run/my-socket"; };
+      type = types.attrs;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Socket]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.socket</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+
+  };
+
+
+  timerOptions = unitOptions // {
+
+    timerConfig = mkOption {
+      default = {};
+      example = { OnCalendar = "Sun 14:00:00"; Unit = "foo.service"; };
+      type = types.attrs;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Timer]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.timer</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> and
+        <citerefentry><refentrytitle>systemd.time</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+
+  };
+
+
+  mountOptions = unitOptions // {
+
+    what = mkOption {
+      example = "/dev/sda1";
+      type = types.str;
+      description = "Absolute path of device node, file or other resource. (Mandatory)";
+    };
+
+    where = mkOption {
+      example = "/mnt";
+      type = types.str;
+      description = ''
+        Absolute path of a directory of the mount point.
+        Will be created if it doesn't exist. (Mandatory)
+      '';
+    };
+
+    type = mkOption {
+      default = "";
+      example = "ext4";
+      type = types.str;
+      description = "File system type.";
+    };
+
+    options = mkOption {
+      default = "";
+      example = "noatime";
+      type = types.commas;
+      description = "Options used to mount the file system.";
+    };
+
+    mountConfig = mkOption {
+      default = {};
+      example = { DirectoryMode = "0775"; };
+      type = types.attrs;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Mount]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.mount</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+  };
+
+  automountOptions = unitOptions // {
+
+    where = mkOption {
+      example = "/mnt";
+      type = types.str;
+      description = ''
+        Absolute path of a directory of the mount point.
+        Will be created if it doesn't exist. (Mandatory)
+      '';
+    };
+
+    automountConfig = mkOption {
+      default = {};
+      example = { DirectoryMode = "0775"; };
+      type = types.attrs;
+      description = ''
+        Each attribute in this set specifies an option in the
+        <literal>[Automount]</literal> section of the unit.  See
+        <citerefentry><refentrytitle>systemd.automount</refentrytitle>
+        <manvolnum>5</manvolnum></citerefentry> for details.
+      '';
+    };
+  };
+
+}
diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
new file mode 100644
index 000000000000..c1fb2c45165c
--- /dev/null
+++ b/nixos/modules/system/boot/systemd.nix
@@ -0,0 +1,678 @@
+{ config, pkgs, utils, ... }:
+
+with pkgs.lib;
+with utils;
+with import ./systemd-unit-options.nix { inherit config pkgs; };
+
+let
+
+  cfg = config.systemd;
+
+  systemd = cfg.package;
+
+  makeUnit = name: unit:
+    pkgs.runCommand "unit" { inherit (unit) text; preferLocalBuild = true; }
+      (if unit.enable then  ''
+        mkdir -p $out
+        echo -n "$text" > $out/${name}
+      '' else ''
+        mkdir -p $out
+        ln -s /dev/null $out/${name}
+      '');
+
+  upstreamUnits =
+    [ # Targets.
+      "basic.target"
+      "sysinit.target"
+      "sockets.target"
+      "graphical.target"
+      "multi-user.target"
+      "getty.target"
+      "network.target"
+      "network-online.target"
+      "nss-lookup.target"
+      "nss-user-lookup.target"
+      "time-sync.target"
+      #"cryptsetup.target"
+      "sigpwr.target"
+      "timers.target"
+      "paths.target"
+
+      # Rescue mode.
+      "rescue.target"
+      "rescue.service"
+
+      # Udev.
+      "systemd-udevd-control.socket"
+      "systemd-udevd-kernel.socket"
+      "systemd-udevd.service"
+      "systemd-udev-settle.service"
+      "systemd-udev-trigger.service"
+
+      # Hardware (started by udev when a relevant device is plugged in).
+      "sound.target"
+      "bluetooth.target"
+      "printer.target"
+      "smartcard.target"
+
+      # Login stuff.
+      "systemd-logind.service"
+      "autovt@.service"
+      #"systemd-vconsole-setup.service"
+      "systemd-user-sessions.service"
+      "dbus-org.freedesktop.login1.service"
+      "user@.service"
+
+      # Journal.
+      "systemd-journald.socket"
+      "systemd-journald.service"
+      "systemd-journal-flush.service"
+      "syslog.socket"
+
+      # SysV init compatibility.
+      "systemd-initctl.socket"
+      "systemd-initctl.service"
+
+      # Kernel module loading.
+      #"systemd-modules-load.service"
+
+      # Filesystems.
+      "systemd-fsck@.service"
+      "systemd-fsck-root.service"
+      "systemd-remount-fs.service"
+      "local-fs.target"
+      "local-fs-pre.target"
+      "remote-fs.target"
+      "remote-fs-pre.target"
+      "swap.target"
+      "dev-hugepages.mount"
+      "dev-mqueue.mount"
+      "sys-fs-fuse-connections.mount"
+      "sys-kernel-config.mount"
+      "sys-kernel-debug.mount"
+
+      # Hibernate / suspend.
+      "hibernate.target"
+      "suspend.target"
+      "sleep.target"
+      "hybrid-sleep.target"
+      "systemd-hibernate.service"
+      "systemd-suspend.service"
+      "systemd-hybrid-sleep.service"
+      "systemd-shutdownd.socket"
+      "systemd-shutdownd.service"
+
+      # Reboot stuff.
+      "reboot.target"
+      "systemd-reboot.service"
+      "poweroff.target"
+      "systemd-poweroff.service"
+      "halt.target"
+      "systemd-halt.service"
+      "ctrl-alt-del.target"
+      "shutdown.target"
+      "umount.target"
+      "final.target"
+      "kexec.target"
+      "systemd-kexec.service"
+
+      # Password entry.
+      "systemd-ask-password-console.path"
+      "systemd-ask-password-console.service"
+      "systemd-ask-password-wall.path"
+      "systemd-ask-password-wall.service"
+    ]
+
+    ++ optionals cfg.enableEmergencyMode [
+      "emergency.target"
+      "emergency.service"
+    ];
+
+  upstreamWants =
+    [ #"basic.target.wants"
+      "sysinit.target.wants"
+      "sockets.target.wants"
+      "local-fs.target.wants"
+      "multi-user.target.wants"
+      "shutdown.target.wants"
+      "timers.target.wants"
+    ];
+
+  makeJobScript = name: text:
+    let x = pkgs.writeTextFile { name = "unit-script"; executable = true; destination = "/bin/${name}"; inherit text; };
+    in "${x}/bin/${name}";
+
+  unitConfig = { name, config, ... }: {
+    config = {
+      unitConfig =
+        { Requires = concatStringsSep " " config.requires;
+          Wants = concatStringsSep " " config.wants;
+          After = concatStringsSep " " config.after;
+          Before = concatStringsSep " " config.before;
+          BindsTo = concatStringsSep " " config.bindsTo;
+          PartOf = concatStringsSep " " config.partOf;
+          Conflicts = concatStringsSep " " config.conflicts;
+          "X-Restart-Triggers" = toString config.restartTriggers;
+        } // optionalAttrs (config.description != "") {
+          Description = config.description;
+        };
+    };
+  };
+
+  serviceConfig = { name, config, ... }: {
+    config = {
+      # Default path for systemd services.  Should be quite minimal.
+      path =
+        [ pkgs.coreutils
+          pkgs.findutils
+          pkgs.gnugrep
+          pkgs.gnused
+          systemd
+        ];
+    };
+  };
+
+  mountConfig = { name, config, ... }: {
+    config = {
+      mountConfig =
+        { What = config.what;
+          Where = config.where;
+        } // optionalAttrs (config.type != "") {
+          Type = config.type;
+        } // optionalAttrs (config.options != "") {
+          Options = config.options;
+        };
+    };
+  };
+
+  automountConfig = { name, config, ... }: {
+    config = {
+      automountConfig =
+        { Where = config.where;
+        };
+    };
+  };
+
+  toOption = x:
+    if x == true then "true"
+    else if x == false then "false"
+    else toString x;
+
+  attrsToSection = as:
+    concatStrings (concatLists (mapAttrsToList (name: value:
+      map (x: ''
+          ${name}=${toOption x}
+        '')
+        (if isList value then value else [value]))
+        as));
+
+  targetToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+        '';
+    };
+
+  serviceToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+
+          [Service]
+          Environment=PATH=${def.path}
+          Environment=LD_LIBRARY_PATH=
+          ${let env = cfg.globalEnvironment // def.environment;
+            in concatMapStrings (n: "Environment=\"${n}=${getAttr n env}\"\n") (attrNames env)}
+          ${optionalString (!def.restartIfChanged) "X-RestartIfChanged=false"}
+          ${optionalString (!def.stopIfChanged) "X-StopIfChanged=false"}
+
+          ${optionalString (def.preStart != "") ''
+            ExecStartPre=${makeJobScript "${name}-pre-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${def.preStart}
+            ''}
+          ''}
+
+          ${optionalString (def.script != "") ''
+            ExecStart=${makeJobScript "${name}-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${def.script}
+            ''} ${def.scriptArgs}
+          ''}
+
+          ${optionalString (def.postStart != "") ''
+            ExecStartPost=${makeJobScript "${name}-post-start" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${def.postStart}
+            ''}
+          ''}
+
+          ${optionalString (def.postStop != "") ''
+            ExecStopPost=${makeJobScript "${name}-post-stop" ''
+              #! ${pkgs.stdenv.shell} -e
+              ${def.postStop}
+            ''}
+          ''}
+
+          ${attrsToSection def.serviceConfig}
+        '';
+    };
+
+  socketToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+
+          [Socket]
+          ${attrsToSection def.socketConfig}
+          ${concatStringsSep "\n" (map (s: "ListenStream=${s}") def.listenStreams)}
+        '';
+    };
+
+  timerToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+
+          [Timer]
+          ${attrsToSection def.timerConfig}
+        '';
+    };
+
+  mountToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+
+          [Mount]
+          ${attrsToSection def.mountConfig}
+        '';
+    };
+
+  automountToUnit = name: def:
+    { inherit (def) wantedBy requiredBy enable;
+      text =
+        ''
+          [Unit]
+          ${attrsToSection def.unitConfig}
+
+          [Automount]
+          ${attrsToSection def.automountConfig}
+        '';
+    };
+
+  nixosUnits = mapAttrsToList makeUnit cfg.units;
+
+  units = pkgs.runCommand "units" { preferLocalBuild = true; }
+    ''
+      mkdir -p $out
+      for i in ${toString upstreamUnits}; do
+        fn=${systemd}/example/systemd/system/$i
+        if ! [ -e $fn ]; then echo "missing $fn"; false; fi
+        if [ -L $fn ]; then
+          cp -pd $fn $out/
+        else
+          ln -s $fn $out/
+        fi
+      done
+
+      for i in ${toString upstreamWants}; do
+        fn=${systemd}/example/systemd/system/$i
+        if ! [ -e $fn ]; then echo "missing $fn"; false; fi
+        x=$out/$(basename $fn)
+        mkdir $x
+        for i in $fn/*; do
+          y=$x/$(basename $i)
+          cp -pd $i $y
+          if ! [ -e $y ]; then rm -v $y; fi
+        done
+      done
+
+      for i in ${toString nixosUnits}; do
+        ln -s $i/* $out/
+      done
+
+      for i in ${toString cfg.packages}; do
+        ln -s $i/etc/systemd/system/* $out/
+      done
+
+      ${concatStrings (mapAttrsToList (name: unit:
+          concatMapStrings (name2: ''
+            mkdir -p $out/${name2}.wants
+            ln -sfn ../${name} $out/${name2}.wants/
+          '') unit.wantedBy) cfg.units)}
+
+      ${concatStrings (mapAttrsToList (name: unit:
+          concatMapStrings (name2: ''
+            mkdir -p $out/${name2}.requires
+            ln -sfn ../${name} $out/${name2}.requires/
+          '') unit.requiredBy) cfg.units)}
+
+      ln -s ${cfg.defaultUnit} $out/default.target
+
+      ln -s rescue.target $out/kbrequest.target
+
+      mkdir -p $out/getty.target.wants/
+      ln -s ../getty@tty1.service $out/getty.target.wants/
+
+      ln -s ../local-fs.target ../remote-fs.target ../network.target ../nss-lookup.target \
+            ../nss-user-lookup.target ../swap.target $out/multi-user.target.wants/
+    ''; # */
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    systemd.package = mkOption {
+      default = pkgs.systemd;
+      type = types.package;
+      description = "The systemd package.";
+    };
+
+    systemd.units = mkOption {
+      description = "Definition of systemd units.";
+      default = {};
+      type = types.attrsOf types.optionSet;
+      options = {
+        text = mkOption {
+          type = types.str;
+          description = "Text of this systemd unit.";
+        };
+        enable = mkOption {
+          default = true;
+          type = types.bool;
+          description = ''
+            If set to false, this unit will be a symlink to
+            /dev/null. This is primarily useful to prevent specific
+            template instances (e.g. <literal>serial-getty@ttyS0</literal>)
+            from being started.
+          '';
+        };
+        requiredBy = mkOption {
+          default = [];
+          type = types.listOf types.string;
+          description = "Units that require (i.e. depend on and need to go down with) this unit.";
+        };
+        wantedBy = mkOption {
+          default = [];
+          type = types.listOf types.string;
+          description = "Units that want (i.e. depend on) this unit.";
+        };
+      };
+    };
+
+    systemd.packages = mkOption {
+      default = [];
+      type = types.listOf types.package;
+      description = "Packages providing systemd units.";
+    };
+
+    systemd.targets = mkOption {
+      default = {};
+      type = types.attrsOf types.optionSet;
+      options = [ unitOptions unitConfig ];
+      description = "Definition of systemd target units.";
+    };
+
+    systemd.services = mkOption {
+      default = {};
+      type = types.attrsOf types.optionSet;
+      options = [ serviceOptions unitConfig serviceConfig ];
+      description = "Definition of systemd service units.";
+    };
+
+    systemd.sockets = mkOption {
+      default = {};
+      type = types.attrsOf types.optionSet;
+      options = [ socketOptions unitConfig ];
+      description = "Definition of systemd socket units.";
+    };
+
+    systemd.timers = mkOption {
+      default = {};
+      type = types.attrsOf types.optionSet;
+      options = [ timerOptions unitConfig ];
+      description = "Definition of systemd timer units.";
+    };
+
+    systemd.mounts = mkOption {
+      default = [];
+      type = types.listOf types.optionSet;
+      options = [ mountOptions unitConfig mountConfig ];
+      description = ''
+        Definition of systemd mount units.
+        This is a list instead of an attrSet, because systemd mandates the names to be derived from
+        the 'where' attribute.
+      '';
+    };
+
+    systemd.automounts = mkOption {
+      default = [];
+      type = types.listOf types.optionSet;
+      options = [ automountOptions unitConfig automountConfig ];
+      description = ''
+        Definition of systemd automount units.
+        This is a list instead of an attrSet, because systemd mandates the names to be derived from
+        the 'where' attribute.
+      '';
+    };
+
+    systemd.defaultUnit = mkOption {
+      default = "multi-user.target";
+      type = types.str;
+      description = "Default unit started when the system boots.";
+    };
+
+    systemd.globalEnvironment = mkOption {
+      type = types.attrs;
+      default = {};
+      example = { TZ = "CET"; };
+      description = ''
+        Environment variables passed to <emphasis>all</emphasis> systemd units.
+      '';
+    };
+
+    services.journald.console = mkOption {
+      default = "";
+      type = types.str;
+      description = "If non-empty, write log messages to the specified TTY device.";
+    };
+
+    services.journald.rateLimitInterval = mkOption {
+      default = "10s";
+      type = types.str;
+      description = ''
+        Configures the rate limiting interval that is applied to all
+        messages generated on the system. This rate limiting is applied
+        per-service, so that two services which log do not interfere with
+        each other's limit. The value may be specified in the following
+        units: s, min, h, ms, us. To turn off any kind of rate limiting,
+        set either value to 0.
+      '';
+    };
+
+    services.journald.rateLimitBurst = mkOption {
+      default = 100;
+      type = types.uniq types.int;
+      description = ''
+        Configures the rate limiting burst limit (number of messages per
+        interval) that is applied to all messages generated on the system.
+        This rate limiting is applied per-service, so that two services
+        which log do not interfere with each other's limit.
+      '';
+    };
+
+    services.logind.extraConfig = mkOption {
+      default = "";
+      type = types.str;
+      example = "HandleLidSwitch=ignore";
+      description = ''
+        Extra config options for systemd-logind. See man logind.conf for
+        available options.
+      '';
+    };
+
+    systemd.enableEmergencyMode = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        Whether to enable emergency mode, which is an
+        <command>sulogin</command> shell started on the console if
+        mounting a filesystem fails.  Since some machines (like EC2
+        instances) have no console of any kind, emergency mode doesn't
+        make sense, and it's better to continue with the boot insofar
+        as possible.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    system.build.units = units;
+
+    environment.systemPackages = [ systemd ];
+
+    environment.etc."systemd/system".source = units;
+
+    environment.etc."systemd/system.conf".text =
+      ''
+        [Manager]
+      '';
+
+    environment.etc."systemd/journald.conf".text =
+      ''
+        [Journal]
+        RateLimitInterval=${config.services.journald.rateLimitInterval}
+        RateLimitBurst=${toString config.services.journald.rateLimitBurst}
+        ${optionalString (config.services.journald.console != "") ''
+          ForwardToConsole=yes
+          TTYPath=${config.services.journald.console}
+        ''}
+      '';
+
+    environment.etc."systemd/logind.conf".text =
+      ''
+        [Login]
+        ${config.services.logind.extraConfig}
+      '';
+
+    environment.etc."systemd/sleep.conf".text =
+      ''
+        [Sleep]
+      '';
+
+    system.activationScripts.systemd = stringAfter [ "groups" ]
+      ''
+        mkdir -m 0755 -p /var/lib/udev
+        mkdir -p /var/log/journal
+        chmod 0755 /var/log/journal
+
+        # Regenerate the hardware database /var/lib/udev/hwdb.bin
+        # whenever systemd changes.
+        if [ ! -e /var/lib/udev/prev-systemd -o "$(readlink /var/lib/udev/prev-systemd)" != ${systemd} ]; then
+          echo "regenerating udev hardware database..."
+          ${systemd}/bin/udevadm hwdb --update && ln -sfn ${systemd} /var/lib/udev/prev-systemd
+        fi
+
+        # Make all journals readable to users in the wheel and adm
+        # groups, in addition to those in the systemd-journal group.
+        # Users can always read their own journals.
+        ${pkgs.acl}/bin/setfacl -nm g:wheel:rx,d:g:wheel:rx,g:adm:rx,d:g:adm:rx /var/log/journal
+      '';
+
+    # Target for ‘charon send-keys’ to hook into.
+    systemd.targets.keys =
+      { description = "Security Keys";
+      };
+
+    systemd.units =
+      mapAttrs' (n: v: nameValuePair "${n}.target" (targetToUnit n v)) cfg.targets
+      // mapAttrs' (n: v: nameValuePair "${n}.service" (serviceToUnit n v)) cfg.services
+      // mapAttrs' (n: v: nameValuePair "${n}.socket" (socketToUnit n v)) cfg.sockets
+      // mapAttrs' (n: v: nameValuePair "${n}.timer" (timerToUnit n v)) cfg.timers
+      // listToAttrs (map
+                   (v: let n = escapeSystemdPath v.where;
+                       in nameValuePair "${n}.mount" (mountToUnit n v)) cfg.mounts)
+      // listToAttrs (map
+                   (v: let n = escapeSystemdPath v.where;
+                       in nameValuePair "${n}.automount" (automountToUnit n v)) cfg.automounts);
+
+    system.requiredKernelConfig = map config.lib.kernelConfig.isEnabled [
+      "CGROUPS" "AUTOFS4_FS" "DEVTMPFS"
+    ];
+
+    environment.shellAliases =
+      { start = "systemctl start";
+        stop = "systemctl stop";
+        restart = "systemctl restart";
+        status = "systemctl status";
+      };
+
+    users.extraGroups.systemd-journal.gid = config.ids.gids.systemd-journal;
+
+    # Generate timer units for all services that have a ‘startAt’ value.
+    systemd.timers =
+      mapAttrs (name: service:
+        { wantedBy = [ "timers.target" ];
+          timerConfig.OnCalendar = service.startAt;
+        })
+        (filterAttrs (name: service: service.startAt != "") cfg.services);
+
+    # FIXME: These are borrowed from upstream systemd.
+    systemd.services."systemd-update-utmp" =
+      { description = "Update UTMP about System Reboot/Shutdown";
+        wantedBy = [ "sysinit.target" ];
+        after = [ "systemd-remount-fs.service" ];
+        before = [ "sysinit.target" "shutdown.target" ];
+        conflicts = [ "shutdown.target" ];
+        unitConfig = {
+          DefaultDependencies = false;
+          RequiresMountsFor = "/var/log";
+        };
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+          ExecStart = "${systemd}/lib/systemd/systemd-update-utmp reboot";
+          ExecStop = "${systemd}/lib/systemd/systemd-update-utmp shutdown";
+        };
+        restartIfChanged = false;
+      };
+
+    systemd.services."systemd-random-seed" =
+      { description = "Load/Save Random Seed";
+        wantedBy = [ "sysinit.target" "multi-user.target" ];
+        after = [ "systemd-remount-fs.service" ];
+        before = [ "sysinit.target" "shutdown.target" ];
+        conflicts = [ "shutdown.target" ];
+        unitConfig = {
+          DefaultDependencies = false;
+          RequiresMountsFor = "/var/lib";
+        };
+        serviceConfig = {
+          Type = "oneshot";
+          RemainAfterExit = true;
+          ExecStart = "${systemd}/lib/systemd/systemd-random-seed load";
+          ExecStop = "${systemd}/lib/systemd/systemd-random-seed save";
+        };
+      };
+
+  };
+}
diff --git a/nixos/modules/system/etc/etc.nix b/nixos/modules/system/etc/etc.nix
new file mode 100644
index 000000000000..a8f0a59b6fa9
--- /dev/null
+++ b/nixos/modules/system/etc/etc.nix
@@ -0,0 +1,120 @@
+# Management of static files in /etc.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  etc' = filter (f: f.enable) (attrValues config.environment.etc);
+
+  etc = pkgs.stdenv.mkDerivation {
+    name = "etc";
+
+    builder = ./make-etc.sh;
+
+    preferLocalBuild = true;
+
+    /* !!! Use toXML. */
+    sources = map (x: x.source) etc';
+    targets = map (x: x.target) etc';
+    modes = map (x: x.mode) etc';
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    environment.etc = mkOption {
+      type = types.loaOf types.optionSet;
+      default = {};
+      example = literalExample ''
+        { hosts =
+            { source = "/nix/store/.../etc/dir/file.conf.example";
+              mode = "0440";
+            };
+          "default/useradd".text = "GROUP=100 ...";
+        }
+      '';
+      description = ''
+        Set of files that have to be linked in <filename>/etc</filename>.
+      '';
+
+      options = singleton ({ name, config, ... }:
+        { options = {
+
+            enable = mkOption {
+              type = types.bool;
+              default = true;
+              description = ''
+                Whether this /etc file should be generated.  This
+                option allows specific /etc files to be disabled.
+              '';
+            };
+
+            target = mkOption {
+              type = types.str;
+              description = ''
+                Name of symlink (relative to
+                <filename>/etc</filename>).  Defaults to the attribute
+                name.
+              '';
+            };
+
+            text = mkOption {
+              default = null;
+              type = types.nullOr types.lines;
+              description = "Text of the file.";
+            };
+
+            source = mkOption {
+              type = types.path;
+              description = "Path of the source file.";
+            };
+
+            mode = mkOption {
+              type = types.str;
+              default = "symlink";
+              example = "0600";
+              description = ''
+                If set to something else than <literal>symlink</literal>,
+                the file is copied instead of symlinked, with the given
+                file mode.
+              '';
+            };
+
+          };
+
+          config = {
+            target = mkDefault name;
+            source = mkIf (config.text != null)
+              (mkDefault (pkgs.writeText "etc-file" config.text));
+          };
+
+        });
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    system.build.etc = etc;
+
+    system.activationScripts.etc = stringAfter [ "stdio" ]
+      ''
+        # Set up the statically computed bits of /etc.
+        echo "setting up /etc..."
+        ${pkgs.perl}/bin/perl ${./setup-etc.pl} ${etc}/etc
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/system/etc/make-etc.sh b/nixos/modules/system/etc/make-etc.sh
new file mode 100644
index 000000000000..7cf68db9ddce
--- /dev/null
+++ b/nixos/modules/system/etc/make-etc.sh
@@ -0,0 +1,42 @@
+source $stdenv/setup
+
+mkdir -p $out/etc
+
+set -f
+sources_=($sources)
+targets_=($targets)
+modes_=($modes)
+set +f
+
+for ((i = 0; i < ${#targets_[@]}; i++)); do
+    source="${sources_[$i]}"
+    target="${targets_[$i]}"
+
+    if [[ "$source" =~ '*' ]]; then
+
+        # If the source name contains '*', perform globbing.
+        mkdir -p $out/etc/$target
+        for fn in $source; do
+            ln -s "$fn" $out/etc/$target/
+        done
+
+    else
+        
+        mkdir -p $out/etc/$(dirname $target)
+        if ! [ -e $out/etc/$target ]; then
+            ln -s $source $out/etc/$target
+        else
+            echo "duplicate entry $target -> $source"
+            if test "$(readlink $out/etc/$target)" != "$source"; then
+                echo "mismatched duplicate entry $(readlink $out/etc/$target) <-> $source"
+                exit 1
+            fi
+        fi
+        
+        if test "${modes_[$i]}" != symlink; then
+            echo "${modes_[$i]}" > $out/etc/$target.mode
+        fi
+        
+    fi
+done
+
diff --git a/nixos/modules/system/etc/setup-etc.pl b/nixos/modules/system/etc/setup-etc.pl
new file mode 100644
index 000000000000..7cb6d2a6a45e
--- /dev/null
+++ b/nixos/modules/system/etc/setup-etc.pl
@@ -0,0 +1,68 @@
+use strict;
+use File::Find;
+use File::Copy;
+use File::Path;
+use File::Basename;
+
+my $etc = $ARGV[0] or die;
+my $static = "/etc/static";
+
+sub atomicSymlink {
+    my ($source, $target) = @_;
+    my $tmp = "$target.tmp";
+    unlink $tmp;
+    symlink $source, $tmp or return 1;
+    rename $tmp, $target or return 1;
+    return 1;
+}
+
+
+# Atomically update /etc/static to point at the etc files of the
+# current configuration.
+atomicSymlink $etc, $static or die;
+
+
+# Remove dangling symlinks that point to /etc/static.  These are
+# configuration files that existed in a previous configuration but not
+# in the current one.  For efficiency, don't look under /etc/nixos
+# (where all the NixOS sources live).
+sub cleanup {
+    if ($File::Find::name eq "/etc/nixos") {
+        $File::Find::prune = 1;
+        return;
+    }
+    if (-l $_) {
+        my $target = readlink $_;
+        if (substr($target, 0, length $static) eq $static) {
+            my $x = "/etc/static/" . substr($File::Find::name, length "/etc/");
+            unless (-l $x) {
+                print STDERR "removing obsolete symlink ‘$File::Find::name’...\n";
+                unlink "$_";
+            }
+        }
+    }
+}
+
+find(\&cleanup, "/etc");
+
+
+# For every file in the etc tree, create a corresponding symlink in
+# /etc to /etc/static.  The indirection through /etc/static is to make
+# switching to a new configuration somewhat more atomic.
+sub link {
+    my $fn = substr $File::Find::name, length($etc) + 1 or next;
+    my $target = "/etc/$fn";
+    File::Path::make_path(dirname $target);
+    if (-e "$_.mode") {
+        open MODE, "<$_.mode";
+        my $mode = <MODE>; chomp $mode;
+        close MODE;
+        copy "$static/$fn", "$target.tmp" or warn;
+        chmod oct($mode), "$target.tmp" or warn;
+        rename "$target.tmp", $target or warn;
+    } elsif (-l "$_") {
+        atomicSymlink "$static/$fn", $target or warn;
+    }
+}
+
+find(\&link, $etc);
diff --git a/nixos/modules/system/upstart/upstart.nix b/nixos/modules/system/upstart/upstart.nix
new file mode 100644
index 000000000000..aa5c8dfe64b2
--- /dev/null
+++ b/nixos/modules/system/upstart/upstart.nix
@@ -0,0 +1,290 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+with import ../boot/systemd-unit-options.nix { inherit config pkgs; };
+
+let
+
+  userExists = u:
+    (u == "") || any (uu: uu.name == u) (attrValues config.users.extraUsers);
+
+  groupExists = g:
+    (g == "") || any (gg: gg.name == g) (attrValues config.users.extraGroups);
+
+  makeJobScript = name: content: "${pkgs.writeScriptBin name content}/bin/${name}";
+
+  # From a job description, generate an systemd unit file.
+  makeUnit = job:
+
+    let
+      hasMain = job.script != "" || job.exec != "";
+
+      env = job.environment;
+
+      preStartScript = makeJobScript "${job.name}-pre-start"
+        ''
+          #! ${pkgs.stdenv.shell} -e
+          ${job.preStart}
+        '';
+
+      startScript = makeJobScript "${job.name}-start"
+        ''
+          #! ${pkgs.stdenv.shell} -e
+          ${if job.script != "" then job.script else ''
+            exec ${job.exec}
+          ''}
+        '';
+
+      postStartScript = makeJobScript "${job.name}-post-start"
+        ''
+          #! ${pkgs.stdenv.shell} -e
+          ${job.postStart}
+        '';
+
+      preStopScript = makeJobScript "${job.name}-pre-stop"
+        ''
+          #! ${pkgs.stdenv.shell} -e
+          ${job.preStop}
+        '';
+
+      postStopScript = makeJobScript "${job.name}-post-stop"
+        ''
+          #! ${pkgs.stdenv.shell} -e
+          ${job.postStop}
+        '';
+    in {
+
+      inherit (job) description requires before partOf environment path restartIfChanged unitConfig;
+
+      after =
+        (if job.startOn == "stopped udevtrigger" then [ "systemd-udev-settle.service" ] else
+         if job.startOn == "started udev" then [ "systemd-udev.service" ] else
+         if job.startOn == "started network-interfaces" then [ "network-interfaces.target" ] else
+         if job.startOn == "started networking" then [ "network.target" ] else
+         if job.startOn == "ip-up" then [] else
+         if job.startOn == "" || job.startOn == "startup" then [] else
+         builtins.trace "Warning: job ‘${job.name}’ has unknown startOn value ‘${job.startOn}’." []
+        ) ++ job.after;
+
+      wants = 
+        (if job.startOn == "stopped udevtrigger" then [ "systemd-udev-settle.service" ] else []
+        ) ++ job.wants;
+
+      wantedBy =
+        (if job.startOn == "" then [] else
+         if job.startOn == "ip-up" then [ "ip-up.target" ] else
+         [ "multi-user.target" ]) ++ job.wantedBy;
+
+      serviceConfig =
+        job.serviceConfig
+        // optionalAttrs (job.preStart != "" && (job.script != "" || job.exec != ""))
+          { ExecStartPre = preStartScript; }
+        // optionalAttrs (job.preStart != "" && job.script == "" && job.exec == "")
+          { ExecStart = preStartScript; }
+        // optionalAttrs (job.script != "" || job.exec != "")
+          { ExecStart = startScript; }
+        // optionalAttrs (job.postStart != "")
+          { ExecStartPost = postStartScript; }
+        // optionalAttrs (job.preStop != "")
+          { ExecStop = preStopScript; }
+        // optionalAttrs (job.postStop != "")
+          { ExecStopPost = postStopScript; }
+        // (if job.script == "" && job.exec == "" then { Type = "oneshot"; RemainAfterExit = true; } else
+            if job.daemonType == "fork" || job.daemonType == "daemon" then { Type = "forking"; GuessMainPID = true; } else
+            if job.daemonType == "none" then { } else
+            throw "invalid daemon type `${job.daemonType}'")
+        // optionalAttrs (!job.task && job.respawn)
+          { Restart = "always"; }
+        // optionalAttrs job.task
+          { Type = "oneshot"; RemainAfterExit = false; };
+    };
+
+
+  jobOptions = serviceOptions // {
+
+    name = mkOption {
+      # !!! The type should ensure that this could be a filename.
+      type = types.str;
+      example = "sshd";
+      description = ''
+        Name of the job, mapped to the systemd unit
+        <literal><replaceable>name</replaceable>.service</literal>.
+      '';
+    };
+
+    startOn = mkOption {
+      #type = types.str;
+      default = "";
+      description = ''
+        The Upstart event that triggers this job to be started.  Some
+        are mapped to systemd dependencies; otherwise you will get a
+        warning.  If empty, the job will not start automatically.
+      '';
+    };
+
+    stopOn = mkOption {
+      type = types.str;
+      default = "starting shutdown";
+      description = ''
+        Ignored; this was the Upstart event that triggers this job to be stopped.
+      '';
+    };
+
+    postStart = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Shell commands executed after the job is started (i.e. after
+        the job's main process is started), but before the job is
+        considered “running”.
+      '';
+    };
+
+    preStop = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Shell commands executed before the job is stopped
+        (i.e. before systemd kills the job's main process).  This can
+        be used to cleanly shut down a daemon.
+      '';
+    };
+
+    postStop = mkOption {
+      type = types.lines;
+      default = "";
+      description = ''
+        Shell commands executed after the job has stopped
+        (i.e. after the job's main process has terminated).
+      '';
+    };
+
+    exec = mkOption {
+      type = types.str;
+      default = "";
+      description = ''
+        Command to start the job's main process.  If empty, the
+        job has no main process, but can still have pre/post-start
+        and pre/post-stop scripts, and is considered “running”
+        until it is stopped.
+      '';
+    };
+
+    respawn = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to restart the job automatically if its process
+        ends unexpectedly.
+      '';
+    };
+
+    task = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether this job is a task rather than a service.  Tasks
+        are executed only once, while services are restarted when
+        they exit.
+      '';
+    };
+
+    daemonType = mkOption {
+      type = types.str;
+      default = "none";
+      description = ''
+        Determines how systemd detects when a daemon should be
+        considered “running”.  The value <literal>none</literal> means
+        that the daemon is considered ready immediately.  The value
+        <literal>fork</literal> means that the daemon will fork once.
+        The value <literal>daemon</literal> means that the daemon will
+        fork twice.  The value <literal>stop</literal> means that the
+        daemon will raise the SIGSTOP signal to indicate readiness.
+      '';
+    };
+
+    setuid = mkOption {
+      type = types.addCheck types.str userExists;
+      default = "";
+      description = ''
+        Run the daemon as a different user.
+      '';
+    };
+
+    setgid = mkOption {
+      type = types.addCheck types.str groupExists;
+      default = "";
+      description = ''
+        Run the daemon as a different group.
+      '';
+    };
+
+    path = mkOption {
+      default = [];
+      description = ''
+        Packages added to the job's <envar>PATH</envar> environment variable.
+        Both the <filename>bin</filename> and <filename>sbin</filename>
+        subdirectories of each package are added.
+      '';
+    };
+
+  };
+
+
+  upstartJob = { name, config, ... }: {
+
+    options = {
+
+      unit = mkOption {
+        default = makeUnit config;
+        description = "Generated definition of the systemd unit corresponding to this job.";
+      };
+
+    };
+
+    config = {
+
+      # The default name is the name extracted from the attribute path.
+      name = mkDefault name;
+
+    };
+
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    jobs = mkOption {
+      default = {};
+      description = ''
+        This option is a legacy method to define system services,
+        dating from the era where NixOS used Upstart instead of
+        systemd.  You should use <option>systemd.services</option>
+        instead.  Services defined using <option>jobs</option> are
+        mapped automatically to <option>systemd.services</option>, but
+        may not work perfectly; in particular, most
+        <option>startOn</option> conditions are not supported.
+      '';
+      type = types.loaOf types.optionSet;
+      options = [ jobOptions upstartJob ];
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    systemd.services =
+      flip mapAttrs' config.jobs (name: job:
+        nameValuePair job.name job.unit);
+
+  };
+
+}
diff --git a/nixos/modules/tasks/cpu-freq.nix b/nixos/modules/tasks/cpu-freq.nix
new file mode 100644
index 000000000000..ce36a8bab096
--- /dev/null
+++ b/nixos/modules/tasks/cpu-freq.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  ###### interface
+
+  options = {
+
+    powerManagement.cpuFreqGovernor = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "ondemand";
+      description = ''
+        Configure the governor used to regulate the frequence of the
+        available CPUs. By default, the kernel configures the
+        on-demand governor.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf (config.powerManagement.cpuFreqGovernor != null) {
+
+    environment.systemPackages = [ pkgs.cpufrequtils ];
+
+    jobs.cpufreq =
+      { description = "CPU Frequency Governor Setup";
+
+        after = [ "systemd-modules-load.service" ];
+        wantedBy = [ "multi-user.target" ];
+
+        path = [ pkgs.cpufrequtils ];
+
+        preStart = ''
+          for i in $(seq 0 $(($(nproc) - 1))); do
+            for gov in $(cpufreq-info -c $i -g); do
+              if [ "$gov" = ${config.powerManagement.cpuFreqGovernor} ]; then
+                echo "<6>setting governor on CPU $i to ‘$gov’"
+                cpufreq-set -c $i -g $gov
+              fi
+            done
+          done
+        '';
+      };
+  };
+
+}
diff --git a/nixos/modules/tasks/filesystems.nix b/nixos/modules/tasks/filesystems.nix
new file mode 100644
index 000000000000..3f484045ed4c
--- /dev/null
+++ b/nixos/modules/tasks/filesystems.nix
@@ -0,0 +1,215 @@
+{ config, pkgs, utils, ... }:
+
+with pkgs.lib;
+with utils;
+
+let
+
+  fileSystems = attrValues config.fileSystems;
+
+  prioOption = prio: optionalString (prio !=null) " pri=${toString prio}";
+
+  fileSystemOpts = { name, ... }: {
+
+    options = {
+
+      mountPoint = mkOption {
+        example = "/mnt/usb";
+        type = types.str;
+        description = "Location of the mounted the file system.";
+      };
+
+      device = mkOption {
+        default = null;
+        example = "/dev/sda";
+        type = types.uniq (types.nullOr types.string);
+        description = "Location of the device.";
+      };
+
+      label = mkOption {
+        default = null;
+        example = "root-partition";
+        type = types.uniq (types.nullOr types.string);
+        description = "Label of the device (if any).";
+      };
+
+      fsType = mkOption {
+        default = "auto";
+        example = "ext3";
+        type = types.str;
+        description = "Type of the file system.";
+      };
+
+      options = mkOption {
+        default = "defaults,relatime";
+        example = "data=journal";
+        type = types.commas;
+        description = "Options used to mount the file system.";
+      };
+
+      autoFormat = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          If the device does not currently contain a filesystem (as
+          determined by <command>blkid</command>, then automatically
+          format it with the filesystem type specified in
+          <option>fsType</option>.  Use with caution.
+        '';
+      };
+
+      noCheck = mkOption {
+        default = false;
+        type = types.bool;
+        description = "Disable running fsck on this filesystem.";
+      };
+
+    };
+
+    config = {
+      mountPoint = mkDefault name;
+    };
+
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    fileSystems = mkOption {
+      example = {
+        "/".device = "/dev/hda1";
+        "/data" = {
+          device = "/dev/hda2";
+          fsType = "ext3";
+          options = "data=journal";
+        };
+        "/bigdisk".label = "bigdisk";
+      };
+      type = types.loaOf types.optionSet;
+      options = [ fileSystemOpts ];
+      description = ''
+        The file systems to be mounted.  It must include an entry for
+        the root directory (<literal>mountPoint = "/"</literal>).  Each
+        entry in the list is an attribute set with the following fields:
+        <literal>mountPoint</literal>, <literal>device</literal>,
+        <literal>fsType</literal> (a file system type recognised by
+        <command>mount</command>; defaults to
+        <literal>"auto"</literal>), and <literal>options</literal>
+        (the mount options passed to <command>mount</command> using the
+        <option>-o</option> flag; defaults to <literal>"defaults"</literal>).
+
+        Instead of specifying <literal>device</literal>, you can also
+        specify a volume label (<literal>label</literal>) for file
+        systems that support it, such as ext2/ext3 (see <command>mke2fs
+        -L</command>).
+      '';
+    };
+
+    system.fsPackages = mkOption {
+      internal = true;
+      default = [ ];
+      description = "Packages supplying file system mounters and checkers.";
+    };
+
+    boot.supportedFilesystems = mkOption {
+      default = [ ];
+      example = [ "btrfs" ];
+      type = types.listOf types.string;
+      description = "Names of supported filesystem types.";
+    };
+
+    boot.initrd.supportedFilesystems = mkOption {
+      default = [ ];
+      example = [ "btrfs" ];
+      type = types.listOf types.string;
+      description = "Names of supported filesystem types in the initial ramdisk.";
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    boot.supportedFilesystems = map (fs: fs.fsType) fileSystems;
+
+    boot.initrd.supportedFilesystems =
+      map (fs: fs.fsType)
+        (filter (fs: fs.mountPoint == "/" || fs.neededForBoot) fileSystems);
+
+    # Add the mount helpers to the system path so that `mount' can find them.
+    system.fsPackages = [ pkgs.dosfstools ];
+
+    environment.systemPackages =
+      [ pkgs.ntfs3g pkgs.cifs_utils ]
+      ++ config.system.fsPackages;
+
+    environment.etc.fstab.text =
+      ''
+        # This is a generated file.  Do not edit!
+
+        # Filesystems.
+        ${flip concatMapStrings fileSystems (fs:
+            (if fs.device != null then fs.device else "/dev/disk/by-label/${fs.label}")
+            + " " + fs.mountPoint
+            + " " + fs.fsType
+            + " " + fs.options
+            + " 0"
+            + " " + (if fs.fsType == "none" || fs.device == "none" || fs.fsType == "btrfs" || fs.fsType == "tmpfs" || fs.noCheck then "0" else
+                     if fs.mountPoint == "/" then "1" else "2")
+            + "\n"
+        )}
+
+        # Swap devices.
+        ${flip concatMapStrings config.swapDevices (sw:
+            "${sw.device} none swap${prioOption sw.priority}\n"
+        )}
+      '';
+
+    # Provide a target that pulls in all filesystems.
+    systemd.targets.fs =
+      { description = "All File Systems";
+        wants = [ "local-fs.target" "remote-fs.target" ];
+      };
+
+    # Emit systemd services to format requested filesystems.
+    systemd.services =
+      let
+
+        formatDevice = fs:
+          let
+            mountPoint' = escapeSystemdPath fs.mountPoint;
+            device' = escapeSystemdPath fs.device;
+          in nameValuePair "mkfs-${device'}"
+          { description = "Initialisation of Filesystem ${fs.device}";
+            wantedBy = [ "${mountPoint'}.mount" ];
+            before = [ "${mountPoint'}.mount" "systemd-fsck@${device'}.service" ];
+            requires = [ "${device'}.device" ];
+            after = [ "${device'}.device" ];
+            path = [ pkgs.utillinux ] ++ config.system.fsPackages;
+            script =
+              ''
+                if ! [ -e "${fs.device}" ]; then exit 1; fi
+                # FIXME: this is scary.  The test could be more robust.
+                type=$(blkid -p -s TYPE -o value "${fs.device}" || true)
+                if [ -z "$type" ]; then
+                  echo "creating ${fs.fsType} filesystem on ${fs.device}..."
+                  mkfs.${fs.fsType} "${fs.device}"
+                fi
+              '';
+            unitConfig.RequiresMountsFor = [ "${dirOf fs.device}" ];
+            unitConfig.DefaultDependencies = false; # needed to prevent a cycle
+            serviceConfig.Type = "oneshot";
+          };
+
+      in listToAttrs (map formatDevice (filter (fs: fs.autoFormat) fileSystems));
+
+  };
+
+}
diff --git a/nixos/modules/tasks/filesystems/btrfs.nix b/nixos/modules/tasks/filesystems/btrfs.nix
new file mode 100644
index 000000000000..d95a32e2e3f7
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/btrfs.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inInitrd = any (fs: fs == "btrfs") config.boot.initrd.supportedFilesystems;
+
+in
+
+{
+  config = mkIf (any (fs: fs == "btrfs") config.boot.supportedFilesystems) {
+
+    system.fsPackages = [ pkgs.btrfsProgs ];
+
+    boot.initrd.kernelModules = mkIf inInitrd [ "btrfs" "crc32c" ];
+
+    boot.initrd.extraUtilsCommands = mkIf inInitrd
+      ''
+        mkdir -p $out/bin
+        cp -v ${pkgs.btrfsProgs}/bin/btrfs $out/bin
+        ln -sv btrfs $out/bin/btrfsck
+        ln -sv btrfsck $out/bin/fsck.btrfs
+        # !!! Increases uncompressed initrd by 240k
+        cp -pv ${pkgs.zlib}/lib/libz.so* $out/lib
+        cp -pv ${pkgs.lzo}/lib/liblzo2.so* $out/lib
+      '';
+
+    boot.initrd.extraUtilsCommandsTest = mkIf inInitrd
+      ''
+        $out/bin/btrfs --version
+      '';
+
+    boot.initrd.postDeviceCommands = mkIf inInitrd
+      ''
+        btrfs device scan
+      '';
+
+    # !!! This is broken.  There should be a udev rule to do this when
+    # new devices are discovered.
+    jobs.udev.postStart =
+      ''
+        ${pkgs.btrfsProgs}/bin/btrfs device scan
+      '';
+
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/ext.nix b/nixos/modules/tasks/filesystems/ext.nix
new file mode 100644
index 000000000000..24592e9d5882
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/ext.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+
+{
+  config = {
+
+    system.fsPackages = [ pkgs.e2fsprogs ];
+
+    boot.initrd.availableKernelModules = [ "ext2" "ext3" "ext4" ];
+
+    boot.initrd.extraUtilsCommands =
+      ''
+        # Copy e2fsck and friends.
+        cp -v ${pkgs.e2fsprogs}/sbin/e2fsck $out/bin
+        cp -v ${pkgs.e2fsprogs}/sbin/tune2fs $out/bin
+        ln -sv e2fsck $out/bin/fsck.ext2
+        ln -sv e2fsck $out/bin/fsck.ext3
+        ln -sv e2fsck $out/bin/fsck.ext4
+        cp -pdv ${pkgs.e2fsprogs}/lib/lib*.so.* $out/lib
+      '';
+
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/nfs.nix b/nixos/modules/tasks/filesystems/nfs.nix
new file mode 100644
index 000000000000..2b720a93b893
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/nfs.nix
@@ -0,0 +1,94 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inInitrd = any (fs: fs == "nfs") config.boot.initrd.supportedFilesystems;
+
+  nfsStateDir = "/var/lib/nfs";
+
+  rpcMountpoint = "${nfsStateDir}/rpc_pipefs";
+
+  idmapdConfFile = pkgs.writeText "idmapd.conf" ''
+    [General]
+    Pipefs-Directory = ${rpcMountpoint}
+    ${optionalString (config.networking.domain != "")
+      "Domain = ${config.networking.domain}"}
+
+    [Mapping]
+    Nobody-User = nobody
+    Nobody-Group = nogroup
+
+    [Translation]
+    Method = nsswitch
+  '';
+
+in
+
+{
+
+  ###### implementation
+
+  config = mkIf (any (fs: fs == "nfs" || fs == "nfs4") config.boot.supportedFilesystems) {
+
+    services.rpcbind.enable = true;
+
+    system.fsPackages = [ pkgs.nfsUtils ];
+
+    boot.kernelModules = [ "sunrpc" ];
+
+    boot.initrd.kernelModules = mkIf inInitrd [ "nfs" ];
+
+    systemd.services.statd =
+      { description = "NFSv3 Network Status Monitor";
+
+        path = [ pkgs.nfsUtils pkgs.sysvtools pkgs.utillinux ];
+
+        wantedBy = [ "network-online.target" "multi-user.target" ];
+        before = [ "network-online.target" ];
+        requires = [ "basic.target" "rpcbind.service" ];
+        after = [ "basic.target" "rpcbind.service" "network.target" ];
+
+        unitConfig.DefaultDependencies = false; # don't stop during shutdown
+
+        preStart =
+          ''
+            mkdir -p ${nfsStateDir}/sm
+            mkdir -p ${nfsStateDir}/sm.bak
+            sm-notify -d
+          '';
+
+        serviceConfig.Type = "forking";
+        serviceConfig.ExecStart = "@${pkgs.nfsUtils}/sbin/rpc.statd rpc.statd --no-notify";
+        serviceConfig.Restart = "always";
+      };
+
+    systemd.services.idmapd =
+      { description = "NFSv4 ID Mapping Daemon";
+
+        path = [ pkgs.sysvtools pkgs.utillinux ];
+
+        wantedBy = [ "network-online.target" "multi-user.target" ];
+        before = [ "network-online.target" ];
+        requires = [ "rpcbind.service" ];
+        after = [ "rpcbind.service" ];
+
+        preStart =
+          ''
+            mkdir -p ${rpcMountpoint}
+            mount -t rpc_pipefs rpc_pipefs ${rpcMountpoint}
+          '';
+
+        postStop =
+          ''
+            umount ${rpcMountpoint}
+          '';
+
+        serviceConfig.Type = "forking";
+        serviceConfig.ExecStart = "@${pkgs.nfsUtils}/sbin/rpc.idmapd rpc.idmapd -c ${idmapdConfFile}";
+        serviceConfig.Restart = "always";
+      };
+
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/reiserfs.nix b/nixos/modules/tasks/filesystems/reiserfs.nix
new file mode 100644
index 000000000000..f8c6a7000040
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/reiserfs.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inInitrd = any (fs: fs == "reiserfs") config.boot.initrd.supportedFilesystems;
+
+in
+
+{
+  config = mkIf (any (fs: fs == "reiserfs") config.boot.supportedFilesystems) {
+
+    system.fsPackages = [ pkgs.reiserfsprogs ];
+
+    boot.initrd.kernelModules = mkIf inInitrd [ "reiserfs" ];
+
+    boot.initrd.extraUtilsCommands = mkIf inInitrd
+      ''
+        cp -v ${pkgs.reiserfsprogs}/sbin/reiserfsck $out/bin
+        ln -sv reiserfsck $out/bin/fsck.reiserfs
+      '';
+
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/unionfs-fuse.nix b/nixos/modules/tasks/filesystems/unionfs-fuse.nix
new file mode 100644
index 000000000000..177c97f85c78
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/unionfs-fuse.nix
@@ -0,0 +1,24 @@
+{ config, pkgs, ... }:
+
+{
+  config = pkgs.lib.mkMerge [
+    (pkgs.lib.mkIf (pkgs.lib.any (fs: fs == "unionfs-fuse") config.boot.initrd.supportedFilesystems) {
+      boot.initrd.kernelModules = [ "fuse" ];
+  
+      boot.initrd.extraUtilsCommands = ''
+        cp -v ${pkgs.fuse}/lib/libfuse* $out/lib
+        cp -v ${pkgs.unionfs-fuse}/bin/unionfs $out/bin
+      '';
+  
+      boot.initrd.postDeviceCommands = ''
+          # Hacky!!! fuse hard-codes the path to mount
+          mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin
+          ln -s $(which mount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin
+          ln -s $(which umount) /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.utillinux.name}/bin
+        '';
+    })
+    (pkgs.lib.mkIf (pkgs.lib.any (fs: fs == "unionfs-fuse") config.boot.supportedFilesystems) {
+      system.fsPackages = [ pkgs.unionfs-fuse ];
+    })
+  ];
+}
diff --git a/nixos/modules/tasks/filesystems/vfat.nix b/nixos/modules/tasks/filesystems/vfat.nix
new file mode 100644
index 000000000000..5ca72f142b7d
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/vfat.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inInitrd = any (fs: fs == "vfat") config.boot.initrd.supportedFilesystems;
+
+in
+
+{
+  config = mkIf (any (fs: fs == "vfat") config.boot.supportedFilesystems) {
+
+    system.fsPackages = [ pkgs.dosfstools ];
+
+    boot.initrd.kernelModules = mkIf inInitrd [ "vfat" "nls_cp437" "nls_iso8859-1" ];
+
+    boot.initrd.extraUtilsCommands = mkIf inInitrd
+      ''
+        cp -v ${pkgs.dosfstools}/sbin/dosfsck $out/bin
+        ln -sv dosfsck $out/bin/fsck.vfat
+      '';
+
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/xfs.nix b/nixos/modules/tasks/filesystems/xfs.nix
new file mode 100644
index 000000000000..6800696a05a3
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/xfs.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  inInitrd = any (fs: fs == "xfs") config.boot.initrd.supportedFilesystems;
+
+in
+
+{
+  config = mkIf (any (fs: fs == "xfs") config.boot.supportedFilesystems) {
+
+    system.fsPackages = [ pkgs.xfsprogs ];
+
+    boot.initrd.availableKernelModules = mkIf inInitrd [ "xfs" "crc32c" ];
+
+    boot.initrd.extraUtilsCommands = mkIf inInitrd
+      ''
+        cp -v ${pkgs.xfsprogs}/sbin/fsck.xfs $out/bin
+      '';
+
+    # Trick just to set 'sh' after the extraUtils nuke-refs.
+    boot.initrd.extraUtilsCommandsTest = mkIf inInitrd
+      ''
+        sed -i -e 's,^#!.*,#!'$out/bin/sh, $out/bin/fsck.xfs
+      '';
+  };
+}
diff --git a/nixos/modules/tasks/filesystems/zfs.nix b/nixos/modules/tasks/filesystems/zfs.nix
new file mode 100644
index 000000000000..efd546f3baa0
--- /dev/null
+++ b/nixos/modules/tasks/filesystems/zfs.nix
@@ -0,0 +1,95 @@
+{ config, pkgs, ... }:
+#
+# todo:
+#   - crontab for scrubs, etc
+#   - zfs tunables
+#   - /etc/zfs/zpool.cache handling
+
+
+with pkgs.lib;
+
+let
+
+  cfgSpl = config.boot.spl;
+  inInitrd = any (fs: fs == "zfs") config.boot.initrd.supportedFilesystems;
+  inSystem = any (fs: fs == "zfs") config.boot.supportedFilesystems;
+  kernel = config.boot.kernelPackages;
+
+in
+
+{
+
+  ###### interface
+  
+  options = { 
+    boot.spl.hostid = mkOption { 
+      default = "";
+      example = "0xdeadbeef";
+      description = ''
+        ZFS uses a system's hostid to determine if a storage pool (zpool) is
+        native to this system, and should thus be imported automatically.
+        Unfortunately, this hostid can change under linux from boot to boot (by
+        changing network adapters, for instance). Specify a unique 32 bit hostid in
+        hex here for zfs to prevent getting a random hostid between boots and having to
+        manually import pools.
+      '';
+    };
+  };
+
+  ###### implementation
+
+  config = mkIf ( inInitrd || inSystem ) {
+
+    boot = { 
+      kernelModules = [ "spl" "zfs" ] ;
+      extraModulePackages = [ kernel.zfs kernel.spl ];
+      extraModprobeConfig = mkIf (cfgSpl.hostid != "") ''
+        options spl spl_hostid=${cfgSpl.hostid}
+      '';
+    };
+
+    boot.initrd = mkIf inInitrd { 
+      kernelModules = [ "spl" "zfs" ] ;
+      extraUtilsCommands =
+        ''
+          cp -v ${kernel.zfs}/sbin/zfs $out/bin
+          cp -v ${kernel.zfs}/sbin/zdb $out/bin
+          cp -v ${kernel.zfs}/sbin/zpool $out/bin
+          cp -pdv ${kernel.zfs}/lib/lib*.so* $out/lib
+          cp -pdv ${pkgs.zlib}/lib/lib*.so* $out/lib
+        '';
+      postDeviceCommands =
+        ''
+          zpool import -f -a -d /dev
+        '';
+    };
+
+    systemd.services."zpool-import" = {
+      description = "Import zpools";
+      after = [ "systemd-udev-settle.service" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        restartIfChanged = false;
+        ExecStart = "${kernel.zfs}/sbin/zpool import -f -a -d /dev";
+      };
+    };
+
+    systemd.services."zfs-mount" = {
+      description = "Mount zfs volumes";
+      after = [ "zpool-import.service" ];
+      wantedBy = [ "local-fs.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+        restartIfChanged = false;
+        ExecStart = "${kernel.zfs}/sbin/zfs mount -a";
+        ExecStop = "${kernel.zfs}/sbin/zfs umount -a";
+      };
+    };
+
+    system.fsPackages = [ kernel.zfs ];                  # XXX: needed? zfs doesn't have (need) a fsck
+    environment.systemPackages = [ kernel.zfs ];
+    services.udev.packages = [ kernel.zfs ];             # to hook zvol naming, etc. 
+  };
+}
diff --git a/nixos/modules/tasks/kbd.nix b/nixos/modules/tasks/kbd.nix
new file mode 100644
index 000000000000..9f294a5f93e3
--- /dev/null
+++ b/nixos/modules/tasks/kbd.nix
@@ -0,0 +1,73 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  vconsoleConf = pkgs.writeText "vconsole.conf"
+    ''
+      KEYMAP=${config.i18n.consoleKeyMap}
+      FONT=${config.i18n.consoleFont}
+    '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    # most options are defined in i18n.nix
+
+    # FIXME: still needed?
+    boot.extraTTYs = mkOption {
+      default = [];
+      example = ["tty8" "tty9"];
+      description = ''
+        Tty (virtual console) devices, in addition to the consoles on
+        which mingetty and syslogd run, that must be initialised.
+        Only useful if you have some program that you want to run on
+        some fixed console.  For example, the NixOS installation CD
+        opens the manual in a web browser on console 7, so it sets
+        <option>boot.extraTTYs</option> to <literal>["tty7"]</literal>.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages = [ pkgs.kbd ];
+
+    # Let systemd-vconsole-setup.service do the work of setting up the
+    # virtual consoles.  FIXME: trigger a restart of
+    # systemd-vconsole-setup.service if /etc/vconsole.conf changes.
+    environment.etc."vconsole.conf".source = vconsoleConf;
+
+    # This is identical to the systemd-vconsole-setup.service unit
+    # shipped with systemd, except that it uses /dev/tty1 instead of
+    # /dev/tty0 to prevent putting the X server in non-raw mode, and
+    # it has a restart trigger.
+    systemd.services."systemd-vconsole-setup" =
+      { description = "Setup Virtual Console";
+        wantedBy = [ "sysinit.target" "multi-user.target" ];
+        before = [ "sysinit.target" "shutdown.target" ];
+        unitConfig =
+          { DefaultDependencies = "no";
+            Conflicts = "shutdown.target";
+            ConditionPathExists = "/dev/tty1";
+          };
+        serviceConfig =
+          { Type = "oneshot";
+            RemainAfterExit = true;
+            ExecStart = "${config.systemd.package}/lib/systemd/systemd-vconsole-setup /dev/tty1";
+          };
+        restartTriggers = [ vconsoleConf ];
+      };
+
+  };
+
+}
diff --git a/nixos/modules/tasks/lvm.nix b/nixos/modules/tasks/lvm.nix
new file mode 100644
index 000000000000..0e0272388c76
--- /dev/null
+++ b/nixos/modules/tasks/lvm.nix
@@ -0,0 +1,15 @@
+{ config, pkgs, ... }:
+
+{
+
+  ###### implementation
+
+  config = {
+
+    environment.systemPackages = [ pkgs.lvm2 ];
+
+    services.udev.packages = [ pkgs.lvm2 ];
+
+  };
+
+}
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
new file mode 100644
index 000000000000..d8522b6abba0
--- /dev/null
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -0,0 +1,447 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.networking;
+  interfaces = attrValues cfg.interfaces;
+  hasVirtuals = any (i: i.virtual) interfaces;
+
+  interfaceOpts = { name, ... }: {
+
+    options = {
+
+      name = mkOption {
+        example = "eth0";
+        type = types.str;
+        description = "Name of the interface.";
+      };
+
+      ipAddress = mkOption {
+        default = null;
+        example = "10.0.0.1";
+        type = types.nullOr (types.str);
+        description = ''
+          IP address of the interface.  Leave empty to configure the
+          interface using DHCP.
+        '';
+      };
+
+      prefixLength = mkOption {
+        default = null;
+        example = 24;
+        type = types.nullOr types.int;
+        description = ''
+          Subnet mask of the interface, specified as the number of
+          bits in the prefix (<literal>24</literal>).
+        '';
+      };
+
+      subnetMask = mkOption {
+        default = "";
+        example = "255.255.255.0";
+        type = types.str;
+        description = ''
+          Subnet mask of the interface, specified as a bitmask.
+          This is deprecated; use <option>prefixLength</option>
+          instead.
+        '';
+      };
+
+      macAddress = mkOption {
+        default = null;
+        example = "00:11:22:33:44:55";
+        type = types.nullOr (types.str);
+        description = ''
+          MAC address of the interface. Leave empty to use the default.
+        '';
+      };
+
+      virtual = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Whether this interface is virtual and should be created by tunctl.
+          This is mainly useful for creating bridges between a host a virtual
+          network such as VPN or a virtual machine.
+
+          Defaults to tap device, unless interface contains "tun" in its name.
+        '';
+      };
+
+      virtualOwner = mkOption {
+        default = "root";
+        type = types.str;
+        description = ''
+          In case of a virtual device, the user who owns it.
+        '';
+      };
+
+      proxyARP = mkOption {
+        default = false;
+        type = types.bool;
+        description = ''
+          Turn on proxy_arp for this device (and proxy_ndp for ipv6).
+          This is mainly useful for creating pseudo-bridges between a real
+          interface and a virtual network such as VPN or a virtual machine for
+          interfaces that don't support real bridging (most wlan interfaces).
+          As ARP proxying acts slightly above the link-layer, below-ip traffic
+          isn't bridged, so things like DHCP won't work. The advantage above
+          using NAT lies in the fact that no IP addresses are shared, so all
+          hosts are reachable/routeable.
+
+          WARNING: turns on ip-routing, so if you have multiple interfaces, you
+          should think of the consequence and setup firewall rules to limit this.
+        '';
+      };
+
+    };
+
+    config = {
+      name = mkDefault name;
+    };
+
+  };
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    networking.hostName = mkOption {
+      default = "nixos";
+      description = ''
+        The name of the machine.  Leave it empty if you want to obtain
+        it from a DHCP server (if using DHCP).
+      '';
+    };
+
+    networking.enableIPv6 = mkOption {
+      default = true;
+      description = ''
+        Whether to enable support for IPv6.
+      '';
+    };
+
+    networking.defaultGateway = mkOption {
+      default = "";
+      example = "131.211.84.1";
+      description = ''
+        The default gateway.  It can be left empty if it is auto-detected through DHCP.
+      '';
+    };
+
+    networking.defaultGatewayWindowSize = mkOption {
+      default = null;
+      example = 524288;
+      type = types.nullOr types.int;
+      description = ''
+        The window size of the default gateway. It limits maximal data bursts that TCP peers
+        are allowed to send to us.
+      '';
+    };
+
+    networking.nameservers = mkOption {
+      default = [];
+      example = ["130.161.158.4" "130.161.33.17"];
+      description = ''
+        The list of nameservers.  It can be left empty if it is auto-detected through DHCP.
+      '';
+    };
+
+    networking.domain = mkOption {
+      default = "";
+      example = "home";
+      description = ''
+        The domain.  It can be left empty if it is auto-detected through DHCP.
+      '';
+    };
+
+    networking.localCommands = mkOption {
+      default = "";
+      example = "text=anything; echo You can put $text here.";
+      description = ''
+        Shell commands to be executed at the end of the
+        <literal>network-setup</literal> systemd service.  Note that if
+        you are using DHCP to obtain the network configuration,
+        interfaces may not be fully configured yet.
+      '';
+    };
+
+    networking.interfaces = mkOption {
+      default = {};
+      example =
+        { eth0 = {
+            ipAddress = "131.211.84.78";
+            subnetMask = "255.255.255.128";
+          };
+        };
+      description = ''
+        The configuration for each network interface.  If
+        <option>networking.useDHCP</option> is true, then every
+        interface not listed here will be configured using DHCP.
+      '';
+      type = types.loaOf types.optionSet;
+      options = [ interfaceOpts ];
+    };
+
+    networking.bridges = mkOption {
+      default = { };
+      example =
+        { br0.interfaces = [ "eth0" "eth1" ];
+          br1.interfaces = [ "eth2" "wlan0" ];
+        };
+      description =
+        ''
+          This option allows you to define Ethernet bridge devices
+          that connect physical networks together.  The value of this
+          option is an attribute set.  Each attribute specifies a
+          bridge, with the attribute name specifying the name of the
+          bridge's network interface.
+        '';
+
+      type = types.attrsOf types.optionSet;
+
+      options = {
+
+        interfaces = mkOption {
+          example = [ "eth0" "eth1" ];
+          type = types.listOf types.string;
+          description =
+            "The physical network interfaces connected by the bridge.";
+        };
+
+      };
+
+    };
+
+    networking.useDHCP = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        Whether to use DHCP to obtain an IP address and other
+        configuration for all network interfaces that are not manually
+        configured.
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = {
+
+    boot.kernelModules = optional cfg.enableIPv6 "ipv6" ++ optional hasVirtuals "tun";
+
+    environment.systemPackages =
+      [ pkgs.host
+        pkgs.iproute
+        pkgs.iputils
+        pkgs.nettools
+        pkgs.wirelesstools
+        pkgs.iw
+        pkgs.rfkill
+        pkgs.openresolv
+      ]
+      ++ optional (cfg.bridges != {}) pkgs.bridge_utils
+      ++ optional hasVirtuals pkgs.tunctl
+      ++ optional cfg.enableIPv6 pkgs.ndisc6;
+
+    security.setuidPrograms = [ "ping" "ping6" ];
+
+    systemd.targets."network-interfaces" =
+      { description = "All Network Interfaces";
+        wantedBy = [ "network.target" ];
+        unitConfig.X-StopOnReconfiguration = true;
+      };
+
+    systemd.services =
+      let
+
+        networkSetup =
+          { description = "Networking Setup";
+
+            after = [ "network-interfaces.target" ];
+            before = [ "network.target" ];
+            wantedBy = [ "network.target" ];
+
+            path = [ pkgs.iproute ];
+
+            serviceConfig.Type = "oneshot";
+            serviceConfig.RemainAfterExit = true;
+
+            script =
+              ''
+                # Set the static DNS configuration, if given.
+                ${pkgs.openresolv}/sbin/resolvconf -m 1 -a static <<EOF
+                ${optionalString (cfg.nameservers != [] && cfg.domain != "") ''
+                  domain ${cfg.domain}
+                ''}
+                ${flip concatMapStrings cfg.nameservers (ns: ''
+                  nameserver ${ns}
+                '')}
+                EOF
+
+                # Disable or enable IPv6.
+                if [ -e /proc/sys/net/ipv6/conf/all/disable_ipv6 ]; then
+                  echo ${if cfg.enableIPv6 then "0" else "1"} > /proc/sys/net/ipv6/conf/all/disable_ipv6
+                fi
+
+                # Set the default gateway.
+                ${optionalString (cfg.defaultGateway != "") ''
+                  # FIXME: get rid of "|| true" (necessary to make it idempotent).
+                  ip route add default via "${cfg.defaultGateway}" ${
+                    optionalString (cfg.defaultGatewayWindowSize != null)
+                      "window ${cfg.defaultGatewayWindowSize}"} || true
+                ''}
+
+                # Turn on forwarding if any interface has enabled proxy_arp.
+                ${optionalString (any (i: i.proxyARP) interfaces) ''
+                  echo 1 > /proc/sys/net/ipv4/ip_forward
+                ''}
+
+                # Run any user-specified commands.
+                ${cfg.localCommands}
+              '';
+          };
+
+        # For each interface <foo>, create a job ‘<foo>-cfg.service"
+        # that performs static configuration.  It has a "wants"
+        # dependency on ‘<foo>.service’, which is supposed to create
+        # the interface and need not exist (i.e. for hardware
+        # interfaces).  It has a binds-to dependency on the actual
+        # network device, so it only gets started after the interface
+        # has appeared, and it's stopped when the interface
+        # disappears.
+        configureInterface = i: nameValuePair "${i.name}-cfg"
+          (let mask =
+                if i.prefixLength != null then toString i.prefixLength else
+                if i.subnetMask != "" then i.subnetMask else "32";
+          in
+          { description = "Configuration of ${i.name}";
+            wantedBy = [ "network-interfaces.target" ];
+            bindsTo = [ "sys-subsystem-net-devices-${i.name}.device" ];
+            after = [ "sys-subsystem-net-devices-${i.name}.device" ];
+            serviceConfig.Type = "oneshot";
+            serviceConfig.RemainAfterExit = true;
+            path = [ pkgs.iproute pkgs.gawk ];
+            script =
+              ''
+                echo "bringing up interface..."
+                ip link set "${i.name}" up
+              ''
+              + optionalString (i.macAddress != null)
+                ''
+                  echo "setting MAC address to ${i.macAddress}..."
+                  ip link set "${i.name}" address "${i.macAddress}"
+                ''
+              + optionalString (i.ipAddress != null)
+                ''
+                  cur=$(ip -4 -o a show dev "${i.name}" | awk '{print $4}')
+                  # Only do a flush/add if it's necessary.  This is
+                  # useful when the Nix store is accessed via this
+                  # interface (e.g. in a QEMU VM test).
+                  if [ "$cur" != "${i.ipAddress}/${mask}" ]; then
+                    echo "configuring interface..."
+                    ip -4 addr flush dev "${i.name}"
+                    ip -4 addr add "${i.ipAddress}/${mask}" dev "${i.name}"
+                    # Ensure that the default gateway remains set.
+                    # (Flushing this interface may have removed it.)
+                    ${config.systemd.package}/bin/systemctl try-restart --no-block network-setup.service
+                  else
+                    echo "skipping configuring interface"
+                  fi
+                  ${config.systemd.package}/bin/systemctl start ip-up.target
+                ''
+              + optionalString i.proxyARP
+                ''
+                  echo 1 > /proc/sys/net/ipv4/conf/${i.name}/proxy_arp
+                ''
+              + optionalString (i.proxyARP && cfg.enableIPv6)
+                ''
+                  echo 1 > /proc/sys/net/ipv6/conf/${i.name}/proxy_ndp
+                '';
+          });
+
+        createTunDevice = i: nameValuePair "${i.name}"
+          { description = "Virtual Network Interface ${i.name}";
+            requires = [ "dev-net-tun.device" ];
+            after = [ "dev-net-tun.device" ];
+            wantedBy = [ "network.target" ];
+            requiredBy = [ "sys-subsystem-net-devices-${i.name}.device" ];
+            serviceConfig =
+              { Type = "oneshot";
+                RemainAfterExit = true;
+                ExecStart = "${pkgs.tunctl}/bin/tunctl -t '${i.name}' -u '${i.virtualOwner}'";
+                ExecStop = "${pkgs.tunctl}/bin/tunctl -d '${i.name}'";
+              };
+          };
+
+        createBridgeDevice = n: v:
+          let
+            deps = map (i: "sys-subsystem-net-devices-${i}.device") v.interfaces;
+          in
+          { description = "Bridge Interface ${n}";
+            wantedBy = [ "network.target" "sys-subsystem-net-devices-${n}.device" ];
+            bindsTo = deps;
+            after = deps;
+            serviceConfig.Type = "oneshot";
+            serviceConfig.RemainAfterExit = true;
+            path = [ pkgs.bridge_utils pkgs.iproute ];
+            script =
+              ''
+                brctl addbr "${n}"
+
+                # Set bridge's hello time to 0 to avoid startup delays.
+                brctl setfd "${n}" 0
+
+                ${flip concatMapStrings v.interfaces (i: ''
+                  brctl addif "${n}" "${i}"
+                  ip link set "${i}" up
+                  ip addr flush dev "${i}"
+
+                  echo "bringing up network device ${n}..."
+                  ip link set "${n}" up
+                '')}
+
+                # !!! Should delete (brctl delif) any interfaces that
+                # no longer belong to the bridge.
+              '';
+            postStop =
+              ''
+                ip link set "${n}" down
+                brctl delbr "${n}"
+              '';
+          };
+
+      in listToAttrs (
+           map configureInterface interfaces ++
+           map createTunDevice (filter (i: i.virtual) interfaces))
+         // mapAttrs createBridgeDevice cfg.bridges
+         // { "network-setup" = networkSetup; };
+
+    # Set the host and domain names in the activation script.  Don't
+    # clear it if it's not configured in the NixOS configuration,
+    # since it may have been set by dhcpcd in the meantime.
+    system.activationScripts.hostname =
+      optionalString (config.networking.hostName != "") ''
+        hostname "${config.networking.hostName}"
+      '';
+    system.activationScripts.domain =
+      optionalString (config.networking.domain != "") ''
+        domainname "${config.networking.domain}"
+      '';
+
+    services.udev.extraRules =
+      ''
+        KERNEL=="tun", TAG+="systemd"
+      '';
+
+  };
+
+}
diff --git a/nixos/modules/tasks/scsi-link-power-management.nix b/nixos/modules/tasks/scsi-link-power-management.nix
new file mode 100644
index 000000000000..4927952080f6
--- /dev/null
+++ b/nixos/modules/tasks/scsi-link-power-management.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  ###### interface
+
+  options = {
+
+    powerManagement.scsiLinkPolicy = mkOption {
+      default = "";
+      example = "min_power";
+      type = types.str;
+      description = ''
+        Configure the SCSI link power management policy. By default,
+        the kernel configures "max_performance".
+      '';
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf (config.powerManagement.scsiLinkPolicy != "") {
+
+    jobs."scsi-link-pm" =
+      { description = "SCSI Link Power Management Policy";
+
+        startOn = "stopped udevtrigger";
+
+        task = true;
+
+        script = ''
+          shopt -s nullglob
+          for x in /sys/class/scsi_host/host*/link_power_management_policy; do
+            echo ${config.powerManagement.scsiLinkPolicy} > $x
+          done
+        '';
+      };
+
+  };
+
+}
diff --git a/nixos/modules/tasks/swraid.nix b/nixos/modules/tasks/swraid.nix
new file mode 100644
index 000000000000..3b4aa9875f26
--- /dev/null
+++ b/nixos/modules/tasks/swraid.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+
+{
+
+  environment.systemPackages = [ pkgs.mdadm ];
+
+  services.udev.packages = [ pkgs.mdadm ];
+
+  boot.initrd.availableKernelModules = [ "md_mod" "raid0" "raid1" "raid456" ];
+
+}
diff --git a/nixos/modules/tasks/tty-backgrounds-combine.sh b/nixos/modules/tasks/tty-backgrounds-combine.sh
new file mode 100644
index 000000000000..1e0d8758a6ee
--- /dev/null
+++ b/nixos/modules/tasks/tty-backgrounds-combine.sh
@@ -0,0 +1,32 @@
+source $stdenv/setup
+
+ttys=($ttys)
+themes=($themes)
+
+ensureDir $out
+
+defaultName=$(cd $default && ls | grep -v default)
+echo $defaultName
+ln -s $default/$defaultName $out/$defaultName
+ln -s $defaultName $out/default
+
+for ((n = 0; n < ${#ttys[*]}; n++)); do
+    tty=${ttys[$n]}
+    theme=${themes[$n]}
+
+    echo "TTY $tty -> $theme"
+
+    if [ "$theme" != default ]; then
+        themeName=$(cd $theme && ls | grep -v default)
+        ln -sfn $theme/$themeName $out/$themeName
+    else
+        themeName=default
+    fi
+
+    if test -e $out/$tty; then
+        echo "Multiple themes defined for the same TTY!"
+        exit 1
+    fi
+
+    ln -sfn $themeName $out/$tty
+done
diff --git a/nixos/modules/testing/minimal-kernel.nix b/nixos/modules/testing/minimal-kernel.nix
new file mode 100644
index 000000000000..0418de800c8d
--- /dev/null
+++ b/nixos/modules/testing/minimal-kernel.nix
@@ -0,0 +1,28 @@
+{ config, pkgs, ... }:
+
+let
+  configfile = builtins.storePath (builtins.toFile "config" (pkgs.lib.concatStringsSep "\n"
+    (map (builtins.getAttr "configLine") config.system.requiredKernelConfig))
+  );
+
+  origKernel = pkgs.linuxManualConfig {
+    inherit (pkgs.linux) src version;
+    inherit configfile;
+    allowImportFromDerivation = true;
+    kernelPatches = [ pkgs.kernelPatches.cifs_timeout_2_6_38 ];
+  };
+
+  kernel = origKernel // (derivation (origKernel.drvAttrs // {
+    configurePhase = ''
+      runHook preConfigure
+      mkdir ../build
+      make $makeFlags "''${makeFlagsArray[@]}" mrproper
+      make $makeFlags "''${makeFlagsArray[@]}" KCONFIG_ALLCONFIG=${configfile} allnoconfig
+      runHook postConfigure
+    '';
+  }));
+
+   kernelPackages = pkgs.linuxPackagesFor kernel;
+in {
+  boot.kernelPackages = kernelPackages;
+}
diff --git a/nixos/modules/testing/test-instrumentation.nix b/nixos/modules/testing/test-instrumentation.nix
new file mode 100644
index 000000000000..28494e1c7b2a
--- /dev/null
+++ b/nixos/modules/testing/test-instrumentation.nix
@@ -0,0 +1,91 @@
+# This module allows the test driver to connect to the virtual machine
+# via a root shell attached to port 514.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let kernel = config.boot.kernelPackages.kernel; in
+
+{
+
+  config = {
+
+    systemd.services.backdoor =
+      { wantedBy = [ "multi-user.target" ];
+        requires = [ "dev-hvc0.device" "dev-ttyS0.device" ];
+        after = [ "dev-hvc0.device" "dev-ttyS0.device" ];
+        script =
+          ''
+            export USER=root
+            export HOME=/root
+            export DISPLAY=:0.0
+            source /etc/profile
+            cd /tmp
+            exec < /dev/hvc0 > /dev/hvc0
+            while ! exec 2> /dev/ttyS0; do sleep 0.1; done
+            echo "connecting to host..." >&2
+            stty -F /dev/hvc0 raw -echo # prevent nl -> cr/nl conversion
+            echo
+            PS1= exec /bin/sh
+          '';
+        serviceConfig.KillSignal = "SIGHUP";
+      };
+
+    # Prevent agetty from being instantiated on ttyS0, since it
+    # interferes with the backdoor (writes to ttyS0 will randomly fail
+    # with EIO).  Likewise for hvc0.
+    systemd.services."serial-getty@ttyS0".enable = false;
+    systemd.services."serial-getty@hvc0".enable = false;
+
+    boot.initrd.postDeviceCommands =
+      ''
+        # Using acpi_pm as a clock source causes the guest clock to
+        # slow down under high host load.  This is usually a bad
+        # thing, but for VM tests it should provide a bit more
+        # determinism (e.g. if the VM runs at lower speed, then
+        # timeouts in the VM should also be delayed).
+        echo acpi_pm > /sys/devices/system/clocksource/clocksource0/current_clocksource
+      '';
+
+    boot.postBootCommands =
+      ''
+        # Panic on out-of-memory conditions rather than letting the
+        # OOM killer randomly get rid of processes, since this leads
+        # to failures that are hard to diagnose.
+        echo 2 > /proc/sys/vm/panic_on_oom
+
+        # Coverage data is written into /tmp/coverage-data.
+        mkdir -p /tmp/xchg/coverage-data
+      '';
+
+    # If the kernel has been built with coverage instrumentation, make
+    # it available under /proc/gcov.
+    boot.kernelModules = [ "gcov-proc" ];
+
+    # Panic if an error occurs in stage 1 (rather than waiting for
+    # user intervention).
+    boot.kernelParams =
+      [ "console=tty1" "console=ttyS0" "panic=1" "boot.panic_on_fail" ];
+
+    # `xwininfo' is used by the test driver to query open windows.
+    environment.systemPackages = [ pkgs.xorg.xwininfo ];
+
+    # Log everything to the serial console.
+    services.journald.console = "/dev/console";
+
+    # Prevent tests from accessing the Internet.
+    networking.defaultGateway = mkOverride 150 "";
+    networking.nameservers = mkOverride 150 [ ];
+
+    systemd.globalEnvironment.GCOV_PREFIX = "/tmp/xchg/coverage-data";
+
+    system.requiredKernelConfig = with config.lib.kernelConfig; [
+      (isYes "SERIAL_8250_CONSOLE")
+      (isYes "SERIAL_8250")
+      (isEnabled "VIRTIO_CONSOLE")
+    ];
+
+  };
+
+}
diff --git a/nixos/modules/virtualisation/amazon-config.nix b/nixos/modules/virtualisation/amazon-config.nix
new file mode 100644
index 000000000000..e816ed2d183a
--- /dev/null
+++ b/nixos/modules/virtualisation/amazon-config.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  imports = [ "${modulesPath}/virtualisation/amazon-image.nix" ];
+}
diff --git a/nixos/modules/virtualisation/amazon-image.nix b/nixos/modules/virtualisation/amazon-image.nix
new file mode 100644
index 000000000000..cfc582170e6c
--- /dev/null
+++ b/nixos/modules/virtualisation/amazon-image.nix
@@ -0,0 +1,163 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  imports = [ ../profiles/headless.nix ./ec2-data.nix ];
+
+  system.build.amazonImage =
+    pkgs.vmTools.runInLinuxVM (
+      pkgs.runCommand "amazon-image"
+        { preVM =
+            ''
+              mkdir $out
+              diskImage=$out/nixos.img
+              ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G"
+              mv closure xchg/
+            '';
+          buildInputs = [ pkgs.utillinux pkgs.perl ];
+          exportReferencesGraph =
+            [ "closure" config.system.build.toplevel ];
+        }
+        ''
+          # Create an empty filesystem and mount it.
+          ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda
+          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda
+          mkdir /mnt
+          mount /dev/vda /mnt
+
+          # The initrd expects these directories to exist.
+          mkdir /mnt/dev /mnt/proc /mnt/sys
+
+          mount -o bind /proc /mnt/proc
+
+          # Copy all paths in the closure to the filesystem.
+          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
+
+          mkdir -p /mnt/nix/store
+          echo "copying everything (will take a while)..."
+          cp -prd $storePaths /mnt/nix/store/
+
+          # Register the paths in the Nix database.
+          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
+              chroot /mnt ${config.nix.package}/bin/nix-store --load-db
+
+          # Create the system profile to allow nixos-rebuild to work.
+          chroot /mnt ${config.nix.package}/bin/nix-env \
+              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
+
+          # `nixos-rebuild' requires an /etc/NIXOS.
+          mkdir -p /mnt/etc
+          touch /mnt/etc/NIXOS
+
+          # `switch-to-configuration' requires a /bin/sh
+          mkdir -p /mnt/bin
+          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
+
+          # Install a configuration.nix.
+          mkdir -p /mnt/etc/nixos
+          cp ${./amazon-config.nix} /mnt/etc/nixos/configuration.nix
+
+          # Generate the GRUB menu.
+          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+          umount /mnt/proc
+          umount /mnt
+        ''
+    );
+
+  fileSystems."/".device = "/dev/disk/by-label/nixos";
+
+  boot.initrd.kernelModules = [ "xen-blkfront" ];
+  boot.kernelModules = [ "xen-netfront" ];
+
+  # Generate a GRUB menu.  Amazon's pv-grub uses this to boot our kernel/initrd.
+  boot.loader.grub.version = 1;
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.timeout = 0;
+  boot.loader.grub.extraPerEntryConfig = "root (hd0)";
+
+  boot.initrd.postDeviceCommands =
+    ''
+      # Force udev to exit to prevent random "Device or resource busy
+      # while trying to open /dev/xvda" errors from fsck.
+      udevadm control --exit || true
+      kill -9 -1
+    '';
+
+  # Mount all formatted ephemeral disks and activate all swap devices.
+  # We cannot do this with the ‘fileSystems’ and ‘swapDevices’ options
+  # because the set of devices is dependent on the instance type
+  # (e.g. "m1.large" has one ephemeral filesystem and one swap device,
+  # while "m1.large" has two ephemeral filesystems and no swap
+  # devices).  Also, put /tmp and /var on /disk0, since it has a lot
+  # more space than the root device.  Similarly, "move" /nix to /disk0
+  # by layering a unionfs-fuse mount on top of it so we have a lot more space for
+  # Nix operations.
+  boot.initrd.postMountCommands =
+    ''
+      diskNr=0
+      diskForUnionfs=
+      for device in /dev/xvd[abcde]*; do
+          if [ "$device" = /dev/xvda -o "$device" = /dev/xvda1 ]; then continue; fi
+          fsType=$(blkid -o value -s TYPE "$device" || true)
+          if [ "$fsType" = swap ]; then
+              echo "activating swap device $device..."
+              swapon "$device" || true
+          elif [ "$fsType" = ext3 ]; then
+              mp="/disk$diskNr"
+              diskNr=$((diskNr + 1))
+              echo "mounting $device on $mp..."
+              if mountFS "$device" "$mp" "" ext3; then
+                  if [ -z "$diskForUnionfs" ]; then diskForUnionfs="$mp"; fi
+              fi
+          else
+              echo "skipping unknown device type $device"
+          fi
+      done
+
+      if [ -n "$diskForUnionfs" ]; then
+          mkdir -m 755 -p $targetRoot/$diskForUnionfs/root
+
+          mkdir -m 1777 -p $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
+          mount --bind $targetRoot/$diskForUnionfs/root/tmp $targetRoot/tmp
+
+          if [ ! -e $targetRoot/.ebs ]; then
+              mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/var $targetRoot/var
+              mount --bind $targetRoot/$diskForUnionfs/root/var $targetRoot/var
+
+              mkdir -p /unionfs-chroot/ro-nix
+              mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix
+
+              mkdir -m 755 -p $targetRoot/$diskForUnionfs/root/nix
+              mkdir -p /unionfs-chroot/rw-nix
+              mount --rbind $targetRoot/$diskForUnionfs/root/nix /unionfs-chroot/rw-nix
+
+              unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix
+          fi
+      fi
+    '';
+
+  boot.initrd.extraUtilsCommands =
+    ''
+      # We need swapon in the initrd.
+      cp ${pkgs.utillinux}/sbin/swapon $out/bin
+    '';
+
+  # Don't put old configurations in the GRUB menu.  The user has no
+  # way to select them anyway.
+  boot.loader.grub.configurationLimit = 0;
+
+  # Allow root logins only using the SSH key that the user specified
+  # at instance creation time.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "without-password";
+
+  # Force getting the hostname from EC2.
+  networking.hostName = mkDefault "";
+
+  # Always include cryptsetup so that Charon can use it.
+  environment.systemPackages = [ pkgs.cryptsetup ];
+
+  boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
+}
diff --git a/nixos/modules/virtualisation/ec2-data.nix b/nixos/modules/virtualisation/ec2-data.nix
new file mode 100644
index 000000000000..5133a98cd962
--- /dev/null
+++ b/nixos/modules/virtualisation/ec2-data.nix
@@ -0,0 +1,99 @@
+# This module defines a systemd service that obtains the SSH key and
+# host name of virtual machines running on Amazon EC2, Eucalyptus and
+# OpenStack Compute (Nova).
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  options = {
+    ec2.metadata = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to allow access to EC2 metadata.
+      '';
+    };
+  };
+
+  config = {
+
+    systemd.services."fetch-ec2-data" =
+      { description = "Fetch EC2 Data";
+
+        wantedBy = [ "multi-user.target" ];
+        before = [ "sshd.service" ];
+        after = [ "network.target" ];
+
+        path = [ pkgs.curl pkgs.iproute ];
+
+        script =
+          ''
+            ip route del blackhole 169.254.169.254/32 || true
+
+            curl="curl --retry 3 --retry-delay 0 --fail"
+
+            echo "setting host name..."
+            ${optionalString (config.networking.hostName == "") ''
+              ${pkgs.nettools}/bin/hostname $($curl http://169.254.169.254/1.0/meta-data/hostname)
+            ''}
+
+            # Don't download the SSH key if it has already been injected
+            # into the image (a Nova feature).
+            if ! [ -e /root/.ssh/authorized_keys ]; then
+                echo "obtaining SSH key..."
+                mkdir -p /root/.ssh
+                $curl -o /root/key.pub http://169.254.169.254/1.0/meta-data/public-keys/0/openssh-key
+                if [ $? -eq 0 -a -e /root/key.pub ]; then
+                    if ! grep -q -f /root/key.pub /root/.ssh/authorized_keys; then
+                        cat /root/key.pub >> /root/.ssh/authorized_keys
+                        echo "new key added to authorized_keys"
+                    fi
+                    chmod 600 /root/.ssh/authorized_keys
+                    rm -f /root/key.pub
+                fi
+            fi
+
+            # Extract the intended SSH host key for this machine from
+            # the supplied user data, if available.  Otherwise sshd will
+            # generate one normally.
+            $curl http://169.254.169.254/2011-01-01/user-data > /root/user-data || true
+            key="$(sed 's/|/\n/g; s/SSH_HOST_DSA_KEY://; t; d' /root/user-data)"
+            key_pub="$(sed 's/SSH_HOST_DSA_KEY_PUB://; t; d' /root/user-data)"
+            if [ -n "$key" -a -n "$key_pub" -a ! -e /etc/ssh/ssh_host_dsa_key ]; then
+                mkdir -m 0755 -p /etc/ssh
+                (umask 077; echo "$key" > /etc/ssh/ssh_host_dsa_key)
+                echo "$key_pub" > /etc/ssh/ssh_host_dsa_key.pub
+            fi
+
+            ${optionalString (! config.ec2.metadata) ''
+            # Since the user data is sensitive, prevent it from being
+            # accessed from now on.
+            ip route add blackhole 169.254.169.254/32
+            ''}
+          '';
+
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
+      };
+
+    systemd.services."print-host-key" =
+      { description = "Print SSH Host Key";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "sshd.service" ];
+        script =
+          ''
+            # Print the host public key on the console so that the user
+            # can obtain it securely by parsing the output of
+            # ec2-get-console-output.
+            echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----" > /dev/console
+            ${pkgs.openssh}/bin/ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key.pub > /dev/console
+            echo "-----END SSH HOST KEY FINGERPRINTS-----" > /dev/console
+          '';
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
+      };
+
+  };
+}
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
new file mode 100644
index 000000000000..d3884a503bc7
--- /dev/null
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -0,0 +1,145 @@
+# Systemd services for libvirtd.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.virtualisation.libvirtd;
+  configFile = pkgs.writeText "libvirtd.conf" ''
+    unix_sock_group = "libvirtd"
+    unix_sock_rw_perms = "0770"
+    auth_unix_ro = "none"
+    auth_unix_rw = "none"
+    ${cfg.extraConfig}
+  '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    virtualisation.libvirtd.enable =
+      mkOption {
+        default = false;
+        description =
+          ''
+            This option enables libvirtd, a daemon that manages
+            virtual machines. Users in the "libvirtd" group can interact with
+            the daemon (e.g. to start or stop VMs) using the
+            <command>virsh</command> command line tool, among others.
+          '';
+      };
+
+    virtualisation.libvirtd.enableKVM =
+      mkOption {
+        default = true;
+        description =
+          ''
+            This option enables support for QEMU/KVM in libvirtd.
+          '';
+      };
+
+    virtualisation.libvirtd.extraConfig =
+      mkOption {
+        default = "";
+        description =
+          ''
+            Extra contents appended to the libvirtd configuration file,
+            libvirtd.conf.
+          '';
+      };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages =
+      [ pkgs.libvirt pkgs.netcat-openbsd ]
+       ++ optional cfg.enableKVM pkgs.qemu_kvm;
+
+    boot.kernelModules = [ "tun" ];
+
+    systemd.services.libvirtd =
+      { description = "Libvirt Virtual Machine Management Daemon";
+
+        wantedBy = [ "multi-user.target" ];
+        after = [ "systemd-udev-settle.service" ];
+
+        path =
+          [ pkgs.bridge_utils pkgs.dmidecode pkgs.dnsmasq
+            pkgs.ebtables
+          ] ++ optional cfg.enableKVM pkgs.qemu_kvm;
+
+        preStart =
+          ''
+            mkdir -p /var/log/libvirt/qemu -m 755
+            rm -f /var/run/libvirtd.pid
+
+            mkdir -p /var/lib/libvirt -m 700
+            mkdir -p /var/lib/libvirt/dnsmasq -m 700
+
+            # Libvirt unfortunately writes mutable state (such as
+            # runtime changes to VM, network or filter configurations)
+            # to /etc.  So we can't use environment.etc to make the
+            # default network and filter definitions available, since
+            # libvirt will then modify the originals in the Nix store.
+            # So here we copy them instead.  Ugly.
+            for i in $(cd ${pkgs.libvirt}/etc && echo \
+                libvirt/qemu/networks/*.xml libvirt/qemu/networks/autostart/*.xml \
+                libvirt/nwfilter/*.xml );
+            do
+                mkdir -p /etc/$(dirname $i) -m 755
+                cp -fpd ${pkgs.libvirt}/etc/$i /etc/$i
+            done
+          ''; # */
+
+        serviceConfig.ExecStart = ''@${pkgs.libvirt}/sbin/libvirtd libvirtd --config "${configFile}" --daemon --verbose'';
+        serviceConfig.Type = "forking";
+        serviceConfig.KillMode = "process"; # when stopping, leave the VMs alone
+
+        # Wait until libvirtd is ready to accept requests.
+        postStart =
+          ''
+            for ((i = 0; i < 60; i++)); do
+                if ${pkgs.libvirt}/bin/virsh list > /dev/null; then exit 0; fi
+                sleep 1
+            done
+            exit 1 # !!! seems to be ignored
+          '';
+      };
+
+    jobs."libvirt-guests" =
+      { description = "Libvirt Virtual Machines";
+
+        wantedBy = [ "multi-user.target" ];
+        wants = [ "libvirtd.service" ];
+        after = [ "libvirtd.service" ];
+
+        restartIfChanged = false;
+
+        path = [ pkgs.gettext pkgs.libvirt pkgs.gawk ];
+
+        preStart =
+          ''
+            mkdir -p /var/lock/subsys -m 755
+            ${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests start || true
+          '';
+
+        postStop = "${pkgs.libvirt}/etc/rc.d/init.d/libvirt-guests stop";
+
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
+      };
+
+    users.extraGroups.libvirtd.gid = config.ids.gids.libvirtd;
+
+  };
+
+}
diff --git a/nixos/modules/virtualisation/nova-config.nix b/nixos/modules/virtualisation/nova-config.nix
new file mode 100644
index 000000000000..f8239cdec519
--- /dev/null
+++ b/nixos/modules/virtualisation/nova-config.nix
@@ -0,0 +1,5 @@
+{ config, pkgs, modulesPath, ... }:
+
+{
+  imports = [ "${modulesPath}/virtualisation/nova-image.nix" ];
+}
diff --git a/nixos/modules/virtualisation/nova-image.nix b/nixos/modules/virtualisation/nova-image.nix
new file mode 100644
index 000000000000..5c9481b71278
--- /dev/null
+++ b/nixos/modules/virtualisation/nova-image.nix
@@ -0,0 +1,115 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  imports = [ ../profiles/qemu-guest.nix ../profiles/headless.nix ./ec2-data.nix ];
+
+  system.build.novaImage =
+    pkgs.vmTools.runInLinuxVM (
+      pkgs.runCommand "nova-image"
+        { preVM =
+            ''
+              mkdir $out
+              diskImage=$out/image
+              ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "4G"
+              mv closure xchg/
+            '';
+          buildInputs = [ pkgs.utillinux pkgs.perl ];
+          exportReferencesGraph =
+            [ "closure" config.system.build.toplevel ];
+        }
+        ''
+          # Create a single / partition.
+          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+          ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+          . /sys/class/block/vda1/uevent
+          mknod /dev/vda1 b $MAJOR $MINOR
+
+          # Create an empty filesystem and mount it.
+          ${pkgs.e2fsprogs}/sbin/mkfs.ext3 -L nixos /dev/vda1
+          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+          mkdir /mnt
+          mount /dev/vda1 /mnt
+
+          # The initrd expects these directories to exist.
+          mkdir /mnt/dev /mnt/proc /mnt/sys
+          mount --bind /proc /mnt/proc
+          mount --bind /dev /mnt/dev
+          mount --bind /sys /mnt/sys
+
+          # Copy all paths in the closure to the filesystem.
+          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
+
+          mkdir -p /mnt/nix/store
+          ${pkgs.rsync}/bin/rsync -av $storePaths /mnt/nix/store/
+
+          # Register the paths in the Nix database.
+          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
+              chroot /mnt ${config.nix.package}/bin/nix-store --load-db
+
+          # Create the system profile to allow nixos-rebuild to work.
+          chroot /mnt ${config.nix.package}/bin/nix-env \
+              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
+
+          # `nixos-rebuild' requires an /etc/NIXOS.
+          mkdir -p /mnt/etc
+          touch /mnt/etc/NIXOS
+
+          # Install a configuration.nix.
+          mkdir -p /mnt/etc/nixos
+          cp ${./nova-config.nix} /mnt/etc/nixos/configuration.nix
+
+          # Generate the GRUB menu.
+          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+          umount /mnt/proc /mnt/dev /mnt/sys
+          umount /mnt
+        ''
+    );
+
+  fileSystems."/".device = "/dev/disk/by-label/nixos";
+
+  boot.kernelParams = [ "console=ttyS0" ];
+
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.timeout = 0;
+
+  # Put /tmp and /var on /ephemeral0, which has a lot more space.
+  # Unfortunately we can't do this with the `fileSystems' option
+  # because it has no support for creating the source of a bind
+  # mount.  Also, "move" /nix to /ephemeral0 by layering a unionfs-fuse
+  # mount on top of it so we have a lot more space for Nix operations.
+  /*
+  boot.initrd.postMountCommands =
+    ''
+      mkdir -m 1777 -p $targetRoot/ephemeral0/tmp
+      mkdir -m 1777 -p $targetRoot/tmp
+      mount --bind $targetRoot/ephemeral0/tmp $targetRoot/tmp
+
+      mkdir -m 755 -p $targetRoot/ephemeral0/var
+      mkdir -m 755 -p $targetRoot/var
+      mount --bind $targetRoot/ephemeral0/var $targetRoot/var
+
+      mkdir -p /unionfs-chroot/ro-nix
+      mount --rbind $targetRoot/nix /unionfs-chroot/ro-nix
+
+      mkdir -p /unionfs-chroot/rw-nix
+      mkdir -m 755 -p $targetRoot/ephemeral0/nix
+      mount --rbind $targetRoot/ephemeral0/nix /unionfs-chroot/rw-nix
+      unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768 /rw-nix=RW:/ro-nix=RO $targetRoot/nix
+    '';
+
+    boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
+    */
+
+  # Since Nova allows VNC access to instances, it's nice to start to
+  # start a few virtual consoles.
+  services.mingetty.ttys = [ "tty1" "tty2" ];
+
+  # Allow root logins only using the SSH key that the user specified
+  # at instance creation time.
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "without-password";
+}
diff --git a/nixos/modules/virtualisation/nova.nix b/nixos/modules/virtualisation/nova.nix
new file mode 100644
index 000000000000..05c68e2bbff9
--- /dev/null
+++ b/nixos/modules/virtualisation/nova.nix
@@ -0,0 +1,174 @@
+# Module for Nova, a.k.a. OpenStack Compute.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.virtualisation.nova;
+
+  nova = pkgs.nova;
+
+  novaConf = pkgs.writeText "nova.conf"
+    ''
+      --nodaemon
+      --verbose
+      ${cfg.extraConfig}
+    '';
+
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    virtualisation.nova.enableSingleNode =
+      mkOption {
+        default = false;
+        description =
+          ''
+            This option enables Nova, also known as OpenStack Compute,
+            a cloud computing system, as a single-machine
+            installation.  That is, all of Nova's components are
+            enabled on this machine, using SQLite as Nova's database.
+            This is useful for evaluating and experimenting with Nova.
+            However, for a real cloud computing environment, you'll
+            want to enable some of Nova's services on other machines,
+            and use a database such as MySQL.
+          '';
+      };
+
+    virtualisation.nova.extraConfig =
+      mkOption {
+        default = "";
+        description =
+          ''
+            Additional text appended to <filename>nova.conf</filename>,
+            the main Nova configuration file.
+          '';
+      };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enableSingleNode {
+
+    environment.systemPackages = [ nova pkgs.euca2ools pkgs.novaclient ];
+
+    environment.etc =
+      [ { source = novaConf;
+          target = "nova/nova.conf";
+        }
+      ];
+
+    # Nova requires libvirtd and RabbitMQ.
+    virtualisation.libvirtd.enable = true;
+    services.rabbitmq.enable = true;
+
+    # `qemu-nbd' required the `nbd' kernel module.
+    boot.kernelModules = [ "nbd" ];
+
+    system.activationScripts.nova =
+      ''
+        mkdir -m 755 -p /var/lib/nova
+        mkdir -m 755 -p /var/lib/nova/networks
+        mkdir -m 700 -p /var/lib/nova/instances
+        mkdir -m 700 -p /var/lib/nova/keys
+
+        # Allow the CA certificate generation script (called by
+        # nova-api) to work.
+        mkdir -m 700 -p /var/lib/nova/CA /var/lib/nova/CA/private
+
+        # Initialise the SQLite database.
+        ${nova}/bin/nova-manage db sync
+      '';
+
+    # `nova-api' receives and executes external client requests from
+    # tools such as euca2ools.  It listens on port 8773 (XML) and 8774
+    # (JSON).
+    jobs.nova_api =
+      { name = "nova-api";
+
+        description = "Nova API service";
+
+        startOn = "ip-up";
+
+        # `openssl' is required to generate the CA.  `openssh' is
+        # required to generate key pairs.
+        path = [ pkgs.openssl pkgs.openssh pkgs.bash ];
+
+        respawn = false;
+
+        exec = "${nova}/bin/nova-api --flagfile=${novaConf} --api_paste_config=${nova}/etc/nova/api-paste.ini";
+      };
+
+    # `nova-objectstore' is a simple image server.  Useful if you're
+    # not running the OpenStack Imaging Service (Swift).  It serves
+    # images placed in /var/lib/nova/images/.
+    jobs.nova_objectstore =
+      { name = "nova-objectstore";
+
+        description = "Nova simple object store service";
+
+        startOn = "ip-up";
+
+        preStart =
+          ''
+            mkdir -m 700 -p /var/lib/nova/images
+          '';
+
+        exec = "${nova}/bin/nova-objectstore --flagfile=${novaConf}";
+      };
+
+    # `nova-scheduler' schedules VM execution requests.
+    jobs.nova_scheduler =
+      { name = "nova-scheduler";
+
+        description = "Nova scheduler service";
+
+        startOn = "ip-up";
+
+        exec = "${nova}/bin/nova-scheduler --flagfile=${novaConf}";
+      };
+
+    # `nova-compute' starts and manages virtual machines.
+    jobs.nova_compute =
+      { name = "nova-compute";
+
+        description = "Nova compute service";
+
+        startOn = "ip-up";
+
+        path =
+          [ pkgs.sudo pkgs.vlan pkgs.nettools pkgs.iptables pkgs.qemu_kvm
+            pkgs.e2fsprogs pkgs.utillinux pkgs.multipath_tools pkgs.iproute
+            pkgs.bridge_utils
+          ];
+
+        exec = "${nova}/bin/nova-compute --flagfile=${novaConf}";
+      };
+
+    # `nova-network' manages networks and allocates IP addresses.
+    jobs.nova_network =
+      { name = "nova-network";
+
+        description = "Nova network service";
+
+        startOn = "ip-up";
+
+        path =
+          [ pkgs.sudo pkgs.vlan pkgs.dnsmasq pkgs.nettools pkgs.iptables
+            pkgs.iproute pkgs.bridge_utils pkgs.radvd
+          ];
+
+        exec = "${nova}/bin/nova-network --flagfile=${novaConf}";
+      };
+
+  };
+
+}
diff --git a/nixos/modules/virtualisation/qemu-opts b/nixos/modules/virtualisation/qemu-opts
new file mode 100644
index 000000000000..f06a5136608a
--- /dev/null
+++ b/nixos/modules/virtualisation/qemu-opts
@@ -0,0 +1,4 @@
+          -device virtio-serial \
+          -chardev socket,id=charconsole0,path=/tmp/nixos-socket,server,nowait \
+          #-device virtconsole,chardev=charconsole0,id=console0 \
+          -device virtserialport,chardev=chardev=charconsole0,id=serial0
diff --git a/nixos/modules/virtualisation/qemu-vm.nix b/nixos/modules/virtualisation/qemu-vm.nix
new file mode 100644
index 000000000000..2218e1045eb8
--- /dev/null
+++ b/nixos/modules/virtualisation/qemu-vm.nix
@@ -0,0 +1,421 @@
+# This module creates a virtual machine from the NixOS configuration.
+# Building the `config.system.build.vm' attribute gives you a command
+# that starts a KVM/QEMU VM running the NixOS configuration defined in
+# `config'.  The Nix store is shared read-only with the host, which
+# makes (re)building VMs very efficient.  However, it also means you
+# can't reconfigure the guest inside the guest - you need to rebuild
+# the VM in the host.  On the other hand, the root filesystem is a
+# read/writable disk image persistent across VM reboots.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  vmName =
+    if config.networking.hostName == ""
+    then "noname"
+    else config.networking.hostName;
+
+  cfg = config.virtualisation;
+
+  qemuGraphics = if cfg.graphics then "" else "-nographic";
+  kernelConsole = if cfg.graphics then "" else "console=ttyS0";
+  ttys = [ "tty1" "tty2" "tty3" "tty4" "tty5" "tty6" ];
+
+  # Shell script to start the VM.
+  startVM =
+    ''
+      #! ${pkgs.stdenv.shell}
+
+      NIX_DISK_IMAGE=$(readlink -f ''${NIX_DISK_IMAGE:-${config.virtualisation.diskImage}})
+
+      if ! test -e "$NIX_DISK_IMAGE"; then
+          ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 "$NIX_DISK_IMAGE" \
+            ${toString config.virtualisation.diskSize}M || exit 1
+      fi
+
+      # Create a directory for exchanging data with the VM.
+      if [ -z "$TMPDIR" -o -z "$USE_TMPDIR" ]; then
+          TMPDIR=$(mktemp -d nix-vm.XXXXXXXXXX --tmpdir)
+      fi
+      cd $TMPDIR
+      mkdir -p $TMPDIR/xchg
+
+      idx=2
+      extraDisks=""
+      ${flip concatMapStrings cfg.emptyDiskImages (size: ''
+        ${pkgs.qemu_kvm}/bin/qemu-img create -f raw "empty$idx" "${toString size}M"
+        extraDisks="$extraDisks -drive index=$idx,file=$(pwd)/empty$idx,if=virtio,werror=report"
+        idx=$((idx + 1))
+      '')}
+
+      # Start QEMU.
+      # "-boot menu=on" is there, because I don't know how to make qemu boot from 2nd hd.
+      exec ${pkgs.qemu_kvm}/bin/qemu-kvm \
+          -name ${vmName} \
+          -m ${toString config.virtualisation.memorySize} \
+          ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} \
+          -net nic,vlan=0,model=virtio \
+          -net user,vlan=0''${QEMU_NET_OPTS:+,$QEMU_NET_OPTS} \
+          -virtfs local,path=/nix/store,security_model=none,mount_tag=store \
+          -virtfs local,path=$TMPDIR/xchg,security_model=none,mount_tag=xchg \
+          -virtfs local,path=''${SHARED_DIR:-$TMPDIR/xchg},security_model=none,mount_tag=shared \
+          ${if cfg.useBootLoader then ''
+            -drive index=0,id=drive1,file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
+            -drive index=1,id=drive2,file=${bootDisk}/disk.img,if=virtio,readonly \
+            -boot menu=on
+          '' else ''
+            -drive file=$NIX_DISK_IMAGE,if=virtio,cache=writeback,werror=report \
+            -kernel ${config.system.build.toplevel}/kernel \
+            -initrd ${config.system.build.toplevel}/initrd \
+            -append "$(cat ${config.system.build.toplevel}/kernel-params) init=${config.system.build.toplevel}/init regInfo=${regInfo} ${kernelConsole} $QEMU_KERNEL_PARAMS" \
+          ''} \
+          $extraDisks \
+          ${qemuGraphics} \
+          ${toString config.virtualisation.qemu.options} \
+          $QEMU_OPTS
+    '';
+
+
+  regInfo = pkgs.runCommand "reginfo"
+    { exportReferencesGraph =
+        map (x: [("closure-" + baseNameOf x) x]) config.virtualisation.pathsInNixDB;
+      buildInputs = [ pkgs.perl ];
+      preferLocalBuild = true;
+    }
+    ''
+      printRegistration=1 perl ${pkgs.pathsFromGraph} closure-* > $out
+    '';
+
+
+  # Generate a hard disk image containing a /boot partition and GRUB
+  # in the MBR.  Used when the `useBootLoader' option is set.
+  bootDisk =
+    pkgs.vmTools.runInLinuxVM (
+      pkgs.runCommand "nixos-boot-disk"
+        { preVM =
+            ''
+              mkdir $out
+              diskImage=$out/disk.img
+              ${pkgs.qemu_kvm}/bin/qemu-img create -f qcow2 $diskImage "32M"
+            '';
+          buildInputs = [ pkgs.utillinux ];
+        }
+        ''
+          # Create a single /boot partition.
+          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+          ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+          . /sys/class/block/vda1/uevent
+          mknod /dev/vda1 b $MAJOR $MINOR
+          . /sys/class/block/vda/uevent
+          ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L boot /dev/vda1
+          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+
+          # Mount /boot.
+          mkdir /boot
+          mount /dev/vda1 /boot
+
+          # This is needed for GRUB 0.97, which doesn't know about virtio devices.
+          mkdir /boot/grub
+          echo '(hd0) /dev/vda' > /boot/grub/device.map
+
+          # Install GRUB and generate the GRUB boot menu.
+          touch /etc/NIXOS
+          mkdir -p /nix/var/nix/profiles
+          ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+          umount /boot
+        ''
+    );
+
+in
+
+{
+  imports = [ ../profiles/qemu-guest.nix ];
+
+  options = {
+
+    virtualisation.memorySize =
+      mkOption {
+        default = 384;
+        description =
+          ''
+            Memory size (M) of virtual machine.
+          '';
+      };
+
+    virtualisation.diskSize =
+      mkOption {
+        default = 512;
+        description =
+          ''
+            Disk size (M) of virtual machine.
+          '';
+      };
+
+    virtualisation.diskImage =
+      mkOption {
+        default = "./${vmName}.qcow2";
+        description =
+          ''
+            Path to the disk image containing the root filesystem.
+            The image will be created on startup if it does not
+            exist.
+          '';
+      };
+
+    virtualisation.emptyDiskImages =
+      mkOption {
+        default = [];
+        type = types.listOf types.int;
+        description =
+          ''
+            Additional disk images to provide to the VM, the value is a list of
+            sizes in megabytes the empty disk should be.
+
+            These disks are writeable by the VM and will be thrown away
+            afterwards.
+          '';
+      };
+
+    virtualisation.graphics =
+      mkOption {
+        default = true;
+        description =
+          ''
+            Whether to run QEMU with a graphics window, or access
+            the guest computer serial port through the host tty.
+          '';
+      };
+
+    virtualisation.pathsInNixDB =
+      mkOption {
+        default = [];
+        description =
+          ''
+            The list of paths whose closure is registered in the Nix
+            database in the VM.  All other paths in the host Nix store
+            appear in the guest Nix store as well, but are considered
+            garbage (because they are not registered in the Nix
+            database in the guest).
+          '';
+      };
+
+    virtualisation.vlans =
+      mkOption {
+        default = [ 1 ];
+        example = [ 1 2 ];
+        description =
+          ''
+            Virtual networks to which the VM is connected.  Each
+            number <replaceable>N</replaceable> in this list causes
+            the VM to have a virtual Ethernet interface attached to a
+            separate virtual network on which it will be assigned IP
+            address
+            <literal>192.168.<replaceable>N</replaceable>.<replaceable>M</replaceable></literal>,
+            where <replaceable>M</replaceable> is the index of this VM
+            in the list of VMs.
+          '';
+      };
+
+    virtualisation.writableStore =
+      mkOption {
+        default = false;
+        description =
+          ''
+            If enabled, the Nix store in the VM is made writable by
+            layering a unionfs-fuse/tmpfs filesystem on top of the host's Nix
+            store.
+          '';
+      };
+
+    virtualisation.writableStoreUseTmpfs =
+      mkOption {
+        default = true;
+        description =
+          ''
+            Use a tmpfs for the writable store instead of writing to the VM's
+            own filesystem.
+          '';
+      };
+
+    networking.primaryIPAddress =
+      mkOption {
+        default = "";
+        internal = true;
+        description = "Primary IP address used in /etc/hosts.";
+      };
+
+    virtualisation.qemu.options =
+      mkOption {
+        default = [];
+        example = [ "-vga std" ];
+        description = "Options passed to QEMU.";
+      };
+
+    virtualisation.useBootLoader =
+      mkOption {
+        default = false;
+        description =
+          ''
+            If enabled, the virtual machine will be booted using the
+            regular boot loader (i.e., GRUB 1 or 2).  This allows
+            testing of the boot loader.  If
+            disabled (the default), the VM directly boots the NixOS
+            kernel and initial ramdisk, bypassing the boot loader
+            altogether.
+          '';
+      };
+
+  };
+
+  config = {
+
+    boot.loader.grub.device = mkVMOverride "/dev/vda";
+
+    boot.initrd.supportedFilesystems = optional cfg.writableStore "unionfs-fuse";
+
+    boot.initrd.extraUtilsCommands =
+      ''
+        # We need mke2fs in the initrd.
+        cp ${pkgs.e2fsprogs}/sbin/mke2fs $out/bin
+      '';
+
+    boot.initrd.postDeviceCommands =
+      ''
+        # If the disk image appears to be empty, run mke2fs to
+        # initialise.
+        FSTYPE=$(blkid -o value -s TYPE /dev/vda || true)
+        if test -z "$FSTYPE"; then
+            mke2fs -t ext4 /dev/vda
+        fi
+      '';
+
+    boot.initrd.postMountCommands =
+      ''
+        # Mark this as a NixOS machine.
+        mkdir -p $targetRoot/etc
+        echo -n > $targetRoot/etc/NIXOS
+
+        # Fix the permissions on /tmp.
+        chmod 1777 $targetRoot/tmp
+
+        mkdir -p $targetRoot/boot
+        ${optionalString cfg.writableStore ''
+          mkdir -p /unionfs-chroot/ro-store
+          mount --rbind $targetRoot/nix/store /unionfs-chroot/ro-store
+
+          mkdir /unionfs-chroot/rw-store
+          ${if cfg.writableStoreUseTmpfs then ''
+          mount -t tmpfs -o "mode=755" none /unionfs-chroot/rw-store
+          '' else ''
+          mkdir $targetRoot/.nix-rw-store
+          mount --bind $targetRoot/.nix-rw-store /unionfs-chroot/rw-store
+          ''}
+
+          unionfs -o allow_other,cow,nonempty,chroot=/unionfs-chroot,max_files=32768,hide_meta_files /rw-store=RW:/ro-store=RO $targetRoot/nix/store
+        ''}
+      '';
+
+    # After booting, register the closure of the paths in
+    # `virtualisation.pathsInNixDB' in the Nix database in the VM.  This
+    # allows Nix operations to work in the VM.  The path to the
+    # registration file is passed through the kernel command line to
+    # allow `system.build.toplevel' to be included.  (If we had a direct
+    # reference to ${regInfo} here, then we would get a cyclic
+    # dependency.)
+    boot.postBootCommands =
+      ''
+        if [[ "$(cat /proc/cmdline)" =~ regInfo=([^ ]*) ]]; then
+          ${config.nix.package}/bin/nix-store --load-db < ''${BASH_REMATCH[1]}
+        fi
+      '';
+
+    virtualisation.pathsInNixDB = [ config.system.build.toplevel ];
+
+    virtualisation.qemu.options = [ "-vga std" "-usbdevice tablet" ];
+
+    # Mount the host filesystem via 9P, and bind-mount the Nix store
+    # of the host into our own filesystem.  We use mkVMOverride to
+    # allow this module to be applied to "normal" NixOS system
+    # configuration, where the regular value for the `fileSystems'
+    # attribute should be disregarded for the purpose of building a VM
+    # test image (since those filesystems don't exist in the VM).
+    fileSystems = mkVMOverride
+      { "/".device = "/dev/vda";
+        "/nix/store" =
+          { device = "store";
+            fsType = "9p";
+            options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
+          };
+        "/tmp/xchg" =
+          { device = "xchg";
+            fsType = "9p";
+            options = "trans=virtio,version=9p2000.L,msize=1048576,cache=loose";
+            neededForBoot = true;
+          };
+        "/tmp/shared" =
+          { device = "shared";
+            fsType = "9p";
+            options = "trans=virtio,version=9p2000.L,msize=1048576";
+            neededForBoot = true;
+          };
+      } // optionalAttrs cfg.useBootLoader
+      { "/boot" =
+          { device = "/dev/disk/by-label/boot";
+            fsType = "ext4";
+            options = "ro";
+            noCheck = true; # fsck fails on a r/o filesystem
+          };
+      };
+
+    swapDevices = mkVMOverride [ ];
+    boot.initrd.luks.devices = mkVMOverride [];
+
+    # Don't run ntpd in the guest.  It should get the correct time from KVM.
+    services.ntp.enable = false;
+
+    system.build.vm = pkgs.runCommand "nixos-vm" { preferLocalBuild = true; }
+      ''
+        ensureDir $out/bin
+        ln -s ${config.system.build.toplevel} $out/system
+        ln -s ${pkgs.writeScript "run-nixos-vm" startVM} $out/bin/run-${vmName}-vm
+      '';
+
+    # When building a regular system configuration, override whatever
+    # video driver the host uses.
+    services.xserver.videoDriver = mkVMOverride null;
+    services.xserver.videoDrivers = mkVMOverride [ "vesa" ];
+    services.xserver.defaultDepth = mkVMOverride 0;
+    services.xserver.resolutions = mkVMOverride [ { x = 1024; y = 768; } ];
+    services.xserver.monitorSection =
+      ''
+        # Set a higher refresh rate so that resolutions > 800x600 work.
+        HorizSync 30-140
+        VertRefresh 50-160
+      '';
+
+    # Wireless won't work in the VM.
+    networking.wireless.enable = mkVMOverride false;
+
+    system.requiredKernelConfig = with config.lib.kernelConfig;
+      [ (isEnabled "VIRTIO_BLK")
+        (isEnabled "VIRTIO_PCI")
+        (isEnabled "VIRTIO_NET")
+        (isEnabled "EXT4_FS")
+        (isYes "BLK_DEV")
+        (isYes "PCI")
+        (isYes "EXPERIMENTAL")
+        (isYes "NETDEVICES")
+        (isYes "NET_CORE")
+        (isYes "INET")
+        (isYes "NETWORK_FILESYSTEMS")
+      ] ++ optional (!cfg.graphics) [
+        (isYes "SERIAL_8250_CONSOLE")
+        (isYes "SERIAL_8250")
+      ];
+
+  };
+}
diff --git a/nixos/modules/virtualisation/virtualbox-guest.nix b/nixos/modules/virtualisation/virtualbox-guest.nix
new file mode 100644
index 000000000000..664fd21781cd
--- /dev/null
+++ b/nixos/modules/virtualisation/virtualbox-guest.nix
@@ -0,0 +1,87 @@
+# Module for VirtualBox guests.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.services.virtualbox;
+  kernel = config.boot.kernelPackages;
+
+in
+
+optionalAttrs (pkgs.stdenv.isi686 || pkgs.stdenv.isx86_64) # ugly...
+{
+
+  ###### interface
+
+  options = {
+
+    services.virtualbox = {
+
+      enable = mkOption {
+        default = false;
+        description = "Whether to enable the VirtualBox service and other guest additions.";
+      };
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ kernel.virtualboxGuestAdditions ];
+
+    boot.extraModulePackages = [ kernel.virtualboxGuestAdditions ];
+
+    users.extraGroups.vboxsf.gid = config.ids.gids.vboxsf;
+
+    systemd.services.virtualbox =
+      { description = "VirtualBox Guest Services";
+
+        wantedBy = [ "multi-user.target" ];
+        requires = [ "dev-vboxguest.device" ];
+        after = [ "dev-vboxguest.device" ];
+
+        unitConfig.ConditionVirtualization = "oracle";
+
+        serviceConfig.ExecStart = "@${kernel.virtualboxGuestAdditions}/sbin/VBoxService VBoxService --foreground";
+      };
+
+    services.xserver.videoDrivers = mkOverride 50 [ "virtualbox" ];
+
+    services.xserver.config =
+      ''
+        Section "InputDevice"
+          Identifier "VBoxMouse"
+          Driver "vboxmouse"
+        EndSection
+      '';
+
+    services.xserver.serverLayoutSection =
+      ''
+        InputDevice "VBoxMouse"
+      '';
+
+    services.xserver.displayManager.sessionCommands =
+      ''
+        PATH=${makeSearchPath "bin" [ pkgs.gnugrep pkgs.which pkgs.xorg.xorgserver ]}:$PATH \
+          ${kernel.virtualboxGuestAdditions}/bin/VBoxClient-all
+      '';
+
+    services.udev.extraRules =
+      ''
+        # /dev/vboxuser is necessary for VBoxClient to work.  Maybe we
+        # should restrict this to logged-in users.
+        KERNEL=="vboxuser",  OWNER="root", GROUP="root", MODE="0666"
+
+        # Allow systemd dependencies on vboxguest.
+        KERNEL=="vboxguest", TAG+="systemd"
+      '';
+  };
+
+}
diff --git a/nixos/modules/virtualisation/virtualbox-image.nix b/nixos/modules/virtualisation/virtualbox-image.nix
new file mode 100644
index 000000000000..beed36b6a516
--- /dev/null
+++ b/nixos/modules/virtualisation/virtualbox-image.nix
@@ -0,0 +1,110 @@
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+{
+  system.build.virtualBoxImage =
+    pkgs.vmTools.runInLinuxVM (
+      pkgs.runCommand "virtualbox-image"
+        { memSize = 768;
+          preVM =
+            ''
+              mkdir $out
+              diskImage=$out/image
+              ${pkgs.vmTools.qemu}/bin/qemu-img create -f raw $diskImage "10G"
+              mv closure xchg/
+            '';
+          postVM =
+            ''
+              echo "creating VirtualBox disk image..."
+              ${pkgs.vmTools.qemu}/bin/qemu-img convert -f raw -O vdi $diskImage $out/disk.vdi
+              rm $diskImage
+            '';
+          buildInputs = [ pkgs.utillinux pkgs.perl ];
+          exportReferencesGraph =
+            [ "closure" config.system.build.toplevel ];
+        }
+        ''
+          # Create a single / partition.
+          ${pkgs.parted}/sbin/parted /dev/vda mklabel msdos
+          ${pkgs.parted}/sbin/parted /dev/vda -- mkpart primary ext2 1M -1s
+          . /sys/class/block/vda1/uevent
+          mknod /dev/vda1 b $MAJOR $MINOR
+
+          # Create an empty filesystem and mount it.
+          ${pkgs.e2fsprogs}/sbin/mkfs.ext4 -L nixos /dev/vda1
+          ${pkgs.e2fsprogs}/sbin/tune2fs -c 0 -i 0 /dev/vda1
+          mkdir /mnt
+          mount /dev/vda1 /mnt
+
+          # The initrd expects these directories to exist.
+          mkdir /mnt/dev /mnt/proc /mnt/sys
+          mount --bind /proc /mnt/proc
+          mount --bind /dev /mnt/dev
+          mount --bind /sys /mnt/sys
+
+          # Copy all paths in the closure to the filesystem.
+          storePaths=$(perl ${pkgs.pathsFromGraph} /tmp/xchg/closure)
+
+          echo "filling Nix store..."
+          mkdir -p /mnt/nix/store
+          set -f
+          cp -prd $storePaths /mnt/nix/store/
+
+          # Register the paths in the Nix database.
+          printRegistration=1 perl ${pkgs.pathsFromGraph} /tmp/xchg/closure | \
+              chroot /mnt ${config.nix.package}/bin/nix-store --load-db
+
+          # Create the system profile to allow nixos-rebuild to work.
+          chroot /mnt ${config.nix.package}/bin/nix-env \
+              -p /nix/var/nix/profiles/system --set ${config.system.build.toplevel}
+
+          # `nixos-rebuild' requires an /etc/NIXOS.
+          mkdir -p /mnt/etc/nixos
+          touch /mnt/etc/NIXOS
+
+          # `switch-to-configuration' requires a /bin/sh
+          mkdir -p /mnt/bin
+          ln -s ${config.system.build.binsh}/bin/sh /mnt/bin/sh
+
+          # Generate the GRUB menu.
+          ln -s vda /dev/sda
+          chroot /mnt ${config.system.build.toplevel}/bin/switch-to-configuration boot
+
+          umount /mnt/proc /mnt/dev /mnt/sys
+          umount /mnt
+        ''
+    );
+
+  system.build.virtualBoxOVA = pkgs.runCommand "virtualbox-ova"
+    { buildInputs = [ pkgs.linuxPackages.virtualbox ];
+      vmName = "NixOS ${config.system.nixosVersion} (${pkgs.stdenv.system})";
+      fileName = "nixos-${config.system.nixosVersion}-${pkgs.stdenv.system}.ova";
+    }
+    ''
+      echo "creating VirtualBox VM..."
+      export HOME=$PWD
+      VBoxManage createvm --name "$vmName" --register \
+        --ostype ${if pkgs.stdenv.system == "x86_64-linux" then "Linux26_64" else "Linux26"}
+      VBoxManage modifyvm "$vmName" \
+        --memory 1536 --acpi on --vram 10 \
+        --nictype1 virtio --nic1 nat \
+        --audiocontroller ac97 --audio alsa \
+        --rtcuseutc on \
+        --usb on --mouse usbtablet
+      VBoxManage storagectl "$vmName" --name SATA --add sata --sataportcount 4 --bootable on --hostiocache on
+      VBoxManage storageattach "$vmName" --storagectl SATA --port 0 --device 0 --type hdd \
+        --medium ${config.system.build.virtualBoxImage}/disk.vdi
+
+      echo "exporting VirtualBox VM..."
+      mkdir -p $out
+      VBoxManage export "$vmName" --output "$out/$fileName"
+    '';
+
+  fileSystems."/".device = "/dev/disk/by-label/nixos";
+
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";
+
+  services.virtualbox.enable = true;
+}
diff --git a/nixos/modules/virtualisation/xen-dom0.nix b/nixos/modules/virtualisation/xen-dom0.nix
new file mode 100644
index 000000000000..4c24c6a7826a
--- /dev/null
+++ b/nixos/modules/virtualisation/xen-dom0.nix
@@ -0,0 +1,179 @@
+# Xen hypervisor (Dom0) support.
+
+{ config, pkgs, ... }:
+
+with pkgs.lib;
+
+let
+
+  cfg = config.virtualisation.xen;
+
+  xen = pkgs.xen;
+
+  xendConfig = pkgs.writeText "xend-config.sxp"
+    ''
+      (loglevel DEBUG)
+      (network-script network-bridge)
+      (vif-script vif-bridge)
+    '';
+
+in
+
+{
+  ###### interface
+
+  options = {
+
+    virtualisation.xen.enable =
+      mkOption {
+        default = false;
+        description =
+          ''
+            Setting this option enables the Xen hypervisor, a
+            virtualisation technology that allows multiple virtual
+            machines, known as <emphasis>domains</emphasis>, to run
+            concurrently on the physical machine.  NixOS runs as the
+            privileged <emphasis>Domain 0</emphasis>.  This option
+            requires a reboot to take effect.
+          '';
+      };
+
+    virtualisation.xen.bootParams =
+      mkOption {
+        default = "";
+        description =
+          ''
+            Parameters passed to the Xen hypervisor at boot time.
+          '';
+      };
+
+    virtualisation.xen.domain0MemorySize =
+      mkOption {
+        default = 0;
+        example = 512;
+        description =
+          ''
+            Amount of memory (in MiB) allocated to Domain 0 on boot.
+            If set to 0, all memory is assigned to Domain 0.
+          '';
+      };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    environment.systemPackages = [ xen ];
+
+    # Domain 0 requires a pvops-enabled kernel.
+    boot.kernelPackages = pkgs.linuxPackages_3_2_xen;
+
+    boot.kernelModules =
+      [ "xen_evtchn" "xen_gntdev" "xen_blkback" "xen_netback" "xen_pciback"
+        "blktap" "tun"
+      ];
+
+    # The radeonfb kernel module causes the screen to go black as soon
+    # as it's loaded, so don't load it.
+    boot.blacklistedKernelModules = [ "radeonfb" ];
+
+    # Increase the number of loopback devices from the default (8),
+    # which is way too small because every VM virtual disk requires a
+    # loopback device.
+    boot.extraModprobeConfig =
+      ''
+        options loop max_loop=64
+      '';
+
+    virtualisation.xen.bootParams =
+      [ "loglvl=all" "guest_loglvl=all" ] ++
+      optional (cfg.domain0MemorySize != 0) "dom0_mem=${toString cfg.domain0MemorySize}M";
+
+    system.extraSystemBuilderCmds =
+      ''
+        ln -s ${xen}/boot/xen.gz $out/xen.gz
+        echo "${toString cfg.bootParams}" > $out/xen-params
+      '';
+
+    # Mount the /proc/xen pseudo-filesystem.
+    system.activationScripts.xen =
+      ''
+        if [ -d /proc/xen ]; then
+            ${pkgs.sysvtools}/bin/mountpoint -q /proc/xen || \
+                ${pkgs.utillinux}/bin/mount -t xenfs none /proc/xen
+        fi
+      '';
+
+    jobs.xend =
+      { description = "Xen control daemon";
+
+        startOn = "stopped udevtrigger";
+
+        path =
+          [ pkgs.bridge_utils pkgs.gawk pkgs.iproute pkgs.nettools
+            pkgs.utillinux pkgs.bash xen pkgs.pciutils pkgs.procps
+          ];
+
+        environment.XENCONSOLED_TRACE = "hv";
+
+        preStart =
+          ''
+            mkdir -p /var/log/xen/console -m 0700
+
+            ${xen}/sbin/xend start
+
+            # Wait until Xend is running.
+            for ((i = 0; i < 60; i++)); do echo "waiting for xend..."; ${xen}/sbin/xend status && break; done
+
+            ${xen}/sbin/xend status || exit 1
+          '';
+
+        postStop = "${xen}/sbin/xend stop";
+      };
+
+    jobs.xendomains =
+      { description = "Automatically starts, saves and restores Xen domains on startup/shutdown";
+
+        startOn = "started xend";
+
+        stopOn = "starting shutdown and stopping xend";
+
+        restartIfChanged = false;
+        
+        path = [ pkgs.xen ];
+
+        environment.XENDOM_CONFIG = "${xen}/etc/sysconfig/xendomains";
+
+        preStart =
+          ''
+            mkdir -p /var/lock/subsys -m 755
+            ${xen}/etc/init.d/xendomains start
+          '';
+
+        postStop = "${xen}/etc/init.d/xendomains stop";
+      };
+
+    # To prevent a race between dhcpcd and xend's bridge setup script
+    # (which renames eth* to peth* and recreates eth* as a virtual
+    # device), start dhcpcd after xend.
+    jobs.dhcpcd.startOn = mkOverride 50 "started xend";
+
+    environment.etc =
+      [ { source = xendConfig;
+          target = "xen/xend-config.sxp";
+        }
+        { source = "${xen}/etc/xen/scripts";
+          target = "xen/scripts";
+        }
+      ];
+
+    # Xen provides udev rules.
+    services.udev.packages = [ xen ];
+
+    services.udev.path = [ pkgs.bridge_utils pkgs.iproute ];
+
+  };
+
+}
diff --git a/nixos/modules/virtualisation/xen-domU.nix b/nixos/modules/virtualisation/xen-domU.nix
new file mode 100644
index 000000000000..483589669345
--- /dev/null
+++ b/nixos/modules/virtualisation/xen-domU.nix
@@ -0,0 +1,19 @@
+# Common configuration for Xen DomU NixOS virtual machines.
+
+{ config, pkgs, ... }:
+
+{
+  # We're being booted using pv-grub, which means that we need to
+  # generate a GRUB 1 menu without actually installing GRUB.
+  boot.loader.grub.version = 1;
+  boot.loader.grub.device = "nodev";
+  boot.loader.grub.extraPerEntryConfig = "root (hd0)";
+
+  boot.initrd.kernelModules = [ "xen-blkfront" ];
+
+  # Send syslog messages to the Xen console.
+  services.syslogd.tty = "hvc0";
+
+  # Don't run ntpd, since we should get the correct time from Dom0.
+  services.ntp.enable = false;
+}
diff --git a/nixos/release-combined.nix b/nixos/release-combined.nix
new file mode 100644
index 000000000000..dccc3acbf464
--- /dev/null
+++ b/nixos/release-combined.nix
@@ -0,0 +1,70 @@
+{ nixpkgs ? { outPath = ./..; revCount = 5678; shortRev = "gfedcba"; }
+, officialRelease ? false
+, stableBranch ? false
+}:
+
+let
+
+  nixpkgsSrc = nixpkgs; # urgh
+
+  pkgs = import ./.. {};
+
+  removeMaintainers = set: if builtins.isAttrs set
+    then if (set.type or "") == "derivation"
+      then set // { meta = builtins.removeAttrs (set.meta or {}) [ "maintainers" ]; }
+      else pkgs.lib.mapAttrs (n: v: removeMaintainers v) set
+    else set;
+
+in rec {
+
+  nixos = removeMaintainers (import ./release.nix {
+    inherit officialRelease stableBranch;
+    nixpkgs = nixpkgsSrc;
+  });
+
+  nixpkgs = builtins.removeAttrs (removeMaintainers (import ../pkgs/top-level/release.nix {
+    inherit officialRelease;
+    nixpkgs = nixpkgsSrc;
+    # Only do Linux builds.
+    supportedSystems = [ "x86_64-linux" "i686-linux" ];
+  })) [ "unstable" ];
+
+  tested = pkgs.releaseTools.aggregate {
+    name = "nixos-${nixos.channel.version}";
+    meta = {
+      description = "Release-critical builds for the NixOS unstable channel";
+      maintainers = [ pkgs.lib.maintainers.eelco pkgs.lib.maintainers.shlevy ];
+    };
+    constituents =
+      let all = x: [ x.x86_64-linux x.i686-linux ]; in
+      [ nixos.channel
+        (all nixos.manual)
+
+        (all nixos.iso_minimal)
+        (all nixos.iso_graphical)
+        (all nixos.ova)
+
+        #(all nixos.tests.efi-installer.simple)
+        (all nixos.tests.firefox)
+        (all nixos.tests.firewall)
+        (all nixos.tests.installer.grub1)
+        (all nixos.tests.installer.lvm)
+        (all nixos.tests.installer.separateBoot)
+        (all nixos.tests.installer.simple)
+        (all nixos.tests.ipv6)
+        (all nixos.tests.kde4)
+        (all nixos.tests.login)
+        (all nixos.tests.misc)
+        (all nixos.tests.nat)
+        (all nixos.tests.nfs3)
+        (all nixos.tests.openssh)
+        (all nixos.tests.printing)
+        (all nixos.tests.proxy)
+        (all nixos.tests.xfce)
+
+        nixpkgs.tarball
+        (all nixpkgs.emacs)
+      ];
+  };
+
+}
diff --git a/nixos/release.nix b/nixos/release.nix
new file mode 100644
index 000000000000..1ffb334d90a4
--- /dev/null
+++ b/nixos/release.nix
@@ -0,0 +1,224 @@
+{ nixpkgs ? { outPath = ./..; revCount = 5678; shortRev = "gfedcba"; }
+, officialRelease ? false
+, stableBranch ? false
+}:
+
+let
+
+  version = builtins.readFile ../.version;
+  versionSuffix =
+    if officialRelease then ""
+    else (if stableBranch then "." else "pre") + "${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
+
+  systems = [ "x86_64-linux" "i686-linux" ];
+
+  forAllSystems = pkgs.lib.genAttrs systems;
+
+  pkgs = import nixpkgs { system = "x86_64-linux"; };
+
+  lib = pkgs.lib;
+
+
+  versionModule =
+    { system.nixosVersionSuffix = versionSuffix;
+      system.nixosRevision = nixpkgs.rev or nixpkgs.shortRev;
+    };
+
+
+  makeIso =
+    { module, type, description ? type, maintainers ? ["eelco"], system }:
+
+    with import nixpkgs { inherit system; };
+
+    let
+
+      config = (import lib/eval-config.nix {
+        inherit system;
+        modules = [ module versionModule { isoImage.isoBaseName = "nixos-${type}"; } ];
+      }).config;
+
+      iso = config.system.build.isoImage;
+
+    in
+      # Declare the ISO as a build product so that it shows up in Hydra.
+      runCommand "nixos-iso-${config.system.nixosVersion}"
+        { meta = {
+            description = "NixOS installation CD (${description}) - ISO image for ${system}";
+            maintainers = map (x: lib.getAttr x lib.maintainers) maintainers;
+          };
+          inherit iso;
+          passthru = { inherit config; };
+        }
+        ''
+          mkdir -p $out/nix-support
+          echo "file iso" $iso/iso/*.iso* >> $out/nix-support/hydra-build-products
+        ''; # */
+
+
+  makeSystemTarball =
+    { module, maintainers ? ["viric"], system }:
+
+    with import nixpkgs { inherit system; };
+
+    let
+
+      config = (import lib/eval-config.nix {
+        inherit system;
+        modules = [ module versionModule ];
+      }).config;
+
+      tarball = config.system.build.tarball;
+
+    in
+      tarball //
+        { meta = {
+            description = "NixOS system tarball for ${system} - ${stdenv.platform.name}";
+            maintainers = map (x: lib.getAttr x lib.maintainers) maintainers;
+          };
+          inherit config;
+        };
+
+
+in rec {
+
+  channel =
+    pkgs.releaseTools.makeSourceTarball {
+      name = "nixos-channel";
+
+      src = nixpkgs;
+
+      officialRelease = false; # FIXME: fix this in makeSourceTarball
+      inherit version versionSuffix;
+
+      buildInputs = [ pkgs.nixUnstable ];
+
+      expr = builtins.readFile lib/channel-expr.nix;
+
+      distPhase = ''
+        rm -rf .git
+        echo -n $VERSION_SUFFIX > .version-suffix
+        echo -n ${nixpkgs.rev or nixpkgs.shortRev} > .git-revision
+        releaseName=nixos-$VERSION$VERSION_SUFFIX
+        mkdir -p $out/tarballs
+        mkdir ../$releaseName
+        cp -prd . ../$releaseName/nixpkgs
+        chmod -R u+w ../$releaseName
+        ln -s nixpkgs/nixos ../$releaseName/nixos
+        echo "$expr" > ../$releaseName/default.nix
+        NIX_STATE_DIR=$TMPDIR nix-env -f ../$releaseName/default.nix -qaP --meta --xml \* > /dev/null
+        cd ..
+        chmod -R u+w $releaseName
+        tar cfJ $out/tarballs/$releaseName.tar.xz $releaseName
+      ''; # */
+    };
+
+
+  manual = forAllSystems (system: (builtins.getAttr system iso_minimal).config.system.build.manual.manual);
+  manpages = forAllSystems (system: (builtins.getAttr system iso_minimal).config.system.build.manual.manpages);
+
+
+  iso_minimal = forAllSystems (system: makeIso {
+    module = ./modules/installer/cd-dvd/installation-cd-minimal.nix;
+    type = "minimal";
+    inherit system;
+  });
+
+  iso_minimal_new_kernel = forAllSystems (system: makeIso {
+    module = ./modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix;
+    type = "minimal-new-kernel";
+    inherit system;
+  });
+
+  iso_graphical = forAllSystems (system: makeIso {
+    module = ./modules/installer/cd-dvd/installation-cd-graphical.nix;
+    type = "graphical";
+    inherit system;
+  });
+
+  # A variant with a more recent (but possibly less stable) kernel
+  # that might support more hardware.
+  iso_new_kernel = forAllSystems (system: makeIso {
+    module = ./modules/installer/cd-dvd/installation-cd-new-kernel.nix;
+    type = "new-kernel";
+    inherit system;
+  });
+
+  # A variant with efi booting support. Once cd-minimal has a newer kernel,
+  # this should be enabled by default.
+  iso_efi = forAllSystems (system: makeIso {
+    module = ./modules/installer/cd-dvd/installation-cd-efi.nix;
+    type = "efi";
+    maintainers = [ "shlevy" ];
+    inherit system;
+  });
+
+
+  # A bootable VirtualBox virtual appliance as an OVA file (i.e. packaged OVF).
+  ova = forAllSystems (system:
+
+    with import nixpkgs { inherit system; };
+
+    let
+
+      config = (import lib/eval-config.nix {
+        inherit system;
+        modules =
+          [ versionModule
+            ./modules/installer/virtualbox-demo.nix
+          ];
+      }).config;
+
+    in
+      # Declare the OVA as a build product so that it shows up in Hydra.
+      runCommand "nixos-ova-${config.system.nixosVersion}-${system}"
+        { meta = {
+            description = "NixOS VirtualBox appliance (${system})";
+            maintainers = lib.maintainers.eelco;
+          };
+          ova = config.system.build.virtualBoxOVA;
+        }
+        ''
+          mkdir -p $out/nix-support
+          fn=$(echo $ova/*.ova)
+          echo "file ova $fn" >> $out/nix-support/hydra-build-products
+        '' # */
+
+  );
+
+
+  # Provide a tarball that can be unpacked into an SD card, and easily
+  # boot that system from uboot (like for the sheevaplug).
+  # The pc variant helps preparing the expression for the system tarball
+  # in a machine faster than the sheevpalug
+  system_tarball_pc = forAllSystems (system: makeSystemTarball {
+    module = ./modules/installer/cd-dvd/system-tarball-pc.nix;
+    inherit system;
+  });
+
+  /*
+  system_tarball_fuloong2f =
+    assert builtins.currentSystem == "mips64-linux";
+    makeSystemTarball {
+      module = ./modules/installer/cd-dvd/system-tarball-fuloong2f.nix;
+      system = "mips64-linux";
+    };
+
+  system_tarball_sheevaplug =
+    assert builtins.currentSystem == "armv5tel-linux";
+    makeSystemTarball {
+      module = ./modules/installer/cd-dvd/system-tarball-sheevaplug.nix;
+      system = "armv5tel-linux";
+    };
+  */
+
+
+  # Run the tests in ./tests/default.nix for each platform.  You can
+  # run a test by doing e.g. "nix-build -A tests.login.x86_64-linux".
+  tests =
+    with lib;
+    let
+      testsFor = system:
+        mapAttrsRecursiveCond (x: !x ? test) (n: v: listToAttrs [(nameValuePair system v.test)])
+          (import ./tests { inherit nixpkgs system; });
+    in fold recursiveUpdate {} (map testsFor systems);
+}
diff --git a/nixos/tests/avahi.nix b/nixos/tests/avahi.nix
new file mode 100644
index 000000000000..d95361dcd83d
--- /dev/null
+++ b/nixos/tests/avahi.nix
@@ -0,0 +1,55 @@
+{ pkgs, ... }:
+
+with pkgs;
+
+{
+  nodes = {
+    one =
+      { config, pkgs, ... }: {
+        services.avahi.enable = true;
+        services.avahi.nssmdns = true;
+      };
+
+    two =
+      { config, pkgs, ... }: {
+        services.avahi.enable = true;
+        services.avahi.nssmdns = true;
+      };
+  };
+
+  # Test whether `avahi-daemon' and `libnss-mdns' work as expected.
+  testScript =
+    '' startAll;
+
+       # mDNS.
+       $one->waitForUnit("network.target");
+       $one->succeed("avahi-resolve-host-name one.local | tee out >&2");
+       $one->succeed("test \"`cut -f1 < out`\" = one.local");
+       $one->succeed("avahi-resolve-host-name two.local | tee out >&2");
+       $one->succeed("test \"`cut -f1 < out`\" = two.local");
+
+       $two->waitForUnit("network.target");
+       $two->succeed("avahi-resolve-host-name one.local | tee out >&2");
+       $two->succeed("test \"`cut -f1 < out`\" = one.local");
+       $two->succeed("avahi-resolve-host-name two.local | tee out >&2");
+       $two->succeed("test \"`cut -f1 < out`\" = two.local");
+
+       # Basic DNS-SD.
+       $one->succeed("avahi-browse -r -t _workstation._tcp | tee out >&2");
+       $one->succeed("test `wc -l < out` -gt 0");
+       $two->succeed("avahi-browse -r -t _workstation._tcp | tee out >&2");
+       $two->succeed("test `wc -l < out` -gt 0");
+
+       # More DNS-SD.
+       $one->execute("avahi-publish -s \"This is a test\" _test._tcp 123 one=1 &");
+       $one->sleep(5);
+       $two->succeed("avahi-browse -r -t _test._tcp | tee out >&2");
+       $two->succeed("test `wc -l < out` -gt 0");
+
+       # NSS-mDNS.
+       $one->succeed("getent hosts one.local >&2");
+       $one->succeed("getent hosts two.local >&2");
+       $two->succeed("getent hosts one.local >&2");
+       $two->succeed("getent hosts two.local >&2");
+    '';
+}
diff --git a/nixos/tests/bittorrent.nix b/nixos/tests/bittorrent.nix
new file mode 100644
index 000000000000..6e67edb0b820
--- /dev/null
+++ b/nixos/tests/bittorrent.nix
@@ -0,0 +1,107 @@
+# This test runs a Bittorrent tracker on one machine, and verifies
+# that two client machines can download the torrent using
+# `transmission'.  The first client (behind a NAT router) downloads
+# from the initial seeder running on the tracker.  Then we kill the
+# initial seeder.  The second client downloads from the first client,
+# which only works if the first client successfully uses the UPnP-IGD
+# protocol to poke a hole in the NAT.
+
+{ pkgs, ... }:
+
+let
+
+  # Some random file to serve.
+  file = pkgs.nixUnstable.src;
+
+  miniupnpdConf = nodes: pkgs.writeText "miniupnpd.conf"
+    ''
+      ext_ifname=eth1
+      listening_ip=${nodes.router.config.networking.interfaces.eth2.ipAddress}/24
+      allow 1024-65535 192.168.2.0/24 1024-65535
+    '';
+
+in
+
+{
+
+  nodes =
+    { tracker =
+        { config, pkgs, ... }:
+        { environment.systemPackages = [ pkgs.transmission pkgs.bittorrent ];
+
+          # We need Apache on the tracker to serve the torrents.
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+          services.httpd.documentRoot = "/tmp";
+        };
+
+      router =
+        { config, pkgs, ... }:
+        { environment.systemPackages = [ pkgs.miniupnpd ];
+          virtualisation.vlans = [ 1 2 ];
+          networking.nat.enable = true;
+          networking.nat.internalIPs = [ "192.168.2.0/24" ];
+          networking.nat.externalInterface = "eth1";
+        };
+
+      client1 =
+        { config, pkgs, nodes, ... }:
+        { environment.systemPackages = [ pkgs.transmission ];
+          virtualisation.vlans = [ 2 ];
+          networking.defaultGateway =
+            nodes.router.config.networking.interfaces.eth2.ipAddress;
+        };
+
+      client2 =
+        { config, pkgs, ... }:
+        { environment.systemPackages = [ pkgs.transmission ];
+        };
+    };
+
+  testScript =
+    { nodes, ... }:
+    ''
+      startAll;
+
+      # Enable NAT on the router and start miniupnpd.
+      $router->waitForUnit("nat");
+      $router->succeed(
+          "iptables -t nat -N MINIUPNPD",
+          "iptables -t nat -A PREROUTING -i eth1 -j MINIUPNPD",
+          "echo 1 > /proc/sys/net/ipv4/ip_forward",
+          "miniupnpd -f ${miniupnpdConf nodes}"
+      );
+
+      # Create the torrent.
+      $tracker->succeed("mkdir /tmp/data");
+      $tracker->succeed("cp ${file} /tmp/data/test.tar.bz2");
+      $tracker->succeed("transmission-create /tmp/data/test.tar.bz2 -t http://tracker:6969/announce -o /tmp/test.torrent");
+      $tracker->succeed("chmod 644 /tmp/test.torrent");
+
+      # Start the tracker.  !!! use a less crappy tracker
+      $tracker->waitForUnit("network.target");
+      $tracker->succeed("bittorrent-tracker --port 6969 --dfile /tmp/dstate >&2 &");
+      $tracker->waitForOpenPort(6969);
+
+      # Start the initial seeder.
+      my $pid = $tracker->succeed("transmission-cli /tmp/test.torrent -M -w /tmp/data >&2 & echo \$!");
+
+      # Now we should be able to download from the client behind the NAT.
+      $tracker->waitForUnit("httpd");
+      $client1->waitForUnit("network.target");
+      $client1->succeed("transmission-cli http://tracker/test.torrent -w /tmp >&2 &");
+      $client1->waitForFile("/tmp/test.tar.bz2");
+      $client1->succeed("cmp /tmp/test.tar.bz2 ${file}");
+
+      # Bring down the initial seeder.
+      $tracker->succeed("kill -9 $pid");
+
+      # Now download from the second client.  This can only succeed if
+      # the first client created a NAT hole in the router.
+      $client2->waitForUnit("network.target");
+      $client2->succeed("transmission-cli http://tracker/test.torrent -M -w /tmp >&2 &");
+      $client2->waitForFile("/tmp/test.tar.bz2");
+      $client2->succeed("cmp /tmp/test.tar.bz2 ${file}");
+    '';
+
+}
diff --git a/nixos/tests/check-filesystems.nix b/nixos/tests/check-filesystems.nix
new file mode 100644
index 000000000000..09401f9a3f44
--- /dev/null
+++ b/nixos/tests/check-filesystems.nix
@@ -0,0 +1,80 @@
+{ nixos ? ./..
+, nixpkgs ? /etc/nixos/nixpkgs
+, system ? builtins.currentSystem
+}:
+
+with import ../lib/build-vms.nix { inherit nixos nixpkgs system; };
+
+rec {
+  nodes = {
+    share = {pkgs, config, ...}: {
+      services.nfs.server.enable = true;
+      services.nfs.server.exports = ''
+        /repos1 192.168.1.0/255.255.255.0(rw,no_root_squash)
+        /repos2 192.168.1.0/255.255.255.0(rw,no_root_squash)
+      '';
+      services.nfs.server.createMountPoints = true;
+
+      jobs.checkable = {
+        startOn = [
+          config.jobs.nfs_kernel_exports.name
+          config.jobs.nfs_kernel_nfsd.name
+        ];
+        respawn = true;
+      };
+    };
+
+    fsCheck = {pkgs, config, ...}: {
+      fileSystems =
+        let
+          repos1 = {
+            mountPoint = "/repos1";
+            autocreate = true;
+            device = "share:/repos1";
+            fsType = "nfs";
+          };
+
+          repos2 = {
+            mountPoint = "/repos2";
+            autocreate = true;
+            device = "share:/repos2";
+            fsType = "nfs";
+          };
+        in pkgs.lib.mkVMOverride [
+          repos1
+          repos1 # check remount
+          repos2 # check after remount
+        ];
+
+      jobs.checkable = {
+        startOn = "stopped ${config.jobs.filesystems.name}";
+        respawn = true;
+      };
+    };
+  };
+
+  vms = buildVirtualNetwork { inherit nodes; };
+
+  test = runTests vms
+    ''
+      startAll;
+
+      $share->waitForUnit("checkable");
+      $fsCheck->waitForUnit("checkable");
+
+      # check repos1
+      $fsCheck->succeed("test -d /repos1");
+      $share->succeed("touch /repos1/test1");
+      $fsCheck->succeed("test -e /repos1/test1");
+
+      # check repos2 (check after remount)
+      $fsCheck->succeed("test -d /repos2");
+      $share->succeed("touch /repos2/test2");
+      $fsCheck->succeed("test -e /repos2/test2");
+
+      # check without network
+      $share->block();
+      $fsCheck->fail("test -e /repos1/test1");
+      $fsCheck->fail("test -e /repos2/test2");
+    '';
+}
diff --git a/nixos/tests/common/user-account.nix b/nixos/tests/common/user-account.nix
new file mode 100644
index 000000000000..8157cf8d263e
--- /dev/null
+++ b/nixos/tests/common/user-account.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{ users.extraUsers = pkgs.lib.singleton
+    { name = "alice";
+      description = "Alice Foobar";
+      home = "/home/alice";
+      createHome = true;
+      useDefaultShell = true;
+      password = "foobar";
+    };
+}
diff --git a/nixos/tests/common/x11.nix b/nixos/tests/common/x11.nix
new file mode 100644
index 000000000000..c5a7c165d126
--- /dev/null
+++ b/nixos/tests/common/x11.nix
@@ -0,0 +1,12 @@
+{ services.xserver.enable = true;
+
+  # Automatically log in.
+  services.xserver.displayManager.auto.enable = true;
+
+  # Use IceWM as the window manager.
+  services.xserver.windowManager.default = "icewm";
+  services.xserver.windowManager.icewm.enable = true;
+
+  # Don't use a desktop manager.
+  services.xserver.desktopManager.default = "none";
+}
diff --git a/nixos/tests/default.nix b/nixos/tests/default.nix
new file mode 100644
index 000000000000..ce5776c8e465
--- /dev/null
+++ b/nixos/tests/default.nix
@@ -0,0 +1,39 @@
+{ nixpkgs ? <nixpkgs>
+, system ? builtins.currentSystem
+, minimal ? false
+}:
+
+with import ../lib/testing.nix { inherit system minimal; };
+
+{
+  avahi = makeTest (import ./avahi.nix);
+  bittorrent = makeTest (import ./bittorrent.nix);
+  firefox = makeTest (import ./firefox.nix);
+  firewall = makeTest (import ./firewall.nix);
+  installer = makeTests (import ./installer.nix);
+  efi-installer = makeTests (import ./efi-installer.nix);
+  ipv6 = makeTest (import ./ipv6.nix);
+  kde4 = makeTest (import ./kde4.nix);
+  #kexec = makeTest (import ./kexec.nix);
+  login = makeTest (import ./login.nix {});
+  latestKernel.login = makeTest (import ./login.nix ({ config, pkgs, ... }: { boot.kernelPackages = pkgs.linuxPackages_latest; }));
+  misc = makeTest (import ./misc.nix);
+  #mpich = makeTest (import ./mpich.nix);
+  mysql = makeTest (import ./mysql.nix);
+  mysql_replication = makeTest (import ./mysql-replication.nix);
+  munin = makeTest (import ./munin.nix);
+  nat = makeTest (import ./nat.nix);
+  nfs3 = makeTest (import ./nfs.nix { version = 3; });
+  #nfs4 = makeTest (import ./nfs.nix { version = 4; });
+  openssh = makeTest (import ./openssh.nix);
+  #partition = makeTest (import ./partition.nix);
+  printing = makeTest (import ./printing.nix);
+  proxy = makeTest (import ./proxy.nix);
+  quake3 = makeTest (import ./quake3.nix);
+  simple = makeTest (import ./simple.nix);
+  #subversion = makeTest (import ./subversion.nix);
+  tomcat = makeTest (import ./tomcat.nix);
+  #trac = makeTest (import ./trac.nix);
+  xfce = makeTest (import ./xfce.nix);
+  runInMachine.test = import ./run-in-machine.nix { inherit system; };
+}
diff --git a/nixos/tests/efi-installer.nix b/nixos/tests/efi-installer.nix
new file mode 100644
index 000000000000..8a05dbf2a610
--- /dev/null
+++ b/nixos/tests/efi-installer.nix
@@ -0,0 +1,127 @@
+# !!! Merge into normal install tests once all livecds are EFIable
+{ pkgs, system, ... }:
+
+with pkgs.lib;
+with import ../lib/qemu-flags.nix;
+
+let
+
+  # Build the ISO.  This is the regular installation CD but with test
+  # instrumentation.
+  iso =
+    (import ../lib/eval-config.nix {
+      inherit system;
+      modules =
+        [ ../modules/installer/cd-dvd/installation-cd-efi.nix
+          ../modules/testing/test-instrumentation.nix
+          { key = "serial";
+
+            # The test cannot access the network, so any sources we
+            # need must be included in the ISO.
+            isoImage.storeContents =
+              [ pkgs.glibcLocales
+                pkgs.sudo
+                pkgs.docbook5
+                pkgs.docbook5_xsl
+                pkgs.grub
+                pkgs.perlPackages.XMLLibXML
+                pkgs.unionfs-fuse
+                pkgs.gummiboot
+                pkgs.libxslt
+              ];
+          }
+        ];
+    }).config.system.build.isoImage;
+
+
+  # The config to install
+  config = builtins.toFile "configuration.nix" ''
+    { pkgs, ... }: {
+      imports = [ ./hardware-configuration.nix <nixos/modules/testing/test-instrumentation.nix> ];
+      boot.kernelPackages = pkgs.linuxPackages_3_10;
+      boot.loader.grub.enable = false;
+      boot.loader.efi.canTouchEfiVariables = true;
+      boot.loader.gummiboot.enable = true;
+      fonts.enableFontConfig = false;
+    }
+  '';
+
+  biosDir = pkgs.runCommand "ovmf-bios" {} ''
+    mkdir $out
+    ln -s ${pkgs.OVMF}/FV/OVMF.fd $out/bios.bin
+  '';
+
+in {
+  simple = {
+    inherit iso;
+    nodes = {};
+    testScript = ''
+      createDisk("harddisk", 4 * 1024);
+
+      my $machine = createMachine({ hda => "harddisk",
+        hdaInterface => "scsi",
+        cdrom => glob("${iso}/iso/*.iso"),
+        qemuFlags => '-L ${biosDir} ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"}'});
+      $machine->start;
+
+      # Make sure that we get a login prompt etc.
+      $machine->succeed("echo hello");
+      $machine->waitForUnit("rogue");
+      $machine->waitForUnit("nixos-manual");
+
+      # Partition the disk.
+      $machine->succeed(
+          "sgdisk -Z /dev/sda",
+          "sgdisk -n 1:0:+256M -N 2 -t 1:ef00 -t 2:8300 -c 1:boot -c 2:root /dev/sda",
+          "mkfs.vfat -n BOOT /dev/sda1",
+          "mkfs.ext3 -L nixos /dev/sda2",
+          "mount LABEL=nixos /mnt",
+          "mkdir /mnt/boot",
+          "mount LABEL=BOOT /mnt/boot",
+      );
+
+      # Create the NixOS configuration.
+      $machine->succeed(
+          "nixos-generate-config --root /mnt",
+      );
+
+      $machine->succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2");
+
+      $machine->copyFileFromHost(
+          "${config}",
+          "/mnt/etc/nixos/configuration.nix");
+
+      # Perform the installation.
+      $machine->succeed("nixos-install >&2");
+
+      # Do it again to make sure it's idempotent.
+      $machine->succeed("nixos-install >&2");
+
+      $machine->shutdown;
+
+      # Now see if we can boot the installation.
+      my $machine = createMachine({ #hda => "harddisk",
+#       hdaInterface => "virtio",
+#       !!! OVMF doesn't boot from virtio http://www.mail-archive.com/edk2-devel@lists.sourceforge.net/msg01501.html
+        qemuFlags => '-L ${biosDir} ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} -m 512 -hda ' . Cwd::abs_path('harddisk')});
+
+      # Did /boot get mounted, if appropriate?
+      $machine->waitForUnit("local-fs.target");
+      $machine->succeed("test -e /boot/efi");
+
+      $machine->succeed("nix-env -i coreutils >&2");
+      $machine->succeed("type -tP ls | tee /dev/stderr") =~ /.nix-profile/
+          or die "nix-env failed";
+
+      $machine->succeed("nixos-rebuild switch >&2");
+
+      $machine->shutdown;
+
+      my $machine = createMachine({ #hda => "harddisk",
+#       hdaInterface => "virtio",
+        qemuFlags => '-L ${biosDir} ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"} -hda ' . Cwd::abs_path('harddisk')});
+      $machine->waitForUnit("network.target");
+      $machine->shutdown;
+    '';
+  };
+}
diff --git a/nixos/tests/firefox.nix b/nixos/tests/firefox.nix
new file mode 100644
index 000000000000..d6599be13c9e
--- /dev/null
+++ b/nixos/tests/firefox.nix
@@ -0,0 +1,21 @@
+{ pkgs, ... }:
+
+{
+
+  machine =
+    { config, pkgs, ... }:
+
+    { imports = [ ./common/x11.nix ];
+      environment.systemPackages = [ pkgs.firefox ];
+    };
+
+  testScript =
+    ''
+      $machine->waitForX;
+      $machine->execute("firefox file://${pkgs.valgrind}/share/doc/valgrind/html/index.html &");
+      $machine->waitForWindow(qr/Valgrind/);
+      $machine->sleep(40); # wait until Firefox has finished loading the page
+      $machine->screenshot("screen");
+    '';
+
+}
diff --git a/nixos/tests/firewall.nix b/nixos/tests/firewall.nix
new file mode 100644
index 000000000000..de32b98e5d2f
--- /dev/null
+++ b/nixos/tests/firewall.nix
@@ -0,0 +1,48 @@
+# Test the firewall module.
+
+{ pkgs, ... }:
+
+{
+
+  nodes =
+    { walled =
+        { config, pkgs, nodes, ... }:
+        { networking.firewall.enable = true;
+          networking.firewall.logRefusedPackets = true;
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+        };
+
+      attacker =
+        { config, pkgs, ... }:
+        { services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+        };
+    };
+
+  testScript =
+    { nodes, ... }:
+    ''
+      startAll;
+
+      $walled->waitForUnit("firewall");
+      $walled->waitForUnit("httpd");
+      $attacker->waitForUnit("network.target");
+
+      # Local connections should still work.
+      $walled->succeed("curl -v http://localhost/ >&2");
+
+      # Connections to the firewalled machine should fail.
+      $attacker->fail("curl -v http://walled/ >&2");
+      $attacker->fail("ping -c 1 walled >&2");
+
+      # Outgoing connections/pings should still work.
+      $walled->succeed("curl -v http://attacker/ >&2");
+      $walled->succeed("ping -c 1 attacker >&2");
+
+      # If we stop the firewall, then connections should succeed.
+      $walled->stopJob("firewall");
+      $attacker->succeed("curl -v http://walled/ >&2");
+    '';
+
+}
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
new file mode 100644
index 000000000000..865b21d2444a
--- /dev/null
+++ b/nixos/tests/installer.nix
@@ -0,0 +1,354 @@
+{ pkgs, system, ... }:
+
+with pkgs.lib;
+with import ../lib/qemu-flags.nix;
+
+let
+
+  # Build the ISO.  This is the regular installation CD but with test
+  # instrumentation.
+  iso =
+    (import ../lib/eval-config.nix {
+      inherit system;
+      modules =
+        [ ../modules/installer/cd-dvd/installation-cd-graphical.nix
+          ../modules/testing/test-instrumentation.nix
+          { key = "serial";
+            boot.loader.grub.timeout = mkOverride 0 0;
+
+            # The test cannot access the network, so any sources we
+            # need must be included in the ISO.
+            isoImage.storeContents =
+              [ pkgs.glibcLocales
+                pkgs.sudo
+                pkgs.docbook5
+                pkgs.docbook5_xsl
+                pkgs.grub
+                pkgs.perlPackages.XMLLibXML
+                pkgs.unionfs-fuse
+              ];
+          }
+        ];
+    }).config.system.build.isoImage;
+
+
+  # The configuration to install.
+  config = { fileSystems, testChannel, grubVersion, grubDevice }: pkgs.writeText "configuration.nix"
+    ''
+      { config, pkgs, modulesPath, ... }:
+
+      { imports =
+          [ ./hardware-configuration.nix
+            "''${modulesPath}/testing/test-instrumentation.nix"
+          ];
+
+        boot.loader.grub.version = ${toString grubVersion};
+        ${optionalString (grubVersion == 1) ''
+          boot.loader.grub.splashImage = null;
+        ''}
+        boot.loader.grub.device = "${grubDevice}";
+        boot.loader.grub.extraConfig = "serial; terminal_output.serial";
+        boot.initrd.kernelModules = [ "virtio_console" ];
+
+        environment.systemPackages = [ ${optionalString testChannel "pkgs.rlwrap"} ];
+      }
+    '';
+
+  rootFS =
+    ''
+      fileSystems."/".device = "/dev/disk/by-label/nixos";
+    '';
+
+  bootFS =
+    ''
+      fileSystems."/boot".device = "/dev/disk/by-label/boot";
+    '';
+
+
+  # Configuration of a web server that simulates the Nixpkgs channel
+  # distribution server.
+  webserver =
+    { config, pkgs, ... }:
+
+    { services.httpd.enable = true;
+      services.httpd.adminAddr = "foo@example.org";
+      services.httpd.servedDirs = singleton
+        { urlPath = "/";
+          dir = "/tmp/channel";
+        };
+
+      virtualisation.writableStore = true;
+      virtualisation.pathsInNixDB = channelContents ++ [ pkgs.hello.src ];
+      virtualisation.memorySize = 768;
+    };
+
+  channelContents = [ pkgs.rlwrap ];
+
+
+  # The test script boots the CD, installs NixOS on an empty hard
+  # disk, and then reboot from the hard disk.  It's parameterized with
+  # a test script fragment `createPartitions', which must create
+  # partitions and filesystems, and a configuration.nix fragment
+  # `fileSystems'.
+  testScriptFun = { createPartitions, fileSystems, testChannel, grubVersion, grubDevice }:
+    let iface = if grubVersion == 1 then "scsi" else "virtio"; in
+    ''
+      createDisk("harddisk", 4 * 1024);
+
+      my $machine = createMachine({ hda => "harddisk",
+        hdaInterface => "${iface}",
+        cdrom => glob("${iso}/iso/*.iso"),
+        qemuFlags => '${optionalString testChannel (toString (qemuNICFlags 1 1 2))} ${optionalString (pkgs.stdenv.system == "x86_64-linux") "-cpu kvm64"}'});
+      $machine->start;
+
+      ${optionalString testChannel ''
+        # Create a channel on the web server containing a few packages
+        # to simulate the Nixpkgs channel.
+        $webserver->start;
+        $webserver->waitForUnit("httpd");
+        $webserver->succeed(
+            "nix-push --bzip2 --dest /tmp/channel --manifest --url-prefix http://nixos.org/channels/nixos-unstable " .
+            "${toString channelContents} >&2");
+        $webserver->succeed("mkdir /tmp/channel/sha256");
+        $webserver->succeed("cp ${pkgs.hello.src} /tmp/channel/sha256/${pkgs.hello.src.outputHash}");
+      ''}
+
+      # Make sure that we get a login prompt etc.
+      $machine->succeed("echo hello");
+      #$machine->waitForUnit('getty@tty2');
+      $machine->waitForUnit("rogue");
+      $machine->waitForUnit("nixos-manual");
+      $machine->waitForUnit("dhcpcd");
+
+      ${optionalString testChannel ''
+        # Allow the machine to talk to the fake nixos.org.
+        $machine->succeed(
+            "rm /etc/hosts",
+            "echo 192.168.1.1 nixos.org cache.nixos.org tarballs.nixos.org > /etc/hosts",
+            "ifconfig eth1 up 192.168.1.2",
+        );
+
+        # Test nix-env.
+        $machine->fail("hello");
+        $machine->succeed("nix-env -i hello");
+        $machine->succeed("hello") =~ /Hello, world/
+            or die "bad `hello' output";
+      ''}
+
+      # Partition the disk.
+      ${createPartitions}
+
+      # Create the NixOS configuration.
+      $machine->succeed(
+          "nixos-generate-config --root /mnt",
+      );
+
+      $machine->succeed("cat /mnt/etc/nixos/hardware-configuration.nix >&2");
+
+      $machine->copyFileFromHost(
+          "${ config { inherit fileSystems testChannel grubVersion grubDevice; } }",
+          "/mnt/etc/nixos/configuration.nix");
+
+      # Perform the installation.
+      $machine->succeed("nixos-install >&2");
+
+      # Do it again to make sure it's idempotent.
+      $machine->succeed("nixos-install >&2");
+
+      $machine->shutdown;
+
+      # Now see if we can boot the installation.
+      my $machine = createMachine({ hda => "harddisk", hdaInterface => "${iface}" });
+
+      # Did /boot get mounted, if appropriate?
+      $machine->waitForUnit("local-fs.target");
+      $machine->succeed("test -e /boot/grub");
+
+      # Did the swap device get activated?
+      $machine->waitForUnit("swap.target");
+      $machine->succeed("cat /proc/swaps | grep -q /dev");
+
+      $machine->succeed("nix-env -i coreutils >&2");
+      $machine->succeed("type -tP ls | tee /dev/stderr") =~ /.nix-profile/
+          or die "nix-env failed";
+
+      $machine->succeed("nixos-rebuild switch >&2");
+
+      # Test nixos-option.
+      $machine->succeed("nixos-option boot.initrd.kernelModules | grep virtio_console");
+      $machine->succeed("nixos-option -d boot.initrd.kernelModules | grep 'List of modules'");
+      $machine->succeed("nixos-option -l boot.initrd.kernelModules | grep /etc/nixos/configuration.nix");
+
+      $machine->shutdown;
+
+      # And just to be sure, check that the machine still boots after
+      # "nixos-rebuild switch".
+      my $machine = createMachine({ hda => "harddisk", hdaInterface => "${iface}" });
+      $machine->waitForUnit("network.target");
+      $machine->shutdown;
+    '';
+
+
+  makeTest = { createPartitions, fileSystems, testChannel ? false, grubVersion ? 2, grubDevice ? "/dev/vda" }:
+    { inherit iso;
+      nodes = if testChannel then { inherit webserver; } else { };
+      testScript = testScriptFun {
+        inherit createPartitions fileSystems testChannel grubVersion grubDevice;
+      };
+    };
+
+
+in {
+
+  # !!! `parted mkpart' seems to silently create overlapping partitions.
+
+
+  # The (almost) simplest partitioning scheme: a swap partition and
+  # one big filesystem partition.
+  simple = makeTest
+    { createPartitions =
+        ''
+          $machine->succeed(
+              "parted /dev/vda mklabel msdos",
+              "parted /dev/vda -- mkpart primary linux-swap 1M 1024M",
+              "parted /dev/vda -- mkpart primary ext2 1024M -1s",
+              "udevadm settle",
+              "mkswap /dev/vda1 -L swap",
+              "swapon -L swap",
+              "mkfs.ext3 -L nixos /dev/vda2",
+              "mount LABEL=nixos /mnt",
+          );
+        '';
+      fileSystems = rootFS;
+      testChannel = true;
+    };
+
+  # Same as the previous, but now with a separate /boot partition.
+  separateBoot = makeTest
+    { createPartitions =
+        ''
+          $machine->succeed(
+              "parted /dev/vda mklabel msdos",
+              "parted /dev/vda -- mkpart primary ext2 1M 50MB", # /boot
+              "parted /dev/vda -- mkpart primary linux-swap 50MB 1024M",
+              "parted /dev/vda -- mkpart primary ext2 1024M -1s", # /
+              "udevadm settle",
+              "mkswap /dev/vda2 -L swap",
+              "swapon -L swap",
+              "mkfs.ext3 -L nixos /dev/vda3",
+              "mount LABEL=nixos /mnt",
+              "mkfs.ext3 -L boot /dev/vda1",
+              "mkdir /mnt/boot",
+              "mount LABEL=boot /mnt/boot",
+          );
+        '';
+      fileSystems = rootFS + bootFS;
+    };
+
+  # Create two physical LVM partitions combined into one volume group
+  # that contains the logical swap and root partitions.
+  lvm = makeTest
+    { createPartitions =
+        ''
+          $machine->succeed(
+              "parted /dev/vda mklabel msdos",
+              "parted /dev/vda -- mkpart primary 1M 2048M", # first PV
+              "parted /dev/vda -- set 1 lvm on",
+              "parted /dev/vda -- mkpart primary 2048M -1s", # second PV
+              "parted /dev/vda -- set 2 lvm on",
+              "udevadm settle",
+              "pvcreate /dev/vda1 /dev/vda2",
+              "vgcreate MyVolGroup /dev/vda1 /dev/vda2",
+              "lvcreate --size 1G --name swap MyVolGroup",
+              "lvcreate --size 2G --name nixos MyVolGroup",
+              "mkswap -f /dev/MyVolGroup/swap -L swap",
+              "swapon -L swap",
+              "mkfs.xfs -L nixos /dev/MyVolGroup/nixos",
+              "mount LABEL=nixos /mnt",
+          );
+        '';
+      fileSystems = rootFS;
+    };
+
+  /*
+  swraid = makeTest
+    { createPartitions =
+        ''
+          $machine->succeed(
+              "parted /dev/vda --"
+              . " mklabel msdos"
+              . " mkpart primary ext2 1M 30MB" # /boot
+              . " mkpart extended 30M -1s"
+              . " mkpart logical 31M 1531M" # md0 (root), first device
+              . " mkpart logical 1540M 3040M" # md0 (root), second device
+              . " mkpart logical 3050M 3306M" # md1 (swap), first device
+              . " mkpart logical 3320M 3576M", # md1 (swap), second device
+              "udevadm settle",
+              "ls -l /dev/vda* >&2",
+              "cat /proc/partitions >&2",
+              "mdadm --create --force /dev/md0 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda5 /dev/vda6",
+              "mdadm --create --force /dev/md1 --metadata 1.2 --level=raid1 --raid-devices=2 /dev/vda7 /dev/vda8",
+              "udevadm settle",
+              "mkswap -f /dev/md1 -L swap",
+              "swapon -L swap",
+              "mkfs.ext3 -L nixos /dev/md0",
+              "mount LABEL=nixos /mnt",
+              "mkfs.ext3 -L boot /dev/vda1",
+              "mkdir /mnt/boot",
+              "mount LABEL=boot /mnt/boot",
+              "udevadm settle",
+              "mdadm -W /dev/md0", # wait for sync to finish; booting off an unsynced device tends to fail
+              "mdadm -W /dev/md1",
+          );
+        '';
+      fileSystems = rootFS + bootFS;
+    };
+  */
+
+  # Test a basic install using GRUB 1.
+  grub1 = makeTest
+    { createPartitions =
+        ''
+          $machine->succeed(
+              "parted /dev/sda mklabel msdos",
+              "parted /dev/sda -- mkpart primary linux-swap 1M 1024M",
+              "parted /dev/sda -- mkpart primary ext2 1024M -1s",
+              "udevadm settle",
+              "mkswap /dev/sda1 -L swap",
+              "swapon -L swap",
+              "mkfs.ext3 -L nixos /dev/sda2",
+              "mount LABEL=nixos /mnt",
+          );
+        '';
+      fileSystems = rootFS;
+      grubVersion = 1;
+      grubDevice = "/dev/sda";
+    };
+
+  # Rebuild the CD configuration with a little modification.
+  rebuildCD =
+    { inherit iso;
+      nodes = { };
+      testScript =
+        ''
+          my $machine = createMachine({ cdrom => glob("${iso}/iso/*.iso"), qemuFlags => '-m 768' });
+          $machine->start;
+
+          # Enable sshd service.
+          $machine->succeed(
+            "sed -i 's,^}\$,systemd.services.sshd.wantedBy = pkgs.lib.mkOverride 0 [\"multi-user.target\"]; },' /etc/nixos/configuration.nix"
+          );
+
+          $machine->succeed("cat /etc/nixos/configuration.nix >&2");
+
+          # Apply the new CD configuration.
+          $machine->succeed("nixos-rebuild test");
+
+          # Connect to it-self.
+          $machine->waitForUnit("sshd");
+          $machine->waitForOpenPort(22);
+
+          $machine->shutdown;
+        '';
+    };
+}
diff --git a/nixos/tests/ipv6.nix b/nixos/tests/ipv6.nix
new file mode 100644
index 000000000000..29d675e180a3
--- /dev/null
+++ b/nixos/tests/ipv6.nix
@@ -0,0 +1,76 @@
+# Test of IPv6 functionality in NixOS, including whether router
+# solicication/advertisement using radvd works.
+
+{ pkgs, ... }:
+
+{
+
+  nodes =
+    { client = { config, pkgs, ... }: { };
+
+      server =
+        { config, pkgs, ... }:
+        { services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+        };
+
+      router =
+        { config, pkgs, ... }:
+        { services.radvd.enable = true;
+          services.radvd.config =
+            ''
+              interface eth1 {
+                AdvSendAdvert on;
+                # ULA prefix (RFC 4193).
+                prefix fd60:cc69:b537:1::/64 { };
+              };
+            '';
+        };
+    };
+
+  testScript =
+    ''
+      # Start the router first so that it respond to router solicitations.
+      $router->waitForUnit("radvd");
+
+      startAll;
+
+      $client->waitForUnit("network.target");
+      $server->waitForUnit("network.target");
+
+      # Wait until the given interface has a non-tentative address of
+      # the desired scope (i.e. has completed Duplicate Address
+      # Detection).
+      sub waitForAddress {
+          my ($machine, $iface, $scope) = @_;
+          $machine->waitUntilSucceeds("[ `ip -o -6 addr show dev $iface scope $scope | grep -v tentative | wc -l` -eq 1 ]");
+          my $ip = (split /[ \/]+/, $machine->succeed("ip -o -6 addr show dev $iface scope $scope"))[3];
+          $machine->log("$scope address on $iface is $ip");
+          return $ip;
+      }
+
+      subtest "loopback address", sub {
+          $client->succeed("ping6 -c 1 ::1 >&2");
+          $client->fail("ping6 -c 1 ::2 >&2");
+      };
+
+      subtest "local link addressing", sub {
+          my $clientIp = waitForAddress $client, "eth1", "link";
+          my $serverIp = waitForAddress $server, "eth1", "link";
+          $client->succeed("ping6 -c 1 -I eth1 $clientIp >&2");
+          $client->succeed("ping6 -c 1 -I eth1 $serverIp >&2");
+      };
+
+      subtest "global addressing", sub {
+          my $clientIp = waitForAddress $client, "eth1", "global";
+          my $serverIp = waitForAddress $server, "eth1", "global";
+          $client->succeed("ping6 -c 1 $clientIp >&2");
+          $client->succeed("ping6 -c 1 $serverIp >&2");
+          $client->succeed("curl --fail -g http://[$serverIp]");
+          $client->fail("curl --fail -g http://[$clientIp]");
+      };
+
+      # TODO: test reachability of a machine on another network.
+    '';
+
+}
diff --git a/nixos/tests/kde4.nix b/nixos/tests/kde4.nix
new file mode 100644
index 000000000000..3fb35bbab098
--- /dev/null
+++ b/nixos/tests/kde4.nix
@@ -0,0 +1,67 @@
+{ pkgs, ... }:
+
+{
+
+  machine =
+    { config, pkgs, ... }:
+
+    { imports = [ ./common/user-account.nix ];
+
+      virtualisation.memorySize = 768;
+
+      services.xserver.enable = true;
+
+      services.httpd.enable = true;
+      services.httpd.adminAddr = "foo@example.org";
+      services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
+
+      services.xserver.displayManager.kdm.enable = true;
+      services.xserver.displayManager.kdm.extraConfig =
+        ''
+          [X-:0-Core]
+          AutoLoginEnable=true
+          AutoLoginUser=alice
+          AutoLoginPass=foobar
+        '';
+
+      services.xserver.desktopManager.kde4.enable = true;
+
+      # Include most of KDE. We don't really test these here, but at
+      # least they should build.
+      environment.systemPackages =
+        [ pkgs.kde4.kdemultimedia
+          pkgs.kde4.kdegraphics
+          pkgs.kde4.kdeutils
+          pkgs.kde4.kdegames
+          pkgs.kde4.kdeedu
+          pkgs.kde4.kdeaccessibility
+          pkgs.kde4.kdeadmin
+          pkgs.kde4.kdenetwork
+          pkgs.kde4.kdetoys
+          pkgs.kde4.kdewebdev
+        ];
+    };
+
+  testScript =
+    ''
+      $machine->waitUntilSucceeds("pgrep plasma-desktop");
+      $machine->waitForWindow(qr/plasma-desktop/);
+
+      # Check that logging in has given the user ownership of devices.
+      $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
+
+      $machine->execute("su - alice -c 'DISPLAY=:0.0 kwrite /var/log/messages &'");
+      $machine->waitForWindow(qr/messages.*KWrite/);
+
+      $machine->execute("su - alice -c 'DISPLAY=:0.0 konqueror http://localhost/ &'");
+      $machine->waitForWindow(qr/Valgrind.*Konqueror/);
+
+      $machine->execute("su - alice -c 'DISPLAY=:0.0 gwenview ${pkgs.kde4.kde_wallpapers}/share/wallpapers/Hanami/contents/images/1280x1024.jpg &'");
+      $machine->waitForWindow(qr/Gwenview/);
+
+      $machine->sleep(10);
+
+      $machine->screenshot("screen");
+    '';
+
+}
diff --git a/nixos/tests/kexec.nix b/nixos/tests/kexec.nix
new file mode 100644
index 000000000000..b8da332b919b
--- /dev/null
+++ b/nixos/tests/kexec.nix
@@ -0,0 +1,18 @@
+# Test whether fast reboots via kexec work.
+
+{ pkgs, ... }:
+
+{
+
+  machine = { config, pkgs, ... }:
+    { virtualisation.vlans = [ ]; };
+
+  testScript =
+    ''
+      $machine->waitForUnit("multi-user.target");
+      $machine->execute("systemctl kexec &");
+      $machine->{connected} = 0;
+      $machine->waitForUnit("multi-user.target");
+    '';
+
+}
diff --git a/nixos/tests/login.nix b/nixos/tests/login.nix
new file mode 100644
index 000000000000..ed7d97867179
--- /dev/null
+++ b/nixos/tests/login.nix
@@ -0,0 +1,61 @@
+config: { pkgs, ... }:
+
+{
+
+  machine = config;
+
+  testScript =
+    ''
+      $machine->waitForUnit("default.target");
+      $machine->screenshot("postboot");
+
+      subtest "create user", sub {
+          $machine->succeed("useradd -m alice");
+          $machine->succeed("(echo foobar; echo foobar) | passwd alice");
+      };
+
+      # Check whether switching VTs works.
+      subtest "virtual console switching", sub {
+          $machine->sendKeys("alt-f2");
+          $machine->waitUntilSucceeds("[ \$(fgconsole) = 2 ]");
+          $machine->waitForUnit('getty@tty2.service');
+      };
+
+      # Log in as alice on a virtual console.
+      subtest "virtual console login", sub {
+          $machine->sleep(2); # urgh: wait for username prompt
+          $machine->sendChars("alice\n");
+          $machine->waitUntilSucceeds("pgrep login");
+          $machine->sleep(2); # urgh: wait for `Password:'
+          $machine->sendChars("foobar\n");
+          $machine->waitUntilSucceeds("pgrep -u alice bash");
+          $machine->sendChars("touch done\n");
+          $machine->waitForFile("/home/alice/done");
+      };
+
+      # Check whether systemd gives and removes device ownership as
+      # needed.
+      subtest "device permissions", sub {
+          $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
+          $machine->sendKeys("alt-f1");
+          $machine->waitUntilSucceeds("[ \$(fgconsole) = 1 ]");
+          $machine->fail("getfacl /dev/snd/timer | grep -q alice");
+          $machine->succeed("chvt 2");
+          $machine->waitUntilSucceeds("getfacl /dev/snd/timer | grep -q alice");
+      };
+
+      # Log out.
+      subtest "virtual console logout", sub {
+          $machine->sendChars("exit\n");
+          $machine->waitUntilFails("pgrep -u alice bash");
+          $machine->screenshot("mingetty");
+      };
+
+      # Check whether ctrl-alt-delete works.
+      subtest "ctrl-alt-delete", sub {
+          $machine->sendKeys("ctrl-alt-delete");
+          $machine->waitForShutdown;
+      };
+    '';
+
+}
diff --git a/nixos/tests/misc.nix b/nixos/tests/misc.nix
new file mode 100644
index 000000000000..12ac6f6f9a67
--- /dev/null
+++ b/nixos/tests/misc.nix
@@ -0,0 +1,64 @@
+# Miscellaneous small tests that don't warrant their own VM run.
+
+{ pkgs, ... }:
+
+{
+
+  machine =
+    { config, pkgs, ... }:
+    { swapDevices = pkgs.lib.mkOverride 0
+        [ { device = "/root/swapfile"; size = 128; } ];
+      environment.variables.EDITOR = pkgs.lib.mkOverride 0 "emacs";
+      services.nixosManual.enable = pkgs.lib.mkOverride 0 true;
+    };
+
+  testScript =
+    ''
+      subtest "nixos-version", sub {
+          $machine->succeed("[ `nixos-version | wc -w` = 2 ]");
+      };
+
+      subtest "nixos-rebuild", sub {
+          $machine->succeed("nixos-rebuild --help | grep SYNOPSIS");
+      };
+
+      # Sanity check for uid/gid assignment.
+      subtest "users-groups", sub {
+          $machine->succeed("[ `id -u messagebus` = 4 ]");
+          $machine->succeed("[ `id -g messagebus` = 4 ]");
+          $machine->succeed("[ `getent group users` = 'users:x:100:' ]");
+      };
+
+      # Regression test for GMP aborts on QEMU.
+      subtest "gmp", sub {
+          $machine->succeed("expr 1 + 2");
+      };
+
+      # Test that the swap file got created.
+      subtest "swapfile", sub {
+          $machine->waitForUnit("root-swapfile.swap");
+          $machine->succeed("ls -l /root/swapfile | grep 134217728");
+      };
+
+      # Test whether kernel.poweroff_cmd is set.
+      subtest "poweroff_cmd", sub {
+          $machine->succeed("[ -x \"\$(cat /proc/sys/kernel/poweroff_cmd)\" ]")
+      };
+
+      # Test whether the blkio controller is properly enabled.
+      subtest "blkio-cgroup", sub {
+          $machine->succeed("[ -n \"\$(cat /sys/fs/cgroup/blkio/blkio.sectors)\" ]")
+      };
+
+      # Test whether we have a reboot record in wtmp.
+      subtest "reboot-wtmp", sub {
+          $machine->succeed("last | grep reboot >&2");
+      };
+
+      # Test whether we can override environment variables.
+      subtest "override-env-var", sub {
+          $machine->succeed('[ "$EDITOR" = emacs ]');
+      };
+    '';
+
+}
diff --git a/nixos/tests/mpich-example.c b/nixos/tests/mpich-example.c
new file mode 100644
index 000000000000..c48e3c45b72e
--- /dev/null
+++ b/nixos/tests/mpich-example.c
@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <mpi.h>
+
+int
+main (int argc, char *argv[])
+{
+  int rank, size, length;
+  char name[BUFSIZ];
+
+  MPI_Init (&argc, &argv);
+  MPI_Comm_rank (MPI_COMM_WORLD, &rank);
+  MPI_Comm_size (MPI_COMM_WORLD, &size);
+  MPI_Get_processor_name (name, &length);
+
+  printf ("%s: hello world from process %d of %d\n", name, rank, size);
+
+  MPI_Finalize ();
+
+  return EXIT_SUCCESS;
+}
diff --git a/nixos/tests/mpich.nix b/nixos/tests/mpich.nix
new file mode 100644
index 000000000000..d57512ebdfed
--- /dev/null
+++ b/nixos/tests/mpich.nix
@@ -0,0 +1,40 @@
+# Simple example to showcase distributed tests using NixOS VMs.
+
+{ pkgs, ... }:
+
+with pkgs;
+
+{
+  nodes = {
+    master =
+      { config, pkgs, ... }: {
+        environment.systemPackages = [ gcc mpich2 ];
+        #boot.kernelPackages = pkgs.kernelPackages_2_6_29;
+      };
+
+    slave =
+      { config, pkgs, ... }: {
+        environment.systemPackages = [ gcc mpich2 ];
+      };
+  };
+
+  # Start master/slave MPI daemons and compile/run a program that uses both
+  # nodes.
+  testScript =
+    ''
+       startAll;
+
+       $master->succeed("echo 'MPD_SECRETWORD=secret' > /etc/mpd.conf");
+       $master->succeed("chmod 600 /etc/mpd.conf");
+       $master->succeed("mpd --daemon --ifhn=master --listenport=4444");
+
+       $slave->succeed("echo 'MPD_SECRETWORD=secret' > /etc/mpd.conf");
+       $slave->succeed("chmod 600 /etc/mpd.conf");
+       $slave->succeed("mpd --daemon --host=master --port=4444");
+
+       $master->succeed("mpicc -o example -Wall ${./mpich-example.c}");
+       $slave->succeed("mpicc -o example -Wall ${./mpich-example.c}");
+
+       $master->succeed("mpiexec -n 2 ./example >&2");
+    '';
+}
diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix
new file mode 100644
index 000000000000..66ae1c0d87f7
--- /dev/null
+++ b/nixos/tests/munin.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+# This test runs basic munin setup with node and cron job running on the same
+# machine.
+
+{
+  nodes = { 
+    one =
+      { config, pkgs, ... }:
+        { 
+          services = {
+           munin-node.enable = true;
+           munin-cron = {
+             enable = true;
+             hosts = ''
+               [${config.networking.hostName}]
+               address localhost
+             '';
+           };
+          };
+        };
+    };
+  
+  testScript = ''
+    startAll;
+  
+    $one->waitForUnit("munin-node.service");
+    $one->waitForFile("/var/lib/munin/one/one-uptime-uptime-g.rrd");
+    $one->waitForFile("/var/www/munin/one/index.html");
+  '';
+}
diff --git a/nixos/tests/mysql-replication.nix b/nixos/tests/mysql-replication.nix
new file mode 100644
index 000000000000..28a1187dd184
--- /dev/null
+++ b/nixos/tests/mysql-replication.nix
@@ -0,0 +1,57 @@
+{ pkgs, ... }:
+
+let
+  replicateUser = "replicate";
+  replicatePassword = "secret";
+in
+{
+  nodes = {
+    master =
+      { pkgs, config, ... }:
+
+      {
+        services.mysql.enable = true;
+	services.mysql.replication.role = "master";
+	services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
+	services.mysql.initialScript = pkgs.writeText "initmysql"
+        ''
+	  create user '${replicateUser}'@'%' identified by '${replicatePassword}';
+          grant replication slave on *.* to '${replicateUser}'@'%';
+        '';
+      };
+
+    slave1 =
+      { pkgs, config, nodes, ... }:
+
+      {
+        services.mysql.enable = true;
+	services.mysql.replication.role = "slave";
+	services.mysql.replication.serverId = 2;
+	services.mysql.replication.masterHost = nodes.master.config.networking.hostName;
+	services.mysql.replication.masterUser = replicateUser;
+	services.mysql.replication.masterPassword = replicatePassword;
+      };
+
+    slave2 =
+      { pkgs, config, nodes, ... }:
+
+      {
+        services.mysql.enable = true;
+	services.mysql.replication.role = "slave";
+	services.mysql.replication.serverId = 3;
+	services.mysql.replication.masterHost = nodes.master.config.networking.hostName;
+	services.mysql.replication.masterUser = replicateUser;
+	services.mysql.replication.masterPassword = replicatePassword;
+      };
+  };
+
+  testScript = ''
+    startAll;
+
+    $master->waitForUnit("mysql");
+    $master->waitForUnit("mysql");
+    $slave2->waitForUnit("mysql");
+    $slave2->sleep(100); # Hopefully this is long enough!!
+    $slave2->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
+  '';
+}
diff --git a/nixos/tests/mysql.nix b/nixos/tests/mysql.nix
new file mode 100644
index 000000000000..b48850738b72
--- /dev/null
+++ b/nixos/tests/mysql.nix
@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+
+{
+  nodes = {
+    master =
+      { pkgs, config, ... }:
+
+      {
+        services.mysql.enable = true;
+	services.mysql.replication.role = "master";
+	services.mysql.initialDatabases = [ { name = "testdb"; schema = ./testdb.sql; } ];
+      };
+  };
+
+  testScript = ''
+    startAll;
+
+    $master->waitForUnit("mysql");
+    $master->sleep(10); # Hopefully this is long enough!!
+    $master->succeed("echo 'use testdb; select * from tests' | mysql -u root -N | grep 4");
+  '';
+}
diff --git a/nixos/tests/nat.nix b/nixos/tests/nat.nix
new file mode 100644
index 000000000000..a13714d60a94
--- /dev/null
+++ b/nixos/tests/nat.nix
@@ -0,0 +1,77 @@
+# This is a simple distributed test involving a topology with two
+# separate virtual networks - the "inside" and the "outside" - with a
+# client on the inside network, a server on the outside network, and a
+# router connected to both that performs Network Address Translation
+# for the client.
+
+{ pkgs, ... }:
+
+{
+
+  nodes =
+    { client =
+        { config, pkgs, nodes, ... }:
+        { virtualisation.vlans = [ 1 ];
+          networking.defaultGateway =
+            nodes.router.config.networking.interfaces.eth2.ipAddress;
+        };
+
+      router =
+        { config, pkgs, ... }:
+        { virtualisation.vlans = [ 2 1 ];
+          networking.nat.enable = true;
+          networking.nat.internalIPs = [ "192.168.1.0/24" ];
+          networking.nat.externalInterface = "eth1";
+        };
+
+      server =
+        { config, pkgs, ... }:
+        { virtualisation.vlans = [ 2 ];
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "foo@example.org";
+          services.vsftpd.enable = true;
+          services.vsftpd.anonymousUser = true;
+        };
+    };
+
+  testScript =
+    { nodes, ... }:
+    ''
+      startAll;
+
+      # The router should have access to the server.
+      $server->waitForUnit("network.target");
+      $server->waitForUnit("httpd");
+      $router->waitForUnit("network.target");
+      $router->succeed("curl --fail http://server/ >&2");
+
+      # The client should be also able to connect via the NAT router.
+      $router->waitForUnit("nat");
+      $client->waitForUnit("network.target");
+      $client->succeed("curl --fail http://server/ >&2");
+      $client->succeed("ping -c 1 server >&2");
+
+      # Test whether passive FTP works.
+      $server->waitForUnit("vsftpd");
+      $server->succeed("echo Hello World > /home/ftp/foo.txt");
+      $client->succeed("curl -v ftp://server/foo.txt >&2");
+
+      # Test whether active FTP works.
+      $client->succeed("curl -v -P - ftp://server/foo.txt >&2");
+
+      # Test ICMP.
+      $client->succeed("ping -c 1 router >&2");
+      $router->succeed("ping -c 1 client >&2");
+
+      # If we turn off NAT, the client shouldn't be able to reach the server.
+      $router->stopJob("nat");
+      $client->fail("curl --fail --connect-timeout 5 http://server/ >&2");
+      $client->fail("ping -c 1 server >&2");
+
+      # And make sure that restarting the NAT job works.
+      $router->succeed("systemctl start nat");
+      $client->succeed("curl --fail http://server/ >&2");
+      $client->succeed("ping -c 1 server >&2");
+    '';
+
+}
diff --git a/nixos/tests/nfs.nix b/nixos/tests/nfs.nix
new file mode 100644
index 000000000000..51abf57e1b75
--- /dev/null
+++ b/nixos/tests/nfs.nix
@@ -0,0 +1,85 @@
+{ version }:
+
+{ pkgs, ... }:
+
+let
+
+  client =
+    { config, pkgs, ... }:
+    { fileSystems = pkgs.lib.mkVMOverride
+        [ { mountPoint = "/data";
+            device = "server:${if version == 4 then "/" else "/data"}";
+            fsType = "nfs";
+            options = "vers=${toString version}";
+          }
+        ];
+    };
+
+in
+
+{
+
+  nodes =
+    { client1 = client;
+      client2 = client;
+
+      server =
+        { config, pkgs, ... }:
+        { services.nfs.server.enable = true;
+          services.nfs.server.exports =
+            ''
+              /data 192.168.1.0/255.255.255.0(rw,no_root_squash,no_subtree_check,fsid=0)
+            '';
+          services.nfs.server.createMountPoints = true;
+        };
+    };
+
+  testScript =
+    ''
+      $server->waitForUnit("nfsd");
+      $server->waitForUnit("network.target");
+
+      startAll;
+
+      $client1->waitForUnit("data.mount");
+      $client1->succeed("echo bla > /data/foo");
+      $server->succeed("test -e /data/foo");
+
+      $client2->waitForUnit("data.mount");
+      $client2->succeed("echo bla > /data/bar");
+      $server->succeed("test -e /data/bar");
+
+      # Test whether restarting ‘nfsd’ works correctly.
+      $server->succeed("systemctl restart nfsd");
+      $client2->succeed("echo bla >> /data/bar"); # will take 90 seconds due to the NFS grace period
+
+      # Test whether we can get a lock.
+      $client2->succeed("time flock -n -s /data/lock true");
+
+      # Test locking: client 1 acquires an exclusive lock, so client 2
+      # should then fail to acquire a shared lock.
+      $client1->succeed("flock -x /data/lock -c 'touch locked; sleep 100000' &");
+      $client1->waitForFile("locked");
+      $client2->fail("flock -n -s /data/lock true");
+
+      # Test whether client 2 obtains the lock if we reset client 1.
+      $client2->succeed("flock -x /data/lock -c 'echo acquired; touch locked; sleep 100000' >&2 &");
+      $client1->crash;
+      $client1->start;
+      $client2->waitForFile("locked");
+
+      # Test whether locks survive a reboot of the server.
+      $client1->waitForUnit("data.mount");
+      $server->shutdown;
+      $server->start;
+      $client1->succeed("touch /data/xyzzy");
+      $client1->fail("time flock -n -s /data/lock true");
+
+      # Test whether unmounting during shutdown happens quickly.
+      my $t1 = time;
+      $client1->shutdown;
+      my $duration = time - $t1;
+      die "shutdown took too long ($duration seconds)" if $duration > 30;
+    '';
+
+}
diff --git a/nixos/tests/openssh.nix b/nixos/tests/openssh.nix
new file mode 100644
index 000000000000..49d92fbde908
--- /dev/null
+++ b/nixos/tests/openssh.nix
@@ -0,0 +1,38 @@
+{ pkgs, ... }:
+
+{
+  nodes = {
+
+    server =
+      { config, pkgs, ... }:
+
+      {
+        services.openssh.enable = true;
+        security.pam.services.sshd.limits =
+          [ { domain = "*"; item = "memlock"; type = "-"; value = 1024; } ];
+      };
+
+    client =
+      { config, pkgs, ... }: { };
+
+  };
+
+  testScript = ''
+    startAll;
+
+    my $key=`${pkgs.openssh}/bin/ssh-keygen -t dsa -f key -N ""`;
+
+    $server->waitForUnit("sshd");
+
+    $server->succeed("mkdir -m 700 /root/.ssh");
+    $server->copyFileFromHost("key.pub", "/root/.ssh/authorized_keys");
+
+    $client->succeed("mkdir -m 700 /root/.ssh");
+    $client->copyFileFromHost("key", "/root/.ssh/id_dsa");
+    $client->succeed("chmod 600 /root/.ssh/id_dsa");
+
+    $client->waitForUnit("network.target");
+    $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'echo hello world' >&2");
+    $client->succeed("ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no server 'ulimit -l' | grep 1024");
+  '';
+}
diff --git a/nixos/tests/partition.nix b/nixos/tests/partition.nix
new file mode 100644
index 000000000000..7126e7255ef4
--- /dev/null
+++ b/nixos/tests/partition.nix
@@ -0,0 +1,227 @@
+{ pkgs, system, ... }:
+
+with pkgs.lib;
+
+let
+  ksExt = pkgs.writeText "ks-ext4" ''
+    clearpart --all --initlabel --drives=vdb
+
+    part /boot --recommended --label=boot --fstype=ext2 --ondisk=vdb
+    part swap --recommended --label=swap --fstype=swap --ondisk=vdb
+    part /nix --size=500 --label=nix --fstype=ext3 --ondisk=vdb
+    part / --recommended --label=root --fstype=ext4 --ondisk=vdb
+  '';
+
+  ksBtrfs = pkgs.writeText "ks-btrfs" ''
+    clearpart --all --initlabel --drives=vdb,vdc
+
+    part swap1 --recommended --label=swap1 --fstype=swap --ondisk=vdb
+    part swap2 --recommended --label=swap2 --fstype=swap --ondisk=vdc
+
+    part btrfs.1 --grow --ondisk=vdb
+    part btrfs.2 --grow --ondisk=vdc
+
+    btrfs / --data=0 --metadata=1 --label=root btrfs.1 btrfs.2
+  '';
+
+  ksRaid = pkgs.writeText "ks-raid" ''
+    clearpart --all --initlabel --drives=vdb,vdc
+
+    part raid.01 --size=200 --ondisk=vdb
+    part raid.02 --size=200 --ondisk=vdc
+
+    part swap1 --size=500 --label=swap1 --fstype=swap --ondisk=vdb
+    part swap2 --size=500 --label=swap2 --fstype=swap --ondisk=vdc
+
+    part raid.11 --grow --ondisk=vdb
+    part raid.12 --grow --ondisk=vdc
+
+    raid /boot --level=1 --fstype=ext3 --device=md0 raid.01 raid.02
+    raid / --level=1 --fstype=xfs --device=md1 raid.11 raid.12
+  '';
+
+  ksRaidLvmCrypt = pkgs.writeText "ks-lvm-crypt" ''
+    clearpart --all --initlabel --drives=vdb,vdc
+
+    part raid.1 --grow --ondisk=vdb
+    part raid.2 --grow --ondisk=vdc
+
+    raid pv.0 --level=1 --encrypted --passphrase=x --device=md0 raid.1 raid.2
+
+    volgroup nixos pv.0
+
+    logvol /boot --size=200 --fstype=ext3 --name=boot --vgname=nixos
+    logvol swap --size=500 --fstype=swap --name=swap --vgname=nixos
+    logvol / --size=1000 --grow --fstype=ext4 --name=root --vgname=nixos
+  '';
+in {
+  machine = { config, pkgs, ... }: {
+    environment.systemPackages = [
+      pkgs.pythonPackages.nixpart
+      pkgs.file pkgs.btrfsProgs pkgs.xfsprogs pkgs.lvm2
+    ];
+    virtualisation.emptyDiskImages = [ 4096 4096 ];
+  };
+
+  testScript = ''
+    my $diskStart;
+    my @mtab;
+
+    sub getMtab {
+      my $mounts = $machine->succeed("cat /proc/mounts");
+      chomp $mounts;
+      return map [split], split /\n/, $mounts;
+    }
+
+    sub parttest {
+      my ($desc, $code) = @_;
+      $machine->start;
+      $machine->waitForUnit("default.target");
+
+      # Gather mounts and superblock
+      @mtab = getMtab;
+      $diskStart = $machine->succeed("dd if=/dev/vda bs=512 count=1");
+
+      subtest($desc, $code);
+      $machine->shutdown;
+    }
+
+    sub ensureSanity {
+      # Check whether the filesystem in /dev/vda is still intact
+      my $newDiskStart = $machine->succeed("dd if=/dev/vda bs=512 count=1");
+      if ($diskStart ne $newDiskStart) {
+        $machine->log("Something went wrong, the partitioner wrote " .
+                      "something into the first 512 bytes of /dev/vda!");
+        die;
+      }
+
+      # Check whether nixpart has unmounted anything
+      my @currentMtab = getMtab;
+      for my $mount (@mtab) {
+        my $path = $mount->[1];
+        unless (grep { $_->[1] eq $path } @currentMtab) {
+          $machine->log("The partitioner seems to have unmounted $path.");
+          die;
+        }
+      }
+    }
+
+    sub checkMount {
+      my $mounts = $machine->succeed("cat /proc/mounts");
+
+    }
+
+    sub kickstart {
+      $machine->copyFileFromHost($_[0], "/kickstart");
+      $machine->succeed("nixpart -v /kickstart");
+      ensureSanity;
+    }
+
+    sub ensurePartition {
+      my ($name, $match) = @_;
+      my $path = $name =~ /^\// ? $name : "/dev/disk/by-label/$name";
+      my $out = $machine->succeed("file -Ls $path");
+      my @matches = grep(/^$path: .*$match/i, $out);
+      if (!@matches) {
+        $machine->log("Partition on $path was expected to have a " .
+                      "file system that matches $match, but instead has: $out");
+        die;
+      }
+    }
+
+    sub ensureNoPartition {
+      $machine->succeed("test ! -e /dev/$_[0]");
+    }
+
+    sub ensureMountPoint {
+      $machine->succeed("mountpoint $_[0]");
+    }
+
+    sub remountAndCheck {
+      $machine->nest("Remounting partitions:", sub {
+        # XXX: "findmnt -ARunl -oTARGET /mnt" seems to NOT print all mounts!
+        my $getmounts_cmd = "cat /proc/mounts | cut -d' ' -f2 | grep '^/mnt'";
+        # Insert canaries first
+        my $canaries = $machine->succeed($getmounts_cmd . " | while read p;" .
+                                         " do touch \"\$p/canary\";" .
+                                         " echo \"\$p/canary\"; done");
+        # Now unmount manually
+        $machine->succeed($getmounts_cmd . " | tac | xargs -r umount");
+        # /mnt should be empty or non-existing
+        my $found = $machine->succeed("find /mnt -mindepth 1");
+        chomp $found;
+        if ($found) {
+          $machine->log("Cruft found in /mnt:\n$found");
+          die;
+        }
+        # Try to remount with nixpart
+        $machine->succeed("nixpart -vm /kickstart");
+        ensureMountPoint("/mnt");
+        # Check if our beloved canaries are dead
+        chomp $canaries;
+        $machine->nest("Checking canaries:", sub {
+          for my $canary (split /\n/, $canaries) {
+            $machine->succeed("test -e '$canary'");
+          }
+        });
+      });
+    }
+
+    parttest "ext2, ext3 and ext4 filesystems", sub {
+      kickstart("${ksExt}");
+      ensurePartition("boot", "ext2");
+      ensurePartition("swap", "swap");
+      ensurePartition("nix", "ext3");
+      ensurePartition("root", "ext4");
+      ensurePartition("/dev/vdb4", "boot sector");
+      ensureNoPartition("vdb6");
+      ensureNoPartition("vdc1");
+      remountAndCheck;
+      ensureMountPoint("/mnt/boot");
+      ensureMountPoint("/mnt/nix");
+    };
+
+    parttest "btrfs filesystem", sub {
+      $machine->succeed("modprobe btrfs");
+      kickstart("${ksBtrfs}");
+      ensurePartition("swap1", "swap");
+      ensurePartition("swap2", "swap");
+      ensurePartition("/dev/vdb2", "btrfs");
+      ensurePartition("/dev/vdc2", "btrfs");
+      ensureNoPartition("vdb3");
+      ensureNoPartition("vdc3");
+      remountAndCheck;
+    };
+
+    parttest "RAID1 with XFS", sub {
+      kickstart("${ksRaid}");
+      ensurePartition("swap1", "swap");
+      ensurePartition("swap2", "swap");
+      ensurePartition("/dev/md0", "ext3");
+      ensurePartition("/dev/md1", "xfs");
+      ensureNoPartition("vdb4");
+      ensureNoPartition("vdc4");
+      ensureNoPartition("md2");
+      remountAndCheck;
+      ensureMountPoint("/mnt/boot");
+    };
+
+    parttest "RAID1 with LUKS and LVM", sub {
+      kickstart("${ksRaidLvmCrypt}");
+      ensurePartition("/dev/vdb1", "data");
+      ensureNoPartition("vdb2");
+      ensurePartition("/dev/vdc1", "data");
+      ensureNoPartition("vdc2");
+
+      ensurePartition("/dev/md0", "luks");
+      ensureNoPartition("md1");
+
+      ensurePartition("/dev/nixos/boot", "ext3");
+      ensurePartition("/dev/nixos/swap", "swap");
+      ensurePartition("/dev/nixos/root", "ext4");
+
+      remountAndCheck;
+      ensureMountPoint("/mnt/boot");
+    };
+  '';
+}
diff --git a/nixos/tests/printing.nix b/nixos/tests/printing.nix
new file mode 100644
index 000000000000..13cc3115d50e
--- /dev/null
+++ b/nixos/tests/printing.nix
@@ -0,0 +1,90 @@
+# Test printing via CUPS.
+
+{ pkgs, ... }:
+
+{
+
+  nodes = {
+
+    server =
+      { config, pkgs, ... }:
+      { services.printing.enable = true;
+        services.printing.cupsdConf =
+          ''
+            Listen server:631
+            <Location />
+              Order allow,deny
+              Allow from all
+            </Location>
+          '';
+      };
+
+    client =
+      { config, pkgs, nodes, ... }:
+      { services.printing.enable = true;
+      };
+
+  };
+
+  testScript =
+    ''
+      startAll;
+
+      # Make sure that cups is up on both sides.
+      $server->waitForUnit("cupsd.service");
+      $client->waitForUnit("cupsd.service");
+      $client->succeed("lpstat -r") =~ /scheduler is running/ or die;
+      $client->succeed("lpstat -H") =~ "/var/run/cups/cups.sock" or die;
+      $client->succeed("curl --fail http://localhost:631/");
+      $client->succeed("curl --fail http://server:631/");
+      $server->fail("curl --fail http://client:631/");
+
+      # Add a HP Deskjet printer connected via USB to the server.
+      $server->succeed("lpadmin -p DeskjetLocal -v usb://HP/Deskjet%205400%20series?serial=TH93I152S123XY -m 'drv:///sample.drv/deskjet.ppd' -E");
+
+      # Add it to the client as well via IPP.
+      $client->succeed("lpadmin -p DeskjetRemote -v ipp://server/printers/DeskjetLocal -m 'drv:///sample.drv/deskjet.ppd' -E");
+      $client->succeed("lpadmin -d DeskjetRemote");
+
+      # Do some status checks.
+      $client->succeed("lpstat -a") =~ /DeskjetRemote accepting requests/ or die;
+      $client->succeed("lpstat -h server -a") =~ /DeskjetLocal accepting requests/ or die;
+      $client->succeed("cupsdisable DeskjetRemote");
+      $client->succeed("lpq") =~ /DeskjetRemote is not ready.*no entries/s or die;
+      $client->succeed("cupsenable DeskjetRemote");
+      $client->succeed("lpq") =~ /DeskjetRemote is ready.*no entries/s or die;
+
+      # Test printing various file types.
+      foreach my $file ("${pkgs.groff}/share/doc/*/examples/mom/typesetting.pdf",
+                        "${pkgs.groff}/share/doc/*/meref.ps",
+                        "${pkgs.cups}/share/doc/cups/images/cups.png",
+                        "${pkgs.xz}/share/doc/xz/faq.txt")
+      {
+          $file =~ /([^\/]*)$/; my $fn = $1;
+
+          subtest "print $fn", sub {
+
+              # Print the file on the client.
+              $client->succeed("lp $file");
+              $client->succeed("lpq") =~ /active.*root.*$fn/ or die;
+
+              # Ensure that a raw PCL file appeared in the server's queue
+              # (showing that the right filters have been applied).  Of
+              # course, since there is no actual USB printer attached, the
+              # file will stay in the queue forever.
+              $server->waitForFile("/var/spool/cups/d*-*");
+              $server->succeed("lpq -a") =~ /remroot.*$fn/ or die;
+              $server->succeed("hexdump -C -n2 /var/spool/cups/d*-*") =~ /1b 45/ or die; # 1b 45 = printer reset
+
+              # Delete the job on the client.  It should disappear on the
+              # server as well.
+              $client->succeed("lprm");
+              $client->succeed("lpq -a") =~ /no entries/;
+              Machine::retry sub {
+                return 1 if $server->succeed("lpq -a") =~ /no entries/;
+              };
+          };
+      }
+    '';
+
+}
diff --git a/nixos/tests/proxy.nix b/nixos/tests/proxy.nix
new file mode 100644
index 000000000000..3b79c16ea2c4
--- /dev/null
+++ b/nixos/tests/proxy.nix
@@ -0,0 +1,94 @@
+{ pkgs, ... }:
+
+let
+
+  backend =
+    { config, pkgs, ... }:
+
+    {
+      services.openssh.enable = true;
+
+      services.httpd.enable = true;
+      services.httpd.adminAddr = "foo@example.org";
+      services.httpd.documentRoot = "${pkgs.valgrind}/share/doc/valgrind/html";
+    };
+
+in
+
+{
+
+  nodes =
+    { proxy =
+        { config, pkgs, nodes, ... }:
+
+        {
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "bar@example.org";
+          services.httpd.extraModules = ["proxy_balancer"];
+
+          services.httpd.extraConfig =
+            ''
+              ExtendedStatus on
+
+              <Location /server-status>
+                Order deny,allow
+                Allow from all
+                SetHandler server-status
+              </Location>
+
+              <Proxy balancer://cluster>
+                Allow from all
+                BalancerMember http://${nodes.backend1.config.networking.hostName} retry=0
+                BalancerMember http://${nodes.backend2.config.networking.hostName} retry=0
+              </Proxy>
+
+              ProxyStatus       full
+              ProxyPass         /server-status !
+              ProxyPass         /       balancer://cluster/
+              ProxyPassReverse  /       balancer://cluster/
+
+              # For testing; don't want to wait forever for dead backend servers.
+              ProxyTimeout      5
+            '';
+        };
+
+      backend1 = backend;
+      backend2 = backend;
+
+      client = { config, pkgs, ... }: { };
+    };
+
+  testScript =
+    ''
+      startAll;
+
+      $proxy->waitForUnit("httpd");
+      $backend1->waitForUnit("httpd");
+      $backend2->waitForUnit("httpd");
+
+      # With the back-ends up, the proxy should work.
+      $client->succeed("curl --fail http://proxy/");
+
+      $client->succeed("curl --fail http://proxy/server-status");
+
+      # Block the first back-end.
+      $backend1->block;
+
+      # The proxy should still work.
+      $client->succeed("curl --fail http://proxy/");
+
+      $client->succeed("curl --fail http://proxy/");
+
+      # Block the second back-end.
+      $backend2->block;
+
+      # Now the proxy should fail as well.
+      $client->fail("curl --fail http://proxy/");
+
+      # But if the second back-end comes back, the proxy should start
+      # working again.
+      $backend2->unblock;
+      $client->succeed("curl --fail http://proxy/");
+    '';
+
+}
diff --git a/nixos/tests/quake3.nix b/nixos/tests/quake3.nix
new file mode 100644
index 000000000000..925011077805
--- /dev/null
+++ b/nixos/tests/quake3.nix
@@ -0,0 +1,79 @@
+{ pkgs, ... }:
+
+let
+
+  # Build Quake with coverage instrumentation.
+  overrides = pkgs:
+    rec {
+      quake3game = pkgs.quake3game.override (args: {
+        stdenv = pkgs.stdenvAdapters.addCoverageInstrumentation args.stdenv;
+      });
+    };
+
+in
+
+rec {
+
+  client =
+    { config, pkgs, ... }:
+
+    { imports = [ ./common/x11.nix ];
+      services.xserver.driSupport = true;
+      services.xserver.defaultDepth = pkgs.lib.mkOverride 0 16;
+      environment.systemPackages = [ pkgs.quake3demo ];
+      nixpkgs.config.packageOverrides = overrides;
+    };
+
+  nodes =
+    { server =
+        { config, pkgs, ... }:
+
+        { jobs."quake3-server" =
+            { startOn = "startup";
+              exec =
+                "${pkgs.quake3demo}/bin/quake3-server '+set g_gametype 0' " +
+                "'+map q3dm7' '+addbot grunt' '+addbot daemia' 2> /tmp/log";
+            };
+          nixpkgs.config.packageOverrides = overrides;
+        };
+
+      client1 = client;
+      client2 = client;
+    };
+
+  testScript =
+    ''
+      startAll;
+
+      $server->waitForUnit("quake3-server");
+      $client1->waitForX;
+      $client2->waitForX;
+
+      $client1->execute("quake3 '+set r_fullscreen 0' '+set name Foo' '+connect server' &");
+      $client2->execute("quake3 '+set r_fullscreen 0' '+set name Bar' '+connect server' &");
+
+      $server->waitUntilSucceeds("grep -q 'Foo.*entered the game' /tmp/log");
+      $server->waitUntilSucceeds("grep -q 'Bar.*entered the game' /tmp/log");
+
+      $server->sleep(10); # wait for a while to get a nice screenshot
+
+      $client1->block();
+
+      $server->sleep(20);
+
+      $client1->screenshot("screen1");
+      $client2->screenshot("screen2");
+
+      $client1->unblock();
+
+      $server->sleep(10);
+
+      $client1->screenshot("screen3");
+      $client2->screenshot("screen4");
+
+      $client1->shutdown();
+      $client2->shutdown();
+      $server->stopJob("quake3-server");
+    '';
+
+}
diff --git a/nixos/tests/run-in-machine.nix b/nixos/tests/run-in-machine.nix
new file mode 100644
index 000000000000..8efe26c17082
--- /dev/null
+++ b/nixos/tests/run-in-machine.nix
@@ -0,0 +1,8 @@
+{ system ? builtins.currentSystem }:
+
+with import ../lib/testing.nix { inherit system; };
+
+runInMachine {
+  drv = pkgs.patchelf;
+  machine = { config, pkgs, ... }: { services.sshd.enable = true; };
+}
diff --git a/nixos/tests/simple.nix b/nixos/tests/simple.nix
new file mode 100644
index 000000000000..eee13a101334
--- /dev/null
+++ b/nixos/tests/simple.nix
@@ -0,0 +1,11 @@
+{ pkgs, ... }:
+
+{
+  machine = { config, pkgs, ... }: { };
+
+  testScript =
+    ''
+      startAll;
+      $machine->shutdown;
+    '';
+}
diff --git a/nixos/tests/subversion.nix b/nixos/tests/subversion.nix
new file mode 100644
index 000000000000..309da90c5df1
--- /dev/null
+++ b/nixos/tests/subversion.nix
@@ -0,0 +1,117 @@
+{ pkgs, ... }:
+
+let
+
+  # Build some packages with coverage instrumentation.
+  overrides = pkgs:
+    with pkgs.stdenvAdapters;
+    let
+      do = pkg: pkg.override (args: {
+        stdenv = addCoverageInstrumentation args.stdenv;
+      });
+    in
+      rec {
+        apr = do pkgs.apr;
+        aprutil = do pkgs.aprutil;
+        apacheHttpd = do pkgs.apacheHttpd;
+        mod_python = do pkgs.mod_python;
+        subversion = do pkgs.subversion;
+
+        # To build the kernel with coverage instrumentation, we need a
+        # special patch to make coverage data available under /proc.
+        linux = pkgs.linux.override (orig: {
+          stdenv = cleanupBuildTree (keepBuildTree orig.stdenv);
+          extraConfig =
+            ''
+              GCOV_KERNEL y
+              GCOV_PROFILE_ALL y
+            '';
+        });
+      };
+
+in
+
+{
+
+  nodes =
+    { webserver =
+        { config, pkgs, ... }:
+
+        {
+          services.httpd.enable = true;
+          services.httpd.adminAddr = "e.dolstra@tudelft.nl";
+          services.httpd.extraSubservices =
+            [ { function = import <services/subversion>;
+                urlPrefix = "";
+                dataDir = "/data/subversion";
+                userCreationDomain = "192.168.0.0/16";
+              }
+            ];
+          nixpkgs.config.packageOverrides = overrides;
+        };
+
+      client =
+        { config, pkgs, ... }:
+
+        {
+          environment.systemPackages = [ pkgs.subversion ];
+          nixpkgs.config.packageOverrides = overrides;
+        };
+
+    };
+
+  testScript =
+    ''
+      startAll;
+
+      $webserver->waitForOpenPort(80);
+
+      print STDERR $client->succeed("svn --version");
+
+      print STDERR $client->succeed("curl --fail http://webserver/");
+
+      # Create a new user through the web interface.
+      $client->succeed("curl --fail -F username=alice -F fullname='Alice Lastname' -F address=alice\@example.org -F password=foobar -F password_again=foobar http://webserver/repoman/adduser");
+
+      # Let Alice create a new repository.
+      $client->succeed("curl --fail -u alice:foobar --form repo=xyzzy --form description=Xyzzy http://webserver/repoman/create");
+
+      $client->succeed("curl --fail http://webserver/") =~ /alice/ or die;
+
+      # Let Alice do a checkout.
+      my $svnFlags = "--non-interactive --username alice --password foobar";
+      $client->succeed("svn co $svnFlags http://webserver/repos/xyzzy wc");
+      $client->succeed("echo hello > wc/world");
+      $client->succeed("svn add wc/world");
+      $client->succeed("svn ci $svnFlags -m 'Added world.' wc/world");
+
+      # Create a new user on the server through the create-user.pl script.
+      $webserver->execute("svn-server-create-user.pl bob bob\@example.org Bob");
+      $webserver->succeed("svn-server-resetpw.pl bob fnord");
+      $client->succeed("curl --fail http://webserver/") =~ /bob/ or die;
+
+      # Bob should not have access to the repo.
+      my $svnFlagsBob = "--non-interactive --username bob --password fnord";
+      $client->fail("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
+
+      # Bob should not be able change the ACLs of the repo.
+      # !!! Repoman should really return a 403 here.
+      $client->succeed("curl --fail -u bob:fnord -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy")
+          =~ /not authorised/ or die;
+
+      # Give Bob access.
+      $client->succeed("curl --fail -u alice:foobar -F description=Xyzzy -F readers=alice,bob -F writers=alice -F watchers= -F tardirs= http://webserver/repoman/update/xyzzy");
+
+      # So now his checkout should succeed.
+      $client->succeed("svn co $svnFlagsBob http://webserver/repos/xyzzy wc2");
+
+      # Test ViewVC and WebSVN
+      $client->succeed("curl --fail -u alice:foobar http://webserver/viewvc/xyzzy");
+      $client->succeed("curl --fail -u alice:foobar http://webserver/websvn/xyzzy");
+      $client->succeed("curl --fail -u alice:foobar http://webserver/repos-xml/xyzzy");
+
+      # Stop Apache to gather all the coverage data.
+      $webserver->stopJob("httpd");
+    '';
+
+}
diff --git a/nixos/tests/test-config-examples.sh b/nixos/tests/test-config-examples.sh
new file mode 100755
index 000000000000..1ba2f841c41d
--- /dev/null
+++ b/nixos/tests/test-config-examples.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+# This script try to evaluate all configurations which are stored in
+# doc/config-examples.  This script is useful to ensure that examples are
+# working with the current system.
+
+pwd=$(pwd)
+set -xe
+for i in ../doc/config-examples/*.nix; do
+  NIXOS_CONFIG="$pwd/$i" nix-instantiate \
+      --eval-only --xml --strict > /dev/null 2>&1 \
+      ../default.nix -A system
+done
+set +xe
diff --git a/nixos/tests/testdb.sql b/nixos/tests/testdb.sql
new file mode 100644
index 000000000000..4fb28fea3df9
--- /dev/null
+++ b/nixos/tests/testdb.sql
@@ -0,0 +1,10 @@
+create table tests
+( Id   INTEGER      NOT NULL,
+  Name VARCHAR(255) NOT NULL,
+  primary key(Id)
+);
+
+insert into tests values (1, 'a');
+insert into tests values (2, 'b');
+insert into tests values (3, 'c');
+insert into tests values (4, 'd');
diff --git a/nixos/tests/tomcat.nix b/nixos/tests/tomcat.nix
new file mode 100644
index 000000000000..6bc88ec82fa2
--- /dev/null
+++ b/nixos/tests/tomcat.nix
@@ -0,0 +1,29 @@
+{ pkgs, ... }:
+
+{
+  nodes = {
+    server =
+      { pkgs, config, ... }:
+
+      {
+        services.tomcat.enable = true;
+        services.httpd.enable = true;
+        services.httpd.adminAddr = "foo@bar.com";
+        services.httpd.extraSubservices = [
+          { serviceType = "tomcat-connector"; }
+        ];
+      };
+
+    client = { };
+  };
+
+  testScript = ''
+    startAll;
+
+    $server->waitForUnit("tomcat");
+    $server->sleep(30); # Dirty, but it takes a while before Tomcat handles to requests properly
+    $client->waitForUnit("network.target");
+    $client->succeed("curl --fail http://server/examples/servlets/servlet/HelloWorldExample");
+    $client->succeed("curl --fail http://server/examples/jsp/jsp2/simpletag/hello.jsp");
+  '';
+}
diff --git a/nixos/tests/trac.nix b/nixos/tests/trac.nix
new file mode 100644
index 000000000000..e0d256f57019
--- /dev/null
+++ b/nixos/tests/trac.nix
@@ -0,0 +1,71 @@
+{ pkgs, ... }:
+
+{
+  nodes = {
+    storage =
+      { config, pkgs, ... }:
+      { services.nfs.server.enable = true;
+        services.nfs.server.exports = ''
+          /repos 192.168.1.0/255.255.255.0(rw,no_root_squash)
+        '';
+        services.nfs.server.createMountPoints = true;
+      };
+
+    postgresql =
+      { config, pkgs, ... }:
+      { services.postgresql.enable = true;
+        services.postgresql.package = pkgs.postgresql92;
+        services.postgresql.enableTCPIP = true;
+        services.postgresql.authentication = ''
+          # Generated file; do not edit!
+          local all all                trust
+          host  all all 127.0.0.1/32   trust
+          host  all all ::1/128        trust
+          host  all all 192.168.1.0/24 trust
+        '';
+      };
+
+    webserver =
+      { config, pkgs, ... }:
+      { fileSystems = pkgs.lib.mkVMOverride
+          [ { mountPoint = "/repos";
+              device = "storage:/repos";
+              fsType = "nfs";
+            }
+          ];
+        services.httpd.enable = true;
+        services.httpd.adminAddr = "root@localhost";
+        services.httpd.extraSubservices = [ { serviceType = "trac"; } ];
+        environment.systemPackages = [ pkgs.pythonPackages.trac pkgs.subversion ];
+      };
+
+    client =
+      { config, pkgs, ... }:
+      { imports = [ ./common/x11.nix ];
+        services.xserver.desktopManager.kde4.enable = true;
+      };
+  };
+
+  testScript =
+    ''
+      startAll;
+
+      $postgresql->waitForUnit("postgresql");
+      $postgresql->succeed("createdb trac");
+
+      $webserver->succeed("mkdir -p /repos/trac");
+      $webserver->succeed("svnadmin create /repos/trac");
+
+      $webserver->waitForUnit("httpd");
+      $webserver->waitForFile("/var/trac");
+      $webserver->succeed("mkdir -p /var/trac/projects/test");
+      $webserver->succeed("PYTHONPATH=${pkgs.pythonPackages.psycopg2}/lib/${pkgs.python.libPrefix}/site-packages trac-admin /var/trac/projects/test initenv Test postgres://root\@postgresql/trac svn /repos/trac");
+
+      $client->waitForX;
+      $client->execute("konqueror http://webserver/projects/test &");
+      $client->waitForWindow(qr/Test.*Konqueror/);
+      $client->sleep(30); # loading takes a long time
+
+      $client->screenshot("screen");
+    '';
+}
diff --git a/nixos/tests/xfce.nix b/nixos/tests/xfce.nix
new file mode 100644
index 000000000000..9f9692f8a014
--- /dev/null
+++ b/nixos/tests/xfce.nix
@@ -0,0 +1,32 @@
+{ pkgs, ... }:
+
+{
+
+  machine =
+    { config, pkgs, ... }:
+
+    { imports = [ ./common/user-account.nix ];
+
+      services.xserver.enable = true;
+
+      services.xserver.displayManager.auto.enable = true;
+      services.xserver.displayManager.auto.user = "alice";
+
+      services.xserver.desktopManager.xfce.enable = true;
+    };
+
+  testScript =
+    ''
+      $machine->waitForWindow(qr/xfce4-panel/);
+      $machine->sleep(10);
+
+      # Check that logging in has given the user ownership of devices.
+      $machine->succeed("getfacl /dev/snd/timer | grep -q alice");
+
+      $machine->succeed("su - alice -c 'DISPLAY=:0.0 xfce4-terminal &'");
+      $machine->waitForWindow(qr/Terminal/);
+      $machine->sleep(10);
+      $machine->screenshot("screen");
+    '';
+
+}
diff --git a/pkgs/applications/audio/a2jmidid/default.nix b/pkgs/applications/audio/a2jmidid/default.nix
index ca8565ac3238..f6c17e6d8ed5 100644
--- a/pkgs/applications/audio/a2jmidid/default.nix
+++ b/pkgs/applications/audio/a2jmidid/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://home.gna.org/a2jmidid;
-    description = "daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
+    description = "Daemon for exposing legacy ALSA sequencer applications in JACK MIDI system";
     license = licenses.gpl2;
     maintainers = [ maintainers.goibhniu ];
 
diff --git a/pkgs/applications/audio/abcde/default.nix b/pkgs/applications/audio/abcde/default.nix
index c6b5e9da0dd7..031b0fe93b59 100644
--- a/pkgs/applications/audio/abcde/default.nix
+++ b/pkgs/applications/audio/abcde/default.nix
@@ -62,7 +62,7 @@ in
     meta = {
       homepage = "http://lly.org/~rcw/abcde/page/";
       license = "GPLv2+";
-      description = "A Better CD Encoder (ABCDE)";
+      description = "Command-line audio CD ripper";
 
       longDescription = ''
         abcde is a front-end command-line utility (actually, a shell
diff --git a/pkgs/applications/audio/audacious/default.nix b/pkgs/applications/audio/audacious/default.nix
index 9ae2fcdd20ed..f9a8d0752415 100644
--- a/pkgs/applications/audio/audacious/default.nix
+++ b/pkgs/applications/audio/audacious/default.nix
@@ -1,28 +1,28 @@
 { stdenv, fetchurl, pkgconfig, glib, gtk3, libmowgli, libmcs
 , gettext, dbus_glib, libxml2, libmad, xlibs, alsaLib, libogg
-, libvorbis, libcdio, libcddb, flac, ffmpeg
+, libvorbis, libcdio, libcddb, flac, ffmpeg, makeWrapper
 }:
 
 let
-  version = "3.3.4";
+  version = "3.4.1";
 in
 stdenv.mkDerivation {
   name = "audacious-${version}";
 
   src = fetchurl {
     url = "http://distfiles.audacious-media-player.org/audacious-${version}.tar.bz2";
-    sha256 = "19zw4yj8g4fvxkv0ql8v8vgxzldxl1fzig239zzv88mpnvwxn737";
+    sha256 = "0wf99b0nrk90fyak4gpwi076qnsrmv1j8958cvi57rxig21lvvap";
   };
 
   pluginsSrc = fetchurl {
     url = "http://distfiles.audacious-media-player.org/audacious-plugins-${version}.tar.bz2";
-    sha256 = "1l5g0zq73qp1hlrf4xsaj0n3hg0asrp7169531jgpncjn15dhvdn";
+    sha256 = "02ivrxs6109nmmz9pkbf9dkm36s2lyp9vfv59sm0acxxd4db71md";
   };
 
   buildInputs =
     [ gettext pkgconfig glib gtk3 libmowgli libmcs libxml2 dbus_glib
       libmad xlibs.libXcomposite libogg libvorbis flac alsaLib libcdio
-      libcddb ffmpeg
+      libcddb ffmpeg makeWrapper
     ];
 
   # Here we build bouth audacious and audacious-plugins in one
@@ -44,12 +44,21 @@ stdenv.mkDerivation {
         src=$pluginsSrc
         genericBuild
       )
+
+      (
+        source $stdenv/setup
+        # gsettings schemas for file dialogues
+        for file in "$out"/bin/*; do
+          wrapProgram "$file" --prefix XDG_DATA_DIRS : "$XDG_ADD"
+        done
+      )
     '';
+  XDG_ADD = gtk3 + "/share";
 
   enableParallelBuilding = true;
 
   meta = {
-    description = "Audacious, a media player forked from the Beep Media Player, which was itself an XMMS fork";
+    description = "Audio player";
     homepage = http://audacious-media-player.org/;
     maintainers = with stdenv.lib.maintainers; [ eelco simons ];
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/applications/audio/audacity/default.nix b/pkgs/applications/audio/audacity/default.nix
index fa392c4e43c3..4a6797f9010b 100644
--- a/pkgs/applications/audio/audacity/default.nix
+++ b/pkgs/applications/audio/audacity/default.nix
@@ -4,12 +4,12 @@
   }:
 
 stdenv.mkDerivation rec {
-  version = "2.0.3";
+  version = "2.0.4";
   name = "audacity-${version}";
 
   src = fetchurl {
     url = "http://audacity.googlecode.com/files/audacity-minsrc-${version}.tar.xz";
-    sha256 = "1k4bbxhpfl80vm3gm3jxqly0syqjij5kwziy4xyq2c8aj2miwj1f";
+    sha256 = "0pl92filykzs4g2pn7i02kdqgja326wjgafzw2vcgwn3dwrs4avp";
   };
 
   preConfigure = /* we prefer system-wide libs */ ''
diff --git a/pkgs/applications/audio/aumix/default.nix b/pkgs/applications/audio/aumix/default.nix
index d69d9d471336..1e19a3ac5c39 100644
--- a/pkgs/applications/audio/aumix/default.nix
+++ b/pkgs/applications/audio/aumix/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     ++ (if gtkGUI then [pkgconfig gtk] else []);
 
   meta = {
-    description = "Aumix, an audio mixer for X and the console";
+    description = "Audio mixer for X and the console";
     longDescription = ''
       Aumix adjusts an audio mixer from X, the console, a terminal,
       the command line or a script.
diff --git a/pkgs/applications/audio/google-musicmanager/default.nix b/pkgs/applications/audio/google-musicmanager/default.nix
new file mode 100644
index 000000000000..8cff94c25d93
--- /dev/null
+++ b/pkgs/applications/audio/google-musicmanager/default.nix
@@ -0,0 +1,57 @@
+{ stdenv, fetchurl, readline, patchelf, ncurses, qt48, libidn, expat, flac
+, libvorbis }:
+
+assert stdenv.system == "x86_64-linux" || stdenv.system == "1686-linux";
+
+stdenv.mkDerivation rec {
+  debversion = "beta_1.0.84.1107-r0";
+  version = "1.0.84.1107-beta-r0"; # friendly to nix-env version sorting algo
+  product = "google-musicmanager";
+  name    = "${product}-${version}";
+
+  # When looking for newer versions, since google doesn't let you list their repo dirs,
+  # curl http://dl.google.com/linux/musicmanager/deb/dists/stable/Release
+  # fetch an appropriate packages file eg main/binary-amd64/Packages
+  # which will contain the links to all available *.debs for the arch.
+
+  src = if stdenv.system == "x86_64-linux"
+    then fetchurl {
+      url    = "http://dl.google.com/linux/musicmanager/deb/pool/main/g/${product}-beta/${product}-${debversion}_amd64.deb";
+      sha256 = "0irlrspw508b1s9i5d1mddpp2x9w1ny3svf27gxf8pmwbiyd1cyi";
+    }
+    else fetchurl {
+       url    = "http://dl.google.com/linux/musicmanager/deb/pool/main/g/${product}-beta/${product}-${debversion}_i386.deb";
+       sha256 = "13pfsjvaygap6axrlbfhyk1h8377xmwi47x4af6j57qq6z7329rg";
+    };
+
+  unpackPhase = ''
+    ar vx ${src}
+    tar -xvf data.tar.lzma
+  '';
+
+  buildInputs = [ patchelf ];
+
+  buildPhase = ''
+    patchelf \
+      --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+      --set-rpath "$out/opt/google/musicmanager:${readline}/lib:${ncurses}/lib:${stdenv.gcc.libc}/lib:${qt48}/lib:${stdenv.gcc.gcc}/lib:${libidn}/lib:${expat}/lib:${flac}/lib:${libvorbis}/lib" opt/google/musicmanager/MusicManager
+  '';
+
+  dontPatchELF = true;
+  dontStrip    = true;
+
+  installPhase = ''
+    mkdir -p "$out"
+    cp -r opt "$out"
+    mkdir "$out/bin"
+    ln -s "$out/opt/google/musicmanager/google-musicmanager" "$out/bin"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Uploads music from your computer to Google Play";
+    homepage    = "https://support.google.com/googleplay/answer/1229970";
+    license     = licenses.unfree;
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.linux;
+  };
+}
diff --git a/pkgs/applications/audio/mixxx/default.nix b/pkgs/applications/audio/mixxx/default.nix
new file mode 100644
index 000000000000..b76eecc9e4ad
--- /dev/null
+++ b/pkgs/applications/audio/mixxx/default.nix
@@ -0,0 +1,51 @@
+{ stdenv, fetchurl, scons, pkgconfig, qt4, portaudio, portmidi, libusb1
+, libmad, protobuf, libvorbis, taglib, libid3tag, flac, libsndfile, libshout
+, fftw, vampSDK
+}:
+
+stdenv.mkDerivation rec {
+  name = "mixxx-${version}";
+  version = "1.11.0";
+
+  src = fetchurl {
+    url = "http://downloads.mixxx.org/${name}/${name}-src.tar.gz";
+    sha256 = "0c833gf4169xvpfn7car9vzvwfwl9d3xwmbfsy36cv8ydifip5h0";
+  };
+
+  buildInputs = [
+    scons pkgconfig qt4 portaudio portmidi libusb1 libmad protobuf libvorbis
+    taglib libid3tag flac libsndfile libshout fftw vampSDK
+  ];
+
+  sconsFlags = [
+    "build=release"
+    "qtdir=${qt4}"
+  ];
+
+  postPatch = ''
+    sed -i -e 's/"which /"type -P /' build/depends.py
+  '';
+
+  buildPhase = ''
+    runHook preBuild
+    ensureDir "$out"
+    scons \
+      -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
+      $sconsFlags "prefix=$out"
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    scons $sconsFlags "prefix=$out" install
+    runHook postInstall
+  '';
+
+  meta = {
+    homepage = "http://mixxx.org/";
+    description = "Digital DJ mixing software";
+    license = stdenv.lib.licenses.gpl2Plus;
+    maintainers = [ stdenv.lib.maintainers.aszlig ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/applications/audio/mopidy/default.nix b/pkgs/applications/audio/mopidy/default.nix
index e31798a101b9..611d9f4226dd 100644
--- a/pkgs/applications/audio/mopidy/default.nix
+++ b/pkgs/applications/audio/mopidy/default.nix
@@ -5,11 +5,11 @@
 pythonPackages.buildPythonPackage rec {
   name = "mopidy-${version}";
 
-  version = "0.14.2";
+  version = "0.15.0";
 
   src = fetchurl {
     url = "https://github.com/mopidy/mopidy/archive/v${version}.tar.gz";
-    sha256 = "0fqx7lk9g61d744b951cwx0szqbyji58dhw2ravnq9785nkhi7i4";
+    sha256 = "1fpnddcx6343wgxzh10s035w21g8jmfh2kzgx32w0xsshpra3gn1";
   };
 
   propagatedBuildInputs = with pythonPackages; [
@@ -39,5 +39,6 @@ pythonPackages.buildPythonPackage rec {
       local hard drive.
     '';
     maintainers = [ stdenv.lib.maintainers.rickynils ];
+    platforms = [];
   };
 }
diff --git a/pkgs/applications/audio/mopidy/git.nix b/pkgs/applications/audio/mopidy/git.nix
deleted file mode 100644
index 2b5e1627ac63..000000000000
--- a/pkgs/applications/audio/mopidy/git.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ stdenv, fetchgit, pythonPackages, pygobject, gst_python
-, gst_plugins_good, gst_plugins_base
-}:
-
-pythonPackages.buildPythonPackage rec {
-  name = "mopidy-${version}";
-
-  version = "git-20130226";
-
-  src = fetchgit {
-    url = "https://github.com/mopidy/mopidy.git";
-    rev = "86a7c2d7519680c6b9130795d35c4654958f4c04";
-    sha256 = "00fxcfkpl19nslv4f4bspzw0kvjjp6hhcwag7rknmb8scfinqfac";
-  };
-
-  propagatedBuildInputs = with pythonPackages; [
-   gst_python pygobject pykka pyspotify pylast cherrypy ws4py
-  ];
-
-  # python zip complains about old timestamps
-  preConfigure = ''
-    find -print0 | xargs -0 touch
-  '';
-
-  # There are no tests
-  doCheck = false;
-
-  postInstall = ''
-    for p in $out/bin/mopidy $out/bin/mopidy-scan; do
-      wrapProgram $p \
-        --prefix GST_PLUGIN_PATH : ${gst_plugins_good}/lib/gstreamer-0.10 \
-        --prefix GST_PLUGIN_PATH : ${gst_plugins_base}/lib/gstreamer-0.10
-    done
-  '';
-
-  meta = {
-    homepage = http://www.mopidy.com/;
-    description = ''
-      A music server which can play music from Spotify and from your
-      local hard drive.
-    '';
-    maintainers = [ stdenv.lib.maintainers.rickynils ];
-  };
-}
diff --git a/pkgs/applications/audio/mpc/default.nix b/pkgs/applications/audio/mpc/default.nix
new file mode 100755
index 000000000000..bd21550a64cf
--- /dev/null
+++ b/pkgs/applications/audio/mpc/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl, mpd_clientlib }:
+
+stdenv.mkDerivation rec {
+  version = "0.23";
+  name = "mpc-${version}";
+
+  src = fetchurl {
+    url = "http://www.musicpd.org/download/mpc/0/${name}.tar.bz2";
+    sha256 = "1ir96wfgq5qfdd2s06zfycv38g3bhn3bpndwx9hwf1w507rvifi9";
+  };
+	
+  buildInputs = [ mpd_clientlib ]; 
+  
+  preConfigure =
+    ''
+      export LIBMPDCLIENT_LIBS=${mpd_clientlib}/lib/libmpdclient.so.${mpd_clientlib.majorVersion}.0.${mpd_clientlib.minorVersion}
+      export LIBMPDCLIENT_CFLAGS=${mpd_clientlib}
+    '';
+
+  meta = {
+    description = "A minimalist command line interface to MPD";
+    homepage = http://www.musicpd.org/clients/mpc/;
+    license = "GPL2";
+    maintainers = [ stdenv.lib.maintainers.algorith ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
\ No newline at end of file
diff --git a/pkgs/applications/audio/quodlibet/default.nix b/pkgs/applications/audio/quodlibet/default.nix
index d9554d5f7249..9f4859d6e070 100644
--- a/pkgs/applications/audio/quodlibet/default.nix
+++ b/pkgs/applications/audio/quodlibet/default.nix
@@ -46,7 +46,7 @@ buildPythonPackage {
   '';
 
   meta = {
-    description = "Quod Libet is a GTK+-based audio player written in Python, using the Mutagen tagging library.";
+    description = "GTK+-based audio player written in Python, using the Mutagen tagging library";
 
     longDescription = ''
       Quod Libet is a GTK+-based audio player written in Python, using
diff --git a/pkgs/applications/audio/rubyripper/default.nix b/pkgs/applications/audio/rubyripper/default.nix
new file mode 100644
index 000000000000..36f1fc8312fb
--- /dev/null
+++ b/pkgs/applications/audio/rubyripper/default.nix
@@ -0,0 +1,16 @@
+{ stdenv, fetchurl, ruby, cdparanoia, makeWrapper }:
+stdenv.mkDerivation rec {
+  version = "0.6.2";
+  name = "rubyripper-${version}";
+  src = fetchurl {
+    url = "https://rubyripper.googlecode.com/files/rubyripper-${version}.tar.bz2";
+    sha256 = "1fwyk3y0f45l2vi3a481qd7drsy82ccqdb8g2flakv58m45q0yl1";
+  };
+  configureFlags = [ "--enable-cli" ];
+  buildInputs = [ ruby cdparanoia makeWrapper ];
+  postInstall = ''
+    wrapProgram "$out/bin/rrip_cli" \
+      --prefix PATH : "${ruby}/bin" \
+      --prefix PATH : "${cdparanoia}/bin"
+  '';
+}
diff --git a/pkgs/applications/audio/snd/default.nix b/pkgs/applications/audio/snd/default.nix
index fe32aca029bc..a49bfd9cccf4 100644
--- a/pkgs/applications/audio/snd/default.nix
+++ b/pkgs/applications/audio/snd/default.nix
@@ -51,7 +51,7 @@ rec {
 
   name = "snd-" + version;
   meta = {
-    description = "Snd sound editor.";
+    description = "Sound editor";
     homepage = http://ccrma.stanford.edu/software/snd;
     inherit src;
   };
diff --git a/pkgs/applications/audio/spotify/default.nix b/pkgs/applications/audio/spotify/default.nix
index f4d264c0d8f8..615ee6a93cc9 100644
--- a/pkgs/applications/audio/spotify/default.nix
+++ b/pkgs/applications/audio/spotify/default.nix
@@ -1,9 +1,11 @@
-{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf, libgcrypt, chromium, sqlite, gst_plugins_base, gstreamer }:
+{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype
+, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
+, libgcrypt, chromium, sqlite, gst_plugins_base, gstreamer, udev }:
 
 assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
 
 let
-  version = "0.9.1.55";
+  version = "0.9.4.183";
   qt4webkit =
     if stdenv.system == "i686-linux" then
       fetchurl {
@@ -25,13 +27,13 @@ stdenv.mkDerivation {
   src =
     if stdenv.system == "i686-linux" then
       fetchurl {
-        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.gbdd3b79.203-1_i386.deb";
-        sha256 = "1sls4gb85700126bbk4sz73ipa2rjcinmpnsi78q0bsdj365y2wc";
+        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.g644e24e.428-1_i386.deb";
+        sha256 = "1wl6v5x8vm74h5lxp8fhvmih8l122aadsf1qxvpk0k3y6mbx0ifa";
       }
     else if stdenv.system == "x86_64-linux" then
       fetchurl {
-        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.gbdd3b79.203-1_amd64.deb";
-        sha256 = "10pzj3p8bjbxh9nnm4qc5s1hn9nh7hgh3vbwm0xblj9rn71wl03y";
+        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.g644e24e.428-1_amd64.deb";
+        sha256 = "1yniln6iswrrrny01qr2w5zcvam0vnrvy9mwbnk9i14i2ch0f3fx";
       }
     else throw "Spotify not supported on this platform.";
 
@@ -57,12 +59,15 @@ stdenv.mkDerivation {
       ln -s ${nspr}/lib/libnspr4.so $out/lib/libnspr4.so.0d
       ln -s ${nspr}/lib/libplc4.so $out/lib/libplc4.so.0d
 
+      # Work around Spotify trying to open libudev.so.0 (which we don't have)
+      ln -s ${udev}/lib/libudev.so.1 $out/lib/libudev.so.0
+
       mkdir -p $out/bin
 
       ln -s $out/spotify-client/spotify $out/bin/spotify
       patchelf \
         --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
-        --set-rpath $out/lib:$out/spotify-client:${stdenv.lib.makeLibraryPath [ xlibs.libXScrnSaver xlibs.libX11 qt4 alsaLib stdenv.gcc.gcc freetype glib pango cairo atk gdk_pixbuf gtk GConf cups sqlite]}:${stdenv.gcc.gcc}/lib64 \
+        --set-rpath $out/spotify-client/Data:$out/lib:$out/spotify-client:${stdenv.lib.makeLibraryPath [ xlibs.libXScrnSaver xlibs.libX11 qt4 alsaLib stdenv.gcc.gcc freetype glib pango cairo atk gdk_pixbuf gtk GConf cups sqlite]}:${stdenv.gcc.gcc}/lib64 \
         $out/spotify-client/spotify
 
       dpkg-deb -x ${qt4webkit} ./
@@ -74,23 +79,20 @@ stdenv.mkDerivation {
       gcc -shared ${./preload.c} -o $preload -ldl -DOUT=\"$out\" -fPIC
 
       wrapProgram $out/bin/spotify --set LD_PRELOAD $preload --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath [ GConf libpng cups libgcrypt sqlite gst_plugins_base gstreamer]}:$out/lib"
+
+      # Desktop file
+      mkdir -p "$out/share/applications/"
+      cp "$out/spotify-client/spotify.desktop" "$out/share/applications/"
+      sed -i "s|Icon=.*|Icon=$out/spotify-client/Icons/spotify-linux-512.png|" "$out/share/applications/spotify.desktop"
     ''; # */
 
   dontStrip = true;
   dontPatchELF = true;
 
   meta = {
-    homepage = https://www.spotify.com/download/previews/;
+    homepage = https://www.spotify.com/;
     description = "Spotify for Linux allows you to play music from the Spotify music service";
     license = "unfree";
     maintainers = [ stdenv.lib.maintainers.eelco ];
-
-    longDescription =
-      ''
-        Spotify is a digital music streaming service.  This package
-        provides the Spotify client for Linux.  At present, it does not
-        work with free Spotify accounts; it requires a Premium or
-        Unlimited account.
-      '';
   };
 }
diff --git a/pkgs/applications/display-managers/slim/default.nix b/pkgs/applications/display-managers/slim/default.nix
index 9d5c728de262..0b5bcccfb21a 100644
--- a/pkgs/applications/display-managers/slim/default.nix
+++ b/pkgs/applications/display-managers/slim/default.nix
@@ -1,29 +1,37 @@
-{ stdenv, fetchurl, cmake, pkgconfig, x11, libjpeg, libpng, libXmu
+{ stdenv, fetchurl, cmake, pkgconfig, xorg, libjpeg, libpng
 , fontconfig, freetype, pam, dbus_libs }:
 
 stdenv.mkDerivation rec {
-  name = "slim-1.3.4";
+  name = "slim-1.3.6";
 
   src = fetchurl {
     url = "http://download.berlios.de/slim/${name}.tar.gz";
-    sha256 = "00fmrg2v41jnqhx0yc1kv97xxh5gai18n0i4as9g1fcq1i32cp0m";
+    sha256 = "1pqhk22jb4aja4hkrm7rjgbgzjyh7i4zswdgf5nw862l2znzxpi1";
   };
 
-  patches = [
-    # Allow the paths of the configuration file and theme directory to
-    # be set at runtime.
-    ./runtime-paths.patch
-  ];
+  patches =
+    [ # Allow the paths of the configuration file and theme directory to
+      # be set at runtime.
+      ./runtime-paths.patch
 
-  buildInputs =
-    [ cmake pkgconfig x11 libjpeg libpng libXmu fontconfig freetype
-      pam dbus_libs
+      # Exit after the user's session has finished.  This works around
+      # slim's broken PAM session handling (see
+      # http://developer.berlios.de/bugs/?func=detailbug&bug_id=19102&group_id=2663).
+      ./run-once.patch
     ];
 
-  preConfigure = "substituteInPlace CMakeLists.txt --replace /etc $out/etc";
+  preConfigure = "substituteInPlace CMakeLists.txt --replace /etc $out/etc --replace /lib $out/lib";
 
   cmakeFlags = [ "-DUSE_PAM=1" ];
 
+  enableParallelBuilding = true;
+
+  buildInputs =
+    [ cmake pkgconfig libjpeg libpng fontconfig freetype
+      pam dbus_libs
+      xorg.libX11 xorg.libXext xorg.libXrandr xorg.libXrender xorg.libXmu xorg.libXft
+    ];
+
   NIX_CFLAGS_LINK = "-lXmu";
 
   meta = {
diff --git a/pkgs/applications/display-managers/slim/run-once.patch b/pkgs/applications/display-managers/slim/run-once.patch
new file mode 100644
index 000000000000..78f1454a883e
--- /dev/null
+++ b/pkgs/applications/display-managers/slim/run-once.patch
@@ -0,0 +1,12 @@
+diff -ru -x '*~' slim-1.3.6-orig/app.cpp slim-1.3.6/app.cpp
+--- slim-1.3.6-orig/app.cpp	2013-10-15 11:02:55.629263422 +0200
++++ slim-1.3.6/app.cpp	2013-10-15 13:00:10.141210784 +0200
+@@ -816,7 +822,7 @@
+ 	StopServer();
+ 	RemoveLock();
+ 	while (waitpid(-1, NULL, WNOHANG) > 0); /* Collects all dead childrens */
+-	Run();
++	exit(OK_EXIT);
+ }
+ 
+ void App::KillAllClients(Bool top) {
diff --git a/pkgs/applications/display-managers/slim/runtime-paths.patch b/pkgs/applications/display-managers/slim/runtime-paths.patch
index b59b32f31114..f6811dbe6682 100644
--- a/pkgs/applications/display-managers/slim/runtime-paths.patch
+++ b/pkgs/applications/display-managers/slim/runtime-paths.patch
@@ -1,41 +1,25 @@
-diff -rc slim-1.2.6-orig/app.cpp slim-1.2.6/app.cpp
-*** slim-1.2.6-orig/app.cpp	Fri Sep 15 23:00:37 2006
---- slim-1.2.6/app.cpp	Sun Feb 25 17:30:50 2007
-***************
-*** 113,119 ****
-  
-      // Read configuration and theme
-      cfg = new Cfg;
-!     cfg->readConf(CFGFILE);
-      string themebase = "";
-      string themefile = "";
-      string themedir = "";
---- 113,121 ----
-  
-      // Read configuration and theme
-      cfg = new Cfg;
-!     char *cfgfile = getenv("SLIM_CFGFILE");
-!     if (!cfgfile) cfgfile = CFGFILE;
-!     cfg->readConf(cfgfile);
-      string themebase = "";
-      string themefile = "";
-      string themedir = "";
-***************
-*** 121,127 ****
-      if (testing) {
-          themeName = testtheme;
-      } else {
-!         themebase = string(THEMESDIR) + "/";
-          themeName = cfg->getOption("current_theme");
-          string::size_type pos;
-          if ((pos = themeName.find(",")) != string::npos) {
---- 123,131 ----
-      if (testing) {
-          themeName = testtheme;
-      } else {
-!         char *themesdir = getenv("SLIM_THEMESDIR");
-!         if (!themesdir) themesdir = THEMESDIR;
-!         themebase = string(themesdir) + "/";
-          themeName = cfg->getOption("current_theme");
-          string::size_type pos;
-          if ((pos = themeName.find(",")) != string::npos) {
+diff -ru -x '*~' slim-1.3.6-orig/app.cpp slim-1.3.6/app.cpp
+--- slim-1.3.6-orig/app.cpp	2013-10-02 00:38:05.000000000 +0200
++++ slim-1.3.6/app.cpp	2013-10-15 11:02:55.629263422 +0200
+@@ -200,7 +200,9 @@
+ 
+ 	/* Read configuration and theme */
+ 	cfg = new Cfg;
+-	cfg->readConf(CFGFILE);
++	char *cfgfile = getenv("SLIM_CFGFILE");
++	if (!cfgfile) cfgfile = CFGFILE;
++	cfg->readConf(cfgfile);
+ 	string themebase = "";
+ 	string themefile = "";
+ 	string themedir = "";
+@@ -208,7 +210,9 @@
+ 	if (testing) {
+ 		themeName = testtheme;
+ 	} else {
+-		themebase = string(THEMESDIR) + "/";
++		char *themesdir = getenv("SLIM_THEMESDIR");
++		if (!themesdir) themesdir = THEMESDIR;
++		themebase = string(themesdir) + "/";
+ 		themeName = cfg->getOption("current_theme");
+ 		string::size_type pos;
+ 		if ((pos = themeName.find(",")) != string::npos) {
diff --git a/pkgs/applications/editors/aseprite/default.nix b/pkgs/applications/editors/aseprite/default.nix
new file mode 100644
index 000000000000..43180bd04e31
--- /dev/null
+++ b/pkgs/applications/editors/aseprite/default.nix
@@ -0,0 +1,48 @@
+{ stdenv, fetchurl, cmake, pkgconfig
+, giflib, libjpeg, zlib, libpng, tinyxml, allegro
+, libX11, libXext, libXcursor, libXpm, libXxf86vm, libXxf86dga
+}:
+
+stdenv.mkDerivation rec {
+  name = "aseprite-0.9.5";
+
+  src = fetchurl {
+    url = "http://aseprite.googlecode.com/files/${name}.tar.xz";
+    sha256 = "0m7i6ybj2bym4w9rybacnnaaq2jjn76vlpbp932xcclakl6kdq41";
+  };
+
+  buildInputs = [
+    cmake pkgconfig
+    giflib libjpeg zlib libpng tinyxml allegro
+    libX11 libXext libXcursor libXpm libXxf86vm libXxf86dga
+  ];
+
+  patchPhase = ''
+    sed -i '/^find_unittests/d' src/CMakeLists.txt
+    sed -i '/include_directories(.*third_party\/gtest.*)/d' src/CMakeLists.txt
+    sed -i '/add_subdirectory(gtest)/d' third_party/CMakeLists.txt
+    sed -i 's/png_\(sizeof\)/\1/g' src/file/png_format.cpp
+  '';
+
+  cmakeFlags = ''
+    -DUSE_SHARED_GIFLIB=ON
+    -DUSE_SHARED_JPEGLIB=ON
+    -DUSE_SHARED_ZLIB=ON
+    -DUSE_SHARED_LIBPNG=ON
+    -DUSE_SHARED_LIBLOADPNG=ON
+    -DUSE_SHARED_TINYXML=ON
+    -DUSE_SHARED_GTEST=ON
+    -DUSE_SHARED_ALLEGRO4=ON
+    -DENABLE_UPDATER=OFF
+  '';
+
+  NIX_LDFLAGS = "-lX11";
+
+  meta = {
+    description = "Animated sprite editor & pixel art tool";
+    homepage = "http://www.aseprite.org/";
+    license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [iyzsong];
+  };
+}
diff --git a/pkgs/applications/editors/eclipse/default.nix b/pkgs/applications/editors/eclipse/default.nix
index 21dad42ea46d..fe3c74249072 100644
--- a/pkgs/applications/editors/eclipse/default.nix
+++ b/pkgs/applications/editors/eclipse/default.nix
@@ -32,8 +32,9 @@ let
 
         # Patch binaries.
         interpreter=$(echo ${stdenv.glibc}/lib/ld-linux*.so.2)
+        libCairo=$out/eclipse/libcairo-swt.so
         patchelf --set-interpreter $interpreter $out/eclipse/eclipse
-        patchelf --set-rpath ${freetype}/lib:${fontconfig}/lib:${libX11}/lib:${libXrender}/lib:${zlib}/lib $out/eclipse/libcairo-swt.so
+        [ -f $libCairo ] && patchelf --set-rpath ${freetype}/lib:${fontconfig}/lib:${libX11}/lib:${libXrender}/lib:${zlib}/lib $libCairo
 
         # Create wrapper script.  Pass -configuration to store
         # settings in ~/.eclipse/org.eclipse.platform_<version> rather
@@ -205,4 +206,20 @@ in {
         };
     };
   };
+
+  eclipse_sdk_431 = buildEclipse {
+    name = "eclipse-sdk-4.3.1";
+    description = "Eclipse Classic";
+    sources = {
+      "x86_64-linux" = fetchurl {
+          url = http://download.eclipse.org/eclipse/downloads/drops4/R-4.3.1-201309111000/eclipse-SDK-4.3.1-linux-gtk-x86_64.tar.gz;
+          sha256 = "0ncm56ylwxw9z8rk8ccgva68c2yr9yrf1kcr1zkgw6p87xh1yczd";
+        };
+      "i686-linux" = fetchurl {
+          url = http://download.eclipse.org/eclipse/downloads/drops4/R-4.3.1-201309111000/eclipse-SDK-4.3.1-linux-gtk.tar.gz;
+          sha256 = "1zxsh838khny7mvl01h28xna6xdh01yi4mvls28zj22v0340lgsg";
+        };
+    };
+  };
+
 }
diff --git a/pkgs/applications/editors/emacs-24/default.nix b/pkgs/applications/editors/emacs-24/default.nix
index bdb7c2a565a7..18e263dae67e 100644
--- a/pkgs/applications/editors/emacs-24/default.nix
+++ b/pkgs/applications/editors/emacs-24/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchurl, ncurses, x11, libXaw, libXpm, Xaw3d
 , pkgconfig, gtk, libXft, dbus, libpng, libjpeg, libungif
 , libtiff, librsvg, texinfo, gconf, libxml2, imagemagick, gnutls
-, alsaLib
+, alsaLib, cairo
 , withX ? true
 }:
 
@@ -14,41 +14,52 @@ stdenv.mkDerivation rec {
   builder = ./builder.sh;
 
   src = fetchurl {
-    url = "mirror://gnu/emacs/${name}.tar.xz";
+    url    = "mirror://gnu/emacs/${name}.tar.xz";
     sha256 = "1385qzs3bsa52s5rcncbrkxlydkw0ajzrvfxgv8rws5fx512kakh";
   };
 
   buildInputs =
     [ ncurses gconf libxml2 gnutls alsaLib pkgconfig texinfo ]
     ++ stdenv.lib.optional stdenv.isLinux dbus
-    ++ stdenv.lib.optionals withX [
-         x11 libXaw Xaw3d libXpm libpng libjpeg libungif
-         libtiff librsvg libXft imagemagick gtk
-       ];
+    ++ stdenv.lib.optionals withX
+      [ x11 libXaw Xaw3d libXpm libpng libjpeg libungif libtiff librsvg libXft
+        imagemagick gtk ]
+    ++ stdenv.lib.optional stdenv.isDarwin cairo;
 
   configureFlags =
-    (if withX then 
-      [ "--with-x-toolkit=gtk" "--with-xft"]
-    else
-      [ "--with-x=no --with-xpm=no --with-jpeg=no --with-png=no --with-gif=no --with-tiff=no" ])
+    ( if withX then 
+        [ "--with-x-toolkit=gtk" "--with-xft"]
+      else
+        [ "--with-x=no" "--with-xpm=no" "--with-jpeg=no" "--with-png=no"
+          "--with-gif=no" "--with-tiff=no" ] )
     # On NixOS, help Emacs find `crt*.o'.
     ++ stdenv.lib.optional (stdenv ? glibc)
          [ "--with-crt-dir=${stdenv.glibc}/lib" ];
 
+  NIX_CFLAGS_COMPILE = stdenv.lib.optionalString (stdenv.isDarwin && withX)
+    "-I${cairo}/include/cairo";
+
   postInstall = ''
     cat >$out/share/emacs/site-lisp/site-start.el <<EOF
-;; nixos specific load-path
-(when (getenv "NIX_PROFILES") (setq load-path
-                      (append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
-                                               (split-string (getenv "NIX_PROFILES"))))
-                       load-path)))
-EOF
+    ;; nixos specific load-path
+    (when (getenv "NIX_PROFILES") (setq load-path
+                          (append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
+                                                   (split-string (getenv "NIX_PROFILES"))))
+                           load-path)))
+        
+    ;; make tramp work for NixOS machines
+    (eval-after-load 'tramp '(add-to-list 'tramp-remote-path "/run/current-system/sw/bin"))
+    EOF
   '';
 
   doCheck = true;
 
   meta = with stdenv.lib; {
     description = "GNU Emacs 24, the extensible, customizable text editor";
+    homepage    = http://www.gnu.org/software/emacs/;
+    license     = licenses.gpl3Plus;
+    maintainers = with maintainers; [ chaoflow lovek323 simons the-kenny ];
+    platforms   = platforms.all;
 
     longDescription = ''
       GNU Emacs is an extensible, customizable text editor—and more.  At its
@@ -66,11 +77,5 @@ EOF
       extensions are distributed with GNU Emacs; others are available
       separately.
     '';
-
-    homepage = "http://www.gnu.org/software/emacs/";
-    license = "GPLv3+";
-
-    maintainers = with maintainers; [ chaoflow lovek323 simons the-kenny ];
-    platforms = platforms.all;
   };
 }
diff --git a/pkgs/applications/editors/emacs-modes/coffee/default.nix b/pkgs/applications/editors/emacs-modes/coffee/default.nix
index c40b3d4cd650..a0ba61431655 100644
--- a/pkgs/applications/editors/emacs-modes/coffee/default.nix
+++ b/pkgs/applications/editors/emacs-modes/coffee/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "An Emacs major mode for CoffeeScript, unfancy JavaScript.";
+    description = "Emacs major mode for CoffeeScript, unfancy JavaScript";
     homepage = https://github.com/defunkt/coffee-mode;
     license = "GPLv2+";
 
diff --git a/pkgs/applications/editors/emacs-modes/color-theme/default.nix b/pkgs/applications/editors/emacs-modes/color-theme/default.nix
index 327e11bf0862..bad277d61ce3 100644
--- a/pkgs/applications/editors/emacs-modes/color-theme/default.nix
+++ b/pkgs/applications/editors/emacs-modes/color-theme/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
   installTargets = "install-bin";
 
   meta = {
-    description = "An emacs-lisp mode for skinning your emacs.";
+    description = "Emacs-lisp mode for skinning your Emacs";
     homepage = http://www.nongnu.org/color-theme;
     license = "GPLv2+";
 
diff --git a/pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix b/pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix
index 0a26e8fd43df..4b2692a5e22a 100644
--- a/pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix
+++ b/pkgs/applications/editors/emacs-modes/flymake-cursor/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Displays flymake error msg in minibuffer after delay.";
+    description = "Displays flymake error msg in minibuffer after delay";
     homepage = http://www.emacswiki.org/emacs/flymake-cursor.el;
     license = stdenv.lib.licenses.publicDomain;
 
diff --git a/pkgs/applications/editors/emacs-modes/htmlize/default.nix b/pkgs/applications/editors/emacs-modes/htmlize/default.nix
index d4c428e5a1e5..96cc4e040c4f 100644
--- a/pkgs/applications/editors/emacs-modes/htmlize/default.nix
+++ b/pkgs/applications/editors/emacs-modes/htmlize/default.nix
@@ -11,6 +11,6 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Convert buffer text and decorations to HTML.";
+    description = "Convert buffer text and decorations to HTML";
   };
 }
diff --git a/pkgs/applications/editors/emacs-modes/jade/default.nix b/pkgs/applications/editors/emacs-modes/jade/default.nix
index 0c99ceaca22b..ab0e3512ef28 100644
--- a/pkgs/applications/editors/emacs-modes/jade/default.nix
+++ b/pkgs/applications/editors/emacs-modes/jade/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "Emacs major mode for jade and stylus.";
+    description = "Emacs major mode for jade and stylus";
     homepage = https://github.com/brianc/jade-mode;
     license = "GPLv2+";
 
diff --git a/pkgs/applications/editors/emacs-modes/lorem-ipsum/default.nix b/pkgs/applications/editors/emacs-modes/lorem-ipsum/default.nix
index 94427537003b..72086e54fece 100644
--- a/pkgs/applications/editors/emacs-modes/lorem-ipsum/default.nix
+++ b/pkgs/applications/editors/emacs-modes/lorem-ipsum/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Insert dummy pseudo Latin text for emacs.";
+    description = "Insert dummy pseudo Latin text for Emacs";
     homepage = http://www.emacswiki.org/emacs/LoremIpsum;
     license = "GPLv2+";
 
diff --git a/pkgs/applications/editors/emacs-modes/org/default.nix b/pkgs/applications/editors/emacs-modes/org/default.nix
index 51263a6aa0e2..ad2bd2f0ba6a 100644
--- a/pkgs/applications/editors/emacs-modes/org/default.nix
+++ b/pkgs/applications/editors/emacs-modes/org/default.nix
@@ -1,11 +1,11 @@
 { fetchurl, stdenv, emacs, texinfo, which, texLive }:
 
 stdenv.mkDerivation rec {
-  name = "org-7.9.1";
+  name = "org-8.2.1";
 
   src = fetchurl {
     url = "http://orgmode.org/${name}.tar.gz";
-    sha256 = "0kz1dnzfpmmslwal150z9rxrnddjpaw2glx26qihpxzs0zzpw201";
+    sha256 = "625e2b6786158bcf6c43194075f7638ab8048c68a60025289a051c407e467823";
   };
 
   buildInputs = [ emacs ];
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   configurePhase =
     '' sed -i mk/default.mk \
-           -e "s|^prefix\t=.*$|prefix=$out|g"
+           -e "s|^prefix\t=.*$|prefix=$out/share|g"
     '';
 
   postBuild =
diff --git a/pkgs/applications/editors/emacs-modes/org2blog/default.nix b/pkgs/applications/editors/emacs-modes/org2blog/default.nix
index c8c538c5cb7c..e72560be8f44 100644
--- a/pkgs/applications/editors/emacs-modes/org2blog/default.nix
+++ b/pkgs/applications/editors/emacs-modes/org2blog/default.nix
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "A tool to publish directly from Emacs’ org-mode to WordPress blogs.";
+    description = "Publish directly from Emacs’ org-mode to WordPress blogs";
     homepage = https://github.com/punchagan/org2blog;
     license = "GPLv3+";
 
diff --git a/pkgs/applications/editors/emacs-modes/rect-mark/default.nix b/pkgs/applications/editors/emacs-modes/rect-mark/default.nix
index ac01e02b4334..896dbdac71be 100644
--- a/pkgs/applications/editors/emacs-modes/rect-mark/default.nix
+++ b/pkgs/applications/editors/emacs-modes/rect-mark/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Mark a rectangle of text with highlighting.";
+    description = "Mark a rectangle of text with highlighting";
     homepage = http://emacswiki.org/emacs/RectangleMark;
     license = "GPLv2+";
 
diff --git a/pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix b/pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix
index a253e25cad45..e942189714ea 100644
--- a/pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix
+++ b/pkgs/applications/editors/emacs-modes/sunrise-commander/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Two-pane file manager for Emacs based on Dired and inspired by MC.";
+    description = "Two-pane file manager for Emacs based on Dired and inspired by MC";
     homepage = http://www.emacswiki.org/emacs/Sunrise_Commander;
     license = "GPLv3+";
 
diff --git a/pkgs/applications/editors/emacs-modes/xml-rpc/default.nix b/pkgs/applications/editors/emacs-modes/xml-rpc/default.nix
index 87a732b5b4ca..cee0f0ca5534 100644
--- a/pkgs/applications/editors/emacs-modes/xml-rpc/default.nix
+++ b/pkgs/applications/editors/emacs-modes/xml-rpc/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "An elisp implementation of clientside XML-RPC.";
+    description = "Elisp implementation of clientside XML-RPC";
     homepage = https://launchpad.net/xml-rpc-el;
     license = "GPLv3+";
 
diff --git a/pkgs/applications/editors/flpsed/default.nix b/pkgs/applications/editors/flpsed/default.nix
index ca481f1081d3..15605218b741 100644
--- a/pkgs/applications/editors/flpsed/default.nix
+++ b/pkgs/applications/editors/flpsed/default.nix
@@ -11,10 +11,9 @@ stdenv.mkDerivation {
   buildInputs = [ fltk13 ghostscript ];
 
   meta = {
-    description = "A WYSIWYG PostScript annotator.";
+    description = "WYSIWYG PostScript annotator";
     homepage = "http://http://flpsed.org/flpsed.html";
     license = "GPLv3";
-    platforms = stdenv.lib.platforms.all;
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
-
 }
diff --git a/pkgs/applications/editors/geany/default.nix b/pkgs/applications/editors/geany/default.nix
index 6d43cc279975..e7c8e276d27b 100644
--- a/pkgs/applications/editors/geany/default.nix
+++ b/pkgs/applications/editors/geany/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   postInstall = "rm $out/share/icons/hicolor/icon-theme.cache";
 
   meta = {
-    description = "A GTK2 small and ligthweight IDE.";
+    description = "Small and lightweight IDE";
     longDescription = ''
       Geany is a small and lightweight Integrated Development Environment.
       It was developed to provide a small and fast IDE, which has only a few dependencies from other packages.
diff --git a/pkgs/applications/editors/mg/default.nix b/pkgs/applications/editors/mg/default.nix
index ce69b5c0b5ae..058a54c45a71 100644
--- a/pkgs/applications/editors/mg/default.nix
+++ b/pkgs/applications/editors/mg/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://homepage.boetes.org/software/mg/;
-    description = "mg is Micro GNU/emacs, this is a portable version of the mg maintained by the OpenBSD team.";
+    description = "mg is Micro GNU/emacs, this is a portable version of the mg maintained by the OpenBSD team";
     license = "public domain";
     platforms = stdenv.lib.platforms.all;
   };
diff --git a/pkgs/applications/editors/sublime/default.nix b/pkgs/applications/editors/sublime/default.nix
index 6aa0b34314ac..cfa44d9285cc 100644
--- a/pkgs/applications/editors/sublime/default.nix
+++ b/pkgs/applications/editors/sublime/default.nix
@@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Sublime Text is a sophisticated text editor for code, markup and prose.";
+    description = "Sophisticated text editor for code, markup and prose";
     license = "unfree";
   };
 }
diff --git a/pkgs/applications/editors/vim/configurable.nix b/pkgs/applications/editors/vim/configurable.nix
index b3992dfec304..789ddcc10395 100644
--- a/pkgs/applications/editors/vim/configurable.nix
+++ b/pkgs/applications/editors/vim/configurable.nix
@@ -11,7 +11,7 @@ composableDerivation {
                    else stdenv ).mkDerivation;
 } (fix: {
 
-    name = "vim_configurable-7.4";
+    name = "vim_configurable-7.4.23";
 
     enableParallelBuilding = true; # test this
 
@@ -38,8 +38,10 @@ composableDerivation {
     preConfigure
       = stdenv.lib.optionalString
         (stdenv.isDarwin && (config.vim.darwin or true)) ''
-          sed -i "5387,5390d" src/auto/configure
-          sed -i "5394d" src/auto/configure
+          # TODO: we should find a better way of doing this as, if the configure
+          # file changes, we need to change these line numbers
+          sed -i "5641,5644d" src/auto/configure
+          sed -i "5648d" src/auto/configure
         '';
 
     configureFlags
@@ -49,10 +51,26 @@ composableDerivation {
       = [ ncurses pkgconfig gtk libX11 libXext libSM libXpm libXt libXaw libXau
           libXmu glib libICE ];
 
+    prePatch = "cd src";
+    
+    patches =
+      [ ./patches/7.4.001 ./patches/7.4.002 ./patches/7.4.003 ./patches/7.4.004
+        ./patches/7.4.005 ./patches/7.4.006 ./patches/7.4.007 ./patches/7.4.008
+        ./patches/7.4.009 ./patches/7.4.010 ./patches/7.4.011 ./patches/7.4.012
+        ./patches/7.4.013 ./patches/7.4.014 ./patches/7.4.015 ./patches/7.4.016
+        ./patches/7.4.017 ./patches/7.4.018 ./patches/7.4.019 ./patches/7.4.020
+        ./patches/7.4.021 ./patches/7.4.022 ./patches/7.4.023 ];
+
     # most interpreters aren't tested yet.. (see python for example how to do it)
     flags = {
         ftNix = {
-          patches = [ ./ft-nix-support.patch ];
+          # because we cd to src in the main patch phase, we can't just add this
+          # patch to the list, we have to apply it manually
+          postPatch = ''
+            cd ../runtime
+            patch -p2 < ${./ft-nix-support.patch}
+            cd ..
+          '';
         };
       }
       // edf { name = "darwin"; } #Disable Darwin (Mac OS X) support.
@@ -131,10 +149,11 @@ composableDerivation {
 
   dontStrip = 1;
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "The most popular clone of the VI editor";
-    homepage    = "www.vim.org";
-    platforms   = lib.platforms.unix;
+    homepage    = http://www.vim.org;
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.unix;
   };
 })
 
diff --git a/pkgs/applications/editors/vim/default.nix b/pkgs/applications/editors/vim/default.nix
index 2a2b3dd6be4f..a2672b5c0d67 100644
--- a/pkgs/applications/editors/vim/default.nix
+++ b/pkgs/applications/editors/vim/default.nix
@@ -1,10 +1,11 @@
 { stdenv, fetchurl, ncurses, gettext, pkgconfig }:
 
 stdenv.mkDerivation rec {
-  name = "vim-7.4";
+  patchLevel = "23";
+  name       = "vim-7.4.${patchLevel}";
  
   src = fetchurl {
-    url = "ftp://ftp.vim.org/pub/vim/unix/${name}.tar.bz2";
+    url    = "ftp://ftp.vim.org/pub/vim/unix/${name}.tar.bz2";
     sha256 = "1pjaffap91l2rb9pjnlbrpvb3ay5yhhr3g91zabjvw1rqk9adxfh";
   };
 
@@ -39,10 +40,20 @@ stdenv.mkDerivation rec {
   # To fix the trouble in vim73, that it cannot cross-build with this patch
   # to bypass a configure script check that cannot be done cross-building.
   # http://groups.google.com/group/vim_dev/browse_thread/thread/66c02efd1523554b?pli=1
-  patchPhase = ''
-    sed -i -e 's/as_fn_error.*int32.*/:/' src/auto/configure
-  '';
+  # patchPhase = ''
+  #   sed -i -e 's/as_fn_error.*int32.*/:/' src/auto/configure
+  # '';
+
+  prePatch = "cd src";
   
+  patches =
+    [ ./patches/7.4.001 ./patches/7.4.002 ./patches/7.4.003 ./patches/7.4.004
+      ./patches/7.4.005 ./patches/7.4.006 ./patches/7.4.007 ./patches/7.4.008
+      ./patches/7.4.009 ./patches/7.4.010 ./patches/7.4.011 ./patches/7.4.012
+      ./patches/7.4.013 ./patches/7.4.014 ./patches/7.4.015 ./patches/7.4.016
+      ./patches/7.4.017 ./patches/7.4.018 ./patches/7.4.019 ./patches/7.4.020
+      ./patches/7.4.021 ./patches/7.4.022 ./patches/7.4.023 ];
+
   meta = with stdenv.lib; {
     description = "The most popular clone of the VI editor";
     homepage    = http://www.vim.org;
diff --git a/pkgs/applications/editors/vim/patches/7.4.001 b/pkgs/applications/editors/vim/patches/7.4.001
new file mode 100644
index 000000000000..5788972a569d
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.001
@@ -0,0 +1,489 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.001
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.001
+Problem:    Character classes such as [a-z] to not react to 'ignorecase'.
+	    Breaks man page highlighting. (Mario Grgic)
+Solution:   Add separate items for classes that react to 'ignorecase'.  Clean
+	    up logic handling character classes.  Add more tests.
+Files:	    src/regexp_nfa.c, src/testdir/test64.in, src/testdir/test64.ok
+
+
+*** ../vim-7.4.000/src/regexp_nfa.c	2013-08-01 18:27:51.000000000 +0200
+--- src/regexp_nfa.c	2013-08-14 11:49:50.000000000 +0200
+***************
+*** 29,34 ****
+--- 29,37 ----
+  # define NFA_REGEXP_DEBUG_LOG	"nfa_regexp_debug.log"
+  #endif
+  
++ /* Added to NFA_ANY - NFA_NUPPER_IC to include a NL. */
++ #define NFA_ADD_NL		31
++ 
+  enum
+  {
+      NFA_SPLIT = -1024,
+***************
+*** 183,188 ****
+--- 186,198 ----
+      NFA_NLOWER,		/*	Match non-lowercase char */
+      NFA_UPPER,		/*	Match uppercase char */
+      NFA_NUPPER,		/*	Match non-uppercase char */
++     NFA_LOWER_IC,	/*	Match [a-z] */
++     NFA_NLOWER_IC,	/*	Match [^a-z] */
++     NFA_UPPER_IC,	/*	Match [A-Z] */
++     NFA_NUPPER_IC,	/*	Match [^A-Z] */
++ 
++     NFA_FIRST_NL = NFA_ANY + NFA_ADD_NL,
++     NFA_LAST_NL = NFA_NUPPER_IC + NFA_ADD_NL,
+  
+      NFA_CURSOR,		/*	Match cursor pos */
+      NFA_LNUM,		/*	Match line number */
+***************
+*** 199,207 ****
+      NFA_MARK_LT,	/*	Match < mark */
+      NFA_VISUAL,		/*	Match Visual area */
+  
+-     NFA_FIRST_NL = NFA_ANY + ADD_NL,
+-     NFA_LAST_NL = NFA_NUPPER + ADD_NL,
+- 
+      /* Character classes [:alnum:] etc */
+      NFA_CLASS_ALNUM,
+      NFA_CLASS_ALPHA,
+--- 209,214 ----
+***************
+*** 578,583 ****
+--- 585,592 ----
+   * On failure, return 0 (=FAIL)
+   * Start points to the first char of the range, while end should point
+   * to the closing brace.
++  * Keep in mind that 'ignorecase' applies at execution time, thus [a-z] may
++  * need to be interpreted as [a-zA-Z].
+   */
+      static int
+  nfa_recognize_char_class(start, end, extra_newl)
+***************
+*** 681,687 ****
+  	return FAIL;
+  
+      if (newl == TRUE)
+! 	extra_newl = ADD_NL;
+  
+      switch (config)
+      {
+--- 690,696 ----
+  	return FAIL;
+  
+      if (newl == TRUE)
+! 	extra_newl = NFA_ADD_NL;
+  
+      switch (config)
+      {
+***************
+*** 710,722 ****
+  	case CLASS_not | CLASS_az | CLASS_AZ:
+  	    return extra_newl + NFA_NALPHA;
+  	case CLASS_az:
+! 	   return extra_newl + NFA_LOWER;
+  	case CLASS_not | CLASS_az:
+! 	    return extra_newl + NFA_NLOWER;
+  	case CLASS_AZ:
+! 	    return extra_newl + NFA_UPPER;
+  	case CLASS_not | CLASS_AZ:
+! 	    return extra_newl + NFA_NUPPER;
+      }
+      return FAIL;
+  }
+--- 719,731 ----
+  	case CLASS_not | CLASS_az | CLASS_AZ:
+  	    return extra_newl + NFA_NALPHA;
+  	case CLASS_az:
+! 	   return extra_newl + NFA_LOWER_IC;
+  	case CLASS_not | CLASS_az:
+! 	    return extra_newl + NFA_NLOWER_IC;
+  	case CLASS_AZ:
+! 	    return extra_newl + NFA_UPPER_IC;
+  	case CLASS_not | CLASS_AZ:
+! 	    return extra_newl + NFA_NUPPER_IC;
+      }
+      return FAIL;
+  }
+***************
+*** 914,920 ****
+  		break;
+  	    }
+  
+! 	    extra = ADD_NL;
+  
+  	    /* "\_[" is collection plus newline */
+  	    if (c == '[')
+--- 923,929 ----
+  		break;
+  	    }
+  
+! 	    extra = NFA_ADD_NL;
+  
+  	    /* "\_[" is collection plus newline */
+  	    if (c == '[')
+***************
+*** 970,976 ****
+  	    }
+  #endif
+  	    EMIT(nfa_classcodes[p - classchars]);
+! 	    if (extra == ADD_NL)
+  	    {
+  		EMIT(NFA_NEWL);
+  		EMIT(NFA_OR);
+--- 979,985 ----
+  	    }
+  #endif
+  	    EMIT(nfa_classcodes[p - classchars]);
+! 	    if (extra == NFA_ADD_NL)
+  	    {
+  		EMIT(NFA_NEWL);
+  		EMIT(NFA_OR);
+***************
+*** 1240,1260 ****
+  	    {
+  		/*
+  		 * Try to reverse engineer character classes. For example,
+! 		 * recognize that [0-9] stands for  \d and [A-Za-z_] with \h,
+  		 * and perform the necessary substitutions in the NFA.
+  		 */
+  		result = nfa_recognize_char_class(regparse, endp,
+! 							    extra == ADD_NL);
+  		if (result != FAIL)
+  		{
+! 		    if (result >= NFA_DIGIT && result <= NFA_NUPPER)
+! 			EMIT(result);
+! 		    else	/* must be char class + newline */
+  		    {
+! 			EMIT(result - ADD_NL);
+  			EMIT(NFA_NEWL);
+  			EMIT(NFA_OR);
+  		    }
+  		    regparse = endp;
+  		    mb_ptr_adv(regparse);
+  		    return OK;
+--- 1249,1269 ----
+  	    {
+  		/*
+  		 * Try to reverse engineer character classes. For example,
+! 		 * recognize that [0-9] stands for \d and [A-Za-z_] for \h,
+  		 * and perform the necessary substitutions in the NFA.
+  		 */
+  		result = nfa_recognize_char_class(regparse, endp,
+! 							 extra == NFA_ADD_NL);
+  		if (result != FAIL)
+  		{
+! 		    if (result >= NFA_FIRST_NL && result <= NFA_LAST_NL)
+  		    {
+! 			EMIT(result - NFA_ADD_NL);
+  			EMIT(NFA_NEWL);
+  			EMIT(NFA_OR);
+  		    }
++ 		    else
++ 			EMIT(result);
+  		    regparse = endp;
+  		    mb_ptr_adv(regparse);
+  		    return OK;
+***************
+*** 1504,1510 ****
+  			     * collection, add an OR below. But not for negated
+  			     * range. */
+  			    if (!negated)
+! 				extra = ADD_NL;
+  			}
+  			else
+  			{
+--- 1513,1519 ----
+  			     * collection, add an OR below. But not for negated
+  			     * range. */
+  			    if (!negated)
+! 				extra = NFA_ADD_NL;
+  			}
+  			else
+  			{
+***************
+*** 1537,1543 ****
+  		    EMIT(NFA_END_COLL);
+  
+  		/* \_[] also matches \n but it's not negated */
+! 		if (extra == ADD_NL)
+  		{
+  		    EMIT(reg_string ? NL : NFA_NEWL);
+  		    EMIT(NFA_OR);
+--- 1546,1552 ----
+  		    EMIT(NFA_END_COLL);
+  
+  		/* \_[] also matches \n but it's not negated */
+! 		if (extra == NFA_ADD_NL)
+  		{
+  		    EMIT(reg_string ? NL : NFA_NEWL);
+  		    EMIT(NFA_OR);
+***************
+*** 2011,2017 ****
+      if (c >= NFA_FIRST_NL && c <= NFA_LAST_NL)
+      {
+  	addnl = TRUE;
+! 	c -= ADD_NL;
+      }
+  
+      STRCPY(code, "");
+--- 2020,2026 ----
+      if (c >= NFA_FIRST_NL && c <= NFA_LAST_NL)
+      {
+  	addnl = TRUE;
+! 	c -= NFA_ADD_NL;
+      }
+  
+      STRCPY(code, "");
+***************
+*** 2217,2222 ****
+--- 2226,2235 ----
+  	case NFA_NLOWER:STRCPY(code, "NFA_NLOWER"); break;
+  	case NFA_UPPER:	STRCPY(code, "NFA_UPPER"); break;
+  	case NFA_NUPPER:STRCPY(code, "NFA_NUPPER"); break;
++ 	case NFA_LOWER_IC:  STRCPY(code, "NFA_LOWER_IC"); break;
++ 	case NFA_NLOWER_IC: STRCPY(code, "NFA_NLOWER_IC"); break;
++ 	case NFA_UPPER_IC:  STRCPY(code, "NFA_UPPER_IC"); break;
++ 	case NFA_NUPPER_IC: STRCPY(code, "NFA_NUPPER_IC"); break;
+  
+  	default:
+  	    STRCPY(code, "CHAR(x)");
+***************
+*** 2687,2692 ****
+--- 2700,2709 ----
+  	    case NFA_NLOWER:
+  	    case NFA_UPPER:
+  	    case NFA_NUPPER:
++ 	    case NFA_LOWER_IC:
++ 	    case NFA_NLOWER_IC:
++ 	    case NFA_UPPER_IC:
++ 	    case NFA_NUPPER_IC:
+  		/* possibly non-ascii */
+  #ifdef FEAT_MBYTE
+  		if (has_mbyte)
+***************
+*** 3841,3846 ****
+--- 3858,3867 ----
+  	    case NFA_NLOWER:
+  	    case NFA_UPPER:
+  	    case NFA_NUPPER:
++ 	    case NFA_LOWER_IC:
++ 	    case NFA_NLOWER_IC:
++ 	    case NFA_UPPER_IC:
++ 	    case NFA_NUPPER_IC:
+  	    case NFA_START_COLL:
+  	    case NFA_START_NEG_COLL:
+  	    case NFA_NEWL:
+***************
+*** 5872,5877 ****
+--- 5893,5920 ----
+  		ADD_STATE_IF_MATCH(t->state);
+  		break;
+  
++ 	    case NFA_LOWER_IC:	/* [a-z] */
++ 		result = ri_lower(curc) || (ireg_ic && ri_upper(curc));
++ 		ADD_STATE_IF_MATCH(t->state);
++ 		break;
++ 
++ 	    case NFA_NLOWER_IC:	/* [^a-z] */
++ 		result = curc != NUL
++ 			  && !(ri_lower(curc) || (ireg_ic && ri_upper(curc)));
++ 		ADD_STATE_IF_MATCH(t->state);
++ 		break;
++ 
++ 	    case NFA_UPPER_IC:	/* [A-Z] */
++ 		result = ri_upper(curc) || (ireg_ic && ri_lower(curc));
++ 		ADD_STATE_IF_MATCH(t->state);
++ 		break;
++ 
++ 	    case NFA_NUPPER_IC:	/* ^[A-Z] */
++ 		result = curc != NUL
++ 			  && !(ri_upper(curc) || (ireg_ic && ri_lower(curc)));
++ 		ADD_STATE_IF_MATCH(t->state);
++ 		break;
++ 
+  	    case NFA_BACKREF1:
+  	    case NFA_BACKREF2:
+  	    case NFA_BACKREF3:
+*** ../vim-7.4.000/src/testdir/test64.in	2013-08-01 17:45:33.000000000 +0200
+--- src/testdir/test64.in	2013-08-14 11:50:11.000000000 +0200
+***************
+*** 289,303 ****
+  :call add(tl, [2, '.a\%$', " a\n "])
+  :call add(tl, [2, '.a\%$', " a\n_a", "_a"])
+  :"
+! :"""" Test recognition of some character classes
+! :call add(tl, [2, '[0-9]', '8', '8'])
+! :call add(tl, [2, '[^0-9]', '8'])
+! :call add(tl, [2, '[0-9a-fA-F]*', '0a7', '0a7'])
+! :call add(tl, [2, '[^0-9A-Fa-f]\+', '0a7'])
+! :call add(tl, [2, '[a-z_A-Z0-9]\+', 'aso_sfoij', 'aso_sfoij'])
+! :call add(tl, [2, '[a-z]', 'a', 'a'])
+! :call add(tl, [2, '[a-zA-Z]', 'a', 'a'])
+! :call add(tl, [2, '[A-Z]', 'a'])
+  :call add(tl, [2, '\C[^A-Z]\+', 'ABCOIJDEOIFNSD jsfoij sa', ' jsfoij sa'])
+  :"
+  :"""" Tests for \z features
+--- 289,317 ----
+  :call add(tl, [2, '.a\%$', " a\n "])
+  :call add(tl, [2, '.a\%$', " a\n_a", "_a"])
+  :"
+! :"""" Test recognition of character classes
+! :call add(tl, [2, '[0-7]\+', 'x0123456789x', '01234567'])
+! :call add(tl, [2, '[^0-7]\+', '0a;X+% 897', 'a;X+% 89'])
+! :call add(tl, [2, '[0-9]\+', 'x0123456789x', '0123456789'])
+! :call add(tl, [2, '[^0-9]\+', '0a;X+% 9', 'a;X+% '])
+! :call add(tl, [2, '[0-9a-fA-F]\+', 'x0189abcdefg', '0189abcdef'])
+! :call add(tl, [2, '[^0-9A-Fa-f]\+', '0189g;X+% ab', 'g;X+% '])
+! :call add(tl, [2, '[a-z_A-Z0-9]\+', ';+aso_SfOij ', 'aso_SfOij'])
+! :call add(tl, [2, '[^a-z_A-Z0-9]\+', 'aSo_;+% sfOij', ';+% '])
+! :call add(tl, [2, '[a-z_A-Z]\+', '0abyz_ABYZ;', 'abyz_ABYZ'])
+! :call add(tl, [2, '[^a-z_A-Z]\+', 'abAB_09;+% yzYZ', '09;+% '])
+! :call add(tl, [2, '[a-z]\+', '0abcxyz1', 'abcxyz'])
+! :call add(tl, [2, '[a-z]\+', 'AabxyzZ', 'abxyz'])
+! :call add(tl, [2, '[^a-z]\+', 'a;X09+% x', ';X09+% '])
+! :call add(tl, [2, '[^a-z]\+', 'abX0;%yz', 'X0;%'])
+! :call add(tl, [2, '[a-zA-Z]\+', '0abABxzXZ9', 'abABxzXZ'])
+! :call add(tl, [2, '[^a-zA-Z]\+', 'ab09_;+ XZ', '09_;+ '])
+! :call add(tl, [2, '[A-Z]\+', 'aABXYZz', 'ABXYZ'])
+! :call add(tl, [2, '[^A-Z]\+', 'ABx0;%YZ', 'x0;%'])
+! :call add(tl, [2, '[a-z]\+\c', '0abxyzABXYZ;', 'abxyzABXYZ'])
+! :call add(tl, [2, '[A-Z]\+\c', '0abABxzXZ9', 'abABxzXZ'])
+! :call add(tl, [2, '\c[^a-z]\+', 'ab09_;+ XZ', '09_;+ '])
+! :call add(tl, [2, '\c[^A-Z]\+', 'ab09_;+ XZ', '09_;+ '])
+  :call add(tl, [2, '\C[^A-Z]\+', 'ABCOIJDEOIFNSD jsfoij sa', ' jsfoij sa'])
+  :"
+  :"""" Tests for \z features
+*** ../vim-7.4.000/src/testdir/test64.ok	2013-08-01 18:28:56.000000000 +0200
+--- src/testdir/test64.ok	2013-08-14 11:50:37.000000000 +0200
+***************
+*** 650,679 ****
+  OK 0 - .a\%$
+  OK 1 - .a\%$
+  OK 2 - .a\%$
+! OK 0 - [0-9]
+! OK 1 - [0-9]
+! OK 2 - [0-9]
+! OK 0 - [^0-9]
+! OK 1 - [^0-9]
+! OK 2 - [^0-9]
+! OK 0 - [0-9a-fA-F]*
+! OK 1 - [0-9a-fA-F]*
+! OK 2 - [0-9a-fA-F]*
+  OK 0 - [^0-9A-Fa-f]\+
+  OK 1 - [^0-9A-Fa-f]\+
+  OK 2 - [^0-9A-Fa-f]\+
+  OK 0 - [a-z_A-Z0-9]\+
+  OK 1 - [a-z_A-Z0-9]\+
+  OK 2 - [a-z_A-Z0-9]\+
+! OK 0 - [a-z]
+! OK 1 - [a-z]
+! OK 2 - [a-z]
+! OK 0 - [a-zA-Z]
+! OK 1 - [a-zA-Z]
+! OK 2 - [a-zA-Z]
+! OK 0 - [A-Z]
+! OK 1 - [A-Z]
+! OK 2 - [A-Z]
+  OK 0 - \C[^A-Z]\+
+  OK 1 - \C[^A-Z]\+
+  OK 2 - \C[^A-Z]\+
+--- 650,721 ----
+  OK 0 - .a\%$
+  OK 1 - .a\%$
+  OK 2 - .a\%$
+! OK 0 - [0-7]\+
+! OK 1 - [0-7]\+
+! OK 2 - [0-7]\+
+! OK 0 - [^0-7]\+
+! OK 1 - [^0-7]\+
+! OK 2 - [^0-7]\+
+! OK 0 - [0-9]\+
+! OK 1 - [0-9]\+
+! OK 2 - [0-9]\+
+! OK 0 - [^0-9]\+
+! OK 1 - [^0-9]\+
+! OK 2 - [^0-9]\+
+! OK 0 - [0-9a-fA-F]\+
+! OK 1 - [0-9a-fA-F]\+
+! OK 2 - [0-9a-fA-F]\+
+  OK 0 - [^0-9A-Fa-f]\+
+  OK 1 - [^0-9A-Fa-f]\+
+  OK 2 - [^0-9A-Fa-f]\+
+  OK 0 - [a-z_A-Z0-9]\+
+  OK 1 - [a-z_A-Z0-9]\+
+  OK 2 - [a-z_A-Z0-9]\+
+! OK 0 - [^a-z_A-Z0-9]\+
+! OK 1 - [^a-z_A-Z0-9]\+
+! OK 2 - [^a-z_A-Z0-9]\+
+! OK 0 - [a-z_A-Z]\+
+! OK 1 - [a-z_A-Z]\+
+! OK 2 - [a-z_A-Z]\+
+! OK 0 - [^a-z_A-Z]\+
+! OK 1 - [^a-z_A-Z]\+
+! OK 2 - [^a-z_A-Z]\+
+! OK 0 - [a-z]\+
+! OK 1 - [a-z]\+
+! OK 2 - [a-z]\+
+! OK 0 - [a-z]\+
+! OK 1 - [a-z]\+
+! OK 2 - [a-z]\+
+! OK 0 - [^a-z]\+
+! OK 1 - [^a-z]\+
+! OK 2 - [^a-z]\+
+! OK 0 - [^a-z]\+
+! OK 1 - [^a-z]\+
+! OK 2 - [^a-z]\+
+! OK 0 - [a-zA-Z]\+
+! OK 1 - [a-zA-Z]\+
+! OK 2 - [a-zA-Z]\+
+! OK 0 - [^a-zA-Z]\+
+! OK 1 - [^a-zA-Z]\+
+! OK 2 - [^a-zA-Z]\+
+! OK 0 - [A-Z]\+
+! OK 1 - [A-Z]\+
+! OK 2 - [A-Z]\+
+! OK 0 - [^A-Z]\+
+! OK 1 - [^A-Z]\+
+! OK 2 - [^A-Z]\+
+! OK 0 - [a-z]\+\c
+! OK 1 - [a-z]\+\c
+! OK 2 - [a-z]\+\c
+! OK 0 - [A-Z]\+\c
+! OK 1 - [A-Z]\+\c
+! OK 2 - [A-Z]\+\c
+! OK 0 - \c[^a-z]\+
+! OK 1 - \c[^a-z]\+
+! OK 2 - \c[^a-z]\+
+! OK 0 - \c[^A-Z]\+
+! OK 1 - \c[^A-Z]\+
+! OK 2 - \c[^A-Z]\+
+  OK 0 - \C[^A-Z]\+
+  OK 1 - \C[^A-Z]\+
+  OK 2 - \C[^A-Z]\+
+*** ../vim-7.4.000/src/version.c	2013-08-10 13:29:20.000000000 +0200
+--- src/version.c	2013-08-14 11:54:57.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     1,
+  /**/
+
+-- 
+How many light bulbs does it take to change a person?
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.002 b/pkgs/applications/editors/vim/patches/7.4.002
new file mode 100644
index 000000000000..d92f4de6c2d7
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.002
@@ -0,0 +1,77 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.002
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4b.002
+Problem:    Pattern with two alternative look-behind matches does not match.
+	    (Amadeus Demarzi)
+Solution:   When comparing PIMs also compare their state ID to see if they are
+	    different.
+Files:	    src/regexp_nfa.c, src/testdir/test64.in, src/testdir/test64.ok
+
+
+*** ../vim-7.4.001/src/regexp_nfa.c	2013-08-14 12:05:54.000000000 +0200
+--- src/regexp_nfa.c	2013-08-14 13:12:09.000000000 +0200
+***************
+*** 3782,3787 ****
+--- 3782,3790 ----
+      if (two_unused)
+  	/* one is used and two is not: not equal */
+  	return FALSE;
++     /* compare the state id */
++     if (one->state->id != two->state->id)
++ 	return FALSE;
+      /* compare the position */
+      if (REG_MULTI)
+  	return one->end.pos.lnum == two->end.pos.lnum
+*** ../vim-7.4.001/src/testdir/test64.in	2013-08-14 12:05:54.000000000 +0200
+--- src/testdir/test64.in	2013-08-14 12:58:38.000000000 +0200
+***************
+*** 421,426 ****
+--- 421,429 ----
+  :call add(tl, [2, '\(foo\)\@<=\>', 'barfoo', '', 'foo'])
+  :call add(tl, [2, '\(foo\)\@<=.*', 'foobar', 'bar', 'foo'])
+  :"
++ :" complicated look-behind match
++ :call add(tl, [2, '\(r\@<=\|\w\@<!\)\/', 'x = /word/;', '/'])
++ :"
+  :""""" \@>
+  :call add(tl, [2, '\(a*\)\@>a', 'aaaa'])
+  :call add(tl, [2, '\(a*\)\@>b', 'aaab', 'aaab', 'aaa'])
+*** ../vim-7.4.001/src/testdir/test64.ok	2013-08-14 12:05:54.000000000 +0200
+--- src/testdir/test64.ok	2013-08-14 13:14:09.000000000 +0200
+***************
+*** 974,979 ****
+--- 974,982 ----
+  OK 0 - \(foo\)\@<=.*
+  OK 1 - \(foo\)\@<=.*
+  OK 2 - \(foo\)\@<=.*
++ OK 0 - \(r\@<=\|\w\@<!\)\/
++ OK 1 - \(r\@<=\|\w\@<!\)\/
++ OK 2 - \(r\@<=\|\w\@<!\)\/
+  OK 0 - \(a*\)\@>a
+  OK 1 - \(a*\)\@>a
+  OK 2 - \(a*\)\@>a
+*** ../vim-7.4.001/src/version.c	2013-08-14 12:05:54.000000000 +0200
+--- src/version.c	2013-08-14 13:13:45.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     2,
+  /**/
+
+-- 
+From "know your smileys":
+ :-)-O	Smiling doctor with stethoscope
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.003 b/pkgs/applications/editors/vim/patches/7.4.003
new file mode 100644
index 000000000000..9aad3c8c8f1c
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.003
@@ -0,0 +1,100 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.003
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.003
+Problem:    Memory access error in Ruby syntax highlighting. (Christopher Chow)
+Solution:   Refresh stale pointer. (James McCoy)
+Files:	    src/regexp_nfa.c
+
+
+*** ../vim-7.4.002/src/regexp_nfa.c	2013-08-14 13:31:03.000000000 +0200
+--- src/regexp_nfa.c	2013-08-14 14:02:06.000000000 +0200
+***************
+*** 4120,4126 ****
+  		sub = &subs->norm;
+  	    }
+  #ifdef FEAT_SYN_HL
+! 	    else if (state->c >= NFA_ZOPEN)
+  	    {
+  		subidx = state->c - NFA_ZOPEN;
+  		sub = &subs->synt;
+--- 4120,4126 ----
+  		sub = &subs->norm;
+  	    }
+  #ifdef FEAT_SYN_HL
+! 	    else if (state->c >= NFA_ZOPEN && state->c <= NFA_ZOPEN9)
+  	    {
+  		subidx = state->c - NFA_ZOPEN;
+  		sub = &subs->synt;
+***************
+*** 4189,4194 ****
+--- 4189,4201 ----
+  	    }
+  
+  	    subs = addstate(l, state->out, subs, pim, off);
++ 	    /* "subs" may have changed, need to set "sub" again */
++ #ifdef FEAT_SYN_HL
++ 	    if (state->c >= NFA_ZOPEN && state->c <= NFA_ZOPEN9)
++ 		sub = &subs->synt;
++ 	    else
++ #endif
++ 		sub = &subs->norm;
+  
+  	    if (save_in_use == -1)
+  	    {
+***************
+*** 4237,4243 ****
+  		sub = &subs->norm;
+  	    }
+  #ifdef FEAT_SYN_HL
+! 	    else if (state->c >= NFA_ZCLOSE)
+  	    {
+  		subidx = state->c - NFA_ZCLOSE;
+  		sub = &subs->synt;
+--- 4244,4250 ----
+  		sub = &subs->norm;
+  	    }
+  #ifdef FEAT_SYN_HL
+! 	    else if (state->c >= NFA_ZCLOSE && state->c <= NFA_ZCLOSE9)
+  	    {
+  		subidx = state->c - NFA_ZCLOSE;
+  		sub = &subs->synt;
+***************
+*** 4281,4286 ****
+--- 4288,4300 ----
+  	    }
+  
+  	    subs = addstate(l, state->out, subs, pim, off);
++ 	    /* "subs" may have changed, need to set "sub" again */
++ #ifdef FEAT_SYN_HL
++ 	    if (state->c >= NFA_ZCLOSE && state->c <= NFA_ZCLOSE9)
++ 		sub = &subs->synt;
++ 	    else
++ #endif
++ 		sub = &subs->norm;
+  
+  	    if (REG_MULTI)
+  		sub->list.multi[subidx].end = save_lpos;
+*** ../vim-7.4.002/src/version.c	2013-08-14 13:31:03.000000000 +0200
+--- src/version.c	2013-08-14 14:03:51.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     3,
+  /**/
+
+-- 
+Where do you want to crash today?
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.004 b/pkgs/applications/editors/vim/patches/7.4.004
new file mode 100644
index 000000000000..f629d673fb8a
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.004
@@ -0,0 +1,232 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.004
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.004
+Problem:    When closing a window fails ":bwipe" may hang.
+Solution:   Let win_close() return FAIL and break out of the loop.
+Files:	    src/window.c, src/proto/window.pro, src/buffer.c
+
+
+*** ../vim-7.4.003/src/window.c	2013-07-24 17:38:29.000000000 +0200
+--- src/window.c	2013-08-14 16:52:44.000000000 +0200
+***************
+*** 2172,2179 ****
+   * If "free_buf" is TRUE related buffer may be unloaded.
+   *
+   * Called by :quit, :close, :xit, :wq and findtag().
+   */
+!     void
+  win_close(win, free_buf)
+      win_T	*win;
+      int		free_buf;
+--- 2172,2180 ----
+   * If "free_buf" is TRUE related buffer may be unloaded.
+   *
+   * Called by :quit, :close, :xit, :wq and findtag().
++  * Returns FAIL when the window was not closed.
+   */
+!     int
+  win_close(win, free_buf)
+      win_T	*win;
+      int		free_buf;
+***************
+*** 2190,2210 ****
+      if (last_window())
+      {
+  	EMSG(_("E444: Cannot close last window"));
+! 	return;
+      }
+  
+  #ifdef FEAT_AUTOCMD
+      if (win->w_closing || (win->w_buffer != NULL && win->w_buffer->b_closing))
+! 	return; /* window is already being closed */
+      if (win == aucmd_win)
+      {
+  	EMSG(_("E813: Cannot close autocmd window"));
+! 	return;
+      }
+      if ((firstwin == aucmd_win || lastwin == aucmd_win) && one_window())
+      {
+  	EMSG(_("E814: Cannot close window, only autocmd window would remain"));
+! 	return;
+      }
+  #endif
+  
+--- 2191,2211 ----
+      if (last_window())
+      {
+  	EMSG(_("E444: Cannot close last window"));
+! 	return FAIL;
+      }
+  
+  #ifdef FEAT_AUTOCMD
+      if (win->w_closing || (win->w_buffer != NULL && win->w_buffer->b_closing))
+! 	return FAIL; /* window is already being closed */
+      if (win == aucmd_win)
+      {
+  	EMSG(_("E813: Cannot close autocmd window"));
+! 	return FAIL;
+      }
+      if ((firstwin == aucmd_win || lastwin == aucmd_win) && one_window())
+      {
+  	EMSG(_("E814: Cannot close window, only autocmd window would remain"));
+! 	return FAIL;
+      }
+  #endif
+  
+***************
+*** 2212,2218 ****
+       * and then close the window and the tab page to avoid that curwin and
+       * curtab are invalid while we are freeing memory. */
+      if (close_last_window_tabpage(win, free_buf, prev_curtab))
+!       return;
+  
+      /* When closing the help window, try restoring a snapshot after closing
+       * the window.  Otherwise clear the snapshot, it's now invalid. */
+--- 2213,2219 ----
+       * and then close the window and the tab page to avoid that curwin and
+       * curtab are invalid while we are freeing memory. */
+      if (close_last_window_tabpage(win, free_buf, prev_curtab))
+!       return FAIL;
+  
+      /* When closing the help window, try restoring a snapshot after closing
+       * the window.  Otherwise clear the snapshot, it's now invalid. */
+***************
+*** 2240,2261 ****
+  	    win->w_closing = TRUE;
+  	    apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf);
+  	    if (!win_valid(win))
+! 		return;
+  	    win->w_closing = FALSE;
+  	    if (last_window())
+! 		return;
+  	}
+  	win->w_closing = TRUE;
+  	apply_autocmds(EVENT_WINLEAVE, NULL, NULL, FALSE, curbuf);
+  	if (!win_valid(win))
+! 	    return;
+  	win->w_closing = FALSE;
+  	if (last_window())
+! 	    return;
+  # ifdef FEAT_EVAL
+  	/* autocmds may abort script processing */
+  	if (aborting())
+! 	    return;
+  # endif
+      }
+  #endif
+--- 2241,2262 ----
+  	    win->w_closing = TRUE;
+  	    apply_autocmds(EVENT_BUFLEAVE, NULL, NULL, FALSE, curbuf);
+  	    if (!win_valid(win))
+! 		return FAIL;
+  	    win->w_closing = FALSE;
+  	    if (last_window())
+! 		return FAIL;
+  	}
+  	win->w_closing = TRUE;
+  	apply_autocmds(EVENT_WINLEAVE, NULL, NULL, FALSE, curbuf);
+  	if (!win_valid(win))
+! 	    return FAIL;
+  	win->w_closing = FALSE;
+  	if (last_window())
+! 	    return FAIL;
+  # ifdef FEAT_EVAL
+  	/* autocmds may abort script processing */
+  	if (aborting())
+! 	    return FAIL;
+  # endif
+      }
+  #endif
+***************
+*** 2303,2309 ****
+       * other window or moved to another tab page. */
+      else if (!win_valid(win) || last_window() || curtab != prev_curtab
+  	    || close_last_window_tabpage(win, free_buf, prev_curtab))
+! 	return;
+  
+      /* Free the memory used for the window and get the window that received
+       * the screen space. */
+--- 2304,2310 ----
+       * other window or moved to another tab page. */
+      else if (!win_valid(win) || last_window() || curtab != prev_curtab
+  	    || close_last_window_tabpage(win, free_buf, prev_curtab))
+! 	return FAIL;
+  
+      /* Free the memory used for the window and get the window that received
+       * the screen space. */
+***************
+*** 2383,2388 ****
+--- 2384,2390 ----
+  #endif
+  
+      redraw_all_later(NOT_VALID);
++     return OK;
+  }
+  
+  /*
+*** ../vim-7.4.003/src/proto/window.pro	2013-08-10 13:37:30.000000000 +0200
+--- src/proto/window.pro	2013-08-14 16:52:50.000000000 +0200
+***************
+*** 9,15 ****
+  void win_equal __ARGS((win_T *next_curwin, int current, int dir));
+  void close_windows __ARGS((buf_T *buf, int keep_curwin));
+  int one_window __ARGS((void));
+! void win_close __ARGS((win_T *win, int free_buf));
+  void win_close_othertab __ARGS((win_T *win, int free_buf, tabpage_T *tp));
+  void win_free_all __ARGS((void));
+  win_T *winframe_remove __ARGS((win_T *win, int *dirp, tabpage_T *tp));
+--- 9,15 ----
+  void win_equal __ARGS((win_T *next_curwin, int current, int dir));
+  void close_windows __ARGS((buf_T *buf, int keep_curwin));
+  int one_window __ARGS((void));
+! int win_close __ARGS((win_T *win, int free_buf));
+  void win_close_othertab __ARGS((win_T *win, int free_buf, tabpage_T *tp));
+  void win_free_all __ARGS((void));
+  win_T *winframe_remove __ARGS((win_T *win, int *dirp, tabpage_T *tp));
+*** ../vim-7.4.003/src/buffer.c	2013-07-17 16:39:00.000000000 +0200
+--- src/buffer.c	2013-08-14 16:54:34.000000000 +0200
+***************
+*** 1186,1192 ****
+  		   && !(curwin->w_closing || curwin->w_buffer->b_closing)
+  # endif
+  		   && (firstwin != lastwin || first_tabpage->tp_next != NULL))
+! 	    win_close(curwin, FALSE);
+  #endif
+  
+  	/*
+--- 1186,1195 ----
+  		   && !(curwin->w_closing || curwin->w_buffer->b_closing)
+  # endif
+  		   && (firstwin != lastwin || first_tabpage->tp_next != NULL))
+! 	{
+! 	    if (win_close(curwin, FALSE) == FAIL)
+! 		break;
+! 	}
+  #endif
+  
+  	/*
+*** ../vim-7.4.003/src/version.c	2013-08-14 14:18:37.000000000 +0200
+--- src/version.c	2013-08-14 17:10:23.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     4,
+  /**/
+
+-- 
+From "know your smileys":
+ *<|:-)	Santa Claus (Ho Ho Ho)
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.005 b/pkgs/applications/editors/vim/patches/7.4.005
new file mode 100644
index 000000000000..f85d1f0e3c81
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.005
@@ -0,0 +1,48 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.005
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.005
+Problem:    Using "vaB" while 'virtualedit' is set selects the wrong area.
+	    (Dimitar Dimitrov)
+Solution:   Reset coladd when finding a match.
+Files:	    src/search.c
+
+
+*** ../vim-7.4.004/src/search.c	2013-07-17 19:20:47.000000000 +0200
+--- src/search.c	2013-08-14 17:32:38.000000000 +0200
+***************
+*** 1760,1765 ****
+--- 1760,1768 ----
+  #endif
+  
+      pos = curwin->w_cursor;
++ #ifdef FEAT_VIRTUALEDIT
++     pos.coladd = 0;
++ #endif
+      linep = ml_get(pos.lnum);
+  
+      cpo_match = (vim_strchr(p_cpo, CPO_MATCH) != NULL);
+*** ../vim-7.4.004/src/version.c	2013-08-14 17:11:14.000000000 +0200
+--- src/version.c	2013-08-14 17:38:05.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     5,
+  /**/
+
+-- 
+You can't have everything.  Where would you put it?
+		-- Steven Wright
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.006 b/pkgs/applications/editors/vim/patches/7.4.006
new file mode 100644
index 000000000000..55d3802c4d14
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.006
@@ -0,0 +1,66 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.006
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.006
+Problem:    mkdir("foo/bar/", "p") gives an error message. (David Barnett)
+Solution:   Remove the trailing slash. (lcd)
+Files:	    src/eval.c
+
+
+*** ../vim-7.4.005/src/eval.c	2013-07-05 18:23:42.000000000 +0200
+--- src/eval.c	2013-08-22 12:00:28.000000000 +0200
+***************
+*** 14292,14297 ****
+--- 14292,14301 ----
+  	return;
+  
+      dir = get_tv_string_buf(&argvars[0], buf);
++     if (*gettail(dir) == NUL)
++ 	/* remove trailing slashes */
++ 	*gettail_sep(dir) = NUL;
++ 
+      if (argvars[1].v_type != VAR_UNKNOWN)
+      {
+  	if (argvars[2].v_type != VAR_UNKNOWN)
+***************
+*** 14299,14305 ****
+  	if (prot != -1 && STRCMP(get_tv_string(&argvars[1]), "p") == 0)
+  	    mkdir_recurse(dir, prot);
+      }
+!     rettv->vval.v_number = prot != -1 ? vim_mkdir_emsg(dir, prot) : 0;
+  }
+  #endif
+  
+--- 14303,14309 ----
+  	if (prot != -1 && STRCMP(get_tv_string(&argvars[1]), "p") == 0)
+  	    mkdir_recurse(dir, prot);
+      }
+!     rettv->vval.v_number = prot == -1 ? FAIL : vim_mkdir_emsg(dir, prot);
+  }
+  #endif
+  
+*** ../vim-7.4.005/src/version.c	2013-08-14 17:45:25.000000000 +0200
+--- src/version.c	2013-08-22 12:02:46.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     6,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+97. Your mother tells you to remember something, and you look for
+    a File/Save command.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.007 b/pkgs/applications/editors/vim/patches/7.4.007
new file mode 100644
index 000000000000..5495ffbf9797
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.007
@@ -0,0 +1,95 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.007
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.007
+Problem:    Creating a preview window on startup leaves the screen layout in a
+	    messed up state. (Marius Gedminas)
+Solution:   Don't change firstwin. (Christian Brabandt)
+Files:	    src/main.c
+
+
+*** ../vim-7.4.006/src/main.c	2013-07-03 12:36:49.000000000 +0200
+--- src/main.c	2013-08-22 14:02:39.000000000 +0200
+***************
+*** 2727,2732 ****
+--- 2727,2733 ----
+      int		arg_idx;		/* index in argument list */
+      int		i;
+      int		advance = TRUE;
++     win_T	*win;
+  
+  # ifdef FEAT_AUTOCMD
+      /*
+***************
+*** 2816,2839 ****
+  # ifdef FEAT_AUTOCMD
+      --autocmd_no_enter;
+  # endif
+  #if defined(FEAT_WINDOWS) && defined(FEAT_QUICKFIX)
+!     /*
+!      * Avoid making a preview window the current window.
+!      */
+!     if (firstwin->w_p_pvw)
+      {
+!        win_T   *win;
+! 
+!        for (win = firstwin; win != NULL; win = win->w_next)
+!            if (!win->w_p_pvw)
+!            {
+!                firstwin = win;
+!                break;
+!            }
+      }
+  #endif
+!     /* make the first window the current window */
+!     win_enter(firstwin, FALSE);
+  
+  # ifdef FEAT_AUTOCMD
+      --autocmd_no_leave;
+--- 2817,2838 ----
+  # ifdef FEAT_AUTOCMD
+      --autocmd_no_enter;
+  # endif
++ 
++     /* make the first window the current window */
++     win = firstwin;
+  #if defined(FEAT_WINDOWS) && defined(FEAT_QUICKFIX)
+!     /* Avoid making a preview window the current window. */
+!     while (win->w_p_pvw)
+      {
+! 	win = win->w_next;
+! 	if (win == NULL)
+! 	{
+! 	    win = firstwin;
+! 	    break;
+! 	}
+      }
+  #endif
+!     win_enter(win, FALSE);
+  
+  # ifdef FEAT_AUTOCMD
+      --autocmd_no_leave;
+*** ../vim-7.4.006/src/version.c	2013-08-22 12:06:50.000000000 +0200
+--- src/version.c	2013-08-22 14:04:11.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     7,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+105. When someone asks you for your address, you tell them your URL.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.008 b/pkgs/applications/editors/vim/patches/7.4.008
new file mode 100644
index 000000000000..6abd493f9145
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.008
@@ -0,0 +1,71 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.008
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.008
+Problem:    New regexp engine can't be interrupted.
+Solution:   Check for CTRL-C pressed. (Yasuhiro Matsumoto)
+Files:	    src/regexp_nfa.c, src/regexp.c
+
+
+*** ../vim-7.4.007/src/regexp_nfa.c	2013-08-14 14:18:37.000000000 +0200
+--- src/regexp_nfa.c	2013-08-25 16:55:56.000000000 +0200
+***************
+*** 5089,5094 ****
+--- 5089,5100 ----
+  	return FALSE;
+      }
+  #endif
++     /* Some patterns may take a long time to match, especially when using
++      * recursive_regmatch(). Allow interrupting them with CTRL-C. */
++     fast_breakcheck();
++     if (got_int)
++ 	return FALSE;
++ 
+      nfa_match = FALSE;
+  
+      /* Allocate memory for the lists of nodes. */
+*** ../vim-7.4.007/src/regexp.c	2013-08-01 18:31:30.000000000 +0200
+--- src/regexp.c	2013-08-25 16:57:35.000000000 +0200
+***************
+*** 4311,4318 ****
+     */
+    for (;;)
+    {
+!     /* Some patterns may cause a long time to match, even though they are not
+!      * illegal.  E.g., "\([a-z]\+\)\+Q".  Allow breaking them with CTRL-C. */
+      fast_breakcheck();
+  
+  #ifdef DEBUG
+--- 4311,4318 ----
+     */
+    for (;;)
+    {
+!     /* Some patterns may take a long time to match, e.g., "\([a-z]\+\)\+Q".
+!      * Allow interrupting them with CTRL-C. */
+      fast_breakcheck();
+  
+  #ifdef DEBUG
+*** ../vim-7.4.007/src/version.c	2013-08-22 14:14:23.000000000 +0200
+--- src/version.c	2013-08-25 16:57:51.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     8,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+124. You begin conversations with, "Who is your internet service provider?"
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.009 b/pkgs/applications/editors/vim/patches/7.4.009
new file mode 100644
index 000000000000..f5e5fa609126
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.009
@@ -0,0 +1,64 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.009
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.009
+Problem:    When a file was not decrypted (yet), writing it may destroy the
+	    contents.
+Solution:   Mark the file as readonly until decryption was done. (Christian
+	    Brabandt)
+Files:	    src/fileio.c
+
+
+*** ../vim-7.4.008/src/fileio.c	2013-08-05 21:58:03.000000000 +0200
+--- src/fileio.c	2013-08-25 17:45:27.000000000 +0200
+***************
+*** 2926,2934 ****
+--- 2926,2939 ----
+      int		*did_ask;	/* flag: whether already asked for key */
+  {
+      int method = crypt_method_from_magic((char *)ptr, *sizep);
++     int b_p_ro = curbuf->b_p_ro;
+  
+      if (method >= 0)
+      {
++ 	/* Mark the buffer as read-only until the decryption has taken place.
++ 	 * Avoids accidentally overwriting the file with garbage. */
++ 	curbuf->b_p_ro = TRUE;
++ 
+  	set_crypt_method(curbuf, method);
+  	if (method > 0)
+  	    (void)blowfish_self_test();
+***************
+*** 2977,2982 ****
+--- 2982,2989 ----
+  	    *sizep -= CRYPT_MAGIC_LEN + salt_len + seed_len;
+  	    mch_memmove(ptr, ptr + CRYPT_MAGIC_LEN + salt_len + seed_len,
+  							      (size_t)*sizep);
++ 	    /* Restore the read-only flag. */
++ 	    curbuf->b_p_ro = b_p_ro;
+  	}
+      }
+      /* When starting to edit a new file which does not have encryption, clear
+*** ../vim-7.4.008/src/version.c	2013-08-25 17:01:36.000000000 +0200
+--- src/version.c	2013-08-25 17:44:30.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     9,
+  /**/
+
+-- 
+I have a watch cat! Just break in and she'll watch.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.010 b/pkgs/applications/editors/vim/patches/7.4.010
new file mode 100644
index 000000000000..fee6ba5b4a84
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.010
@@ -0,0 +1,79 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.010
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.010 (after 7.4.006)
+Problem:    Crash with invalid argument to mkdir().
+Solution:   Check for empty string. (lcd47)
+Files:	    src/eval.c
+
+
+*** ../vim-7.4.009/src/eval.c	2013-08-22 12:06:50.000000000 +0200
+--- src/eval.c	2013-08-30 15:47:47.000000000 +0200
+***************
+*** 14292,14309 ****
+  	return;
+  
+      dir = get_tv_string_buf(&argvars[0], buf);
+!     if (*gettail(dir) == NUL)
+! 	/* remove trailing slashes */
+! 	*gettail_sep(dir) = NUL;
+! 
+!     if (argvars[1].v_type != VAR_UNKNOWN)
+      {
+! 	if (argvars[2].v_type != VAR_UNKNOWN)
+! 	    prot = get_tv_number_chk(&argvars[2], NULL);
+! 	if (prot != -1 && STRCMP(get_tv_string(&argvars[1]), "p") == 0)
+! 	    mkdir_recurse(dir, prot);
+      }
+-     rettv->vval.v_number = prot == -1 ? FAIL : vim_mkdir_emsg(dir, prot);
+  }
+  #endif
+  
+--- 14292,14314 ----
+  	return;
+  
+      dir = get_tv_string_buf(&argvars[0], buf);
+!     if (*dir == NUL)
+! 	rettv->vval.v_number = FAIL;
+!     else
+      {
+! 	if (*gettail(dir) == NUL)
+! 	    /* remove trailing slashes */
+! 	    *gettail_sep(dir) = NUL;
+! 
+! 	if (argvars[1].v_type != VAR_UNKNOWN)
+! 	{
+! 	    if (argvars[2].v_type != VAR_UNKNOWN)
+! 		prot = get_tv_number_chk(&argvars[2], NULL);
+! 	    if (prot != -1 && STRCMP(get_tv_string(&argvars[1]), "p") == 0)
+! 		mkdir_recurse(dir, prot);
+! 	}
+! 	rettv->vval.v_number = prot == -1 ? FAIL : vim_mkdir_emsg(dir, prot);
+      }
+  }
+  #endif
+  
+*** ../vim-7.4.009/src/version.c	2013-08-25 17:46:05.000000000 +0200
+--- src/version.c	2013-08-30 15:48:37.000000000 +0200
+***************
+*** 729,730 ****
+--- 729,732 ----
+  {   /* Add new patch number below this line */
++ /**/
++     10,
+  /**/
+
+-- 
+I wish there was a knob on the TV to turn up the intelligence.
+There's a knob called "brightness", but it doesn't seem to work. 
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.011 b/pkgs/applications/editors/vim/patches/7.4.011
new file mode 100644
index 000000000000..efff82c5eba9
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.011
@@ -0,0 +1,100 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.011
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.011
+Problem:    Cannot find out if "acl" and "xpm" features are supported.
+Solution:   Add "acl" and "xpm" to the list of features. (Ken Takata)
+Files:	    src/eval.c, src/version.c
+
+
+*** ../vim-7.4.010/src/eval.c	2013-08-30 16:00:04.000000000 +0200
+--- src/eval.c	2013-08-30 16:34:12.000000000 +0200
+***************
+*** 12135,12140 ****
+--- 12135,12143 ----
+  #ifndef CASE_INSENSITIVE_FILENAME
+  	"fname_case",
+  #endif
++ #ifdef HAVE_ACL
++ 	"acl",
++ #endif
+  #ifdef FEAT_ARABIC
+  	"arabic",
+  #endif
+***************
+*** 12538,12544 ****
+  	"xfontset",
+  #endif
+  #ifdef FEAT_XPM_W32
+! 	"xpm_w32",
+  #endif
+  #ifdef USE_XSMP
+  	"xsmp",
+--- 12541,12552 ----
+  	"xfontset",
+  #endif
+  #ifdef FEAT_XPM_W32
+! 	"xpm",
+! 	"xpm_w32",	/* for backward compatibility */
+! #else
+! # if defined(HAVE_XPM)
+! 	"xpm",
+! # endif
+  #endif
+  #ifdef USE_XSMP
+  	"xsmp",
+*** ../vim-7.4.010/src/version.c	2013-08-30 16:00:04.000000000 +0200
+--- src/version.c	2013-08-30 16:34:37.000000000 +0200
+***************
+*** 60,65 ****
+--- 60,70 ----
+  
+  static char *(features[]) =
+  {
++ #ifdef HAVE_ACL
++ 	"+acl",
++ #else
++ 	"-acl",
++ #endif
+  #ifdef AMIGA		/* only for Amiga systems */
+  # ifdef FEAT_ARP
+  	"+ARP",
+***************
+*** 721,726 ****
+--- 726,737 ----
+  # else
+  	"-xpm_w32",
+  # endif
++ #else
++ # ifdef HAVE_XPM
++ 	"+xpm",
++ # else
++ 	"-xpm",
++ # endif
+  #endif
+  	NULL
+  };
+*** ../vim-7.4.010/src/version.c	2013-08-30 16:00:04.000000000 +0200
+--- src/version.c	2013-08-30 16:34:37.000000000 +0200
+***************
+*** 729,730 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     11,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+141. You'd rather go to http://www.weather.com/ than look out your window.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.012 b/pkgs/applications/editors/vim/patches/7.4.012
new file mode 100644
index 000000000000..f831442ea569
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.012
@@ -0,0 +1,202 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.012
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.012
+Problem:    MS-Windows: resolving shortcut does not work properly with
+	    multi-byte characters.
+Solution:   Use wide system functions. (Ken Takata)
+Files:	    src/os_mswin.c
+
+
+*** ../vim-7.4.011/src/os_mswin.c	2013-06-16 16:41:11.000000000 +0200
+--- src/os_mswin.c	2013-08-30 16:43:23.000000000 +0200
+***************
+*** 1761,1769 ****
+      IPersistFile	*ppf = NULL;
+      OLECHAR		wsz[MAX_PATH];
+      WIN32_FIND_DATA	ffd; // we get those free of charge
+!     TCHAR		buf[MAX_PATH]; // could have simply reused 'wsz'...
+      char_u		*rfname = NULL;
+      int			len;
+  
+      /* Check if the file name ends in ".lnk". Avoid calling
+       * CoCreateInstance(), it's quite slow. */
+--- 1761,1773 ----
+      IPersistFile	*ppf = NULL;
+      OLECHAR		wsz[MAX_PATH];
+      WIN32_FIND_DATA	ffd; // we get those free of charge
+!     CHAR		buf[MAX_PATH]; // could have simply reused 'wsz'...
+      char_u		*rfname = NULL;
+      int			len;
++ # ifdef FEAT_MBYTE
++     IShellLinkW		*pslw = NULL;
++     WIN32_FIND_DATAW	ffdw; // we get those free of charge
++ # endif
+  
+      /* Check if the file name ends in ".lnk". Avoid calling
+       * CoCreateInstance(), it's quite slow. */
+***************
+*** 1775,1792 ****
+  
+      CoInitialize(NULL);
+  
+      // create a link manager object and request its interface
+      hr = CoCreateInstance(
+  	    &CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
+  	    &IID_IShellLink, (void**)&psl);
+      if (hr != S_OK)
+! 	goto shortcut_error;
+  
+      // Get a pointer to the IPersistFile interface.
+      hr = psl->lpVtbl->QueryInterface(
+  	    psl, &IID_IPersistFile, (void**)&ppf);
+      if (hr != S_OK)
+! 	goto shortcut_error;
+  
+      // full path string must be in Unicode.
+      MultiByteToWideChar(CP_ACP, 0, fname, -1, wsz, MAX_PATH);
+--- 1779,1840 ----
+  
+      CoInitialize(NULL);
+  
++ # ifdef FEAT_MBYTE
++     if (enc_codepage >= 0 && (int)GetACP() != enc_codepage)
++     {
++ 	// create a link manager object and request its interface
++ 	hr = CoCreateInstance(
++ 		&CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
++ 		&IID_IShellLinkW, (void**)&pslw);
++ 	if (hr == S_OK)
++ 	{
++ 	    WCHAR	*p = enc_to_utf16(fname, NULL);
++ 
++ 	    if (p != NULL)
++ 	    {
++ 		// Get a pointer to the IPersistFile interface.
++ 		hr = pslw->lpVtbl->QueryInterface(
++ 			pslw, &IID_IPersistFile, (void**)&ppf);
++ 		if (hr != S_OK)
++ 		    goto shortcut_errorw;
++ 
++ 		// "load" the name and resolve the link
++ 		hr = ppf->lpVtbl->Load(ppf, p, STGM_READ);
++ 		if (hr != S_OK)
++ 		    goto shortcut_errorw;
++ #  if 0  // This makes Vim wait a long time if the target does not exist.
++ 		hr = pslw->lpVtbl->Resolve(pslw, NULL, SLR_NO_UI);
++ 		if (hr != S_OK)
++ 		    goto shortcut_errorw;
++ #  endif
++ 
++ 		// Get the path to the link target.
++ 		ZeroMemory(wsz, MAX_PATH * sizeof(WCHAR));
++ 		hr = pslw->lpVtbl->GetPath(pslw, wsz, MAX_PATH, &ffdw, 0);
++ 		if (hr == S_OK && wsz[0] != NUL)
++ 		    rfname = utf16_to_enc(wsz, NULL);
++ 
++ shortcut_errorw:
++ 		vim_free(p);
++ 		if (hr == S_OK)
++ 		    goto shortcut_end;
++ 	    }
++ 	}
++ 	/* Retry with non-wide function (for Windows 98). */
++     }
++ # endif
+      // create a link manager object and request its interface
+      hr = CoCreateInstance(
+  	    &CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER,
+  	    &IID_IShellLink, (void**)&psl);
+      if (hr != S_OK)
+! 	goto shortcut_end;
+  
+      // Get a pointer to the IPersistFile interface.
+      hr = psl->lpVtbl->QueryInterface(
+  	    psl, &IID_IPersistFile, (void**)&ppf);
+      if (hr != S_OK)
+! 	goto shortcut_end;
+  
+      // full path string must be in Unicode.
+      MultiByteToWideChar(CP_ACP, 0, fname, -1, wsz, MAX_PATH);
+***************
+*** 1794,1805 ****
+      // "load" the name and resolve the link
+      hr = ppf->lpVtbl->Load(ppf, wsz, STGM_READ);
+      if (hr != S_OK)
+! 	goto shortcut_error;
+! #if 0  // This makes Vim wait a long time if the target doesn't exist.
+      hr = psl->lpVtbl->Resolve(psl, NULL, SLR_NO_UI);
+      if (hr != S_OK)
+! 	goto shortcut_error;
+! #endif
+  
+      // Get the path to the link target.
+      ZeroMemory(buf, MAX_PATH);
+--- 1842,1853 ----
+      // "load" the name and resolve the link
+      hr = ppf->lpVtbl->Load(ppf, wsz, STGM_READ);
+      if (hr != S_OK)
+! 	goto shortcut_end;
+! # if 0  // This makes Vim wait a long time if the target doesn't exist.
+      hr = psl->lpVtbl->Resolve(psl, NULL, SLR_NO_UI);
+      if (hr != S_OK)
+! 	goto shortcut_end;
+! # endif
+  
+      // Get the path to the link target.
+      ZeroMemory(buf, MAX_PATH);
+***************
+*** 1807,1818 ****
+      if (hr == S_OK && buf[0] != NUL)
+  	rfname = vim_strsave(buf);
+  
+! shortcut_error:
+      // Release all interface pointers (both belong to the same object)
+      if (ppf != NULL)
+  	ppf->lpVtbl->Release(ppf);
+      if (psl != NULL)
+  	psl->lpVtbl->Release(psl);
+  
+      CoUninitialize();
+      return rfname;
+--- 1855,1870 ----
+      if (hr == S_OK && buf[0] != NUL)
+  	rfname = vim_strsave(buf);
+  
+! shortcut_end:
+      // Release all interface pointers (both belong to the same object)
+      if (ppf != NULL)
+  	ppf->lpVtbl->Release(ppf);
+      if (psl != NULL)
+  	psl->lpVtbl->Release(psl);
++ # ifdef FEAT_MBYTE
++     if (pslw != NULL)
++ 	pslw->lpVtbl->Release(pslw);
++ # endif
+  
+      CoUninitialize();
+      return rfname;
+*** ../vim-7.4.011/src/version.c	2013-08-30 16:35:41.000000000 +0200
+--- src/version.c	2013-08-30 16:39:40.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     12,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+142. You dream about creating the world's greatest web site.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.013 b/pkgs/applications/editors/vim/patches/7.4.013
new file mode 100644
index 000000000000..dcbe0fb3e43d
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.013
@@ -0,0 +1,99 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.013
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.013
+Problem:    File name buffer too small for utf-8.
+Solution:   Use character count instead of byte count. (Ken Takata)
+Files:	    src/os_mswin.c
+
+
+*** ../vim-7.4.012/src/os_mswin.c	2013-08-30 16:44:15.000000000 +0200
+--- src/os_mswin.c	2013-08-30 16:47:54.000000000 +0200
+***************
+*** 456,462 ****
+--- 456,469 ----
+      int
+  mch_isFullName(char_u *fname)
+  {
++ #ifdef FEAT_MBYTE
++     /* WinNT and later can use _MAX_PATH wide characters for a pathname, which
++      * means that the maximum pathname is _MAX_PATH * 3 bytes when 'enc' is
++      * UTF-8. */
++     char szName[_MAX_PATH * 3 + 1];
++ #else
+      char szName[_MAX_PATH + 1];
++ #endif
+  
+      /* A name like "d:/foo" and "//server/share" is absolute */
+      if ((fname[0] && fname[1] == ':' && (fname[2] == '/' || fname[2] == '\\'))
+***************
+*** 464,470 ****
+  	return TRUE;
+  
+      /* A name that can't be made absolute probably isn't absolute. */
+!     if (mch_FullName(fname, szName, _MAX_PATH, FALSE) == FAIL)
+  	return FALSE;
+  
+      return pathcmp(fname, szName, -1) == 0;
+--- 471,477 ----
+  	return TRUE;
+  
+      /* A name that can't be made absolute probably isn't absolute. */
+!     if (mch_FullName(fname, szName, sizeof(szName) - 1, FALSE) == FAIL)
+  	return FALSE;
+  
+      return pathcmp(fname, szName, -1) == 0;
+***************
+*** 498,507 ****
+      int
+  vim_stat(const char *name, struct stat *stp)
+  {
+      char	buf[_MAX_PATH + 1];
+      char	*p;
+  
+!     vim_strncpy((char_u *)buf, (char_u *)name, _MAX_PATH);
+      p = buf + strlen(buf);
+      if (p > buf)
+  	mb_ptr_back(buf, p);
+--- 505,521 ----
+      int
+  vim_stat(const char *name, struct stat *stp)
+  {
++ #ifdef FEAT_MBYTE
++     /* WinNT and later can use _MAX_PATH wide characters for a pathname, which
++      * means that the maximum pathname is _MAX_PATH * 3 bytes when 'enc' is
++      * UTF-8. */
++     char	buf[_MAX_PATH * 3 + 1];
++ #else
+      char	buf[_MAX_PATH + 1];
++ #endif
+      char	*p;
+  
+!     vim_strncpy((char_u *)buf, (char_u *)name, sizeof(buf) - 1);
+      p = buf + strlen(buf);
+      if (p > buf)
+  	mb_ptr_back(buf, p);
+*** ../vim-7.4.012/src/version.c	2013-08-30 16:44:15.000000000 +0200
+--- src/version.c	2013-08-30 16:47:36.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     13,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+143. You dream in pallettes of 216 websafe colors.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.014 b/pkgs/applications/editors/vim/patches/7.4.014
new file mode 100644
index 000000000000..f6554337f27f
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.014
@@ -0,0 +1,102 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.014
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.014
+Problem:    MS-Windows: check for writing to device does not work.
+Solution:   Fix #ifdefs. (Ken Takata)
+Files:	    src/fileio.c
+
+
+*** ../vim-7.4.013/src/fileio.c	2013-08-25 17:46:05.000000000 +0200
+--- src/fileio.c	2013-08-30 16:56:46.000000000 +0200
+***************
+*** 428,440 ****
+  	}
+      }
+  
+- #ifdef UNIX
+-     /*
+-      * On Unix it is possible to read a directory, so we have to
+-      * check for it before the mch_open().
+-      */
+      if (!read_stdin && !read_buffer)
+      {
+  	perm = mch_getperm(fname);
+  	if (perm >= 0 && !S_ISREG(perm)		    /* not a regular file ... */
+  # ifdef S_ISFIFO
+--- 428,440 ----
+  	}
+      }
+  
+      if (!read_stdin && !read_buffer)
+      {
++ #ifdef UNIX
++ 	/*
++ 	 * On Unix it is possible to read a directory, so we have to
++ 	 * check for it before the mch_open().
++ 	 */
+  	perm = mch_getperm(fname);
+  	if (perm >= 0 && !S_ISREG(perm)		    /* not a regular file ... */
+  # ifdef S_ISFIFO
+***************
+*** 457,464 ****
+  	    msg_scroll = msg_save;
+  	    return FAIL;
+  	}
+! 
+! # if defined(MSDOS) || defined(MSWIN) || defined(OS2)
+  	/*
+  	 * MS-Windows allows opening a device, but we will probably get stuck
+  	 * trying to read it.
+--- 457,464 ----
+  	    msg_scroll = msg_save;
+  	    return FAIL;
+  	}
+! #endif
+! #if defined(MSDOS) || defined(MSWIN) || defined(OS2)
+  	/*
+  	 * MS-Windows allows opening a device, but we will probably get stuck
+  	 * trying to read it.
+***************
+*** 470,478 ****
+  	    msg_scroll = msg_save;
+  	    return FAIL;
+  	}
+- # endif
+-     }
+  #endif
+  
+      /* Set default or forced 'fileformat' and 'binary'. */
+      set_file_options(set_options, eap);
+--- 470,477 ----
+  	    msg_scroll = msg_save;
+  	    return FAIL;
+  	}
+  #endif
++     }
+  
+      /* Set default or forced 'fileformat' and 'binary'. */
+      set_file_options(set_options, eap);
+*** ../vim-7.4.013/src/version.c	2013-08-30 16:51:15.000000000 +0200
+--- src/version.c	2013-08-30 16:54:33.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     14,
+  /**/
+
+-- 
+Drink wet cement and get really stoned.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.015 b/pkgs/applications/editors/vim/patches/7.4.015
new file mode 100644
index 000000000000..e8b284d12b37
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.015
@@ -0,0 +1,106 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.015
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.015
+Problem:    MS-Windows: Detecting node type does not work for multi-byte
+	    characters.
+Solution:   Use wide character function when needed. (Ken Takata)
+Files:	    src/os_win32.c
+
+
+*** ../vim-7.4.014/src/os_win32.c	2013-08-10 12:39:12.000000000 +0200
+--- src/os_win32.c	2013-08-30 17:09:47.000000000 +0200
+***************
+*** 3107,3112 ****
+--- 3107,3115 ----
+  {
+      HANDLE	hFile;
+      int		type;
++ #ifdef FEAT_MBYTE
++     WCHAR	*wn = NULL;
++ #endif
+  
+      /* We can't open a file with a name "\\.\con" or "\\.\prn" and trying to
+       * read from it later will cause Vim to hang.  Thus return NODE_WRITABLE
+***************
+*** 3114,3127 ****
+      if (STRNCMP(name, "\\\\.\\", 4) == 0)
+  	return NODE_WRITABLE;
+  
+!     hFile = CreateFile(name,		/* file name */
+! 		GENERIC_WRITE,		/* access mode */
+! 		0,			/* share mode */
+! 		NULL,			/* security descriptor */
+! 		OPEN_EXISTING,		/* creation disposition */
+! 		0,			/* file attributes */
+! 		NULL);			/* handle to template file */
+  
+      if (hFile == INVALID_HANDLE_VALUE)
+  	return NODE_NORMAL;
+  
+--- 3117,3157 ----
+      if (STRNCMP(name, "\\\\.\\", 4) == 0)
+  	return NODE_WRITABLE;
+  
+! #ifdef FEAT_MBYTE
+!     if (enc_codepage >= 0 && (int)GetACP() != enc_codepage)
+!     {
+! 	wn = enc_to_utf16(name, NULL);
+! 	if (wn != NULL)
+! 	{
+! 	    hFile = CreateFileW(wn,	/* file name */
+! 			GENERIC_WRITE,	/* access mode */
+! 			0,		/* share mode */
+! 			NULL,		/* security descriptor */
+! 			OPEN_EXISTING,	/* creation disposition */
+! 			0,		/* file attributes */
+! 			NULL);		/* handle to template file */
+! 	    if (hFile == INVALID_HANDLE_VALUE
+! 			      && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
+! 	    {
+! 		/* Retry with non-wide function (for Windows 98). */
+! 		vim_free(wn);
+! 		wn = NULL;
+! 	    }
+! 	}
+!     }
+!     if (wn == NULL)
+! #endif
+! 	hFile = CreateFile(name,	/* file name */
+! 		    GENERIC_WRITE,	/* access mode */
+! 		    0,			/* share mode */
+! 		    NULL,		/* security descriptor */
+! 		    OPEN_EXISTING,	/* creation disposition */
+! 		    0,			/* file attributes */
+! 		    NULL);		/* handle to template file */
+  
++ #ifdef FEAT_MBYTE
++     vim_free(wn);
++ #endif
+      if (hFile == INVALID_HANDLE_VALUE)
+  	return NODE_NORMAL;
+  
+*** ../vim-7.4.014/src/version.c	2013-08-30 17:06:56.000000000 +0200
+--- src/version.c	2013-08-30 17:09:35.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     15,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+144. You eagerly await the update of the "Cool Site of the Day."
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.016 b/pkgs/applications/editors/vim/patches/7.4.016
new file mode 100644
index 000000000000..c58c605f5c15
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.016
@@ -0,0 +1,221 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.016
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.016
+Problem:    MS-Windows: File name completion doesn't work properly with
+	    Chinese characters. (Yue Wu)
+Solution:   Add fname_casew(). (Ken Takata)
+Files:	    src/os_win32.c
+
+
+*** ../vim-7.4.015/src/os_win32.c	2013-08-30 17:11:29.000000000 +0200
+--- src/os_win32.c	2013-08-30 17:28:30.000000000 +0200
+***************
+*** 2500,2508 ****
+--- 2500,2624 ----
+  }
+  
+  
++ #ifdef FEAT_MBYTE
++ /*
++  * fname_casew(): Wide version of fname_case().  Set the case of the file name,
++  * if it already exists.  When "len" is > 0, also expand short to long
++  * filenames.
++  * Return FAIL if wide functions are not available, OK otherwise.
++  * NOTE: much of this is identical to fname_case(), keep in sync!
++  */
++     static int
++ fname_casew(
++     WCHAR	*name,
++     int		len)
++ {
++     WCHAR		szTrueName[_MAX_PATH + 2];
++     WCHAR		szTrueNameTemp[_MAX_PATH + 2];
++     WCHAR		*ptrue, *ptruePrev;
++     WCHAR		*porig, *porigPrev;
++     int			flen;
++     WIN32_FIND_DATAW	fb;
++     HANDLE		hFind;
++     int			c;
++     int			slen;
++ 
++     flen = (int)wcslen(name);
++     if (flen > _MAX_PATH)
++ 	return OK;
++ 
++     /* slash_adjust(name) not needed, already adjusted by fname_case(). */
++ 
++     /* Build the new name in szTrueName[] one component at a time. */
++     porig = name;
++     ptrue = szTrueName;
++ 
++     if (iswalpha(porig[0]) && porig[1] == L':')
++     {
++ 	/* copy leading drive letter */
++ 	*ptrue++ = *porig++;
++ 	*ptrue++ = *porig++;
++ 	*ptrue = NUL;	    /* in case nothing follows */
++     }
++ 
++     while (*porig != NUL)
++     {
++ 	/* copy \ characters */
++ 	while (*porig == psepc)
++ 	    *ptrue++ = *porig++;
++ 
++ 	ptruePrev = ptrue;
++ 	porigPrev = porig;
++ 	while (*porig != NUL && *porig != psepc)
++ 	{
++ 	    *ptrue++ = *porig++;
++ 	}
++ 	*ptrue = NUL;
++ 
++ 	/* To avoid a slow failure append "\*" when searching a directory,
++ 	 * server or network share. */
++ 	wcscpy(szTrueNameTemp, szTrueName);
++ 	slen = (int)wcslen(szTrueNameTemp);
++ 	if (*porig == psepc && slen + 2 < _MAX_PATH)
++ 	    wcscpy(szTrueNameTemp + slen, L"\\*");
++ 
++ 	/* Skip "", "." and "..". */
++ 	if (ptrue > ptruePrev
++ 		&& (ptruePrev[0] != L'.'
++ 		    || (ptruePrev[1] != NUL
++ 			&& (ptruePrev[1] != L'.' || ptruePrev[2] != NUL)))
++ 		&& (hFind = FindFirstFileW(szTrueNameTemp, &fb))
++ 						      != INVALID_HANDLE_VALUE)
++ 	{
++ 	    c = *porig;
++ 	    *porig = NUL;
++ 
++ 	    /* Only use the match when it's the same name (ignoring case) or
++ 	     * expansion is allowed and there is a match with the short name
++ 	     * and there is enough room. */
++ 	    if (_wcsicoll(porigPrev, fb.cFileName) == 0
++ 		    || (len > 0
++ 			&& (_wcsicoll(porigPrev, fb.cAlternateFileName) == 0
++ 			    && (int)(ptruePrev - szTrueName)
++ 					   + (int)wcslen(fb.cFileName) < len)))
++ 	    {
++ 		wcscpy(ptruePrev, fb.cFileName);
++ 
++ 		/* Look for exact match and prefer it if found.  Must be a
++ 		 * long name, otherwise there would be only one match. */
++ 		while (FindNextFileW(hFind, &fb))
++ 		{
++ 		    if (*fb.cAlternateFileName != NUL
++ 			    && (wcscoll(porigPrev, fb.cFileName) == 0
++ 				|| (len > 0
++ 				    && (_wcsicoll(porigPrev,
++ 						   fb.cAlternateFileName) == 0
++ 				    && (int)(ptruePrev - szTrueName)
++ 					 + (int)wcslen(fb.cFileName) < len))))
++ 		    {
++ 			wcscpy(ptruePrev, fb.cFileName);
++ 			break;
++ 		    }
++ 		}
++ 	    }
++ 	    FindClose(hFind);
++ 	    *porig = c;
++ 	    ptrue = ptruePrev + wcslen(ptruePrev);
++ 	}
++ 	else if (hFind == INVALID_HANDLE_VALUE
++ 		&& GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
++ 	    return FAIL;
++     }
++ 
++     wcscpy(name, szTrueName);
++     return OK;
++ }
++ #endif
++ 
+  /*
+   * fname_case(): Set the case of the file name, if it already exists.
+   * When "len" is > 0, also expand short to long filenames.
++  * NOTE: much of this is identical to fname_casew(), keep in sync!
+   */
+      void
+  fname_case(
+***************
+*** 2520,2530 ****
+      int			slen;
+  
+      flen = (int)STRLEN(name);
+!     if (flen == 0 || flen > _MAX_PATH)
+  	return;
+  
+      slash_adjust(name);
+  
+      /* Build the new name in szTrueName[] one component at a time. */
+      porig = name;
+      ptrue = szTrueName;
+--- 2636,2679 ----
+      int			slen;
+  
+      flen = (int)STRLEN(name);
+!     if (flen == 0)
+  	return;
+  
+      slash_adjust(name);
+  
++ #ifdef FEAT_MBYTE
++     if (enc_codepage >= 0 && (int)GetACP() != enc_codepage)
++     {
++ 	WCHAR	*p = enc_to_utf16(name, NULL);
++ 
++ 	if (p != NULL)
++ 	{
++ 	    char_u	*q;
++ 	    WCHAR	buf[_MAX_PATH + 2];
++ 
++ 	    wcscpy(buf, p);
++ 	    vim_free(p);
++ 
++ 	    if (fname_casew(buf, (len > 0) ? _MAX_PATH : 0) == OK)
++ 	    {
++ 		q = utf16_to_enc(buf, NULL);
++ 		if (q != NULL)
++ 		{
++ 		    vim_strncpy(name, q, (len > 0) ? len - 1 : flen);
++ 		    vim_free(q);
++ 		    return;
++ 		}
++ 	    }
++ 	}
++ 	/* Retry with non-wide function (for Windows 98). */
++     }
++ #endif
++ 
++     /* If 'enc' is utf-8, flen can be larger than _MAX_PATH.
++      * So we should check this after calling wide function. */
++     if (flen > _MAX_PATH)
++ 	return;
++ 
+      /* Build the new name in szTrueName[] one component at a time. */
+      porig = name;
+      ptrue = szTrueName;
+*** ../vim-7.4.015/src/version.c	2013-08-30 17:11:29.000000000 +0200
+--- src/version.c	2013-08-30 17:15:06.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     16,
+  /**/
+
+-- 
+Fingers not found - Pound head on keyboard to continue.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.017 b/pkgs/applications/editors/vim/patches/7.4.017
new file mode 100644
index 000000000000..7d7fad83fe79
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.017
@@ -0,0 +1,78 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.017
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.017
+Problem:    ":help !!" does not find the "!!" tag in the help file. (Ben
+	    Fritz)
+Solution:   When reading the start of the tags file do parse lines that are
+	    not header lines.
+Files:	    src/tag.c
+
+
+*** ../vim-7.4.016/src/tag.c	2013-06-15 22:26:26.000000000 +0200
+--- src/tag.c	2013-09-05 12:03:38.000000000 +0200
+***************
+*** 1797,1809 ****
+  	     */
+  	    if (state == TS_START)
+  	    {
+! 		/* The header ends when the line sorts below "!_TAG_".
+! 		 * There may be non-header items before the header though,
+! 		 * e.g. "!" itself. When case is folded lower case letters
+! 		 * sort before "_". */
+  		if (STRNCMP(lbuf, "!_TAG_", 6) <= 0
+  				|| (lbuf[0] == '!' && ASCII_ISLOWER(lbuf[1])))
+  		{
+  		    /*
+  		     * Read header line.
+  		     */
+--- 1797,1812 ----
+  	     */
+  	    if (state == TS_START)
+  	    {
+! 		/* The header ends when the line sorts below "!_TAG_".  When
+! 		 * case is folded lower case letters sort before "_". */
+  		if (STRNCMP(lbuf, "!_TAG_", 6) <= 0
+  				|| (lbuf[0] == '!' && ASCII_ISLOWER(lbuf[1])))
+  		{
++ 		    if (STRNCMP(lbuf, "!_TAG_", 6) != 0)
++ 			/* Non-header item before the header, e.g. "!" itself.
++ 			 */
++ 			goto parse_line;
++ 
+  		    /*
+  		     * Read header line.
+  		     */
+***************
+*** 1898,1903 ****
+--- 1901,1907 ----
+  #endif
+  	    }
+  
++ parse_line:
+  	    /*
+  	     * Figure out where the different strings are in this line.
+  	     * For "normal" tags: Do a quick check if the tag matches.
+*** ../vim-7.4.016/src/version.c	2013-08-30 17:29:10.000000000 +0200
+--- src/version.c	2013-09-05 12:02:01.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     17,
+  /**/
+
+-- 
+An error has occurred.  Hit any user to continue.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.018 b/pkgs/applications/editors/vim/patches/7.4.018
new file mode 100644
index 000000000000..2214c30b2b8a
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.018
@@ -0,0 +1,45 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.018
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.018
+Problem:    When completing item becomes unselected. (Shougo Matsu)
+Solution:   Revert patch 7.3.1269.
+Files:	    src/edit.c
+
+
+*** ../vim-7.4.017/src/edit.c	2013-07-04 20:22:25.000000000 +0200
+--- src/edit.c	2013-09-05 12:39:53.000000000 +0200
+***************
+*** 3467,3473 ****
+      }
+  
+      compl_enter_selects = !compl_used_match;
+-     compl_shown_match = compl_curr_match = compl_first_match;
+  
+      /* Show the popup menu with a different set of matches. */
+      ins_compl_show_pum();
+--- 3467,3472 ----
+*** ../vim-7.4.017/src/version.c	2013-09-05 12:06:26.000000000 +0200
+--- src/version.c	2013-09-05 12:40:34.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     18,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+169. You hire a housekeeper for your home page.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.019 b/pkgs/applications/editors/vim/patches/7.4.019
new file mode 100644
index 000000000000..b1532c19c81c
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.019
@@ -0,0 +1,61 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.019
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.019
+Problem:    MS-Windows: File name completion doesn't work properly with
+	    Chinese characters. (Yue Wu)
+Solution:   Take care of multi-byte characters when looking for the start of
+	    the file name. (Ken Takata)
+Files:	    src/edit.c
+
+
+*** ../vim-7.4.018/src/edit.c	2013-09-05 12:49:48.000000000 +0200
+--- src/edit.c	2013-09-05 13:45:27.000000000 +0200
+***************
+*** 5183,5190 ****
+  	}
+  	else if (ctrl_x_mode == CTRL_X_FILES)
+  	{
+! 	    while (--startcol >= 0 && vim_isfilec(line[startcol]))
+! 		;
+  	    compl_col += ++startcol;
+  	    compl_length = (int)curs_col - startcol;
+  	    compl_pattern = addstar(line + compl_col, compl_length,
+--- 5183,5196 ----
+  	}
+  	else if (ctrl_x_mode == CTRL_X_FILES)
+  	{
+! 	    char_u	*p = line + startcol;
+! 
+! 	    /* Go back to just before the first filename character. */
+! 	    mb_ptr_back(line, p);
+! 	    while (vim_isfilec(PTR2CHAR(p)) && p >= line)
+! 		mb_ptr_back(line, p);
+! 	    startcol = p - line;
+! 
+  	    compl_col += ++startcol;
+  	    compl_length = (int)curs_col - startcol;
+  	    compl_pattern = addstar(line + compl_col, compl_length,
+*** ../vim-7.4.018/src/version.c	2013-09-05 12:49:48.000000000 +0200
+--- src/version.c	2013-09-05 13:41:47.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     19,
+  /**/
+
+-- 
+        Very funny, Scotty.  Now beam down my clothes.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.020 b/pkgs/applications/editors/vim/patches/7.4.020
new file mode 100644
index 000000000000..942d82fe2554
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.020
@@ -0,0 +1,82 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.020
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.020
+Problem:    NFA engine matches too much with \@>. (John McGowan)
+Solution:   When a whole pattern match is found stop searching.
+Files:	    src/regexp_nfa.c, src/testdir/test64.in, src/testdir/test64.ok
+
+
+*** ../vim-7.4.019/src/regexp_nfa.c	2013-08-25 17:01:36.000000000 +0200
+--- src/regexp_nfa.c	2013-09-05 15:59:44.000000000 +0200
+***************
+*** 5322,5328 ****
+  		log_subsexpr(m);
+  #endif
+  		nfa_match = TRUE;
+! 		break;
+  
+  	    case NFA_START_INVISIBLE:
+  	    case NFA_START_INVISIBLE_FIRST:
+--- 5322,5331 ----
+  		log_subsexpr(m);
+  #endif
+  		nfa_match = TRUE;
+! 		/* See comment above at "goto nextchar". */
+! 		if (nextlist->n == 0)
+! 		    clen = 0;
+! 		goto nextchar;
+  
+  	    case NFA_START_INVISIBLE:
+  	    case NFA_START_INVISIBLE_FIRST:
+*** ../vim-7.4.019/src/testdir/test64.in	2013-08-14 13:31:03.000000000 +0200
+--- src/testdir/test64.in	2013-09-05 15:35:44.000000000 +0200
+***************
+*** 427,432 ****
+--- 427,433 ----
+  :""""" \@>
+  :call add(tl, [2, '\(a*\)\@>a', 'aaaa'])
+  :call add(tl, [2, '\(a*\)\@>b', 'aaab', 'aaab', 'aaa'])
++ :call add(tl, [2, '^\(.\{-}b\)\@>.', '  abcbd', '  abc', '  ab'])
+  :" TODO: BT engine does not restore submatch after failure
+  :call add(tl, [1, '\(a*\)\@>a\|a\+', 'aaaa', 'aaaa'])
+  :"
+*** ../vim-7.4.019/src/testdir/test64.ok	2013-08-14 13:31:03.000000000 +0200
+--- src/testdir/test64.ok	2013-09-05 16:03:34.000000000 +0200
+***************
+*** 983,988 ****
+--- 983,991 ----
+  OK 0 - \(a*\)\@>b
+  OK 1 - \(a*\)\@>b
+  OK 2 - \(a*\)\@>b
++ OK 0 - ^\(.\{-}b\)\@>.
++ OK 1 - ^\(.\{-}b\)\@>.
++ OK 2 - ^\(.\{-}b\)\@>.
+  OK 0 - \(a*\)\@>a\|a\+
+  OK 2 - \(a*\)\@>a\|a\+
+  OK 0 - \_[^8-9]\+
+*** ../vim-7.4.019/src/version.c	2013-09-05 13:50:49.000000000 +0200
+--- src/version.c	2013-09-05 16:04:32.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     20,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+173. You keep tracking down the email addresses of all your friends
+     (even childhood friends).
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.021 b/pkgs/applications/editors/vim/patches/7.4.021
new file mode 100644
index 000000000000..0936d9a194b6
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.021
@@ -0,0 +1,86 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.021
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.021
+Problem:    NFA regexp: Using \ze in one branch which doesn't match may cause
+	    end of another branch to be wrong. (William Fugh)
+Solution:   Set end position if it wasn't set yet.
+Files:	    src/regexp_nfa.c, src/testdir/test64.in, src/testdir/test64.ok
+
+
+*** ../vim-7.4.020/src/regexp_nfa.c	2013-09-05 16:05:32.000000000 +0200
+--- src/regexp_nfa.c	2013-09-05 20:56:25.000000000 +0200
+***************
+*** 4209,4218 ****
+  	    break;
+  
+  	case NFA_MCLOSE:
+! 	    if (nfa_has_zend)
+  	    {
+! 		/* Do not overwrite the position set by \ze. If no \ze
+! 		 * encountered end will be set in nfa_regtry(). */
+  		subs = addstate(l, state->out, subs, pim, off);
+  		break;
+  	    }
+--- 4209,4219 ----
+  	    break;
+  
+  	case NFA_MCLOSE:
+! 	    if (nfa_has_zend && (REG_MULTI
+! 			? subs->norm.list.multi[0].end.lnum >= 0
+! 			: subs->norm.list.line[0].end != NULL))
+  	    {
+! 		/* Do not overwrite the position set by \ze. */
+  		subs = addstate(l, state->out, subs, pim, off);
+  		break;
+  	    }
+*** ../vim-7.4.020/src/testdir/test64.in	2013-09-05 16:05:32.000000000 +0200
+--- src/testdir/test64.in	2013-09-05 20:55:18.000000000 +0200
+***************
+*** 328,333 ****
+--- 328,334 ----
+  :call add(tl, [2, 'abc \zsmatch\ze abc', 'abc abc abc match abc abc', 'match'])
+  :call add(tl, [2, '\v(a \zsif .*){2}', 'a if then a if last', 'if last', 'a if last'])
+  :call add(tl, [2, '\>\zs.', 'aword. ', '.'])
++ :call add(tl, [2, '\s\+\ze\[/\|\s\zs\s\+', 'is   [a t', '  '])
+  :"
+  :"""" Tests for \@= and \& features
+  :call add(tl, [2, 'abc\@=', 'abc', 'ab'])
+*** ../vim-7.4.020/src/testdir/test64.ok	2013-09-05 16:05:32.000000000 +0200
+--- src/testdir/test64.ok	2013-09-05 21:09:56.000000000 +0200
+***************
+*** 752,757 ****
+--- 752,760 ----
+  OK 0 - \>\zs.
+  OK 1 - \>\zs.
+  OK 2 - \>\zs.
++ OK 0 - \s\+\ze\[/\|\s\zs\s\+
++ OK 1 - \s\+\ze\[/\|\s\zs\s\+
++ OK 2 - \s\+\ze\[/\|\s\zs\s\+
+  OK 0 - abc\@=
+  OK 1 - abc\@=
+  OK 2 - abc\@=
+*** ../vim-7.4.020/src/version.c	2013-09-05 16:05:32.000000000 +0200
+--- src/version.c	2013-09-05 21:11:38.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     21,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+174. You know what a listserv is.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.022 b/pkgs/applications/editors/vim/patches/7.4.022
new file mode 100644
index 000000000000..81a0901f5b55
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.022
@@ -0,0 +1,148 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.022
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.022
+Problem:    Deadlock while exiting, because of allocating memory.
+Solution:   Do not use gettext() in deathtrap(). (James McCoy)
+Files:	    src/os_unix.c, src/misc1.c
+
+
+*** ../vim-7.4.021/src/os_unix.c	2013-07-03 16:32:32.000000000 +0200
+--- src/os_unix.c	2013-09-05 21:40:06.000000000 +0200
+***************
+*** 957,964 ****
+  
+  /*
+   * This function handles deadly signals.
+!  * It tries to preserve any swap file and exit properly.
+   * (partly from Elvis).
+   */
+      static RETSIGTYPE
+  deathtrap SIGDEFARG(sigarg)
+--- 957,966 ----
+  
+  /*
+   * This function handles deadly signals.
+!  * It tries to preserve any swap files and exit properly.
+   * (partly from Elvis).
++  * NOTE: Avoid unsafe functions, such as allocating memory, they can result in
++  * a deadlock.
+   */
+      static RETSIGTYPE
+  deathtrap SIGDEFARG(sigarg)
+***************
+*** 1090,1107 ****
+      }
+      if (entered == 2)
+      {
+! 	OUT_STR(_("Vim: Double signal, exiting\n"));
+  	out_flush();
+  	getout(1);
+      }
+  
+  #ifdef SIGHASARG
+!     sprintf((char *)IObuff, _("Vim: Caught deadly signal %s\n"),
+  							 signal_info[i].name);
+  #else
+!     sprintf((char *)IObuff, _("Vim: Caught deadly signal\n"));
+  #endif
+!     preserve_exit();		    /* preserve files and exit */
+  
+  #ifdef NBDEBUG
+      reset_signals();
+--- 1092,1114 ----
+      }
+      if (entered == 2)
+      {
+! 	/* No translation, it may call malloc(). */
+! 	OUT_STR("Vim: Double signal, exiting\n");
+  	out_flush();
+  	getout(1);
+      }
+  
++     /* No translation, it may call malloc(). */
+  #ifdef SIGHASARG
+!     sprintf((char *)IObuff, "Vim: Caught deadly signal %s\n",
+  							 signal_info[i].name);
+  #else
+!     sprintf((char *)IObuff, "Vim: Caught deadly signal\n");
+  #endif
+! 
+!     /* Preserve files and exit.  This sets the really_exiting flag to prevent
+!      * calling free(). */
+!     preserve_exit();
+  
+  #ifdef NBDEBUG
+      reset_signals();
+*** ../vim-7.4.021/src/misc1.c	2013-08-03 17:29:33.000000000 +0200
+--- src/misc1.c	2013-09-05 21:34:04.000000000 +0200
+***************
+*** 9174,9179 ****
+--- 9174,9181 ----
+  /*
+   * Preserve files and exit.
+   * When called IObuff must contain a message.
++  * NOTE: This may be called from deathtrap() in a signal handler, avoid unsafe
++  * functions, such as allocating memory.
+   */
+      void
+  preserve_exit()
+***************
+*** 9196,9202 ****
+      {
+  	if (buf->b_ml.ml_mfp != NULL && buf->b_ml.ml_mfp->mf_fname != NULL)
+  	{
+! 	    OUT_STR(_("Vim: preserving files...\n"));
+  	    screen_start();	    /* don't know where cursor is now */
+  	    out_flush();
+  	    ml_sync_all(FALSE, FALSE);	/* preserve all swap files */
+--- 9198,9204 ----
+      {
+  	if (buf->b_ml.ml_mfp != NULL && buf->b_ml.ml_mfp->mf_fname != NULL)
+  	{
+! 	    OUT_STR("Vim: preserving files...\n");
+  	    screen_start();	    /* don't know where cursor is now */
+  	    out_flush();
+  	    ml_sync_all(FALSE, FALSE);	/* preserve all swap files */
+***************
+*** 9206,9212 ****
+  
+      ml_close_all(FALSE);	    /* close all memfiles, without deleting */
+  
+!     OUT_STR(_("Vim: Finished.\n"));
+  
+      getout(1);
+  }
+--- 9208,9214 ----
+  
+      ml_close_all(FALSE);	    /* close all memfiles, without deleting */
+  
+!     OUT_STR("Vim: Finished.\n");
+  
+      getout(1);
+  }
+*** ../vim-7.4.021/src/version.c	2013-09-05 21:15:38.000000000 +0200
+--- src/version.c	2013-09-05 21:30:18.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     22,
+  /**/
+
+-- 
+hundred-and-one symptoms of being an internet addict:
+175. You send yourself e-mail before you go to bed to remind you
+     what to do when you wake up.
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/editors/vim/patches/7.4.023 b/pkgs/applications/editors/vim/patches/7.4.023
new file mode 100644
index 000000000000..03005213ea45
--- /dev/null
+++ b/pkgs/applications/editors/vim/patches/7.4.023
@@ -0,0 +1,53 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.4.023
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.4.023
+Problem:    Compiler warning on 64 bit windows.
+Solution:   Add type cast. (Mike Williams)
+Files:	    src/edit.c
+
+
+*** ../vim-7.4.022/src/edit.c	2013-09-05 13:50:49.000000000 +0200
+--- src/edit.c	2013-09-06 17:32:55.000000000 +0200
+***************
+*** 5189,5195 ****
+  	    mb_ptr_back(line, p);
+  	    while (vim_isfilec(PTR2CHAR(p)) && p >= line)
+  		mb_ptr_back(line, p);
+! 	    startcol = p - line;
+  
+  	    compl_col += ++startcol;
+  	    compl_length = (int)curs_col - startcol;
+--- 5189,5195 ----
+  	    mb_ptr_back(line, p);
+  	    while (vim_isfilec(PTR2CHAR(p)) && p >= line)
+  		mb_ptr_back(line, p);
+! 	    startcol = (int)(p - line);
+  
+  	    compl_col += ++startcol;
+  	    compl_length = (int)curs_col - startcol;
+*** ../vim-7.4.022/src/version.c	2013-09-05 21:41:35.000000000 +0200
+--- src/version.c	2013-09-06 17:33:41.000000000 +0200
+***************
+*** 740,741 ****
+--- 740,743 ----
+  {   /* Add new patch number below this line */
++ /**/
++     23,
+  /**/
+
+-- 
+Wizards had always known that the act of observation changed the thing that
+was observed, and sometimes forgot that it also changed the observer too.
+			Terry Pratchett  -  Interesting times
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///
diff --git a/pkgs/applications/graphics/ImageMagick/default.nix b/pkgs/applications/graphics/ImageMagick/default.nix
index b96d1bc84f74..c2a661c82fdf 100644
--- a/pkgs/applications/graphics/ImageMagick/default.nix
+++ b/pkgs/applications/graphics/ImageMagick/default.nix
@@ -2,7 +2,6 @@
 , fetchurl
 , bzip2
 , freetype
-, graphviz
 , ghostscript ? null
 , libjpeg
 , libpng
@@ -17,16 +16,23 @@
 }:
 
 let
-  version = "6.7.5-3";
+  version = "6.8.6-9";
 in
 stdenv.mkDerivation rec {
   name = "ImageMagick-${version}";
 
   src = fetchurl {
     url = "mirror://imagemagick/${name}.tar.xz";
-    sha256 = "0m0sa4jxsvm8pf9nfvkzlbzq13d1lj15lfz6jif12l6ywyh2c1cs";
+    sha256 = "1bpj8676mph5cvyjsdgf27i6yg2iw9iskk5c69mvpxkyawgjw1vg";
   };
 
+  enableParallelBuilding = true;
+
+  preConfigure = if tetex != null then
+    ''
+      export DVIDecodeDelegate=${tetex}/bin/dvips
+    '' else "";
+
   configureFlags = "" + stdenv.lib.optionalString (ghostscript != null && stdenv.system != "x86_64-darwin") ''
     --with-gs-font-dir=${ghostscript}/share/ghostscript/fonts
     --with-gslib
@@ -37,14 +43,12 @@ stdenv.mkDerivation rec {
 
   propagatedBuildInputs =
     [ bzip2 freetype libjpeg libpng libtiff libxml2 zlib librsvg
-    libtool jasper libX11 ] ++ stdenv.lib.optional (ghostscript != null && stdenv.system != "x86_64-darwin") ghostscript;
+      libtool jasper libX11
+    ] ++ stdenv.lib.optional (ghostscript != null && stdenv.system != "x86_64-darwin") ghostscript;
 
-  buildInputs = [ tetex graphviz ];
+  buildInputs = [ tetex ];
 
-  preConfigure = if tetex != null then
-    ''
-      export DVIDecodeDelegate=${tetex}/bin/dvips
-    '' else "";
+  postInstall = ''(cd "$out/include" && ln -s ImageMagick* ImageMagick)'';
 
   meta = {
     homepage = http://www.imagemagick.org/;
diff --git a/pkgs/applications/graphics/darktable/default.nix b/pkgs/applications/graphics/darktable/default.nix
index 315e101857eb..766696265812 100644
--- a/pkgs/applications/graphics/darktable/default.nix
+++ b/pkgs/applications/graphics/darktable/default.nix
@@ -1,19 +1,20 @@
-{ stdenv, fetchurl
+{ stdenv, fetchurl, libsoup, graphicsmagick, SDL, json_glib
 , GConf, atk, cairo, cmake, curl, dbus_glib, exiv2, glib
-, libgnome_keyring, gphoto2, gtk, ilmbase, intltool, lcms, lcms2
+, libgnome_keyring, gtk, ilmbase, intltool, lcms, lcms2
 , lensfun, libXau, libXdmcp, libexif, libglade, libgphoto2, libjpeg
 , libpng, libpthreadstubs, libraw1394, librsvg, libtiff, libxcb
-, openexr, pixman, pkgconfig, sqlite, bash, libxslt }:
+, openexr, pixman, pkgconfig, sqlite, bash, libxslt, openjpeg
+, mesa }:
 
 assert stdenv ? glibc;
 
 stdenv.mkDerivation rec {
-  version = "1.2.2";
+  version = "1.2.3";
   name = "darktable-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/darktable/darktable/1.2/darktable-${version}.tar.xz";
-    sha256 = "0nf85wjhlisbgwkfkc1wb8y7dpnx3v8zk9g3ghbd51gi7s62x40j";
+    sha256 = "05kkkz13a5rhb246rq1nxv7h91pcvm15filvik8n8gn143h64sv8";
   };
 
   buildInputs =
@@ -21,6 +22,7 @@ stdenv.mkDerivation rec {
       ilmbase intltool lcms lcms2 lensfun libXau libXdmcp libexif
       libglade libgphoto2 libjpeg libpng libpthreadstubs libraw1394
       librsvg libtiff libxcb openexr pixman pkgconfig sqlite libxslt
+      libsoup graphicsmagick SDL json_glib openjpeg mesa
     ];
 
   preConfigure = ''
@@ -30,16 +32,16 @@ stdenv.mkDerivation rec {
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${atk}/include/atk-1.0"
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${ilmbase}/include/OpenEXR"
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${openexr}/include/OpenEXR"
-
-    substituteInPlace tools/create_preferences.sh.in --replace '#!/usr/bin/env bash' '#!${bash}/bin/bash'
   '';
 
   cmakeFlags = [
     "-DPTHREAD_INCLUDE_DIR=${stdenv.glibc}/include"
     "-DPTHREAD_LIBRARY=${stdenv.glibc}/lib/libpthread.so"
     "-DCMAKE_BUILD_TYPE=Release"
+    "-DBINARY_PACKAGE_BUILD=1"
     "-DGTK2_GLIBCONFIG_INCLUDE_DIR=${glib}/lib/glib-2.0/include"
     "-DGTK2_GDKCONFIG_INCLUDE_DIR=${gtk}/lib/gtk-2.0/include"
+    "-DBUILD_USERMANUAL=False"
   ];
 
   meta = with stdenv.lib; {
@@ -47,6 +49,6 @@ stdenv.mkDerivation rec {
     homepage = http://darktable.sourceforge.net;
     license = licenses.gpl3Plus;
     platforms = platforms.linux;
-    maintainers = [ maintainers.goibhniu ];
+    maintainers = [ maintainers.goibhniu maintainers.rickynils ];
   };
 }
diff --git a/pkgs/applications/graphics/gpicview/default.nix b/pkgs/applications/graphics/gpicview/default.nix
new file mode 100644
index 000000000000..4d01bbd126b3
--- /dev/null
+++ b/pkgs/applications/graphics/gpicview/default.nix
@@ -0,0 +1,21 @@
+{ stdenv, fetchurl, intltool, pkgconfig, gtk2 }:
+
+stdenv.mkDerivation {
+  name = "gpicview-0.2.4";
+
+  src = fetchurl {
+    url    = "mirror://sourceforge/lxde/gpicview-0.2.4.tar.gz";
+    sha256 = "1svcy1c8bgk0pl12yhyv16h2fl52x5vzzcv57z6qdcv5czgvgglr";
+  };
+
+  meta = with stdenv.lib; {
+    description = "A simple and fast image viewer for X";
+    homepage    = http://lxde.sourceforge.net/gpicview/;
+    repositories.git = git://lxde.git.sourceforge.net/gitroot/lxde/gpicview;
+    license     = licenses.gpl2;
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.unix;
+  };
+
+  buildInputs = [ intltool pkgconfig gtk2 ];
+}
diff --git a/pkgs/applications/graphics/jbrout/default.nix b/pkgs/applications/graphics/jbrout/default.nix
index dc397a614d3d..2207e8884f0c 100644
--- a/pkgs/applications/graphics/jbrout/default.nix
+++ b/pkgs/applications/graphics/jbrout/default.nix
@@ -34,5 +34,6 @@ buildPythonPackage {
   meta = {
     homepage = "http://code.google.com/p/jbrout";
     description = "jBrout is a photo manager";
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/applications/graphics/openscad/default.nix b/pkgs/applications/graphics/openscad/default.nix
index cf4e7e635d09..d34eeba207ce 100644
--- a/pkgs/applications/graphics/openscad/default.nix
+++ b/pkgs/applications/graphics/openscad/default.nix
@@ -1,9 +1,8 @@
-{stdenv, fetchurl, qt4, bison, flex, eigen, boost, mesa, glew, opencsg, cgal
-  , mpfr, gmp
-  }:
+{ stdenv, fetchurl, qt4, bison, flex, eigen, boost, mesa, glew, opencsg, cgal
+, mpfr, gmp }:
 
 stdenv.mkDerivation rec {
-  version = "2013.01";
+  version = "2013.06";
   name = "openscad-${version}";
 
   src = fetchurl {
@@ -11,7 +10,7 @@ stdenv.mkDerivation rec {
     sha256 = "01r013l8zyfkgmqn05axh3rlfsjwd6j403w5ffl7nby4i2spiw1f";
   };
 
-  buildInputs = [qt4 bison flex eigen boost mesa glew opencsg cgal gmp mpfr];
+  buildInputs = [ qt4 bison flex eigen boost mesa glew opencsg cgal gmp mpfr ];
 
   configurePhase = ''
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I$(echo ${eigen}/include/eigen*) "
@@ -35,9 +34,8 @@ stdenv.mkDerivation rec {
     '';
     homepage = "http://openscad.org/";
     license = stdenv.lib.licenses.gpl2;
-    platforms = with stdenv.lib.platforms;
-      linux;
+    platforms = stdenv.lib.platforms.linux;
     maintainers = with stdenv.lib.maintainers; 
-      [raskin bjornfor];
+      [ bjornfor raskin the-kenny ];
   };
 }
diff --git a/pkgs/applications/graphics/paraview/default.nix b/pkgs/applications/graphics/paraview/default.nix
index b647c07368ef..cc42e1c40466 100644
--- a/pkgs/applications/graphics/paraview/default.nix
+++ b/pkgs/applications/graphics/paraview/default.nix
@@ -7,10 +7,10 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "paraview-3.98.1";
+  name = "paraview-4.0.1";
   src = fetchurl {
-    url = "http://paraview.org/files/v3.98/ParaView-3.98.1-source.tar.gz";
-    sha256 = "0i7q3jc4lc40l1zw3fdzv108rpxxfmg3dmmq855fpqyp2g2w9nxp";
+    url = "http://paraview.org/files/v4.0/ParaView-v4.0.1-source.tgz";
+    sha256 = "1qj8dq8gqpsw75sv4sdc7xm1xcpv0ilsddnrcfhha0zfhp0gq10y";
   };
 
   # [  5%] Generating vtkGLSLShaderLibrary.h
diff --git a/pkgs/applications/graphics/sane/backends.nix b/pkgs/applications/graphics/sane/backends.nix
index 0fcfca747410..a53466ae8188 100644
--- a/pkgs/applications/graphics/sane/backends.nix
+++ b/pkgs/applications/graphics/sane/backends.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
 
   udevSupport = hotplugSupport;
 
+  configureFlags = stdenv.lib.optional (libusb != null) "--enable-libusb_1_0";
+
   buildInputs = []
     ++ stdenv.lib.optional (libusb != null) libusb
     ++ stdenv.lib.optional (libv4l != null) libv4l
diff --git a/pkgs/applications/ike/default.nix b/pkgs/applications/ike/default.nix
new file mode 100644
index 000000000000..52330b57b8fa
--- /dev/null
+++ b/pkgs/applications/ike/default.nix
@@ -0,0 +1,39 @@
+{ stdenv, fetchurl, cmake, openssl, libedit, flex, bison, qt4, makeWrapper, gcc }:
+
+# NOTE: use $out/etc/iked.conf as sample configuration and also set: dhcp_file "/etc/iked.dhcp";
+# launch with "iked -f /etc/iked.conf"
+
+stdenv.mkDerivation rec {
+  name = "ike-2.2.1";
+
+  src = fetchurl {
+    url = "https://www.shrew.net/download/ike/${name}-release.tgz";
+    sha256 = "0fhyr2psd93b0zf7yfb72q3nqnh65mymgq5jpjcsj9jv5kfr6l8y";
+  };
+
+  buildInputs = [ cmake openssl libedit flex bison qt4 makeWrapper ];
+
+  configurePhase = ''
+    mkdir -p $out/{bin,sbin,lib}
+    cmake -DQTGUI=YES -DETCDIR=$out/etc -DLIBDIR=$out/lib -DSBINDIR=$out/sbin -DBINDIR=$out/bin -DMANDIR=$out/man -DNATT=YES -DCMAKE_INSTALL_PREFIX:BOOL=$out
+  '';
+
+  buildPhase = ''
+    make
+  '';
+
+  installPhase = ''
+    make install
+    for file in "$out"/bin/* "$out"/sbin/*; do
+        wrapProgram $file --prefix LD_LIBRARY_PATH ":" "$out/lib:${openssl}/lib:${gcc.gcc}/lib:${libedit}/lib:${qt4}/lib"
+    done
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://www.shrew.net/software;
+    description = "IPsec Client for FreeBSD, NetBSD and many Linux based operating systems";
+    platforms = platforms.unix;
+    maintainers = [ maintainers.iElectric ];
+    license = "sleepycat";
+  };
+}
diff --git a/pkgs/applications/misc/abook/default.nix b/pkgs/applications/misc/abook/default.nix
index 09345576487e..3d187d92f5c6 100644
--- a/pkgs/applications/misc/abook/default.nix
+++ b/pkgs/applications/misc/abook/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://abook.sourceforge.net/";
-    description = "Abook is a text-based addressbook program designed to use with mutt mail client.";
+    description = "Text-based addressbook program designed to use with mutt mail client";
     license = "GPLv2";
     maintainers = [ stdenv.lib.maintainers.edwtjo ];
     platforms = with stdenv.lib.platforms; linux;
diff --git a/pkgs/applications/misc/bitcoin/default.nix b/pkgs/applications/misc/bitcoin/default.nix
index a4048e6f40b2..a6a289168c4a 100644
--- a/pkgs/applications/misc/bitcoin/default.nix
+++ b/pkgs/applications/misc/bitcoin/default.nix
@@ -1,12 +1,12 @@
 { fetchurl, stdenv, openssl, db4, boost, zlib, miniupnpc, qt4 }:
 
 stdenv.mkDerivation rec {
-  version = "0.8.1";
+  version = "0.8.5";
   name = "bitcoin-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/bitcoin/${name}-linux.tar.gz";
-    sha256 = "161arfkzpya5anh6vh5i9ydvwqpia7bpqgz83p2kd97iklx04zvd";
+    sha256 = "0qqzwx1lihlrj7r08alsyznjfqvwncfm0nnxi1pcx0jyvq83ym44";
   };
 
   buildInputs = [ openssl db4 boost zlib miniupnpc qt4 ];
diff --git a/pkgs/applications/misc/calibre/default.nix b/pkgs/applications/misc/calibre/default.nix
index c2a48ffb6e10..10d92e4d517a 100644
--- a/pkgs/applications/misc/calibre/default.nix
+++ b/pkgs/applications/misc/calibre/default.nix
@@ -4,11 +4,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "calibre-1.2.0";
+  name = "calibre-1.8.0";
 
   src = fetchurl {
     url = "mirror://sourceforge/calibre/${name}.tar.xz";
-    sha256 = "0h6afn57pw3rb03ffbnss774gdx7ldirr43hbhzsc2k2h7lxnzyj";
+    sha256 = "0awh24n5bvypmiylngmz0w0126yz1jxlrjfy9b4w5aflg7vgr0qq";
   };
 
   inherit python;
diff --git a/pkgs/applications/misc/djvulibre/default.nix b/pkgs/applications/misc/djvulibre/default.nix
index 4a51ec2d1acd..59dfd2d891e7 100644
--- a/pkgs/applications/misc/djvulibre/default.nix
+++ b/pkgs/applications/misc/djvulibre/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, libjpeg, libtiff, librsvg }:
+{ stdenv, fetchurl, libjpeg, libtiff, librsvg, libintlOrEmpty }:
 
 stdenv.mkDerivation rec {
   name = "djvulibre-3.5.25.3";
@@ -8,7 +8,9 @@ stdenv.mkDerivation rec {
     sha256 = "1q5i5ha4zmj2ahjfhi8cv1rah80vm43m9ads46ji38rgvpb7x3c9";
   };
 
-  buildInputs = [ libjpeg libtiff librsvg ];
+  buildInputs = [ libjpeg libtiff librsvg ] ++ libintlOrEmpty;
+
+  NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
 
   meta = {
     description = "A library and viewer for the DJVU file format for scanned images";
diff --git a/pkgs/applications/misc/fbreader/default.nix b/pkgs/applications/misc/fbreader/default.nix
new file mode 100644
index 000000000000..fa361308ff1a
--- /dev/null
+++ b/pkgs/applications/misc/fbreader/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchurl, pkgconfig, bzip2, curl, expat, fribidi
+, libunibreak, qt4, sqlite, zlib }:
+
+stdenv.mkDerivation {
+  name = "fbreader-0.99.4";
+
+  src = fetchurl {
+    url = http://fbreader.org/files/desktop/fbreader-sources-0.99.4.tgz;
+    sha256 = "1sdq3vvwkq4bkyrvh0p884d66gaddz8hlab3m798ji9ixbak2z1x";
+  };
+
+  buildInputs = [
+    pkgconfig bzip2 curl expat fribidi libunibreak
+    qt4 sqlite zlib
+  ];
+
+  makeFlags = "INSTALLDIR=$(out)";
+
+  patchPhase = ''
+    # don't try to use ccache
+    substituteInPlace makefiles/arch/desktop.mk \
+      --replace "CCACHE = " "# CCACHE = "
+  
+    substituteInPlace fbreader/desktop/Makefile \
+      --replace "/usr/share" "$out/share"
+  '';
+
+  meta = {
+    description = "An e-book reader for Linux";
+    homepage = http://www.fbreader.org/;
+    license = "GPL";
+    maintainer = [ stdenv.lib.maintainers.coroa ];
+  }; 
+}
diff --git a/pkgs/applications/misc/freicoin/default.nix b/pkgs/applications/misc/freicoin/default.nix
index bce6d1f639cb..d5ed057f56b8 100644
--- a/pkgs/applications/misc/freicoin/default.nix
+++ b/pkgs/applications/misc/freicoin/default.nix
@@ -1,12 +1,12 @@
 { fetchurl, stdenv, db4, boost, gmp, mpfr, miniupnpc, qt4, unzip }:
 
 stdenv.mkDerivation rec {
-  version = "0.0.2";
+  version = "0.8.3-1";
   name = "freicoin-${version}";
 
   src = fetchurl {
     url = "https://github.com/freicoin/freicoin/archive/v${version}.zip";
-    sha256 = "09izmm85rb64d5hd0hz9hkfvv3qag55sb3mdyp8z4103icqwd6d7";
+    sha256 = "0v3mh8a96nnb86mkyaylyjj7qfdrl7i9gvybh7f8w2hrl9paszfh";
   };
 
   # I think that openssl and zlib are required, but come through other
diff --git a/pkgs/applications/misc/gkrellm/default.nix b/pkgs/applications/misc/gkrellm/default.nix
index f1c26b27262d..af10ca9800d0 100644
--- a/pkgs/applications/misc/gkrellm/default.nix
+++ b/pkgs/applications/misc/gkrellm/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
      make install PREFIX="$out" '';
 
   meta = {
-    description = "GKrellM, a themeable process stack of system monitors.";
+    description = "Themeable process stack of system monitors";
     longDescription =
       '' GKrellM is a single process stack of system monitors which supports
          applying themes to match its appearance to your window manager, Gtk,
diff --git a/pkgs/applications/misc/gmrun/default.nix b/pkgs/applications/misc/gmrun/default.nix
index 0b19eef3c8ca..dbff65d36518 100644
--- a/pkgs/applications/misc/gmrun/default.nix
+++ b/pkgs/applications/misc/gmrun/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
     ];
 
   meta = {
-    description = "Gnome Completion-Run Utility.";
+    description = "Gnome Completion-Run Utility";
     longDescription = ''
       A simple program which provides a "run program" window, featuring a bash-like TAB completion.
       It uses GTK+ interface.
diff --git a/pkgs/applications/misc/gnome_terminator/default.nix b/pkgs/applications/misc/gnome_terminator/default.nix
index cbd0819e2401..b394719611de 100644
--- a/pkgs/applications/misc/gnome_terminator/default.nix
+++ b/pkgs/applications/misc/gnome_terminator/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Gnome terminal emulator with support for tiling and tabs.";
+    description = "Gnome terminal emulator with support for tiling and tabs";
     homepage = http://www.tenshu.net/p/terminator.html;
     license = "GPLv2";
   };
diff --git a/pkgs/applications/misc/lyx/default.nix b/pkgs/applications/misc/lyx/default.nix
index 31c00626847b..fd2e7c3ac426 100644
--- a/pkgs/applications/misc/lyx/default.nix
+++ b/pkgs/applications/misc/lyx/default.nix
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
   doCheck = true;
 
   meta = {
-    description = "WYSIWYM frontend for LaTeX, DocBook, etc.";
+    description = "WYSIWYM frontend for LaTeX, DocBook";
     homepage = "http://www.lyx.org";
     license = "GPL2";
     maintainers = [ stdenv.lib.maintainers.vcunat ];
diff --git a/pkgs/applications/misc/mysql-workbench/default.nix b/pkgs/applications/misc/mysql-workbench/default.nix
index c2f80570673b..91fd1da10149 100644
--- a/pkgs/applications/misc/mysql-workbench/default.nix
+++ b/pkgs/applications/misc/mysql-workbench/default.nix
@@ -66,7 +66,7 @@ exec 19> $FIFOCTL
   '';
 
   meta = with stdenv.lib; {
-    description = "A MySQL visual database modeling, administration and querying tool.";
+    description = "Visual MySQL database modeling, administration and querying tool";
     longDescription = ''
       MySQL Workbench is a modeling tool that allows you to design
       and generate MySQL databases graphically. It also has administration
diff --git a/pkgs/applications/misc/navit/default.nix b/pkgs/applications/misc/navit/default.nix
index 576647555abe..ef1e777f55fd 100644
--- a/pkgs/applications/misc/navit/default.nix
+++ b/pkgs/applications/misc/navit/default.nix
@@ -1,24 +1,19 @@
 { stdenv, fetchsvn, pkgconfig, gtk, SDL, fontconfig, freetype, imlib2, SDL_image, mesa,
-libXmu, freeglut, python, gettext, quesoglc, gd, postgresql, autoconf, automake, libtool, cvs }:
+libXmu, freeglut, python, gettext, quesoglc, gd, postgresql, cmake, qt4, SDL_ttf, fribidi}:
 stdenv.mkDerivation rec {
   name = "navit-svn-3537";
 
   src = fetchsvn {
-    url = https://navit.svn.sourceforge.net/svnroot/navit/trunk/navit;
-    rev = 3537;
-    sha256 = "1ajd439i7z8xm16kqh20qalvafy9miyy4accc8j7w30c4qgc2bb7";
+    url = svn://svn.code.sf.net/p/navit/code/trunk/navit;
+    rev = 5576;
+    sha256 = "1xx62l5srfhh9cfi7n3pxj8hpcgr1rpa0hzfmbrqadzv09z36723";
   };
 
   # 'cvs' is only for the autogen
   buildInputs = [ pkgconfig gtk SDL fontconfig freetype imlib2 SDL_image mesa
-    libXmu freeglut python gettext quesoglc gd postgresql
-    autoconf automake libtool cvs ];
+    libXmu freeglut python gettext quesoglc gd postgresql cmake qt4 SDL_ttf fribidi ];
 
-  preConfigure = ''
-    sh ./autogen.sh
-  '';
-
-  configureFlags = [ "--disable-samplemap" ];
+  cmakeFlags = [ "-DSAMPLE_MAP=n" ];
 
   meta = {
     homepage = http://www.navit-project.org/;
diff --git a/pkgs/applications/misc/redshift/default.nix b/pkgs/applications/misc/redshift/default.nix
index e9fe255aea83..3bed6e1a2d76 100644
--- a/pkgs/applications/misc/redshift/default.nix
+++ b/pkgs/applications/misc/redshift/default.nix
@@ -1,18 +1,32 @@
-{ fetchurl, stdenv,
-  libX11, libXrandr, libXxf86vm, libxcb, pkgconfig, python,
-  randrproto, xcbutil, xf86vidmodeproto }:
+{ fetchurl, stdenv, libX11, libXrandr, libXxf86vm, libxcb, pkgconfig, python
+, randrproto, xcbutil, xf86vidmodeproto, autoconf, automake, gettext, glib
+, GConf, dbus, dbus_glib, makeWrapper, gtk, pygtk, pyxdg, geoclue }:
 
 stdenv.mkDerivation rec {
-  pname = "redshift";
-  version = "1.7";
-  name = "${pname}-${version}";
+  version = "1.8";
+  name = "redshift-${version}";
   src = fetchurl {
-    url = "http://launchpad.net/${pname}/trunk/${version}/+download/${pname}-${version}.tar.bz2";
-    sha256 = "1j0hs0vnlic90cf4bryn11n4ani1x2s5l8z6ll3fmrlw98ykrylv";
+    url = "https://github.com/jonls/redshift/archive/v${version}.tar.gz";
+    sha256 = "1srj2dwy32h71iqikb4ysv5ipclym80i9lys2ns8vjmclg7hj3vi";
   };
 
-  buildInputs = [ libX11 libXrandr libXxf86vm libxcb pkgconfig python
-                  randrproto xcbutil xf86vidmodeproto ];
+  buildInputs = [
+    libX11 libXrandr libXxf86vm libxcb pkgconfig python randrproto xcbutil
+    xf86vidmodeproto autoconf automake gettext glib GConf dbus dbus_glib
+    makeWrapper gtk pygtk pyxdg geoclue
+  ];
+
+  preConfigure = ''
+    ./bootstrap
+  '';
+
+  preInstall = ''
+    substituteInPlace src/redshift-gtk/redshift-gtk python --replace "/usr/bin/env python" "${python}/bin/${python.executable}"
+  '';
+
+  postInstall = ''
+    wrapProgram "$out/bin/redshift-gtk" --prefix PYTHONPATH : $PYTHONPATH:${pygtk}/lib/${python.libPrefix}/site-packages/gtk-2.0:${pyxdg}/lib/${python.libPrefix}/site-packages/pyxdg:$out/lib/${python.libPrefix}/site-packages
+  '';
 
   meta = {
     description = "changes the color temperature of your screen gradually";
diff --git a/pkgs/applications/misc/rxvt_unicode/default.nix b/pkgs/applications/misc/rxvt_unicode/default.nix
index 2afa6c086961..c05dd028eb34 100644
--- a/pkgs/applications/misc/rxvt_unicode/default.nix
+++ b/pkgs/applications/misc/rxvt_unicode/default.nix
@@ -1,7 +1,7 @@
 { stdenv, fetchurl, perlSupport, libX11, libXt, libXft, ncurses, perl,
   fontconfig, freetype, pkgconfig, libXrender, gdkPixbufSupport, gdk_pixbuf }:
 
-let 
+let
   name = "rxvt-unicode";
   version = "9.16";
   n = "${name}-${version}";
@@ -17,15 +17,18 @@ stdenv.mkDerivation (rec {
   };
 
   buildInputs =
-    [ libX11 libXt libXft ncurses /* required to build the terminfo file */ 
+    [ libX11 libXt libXft ncurses /* required to build the terminfo file */
       fontconfig freetype pkgconfig libXrender ]
     ++ stdenv.lib.optional perlSupport perl
     ++ stdenv.lib.optional gdkPixbufSupport gdk_pixbuf;
 
+  outputs = [ "out" "terminfo" ];
+
   preConfigure =
     ''
-      configureFlags="--with-terminfo=$out/share/terminfo ${if perlSupport then "--enable-perl" else "--disable-perl"}";
-      export TERMINFO=$out/share/terminfo # without this the terminfo won't be compiled by tic, see man tic
+      mkdir -p $terminfo/share/terminfo
+      configureFlags="--with-terminfo=$terminfo/share/terminfo --enable-256-color ${if perlSupport then "--enable-perl" else "--disable-perl"}";
+      export TERMINFO=$terminfo/share/terminfo # without this the terminfo won't be compiled by tic, see man tic
       NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${freetype}/include/freetype2"
       NIX_LDFLAGS="$NIX_LDFLAGS -lfontconfig -lXrender "
     ''
@@ -35,6 +38,13 @@ stdenv.mkDerivation (rec {
       ln -s $out/{lib/urxvt,lib/perl5/site_perl}
     '';
 
+  # we link the separate terminfo output to the main output
+  # as I don't think there's a usecase for wanting urxvt without its terminfo files
+  # and we don't want users to install them separately
+  postInstall = ''
+    ln -s $terminfo/share/terminfo $out/share
+  '';
+
   meta = {
     description = "A clone of the well-known terminal emulator rxvt";
     homepage = "http://software.schmorp.de/pkg/rxvt-unicode.html";
diff --git a/pkgs/applications/misc/surf/default.nix b/pkgs/applications/misc/surf/default.nix
index d6083da5ce40..42792ba8f91d 100644
--- a/pkgs/applications/misc/surf/default.nix
+++ b/pkgs/applications/misc/surf/default.nix
@@ -27,9 +27,15 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-      description = "surf is a simple web browser based on WebKit/GTK+. It is able to display websites and follow links. It supports the XEmbed protocol which makes it possible to embed it in another application. Furthermore, one can point surf to another URI by setting its XProperties.";
-      homepage = http://surf.suckless.org;
-      license = "MIT";
-      platforms = stdenv.lib.platforms.linux;
+    description = "Simple web browser";
+    longDescription = ''
+      Surf is a simple web browser based on WebKit/GTK+. It is able to display
+      websites and follow links. It supports the XEmbed protocol which makes it
+      possible to embed it in another application. Furthermore, one can point
+      surf to another URI by setting its XProperties.
+      '';
+    homepage = http://surf.suckless.org;
+    license = "MIT";
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/applications/misc/synergy/cryptopp.patch b/pkgs/applications/misc/synergy/cryptopp.patch
index f20ef9544a22..d0aebb872610 100644
--- a/pkgs/applications/misc/synergy/cryptopp.patch
+++ b/pkgs/applications/misc/synergy/cryptopp.patch
@@ -20,10 +20,10 @@ index 3b61fc0..2206646 100644
  
  if (WIN32)
  	# add /analyze in order to unconver potential bugs in the source code
-diff --git a/src/lib/synergy/CCryptoMode.h b/src/lib/synergy/CCryptoMode.h
+diff --git a/src/lib/io/CCryptoMode.h b/src/lib/io/CCryptoMode.h
 index 9b7e8ad..0d659ac 100644
---- a/src/lib/synergy/CCryptoMode.h
-+++ b/src/lib/synergy/CCryptoMode.h
+--- a/src/lib/io/CCryptoMode.h
++++ b/src/lib/io/CCryptoMode.h
 @@ -17,9 +17,9 @@
  
  #pragma once
@@ -37,10 +37,10 @@ index 9b7e8ad..0d659ac 100644
  #include "ECryptoMode.h"
  #include "CString.h"
  
-diff --git a/src/lib/synergy/CCryptoStream.h b/src/lib/synergy/CCryptoStream.h
+diff --git a/src/lib/io/CCryptoStream.h b/src/lib/io/CCryptoStream.h
 index 104b1f6..09c4dc4 100644
---- a/src/lib/synergy/CCryptoStream.h
-+++ b/src/lib/synergy/CCryptoStream.h
+--- a/src/lib/io/CCryptoStream.h
++++ b/src/lib/io/CCryptoStream.h
 @@ -20,8 +20,8 @@
  #include "BasicTypes.h"
  #include "CStreamFilter.h"
diff --git a/pkgs/applications/misc/synergy/default.nix b/pkgs/applications/misc/synergy/default.nix
index 0b3734ea147a..c01d67943e57 100644
--- a/pkgs/applications/misc/synergy/default.nix
+++ b/pkgs/applications/misc/synergy/default.nix
@@ -7,11 +7,11 @@ assert !stdenv.isLinux -> unzip != null;
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "synergy-1.4.12";
+  name = "synergy-1.4.15";
 
   src = fetchurl {
-  	url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz";
-  	sha256 = "0j884skwqy8r8ckj9a4rlwsbjwb1yrj9wqma1nwhr2inff6hrdim";
+    url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz";
+    sha256 = "0l1mxxky9hacyva0npzkgkwg4wkmihzq3abdrds0w5f6is44adv4";
   };
 
   patches = optional stdenv.isLinux ./cryptopp.patch;
diff --git a/pkgs/applications/misc/taskjuggler/default.nix b/pkgs/applications/misc/taskjuggler/default.nix
index b8edd93455dd..77acc511fe42 100644
--- a/pkgs/applications/misc/taskjuggler/default.nix
+++ b/pkgs/applications/misc/taskjuggler/default.nix
@@ -63,7 +63,7 @@ stdenv.mkDerivation rec {
   meta = {
     homepage = "http://www.taskjuggler.org";
     license = "GPLv2";
-    description = "Project management tool.";
+    description = "Project management tool";
     longDescription = ''
       TaskJuggler is a modern and powerful, Open Source project management
       tool. Its new approach to project planing and tracking is more
diff --git a/pkgs/applications/misc/urlview/default.nix b/pkgs/applications/misc/urlview/default.nix
new file mode 100644
index 000000000000..02d26f660019
--- /dev/null
+++ b/pkgs/applications/misc/urlview/default.nix
@@ -0,0 +1,39 @@
+{ stdenv, fetchurl, ncurses, automake111x, autoreconfHook }:
+
+stdenv.mkDerivation rec {
+  version    = "0.9";
+  patchLevel = "19";
+
+  name = "urlview-${version}-${patchLevel}";
+
+  urlBase = "mirror://debian/pool/main/u/urlview/";
+
+  src = fetchurl {
+    url = urlBase + "urlview_${version}.orig.tar.gz";
+    sha256 = "746ff540ccf601645f500ee7743f443caf987d6380e61e5249fc15f7a455ed42";
+  };
+
+  buildInputs = [ ncurses automake111x autoreconfHook ];
+
+  preAutoreconf = ''
+    touch NEWS
+  '';
+
+  preConfigure = ''
+    mkdir -p $out/share/man/man1
+  '';
+
+  debianPatches = fetchurl {
+    url = urlBase + "urlview_${version}-${patchLevel}.diff.gz";
+    sha256 = "056883c17756f849fb9235596d274fbc5bc0d944fcc072bdbb13d1e828301585";
+  };
+
+  patches = debianPatches;
+
+  meta = {
+    description = "Extract URLs from text";
+    homepage = http://packages.qa.debian.org/u/urlview.html;
+    licencse = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/applications/misc/xca/default.nix b/pkgs/applications/misc/xca/default.nix
new file mode 100644
index 000000000000..fb6b011f30a4
--- /dev/null
+++ b/pkgs/applications/misc/xca/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl, pkgconfig, which, openssl, qt4, libtool }:
+
+stdenv.mkDerivation rec {
+  name = "xca-${version}";
+  version = "0.9.3";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/xca/${name}.tar.gz";
+    sha256 = "1fn6kh8mdy65rrgjif7j9wn3mxg1mrrcnhzpi86hfy24ic6bahk8";
+  };
+
+  configurePhase = ''
+    export PATH=$PATH:${which}/bin
+    export QTDIR=${qt4}
+    prefix=$out ./configure ${openssl} ${libtool}
+  '';
+
+  buildInputs = [ openssl qt4 libtool ];
+  nativeBuildInputs = [ pkgconfig ];
+
+  meta = with stdenv.lib; {
+    description = "Interface for managing asymetric keys like RSA or DSA";
+    homepage = http://xca.sourceforge.net/;
+    platforms = platforms.all;
+    license = licenses.bsd3;
+  };
+}
diff --git a/pkgs/applications/misc/xfe/default.nix b/pkgs/applications/misc/xfe/default.nix
index bd00d91e23d3..9b1385d9d6ad 100644
--- a/pkgs/applications/misc/xfe/default.nix
+++ b/pkgs/applications/misc/xfe/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
   enableParallelBuilding = true;
 
   meta = {
-    description = "X File Explorer (Xfe) is an MS-Explorer like file manager for X.";
+    description = "X File Explorer (Xfe) is an MS-Explorer like file manager for X";
     longDescription = ''
       X File Explorer (Xfe) is an MS-Explorer like file manager for X.
       It is based on the popular, but discontinued, X Win Commander, which was developed by Maxim Baranov.
@@ -26,6 +26,6 @@ stdenv.mkDerivation rec {
     homepage = "http://sourceforge.net/projects/xfe/";
     license = "GPLv2";
     maintainers = [ stdenv.lib.maintainers.bbenoist ];
-    platforms = stdenv.lib.platforms.all;
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/applications/misc/xmobar/default.nix b/pkgs/applications/misc/xmobar/default.nix
index 42d11308267a..273998dde5d1 100644
--- a/pkgs/applications/misc/xmobar/default.nix
+++ b/pkgs/applications/misc/xmobar/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "xmobar";
-  version = "0.18";
-  sha256 = "08kk0yjx51vjrvvvd34hv8v80dsh8kjv150qf413ikaff0i28v7w";
+  version = "0.19";
+  sha256 = "1lwbww9vpqscip16lqiax2qvfyksxms5xx4n0s61mzw7v61hyxq2";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/applications/misc/xpdf/default.nix b/pkgs/applications/misc/xpdf/default.nix
index 5218df775955..fdcdd4770d0e 100644
--- a/pkgs/applications/misc/xpdf/default.nix
+++ b/pkgs/applications/misc/xpdf/default.nix
@@ -18,26 +18,20 @@ stdenv.mkDerivation {
   };
 
   buildInputs =
-    (if enableGUI then [x11 motif] else []) ++
-    (if useT1Lib then [t1lib] else []);
+    stdenv.lib.optionals enableGUI [x11 motif] ++
+    stdenv.lib.optional useT1Lib t1lib ++
+    stdenv.lib.optional enablePDFtoPPM freetype;
 
   # Debian uses '-fpermissive' to bypass some errors on char* constantness.
   CXXFLAGS = "-O2 -fpermissive";
 
-  configureFlags =
-    "--infodir=$out/share/info --mandir=$out/share/man --enable-a4-paper"
-    + (if enablePDFtoPPM then
-         " --with-freetype2-library=${freetype}/lib"
-         + " --with-freetype2-includes=${freetype}/include/freetype2"
-       else "");
-
-  postInstall = "
-    if test -n \"${base14Fonts}\"; then
-      substituteInPlace $out/etc/xpdfrc \\
-        --replace /usr/local/share/ghostscript/fonts ${base14Fonts} \\
-        --replace '#fontFile' fontFile
-    fi
-  ";
+  configureFlags = "--enable-a4-paper";
+
+  postInstall = stdenv.lib.optionalString (base14Fonts != null) ''
+    substituteInPlace $out/etc/xpdfrc \
+      --replace /usr/local/share/ghostscript/fonts ${base14Fonts} \
+      --replace '#fontFile' fontFile
+  '';
 
   meta = {
     homepage = "http://www.foolabs.com/xpdf/";
diff --git a/pkgs/applications/networking/bittorrentsync/default.nix b/pkgs/applications/networking/bittorrentsync/default.nix
index 25a23b019d84..c2d2f28751a7 100644
--- a/pkgs/applications/networking/bittorrentsync/default.nix
+++ b/pkgs/applications/networking/bittorrentsync/default.nix
@@ -40,7 +40,7 @@ in stdenv.mkDerivation {
 
   meta = {
     homepage = "http://labs.bittorrent.com/experiments/sync.html";
-    description = "Automatically sync files via secure, distributed technology.";
+    description = "Automatically sync files via secure, distributed technology";
     license = stdenv.lib.licenses.unfree;
     maintainers = [ stdenv.lib.maintainers.iElectric ];
   };
diff --git a/pkgs/applications/networking/browsers/chromium/default.nix b/pkgs/applications/networking/browsers/chromium/default.nix
index 087bde000eda..fa91a877fdc0 100644
--- a/pkgs/applications/networking/browsers/chromium/default.nix
+++ b/pkgs/applications/networking/browsers/chromium/default.nix
@@ -7,8 +7,8 @@
 , xdg_utils, yasm, zlib
 , libusb1, libexif, pciutils
 
-, python, perl, pkgconfig
-, nspr, udev, krb5
+, python, pythonPackages, perl, pkgconfig
+, nspr, udev, krb5, file
 , utillinux, alsaLib
 , gcc, bison, gperf
 , glib, gtk, dbus_glib
@@ -18,9 +18,6 @@
 # optional dependencies
 , libgcrypt ? null # gnomeSupport || cupsSupport
 
-# dependency for version 30
-, file
-
 # package customization
 , channel ? "stable"
 , enableSELinux ? false, libselinux ? null
@@ -36,7 +33,65 @@
 with stdenv.lib;
 
 let
-  sourceInfo = builtins.getAttr channel (import ./sources.nix);
+  src = with getAttr channel (import ./sources.nix); stdenv.mkDerivation {
+    name = "chromium-source-${version}";
+
+    src = fetchurl {
+      inherit url sha256;
+    };
+
+    phases = [ "unpackPhase" "patchPhase" "installPhase" ];
+
+    opensslPatches = optional useOpenSSL openssl.patches;
+
+    prePatch = "patchShebangs .";
+
+    patches = singleton (
+      if versionOlder version "31.0.0.0"
+      then ./sandbox_userns_30.patch
+      else ./sandbox_userns_31.patch
+    );
+
+    postPatch = ''
+      sed -i -r -e 's/-f(stack-protector)(-all)?/-fno-\1/' build/common.gypi
+      sed -i -e 's|/usr/bin/gcc|gcc|' third_party/WebKit/Source/core/core.gypi
+    '' + optionalString useOpenSSL ''
+      cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
+    '';
+
+    outputs = [ "out" "sandbox" "bundled" "main" ];
+    installPhase = ''
+      ensureDir "$out" "$sandbox" "$bundled" "$main"
+
+      header "copying browser main sources to $main"
+      find . -mindepth 1 -maxdepth 1 \
+        \! -path ./sandbox \
+        \! -path ./third_party \
+        \! -path ./build \
+        \! -path ./tools \
+        \! -name '.*' \
+        -print | xargs cp -rt "$main"
+      stopNest
+
+      header "copying sandbox components to $sandbox"
+      cp -rt "$sandbox" sandbox/*
+      stopNest
+
+      header "copying third party sources to $bundled"
+      cp -rt "$bundled" third_party/*
+      stopNest
+
+      header "copying build requisites to $out"
+      cp -rt "$out" build tools
+      stopNest
+
+      rm -rf "$out/tools/gyp" # XXX: Don't even copy it in the first place.
+    '';
+
+    passthru = {
+      inherit version;
+    };
+  };
 
   mkGypFlags =
     let
@@ -81,27 +136,22 @@ let
     libusb1 libexif
   ];
 
+  sandbox = import ./sandbox.nix {
+    inherit stdenv;
+    src = src.sandbox;
+    binary = "${packageName}_sandbox";
+  };
+
   # build paths and release info
   packageName = "chromium";
   buildType = "Release";
   buildPath = "out/${buildType}";
   libExecPath = "$out/libexec/${packageName}";
-
-  # user namespace sandbox patch
-  userns_patch = if versionOlder sourceInfo.version "30.0.0.0"
-                 then ./sandbox_userns_29.patch
-                 else ./sandbox_userns_30.patch;
+  sandboxPath = "${sandbox}/bin/${packageName}_sandbox";
 
 in stdenv.mkDerivation rec {
-  name = "${packageName}-${version}";
-  inherit packageName;
-
-  version = sourceInfo.version;
-
-  src = fetchurl {
-    url = sourceInfo.url;
-    sha256 = sourceInfo.sha256;
-  };
+  name = "${packageName}-${src.version}";
+  inherit packageName src;
 
   buildInputs = defaultDependencies ++ [
     which makeWrapper
@@ -110,32 +160,31 @@ in stdenv.mkDerivation rec {
     (if useOpenSSL then openssl else nss)
     utillinux alsaLib
     gcc bison gperf
-    krb5
+    krb5 file
     glib gtk dbus_glib
     libXScrnSaver libXcursor libXtst mesa
     pciutils protobuf speechd libXdamage
+    pythonPackages.gyp
   ] ++ optional gnomeKeyringSupport libgnome_keyring
     ++ optionals gnomeSupport [ gconf libgcrypt ]
     ++ optional enableSELinux libselinux
     ++ optional cupsSupport libgcrypt
-    ++ optional pulseSupport pulseaudio
-    ++ optional (!versionOlder sourceInfo.version "30.0.0.0") file;
-
-  opensslPatches = optional useOpenSSL openssl.patches;
-
-  prePatch = "patchShebangs .";
-
-  patches = [ userns_patch ];
+    ++ optional pulseSupport pulseaudio;
+
+  prePatch = ''
+    # XXX: Figure out a way how to split these properly.
+    #cpflags="-dsr --no-preserve=mode"
+    cpflags="-dr"
+    cp $cpflags "${src.main}"/* .
+    cp $cpflags "${src.bundled}" third_party
+    cp $cpflags "${src.sandbox}" sandbox
+    chmod -R u+w . # XXX!
+  '';
 
   postPatch = ''
-    sed -i -r -e 's/-f(stack-protector)(-all)?/-fno-\1/' build/common.gypi
-    sed -i -e 's|/usr/bin/gcc|gcc|' third_party/WebKit/Source/core/core.gypi
-  '' + optionalString useOpenSSL ''
-    cat $opensslPatches | patch -p1 -d third_party/openssl/openssl
-  '' + optionalString (!versionOlder sourceInfo.version "30.0.0.0") ''
     sed -i -e '/base::FilePath exe_dir/,/^ *} *$/c \
       sandbox_binary = \
-        base::FilePath("'"${libExecPath}/${packageName}_sandbox"'");
+        base::FilePath("'"${sandboxPath}"'");
     ' content/browser/browser_main_loop.cc
   '';
 
@@ -151,7 +200,7 @@ in stdenv.mkDerivation rec {
     use_openssl = useOpenSSL;
     selinux = enableSELinux;
     use_cups = cupsSupport;
-    linux_sandbox_path="${libExecPath}/${packageName}_sandbox";
+    linux_sandbox_path="${sandboxPath}";
     linux_sandbox_chrome_path="${libExecPath}/${packageName}";
     werror = "";
 
@@ -173,7 +222,7 @@ in stdenv.mkDerivation rec {
   });
 
   configurePhase = ''
-    GYP_GENERATORS=ninja python build/gyp_chromium --depth "$(pwd)" ${gypFlags}
+    python build/gyp_chromium -f ninja --depth "$(pwd)" ${gypFlags}
   '';
 
   buildPhase = let
@@ -183,13 +232,13 @@ in stdenv.mkDerivation rec {
     CC="${CC}" CC_host="${CC}"     \
     CXX="${CXX}" CXX_host="${CXX}" \
     LINK_host="${CXX}"             \
-      "${ninja}/bin/ninja" -C "out/${buildType}" \
-        -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES    \
+      "${ninja}/bin/ninja" -C "${buildPath}"  \
+        -j$NIX_BUILD_CORES -l$NIX_BUILD_CORES \
         chrome ${optionalString (!enableSELinux) "chrome_sandbox"}
   '';
 
   installPhase = ''
-    mkdir -vp "${libExecPath}"
+    ensureDir "${libExecPath}"
     cp -v "${buildPath}/"*.pak "${libExecPath}/"
     cp -vR "${buildPath}/locales" "${buildPath}/resources" "${libExecPath}/"
     cp -v ${buildPath}/libffmpegsumo.so "${libExecPath}/"
@@ -198,7 +247,6 @@ in stdenv.mkDerivation rec {
 
     mkdir -vp "$out/bin"
     makeWrapper "${libExecPath}/${packageName}" "$out/bin/${packageName}"
-    cp -v "${buildPath}/chrome_sandbox" "${libExecPath}/${packageName}_sandbox"
 
     mkdir -vp "$out/share/man/man1"
     cp -v "${buildPath}/chrome.1" "$out/share/man/man1/${packageName}.1"
@@ -214,6 +262,10 @@ in stdenv.mkDerivation rec {
     done
   '';
 
+  passthru = {
+    inherit sandbox;
+  };
+
   meta = {
     description = "An open source web browser from Google";
     homepage = http://www.chromium.org/;
diff --git a/pkgs/applications/networking/browsers/chromium/sandbox.nix b/pkgs/applications/networking/browsers/chromium/sandbox.nix
new file mode 100644
index 000000000000..b43385e86338
--- /dev/null
+++ b/pkgs/applications/networking/browsers/chromium/sandbox.nix
@@ -0,0 +1,20 @@
+{ stdenv, src, binary }:
+
+stdenv.mkDerivation {
+  name = "chromium-sandbox-${src.version}";
+  inherit src;
+
+  patchPhase = ''
+    sed -i -e '/#include.*base_export/c \
+      #define BASE_EXPORT __attribute__((visibility("default")))
+    ' linux/suid/*.[hc]
+  '';
+
+  buildPhase = ''
+    gcc -Wall -std=gnu99 -o sandbox linux/suid/*.c
+  '';
+
+  installPhase = ''
+    install -svD sandbox "$out/bin/${binary}"
+  '';
+}
diff --git a/pkgs/applications/networking/browsers/chromium/sandbox_userns_29.patch b/pkgs/applications/networking/browsers/chromium/sandbox_userns_31.patch
index c1987c43e150..490c1a9cebe9 100644
--- a/pkgs/applications/networking/browsers/chromium/sandbox_userns_29.patch
+++ b/pkgs/applications/networking/browsers/chromium/sandbox_userns_31.patch
@@ -1,4 +1,4 @@
-commit 557daf9cc9c02b8f17e6ee84f9b1ae6e6132d478
+commit ff4e8b4af04c58fc4c58ee7ed108aefcdc26a960
 Author: aszlig <aszlig@redmoonstudios.org>
 Date:   Thu May 16 14:17:56 2013 +0200
 
@@ -20,19 +20,23 @@ Date:   Thu May 16 14:17:56 2013 +0200
     
     Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 
-diff --git a/base/process_util.h b/base/process_util.h
-index 0bec8e0..6b6f566 100644
---- a/base/process_util.h
-+++ b/base/process_util.h
-@@ -175,6 +175,7 @@ struct LaunchOptions {
-         new_process_group(false)
+diff --git a/base/process/launch.cc b/base/process/launch.cc
+index 1329a5a..ec28fdf 100644
+--- a/base/process/launch.cc
++++ b/base/process/launch.cc
+@@ -24,6 +24,7 @@ LaunchOptions::LaunchOptions()
+       new_process_group(false)
  #if defined(OS_LINUX)
-         , clone_flags(0)
-+        , new_user_namespace(false)
+       , clone_flags(0)
++      , new_user_namespace(false)
  #endif  // OS_LINUX
  #if defined(OS_CHROMEOS)
-         , ctrl_terminal_fd(-1)
-@@ -249,6 +250,9 @@ struct LaunchOptions {
+       , ctrl_terminal_fd(-1)
+diff --git a/base/process/launch.h b/base/process/launch.h
+index ac2df5e..34a3851 100644
+--- a/base/process/launch.h
++++ b/base/process/launch.h
+@@ -100,6 +100,9 @@ struct BASE_EXPORT LaunchOptions {
  #if defined(OS_LINUX)
    // If non-zero, start the process using clone(), using flags as provided.
    int clone_flags;
@@ -42,11 +46,11 @@ index 0bec8e0..6b6f566 100644
  #endif  // defined(OS_LINUX)
  
  #if defined(OS_CHROMEOS)
-diff --git a/base/process_util_posix.cc b/base/process_util_posix.cc
-index 83afe44..e529b2b 100644
---- a/base/process_util_posix.cc
-+++ b/base/process_util_posix.cc
-@@ -34,6 +34,13 @@
+diff --git a/base/process/launch_posix.cc b/base/process/launch_posix.cc
+index de6286d..9333494 100644
+--- a/base/process/launch_posix.cc
++++ b/base/process/launch_posix.cc
+@@ -37,6 +37,13 @@
  #include "base/threading/platform_thread.h"
  #include "base/threading/thread_restrictions.h"
  
@@ -60,12 +64,11 @@ index 83afe44..e529b2b 100644
  #if defined(OS_CHROMEOS)
  #include <sys/ioctl.h>
  #endif
-@@ -621,8 +628,19 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -294,13 +301,23 @@ bool LaunchProcess(const std::vector<std::string>& argv,
  
    pid_t pid;
  #if defined(OS_LINUX)
 -  if (options.clone_flags) {
--    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
 +  int map_pipe_fd[2];
 +  int flags = options.clone_flags;
 +
@@ -78,11 +81,18 @@ index 83afe44..e529b2b 100644
 +  }
 +
 +  if (options.clone_flags || options.new_user_namespace) {
+     // Signal handling in this function assumes the creation of a new
+     // process, so we check that a thread is not being created by mistake
+     // and that signal handling follows the process-creation rules.
+-    RAW_CHECK(
+-        !(options.clone_flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
+-    pid = syscall(__NR_clone, options.clone_flags, 0, 0, 0);
++    RAW_CHECK(!(flags & (CLONE_SIGHAND | CLONE_THREAD | CLONE_VM)));
 +    pid = syscall(__NR_clone, flags, 0, 0, 0);
    } else
  #endif
    {
-@@ -635,6 +653,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -318,6 +335,21 @@ bool LaunchProcess(const std::vector<std::string>& argv,
    } else if (pid == 0) {
      // Child process
  
@@ -104,7 +114,7 @@ index 83afe44..e529b2b 100644
      // DANGER: fork() rule: in the child, if you don't end up doing exec*(),
      // you call _exit() instead of exit(). This is because _exit() does not
      // call any previously-registered (in the parent) exit handlers, which
-@@ -749,6 +782,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
+@@ -433,6 +465,40 @@ bool LaunchProcess(const std::vector<std::string>& argv,
      _exit(127);
    } else {
      // Parent process
@@ -146,10 +156,10 @@ index 83afe44..e529b2b 100644
        // While this isn't strictly disk IO, waiting for another process to
        // finish is the sort of thing ThreadRestrictions is trying to prevent.
 diff --git a/content/browser/zygote_host/zygote_host_impl_linux.cc b/content/browser/zygote_host/zygote_host_impl_linux.cc
-index 130f44a..c1232d4 100644
+index fea43b5..95cbe07 100644
 --- a/content/browser/zygote_host/zygote_host_impl_linux.cc
 +++ b/content/browser/zygote_host/zygote_host_impl_linux.cc
-@@ -118,25 +118,31 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
+@@ -121,25 +121,31 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
  
    sandbox_binary_ = sandbox_cmd.c_str();
  
@@ -188,7 +198,7 @@ index 130f44a..c1232d4 100644
      } else {
        LOG(FATAL) << "The SUID sandbox helper binary was found, but is not "
                      "configured correctly. Rather than run without sandboxing "
-@@ -160,7 +166,19 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
+@@ -163,7 +169,19 @@ void ZygoteHostImpl::Init(const std::string& sandbox_cmd) {
    base::ProcessHandle process = -1;
    base::LaunchOptions options;
    options.fds_to_remap = &fds_to_map;
@@ -209,10 +219,10 @@ index 130f44a..c1232d4 100644
  
    if (using_suid_sandbox_) {
 diff --git a/content/zygote/zygote_main_linux.cc b/content/zygote/zygote_main_linux.cc
-index 7d01722..2f445ef 100644
+index 567b305..1089233 100644
 --- a/content/zygote/zygote_main_linux.cc
 +++ b/content/zygote/zygote_main_linux.cc
-@@ -395,6 +395,13 @@ static bool EnterSandbox(sandbox::SetuidSandboxClient* setuid_sandbox,
+@@ -426,6 +426,13 @@ static bool EnterSuidSandbox(LinuxSandbox* linux_sandbox,
        *has_started_new_init = true;
      }
  
diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix
index e83f99485358..aae71e8dfb60 100644
--- a/pkgs/applications/networking/browsers/chromium/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/sources.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "31.0.1612.0";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1612.0.tar.xz";
-    sha256 = "19h6i8jdnpzbvyq8pk9jq89lghnydpij9yj8xfs7qdgqgyxxcl5w";
+    version = "32.0.1671.3";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-32.0.1671.3.tar.xz";
+    sha256 = "0bv86ig3mrd95zh78880bcyh9b8w46s7slxq3mwwmrmqp0s8qaq0";
   };
   beta = {
-    version = "30.0.1599.22";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.22.tar.xz";
-    sha256 = "0955q7fz6nfr7nbxa8hp9q7mgljlan42rjg8ql5x2vn6c80sjji8";
+    version = "31.0.1650.34";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1650.34.tar.xz";
+    sha256 = "0c73kvp09cmq4x42rcf45v0mnbyb8rcyi5i4pj0pvfn451vbngdq";
   };
   stable = {
-    version = "29.0.1547.65";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-29.0.1547.65.tar.xz";
-    sha256 = "0vmb5dsh61jyr68838pnczlc2mhvvil4hjkrmwklzlfz30c8s2w6";
+    version = "30.0.1599.114";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.114.tar.xz";
+    sha256 = "0q5pq8bj4y0c7hd121db1fa9g3apkpkhb6cf14ag7abgrda2pzw2";
   };
 }
diff --git a/pkgs/applications/networking/browsers/dwb/default.nix b/pkgs/applications/networking/browsers/dwb/default.nix
new file mode 100644
index 000000000000..0421a8a6c6a8
--- /dev/null
+++ b/pkgs/applications/networking/browsers/dwb/default.nix
@@ -0,0 +1,35 @@
+{ stdenv, fetchgit, pkgconfig, makeWrapper, libsoup, webkit, gtk3, gnutls, json_c,
+  m4, glib_networking, gsettings_desktop_schemas }:
+
+stdenv.mkDerivation {
+  name = "dwb-0.1";
+
+  src = fetchgit {
+    url = "https://bitbucket.org/portix/dwb.git";
+    rev = "84a8621787baded72e84afdd5cdda278cb81e007";
+    sha256 = "5a32f3c21ad59b43935a16108244f84d260fafaea9b93d41e8de9ba9089ee7b0";
+  };
+
+  buildInputs = [ pkgconfig makeWrapper libsoup webkit gtk3 gnutls json_c m4  ];
+
+  # There are Xlib and gtk warnings therefore I have set Wno-error
+  preBuild=''
+    makeFlagsArray=(CPPFLAGS="-Wno-error" GTK=3 PREFIX=$out);
+  '';
+
+  postInstall=''
+    wrapProgram "$out/bin/dwb" \
+     --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
+     --prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share:$out/share"
+    wrapProgram "$out/bin/dwbem" \
+     --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules"
+  '';
+
+  meta = {
+    homepage = http://portix.bitbucket.org/dwb/;
+    description = "A lightweight web browser based on the webkit web browser engine and the gtk toolkit";
+    platforms = stdenv.lib.platforms.mesaPlatforms;
+    maintainers = [ stdenv.lib.maintainers.pSub ];
+    license = "GPL";
+  };
+}
diff --git a/pkgs/applications/networking/browsers/firefox/default.nix b/pkgs/applications/networking/browsers/firefox/default.nix
index fe4360463398..45606c9af825 100644
--- a/pkgs/applications/networking/browsers/firefox/default.nix
+++ b/pkgs/applications/networking/browsers/firefox/default.nix
@@ -3,8 +3,8 @@
 , freetype, fontconfig, file, alsaLib, nspr, nss, libnotify
 , yasm, mesa, sqlite, unzip, makeWrapper, pysqlite
 , hunspell, libevent, libstartup_notification, libvpx
-, cairo ? null
-, useSystemCairo ? false
+, cairo, gstreamer, gst_plugins_base
+, debugBuild ? false
 , # If you want the resulting program to call itself "Firefox" instead
   # of "Shiretoko" or whatever, enable this option.  However, those
   # binaries may not be distributed without permission from the
@@ -14,14 +14,13 @@
 }:
 
 assert stdenv.gcc ? libc && stdenv.gcc.libc != null;
-assert useSystemCairo -> cairo != null;
 
 let optional = stdenv.lib.optional;
 in rec {
 
-  firefoxVersion = "23.0.1";
+  firefoxVersion = "25.0";
 
-  xulVersion = "23.0.1"; # this attribute is used by other packages
+  xulVersion = "25.0"; # this attribute is used by other packages
 
 
   src = fetchurl {
@@ -29,15 +28,15 @@ in rec {
         # It is better to use this url for official releases, to take load off Mozilla's ftp server.
         "http://releases.mozilla.org/pub/mozilla.org/firefox/releases/${firefoxVersion}/source/firefox-${firefoxVersion}.source.tar.bz2"
         # Fall back to this url for versions not available at releases.mozilla.org.
-        "ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${firefoxVersion}/source/firefox-${firefoxVersion}.source.tar.bz2"
+        "http://ftp.mozilla.org/pub/mozilla.org/firefox/releases/${firefoxVersion}/source/firefox-${firefoxVersion}.source.tar.bz2"
     ];
-    sha1 = "66361fcvyl9liyh41gvgysiim90wsywk";
+    sha1 = "854722e283659d2b6b2eacd38f757b3c5b63a448";
   };
 
   commonConfigureFlags =
     [ "--enable-optimize"
       #"--enable-profiling"
-      "--disable-debug"
+      (if debugBuild then "--enable-debug" else "--disable-debug")
       "--enable-strip"
       "--with-system-jpeg"
       "--with-system-zlib"
@@ -52,12 +51,13 @@ in rec {
       "--enable-system-hunspell"
       "--enable-system-pixman"
       "--enable-system-sqlite"
+      "--enable-system-cairo"
       "--disable-crashreporter"
       "--disable-tests"
       "--disable-necko-wifi" # maybe we want to enable this at some point
       "--disable-installer"
       "--disable-updater"
-    ] ++ optional useSystemCairo "--enable-system-cairo";
+    ];
 
 
   xulrunner = stdenv.mkDerivation rec {
@@ -72,8 +72,9 @@ in rec {
         alsaLib nspr nss libnotify xlibs.pixman yasm mesa
         xlibs.libXScrnSaver xlibs.scrnsaverproto pysqlite
         xlibs.libXext xlibs.xextproto sqlite unzip makeWrapper
-        hunspell libevent libstartup_notification libvpx
-      ] ++ optional useSystemCairo cairo;
+        hunspell libevent libstartup_notification libvpx cairo
+        gstreamer gst_plugins_base
+      ];
 
     configureFlags =
       [ "--enable-application=xulrunner"
@@ -82,8 +83,6 @@ in rec {
 
     enableParallelBuilding = true;
 
-    patches = optional useSystemCairo ./system-cairo.patch;
-
     preConfigure =
       ''
         export NIX_LDFLAGS="$NIX_LDFLAGS -L$out/lib/xulrunner-${xulVersion}"
@@ -139,8 +138,9 @@ in rec {
       [ pkgconfig libpng gtk perl zip libIDL libjpeg zlib bzip2 python
         dbus dbus_glib pango freetype fontconfig alsaLib nspr nss libnotify
         xlibs.pixman yasm mesa sqlite file unzip pysqlite
-        hunspell libevent libstartup_notification libvpx
-      ] ++ optional useSystemCairo cairo;
+        hunspell libevent libstartup_notification libvpx cairo
+        gstreamer gst_plugins_base
+      ];
 
     patches = [
       ./disable-reporter.patch # fixes "search box not working when built on xulrunner"
diff --git a/pkgs/applications/networking/browsers/firefox/system-cairo.patch b/pkgs/applications/networking/browsers/firefox/system-cairo.patch
deleted file mode 100644
index 76cf4d51c9cb..000000000000
--- a/pkgs/applications/networking/browsers/firefox/system-cairo.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-# HG changeset patch
-# From: https://hg.mozilla.org/mozilla-central/rev/52b02042b27f
-# User Connor Behan <connor.behan@gmail.com>
-# Date 1370038985 -7200
-# Node ID 52b02042b27f75acbcb2bd4822bedb00ab680e67
-# Parent  08ed531fed70978385cf9253bbc8389b0abe76ca
-Bug 722975: Unbreak builds using --with-system-cairo. r=bas
-
-diff --git a/gfx/thebes/gfxPlatform.cpp b/gfx/thebes/gfxPlatform.cpp
---- a/gfx/thebes/gfxPlatform.cpp
-+++ b/gfx/thebes/gfxPlatform.cpp
-@@ -548,23 +548,31 @@ struct SourceSurfaceUserData
-   BackendType mBackendType;
- };
- 
- void SourceBufferDestroy(void *srcSurfUD)
- {
-   delete static_cast<SourceSurfaceUserData*>(srcSurfUD);
- }
- 
-+#if MOZ_TREE_CAIRO
- void SourceSnapshotDetached(cairo_surface_t *nullSurf)
- {
-   gfxImageSurface* origSurf =
-     static_cast<gfxImageSurface*>(cairo_surface_get_user_data(nullSurf, &kSourceSurface));
- 
-   origSurf->SetData(&kSourceSurface, NULL, NULL);
- }
-+#else
-+void SourceSnapshotDetached(void *nullSurf)
-+{
-+  gfxImageSurface* origSurf = static_cast<gfxImageSurface*>(nullSurf);
-+  origSurf->SetData(&kSourceSurface, NULL, NULL);
-+}
-+#endif
- 
- RefPtr<SourceSurface>
- gfxPlatform::GetSourceSurfaceForSurface(DrawTarget *aTarget, gfxASurface *aSurface)
- {
-   void *userData = aSurface->GetData(&kSourceSurface);
- 
-   if (userData) {
-     SourceSurfaceUserData *surf = static_cast<SourceSurfaceUserData*>(userData);
-@@ -667,24 +675,28 @@ gfxPlatform::GetSourceSurfaceForSurface(
-       }
- 
-       srcBuffer = Factory::CreateWrappingDataSourceSurface(imgSurface->Data(),
-                                                            imgSurface->Stride(),
-                                                            size, format);
- 
-     }
- 
-+#if MOZ_TREE_CAIRO
-     cairo_surface_t *nullSurf =
- 	cairo_null_surface_create(CAIRO_CONTENT_COLOR_ALPHA);
-     cairo_surface_set_user_data(nullSurf,
-                                 &kSourceSurface,
-                                 imgSurface,
-                                 NULL);
-     cairo_surface_attach_snapshot(imgSurface->CairoSurface(), nullSurf, SourceSnapshotDetached);
-     cairo_surface_destroy(nullSurf);
-+#else
-+    cairo_surface_set_mime_data(imgSurface->CairoSurface(), "mozilla/magic", (const unsigned char*) "data", 4, SourceSnapshotDetached, imgSurface.get());
-+#endif
-   }
- 
-   SourceSurfaceUserData *srcSurfUD = new SourceSurfaceUserData;
-   srcSurfUD->mBackendType = aTarget->GetType();
-   srcSurfUD->mSrcSurface = srcBuffer;
-   aSurface->SetData(&kSourceSurface, srcSurfUD, SourceBufferDestroy);
- 
-   return srcBuffer;
-
diff --git a/pkgs/applications/networking/browsers/firefox/wrapper.nix b/pkgs/applications/networking/browsers/firefox/wrapper.nix
index f8d2c2d0e8cd..bf4c7f3e7d22 100644
--- a/pkgs/applications/networking/browsers/firefox/wrapper.nix
+++ b/pkgs/applications/networking/browsers/firefox/wrapper.nix
@@ -1,4 +1,4 @@
-{ stdenv, browser, makeDesktopItem, makeWrapper, plugins, libs, gtk_modules
+{ stdenv, lib, browser, makeDesktopItem, makeWrapper, plugins, libs, gtk_modules
 , browserName, desktopName, nameSuffix, icon
 }:
 
@@ -50,8 +50,7 @@ stdenv.mkDerivation {
     description =
       browser.meta.description
       + " (with plugins: "
-      + (let lib = import ../../../../lib;
-        in lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins)))
+      + lib.concatStrings (lib.intersperse ", " (map (x: x.name) plugins))
       + ")";
   };
 }
diff --git a/pkgs/applications/networking/browsers/midori/default.nix b/pkgs/applications/networking/browsers/midori/default.nix
index 4d561737d276..e39e377147a3 100644
--- a/pkgs/applications/networking/browsers/midori/default.nix
+++ b/pkgs/applications/networking/browsers/midori/default.nix
@@ -43,7 +43,7 @@ rec {
 
   name = "midori-${version}.${release}";
   meta = {
-    description = "Light WebKit-based web browser with GTK GUI.";
+    description = "Light WebKit-based web browser with GTK GUI";
     maintainers = [args.lib.maintainers.raskin];
     platforms = with args.lib.platforms;
       linux;
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh
new file mode 100644
index 000000000000..fb36125b3a17
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh
@@ -0,0 +1,4 @@
+source $stdenv/setup
+export PREFIX=$out
+configureFlags="--plugin-path=$out/lib/mozilla/plugins"
+genericBuild
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix
new file mode 100644
index 000000000000..7422654ec985
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchurl, pkgconfig, openssl, glib, libX11, gtk3, gettext, intltool }:
+
+let version = "1.0.2"; in
+stdenv.mkDerivation rec {
+  name = "fribid-${version}";
+  builder = ./builder.sh;
+
+  src = fetchurl {
+    url = "https://fribid.se/releases/source/${name}.tar.bz2";
+    sha256 = "d7cd9adf04fedf50b266a5c14ddb427cbb263d3bc160ee0ade03aca9d5356e5c";
+  };
+
+  buildInputs = [ pkgconfig openssl libX11 gtk3 glib gettext intltool ];
+  patches = [
+    ./translation-xgettext-to-intltool.patch
+    ./plugin-linkfix.patch
+    ./emulated-version.patch
+    ./ipc-lazytrace.patch
+    ];
+
+  passthru.mozillaPlugin = "/lib/mozilla/plugins";
+
+  meta = {
+    description = "A browser plugin to manage Swedish BankID:s";
+    homepage = http://fribid.se;
+    licenses = [ "GPLv2" "MPLv1" ];
+    maintainers = [ stdenv.lib.maintainers.edwtjo ];
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
new file mode 100644
index 000000000000..f730ad017b1d
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
@@ -0,0 +1,12 @@
+--- a/common/defines.h  2012-11-14 18:02:43.000000000 +0100
++++ b/common/defines.h  2013-09-20 19:17:45.669290630 +0200
+@@ -39,7 +39,7 @@
+ #define RELEASE_TIME        1352912534
+ #define IPCVERSION          "10"
+ 
+-#define EMULATED_VERSION    "4.15.0.14"
++#define EMULATED_VERSION    "4.17.0.11" // Was 4.15.0.14
+ #define DNSVERSION          "2"
+ #define STATUSDOMAIN        ".status.fribid.se"
+ 
+
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch
new file mode 100644
index 000000000000..b7d05ddd0ef5
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch
@@ -0,0 +1,10 @@
+--- a/plugin/ipc.c	2012-11-14 18:02:43.000000000 +0100
++++ b/plugin/ipc.c	2013-09-21 08:55:39.960265058 +0200
+@@ -74,6 +74,7 @@
+         //close(pipeOut[PIPE_READ_END]);
+
+         execvp(mainBinary, (char *const *)argv);
++        fprintf(stderr, "Wanted signing executable\t<%s>\n", mainBinary);
+         perror(BINNAME ": Failed to execute main binary");
+         exit(1);
+     } else {
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch
new file mode 100644
index 000000000000..1128381238b4
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch
@@ -0,0 +1,11 @@
+--- a/plugin/Makefile	2013-09-18 13:55:11.091652553 +0200
++++ b/plugin/Makefile	2013-09-18 13:58:27.513618750 +0200
+@@ -60,7 +60,7 @@
+ 	for path in $(NPAPI_PLUGIN_PATHS); do \
+ 	    (../configure --internal--remove-link $(DESTDIR)$$path/libfribidplugin.so $(NPAPI_PLUGIN_LIB) || exit 1) && \
+ 	    install -d $(DESTDIR)$$path && \
+-	    ln -sf $(NPAPI_PLUGIN_LIB) $(DESTDIR)$$path/libfribidplugin.so; \
++	    ln -sf $(DESTDIR)$(NPAPI_PLUGIN_LIB) $(DESTDIR)$$path/libfribidplugin.so; \
+ 	done
+
+ uninstall:
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch
new file mode 100644
index 000000000000..dcac4f17928b
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch
@@ -0,0 +1,16 @@
+--- a/translations/Makefile	2013-09-18 07:25:16.503800613 +0200
++++ b/translations/Makefile	2013-09-18 07:25:29.495869405 +0200
+@@ -38,7 +38,7 @@
+ all: template.pot $(MOFILES)
+
+ template.pot: $(POTFILES) $(DEFINES)
+-	xgettext -k_ -ktranslatable -d $(DOMAIN) --package-name=$(PACKAGENAME) --package-version=$(PACKAGEVERSION) --copyright-holder='YOUR NAME' -o $@ $(POTFILES)
++	intltool-update --gettext-package=$(PACKAGENAME) -o $@ sv
+
+ .po.mo:
+ 	msgfmt $< -o $@
+--- a/translations/POTFILES.in	2013-09-16 20:28:56.766106014 +0200
++++ b/translations/POTFILES.in	2013-09-18 13:15:05.252689648 +0200
+@@ -0,0 +1,2 @@
++client/gtk.c
++client/gtk/sign.glade
diff --git a/pkgs/applications/networking/dropbox-cli/default.nix b/pkgs/applications/networking/dropbox-cli/default.nix
index 34fe6db8932b..194b7d92c403 100644
--- a/pkgs/applications/networking/dropbox-cli/default.nix
+++ b/pkgs/applications/networking/dropbox-cli/default.nix
@@ -1,7 +1,8 @@
 { stdenv, coreutils, fetchurl, python, dropbox }:
 
 stdenv.mkDerivation {
-  name = "dropbox-cli";
+  # 1.6.0 because it's the only version mentioned in the script
+  name = "dropbox-cli-1.6.0";
 
   src = fetchurl {
     # Note: dropbox doesn't version this file. Annoying.
@@ -29,7 +30,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://dropbox.com;
-    description = "Command line client for the dropbox daemon.";
+    description = "Command line client for the dropbox daemon";
     license = stdenv.lib.licenses.gpl3;
     maintainers = with stdenv.lib.maintainers; [ the-kenny ];
     # NOTE: Dropbox itself only works on linux, so this is ok.
diff --git a/pkgs/applications/networking/dropbox/default.nix b/pkgs/applications/networking/dropbox/default.nix
index 4e911bc33452..99589a3d71b5 100644
--- a/pkgs/applications/networking/dropbox/default.nix
+++ b/pkgs/applications/networking/dropbox/default.nix
@@ -2,7 +2,7 @@
 , libSM, libX11, libXext, libXcomposite, libXcursor, libXdamage
 , libXfixes, libXi, libXinerama, libXrandr, libXrender
 , dbus, dbus_glib, fontconfig, gcc, patchelf
-, atk, glib, gdk_pixbuf, gtk, pango
+, atk, glib, gdk_pixbuf, gtk, pango, zlib
 }:
 
 # this package contains the daemon version of dropbox
@@ -20,14 +20,14 @@ let
   arch = if stdenv.system == "x86_64-linux" then "x86_64"
     else if stdenv.system == "i686-linux" then "x86"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
-    
+
   interpreter = if stdenv.system == "x86_64-linux" then "ld-linux-x86-64.so.2"
     else if stdenv.system == "i686-linux" then "ld-linux.so.2"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
-  version = "1.4.21";
-  sha256 = if stdenv.system == "x86_64-linux" then "94073842f4a81feee80bca590e1df73fc3cab47ba879407ceba2de48f30d84e2"
-    else if stdenv.system == "i686-linux" then "121v92m20l73xjmzng3vmcp4zsp9mlbcfia73f5py5y74kndb2ap"
+  version = "2.4.3";
+  sha256 = if stdenv.system == "x86_64-linux" then "0g8iqgc18qbw8fvdjf0fhbal34rvwr5izrf5acfzqjg99dgih81r"
+    else if stdenv.system == "i686-linux" then "1nhmk319whj6cil6wg9hrfln9bxin3fnf6sxb0zg2ycfpnnqi0la"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
   # relative location where the dropbox libraries are stored
@@ -40,7 +40,7 @@ let
       libSM libX11 libXext libXcomposite libXcursor libXdamage
       libXfixes libXi libXinerama libXrandr libXrender
       atk dbus dbus_glib glib fontconfig gcc gdk_pixbuf
-      gtk pango
+      gtk pango zlib
     ];
 
   desktopItem = makeDesktopItem {
diff --git a/pkgs/applications/networking/ids/bro/default.nix b/pkgs/applications/networking/ids/bro/default.nix
index 6e70e106d26e..d60d39ac028d 100644
--- a/pkgs/applications/networking/ids/bro/default.nix
+++ b/pkgs/applications/networking/ids/bro/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   enableParallelBuilding = true;
   
   meta = {
-    description = "Bro is a powerful network analysis framework that is much different from the typical IDS you may know.";
+    description = "Powerful network analysis framework that is much different from the typical IDS you may know";
     homepage = http://www.bro.org/;
     license = "BSD";
   };
diff --git a/pkgs/applications/networking/instant-messengers/amsn/default.nix b/pkgs/applications/networking/instant-messengers/amsn/default.nix
index 07aa20ff1f31..fc7906b3e402 100644
--- a/pkgs/applications/networking/instant-messengers/amsn/default.nix
+++ b/pkgs/applications/networking/instant-messengers/amsn/default.nix
@@ -16,6 +16,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
+    description = "Instant messaging (MSN Messenger clone)";
     homepage = http://amsn-project.net;
   };
 }
diff --git a/pkgs/applications/networking/instant-messengers/oneteam/default.nix b/pkgs/applications/networking/instant-messengers/oneteam/default.nix
index 3549d7f14996..14d01de32458 100644
--- a/pkgs/applications/networking/instant-messengers/oneteam/default.nix
+++ b/pkgs/applications/networking/instant-messengers/oneteam/default.nix
@@ -76,8 +76,6 @@ rec {
     [
       raskin
     ];
-    platforms = with a.lib.platforms;
-      linux;
     license = a.lib.licenses.gpl2;
     homepage="http://oneteam.im";
   };
diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/msn-pecan/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/msn-pecan/default.nix
index cdbf63dbd9f1..2e1b745790a4 100644
--- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/msn-pecan/default.nix
+++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/msn-pecan/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Alternative MSN protocol plug-in for Pidgin IM.";
+    description = "Alternative MSN protocol plug-in for Pidgin IM";
     homepage = http://code.google.com/p/msn-pecan/;
   };
 
diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix
index e8afdb37cbc4..9c787867e5a1 100644
--- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix
+++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/sipe/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "SIPE plugin for Pidgin IM.";
+    description = "SIPE plugin for Pidgin IM";
     homepage = http://sipe.sourceforge.net/;
     license = "GPLv2";
   };
diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/tox-prpl/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/tox-prpl/default.nix
new file mode 100644
index 000000000000..b87db662f45e
--- /dev/null
+++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/tox-prpl/default.nix
@@ -0,0 +1,29 @@
+{ stdenv, fetchurl, libtoxcore, pidgin, autoconf, automake, libtool, libsodium } :
+
+let
+  version = "17a3fd9199";
+  date = "20131012";
+in
+stdenv.mkDerivation rec {
+  name = "tox-prpl-${date}-${version}";
+
+  src = fetchurl {
+    url = "https://github.com/jin-eld/tox-prpl/tarball/${version}";
+    name = "${name}.tar.gz";
+    sha256 = "0sz5wkyfwmhaj652xpsxq4p252cmmfa1vy6mp3jfyn145c758v9n";
+  };
+
+  NIX_LDFLAGS = "-lssp -lsodium";
+
+  preConfigure = "autoreconf -vfi";
+
+  postInstall = "mv $out/lib/purple-2 $out/lib/pidgin";
+
+  buildInputs = [ libtoxcore pidgin autoconf automake libtool libsodium ];
+
+  meta = {
+    homepage = http://tox.dhs.org/;
+    description = "Tox plugin for Pidgin / libpurple";
+    license = "GPLv3";
+  };
+}
diff --git a/pkgs/applications/networking/instant-messengers/pidgin/default.nix b/pkgs/applications/networking/instant-messengers/pidgin/default.nix
index 00fba657d8a4..d0652adcb0d6 100644
--- a/pkgs/applications/networking/instant-messengers/pidgin/default.nix
+++ b/pkgs/applications/networking/instant-messengers/pidgin/default.nix
@@ -52,7 +52,7 @@ stdenv.mkDerivation rec {
   + (lib.optionalString (gnutls != null) " --enable-gnutls=yes --enable-nss=no")
   ;
   meta = {
-    description = "Pidgin IM - XMPP(Jabber), AIM/ICQ, IRC, SIP etc client.";
+    description = "Pidgin IM - XMPP(Jabber), AIM/ICQ, IRC, SIP etc client";
     homepage = http://pidgin.im;
   };
 }
diff --git a/pkgs/applications/networking/instant-messengers/skype/default.nix b/pkgs/applications/networking/instant-messengers/skype/default.nix
index aa90c8e70261..ebd84ff47b89 100644
--- a/pkgs/applications/networking/instant-messengers/skype/default.nix
+++ b/pkgs/applications/networking/instant-messengers/skype/default.nix
@@ -48,6 +48,7 @@ stdenv.mkDerivation rec {
 
     cat > $out/bin/skype << EOF
     #!${stdenv.shell}
+    export PULSE_LATENCY_MSEC=60  # workaround for pulseaudio glitches
     export LD_LIBRARY_PATH=$fullPath:$LD_LIBRARY_PATH
     $dynlinker $out/libexec/skype/skype --resources=$out/libexec/skype "\$@"
     EOF
diff --git a/pkgs/applications/networking/instant-messengers/torchat/default.nix b/pkgs/applications/networking/instant-messengers/torchat/default.nix
index 5a82cf9d6407..06bcd7a0400e 100644
--- a/pkgs/applications/networking/instant-messengers/torchat/default.nix
+++ b/pkgs/applications/networking/instant-messengers/torchat/default.nix
@@ -2,18 +2,17 @@
 stdenv.mkDerivation rec {
 
   name = "torchat-${version}";
-  version = "0.9.9.550";
+  version = "0.9.9.553";
 
   src = fetchurl {
-    url = "http://torchat.googlecode.com/files/torchat-source-${version}.zip";
-    sha256 = "01z0vrmflcmb146m04b66zihkd22aqnxz2vr4x23z1q5mlwylmq2";
+    url = "https://github.com/prof7bit/TorChat/archive/${version}.tar.gz";
+    sha256 = "0rb4lvv40pz6ab5kxq40ycvh7kh1yxn7swzgv2ff2nbhi62xnzp0";
   };
 
   buildInputs = [ python unzip wxPython wrapPython ];
   pythonPath = [ wxPython ];
 
-  preConfigure = "rm portable.txt";
-  preUnpack = "sourceRoot=`pwd`/src";
+  preConfigure = "cd torchat/src; rm portable.txt";
 
   installPhase = ''
     substituteInPlace "Tor/tor.sh" --replace "tor -f" "${tor}/bin/tor -f"
@@ -29,8 +28,8 @@ stdenv.mkDerivation rec {
   '';
 
   meta = with stdenv.lib; {
-    homepage = http://code.google.com/p/torchat/;
-    description = "instant messaging application on top of the Tor network and it's location hidden services";
+    homepage = https://github.com/prof7bit/TorChat;
+    description = "Instant messaging application on top of the Tor network and it's location hidden services";
     license = licenses.gpl3;
     maintainers = [ maintainers.phreedom ];
     platforms = platforms.unix;
diff --git a/pkgs/applications/networking/instant-messengers/toxic/default.nix b/pkgs/applications/networking/instant-messengers/toxic/default.nix
new file mode 100644
index 000000000000..c2af1274a24c
--- /dev/null
+++ b/pkgs/applications/networking/instant-messengers/toxic/default.nix
@@ -0,0 +1,40 @@
+{ stdenv, fetchurl, autoconf, libtool, automake, libsodium, ncurses
+, libtoxcore, pkgconfig }:
+
+let
+  version = "75d356e52a";
+  date = "20131011";
+in
+stdenv.mkDerivation rec {
+  name = "toxic-${date}-${version}";
+
+  src = fetchurl {
+    url = "https://github.com/Tox/toxic/tarball/${version}";
+    name = "${name}.tar.gz";
+    sha256 = "14wyvms8l07sl88g8y6g2jv95sq7cnhbaqf4n32xxilch8rymq47";
+  };
+
+  preConfigure = ''
+    autoreconf -i
+  '';
+
+  NIX_LDFLAGS = "-lsodium";
+
+  configureFlags = [
+    "--with-libtoxcore-headers=${libtoxcore}/include"
+    "--with-libtoxcore-libs=${libtoxcore}/lib" 
+    "--with-libsodium-headers=${libtoxcore}/include"
+    "--with-libsodium-libs=${libtoxcore}/lib" 
+  ];
+
+  buildInputs = [ autoconf libtool automake libtoxcore libsodium ncurses pkgconfig ];
+
+  doCheck = true;
+
+  meta = {
+    description = "Reference CLI for Tox";
+    license = "GPLv3+";
+    maintainers = with stdenv.lib.maintainers; [ viric ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/applications/networking/irc/kvirc/default.nix b/pkgs/applications/networking/irc/kvirc/default.nix
new file mode 100644
index 000000000000..f4b451e66e07
--- /dev/null
+++ b/pkgs/applications/networking/irc/kvirc/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, fetchurl, cmake, qt4, perl, gettext, kdelibs, openssl, zlib}:
+
+let
+  pn = "kvirc";
+  v = "4.2.0";
+in
+
+stdenv.mkDerivation {
+  name = "${pn}-${v}";
+
+  src = fetchurl {
+    url = "ftp://ftp.kvirc.de/pub/${pn}/${v}/source/${pn}-${v}.tar.bz2";
+    sha256 = "9a547d52d804e39c9635c8dc58bccaf4d34341ef16a9a652a5eb5568d4d762cb";
+  };
+
+  buildInputs = [ cmake qt4 perl gettext kdelibs openssl zlib ];
+
+  meta = with stdenv.lib; {
+    description = "Graphic IRC client with Qt";
+    license = licenses.gpl3;
+    homepage = http://www.kvirc.net/;
+    platforms   = platforms.linux;
+  };
+}
diff --git a/pkgs/applications/networking/irc/quassel/default.nix b/pkgs/applications/networking/irc/quassel/default.nix
index 16aaf3d9f3b2..67ff1ca02c43 100644
--- a/pkgs/applications/networking/irc/quassel/default.nix
+++ b/pkgs/applications/networking/irc/quassel/default.nix
@@ -1,7 +1,7 @@
 { monolithic ? true # build monolithic Quassel
 , daemon ? false # build Quassel daemon
 , client ? false # build Quassel client
-, withKDE ? true # enable KDE integration
+, withKDE ? stdenv.isLinux # enable KDE integration
 , ssl ? true # enable SSL support
 , previews ? false # enable webpage previews on hovering over URLs
 , stdenv, fetchurl, cmake, qt4, kdelibs, automoc4, phonon }:
@@ -11,11 +11,11 @@ let
 
 in with stdenv; mkDerivation rec {
 
-  name = "quassel-0.7.4";
+  name = "quassel-0.9.0";
 
   src = fetchurl {
     url = "http://quassel-irc.org/pub/${name}.tar.bz2";
-    sha256 = "08f4m35bkmp9p1n560a3fg711s9izb25ddx2az03xzf1jl8qdrg7";
+    sha256 = "09v0igjkzan3hllk47w39hkav6v1419vpxn2lfd8473kwdmf0grf";
   };
 
   buildInputs = [ cmake qt4 ]
@@ -48,6 +48,7 @@ in with stdenv; mkDerivation rec {
     '';
     license = "GPLv3";
     maintainers = [ maintainers.phreedom ];
+    repositories.git = https://github.com/quassel/quassel.git;
     inherit (qt4.meta) platforms;
   };
 }
diff --git a/pkgs/applications/networking/irc/weechat/default.nix b/pkgs/applications/networking/irc/weechat/default.nix
index a523089e0ed1..01ba8c97d988 100644
--- a/pkgs/applications/networking/irc/weechat/default.nix
+++ b/pkgs/applications/networking/irc/weechat/default.nix
@@ -3,12 +3,12 @@
 , pythonPackages, cacert, cmake, makeWrapper }:
 
 stdenv.mkDerivation rec {
-  version = "0.4.1";
+  version = "0.4.2";
   name = "weechat-${version}";
 
   src = fetchurl {
     url = "http://weechat.org/files/src/${name}.tar.gz";
-    sha256 = "0gsn0mp921j7jpvrxc74h0gs0bn0w808j2zqghm1w7xbjw9hl49w";
+    sha256 = "03ypji34kb5yrxqyn8dbrjm3j00pc8v7wfsip7d3l63nyx79df9v";
   };
 
   buildInputs = 
@@ -18,17 +18,16 @@ stdenv.mkDerivation rec {
     ];
 
   postInstall = ''
-       wrapProgram "$out/bin/weechat-curses" \
+       wrapProgram "$out/bin/weechat" \
          --prefix PYTHONPATH : "$PYTHONPATH" \
          --prefix PYTHONPATH : "$out/lib/${python.libPrefix}/site-packages"
   '';
 
   meta = {
-    homepage = http://http://www.weechat.org/;
+    homepage = http://www.weechat.org/;
     description = "A fast, light and extensible chat client";
     license = stdenv.lib.licenses.gpl3;
-    maintainers = [ stdenv.lib.maintainers.garbas ];
+    maintainers = with stdenv.lib.maintainers; [ garbas the-kenny ];
     platforms = stdenv.lib.platforms.linux;
   };
 }
-
diff --git a/pkgs/applications/networking/jmeter/default.nix b/pkgs/applications/networking/jmeter/default.nix
new file mode 100644
index 000000000000..c3212f6aa560
--- /dev/null
+++ b/pkgs/applications/networking/jmeter/default.nix
@@ -0,0 +1,27 @@
+{ fetchurl, stdenv, ant }:
+
+stdenv.mkDerivation rec {
+  name = "jmeter-2.9";
+  src = fetchurl {
+    url = "http://ftp.unicamp.br/pub/apache//jmeter/binaries/apache-jmeter-2.9.tgz";
+    sha256 = "14r3zn910m97jqrf6k5c4lwy214snaap2242qg76h65zk9qr20ni";
+  };
+
+  installPhase = ''
+    mkdir $out
+    cp ./* $out/ -R
+  '';
+
+  meta = {
+    description = "Apache JMeter is a 100% pure Java desktop application designed to load test functional behavior and measure performance.";
+    longDescription = ''
+      The Apache JMeter desktop application is open source software, a 100%
+      pure Java application designed to load test functional behavior and
+      measure performance. It was originally designed for testing Web
+      Applications but has since expanded to other test functions.
+    '';
+    license = stdenv.lib.licenses.asl20;
+    maintainers = [ stdenv.lib.maintainers.garbas ];
+    priority = 1;
+  };
+}
diff --git a/pkgs/applications/networking/mailreaders/sup/default.nix b/pkgs/applications/networking/mailreaders/sup/default.nix
index 058335370266..dd2837da40a6 100644
--- a/pkgs/applications/networking/mailreaders/sup/default.nix
+++ b/pkgs/applications/networking/mailreaders/sup/default.nix
@@ -1,9 +1,10 @@
 { stdenv, fetchurl, ruby, rake, rubygems, makeWrapper, ncursesw_sup
-, xapian_ruby, gpgme, libiconvOrEmpty, rmail, mime_types, chronic, trollop
-, lockfile, gettext, iconv, locale, text, highline }:
+, xapian_ruby, gpgme, libiconvOrEmpty, mime_types, chronic, trollop, lockfile
+, gettext, iconv, locale, text, highline, rmail_sup, unicode, gnupg, which }:
 
-stdenv.mkDerivation {
-  name = "sup-896ab66c0263e5ce0fa45857fb08e0fb78fcb6bd";
+stdenv.mkDerivation rec {
+  version = "f27661b1656ae1f0d28fd89595b5a16f268d8d3d";
+  name    = "sup-${version}";
   
   meta = {
     homepage = http://supmua.org;
@@ -16,8 +17,8 @@ stdenv.mkDerivation {
   dontStrip = true;
 
   src = fetchurl {
-    url = "https://github.com/sup-heliotrope/sup/archive/896ab66c0263e5ce0fa45857fb08e0fb78fcb6bd.tar.gz";
-    sha256 = "0sknf4ha13m2478fa27qnm43bcn59g6qbd8f2nmv64k2zs7xnwmk";
+    url    = "https://github.com/sup-heliotrope/sup/archive/${version}.tar.gz";
+    sha256 = "08fxf1knji3260d0mrp86x6yayp43iq7kc5rfay3hga8i2sckdia";
   };
 
   buildInputs =
@@ -26,8 +27,6 @@ stdenv.mkDerivation {
 
   buildPhase = "rake gem";
 
-  # TODO: Move gem dependencies out
-
   installPhase = ''
     export HOME=$TMP/home; mkdir -pv "$HOME"
 
@@ -35,16 +34,17 @@ stdenv.mkDerivation {
     GEM_PATH="$GEM_PATH:${chronic}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${gettext}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${gpgme}/${ruby.gemPath}"
+    GEM_PATH="$GEM_PATH:${highline}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${iconv}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${locale}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${lockfile}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${mime_types}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${ncursesw_sup}/${ruby.gemPath}"
-    GEM_PATH="$GEM_PATH:${rmail}/${ruby.gemPath}"
+    GEM_PATH="$GEM_PATH:${rmail_sup}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${text}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${trollop}/${ruby.gemPath}"
+    GEM_PATH="$GEM_PATH:${unicode}/${ruby.gemPath}"
     GEM_PATH="$GEM_PATH:${xapian_ruby}/${ruby.gemPath}"
-    GEM_PATH="$GEM_PATH:${highline}/${ruby.gemPath}"
 
     # Don't install some dependencies -- we have already installed
     # the dependencies but gem doesn't acknowledge this
@@ -52,8 +52,13 @@ stdenv.mkDerivation {
         --bindir "$out/bin" --no-rdoc --no-ri pkg/sup-999.gem \
         --ignore-dependencies
 
+    # specify ruby interpreter explicitly
+    sed -i '1 s|^.*$|#!${ruby}/bin/ruby|' bin/sup-sync-back-maildir
+
+    cp bin/sup-sync-back-maildir "$out"/bin
+
     for prog in $out/bin/*; do
-      wrapProgram "$prog" --prefix GEM_PATH : "$GEM_PATH"
+      wrapProgram "$prog" --prefix GEM_PATH : "$GEM_PATH" --prefix PATH : "${gnupg}/bin:${which}/bin"
     done
 
     for prog in $out/gems/*/bin/*; do
@@ -61,4 +66,3 @@ stdenv.mkDerivation {
     done
   '';
 }
-
diff --git a/pkgs/applications/networking/p2p/gnunet/svn.nix b/pkgs/applications/networking/p2p/gnunet/svn.nix
index b6b9db99f907..ed6c348706b9 100644
--- a/pkgs/applications/networking/p2p/gnunet/svn.nix
+++ b/pkgs/applications/networking/p2p/gnunet/svn.nix
@@ -1,10 +1,11 @@
 { stdenv, fetchsvn, libextractor, libmicrohttpd, libgcrypt
 , zlib, gmp, curl, libtool, adns, sqlite, pkgconfig
 , libxml2, ncurses, gettext, libunistring, libidn
-, makeWrapper, autoconf, automake }:
+, makeWrapper, autoconf, automake
+, withVerbose ? false }:
 
 let
-  rev = "27775";
+  rev = "27840";
 in
 stdenv.mkDerivation rec {
   name = "gnunet-svn-${rev}";
@@ -12,7 +13,7 @@ stdenv.mkDerivation rec {
   src = fetchsvn {
     url =  https://gnunet.org/svn/gnunet;
     inherit rev;
-    sha256 = "1fa2g63rrn0mmim9v62gnm2hqr556mbcafb7cs7afycbinix4spf";
+    sha256 = "0zhxvvj5rbhca2ykfx3g93dv94xyhqsnj011a6gql7zd5vfhaf6v";
   };
 
   buildInputs = [
@@ -22,6 +23,8 @@ stdenv.mkDerivation rec {
     autoconf automake
   ];
 
+  configureFlags = stdenv.lib.optional withVerbose "--enable-logging=verbose ";
+
   preConfigure = ''
     # Brute force: since nix-worker chroots don't provide
     # /etc/{resolv.conf,hosts}, replace all references to `localhost'
diff --git a/pkgs/applications/networking/p2p/transmission/2.60.nix b/pkgs/applications/networking/p2p/transmission/2.60.nix
deleted file mode 100644
index c59fddf6364b..000000000000
--- a/pkgs/applications/networking/p2p/transmission/2.60.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-{ stdenv, fetchurl, pkgconfig, openssl, curl, intltool, libevent,
-  file, inotifyTools, gtk ? null }:
-
-stdenv.mkDerivation rec {
-  name = "transmission-2.60"; # transmission >= 2.61 requires gtk3
-
-  src = fetchurl {
-    url = "http://download.transmissionbt.com/files/${name}.tar.xz";
-    sha256 = "1ramdliyy8j7qqpkxg643lda11ynxwfhq6qcs31fr3h9x72l0rg4";
-  };
-
-  buildInputs = [ pkgconfig openssl curl intltool libevent
-                  file inotifyTools gtk ];
-
-  preConfigure = ''
-    sed -i -e 's|/usr/bin/file|${file}/bin/file|g' configure
-  '';
-
-  postInstall = ''
-    rm -f $out/share/icons/hicolor/icon-theme.cache
-  '';
-
-  meta = {
-    description = "A fast, easy and free BitTorrent client";
-    longDescription = ''
-      Transmission is a BitTorrent client which features a simple interface
-      on top of a cross-platform back-end.
-      Feature spotlight:
-        * Uses fewer resources than other clients
-        * Native Mac, GTK+ and Qt GUI clients
-        * Daemon ideal for servers, embedded systems, and headless use
-        * All these can be remote controlled by Web and Terminal clients
-        * Bluetack (PeerGuardian) blocklists with automatic updates
-        * Full encryption, DHT, and PEX support
-    '';
-    homepage = http://www.transmissionbt.com/;
-    license = [ "GPLv2" ];
-    maintainers = [ stdenv.lib.maintainers.astsmtl ];
-    platforms = stdenv.lib.platforms.linux;
-  };
-}
diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix
index 2c6106d13040..cb439ddb4624 100644
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@@ -1,32 +1,39 @@
-{ stdenv, fetchurl, pkgconfig, openssl, curl, intltool, libevent
-, file, inotifyTools
-, enableGtk ? false, gtk ? null }:
+{ stdenv, fetchurl, pkgconfig, intltool, file, makeWrapper
+, openssl, curl, libevent, inotifyTools
+, enableGTK3 ? false, gtk3
+}:
 
-assert enableGtk -> gtk != null;
+let
+  version = "2.82";
+in
+
+with { inherit (stdenv.lib) optional optionals optionalString; };
 
 stdenv.mkDerivation rec {
-  name = "transmission-2.77"; # transmission >= 2.61 requires gtk3
+  name = "transmission-" + optionalString enableGTK3 "gtk-" + version;
 
   src = fetchurl {
-    url = "http://download.transmissionbt.com/files/${name}.tar.xz";
-    sha256 = "1phzhj4wds6r2ziclva1b5l6l9xjsx5ji7s3m4xia44aq4znbcam";
+    url = "http://download.transmissionbt.com/files/transmission-${version}.tar.xz";
+    sha256 = "08imy28hpjxwdzgvhm66hkfyzp8qnnqr4jhv3rgshryzhw86b5ir";
   };
 
-  buildInputs = [ pkgconfig openssl curl intltool libevent
-                  file inotifyTools ]
-    ++ stdenv.lib.optional enableGtk gtk;
+  buildInputs = [ pkgconfig intltool file openssl curl libevent inotifyTools ]
+    ++ optionals enableGTK3 [ gtk3 makeWrapper ];
 
   preConfigure = ''
     sed -i -e 's|/usr/bin/file|${file}/bin/file|g' configure
   '';
 
-  configureFlags = stdenv.lib.optionalString enableGtk "--with-gtk";
+  configureFlags = [ "--with-systemd-daemon" ]
+    ++ optional enableGTK3 "--with-gtk";
 
-  postInstall = ''
-    rm -f $out/share/icons/hicolor/icon-theme.cache
+  postInstall = optionalString enableGTK3 /* gsettings schemas for file dialogues */ ''
+    rm "$out/share/icons/hicolor/icon-theme.cache"
+    wrapProgram "$out/bin/transmission-gtk" \
+      --prefix XDG_DATA_DIRS : "${gtk3}/share"
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "A fast, easy and free BitTorrent client";
     longDescription = ''
       Transmission is a BitTorrent client which features a simple interface
@@ -40,8 +47,9 @@ stdenv.mkDerivation rec {
         * Full encryption, DHT, and PEX support
     '';
     homepage = http://www.transmissionbt.com/;
-    license = [ "GPLv2" ];
-    maintainers = [ stdenv.lib.maintainers.astsmtl ];
-    platforms = stdenv.lib.platforms.linux;
+    license = licenses.gpl2; # parts are under MIT
+    maintainers = with maintainers; [ astsmtl vcunat ];
+    platforms = platforms.linux;
   };
 }
+
diff --git a/pkgs/applications/networking/remote/ssvnc/default.nix b/pkgs/applications/networking/remote/ssvnc/default.nix
new file mode 100644
index 000000000000..b2c9b7c3e73a
--- /dev/null
+++ b/pkgs/applications/networking/remote/ssvnc/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, fetchurl, imake, zlib, openjdk, libX11, libXt, libXmu, libXaw, libXext, libXpm, openjpeg, openssl }:
+
+let version = "1.0.29"; in
+stdenv.mkDerivation rec {
+  name = "ssvnc-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/ssvnc/${name}.src.tar.gz";
+    sha256 = "74df32eb8eaa68b07c9693a232ebe42154617c7f3cbe1d4e68d3fe7c557d618d";
+  };
+
+  buildInputs = [ imake zlib openjdk libX11 libXt libXmu libXaw libXext libXpm openjpeg openssl ];
+
+  configurePhase = "makeFlags=PREFIX=$out";
+
+  meta = {
+    description = "VNC viewer that adds encryption security to VNC connections";
+    homepage = "http://www.karlrunge.com/x11vnc/ssvnc.html";
+    license = "GPLv2";
+    maintainers = [ stdenv.lib.maintainers.edwtjo ];
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}
diff --git a/pkgs/applications/networking/sniffers/ettercap/default.nix b/pkgs/applications/networking/sniffers/ettercap/default.nix
new file mode 100644
index 000000000000..3994563cf3eb
--- /dev/null
+++ b/pkgs/applications/networking/sniffers/ettercap/default.nix
@@ -0,0 +1,33 @@
+{ stdenv, fetchurl, cmake, libpcap, libnet, zlib, curl, pcre,
+  openssl, ncurses, glib, gtk, atk, pango, flex, bison }:
+
+stdenv.mkDerivation rec {
+  name = "ettercap-${version}";
+  version = "0.8.0";
+
+  src = fetchurl {
+    url = "https://github.com/Ettercap/ettercap/archive/v${version}.tar.gz";
+    sha256 = "1g69782wk2hag8h76jqy81szw5jhvqqnn3m4v0wjkbv9zjxy44w0";
+  };
+
+  buildInputs = [
+    cmake libpcap libnet zlib curl pcre openssl ncurses
+    glib gtk atk pango flex bison
+  ];
+
+  preConfigure = ''
+    substituteInPlace CMakeLists.txt --replace /etc \$\{INSTALL_PREFIX\}/etc
+  '';
+
+  cmakeFlags = [
+    "-DGTK2_GLIBCONFIG_INCLUDE_DIR=${glib}/lib/glib-2.0/include"
+    "-DGTK2_GDKCONFIG_INCLUDE_DIR=${gtk}/lib/gtk-2.0/include"
+  ];
+
+  meta = {
+    description = "Comprehensive suite for man in the middle attacks";
+    homepage = http://ettercap.github.io/ettercap/;
+    license = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.unix;
+  };
+}
diff --git a/pkgs/applications/networking/znc/default.nix b/pkgs/applications/networking/znc/default.nix
index 13c3977a9799..a43d8fa9d11d 100644
--- a/pkgs/applications/networking/znc/default.nix
+++ b/pkgs/applications/networking/znc/default.nix
@@ -29,5 +29,6 @@ stdenv.mkDerivation rec {
     homepage = http://wiki.znc.in/ZNC;
     maintainers = [ stdenv.lib.maintainers.viric ];
     license = "ASL2.0";
+    platforms = stdenv.lib.platforms.unix;
   };
 }
diff --git a/pkgs/applications/networking/znc/modules.nix b/pkgs/applications/networking/znc/modules.nix
new file mode 100644
index 000000000000..ba6d36a3c76c
--- /dev/null
+++ b/pkgs/applications/networking/znc/modules.nix
@@ -0,0 +1,56 @@
+{ stdenv, fetchurl, fetchgit,  znc }:
+
+let
+
+  zncDerivation = a@{
+    name, src, module_name,
+    buildPhase ? "${znc}/bin/znc-buildmod ${module_name}.cpp",
+    installPhase ? "install -D ${module_name}.so $out/lib/znc/${module_name}.so", ...
+  } : stdenv.mkDerivation (a // {
+    inherit buildPhase;
+    inherit installPhase;
+
+    meta.platforms = stdenv.lib.platforms.unix;
+    passthru.module_name = module_name;
+  });
+
+in rec {
+
+  push = zncDerivation rec {
+    name = "znc-push-${version}";
+    version = "1.0.0";
+    module_name = "push";
+
+    src = fetchurl {
+        url = "https://github.com/jreese/znc-push/archive/v${version}.tar.gz";
+        sha256 = "1v9a16b1d8mfzhddf4drh6rbxa0szr842g7614r8ninmc0gi7a2v";
+    };
+
+    meta = {
+      description = "Push notification service module for ZNC";
+      homepage = https://github.com/jreese/znc-push;
+      repositories.git = https://github.com/jreese/znc-push.git;
+      license = stdenv.lib.license.mit;
+      maintainers = [ stdenv.lib.maintainers.offline ];
+    };
+  };
+
+  fish = zncDerivation rec {
+    name = "znc-fish-8e1f150fda";
+    module_name = "fish";
+
+    src = fetchgit {
+        url = meta.repositories.git;
+        rev = "8e1f150fdaf18dc33e023795584dec8255e6614e";
+        sha256 = "0vpk4336c191irl3g7wibblnbqf3903hjrci4gs0qgg1wvj7fw66";
+    };
+
+    meta = {
+      description = "ZNC FiSH module";
+      homepage = https://github.com/dctrwatson/znc-fish;
+      repositories.git = https://github.com/dctrwatson/znc-fish.git;
+      maintainers = [ stdenv.lib.maintainers.offline ];
+    };
+  };
+
+}
diff --git a/pkgs/applications/office/abiword/default.nix b/pkgs/applications/office/abiword/default.nix
index a500bbaa240b..0e5a6afcdc5f 100644
--- a/pkgs/applications/office/abiword/default.nix
+++ b/pkgs/applications/office/abiword/default.nix
@@ -26,4 +26,8 @@ stdenv.mkDerivation {
     [ pkgconfig gtk libglade librsvg bzip2 libgnomecanvas fribidi libpng popt
       libgsf enchant wv libjpeg
     ];
+
+  meta = {
+    description = "Word processing program, similar to Microsof Word";
+  };
 }
diff --git a/pkgs/applications/office/antiword/default.nix b/pkgs/applications/office/antiword/default.nix
index c4da2b609ce7..f889490a862c 100644
--- a/pkgs/applications/office/antiword/default.nix
+++ b/pkgs/applications/office/antiword/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.winfield.demon.nl/";
-    description = "convert MS Word documents to plain text or PostScript";
+    description = "Convert MS Word documents to plain text or PostScript";
     license = stdenv.lib.licenses.gpl2;
 
     maintainers = [ stdenv.lib.maintainers.simons ];
diff --git a/pkgs/applications/office/eventlist/default.nix b/pkgs/applications/office/eventlist/default.nix
new file mode 100644
index 000000000000..f126d6bfba65
--- /dev/null
+++ b/pkgs/applications/office/eventlist/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, fetchurl, kdelibs, kdepimlibs, akonadi, gettext, boost }:
+
+stdenv.mkDerivation rec {
+  name = "plasmoid-eventlist-0.6.96";
+
+  src = fetchurl {
+    url = "http://kde-look.org/CONTENT/content-files/107779-plasmoid-eventlist-0.6.96.tar.bz2";
+    sha256 = "26cc7bd1c465bf1379fd0ba1fa8592eaa62f2553734d1b283e17359103908eea";
+  };
+
+  buildInputs = [ kdelibs kdepimlibs akonadi gettext boost ];
+
+  meta = {
+    inherit (kdelibs.meta) platforms;
+    description = "KDE Plasmoid to show events and todos on the desktop";
+    longDescription = ''
+      This is a plasmoid to show the events and todos from Akonadi resources (KOrganizer, Birthdays etc.).
+      With a google resource also Google calendar items can be shown.
+      Also possible with a CalDAV resource.
+      A facebook resource is also available.
+
+      Incidences can be filtered, added, edited, deleted via context menu.
+    '';
+    homepage = "http://kde-look.org/content/show.php/Eventlist?content=107779";
+    license = "GPLv3+";
+
+	  };
+}
diff --git a/pkgs/applications/office/libreoffice/default.nix b/pkgs/applications/office/libreoffice/default.nix
index e07fe69b70cc..8aaf1839f92a 100644
--- a/pkgs/applications/office/libreoffice/default.nix
+++ b/pkgs/applications/office/libreoffice/default.nix
@@ -15,7 +15,7 @@
 , libwpg, dbus_glib, glibc, qt4, kde4, clucene_core, libcdr, lcms, vigra
 , unixODBC, mdds, saneBackends, mythes, libexttextcat, libvisio
 , fontsConf, pkgconfig, libzip, bluez5, libtool, maven
-, langs ? [ "ALL" ]
+, langs ? [ "en-US" "en-GB" "ca" "ru" "eo" "fr" "nl" "de" "sl" ]
 }:
 
 let
@@ -160,6 +160,7 @@ stdenv.mkDerivation rec {
 
     configureFlagsArray=(
       "--with-parallelism=$NIX_BUILD_CORES"
+      "--with-lang=${langsSpaces}"
     );
   '';
 
@@ -192,13 +193,12 @@ stdenv.mkDerivation rec {
 
     ln -s $out/lib/libreoffice/share/xdg $out/share/applications
     for f in $out/share/applications/*.desktop; do
-      substituteInPlace "$f" --replace "Exec=libreoffice4.0" "$out/bin/soffice"
-      substituteInPlace "$f" --replace "Exec=libreoffice" "$out/bin/soffice"
+      substituteInPlace "$f" --replace "Exec=libreoffice4.0" "Exec=$out/bin/soffice"
+      substituteInPlace "$f" --replace "Exec=libreoffice" "Exec=$out/bin/soffice"
     done
   '';
 
   configureFlags = [
-    "--with-lang=${langsSpaces}"
     "--with-vender=NixOS"
 
     # Without these, configure does not finish
diff --git a/pkgs/applications/science/astronomy/gravit/default.nix b/pkgs/applications/science/astronomy/gravit/default.nix
index 820b4fb2979a..a2cc07b0a61c 100644
--- a/pkgs/applications/science/astronomy/gravit/default.nix
+++ b/pkgs/applications/science/astronomy/gravit/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, SDL, SDL_ttf, SDL_image, mesa, lua5_1, automake, autoconf }:
+{ stdenv, fetchurl, SDL, SDL_ttf, SDL_image, mesa, libpng, lua5, automake, autoconf }:
 
 stdenv.mkDerivation rec {
   name = "gravit-0.5.0";
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "0lyw0skrkb04s16vgz7ggswjrdxk1h23v5s85s09gjxzjp1xd3xp";
   };
 
-  buildInputs = [mesa SDL SDL_ttf SDL_image lua5_1 automake autoconf];
+  buildInputs = [mesa SDL SDL_ttf SDL_image lua5 automake autoconf libpng];
 
   preConfigure = "sh autogen.sh";
 
diff --git a/pkgs/applications/science/biology/arb/default.nix b/pkgs/applications/science/biology/arb/default.nix
index 1b4563555c46..279091f21bd2 100644
--- a/pkgs/applications/science/biology/arb/default.nix
+++ b/pkgs/applications/science/biology/arb/default.nix
@@ -75,7 +75,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description     = "ARB software for sequence database handling and analysis";
+    description     = "Software for sequence database handling and analysis";
     longDescription = ''The ARB software is a graphically oriented package comprising various tools for sequence database handling and data analysis. A central database of processed (aligned) sequences and any type of additional data linked to the respective sequence entries is structured according to phylogeny or other user defined criteria. Note that this package includes its own older versions of clustal etc.''; 
     license     = "non-free";
     pkgMaintainer = "http://BioLib.open-bio.org/";
diff --git a/pkgs/applications/science/biology/plink/default.nix b/pkgs/applications/science/biology/plink/default.nix
new file mode 100644
index 000000000000..fa6dcaa82ede
--- /dev/null
+++ b/pkgs/applications/science/biology/plink/default.nix
@@ -0,0 +1,24 @@
+{ stdenv, fetchurl, zlib, unzip }:
+
+stdenv.mkDerivation {
+  name = "plink-1.07";
+
+  src = fetchurl {
+    url = "http://pngu.mgh.harvard.edu/~purcell/plink/dist/plink-1.07-src.zip";
+    sha256 = "4af56348443d0c6a1db64950a071b1fcb49cc74154875a7b43cccb4b6a7f482b";
+  };
+
+  buildInputs = [ zlib unzip ] ;
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp plink $out/bin
+  '';
+  
+  meta = {
+    description = "Whole genome association toolkit";
+    homepage = "http://pngu.mgh.harvard.edu/~purcell/plink/";
+    license = "GNUv2";
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/applications/science/chemistry/avogadro/default.nix b/pkgs/applications/science/chemistry/avogadro/default.nix
index f4b353296fdc..e45f5b645fd9 100644
--- a/pkgs/applications/science/chemistry/avogadro/default.nix
+++ b/pkgs/applications/science/chemistry/avogadro/default.nix
@@ -15,7 +15,8 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = "-include ${mesa}/include/GL/glu.h";
 
   meta = {
+    description = "Molecule editor and visualizer";
     maintainers = [ stdenv.lib.maintainers.urkud ];
-    inherit (qt4.meta) platforms;
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/applications/science/electronics/alliance/default.nix b/pkgs/applications/science/electronics/alliance/default.nix
index 90fd5901cac7..ee22c66dfec0 100644
--- a/pkgs/applications/science/electronics/alliance/default.nix
+++ b/pkgs/applications/science/electronics/alliance/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-      description = "Complete set of free CAD tools and portable libraries for VLSI design.";
+      description = "Complete set of free CAD tools and portable libraries for VLSI design";
       homepage = http://www-asim.lip6.fr/recherche/alliance/;
   };
 }
diff --git a/pkgs/applications/science/electronics/ngspice/default.nix b/pkgs/applications/science/electronics/ngspice/default.nix
index 70153eee61b4..579492248ea3 100644
--- a/pkgs/applications/science/electronics/ngspice/default.nix
+++ b/pkgs/applications/science/electronics/ngspice/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
   configureFlags = [ "--enable-x" "--with-x" "--with-readline" ];
 
   meta = {
-    description = "The Next Generation Spice (Electronic Circuit Simulator).";
+    description = "The Next Generation Spice (Electronic Circuit Simulator)";
     homepage = "http://ngspice.sourceforge.net";
     license = ["BSD" "GPLv2"];
     maintainers = with stdenv.lib.maintainers; [viric];
diff --git a/pkgs/applications/science/logic/ekrhyper/default.nix b/pkgs/applications/science/logic/ekrhyper/default.nix
index 7ff1acb062be..c90099f495a2 100644
--- a/pkgs/applications/science/logic/ekrhyper/default.nix
+++ b/pkgs/applications/science/logic/ekrhyper/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="ekrhyper";
-    version="1_4_08022013";
+    version="1_4_30072013";
     name="${baseName}-${version}";
-    hash="0vni5pq1p99428ii3g13chiqxcs8k1fm6jlvg1jqh4qdcs42w7yb";
-    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_08022013.tar.gz";
-    sha256="0vni5pq1p99428ii3g13chiqxcs8k1fm6jlvg1jqh4qdcs42w7yb";
+    hash="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
+    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_30072013.tar.gz";
+    sha256="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
   };
   buildInputs = [
     ocaml perl
diff --git a/pkgs/applications/science/logic/eprover/default.nix b/pkgs/applications/science/logic/eprover/default.nix
index d36956d1375f..35e70a4b0d73 100644
--- a/pkgs/applications/science/logic/eprover/default.nix
+++ b/pkgs/applications/science/logic/eprover/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="eprover";
-    version="1.7";
+    version="1.8";
     name="${baseName}-${version}";
-    hash="1prkgjpg8lajcylz9nj2hfjxl3l42cqbfvilg30z9b5br14l36rh";
-    url="http://www4.in.tum.de/~schulz/WORK/E_DOWNLOAD/V_1.7/E.tgz";
-    sha256="1prkgjpg8lajcylz9nj2hfjxl3l42cqbfvilg30z9b5br14l36rh";
+    hash="0bl4dr7k6simwdvdyxhnjkiz4nm5y0nr8bfhc34zk0360i9m6sk3";
+    url="http://www4.in.tum.de/~schulz/WORK/E_DOWNLOAD/V_1.8/E.tgz";
+    sha256="0bl4dr7k6simwdvdyxhnjkiz4nm5y0nr8bfhc34zk0360i9m6sk3";
   };
 in
 stdenv.mkDerivation {
diff --git a/pkgs/applications/science/logic/hol/default.nix b/pkgs/applications/science/logic/hol/default.nix
index 18a16114c507..2e1647b6c71d 100644
--- a/pkgs/applications/science/logic/hol/default.nix
+++ b/pkgs/applications/science/logic/hol/default.nix
@@ -1,8 +1,10 @@
-{stdenv, fetchurl, polyml, experimentalKernel ? false}:
+{stdenv, fetchurl, polyml, graphviz, fontconfig, liberation_ttf,
+ experimentalKernel ? true}:
 
 let
   pname = "hol4";
-  version = "k.7";
+  version = "k.8";
+  holsubdir = "hol-kananaskis-8";
   kernelFlag = if experimentalKernel then "-expk" else "-stdknl";
 in
 
@@ -10,38 +12,51 @@ stdenv.mkDerivation {
   name = "${pname}-${version}";
 
   src = fetchurl {
-    url = mirror://sourceforge/hol/hol/kananaskis-7/kananaskis-7.tar.gz;
-    sha256 = "0gs1nmjvsjhnndama9v7gids2g86iip53v7d7dm3sfq6jxmqkwkl";
+    url = mirror://sourceforge/hol/hol/kananaskis-8/kananaskis-8.tar.gz;
+    sha256 = "5ce4c1e37301dbc38772694e98f1c7eabf69255908de204b280d8b2b1709e9d0";
   };
 
-  buildInputs = [polyml];
+  buildInputs = [polyml graphviz fontconfig liberation_ttf];
 
   buildCommand = ''
+
+    mkdir chroot-fontconfig
+    cat ${fontconfig}/etc/fonts/fonts.conf > chroot-fontconfig/fonts.conf
+    sed -e 's@</fontconfig>@@' -i chroot-fontconfig/fonts.conf
+    echo "<dir>${liberation_ttf}</dir>" >> chroot-fontconfig/fonts.conf
+    echo "</fontconfig>" >> chroot-fontconfig/fonts.conf
+
+    export FONTCONFIG_FILE=$(pwd)/chroot-fontconfig/fonts.conf
+
     mkdir -p "$out/src"
     cd  "$out/src"
 
     tar -xzf "$src"
-    cd hol4.${version}
+    cd ${holsubdir}
 
     substituteInPlace tools/Holmake/Holmake_types.sml \
       --replace "\"/bin/mv\"" "\"mv\"" \
       --replace "\"/bin/cp\"" "\"cp\""
 
+    for f in tools/buildutils.sml help/src-sml/DOT;
+    do
+      substituteInPlace $f --replace "\"/usr/bin/dot\"" "\"${graphviz}/bin/dot\""
+    done
+
     #sed -ie "/compute/,999 d" tools/build-sequence # for testing
 
     poly < tools/smart-configure.sml
-    
+
     bin/build ${kernelFlag} -symlink
 
     mkdir -p "$out/bin"
-    ln -st $out/bin  $out/src/hol4.${version}/bin/*
+    ln -st $out/bin  "$out/src/${holsubdir}/bin/"*
     # ln -s $out/src/hol4.${version}/bin $out/bin
   '';
 
   meta = {
-    description = "HOL4, an interactive theorem prover based on Higher-Order Logic.";
+    description = "Interactive theorem prover based on Higher-Order Logic";
     longDescription = ''
-
       HOL4 is the latest version of the HOL interactive proof
       assistant for higher order logic: a programming environment in
       which theorems can be proved and proof tools
@@ -52,7 +67,6 @@ stdenv.mkDerivation {
       engines. HOL4 is particularly suitable as a platform for
       implementing combinations of deduction, execution and property
       checking.
-
     '';
     homepage = "http://hol.sourceforge.net/";
     license = "BSD";
diff --git a/pkgs/applications/science/logic/hol_light/default.nix b/pkgs/applications/science/logic/hol_light/default.nix
index f9549241a45c..d6c1c0c18781 100644
--- a/pkgs/applications/science/logic/hol_light/default.nix
+++ b/pkgs/applications/science/logic/hol_light/default.nix
@@ -26,15 +26,15 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "An interactive theorem prover based on Higher-Order Logic.";
+    description = "Interactive theorem prover based on Higher-Order Logic";
     longDescription = ''
-HOL Light is a computer program to help users prove interesting mathematical
-theorems completely formally in Higher-Order Logic.  It sets a very exacting
-standard of correctness, but provides a number of automated tools and
-pre-proved mathematical theorems (e.g., about arithmetic, basic set theory and
-real analysis) to save the user work.  It is also fully programmable, so users
-can extend it with new theorems and inference rules without compromising its
-soundness.
+      HOL Light is a computer program to help users prove interesting
+      mathematical theorems completely formally in Higher-Order Logic.  It sets
+      a very exacting standard of correctness, but provides a number of
+      automated tools and pre-proved mathematical theorems (e.g., about
+      arithmetic, basic set theory and real analysis) to save the user work.
+      It is also fully programmable, so users can extend it with new theorems
+      and inference rules without compromising its soundness.
     '';
     homepage = http://www.cl.cam.ac.uk/~jrh13/hol-light/;
     license = stdenv.lib.licenses.bsd2;
diff --git a/pkgs/applications/science/logic/logisim/default.nix b/pkgs/applications/science/logic/logisim/default.nix
index 009bed3ffe2a..ab46efa9a961 100644
--- a/pkgs/applications/science/logic/logisim/default.nix
+++ b/pkgs/applications/science/logic/logisim/default.nix
@@ -26,7 +26,7 @@ stdenv.mkDerivation {
   
   meta = {
     homepage = "http://ozark.hendrix.edu/~burch/logisim";
-    description = "Logisim is an educational tool for designing and simulating digital logic circuits.";
+    description = "Educational tool for designing and simulating digital logic circuits";
     license = "GPLv2+";
   };
 }
diff --git a/pkgs/applications/science/logic/prover9/default.nix b/pkgs/applications/science/logic/prover9/default.nix
index 93b1657aa14a..d92c7887210e 100644
--- a/pkgs/applications/science/logic/prover9/default.nix
+++ b/pkgs/applications/science/logic/prover9/default.nix
@@ -31,14 +31,12 @@ stdenv.mkDerivation {
   meta = {
     homepage = "http://www.cs.unm.edu/~mccune/mace4/";
     license = "GPL";
-    description = "Prover9 is an automated theorem prover for first-order and equational logic.";
-
+    description = "Automated theorem prover for first-order and equational logic";
     longDescription = ''
       Prover9 is a resolution/paramodulation automated theorem prover
       for first-order and equational logic. Prover9 is a successor of
       the Otter Prover. This is the LADR command-line version.
     '';
-
     platforms = stdenv.lib.platforms.unix;
     maintainers = [];
   };
diff --git a/pkgs/applications/science/math/R/default.nix b/pkgs/applications/science/math/R/default.nix
index 4c8204b37ee3..6c8ec9e68c53 100644
--- a/pkgs/applications/science/math/R/default.nix
+++ b/pkgs/applications/science/math/R/default.nix
@@ -5,11 +5,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "R-3.0.1";
+  name = "R-3.0.2";
 
   src = fetchurl {
-    url = "http://ftp5.gwdg.de/pub/misc/cran/src/base/R-3/${name}.tar.gz";
-    sha256 = "0d3iv382bsyz6ad5fk382x7sy3qzgpqvd0fw26r0648lyf54i45g";
+    url = "http://cran.r-project.org/src/base/R-3/${name}.tar.gz";
+    sha256 = "0jq2vk6bgksbvgmdjvv7vfj6llp091d0nhl5j825aya4c2nhavlm";
   };
 
   buildInputs = [ blas bzip2 gfortran liblapack libX11 libXmu libXt
@@ -55,9 +55,11 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  setupHook = ./setup-hook.sh;
+
   meta = {
     homepage = "http://www.r-project.org/";
-    description = "a free software environment for statistical computing and graphics";
+    description = "Free software environment for statistical computing and graphics";
     license = stdenv.lib.licenses.gpl2Plus;
 
     longDescription = ''
diff --git a/pkgs/applications/science/math/R/setup-hook.sh b/pkgs/applications/science/math/R/setup-hook.sh
new file mode 100644
index 000000000000..a31289bbfba9
--- /dev/null
+++ b/pkgs/applications/science/math/R/setup-hook.sh
@@ -0,0 +1,5 @@
+addRLibPath () {
+    addToSearchPath R_LIBS_SITE $1/library
+}
+
+envHooks=(${envHooks[@]} addRLibPath)
diff --git a/pkgs/applications/science/math/mathematica/default.nix b/pkgs/applications/science/math/mathematica/default.nix
new file mode 100644
index 000000000000..cedb491cc8b9
--- /dev/null
+++ b/pkgs/applications/science/math/mathematica/default.nix
@@ -0,0 +1,126 @@
+{ stdenv
+, coreutils
+, patchelf
+, requireFile
+, alsaLib
+, fontconfig
+, freetype
+, gcc
+, glib
+, libpng
+, ncurses
+, opencv
+, openssl
+, unixODBC
+, xlibs
+, zlib
+}:
+
+let
+  platform =
+    if stdenv.system == "i686-linux" then
+      "Linux"
+    else if stdenv.system == "x86_64-linux" then
+      "Linux-x86-64"
+    else
+      throw "Mathematica requires i686-linux or x86_64 linux";
+in
+stdenv.mkDerivation rec {
+
+  name = "mathematica-9.0.0";
+
+  src = requireFile rec {
+    name = "Mathematica_9.0.0_LINUX.sh";
+    message = '' 
+      This nix expression requires that Mathematica_9.0.0_LINUX.sh is
+      already part of the store. Find the file on your Mathematica CD
+      and add it to the nix store with nix-store --add-fixed sha256 <FILE>.
+    '';
+    sha256 = "106zfaplhwcfdl9rdgs25x83xra9zcny94gb22wncbfxvrsk3a4q";
+  };
+
+  buildInputs = [
+    coreutils
+    patchelf
+    alsaLib
+    coreutils
+    fontconfig
+    freetype
+    gcc.gcc
+    gcc.libc
+    glib
+    ncurses
+    opencv
+    openssl
+    unixODBC
+  ] ++ (with xlibs; [
+    libX11
+    libXext
+    libXtst
+    libXi
+    libXmu
+    libXrender
+    libxcb
+  ]);
+
+  ldpath = stdenv.lib.makeLibraryPath buildInputs
+    + stdenv.lib.optionalString (stdenv.system == "x86_64-linux")
+      (":" + stdenv.lib.makeSearchPath "lib64" buildInputs);
+
+  phases = "unpackPhase installPhase fixupPhase";
+
+  unpackPhase = ''
+    echo "=== Extracting makeself archive ==="
+    # find offset from file
+    offset=$(${stdenv.shell} -c "$(grep -axm1 -e 'offset=.*' $src); echo \$offset" $src)
+    dd if="$src" ibs=$offset skip=1 | tar -xf -
+    cd Unix
+  '';
+
+  installPhase = ''
+    cd Installer
+    # don't restrict PATH, that has already been done
+    sed -i -e 's/^PATH=/# PATH=/' MathInstaller
+
+    echo "=== Running MathInstaller ==="
+    ./MathInstaller -auto -createdir=y -execdir=$out/bin -targetdir=$out/libexec/Mathematica -platforms=${platform} -silent
+  '';
+
+  preFixup = ''
+    echo "=== PatchElfing away ==="
+    find $out/libexec/Mathematica/SystemFiles -type f -perm +100 | while read f; do
+      type=$(readelf -h "$f" 2>/dev/null | grep 'Type:' | sed -e 's/ *Type: *\([A-Z]*\) (.*/\1/')
+      if [ -z "$type" ]; then
+        :
+      elif [ "$type" == "EXEC" ]; then
+        echo "patching $f executable <<"
+        patchelf \
+            --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+            --set-rpath "${ldpath}" \
+            "$f"
+        patchelf --shrink-rpath "$f"
+      elif [ "$type" == "DYN" ]; then
+        echo "patching $f library <<"
+        patchelf \
+          --set-rpath "$(patchelf --print-rpath "$f"):${ldpath}" \
+          "$f" \
+          && patchelf --shrink-rpath "$f" \
+          || echo unable to patch ... ignoring 1>&2
+      else
+        echo "not patching $f <<: unknown elf type"
+      fi
+    done
+  '';
+
+  # all binaries are already stripped
+  dontStrip = true;
+
+  # we did this in prefixup already
+  dontPatchELF = true;
+
+  meta = {
+    description = "Wolfram Mathematica computational software system";
+    homepage = "http://www.wolfram.com/mathematica/";
+    license = "unfree";
+  };
+}
diff --git a/pkgs/applications/science/math/maxima/default.nix b/pkgs/applications/science/math/maxima/default.nix
index f5fec36756d3..b8f7f2e65b66 100644
--- a/pkgs/applications/science/math/maxima/default.nix
+++ b/pkgs/applications/science/math/maxima/default.nix
@@ -2,7 +2,7 @@
 
 let
   name    = "maxima";
-  version = "5.30.0";
+  version = "5.31.2";
 
   searchPath =
     stdenv.lib.makeSearchPath "bin"
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "mirror://sourceforge/${name}/${name}-${version}.tar.gz";
-    sha256 = "1mhx7g0kzpiagg97s2zhaplsq1li9ya2764mhwl7jgfw2vp3jlm0";
+    sha256 = "12j5irwfckl5583h7lwh0wrp0c65q7mqzcsri2v086j50xvvv398";
   };
 
   buildInputs = [sbcl texinfo perl makeWrapper];
diff --git a/pkgs/applications/science/math/pssp/default.nix b/pkgs/applications/science/math/pssp/default.nix
new file mode 100644
index 000000000000..587f41fe998b
--- /dev/null
+++ b/pkgs/applications/science/math/pssp/default.nix
@@ -0,0 +1,40 @@
+{ stdenv, fetchurl, libxml2, readline, zlib, perl, cairo, gtk, gsl
+, pkgconfig, gtksourceview, pango, gettext, libglade
+}:
+
+stdenv.mkDerivation rec {
+  name = "pspp-0.8.1";
+
+  src = fetchurl {
+    url = "mirror://gnu/pspp/${name}.tar.gz";
+    sha256 = "0qhxsdbwxd3cn1shc13wxvx2lg32lp4z6sz24kv3jz7p5xfi8j7x";
+  };
+
+  buildInputs = [ libxml2 readline zlib perl cairo gtk gsl pkgconfig
+    gtksourceview pango gettext libglade ];
+
+  doCheck = false;
+
+  enableParallelBuilding = true;
+
+  meta = {
+    homepage = "http://www.gnu.org/software/pspp/";
+    description = "a free replacement for SPSS, a program for statistical analysis of sampled data";
+    license = stdenv.lib.licenses.gpl3Plus;
+
+    longDescription = ''
+      PSPP is a program for statistical analysis of sampled data. It is
+      a Free replacement for the proprietary program SPSS.
+
+      PSPP can perform descriptive statistics, T-tests, anova, linear
+      and logistic regression, cluster analysis, factor analysis,
+      non-parametric tests and more. Its backend is designed to perform
+      its analyses as fast as possible, regardless of the size of the
+      input data. You can use PSPP with its graphical interface or the
+      more traditional syntax commands.
+    '';
+
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.simons ];
+  };
+}
diff --git a/pkgs/applications/science/math/speedcrunch/default.nix b/pkgs/applications/science/math/speedcrunch/default.nix
new file mode 100644
index 000000000000..dee33a04be22
--- /dev/null
+++ b/pkgs/applications/science/math/speedcrunch/default.nix
@@ -0,0 +1,38 @@
+{ stdenv, fetchurl, qt, cmake }:
+
+stdenv.mkDerivation rec {
+  name = "speedcrunch-0.11-alpha";
+
+  src = fetchurl {
+    url = "http://speedcrunch.googlecode.com/files/${name}.tar.gz";
+    sha256 = "c6d6328e0c018cd8b98a0e86fb6c49fedbab5dcc831b47fbbc1537730ff80882";
+  };
+
+  patches = [./speedcrunch-0.11-alpha-dso_linking.patch];
+
+  buildInputs = [cmake qt];
+
+  dontUseCmakeBuildDir = true;
+
+  cmakeDir = "../src";
+
+  preConfigure = ''
+    mkdir -p build
+    cd build
+  '';
+
+  buildFlags = "VERBOSE=1";
+
+  meta = {
+    homepage    = "http://speedcrunch.digitalfanatics.org";
+    license     = "GPLv2+";
+    description = "A fast power user calculator";
+    longDescription = ''
+      SpeedCrunch is a fast, high precision and powerful desktop calculator.
+      Among its distinctive features are a scrollable display, up to 50 decimal
+      precisions, unlimited variable storage, intelligent automatic completion
+      full keyboard-friendly and more than 15 built-in math function.
+    '';
+  };
+
+}
diff --git a/pkgs/applications/science/math/speedcrunch/speedcrunch-0.11-alpha-dso_linking.patch b/pkgs/applications/science/math/speedcrunch/speedcrunch-0.11-alpha-dso_linking.patch
new file mode 100644
index 000000000000..1b03c16b63d1
--- /dev/null
+++ b/pkgs/applications/science/math/speedcrunch/speedcrunch-0.11-alpha-dso_linking.patch
@@ -0,0 +1,23 @@
+diff -up speedcrunch-0.11-alpha/src/CMakeLists.txt.dso_linking speedcrunch-0.11-alpha/src/CMakeLists.txt
+--- speedcrunch-0.11-alpha/src/CMakeLists.txt.dso_linking	2009-11-04 15:37:15.000000000 -0600
++++ speedcrunch-0.11-alpha/src/CMakeLists.txt	2010-06-25 13:25:07.133460528 -0500
+@@ -54,6 +54,10 @@ ENDIF(CMAKE_COMPILER_IS_GNUCXX )
+ SET(QT_USE_QTNETWORK TRUE)
+ #SET(QT_USE_QTXML TRUE)
+ find_package(Qt4 REQUIRED)
++if (Q_WS_X11)
++   find_package(X11 REQUIRED)
++endif (Q_WS_X11)
++
+ include(${QT_USE_FILE})
+ 
+ # build everything
+@@ -80,7 +84,7 @@ ENDIF( APPLE )
+ 
+ ADD_CUSTOM_TARGET( confclean COMMAND rm -rf Makefile CMakeFiles/ CMakeCache.txt cmake_install.cmake DartTestfile.txt install_manifest.txt )
+ 
+-TARGET_LINK_LIBRARIES(${PROGNAME} ${QT_LIBRARIES})
++TARGET_LINK_LIBRARIES(${PROGNAME} ${QT_LIBRARIES} ${X11_X11_LIB} )
+ # only needed for static builds when directx is enabled in qt and you
+ # get a linker error because of missing a directx function
+ #IF(WIN32)
diff --git a/pkgs/applications/science/math/wxmaxima/default.nix b/pkgs/applications/science/math/wxmaxima/default.nix
index e9e6ca7bead7..01be4ba7e6c6 100644
--- a/pkgs/applications/science/math/wxmaxima/default.nix
+++ b/pkgs/applications/science/math/wxmaxima/default.nix
@@ -2,14 +2,14 @@
 
 let
   name    = "wxmaxima";
-  version = "13.04.1";
+  version = "13.04.2";
 in
 stdenv.mkDerivation {
   name = "${name}-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/${name}/wxMaxima/${version}/wxMaxima-${version}.tar.gz";
-    sha256 = "0irp1m9vr50ym7wfj1c1vbrzd2pip1vmvn9ykqsdf04afkkwkran";
+    sha256 = "1sylvr0kfdzxxc3qsb0c6ff3lg0bzm1ib5xh78wjgzykbnvjsd99";
   };
 
   buildInputs = [wxGTK maxima makeWrapper];
@@ -26,7 +26,7 @@ stdenv.mkDerivation {
   enableParallelBuilding = true;
 
   meta = {
-    description = "Cross platform GUI for the computer algebra system Maxima.";
+    description = "Cross platform GUI for the computer algebra system Maxima";
     license = "GPL2";
     homepage = http://wxmaxima.sourceforge.net;
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/applications/version-management/bazaar/tools.nix b/pkgs/applications/version-management/bazaar/tools.nix
index 5a4b706f418a..19a00d2b8415 100644
--- a/pkgs/applications/version-management/bazaar/tools.nix
+++ b/pkgs/applications/version-management/bazaar/tools.nix
@@ -15,6 +15,6 @@ rec {
       
   name = "bzr-tools-${version}";
   meta = {
-    description = "Bazaar plugins.";
+    description = "Bazaar plugins";
   };
 }
diff --git a/pkgs/applications/version-management/codeville/0.8.0.nix b/pkgs/applications/version-management/codeville/0.8.0.nix
index d72f753a26e0..5c1910d6c6f6 100644
--- a/pkgs/applications/version-management/codeville/0.8.0.nix
+++ b/pkgs/applications/version-management/codeville/0.8.0.nix
@@ -18,6 +18,6 @@ rec {
       
   name = "codeville-0.8.0";
   meta = {
-    description = "Codeville - RCS with powerful merge.";
+    description = "RCS with powerful merge";
   };
 }
diff --git a/pkgs/applications/version-management/fossil/default.nix b/pkgs/applications/version-management/fossil/default.nix
index 368557e3c2ce..2a669729a9c6 100644
--- a/pkgs/applications/version-management/fossil/default.nix
+++ b/pkgs/applications/version-management/fossil/default.nix
@@ -1,11 +1,11 @@
-{stdenv, fetchurl, zlib, openssl, tcl, readline, sqlite}:
+{stdenv, fetchurl, zlib, openssl, tcl, readline, sqlite, withJson ? true}:
 
 stdenv.mkDerivation {
-  name = "fossil-1.24";
+  name = "fossil-1.27";
 
   src = fetchurl {
-    url = http://www.fossil-scm.org/download/fossil-src-20121022124804.tar.gz;
-    sha256 = "0gcvcrd368acxd79gh7p7caicgqd0f076n0i2if63mg3b8ivz9im";
+    url = http://www.fossil-scm.org/download/fossil-src-20130911114349.tar.gz;
+    sha256 = "0n40z8bx2311i11zjx2x15lw3q8vzjwvfqzikrjlqnpal4vzd72f";
   };
 
   buildInputs = [ zlib openssl readline sqlite ];
@@ -14,6 +14,7 @@ stdenv.mkDerivation {
   doCheck = true;
 
   checkTarget = "test";
+  configureFlags = if withJson then  "--json" else  "";
 
   preBuild=''
     export USER=nonexistent-but-specified-user
@@ -30,7 +31,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Simple, high-reliability, distributed software configuration management.";
+    description = "Simple, high-reliability, distributed software configuration management";
     longDescription = ''
       Fossil is a software configuration management system.  Fossil is
       software that is designed to control and track the development of a
diff --git a/pkgs/applications/version-management/git-and-tools/default.nix b/pkgs/applications/version-management/git-and-tools/default.nix
index d53ca7a01357..af1ab52c04d7 100644
--- a/pkgs/applications/version-management/git-and-tools/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/default.nix
@@ -90,4 +90,6 @@ rec {
   svn2git_kde = callPackage ./svn2git-kde { };
 
   darcsToGit = callPackage ./darcs-to-git { };
+
+  gitflow = callPackage ./gitflow { };
 }
diff --git a/pkgs/applications/version-management/git-and-tools/fast-export/default.nix b/pkgs/applications/version-management/git-and-tools/fast-export/default.nix
index 44e9cd535be6..dcfcce1fcf63 100644
--- a/pkgs/applications/version-management/git-and-tools/fast-export/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/fast-export/default.nix
@@ -5,7 +5,8 @@ stdenv.mkDerivation {
 
   src = fetchgit {
     url = "git://repo.or.cz/fast-export.git";
-    rev = "refs/heads/master";
+    rev = "aaccfba";
+    sha256 = "c9d1498e31d32b8271c1e651175794718611f93b4843dea569d831005de0a750";
   };
 
   buildInputs = [mercurial.python mercurial makeWrapper subversion];
@@ -19,7 +20,6 @@ stdenv.mkDerivation {
     sed -i "s@/usr/bin/env.*@$(type -p python)@" *.py
     l=$out/libexec/git-fast-export
     mkdir -p $out/{bin,doc/git-fast-export} $l
-    mv *.txt $out/doc/git-fast-export
     sed -i "s@ROOT=.*@ROOT=$l@" *.sh
     mv *.sh $out/bin
     mv *.py $l
diff --git a/pkgs/applications/version-management/git-and-tools/git-annex/default.nix b/pkgs/applications/version-management/git-and-tools/git-annex/default.nix
index 38d972aa2434..e32a7dc52b9b 100644
--- a/pkgs/applications/version-management/git-and-tools/git-annex/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git-annex/default.nix
@@ -1,11 +1,11 @@
 { cabal, aeson, async, blazeBuilder, bloomfilter, bup
-, caseInsensitive, clientsession, cryptoApi, curl, dataDefault
-, dataenc, DAV, dbus, dlist, dns, editDistance
+, caseInsensitive, clientsession, cryptoApi, cryptohash, curl
+, dataDefault, dataenc, DAV, dbus, dlist, dns, editDistance
 , extensibleExceptions, feed, filepath, git, gnupg1, gnutls, hamlet
 , hinotify, hS3, hslogger, HTTP, httpConduit, httpTypes, HUnit
 , IfElse, json, lsof, MissingH, MonadCatchIOTransformers
 , monadControl, mtl, network, networkInfo, networkMulticast
-, networkProtocolXmpp, openssh, QuickCheck, random, regexTdfa
+, networkProtocolXmpp, openssh, perl, QuickCheck, random, regexTdfa
 , rsync, SafeSemaphore, SHA, stm, text, time, transformers
 , unixCompat, utf8String, uuid, wai, waiLogger, warp, which
 , xmlConduit, xmlTypes, yesod, yesodCore, yesodDefault, yesodForm
@@ -14,22 +14,22 @@
 
 cabal.mkDerivation (self: {
   pname = "git-annex";
-  version = "4.20130827";
-  sha256 = "07kfp0d2wg3p8s0v2100r4giw5ay1il5j15lrah43fk2rrszgm5z";
+  version = "4.20131024";
+  sha256 = "1a4mrx8zr5znhcy2cszv5ri9avqj7lcn467nmaj172f00vn4fd5x";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
     aeson async blazeBuilder bloomfilter caseInsensitive clientsession
-    cryptoApi dataDefault dataenc DAV dbus dlist dns editDistance
-    extensibleExceptions feed filepath gnutls hamlet hinotify hS3
-    hslogger HTTP httpConduit httpTypes HUnit IfElse json MissingH
-    MonadCatchIOTransformers monadControl mtl network networkInfo
-    networkMulticast networkProtocolXmpp QuickCheck random regexTdfa
-    SafeSemaphore SHA stm text time transformers unixCompat utf8String
-    uuid wai waiLogger warp xmlConduit xmlTypes yesod yesodCore
-    yesodDefault yesodForm yesodStatic
+    cryptoApi cryptohash dataDefault dataenc DAV dbus dlist dns
+    editDistance extensibleExceptions feed filepath gnutls hamlet
+    hinotify hS3 hslogger HTTP httpConduit httpTypes HUnit IfElse json
+    MissingH MonadCatchIOTransformers monadControl mtl network
+    networkInfo networkMulticast networkProtocolXmpp QuickCheck random
+    regexTdfa SafeSemaphore SHA stm text time transformers unixCompat
+    utf8String uuid wai waiLogger warp xmlConduit xmlTypes yesod
+    yesodCore yesodDefault yesodForm yesodStatic
   ];
-  buildTools = [ bup curl git gnupg1 lsof openssh rsync which ];
+  buildTools = [ bup curl git gnupg1 lsof openssh perl rsync which ];
   configureFlags = "-fS3
                     -fWebDAV
                     -fInotify
@@ -42,7 +42,7 @@ cabal.mkDerivation (self: {
                     -fProduction
                     -fTDFA";
   preConfigure = "patchShebangs .";
-  installPhase = "make PREFIX=$out CABAL=./Setup docs install";
+  installPhase = "./Setup install";
   checkPhase = ''
     export HOME="$NIX_BUILD_TOP/tmp"
     mkdir "$HOME"
diff --git a/pkgs/applications/version-management/git-and-tools/git/default.nix b/pkgs/applications/version-management/git-and-tools/git/default.nix
index d88fad416dd1..fb2e34c7aac9 100644
--- a/pkgs/applications/version-management/git-and-tools/git/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/git/default.nix
@@ -10,7 +10,7 @@
 
 let
 
-  version = "1.8.3.4";
+  version = "1.8.4";
 
   svn = subversionClient.override { perlBindings = true; };
 
@@ -21,7 +21,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://git-core.googlecode.com/files/git-${version}.tar.gz";
-    sha256 = "1nfr4hgqs3b6k9wanqcix0wlw71q61h5irxiavlspd4jvzrcv8nz";
+    sha256 = "156bwqqgaw65rsvbb4wih5jfg94bxyf6p16mdwf0ky3f4ln55s2i";
   };
 
   patches = [ ./docbook2texi.patch ./symlinks-in-bin.patch ];
diff --git a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
index c89842c180e6..bf36b2d321f3 100644
--- a/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
+++ b/pkgs/applications/version-management/git-and-tools/git/docbook2texi.patch
@@ -2,19 +2,19 @@ This patch does two things: (1) use the right name for `docbook2texi',
 and (2) make sure `gitman.info' isn't produced since it's broken (duplicate
 node names).
 
-diff -u -r -w git-1.6.3.3.orig/Documentation/Makefile git-1.6.3.3/Documentation/Makefile
---- git-1.6.3.3.orig/Documentation/Makefile	2009-07-02 17:07:17.000000000 +0200
-+++ git-1.6.3.3/Documentation/Makefile	2009-07-02 17:08:49.000000000 +0200
-@@ -51,7 +51,7 @@
- infodir?=$(prefix)/share/info
- MAKEINFO=makeinfo
- INSTALL_INFO=install-info
--DOCBOOK2X_TEXI=docbook2x-texi
-+DOCBOOK2X_TEXI=docbook2texi
- DBLATEX=dblatex
+diff -ru git-1.8.4-orig/Documentation/Makefile git-1.8.4/Documentation/Makefile
+--- git-1.8.4-orig/Documentation/Makefile	2013-08-23 21:38:43.000000000 +0200
++++ git-1.8.4/Documentation/Makefile	2013-09-30 14:48:51.532890378 +0200
+@@ -101,7 +101,7 @@
+ 
+ MAKEINFO = makeinfo
+ INSTALL_INFO = install-info
+-DOCBOOK2X_TEXI = docbook2x-texi
++DOCBOOK2X_TEXI = docbook2texi
+ DBLATEX = dblatex
  ifndef PERL_PATH
  	PERL_PATH = /usr/bin/perl
-@@ -153,7 +153,7 @@
+@@ -205,7 +205,7 @@
  man5: $(DOC_MAN5)
  man7: $(DOC_MAN7)
  
@@ -23,7 +23,7 @@ diff -u -r -w git-1.6.3.3.orig/Documentation/Makefile git-1.6.3.3/Documentation/
  
  pdf: user-manual.pdf
  
-@@ -169,10 +169,9 @@
+@@ -221,10 +221,9 @@
  
  install-info: info
  	$(INSTALL) -d -m 755 $(DESTDIR)$(infodir)
@@ -35,5 +35,3 @@ diff -u -r -w git-1.6.3.3.orig/Documentation/Makefile git-1.6.3.3/Documentation/
  	else \
  	  echo "No directory found in $(DESTDIR)$(infodir)" >&2 ; \
  	fi
-Only in git-1.6.3.3/Documentation: Makefile.orig
-Only in git-1.6.3.3/Documentation: Makefile.rej
diff --git a/pkgs/applications/version-management/git-and-tools/gitflow/default.nix b/pkgs/applications/version-management/git-and-tools/gitflow/default.nix
new file mode 100644
index 000000000000..26a7826d4f0c
--- /dev/null
+++ b/pkgs/applications/version-management/git-and-tools/gitflow/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "gitflow-${version}";
+  version = "1.6.1";
+
+  src = fetchurl {
+    url = "https://github.com/petervanderdoes/gitflow/archive/${version}.tar.gz";
+    sha256 = "1f4879ahi8diddn7qvhr0dkj96gh527xnfihbf1ha83fn9cvvcls";
+  };
+
+  preBuild = ''
+    makeFlagsArray+=(prefix="$out")
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/petervanderdoes/gitflow;
+    description = "A collection of Git extensions to provide high-level repository operations for Vincent Driessen's branching model";
+    license = licenses.bsd2;
+    platforms = platforms.all;
+    maintainers = [ maintainers.offline ];
+  };
+}
diff --git a/pkgs/applications/version-management/git-and-tools/github-backup/default.nix b/pkgs/applications/version-management/git-and-tools/github-backup/default.nix
index 5f0df6c8ead1..557886a4deb1 100644
--- a/pkgs/applications/version-management/git-and-tools/github-backup/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/github-backup/default.nix
@@ -1,17 +1,18 @@
-{ cabal, extensibleExceptions, filepath, github, hslogger, IfElse
-, MissingH, mtl, network, prettyShow, text
+{ cabal, extensibleExceptions, filepath, git, github, hslogger
+, IfElse, MissingH, mtl, network, prettyShow, text, unixCompat
 }:
 
 cabal.mkDerivation (self: {
   pname = "github-backup";
-  version = "1.20130414";
-  sha256 = "1s8s1kv4kj086kzq8iq28zyrlg65hrzg3563fw3dazfik73cmlcp";
+  version = "1.20131006";
+  sha256 = "0yc2hszi509mc0d6245dc8cq20mjjmr8mgrd8571dy9sgda532pf";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
     extensibleExceptions filepath github hslogger IfElse MissingH mtl
-    network prettyShow text
+    network prettyShow text unixCompat
   ];
+  buildTools = [ git ];
   meta = {
     homepage = "https://github.com/joeyh/github-backup";
     description = "backs up everything github knows about a repository, to the repository";
diff --git a/pkgs/applications/version-management/subversion/default.nix b/pkgs/applications/version-management/subversion/default.nix
index 95b244e7d91e..b1469038d42d 100644
--- a/pkgs/applications/version-management/subversion/default.nix
+++ b/pkgs/applications/version-management/subversion/default.nix
@@ -21,13 +21,13 @@ assert compressionSupport -> neon.compressionSupport;
 
 stdenv.mkDerivation rec {
 
-  version = "1.7.11";
+  version = "1.7.13";
 
   name = "subversion-${version}";
 
   src = fetchurl {
     url = "mirror://apache/subversion//${name}.tar.bz2";
-    sha1 = "d82e187803043b74c072cd5a861ac02e4a027684";
+    sha1 = "844bb756ec505edaa12b9610832bcd21567139f1";
   };
 
   buildInputs = [ zlib apr aprutil sqlite ]
diff --git a/pkgs/applications/video/gpac/default.nix b/pkgs/applications/video/gpac/default.nix
index 6a863a5e2c4b..84848d587533 100644
--- a/pkgs/applications/video/gpac/default.nix
+++ b/pkgs/applications/video/gpac/default.nix
@@ -4,9 +4,9 @@ stdenv.mkDerivation rec {
   name = "gpac-0.5.0-svn";
 
   src = fetchsvn {
-    url = "https://gpac.svn.sourceforge.net/svnroot/gpac/trunk/gpac";
-    rev = "4253";
-    sha256 = "0z4bd63c805q53hpb09gq0m0apy12z5a90zxx4jjx3ln64xq0pnn";
+    url = "http://svn.code.sf.net/p/gpac/code/trunk/gpac";
+    rev = "4749";
+    sha256 = "0y38pmp64a2l70y1yby90qzxfzx8y7r0cdmgjxzw86jh6si5ndhp";
   };
 
   # this is the bare minimum configuration, as I'm only interested in MP4Box
diff --git a/pkgs/applications/video/miro/default.nix b/pkgs/applications/video/miro/default.nix
new file mode 100644
index 000000000000..5ca6c80dc7c1
--- /dev/null
+++ b/pkgs/applications/video/miro/default.nix
@@ -0,0 +1,76 @@
+{ stdenv, fetchurl, python, buildPythonPackage, pythonPackages, pkgconfig
+, pyrex096, ffmpeg, boost, glib, pygobject, gtk2, webkit_gtk2, libsoup, pygtk
+, taglib, pysqlite, pycurl, mutagen, pycairo, pythonDBus, pywebkitgtk
+, libtorrentRasterbar
+, gst_python, gst_plugins_base, gst_plugins_good, gst_ffmpeg
+}:
+
+buildPythonPackage rec {
+  name = "miro-${version}";
+  namePrefix = "";
+  version = "6.0";
+
+  src = fetchurl {
+    url = "http://ftp.osuosl.org/pub/pculture.org/miro/src/${name}.tar.gz";
+    sha256 = "0sq25w365i1fz95398vxql3yjl5i6mq77mnmlhmn0pgyg111k3am";
+  };
+
+  setSourceRoot = ''
+    sourceRoot=${name}/linux
+  '';
+
+  patches = [ ./gconf.patch ];
+
+  postPatch = ''
+    sed -i -e '2i import os; os.environ["GST_PLUGIN_PATH"] = \\\
+      '"'$GST_PLUGIN_PATH'" miro.real
+
+    sed -i -e 's/\$(shell which python)/python/' Makefile
+    sed -i -e 's|/usr/bin/||' -e 's|/usr||' \
+           -e 's/BUILD_TIME[^,]*/BUILD_TIME=0/' setup.py
+
+    sed -i -e 's|default="/usr/bin/ffmpeg"|default="${ffmpeg}/bin/ffmpeg"|' \
+      plat/options.py
+
+    sed -i -e 's|/usr/share/miro/themes|'"$out/share/miro/themes"'|' \
+           -e 's/gnome-open/xdg-open/g' \
+           -e '/RESOURCE_ROOT =.*(/,/)/ {
+                 c RESOURCE_ROOT = '"'$out/share/miro/resources/'"'
+               }' \
+           plat/resources.py
+  '';
+
+  installCommand = ''
+    python setup.py install --prefix= --root="$out"
+  '';
+
+  # Disabled for now, because it requires networking and even if we skip those
+  # tests, the whole test run takes around 10-20 minutes.
+  doCheck = false;
+  checkPhase = ''
+    HOME="$TEMPDIR" LANG=en_US.UTF-8 python miro.real --unittest
+  '';
+
+  postInstall = ''
+    mv "$out/bin/miro.real" "$out/bin/miro"
+  '';
+
+  buildInputs = [
+    pkgconfig pyrex096 ffmpeg boost glib pygobject gtk2 webkit_gtk2 libsoup
+    pygtk taglib
+  ];
+
+  propagatedBuildInputs = [
+    pygobject pygtk pycurl python.modules.sqlite3 mutagen pycairo pythonDBus
+    pywebkitgtk libtorrentRasterbar
+    gst_python gst_plugins_base gst_plugins_good gst_ffmpeg
+  ];
+
+  meta = {
+    homepage = "http://www.getmiro.com/";
+    description = "Video and audio feed aggregator";
+    license = stdenv.lib.licenses.gpl2Plus;
+    maintainers = [ stdenv.lib.maintainers.aszlig ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/applications/video/miro/gconf.patch b/pkgs/applications/video/miro/gconf.patch
new file mode 100644
index 000000000000..bc516da9cbfa
--- /dev/null
+++ b/pkgs/applications/video/miro/gconf.patch
@@ -0,0 +1,374 @@
+diff --git a/plat/associate.py b/plat/associate.py
+index 0f3cd31..f9b5a76 100644
+--- a/plat/associate.py
++++ b/plat/associate.py
+@@ -31,69 +31,8 @@
+ Holds functions that associate Miro with certain protocols
+ """
+ 
+-import gconf
+-from miro.plat.config import gconf_lock
+-
+ def associate_protocols(command):
+-    _associate_protocol("magnet", command, False)
++    pass
+ 
+ def disassociate_protocols(command):
+-    _disassociate_protocol("magnet", command)
+-
+-def _associate_protocol(name, command, overwrite_existing=False):
+-    url_handlers_key = "/desktop/gnome/url-handlers/" + name + "/"
+-    if not _is_associated(name) or overwrite_existing:
+-        gconf_lock.acquire()
+-        try:
+-            gconf_client = gconf.client_get_default()
+-            if gconf_client.set_string(url_handlers_key + "command", command):
+-                gconf_client.set_bool(url_handlers_key + "needs_terminal", False)
+-                gconf_client.set_bool(url_handlers_key + "enabled", True)
+-                success = True
+-            else:
+-                success = False
+-        finally:
+-            gconf_lock.release()
+-    else:
+-        success = True
+-    return success
+-
+-def _disassociate_protocol(name, command):
+-    url_handlers_key = "/desktop/gnome/url-handlers/" + name + "/"
+-    if _is_associated(name, command):
+-        gconf_lock.acquire()
+-        try:
+-            gconf_client = gconf.client_get_default()
+-            if gconf_client.set_bool(url_handlers_key + "enabled", False):
+-                success = True
+-            else:
+-                success = False
+-        finally:
+-            gconf_lock.release()
+-    else:
+-        success = True
+-    return success
+-
+-def _is_associated(protocol, command=None):
+-    """ Checks whether a protocol currently is
+-        associated with the given command, or,
+-        if none is given, whether the protocol
+-        is associated with anything at all.
+-    """
+-    url_handlers_key = "/desktop/gnome/url-handlers/" + protocol + "/"
+-    gconf_lock.acquire()
+-    try:
+-        gconf_client = gconf.client_get_default()
+-        key = gconf_client.get(url_handlers_key + "command")
+-        if key is None:
+-            associated = False
+-        else:
+-            enabled = gconf_client.get(url_handlers_key + "enabled")
+-            if command:
+-                associated = key.get_string() == command and enabled.get_bool()
+-            else:
+-                associated = key.get_string() != "" and enabled.get_bool()
+-    finally:
+-        gconf_lock.release()
+-    return associated
+-
++    pass
+diff --git a/plat/config.py b/plat/config.py
+index 40895af..24f8815 100644
+--- a/plat/config.py
++++ b/plat/config.py
+@@ -39,51 +39,20 @@ Preferences are listed in miro.pref and also miro.plat.options.
+ import os
+ import logging
+ from miro import prefs
+-import gconf
++import shelve
+ import threading
+ from miro.plat import options
+ from miro.plat import resources
+ 
+-client = gconf.client_get_default()
+-gconf_lock = threading.RLock()
+-
+-
+-def gconf_key(key):
+-    if options.gconf_name is None:
+-        options.gconf_name = "miro"
+-    return '/apps/%s/%s' % (options.gconf_name, key)
+-
+-
+-def _convert_gconf_value(value):
+-    if value.type == gconf.VALUE_STRING:
+-        return value.get_string()
+-    if value.type == gconf.VALUE_INT:
+-        return value.get_int()
+-    if value.type == gconf.VALUE_BOOL:
+-        return value.get_bool()
+-    if value.type == gconf.VALUE_FLOAT:
+-        return value.get_float()
+-    if value.type == gconf.VALUE_LIST:
+-        return [_convert_gconf_value(v) for v in value.get_list()]
+-    raise TypeError("unknown gconf type %s" % value.type)
+-
+-
+-def _get_gconf(fullkey, default=None):
+-    gconf_lock.acquire()
+-    try:
+-        value = client.get(fullkey)
+-        if value != None:
+-            try:
+-                return _convert_gconf_value(value)
+-            except TypeError, e:
+-                logging.warn("type error while getting gconf value %s: %s",
+-                        fullkey, str(e))
+-        return default
+-    finally:
+-        gconf_lock.release()
+-
+-
+-class GconfDict:
++
++class ConfigFile(object):
++    def __init__(self):
++        support_dir = get(prefs.SUPPORT_DIRECTORY)
++        if not os.path.exists(support_dir):
++            os.makedirs(support_dir)
++        path = os.path.join(support_dir, 'config')
++        self.conf = shelve.open(path, 'c', -1, True)
++
+     def get(self, key, default=None):
+         if not isinstance(key, str):
+             raise TypeError()
+@@ -91,19 +56,16 @@ class GconfDict:
+         if "MIRO_%s" % key.upper() in os.environ:
+             return os.environ["MIRO_%s" % key.upper()]
+ 
+-        fullkey = gconf_key(key)
+-        return _get_gconf(fullkey, default)
++        return self.conf.get(key, default)
++
++    def __del__(self):
++        self.conf.close()
+ 
+     def __contains__(self, key):
+         if "MIRO_%s" % key.upper() in os.environ:
+             return True
+ 
+-        gconf_lock.acquire()
+-        try:
+-            fullkey = gconf_key(key)
+-            return client.get(fullkey) is not None
+-        finally:
+-            gconf_lock.release()
++        return key in self.conf
+ 
+     def __getitem__(self, key):
+         rv = self.get(key)
+@@ -116,43 +78,11 @@ class GconfDict:
+         if "MIRO_%s" % key.upper() in os.environ:
+             return
+ 
+-        gconf_lock.acquire()
+-        try:
+-            if not isinstance(key, str):
+-                raise TypeError()
+-
+-            fullkey = gconf_key(key)
+-            if isinstance(value, str):
+-                client.set_string(fullkey, value)
+-            elif isinstance(value, bool):
+-                client.set_bool(fullkey, value)
+-            elif isinstance(value, int):
+-                client.set_int(fullkey, value)
+-            elif isinstance(value, float):
+-                client.set_float(fullkey, value)
+-            elif isinstance(value, list):
+-                # this is lame, but there isn't enough information to
+-                # figure it out another way
+-                if len(value) == 0 or isinstance(value[0], str):
+-                    list_type = gconf.VALUE_STRING
+-                elif isinstance(value[0], int):
+-                    list_type = gconf.VALUE_INT
+-                elif isinstance(value[0], float):
+-                    list_type = gconf.VALUE_FLOAT
+-                elif isinstance(value[0], bool):
+-                    list_type = gconf.VALUE_BOOL
+-                else:
+-                    raise TypeError("unknown gconf type %s" % type(value[0]))
+-
+-                client.set_list(fullkey, list_type, value)
+-            else:
+-                raise TypeError()
+-        finally:
+-            gconf_lock.release()
++        self.conf[key] = value
+ 
+ 
+ def load():
+-    return GconfDict()
++    return ConfigFile()
+ 
+ 
+ def save(data):
+@@ -208,25 +138,4 @@ def get(descriptor):
+         value = get(prefs.SUPPORT_DIRECTORY)
+         value = os.path.join(value, 'miro-helper.log')
+ 
+-    elif descriptor == prefs.HTTP_PROXY_ACTIVE:
+-        return _get_gconf("/system/http_proxy/use_http_proxy")
+-
+-    elif descriptor == prefs.HTTP_PROXY_HOST:
+-        return _get_gconf("/system/http_proxy/host")
+-
+-    elif descriptor == prefs.HTTP_PROXY_PORT:
+-        return _get_gconf("/system/http_proxy/port")
+-
+-    elif descriptor == prefs.HTTP_PROXY_AUTHORIZATION_ACTIVE:
+-        return _get_gconf("/system/http_proxy/use_authentication")
+-
+-    elif descriptor == prefs.HTTP_PROXY_AUTHORIZATION_USERNAME:
+-        return _get_gconf("/system/http_proxy/authentication_user")
+-
+-    elif descriptor == prefs.HTTP_PROXY_AUTHORIZATION_PASSWORD:
+-        return _get_gconf("/system/http_proxy/authentication_password")
+-
+-    elif descriptor == prefs.HTTP_PROXY_IGNORE_HOSTS:
+-        return _get_gconf("/system/http_proxy/ignore_hosts", [])
+-
+     return value
+diff --git a/plat/frontends/widgets/application.py b/plat/frontends/widgets/application.py
+index a1eaaf3..20f4c23 100644
+--- a/plat/frontends/widgets/application.py
++++ b/plat/frontends/widgets/application.py
+@@ -35,7 +35,6 @@ except RuntimeError:
+     sys.exit(1)
+ import gobject
+ import os
+-import gconf
+ import shutil
+ import platform
+ 
+@@ -53,7 +52,6 @@ from miro import prefs
+ from miro.frontends.widgets.application import Application
+ # from miro.plat.frontends.widgets import threads
+ from miro.plat import renderers, options
+-from miro.plat.config import gconf_lock, gconf_key
+ try:
+     from miro.plat.frontends.widgets import miroappindicator
+     APP_INDICATOR_SUPPORT = True
+@@ -77,29 +75,13 @@ import sys
+ 
+ 
+ def _get_pref(key, getter_name):
+-    gconf_lock.acquire()
+-    try:
+-        client = gconf.client_get_default()
+-        fullkey = gconf_key(key)
+-        value = client.get(fullkey)
+-        if value is not None:
+-            getter = getattr(value, getter_name)
+-            return getter()
+-        else:
+-            return None
+-    finally:
+-        gconf_lock.release()
++    # XXX: ugly!
++    return app.config._data.get(key)
+ 
+ 
+ def _set_pref(key, setter_name, value):
+-    gconf_lock.acquire()
+-    try:
+-        client = gconf.client_get_default()
+-        fullkey = gconf_key(key)
+-        setter = getattr(client, setter_name)
+-        setter(fullkey, value)
+-    finally:
+-        gconf_lock.release()
++    # XXX: ugly!
++    app.config._data[key] = value
+ 
+ 
+ def get_int(key):
+diff --git a/plat/options.py b/plat/options.py
+index 4ea1a67..8e75e20 100644
+--- a/plat/options.py
++++ b/plat/options.py
+@@ -69,14 +69,14 @@ USE_RENDERER = LinuxPref(
+ 
+ GSTREAMER_IMAGESINK = LinuxPref(
+     key="DefaultGstreamerImagesink",
+-    default="gconfvideosink",
++    default="autovideosink",
+     alias="gstreamer-imagesink",
+     helptext=("Which GStreamer image sink to use for video.  "
+               "(autovideosink, ximagesink, xvimagesink, gconfvideosink, ...)"))
+ 
+ GSTREAMER_AUDIOSINK = LinuxPref(
+     key="DefaultGstreamerAudiosink",
+-    default="gconfaudiosink",
++    default="autoaudiosink",
+     alias="gstreamer-audiosink",
+     helptext=("Which GStreamer sink to use for audio.  "
+               "(autoaudiosink, osssink, alsasink, gconfaudiosink, ...)"))
+diff --git a/plat/upgrade.py b/plat/upgrade.py
+index 9677e3a..f812ad4 100644
+--- a/plat/upgrade.py
++++ b/plat/upgrade.py
+@@ -30,7 +30,6 @@
+ import os
+ import shutil
+ from miro.plat import resources
+-import gconf
+ 
+ 
+ def upgrade():
+@@ -64,47 +63,3 @@ def upgrade():
+             os.remove(old_file)
+         except OSError:
+             pass
+-
+-    # gconf settings
+-    client = gconf.client_get_default()
+-
+-    def _copy_gconf(src, dst):
+-        for entry in client.all_entries(src):
+-            entry_dst = dst + '/' + entry.key.split('/')[-1]
+-            client.set(entry_dst, entry.value)
+-        for subdir in client.all_dirs(src):
+-            subdir_dst = dst + '/' + subdir.split('/')[-1]
+-            _copy_gconf(subdir, subdir_dst)
+-
+-    if ((client.dir_exists("/apps/democracy/player")
+-         and not client.dir_exists("/apps/miro"))):
+-        _copy_gconf("/apps/democracy/player", "/apps/miro")
+-        client.recursive_unset("/apps/democracy", 1)
+-
+-    # Set the MoviesDirectory and NonVideoDirectory based on the
+-    # possibilities that we've had over the years and what exists on
+-    # the user's system.  This codifies it in the user's gconf so that
+-    # when we change it in future, then the user isn't affected.
+-    from miro.plat import options
+-    if options.gconf_name is None:
+-        options.gconf_name = "miro"
+-    key = "/apps/%s/MoviesDirectory" % options.gconf_name
+-    if client.get(key) is None:
+-        for mem in ["~/.miro/Movies",     # packages
+-                    "~/Videos/Miro",
+-                    "~/Movies/Miro",      # pre 3.5
+-                    "~/Movies/Democracy"  # democracy player
+-                    ]:
+-            mem = os.path.expanduser(mem)
+-            if os.path.exists(mem):
+-                client.set_string(key, mem)
+-                break
+-
+-    key = "/apps/%s/NonVideoDirectory" % options.gconf_name
+-    if client.get(key) is None:
+-        for mem in ["~/.miro/Nonvideo"   # packages
+-                    ]:
+-            mem = os.path.expanduser(mem)
+-            if os.path.exists(mem):
+-                client.set_string(key, mem)
+-                break
diff --git a/pkgs/applications/video/mplayer/default.nix b/pkgs/applications/video/mplayer/default.nix
index 2051590a8197..6d8780d6cf48 100644
--- a/pkgs/applications/video/mplayer/default.nix
+++ b/pkgs/applications/video/mplayer/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, freetype, pkgconfig, yasm, freefont_ttf
+{ stdenv, fetchurl, pkgconfig, freetype, yasm
+, fontconfigSupport ? true, fontconfig ? null, freefont_ttf ? null
 , x11Support ? true, libX11 ? null, libXext ? null, mesa ? null
 , xineramaSupport ? true, libXinerama ? null
 , xvSupport ? true, libXv ? null
@@ -22,6 +23,8 @@
 , useUnfreeCodecs ? false
 }:
 
+assert fontconfigSupport -> (fontconfig != null);
+assert (!fontconfigSupport) -> (freefont_ttf != null);
 assert x11Support -> (libX11 != null && libXext != null && mesa != null);
 assert xineramaSupport -> (libXinerama != null && x11Support);
 assert xvSupport -> (libXv != null && x11Support);
@@ -95,7 +98,8 @@ stdenv.mkDerivation rec {
   '';
 
   buildInputs = with stdenv.lib;
-    [ freetype pkgconfig ]
+    [ pkgconfig freetype ]
+    ++ optional fontconfigSupport fontconfig
     ++ optionals x11Support [ libX11 libXext mesa ]
     ++ optional alsaSupport alsaLib
     ++ optional xvSupport libXv
@@ -125,6 +129,8 @@ stdenv.mkDerivation rec {
 
   configureFlags = with stdenv.lib;
     ''
+      --enable-freetype
+      ${if fontconfigSupport then "--enable-fontconfig" else "--disable-fontconfig"}
       ${if x11Support then "--enable-x11 --enable-gl" else "--disable-x11 --disable-gl"}
       ${if xineramaSupport then "--enable-xinerama" else "--disable-xinerama"}
       ${if xvSupport then "--enable-xv" else "--disable-xv"}
@@ -144,7 +150,6 @@ stdenv.mkDerivation rec {
       ${if pulseSupport then "--enable-pulse" else "--disable-pulse"}
       ${optionalString (useUnfreeCodecs && codecs != null) "--codecsdir=${codecs}"}
       ${optionalString (stdenv.isi686 || stdenv.isx86_64) "--enable-runtime-cpudetection"}
-      --enable-freetype
       --disable-xanim
       --disable-ivtv
       --disable-xvid --disable-xvid-lavc
@@ -153,14 +158,17 @@ stdenv.mkDerivation rec {
       --disable-ossaudio
     '';
 
-  NIX_LDFLAGS = stdenv.lib.optionalString x11Support "-lX11 -lXext";
+  NIX_LDFLAGS = with stdenv.lib;
+       optional  fontconfigSupport "-lfontconfig"
+    ++ optionals x11Support [ "-lX11" "-lXext" ]
+    ;
 
   installTargets = [ "install" ] ++ stdenv.lib.optional x11Support "install-gui";
 
   enableParallelBuilding = true;
 
-  # Provide a reasonable standard font.  Maybe we should symlink here.
-  postInstall =
+  # Provide a reasonable standard font when not using fontconfig. Maybe we should symlink here.
+  postInstall = stdenv.lib.optionalString (!fontconfigSupport)
     ''
       mkdir -p $out/share/mplayer
       cp ${freefont_ttf}/share/fonts/truetype/FreeSans.ttf $out/share/mplayer/subfont.ttf
diff --git a/pkgs/applications/video/ogmtools/default.nix b/pkgs/applications/video/ogmtools/default.nix
index 1a6bc6629993..11a16e3a79d2 100644
--- a/pkgs/applications/video/ogmtools/default.nix
+++ b/pkgs/applications/video/ogmtools/default.nix
@@ -11,11 +11,14 @@ stdenv.mkDerivation rec {
   buildInputs = [libogg libvorbis libdvdread];
 
   meta = {
-    description = "Tools for modifying and inspecting OGG media streams. Includes dvdxchap tool for extracting chapter information from DVD.";
-    longDescription = "These tools allow information about (ogminfo) or extraction from (ogmdemux) or creation of (ogmmerge) OGG media streams.";
+    description = "Tools for modifying and inspecting OGG media streams";
+    longDescription = ''
+      These tools allow information about (ogminfo) or extraction from
+      (ogmdemux) or creation of (ogmmerge) OGG media streams. Includes dvdxchap
+      tool for extracting chapter information from DVD.
+    '';
     homepage = http://www.bunkus.org/videotools/ogmtools/;
     license = "GPLv2";
-
     platforms = stdenv.lib.platforms.all;
   };
 }
diff --git a/pkgs/applications/video/quvi/library.nix b/pkgs/applications/video/quvi/library.nix
index bef755afed46..49207ad06615 100644
--- a/pkgs/applications/video/quvi/library.nix
+++ b/pkgs/applications/video/quvi/library.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pkgconfig lua5 curl quvi_scripts ];
 
   meta = { 
-    description = "Quvi is a web video downloader.";
+    description = "Web video downloader";
     homepage = http://quvi.sf.net;
     license = "LGPLv2.1+";
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/applications/video/quvi/scripts.nix b/pkgs/applications/video/quvi/scripts.nix
index 9c6cd9d31377..cc82158ae829 100644
--- a/pkgs/applications/video/quvi/scripts.nix
+++ b/pkgs/applications/video/quvi/scripts.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pkgconfig ];
 
   meta = { 
-    description = "Quvi is a web video downloader.";
+    description = "Web video downloader";
     homepage = http://quvi.sf.net;
     license = "LGPLv2.1+";
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/applications/video/quvi/tool.nix b/pkgs/applications/video/quvi/tool.nix
index b2ddabfa6a8d..f8b6aad43106 100644
--- a/pkgs/applications/video/quvi/tool.nix
+++ b/pkgs/applications/video/quvi/tool.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pkgconfig lua5 curl quvi_scripts libquvi ];
 
   meta = { 
-    description = "Quvi is a web video downloader.";
+    description = "Web video downloader";
     homepage = http://quvi.sf.net;
     license = "LGPLv2.1+";
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/applications/video/vlc/default.nix b/pkgs/applications/video/vlc/default.nix
index 714a2882d5f1..3d48b296ad9d 100644
--- a/pkgs/applications/video/vlc/default.nix
+++ b/pkgs/applications/video/vlc/default.nix
@@ -10,11 +10,11 @@
 
 stdenv.mkDerivation rec {
   name = "vlc-${version}";
-  version = "2.0.8";
+  version = "2.1.0";
 
   src = fetchurl {
     url = "http://download.videolan.org/pub/videolan/vlc/${version}/${name}.tar.xz";
-    sha256 = "00hpbm0v424yhfzqyxrvrvfjkbvf3f43yqk6h1qhwmnl8n1z4am0";
+    sha256 = "1xs1zsjip6ljqyy5jlqf14ncda4pjx166bqvjqgcyskq66m7s5yj";
   };
 
   buildInputs =
diff --git a/pkgs/applications/video/xbmc/default.nix b/pkgs/applications/video/xbmc/default.nix
index d3b3556baf4d..59537c7dce02 100644
--- a/pkgs/applications/video/xbmc/default.nix
+++ b/pkgs/applications/video/xbmc/default.nix
@@ -19,6 +19,7 @@
 , udev, udevSupport ? true
 , libusb ? null, usbSupport ? false
 , samba ? null, sambaSupport ? true
+, libmicrohttpd
 # TODO: would be nice to have nfsSupport (needs libnfs library)
 # TODO: librtmp
 , libvdpau ? null, vdpauSupport ? true
@@ -43,7 +44,7 @@ stdenv.mkDerivation rec {
     buildInputs = [
       makeWrapper
       pkgconfig cmake gnumake yasm python
-      boost
+      boost libmicrohttpd
       gettext pcre yajl fribidi
       openssl gperf tinyxml2 taglib libssh swig jre
       libX11 xproto inputproto
@@ -75,7 +76,6 @@ stdenv.mkDerivation rec {
 
     configureFlags = [
       "--enable-external-libraries"
-      "--disable-webserver"
     ]
     ++ lib.optional (! sambaSupport) "--disable-samba"
     ++ lib.optional vdpauSupport "--enable-vdpau"
diff --git a/pkgs/applications/virtualization/OVMF/default.nix b/pkgs/applications/virtualization/OVMF/default.nix
index 7d101aac790b..e6d0b7cb40dd 100644
--- a/pkgs/applications/virtualization/OVMF/default.nix
+++ b/pkgs/applications/virtualization/OVMF/default.nix
@@ -12,7 +12,7 @@ let
 in
 
 stdenv.mkDerivation (edk2.setup "OvmfPkg/OvmfPkg${targetArch}.dsc" {
-  name = "OVMF-2012-03-13";
+  name = "OVMF-2012-10-09";
 
   unpackPhase = ''
     for file in \
diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix
index 195ee5d45c01..de3e5c98d36b 100644
--- a/pkgs/applications/virtualization/virt-manager/default.nix
+++ b/pkgs/applications/virtualization/virt-manager/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, pythonPackages, intltool, libvirt, libxml2Python, curl, python, makeWrapper, virtinst, pyGtkGlade, pythonDBus, gnome_python, gtkvnc}:
+{ stdenv, fetchurl, pythonPackages, intltool, libvirt, libxml2Python, curl,
+  python, makeWrapper, virtinst, pyGtkGlade, pythonDBus, gnome_python, gtkvnc, vte}:
 
 with stdenv.lib;
 
@@ -18,7 +19,8 @@ stdenv.mkDerivation rec {
       distutils_extra simplejson readline glance cheetah lockfile httplib2
       # !!! should libvirt be a build-time dependency?  Note that
       # libxml2Python is a dependency of libvirt.py. 
-      libvirt libxml2Python urlgrabber virtinst pyGtkGlade pythonDBus gnome_python gtkvnc
+      libvirt libxml2Python urlgrabber virtinst pyGtkGlade pythonDBus gnome_python
+      gtkvnc vte
     ];
 
   buildInputs =
@@ -78,7 +80,12 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://virt-manager.org;
-    description = "The 'Virtual Machine Manager' application (virt-manager for short package name) is a desktop user interface for managing virtual machines.";
+    description = "Desktop user interface for managing virtual machines";
+    longDescription = ''
+      The virt-manager application is a desktop user interface for managing
+      virtual machines through libvirt. It primarily targets KVM VMs, but also
+      manages Xen and LXC (linux containers).
+    '';
     license = "GPLv2";
     maintainers = with stdenv.lib.maintainers; [qknight];
   };
diff --git a/pkgs/applications/virtualization/virt-viewer/default.nix b/pkgs/applications/virtualization/virt-viewer/default.nix
index 51ef6c5b39ef..d2e608ba3fa8 100644
--- a/pkgs/applications/virtualization/virt-viewer/default.nix
+++ b/pkgs/applications/virtualization/virt-viewer/default.nix
@@ -1,6 +1,6 @@
 x@{builderDefsPackage
   , gnome, gtk, glib, libxml2, pkgconfig, libvirt, gtkvnc, cyrus_sasl, libtasn1
-  , gnupg, libgcrypt, perl, nettle, yajl
+  , gnupg, libgcrypt, perl, nettle, yajl, libcap_ng
   , ...}:
 builderDefsPackage
 (a :  
diff --git a/pkgs/applications/virtualization/virtinst/default.nix b/pkgs/applications/virtualization/virtinst/default.nix
index 26b16375e659..bb8b7a1d0d99 100644
--- a/pkgs/applications/virtualization/virtinst/default.nix
+++ b/pkgs/applications/virtualization/virtinst/default.nix
@@ -40,6 +40,6 @@ stdenv.mkDerivation rec {
     homepage = http://virt-manager.org;
     license = "GPLv2+";
     maintainers = with stdenv.lib.maintainers; [qknight];
-    description = "The Virt Install tool (virt-install for short command name, virtinst for package name) is a command line tool which provides an easy way to provision operating systems into virtual machines.";
+    description = "Command line tool which provides an easy way to provision operating systems into virtual machines";
   };
 }
diff --git a/pkgs/applications/virtualization/virtualbox/default.nix b/pkgs/applications/virtualization/virtualbox/default.nix
index 09b6e015a931..652b2ed92c10 100644
--- a/pkgs/applications/virtualization/virtualbox/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/default.nix
@@ -11,7 +11,7 @@ with stdenv.lib;
 
 let
 
-  version = "4.2.16"; # changes ./guest-additions as well
+  version = "4.2.18"; # changes ./guest-additions as well
 
   forEachModule = action: ''
     for mod in \
@@ -31,13 +31,13 @@ let
   '';
 
   # See https://github.com/NixOS/nixpkgs/issues/672 for details
-  extpackRevision = "86992";
+  extpackRevision = "88780";
   extensionPack = requireFile rec {
     name = "Oracle_VM_VirtualBox_Extension_Pack-${version}-${extpackRevision}.vbox-extpack";
     # IMPORTANT: Hash must be base16 encoded because it's used as an input to
     # VBoxExtPackHelperApp!
-    # Tip: nix-hash --type sha256 --to-base16 "hash from nix-prefetch-url"
-    sha256 = "8f88b1ebe69b770103e9151bebf6681c5e049eb5fac45ae8d52c43440aa0fa0d";
+    # Tip: see http://dlc.sun.com.edgesuite.net/virtualbox/4.2.18/SHA256SUMS
+    sha256 = "1d1737b59d0f30f5d42beeabaff168bdc0a75b8b28df685979be6173e5adbbba";
     message = ''
       In order to use the extension pack, you need to comply with the VirtualBox Personal Use
       and Evaluation License (PUEL) by downloading the related binaries from:
@@ -56,7 +56,7 @@ in stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2";
-    sha256 = "0nnl8qh8j4sk5zn78hrp6ccidmk332p7qg6pv5a0a4irs0b8j3zz";
+    sha256 = "9dbddf393b029c549249f627d12040c1d257972bc09292969b8819a31ab78d74";
   };
 
   buildInputs =
diff --git a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
index cca133685f60..de38843c7f1b 100644
--- a/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
+++ b/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso";
-    sha256 = "1id0rb2sdnn34rvjl2v3hp3z9g9c4s4f4kl1lx0myjlqv8i0fayg";
+    sha256 = "f11a7f13dfe7bf9f246fb877144bb467fe6deadcd876568ec79b6ccd3b59d767";
   };
 
   KERN_DIR = "${kernelDev}/lib/modules/*/build";
diff --git a/pkgs/applications/window-managers/compiz/default.nix b/pkgs/applications/window-managers/compiz/default.nix
index 46aa6e4d77eb..02b7b9987bdb 100644
--- a/pkgs/applications/window-managers/compiz/default.nix
+++ b/pkgs/applications/window-managers/compiz/default.nix
@@ -15,10 +15,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="compiz";
-    version="0.9.9.0";
-    name="compiz-${version}";
-    url="https://launchpad.net/compiz/0.9.9/${version}/+download/${name}.tar.bz2";
-    sha256="0nxv9lv0zwzs82p2d5g38sbvzbqgfs837xdgwc26lh5wdv31d93s";
+    version="0.9.10.0";
+    name="${baseName}-${version}";
+    hash="0kvjib0ns02cikpsjq5hlf746yjx2gkfh373pvrb25lzv3rs1qax";
+    url="https://launchpad.net/compiz/0.9.10/0.9.10.0/+download/compiz-0.9.10.0.tar.bz2";
+    sha256="0kvjib0ns02cikpsjq5hlf746yjx2gkfh373pvrb25lzv3rs1qax";
   };
   buildInputs = [cmake pkgconfig
     libXrender renderproto gtk libwnck pango cairo
diff --git a/pkgs/applications/window-managers/ion-3/default.nix b/pkgs/applications/window-managers/ion-3/default.nix
index b4dabb300c19..7a467b1fcdb9 100644
--- a/pkgs/applications/window-managers/ion-3/default.nix
+++ b/pkgs/applications/window-managers/ion-3/default.nix
@@ -3,7 +3,7 @@
 stdenv.mkDerivation {
   name = "ion-3-20090110";
   meta = {
-    description = "Ion is a tiling tabbed window manager designed with keyboard users in mind.";
+    description = "Tiling tabbed window manager designed with keyboard users in mind";
     homepage = http://modeemi.fi/~tuomov/ion;
   };
   src = fetchurl {
diff --git a/pkgs/applications/window-managers/stumpwm/default.nix b/pkgs/applications/window-managers/stumpwm/default.nix
deleted file mode 100644
index ab261a78fb01..000000000000
--- a/pkgs/applications/window-managers/stumpwm/default.nix
+++ /dev/null
@@ -1,61 +0,0 @@
-args : 
-let 
-  lib = args.lib;
-  fetchurl = args.fetchurl;
-  noDepEntry = args.noDepEntry;
-  fullDepEntry = args.fullDepEntry;
-
-  buildInputs = lib.attrVals ["clisp" "texinfo"] args;
-  version = lib.attrByPath ["version"] "0.9.7" args; 
-
-  pkgName = "stumpwm";
-in
-rec {
-  src = fetchurl {
-    url = "mirror://savannah/stumpwm/${pkgName}-${version}.tgz";
-    sha256 = "a0793d22ef90731d34f84e51deafb4bc2095a357c70b9505dc57516f481cdf78";
-  };
-
-  inherit buildInputs;
-  configureFlags = ["--with-lisp=clisp"];
-  envVars = noDepEntry (''
-    export HOME="$NIX_BUILD_TOP";
-  '');
-
-  installation = fullDepEntry (''
-    mkdir -p $out/bin 
-    mkdir -p $out/share/stumpwm/doc
-    mkdir -p $out/share/info 
-    mkdir -p $out/share/stumpwm/lisp
-
-    cp stumpwm $out/bin
-    cp contrib/stumpish $out/bin || true
-    cp sample-stumpwmrc.lisp  $out/share/stumpwm/doc
-    cp stumpwm.info $out/share/info
-
-    cp -r {.,cl-ppcre}/*.{lisp,fas,lib,asd} contrib $out/share/stumpwm/lisp
-    cd $out/share/stumpwm/lisp
-    cat << EOF >init-stumpwm.lisp
-      (require "asdf") 
-      (asdf:operate 'asdf:load-op :cl-ppcre) 
-      (asdf:operate 'asdf:load-op :stumpwm)
-    EOF
-    clisp -K full -i init-stumpwm.lisp
-    cat << EOF >init-stumpwm.lisp
-      (require "asdf") 
-      (asdf:operate 'asdf:load-source-op :cl-ppcre) 
-      (asdf:operate 'asdf:load-source-op :stumpwm)
-    EOF
-    '') ["minInit" "defEnsureDir" "addInputs" "doMake"];
-
-  /* doConfigure should be specified separately */
-  phaseNames = ["envVars" "doConfigure" "doMake" "installation"];
-      
-  name = "${pkgName}-" + version;
-  meta = {
-    description = "Common Lisp-based ratpoison-like window manager.";
-    maintainers = [args.lib.maintainers.raskin];
-    platforms = with args.lib.platforms;
-      linux ++ freebsd;
-  };
-}
diff --git a/pkgs/applications/window-managers/wmii31/default.nix b/pkgs/applications/window-managers/wmii31/default.nix
index 50655a851e2a..dd49cf5ec43e 100644
--- a/pkgs/applications/window-managers/wmii31/default.nix
+++ b/pkgs/applications/window-managers/wmii31/default.nix
@@ -29,7 +29,7 @@ args: with args; stdenv.mkDerivation {
      cp cmd/wmiimenu \$out/bin
   ";
   meta = { homepage = "www.suckless.org";
-           description = "one small tool of the wmii window manger to let the user select an item from a list by filtering..";
+           description = "One small tool of the wmii window manger to let the user select an item from a list by filtering";
            license="MIT";
          };
 }
diff --git a/pkgs/build-support/build-fhs-chrootenv/default.nix b/pkgs/build-support/build-fhs-chrootenv/default.nix
new file mode 100644
index 000000000000..8756c4835b29
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/default.nix
@@ -0,0 +1,84 @@
+{stdenv, glibc, glibcLocales, gcc, coreutils, diffutils, findutils, gnused, gnugrep, gnutar, gzip, bzip2, 
+bashInteractive, xz, shadow, gawk, less, buildEnv}:
+{name, pkgs ? [], profile ? ""}:
+
+let
+  basePkgs = [ glibc glibcLocales gcc coreutils diffutils findutils gnused gnugrep gnutar gzip bzip2 
+bashInteractive xz shadow gawk less ];
+
+  # Compose a global profile for the chroot environment
+  profilePkg = stdenv.mkDerivation {
+    name = "${name}-chrootenv-profile";
+    buildCommand = ''
+      mkdir -p $out/etc
+      cat >> $out/etc/profile << "EOF"
+      export PS1='${name}-chrootenv:\u@\h:\w\$ '
+      ${profile}
+      EOF
+    '';
+  };
+
+  paths = basePkgs ++ [ profilePkg ] ++ pkgs;
+
+  # Composes a /usr like directory structure
+  staticUsrProfile = buildEnv {
+    name = "system-profile";
+    inherit paths;
+  };
+  
+  # References to shell scripts that set up or tear down the environment
+  initSh = ./init.sh.in;
+  mountSh = ./mount.sh.in;
+  loadSh = ./load.sh.in;
+  umountSh = ./umount.sh.in;
+  destroySh = ./destroy.sh.in;                                                                                       
+in                                                                                                                   
+stdenv.mkDerivation {                                                                                                
+  name = "${name}-chrootenv";                                                                                        
+  buildCommand = ''                                                                                                  
+    mkdir -p $out/sw                                                                                                 
+    cd $out/sw                                                                                                       
+                                                                                                                     
+    for i in ${staticUsrProfile}/{etc,bin,lib{,32,64},sbin,var}                                                      
+    do                                                                                                               
+        if [ -x "$i" ]
+        then
+            ln -s "$i"
+        fi
+    done
+    
+    ln -s ${staticUsrProfile} usr
+    
+    cd ..
+    
+    mkdir -p bin
+    cd bin
+    
+    sed -e "s|@chrootEnv@|$out|g" \
+        -e "s|@name@|${name}|g" \
+        -e "s|@shell@|${stdenv.shell}|g" \
+        ${initSh} > init-${name}-chrootenv
+    chmod +x init-${name}-chrootenv
+    
+    sed -e "s|@shell@|${stdenv.shell}|g" \
+        -e "s|@name@|${name}|g" \
+        ${mountSh} > mount-${name}-chrootenv
+    chmod +x mount-${name}-chrootenv
+    
+    sed -e "s|@shell@|${stdenv.shell}|g" \
+        -e "s|@name@|${name}|g" \
+        ${loadSh} > load-${name}-chrootenv
+    chmod +x load-${name}-chrootenv
+    
+    sed -e "s|@shell@|${stdenv.shell}|g" \
+        -e "s|@name@|${name}|g" \
+        ${umountSh} > umount-${name}-chrootenv
+    chmod +x umount-${name}-chrootenv
+    
+    sed -e "s|@chrootEnv@|$out|g" \
+        -e "s|@shell@|${stdenv.shell}|g" \
+        -e "s|@name@|${name}|g" \
+        ${destroySh} > destroy-${name}-chrootenv
+    chmod +x destroy-${name}-chrootenv
+  '';
+}
diff --git a/pkgs/build-support/build-fhs-chrootenv/destroy.sh.in b/pkgs/build-support/build-fhs-chrootenv/destroy.sh.in
new file mode 100644
index 000000000000..30b51cb5068f
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/destroy.sh.in
@@ -0,0 +1,21 @@
+#! @shell@ -e
+
+chrootenvDest=/run/chrootenv/@name@
+
+# Remove bind mount points
+rmdir $chrootenvDest/{dev,nix/store,nix,proc,sys,host-etc,home,var,run}
+
+# Remove symlinks to the software that should be part of the chroot system profile
+for i in @chrootEnv@/sw/*
+do
+    if [ "$i" != "@chrootEnv@/sw/etc" ] && [ "$i" != "@chrootEnv@/sw/var" ]
+    then
+        rm $chrootenvDest/$(basename $i)
+    fi
+done
+
+# Remove the remaining folders
+rm -Rf $chrootenvDest/{etc,root,tmp}
+
+# Remove the chroot environment folder
+rmdir $chrootenvDest
diff --git a/pkgs/build-support/build-fhs-chrootenv/init.sh.in b/pkgs/build-support/build-fhs-chrootenv/init.sh.in
new file mode 100644
index 000000000000..2dfa95219c85
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/init.sh.in
@@ -0,0 +1,48 @@
+#! @shell@ -e
+
+chrootenvDest=/run/chrootenv/@name@
+
+# Create some mount points for stuff that must be bind mounted
+mkdir -p $chrootenvDest/{nix/store,dev,proc,sys,host-etc,home,var,run}
+
+# Symlink the software that should be part of the chroot system profile
+for i in @chrootEnv@/sw/*
+do
+    if [ "$i" != "@chrootEnv@/sw/etc" ] && [ "$i" != "@chrootEnv@/sw/var" ]
+    then
+        ln -s "$i" "$chrootenvDest"
+    fi
+done
+
+# Symlink the contents of the chroot software's /etc
+
+mkdir $chrootenvDest/etc
+
+for i in @chrootEnv@/sw/etc/*
+do
+    ln -s "$i" $chrootenvDest/etc
+done
+
+# Symlink some NSS stuff
+ln -s ../host-etc/passwd $chrootenvDest/etc/passwd
+ln -s ../host-etc/group $chrootenvDest/etc/group
+ln -s ../host-etc/shadow $chrootenvDest/etc/shadow
+ln -s ../host-etc/hosts $chrootenvDest/etc/hosts
+ln -s ../host-etc/resolv.conf $chrootenvDest/etc/resolv.conf
+ln -s ../host-etc/nsswitch.conf $chrootenvDest/etc/nsswitch.conf
+
+# Symlink PAM stuff
+rm $chrootenvDest/etc/pam.d
+ln -s ../host-etc/static/pam.d $chrootenvDest/etc/pam.d
+
+# Symlink Font stuff
+mkdir $chrootenvDest/etc/fonts
+ln -s ../../host-etc/static/fonts/fonts.conf $chrootenvDest/etc/fonts
+mkdir $chrootenvDest/etc/fonts/conf.d
+ln -s ../../../host-etc/static/fonts/conf.d/00-nixos.conf $chrootenvDest/etc/fonts/conf.d
+
+# Create root folder
+mkdir $chrootenvDest/root
+
+# Create tmp folder
+mkdir -m1777 $chrootenvDest/tmp
diff --git a/pkgs/build-support/build-fhs-chrootenv/load.sh.in b/pkgs/build-support/build-fhs-chrootenv/load.sh.in
new file mode 100644
index 000000000000..8d3f464186b7
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/load.sh.in
@@ -0,0 +1,6 @@
+#! @shell@ -e
+
+chrootenvDest=/run/chrootenv/@name@
+
+# Enter the LFS chroot environment
+chroot $chrootenvDest /usr/bin/env -i PS1="$PS1" TERM="$TERM" DISPLAY="$DISPLAY" HOME="/root" PATH="/bin:/sbin" /bin/bash --login
diff --git a/pkgs/build-support/build-fhs-chrootenv/mount.sh.in b/pkgs/build-support/build-fhs-chrootenv/mount.sh.in
new file mode 100644
index 000000000000..68459cca2560
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/mount.sh.in
@@ -0,0 +1,23 @@
+#! @shell@ -e
+
+chrootenvDest=/run/chrootenv/@name@
+
+# Bind mount the Nix store
+mount --bind /nix/store $chrootenvDest/nix/store
+
+# Bind mount some kernel related stuff
+mount --bind /dev $chrootenvDest/dev
+mount --bind /dev/pts $chrootenvDest/dev/pts
+mount --bind /dev/shm $chrootenvDest/dev/shm
+mount --bind /proc $chrootenvDest/proc
+mount --bind /sys $chrootenvDest/sys
+
+# Bind mount home directories
+mount --bind /home $chrootenvDest/home
+
+# Bind mount state directories
+mount --bind /var $chrootenvDest/var
+mount --bind /run $chrootenvDest/run
+
+# Bind mount the host system's /etc
+mount --bind /etc $chrootenvDest/host-etc
diff --git a/pkgs/build-support/build-fhs-chrootenv/umount.sh.in b/pkgs/build-support/build-fhs-chrootenv/umount.sh.in
new file mode 100644
index 000000000000..29d631fbd90b
--- /dev/null
+++ b/pkgs/build-support/build-fhs-chrootenv/umount.sh.in
@@ -0,0 +1,6 @@
+#! @shell@ -e
+
+chrootenvDest=/run/chrootenv/@name@
+
+# Unmount all bind mounts
+umount $chrootenvDest/{dev/pts,dev/shm,dev,nix/store,proc,sys,host-etc,home,var,run}
diff --git a/pkgs/build-support/builder-defs/builder-defs.nix b/pkgs/build-support/builder-defs/builder-defs.nix
index 3c5d7af621c8..e22aa6bc66ef 100644
--- a/pkgs/build-support/builder-defs/builder-defs.nix
+++ b/pkgs/build-support/builder-defs/builder-defs.nix
@@ -565,13 +565,15 @@ let inherit (builtins) head tail trace; in
      # Interpreters that are already in the store are left untouched.
          echo "patching script interpreter paths"
          local f
-         for f in $(find "${dir}" -type f -perm +0100); do
+         for f in $(find "${dir}" -xtype f -perm +0100); do
              local oldPath=$(sed -ne '1 s,^#![ ]*\([^ ]*\).*$,\1,p' "$f")
              if test -n "$oldPath" -a "''${oldPath:0:''${#NIX_STORE}}" != "$NIX_STORE"; then
                  local newPath=$(type -P $(basename $oldPath) || true)
                  if test -n "$newPath" -a "$newPath" != "$oldPath"; then
                      echo "$f: interpreter changed from $oldPath to $newPath"
                      sed -i "1 s,$oldPath,$newPath," "$f"
+		 else
+		     echo "$f: not changing interpreter from $oldPath"
                  fi
              fi
          done
diff --git a/pkgs/build-support/cabal/default.nix b/pkgs/build-support/cabal/default.nix
index ca985181a532..9b6d8c4e80ed 100644
--- a/pkgs/build-support/cabal/default.nix
+++ b/pkgs/build-support/cabal/default.nix
@@ -1,12 +1,29 @@
 # generic builder for Cabal packages
 
-{ stdenv, fetchurl, lib, pkgconfig, ghc, Cabal, jailbreakCabal
+{ stdenv, fetchurl, lib, pkgconfig, ghc, Cabal, jailbreakCabal, glibcLocales
 , enableLibraryProfiling ? false
-, enableCheckPhase ? true
+, enableSharedLibraries ? false
+, enableSharedExecutables ? false
+, enableCheckPhase ? stdenv.lib.versionOlder "7.4" ghc.version
 }:
 
-# The Cabal library shipped with GHC versions older than 7.x doesn't accept the --enable-tests configure flag.
-assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
+let
+  enableFeature         = stdenv.lib.enableFeature;
+  versionOlder          = stdenv.lib.versionOlder;
+  optional              = stdenv.lib.optional;
+  optionals             = stdenv.lib.optionals;
+  optionalString        = stdenv.lib.optionalString;
+  filter                = stdenv.lib.filter;
+in
+
+# Cabal shipped with GHC 6.12.4 or earlier doesn't know the "--enable-tests configure" flag.
+assert enableCheckPhase -> versionOlder "7" ghc.version;
+
+# GHC prior to 7.4.x doesn't know the "--enable-executable-dynamic" flag.
+assert enableSharedExecutables -> versionOlder "7.4" ghc.version;
+
+# Our GHC 6.10.x builds do not provide sharable versions of their core libraries.
+assert enableSharedLibraries -> versionOlder "6.12" ghc.version;
 
 {
   mkDerivation =
@@ -23,8 +40,8 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
         # in the interest of keeping hashes stable.
         postprocess =
           x : (removeAttrs x internalAttrs) // {
-                buildInputs           = stdenv.lib.filter (y : ! (y == null)) x.buildInputs;
-                propagatedBuildInputs = stdenv.lib.filter (y : ! (y == null)) x.propagatedBuildInputs;
+                buildInputs           = filter (y : ! (y == null)) x.buildInputs;
+                propagatedBuildInputs = filter (y : ! (y == null)) x.propagatedBuildInputs;
                 doCheck               = enableCheckPhase && x.doCheck;
               };
 
@@ -42,8 +59,12 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
             # if that is not desired (for applications), name can be set to
             # fname.
             name = if self.isLibrary then
-                     if enableLibraryProfiling then
+                     if enableLibraryProfiling && self.enableSharedLibraries then
+                       "haskell-${self.pname}-ghc${ghc.ghc.version}-${self.version}-profiling-shared"
+                     else if enableLibraryProfiling && !self.enableSharedLibraries then
                        "haskell-${self.pname}-ghc${ghc.ghc.version}-${self.version}-profiling"
+                     else if !enableLibraryProfiling && self.enableSharedLibraries then
+                       "haskell-${self.pname}-ghc${ghc.ghc.version}-${self.version}-shared"
                      else
                        "haskell-${self.pname}-ghc${ghc.ghc.version}-${self.version}"
                    else
@@ -63,7 +84,7 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
             # but often propagatedBuildInputs is preferable anyway
             buildInputs = [ghc Cabal] ++ self.extraBuildInputs;
             extraBuildInputs = self.buildTools ++
-                               (stdenv.lib.optionals self.doCheck self.testDepends) ++
+                               (optionals self.doCheck self.testDepends) ++
                                (if self.pkgconfigDepends == [] then [] else [pkgconfig]) ++
                                (if self.isLibrary then [] else self.buildDepends ++ self.extraLibraries ++ self.pkgconfigDepends);
 
@@ -80,6 +101,9 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
             # build-depends Cabal fields stated in test-suite stanzas
             testDepends = [];
 
+            # target(s) passed to the cabal test phase as an argument
+            testTarget = "";
+
             # build-tools Cabal field
             buildTools = [];
 
@@ -96,42 +120,61 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
             jailbreak = false;
 
             # pass the '--enable-split-objs' flag to cabal in the configure stage
-            enableSplitObjs = !(  stdenv.isDarwin         # http://hackage.haskell.org/trac/ghc/ticket/4013
-                               || stdenv.lib.versionOlder "7.6.99" ghc.ghcVersion  # -fsplit-ojbs is broken in 7.7 snapshot
+            enableSplitObjs = !(  stdenv.isDarwin                       # http://hackage.haskell.org/trac/ghc/ticket/4013
+                               || versionOlder "7.6.99" ghc.version     # -fsplit-ojbs is broken in 7.7 snapshot
                                );
 
             # pass the '--enable-tests' flag to cabal in the configure stage
             # and run any regression test suites the package might have
             doCheck = enableCheckPhase;
 
+            # pass the '--enable-shared' flag to cabal in the configure
+            # stage to enable building shared libraries
+            inherit enableSharedLibraries;
+
+            # pass the '--enable-executable-dynamic' flag to cabal in
+            # the configure stage to enable linking shared libraries
+            inherit enableSharedExecutables;
+
             extraConfigureFlags = [
-              (stdenv.lib.enableFeature enableLibraryProfiling "library-profiling")
-              (stdenv.lib.enableFeature self.enableSplitObjs "split-objs")
-            ] ++ stdenv.lib.optional (stdenv.lib.versionOlder "7" ghc.ghcVersion) (stdenv.lib.enableFeature self.doCheck "tests");
+              (enableFeature self.enableSplitObjs "split-objs")
+              (enableFeature enableLibraryProfiling "library-profiling")
+              (enableFeature self.enableSharedLibraries "shared")
+              (optional (versionOlder "7.4" ghc.version) (enableFeature self.enableSharedExecutables "executable-dynamic"))
+              (optional (versionOlder "7" ghc.version) (enableFeature self.doCheck "tests"))
+            ];
+
+            # GHC needs the locale configured during the Haddock phase.
+            LANG = "en_US.UTF-8";
+            LOCALE_ARCHIVE = optionalString stdenv.isLinux "${glibcLocales}/lib/locale/locale-archive";
 
             # compiles Setup and configures
             configurePhase = ''
               eval "$preConfigure"
 
-              ${lib.optionalString self.jailbreak "${jailbreakCabal}/bin/jailbreak-cabal ${self.pname}.cabal"}
+              ${optionalString self.jailbreak "${jailbreakCabal}/bin/jailbreak-cabal ${self.pname}.cabal"}
 
               for i in Setup.hs Setup.lhs; do
                 test -f $i && ghc --make $i
               done
 
               for p in $extraBuildInputs $propagatedNativeBuildInputs; do
+                if [ -d "$p/lib/ghc-${ghc.ghc.version}/package.conf.d" ]; then
+                  # Haskell packages don't need any extra configuration.
+                  continue;
+                fi
                 if [ -d "$p/include" ]; then
-                  extraConfigureFlags+=" --extra-include-dir=$p/include"
+                  extraConfigureFlags+=" --extra-include-dirs=$p/include"
                 fi
                 for d in lib{,64}; do
                   if [ -d "$p/$d" ]; then
-                    extraConfigureFlags+=" --extra-lib-dir=$p/$d"
+                    extraConfigureFlags+=" --extra-lib-dirs=$p/$d"
                   fi
                 done
               done
 
               echo "configure flags: $extraConfigureFlags $configureFlags"
-              ./Setup configure --verbose --prefix="$out" $extraConfigureFlags $configureFlags
+              ./Setup configure --verbose --prefix="$out" --libdir='$prefix/lib/$compiler' --libsubdir='$pkgid' $extraConfigureFlags $configureFlags
 
               eval "$postConfigure"
             '';
@@ -142,16 +185,16 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
 
               ./Setup build
 
-              export GHC_PACKAGE_PATH=$(ghc-packages)
-              [ -n "$noHaddock" ] || ./Setup haddock
+              export GHC_PACKAGE_PATH=$(${ghc.GHCPackages})
+              test -n "$noHaddock" || ./Setup haddock
 
               eval "$postBuild"
             '';
 
-            checkPhase = stdenv.lib.optional self.doCheck ''
+            checkPhase = optional self.doCheck ''
               eval "$preCheck"
 
-              ./Setup test
+              ./Setup test ${self.testTarget}
 
               eval "$postCheck"
             '';
@@ -166,7 +209,7 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
 
               ensureDir $out/bin # necessary to get it added to PATH
 
-              local confDir=$out/lib/ghc-pkgs/ghc-${ghc.ghc.version}
+              local confDir=$out/lib/ghc-${ghc.ghc.version}/package.conf.d
               local installedPkgConf=$confDir/${self.fname}.installedconf
               local pkgConf=$confDir/${self.fname}.conf
               ensureDir $confDir
@@ -176,13 +219,11 @@ assert enableCheckPhase -> stdenv.lib.versionOlder "7" ghc.ghcVersion;
                 GHC_PACKAGE_PATH=$installedPkgConf ghc-pkg --global register $pkgConf --force
               fi
 
-              eval "$postInstall"
-            '';
-
-            postFixup = ''
               if test -f $out/nix-support/propagated-native-build-inputs; then
                 ln -s $out/nix-support/propagated-native-build-inputs $out/nix-support/propagated-user-env-packages
               fi
+
+              eval "$postInstall"
             '';
 
             # We inherit stdenv and ghc so that they can be used
diff --git a/pkgs/build-support/checker/default.nix b/pkgs/build-support/checker/default.nix
deleted file mode 100644
index 66f8c45e37bc..000000000000
--- a/pkgs/build-support/checker/default.nix
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-#  Checks that all set options are described.
-#
-options: configuration:
-with builtins;
-let lib=(import ../../lib); in
-with lib;
-
-let 
-  findInList = p: list: default:
-       if list == [] then default else
-       if (p (head list)) then (head list) else
-       findInList p (tail list) default;
-  
-
-  checkAttrInclusion = s: a: b:
-	(
-	if ! isAttrs b then s else
-	if (lib.attrByPath ["_type"] "" b) == "option" then "" else
-	findInList (x : x != "") 
-		( map (x: if (x == "servicesProposal") # this attr will be checked at another place ( -> upstart-jobs/default.nix )
-                       then ""
-                       else checkAttrInclusion 
-			(s + "." + x) 
-			(builtins.getAttr x a)
-			(lib.attrByPath [x] null b)) 
-		(attrNames a)) ""
-	);
-in 	
-	checkAttrInclusion "" configuration options
-
diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix
index b7461678fea4..c6c294d55042 100644
--- a/pkgs/build-support/fetchurl/mirrors.nix
+++ b/pkgs/build-support/fetchurl/mirrors.nix
@@ -159,7 +159,7 @@ rec {
 
   # Debian.
   debian = [
-    ftp://ftp.au.debian.org/debian/
+    #ftp://ftp.au.debian.org/debian/
     ftp://ftp.de.debian.org/debian/
     ftp://ftp.es.debian.org/debian/
     ftp://ftp.fr.debian.org/debian/
@@ -271,4 +271,100 @@ rec {
     ftp://ftp.xemacs.org/sites/metalab.unc.edu/
   ];
 
+  # CRAN mirrors (from http://cran.r-project.org/mirrors.html)
+  cran = [
+    http://cran.r-project.org/
+    http://cran.rstudio.com/
+    http://mirror.fcaglp.unlp.edu.ar/CRAN/
+    http://r.mirror.mendoza-conicet.gob.ar/
+    http://cran.csiro.au/
+    http://cran.ms.unimelb.edu.au/
+    http://cran.at.r-project.org/
+    http://www.freestatistics.org/cran/
+    http://cran-r.c3sl.ufpr.br/
+    http://cran.fiocruz.br/
+    http://www.vps.fmvz.usp.br/CRAN/
+    http://brieger.esalq.usp.br/CRAN/
+    http://cran.stat.sfu.ca/
+    http://mirror.its.dal.ca/cran/
+    http://probability.ca/cran/
+    http://cran.skazkaforyou.com/
+    http://cran.parentingamerica.com/
+    http://dirichlet.mat.puc.cl/
+    http://ftp.ctex.org/mirrors/CRAN/
+    http://mirror.bjtu.edu.cn/cran
+    http://cran.dataguru.cn/
+    http://mirrors.ustc.edu.cn/CRAN/
+    http://mirrors.xmu.edu.cn/CRAN/
+    http://www.laqee.unal.edu.co/CRAN/
+    http://www.icesi.edu.co/CRAN/
+    http://mirrors.dotsrc.org/cran/
+    http://cran.espol.edu.ec/
+    http://cran.univ-lyon1.fr/
+    http://mirror.ibcp.fr/pub/CRAN/
+    http://ftp.igh.cnrs.fr/pub/CRAN/
+    http://cran.irsn.fr/
+    http://cran.univ-paris1.fr/
+    http://mirrors.softliste.de/cran/
+    http://cran.r-mirror.de/
+    http://ftp5.gwdg.de/pub/misc/cran/
+    http://cran.cc.uoc.gr/
+    http://cran.rapporter.net/
+    http://ftp.iitm.ac.in/cran/
+    http://cran.repo.bppt.go.id/
+    http://cran.um.ac.ir/
+    http://ftp.heanet.ie/mirrors/cran.r-project.org/
+    http://cran.mirror.garr.it/mirrors/CRAN/
+    http://cran.stat.unipd.it/
+    http://dssm.unipa.it/CRAN/
+    http://essrc.hyogo-u.ac.jp/cran/
+    http://cran.md.tsukuba.ac.jp/
+    http://cran.ism.ac.jp/
+    http://cran.nexr.com/
+    http://biostat.cau.ac.kr/CRAN/
+    http://cran.itam.mx/
+    http://www.est.colpos.mx/R-mirror/
+    http://cran.xl-mirror.nl/
+    http://cran-mirror.cs.uu.nl/
+    http://cran.stat.auckland.ac.nz/
+    http://cran.uib.no/
+    http://cran.stat.upd.edu.ph/
+    http://r.meteo.uni.wroc.pl/
+    http://cran.dcc.fc.up.pt/
+    http://cran.gis-lab.info/
+    http://cran.stat.nus.edu.sg/
+    http://cran.fyxm.net/
+    http://r.adu.org.za/
+    http://cran.mirror.ac.za/
+    http://cran.es.r-project.org/
+    http://ftp.sunet.se/pub/lang/CRAN/
+    http://stat.ethz.ch/CRAN/
+    http://cran.cs.pu.edu.tw/
+    http://cran.csie.ntu.edu.tw/
+    http://mirrors.psu.ac.th/pub/cran/
+    http://cran.pau.edu.tr/
+    http://www.stats.bris.ac.uk/R/
+    http://cran.ma.imperial.ac.uk/
+    http://star-www.st-andrews.ac.uk/cran/
+    http://cran.cnr.berkeley.edu/
+    http://cran.stat.ucla.edu/
+    http://streaming.stat.iastate.edu/CRAN/
+    http://ftp.ussg.iu.edu/CRAN/
+    http://rweb.quant.ku.edu/cran/
+    http://watson.nci.nih.gov/cran_mirror/
+    http://cran.mtu.edu/
+    http://cran.wustl.edu/
+    http://cran.case.edu/
+    http://ftp.osuosl.org/pub/cran/
+    http://lib.stat.cmu.edu/R/CRAN/
+    http://cran.mirrors.hoobly.com/
+    http://mirrors.nics.utk.edu/cran/
+    http://cran.revolutionanalytics.com/
+    http://cran.fhcrc.org/
+    http://cran.cs.wwu.edu/
+    http://camoruco.ing.uc.edu.ve/cran/
+    http://cran.vinastat.com/
+    http://lib.stat.cmu.edu/
+  ];
+
 }
diff --git a/pkgs/build-support/upstream-updater/update-walker-service-specific.sh b/pkgs/build-support/upstream-updater/update-walker-service-specific.sh
index 4f3a7110346e..a979e24edf2a 100644
--- a/pkgs/build-support/upstream-updater/update-walker-service-specific.sh
+++ b/pkgs/build-support/upstream-updater/update-walker-service-specific.sh
@@ -7,3 +7,10 @@ SF_redirect () {
 SF_version_dir () {
   version_link 'http://sourceforge.net/.+/[0-9.]+/$'
 }
+
+GH_latest () {
+  prefetch_command_rel ../fetchgit/nix-prefetch-git
+  revision "$("$(dirname "$0")/urls-from-page.sh" "$CURRENT_URL/commits" | grep /commit/ | head -n 1 | xargs basename )"
+  version '.*' "git-$(date +%Y-%m-%d)"
+  NEED_TO_CHOOSE_URL=
+}
diff --git a/pkgs/build-support/upstream-updater/update-walker.sh b/pkgs/build-support/upstream-updater/update-walker.sh
index c4dc7713f504..5743a289a4cf 100755
--- a/pkgs/build-support/upstream-updater/update-walker.sh
+++ b/pkgs/build-support/upstream-updater/update-walker.sh
@@ -3,6 +3,8 @@
 own_dir="$(cd "$(dirname "$0")"; pwd)"
 
 CURRENT_URL=
+CURRENT_REV=
+PREFETCH_COMMAND=
 NEED_TO_CHOOSE_URL=1
 
 url () {
@@ -118,13 +120,26 @@ ensure_choice () {
   }
 }
 
+revision () {
+  CURRENT_REV="$1"
+  echo "CURRENT_REV: $CURRENT_REV"
+}
+
+prefetch_command () {
+  PREFETCH_COMMAND="$1"
+}
+
+prefetch_command_rel () {
+  PREFETCH_COMMAND="$(dirname "$0")/$1"
+}
+
 ensure_hash () {
   echo "Ensuring hash. CURRENT_HASH: $CURRENT_HASH" >&2
   [ -z "$CURRENT_HASH" ] && hash
 }
 
 hash () {
-  CURRENT_HASH="$(nix-prefetch-url "$CURRENT_URL")"
+  CURRENT_HASH="$(${PREFETCH_COMMAND:-nix-prefetch-url} "$CURRENT_URL" $CURRENT_REV)"
   echo "CURRENT_HASH: $CURRENT_HASH" >&2
 }
 
@@ -172,6 +187,7 @@ do_write_expression () {
   echo "${1}  name=\"\${baseName}-\${version}\";"
   echo "${1}  hash=\"$CURRENT_HASH\";"
   echo "${1}  url=\"$CURRENT_URL\";"
+  [ -n "$CURRENT_REV" ] && echo "${1}  rev=\"$CURRENT_REV\";"
   echo "${1}  sha256=\"$CURRENT_HASH\";"
   echo "$2"
 }
diff --git a/pkgs/build-support/upstream-updater/urls-from-page.sh b/pkgs/build-support/upstream-updater/urls-from-page.sh
index d456794a563d..aecf645eb817 100755
--- a/pkgs/build-support/upstream-updater/urls-from-page.sh
+++ b/pkgs/build-support/upstream-updater/urls-from-page.sh
@@ -9,6 +9,6 @@ relpath="${path#$server}"
  
 echo "URL: $url" >&2
 
-curl -L -k "$url" | sed -re 's/^/-/;s/[hH][rR][eE][fF]=("([^"]*)"|'\''([^'\'']*)'\''|([^"'\'' <>&]+)[ <>&])/\n+\2\3\4\n-/g' | \
+curl -A 'text/html; text/xhtml; text/xml; */*' -L -k "$url" | sed -re 's/^/-/;s/[hH][rR][eE][fF]=("([^"]*)"|'\''([^'\'']*)'\''|([^"'\'' <>&]+)[ <>&])/\n+\2\3\4\n-/g' | \
   sed -e '/^-/d; s/^[+]//; /^#/d;'"s/^\\//$protocol:\\/\\/$server\\//g" | \
   sed -re 's`^[^:]*$`'"$protocol://$basepath/&\`"
diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index 996770d2fcc2..0296c434d6f6 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -514,7 +514,8 @@ rec {
 
       echo "%_topdir $rpmout" >> $HOME/.rpmmacros
 
-      rpmbuild -vv -ta "$srcName"
+      if [ `uname -m` = i686 ]; then extra="--target i686-linux"; fi
+      rpmbuild -vv $extra -ta "$srcName"
 
       eval "$postBuild"
     '';
@@ -937,6 +938,32 @@ rec {
       unifiedSystemDir = true;
     };
 
+    fedora19i386 = {
+      name = "fedora-19-i386";
+      fullName = "Fedora 19 (i386)";
+      packagesList = fetchurl {
+        url = mirror://fedora/linux/releases/19/Everything/i386/os/repodata/b72220bcdefff8b38de1c9029a630db4813e073f88c4b080ca274d133e0460d1-primary.xml.gz;
+        sha256 = "b72220bcdefff8b38de1c9029a630db4813e073f88c4b080ca274d133e0460d1";
+      };
+      urlPrefix = mirror://fedora/linux/releases/19/Everything/i386/os;
+      archs = ["noarch" "i386" "i586" "i686"];
+      packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
+      unifiedSystemDir = true;
+    };
+
+    fedora19x86_64 = {
+      name = "fedora-19-x86_64";
+      fullName = "Fedora 19 (x86_64)";
+      packagesList = fetchurl {
+        url = mirror://fedora/linux/releases/19/Everything/x86_64/os/repodata/d3f67da6461748f57a06459e6877fd07858828e256f58f032704186a65430fd3-primary.xml.gz;
+        sha256 = "d3f67da6461748f57a06459e6877fd07858828e256f58f032704186a65430fd3";
+      };
+      urlPrefix = mirror://fedora/linux/releases/19/Everything/x86_64/os;
+      archs = ["noarch" "x86_64"];
+      packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
+      unifiedSystemDir = true;
+    };
+
     opensuse103i386 = {
       name = "opensuse-10.3-i586";
       fullName = "openSUSE 10.3 (i586)";
@@ -1026,7 +1053,7 @@ rec {
 
   /* The set of supported Dpkg-based distributions. */
 
-  debDistros = {
+  debDistros = rec {
 
     # Interestingly, the SHA-256 hashes provided by Ubuntu in
     # http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
@@ -1335,6 +1362,40 @@ rec {
       packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
     };
 
+    ubuntu1310i386 = {
+      name = "ubuntu-13.10-saucy-i386";
+      fullName = "Ubuntu 13.10 Saucy (i386)";
+      packagesLists =
+        [ (fetchurl {
+            url = mirror://ubuntu/dists/saucy/main/binary-i386/Packages.bz2;
+            sha256 = "9b35d44a737e6aa7e1cb5e2b52ba0ed8717c8820b3950c2e7ade07024db9c138";
+          })
+          (fetchurl {
+            url = mirror://ubuntu/dists/saucy/universe/binary-i386/Packages.bz2;
+            sha256 = "84ff81ef23bcece68bfc3dd4b0b1fd38e5b81ac90ad48b4e4210396b425da500";
+          })
+        ];
+      urlPrefix = mirror://ubuntu;
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
+    ubuntu1310x86_64 = {
+      name = "ubuntu-13.10-saucy-amd64";
+      fullName = "Ubuntu 13.10 Saucy (amd64)";
+      packagesList =
+        [ (fetchurl {
+            url = mirror://ubuntu/dists/saucy/main/binary-amd64/Packages.bz2;
+            sha256 = "d000968f9653d7c25928002b0850fe2da97607682f63a351eb2c89896a219a12";
+          })
+          (fetchurl {
+            url = mirror://ubuntu/dists/saucy/universe/binary-amd64/Packages.bz2;
+            sha256 = "06ec77f2f5d6ee70ffb805affe3a6b3e8d5b6463fbfe42ba6588295c7e1f65bc";
+          })
+        ];
+      urlPrefix = mirror://ubuntu;
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
     debian40i386 = {
       name = "debian-4.0r9-etch-i386";
       fullName = "Debian 4.0r9 Etch (i386)";
@@ -1380,44 +1441,48 @@ rec {
     };
 
     debian60i386 = {
-      name = "debian-6.0.7-squeeze-i386";
-      fullName = "Debian 6.0.7 Squeeze (i386)";
+      name = "debian-6.0.8-squeeze-i386";
+      fullName = "Debian 6.0.8 Squeeze (i386)";
       packagesList = fetchurl {
         url = mirror://debian/dists/squeeze/main/binary-i386/Packages.bz2;
-        sha256 = "a770f26b5fce1a16460b68f135dfe97f4f4a9894b538ece0104a508c83ec65d5";
+        sha256 = "c850339aaf46a4ed4abc7c1789c29ea58c3a152aa173ee004578fda86b28391f";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
     debian60x86_64 = {
-      name = "debian-6.0.7-squeeze-amd64";
-      fullName = "Debian 6.0.7 Squeeze (amd64)";
+      name = "debian-6.0.8-squeeze-amd64";
+      fullName = "Debian 6.0.8 Squeeze (amd64)";
       packagesList = fetchurl {
         url = mirror://debian/dists/squeeze/main/binary-amd64/Packages.bz2;
-        sha256 = "b2bb561bde59ac67e07c70aa7c86a33f237436e6891796a93c6ed6ffb032080e";
+        sha256 = "1506ab7de3ad5a2c706183536d2ee88589d7cb922d9e0de36ac062d464082dda";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
-    debian70i386 = {
-      name = "debian-7.1.0-wheezy-i386";
-      fullName = "Debian 7.1.0 Wheezy (i386)";
+    # Backward compatibility.
+    debian70i386 = debian7i386;
+    debian70x86_64 = debian7x86_64;
+
+    debian7i386 = {
+      name = "debian-7.2-wheezy-i386";
+      fullName = "Debian 7.2 Wheezy (i386)";
       packagesList = fetchurl {
         url = mirror://debian/dists/wheezy/main/binary-i386/Packages.bz2;
-        sha256 = "c2751c48805b41c3eddd31cfe92ffa46df13a7d6ce7896b8dc5ce4b2f7f329c5";
+        sha256 = "2e80242e323f233c40b3020b0f1a57d12df8a120ee82af88ff7032ba4688f97d";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
-    debian70x86_64 = {
-      name = "debian-7.1.0-wheezy-amd64";
-      fullName = "Debian 7.1.0 Wheezy (amd64)";
+    debian7x86_64 = {
+      name = "debian-7.2-wheezy-amd64";
+      fullName = "Debian 7.2 Wheezy (amd64)";
       packagesList = fetchurl {
         url = mirror://debian/dists/wheezy/main/binary-amd64/Packages.bz2;
-        sha256 = "9b15b4348cadbcf170c9e83d6fbcb64efac2b787ebdfef16ba21dd70dfca0001";
+        sha256 = "adfc4cd3d3b855c73c9e2e12163a33c193f98c9bad25765080fa6136378a6e3b";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
@@ -1515,6 +1580,7 @@ rec {
     "curl"
     "patch"
     "locales"
+    "coreutils"
     # Needed by checkinstall:
     "util-linux"
     "file"
diff --git a/pkgs/data/documentation/man-pages/default.nix b/pkgs/data/documentation/man-pages/default.nix
index 15b49a2a99e2..1b3454c8ce5a 100644
--- a/pkgs/data/documentation/man-pages/default.nix
+++ b/pkgs/data/documentation/man-pages/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "man-pages-3.53";
+  name = "man-pages-3.54";
 
   src = fetchurl {
     url = "mirror://kernel/linux/docs/man-pages/${name}.tar.xz";
-    sha256 = "0kzkjfrw65f7bv6laz3jism4yqajmfh3vdq2jb5d6gyp4n14sxnl";
+    sha256 = "0rb75dl9hh4v2s95bcssy12j8qrbd2dmlzry68gphyxk5c7yipbl";
   };
 
   preBuild =
diff --git a/pkgs/data/fonts/anonymous-pro/default.nix b/pkgs/data/fonts/anonymous-pro/default.nix
index df98d8197f5d..21a1c9bf5c85 100644
--- a/pkgs/data/fonts/anonymous-pro/default.nix
+++ b/pkgs/data/fonts/anonymous-pro/default.nix
@@ -33,7 +33,7 @@ rec {
   '') ["addInputs"];
       
   meta = {
-    description = "A TrueType font set intended for source code";
+    description = "TrueType font set intended for source code";
     maintainers = with a.lib.maintainers;
     [
       raskin
diff --git a/pkgs/data/fonts/arkpandora/default.nix b/pkgs/data/fonts/arkpandora/default.nix
index be1292204ad7..7394dce551ba 100644
--- a/pkgs/data/fonts/arkpandora/default.nix
+++ b/pkgs/data/fonts/arkpandora/default.nix
@@ -17,6 +17,6 @@ rec {
       
   name = "arkpandora-" + version;
   meta = {
-    description = "ArkPandora fonts, metrically identical to Arial and Times New Roman.";
+    description = "Font, metrically identical to Arial and Times New Roman";
   };
 }
diff --git a/pkgs/data/fonts/lmodern/default.nix b/pkgs/data/fonts/lmodern/default.nix
index 831a3ddbd09c..1368537c2a1b 100644
--- a/pkgs/data/fonts/lmodern/default.nix
+++ b/pkgs/data/fonts/lmodern/default.nix
@@ -9,10 +9,10 @@ stdenv.mkDerivation {
   };
 
   installPhase = ''
-    mkdir -p $out/texmf/
+    mkdir -p $out/texmf-dist/
     mkdir -p $out/share/fonts/
 
-    cp -r ./* $out/texmf/
+    cp -r ./* $out/texmf-dist/
     cp -r fonts/{opentype,type1} $out/share/fonts/
 
     ln -s $out/texmf* $out/share/
diff --git a/pkgs/data/fonts/lmodern/lmmath.nix b/pkgs/data/fonts/lmodern/lmmath.nix
index 651a84726af6..90132272dd10 100644
--- a/pkgs/data/fonts/lmodern/lmmath.nix
+++ b/pkgs/data/fonts/lmodern/lmmath.nix
@@ -14,10 +14,10 @@ stdenv.mkDerivation {
   sourceRoot = ".";
 
   installPhase = ''
-    mkdir -p $out/texmf/fonts/opentype
+    mkdir -p $out/texmf-dist/fonts/opentype
     mkdir -p $out/share/fonts/opentype
 
-    cp *.{OTF,otf} $out/texmf/fonts/opentype/lmmath-regular.otf
+    cp *.{OTF,otf} $out/texmf-dist/fonts/opentype/lmmath-regular.otf
     cp *.{OTF,otf} $out/share/fonts/opentype/lmmath-regular.otf
 
     ln -s $out/texmf* $out/share/
diff --git a/pkgs/data/fonts/redhat-liberation-fonts/default.nix b/pkgs/data/fonts/redhat-liberation-fonts/default.nix
index c331b85029d9..08faeafc619c 100644
--- a/pkgs/data/fonts/redhat-liberation-fonts/default.nix
+++ b/pkgs/data/fonts/redhat-liberation-fonts/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Liberation Fonts, replacements for Times New Roman, Arial, and Courier New.";
+    description = "Liberation Fonts, replacements for Times New Roman, Arial, and Courier New";
 
     longDescription = ''
       The Liberation Fonts are intended to be replacements for the three most
diff --git a/pkgs/data/fonts/tipa/default.nix b/pkgs/data/fonts/tipa/default.nix
index 47e98f7c53aa..1049e6924bd0 100644
--- a/pkgs/data/fonts/tipa/default.nix
+++ b/pkgs/data/fonts/tipa/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
   };
 
   installPhase = ''
-    export PREFIX="$out/texmf"
+    export PREFIX="$out/texmf-dist"
     mkdir -p "$PREFIX" "$out/share"
     make install PREFIX="$PREFIX"
 
diff --git a/pkgs/data/fonts/unifont/default.nix b/pkgs/data/fonts/unifont/default.nix
index 79d1a0909058..893659bc763e 100644
--- a/pkgs/data/fonts/unifont/default.nix
+++ b/pkgs/data/fonts/unifont/default.nix
@@ -32,6 +32,6 @@ stdenv.mkDerivation {
     '';
     
   meta = {
-    description = "Unicode font for Base Multilingual Plane.";
+    description = "Unicode font for Base Multilingual Plane";
   };
 }
diff --git a/pkgs/data/misc/tzdata/default.nix b/pkgs/data/misc/tzdata/default.nix
index c49430935aeb..da043da09678 100644
--- a/pkgs/data/misc/tzdata/default.nix
+++ b/pkgs/data/misc/tzdata/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl }:
 
-let version = "2012f"; in
+let version = "2013g"; in
 
 stdenv.mkDerivation rec {
   name = "tzdata-${version}";
@@ -8,11 +8,11 @@ stdenv.mkDerivation rec {
   srcs =
     [ (fetchurl {
         url = "http://www.iana.org/time-zones/repository/releases/tzdata${version}.tar.gz";
-        sha256 = "1k165i8g23rr0z26k02x1l4immp69g6yqjrd3lwmbvj5li4mmsdg";
+        sha256 = "0krsgncjnk64g3xshj5xd3znskcx9wwy20g1wmm2lwycincx7kdn";
       })
       (fetchurl {
         url = "http://www.iana.org/time-zones/repository/releases/tzcode${version}.tar.gz";
-        sha256 = "1m6rg9003mkjyvpv5gg5lcia9fzhy7ndwgs68qlpbipnw5p0k2pk";
+        sha256 = "0ysqm72xm9vcykqg9zgry69w6gr3i6b6mpbvgfmwyrdvb6s5ihy7";
       })
     ];
 
diff --git a/pkgs/desktops/gnome-2/desktop/libgweather/default.nix b/pkgs/desktops/gnome-2/desktop/libgweather/default.nix
index 736857fca930..7a1b4d1f5318 100644
--- a/pkgs/desktops/gnome-2/desktop/libgweather/default.nix
+++ b/pkgs/desktops/gnome-2/desktop/libgweather/default.nix
@@ -1,7 +1,6 @@
-{stdenv, fetchurl, pkgconfig, libxml2, gtk, intltool, GConf, libsoup, libtasn1, nettle, gmp}:
+{ stdenv, fetchurl, pkgconfig, libxml2, gtk, intltool, GConf, libsoup, libtasn1, nettle, gmp }:
 
-#Is this really necessary?
-assert stdenv ? glibc;
+assert stdenv.isLinux;
 
 stdenv.mkDerivation rec {
   name = "libgweather-2.30.3";
diff --git a/pkgs/desktops/gnome-2/platform/libglade/default.nix b/pkgs/desktops/gnome-2/platform/libglade/default.nix
index 93490007692a..5e5bae4d1813 100644
--- a/pkgs/desktops/gnome-2/platform/libglade/default.nix
+++ b/pkgs/desktops/gnome-2/platform/libglade/default.nix
@@ -11,4 +11,6 @@ stdenv.mkDerivation {
   buildInputs = [ pkgconfig gtk python gettext ];
 
   propagatedBuildInputs = [ libxml2 ];
+
+  NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
 }
diff --git a/pkgs/desktops/gnome-2/platform/libgnome/default.nix b/pkgs/desktops/gnome-2/platform/libgnome/default.nix
index 5ab6d5e813d6..c190b9578e96 100644
--- a/pkgs/desktops/gnome-2/platform/libgnome/default.nix
+++ b/pkgs/desktops/gnome-2/platform/libgnome/default.nix
@@ -3,7 +3,7 @@
 
 stdenv.mkDerivation rec {
   name = src.pkgname;
-  
+
   src = fetchurl_gnome {
     project = "libgnome";
     major = "2"; minor = "32"; patchlevel = "1";
diff --git a/pkgs/desktops/gnome-3/core/gcr/default.nix b/pkgs/desktops/gnome-3/core/gcr/default.nix
index cf9774c5511c..44053b88fbc7 100644
--- a/pkgs/desktops/gnome-3/core/gcr/default.nix
+++ b/pkgs/desktops/gnome-3/core/gcr/default.nix
@@ -14,5 +14,7 @@ stdenv.mkDerivation rec {
     libgcrypt libtasn1 dbus_glib gtk pango gdk_pixbuf atk
   ];
 
+  configureFlags = "--disable-introspection";
+
   #doCheck = true;
 }
diff --git a/pkgs/desktops/gnome-3/core/libcroco/default.nix b/pkgs/desktops/gnome-3/core/libcroco/default.nix
index 70c1db8c0275..079a6f169b29 100644
--- a/pkgs/desktops/gnome-3/core/libcroco/default.nix
+++ b/pkgs/desktops/gnome-3/core/libcroco/default.nix
@@ -1,4 +1,4 @@
-{stdenv, fetchurl, pkgconfig, libxml2, glib}:
+{ stdenv, fetchurl, pkgconfig, libxml2, glib }:
 
 stdenv.mkDerivation rec {
   name = "libcroco-0.6.6"; # 3.6.2 release
@@ -7,5 +7,8 @@ stdenv.mkDerivation rec {
     url = "mirror://gnome/sources/libcroco/0.6/${name}.tar.xz";
     sha256 = "1nbb12420v1zacn6jwa1x4ixikkcqw66sg4j5dgs45nhygiarv3j";
   };
+
+  configureFlags = stdenv.lib.optional stdenv.isDarwin "--disable-Bsymbolic";
+
   buildInputs = [ pkgconfig libxml2 glib ];
 }
diff --git a/pkgs/desktops/kde-4.11/default.nix b/pkgs/desktops/kde-4.11/default.nix
index b1cd9e919fbb..d3840120a657 100644
--- a/pkgs/desktops/kde-4.11/default.nix
+++ b/pkgs/desktops/kde-4.11/default.nix
@@ -1,4 +1,4 @@
-{ callPackage, callPackageOrig, stdenv, qt48, release ? "4.11.0" }:
+{ callPackage, callPackageOrig, stdenv, qt48, release ? "4.11.2" }:
 
 let
   # Need callPackageOrig to avoid infinite cycle
diff --git a/pkgs/desktops/kde-4.11/kde-package/4.11.2.nix b/pkgs/desktops/kde-4.11/kde-package/4.11.2.nix
new file mode 100644
index 000000000000..04a65cc08c64
--- /dev/null
+++ b/pkgs/desktops/kde-4.11/kde-package/4.11.2.nix
@@ -0,0 +1,444 @@
+{stable=true;
+hashes=builtins.listToAttrs[
+  {name="amor";value="1p31vayk12pfgrx5bi0c7kiwzyk1j84b9cssrir63amfxa0gfqm5";}
+  {name="analitza";value="11bwyfqah01riilrl73b9aymd8jqkprch60fi7ya5jvz385ngxzk";}
+  {name="ark";value="0cygijr642xhrrd1a74nzgidqlb244xnp9na3ry7n49rxni3bm1n";}
+  {name="audiocd-kio";value="0a52wp0hfnw24asyy6akfnyyb1hfkkzfiy2fml7zs9pqr1knxbq1";}
+  {name="blinken";value="0wc72gx141id6h35z2lhc762yp2mi4j3bdrhlsg05f42cz0dyzv6";}
+  {name="bomber";value="1zszxy94gbzdq1jddfglxcpk3d7ly3cn2hmllblhqywx9d2s8app";}
+  {name="bovo";value="1fr1hwpcqazh5y39wgahydr91fnd0rbrnwv2ajaq8zzaqbqqkgqv";}
+  {name="cantor";value="01i2w42x606yrcrr4zacalw8rhwjczij0vfdmkqsr27dvnpl64fa";}
+  {name="cervisia";value="1iln0p690kd40anpq26snyhb1d2ql3kz89y05lbgq14n9v4iriij";}
+  {name="dolphin-plugins";value="0d386hfynxqgmcizqqspzi7lzhlm2nwz0agm7iaw6xl26xm0h5bg";}
+  {name="dragon";value="0jnqnskf4g93fd6mw5b11mp5006yk7p0lshbnglrsnybznh6q2k5";}
+  {name="ffmpegthumbs";value="15hcsglcwqmwhdnp0i8d3slr4k0j94m57baiv7axn4wpbsss5k5n";}
+  {name="filelight";value="1npwgsngqk01akzyny2x7f9c7j092c4vjfmdnm2g7hm36q2gy823";}
+  {name="granatier";value="0bclrsi6999xcsmksbg280mvhszxdsr3f5cyzsn5yahs3k6isf2j";}
+  {name="gwenview";value="1qq827b1dfqx5xybr8bjs9ch7407ix6w47iryrbs8vs3k08qw8jw";}
+  {name="jovie";value="1fq8vihh7v19wmwfgxg3m6qi4730wj12m9sv41c7nwdqz3c0gzs2";}
+  {name="juk";value="18lyw6w7z2f72j9madg9rksafj1dpz8pdc09fby9gvkwacd7qsab";}
+  {name="kaccessible";value="0swzpk3kfrc4a3bf9gf40kh8y6nyd2qhvnxxsv6m00m701cj73ar";}
+  {name="kactivities";value="13iz2d2l7rn2d9q5c3mg4836mxgnds83cy2ll18r82bpp59qj4nx";}
+  {name="kajongg";value="0wvdf9lkkiy07dhwvmamz4gginq6ljy57swp4j4z2mm8m3x9i071";}
+  {name="kalgebra";value="0p2k1c710j5nsvb218h3mkbymsd48y0yw09ijx16cbdwvka7mpag";}
+  {name="kalzium";value="0mflvnb3nrrgh6h172lkhh0mxwrpdwcji74f8g6kb7xpr45ms21k";}
+  {name="kamera";value="1rybwccq3q6q0xk9p7f4clx1gf73fqzl69dx99q19wfc5y23pmg9";}
+  {name="kanagram";value="10vdkva83kb8rk6xaxcv5lgdil5wnz6i2bphz2c029s4vm8d2i2n";}
+  {name="kapman";value="0m5mawy3bjp2zd3jkylxsw4ccwzqg8lqd2v9i07zzf6f9ihjqs6r";}
+  {name="kapptemplate";value="16w8lrq2an4iwrss81fp0jisd52v2lwbvyam93cwxfcp4bsbzs9y";}
+  {name="kate";value="0n6jnfwprd5xjyja1dmja785swxgxnpz769xbg5aylnr1rsldzv2";}
+  {name="katomic";value="14rrnm6qf5lf05lj9d2zalrv5npj4hkng4i68y1svkgjl8p98j52";}
+  {name="kblackbox";value="00n3n011cnspdh606aa3scxj388vs3j1bamhk6bxnhmc26gbi54b";}
+  {name="kblocks";value="0l080dqdkqqqn1927gnjzbp3jqwladw1qmkx171291qxa0x364x0";}
+  {name="kbounce";value="10q1821wcnh4xggrndgvsm4dx6hyx4nll3f7blz77cga8fvz8lbw";}
+  {name="kbreakout";value="1xhnmlp2f8a0pmsabsw0yc53i5hcxf1bgid1ffbbgsr014xgqmmi";}
+  {name="kbruch";value="1rridi7lv1izmq68ymjmmm7mvyl3bdnkxj84dxg97yv91yqjx6ys";}
+  {name="kcachegrind";value="0crsb236nay9c0r49hgmiysa9bqwy89aj1avh3sxh82b7dsqmplp";}
+  {name="kcalc";value="0mw77vw8py0xnvkx43lvfzkghwd974chiszxck78iks2m12vgnpz";}
+  {name="kcharselect";value="1ys31fx7g85xmhia05s0i30k1jf1in83hnwc568lsbzvw37adbim";}
+  {name="kcolorchooser";value="0cn9n82kk08c55sy1hncpg5pjzlinkgvmii2p5gyp28fx4yphh45";}
+  {name="kcron";value="05bgwijfcpk56fkmnfjgcrmvkr50j1p524xg8s7zjxsdgib4p9xs";}
+  {name="kdeartwork";value="166fm27iby4gjk8f8zbdamwzkjh5wbvhfj9wn0pkp2dm8l9h8lq2";}
+  {name="kde-baseapps";value="1kgwgrn73x89zipkhq1irs09ka9wi8hk22daf16c4a6hbpinl24x";}
+  {name="kde-base-artwork";value="076h9sl1gyn6c2lmslig9p7w7m049bna9l8wv5jllwssm8i83ccg";}
+  {name="kde-dev-scripts";value="0dpdpc24kcyihgqqypqrxhmfwsmhl9ffim80n2rsdp3aka4y10vv";}
+  {name="kde-dev-utils";value="1j77v0d706ic9m008apqwc1287ma47qmpbv07xv770i0wjh90pl6";}
+  {name="kdegraphics-mobipocket";value="02dzr5lm75p6rw7k30aj5m296h8whxg1shrv8s1pm7ari2660d50";}
+  {name="kdegraphics-strigi-analyzer";value="09cnwvmkjyxagpb5sqgcj69fr496wb0pn4xns65yzynv0540hkkd";}
+  {name="kdegraphics-thumbnailers";value="1fs69zih92dlm8l60br0c0nwy095hsnszdyspdkmz52ycznmzk28";}
+  {name="kdelibs";value="01nzkrmvv8pa4x7mq5nw0z6dasm668q37mhdgvkg1hk7i57w98z5";}
+  {name="kdenetwork-filesharing";value="0ah9v7vvpg8v8nn59h168zn2gaajf39ha2617dyicknc4gn9rsgk";}
+  {name="kdenetwork-strigi-analyzers";value="1iwhr1ckn06z50j1fq9ah15gni3am91gyhyi0f21jaqdigxpi3my";}
+  {name="kdepim";value="0gs06h182m74fgdp20z3w4h8ib5xm1h0i1asnwy1s61gvpkcm63h";}
+  {name="kdepimlibs";value="0kxnczl97wavm3c75wmy4yjw3vbq4x0jdkbk611jn8hqj32c3fl7";}
+  {name="kdepim-runtime";value="13j39qbb6vgsfhypby994pgwlmmyimmqvfri92m15l0ir7rqgfwm";}
+  {name="kdeplasma-addons";value="1dy3gw8z18acs3dmw375jv9qnxjrdwzzgj2p164icid7l2041n8l";}
+  {name="kde-runtime";value="1w4xav8abgqfj943iz2gjzfdmlnk25r5xj3g79sw1ip1bcvkhpq4";}
+  {name="kdesdk-kioslaves";value="1npqa9wwbgjwlnr24dgprdndygmvsixf19hjbplcnp41dn2q14nz";}
+  {name="kdesdk-strigi-analyzers";value="1b4anyzl3xd8pfhia8s0mbrhlyr086gic1as766ynddjpr6a4a94";}
+  {name="kdesdk-thumbnailers";value="0jmkgmabbip7ymjmvyxdrji7xbplrhcrq4vlq8z0jbnyh9b9yngx";}
+  {name="kde-wallpapers";value="1l4hr5nxvf10yv2n76znrz1s0v7xqppipisc1ffbfdnf2l4wrw11";}
+  {name="kdewebdev";value="0gp1vm905p0a0j4h1lakj2zxfm4c78898rl05yf04g9x25yj3mbg";}
+  {name="kde-workspace";value="05yr52xq6w1j2kc4n5wan5f5c7xbcnaad7sdhfns3alg1grlc3i6";}
+  {name="kdf";value="0nblxiav3rw9zggqxpawvknadxbr601m55535k3gzpg3a4slk7nc";}
+  {name="kdiamond";value="0w0fzlpvj98ykvvgyzp8hhkn20pyhxc1c8krlagaqxncv1b7mhcf";}
+  {name="kdnssd";value="0q74myd7shrp43ny2vm7hadr2aix1v35v0hg6i99z7rif9ai8yjh";}
+  {name="kfloppy";value="1w1qiplcnbq10qv4lyjx521adkcg9w7z372w7fi18hjv93ryliis";}
+  {name="kfourinline";value="0irghbp7hsrl7bhi2ggf6rb0p62vck47rmmy6zb30wv32xk9gz9k";}
+  {name="kgamma";value="1cbdxbh57jcz9anawvwybi1s4skcyq84f2r5mjs1xyg2s2fv1l8b";}
+  {name="kgeography";value="00g544kc7hkabk5xbkl07k3h515ac84l4a49853pj2ryrdrikmvx";}
+  {name="kget";value="1mdfrwdf6lm94vcc5m4l7q14b70x2pkd0ham194acd60np8bk5s4";}
+  {name="kgoldrunner";value="0dbhvqxryilixv7ak0b79g8d8a2mbgkp440sxkl31xjak05c1qmv";}
+  {name="kgpg";value="10py9c1z8i1p0acp2lbi6c95gsfhfv1cw5544xp31v5iccrv2izn";}
+  {name="khangman";value="0j13zzplvrgrq8gsn7xfbf19xclc6kvsrzbnbgp83ji1dg168z6c";}
+  {name="kig";value="0ld9g522n361q0h7yvb3zljllbddyglxiamw2hs2svsm7k98klz9";}
+  {name="kigo";value="1rn8pw4jw7ia3dhwx3jwfzylfd4l067qp1kp01lixddfd0ivh42r";}
+  {name="killbots";value="0c0hx61by8n10j3wcpwi6pzbq7bnmpylamj0c1r5pbxm69ljsaiv";}
+  {name="kimono";value="1p40q61p98vz9s4dkwm51p36yk2qx2s00fpiyi1pi73qg4klbc4j";}
+  {name="kiriki";value="0f01zdlpzwlkriv48p13wlg7j2b0dwzhd7hrq35kyb3jzwx1pc5n";}
+  {name="kiten";value="0kk5s3idg5vz59drc65w53fd1l2x4vh593crc7by2dgzsf6x40sd";}
+  {name="kjumpingcube";value="1gdbjv42dryyap3dln7wy3pysbyy9d10vbpb1asxbpn1kzlzlf96";}
+  {name="klettres";value="08h3b70nj4d4cb71fvm3wkgy27vm1aqx8xzkqdgzs2snzb8ra983";}
+  {name="klickety";value="1vmnbfjd620g2xibxfpb18cfdfcksny7rjah4j90cvadcsbg8x3x";}
+  {name="klines";value="10sk0fn6aavdf0df1xw3p0nbwv22ccpdg00xv7h8m4fk43j04dvp";}
+  {name="kmag";value="062kl6j150f579npfkv7jm2b9zih0ahfpzbpl635fz2av2aimm8j";}
+  {name="kmahjongg";value="1xikbz840dh57rf83af0jnmjb9q4ggd5801kiqkq6lkp413iij23";}
+  {name="kmines";value="0ijibp21f6s5l55m2zrcdz2a8xqjk22na79rc0wsdps7pmvf5sfj";}
+  {name="kmix";value="0md4fqv047g3s9bhr8jz2fcwq1vsld2jfi8j7cg8b8bh73kd2fbq";}
+  {name="kmousetool";value="1x8vb0hjmx6xac2602iaab93ha2nfk8i0y67z48p6i7s2n3zni06";}
+  {name="kmouth";value="10ibhgz7mv4kaiyl779h0qlpwgx4s8flsh0850if06mhdxjxld2y";}
+  {name="kmplot";value="1cy9qi53ivb3zy1lcb35ivh42yvj0gikr8m7j4nlrg4xy93gjrhd";}
+  {name="knavalbattle";value="1nd2z8ylmqcj515l3llbq2crdlds7qidni8ja24nk1wf5h4k9amp";}
+  {name="knetwalk";value="01jjal03srn55mlb11vkimgh1mixdwxqi0vh1s56hd894ssn0hgh";}
+  {name="kolf";value="0nsy2wp3fwing3hkwspjm4d8swhzamaaj5x7k0jyvcqcj93sgp1g";}
+  {name="kollision";value="1vz313lr1bp7crfnkdfvz5c7dynsyaqhv1pm6fyjv6ribv3dh48q";}
+  {name="kolourpaint";value="1k8kggx9ljkms4q70m38xd8a364nkynhkqiz2h1znr779sfqy5vp";}
+  {name="kompare";value="0kp6xzgbbhxxspmlx86f7vhn34iknvspjpniaxqvadrfi6xn4801";}
+  {name="konquest";value="072nvaxa1yjaq16095xkla3lndyfq2p801wc0r0m2imc62f30cbd";}
+  {name="konsole";value="17m68zq97whybvixgjdaz45d91x48aw7ijkzfapml7fldpf32bqw";}
+  {name="kopete";value="1q3825fl5pbim3rfi9s8k5sscvbwdacy00rkww4jdw8z3xxsriqj";}
+  {name="korundum";value="1iam31q7cf7a9yxx1i0gnqhnm0262ns8qpr6h2n7cmzkns8bckal";}
+  {name="kpat";value="00mlmqbm0f3yjm89vs91l0rc4r9lsvh0qq59za43rkg8j2rg5nmz";}
+  {name="kppp";value="0gxnd0p48waz0nz4inalyk52xvbhyd3w5m08p1q2a7ssczvza2wp";}
+  {name="krdc";value="1s8qm8s6gxfpdgvh4zi7svs48fnrngj7hxkyp1fjmksaczffrfx1";}
+  {name="kremotecontrol";value="1zjpagr0kcmqsjg4sswqhannc1rix242zbikwzs7jsbq34qy9fg2";}
+  {name="kreversi";value="1ylimga3wqdam1207c6zp1r0aqmqnndldd6y2pazqgk7wcr5z8lf";}
+  {name="krfb";value="0gq6rnkprk98ylnrispd66101jb040p8m9fcab9n5v2g4lvxzcia";}
+  {name="kross-interpreters";value="1njhlscnsd0v7jzzdknsc8nljc2xz7mbxscymhdafbpmjd655sdg";}
+  {name="kruler";value="0z8krqp9gy1n6kqk5slig9f4f07ddqrsbn6p7xqadrrs5a7g4baa";}
+  {name="ksaneplugin";value="1crry96ca3pk25xwnpm73004srf85yq3xpbwc1rr3a7xmniqglr7";}
+  {name="kscd";value="1ix0zdqk2bfmb05j3cwf55kz4sp4krx75wpfzsz2yf3dz047ylqp";}
+  {name="kshisen";value="1hmv7w2mb6v9rqhifns0js592m2m7ys9fsnrdxiv1nzkcbl3xll7";}
+  {name="ksirk";value="1pjrq3v1c0sk5r5hdk4rlbs47wwmsrds43ascp6p4rxvbagki99w";}
+  {name="ksnakeduel";value="09rl2j6pwdhc8lcb2dxh5l3zb0l0iz29b76svb727sga2y7b85qk";}
+  {name="ksnapshot";value="0n2xbqkm34bq8mgpycfyda82v3c4h07lcqvs747aw95kkydb71yk";}
+  {name="kspaceduel";value="01dshprsrwjgb7pgxz2razyxi8yi1cmnalyxflwxqh2zd4xx300y";}
+  {name="ksquares";value="195c1wywm70zwd4z5cqv4xk315xrpkkbwq2myiyxa0wshhiz31bb";}
+  {name="kstars";value="0xl2vpkxa66gd3ycl092lvnk07fw3phlcp4jmpcby650xvp7h6bn";}
+  {name="ksudoku";value="1gi5xr0x9w13skvs8dj4lflib7w9xqn2xr6h90mbncg5c54wmlqc";}
+  {name="ksystemlog";value="148i90y6gc1bw2128xmb56lprmx80s0024dsd4xknm7fw8mpycdm";}
+  {name="kteatime";value="0cgqz9py80grv7sf8k5mixfl5vzx58g93flv409f7nbpia3fjr26";}
+  {name="ktimer";value="1ph38xw1yhqg65y9dhgpgzls4yx1y025v1wv5wflmcranx68a589";}
+  {name="ktouch";value="0n70611cccp09dy8r0q4n7k3l68938hz0xkvp9ik58bnfkn57fvh";}
+  {name="ktuberling";value="0zfp8ynxxdys819gw7dnq6rl9l62dpfz0hvcm2fd8bvjwxrqzxrm";}
+  {name="kturtle";value="1ciwmgd7x0223d22jzqgr7ginaf8c9hi4zlcsl3s7i87hd46878g";}
+  {name="ktux";value="0njz3icalh644kfcnlr4nmdsavkvsp492ig6w0ryr43namqbi0fw";}
+  {name="kubrick";value="07rkhb4ms8wdcny163z0ffavx3i1z13kxmj8xfbv3jx3nbcr33p5";}
+  {name="kuser";value="0avxd71zw0v8qirflpws1g7dqvs6hkpqxi89zfrvcsb8fgcqqvx2";}
+  {name="kwallet";value="0lnv7yd1ig18dmkxanmkwnz6w28p8ak8sg1rxic07g50qni4yk8g";}
+  {name="kwordquiz";value="03qxjm445jynw41wva8b86kigda2q828p0vkz58ymk8ibds74jfm";}
+  {name="libkcddb";value="0hz4300q0hhmrjd2ackaxbvdg9j51bc2fkcndw2d7wwvqz4a1am6";}
+  {name="libkcompactdisc";value="1jf0ivcy7mv3p7xcbigffmx2sby37ainjw29cp8yv0qgdwws5pm3";}
+  {name="libkdcraw";value="1y75rm55s8407q4qglndf28gix0niq0ypa9g1jwf2c8fpmf7ffph";}
+  {name="libkdeedu";value="1gd0jp85qnml2nlnf554mm9yszjkxgs9jqyi77vrhhp50bxkwdbv";}
+  {name="libkdegames";value="12590b023cjjix7mbd6flhm419w4j4zbs83ar9sihlwj6l3fzs9z";}
+  {name="libkexiv2";value="16jsd5ip4179cs2hvwqvb1cbrl5z06zyr9prr269rg11i8rjfjai";}
+  {name="libkipi";value="1wsmci2rfrg8jw3scl14cjx4q616lbmvlzjs6lv2dza4cya4jqvy";}
+  {name="libkmahjongg";value="1s4gzdygrpzjg4rxkn9ndgaj0gzj4ss0ywpd1rv5nv8iaig42cah";}
+  {name="libksane";value="1hylj10pqr82drw9b9r10rwbjf85fx225az2ha7zcm9j1k170n8d";}
+  {name="lokalize";value="0d3sym5waf1nivwksqpclwj9hxl1fva3h0hzgsmgg39qbnanqg4d";}
+  {name="lskat";value="0m47kb9l830d5798xkx9h6fx3ng59zlbji8pnaj6m53q0yj7n5am";}
+  {name="marble";value="0r27nmbvgxx4w00ii926gkxz2ilaa1sja02q62jhxvm01rp1kvka";}
+  {name="mplayerthumbs";value="1a58f66mpzngd558336h13vzl0paj3pbl4fna1vk34fzjz0ldsrm";}
+  {name="nepomuk-core";value="1l14a7hdbz7ap3lidj8acjvkxiycld4wspcw5xnd85pjhks8fcil";}
+  {name="nepomuk-widgets";value="19g752h1f4gz3208ynprxp7nxnbjgis99016lik8f9179n6mjygb";}
+  {name="okteta";value="1hwpyb9g1fwcsl713g84za62qjissmjfjhw2jvd2x08lrjablvvk";}
+  {name="okular";value="03jw7c3h6708aisk301nvfnp0vih3c5wz928zmh54h1aslfi4c3k";}
+  {name="oxygen-icons";value="01f9xkpk8fgj2ccmbrbjx9z1gxqnj4rrvasxh575lcvknnbsf6vz";}
+  {name="pairs";value="1zp89sp5qmllbm9qqzcwf90cy5vqvywki2yjgz0gn2svp1629mmg";}
+  {name="palapeli";value="0kbi61jxxyg2zzjxhjr0m14p1k04jfv212gkj6ic81hrwzjfffzc";}
+  {name="parley";value="1f266kvb0fzy3gxv9fzq59aikz0g540ydbzvr51hlvlra88sjj47";}
+  {name="perlkde";value="0gm9wim2llyglnzxqbgy0jzj9ji3p683zbrhlglpxpd6wh3ady1w";}
+  {name="perlqt";value="0qxad4m6iqc26yn8nsa3g24xr84ncrmhwhz95i2jzzrbqawwas3m";}
+  {name="picmi";value="0nlw3lqfck3fp77n56qmvlj3p6rr60drsq5qxyrrl3scw2dlipq7";}
+  {name="poxml";value="0vjmd1r90l85xs9sv2wzd1vdml6a6fh0ipzz7zyixy600lqgxy13";}
+  {name="print-manager";value="1bw5w8n4wwggib1yrgai2723fwnjrr3wbnnxn85j7bpy3b84cqfh";}
+  {name="pykde4";value="1ziq3nms0bvpnsl21pw37bkimi817jx0mmqsvf5xkxppx7f622cy";}
+  {name="qtruby";value="1pyz2zimw9qz8b5nfmzvp0kzsq6rvbwv0s9kxgh7i2xxnh2mj4gp";}
+  {name="qyoto";value="0jnchp7kdskm9nc533p7bk8shy0i57dcivrmprnwyiy4sfhd4ldj";}
+  {name="rocs";value="0markia51c5a8ggxaiy6vccpdzlamy7md5jfx4jb79qp8hlv2dlc";}
+  {name="smokegen";value="1fgh5z2gwyjkgk8290nx747bj1iaj7224nx3ad8qra9v8y6d0w3d";}
+  {name="smokekde";value="15ci2bs141nbkk2f209rbdacxfdxx6ncp5cc9gv7if8sm708vjy1";}
+  {name="smokeqt";value="0wmzrr4fslam8mxvl90iyikyyipqlqf7zdynxyqr7zxlc421clyz";}
+  {name="step";value="1a2v99k3v0ry5iwvl4cza5g7sqhib78nx0p5r369fqvcbn9mn0wz";}
+  {name="superkaramba";value="1mwa1ggagl8z2422gyilcvb85sgw5db58k0fkv3jcgfi6mx3sv3a";}
+  {name="svgpart";value="1ma4msnky3civhnx0by6hy4ysi8nhzssrsabnj6hg96d7mpnjvqw";}
+  {name="sweeper";value="1vgg21ndqbba0il96x01kcy8z242g0f0lwfqgzs9cd17qx05056s";}
+  {name="umbrello";value="10q4lar55ad58cl4wnmmvmyywm5xi7gcggrfblll8j76mw4dkyda";}
+];
+modules=[
+{
+  module="kdemultimedia";
+  split=true;
+  pkgs=[
+    { name="audiocd-kio"; sane="audiocd_kio"; }
+    { name="dragon";  }
+    { name="ffmpegthumbs";  }
+    { name="juk";  }
+    { name="kmix";  }
+    { name="kscd";  }
+    { name="libkcddb";  }
+    { name="libkcompactdisc";  }
+    { name="mplayerthumbs";  }
+  ];
+}
+{
+  module="kdegraphics";
+  split=true;
+  pkgs=[
+    { name="gwenview";  }
+    { name="kamera";  }
+    { name="kcolorchooser";  }
+    { name="kdegraphics-mobipocket"; sane="kdegraphics_mobipocket"; }
+    { name="kdegraphics-strigi-analyzer"; sane="kdegraphics_strigi_analyzer"; }
+    { name="kdegraphics-thumbnailers"; sane="kdegraphics_thumbnailers"; }
+    { name="kgamma";  }
+    { name="kolourpaint";  }
+    { name="kruler";  }
+    { name="ksaneplugin";  }
+    { name="ksnapshot";  }
+    { name="libkdcraw";  }
+    { name="libkexiv2";  }
+    { name="libkipi";  }
+    { name="libksane";  }
+    { name="okular";  }
+    { name="svgpart";  }
+  ];
+}
+{
+  module="kdelibs";
+  split=true;
+  pkgs=[
+    { name="kdelibs";  }
+    { name="nepomuk-core"; sane="nepomuk_core"; }
+    { name="nepomuk-widgets"; sane="nepomuk_widgets"; }
+  ];
+}
+{
+  module="kdenetwork";
+  split=true;
+  pkgs=[
+    { name="kdenetwork-filesharing"; sane="kdenetwork_filesharing"; }
+    { name="kdenetwork-strigi-analyzers"; sane="kdenetwork_strigi_analyzers"; }
+    { name="kdnssd";  }
+    { name="kget";  }
+    { name="kopete";  }
+    { name="kppp";  }
+    { name="krdc";  }
+    { name="krfb";  }
+  ];
+}
+{
+  module="kdeutils";
+  split=true;
+  pkgs=[
+    { name="ark";  }
+    { name="filelight";  }
+    { name="kcalc";  }
+    { name="kcharselect";  }
+    { name="kdf";  }
+    { name="kfloppy";  }
+    { name="kgpg";  }
+    { name="kremotecontrol";  }
+    { name="ktimer";  }
+    { name="kwallet";  }
+    { name="print-manager"; sane="print_manager"; }
+    { name="superkaramba";  }
+    { name="sweeper";  }
+  ];
+}
+{
+  module="applications";
+  split=true;
+  pkgs=[
+    { name="kate";  }
+    { name="konsole";  }
+  ];
+}
+{
+  module="kdetoys";
+  split=true;
+  pkgs=[
+    { name="amor";  }
+    { name="kteatime";  }
+    { name="ktux";  }
+  ];
+}
+{
+  module="kdesdk";
+  split=true;
+  pkgs=[
+    { name="cervisia";  }
+    { name="dolphin-plugins"; sane="dolphin_plugins"; }
+    { name="kapptemplate";  }
+    { name="kcachegrind";  }
+    { name="kde-dev-scripts"; sane="kde_dev_scripts"; }
+    { name="kde-dev-utils"; sane="kde_dev_utils"; }
+    { name="kdesdk-kioslaves"; sane="kdesdk_kioslaves"; }
+    { name="kdesdk-strigi-analyzers"; sane="kdesdk_strigi_analyzers"; }
+    { name="kdesdk-thumbnailers"; sane="kdesdk_thumbnailers"; }
+    { name="kompare";  }
+    { name="lokalize";  }
+    { name="okteta";  }
+    { name="poxml";  }
+    { name="umbrello";  }
+  ];
+}
+{
+  module="kdegames";
+  split=true;
+  pkgs=[
+    { name="bomber";  }
+    { name="bovo";  }
+    { name="granatier";  }
+    { name="kajongg";  }
+    { name="kapman";  }
+    { name="katomic";  }
+    { name="kblackbox";  }
+    { name="kblocks";  }
+    { name="kbounce";  }
+    { name="kbreakout";  }
+    { name="kdiamond";  }
+    { name="kfourinline";  }
+    { name="kgoldrunner";  }
+    { name="kigo";  }
+    { name="killbots";  }
+    { name="kiriki";  }
+    { name="kjumpingcube";  }
+    { name="klickety";  }
+    { name="klines";  }
+    { name="kmahjongg";  }
+    { name="kmines";  }
+    { name="knavalbattle";  }
+    { name="knetwalk";  }
+    { name="kolf";  }
+    { name="kollision";  }
+    { name="konquest";  }
+    { name="kpat";  }
+    { name="kreversi";  }
+    { name="kshisen";  }
+    { name="ksirk";  }
+    { name="ksnakeduel";  }
+    { name="kspaceduel";  }
+    { name="ksquares";  }
+    { name="ksudoku";  }
+    { name="ktuberling";  }
+    { name="kubrick";  }
+    { name="libkdegames";  }
+    { name="libkmahjongg";  }
+    { name="lskat";  }
+    { name="palapeli";  }
+    { name="picmi";  }
+  ];
+}
+{
+  module="kdeedu";
+  split=true;
+  pkgs=[
+    { name="analitza";  }
+    { name="blinken";  }
+    { name="cantor";  }
+    { name="kalgebra";  }
+    { name="kalzium";  }
+    { name="kanagram";  }
+    { name="kbruch";  }
+    { name="kgeography";  }
+    { name="khangman";  }
+    { name="kig";  }
+    { name="kiten";  }
+    { name="klettres";  }
+    { name="kmplot";  }
+    { name="kstars";  }
+    { name="ktouch";  }
+    { name="kturtle";  }
+    { name="kwordquiz";  }
+    { name="libkdeedu";  }
+    { name="marble";  }
+    { name="pairs";  }
+    { name="parley";  }
+    { name="rocs";  }
+    { name="step";  }
+  ];
+}
+{
+  module="kdeadmin";
+  split=true;
+  pkgs=[
+    { name="kcron";  }
+    { name="ksystemlog";  }
+    { name="kuser";  }
+  ];
+}
+{
+  module="kdebindings";
+  split=true;
+  pkgs=[
+    { name="kimono";  }
+    { name="korundum";  }
+    { name="kross-interpreters"; sane="kross_interpreters"; }
+    { name="perlkde";  }
+    { name="perlqt";  }
+    { name="pykde4";  }
+    { name="qtruby";  }
+    { name="qyoto";  }
+    { name="smokegen";  }
+    { name="smokekde";  }
+    { name="smokeqt";  }
+  ];
+}
+{
+  module="kdeaccessibility";
+  split=true;
+  pkgs=[
+    { name="jovie";  }
+    { name="kaccessible";  }
+    { name="kmag";  }
+    { name="kmousetool";  }
+    { name="kmouth";  }
+  ];
+}
+{
+  module="kde-baseapps";
+sane="kde_baseapps";  split=true;
+  pkgs=[
+    { name="kde-baseapps"; sane="kde_baseapps"; }
+  ];
+}
+{ module="kactivities";  split=false;}
+{ module="kdeartwork";  split=false;
+  pkgs=[
+    { name="ColorSchemes"; }
+    { name="IconThemes"; }
+    { name="emoticons"; }
+    { name="kscreensaver"; }
+    { name="kwin-styles"; sane="kwin_styles";}
+    { name="sounds"; }
+    { name="styles"; }
+    { name="wallpapers"; }
+    { name="HighResolutionWallpapers"; }
+    { name="WeatherWallpapers"; }
+    { name="desktopthemes"; }
+  ];
+
+}
+{ module="kde-base-artwork"; sane="kde_base_artwork"; split=false;}
+{ module="kdelibs";  split=false;}
+{ module="kdepim";  split=false;}
+{ module="kdepimlibs";  split=false;}
+{ module="kdepim-runtime"; sane="kdepim_runtime"; split=false;}
+{ module="kdeplasma-addons"; sane="kdeplasma_addons"; split=false;}
+{ module="kde-runtime"; sane="kde_runtime"; split=false;}
+{ module="kde-wallpapers"; sane="kde_wallpapers"; split=false;}
+{ module="kdewebdev";  split=false;
+  pkgs=[
+    { name="klinkstatus"; }
+    { name="kfilereplace"; }
+    { name="kimagemapeditor"; }
+    { name="kommander"; }
+  ];
+
+}
+{ module="kde-workspace"; sane="kde_workspace"; split=false;}
+{ module="oxygen-icons"; sane="oxygen_icons"; split=false;}
+];
+}
diff --git a/pkgs/desktops/kde-4.8/kde-package/kde-submodules.xslt b/pkgs/desktops/kde-4.11/kde-package/kde-submodules.xslt
index 952a05a9d274..952a05a9d274 100644
--- a/pkgs/desktops/kde-4.8/kde-package/kde-submodules.xslt
+++ b/pkgs/desktops/kde-4.11/kde-package/kde-submodules.xslt
diff --git a/pkgs/desktops/kde-4.11/l10n/manifest-4.11.2.nix b/pkgs/desktops/kde-4.11/l10n/manifest-4.11.2.nix
new file mode 100644
index 000000000000..42591369aea1
--- /dev/null
+++ b/pkgs/desktops/kde-4.11/l10n/manifest-4.11.2.nix
@@ -0,0 +1,272 @@
+[
+{
+  lang = "ar";
+  saneName = "ar";
+  sha256 = "0w0p0ahh6xjk3i545vmkkaxb92s1liv8z0cgnpdh13y0i8gislzs";
+}
+{
+  lang = "bg";
+  saneName = "bg";
+  sha256 = "0wghv6q8mgj5cd2n56137zfxjw1jfy4y1d6x3wi0cjjjf61al4yj";
+}
+{
+  lang = "bs";
+  saneName = "bs";
+  sha256 = "0g14kvfbzf9p9w5279ny1ziygn2zw0z4rpsm8b6msia9afa3vscp";
+}
+{
+  lang = "ca";
+  saneName = "ca";
+  sha256 = "0kcbzwmk9dy0nwfjhrpmp97aqnpdrmy7lya16sikj98fwbd2d7i0";
+}
+{
+  lang = "ca@valencia";
+  saneName = "ca_valencia";
+  sha256 = "0p3g5bwqwvr7mmwz583km498cb9jl4yr6s4v3jdx2w1pv0iqfbfx";
+}
+{
+  lang = "cs";
+  saneName = "cs";
+  sha256 = "03310xg8v5hdydi5najijni4nmkycarz2n7764vdl8h3wjlxs101";
+}
+{
+  lang = "da";
+  saneName = "da";
+  sha256 = "06h19xbbkhmmaicmkjzpa6w1hp5gq3bfblvdjdb4qwm3jbp09kz0";
+}
+{
+  lang = "de";
+  saneName = "de";
+  sha256 = "08wbgb4brgihpa7sk29lzihaqg8zv024cdd4fr6s5zvrpchx3s8s";
+}
+{
+  lang = "el";
+  saneName = "el";
+  sha256 = "0a3cakngqampvczhgn52y942d131cqd68yjsr71adcgmm5r5iv7s";
+}
+{
+  lang = "en_GB";
+  saneName = "en_GB";
+  sha256 = "12pl1sm44bi2d07qliaazniy1a9h9jp7slvwn8l11pgfh7ygiyxn";
+}
+{
+  lang = "es";
+  saneName = "es";
+  sha256 = "1b7jd6clbwjyivpy94wz148gapdzvlggg38lv0a9zl6fkfpa6xbi";
+}
+{
+  lang = "et";
+  saneName = "et";
+  sha256 = "133wf25qhnls7a2i3s99kk8va21d2cg7v3khvgscpm1im8gi81nz";
+}
+{
+  lang = "eu";
+  saneName = "eu";
+  sha256 = "11szsx11vnwi3l41nsvk013nwx0gs8vdilr1jm8qz3zfbm14v7a7";
+}
+{
+  lang = "fa";
+  saneName = "fa";
+  sha256 = "0fi443pcrjvnivi76llfssw52nzddvxrabqcqxr0czfak2r6nlf5";
+}
+{
+  lang = "fi";
+  saneName = "fi";
+  sha256 = "0lqzaprzd7az7aslaswhdriwhcdsx9abxq90jwkpq2vliz7gxjp5";
+}
+{
+  lang = "fr";
+  saneName = "fr";
+  sha256 = "0c32hmg7ns4z585bysq8iqjhbfp33a5wi6r0p1hqrh5y1sc3wjj9";
+}
+{
+  lang = "ga";
+  saneName = "ga";
+  sha256 = "060lk2l1q9p39z90qajhiqdsiiwk1qf221087mx5xny1z5ngnnim";
+}
+{
+  lang = "gl";
+  saneName = "gl";
+  sha256 = "17a9xpqbqgnhlfhr85v4n3ll88dzn3z4jk6nilq149c7dg8ilnma";
+}
+{
+  lang = "he";
+  saneName = "he";
+  sha256 = "0k97r2j0iv017qrn9yh08cqji2pkrx5vy51jypr305ffmxy1dgn9";
+}
+{
+  lang = "hi";
+  saneName = "hi";
+  sha256 = "15vgih10aa11d048cazh1zjr6s08w34hp4xxp8cgcmpm11px460g";
+}
+{
+  lang = "hr";
+  saneName = "hr";
+  sha256 = "05x0bjn6dfn0k2v822sc6f45jk196sf1xj7ikn7ws7rm3nkc3sgp";
+}
+{
+  lang = "hu";
+  saneName = "hu";
+  sha256 = "00g7x922zxkscrkk8n9xc123qfzbmf7kkyavdsnz4jkx4msrlav3";
+}
+{
+  lang = "ia";
+  saneName = "ia";
+  sha256 = "0zaxa42sgscbnb8zbp878qk9d5lwdm08szr9xda287jpvzw3asss";
+}
+{
+  lang = "is";
+  saneName = "is";
+  sha256 = "00l1rh7z8fapmb3ngxnp91xz1qz110r995jk42gw77hvmf0gabb6";
+}
+{
+  lang = "it";
+  saneName = "it";
+  sha256 = "0d0b44vmiaazjsc4d7wlwg36n3ig87xj3m89hlhkhvwrisg5ccv8";
+}
+{
+  lang = "ja";
+  saneName = "ja";
+  sha256 = "04qrj66qd65yqv1zrwi1pspmwdj129m9kkmpa3rdfgml37ign7q8";
+}
+{
+  lang = "kk";
+  saneName = "kk";
+  sha256 = "1zywlhg1yr2llr8cvn4gm4ap7kqgc2lff6yi75dd782whsphqm67";
+}
+{
+  lang = "km";
+  saneName = "km";
+  sha256 = "16s126qw8kvsvidrhh02y12y8wln3skg0cn6ri658mz2ld9iicvd";
+}
+{
+  lang = "ko";
+  saneName = "ko";
+  sha256 = "1lrh3bly0hvzxa0zxibb45v2711fvv81i3ca9d628m68mzxim13q";
+}
+{
+  lang = "lt";
+  saneName = "lt";
+  sha256 = "0hf9156vi0y17hlvrn18fsdfzpaq5ylprvv55i42idxfdjr1plmq";
+}
+{
+  lang = "lv";
+  saneName = "lv";
+  sha256 = "1zrwwglpyw8qlqw9xyhz6pwjyrasdgfclaz2hicsgv1300nxjv4h";
+}
+{
+  lang = "mr";
+  saneName = "mr";
+  sha256 = "0nagjxn4pmmcz6762jz9dx42sarkjm7fpkblw9w42znx8zvn5nmw";
+}
+{
+  lang = "nb";
+  saneName = "nb";
+  sha256 = "0lb58d2vhpcnnnqnplq2i2fapkygyb47yq0rc7c93rsf10cw9n0v";
+}
+{
+  lang = "nds";
+  saneName = "nds";
+  sha256 = "08l4s3gwnz84sg5mlrj52wdclkm4yhj0a03jxwcfpgfypi3v0n84";
+}
+{
+  lang = "nl";
+  saneName = "nl";
+  sha256 = "0m6c9dxcdqgcxlx4k160nra0g11im0c2f0hf1fyk1hkb6fdq2li9";
+}
+{
+  lang = "nn";
+  saneName = "nn";
+  sha256 = "1kp8m2cc131arkhj7z6dsq69mh6abws7963avszbkf0zq31nnxp4";
+}
+{
+  lang = "pa";
+  saneName = "pa";
+  sha256 = "01ay3q7swf1vh72wrjlhpi0id7sa2a8pj8n79xn583mlzwcbmzwv";
+}
+{
+  lang = "pl";
+  saneName = "pl";
+  sha256 = "1rf288q1c412y161sk2y3yvy3pq159avih4d90k0laphfhhisjnv";
+}
+{
+  lang = "pt";
+  saneName = "pt";
+  sha256 = "0mld9dmvj9c8xay587hm7dvrbx964zdhysyi4fldad54imc61rdc";
+}
+{
+  lang = "pt_BR";
+  saneName = "pt_BR";
+  sha256 = "18c3bws8fakii5qjm0vpni6fmzw6118ndmjz4v83nk6nmy6ww0i1";
+}
+{
+  lang = "ro";
+  saneName = "ro";
+  sha256 = "16q3jahvpw3lpxlwqxhhd8xc9qfra2chc6g5cik8dw011sqg0zaa";
+}
+{
+  lang = "ru";
+  saneName = "ru";
+  sha256 = "0c62msjf34hz5f0il3x7wk4flpjk2w5f4vdpz43vr245qds2vxrl";
+}
+{
+  lang = "sk";
+  saneName = "sk";
+  sha256 = "0vl8y4z60nxgkgkxkzqkak7gcyc2295nxm6hghmrhfn5zyfpp99k";
+}
+{
+  lang = "sl";
+  saneName = "sl";
+  sha256 = "0wdv1lya8s4b97933dv72cvq7qa19ndp1knb0270pg5y74y2vq2s";
+}
+{
+  lang = "sr";
+  saneName = "sr";
+  sha256 = "1lafrmz16j8kzs9nvrn6j84c7wyxzwpvnn0z6ic22bzg646m276y";
+}
+{
+  lang = "sv";
+  saneName = "sv";
+  sha256 = "1cxy79ya3i2fm7b6w0ilpri0qrhm4bgkx3qwvgqz13lgw1p716qv";
+}
+{
+  lang = "tg";
+  saneName = "tg";
+  sha256 = "1jww7nfz8ssgqrldc11agnwv4plcr9vr4fv5q7bspa33hgm94r47";
+}
+{
+  lang = "tr";
+  saneName = "tr";
+  sha256 = "0kflzm80pg8l5ing3xzp1g0n9hm1sky8201s2z05aahj2rcw4bws";
+}
+{
+  lang = "ug";
+  saneName = "ug";
+  sha256 = "15szx7r75d0iw21hwggp96zm9s5i7svsvmqfncvd79mdmnhr2x5i";
+}
+{
+  lang = "uk";
+  saneName = "uk";
+  sha256 = "16l7rkxw5am90dqrkjjdvih1dvchgkggf5rinv7bpfk5z65f0ccy";
+}
+{
+  lang = "vi";
+  saneName = "vi";
+  sha256 = "08phva4y5982qvrb050n4pl7gnr2yg4zvazfg9lh38ba63l6d2g8";
+}
+{
+  lang = "wa";
+  saneName = "wa";
+  sha256 = "0byfyav76m7igwix5vj69bvl2rpaxmv8ncz1xc2azyrdxjba9ggd";
+}
+{
+  lang = "zh_CN";
+  saneName = "zh_CN";
+  sha256 = "176xnyxl7in1b3igy7vh6g2pz8ch32g0n6kddkkj0a13h69s5vyz";
+}
+{
+  lang = "zh_TW";
+  saneName = "zh_TW";
+  sha256 = "0i71xxxpb6p95pa69frhxqb27i935bb1vxjb3i51yms95x3gbpjs";
+}
+]
diff --git a/pkgs/desktops/kde-4.11/oxygen-icons.nix b/pkgs/desktops/kde-4.11/oxygen-icons.nix
index bdc3c5813716..d7679cc3d015 100644
--- a/pkgs/desktops/kde-4.11/oxygen-icons.nix
+++ b/pkgs/desktops/kde-4.11/oxygen-icons.nix
@@ -3,7 +3,7 @@
 kde {
   outputHashAlgo = "sha256";
   outputHashMode = "recursive";
-  outputHash = "03wzq5b9yn7x7qjl6vypsa4jh2km0vz122wyg0pfk6nfl1frgnjf";
+  outputHash = "1y765lfsy63kc4h1g1f3fc42aqlhn7svmidrkxm12nia4jazj6db";
 
   nativeBuildInputs = [ cmake ];
 
diff --git a/pkgs/desktops/kde-4.8/default.nix b/pkgs/desktops/kde-4.8/default.nix
deleted file mode 100644
index b77a9e4bfecf..000000000000
--- a/pkgs/desktops/kde-4.8/default.nix
+++ /dev/null
@@ -1,60 +0,0 @@
-{ callPackage, callPackageOrig, stdenv, qt48 }:
-
-let
-  release = "4.8.4";
-
-  # Need callPackageOrig to avoid infinite cycle
-  kde = callPackageOrig ./kde-package {
-    inherit release ignoreList extraSubpkgs callPackage;
-  };
-
-  # The list of igored individual modules
-  ignoreList = {
-    # Doesn't work yet
-    kdeutils = [ "ksecrets" ];
-    # kdeadmin/strigi-analyzer has no real code
-    kdeadmin = [ "strigi-analyzer" ];
-    # kdesdk/kioslave is splitted into kioslave-svn and kioslave-git
-    kdesdk = [ "kioslave" ];
-    # Most of kdebindings do not compile due to a bug in the buildsystem
-    kdebindings = [ "kimono" "korundum" "kross-interpreters" "perlkde" "qyoto" ];
-  };
-
-  # Extra subpackages in the manifest format
-  extraSubpkgs = {
-    kdesdk =
-      [
-      {
-        name = "kioslave-svn";
-        sane = "kioslave_svn";
-        subdir = "kioslave";
-      }
-      {
-        name = "kioslave-perldoc";
-        sane = "kioslave_perldoc";
-        subdir = "kioslave";
-      }
-      ];
-  };
-
-in
-
-kde.modules // kde.individual //
-{
-  inherit (kde) manifest modules individual splittedModuleList;
-
-  akonadi = callPackage ./support/akonadi { };
-
-  qt4 = qt48;
-
-  kdebase_workspace = kde.modules.kde_workspace;
-
-  inherit release;
-
-  full = stdenv.lib.attrValues kde.modules;
-
-  l10n = callPackage ./l10n {
-    inherit release;
-    inherit (kde.manifest) stable;
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/files/kde-wallpapers-buildsystem.patch b/pkgs/desktops/kde-4.8/files/kde-wallpapers-buildsystem.patch
deleted file mode 100644
index 378cdb646940..000000000000
--- a/pkgs/desktops/kde-4.8/files/kde-wallpapers-buildsystem.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 3d3e247..f78db67 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -1,5 +1,10 @@
--find_package(KDE4 REQUIRED)
--include(KDE4Defaults)
-+project(kde-wallpapers NONE)
-+if( WALLPAPER_INSTALL_DIR )
-+  message(STATUS "Installing wallpapers to user-supplied directory ${WALLPAPER_INSTALL_DIR}")
-+else()
-+  find_package(KDE4 REQUIRED)
-+  include(KDE4Defaults)
-+endif()
- 
- install(DIRECTORY Air DESTINATION ${WALLPAPER_INSTALL_DIR} PATTERN .svn EXCLUDE)
- 
diff --git a/pkgs/desktops/kde-4.8/files/polkit-install.patch b/pkgs/desktops/kde-4.8/files/polkit-install.patch
deleted file mode 100644
index d2ecac663ec5..000000000000
--- a/pkgs/desktops/kde-4.8/files/polkit-install.patch
+++ /dev/null
@@ -1,12 +0,0 @@
-diff -ru -x '*~' kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake
---- kdelibs-4.6.90-orig/kdecore/auth/ConfigureChecks.cmake	2011-05-20 22:24:54.000000000 +0200
-+++ kdelibs-4.6.90/kdecore/auth/ConfigureChecks.cmake	2011-07-12 14:03:00.000000000 +0200
-@@ -139,7 +139,7 @@
-         ${CMAKE_INSTALL_PREFIX} _KDE4_AUTH_POLICY_FILES_INSTALL_DIR
-         ${POLKITQT-1_POLICY_FILES_INSTALL_DIR})
- 
--    set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR ${_KDE4_AUTH_POLICY_FILES_INSTALL_DIR} CACHE STRING 
-+    set(KDE4_AUTH_POLICY_FILES_INSTALL_DIR "\${CMAKE_INSTALL_PREFIX}/share/polkit-1/actions" CACHE STRING 
-         "Where policy files generated by KAuth will be installed" FORCE)
- elseif(KDE4_AUTH_BACKEND_NAME STREQUAL "FAKE")
-     set (KAUTH_COMPILING_FAKE_BACKEND TRUE)
diff --git a/pkgs/desktops/kde-4.8/kactivities.nix b/pkgs/desktops/kde-4.8/kactivities.nix
deleted file mode 100644
index 8f726577ef89..000000000000
--- a/pkgs/desktops/kde-4.8/kactivities.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, shared_desktop_ontologies }:
-
-kde {
-  propagatedBuildInputs = [ kdelibs shared_desktop_ontologies ];
-
-  meta = {
-    description = "KDE activities library and daemon";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-baseapps/kate.nix b/pkgs/desktops/kde-4.8/kde-baseapps/kate.nix
deleted file mode 100644
index 1ffbcf9ebf98..000000000000
--- a/pkgs/desktops/kde-4.8/kde-baseapps/kate.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Kate, the KDE Advanced Text Editor, as well as KWrite";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-baseapps/kde-baseapps.nix b/pkgs/desktops/kde-4.8/kde-baseapps/kde-baseapps.nix
deleted file mode 100644
index 45192e0c4600..000000000000
--- a/pkgs/desktops/kde-4.8/kde-baseapps/kde-baseapps.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, shared_desktop_ontologies, glib, htmlTidy }:
-
-kde {
-  buildInputs = [ kdelibs shared_desktop_ontologies glib htmlTidy ];
-
-  meta = {
-    description = "Base KDE applications, including the Dolphin file manager and Konqueror web browser";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-baseapps/konsole.nix b/pkgs/desktops/kde-4.8/kde-baseapps/konsole.nix
deleted file mode 100644
index 0db47fb2d7c4..000000000000
--- a/pkgs/desktops/kde-4.8/kde-baseapps/konsole.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, kde_baseapps }:
-
-kde {
-
-  buildInputs = [ kdelibs kde_baseapps ];
-
-  meta = {
-    description = "Konsole, the KDE terminal emulator";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-package/4.8.4.nix b/pkgs/desktops/kde-4.8/kde-package/4.8.4.nix
deleted file mode 100644
index 6fbaf097be09..000000000000
--- a/pkgs/desktops/kde-4.8/kde-package/4.8.4.nix
+++ /dev/null
@@ -1,299 +0,0 @@
-{stable=true;
-hashes=builtins.listToAttrs[
-  {name="analitza";value="0g3k6i9ncl8m8xr85wz6k0vbmjq7jwmygm0353jq2lj2hy5i2ipg";}
-  {name="ark";value="10m6bmiz4ylgbmxx03q0zfayy1zinxx696jczmllxn557z75nzn5";}
-  {name="blinken";value="1n0m70by3wd5d4nqlgqrm6bg0nplc3b92cn74xq5adi1dfi63ggr";}
-  {name="cantor";value="1grjxbzyshc9jlmx9gvxfsxdhcgrn391s3bh0mmprnk0kcsi4s5i";}
-  {name="filelight";value="1fpkwyz74nqm0szfylbjqfxwv25rgfdg03ghq5mncs2ys8mh4rn1";}
-  {name="gwenview";value="1xxkhq4psl3zq0ah6fp42s5ih1xik0kxq4sb2r2mhkimrsj11rvz";}
-  {name="jovie";value="103d7c1h3qfqsh6phyxm4g712kykkpd1vls26kypn3d6linc9p1s";}
-  {name="kaccessible";value="0s772i8nc1lx6c8sjsy3m928dcyackd8pay44b8nlp8k8hzh5x62";}
-  {name="kactivities";value="0kxpg0bwr9ph3bzndc5vqgfqkxy443chyg3rbrdvgbgb0xm54r5f";}
-  {name="kalgebra";value="0p5qhxwd6h8kvfd8n81ah0pszaa550z7y2zlzvrgypmfcgx8a802";}
-  {name="kalzium";value="17sxslsg5pi1xh7l0h6y0rmjhb6nshq9psjjjqwhfl7id6ansb24";}
-  {name="kamera";value="0r8rr4lq3jrvfz2fw4in83vsxqjm02x16h842r4hnn3k5svaqs49";}
-  {name="kanagram";value="02wp2rkm5m6920rvs6iyalvv4xczgh21w1mrf4a694j14fna4m1n";}
-  {name="kate";value="0530rq6pfrim2mfjkvpl9qxv56fykml7aq3awchyda3xbkq7vk3y";}
-  {name="kbruch";value="1znm2dmsib7svyfqpyhblip5ic4y2xdylax1kxx7ssmjgsi3bw54";}
-  {name="kcalc";value="1dv3d833ksz9bqrwhq9pbsqk0a8hv3jlqlxbqccwgkx840hmpclz";}
-  {name="kcharselect";value="015pj1zmlnjr8ys3arks3b1yqf8rh9fc02p0xfq1fkp11ing0lfg";}
-  {name="kcolorchooser";value="04360b4pjsdl0ckdwipn3y407fmsx2bimkzqqm01hz4vdyb41d9k";}
-  {name="kdeadmin";value="0qvynvim50xsv060598bhv6pwxd578sg25g1z2dzdi4ih021nlr0";}
-  {name="kdeartwork";value="1v5an8385d9zjb29ps94xgvpazpvqffxnlvfp4940pj5imdg98nm";}
-  {name="kde-baseapps";value="0z2jasna2d8i3iy8w4grylfml9a510imhl0bxnsw6whar409rzki";}
-  {name="kdegames";value="1jji5dw9qllhv7zh7a456iwwsb5vqrvjd0p871s2qi8lcd54fs1a";}
-  {name="kdegraphics-mobipocket";value="1ya4jzj864ikw6ysp9ip1ha2n6a8im380k4yhmca9agp5f21zvva";}
-  {name="kdegraphics-strigi-analyzer";value="1cwvaszjawzdbvggxzzaxvxdjpxmr9x4p4fqy4wq38qzx06lnsd1";}
-  {name="kdegraphics-thumbnailers";value="1zxvqzadmcsy5ydxx617gpfh3vswcrnyjwn19scy1cv7nwdpxnqj";}
-  {name="kdelibs";value="1wr0kadmc33kqbr93h05g6yxqwp66cgs9ab32danvqbfns0qgb15";}
-  {name="kdemultimedia";value="0h56vy27kb1s4p3vpa42gj3xjbpwl38n97bbjq7g1vj8dq2k0pl4";}
-  {name="kdenetwork";value="10lyrygi3avfiyaqxgw9g6dc3pmsbggawjvnkxhm8f2j2gy7sbbc";}
-  {name="kdepim";value="0q4fq26gg3hfmvxzfbizsa1ffk88a994k31ybbv72b7xcdjz68ff";}
-  {name="kdepimlibs";value="1wqi7dh1w3cinkd8sgc0zx9qf7fyvizli4asbimxh5faal1b10bb";}
-  {name="kdepim-runtime";value="1v1klgcfa0hwi7bxqn0nphd7hlbxwh3v6apghra0b8f7qqnzxysp";}
-  {name="kdeplasma-addons";value="1f4bpgrjqa9c1ikngc9wn3a0y0hw39icswc77ys4j04b9zazg8qn";}
-  {name="kde-runtime";value="0g2jlxfxm4flx1pr920hbmqaq433y8bdglk08vnhycychppkacmc";}
-  {name="kdesdk";value="15zg649sm851ig7yxcsv9cx54x36k94y83q1wvm1kf84jb1vl1yg";}
-  {name="kdetoys";value="038h6fmqfy7mh2i7kg3510w0jwji9hac94dpzfmfgk36i461dbnn";}
-  {name="kde-wallpapers";value="18hbd9d19yf48vs4vmxrrxvr87baxxlf3z417f69kgvjpvmpl905";}
-  {name="kdewebdev";value="1mv5nq8ayz5np1vmgk58dsai6wmqdl1kvq96pvi5awmhxxla2f5x";}
-  {name="kde-workspace";value="12vn117nbqxipvb58v7swc4prfddijz7m0c03xn5wi1kbzq5xj9n";}
-  {name="kdf";value="0alc9a7x75f8dx5gbhdqwn0xfx7kr5q7dl9qfmcmrgm9vn6agxpw";}
-  {name="kfloppy";value="0ajc3yq86n4q7hxjgibvkrbbagg7xnlbd6g7mx3cvmq9l7na105b";}
-  {name="kgamma";value="1yviy8xz8cqlbpvjj7sp9jylq4lk98r3mpp6lxl95ypkjqbjx8w3";}
-  {name="kgeography";value="0wklqqprg7d7mxjlwfyv4n5d2igkr6b2i174vxzdhj9dbsh9r67f";}
-  {name="kgpg";value="034mg0s5v0vqq59x1fwddslg6r2dx3v70icka6j2r9lhi8635j5m";}
-  {name="khangman";value="0b64pqywvxdxrbp3xcscimdlsn44hwlvm6ydxiwx2salm2rn9xxa";}
-  {name="kig";value="0cblkm71j78dq4r90r9fladn8nxq3xq75w40f85jl9dkmm1y3yiv";}
-  {name="kimono";value="1ij7bcvxv8zkfzcrmjasq6x0nf41104x5bj6ksfc8mibml182bq7";}
-  {name="kiten";value="1c3rdagddk0xd0j6vnp0bj16in78879niakvq1s35s7grgxh31ia";}
-  {name="klettres";value="0sxd3hwpzyzvjrvly0w2fwrssg4a9rs35fp9yi6in19x7x8rbsxl";}
-  {name="kmag";value="0fgddhsf9f5n4crzp4z2ii5p1asyvpbmsiqgb61kswqbpsr96mv8";}
-  {name="kmousetool";value="0f4ym6dihq9wmwaassap0ixam46lqjvf6jqkr6ib0y87myj3h9mi";}
-  {name="kmouth";value="1hpphlav8ip4kx3787p3dkfddkzpgg4mj25ripjcpy0xpbfvc2lw";}
-  {name="kmplot";value="19sab4hmdv8kwipgjzg4v3gq4lv1i17yh4hdq3y6lcyf7wjkxjpd";}
-  {name="kolourpaint";value="0mr4f1vbhg3vhap92f8jj5lkpfr8cjphn863vda49rfdydhv1x6w";}
-  {name="konsole";value="10fgjsq2dj56ifnzxy3dz87s92m2zfcmpqa751b5ar0wp3pil045";}
-  {name="korundum";value="0vkhf40ghbqgs9vxl7zpfq21r7sc9z4rm0iyl9cab04wvi9r2nsk";}
-  {name="kremotecontrol";value="11z0wc9yvpk72yrx9ic3zpky2z346wdkvs8qcik9nfbbxxpk4vnx";}
-  {name="kross-interpreters";value="0afqwxxsysd7wwl5xgwdw58q7hjr8y5sdvsfrz8sfkirinfdmp9s";}
-  {name="kruler";value="19xppbxvyw6qzgxz4y1yzz9g104464z1i7dvsd3919njqhsrm628";}
-  {name="ksaneplugin";value="0z2gkc0997s79haf2nxgg5xgvmpk5iz2s33147qhhy12hys6jq9m";}
-  {name="ksecrets";value="1f4n3x5rmc0l16q3bripk49mj0nyak6s3vf3v7j4g89qz8rr4c87";}
-  {name="ksnapshot";value="069v2qs4nl8514kdgcp6y03n1n4d6ymm5j5yq1wwrgij6iqc7a78";}
-  {name="kstars";value="1hl0z77cl317pm442lcd2hk6rb83hvch904a0jgflcxcd2w0gg54";}
-  {name="ktimer";value="1hf0sbl9y0a9w2xdxdl88lmv55skz7fp1kl9sgnsyj8gzjyv3nwa";}
-  {name="ktouch";value="00hij38zk469ja3ns9d7qpj91kyndwrnmf0v2fqd2nicv9mqxdih";}
-  {name="kturtle";value="0wvskx6cif0gsgvsc072i33jl58bp2n74vyl2qgbw4bibckp9aq8";}
-  {name="kwallet";value="1n4vl0gvr8sqh8ld0bmz3qdz8lws19vzndrp10xl5fmb40cibdsz";}
-  {name="kwordquiz";value="1w2xwfqz3bjmm0rg4pn08vgm7f0m1wr2bc8cwgjayc8105xy572h";}
-  {name="libkdcraw";value="0fpx8yprgrk6sg03xms8swgqb7b41ia2rnf9n5phm5hvbpwwbw9f";}
-  {name="libkdeedu";value="1nz53vjmd48x9vk73wrfz6k94drxv0w2nsa0nnh68q1mphxm8cz3";}
-  {name="libkexiv2";value="1w7h8ckq2b7pi6qdf8p7rk6jzpn5caxflzdczlaxa7jn84k4rsjn";}
-  {name="libkipi";value="02cdmqjky5sfwpz9m85yixkmcsh9ybjdspsi8dwhypndpq3pgj3w";}
-  {name="libksane";value="11wgzdccwix4whfdj8f7fyapxk9yp8jfra56s9gyn7a4sfgp40sp";}
-  {name="marble";value="09ph1lg3y6bzkxdnpwbhlysj9s56fbaxwsxpn2ydwg4vnsspspiy";}
-  {name="okular";value="06xd3xpm1hp2dk382p4sd2dj2gdwb1f4d97hkh67riddwwzlcdal";}
-  {name="oxygen-icons";value="0zw6kv456gf955ip28iykx8nmd4h0scpqdj4f035yqiyxms9p4g1";}
-  {name="parley";value="1mg5mkxlzrb1clnclsfcl4vpd8yn97asgcazlq9wmgr077z0f9yd";}
-  {name="perlkde";value="1k94rfchpi7nvzvwz2flx49ni92aw6x8cc6qnq1vr98j9hangjg4";}
-  {name="perlqt";value="0rjwd2d2jlqlsjvw6w198jb79kjib89p3gbslj4dfgblrq1cgrdq";}
-  {name="printer-applet";value="1y8r39dyc04bkqm33s65m77c6y4y19bi32v2cx5bl67w5377hvh0";}
-  {name="pykde4";value="0gnzqw2xj1swm2jr728fxb7l48ll8whvc4ranwcvx8920jdd8vk7";}
-  {name="qtruby";value="1ixb8kav1pxpkwar99p3cgwi6nql1dfjwmyq7ai2h8ls7g075gz8";}
-  {name="qyoto";value="07m64n9xlnpgmw6jj91vwyzzjnmwn9px3ckfi93qs4mgnsj263zi";}
-  {name="rocs";value="0zxdskps9ifc8yhrk6lngjsh4abp98pv7d9y48lw830jhy78bm57";}
-  {name="smokegen";value="08yzxg6x3bdpza7hld1bd1ils5ipav2laazcar811vsn70lr8rqy";}
-  {name="smokekde";value="1k8r7d82mbmilg2x565w9nwxb5x6xfznscqwv9vmsgync56nk982";}
-  {name="smokeqt";value="036128q7mz5701ikw7fjc22ygkmnlscckmlgv3nb8d914maa1cl0";}
-  {name="step";value="1i1334p7qlc84m8xjc4sp20pmnqal26y8854pcv7lh8r3xzyscd6";}
-  {name="superkaramba";value="05xgflb9ramhrqb6avqagxp1kcdax6qwdf1k6wm85l8ys6vjimry";}
-  {name="svgpart";value="0xrs93njmp5322m4dh3ycvwgl9p618kzsi5xmrnlksb9n0hi91gw";}
-  {name="sweeper";value="1gcyffzzap2gdxk3js43bllf87795f97i0lmykgyllhp364czv6x";}
-];
-modules=[
-{
-  module="kdegraphics";
-  split=true;
-  pkgs=[
-    { name="gwenview";  }
-    { name="kamera";  }
-    { name="kcolorchooser";  }
-    { name="kdegraphics-mobipocket"; sane="kdegraphics_mobipocket"; }
-    { name="kdegraphics-strigi-analyzer"; sane="kdegraphics_strigi_analyzer"; }
-    { name="kdegraphics-thumbnailers"; sane="kdegraphics_thumbnailers"; }
-    { name="kgamma";  }
-    { name="kolourpaint";  }
-    { name="kruler";  }
-    { name="ksaneplugin";  }
-    { name="ksnapshot";  }
-    { name="libkdcraw";  }
-    { name="libkexiv2";  }
-    { name="libkipi";  }
-    { name="libksane";  }
-    { name="okular";  }
-    { name="svgpart";  }
-  ];
-}
-{
-  module="kdeutils";
-  split=true;
-  pkgs=[
-    { name="ark";  }
-    { name="filelight";  }
-    { name="kcalc";  }
-    { name="kcharselect";  }
-    { name="kdf";  }
-    { name="kfloppy";  }
-    { name="kgpg";  }
-    { name="kremotecontrol";  }
-    { name="ksecrets";  }
-    { name="ktimer";  }
-    { name="kwallet";  }
-    { name="printer-applet"; sane="printer_applet"; }
-    { name="superkaramba";  }
-    { name="sweeper";  }
-  ];
-}
-{
-  module="kdeedu";
-  split=true;
-  pkgs=[
-    { name="analitza";  }
-    { name="blinken";  }
-    { name="cantor";  }
-    { name="kalgebra";  }
-    { name="kalzium";  }
-    { name="kanagram";  }
-    { name="kbruch";  }
-    { name="kgeography";  }
-    { name="khangman";  }
-    { name="kig";  }
-    { name="kiten";  }
-    { name="klettres";  }
-    { name="kmplot";  }
-    { name="kstars";  }
-    { name="ktouch";  }
-    { name="kturtle";  }
-    { name="kwordquiz";  }
-    { name="libkdeedu";  }
-    { name="marble";  }
-    { name="parley";  }
-    { name="rocs";  }
-    { name="step";  }
-  ];
-}
-{
-  module="kdebindings";
-  split=true;
-  pkgs=[
-    { name="kimono";  }
-    { name="korundum";  }
-    { name="kross-interpreters"; sane="kross_interpreters"; }
-    { name="perlkde";  }
-    { name="perlqt";  }
-    { name="pykde4";  }
-    { name="qtruby";  }
-    { name="qyoto";  }
-    { name="smokegen";  }
-    { name="smokekde";  }
-    { name="smokeqt";  }
-  ];
-}
-{
-  module="kdeaccessibility";
-  split=true;
-  pkgs=[
-    { name="jovie";  }
-    { name="kaccessible";  }
-    { name="kmag";  }
-    { name="kmousetool";  }
-    { name="kmouth";  }
-  ];
-}
-{
-  module="kde-baseapps";
-sane="kde_baseapps";  split=true;
-  pkgs=[
-    { name="kate";  }
-    { name="kde-baseapps"; sane="kde_baseapps"; }
-    { name="konsole";  }
-  ];
-}
-{ module="kactivities";  split=false;}
-{ module="kdeadmin";  split=false;
-  pkgs=[
-    { name="strigi-analyzer"; sane="strigi_analyzer";}
-    { name="kuser"; }
-    { name="kcron"; }
-    { name="ksystemlog"; }
-    { name="system-config-printer-kde"; sane="system_config_printer_kde";}
-  ];
-
-}
-{ module="kdeartwork";  split=false;
-  pkgs=[
-    { name="ColorSchemes"; }
-    { name="IconThemes"; }
-    { name="emoticons"; }
-    { name="kscreensaver"; }
-    { name="kwin-styles"; sane="kwin_styles";}
-    { name="sounds"; }
-    { name="styles"; }
-    { name="wallpapers"; }
-    { name="HighResolutionWallpapers"; }
-    { name="WeatherWallpapers"; }
-    { name="desktopthemes"; }
-    { name="aurorae"; }
-  ];
-
-}
-{ module="kdegames";  split=false;}
-{ module="kdelibs";  split=false;}
-{ module="kdemultimedia";  split=false;}
-{ module="kdenetwork";  split=false;
-  pkgs=[
-    { name="kfile-plugins"; sane="kfile_plugins";}
-    { name="kget"; }
-    { name="kopete"; }
-    { name="krdc"; }
-    { name="kppp"; }
-    { name="krfb"; }
-    { name="kdnssd"; }
-    { name="filesharing"; }
-  ];
-
-}
-{ module="kdepim";  split=false;}
-{ module="kdepimlibs";  split=false;}
-{ module="kdepim-runtime"; sane="kdepim_runtime"; split=false;}
-{ module="kdeplasma-addons"; sane="kdeplasma_addons"; split=false;}
-{ module="kde-runtime"; sane="kde_runtime"; split=false;}
-{ module="kdesdk";  split=false;
-  pkgs=[
-    { name="cervisia"; }
-    { name="lokalize"; }
-    { name="kdeaccounts-plugin"; sane="kdeaccounts_plugin";}
-    { name="dolphin-plugins-svn"; sane="dolphin_plugins_svn";subdir="dolphin-plugins/svn"; }
-    { name="dolphin-plugins-git"; sane="dolphin_plugins_git";subdir="dolphin-plugins/git"; }
-    { name="dolphin-plugins-hg"; sane="dolphin_plugins_hg";subdir="dolphin-plugins/hg"; }
-    { name="dolphin-plugins-bazaar"; sane="dolphin_plugins_bazaar";subdir="dolphin-plugins/bazaar"; }
-    { name="kcachegrind"; }
-    { name="kapptemplate"; }
-    { name="kpartloader"; }
-    { name="strigi-analyzer"; sane="strigi_analyzer";}
-    { name="kioslave"; }
-    { name="okteta"; }
-    { name="kmtrace"; }
-    { name="kompare"; }
-    { name="kprofilemethod"; }
-    { name="kstartperf"; }
-    { name="kuiviewer"; }
-    { name="poxml"; }
-    { name="scripts"; }
-    { name="umbrello"; }
-  ];
-
-}
-{ module="kdetoys";  split=false;
-  pkgs=[
-    { name="kteatime"; }
-    { name="ktux"; }
-    { name="amor"; }
-  ];
-
-}
-{ module="kde-wallpapers"; sane="kde_wallpapers"; split=false;}
-{ module="kdewebdev";  split=false;
-  pkgs=[
-    { name="klinkstatus"; }
-    { name="kfilereplace"; }
-    { name="kimagemapeditor"; }
-    { name="kommander"; }
-  ];
-
-}
-{ module="kde-workspace"; sane="kde_workspace"; split=false;}
-{ module="oxygen-icons"; sane="oxygen_icons"; split=false;}
-];
-}
diff --git a/pkgs/desktops/kde-4.8/kde-package/default.nix b/pkgs/desktops/kde-4.8/kde-package/default.nix
deleted file mode 100644
index 8a6e8e167517..000000000000
--- a/pkgs/desktops/kde-4.8/kde-package/default.nix
+++ /dev/null
@@ -1,128 +0,0 @@
-{ callPackage, runCommand, stdenv, fetchurl, qt4, cmake, automoc4
-, release, ignoreList, extraSubpkgs
-}:
-
-let
-  inherit (stdenv.lib) filter fold;
-  inherit (builtins) getAttr hasAttr remoteAttrs listToAttrs tail head;
-in
-rec {
-  manifest = import (./. + "/${release}.nix");
-
-  # src attribute for $name tarball
-  kdesrc = name: fetchurl {
-    url = "mirror://kde/" + (if manifest.stable then "" else "un")
-      + "stable/${release}/src/${name}-${release}.tar.xz";
-    sha256 = getAttr name manifest.hashes;
-  };
-
-  # Default meta attribute
-  defMeta = {
-    homepage = http://www.kde.org;
-    platforms = stdenv.lib.platforms.linux;
-    inherit (qt4.meta) maintainers;
-  };
-
-  # KDE package built from the whole tarball
-  # This function is used both for monolithic modules and modules which are
-  # released as individual tarballs
-  kdeMonoPkg = name: let n_ = name; in a@{meta, name ? n_, ...}:
-    stdenv.mkDerivation ({
-      name = "${name}-${release}";
-      src = kdesrc name;
-      meta = defMeta // meta;
-      enableParallelBuilding = true;
-    } // (removeAttrs a [ "meta" "name" ]));
-
-  # kdeMonoPkg wrapper for modules splitted upstream compatible with combinePkgs
-  # API.
-  kdeSplittedPkg = module: {name, sane ? name}: kdeMonoPkg name;
-
-  # Build subdirectory ${subdir} of tarball ${module}-${release}.tar.xz
-  kdeSubdirPkg = module:
-    {name, subdir ? name, sane ? name}:
-    let name_ = name; in
-    a@{cmakeFlags ? [], name ? name_, meta ? {}, ...}:
-    stdenv.mkDerivation ({
-      name = "${name}-${release}";
-      src = kdesrc module;
-      cmakeFlags =
-        [ "-DDISABLE_ALL_OPTIONAL_SUBDIRECTORIES=TRUE"
-          "-DBUILD_doc=TRUE"
-          "-DBUILD_${subdir}=TRUE"
-        ] ++ cmakeFlags;
-      meta = defMeta // meta;
-      enableParallelBuilding = module.enableParallelBuilding or true;
-    } // (removeAttrs a [ "meta" "name" "cmakeFlags" ]));
-
-  # A KDE monolithic module
-  kdeMonoModule = name: path: callPackage path { kde = kdeMonoPkg name; };
-
-  # Combine packages in one module.
-  # Arguments:
-  #  * pkgFun --- a function of the following signature:
-  #               module: manifest_attrs: manual_attrs: derivation;
-  #  * module --- name of the module
-  #  * pkgs --- list of packages in manifest format
-  combinePkgs = pkgFun: module: pkgs:
-    let
-      f = p@{name, ...}:
-        callPackage (./.. + "/${module}/${name}.nix") { kde = pkgFun module p; };
-      list = map f pkgs;
-      attrs = listToAttrs (map
-        ({name, sane ? name, ...}@p: { name = sane; value = f p; })
-        pkgs);
-    in
-      runCommand "${module}-${release}"
-      ({passthru = attrs // {
-         propagatedUserEnvPackages = list;
-         projects = attrs;
-       };})
-        ''
-          mkdir -pv $out/nix-support
-          echo "${toString list}" | tee $out/nix-support/propagated-user-env-packages
-        '';
-
-  # Given manifest module data, return the module
-  kdeModule = { module, sane ? module, split, pkgs ? [] }:
-    let
-      pkgs_ = filterPkgs module pkgs;
-    in
-    # Module is splitted by upstream
-    if split then combinePkgs kdeSplittedPkg module pkgs_
-    # Monolithic module
-    else if pkgs == [] then kdeMonoModule module (./.. + "/${module}.nix")
-    # Module is splitted by us
-    else combinePkgs kdeSubdirPkg module pkgs_;
-
-  # The same, as nameValuePair with sane name
-  kdeModuleNV = a@{ module, sane ? module, ... }:
-    { name = sane; value = kdeModule a; };
-
-  filterPkgs = module: (p:
-      removeNames (stdenv.lib.attrByPath [module] [] ignoreList) p
-      ++ (stdenv.lib.attrByPath [module] [] extraSubpkgs));
-
-  # Remove attrsets with x.name in subst. Optimized for empty subst.
-  removeNames = subst: big:
-    fold (s: out: filter (x: x.name != s) out) big subst;
-
-  modules = listToAttrs (map kdeModuleNV manifest.modules);
-
-  splittedModuleList =
-    let
-      splitted = filter (a: a ? pkgs) manifest.modules;
-      names = map ({module, sane ? module, ...}: sane) splitted;
-    in
-    map (m: m.projects) (stdenv.lib.attrVals names modules);
-
-  individual =
-    stdenv.lib.zipAttrsWith
-    (
-      name: list:
-      if tail list == []
-      then head list
-      else abort "Multiple modules define ${name}"
-    )
-    splittedModuleList;
-}
diff --git a/pkgs/desktops/kde-4.8/kde-package/kde-manifest.sh b/pkgs/desktops/kde-4.8/kde-package/kde-manifest.sh
deleted file mode 100755
index e964ce3ddc11..000000000000
--- a/pkgs/desktops/kde-4.8/kde-package/kde-manifest.sh
+++ /dev/null
@@ -1,146 +0,0 @@
-#! /bin/sh
-
-# Usage: download kde release to $dir, then run
-# $0 $dir
-
-dir="$1"
-
-# Detect release number & whether it is a stable release
-if [[ ! -d "${dir}" ]]; then
-  echo "${dir} is not a directory (or doesn't exist)!" >&2
-  exit 1
-fi
-
-release=$(ls "${dir}"/kdelibs-*.tar.xz | \
-  sed -e 's/.*kdelibs-//' -e 's/\.tar\.xz//')
-
-if [[ ${release##*.} -gt 50 ]]; then
-  stable="false"
-else
-  stable="true"
-fi
-
-echo "Detected release ${release}" >&2
-
-declare -A hash
-declare -A modules
-declare -a packages
-declare -a top_level
-
-# xsltproc output declares -A module
-if [[ ! -f kde_projects.xml ]]; then
-  curl -O -J http://projects.kde.org/kde_projects.xml
-fi
-eval `xsltproc kde-submodules.xslt kde_projects.xml`
-
-module[kde-baseapps]=kde-baseapps
-unset module[kactivities]
-
-print_sane() {
-  echo "Called print_sane $1" >&2
-  sane="${1//[^a-z0-9_]/_}"
-  if [[ "$sane" != "$1" ]]; then
-    echo "Sane version is $sane" >&2
-    echo -n "sane=\"$sane\";"
-  fi
-}
-
-for i in `cd "${dir}"; ls *-${release}.tar.xz`; do
-  package=${i%-${release}.tar.xz}
-  packages+=( "$package" )
-  echo -n "${package}.. " >&2
-  hash[$package]=$(nix-hash --type sha256 --flat --base32 "${dir}/${i}")
-  echo -n ${hash[$package]} >&2
-
-  if [ -n "${module[$package]}" ]; then
-    m="${module[$package]}"
-    echo " (${m})" >&2
-    modules[$m]=1
-  else
-    top_level+=( "$package" )
-    echo " (top-level)" >&2
-  fi
-  #nix-store --add-fixed sha256 "${dir}/${i}" >&2
-done
-
-
-print_pkg_hash() {
-  echo "  {name=\"${1}\";value=\"${hash[$1]}\";}"
-}
-
-print_hashes(){
-  echo "hashes=builtins.listToAttrs["
-  for p in "${packages[@]}"; do print_pkg_hash "$p"; done
-  echo "];"
-}
-
-print_split_module(){
-  echo -n "$1:" >&2
-  echo -e "{\n  module=\"$1\";"
-  print_sane "$1"
-  echo "  split=true;"
-  echo "  pkgs=["
-  for p in "${packages[@]}"; do
-    if [[ "${module[$p]}" == "$1" ]]; then
-      echo -n "    { name=\"$p\"; "
-      print_sane "$p"
-      echo " }"
-      echo -n " $p" >&2
-    fi
-  done
-  echo "  ];"
-  echo "}"
-  echo >&2
-}
-
-print_mono_module(){
-  echo -en "{ module=\"$1\"; "
-  print_sane "$1"
-  echo -n "$1 ... " >&2
-  echo -n " split=false;"
-  cml="$1-$release/CMakeLists.txt"
-  tar -xf "${dir}/$1-${release}.tar.xz" "$cml"
-  if grep '^[^#]*add_subdirectory' $cml >/dev/null; then
-    if grep '^[^#]*add_subdirectory' $cml | grep -v macro_optional_add_subdirectory >/dev/null; then
-      echo " is monolithic (has unconditionally added subdirs)" >&2
-    else
-      subdirs=( `grep '^[^#]*add_subdirectory' $cml |
-        sed -e 's/[^#]*add_subdirectory *( *\(.*\) *)/\1/' |
-        grep -v '\(doc\|cmake\)'` )
-      echo " seems splittable, subdirs: ${subdirs[*]}" >&2
-      echo -e "\n  pkgs=["
-      for s in "${subdirs[@]}"; do
-        echo -en "    {"
-		echo -n " name=\"${s//\//-}\"; "
-        print_sane "$s"
-        if [[ $s != "${s//\//-}" ]]; then
-          echo -n "subdir=\"$s\"; "
-        fi
-        echo "}"
-      done
-      echo -e "  ];\n"
-    fi
-  else
-    echo " is monolithic (has no subdirs)" >&2
-  fi
-  rm $cml
-  rmdir $1-$release
-  echo "}"
-}
-
-print_modules(){
-  echo "modules=["
-  echo "Printing modules splitted by upstream" >&2
-  for m in "${!modules[@]}"; do print_split_module "$m"; done
-  echo >&2
-  echo "Printing modules not splitted by upstream (${top_level[*]})" >&2
-  for m in "${top_level[@]}"; do print_mono_module "$m"; done
-  echo "];"
-}
-
-echo "Writing ${release}.nix" >&2
-exec > "${release}.nix"
-echo "{stable=${stable};"
-print_hashes
-print_modules
-echo "}"
diff --git a/pkgs/desktops/kde-4.8/kde-runtime.nix b/pkgs/desktops/kde-4.8/kde-runtime.nix
deleted file mode 100644
index b8f9afff7b3d..000000000000
--- a/pkgs/desktops/kde-4.8/kde-runtime.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ kde, kdelibs, shared_desktop_ontologies, bzip2, libssh, exiv2, attica
-, libcanberra, virtuoso, samba, libjpeg, ntrack, pkgconfig, qca2, xz, pulseaudio
-, networkmanager
-}:
-
-kde {
-  buildInputs =
-    [ kdelibs shared_desktop_ontologies bzip2 libssh exiv2 attica xz networkmanager
-      samba libcanberra ntrack libjpeg qca2 pulseaudio
-    ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  passthru.propagatedUserEnvPackages = [ virtuoso ];
-
-  meta = {
-    license = "LGPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-wallpapers.nix b/pkgs/desktops/kde-4.8/kde-wallpapers.nix
deleted file mode 100644
index ad4c22c632db..000000000000
--- a/pkgs/desktops/kde-4.8/kde-wallpapers.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{ kde, cmake }:
-
-kde {
-  nativeBuildInputs = [ cmake ];
-
-  patches = [ ./files/kde-wallpapers-buildsystem.patch ];
-
-  cmakeFlags = "-DWALLPAPER_INSTALL_DIR=share/wallpapers";
-
-  outputHashAlgo = "sha256";
-  outputHashMode = "recursive";
-  outputHash = "b8dfcc905abc46eebac2dd07267879d6a27e6e77f5253eb9c65fe594766770c4";
-
-  meta = {
-    description = "Wallpapers for KDE";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kde-workspace.nix b/pkgs/desktops/kde-4.8/kde-workspace.nix
deleted file mode 100644
index 394cd550b968..000000000000
--- a/pkgs/desktops/kde-4.8/kde-workspace.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ kde, kdelibs, qimageblitz, libdbusmenu_qt, xorg, shared_desktop_ontologies,
-  lm_sensors, pciutils, libraw1394, libusb, libxklavier, python, libqalculate,
-  xkeyboard_config, kdepimlibs, pam, boost, gpsd, prison, akonadi,
-  pykde4, libjpeg, pkgconfig, libXft, libXxf86misc, kactivities
-}:
-
-kde {
-
-  buildInputs =
-    [ kdelibs qimageblitz libdbusmenu_qt pykde4 libjpeg libXft libXxf86misc
-      xorg.libxkbfile xorg.libXcomposite xorg.libXScrnSaver xorg.libXtst
-      xorg.libXcomposite xorg.libXdamage xorg.libXau xorg.libXdmcp
-      xorg.libpthreadstubs
-      boost gpsd shared_desktop_ontologies lm_sensors pciutils libraw1394
-      libusb python libqalculate kdepimlibs pam prison akonadi
-      kactivities
-    ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  preConfigure =
-   ''
-     # Fix incorrect path to kde4-config.
-     substituteInPlace startkde.cmake --replace '$bindir/kde4-config' ${kdelibs}/bin/kde4-config
-
-     # Fix the path to the keyboard configuration files.
-     substituteInPlace kcontrol/keyboard/xkb_rules.cpp \
-       --replace /usr/share/X11 ${xkeyboard_config}/etc/X11
-   '';
-
-  enableParallelBuilding = false; # frequent problems on Hydra
-
-  meta = {
-    description = "KDE workspace components such as Plasma, Kwin and System Settings";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeaccessibility/jovie.nix b/pkgs/desktops/kde-4.8/kdeaccessibility/jovie.nix
deleted file mode 100644
index d38c80c4c36a..000000000000
--- a/pkgs/desktops/kde-4.8/kdeaccessibility/jovie.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, speechd }:
-
-kde {
-  buildInputs = [ kdelibs speechd ];
-
-  meta = {
-    description = "Text-to-speech synthesis daemon";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeaccessibility/kaccessible.nix b/pkgs/desktops/kde-4.8/kdeaccessibility/kaccessible.nix
deleted file mode 100644
index 98fae7c983f8..000000000000
--- a/pkgs/desktops/kde-4.8/kdeaccessibility/kaccessible.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, speechd }:
-
-kde {
-  buildInputs = [ kdelibs speechd ];
-
-  meta = {
-    description = "Bridge that provides accessibility services to applications";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeaccessibility/kmag.nix b/pkgs/desktops/kde-4.8/kdeaccessibility/kmag.nix
deleted file mode 100644
index f3b27dacf672..000000000000
--- a/pkgs/desktops/kde-4.8/kdeaccessibility/kmag.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Screen magnifier for KDE";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeaccessibility/kmousetool.nix b/pkgs/desktops/kde-4.8/kdeaccessibility/kmousetool.nix
deleted file mode 100644
index 8e0caa76ed9c..000000000000
--- a/pkgs/desktops/kde-4.8/kdeaccessibility/kmousetool.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libXtst, libXt }:
-
-kde {
-  buildInputs = [ kdelibs libXtst libXt ];
-
-  meta = {
-    description = "A program that clicks the mouse for you";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeaccessibility/kmouth.nix b/pkgs/desktops/kde-4.8/kdeaccessibility/kmouth.nix
deleted file mode 100644
index 4159501967cd..000000000000
--- a/pkgs/desktops/kde-4.8/kdeaccessibility/kmouth.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A type-and-say front end for speech synthesizers";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeadmin/kcron.nix b/pkgs/desktops/kde-4.8/kdeadmin/kcron.nix
deleted file mode 100644
index bada0c1cb108..000000000000
--- a/pkgs/desktops/kde-4.8/kdeadmin/kcron.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdeadmin/ksystemlog.nix b/pkgs/desktops/kde-4.8/kdeadmin/ksystemlog.nix
deleted file mode 100644
index bada0c1cb108..000000000000
--- a/pkgs/desktops/kde-4.8/kdeadmin/ksystemlog.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdeadmin/kuser.nix b/pkgs/desktops/kde-4.8/kdeadmin/kuser.nix
deleted file mode 100644
index 571674a461ad..000000000000
--- a/pkgs/desktops/kde-4.8/kdeadmin/kuser.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{ kde, kdelibs, kdepimlibs }:
-
-kde {
-  buildInputs = [ kdelibs kdepimlibs ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdeadmin/system-config-printer-kde.nix b/pkgs/desktops/kde-4.8/kdeadmin/system-config-printer-kde.nix
deleted file mode 100644
index 2c462f67c159..000000000000
--- a/pkgs/desktops/kde-4.8/kdeadmin/system-config-printer-kde.nix
+++ /dev/null
@@ -1,33 +0,0 @@
-{ kde, pkgconfig, pythonPackages, sip, pycups, pygobject, system_config_printer,
-  kdelibs, kdepimlibs, pykde4, cups, nettools }:
-
-let s_c_p = system_config_printer.override { withGUI = false; }; in
-kde {
-  buildInputs = [ kdelibs kdepimlibs pythonPackages.python pycups pykde4 sip
-    pygobject s_c_p ];
-
-  passthru = { system_config_printer = s_c_p; };
-
-  preConfigure =
-    ''
-      for i in system-config-printer-kde/cmake-modules/FindSystemConfigPrinter.py system-config-printer-kde/system-config-printer-kde.py; do
-        substituteInPlace $i \
-          --replace /usr/share/system-config-printer ${s_c_p}/share/system-config-printer \
-          --replace /usr/bin/cupstestppd ${cups}/bin/cupstestppd \
-          --replace /bin/hostname ${nettools}/bin/hostname
-      done
-    '';
-
-  postInstall =
-    ''
-      # Bake the required Python path into the printer configuration program.
-      res=
-      for i in $(IFS=:; echo $PYTHONPATH); do res="$res''${res:+,} '$i'"; done
-
-      sed -i $out/share/apps/system-config-printer-kde/system-config-printer-kde.py \
-          -e "1 a import sys\nsys.path = [$res] + sys.path"
-
-      mkdir -p $out/nix-support
-      echo ${pykde4} > $out/nix-support/propagated-user-env-packages
-    '';
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/ColorSchemes.nix b/pkgs/desktops/kde-4.8/kdeartwork/ColorSchemes.nix
deleted file mode 100644
index acccf66976fc..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/ColorSchemes.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  name = "kde-color-schemes";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Additional KDE color schemes";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/FindXscreensaver.cmake b/pkgs/desktops/kde-4.8/kdeartwork/FindXscreensaver.cmake
deleted file mode 100644
index 499ed75268e9..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/FindXscreensaver.cmake
+++ /dev/null
@@ -1,73 +0,0 @@
-#Macro to find xscreensaver directory
-
-# Copyright (c) 2006, Laurent Montel, <montel@kde.org>
-#
-# Redistribution and use is allowed according to the terms of the BSD license.
-# For details see the accompanying COPYING-CMAKE-SCRIPTS file.
-
-if (NOT XSCREENSAVER_FOUND)
-  FIND_PATH(XSCREENSAVER_DIR deco
-    HINTS
-      ${KDE4_INCLUDE_DIR}
-    PATHS
-      /usr
-      /usr/local
-      /opt/local
-      /usr/X11R6
-      /opt/kde
-      /opt/kde3
-      /usr/kde
-      /usr/local/kde
-      /usr/local/xscreensaver
-      /usr/openwin/lib/xscreensaver
-      /etc
-    PATH_SUFFIXES
-      lib${LIB_SUFFIX}/xscreensaver
-      lib${LIB_SUFFIX}/misc/xscreensaver
-      lib/xscreensaver
-      lib64/xscreensaver
-      lib/misc/xscreensaver
-      libexec/xscreensaver
-      bin/xscreensaver-hacks
-      hacks)
-  message(STATUS "XSCREENSAVER_DIR <${XSCREENSAVER_DIR}>")
-
-  FIND_PATH(XSCREENSAVER_CONFIG_DIR deco.xml
-    PATHS
-    ${KDE4_INCLUDE_DIR}
-    /usr/
-    /usr/local/
-    /opt/local/
-    /usr/X11R6/
-    /opt/kde/
-    /opt/kde3/
-    /usr/kde/
-    /usr/local/kde/
-    /usr/openwin/lib/xscreensaver/
-    /etc/
-    PATH_SUFFIXES xscreensaver xscreensaver/config share/xscreensaver/config
-  )
-  MESSAGE(STATUS "XSCREENSAVER_CONFIG_DIR :<${XSCREENSAVER_CONFIG_DIR}>")
-
-endif(NOT XSCREENSAVER_FOUND)
-
-#MESSAGE(STATUS "XSCREENSAVER_CONFIG_DIR :<${XSCREENSAVER_CONFIG_DIR}>")
-#MESSAGE(STATUS "XSCREENSAVER_DIR :<${XSCREENSAVER_DIR}>")
-
-# Need to fix hack
-if(XSCREENSAVER_DIR AND XSCREENSAVER_CONFIG_DIR)
-    set(XSCREENSAVER_FOUND TRUE)
-endif(XSCREENSAVER_DIR AND XSCREENSAVER_CONFIG_DIR)
-
-if (XSCREENSAVER_FOUND)
-  if (NOT Xscreensaver_FIND_QUIETLY)
-    message(STATUS "Found XSCREENSAVER_CONFIG_DIR <${XSCREENSAVER_CONFIG_DIR}>")
-  endif (NOT Xscreensaver_FIND_QUIETLY)
-else (XSCREENSAVER_FOUND)
-  if (Xscreensaver_FIND_REQUIRED)
-    message(FATAL_ERROR "XScreenSaver not found")
-  endif (Xscreensaver_FIND_REQUIRED)
-endif (XSCREENSAVER_FOUND)
-
-
-MARK_AS_ADVANCED(XSCREENSAVER_DIR XSCREENSAVER_CONFIG_DIR)
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/HighResolutionWallpapers.nix b/pkgs/desktops/kde-4.8/kdeartwork/HighResolutionWallpapers.nix
deleted file mode 100644
index edffca1562e1..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/HighResolutionWallpapers.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde rec {
-  name = "kde-wallpapers-high-resolution";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE wallpapers in high resolution";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/IconThemes.nix b/pkgs/desktops/kde-4.8/kdeartwork/IconThemes.nix
deleted file mode 100644
index 43071e8bd142..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/IconThemes.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  name = "kdeartwork-icon-themes";
-
-  # Sources contain primary and kdeclassic as well but they're not installed
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE nuvola and mono icon themes";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/WeatherWallpapers.nix b/pkgs/desktops/kde-4.8/kdeartwork/WeatherWallpapers.nix
deleted file mode 100644
index 947e5e17ab0c..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/WeatherWallpapers.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde rec {
-  name = "kde-weather-wallpapers";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Additional KDE wallpapers (weather)";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/aurorae.nix b/pkgs/desktops/kde-4.8/kdeartwork/aurorae.nix
deleted file mode 100644
index 4bce95217cc6..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/aurorae.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  name = "aurorae-themes";
-
-  buildInputs = [ kdelibs ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/desktopthemes.nix b/pkgs/desktops/kde-4.8/kdeartwork/desktopthemes.nix
deleted file mode 100644
index 93dd361af738..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/desktopthemes.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  name = "kde-desktop-themes";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Additional KDE desktop themes";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/emoticons.nix b/pkgs/desktops/kde-4.8/kdeartwork/emoticons.nix
deleted file mode 100644
index 5ef9f78a7195..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/emoticons.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  name = "kde-emotion-icons";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Additional KDE emotion icons (smiles)";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/kscreensaver.nix b/pkgs/desktops/kde-4.8/kdeartwork/kscreensaver.nix
deleted file mode 100644
index 7028b9db228d..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/kscreensaver.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ kde, kdelibs, xscreensaver, kde_workspace, eigen, libkexiv2, libXt, pkgconfig }:
-
-kde {
-  buildInputs = [ kdelibs xscreensaver kde_workspace eigen libkexiv2 libXt ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  preConfigure = "cp -v ${./FindXscreensaver.cmake} cmake/modules/FindXscreensaver.cmake";
-
-  cmakeFlags = [ "-DBUILD_asciiquarium:BOOL=ON" ];
-
-  meta = {
-    description = "KDE screensavers";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/kwin-styles.nix b/pkgs/desktops/kde-4.8/kdeartwork/kwin-styles.nix
deleted file mode 100644
index b5d769b216db..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/kwin-styles.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, kde_workspace }:
-
-kde {
-  buildInputs = [ kdelibs kde_workspace ];
-
-  meta = {
-    description = "Styles for KWin";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/sounds.nix b/pkgs/desktops/kde-4.8/kdeartwork/sounds.nix
deleted file mode 100644
index e98705da889e..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/sounds.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde rec {
-  name = "kde-sounds";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "New login/logout sounds";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/styles.nix b/pkgs/desktops/kde-4.8/kdeartwork/styles.nix
deleted file mode 100644
index 6a1306c37100..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/styles.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde rec {
-  name = "kde-style-phase";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Phase, a widget style for KDE";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeartwork/wallpapers.nix b/pkgs/desktops/kde-4.8/kdeartwork/wallpapers.nix
deleted file mode 100644
index 611c6a70f6bc..000000000000
--- a/pkgs/desktops/kde-4.8/kdeartwork/wallpapers.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs }:
-
-kde rec {
-  name = "kde-wallpapers";
-
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Additional KDE wallpapers";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/perlqt-include-smokeqt.patch b/pkgs/desktops/kde-4.8/kdebindings/perlqt-include-smokeqt.patch
deleted file mode 100644
index fd67860283b8..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/perlqt-include-smokeqt.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-commit 48b92b74bc6fd270c33a726257e2879203cf5064
-Author: Yury G. Kudryashov [diff odt] <urkud.urkud@gmail.com>
-Date:   Wed Mar 21 00:47:43 2012 +0400
-
-    Include SMOKE_QTCORE_INCLUDE_DIR
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 48020a1..2263a73 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -14,7 +14,7 @@ find_package(Smoke COMPONENTS QtCore QtGui QtNetwork Qt3Support QtDeclarative Qt
-                               QtOpenGl QtScript QtSql QtSvg QtTest QtUiTools QtWebKit QtXml QtXmlPatterns
-                               Phonon Qwt QSci QImageBlitz)
-                               
--include_directories(${SMOKE_INCLUDE_DIR} ${QT_INCLUDES} ${CMAKE_CURRENT_SOURCE_DIR}/src)
-+include_directories(${SMOKE_INCLUDE_DIR} ${SMOKE_QTCORE_INCLUDE_DIR} ${QT_INCLUDES} ${CMAKE_CURRENT_SOURCE_DIR}/src)
- set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${CMAKE_CURRENT_SOURCE_DIR}/cmake ${SMOKE_CMAKE_MODULE_DIR})
- include(MacroOptionalFindPackage)
- include(MacroOptionalAddBindings)
diff --git a/pkgs/desktops/kde-4.8/kdebindings/perlqt-rewrite-FindPerlMore.patch b/pkgs/desktops/kde-4.8/kdebindings/perlqt-rewrite-FindPerlMore.patch
deleted file mode 100644
index c7f73815f545..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/perlqt-rewrite-FindPerlMore.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-commit e702abfd16f610e773fb0310d8c6512991794c63
-Author: Yury G. Kudryashov [diff odt] <urkud.urkud@gmail.com>
-Date:   Wed Mar 21 00:50:02 2012 +0400
-
-    Rewrite FindPerlMore.cmake
-    
-    * Ask perl for expanded paths
-    * Move execute_process to a macro
-    * Add PERL_*_INSTALL_DIR variables that point to CMAKE_INSTALL_PREFIX
-    
-    The last change makes it easy to install a file into CMAKE_INSTALL_PREFIX
-    instead of perl install prefix.Add debug message
-
-diff --git a/cmake/FindPerlMore.cmake b/cmake/FindPerlMore.cmake
-index 6412a47..cc8faf8 100644
---- a/cmake/FindPerlMore.cmake
-+++ b/cmake/FindPerlMore.cmake
-@@ -5,54 +5,52 @@
- #
- #  PERL_INCLUDE_PATH = path to where perl.h can be found
- 
--if(PERL_INCLUDE_PATH)
--   # Already in cache, be silent
--   SET(PERL_HEADERS_FOUND TRUE)
--endif (PERL_INCLUDE_PATH)		
--
--IF(PERL_EXECUTABLE)
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{archlib}"
--   		OUTPUT_VARIABLE PERL_ARCH_LIB_DIR)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{sitearch}"
--   		OUTPUT_VARIABLE PERL_SITE_ARCH_DIR)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{vendorarch}"
--   		OUTPUT_VARIABLE PERL_VENDOR_ARCH_DIR)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{sitelib}"
--   		OUTPUT_VARIABLE PERL_SITE_LIB_DIR)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{vendorlib}"
--   		OUTPUT_VARIABLE PERL_VENDOR_LIB_DIR)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{version}"
--   		OUTPUT_VARIABLE PERL_VERSION)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{ccflags}"
--   		OUTPUT_VARIABLE PERL_CXX_FLAGS)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{ccdlflags}"
--   		OUTPUT_VARIABLE PERL_CCDL_FLAGS)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -MFile::Spec -e "print '-L' . File::Spec->catdir(\$Config{archlibexp}, 'CORE')"
--   		OUTPUT_VARIABLE PERL_EXTRA_LIB_PATHS)
--
--	EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{perllibs}"
--   		OUTPUT_VARIABLE PERL_LIBS)
--
--	FIND_PATH(PERL_INCLUDE_PATH 
--  		NAMES perl.h
--  		PATHS ${PERL_ARCH_LIB_DIR}/CORE
--  	)
--
--	if(PERL_INCLUDE_PATH)
--		SET(PERL_HEADERS_FOUND TRUE)
--	endif (PERL_INCLUDE_PATH)
--
--	MARK_AS_ADVANCED(
--	  PERL_INCLUDE_PATH
--	  )
-+if(FIND_PERLMORE_REQUIRED)
-+  find_package(Perl REQUIRED)
-+else()
-+ find_package(Perl)
-+endif()
-+
-+macro(_perl_get_config_var name output)
-+  execute_process(COMMAND ${PERL_EXECUTABLE} -MConfig -e "print \$Config{${name}}"
-+                  OUTPUT_VARIABLE PERL_${output})
-+endmacro()
-+
-+macro(_perl_get_config_dir name)
-+  string(TOLOWER ${name} _tmp)
-+  string(REPLACE "_" "" _tmp ${_tmp})
-+  _perl_get_config_var(${_tmp}exp ${name}_DIR)
-+  string(REPLACE "${PERL_ROOT_DIR}" "${CMAKE_INSTALL_PREFIX}" PERL_${name}_INSTALL_DIR "${PERL_${name}_DIR}")
-+endmacro()
-+
-+if(PERL_EXECUTABLE)
-+  _perl_get_config_var(prefixexp ROOT_DIR)
-+
-+  _perl_get_config_dir(ARCH_LIB)
-+  _perl_get_config_dir(SITE_ARCH)
-+  _perl_get_config_dir(VENDOR_ARCH)
-+  _perl_get_config_dir(SITE_LIB)
-+  _perl_get_config_dir(VENDOR_LIB)
-+
-+  _perl_get_config_var(version VERSION)
-+  _perl_get_config_var(ccflags CXX_FLAGS)
-+  _perl_get_config_var(ccdlflags CCDL_FLAGS)
-+
-+  EXECUTE_PROCESS(COMMAND ${PERL_EXECUTABLE} -MConfig -MFile::Spec -e "print '-L' . File::Spec->catdir(\$Config{archlibexp}, 'CORE')"
-+                  OUTPUT_VARIABLE PERL_EXTRA_LIB_PATHS)
-+
-+  _perl_get_config_var(perllibs LIBS)
-+
-+  FIND_PATH(PERL_INCLUDE_PATH
-+            NAMES perl.h
-+            HINTS ${PERL_ARCH_LIB_DIR}/CORE
-+  )
-+
-+  if(PERL_INCLUDE_PATH)
-+    SET(PERL_HEADERS_FOUND TRUE)
-+  endif (PERL_INCLUDE_PATH)
-+
-+  MARK_AS_ADVANCED(PERL_INCLUDE_PATH)
- ENDIF(PERL_EXECUTABLE)
- 
- IF(PERL_HEADERS_FOUND)
diff --git a/pkgs/desktops/kde-4.8/kdebindings/perlqt-use-site-arch-install-dir.patch b/pkgs/desktops/kde-4.8/kdebindings/perlqt-use-site-arch-install-dir.patch
deleted file mode 100644
index 04f0c5586771..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/perlqt-use-site-arch-install-dir.patch
+++ /dev/null
@@ -1,454 +0,0 @@
-commit c78779fcaff587818ee37bec3ded5e0617625b95
-Author: Yury G. Kudryashov [diff odt] <urkud.urkud@gmail.com>
-Date:   Wed Mar 21 01:01:27 2012 +0400
-
-    Install to PERL_SITE_ARCH_INSTALL_DIR
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 48020a1..16188df 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -36,7 +36,6 @@ macro_log_feature(Qwt5_Qt4_FOUND "Qwt5 for Qt4" "Qwt5 libraries for Qt4" "http:/
- add_definitions(-DDEBUG)
- 
- include (FindPerlMore)
--set(CUSTOM_PERL_SITE_ARCH_DIR ${PERL_SITE_ARCH_DIR} CACHE DIR "Custom installation directory for perl binary extension")
- 
- # the RPATH to be used when installing, but only if it's not a system directory
- GET_FILENAME_COMPONENT(SMOKE_LIB_DIR ${SMOKE_BASE_LIBRARY} PATH)
-diff --git a/INSTALL b/INSTALL
-index d19f97e..97cc9f1 100644
---- a/INSTALL
-+++ b/INSTALL
-@@ -36,7 +36,6 @@ ccmake step.
- The standard options are:
-     CMAKE_BUILD_TYPE = The type of build ('Debug', 'Release', etc)
-     CMAKE_INSTALL_PREFIX = The location for any executables ( e.g. puic4 )
--    CUSTOM_PERL_SITE_ARCH_DIR = The location for the perl modules themselves.
-     QT_QMAKE_EXECUTABLE = The path to your system's qmake.
- 
- cmake looks in your path for a qmake executable.  If it can't find it, it will
-diff --git a/Makefile.PL b/Makefile.PL
-index df9a13c..31dd912 100755
---- a/Makefile.PL
-+++ b/Makefile.PL
-@@ -3,7 +3,7 @@
- use strict;
- use Config;
- 
--my ($prefix, $sitearch, $qmake) = ($Config{prefix}, $Config{sitearch});
-+my ($prefix, $qmake) = ($Config{prefix});
- my @cmakeArgs;
- foreach my $arg (@ARGV) {
-     my $key = $arg;
-@@ -12,7 +12,6 @@ foreach my $arg (@ARGV) {
-     $value =~ s/^[^=]*=//g;
-     if ($key eq 'PREFIX' or $key eq 'INSTALL_BASE') {
-         $prefix = $value;
--        $sitearch = "$prefix";
-     }
-     elsif ($key eq 'QMAKE') {
-         $qmake = $value;
-@@ -34,7 +33,6 @@ if($^O =~ /win/i){
- }
- push @args, "-DCMAKE_INSTALL_PREFIX=$prefix" if $prefix;
- push @args, "-DQT_QMAKE_EXECUTABLE=$qmake" if $qmake;
--push @args, "-DCUSTOM_PERL_SITE_ARCH_DIR=$sitearch" if $sitearch;
- push @args, @cmakeArgs;
- 
- if ( eval "require Alien::SmokeQt" ) {
-diff --git a/phonon/lib/CMakeLists.txt b/phonon/lib/CMakeLists.txt
-index f2857c3..78674ea 100644
---- a/phonon/lib/CMakeLists.txt
-+++ b/phonon/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(phononpm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/Phonon.pm ${CMAKE_BINARY_DIR}/blib/lib/Phonon.pm)
--install(FILES Phonon.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES Phonon.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/phonon/src/CMakeLists.txt b/phonon/src/CMakeLists.txt
-index a04db11..9933dfd 100644
---- a/phonon/src/CMakeLists.txt
-+++ b/phonon/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_phonon
- set_target_properties(perl_phonon PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_phonon PROPERTIES PREFIX "")
- 
--install(TARGETS perl_phonon DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_phonon DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qimageblitz/lib/CMakeLists.txt b/qimageblitz/lib/CMakeLists.txt
-index 0809ba8..22fc1c0 100644
---- a/qimageblitz/lib/CMakeLists.txt
-+++ b/qimageblitz/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qimageblitzpm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QImageBlitz.pm ${CMAKE_BINARY_DIR}/blib/lib/QImageBlitz.pm)
--install(FILES QImageBlitz.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QImageBlitz.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qimageblitz/src/CMakeLists.txt b/qimageblitz/src/CMakeLists.txt
-index 02ef494..4f02c1b 100644
---- a/qimageblitz/src/CMakeLists.txt
-+++ b/qimageblitz/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qimageblitz
- set_target_properties(perl_qimageblitz PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qimageblitz PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qimageblitz DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qimageblitz DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qsci/lib/CMakeLists.txt b/qsci/lib/CMakeLists.txt
-index 63b451f..d22869f 100644
---- a/qsci/lib/CMakeLists.txt
-+++ b/qsci/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qscipm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/Qsci.pm ${CMAKE_BINARY_DIR}/blib/lib/Qsci.pm)
--install(FILES Qsci.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES Qsci.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qsci/src/CMakeLists.txt b/qsci/src/CMakeLists.txt
-index 8c1659b..bdcb5a8 100644
---- a/qsci/src/CMakeLists.txt
-+++ b/qsci/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qsci
- set_target_properties(perl_qsci PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qsci PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qsci DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qsci DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qt3support/lib/CMakeLists.txt b/qt3support/lib/CMakeLists.txt
-index 2f04cfa..dda5afa 100644
---- a/qt3support/lib/CMakeLists.txt
-+++ b/qt3support/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qt3support4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/Qt3Support4.pm ${CMAKE_BINARY_DIR}/blib/lib/Qt3Support4.pm)
--install(FILES Qt3Support4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES Qt3Support4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qt3support/src/CMakeLists.txt b/qt3support/src/CMakeLists.txt
-index b24532e..bed99aa 100644
---- a/qt3support/src/CMakeLists.txt
-+++ b/qt3support/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qt3support4
- set_target_properties(perl_qt3support4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qt3support4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qt3support4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qt3support4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtcore/lib/CMakeLists.txt b/qtcore/lib/CMakeLists.txt
-index ef07d10..1d78196 100644
---- a/qtcore/lib/CMakeLists.txt
-+++ b/qtcore/lib/CMakeLists.txt
-@@ -1,3 +1,3 @@
- add_subdirectory( QtCore4 )
- add_custom_target(perlqtcore4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtCore4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtCore4.pm)
--install( FILES QtCore4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR} )
-+install( FILES QtCore4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR} )
-diff --git a/qtcore/lib/QtCore4/CMakeLists.txt b/qtcore/lib/QtCore4/CMakeLists.txt
-index 44c7893..06aef20 100644
---- a/qtcore/lib/QtCore4/CMakeLists.txt
-+++ b/qtcore/lib/QtCore4/CMakeLists.txt
-@@ -1,3 +1,3 @@
--install( FILES signals.pm slots.pm isa.pm debug.pm classinfo.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/QtCore4 )
-+install( FILES signals.pm slots.pm isa.pm debug.pm classinfo.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/QtCore4 )
- add_custom_target(perlqt4pmlibmkdir ALL ${CMAKE_COMMAND} -E make_directory ${CMAKE_BINARY_DIR}/blib/lib/QtCore4)
- add_custom_target(perlqt4pmlibsubdir ALL ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_SOURCE_DIR} ${CMAKE_BINARY_DIR}/blib/lib/QtCore4)
-diff --git a/qtcore/src/CMakeLists.txt b/qtcore/src/CMakeLists.txt
-index 3910636..b5e645c 100644
---- a/qtcore/src/CMakeLists.txt
-+++ b/qtcore/src/CMakeLists.txt
-@@ -53,10 +53,10 @@ target_link_libraries(perlqtcore4
- set_target_properties(perlqtcore4 PROPERTIES
-     OUTPUT_NAME ${libraryName}
-     PREFIX ""
--    INSTALL_NAME_DIR ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/
-+    INSTALL_NAME_DIR ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/
- )
- 
--install(TARGETS perlqtcore4 EXPORT PerlQtExport DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perlqtcore4 EXPORT PerlQtExport DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
- install(FILES binding.h handlers.h listclass_macros.h marshall_basetypes.h marshall_complex.h
-               marshall.h marshall_macros.h marshall_primitives.h marshall_types.h perlqt.h ppport.h
-               QtCore4.h smokehelp.h smokeperl.h util.h
-diff --git a/qtdbus/lib/CMakeLists.txt b/qtdbus/lib/CMakeLists.txt
-index d03a672..a60d603 100644
---- a/qtdbus/lib/CMakeLists.txt
-+++ b/qtdbus/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtdbus4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtDBus4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtDBus4.pm)
--install(FILES QtDBus4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtDBus4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtdbus/src/CMakeLists.txt b/qtdbus/src/CMakeLists.txt
-index 9aa05a0..5786ea2 100644
---- a/qtdbus/src/CMakeLists.txt
-+++ b/qtdbus/src/CMakeLists.txt
-@@ -31,4 +31,4 @@ target_link_libraries(perl_qtdbus4
- set_target_properties(perl_qtdbus4 PROPERTIES OUTPUT_NAME "QtDBus4")
- set_target_properties(perl_qtdbus4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtdbus4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/QtDBus4/)
-+install(TARGETS perl_qtdbus4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/QtDBus4/)
-diff --git a/qtdeclarative/lib/CMakeLists.txt b/qtdeclarative/lib/CMakeLists.txt
-index e8d2847..b458858 100644
---- a/qtdeclarative/lib/CMakeLists.txt
-+++ b/qtdeclarative/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtdeclarative4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtDeclarative4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtDeclarative4.pm)
--install(FILES QtDeclarative4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtDeclarative4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtdeclarative/src/CMakeLists.txt b/qtdeclarative/src/CMakeLists.txt
-index 1662167..ec2a8fc 100644
---- a/qtdeclarative/src/CMakeLists.txt
-+++ b/qtdeclarative/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtdeclarative4
- set_target_properties(perl_qtdeclarative4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtdeclarative4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtdeclarative4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtdeclarative4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtgui/lib/CMakeLists.txt b/qtgui/lib/CMakeLists.txt
-index 82626c8..e62a4ac 100644
---- a/qtgui/lib/CMakeLists.txt
-+++ b/qtgui/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtgui4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtGui4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtGui4.pm)
--install(FILES QtGui4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtGui4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtgui/src/CMakeLists.txt b/qtgui/src/CMakeLists.txt
-index 4cc8b36..44041b6 100644
---- a/qtgui/src/CMakeLists.txt
-+++ b/qtgui/src/CMakeLists.txt
-@@ -38,4 +38,4 @@ target_link_libraries(perl_qtgui4
- set_target_properties(perl_qtgui4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtgui4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtgui4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtgui4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qthelp/lib/CMakeLists.txt b/qthelp/lib/CMakeLists.txt
-index dcf5ebe..da817d4 100644
---- a/qthelp/lib/CMakeLists.txt
-+++ b/qthelp/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qthelp4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtHelp4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtHelp4.pm)
--install(FILES QtHelp4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtHelp4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qthelp/src/CMakeLists.txt b/qthelp/src/CMakeLists.txt
-index c00359d..689cb29 100644
---- a/qthelp/src/CMakeLists.txt
-+++ b/qthelp/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qthelp4
- set_target_properties(perl_qthelp4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qthelp4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qthelp4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qthelp4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtmultimedia/lib/CMakeLists.txt b/qtmultimedia/lib/CMakeLists.txt
-index e55f697..5384539 100644
---- a/qtmultimedia/lib/CMakeLists.txt
-+++ b/qtmultimedia/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtmultimedia4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtMultimedia4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtMultimedia4.pm)
--install(FILES QtMultimedia4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtMultimedia4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtmultimedia/src/CMakeLists.txt b/qtmultimedia/src/CMakeLists.txt
-index 0728aba..df8e552 100644
---- a/qtmultimedia/src/CMakeLists.txt
-+++ b/qtmultimedia/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtmultimedia4
- set_target_properties(perl_qtmultimedia4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtmultimedia4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtmultimedia4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtmultimedia4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtnetwork/lib/CMakeLists.txt b/qtnetwork/lib/CMakeLists.txt
-index 12cd5dd..d1fb0e6 100644
---- a/qtnetwork/lib/CMakeLists.txt
-+++ b/qtnetwork/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtnetwork4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtNetwork4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtNetwork4.pm)
--install(FILES QtNetwork4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtNetwork4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtnetwork/src/CMakeLists.txt b/qtnetwork/src/CMakeLists.txt
-index caf8327..0994d57 100644
---- a/qtnetwork/src/CMakeLists.txt
-+++ b/qtnetwork/src/CMakeLists.txt
-@@ -39,4 +39,4 @@ target_link_libraries(perl_qtnetwork4
- set_target_properties(perl_qtnetwork4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtnetwork4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtnetwork4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtnetwork4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtopengl/lib/CMakeLists.txt b/qtopengl/lib/CMakeLists.txt
-index f3b5640..d8dc9e4 100644
---- a/qtopengl/lib/CMakeLists.txt
-+++ b/qtopengl/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtopengl4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtOpenGL4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtOpenGL4.pm)
--install(FILES QtOpenGL4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtOpenGL4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtopengl/src/CMakeLists.txt b/qtopengl/src/CMakeLists.txt
-index 20493a9..777af89 100644
---- a/qtopengl/src/CMakeLists.txt
-+++ b/qtopengl/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtopengl4
- set_target_properties(perl_qtopengl4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtopengl4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtopengl4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtopengl4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtscript/lib/CMakeLists.txt b/qtscript/lib/CMakeLists.txt
-index d21dbe5..320ff93 100644
---- a/qtscript/lib/CMakeLists.txt
-+++ b/qtscript/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtscript4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtScript4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtScript4.pm)
--install(FILES QtScript4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtScript4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtscript/src/CMakeLists.txt b/qtscript/src/CMakeLists.txt
-index dd395be..6ff47d8 100644
---- a/qtscript/src/CMakeLists.txt
-+++ b/qtscript/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtscript4
- set_target_properties(perl_qtscript4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtscript4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtscript4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtscript4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtsql/lib/CMakeLists.txt b/qtsql/lib/CMakeLists.txt
-index 59336d3..d9dd4d5 100644
---- a/qtsql/lib/CMakeLists.txt
-+++ b/qtsql/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtsql4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtSql4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtSql4.pm)
--install(FILES QtSql4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtSql4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtsql/src/CMakeLists.txt b/qtsql/src/CMakeLists.txt
-index 3ec2028..59096ba 100644
---- a/qtsql/src/CMakeLists.txt
-+++ b/qtsql/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtsql4
- set_target_properties(perl_qtsql4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtsql4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtsql4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtsql4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtsvg/lib/CMakeLists.txt b/qtsvg/lib/CMakeLists.txt
-index 33f6deb..bf1dc1f 100644
---- a/qtsvg/lib/CMakeLists.txt
-+++ b/qtsvg/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtsvg4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtSvg4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtSvg4.pm)
--install(FILES QtSvg4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtSvg4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtsvg/src/CMakeLists.txt b/qtsvg/src/CMakeLists.txt
-index 11eccd2..449bf0f 100644
---- a/qtsvg/src/CMakeLists.txt
-+++ b/qtsvg/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtsvg4
- set_target_properties(perl_qtsvg4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtsvg4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtsvg4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtsvg4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qttest/lib/CMakeLists.txt b/qttest/lib/CMakeLists.txt
-index 3bfa78c..5a8d8da 100644
---- a/qttest/lib/CMakeLists.txt
-+++ b/qttest/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qttest4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtTest4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtTest4.pm)
--install(FILES QtTest4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtTest4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qttest/src/CMakeLists.txt b/qttest/src/CMakeLists.txt
-index 5492e55..d4662b1 100644
---- a/qttest/src/CMakeLists.txt
-+++ b/qttest/src/CMakeLists.txt
-@@ -38,4 +38,4 @@ target_link_libraries(perl_qttest4
- set_target_properties(perl_qttest4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qttest4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qttest4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qttest4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtuitools/lib/CMakeLists.txt b/qtuitools/lib/CMakeLists.txt
-index 119e40e..3a5f472 100644
---- a/qtuitools/lib/CMakeLists.txt
-+++ b/qtuitools/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtuitools4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtUiTools4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtUiTools4.pm)
--install(FILES QtUiTools4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtUiTools4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtuitools/src/CMakeLists.txt b/qtuitools/src/CMakeLists.txt
-index a8ae4a2..ecc079f 100644
---- a/qtuitools/src/CMakeLists.txt
-+++ b/qtuitools/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtuitools4
- set_target_properties(perl_qtuitools4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtuitools4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtuitools4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtuitools4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtwebkit/lib/CMakeLists.txt b/qtwebkit/lib/CMakeLists.txt
-index a02f7ee..3846227 100644
---- a/qtwebkit/lib/CMakeLists.txt
-+++ b/qtwebkit/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtwebkit4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtWebKit4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtWebKit4.pm)
--install(FILES QtWebKit4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtWebKit4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtwebkit/src/CMakeLists.txt b/qtwebkit/src/CMakeLists.txt
-index a6e00f8..dbebc44 100644
---- a/qtwebkit/src/CMakeLists.txt
-+++ b/qtwebkit/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtwebkit4
- set_target_properties(perl_qtwebkit4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtwebkit4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtwebkit4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtwebkit4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtxml/lib/CMakeLists.txt b/qtxml/lib/CMakeLists.txt
-index 5505bc4..7db743c 100644
---- a/qtxml/lib/CMakeLists.txt
-+++ b/qtxml/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtxml4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtXml4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtXml4.pm)
--install(FILES QtXml4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtXml4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtxml/src/CMakeLists.txt b/qtxml/src/CMakeLists.txt
-index 018508c..a351609 100644
---- a/qtxml/src/CMakeLists.txt
-+++ b/qtxml/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtxml4
- set_target_properties(perl_qtxml4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtxml4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtxml4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtxml4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qtxmlpatterns/lib/CMakeLists.txt b/qtxmlpatterns/lib/CMakeLists.txt
-index a35f3df..3d86103 100644
---- a/qtxmlpatterns/lib/CMakeLists.txt
-+++ b/qtxmlpatterns/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qtxmlpatterns4pm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/QtXmlPatterns4.pm ${CMAKE_BINARY_DIR}/blib/lib/QtXmlPatterns4.pm)
--install(FILES QtXmlPatterns4.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES QtXmlPatterns4.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qtxmlpatterns/src/CMakeLists.txt b/qtxmlpatterns/src/CMakeLists.txt
-index 9970a98..563e922 100644
---- a/qtxmlpatterns/src/CMakeLists.txt
-+++ b/qtxmlpatterns/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qtxmlpatterns4
- set_target_properties(perl_qtxmlpatterns4 PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qtxmlpatterns4 PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qtxmlpatterns4 DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qtxmlpatterns4 DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
-diff --git a/qwt/lib/CMakeLists.txt b/qwt/lib/CMakeLists.txt
-index 0013c4d..d67ffbf 100644
---- a/qwt/lib/CMakeLists.txt
-+++ b/qwt/lib/CMakeLists.txt
-@@ -1,2 +1,2 @@
- add_custom_target(qwtpm ALL ${CMAKE_COMMAND} -E copy ${CMAKE_CURRENT_SOURCE_DIR}/Qwt.pm ${CMAKE_BINARY_DIR}/blib/lib/Qwt.pm)
--install(FILES Qwt.pm DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/)
-+install(FILES Qwt.pm DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/)
-diff --git a/qwt/src/CMakeLists.txt b/qwt/src/CMakeLists.txt
-index 869d818..b644e80 100644
---- a/qwt/src/CMakeLists.txt
-+++ b/qwt/src/CMakeLists.txt
-@@ -37,4 +37,4 @@ target_link_libraries(perl_qwt
- set_target_properties(perl_qwt PROPERTIES OUTPUT_NAME ${libraryName})
- set_target_properties(perl_qwt PROPERTIES PREFIX "")
- 
--install(TARGETS perl_qwt DESTINATION ${CUSTOM_PERL_SITE_ARCH_DIR}/auto/${libraryName}/)
-+install(TARGETS perl_qwt DESTINATION ${PERL_SITE_ARCH_INSTALL_DIR}/auto/${libraryName}/)
diff --git a/pkgs/desktops/kde-4.8/kdebindings/perlqt.nix b/pkgs/desktops/kde-4.8/kdebindings/perlqt.nix
deleted file mode 100644
index f2b5462f33e2..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/perlqt.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ kde, cmake, smokeqt, perl }:
-
-kde {
-  buildInputs = [ smokeqt perl ];
-  nativeBuildInputs = [ cmake ];
-
-  patches =
-    # The order is important
-    [ ./perlqt-include-smokeqt.patch ./perlqt-rewrite-FindPerlMore.patch
-      ./perlqt-use-site-arch-install-dir.patch
-    ];
-
-  meta = {
-    description = "Perl bindings for Qt library";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/pykde4-hardcode-lib-python.patch b/pkgs/desktops/kde-4.8/kdebindings/pykde4-hardcode-lib-python.patch
deleted file mode 100644
index e7a7cb4c661c..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/pykde4-hardcode-lib-python.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-diff --git a/kpythonpluginfactory/CMakeLists.txt b/kpythonpluginfactory/CMakeLists.txt
-index 41fa0fe..642d867 100644
---- a/kpythonpluginfactory/CMakeLists.txt
-+++ b/kpythonpluginfactory/CMakeLists.txt
-@@ -3,7 +3,12 @@
- set(kpythonpluginfactory_SRCS
-     kpythonpluginfactory.cpp)
- 
--GET_FILENAME_COMPONENT(LIB_PYTHON ${PYTHON_LIBRARY} NAME)
-+option(HARDCODE_LIB_PYTHON_PATH "Whether the path to libpython.so should be hardcoded" OFF)
-+if(HARDCODE_LIB_PYTHON_PATH)
-+	get_filename_component(LIB_PYTHON ${PYTHON_LIBRARY} REALPATH)
-+else(HARDCODE_LIB_PYTHON_PATH)
-+    get_filename_component(LIB_PYTHON ${PYTHON_LIBRARY} NAME)
-+endif(HARDCODE_LIB_PYTHON_PATH)
- ADD_DEFINITIONS(-DLIB_PYTHON=\\"${LIB_PYTHON}\\")
- ADD_DEFINITIONS(-DKDE_DEFAULT_DEBUG_AREA=15000)
- 
diff --git a/pkgs/desktops/kde-4.8/kdebindings/pykde4-new-sip.patch b/pkgs/desktops/kde-4.8/kdebindings/pykde4-new-sip.patch
deleted file mode 100644
index 96b3b887a8d1..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/pykde4-new-sip.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-commit 017822bd0dfc83fe9a7a483ecc33f4aab839a3c6
-Author: Luca Beltrame <lbeltrame@kde.org>
-Date:   Mon Oct 1 20:47:56 2012 +0200
-
-    Remove duplicated QVector<int> definition, since it's in PyQt now.
-    Simon, if you have time, please review if everything is OK.
-    
-    CCMAIL: simon@simonzone.com
-
-diff --git a/sip/kdecore/typedefs.sip b/sip/kdecore/typedefs.sip
-index 5a0a080..73dad01 100644
---- a/sip/kdecore/typedefs.sip
-+++ b/sip/kdecore/typedefs.sip
-@@ -951,77 +951,3 @@ template <TYPE1>
- %End
- };
- 
--%MappedType QVector<int>
--{
--%TypeHeaderCode
--#include <qvector.h>
--%End
--
--%ConvertFromTypeCode
--    // Create the list.
--    PyObject *l;
--
--    if ((l = PyList_New(sipCpp->size())) == NULL)
--        return NULL;
--
--    // Set the list elements.
--    for (int i = 0; i < sipCpp->size(); ++i)
--    {
--        int t = (sipCpp->at(i));
--
--#if PY_MAJOR_VERSION >= 3        
--        PyObject *tobj = PyLong_FromLong(t);
--#else
--        PyObject *tobj = PyInt_FromLong(t);
--#endif
--
--        PyList_SET_ITEM(l, i, tobj);
--    }
--
--    return l;
--%End
--
--%ConvertToTypeCode
--    // Check the type if that is all that is required.
--    if (sipIsErr == NULL)
--    {
--        if (!PyList_Check(sipPy))
--            return 0;
--
--        for (int i = 0; i < PyList_GET_SIZE(sipPy); ++i) {
--            PyObject *tobj = PyList_GET_ITEM(sipPy, i);
--#if PY_MAJOR_VERSION >= 3
--            if (!PyNumber_Check(tobj))
--#else
--            if (!PyInt_Check(tobj))
--#endif
--                return 0;
--        }
--        return 1;
--    }
--
--    QVector<int> *qv = new QVector<int>;
-- 
--    for (int i = 0; i < PyList_GET_SIZE(sipPy); ++i)
--    {
--        PyObject *tobj = PyList_GET_ITEM(sipPy, i);
-- #if PY_MAJOR_VERSION >= 3
--        int t = PyLong_AsLong (tobj);
--#else
--        int t = PyInt_AS_LONG (tobj);
--#endif
--
--        if (*sipIsErr)
--        {
--            delete qv;
--            return 0;
--        }
--
--        qv->append(t);
--    }
-- 
--    *sipCppPtr = qv;
-- 
--    return sipGetState(sipTransferObj);
--%End
--};
diff --git a/pkgs/desktops/kde-4.8/kdebindings/pykde4.nix b/pkgs/desktops/kde-4.8/kdebindings/pykde4.nix
deleted file mode 100644
index eb4d49616c4e..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/pykde4.nix
+++ /dev/null
@@ -1,29 +0,0 @@
-{ kde, kdelibs, python, sip, pyqt4, kdepimlibs, shared_desktop_ontologies,
-  boost, lndir }:
-
-let pydir = "lib/python${python.majorVersion}"; in
-
-kde {
-  buildInputs = [ python kdepimlibs shared_desktop_ontologies boost ];
-
-  propagatedBuildInputs = [ pyqt4 sip ];
-
-  patches = [ ./pykde4-hardcode-lib-python.patch ./pykde4-new-sip.patch ];
-
-  cmakeFlags = "-DHARDCODE_LIB_PYTHON_PATH=ON ";
-
-  preConfigure =
-    ''
-      # Symlink PyQt into PyKDE.  This is necessary because PyQt looks
-      # in its PyQt4/uic/widget-plugins directory for plugins, and KDE
-      # needs to install a plugin.
-      mkdir -pv $out/${pydir}
-      ${lndir}/bin/lndir ${pyqt4}/${pydir} $out/${pydir}
-      cmakeFlagsArray=( "-DSIP_DEFAULT_SIP_DIR=$prefix/share/sip" )
-    '';
-
-  meta = {
-    description = "Python bindings for KDE";
-    kde.name = "pykde4";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/qtruby-include-smokeqt.patch b/pkgs/desktops/kde-4.8/kdebindings/qtruby-include-smokeqt.patch
deleted file mode 100644
index 7d20a3c1c0bc..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/qtruby-include-smokeqt.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 33078b4..1a6ad2e 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -5,7 +5,7 @@ set(COMPILE_RUBY FALSE CACHE INTERNAL "")
- find_package(Ruby REQUIRED)
- find_package(Qt4 REQUIRED)
- find_package(Smoke COMPONENTS QtCore QtGui QtXml QtOpenGl QtSql QtNetwork QtDbus QtSvg Phonon QSci QtDeclarative QtScript QtWebkit QtUiTools QtTest Qwt)
--include_directories(${SMOKE_INCLUDE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/src ${QT_INCLUDES})
-+include_directories(${SMOKE_INCLUDE_DIR} ${SMOKE_QTCORE_INCLUDE_DIR} ${CMAKE_CURRENT_SOURCE_DIR}/src ${QT_INCLUDES})
- 
- set(CMAKE_MODULE_PATH ${CMAKE_MODULE_PATH} ${SMOKE_CMAKE_MODULE_DIR})
- include(MacroOptionalFindPackage)
diff --git a/pkgs/desktops/kde-4.8/kdebindings/qtruby-install-prefix.patch b/pkgs/desktops/kde-4.8/kdebindings/qtruby-install-prefix.patch
deleted file mode 100644
index bd95a0d8bd3d..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/qtruby-install-prefix.patch
+++ /dev/null
@@ -1,15 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 33078b4..30aec0e 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -31,8 +31,8 @@ if (NOT COMPILE_RUBY)
-     return()
- endif (NOT COMPILE_RUBY)
- 
--SET(CUSTOM_RUBY_SITE_ARCH_DIR ${RUBY_SITEARCH_DIR} CACHE DIR "custom installation directory for ruby binary extension" )
--SET(CUSTOM_RUBY_SITE_LIB_DIR ${RUBY_SITELIB_DIR} CACHE DIR "custom installation directory for ruby extension" )
-+string(REPLACE "${RUBY_ROOT_DIR}" "${CMAKE_INSTALL_PREFIX}" CUSTOM_RUBY_SITE_ARCH_DIR ${RUBY_SITEARCH_DIR})
-+string(REPLACE "${RUBY_ROOT_DIR}" "${CMAKE_INSTALL_PREFIX}" CUSTOM_RUBY_SITE_LIB_DIR ${RUBY_SITELIB_DIR})
- 
- # compute an overall version number which can be compared at once
- MATH(EXPR RUBY_VERSION_NUMBER "${RUBY_VERSION_MAJOR}*10000 + ${RUBY_VERSION_MINOR}*100 + ${RUBY_VERSION_PATCH}")
diff --git a/pkgs/desktops/kde-4.8/kdebindings/qtruby.nix b/pkgs/desktops/kde-4.8/kdebindings/qtruby.nix
deleted file mode 100644
index 723732f6104a..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/qtruby.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ kde, cmake, smokeqt, ruby }:
-
-kde {
-  buildInputs = [ smokeqt ruby ];
-  nativeBuildInputs = [ cmake ];
-
-  # The second patch is not ready for upstream submmission. I should add an
-  # option() instead.
-  patches = [ ./qtruby-include-smokeqt.patch ./qtruby-install-prefix.patch ];
-
-  cmakeFlags="-DRUBY_ROOT_DIR=${ruby}";
-
-  meta = {
-    description = "Ruby bindings for Qt library";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/smokegen-nix.patch b/pkgs/desktops/kde-4.8/kdebindings/smokegen-nix.patch
deleted file mode 100644
index 03df484b63e4..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/smokegen-nix.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 79945c4..a244d0f 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -32,10 +32,6 @@ set(generator_SRC
-     type.cpp
- )
- 
--# force RPATH so that the binary is usable from within the build tree
--set (CMAKE_SKIP_BUILD_RPATH FALSE)
--set (CMAKE_SKIP_RPATH FALSE)
--
- configure_file( ${CMAKE_CURRENT_SOURCE_DIR}/config.h.in config.h @ONLY )
- 
- add_executable(smokegen ${generator_SRC})
-diff --git a/cmake/SmokeConfig.cmake.in b/cmake/SmokeConfig.cmake.in
-index 947315c..de8d66c 100644
---- a/cmake/SmokeConfig.cmake.in
-+++ b/cmake/SmokeConfig.cmake.in
-@@ -44,21 +44,19 @@ macro (find_smoke_component name)
-         set (SMOKE_${uppercase}_FOUND FALSE CACHE INTERNAL "")
- 
-         find_path(SMOKE_${uppercase}_INCLUDE_DIR 
--            ${lowercase}_smoke.h 
--            PATH ${SMOKE_INCLUDE_DIR}
--            NO_DEFAULT_PATH
-+            ${lowercase}_smoke.h
-+            HINTS ${SMOKE_INCLUDE_DIR}
-+            PATH_SUFFIXES smoke
-             )
-         if(WIN32)
- 		    # DLLs are in the bin directory.
-             find_library(SMOKE_${uppercase}_LIBRARY
-                 smoke${lowercase}
--                PATHS "@CMAKE_INSTALL_PREFIX@/bin"
--                NO_DEFAULT_PATH)
-+                PATHS "@CMAKE_INSTALL_PREFIX@/bin")
-         else(WIN32)
-             find_library(SMOKE_${uppercase}_LIBRARY
-                 smoke${lowercase}
--                PATHS "@SMOKE_LIBRARY_PREFIX@"
--                NO_DEFAULT_PATH)
-+                PATHS "@SMOKE_LIBRARY_PREFIX@")
-         endif(WIN32)
- 
-         if (NOT SMOKE_${uppercase}_INCLUDE_DIR OR NOT SMOKE_${uppercase}_LIBRARY)
diff --git a/pkgs/desktops/kde-4.8/kdebindings/smokegen.nix b/pkgs/desktops/kde-4.8/kdebindings/smokegen.nix
deleted file mode 100644
index 8b5da2a641dd..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/smokegen.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, qt4, cmake }:
-
-kde {
-  buildInputs = [ qt4 ];
-  nativeBuildInputs = [ cmake ];
-
-  patches = [ ./smokegen-nix.patch ];
-
-  meta = {
-    description = "C++ parser used to generate language bindings for Qt/KDE";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/smokekde.nix b/pkgs/desktops/kde-4.8/kdebindings/smokekde.nix
deleted file mode 100644
index 0e823a95e3b2..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/smokekde.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, cmake, smokeqt, kdelibs, akonadi, kdepimlibs, shared_desktop_ontologies, attica }:
-
-kde {
-  # attica, akonadi and kdepimlibs are disabled due to smokegen crash
-  buildInputs = [ smokeqt kdelibs shared_desktop_ontologies ];
-  nativeBuildInputs = [ cmake ];
-
-  cmakeFlags = "-DQTDEFINES_FILE=${smokeqt}/share/smokegen/qtdefines";
-  meta = {
-    description = "SMOKE bindings for kdelibs";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdebindings/smokeqt.nix b/pkgs/desktops/kde-4.8/kdebindings/smokeqt.nix
deleted file mode 100644
index 29e25093d11b..000000000000
--- a/pkgs/desktops/kde-4.8/kdebindings/smokeqt.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, qt4, cmake, phonon, qimageblitz, smokegen }:
-
-kde {
-  propagatedBuildInputs = [ qt4 phonon qimageblitz ];
-  nativeBuildInputs = [ cmake ];
-  propagatedNativeBuildInputs = [ smokegen ];
-
-  meta = {
-    description = "C++ parser used to generate language bindings for Qt/KDE";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/analitza.nix b/pkgs/desktops/kde-4.8/kdeedu/analitza.nix
deleted file mode 100644
index 74c3a1ebb200..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/analitza.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, readline }:
-kde {
-  buildInputs = [ kdelibs readline ];
-
-  meta = {
-    description = "Library part of KAlgebra";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/blinken.nix b/pkgs/desktops/kde-4.8/kdeedu/blinken.nix
deleted file mode 100644
index cdf9728833c2..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/blinken.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs }:
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Memory Enhancement Game";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/cantor.nix b/pkgs/desktops/kde-4.8/kdeedu/cantor.nix
deleted file mode 100644
index 8b8bbc210c75..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/cantor.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, libspectre }:
-kde {
-  buildInputs = [ kdelibs libspectre ];
-
-  meta = {
-    description = "KDE Frontend to Mathematical Software";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kalgebra.nix b/pkgs/desktops/kde-4.8/kdeedu/kalgebra.nix
deleted file mode 100644
index 3675c3a225f4..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kalgebra.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, libkdeedu, analitza }:
-kde {
-  buildInputs = [ kdelibs libkdeedu analitza ];
-
-  meta = {
-    description = "2D and 3D Graph Calculator";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kalzium.nix b/pkgs/desktops/kde-4.8/kdeedu/kalzium.nix
deleted file mode 100644
index 69ab5dfc4736..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kalzium.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, facile, ocaml, eigen, openbabel, avogadro }:
-kde {
-  buildInputs = [ kdelibs facile ocaml eigen openbabel avogadro ];
-
-  meta = {
-    description = "Periodic Table of Elements";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kanagram.nix b/pkgs/desktops/kde-4.8/kdeedu/kanagram.nix
deleted file mode 100644
index 8759c96d78c4..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kanagram.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, libkdeedu }:
-kde {
-  buildInputs = [ kdelibs libkdeedu ];
-
-  meta = {
-    description = "Letter Order Game";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kbruch.nix b/pkgs/desktops/kde-4.8/kdeedu/kbruch.nix
deleted file mode 100644
index dc50f1e85a37..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kbruch.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs }:
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Practice Fractions";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kgeography.nix b/pkgs/desktops/kde-4.8/kdeedu/kgeography.nix
deleted file mode 100644
index bd8d27c8d6e2..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kgeography.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs }:
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Geography Trainer";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/khangman.nix b/pkgs/desktops/kde-4.8/kdeedu/khangman.nix
deleted file mode 100644
index 997b50e906a2..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/khangman.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs, libkdeedu }:
-kde {
-  buildInputs = [ kdelibs libkdeedu ];
-
-  meta = {
-    description = "KDE hangman game";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kig.nix b/pkgs/desktops/kde-4.8/kdeedu/kig.nix
deleted file mode 100644
index bd5ef67529cc..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kig.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, kdelibs, boost, python}:
-kde {
-  buildInputs = [ kdelibs boost python ];
-
-  cmakeFlags = ''
-    -DBOOST_PYTHON_INCLUDES:PATH=${boost}/include;${python}/include/${python.libPrefix}
-    -DBOOST_PYTHON_LIBS=boost_python;${python.libPrefix} -DKIG_ENABLE_PYTHON_SCRIPTING=1
-    '';
-  meta = {
-    description = "KDE Interactive Geometry";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kiten.nix b/pkgs/desktops/kde-4.8/kdeedu/kiten.nix
deleted file mode 100644
index 939b7a9f77a2..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kiten.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Japanese Reference/Study Tool";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/klettres.nix b/pkgs/desktops/kde-4.8/kdeedu/klettres.nix
deleted file mode 100644
index 7a0fa83078e3..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/klettres.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A KDE alphabet tutorial";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kmplot.nix b/pkgs/desktops/kde-4.8/kdeedu/kmplot.nix
deleted file mode 100644
index 18458cf6f0bf..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kmplot.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A KDE mathematical function plotter";
-    kde = {
-      name = "kmplot";
-    };
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kstars.nix b/pkgs/desktops/kde-4.8/kdeedu/kstars.nix
deleted file mode 100644
index 5b5a2d621de7..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kstars.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, eigen, xplanet, indilib }:
-
-kde {
-  buildInputs = [ kdelibs eigen xplanet indilib ];
-
-  meta = {
-    description = "A KDE graphical desktop planetarium";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/ktouch.nix b/pkgs/desktops/kde-4.8/kdeedu/ktouch.nix
deleted file mode 100644
index 768be6f4367c..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/ktouch.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Touch Typing Tutor";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kturtle.nix b/pkgs/desktops/kde-4.8/kdeedu/kturtle.nix
deleted file mode 100644
index 1e1922b1410d..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kturtle.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Educational Programming Environment";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/kwordquiz.nix b/pkgs/desktops/kde-4.8/kdeedu/kwordquiz.nix
deleted file mode 100644
index 1b33ba2e469f..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/kwordquiz.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libkdeedu }:
-
-kde {
-  buildInputs = [ kdelibs libkdeedu ];
-
-  meta = {
-    description = "Flash Card Trainer";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/libkdeedu.nix b/pkgs/desktops/kde-4.8/kdeedu/libkdeedu.nix
deleted file mode 100644
index def6c85fefe2..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/libkdeedu.nix
+++ /dev/null
@@ -1,8 +0,0 @@
-{ kde, kdelibs }:
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Libraries used by KDE Education applications";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/marble.nix b/pkgs/desktops/kde-4.8/kdeedu/marble.nix
deleted file mode 100644
index 8bd86c91094e..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/marble.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, gpsd }:
-
-kde {
-  buildInputs = [ kdelibs gpsd ];
-
-  meta = {
-    description = "Marble Virtual Globe";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/parley.nix b/pkgs/desktops/kde-4.8/kdeedu/parley.nix
deleted file mode 100644
index eccd40a598f0..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/parley.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libkdeedu, libxml2, attica }:
-
-kde {
-  buildInputs = [ kdelibs libkdeedu libxml2 attica ];
-
-  meta = {
-    description = "Vocabulary Trainer";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/rocs.nix b/pkgs/desktops/kde-4.8/kdeedu/rocs.nix
deleted file mode 100644
index 91976b840011..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/rocs.nix
+++ /dev/null
@@ -1,14 +0,0 @@
-{ kde, kdelibs, boost }:
-
-kde {
-  buildInputs = [ kdelibs (boost.override { enableExceptions = true; }) ];
-
-  NIX_CFLAGS_COMPILE = "-fexceptions";
-
-  meta = {
-    description = "A KDE graph theory viewer";
-    kde = {
-      name = "rocs";
-    };
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeedu/step.nix b/pkgs/desktops/kde-4.8/kdeedu/step.nix
deleted file mode 100644
index fac9974baf18..000000000000
--- a/pkgs/desktops/kde-4.8/kdeedu/step.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, kdelibs, gsl, libqalculate, eigen }:
-
-kde {
-  buildInputs = [ kdelibs gsl libqalculate eigen ];
-
-  meta = {
-    description = "A KDE interactive physical simulator";
-    kde = {
-      name = "step";
-    };
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegames.nix b/pkgs/desktops/kde-4.8/kdegames.nix
deleted file mode 100644
index dfca49be12fd..000000000000
--- a/pkgs/desktops/kde-4.8/kdegames.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ kde, kdelibs, qca2, twisted, pythonPackages, sip, makeWrapper, pykde4,
-  openal, libsndfile, qhull, sqlite, pkgconfig }:
-
-kde rec {
-  buildInputs = [ kdelibs qca2 pythonPackages.python pythonPackages.wrapPython
-    openal libsndfile qhull sqlite ] ++ pythonPath;
-
-  pythonPath = [ pythonPackages.twisted pykde4 ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  # TODO: ggz
-
-  postInstall = "wrapPythonPrograms";
-
-  meta = {
-    description = "KDE Games";
-    license = "GPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/gwenview.nix b/pkgs/desktops/kde-4.8/kdegraphics/gwenview.nix
deleted file mode 100644
index c03c82469e66..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/gwenview.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ kde, kdelibs, exiv2, shared_desktop_ontologies, kde_baseapps, libkipi
-, libjpeg, pkgconfig }:
-
-kde {
-
-  buildInputs =
-    [ kdelibs exiv2 shared_desktop_ontologies kde_baseapps libkipi libjpeg ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  meta = {
-    description = "Gwenview, the KDE image viewer";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kamera.nix b/pkgs/desktops/kde-4.8/kdegraphics/kamera.nix
deleted file mode 100644
index 70904b17c232..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kamera.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libgphoto2 }:
-
-kde {
-  buildInputs = [ kdelibs libgphoto2 ];
-
-  meta = {
-    description = "KDE camera interface library";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kcolorchooser.nix b/pkgs/desktops/kde-4.8/kdegraphics/kcolorchooser.nix
deleted file mode 100644
index 58528cb186bb..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kcolorchooser.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A small utility to select a color";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-mobipocket.nix b/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-mobipocket.nix
deleted file mode 100644
index 2c2ba3796a2c..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-mobipocket.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, okular }:
-
-kde {
-  buildInputs = [ kdelibs okular ];
-
-  meta = {
-    description = "A collection of plugins to handle mobipocket files";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-strigi-analyzer.nix b/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-strigi-analyzer.nix
deleted file mode 100644
index 6001a5f363db..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-strigi-analyzer.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Strigi analyzers for various graphics file formats";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-thumbnailers.nix b/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-thumbnailers.nix
deleted file mode 100644
index 55bf8309b2a9..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kdegraphics-thumbnailers.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libkexiv2, libkdcraw }:
-
-kde {
-  buildInputs = [ kdelibs libkexiv2 libkdcraw ];
-
-  meta = {
-    description = "Thumbnailers for various graphics file formats";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kgamma.nix b/pkgs/desktops/kde-4.8/kdegraphics/kgamma.nix
deleted file mode 100644
index 28d9252187e0..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kgamma.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libXxf86vm }:
-
-kde {
-  buildInputs = [ kdelibs libXxf86vm ];
-
-  meta = {
-    description = "KDE monitor calibration tool";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kolourpaint.nix b/pkgs/desktops/kde-4.8/kdegraphics/kolourpaint.nix
deleted file mode 100644
index 5276ec09f462..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kolourpaint.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, qimageblitz }:
-
-kde {
-  buildInputs = [ kdelibs qimageblitz ];
-
-  meta = {
-    description = "KDE paint program";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/kruler.nix b/pkgs/desktops/kde-4.8/kdegraphics/kruler.nix
deleted file mode 100644
index c5c2c6e05d7c..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/kruler.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE screen ruler";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/ksaneplugin.nix b/pkgs/desktops/kde-4.8/kdegraphics/ksaneplugin.nix
deleted file mode 100644
index 1381ed7dd266..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/ksaneplugin.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libksane }:
-
-kde {
-  buildInputs = [ kdelibs libksane ];
-
-  meta = {
-    description = "A KScan plugin that implements the scanning through libksane";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/ksnapshot.nix b/pkgs/desktops/kde-4.8/kdegraphics/ksnapshot.nix
deleted file mode 100644
index f01a609e20de..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/ksnapshot.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libkipi }:
-
-kde {
-  buildInputs = [ kdelibs libkipi ];
-
-  meta = {
-    description = "KDE screenshot utility";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/libkdcraw.nix b/pkgs/desktops/kde-4.8/kdegraphics/libkdcraw.nix
deleted file mode 100644
index 9810a98551ed..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/libkdcraw.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libjpeg, lcms1 }:
-
-kde {
-  buildInputs = [ kdelibs libjpeg lcms1 ];
-
-  meta = {
-    description = "Library for decoding RAW images";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/libkexiv2.nix b/pkgs/desktops/kde-4.8/kdegraphics/libkexiv2.nix
deleted file mode 100644
index 096b0a6e957b..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/libkexiv2.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, exiv2 }:
-
-kde {
-  buildInputs = [ kdelibs exiv2 ];
-
-  meta = {
-    description = "Exiv2 support library";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/libkipi.nix b/pkgs/desktops/kde-4.8/kdegraphics/libkipi.nix
deleted file mode 100644
index 6b16265e7a3e..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/libkipi.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Interface library to kipi-plugins";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/libksane.nix b/pkgs/desktops/kde-4.8/kdegraphics/libksane.nix
deleted file mode 100644
index b539eab38992..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/libksane.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, saneBackends }:
-
-kde {
-  buildInputs = [ kdelibs saneBackends ];
-
-  meta = {
-    description = "An image scanning library that provides a QWidget that contains all the logic needed to interface a sacanner";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/okular.nix b/pkgs/desktops/kde-4.8/kdegraphics/okular.nix
deleted file mode 100644
index 0c5c7b49b17d..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/okular.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ chmlib, djvulibre, ebook_tools, kde, kdelibs, libspectre, popplerQt4, qca2
-, qimageblitz, pkgconfig }:
-
-kde {
-  buildInputs =
-    [ chmlib djvulibre ebook_tools kdelibs libspectre popplerQt4 qca2 qimageblitz pkgconfig ];
-
-  meta = {
-    description = "Okular, the KDE document viewer";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdegraphics/svgpart.nix b/pkgs/desktops/kde-4.8/kdegraphics/svgpart.nix
deleted file mode 100644
index a344cc4b4b46..000000000000
--- a/pkgs/desktops/kde-4.8/kdegraphics/svgpart.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "SVG KPart";
-    license = "GPLv2";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdelibs.nix b/pkgs/desktops/kde-4.8/kdelibs.nix
deleted file mode 100644
index 0e7c9cfdbea0..000000000000
--- a/pkgs/desktops/kde-4.8/kdelibs.nix
+++ /dev/null
@@ -1,38 +0,0 @@
-{ kde, gcc, cmake, perl
-, qt4, bzip2, pcre, fam, libxml2, libxslt, shared_mime_info, giflib, jasper
-, openexr, avahi, kerberos, acl, attr, shared_desktop_ontologies, libXScrnSaver
-, automoc4, strigi, soprano, qca2, attica, enchant, libdbusmenu_qt
-, docbook_xml_dtd_42, docbook_xsl, polkit_qt_1
-, getopt, udev, herqq, phonon, libjpeg, xz
-}:
-
-kde {
-  buildInputs =
-    [ acl attr attica avahi bzip2 enchant fam getopt giflib herqq jasper
-      libdbusmenu_qt libXScrnSaver libxslt pcre polkit_qt_1 qca2
-      shared_desktop_ontologies xz udev libxml2 libjpeg kerberos
-    ];
-
-  propagatedBuildInputs = [ qt4 soprano strigi phonon ];
-
-  propagatedNativeBuildInputs = [ automoc4 cmake perl shared_mime_info ];
-
-  # TODO: make sonnet plugins (dictionaries) really work.
-  # There are a few hardcoded paths.
-  # Let kdelibs find openexr
-  # Split plugins from libs?
-
-  patches = [ ./files/polkit-install.patch ];
-
-  # cmake fails to find acl.h because of C++-style comment
-  # TODO: OpenEXR
-  cmakeFlags = [
-    "-DDOCBOOKXML_CURRENTDTD_DIR=${docbook_xml_dtd_42}/xml/dtd/docbook"
-    "-DDOCBOOKXSL_DIR=${docbook_xsl}/xml/xsl/docbook"
-  ];
-
-  meta = {
-    description = "KDE libraries";
-    license = "LGPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdemultimedia.nix b/pkgs/desktops/kde-4.8/kdemultimedia.nix
deleted file mode 100644
index 09efeb336dce..000000000000
--- a/pkgs/desktops/kde-4.8/kdemultimedia.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ kde, alsaLib, libvorbis, taglib, flac, cdparanoia, lame, kdelibs, ffmpeg,
-  libmusicbrainz3, libtunepimp, pulseaudio }:
-
-kde {
-
-  buildInputs =
-    [ kdelibs cdparanoia taglib libvorbis libmusicbrainz3 libtunepimp ffmpeg
-      flac lame pulseaudio
-    ];
-
-  meta = {
-    description = "KDE multimedia programs such as a movie player and volume utility";
-    license = "GPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/FindmsiLBC.cmake b/pkgs/desktops/kde-4.8/kdenetwork/FindmsiLBC.cmake
deleted file mode 100644
index c40b0bed3105..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/FindmsiLBC.cmake
+++ /dev/null
@@ -1,19 +0,0 @@
-# cmake macro to test msiLBC
-
-# Copyright (c) 2009-2010 Pali Rohár <pali.rohar@gmail.com>
-#
-# MSILBC_FOUND
-# MSILBC_LIBRARY
-
-include ( FindPackageHandleStandardArgs )
-
-if ( MSILBC_LIBRARY )
-	set ( MSILBC_FOUND true )
-	set ( msiLBC_FIND_QUIETLY true )
-else ( MSILBC_LIBRARY )
-	find_library ( MSILBC_LIBRARY NAMES msilbc
-		PATH_SUFFIXES mediastreamer/plugins)
-endif ( MSILBC_LIBRARY )
-
-find_package_handle_standard_args ( msiLBC DEFAULT_MSG MSILBC_LIBRARY )
-mark_as_advanced ( MSILBC_LIBRARY )
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/filesharing.nix b/pkgs/desktops/kde-4.8/kdenetwork/filesharing.nix
deleted file mode 100644
index 2f32f4d6b2cd..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/filesharing.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kdenetwork.patch b/pkgs/desktops/kde-4.8/kdenetwork/kdenetwork.patch
deleted file mode 100644
index ebadbfad9bac..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kdenetwork.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -r -u kdenetwork-4.7.1.orig/CMakeLists.txt kdenetwork-4.7.1/CMakeLists.txt
---- kdenetwork-4.7.1.orig/CMakeLists.txt	2011-03-29 15:25:42.174521812 +0400
-+++ kdenetwork-4.7.1/CMakeLists.txt	2011-03-29 15:27:43.268140322 +0400
-@@ -28,7 +28,8 @@
-    set(CMAKE_REQUIRED_INCLUDES  ${KDEWIN_INCLUDES} )
- endif (WIN32)
- 
--find_package(KdepimLibs REQUIRED)
-+macro_optional_find_package(KdepimLibs)
-+macro_log_feature(KDEPIMLIBS_FOUND "KDEPimLibs" "KDE pim-related libraries" "http://pim.kde.org.org/" FALSE "" "Required for Kopete")
- # find_package(X11VidMode) not used at this time
- 
- # NX support is not ready for KDE 4.2; disabled (uwolfer)
-@@ -79,7 +80,9 @@
- macro_optional_add_subdirectory(kfile-plugins)
- macro_optional_add_subdirectory(kget)
- 
--macro_optional_add_subdirectory(kopete)
-+if(KDEPIMLIBS_FOUND)
-+  macro_optional_add_subdirectory(kopete)
-+endif(KDEPIMLIBS_FOUND)
- 
- if(Q_WS_X11)
-   macro_optional_add_subdirectory(krdc)
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kdnssd.nix b/pkgs/desktops/kde-4.8/kdenetwork/kdnssd.nix
deleted file mode 100644
index 2f32f4d6b2cd..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kdnssd.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kfile-plugins.nix b/pkgs/desktops/kde-4.8/kdenetwork/kfile-plugins.nix
deleted file mode 100644
index f90fd3560796..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kfile-plugins.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, boost }:
-
-kde {
-  name = "strigi-analyzer-torrent";
-
-  buildInputs = [ kdelibs boost ];
-
-  preConfigure = "mv -v strigi-analyzer kfile-plugins";
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kget.nix b/pkgs/desktops/kde-4.8/kdenetwork/kget.nix
deleted file mode 100644
index 2381a2459e60..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kget.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, kdelibs, libktorrent, kde_workspace, kdepimlibs, sqlite
-, shared_desktop_ontologies, kde_baseapps, gpgme, boost, libmms, qca2 }:
-
-kde {
-  buildInputs =
-    [ kdelibs libktorrent kde_workspace shared_desktop_ontologies kdepimlibs
-      kde_baseapps gpgme boost libmms qca2 sqlite
-    ];
-
-  KDEDIRS = libktorrent;
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kopete.nix b/pkgs/desktops/kde-4.8/kdenetwork/kopete.nix
deleted file mode 100644
index d1d9f0c8e03e..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kopete.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ kde, kdelibs, speex, libmsn, libotr, kdepimlibs, qimageblitz, libktorrent,
-  jasper, libidn, mediastreamer, msilbc, pkgconfig, libxml2, libxslt, giflib,
-  libgadu, boost, qca2, gpgme, sqlite }:
-
-kde {
-  buildInputs = [ kdelibs speex libmsn libotr kdepimlibs qimageblitz libktorrent
-    jasper libidn mediastreamer msilbc libxml2 libxslt giflib libgadu boost qca2
-    gpgme sqlite ];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  KDEDIRS = libktorrent;
-
-  patchPhase =
-    ''
-      cp -v ${./FindmsiLBC.cmake} kopete/cmake/modules/FindmsiLBC.cmake
-    '';
-
-  cmakeFlags = [ "-DBUILD_skypebuttons=TRUE" ];
-
-  meta = {
-    description = "A KDE multi-protocol IM client";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/kppp.nix b/pkgs/desktops/kde-4.8/kdenetwork/kppp.nix
deleted file mode 100644
index 2f32f4d6b2cd..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/kppp.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/krdc.nix b/pkgs/desktops/kde-4.8/kdenetwork/krdc.nix
deleted file mode 100644
index 40ef91d54339..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/krdc.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs, libvncserver, libjpeg }:
-
-kde {
-  buildInputs = [ kdelibs libvncserver libjpeg ];
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdenetwork/krfb.nix b/pkgs/desktops/kde-4.8/kdenetwork/krfb.nix
deleted file mode 100644
index 80013f430d3c..000000000000
--- a/pkgs/desktops/kde-4.8/kdenetwork/krfb.nix
+++ /dev/null
@@ -1,7 +0,0 @@
-{ kde, kdelibs, libvncserver, libXdamage, libXtst }:
-
-kde {
-  buildInputs = [ kdelibs libvncserver libXdamage libXtst];
-
-  patches = [ ./kdenetwork.patch ];
-}
diff --git a/pkgs/desktops/kde-4.8/kdepim-runtime.nix b/pkgs/desktops/kde-4.8/kdepim-runtime.nix
deleted file mode 100644
index ef637f3f075b..000000000000
--- a/pkgs/desktops/kde-4.8/kdepim-runtime.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, fetchurl, cmake, kdelibs, libxml2, libxslt, boost, kdepimlibs, akonadi
-, shared_desktop_ontologies }:
-
-kde {
-  buildInputs = [ kdepimlibs akonadi boost shared_desktop_ontologies libxml2
-    libxslt ];
-
-  meta = {
-    description = "KDE PIM runtime";
-    license = "GPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdepim.nix b/pkgs/desktops/kde-4.8/kdepim.nix
deleted file mode 100644
index 6d99a801d1c1..000000000000
--- a/pkgs/desktops/kde-4.8/kdepim.nix
+++ /dev/null
@@ -1,21 +0,0 @@
-{ kde, boost, gpgme, libassuan, libxml2, libxslt, kdepimlibs, kdepim_runtime
-, akonadi, shared_desktop_ontologies, cyrus_sasl, grantlee, prison }:
-
-kde {
-
-  buildInputs =
-    [ kdepimlibs boost akonadi shared_desktop_ontologies libxml2
-      libxslt cyrus_sasl gpgme libassuan grantlee prison
-    ];
-
-  passthru.propagatedUserEnvPackages = [ akonadi kdepimlibs kdepim_runtime ];
-
-  meta = {
-    description = "KDE PIM tools";
-    longDescription = ''
-      Contains various personal information management tools for KDE, such as an organizer.
-    '';
-    license = "GPL";
-    homepage = http://pim.kde.org;
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdepimlibs.nix b/pkgs/desktops/kde-4.8/kdepimlibs.nix
deleted file mode 100644
index 736508eaf0f3..000000000000
--- a/pkgs/desktops/kde-4.8/kdepimlibs.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{ kde, boost, cyrus_sasl, gpgme, libical, openldap, shared_mime_info
-, kdelibs, akonadi, shared_desktop_ontologies, libxml2, libxslt, prison }:
-
-kde {
-  buildInputs =
-    [ boost gpgme shared_desktop_ontologies libical libxml2 libxslt
-      openldap cyrus_sasl akonadi prison
-    ];
-
-  propagatedBuildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE PIM libraries";
-    license = "LGPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeplasma-addons.nix b/pkgs/desktops/kde-4.8/kdeplasma-addons.nix
deleted file mode 100644
index a69002bff28b..000000000000
--- a/pkgs/desktops/kde-4.8/kdeplasma-addons.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ kde, kdelibs, marble, shared_desktop_ontologies, pkgconfig
-, boost, eigen, kde_workspace, attica, python, qca2, qimageblitz
-, kdepimlibs, libkexiv2, libqalculate, libXtst, libdbusmenu_qt }:
-# TODO: qwt, scim
-
-kde {
-
-  KDEDIRS=marble;
-
-  buildInputs = [ kdelibs boost eigen kde_workspace
-    attica python qca2 qimageblitz kdepimlibs libdbusmenu_qt
-    libqalculate libXtst shared_desktop_ontologies marble libkexiv2];
-
-  nativeBuildInputs = [ pkgconfig ];
-
-  meta = {
-    description = "KDE Plasma Addons";
-    license = "GPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/cervisia.nix b/pkgs/desktops/kde-4.8/kdesdk/cervisia.nix
deleted file mode 100644
index 1dabe46cd429..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/cervisia.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A KDE CVS frontend";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-bazaar.nix b/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-bazaar.nix
deleted file mode 100644
index 8032b89ff54c..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-bazaar.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, kde_baseapps }:
-
-kde {
-  # Needs kdebase for libkonq
-  buildInputs = [ kdelibs kde_baseapps ];
-
-  meta = {
-    description = "Svn plugin for dolphin";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-git.nix b/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-git.nix
deleted file mode 100644
index df4a0856c6b0..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-git.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, kde_baseapps }:
-
-kde {
-  # Needs kdebase for libkonq
-  buildInputs = [ kdelibs kde_baseapps ];
-
-  meta = {
-    description = "Git plugin for dolphin";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-hg.nix b/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-hg.nix
deleted file mode 100644
index 8032b89ff54c..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-hg.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, kde_baseapps }:
-
-kde {
-  # Needs kdebase for libkonq
-  buildInputs = [ kdelibs kde_baseapps ];
-
-  meta = {
-    description = "Svn plugin for dolphin";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-svn.nix b/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-svn.nix
deleted file mode 100644
index 8032b89ff54c..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/dolphin-plugins-svn.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, kde_baseapps }:
-
-kde {
-  # Needs kdebase for libkonq
-  buildInputs = [ kdelibs kde_baseapps ];
-
-  meta = {
-    description = "Svn plugin for dolphin";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/find-svn.patch b/pkgs/desktops/kde-4.8/kdesdk/find-svn.patch
deleted file mode 100644
index f6f4df942dd9..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/find-svn.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-diff --git a/cmake/modules/FindSVN.cmake b/cmake/modules/FindSVN.cmake
-index 59bcb96..2eac05d 100644
---- a/cmake/modules/FindSVN.cmake
-+++ b/cmake/modules/FindSVN.cmake
-@@ -17,6 +17,9 @@ FIND_PROGRAM(SVNCONFIG_EXECUTABLE NAMES svn-config PATHS
- FIND_PROGRAM(APRCONFIG_EXECUTABLE NAMES apr-1-config apr-config PATHS
-    /usr/local/apr/bin
- )
-+find_program(APUCONFIG_EXECUTABLE NAMES apu-1-config apu-config PATHS
-+   /usr/local/apr/bin
-+)
- 
- if(SVNCONFIG_EXECUTABLE)
- 
-@@ -56,15 +59,8 @@ else(SVNCONFIG_EXECUTABLE)
-       set(SVN_INCLUDES ${SVN_INCLUDES} ${_INCLUDES})
-    else(APRCONFIG_EXECUTABLE)
-       FIND_PATH(_INCLUDES apr_pools.h
--         ${SVN_INCLUDES}/apr-0/
--         ${SVN_INCLUDES}/apr-1/
--         ${SVN_INCLUDES}/apr-1.0/
--         /usr/include/apr-0/
--         /usr/include/apr-1/
--         /usr/include/apr-1.0/
--         /usr/local/include/apr-0/
--         /usr/local/include/apr-1/
--         /usr/local/include/apr-1.0/
-+         HINTS ${SVN_INCLUDES}
-+         SUFFIXES apr-0 apr-1 apr-1.0
-       )
-       if(_INCLUDES)
-          set(SVN_INCLUDES ${SVN_INCLUDES} ${_INCLUDES})
-@@ -72,6 +69,24 @@ else(SVNCONFIG_EXECUTABLE)
-          set(SVN_FOUND FALSE) # no apr == can't compile!
-       endif(_INCLUDES)
-    endif(APRCONFIG_EXECUTABLE)
-+
-+   # Use apu-config if it exists
-+   if(APUCONFIG_EXECUTABLE)
-+      EXEC_PROGRAM(${APUCONFIG_EXECUTABLE} ARGS --includes RETURN_VALUE _return_VALUE OUTPUT_VARIABLE _INCLUDES)
-+      string(REPLACE "-I" "" _INCLUDES ${_INCLUDES})
-+      string(REPLACE " " ";" _INCLUDES ${_INCLUDES})
-+      set(SVN_INCLUDES ${SVN_INCLUDES} ${_INCLUDES})
-+   else(APUCONFIG_EXECUTABLE)
-+      FIND_PATH(_INCLUDES apu.h
-+         HINTS ${SVN_INCLUDES}
-+         SUFFIXES apr-0 apr-1 apr-1.0
-+      )
-+      if(_INCLUDES)
-+         set(SVN_INCLUDES ${SVN_INCLUDES} ${_INCLUDES})
-+      else(_INCLUDES)
-+         set(SVN_FOUND FALSE) # no apr == can't compile!
-+      endif(_INCLUDES)
-+   endif(APUCONFIG_EXECUTABLE)
-    FIND_LIBRARY(SVN_LIBRARIES NAMES svn_client-1)
-    if(SVN_LIBRARIES)
-       FIND_LIBRARY(_LIBRARIES NAMES svn_subr-1)
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kapptemplate.nix b/pkgs/desktops/kde-4.8/kdesdk/kapptemplate.nix
deleted file mode 100644
index 391536248dd3..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kapptemplate.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A KDE 4 project template generator";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kcachegrind.nix b/pkgs/desktops/kde-4.8/kdesdk/kcachegrind.nix
deleted file mode 100644
index 65d410cca48d..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kcachegrind.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE Frontend for Callgrind/Cachegrind";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kdeaccounts-plugin.nix b/pkgs/desktops/kde-4.8/kdesdk/kdeaccounts-plugin.nix
deleted file mode 100644
index 7e170ca2a2c2..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kdeaccounts-plugin.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, kdepimlibs }:
-
-kde {
-  buildInputs = [ kdelibs kdepimlibs ];
-
-  meta = {
-    description = "KDE accounts akonadi agent";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kioslave-perldoc.nix b/pkgs/desktops/kde-4.8/kdesdk/kioslave-perldoc.nix
deleted file mode 100644
index 6a10bdf7c4bc..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kioslave-perldoc.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, perl }:
-
-kde {
-  buildInputs = [ kdelibs perl ];
-
-  cmakeFlags = [ "-DBUILD_perldoc=ON" ];
-
-  meta = {
-    description = "perldoc: kioslave";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kioslave-svn.nix b/pkgs/desktops/kde-4.8/kdesdk/kioslave-svn.nix
deleted file mode 100644
index db0bd27094b5..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kioslave-svn.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, subversionClient, apr, aprutil }:
-
-kde {
-  buildInputs = [ kdelibs subversionClient apr aprutil ];
-
-  patches = [ ./find-svn.patch ];
-
-  meta = {
-    description = "Subversion kioslave";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kmtrace.nix b/pkgs/desktops/kde-4.8/kdesdk/kmtrace.nix
deleted file mode 100644
index d580f7fb6911..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kmtrace.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, gcc }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  preConfigure = "export CMAKE_PREFIX_PATH=$CMAKE_PREFIX_PATH:${gcc}:${gcc.gcc}";
-
-  meta = {
-    description = "KDE mtrace-based malloc debugger";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kompare.nix b/pkgs/desktops/kde-4.8/kdesdk/kompare.nix
deleted file mode 100644
index 1ddb4b8ea5b9..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kompare.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A program to view the differences between files and optionally generate a diff";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kpartloader.nix b/pkgs/desktops/kde-4.8/kdesdk/kpartloader.nix
deleted file mode 100644
index e7790d33c90c..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kpartloader.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A test application for KParts";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kprofilemethod.nix b/pkgs/desktops/kde-4.8/kdesdk/kprofilemethod.nix
deleted file mode 100644
index 5a6693f2f5d8..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kprofilemethod.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "A macro for profiling using QTime";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kstartperf.nix b/pkgs/desktops/kde-4.8/kdesdk/kstartperf.nix
deleted file mode 100644
index 0c8259cd31f5..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kstartperf.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libtool }:
-
-kde {
-  buildInputs = [ kdelibs libtool ];
-
-  meta = {
-    description = "Measures start up time of a KDE application";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/kuiviewer.nix b/pkgs/desktops/kde-4.8/kdesdk/kuiviewer.nix
deleted file mode 100644
index 7c5089dcd37f..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/kuiviewer.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Displays Qt Designer's UI files";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/lokalize.nix b/pkgs/desktops/kde-4.8/kdesdk/lokalize.nix
deleted file mode 100644
index 1565426eb1fc..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/lokalize.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, kdelibs, hunspell }:
-
-kde {
-  buildInputs = [ kdelibs hunspell ];
-
-  meta = {
-    description = "KDE 4 Computer-aided translation system";
-    longDescription = ''
-      Computer-aided translation system.
-      Do not translate what had already been translated.
-    '';
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/okteta.nix b/pkgs/desktops/kde-4.8/kdesdk/okteta.nix
deleted file mode 100644
index 058636596ad8..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/okteta.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, kdelibs, qca2 }:
-
-kde {
-  buildInputs = [ kdelibs qca2 ];
-
-# TODO: Look what does -DBUILD_mobile add
-
-  enableParallelBuilding = false;
-
-  meta = {
-    description = "KDE byte editor";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/poxml.nix b/pkgs/desktops/kde-4.8/kdesdk/poxml.nix
deleted file mode 100644
index 1ab9ed49df56..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/poxml.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, antlr }:
-
-kde {
-  buildInputs = [ kdelibs antlr ];
-
-  meta = {
-    description = "Po<->xml tools";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/scripts.nix b/pkgs/desktops/kde-4.8/kdesdk/scripts.nix
deleted file mode 100644
index df81145e5d60..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/scripts.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Various scripts to ease KDE development";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/strigi-analyzer.nix b/pkgs/desktops/kde-4.8/kdesdk/strigi-analyzer.nix
deleted file mode 100644
index 0ad48c8cfdee..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/strigi-analyzer.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Strigi analyzers for diff, po and ts";
-    kde = {
-      name = "strigi-analyzer";
-      module = "kdesdk";
-    };
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdesdk/umbrello.nix b/pkgs/desktops/kde-4.8/kdesdk/umbrello.nix
deleted file mode 100644
index e83a2d9a901b..000000000000
--- a/pkgs/desktops/kde-4.8/kdesdk/umbrello.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libxml2, libxslt, boost }:
-
-kde {
-  buildInputs = [ kdelibs libxml2 libxslt boost ];
-
-  meta = {
-    description = "Umbrello UML modeller";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdetoys/amor.nix b/pkgs/desktops/kde-4.8/kdetoys/amor.nix
deleted file mode 100644
index 936d63d544a9..000000000000
--- a/pkgs/desktops/kde-4.8/kdetoys/amor.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE creature for your desktop";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdetoys/kteatime.nix b/pkgs/desktops/kde-4.8/kdetoys/kteatime.nix
deleted file mode 100644
index dacf54def4b0..000000000000
--- a/pkgs/desktops/kde-4.8/kdetoys/kteatime.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE utility for making a fine cup of tea";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdetoys/ktux.nix b/pkgs/desktops/kde-4.8/kdetoys/ktux.nix
deleted file mode 100644
index 108f9be7c722..000000000000
--- a/pkgs/desktops/kde-4.8/kdetoys/ktux.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, kde_workspace }:
-
-kde {
-  buildInputs = [ kdelibs kde_workspace ];
-
-  meta = {
-    description = "Tux Screen Saver";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/ark.nix b/pkgs/desktops/kde-4.8/kdeutils/ark.nix
deleted file mode 100644
index 7fbdaf586d66..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/ark.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libarchive, bzip2, kde_baseapps }:
-
-kde {
-  buildInputs = [ kdelibs kde_baseapps libarchive bzip2 ];
-
-  meta = {
-    description = "KDE Archiving Tool";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/filelight.nix b/pkgs/desktops/kde-4.8/kdeutils/filelight.nix
deleted file mode 100644
index 25ecabed27ce..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/filelight.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Tool to visualise file and directory sizes";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kcalc.nix b/pkgs/desktops/kde-4.8/kdeutils/kcalc.nix
deleted file mode 100644
index 08b202e8f0e8..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kcalc.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, gmp }:
-
-kde {
-  buildInputs = [ kdelibs gmp ];
-
-  meta = {
-    description = "KDE Calculator";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kcharselect.nix b/pkgs/desktops/kde-4.8/kdeutils/kcharselect.nix
deleted file mode 100644
index d4c9c06f483d..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kcharselect.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE character selection utility";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kdf.nix b/pkgs/desktops/kde-4.8/kdeutils/kdf.nix
deleted file mode 100644
index 3f9da58d0a62..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kdf.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE free disk space utility";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kfloppy.nix b/pkgs/desktops/kde-4.8/kdeutils/kfloppy.nix
deleted file mode 100644
index 2434a4fa671f..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kfloppy.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Floppy disk formatting utility";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kgpg.nix b/pkgs/desktops/kde-4.8/kdeutils/kgpg.nix
deleted file mode 100644
index f3b00a5b968c..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kgpg.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, kdepimlibs }:
-
-kde {
-  buildInputs = [ kdelibs kdepimlibs ];
-
-  meta = {
-    description = "Simple KDE GUI for GPG";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kremotecontrol.nix b/pkgs/desktops/kde-4.8/kdeutils/kremotecontrol.nix
deleted file mode 100644
index fef516e478d3..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kremotecontrol.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, kde_workspace, libXtst }:
-
-kde {
-  buildInputs = [ kdelibs kde_workspace libXtst ];
-
-  meta = {
-    description = "KDE remote control";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/ktimer.nix b/pkgs/desktops/kde-4.8/kdeutils/ktimer.nix
deleted file mode 100644
index 5700977349e3..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/ktimer.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE Timer";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/kwallet.nix b/pkgs/desktops/kde-4.8/kdeutils/kwallet.nix
deleted file mode 100644
index 9ec0e6c0396c..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/kwallet.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "KDE Wallet (password storage) management tool";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/printer-applet.nix b/pkgs/desktops/kde-4.8/kdeutils/printer-applet.nix
deleted file mode 100644
index 2d937b3a4db7..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/printer-applet.nix
+++ /dev/null
@@ -1,28 +0,0 @@
-{ kde, kdelibs
-, pythonPackages, sip, pyqt4, pykde4, pycups, rhpl, system_config_printer
-, pythonDBus, makeWrapper }:
-
-let s_c_p = system_config_printer.override { withGUI = false; }; in
-
-kde rec {
-  buildInputs = [ kdelibs pythonPackages.python pythonPackages.wrapPython
-    ] ++ pythonPath;
-
-  pythonPath = [ pyqt4 pykde4 pycups s_c_p ];
-
-  passthru.propagatedUserEnvPackages = [ s_c_p ];
-
-  postInstall =
-    ''
-      wrapPythonPrograms
-
-      # ‘system-config-printer’ supplies some D-Bus policy that we need.
-      mkdir -p $out/nix-support
-      echo ${s_c_p} > $out/nix-support/propagated-user-env-packages
-    '';
-
-  meta = {
-    description = "KDE printer applet";
-    longDescription = "Applet to view current print jobs and configure new printers";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/superkaramba.nix b/pkgs/desktops/kde-4.8/kdeutils/superkaramba.nix
deleted file mode 100644
index 4dce768078ba..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/superkaramba.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ kde, kdelibs, qimageblitz }:
-
-kde {
-  buildInputs = [ kdelibs qimageblitz ];
-
-  cmakeFlags = [ "-DBUILD_icons=TRUE" "-DBUILD_plasma=TRUE" ];
-
-  meta = {
-    description = "A KDE Eye-candy Application";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdeutils/sweeper.nix b/pkgs/desktops/kde-4.8/kdeutils/sweeper.nix
deleted file mode 100644
index 78d56c7df30e..000000000000
--- a/pkgs/desktops/kde-4.8/kdeutils/sweeper.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs }:
-
-kde {
-  buildInputs = [ kdelibs ];
-
-  meta = {
-    description = "Helps clean unwanted traces the user leaves on the system";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdewebdev/kfilereplace.nix b/pkgs/desktops/kde-4.8/kdewebdev/kfilereplace.nix
deleted file mode 100644
index c3f6129d7e5c..000000000000
--- a/pkgs/desktops/kde-4.8/kdewebdev/kfilereplace.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libxml2, libxslt }:
-
-kde {
-  buildInputs = [ kdelibs libxml2 libxslt ];
-
-  meta = {
-    description = "Batch search and replace tool";
-    homepage = http://www.kdewebdev.org;
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdewebdev/kimagemapeditor.nix b/pkgs/desktops/kde-4.8/kdewebdev/kimagemapeditor.nix
deleted file mode 100644
index bececea7797e..000000000000
--- a/pkgs/desktops/kde-4.8/kdewebdev/kimagemapeditor.nix
+++ /dev/null
@@ -1,10 +0,0 @@
-{ kde, kdelibs, libxml2, libxslt }:
-
-kde {
-  buildInputs = [ kdelibs libxml2 libxslt ];
-
-  meta = {
-    description = "An HTML imagemap editor";
-    homepage = http://www.nongnu.org/kimagemap/;
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdewebdev/klinkstatus.nix b/pkgs/desktops/kde-4.8/kdewebdev/klinkstatus.nix
deleted file mode 100644
index 94adbb7fd6e0..000000000000
--- a/pkgs/desktops/kde-4.8/kdewebdev/klinkstatus.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ kde, kdelibs, libxml2, libxslt, kdepimlibs
-, boost, htmlTidy }:
-
-kde {
-  buildInputs =
-    [ kdelibs libxml2 libxslt kdepimlibs boost htmlTidy ];
-
-  meta = {
-    description = "A KDE link checker";
-    homepage = http://klinkstatus.kdewebdev.org;
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/kdewebdev/kommander.nix b/pkgs/desktops/kde-4.8/kdewebdev/kommander.nix
deleted file mode 100644
index 6a870e563033..000000000000
--- a/pkgs/desktops/kde-4.8/kdewebdev/kommander.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ kde, kdelibs, libxml2, libxslt }:
-
-kde {
-  buildInputs = [ kdelibs libxml2 libxslt ];
-
-  meta = {
-    description = "A graphical editor of scripted dialogs";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/l10n/default.nix b/pkgs/desktops/kde-4.8/l10n/default.nix
deleted file mode 100644
index c9fab80bffb4..000000000000
--- a/pkgs/desktops/kde-4.8/l10n/default.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-{ stdenv, fetchurl, kdelibs, gettext, release, stable }:
-
-let
-
-  inherit (stdenv.lib) attrByPath singleton;
-
-  kdeL10nDerivation =
-    { lang, saneName, sha256 }:
-
-    stdenv.mkDerivation rec {
-      name = "kde-l10n-${saneName}-${release}";
-
-      src = fetchurl {
-        url = "mirror://kde/${if stable then "" else "un"}stable/${release}/src/kde-l10n/kde-l10n-${lang}-${release}.tar.xz";
-        name = "${name}.tar.xz";
-        inherit sha256;
-      };
-
-      buildInputs = [ gettext kdelibs ];
-
-      cmakeFlags = "-Wno-dev";
-
-      meta = {
-        description = "KDE translation for ${lang}";
-        license = "GPL";
-        platforms = stdenv.lib.platforms.linux;
-        inherit (kdelibs.meta) maintainers homepage;
-      };
-    };
-
-  kdeL10nRelease =
-    builtins.listToAttrs (
-      map ({lang, saneName, sha256}:
-        {
-          name = saneName;
-          value = kdeL10nDerivation { inherit lang saneName sha256; };
-        }
-      ) (import (./manifest + "-${release}.nix"))
-    );
-
-in
-{
-  inherit kdeL10nDerivation;
-  recurseForDerivations = true;
-} // kdeL10nRelease
diff --git a/pkgs/desktops/kde-4.8/l10n/l10n-manifest.sh b/pkgs/desktops/kde-4.8/l10n/l10n-manifest.sh
deleted file mode 100755
index ec159a1e2047..000000000000
--- a/pkgs/desktops/kde-4.8/l10n/l10n-manifest.sh
+++ /dev/null
@@ -1,32 +0,0 @@
-#!/bin/sh
-
-# Usage: download kde-l10n to $dir, then run
-# $0 $dir
-
-dir=$1
-
-if [[ ! -d "${dir}" ]]; then
-  echo "${dir} is not a directory (or doesn't exist)!" >&2
-  exit 1
-fi
-
-release=$(ls "${dir}"/kde-l10n-en_GB-*.tar.xz | \
-	sed -e 's/.*en_GB-//' -e 's/\.tar\.xz//')
-
-echo "Detected release ${release}" >&2
-
-exec > "manifest-${release}.nix"
-echo "["
-for i in `cd "${dir}"; ls kde-l10n-*-${release}.tar.xz`; do
-  lang=${i%-${release}.tar.xz}
-  lang=${lang#kde-l10n-}
-  echo -n "${lang}.. " >&2
-  hash=$(nix-hash --type sha256 --flat --base32 "${dir}/${i}")
-  echo "{"
-  echo "  lang = \"${lang}\";"
-  echo "  saneName = \"$(echo $lang | sed s^@^_^g)\";"
-  echo "  sha256 = \"${hash}\";"
-  echo "}"
-  echo $hash >&2
-done
-echo "]"
diff --git a/pkgs/desktops/kde-4.8/l10n/manifest-4.8.4.nix b/pkgs/desktops/kde-4.8/l10n/manifest-4.8.4.nix
deleted file mode 100644
index fb823440abd5..000000000000
--- a/pkgs/desktops/kde-4.8/l10n/manifest-4.8.4.nix
+++ /dev/null
@@ -1,277 +0,0 @@
-[
-{
-  lang = "ar";
-  saneName = "ar";
-  sha256 = "1s17fypvwbr7v2jz1cdmxcgyav8ggj6sjiamvxdb9c6waahhmpjv";
-}
-{
-  lang = "bg";
-  saneName = "bg";
-  sha256 = "1lpdd4h9xgssvd5srkiyfzl7ngiyq7pipjm896qfmz03j3yzbwnz";
-}
-{
-  lang = "bs";
-  saneName = "bs";
-  sha256 = "0g6f5nihxizixc17y92453b4gj6w0bfwk4kndg2z60in9m4cswz5";
-}
-{
-  lang = "ca";
-  saneName = "ca";
-  sha256 = "02har0kybcj2jj51lxkrm6akr9dmv0afrxmzggbrbhfglhln8221";
-}
-{
-  lang = "ca@valencia";
-  saneName = "ca_valencia";
-  sha256 = "06wcfrbq1yh1vmzcyn7klym9cvmk8p56b23k9nbgw129z0ylhqxx";
-}
-{
-  lang = "cs";
-  saneName = "cs";
-  sha256 = "14kn3xq62fxn138gkc63icmngl97vb1bkmqv93cscbr4zc5sfkvw";
-}
-{
-  lang = "da";
-  saneName = "da";
-  sha256 = "10h3crypajdrxghn3hwprsgm09dblwsr17pg99c03zs4cd3gyv6s";
-}
-{
-  lang = "de";
-  saneName = "de";
-  sha256 = "1pp5d3s1450wf1kwawj9n3gv4pgr32dh3nnvkl5n58wjq07b9ah7";
-}
-{
-  lang = "el";
-  saneName = "el";
-  sha256 = "1wkp2v8yspgyixyki962vb3y8qdkdlp9mkrvfbw8lr6w2ivhkd90";
-}
-{
-  lang = "en_GB";
-  saneName = "en_GB";
-  sha256 = "07qw1qinlndfdkz2dzdr9bbb9kqxqhq3ya1qmcz999bw3ggjyi25";
-}
-{
-  lang = "es";
-  saneName = "es";
-  sha256 = "0wfl76s3zdb29dckbds63cfi96v2v59f6cm9yzjhwn87kyicq7k1";
-}
-{
-  lang = "et";
-  saneName = "et";
-  sha256 = "04ip1493m35qdv9f42590r1zqf9g6cksqzp6n7xcfzi1lr0cipyv";
-}
-{
-  lang = "eu";
-  saneName = "eu";
-  sha256 = "1pisn8myphk38jym2i8rp60rnvh3jn8lxnjghf5ng7h6ac1ydki3";
-}
-{
-  lang = "fa";
-  saneName = "fa";
-  sha256 = "1vx01f0i8mcxzbizn32hpl737bgih73qnsysvzl6cdv06ckvxrmm";
-}
-{
-  lang = "fi";
-  saneName = "fi";
-  sha256 = "1gx78cc294xnq2n96br2ahr2p6jzgv9d7bbaf9rm4nsamzbdd5m6";
-}
-{
-  lang = "fr";
-  saneName = "fr";
-  sha256 = "0skvnga1xavx10l3hhyqdr0mfapnjnbh75pbjvibg96d7wzxxi23";
-}
-{
-  lang = "ga";
-  saneName = "ga";
-  sha256 = "1pqcxhsgca3c5h9i9jpx67b572r3nhxrd6zmpkhidp3b476j2fx4";
-}
-{
-  lang = "gl";
-  saneName = "gl";
-  sha256 = "03k0w0byra36krrm8gbfmfv7am74y85zy6n01nl3j4xgiy41yqy4";
-}
-{
-  lang = "he";
-  saneName = "he";
-  sha256 = "0llqgsp9nw92px54lidsgdx5mk6z5nivshs4p193iplypa1pcfck";
-}
-{
-  lang = "hr";
-  saneName = "hr";
-  sha256 = "0w8l6msbxmjg889kpprh3bfzbgks2abp30b0m6xn43jkrghghxsj";
-}
-{
-  lang = "hu";
-  saneName = "hu";
-  sha256 = "0j63m00ilk9k5dy12bp3ndrwk5vcz79pwqhj9znp9l077lr1ah5n";
-}
-{
-  lang = "ia";
-  saneName = "ia";
-  sha256 = "0d3nkv9kbh6rdaf46psy2iia1phkj49xf67cdmnhr8kqgh557vh6";
-}
-{
-  lang = "id";
-  saneName = "id";
-  sha256 = "1gq4asqwsayd7wgkyqqg93lhqa8m0ac35as4dlrbqph4rk56k54y";
-}
-{
-  lang = "is";
-  saneName = "is";
-  sha256 = "05l9d9xmf08nr14gjsl8qbqyn8xc3qji4wc4zsqnmnp2fk8l3ndd";
-}
-{
-  lang = "it";
-  saneName = "it";
-  sha256 = "0hhl7pdfs1kcmz18k08961xq7y5vvjkwwzibkg238xagjq6wh1wl";
-}
-{
-  lang = "ja";
-  saneName = "ja";
-  sha256 = "1ipf5y1vy5accxbxs74641iqs785n2nkgxy31lgcm0ay0s6y3kx4";
-}
-{
-  lang = "kk";
-  saneName = "kk";
-  sha256 = "1arhyqn4yarcff3zhpi7a0c26b0rr1k3dwds9r6vq383vmv5la4a";
-}
-{
-  lang = "km";
-  saneName = "km";
-  sha256 = "1ny008qwxpdl9l4a56y664hxb3y0c9i5rpbbwnpcmynm6fmnm1ik";
-}
-{
-  lang = "ko";
-  saneName = "ko";
-  sha256 = "0aimxflnbx716bdph6snfzw17kkqqsbxrxawgjwmdp69h02pj5zh";
-}
-{
-  lang = "lt";
-  saneName = "lt";
-  sha256 = "14np3z28z946mf1g93ci202mqmg3qlgi1wlv8yp7949lq36psfx2";
-}
-{
-  lang = "lv";
-  saneName = "lv";
-  sha256 = "1jqxyih3m9p0km610dmpv9c3nzxjfm2aga1lm7nz3akgb8n6lhdi";
-}
-{
-  lang = "nb";
-  saneName = "nb";
-  sha256 = "000lmksgcinsxr5ny607b2q4h108pk4jzyygrf38zpw02crsa0i5";
-}
-{
-  lang = "nds";
-  saneName = "nds";
-  sha256 = "0spg23ngm8lj7bkbcj0s62i22flqzwvnhg12ghkiyqrdg8v725hq";
-}
-{
-  lang = "nl";
-  saneName = "nl";
-  sha256 = "1qpdabq9clbb6r59gs7s0k3l1rb5fxvbhsasxsw1r7m4l32gnlib";
-}
-{
-  lang = "nn";
-  saneName = "nn";
-  sha256 = "1nfkwmic4vs287ywi0mrqw95fvy42xdaxrsafxhjwdxqiynq6z66";
-}
-{
-  lang = "pa";
-  saneName = "pa";
-  sha256 = "078m4ph7kcjvkbivhaa54wdqr8fz8qa8r8db76w1wlynwgqy4qfs";
-}
-{
-  lang = "pl";
-  saneName = "pl";
-  sha256 = "1vcgkikbq48kxcgpi0vp95gj3wgfmghrvr6gqhlfql19wp5mjvm8";
-}
-{
-  lang = "pt";
-  saneName = "pt";
-  sha256 = "04pjxaxllhhccwinn33ild0xjjn05wqb3a660xhf3cgr6wkgx02f";
-}
-{
-  lang = "pt_BR";
-  saneName = "pt_BR";
-  sha256 = "1bb2f14h73ba35ysl3snnbiawx2ciz8h80f80k76qnyxix6zk885";
-}
-{
-  lang = "ro";
-  saneName = "ro";
-  sha256 = "1gm22h89j0s91gdnpn8nf0zw761ddwj5wg5i58v8aza45dh026rx";
-}
-{
-  lang = "ru";
-  saneName = "ru";
-  sha256 = "13hmbpsvzxiz4ci29388crr8xwhqmbrgs3yn12ay6z8fcwi3v528";
-}
-{
-  lang = "si";
-  saneName = "si";
-  sha256 = "0557m5r07xdqc0ambzw7b5kqnjaxyx6si2w2zi804gx89cjkjzyn";
-}
-{
-  lang = "sk";
-  saneName = "sk";
-  sha256 = "0yy379i8hy37sq61xz3n9309srjgm46n8jhj5dqf120jfc4knp2m";
-}
-{
-  lang = "sl";
-  saneName = "sl";
-  sha256 = "03qk82hz3zdaj1rcpfyrzks4ss6rrqfwz1wkjqp1rrm5g7kl835w";
-}
-{
-  lang = "sr";
-  saneName = "sr";
-  sha256 = "1dz2ckc7h7sm8ac66ajpypfifkpnx94d5d24hsm9gnp271x3134a";
-}
-{
-  lang = "sv";
-  saneName = "sv";
-  sha256 = "0rynj1db0yijlb2ilwzia53h2xqaj5prz4ap0y06vpw5i84xf6f5";
-}
-{
-  lang = "tg";
-  saneName = "tg";
-  sha256 = "0s78pb4b6fkqwvn9hp0n2mb6jkdwnx3hfh7vs9dxdx3m7zpgjq9z";
-}
-{
-  lang = "th";
-  saneName = "th";
-  sha256 = "0xf646xnyjkwa5m32chsnsbb5ndfvbrzgc7i76g2fwp843wrn4rq";
-}
-{
-  lang = "tr";
-  saneName = "tr";
-  sha256 = "0bfawc1cp9f7q1cq69y0w9bwawh2f4bhl1795f0i171pvfmmwq9g";
-}
-{
-  lang = "ug";
-  saneName = "ug";
-  sha256 = "1lj7kjmfjk6micrspkpzx4jhskw33zi7jyshfz8i8234vzzn9j6d";
-}
-{
-  lang = "uk";
-  saneName = "uk";
-  sha256 = "09ssi2zx24cfwc4bm039i9p6si8cx22fqwisi356ijjclrb3k7sh";
-}
-{
-  lang = "vi";
-  saneName = "vi";
-  sha256 = "0sc3mjbi7gsyllgkqck75qgnfdmrlqh5ffmxl2p4q8m1whkgxqr1";
-}
-{
-  lang = "wa";
-  saneName = "wa";
-  sha256 = "06rfw2l812gf3zyw7kl500lxda751q3bhrl7dh67zsc4s18gy9cb";
-}
-{
-  lang = "zh_CN";
-  saneName = "zh_CN";
-  sha256 = "1zaxjza3q5ana63kqm9mbqssz73my07iikfq2w0i29naqx570p0y";
-}
-{
-  lang = "zh_TW";
-  saneName = "zh_TW";
-  sha256 = "1svp8ykbcssl028hn6vxb6yb5agkbzlzvxnm6imkillsvmqlchdj";
-}
-]
diff --git a/pkgs/desktops/kde-4.8/oxygen-icons.nix b/pkgs/desktops/kde-4.8/oxygen-icons.nix
deleted file mode 100644
index 52e5e5f6bb01..000000000000
--- a/pkgs/desktops/kde-4.8/oxygen-icons.nix
+++ /dev/null
@@ -1,15 +0,0 @@
-{ kde, cmake }:
-
-kde {
-  outputHashAlgo = "sha256";
-  outputHashMode = "recursive";
-  outputHash = "3984dac79aa7398578bcd9d69d74988bd992807518d46cd1dabc03867044c8a4";
-
-  nativeBuildInputs = [ cmake ];
-
-  meta = {
-    description = "KDE Oxygen theme icons";
-    longDescription = "Icons for KDE's default theme";
-    license = "GPL";
-  };
-}
diff --git a/pkgs/desktops/kde-4.8/support/akonadi/default.nix b/pkgs/desktops/kde-4.8/support/akonadi/default.nix
deleted file mode 100644
index 9a9e8a870660..000000000000
--- a/pkgs/desktops/kde-4.8/support/akonadi/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ stdenv, fetchurl, cmake, qt4, shared_mime_info, libxslt, boost, automoc4, soprano }:
-
-stdenv.mkDerivation rec {
-  name = "akonadi-1.7.2";
-  
-  src = fetchurl {
-    url = "mirror://kde/stable/akonadi/src/${name}.tar.bz2";
-    sha256 = "07rbhc8aa3d896j2r64ljv3amd6s4xhlbgq7kx99m1f68yl1fwjb";
-  };
-
-  buildInputs = [ qt4 soprano libxslt boost ];
-
-  nativeBuildInputs = [ cmake automoc4 shared_mime_info ];
-
-  enableParallelBuilding = true;
-  
-  meta = with stdenv.lib; {
-    description = "KDE PIM Storage Service";
-    license = "LGPL";
-    homepage = http://pim.kde.org/akonadi;
-    maintainers = [ maintainers.sander maintainers.urkud ];
-    platforms = platforms.linux;
-  };
-}
diff --git a/pkgs/desktops/xfce/4_08.nix b/pkgs/desktops/xfce/4_08.nix
deleted file mode 100644
index d29e3ac51ef0..000000000000
--- a/pkgs/desktops/xfce/4_08.nix
+++ /dev/null
@@ -1,37 +0,0 @@
-{ pkgs, newScope }: let
-
-common = (import ./common.nix) { inherit pkgs newScope xfce_self; };
-callPackage = common.callPackage;
-
-xfce_self = common.xfce_common // rec { # the lines are very long but it seems better than the even-odd line approach
-
-  #### CORE
-
-  exo           = callPackage ./core/exo.nix                { v= "0.6.2"; h= "0f8zh5y057l7xffskjvky6k88hrnz6jyk35mvlfpmx26anlgd77l"; };
-  libxfce4ui    = callPackage ./core/libxfce4ui.nix         { v= "4.8.1"; h= "0mlrcr8rqmv047xrb2dbh7f4knsppb1anx2b05s015h6v8lyvjrr"; };
-  libxfce4util  = callPackage ./core/libxfce4util.nix       { v= "4.8.2"; h= "05n8586h2fwkibfld5fm4ygx1w66jnbqqb3li0ardjvm2n24k885"; };
-  libxfcegui4   = callPackage ./core/libxfcegui4.nix        { v= "4.8.1"; h= "0hr4h6a9p6w3qw1976p8v9c9pwhd9zhrjlbaph0p7nyz7j1836ih"; };
-  thunar        = callPackage ./core/thunar.nix             { v= "1.2.3"; h= "19mczys6xr683r68g3s2njrrmnk1p73zypvwrhajw859c6nsjsp6"; };
-  xfce4panel    = callPackage ./core/xfce4-panel.nix        { v= "4.8.6"; h= "00zdkg1jg4n2n109nxan8ji2m06r9mc4lnlrvb55xvj229m2dwb6"; };
-  xfce4session  = callPackage ./core/xfce4-session.nix      { v= "4.8.2"; h= "1l608kik98jxbjl73waf8515hzji06lr80qmky2qlnp0b6js5g1i"; };
-  xfce4settings = callPackage ./core/xfce4-settings.nix     { v= "4.8.3"; h= "0bmw0s6jp2ws4n0f3387zwsyv46b0w89m6r70yb7wrqy9r3wqy6q"; };
-  xfceutils     = callPackage ./core/xfce-utils.nix         { v= "4.8.3"; h= "09mr0amp2f632q9i3vykaa0x5nrfihfm9v5nxsx9vch8wvbp0l03"; };
-  xfconf        = callPackage ./core/xfconf.nix             { v= "4.8.1"; h= "1jwkb73xcgqfly449jwbn2afiyx50p150z60x19bicps75sp6q4q"; };
-  xfdesktop     = callPackage ./core/xfdesktop.nix          { v= "4.8.3"; h= "097lc9djmay0jyyl42jmvcfda75ndp265nzn0aa3hv795bsn1175"; };
-  xfwm4         = callPackage ./core/xfwm4.nix              { v= "4.8.3"; h= "0zi2g1d2jdgw5armlk9xjh4ykmydy266gdba86nmhy951gm8n3hb"; };
-
-  xfce4_appfinder = callPackage ./core/xfce4-appfinder.nix  { v= "4.8.0"; h= "0zy7i9x4qjchmyb8nfpb7m2ply5n2aq35p9wrhb8lpz4am1ihx7x"; };
-
-  #### APPLICATIONS
-
-  terminal      = null; # newer versions don't build with 4.8
-
-    # versions > 0.3* don't build with xfce-4.8.*
-  ristretto     = callPackage ./applications/ristretto.nix    { v= "0.3.7"; h= "19mzy159j4qhd7pd1b83gimxfdg3mwdab9lq9kk505d21r7iqc9b"; };
-
-  xfce4mixer    = callPackage ./applications/xfce4-mixer.nix  { v= "4.8.0"; h= "1aqgjxvck6hx26sk3n4n5avhv02vs523mfclcvjb3xnks3yli7wz"; };
-
-}; # xfce_self
-
-in xfce_self
-
diff --git a/pkgs/desktops/xfce/4_10.nix b/pkgs/desktops/xfce/4_10.nix
deleted file mode 100644
index 3f846198e3f5..000000000000
--- a/pkgs/desktops/xfce/4_10.nix
+++ /dev/null
@@ -1,35 +0,0 @@
-{ pkgs, newScope }: let
-
-common = (import ./common.nix) { inherit pkgs newScope xfce_self; };
-callPackage = common.callPackage;
-
-xfce_self = common.xfce_common // rec { # the lines are very long but it seems better than the even-odd line approach
-
-  #### CORE
-
-  exo             = callPackage ./core/exo.nix              { v= "0.10.2"; h= "1kknxiz703q4snmry65ajm26jwjslbgpzdal6bd090m3z25q51dk"; };
-  libxfce4ui      = callPackage ./core/libxfce4ui.nix       { v= "4.10.0"; h= "1qm31s6568cz4c8rl9fsfq0xmf7pldxm0ki62gx1cpybihlgmfd2"; };
-  libxfce4util    = callPackage ./core/libxfce4util.nix     { v= "4.10.0"; h= "13k0wwbbqvdmbj4xmk4nxdlgvrdgr5y6r3dk380mzfw053hzwy89"; };
-  libxfcegui4     = callPackage ./core/libxfcegui4.nix      { v= "4.10.0"; h= "0cs5im0ib0cmr1lhr5765yliqjfyxvk4kwy8h1l8bn3mj6bzk0ib"; };
-  thunar          = callPackage ./core/thunar.nix           { v= "1.6.2";  h= "11dx38rvkfbp91pxrprymxhimsm90gvizp277x9s5rwnwcm1ggbx"; };
-  xfce4panel      = callPackage ./core/xfce4-panel.nix      { v= "4.10.0"; h= "1f8903nx6ivzircl8d8s9zna4vjgfy0qhjk5d2x19g9bmycgj89k"; };
-  xfce4session    = callPackage ./core/xfce4-session.nix    { v= "4.10.0"; h= "1kj65jkjhd0ysf0yxsf88wzpyv6n8i8qgd3gb502hf1x9jksk2mv"; };
-  xfce4settings   = callPackage ./core/xfce4-settings.nix   { v= "4.10.0"; h= "0zppq747z9lrxyv5zrrvpalq7hb3gfhy9p7qbldisgv7m6dz0hq8"; };
-  xfceutils       = null; # removed in 4.10
-  xfconf          = callPackage ./core/xfconf.nix           { v= "4.10.0"; h= "0xh520z0qh0ib0ijgnyrgii9h5d4pc53n6mx1chhyzfc86j1jlhp"; };
-  xfdesktop       = callPackage ./core/xfdesktop.nix        { v= "4.10.0"; h= "0yrddj1lgk3xn4w340y89z7x2isks72ia36pka08kk2x8gpfcyl9"; };
-  xfwm4           = callPackage ./core/xfwm4.nix            { v= "4.10.0"; h= "170zzs7adj47srsi2cl723w9pl8k8awd7w1bpzxby7hj92zmf8s9"; };
-
-  xfce4_appfinder = callPackage ./core/xfce4-appfinder.nix  { v= "4.9.4";  h= "12lgrbd1n50w9n8xkpai98s2aw8vmjasrgypc57sp0x0qafsqaxq"; };
-
-  #### APPLICATIONS
-
-  ristretto     = callPackage ./applications/ristretto.nix    { v= "0.6.3";  h= "0y9d8w1plwp4vmxs44y8k8x15i0k0xln89k6jndhv6lf57g1cs1b"; };
-  terminal      = xfce4terminal; # it has changed its name
-  xfce4mixer    = callPackage ./applications/xfce4-mixer.nix  { v= "4.10.0"; h= "1pnsd00583l7p5d80rxbh58brzy3jnccwikbbbm730a33c08kid8"; };
-  xfce4terminal = callPackage ./applications/terminal.nix     { v= "0.6.1";  h= "1j6lpkq952mrl5p24y88f89wn9g0namvywhma639xxsswlkn8d31"; };
-
-};
-
-in xfce_self
-
diff --git a/pkgs/desktops/xfce/core/xfce-utils.nix b/pkgs/desktops/xfce/core/xfce-utils.nix
deleted file mode 100644
index 625780adb313..000000000000
--- a/pkgs/desktops/xfce/core/xfce-utils.nix
+++ /dev/null
@@ -1,20 +0,0 @@
-{ v, h, stdenv, fetchXfce, pkgconfig, intltool, gtk, libxfce4util, libxfce4ui, dbus_glib }:
-
-stdenv.mkDerivation rec {
-  name = "xfce-utils-${v}";
-  src = fetchXfce.core name h;
-
-  configureFlags = "--with-xsession-prefix=$(out)/share/xsessions --with-vendor-info=NixOS.org";
-
-  buildInputs = [ pkgconfig intltool gtk libxfce4util libxfce4ui dbus_glib ];
-
-  preFixup = "rm $out/share/icons/hicolor/icon-theme.cache";
-
-  meta = {
-    homepage = http://www.xfce.org/projects/xfce-utils;
-    description = "Utilities and scripts for Xfce";
-    license = "GPLv2+";
-    platforms = stdenv.lib.platforms.linux;
-    maintainers = [ stdenv.lib.maintainers.eelco ];
-  };
-}
diff --git a/pkgs/desktops/xfce/default.nix b/pkgs/desktops/xfce/default.nix
index a6107d0a8707..f812336ee7f4 100644
--- a/pkgs/desktops/xfce/default.nix
+++ b/pkgs/desktops/xfce/default.nix
@@ -30,7 +30,6 @@ xfce_self = rec { # the lines are very long but it seems better than the even-od
   xfce4session    = callPackage ./core/xfce4-session.nix { };
   xfce4settings   = callPackage ./core/xfce4-settings.nix { };
   xfce4_power_manager = callPackage ./core/xfce4-power-manager.nix { };
-  xfceutils       = null; # removed in 4.10
   xfconf          = callPackage ./core/xfconf.nix { };
   xfdesktop       = callPackage ./core/xfdesktop.nix { };
   xfwm4           = callPackage ./core/xfwm4.nix { };
diff --git a/pkgs/development/arduino/ino/default.nix b/pkgs/development/arduino/ino/default.nix
index e77c2251b36d..89501f11269c 100644
--- a/pkgs/development/arduino/ino/default.nix
+++ b/pkgs/development/arduino/ino/default.nix
@@ -29,11 +29,12 @@ buildPythonPackage rec {
       --replace "self.e['avrdude']" "'${avrdude}/bin/avrdude'" \
       --replace "'-C', self.e['avrdude.conf']," ""
   '';
- 
+
   meta = {
     description = "Command line toolkit for working with Arduino hardware";
     homepage = http://inotool.org/;
     license = stdenv.lib.licenses.mit;
     maintainers = with stdenv.lib.maintainers; [ antono the-kenny ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/compilers/aldor/default.nix b/pkgs/development/compilers/aldor/default.nix
index fcd0c9fd453d..57d1bf74154e 100644
--- a/pkgs/development/compilers/aldor/default.nix
+++ b/pkgs/development/compilers/aldor/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.aldor.org/";
-    description = "Aldor is a programming language with an expressive type system";
+    description = "Programming language with an expressive type system";
     license = stdenv.lib.licenses.asl20;
 
     longDescription = ''
diff --git a/pkgs/development/compilers/ats2/default.nix b/pkgs/development/compilers/ats2/default.nix
new file mode 100644
index 000000000000..074fc4f334f6
--- /dev/null
+++ b/pkgs/development/compilers/ats2/default.nix
@@ -0,0 +1,19 @@
+{ stdenv, fetchurl, gmp }:
+
+let version = "0.0.3"; in stdenv.mkDerivation {
+  name = "ats2-postiats-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/ats2-lang/ATS2-Postiats-${version}.tgz";
+    sha256 = "0hq63zrmm92j5ffnsmylhhllm8kgjpjkaj4xvzz1zlshz39lijxp";
+  };
+
+  buildInputs = [ gmp ];
+
+  meta = {
+    description = "A statically typed programming language that unifies implementation with formal specification";
+    homepage = http://www.ats-lang.org/;
+    license = stdenv.lib.licenses.gpl3Plus;
+    maintainers = [ stdenv.lib.maintainers.shlevy ];
+  };
+}
diff --git a/pkgs/development/compilers/avra/default.nix b/pkgs/development/compilers/avra/default.nix
index db9fafa42f10..706659194005 100644
--- a/pkgs/development/compilers/avra/default.nix
+++ b/pkgs/development/compilers/avra/default.nix
@@ -19,10 +19,11 @@ stdenv.mkDerivation rec {
     automake -a
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "Assember for the Atmel AVR microcontroller family";
     homepage = http://avra.sourceforge.net/;
-    license = stdenv.lib.licenses.gpl2Plus;
-    maintainers = with stdenv.lib.maintainers; [ the-kenny ];
+    license = licenses.gpl2Plus;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ the-kenny ];
   };
 }
diff --git a/pkgs/development/compilers/clean/default.nix b/pkgs/development/compilers/clean/default.nix
index bd051a95699e..7f3e679e8476 100644
--- a/pkgs/development/compilers/clean/default.nix
+++ b/pkgs/development/compilers/clean/default.nix
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Clean is a general purpose, state-of-the-art, pure and lazy functional programming language.";
+    description = "General purpose, state-of-the-art, pure and lazy functional programming language";
     longDescription = ''
       Clean is a general purpose, state-of-the-art, pure and lazy functional
       programming language designed for making real-world applications. Some
diff --git a/pkgs/development/compilers/edk2/default.nix b/pkgs/development/compilers/edk2/default.nix
index 949324ba8b1c..3c2a4f779fdd 100644
--- a/pkgs/development/compilers/edk2/default.nix
+++ b/pkgs/development/compilers/edk2/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchsvn, libuuid, pythonFull, iasl }:
+{ stdenv, fetchgit, libuuid, pythonFull, iasl }:
 
 let
 
@@ -10,12 +10,12 @@ else
   throw "Unsupported architecture";
 
 edk2 = stdenv.mkDerivation {
-  name = "edk2-2013-03-19";
+  name = "edk2-2013-10-09";
   
-  src = fetchsvn {
-    url = https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2;
-    rev = "14211";
-    sha256 = "1rhrv7cyazb1d4gw3s8fv0c245iankvb9pqx6nngbkkxkcswvnw7";
+  src = fetchgit {
+    url = git://github.com/tianocore/edk2;
+    rev = "5bcb62a4098c9bde9be6af0833a025adc768e08d";
+    sha256 = "3e2958877061bf6bbfb28b150743d7244486929c1c320bdb1ff2586774aa042a";
   };
 
   buildInputs = [ libuuid pythonFull ];
diff --git a/pkgs/development/compilers/elm/elm.nix b/pkgs/development/compilers/elm/elm.nix
index 2c851ebbf3f6..c9e9fb9e14b5 100644
--- a/pkgs/development/compilers/elm/elm.nix
+++ b/pkgs/development/compilers/elm/elm.nix
@@ -1,17 +1,20 @@
-{ cabal, binary, blazeHtml, blazeMarkup, cmdargs, filepath, hjsmin
-, indents, mtl, pandoc, parsec, transformers, unionFind, uniplate
+{ cabal, aeson, aesonPretty, binary, blazeHtml, blazeMarkup
+, cmdargs, filepath, HTF, indents, languageEcmascript, mtl, pandoc
+, parsec, text, transformers, unionFind, uniplate
 }:
 
 cabal.mkDerivation (self: {
   pname = "Elm";
-  version = "0.9.0.2";
-  sha256 = "0yr395wsj0spi6h9d6lm5hvdryybpf8i1qpv4gz9dk0bwlyc8iwh";
+  version = "0.10.0.1";
+  sha256 = "1r7z2fw9v6ngr9w4lmj1l6sc78rmxvqkqlxv4a9yc5jm80k3ar0i";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    binary blazeHtml blazeMarkup cmdargs filepath hjsmin indents mtl
-    pandoc parsec transformers unionFind uniplate
+    aeson aesonPretty binary blazeHtml blazeMarkup cmdargs filepath
+    indents languageEcmascript mtl pandoc parsec text transformers
+    unionFind uniplate
   ];
+  testDepends = [ HTF ];
   doCheck = false;
   meta = {
     homepage = "http://elm-lang.org";
diff --git a/pkgs/development/compilers/ghc/6.10.1-binary.nix b/pkgs/development/compilers/ghc/6.10.1-binary.nix
index dd79ef9c8e75..e7d4d3c1946f 100644
--- a/pkgs/development/compilers/ghc/6.10.1-binary.nix
+++ b/pkgs/development/compilers/ghc/6.10.1-binary.nix
@@ -36,10 +36,10 @@ stdenv.mkDerivation rec {
      ''
       mkdir "$TMP/bin"
       for i in strip; do
-        echo '#!/bin/sh' >> "$TMP/bin/$i"
+        echo '#! ${stdenv.shell}' > "$TMP/bin/$i"
         chmod +x "$TMP/bin/$i"
-        PATH="$TMP/bin:$PATH"
       done
+      PATH="$TMP/bin:$PATH"
      '' +
     # On Linux, use patchelf to modify the executables so that they can
     # find editline/gmp.
diff --git a/pkgs/development/compilers/ghc/6.10.2-binary.nix b/pkgs/development/compilers/ghc/6.10.2-binary.nix
index 7effff83c69a..5af89e38c21f 100644
--- a/pkgs/development/compilers/ghc/6.10.2-binary.nix
+++ b/pkgs/development/compilers/ghc/6.10.2-binary.nix
@@ -30,10 +30,10 @@ stdenv.mkDerivation rec {
      ''
       mkdir "$TMP/bin"
       for i in strip; do
-        echo '#!/bin/sh' >> "$TMP/bin/$i"
+        echo '#! ${stdenv.shell}' > "$TMP/bin/$i"
         chmod +x "$TMP/bin/$i"
-        PATH="$TMP/bin:$PATH"
       done
+      PATH="$TMP/bin:$PATH"
      '' +
     # On Linux, use patchelf to modify the executables so that they can
     # find editline/gmp.
diff --git a/pkgs/development/compilers/ghc/6.12.1-binary.nix b/pkgs/development/compilers/ghc/6.12.1-binary.nix
index 6f3411da4af6..da4658c3829e 100644
--- a/pkgs/development/compilers/ghc/6.12.1-binary.nix
+++ b/pkgs/development/compilers/ghc/6.12.1-binary.nix
@@ -28,10 +28,10 @@ stdenv.mkDerivation rec {
      ''
       mkdir "$TMP/bin"
       for i in strip; do
-        echo '#!/bin/sh' >> "$TMP/bin/$i"
+        echo '#! ${stdenv.shell}' > "$TMP/bin/$i"
         chmod +x "$TMP/bin/$i"
-        PATH="$TMP/bin:$PATH"
       done
+      PATH="$TMP/bin:$PATH"
      '' +
     # We have to patch the GMP paths for the integer-gmp package.
      ''
diff --git a/pkgs/development/compilers/ghc/7.0.4-binary.nix b/pkgs/development/compilers/ghc/7.0.4-binary.nix
index 455d552b91ac..2c9b11f2b654 100644
--- a/pkgs/development/compilers/ghc/7.0.4-binary.nix
+++ b/pkgs/development/compilers/ghc/7.0.4-binary.nix
@@ -38,10 +38,10 @@ stdenv.mkDerivation rec {
      ''
       mkdir "$TMP/bin"
       for i in strip; do
-        echo '#!/bin/sh' >> "$TMP/bin/$i"
+        echo '#! ${stdenv.shell}' > "$TMP/bin/$i"
         chmod +x "$TMP/bin/$i"
-        PATH="$TMP/bin:$PATH"
       done
+      PATH="$TMP/bin:$PATH"
      '' +
     # We have to patch the GMP paths for the integer-gmp package.
      ''
diff --git a/pkgs/development/compilers/ghc/7.4.2-binary.nix b/pkgs/development/compilers/ghc/7.4.2-binary.nix
index 59eb957a45f4..7000081e5dbe 100644
--- a/pkgs/development/compilers/ghc/7.4.2-binary.nix
+++ b/pkgs/development/compilers/ghc/7.4.2-binary.nix
@@ -38,10 +38,10 @@ stdenv.mkDerivation rec {
      ''
       mkdir "$TMP/bin"
       for i in strip; do
-        echo '#!/bin/sh' >> "$TMP/bin/$i"
+        echo '#! ${stdenv.shell}' > "$TMP/bin/$i"
         chmod +x "$TMP/bin/$i"
-        PATH="$TMP/bin:$PATH"
       done
+      PATH="$TMP/bin:$PATH"
      '' +
     # We have to patch the GMP paths for the integer-gmp package.
      ''
diff --git a/pkgs/development/compilers/ghc/7.4.2.nix b/pkgs/development/compilers/ghc/7.4.2.nix
index 51f3f7f9df4b..0bc2a8553069 100644
--- a/pkgs/development/compilers/ghc/7.4.2.nix
+++ b/pkgs/development/compilers/ghc/7.4.2.nix
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
   preConfigure = ''
     echo "${buildMK}" > mk/build.mk
     sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
+    export NIX_LDFLAGS="$NIX_LDFLAGS -rpath $out/lib/ghc-${version}"
   '';
 
   configureFlags=[
diff --git a/pkgs/development/compilers/ghc/7.6.3.nix b/pkgs/development/compilers/ghc/7.6.3.nix
index dc3a912a34ac..427d21660b89 100644
--- a/pkgs/development/compilers/ghc/7.6.3.nix
+++ b/pkgs/development/compilers/ghc/7.6.3.nix
@@ -22,11 +22,10 @@ stdenv.mkDerivation rec {
   preConfigure = ''
     echo "${buildMK}" > mk/build.mk
     sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
+    export NIX_LDFLAGS="$NIX_LDFLAGS -rpath $out/lib/ghc-${version}"
   '';
 
-  configureFlags = [
-    "--with-gcc=${stdenv.gcc}/bin/gcc"
-  ];
+  configureFlags = "--with-gcc=${stdenv.gcc}/bin/gcc";
 
   # required, because otherwise all symbols from HSffi.o are stripped, and
   # that in turn causes GHCi to abort
diff --git a/pkgs/development/compilers/ghc/head.nix b/pkgs/development/compilers/ghc/head.nix
index c9cd71fc2b51..e7483700ab0b 100644
--- a/pkgs/development/compilers/ghc/head.nix
+++ b/pkgs/development/compilers/ghc/head.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchurl, ghc, perl, gmp, ncurses }:
 
 stdenv.mkDerivation rec {
-  version = "7.7.20130816";
+  version = "7.7.20130828";
   name = "ghc-${version}";
 
   src = fetchurl {
     url = "http://darcs.haskell.org/ghcBuilder/uploads/tn23/${name}-src.tar.bz2";
-    sha256 = "0w636gfjn3xigrlj31z4hy9kv44svyifsqcshrq95qxijx396j5m";
+    sha256 = "180nkd77kz3mv4g7yq8ipx34p5q8k714l0z2527y49lghy118jzv";
   };
 
   buildInputs = [ ghc perl gmp ncurses ];
@@ -22,6 +22,7 @@ stdenv.mkDerivation rec {
   preConfigure = ''
     echo "${buildMK}" > mk/build.mk
     sed -i -e 's|-isysroot /Developer/SDKs/MacOSX10.5.sdk||' configure
+    export NIX_LDFLAGS="$NIX_LDFLAGS -rpath $out/lib/ghc-${version}"
   '';
 
   configureFlags = "--with-gcc=${stdenv.gcc}/bin/gcc";
diff --git a/pkgs/development/compilers/ghc/with-packages.nix b/pkgs/development/compilers/ghc/with-packages.nix
index e3cc71bbccfd..b32b12d5b954 100644
--- a/pkgs/development/compilers/ghc/with-packages.nix
+++ b/pkgs/development/compilers/ghc/with-packages.nix
@@ -1,127 +1,42 @@
-{stdenv, ghc, packages ? [], makeWrapper}:
+{ stdenv, ghc, packages, buildEnv, makeWrapper }:
 
-stdenv.mkDerivation rec {
-  name = "haskell-env-${ghc.name}";
-
-  allPackages = stdenv.lib.closePropagation packages;
-  buildInputs = allPackages ++ [makeWrapper];
-  propagatedBuildInputs = packages;
-
-  unpackPhase = "true";
-
-  installPhase = ''
-    numversion=$(${ghc}/bin/ghc --numeric-version)
-    majorversion=''${numversion%%.*}
-    minorversion=''${numversion#*.}
-    minorversion=''${minorversion%%.*}
-
-    if [[ $majorversion -gt 6 ]] && [[ $minorversion -gt 4 ]]; then
-      globalConf="--global-package-db"
-    else
-      globalConf="--global-conf"
-    fi
-
-    originalTopDir="${ghc}/lib/ghc-${ghc.version}"
-    originalPkgDir="$originalTopDir/package.conf.d"
-    linkedTopDir="$out/lib"
-    linkedPkgDir="$linkedTopDir/package.conf.d"
-
-    mkdir -p $out/bin
-    mkdir -p $linkedTopDir
-    mkdir -p $linkedPkgDir
-
-    echo "Linking GHC core libraries:"
-
-    echo -n "Linking $originalTopDir "
-    for f in "$originalTopDir/"*; do
-      if test -f $f; then
-        ln -s $f $linkedTopDir
-        echo -n .
-      fi
-    done
-    echo
+assert packages != [];
 
-    echo -n "Linking $originalPkgDir "
-    for f in "$originalPkgDir/"*.conf; do
-      ln -s $f $linkedPkgDir
-      echo -n .
-    done
-    echo
-
-    echo "Linking selected packages and dependencies:"
-
-    for currentPath in ${stdenv.lib.concatStringsSep " " allPackages}; do
-      currentPkgDir="$currentPath/lib/ghc-pkgs/ghc-${ghc.version}"
-      # Check if current path is a Cabal package for the current GHC
-      if test -d $currentPkgDir; then
-        echo -n "Linking $currentPath "
-        for f in "$currentPath/bin/"*; do
-          ln -s $f $out/bin
-          echo -n .
-        done
-        for f in "$currentPath/etc/bash_completion.d/"*; do
-          mkdir -p $out/etc/bash_completion.d
-          ln -s $f $out/etc/bash_completion.d/
-          echo -n .
-        done
-        for s in 1 2 3 4 5 6 7 8 9; do
-          for f in "$currentPath/share/man/man$s/"*; do
-            mkdir -p $out/share/man/man$s
-            ln -sv $f $out/share/man/man$s/
-            echo -n .
-          done
-        done
-        for f in "$currentPath/share/emacs/site-lisp/"*; do
-          mkdir -p $out/share/emacs/site-lisp
-          ln -s $f $out/share/emacs/site-lisp/
-          echo -n .
-        done
-        for f in "$currentPath/share/ghci/"*; do
-          mkdir -p $out/share/ghci
-          ln -s $f $out/share/ghci/
-          echo -n .
-        done
-        for f in "$currentPkgDir/"*.conf; do
-          ln -s $f $linkedPkgDir
-          echo -n .
-        done
-        echo
-      fi
-    done
-
-    echo -n "Generating package cache "
-    ${ghc}/bin/ghc-pkg $globalConf $linkedPkgDir recache
-    echo .
-
-    echo -n "Generating wrappers "
+let
+  ghc761OrLater = stdenv.lib.versionOlder "7.6.1" ghc.version;
+  packageDBFlag = if ghc761OrLater then "--package-db" else "--package-conf";
+  libDir        = "$out/lib/ghc-${ghc.version}";
+  packageCfgDir = "${libDir}/package.conf.d";
+in
+buildEnv {
+  name = "haskell-env-${ghc.name}";
+  paths = stdenv.lib.filter (x: x ? ghc) (stdenv.lib.closePropagation packages) ++ [ghc];
+  postBuild = ''
+    . ${makeWrapper}/nix-support/setup-hook
 
     for prg in ghc ghci ghc-${ghc.version} ghci-${ghc.version}; do
-      # The NIX env-vars are picked up by our patched version of ghc-paths.
-      makeWrapper ${ghc}/bin/$prg $out/bin/$prg \
-        --add-flags "-B$linkedTopDir" \
-        --set "NIX_GHC"        "$out/bin/ghc"     \
-        --set "NIX_GHCPKG"     "$out/bin/ghc-pkg" \
-        --set "NIX_GHC_LIBDIR" "$linkedTopDir"
-      echo -n .
+      rm -f $out/bin/$prg
+      makeWrapper ${ghc}/bin/$prg $out/bin/$prg         \
+        --add-flags '"-B$NIX_GHC_LIBDIR"'               \
+        --set "NIX_GHC"        "$out/bin/ghc"           \
+        --set "NIX_GHCPKG"     "$out/bin/ghc-pkg"       \
+        --set "NIX_GHC_LIBDIR" "${libDir}"
     done
 
     for prg in runghc runhaskell; do
-      makeWrapper ${ghc}/bin/$prg $out/bin/$prg --add-flags "-f $out/bin/ghc"
-      echo -n .
+      rm -f $out/bin/$prg
+      makeWrapper ${ghc}/bin/$prg $out/bin/$prg         \
+        --add-flags "-f $out/bin/ghc"                   \
+        --set "NIX_GHC"        "$out/bin/ghc"           \
+        --set "NIX_GHCPKG"     "$out/bin/ghc-pkg"       \
+        --set "NIX_GHC_LIBDIR" "${libDir}"
     done
 
     for prg in ghc-pkg ghc-pkg-${ghc.version}; do
-      makeWrapper ${ghc}/bin/$prg $out/bin/$prg --add-flags "$globalConf $linkedPkgDir"
-      echo -n .
+      rm -f $out/bin/$prg
+      makeWrapper ${ghc}/bin/$prg $out/bin/$prg --add-flags "${packageDBFlag} ${packageCfgDir}"
     done
 
-    for prg in hp2ps hpc hasktags hsc2hs haddock haddock-${ghc.version}; do
-      if test -x ${ghc}/bin/$prg -a ! -x $out/bin/$prg; then
-        ln -s ${ghc}/bin/$prg $out/bin/$prg && echo -n .
-      fi
-    done
-    echo
+    $out/bin/ghc-pkg recache
   '';
-
-  meta = ghc.meta;
 }
diff --git a/pkgs/development/compilers/ghc/wrapper.nix b/pkgs/development/compilers/ghc/wrapper.nix
index 55fd16be5edb..bcfbd49b98a0 100644
--- a/pkgs/development/compilers/ghc/wrapper.nix
+++ b/pkgs/development/compilers/ghc/wrapper.nix
@@ -1,10 +1,53 @@
-{ stdenv, ghc, makeWrapper, coreutils, forUserEnv ? false }:
+{ stdenv, ghc, makeWrapper, coreutils, writeScript }:
 
 let
   ghc761OrLater = !stdenv.lib.versionOlder ghc.version "7.6.1";
   packageDBFlag = if ghc761OrLater then "-package-db" else "-package-conf";
+
+  GHCGetPackages = writeScript "ghc-get-packages.sh" ''
+    #! ${stdenv.shell}
+    # Usage:
+    #  $1: version of GHC
+    #  $2: invocation path of GHC
+    #  $3: prefix
+    version="$1"
+    if test -z "$3"; then
+      prefix="${packageDBFlag} "
+    else
+      prefix="$3"
+    fi
+    PATH="$2:$PATH"
+    IFS=":"
+    for p in $PATH; do
+      PkgDir="$p/../lib/ghc-$version/package.conf.d"
+      for i in "$PkgDir/"*.installedconf; do
+        # output takes place here
+        test -f $i && echo -n " $prefix$i"
+      done
+    done
+    test -f "$2/../lib/ghc-$version/package.conf" && echo -n " $prefix$2/../lib/ghc-$version/package.conf"
+  '';
+
+  GHCPackages = writeScript "ghc-packages.sh" ''
+    #! ${stdenv.shell} -e
+    declare -A GHC_PACKAGES_HASH # using bash4 hashs to get uniq paths
+
+    for arg in $(${GHCGetPackages} ${ghc.version} "$(dirname $0)"); do
+      case "$arg" in
+        ${packageDBFlag}) ;;
+        *)
+          CANONICALIZED="$(${coreutils}/bin/readlink -f -- "$arg")"
+          GHC_PACKAGES_HASH["$CANONICALIZED"]= ;;
+      esac
+    done
+
+    for path in ''${!GHC_PACKAGES_HASH[@]}; do
+      echo -n "$path:"
+    done
+  '';
+
 in
-stdenv.mkDerivation ({
+stdenv.mkDerivation {
   name = "ghc-${ghc.version}-wrapper";
 
   buildInputs = [makeWrapper];
@@ -12,53 +55,32 @@ stdenv.mkDerivation ({
 
   unpackPhase = "true";
   installPhase = ''
+    runHook preInstall
+
     mkdir -p $out/bin
-    cp $GHCGetPackages $out/bin/ghc-get-packages.sh
-    chmod 755 $out/bin/ghc-get-packages.sh
     for prg in ghc ghci ghc-${ghc.version} ghci-${ghc.version}; do
-      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$($out/bin/ghc-get-packages.sh ${ghc.version} \"\$(dirname \$0)\")"
+      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$(${GHCGetPackages} ${ghc.version} \"\$(dirname \$0)\")"
     done
     for prg in runghc runhaskell; do
-      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$($out/bin/ghc-get-packages.sh ${ghc.version} \"\$(dirname \$0)\" \" ${packageDBFlag} --ghc-arg=\")"
+      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$(${GHCGetPackages} ${ghc.version} \"\$(dirname \$0)\" \" ${packageDBFlag} --ghc-arg=\")"
     done
     for prg in ghc-pkg ghc-pkg-${ghc.version}; do
-      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$($out/bin/ghc-get-packages.sh ${ghc.version} \"\$(dirname \$0)\" -${packageDBFlag}=)"
+      makeWrapper $ghc/bin/$prg $out/bin/$prg --add-flags "\$(${GHCGetPackages} ${ghc.version} \"\$(dirname \$0)\" -${packageDBFlag}=)"
     done
     for prg in hp2ps hpc hasktags hsc2hs; do
       test -x $ghc/bin/$prg && ln -s $ghc/bin/$prg $out/bin/$prg
     done
-    cat >> $out/bin/ghc-packages << EOF
-    #! /bin/bash -e
-    declare -A GHC_PACKAGES_HASH # using bash4 hashs to get uniq paths
-
-    for arg in \$($out/bin/ghc-get-packages.sh ${ghc.version} \"\$(dirname \$0)\"); do
-      case "\$arg" in
-        ${packageDBFlag}) ;;
-        *)
-          CANONICALIZED="\$(${stdenv.lib.optionalString stdenv.isDarwin "${coreutils}/bin/"}readlink -f "\$arg")"
-          GHC_PACKAGES_HASH["\$CANONICALIZED"]= ;;
-      esac
-    done
 
-    for path in \''${!GHC_PACKAGES_HASH[@]}; do
-      echo -n "\$path:"
-    done
-    EOF
-    chmod +x $out/bin/ghc-packages
     mkdir -p $out/nix-support
     ln -s $out/nix-support/propagated-build-inputs $out/nix-support/propagated-user-env-packages
-  '';
 
-  GHCGetPackages = ./ghc-get-packages.sh;
+    mkdir -p $out/share/doc
+    ln -s $ghc/lib $out/lib
+    ln -s $ghc/share/doc/ghc $out/share/doc/ghc-${ghc.version}
+
+    runHook postInstall
+  '';
 
-  inherit ghc;
-  inherit (ghc) meta;
-  ghcVersion = ghc.version;
-} // (stdenv.lib.optionalAttrs ghc761OrLater { preFixup = "sed -i -e 's|-package-conf|${packageDBFlag}|' $out/bin/ghc-get-packages.sh"; })
-  // (stdenv.lib.optionalAttrs forUserEnv {
-       postFixup= ''
-         ln -s $ghc/lib $out/lib;
-         mkdir -p $out/share/doc
-         ln -s $ghc/share/doc/ghc $out/share/doc/ghc-${ghc.version}
-       '';
-     }))
+  inherit ghc GHCGetPackages GHCPackages;
+  inherit (ghc) meta version;
+}
diff --git a/pkgs/development/compilers/go/1.1-darwin.nix b/pkgs/development/compilers/go/1.1-darwin.nix
new file mode 100644
index 000000000000..2cbb8d49611f
--- /dev/null
+++ b/pkgs/development/compilers/go/1.1-darwin.nix
@@ -0,0 +1,74 @@
+{ stdenv, fetchurl, bison, bash, makeWrapper }:
+
+stdenv.mkDerivation {
+  name = "go-1.1.2";
+
+  src = fetchurl {
+    url = http://go.googlecode.com/files/go1.1.2.src.tar.gz;
+    sha256 = "0w7bchhb4b053az3wjp6z342rs9lp9nxf4w2mnfd1b89d6sb7izz";
+  };
+
+  buildInputs = [ bison bash makeWrapper ];
+
+  preUnpack = ''
+    mkdir -p $out/share
+    cd $out/share
+  '';
+
+  prePatch = ''
+    cd ..
+    if [ ! -d go ]; then
+      mv * go
+    fi
+    cd go
+
+    patchShebangs ./ # replace /bin/bash
+    rm src/pkg/net/{multicast_test.go,parse_test.go,port_test.go}
+    # The os test wants to read files in an existing path. Just it don't be /usr/bin.
+    sed -i 's,/usr/bin,'"`pwd`", src/pkg/os/os_test.go
+    sed -i 's,/bin/pwd,'"`type -P pwd`", src/pkg/os/os_test.go
+    # Disable some tests
+    sed -i '/TestHostname/areturn' src/pkg/os/os_test.go
+    sed -i '/TestShutdownUnix/areturn' src/pkg/net/net_test.go
+
+  '';
+
+  # Unfortunately we have to use Mac OS X's own GCC
+  preBuild = ''
+    export PATH=/usr/bin:$PATH
+  '';
+
+  #patches = [ ./cacert.patch ];
+
+  GOOS = "darwin";
+  GOARCH = if stdenv.system == "x86_64-darwin" then "amd64" else "386";
+
+  installPhase = ''
+    mkdir -p "$out/bin"
+    export GOROOT="$(pwd)/"
+    export GOBIN="$out/bin"
+    export PATH="$GOBIN:$PATH"
+    cd ./src
+    ./all.bash
+    cd -
+
+    # Wrap the tools to define the location of the
+    # libraries.
+    for a in go gofmt godoc; do
+	    wrapProgram "$out/bin/$a" \
+	      --set "GOROOT" $out/share/go
+    done
+
+    # Copy the emacs configuration for Go files.
+    mkdir -p "$out/share/emacs/site-lisp"
+    cp ./misc/emacs/* $out/share/emacs/site-lisp/
+  '';
+
+  meta = {
+    homepage = http://golang.org/;
+    description = "The Go Programming language";
+    license = "BSD";
+    maintainers = with stdenv.lib.maintainers; [ zef ];
+    platforms = stdenv.lib.platforms.darwin;
+  };
+}
diff --git a/pkgs/development/compilers/go/1.1.nix b/pkgs/development/compilers/go/1.1.nix
index 5aeb053e1107..dfb545bb368d 100644
--- a/pkgs/development/compilers/go/1.1.nix
+++ b/pkgs/development/compilers/go/1.1.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, bison, glibc, bash, coreutils, makeWrapper, tzdata, iana_etc }:
+{ stdenv, fetchurl, bison, glibc, bash, coreutils, makeWrapper, tzdata, iana_etc
+, removeGodocExternals ? false }:
 
 let
   loader386 = "${glibc}/lib/ld-linux.so.2";
@@ -50,6 +51,8 @@ stdenv.mkDerivation {
     sed -i 's,/bin/pwd,'"`type -P pwd`", src/pkg/os/os_test.go
     # Disable the hostname test
     sed -i '/TestHostname/areturn' src/pkg/os/os_test.go
+  '' + stdenv.lib.optionalString removeGodocExternals ''
+    sed -i -e '/googleapi/d' -e '/javascript">$/,+6d' lib/godoc/godoc.html 
   '';
 
   patches = [ ./cacert.patch ];
diff --git a/pkgs/development/compilers/gwt/2.4.0.nix b/pkgs/development/compilers/gwt/2.4.0.nix
index c5c7841d72a0..65208b062c25 100644
--- a/pkgs/development/compilers/gwt/2.4.0.nix
+++ b/pkgs/development/compilers/gwt/2.4.0.nix
@@ -18,6 +18,6 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://code.google.com/webtoolkit/;
-    description = "Google Web Toolkit (GWT) is a development toolkit for building and optimizing complex browser-based applications.";
+    description = "Google Web Toolkit (GWT) is a development toolkit for building and optimizing complex browser-based applications";
   };
 }
diff --git a/pkgs/development/compilers/idris/default.nix b/pkgs/development/compilers/idris/default.nix
index e36924f63fed..30ef18a1ef91 100644
--- a/pkgs/development/compilers/idris/default.nix
+++ b/pkgs/development/compilers/idris/default.nix
@@ -1,20 +1,24 @@
-{ cabal, binary, Cabal, filepath, gmp, happy, haskeline
-, languageJava, libffi, llvmGeneral, mtl, parsec, split, text
-, transformers, vector, vectorBinaryInstances, boehmgc
+{ cabal, ansiTerminal, ansiWlPprint, binary, boehmgc, Cabal
+, filepath, gmp, happy, haskeline, languageJava, libffi
+, llvmGeneral, llvmGeneralPure, mtl, parsec, parsers, split, text
+, time, transformers, trifecta, unorderedContainers, utf8String
+, vector, vectorBinaryInstances
 }:
 
 cabal.mkDerivation (self: {
   pname = "idris";
-  version = "0.9.9";
-  sha256 = "0wwssgpiyn7akyfrpi1khvqxx1k8753kk7151zvvymz0zkks643m";
+  version = "0.9.9.3";
+  sha256 = "1l19xx0xbcwlnnh2w0rmri7wwixffzfrafpbji64nwyx1awz4iab";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
-    binary Cabal filepath haskeline languageJava libffi llvmGeneral mtl
-    parsec split text transformers vector vectorBinaryInstances
+    ansiTerminal ansiWlPprint binary Cabal filepath haskeline
+    languageJava libffi llvmGeneral llvmGeneralPure mtl parsec parsers
+    split text time transformers trifecta unorderedContainers
+    utf8String vector vectorBinaryInstances
   ];
   buildTools = [ happy ];
-  extraLibraries = [ gmp boehmgc ];
+  extraLibraries = [ boehmgc gmp ];
   meta = {
     homepage = "http://www.idris-lang.org/";
     description = "Functional Programming Language with Dependent Types";
diff --git a/pkgs/development/compilers/jdk/dlj-bundle-builder.sh b/pkgs/development/compilers/jdk/dlj-bundle-builder.sh
index cf59a28164bb..028164ac3955 100644
--- a/pkgs/development/compilers/jdk/dlj-bundle-builder.sh
+++ b/pkgs/development/compilers/jdk/dlj-bundle-builder.sh
@@ -37,6 +37,11 @@ else
   jrePath=$out/jre
 fi
 
+if test -n "$jce"; then
+  unzip $jce
+  cp -v jce/*.jar $jrePath/lib/security
+fi
+
 rpath=$rpath${rpath:+:}$jrePath/lib/$architecture/jli
 
 # set all the dynamic linkers
diff --git a/pkgs/development/compilers/jdk/jdk6-linux.nix b/pkgs/development/compilers/jdk/jdk6-linux.nix
index 340bbdf91ac9..97ec6b56305c 100644
--- a/pkgs/development/compilers/jdk/jdk6-linux.nix
+++ b/pkgs/development/compilers/jdk/jdk6-linux.nix
@@ -6,6 +6,7 @@
 , xlibs ? null
 , installjdk ? true
 , pluginSupport ? true
+, installjce ? false
 }:
 
 assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
@@ -24,6 +25,15 @@ let
     else
       abort "jdk requires i686-linux or x86_64 linux";
 
+  jce =
+    if installjce then
+      requireFile {
+        name = "jce_policy-6.zip";
+        url = http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html;
+        sha256 = "0qljzfxbikm8br5k7rkamibp1vkyjrf6blbxpx6hn4k46f62bhnh";
+      }
+    else
+      null;
 in
 
 stdenv.mkDerivation {
@@ -65,7 +75,7 @@ stdenv.mkDerivation {
     [stdenv.gcc.libc] ++
     (if swingSupport then [xlibs.libX11 xlibs.libXext xlibs.libXtst xlibs.libXi xlibs.libXp xlibs.libXt] else []);
 
-  inherit swingSupport pluginSupport architecture;
+  inherit swingSupport pluginSupport architecture jce;
   inherit (xlibs) libX11;
 
   mozillaPlugin = if installjdk then "/jre/lib/${architecture}/plugins" else "/lib/${architecture}/plugins";
diff --git a/pkgs/development/compilers/julia/default.nix b/pkgs/development/compilers/julia/default.nix
index 3e45fc6d5e35..ae550f5692d8 100644
--- a/pkgs/development/compilers/julia/default.nix
+++ b/pkgs/development/compilers/julia/default.nix
@@ -8,7 +8,7 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "julia";
-  date = "20130611";
+  date = "20131013";
   name = "${pname}-git-${date}";
 
   grisu_ver = "1.1.1";
@@ -65,8 +65,8 @@ stdenv.mkDerivation rec {
 
   src = fetchgit {
     url = "git://github.com/JuliaLang/julia.git";
-    rev = "60cc4e44bf415dcda90f2bbe22300f842fe44098";
-    sha256 = "018s0zyvdkxjldbvcdv40q3v2gcjznyyql5pv3zhhy1iq11jddfz";
+    rev = "76d2b87a45fff637473c4c342c9f5f9387675fda";
+    sha256 = "079g44r27lv0wsfbg84ihrmgzl73djjjr41xjiaqdph55zqfbn4f";
   };
 
   buildInputs = [ gfortran perl m4 gmp pcre llvm readline zlib
@@ -131,7 +131,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "High-level performance-oriented dynamical language for technical computing.";
+    description = "High-level performance-oriented dynamical language for technical computing";
     homepage = "http://julialang.org/";
     license = stdenv.lib.licenses.mit;
     maintainers = [ stdenv.lib.maintainers.raskin ];
diff --git a/pkgs/development/compilers/mlton/default.nix b/pkgs/development/compilers/mlton/default.nix
index 770a6b17b158..a5ff613a9b45 100644
--- a/pkgs/development/compilers/mlton/default.nix
+++ b/pkgs/development/compilers/mlton/default.nix
@@ -77,7 +77,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "MLton is an open-source, whole-program, optimizing Standard ML compiler.";
+    description = "Open-source, whole-program, optimizing Standard ML compiler";
     longDescription = ''
       MLton is an open source, whole-program optimizing compiler for the Standard ML programming language.
       MLton aims to produce fast executables, and to encourage rapid prototyping and modular programming
diff --git a/pkgs/development/compilers/ocaml/4.01.0.nix b/pkgs/development/compilers/ocaml/4.01.0.nix
new file mode 100644
index 000000000000..c11bb7536be1
--- /dev/null
+++ b/pkgs/development/compilers/ocaml/4.01.0.nix
@@ -0,0 +1,63 @@
+{ stdenv, fetchurl, ncurses, x11 }:
+
+let
+   useX11 = !stdenv.isArm && !stdenv.isMips;
+   useNativeCompilers = !stdenv.isMips;
+   inherit (stdenv.lib) optionals optionalString;
+in
+
+stdenv.mkDerivation rec {
+
+  name = "ocaml-4.01.0";
+
+  src = fetchurl {
+    url = "http://caml.inria.fr/pub/distrib/ocaml-4.01/${name}.tar.bz2";
+    sha256 = "b1ca708994180236917ae79e17606da5bd334ca6acd6873a550027e1c0ec874a";
+  };
+
+  prefixKey = "-prefix ";
+  configureFlags = ["-no-tk"] ++ optionals useX11 [ "-x11lib" x11 ];
+  buildFlags = "world" + optionalString useNativeCompilers " bootstrap world.opt";
+  buildInputs = [ncurses] ++ optionals useX11 [ x11 ];
+  installTargets = "install" + optionalString useNativeCompilers " installopt";
+  preConfigure = ''
+    CAT=$(type -tp cat)
+    sed -e "s@/bin/cat@$CAT@" -i config/auto-aux/sharpbang
+  '';
+  postBuild = ''
+    mkdir -p $out/include
+    ln -sv $out/lib/ocaml/caml $out/include/caml
+  '';
+
+  passthru = {
+    nativeCompilers = useNativeCompilers;
+  };
+
+  meta = {
+    homepage = http://caml.inria.fr/ocaml;
+    licenses = [ "QPL" /* compiler */ "LGPLv2" /* library */ ];
+    description = "OCaml, the most popular variant of the Caml language";
+
+    longDescription =
+      ''
+        OCaml is the most popular variant of the Caml language.  From a
+        language standpoint, it extends the core Caml language with a
+        fully-fledged object-oriented layer, as well as a powerful module
+        system, all connected by a sound, polymorphic type system featuring
+        type inference.
+
+        The OCaml system is an industrial-strength implementation of this
+        language, featuring a high-performance native-code compiler (ocamlopt)
+        for 9 processor architectures (IA32, PowerPC, AMD64, Alpha, Sparc,
+        Mips, IA64, HPPA, StrongArm), as well as a bytecode compiler (ocamlc)
+        and an interactive read-eval-print loop (ocaml) for quick development
+        and portability.  The OCaml distribution includes a comprehensive
+        standard library, a replay debugger (ocamldebug), lexer (ocamllex) and
+        parser (ocamlyacc) generators, a pre-processor pretty-printer (camlp4)
+        and a documentation generator (ocamldoc).
+      '';
+
+    platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
+  };
+
+}
diff --git a/pkgs/development/compilers/sbcl/default.nix b/pkgs/development/compilers/sbcl/default.nix
index 1e4feff1107b..288fdb33454a 100644
--- a/pkgs/development/compilers/sbcl/default.nix
+++ b/pkgs/development/compilers/sbcl/default.nix
@@ -4,11 +4,11 @@ let
   s= # Generated upstream information
   rec {
     baseName="sbcl";
-    version="1.1.8";
+    version="1.1.12";
     name="${baseName}-${version}";
-    hash="1fmcpsi2bddfpz3impm9i62y9p15r3mc4xgm1dg0k77l33859jip";
-    url="mirror://sourceforge/project/sbcl/sbcl/1.1.8/sbcl-1.1.8-source.tar.bz2";
-    sha256="1fmcpsi2bddfpz3impm9i62y9p15r3mc4xgm1dg0k77l33859jip";
+    hash="0mvl6lpi44yv6jv3xhyyzvf9g7bdlj691iz3ydpn66v0vg5i554c";
+    url="mirror://sourceforge/project/sbcl/sbcl/1.1.12/sbcl-1.1.12-source.tar.bz2";
+    sha256="0mvl6lpi44yv6jv3xhyyzvf9g7bdlj691iz3ydpn66v0vg5i554c";
   };
   buildInputs = with a; [
     clisp makeWrapper
diff --git a/pkgs/development/compilers/smlnj/default.nix b/pkgs/development/compilers/smlnj/default.nix
new file mode 100644
index 000000000000..b3a29a1e1c72
--- /dev/null
+++ b/pkgs/development/compilers/smlnj/default.nix
@@ -0,0 +1,66 @@
+{ stdenv, fetchurl }:
+let
+  version = "110.76";
+  baseurl = "http://smlnj.cs.uchicago.edu/dist/working/${version}";
+
+  sources = map fetchurl [
+    { url = "${baseurl}/config.tgz";              sha256 = "0mx5gib1jq5hl3j6gvkkfh60x2hx146xiisclaz4jgy452ywikj1"; }
+    { url = "${baseurl}/cm.tgz";                  sha256 = "14y1pqqw5p5va3rvpk2jddx2gcm37z5hwp5zdm43z02afscq37jk"; }
+    { url = "${baseurl}/compiler.tgz";            sha256 = "10gn7cwqzbnh4k3l6brb9hp59k9vz2m9fcaarv2fw1gilfw5a9rj"; }
+    { url = "${baseurl}/runtime.tgz";             sha256 = "0zqajizayzrlrxm47q492mqgfxya7rwqrq4faafai8qfwga6q27n"; }
+    { url = "${baseurl}/system.tgz";              sha256 = "0dys0f0cdgnivk1niam9g736c3mzrjf9r29051g0579an8yi8slg"; }
+    { url = "${baseurl}/MLRISC.tgz";              sha256 = "00n1zk65cwf2kf669mn09lp0ya6bfap1czhyq0nfza409vm4v54x"; }
+    { url = "${baseurl}/smlnj-lib.tgz";           sha256 = "1mx1vjxbpfgcq6fkmh2qirjfqzn3wcnjf4a9ijr7k2bwgnh99sc1"; }
+    { url = "${baseurl}/ckit.tgz";                sha256 = "1fqdxs2cgzffj0i9rmzv1aljwnhx98hyvj3c2kivw3ligxp4wly4"; }
+    { url = "${baseurl}/nlffi.tgz";               sha256 = "08dmvs95xmbas3hx7n0csxxl0d0bmhxg7gav1ay02gy9n8iw3g87"; }
+    { url = "${baseurl}/cml.tgz";                 sha256 = "1qc1hs2k2xmn03ldyz2zf0pzbryd1n4bwix226ch8z9pnfimglyb"; }
+    { url = "${baseurl}/eXene.tgz";               sha256 = "01z69rgmshh694wkcwrzi72z5d5glpijj7mqxb17yz106xyzmgim"; }
+    { url = "${baseurl}/ml-lpt.tgz";              sha256 = "13gw4197ivzvd6qcbg5pzclhv1f2jy2c433halh021d60qjv4w4r"; }
+    { url = "${baseurl}/ml-lex.tgz";              sha256 = "0sqa533zca1l7p79qhkb7lspvhk4k2r3839745sci32fzwy1804x"; }
+    { url = "${baseurl}/ml-yacc.tgz";             sha256 = "1kzi0dpybd9hkklk460mgbwfkixjhav225kkmwnk3jxby3zgflci"; }
+    { url = "${baseurl}/ml-burg.tgz";             sha256 = "0kjrba8l0v6jn3g6gv9dvrklpvxx9x57b7czwnrrd33pi28sv7fm"; }
+    { url = "${baseurl}/pgraph.tgz";              sha256 = "174n22m7zibgk68033qql86kyk6mxjni4j0kcadafs0g2xmh6i6z"; }
+    { url = "${baseurl}/trace-debug-profile.tgz"; sha256 = "1pq4wwx5ad7zx1306ka06lqwnjv446zz6ndpq6s9ak6ha79f2s9p"; }
+    { url = "${baseurl}/heap2asm.tgz";            sha256 = "0p91fzwkfr7hng7c026gy5ggl5l9isxpm007iq6ivpjrfjy547wc"; }
+    { url = "${baseurl}/smlnj-c.tgz";             sha256 = "0vra4gi91w0cjsw3rm162hgz5xsqbr7yds44q7zhs27kccsirpqc"; }
+    { url = "${baseurl}/boot.x86-unix.tgz";       sha256 = "0qcvdhlvpr02c1ssk4jz6175lb9pkdg7zrfscqz6f7crnsgmc5nx"; }
+  ];
+in stdenv.mkDerivation {
+  name = "smlnj-${version}";
+
+  inherit sources;
+
+  patchPhase = ''
+    sed -i '/PATH=/d' config/_arch-n-opsys base/runtime/config/gen-posix-names.sh
+    echo SRCARCHIVEURL="file:/$TMP" > config/srcarchiveurl
+  '';
+
+  unpackPhase = ''
+    for s in $sources; do
+      b=$(basename $s)
+      cp $s ''${b#*-}
+    done
+    unpackFile config.tgz
+    mkdir base
+    ./config/unpack $TMP runtime
+  '';
+
+  buildPhase = ''
+    ./config/install.sh
+  '';
+
+  installPhase = ''
+    mkdir -pv $out
+    cp -rv bin lib $out
+
+    for i in $out/bin/*; do
+      sed -i "2iSMLNJ_HOME=$out/" $i
+    done
+  '';
+
+  meta = {
+    description = "Standard ML of New Jersey, a compiler";
+    homepage = http://smlnj.org;
+    license = stdenv.lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/development/compilers/swi-prolog/default.nix b/pkgs/development/compilers/swi-prolog/default.nix
index e8db962d9c4f..a2dae290f447 100644
--- a/pkgs/development/compilers/swi-prolog/default.nix
+++ b/pkgs/development/compilers/swi-prolog/default.nix
@@ -3,14 +3,14 @@
    fontconfig }:
 
 let
-  version = "6.2.6";
+  version = "6.4.1";
 in
 stdenv.mkDerivation {
   name = "swi-prolog-${version}";
 
   src = fetchurl {
     url = "http://www.swi-prolog.org/download/stable/src/pl-${version}.tar.gz";
-    sha256 = "0ii14ghmky91kkh017khahl00s4igkz03b5gy6y0vhv179sz04ll";
+    sha256 = "1szqqwypqfd0qr3sk0qlip1ar22kpqgba6b44klmr1aag0lrahs8";
   };
 
   buildInputs = [gmp readline openssl libjpeg unixODBC libXinerama
diff --git a/pkgs/development/compilers/uhc/default.nix b/pkgs/development/compilers/uhc/default.nix
index fa66306721d7..31f45086ba0a 100644
--- a/pkgs/development/compilers/uhc/default.nix
+++ b/pkgs/development/compilers/uhc/default.nix
@@ -4,7 +4,7 @@
 
 # this check won't be needed anymore after ghc-wrapper is fixed
 # to show ghc-builtin packages in "ghc-pkg list" output.
-let binaryIsBuiltIn = builtins.compareVersions "7.2.1" ghc.ghcVersion != 1;
+let binaryIsBuiltIn = builtins.compareVersions "7.2.1" ghc.version != 1;
 
 in stdenv.mkDerivation {
   name = "uhc-svn-git20120502";
diff --git a/pkgs/development/compilers/urweb/default.nix b/pkgs/development/compilers/urweb/default.nix
index 66b15e3499d9..a2423bee9b9a 100644
--- a/pkgs/development/compilers/urweb/default.nix
+++ b/pkgs/development/compilers/urweb/default.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
   dontDisableStatic = true;
 
   meta = {
-    description = "Ur/Web supports construction of dynamic web applications backed by SQL databases.";
+    description = "Construct dynamic web applications backed by SQL databases";
     longDescription = ''
       Ur is a programming language in the tradition of ML and Haskell, but
       featuring a significantly richer type system. Ur is functional, pure,
diff --git a/pkgs/development/compilers/yap/default.nix b/pkgs/development/compilers/yap/default.nix
index f9a48468df31..a29c0de65b87 100644
--- a/pkgs/development/compilers/yap/default.nix
+++ b/pkgs/development/compilers/yap/default.nix
@@ -1,16 +1,24 @@
-{ stdenv, fetchurl }:
-        
+{ stdenv, fetchurl, readline, gmp, zlib }:
+
 stdenv.mkDerivation rec {
-  name = "yap-5.1.1";
+  version = "6.2.2";
+  name = "yap-${version}";
 
   src = fetchurl {
-    url = "mirror://sourceforge/yap/Yap-5.1.1.tar.gz";
-    sha256 = "0bajxmlla9gay4m4l7y7x6qldxzi0jcq2ykgpjk9liky7g5kbnya";
+    url = "http://www.dcc.fc.up.pt/~vsc/Yap/${name}.tar.gz";
+    sha256 = "0l6p0vy667wws64cvwf74ssl6h9gypjzrsl3b2d32hs422186pzi";
   };
 
-  meta = { 
+  buildInputs = [ readline gmp zlib ];
+
+  configureFlags = "--enable-tabling=yes";
+
+  meta = {
+    homepage = "http://www.dcc.fc.up.pt/~vsc/Yap/";
     description = "Yap Prolog System is a ISO-compatible high-performance Prolog compiler";
-    homepage = http://yap.sourceforge.net/;
     license = "artistic";
+
+    maintainers = [ stdenv.lib.maintainers.simons ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/interpreters/angelscript/default.nix b/pkgs/development/interpreters/angelscript/default.nix
index a092172c8ca7..22f92f40183e 100644
--- a/pkgs/development/interpreters/angelscript/default.nix
+++ b/pkgs/development/interpreters/angelscript/default.nix
@@ -47,7 +47,7 @@ rec {
   '' ["defEnsureDir" "prepareBuild"];
       
   meta = {
-    description = "A light-weight scripting library";
+    description = "Light-weight scripting library";
     maintainers = with a.lib.maintainers;
     [
       raskin
diff --git a/pkgs/development/interpreters/clisp/default.nix b/pkgs/development/interpreters/clisp/default.nix
index bd19d738860a..b8af3f6d7479 100644
--- a/pkgs/development/interpreters/clisp/default.nix
+++ b/pkgs/development/interpreters/clisp/default.nix
@@ -48,6 +48,11 @@ stdenv.mkDerivation rec {
     cd builddir
   '';
 
+  postInstall = ''
+    ./clisp-link add "$out"/lib/clisp*/base "$(dirname "$out"/lib/clisp*/base)"/full \
+        clx/new-clx bindings/glibc pcre rawsock wildcard zlib
+  '';
+
   NIX_CFLAGS_COMPILE="-O0";
 
   # TODO : make mod-check fails
diff --git a/pkgs/development/interpreters/elixir/default.nix b/pkgs/development/interpreters/elixir/default.nix
index 3ac2368342da..9eba4275dd31 100644
--- a/pkgs/development/interpreters/elixir/default.nix
+++ b/pkgs/development/interpreters/elixir/default.nix
@@ -29,9 +29,9 @@ stdenv.mkDerivation {
     done
   '';
 
-  meta = {
+  meta = with stdenv.lib; {
     homepage = "http://elixir-lang.org/";
-    description = "Elixir is a functional, meta-programming aware language built on top of the Erlang VM.";
+    description = "A functional, meta-programming aware language built on top of the Erlang VM";
 
     longDescription = ''
       Elixir is a functional, meta-programming
@@ -41,8 +41,8 @@ stdenv.mkDerivation {
       fault-tolerant applications with hot code upgrades.p
     '';
 
-    platforms = stdenv.lib.platforms.linux;
-
-    maintainers = [ stdenv.lib.maintainers.the-kenny ];
+    license = licenses.epl10;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.the-kenny ];
   };
 }
diff --git a/pkgs/development/interpreters/falcon/default.nix b/pkgs/development/interpreters/falcon/default.nix
index 9800e895400c..0b4bfacb6de5 100644
--- a/pkgs/development/interpreters/falcon/default.nix
+++ b/pkgs/development/interpreters/falcon/default.nix
@@ -29,6 +29,6 @@ rec {
 
   name = "falcon-" + version;
   meta = {
-    description = "A programming language. Has macros and syntax at once.";
+    description = "Programming language with macros and syntax at once";
   };
 }
diff --git a/pkgs/development/interpreters/hiphopvm/default.nix b/pkgs/development/interpreters/hiphopvm/default.nix
index 57e3e93c6466..c18c81caff05 100644
--- a/pkgs/development/interpreters/hiphopvm/default.nix
+++ b/pkgs/development/interpreters/hiphopvm/default.nix
@@ -56,7 +56,7 @@ stdenv.mkDerivation {
   patches = [./tbb.patch];
 
   meta = {
-    description = "HipHop is a high performance PHP toolchain.";
+    description = "High performance PHP toolchain";
     homepage = https://github.com/facebook/hiphop-php;
     platforms = ["x86_64-linux"];
   };
diff --git a/pkgs/development/interpreters/lua-4/default.nix b/pkgs/development/interpreters/lua-4/default.nix
index a95e4e4c35ea..13f7964769ca 100644
--- a/pkgs/development/interpreters/lua-4/default.nix
+++ b/pkgs/development/interpreters/lua-4/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.lua.org";
-    description = "Lua is a powerful, fast, lightweight, embeddable scripting language.";
+    description = "Powerful, fast, lightweight, embeddable scripting language";
     longDescription = ''
       Lua combines simple procedural syntax with powerful data
       description constructs based on associative arrays and extensible
diff --git a/pkgs/development/interpreters/lua-5/5.0.3.nix b/pkgs/development/interpreters/lua-5/5.0.3.nix
index ff2a81401910..eae2d82d5d0a 100644
--- a/pkgs/development/interpreters/lua-5/5.0.3.nix
+++ b/pkgs/development/interpreters/lua-5/5.0.3.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.lua.org";
-    description = "Lua is a powerful, fast, lightweight, embeddable scripting language.";
+    description = "Powerful, fast, lightweight, embeddable scripting language";
     longDescription = ''
       Lua combines simple procedural syntax with powerful data
       description constructs based on associative arrays and extensible
diff --git a/pkgs/development/interpreters/lua-5/5.1.nix b/pkgs/development/interpreters/lua-5/5.1.nix
index 8b1e1529095e..2923a8f960d1 100644
--- a/pkgs/development/interpreters/lua-5/5.1.nix
+++ b/pkgs/development/interpreters/lua-5/5.1.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, readline}:
+{ stdenv, fetchurl, readline }:
 
 let
   dsoPatch = fetchurl {
@@ -20,20 +20,20 @@ stdenv.mkDerivation rec {
   patches = [ dsoPatch ];
 
   configurePhase = ''
-    makeFlagsArray=( INSTALL_TOP=$out INSTALL_MAN=$out/share/man/man1 PLAT=linux CFLAGS="-O2 -fPIC" LDLAGS="-fPIC" )
-    installFlagsArray=( TO_BIN="lua luac" TO_LIB="liblua.a liblua.so liblua.so.5.1" INSTALL_DATA='cp -d' )
+    makeFlagsArray=( INSTALL_TOP=$out INSTALL_MAN=$out/share/man/man1 PLAT=linux CFLAGS="-DLUA_USE_LINUX -O2 -fPIC" LDLAGS="-fPIC" )
+    installFlagsArray=( TO_BIN="lua luac" TO_LIB="liblua.a liblua.so liblua.so.5.1 liblua.so.5.1.5" INSTALL_DATA='cp -d' )
   '';
 
   postInstall = ''
     mkdir -p "$out/share/doc/lua" "$out/lib/pkgconfig"
-    mv "etc/lua.pc" "$out/lib/pkgconfig/"
+    sed <"etc/lua.pc" >"$out/lib/pkgconfig/lua.pc" -e "s|^prefix=.*|prefix=$out|"
     mv "doc/"*.{gif,png,css,html} "$out/share/doc/lua/"
     rmdir $out/{share,lib}/lua/5.1 $out/{share,lib}/lua
   '';
 
   meta = {
     homepage = "http://www.lua.org";
-    description = "Lua is a powerful, fast, lightweight, embeddable scripting language.";
+    description = "Powerful, fast, lightweight, embeddable scripting language";
     longDescription = ''
       Lua combines simple procedural syntax with powerful data
       description constructs based on associative arrays and extensible
diff --git a/pkgs/development/interpreters/lua-5/5.2.nix b/pkgs/development/interpreters/lua-5/5.2.nix
new file mode 100644
index 000000000000..5b4c2459872e
--- /dev/null
+++ b/pkgs/development/interpreters/lua-5/5.2.nix
@@ -0,0 +1,67 @@
+{ stdenv, fetchurl, readline }:
+
+let
+  dsoPatch = fetchurl {
+    url = "https://projects.archlinux.org/svntogit/packages.git/plain/trunk/liblua.so.patch?h=packages/lua";
+    sha256 = "1by1dy4ql61f5c6njq9ibf9kaqm3y633g2q8j54iyjr4cxvqwqz9";
+    name = "lua-arch.patch";
+  };
+in
+stdenv.mkDerivation rec {
+  name = "lua-${version}";
+  majorVersion = "5.2";
+  version = "${majorVersion}.2";
+
+  src = fetchurl {
+    url = "http://www.lua.org/ftp/${name}.tar.gz";
+    sha256 = "004zyh9p3lpvbwhyhlmrw6wwcia5abx84q4h2brkn4zdypipvmiz";
+  };
+
+  buildInputs = [ readline ];
+
+  patches = [ dsoPatch ];
+
+  configurePhase = ''
+    makeFlagsArray=( INSTALL_TOP=$out INSTALL_MAN=$out/share/man/man1 PLAT=linux CFLAGS="-DLUA_USE_LINUX -O2 -fPIC" LDLAGS="-fPIC" V=${majorVersion} R=${version} )
+    installFlagsArray=( TO_BIN="lua luac" TO_LIB="liblua.a liblua.so liblua.so.${majorVersion} liblua.so.${version}" INSTALL_DATA='cp -d' )
+  '';
+
+  postInstall = ''
+    mkdir -p "$out/share/doc/lua" "$out/lib/pkgconfig"
+    mv "doc/"*.{gif,png,css,html} "$out/share/doc/lua/"
+    rmdir $out/{share,lib}/lua/${majorVersion} $out/{share,lib}/lua
+    mkdir -p "$out/lib/pkgconfig"
+    cat >"$out/lib/pkgconfig/lua.pc" <<EOF
+    prefix=$out
+    libdir=$out/lib
+    includedir=$out/include
+    INSTALL_BIN=$out/bin
+    INSTALL_INC=$out/include
+    INSTALL_LIB=$out/lib
+    INSTALL_MAN=$out/man/man1
+
+    Name: Lua
+    Description: An Extensible Extension Language
+    Version: ${version}
+    Requires:
+    Libs: -L$out/lib -llua -lm
+    Cflags: -I$out/include
+    EOF
+  '';
+
+  meta = {
+    homepage = "http://www.lua.org";
+    description = "Powerful, fast, lightweight, embeddable scripting language";
+    longDescription = ''
+      Lua combines simple procedural syntax with powerful data
+      description constructs based on associative arrays and extensible
+      semantics. Lua is dynamically typed, runs by interpreting bytecode
+      for a register-based virtual machine, and has automatic memory
+      management with incremental garbage collection, making it ideal
+      for configuration, scripting, and rapid prototyping.
+    '';
+    license = "MIT";
+    platforms = stdenv.lib.platforms.unix;
+    maintainers = [ stdenv.lib.maintainers.simons ];
+  };
+}
diff --git a/pkgs/development/interpreters/lua-5/default.nix b/pkgs/development/interpreters/lua-5/default.nix
deleted file mode 100644
index c11a9d10d7b3..000000000000
--- a/pkgs/development/interpreters/lua-5/default.nix
+++ /dev/null
@@ -1,51 +0,0 @@
-{stdenv, fetchurl, ncurses, readline}:
-
-stdenv.mkDerivation {
-  name = "lua-5.1.4";
-
-  src = fetchurl {
-    url = "http://www.lua.org/ftp/lua-5.1.4.tar.gz";
-    sha256 = "0fmgk100ficm1jbm4ga9xy484v4cm89wsdfckdybb9gjx8jy4f5h";
-  };
-
-  NIX_CFLAGS_COMPILE = "-fPIC";
-  buildFlags = if stdenv.isLinux then "linux" else
-	       if stdenv.isDarwin then "macosx" else
-	       if stdenv.isFreeBSD then "freebsd" else
-	       if stdenv.isBSD then "bsd" else
-	       "posix";
-  installFlags = "install INSTALL_TOP=\${out}";
-  postInstall = ''
-    sed -i -e "s@/usr/local@$out@" etc/lua.pc
-    sed -i -e "s@-llua -lm@-llua -lm -ldl@" etc/lua.pc
-    mkdir -p "$out/lib/pkgconfig"
-    install -m 644 etc/lua.pc $out/lib/pkgconfig/lua.pc
-  '';
-  buildInputs = [ ncurses readline ];
-
-  crossAttrs = {
-    preBuild = ''
-      sed -i -e "s/ gcc/$crossConfig-gcc/" \
-        -e "s/ ar/$crossConfig-ar/" \
-        -e "s/ ranlib/$crossConfig-ranlib/" \
-        src/Makefile
-    '';
-    dontStrip = true;
-  };
-
-  meta = {
-    homepage = "http://www.lua.org";
-    description = "Lua is a powerful, fast, lightweight, embeddable scripting language.";
-    longDescription = ''
-      Lua combines simple procedural syntax with powerful data
-      description constructs based on associative arrays and extensible
-      semantics. Lua is dynamically typed, runs by interpreting bytecode
-      for a register-based virtual machine, and has automatic memory
-      management with incremental garbage collection, making it ideal
-      for configuration, scripting, and rapid prototyping.
-    '';
-    license = "MIT";
-    platforms = stdenv.lib.platforms.unix;
-    maintainers = [];
-  };
-}
diff --git a/pkgs/development/interpreters/php/5.4.nix b/pkgs/development/interpreters/php/5.4.nix
index 394278dea749..3edf25b0cd94 100644
--- a/pkgs/development/interpreters/php/5.4.nix
+++ b/pkgs/development/interpreters/php/5.4.nix
@@ -9,7 +9,7 @@ in
 
 composableDerivation.composableDerivation {} ( fixed : let inherit (fixed.fixed) version; in {
 
-  version = "5.4.18";
+  version = "5.4.20";
 
   name = "php-${version}";
 
@@ -58,6 +58,10 @@ composableDerivation.composableDerivation {} ( fixed : let inherit (fixed.fixed)
         buildInputs = [ libxml2 ];
       };
 
+      pcntl = {
+        configureFlags = [ "--enable-pcntl" ];
+      };
+
       readline = {
         configureFlags = ["--with-readline=${readline}"];
         buildInputs = [ readline ];
@@ -188,6 +192,7 @@ composableDerivation.composableDerivation {} ( fixed : let inherit (fixed.fixed)
     socketsSupport = config.php.sockets or true;
     curlSupport = config.php.curl or true;
     gettextSupport = config.php.gettext or true;
+    pcntlSupport = config.php.pcntl or true;
     postgresqlSupport = config.php.postgresql or true;
     readlineSupport = config.php.readline or true;
     sqliteSupport = config.php.sqlite or true;
@@ -230,7 +235,7 @@ composableDerivation.composableDerivation {} ( fixed : let inherit (fixed.fixed)
       "http://nl1.php.net/get/php-${version}.tar.bz2/from/this/mirror"
       "http://se1.php.net/get/php-${version}.tar.bz2/from/this/mirror"
     ];
-    sha256 = "1ncizy992nfy3i3lzns7qcinj5376d840hchaqs5jlfn2nz0k50x";
+    sha256 = "1qarcxj46rzkmql3w2dln0hxzs349ph31fxcslizxch1ig7l43nd";
     name = "php-${version}.tar.bz2";
   };
 
diff --git a/pkgs/development/interpreters/pure/default.nix b/pkgs/development/interpreters/pure/default.nix
index 83a1c0ac5009..84ae789150da 100644
--- a/pkgs/development/interpreters/pure/default.nix
+++ b/pkgs/development/interpreters/pure/default.nix
@@ -1,5 +1,5 @@
 x@{builderDefsPackage
-  , llvm, gmp, mpfr, readline, bison, flex
+  , llvm, gmp, mpfr, readline, bison, flex, makeWrapper
   , ...}:
 builderDefsPackage
 (a :  
@@ -12,11 +12,11 @@ let
   sourceInfo = rec {
     baseName="pure";
     project="pure-lang";
-    version="0.56";
+    version="0.58";
     name="${baseName}-${version}";
     extension="tar.gz";
-    url="http://${project}.googlecode.com/files/${name}.${extension}";
-    hash="1ll29j31lp7ymp1kq57328q8md7pkp8jmwsadp67j4cdlzc3zdhj";
+    url="https://bitbucket.org/purelang/${project}/downloads/${name}.${extension}";
+    hash="180ygv8nmfy8v4696km8jdahn5cnr454sc8i1av7s6z4ss7mrxmi";
   };
 in
 rec {
@@ -29,9 +29,9 @@ rec {
   inherit buildInputs;
 
   /* doConfigure should be removed if not needed */
-  phaseNames = ["doPatch" "doConfigure" "doMakeInstall"];
+  phaseNames = ["doConfigure" "doMakeInstall" "doWrap"];
 
-  patches = [ ./new-gcc.patch ];
+  doWrap = a.makeManyWrappers ''$out/bin/pure'' ''--prefix LD_LIBRARY_PATH : "${llvm}/lib"'';
 
   meta = {
     description = "A purely functional programming language based on term rewriting";
@@ -45,7 +45,7 @@ rec {
   };
   passthru = {
     updateInfo = {
-      downloadPage = "http://code.google.com/p/pure-lang/downloads/list";
+      downloadPage = "https://bitbucket.org/purelang/pure-lang/downloads";
     };
   };
 }) x
diff --git a/pkgs/development/interpreters/pure/new-gcc.patch b/pkgs/development/interpreters/pure/new-gcc.patch
deleted file mode 100644
index ea2cd8450591..000000000000
--- a/pkgs/development/interpreters/pure/new-gcc.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-diff --git a/runtime.cc b/runtime.cc
-index 04cbc40..54a0b43 100644
---- a/runtime.cc
-+++ b/runtime.cc
-@@ -13121,39 +13121,6 @@ unsigned int sleep(unsigned int secs)
- }
- #endif
- 
--/* Horrible kludge to get round, trunc and the inverse hyperbolic functions
--   from libmingwex.a (these are in C99, but not in the Windows system
--   libraries, and LLVM doesn't know how to get them either). */
--
--extern "C"
--double __round(double x)
--{
--  return round(x);
--}
--
--extern "C"
--double __trunc(double x)
--{
--  return trunc(x);
--}
--
--extern "C"
--double __asinh(double x)
--{
--  return asinh(x);
--}
--
--extern "C"
--double __acosh(double x)
--{
--  return acosh(x);
--}
--
--extern "C"
--double __atanh(double x)
--{
--  return atanh(x);
--}
- 
- /* File type bits. */
- 
-diff --git a/util.hh b/util.hh
-index ae95b79..eab3330 100644
---- a/util.hh
-+++ b/util.hh
-@@ -58,13 +58,6 @@ char *default_encoding();
- double my_strtod(const char  *nptr, char **endptr);
- char *my_formatd(char *buffer, const char  *format, double d);
- 
--/* Windows doesn't have strptime, so we provide a suitable replacement from
--   GNU libc (see strptime.c). */
--
--#ifndef HAVE_STRPTIME
--extern "C"
--char *strptime(const char *s, const char *format, struct tm *tm);
--#endif
- 
- /* Windows doesn't have mkstemp, so we provide a suitable replacement. */
- 
diff --git a/pkgs/development/interpreters/python/2.6/default.nix b/pkgs/development/interpreters/python/2.6/default.nix
index 4b55f7150d38..6192c9e11e74 100644
--- a/pkgs/development/interpreters/python/2.6/default.nix
+++ b/pkgs/development/interpreters/python/2.6/default.nix
@@ -160,6 +160,11 @@ let
       deps = [ ncurses ];
     };
 
+    curses_panel = buildInternalPythonModule {
+      moduleName = "curses_panel";
+      deps = [ ncurses modules.curses ];
+    };
+
     gdbm = buildInternalPythonModule {
       moduleName = "gdbm";
       internalName = "gdbm";
diff --git a/pkgs/development/interpreters/python/2.7/default.nix b/pkgs/development/interpreters/python/2.7/default.nix
index aea2d21fd8d6..617be4f29f13 100644
--- a/pkgs/development/interpreters/python/2.7/default.nix
+++ b/pkgs/development/interpreters/python/2.7/default.nix
@@ -164,6 +164,11 @@ let
       deps = [ ncurses ];
     };
 
+    curses_panel = buildInternalPythonModule {
+      moduleName = "curses_panel";
+      deps = [ ncurses modules.curses ];
+    };
+
     crypt = buildInternalPythonModule {
       moduleName = "crypt";
       internalName = "crypt";
diff --git a/pkgs/development/interpreters/python/wrapper.nix b/pkgs/development/interpreters/python/wrapper.nix
index d2783ffb085e..1699690749f1 100644
--- a/pkgs/development/interpreters/python/wrapper.nix
+++ b/pkgs/development/interpreters/python/wrapper.nix
@@ -1,23 +1,26 @@
-# Create a python that knows about additional python packages via
-# PYTHONPATH
+{ stdenv, python, buildEnv, makeWrapper, recursivePthLoader, extraLibs ? [] }:
 
-{ stdenv, python, makeWrapper, recursivePthLoader, extraLibs ? [] }:
+# Create a python executable that knows about additional packages.
 
-stdenv.mkDerivation {
+(buildEnv {
   name = "python-${python.version}-wrapper";
+  paths = extraLibs ++ [ python makeWrapper recursivePthLoader ];
+  ignoreCollisions = false;
 
-  propagatedBuildInputs = extraLibs ++ [ python makeWrapper recursivePthLoader ];
-
-  unpackPhase = "true";
-  installPhase = ''
+  postBuild = ''
+    . "${makeWrapper}/nix-support/setup-hook"
+    if [ -L "$out/bin" ]; then
+        unlink "$out/bin"
+    fi
     mkdir -p "$out/bin"
-    for prg in 2to3 idle pdb pdb${python.majorVersion} pydoc python python-config python${python.majorVersion} python${python.majorVersion}-config smtpd.py; do
-      makeWrapper "$python/bin/$prg" "$out/bin/$prg" --suffix PYTHONPATH : "$PYTHONPATH"
+    cd "${python}/bin"
+    for prg in *; do
+      echo "$prg --> $out/bin/$prg"
+      rm -f "$out/bin/$prg"
+      makeWrapper "${python}/bin/$prg" "$out/bin/$prg" --set PYTHONHOME "$out"
     done
-    ensureDir "$out/share"
-    ln -s "$python/share/man" "$out/share/man"
   '';
-
+}) // {
   inherit python;
   inherit (python) meta;
 }
diff --git a/pkgs/development/interpreters/racket/default.nix b/pkgs/development/interpreters/racket/default.nix
index ddcf26340397..f45c96d2805d 100644
--- a/pkgs/development/interpreters/racket/default.nix
+++ b/pkgs/development/interpreters/racket/default.nix
@@ -44,7 +44,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "A programming language derived from Scheme (formerly called PLT Scheme).";
+    description = "Programming language derived from Scheme (formerly called PLT Scheme)";
     longDescription = ''
       Racket (formerly called PLT Scheme) is a programming language derived
       from Scheme. The Racket project has four primary components: the
diff --git a/pkgs/development/interpreters/ruby/generated.nix b/pkgs/development/interpreters/ruby/generated.nix
index 7c062a44ca17..f0cfa7b01527 100644
--- a/pkgs/development/interpreters/ruby/generated.nix
+++ b/pkgs/development/interpreters/ruby/generated.nix
@@ -24,6 +24,7 @@ g: # Get dependencies from patched gems
     childprocess = g.childprocess_0_3_9;
     chronic = g.chronic_0_10_1;
     coderay = g.coderay_1_0_9;
+    cucumber = g.cucumber_1_3_8;
     daemons = g.daemons_1_1_9;
     diff_lcs = g.diff_lcs_1_1_3;
     dimensions = g.dimensions_1_2_0;
@@ -42,6 +43,7 @@ g: # Get dependencies from patched gems
     foreman = g.foreman_0_63_0;
     gettext = g.gettext_3_0_0;
     gh = g.gh_0_12_0;
+    gherkin = g.gherkin_2_12_1;
     highline = g.highline_1_6_19;
     hike = g.hike_1_2_3;
     hoe = g.hoe_3_1_0;
@@ -64,6 +66,7 @@ g: # Get dependencies from patched gems
     minitar = g.minitar_0_5_3;
     minitest = g.minitest_4_7_5;
     multi_json = g.multi_json_1_7_9;
+    multi_test = g.multi_test_0_0_2;
     multipart_post = g.multipart_post_1_2_0;
     net_http_digest_auth = g.net_http_digest_auth_1_4;
     net_http_persistent = g.net_http_persistent_2_9;
@@ -94,6 +97,7 @@ g: # Get dependencies from patched gems
     rjb = g.rjb_1_4_8;
     rkelly_remix = g.rkelly_remix_0_0_4;
     rmail = g.rmail_1_0_0;
+    rmail_sup = g.rmail_sup_1_0_1;
     rspec = g.rspec_2_11_0;
     rspec_core = g.rspec_core_2_11_1;
     rspec_expectations = g.rspec_expectations_2_11_3;
@@ -112,6 +116,7 @@ g: # Get dependencies from patched gems
     systemu = g.systemu_2_5_2;
     taskjuggler = g.taskjuggler_3_5_0;
     term_ansicolor = g.term_ansicolor_1_2_2;
+    terminal_notifier = g.terminal_notifier_1_5_1;
     text = g.text_1_2_3;
     thin = g.thin_1_5_1;
     thor = g.thor_0_18_1;
@@ -125,6 +130,7 @@ g: # Get dependencies from patched gems
     tzinfo = g.tzinfo_0_3_37;
     unf = g.unf_0_1_2;
     unf_ext = g.unf_ext_0_0_6;
+    unicode = g.unicode_0_4_4;
     uuid = g.uuid_2_3_7;
     uuidtools = g.uuidtools_2_1_4;
     webrobots = g.webrobots_0_1_1;
@@ -134,7 +140,7 @@ g: # Get dependencies from patched gems
     xml_simple = g.xml_simple_1_1_1;
     yajl_ruby = g.yajl_ruby_1_1_0;
   };
-  gem_nix_args = [ ''autotest-rails'' ''aws-sdk'' ''bitbucket-backup'' ''buildr'' ''fakes3'' ''foreman'' ''gettext'' ''iconv'' ''jsduck'' ''lockfile'' ''mechanize'' ''nix'' ''papertrail-cli'' ''rails'' ''rake'' ''rb-fsevent'' ''remote_syslog'' ''right_aws'' ''rmail'' ''sass'' ''selenium-webdriver'' ''sinatra-1.3.2'' ''taskjuggler'' ''thin'' ''travis'' ''trollop'' ''uuid'' ''xapian-full'' ''xapian-ruby'' ];
+  gem_nix_args = [ ''autotest-rails'' ''aws-sdk'' ''bitbucket-backup'' ''buildr'' ''cucumber'' ''fakes3'' ''foreman'' ''gettext'' ''iconv'' ''jsduck'' ''lockfile'' ''mechanize'' ''nix'' ''papertrail-cli'' ''rails'' ''rake'' ''rb-fsevent'' ''remote_syslog'' ''right_aws'' ''rmail'' ''sass'' ''selenium-webdriver'' ''sinatra-1.3.2'' ''taskjuggler'' ''thin'' ''travis'' ''trollop'' ''uuid'' ''xapian-full'' ''xapian-ruby'' ];
   gems = {
     ZenTest_4_9_3 = {
       basename = ''ZenTest'';
@@ -429,6 +435,17 @@ for those one-off tasks, with a language that's a joy to use.
       requiredGems = [ g.ffi_1_9_0 ];
       sha256 = ''0jbz2ix7ff9ry8717lhcq9w8j8yd45akw48giwgdqccay5mlph7d'';
     };
+    chronic_0_9_1 = {
+      basename = ''chronic'';
+      meta = {
+        description = ''Natural language date/time parsing.'';
+        homepage = ''http://github.com/mojombo/chronic'';
+        longDescription = ''Chronic is a natural language date/time parser written in pure Ruby.'';
+      };
+      name = ''chronic-0.9.1'';
+      requiredGems = [  ];
+      sha256 = ''0kspaxpfy7yvyk1lvpx31w852qfj8wb9z04mcj5bzi70ljb9awqk'';
+    };
     chronic_0_10_1 = {
       basename = ''chronic'';
       meta = {
@@ -451,6 +468,17 @@ for those one-off tasks, with a language that's a joy to use.
       requiredGems = [  ];
       sha256 = ''1pbjsvd6r2daxd6aicp19fnb1j5z7fxadflsm1h0r33cy3vi7iy8'';
     };
+    cucumber_1_3_8 = {
+      basename = ''cucumber'';
+      meta = {
+        description = ''cucumber-1.3.8'';
+        homepage = ''http://cukes.info'';
+        longDescription = ''Behaviour Driven Development with elegance and joy'';
+      };
+      name = ''cucumber-1.3.8'';
+      requiredGems = [ g.builder_3_2_2 g.diff_lcs_1_2_4 g.gherkin_2_12_1 g.multi_json_1_7_9 g.multi_test_0_0_2 ];
+      sha256 = ''0b4igj1vxlcwky11nkrrgg57chbc0n5gmv984dld5s0f1ilkx1ma'';
+    };
     daemons_1_1_9 = {
       basename = ''daemons'';
       meta = {
@@ -487,6 +515,28 @@ is the MIT license.'';
       requiredGems = [  ];
       sha256 = ''15wqs3md9slif6ag43vp6gw63r3a2zdqiyfapnnzkb7amgg930pv'';
     };
+    diff_lcs_1_2_4 = {
+      basename = ''diff_lcs'';
+      meta = {
+        description = ''Diff::LCS computes the difference between two Enumerable sequences using the McIlroy-Hunt longest common subsequence (LCS) algorithm'';
+        homepage = ''http://diff-lcs.rubyforge.org/'';
+        longDescription = ''Diff::LCS computes the difference between two Enumerable sequences using the
+McIlroy-Hunt longest common subsequence (LCS) algorithm. It includes utilities
+to create a simple HTML diff output format and a standard diff-like tool.
+
+This is release 1.2.4, fixing a bug introduced after diff-lcs 1.1.3 that did
+not properly prune common sequences at the beginning of a comparison set.
+Thanks to Paul Kunysch for fixing this issue.
+
+Coincident with the release of diff-lcs 1.2.3, we reported an issue with
+Rubinius in 1.9 mode
+({rubinius/rubinius#2268}[https://github.com/rubinius/rubinius/issues/2268]).
+We are happy to report that this issue has been resolved.'';
+      };
+      name = ''diff-lcs-1.2.4'';
+      requiredGems = [  ];
+      sha256 = ''09xbffjg639y8n43zp88ki0m489vv2c86znmfib2fg1di6svi1xd'';
+    };
     dimensions_1_2_0 = {
       basename = ''dimensions'';
       meta = {
@@ -699,6 +749,17 @@ So you can use GNU gettext tools for maintaining.
       requiredGems = [ g.faraday_0_8_8 g.backports_3_3_3 g.multi_json_1_7_9 g.addressable_2_3_5 g.net_http_persistent_2_9 g.net_http_pipeline_1_0_1 ];
       sha256 = ''180jmg6rwilzcbzvyg74q27zpr09pv6pw3cfcjxr0bcklv203q3n'';
     };
+    gherkin_2_12_1 = {
+      basename = ''gherkin'';
+      meta = {
+        description = ''gherkin-2.12.1'';
+        homepage = ''http://github.com/cucumber/gherkin'';
+        longDescription = ''A fast Gherkin lexer/parser based on the Ragel State Machine Compiler.'';
+      };
+      name = ''gherkin-2.12.1'';
+      requiredGems = [ g.multi_json_1_7_9 ];
+      sha256 = ''07nzchdvkkd35m9k7d9k8j72jm3imv56ccn734mxa5klv1xx2d45'';
+    };
     highline_1_6_19 = {
       basename = ''highline'';
       meta = {
@@ -1083,6 +1144,17 @@ extract-method refactorings still apply.'';
       requiredGems = [  ];
       sha256 = ''1q13ldcc8shlfisy90k19zrar87208gs3za6jmr78p11ip21picx'';
     };
+    multi_test_0_0_2 = {
+      basename = ''multi_test'';
+      meta = {
+        description = ''multi-test-0.0.2'';
+        homepage = ''http://cukes.info'';
+        longDescription = ''Wafter-thin gem to help control rogue test/unit/autorun requires'';
+      };
+      name = ''multi_test-0.0.2'';
+      requiredGems = [  ];
+      sha256 = ''0y8i0v0awc87laicqz1348k54z6wsyf141xqd7gh2bjgm9pc9pkr'';
+    };
     multipart_post_1_2_0 = {
       basename = ''multipart_post'';
       meta = {
@@ -1553,6 +1625,20 @@ in JSDuck.
       requiredGems = [  ];
       sha256 = ''0nsg7yda1gdwa96j4hlrp2s0m06vrhcc4zy5mbq7gxmlmwf9yixp'';
     };
+    rmail_sup_1_0_1 = {
+      basename = ''rmail_sup'';
+      meta = {
+        description = ''A MIME mail parsing and generation library.'';
+        homepage = ''http://supmua.org'';
+        longDescription = ''    RMail is a lightweight mail library containing various utility classes and
+    modules that allow ruby scripts to parse, modify, and generate MIME mail
+    messages.
+'';
+      };
+      name = ''rmail-sup-1.0.1'';
+      requiredGems = [  ];
+      sha256 = ''1xswk101s560lxqaax3plqh8vjx7jjspnggdwb3q80m358f92q9g'';
+    };
     rspec_2_11_0 = {
       basename = ''rspec'';
       meta = {
@@ -1774,6 +1860,16 @@ management.
       requiredGems = [ g.tins_0_9_0 ];
       sha256 = ''1b41q1q6mqcgzq9fhzhmjvfg5sfs5v7gkb8z57r4hajcp89lflxr'';
     };
+    terminal_notifier_1_5_1 = {
+      basename = ''terminal_notifier'';
+      meta = {
+        description = ''Send User Notifications on Mac OS X 10.8 or higher.'';
+        homepage = ''https://github.com/alloy/terminal-notifier'';
+      };
+      name = ''terminal-notifier-1.5.1'';
+      requiredGems = [  ];
+      sha256 = ''1vvdfj83bsa2rglwbqmk11yghivsywl6ka76zb51c3xm7gdd768k'';
+    };
     text_1_2_3 = {
       basename = ''text'';
       meta = {
@@ -1922,6 +2018,17 @@ to Ruby/JRuby.
       requiredGems = [  ];
       sha256 = ''07zbmkzcid6pzdqgla3456ipfdka7j1v4hsx1iaa8rbnllqbmkdg'';
     };
+    unicode_0_4_4 = {
+      basename = ''unicode'';
+      meta = {
+        description = ''Unicode normalization library.'';
+        homepage = ''http://www.yoshidam.net/Ruby.html#unicode'';
+        longDescription = ''Unicode normalization library.'';
+      };
+      name = ''unicode-0.4.4'';
+      requiredGems = [  ];
+      sha256 = ''0la9dyxj7pr57g5727gj1h5c6h5kpbjdjpiv2vqi5gw5iglg0yqi'';
+    };
     uuid_2_3_7 = {
       basename = ''uuid'';
       meta = {
diff --git a/pkgs/development/libraries/SDL2/default.nix b/pkgs/development/libraries/SDL2/default.nix
new file mode 100644
index 000000000000..7bc27362a296
--- /dev/null
+++ b/pkgs/development/libraries/SDL2/default.nix
@@ -0,0 +1,56 @@
+{ stdenv, fetchurl, pkgconfig, audiofile
+, openglSupport ? false, mesa ? null
+, alsaSupport ? true, alsaLib ? null
+, x11Support ? true, x11 ? null, libXrandr ? null
+, pulseaudioSupport ? true, pulseaudio ? null
+}:
+
+# OSS is no longer supported, for it's much crappier than ALSA and
+# PulseAudio.
+assert alsaSupport || pulseaudioSupport;
+
+assert openglSupport -> (mesa != null && x11Support);
+assert x11Support -> (x11 != null && libXrandr != null);
+assert alsaSupport -> alsaLib != null;
+assert pulseaudioSupport -> pulseaudio != null;
+
+let
+  configureFlagsFun = attrs: ''
+        --disable-oss --disable-video-x11-xme
+        --disable-x11-shared --disable-alsa-shared --enable-rpath --disable-pulseaudio-shared
+        --disable-osmesa-shared --enable-static
+        ${if alsaSupport then "--with-alsa-prefix=${attrs.alsaLib}/lib" else ""}
+      '';
+in
+stdenv.mkDerivation rec {
+  name = "SDL2-2.0.0";
+
+  src = fetchurl {
+    url = "http://www.libsdl.org/release/${name}.tar.gz";
+    sha256 = "0y3in99brki7vc2mb4c0w39v70mf4h341mblhh8nmq4h7lawhskg";
+  };
+
+  # Since `libpulse*.la' contain `-lgdbm', PulseAudio must be propagated.
+  propagatedBuildInputs = stdenv.lib.optionals x11Support [ x11 libXrandr ] ++
+    stdenv.lib.optional pulseaudioSupport pulseaudio;
+
+  buildInputs = [ pkgconfig audiofile ] ++
+    stdenv.lib.optional openglSupport [ mesa ] ++
+    stdenv.lib.optional alsaSupport alsaLib;
+
+  # XXX: By default, SDL wants to dlopen() PulseAudio, in which case
+  # we must arrange to add it to its RPATH; however, `patchelf' seems
+  # to fail at doing this, hence `--disable-pulseaudio-shared'.
+  configureFlags = configureFlagsFun { inherit alsaLib; };
+
+  crossAttrs = {
+      configureFlags = configureFlagsFun { alsaLib = alsaLib.crossDrv; };
+  };
+
+  passthru = {inherit openglSupport;};
+
+  meta = {
+    description = "A cross-platform multimedia library";
+    homepage = http://www.libsdl.org/;
+  };
+}
diff --git a/pkgs/development/libraries/SDL2_gfx/default.nix b/pkgs/development/libraries/SDL2_gfx/default.nix
new file mode 100644
index 000000000000..693b7bf8fe19
--- /dev/null
+++ b/pkgs/development/libraries/SDL2_gfx/default.nix
@@ -0,0 +1,54 @@
+{stdenv, fetchsvn, SDL2} :
+
+let rev = 5; in
+stdenv.mkDerivation rec {
+  name = "SDL2_gfx-${toString rev}";
+
+  src = fetchsvn {
+    url = http://svn.code.sf.net/p/sdl2gfx/code/trunk;
+    inherit rev;
+    sha256 = "1hzilbn1412m2b44mygrbdfh1gvks4v5p0kmafz248jf9ifsvmzp";
+  };
+
+  buildInputs = [ SDL2 ] ;
+
+  configureFlags = "--disable-mmx";
+
+  postInstall = ''
+    sed -i -e 's,"SDL.h",<SDL2/SDL.h>,' \
+      $out/include/SDL2/*.h
+    
+    ln -s $out/include/SDL2/SDL2_framerate.h $out/include/SDL2/SDL_framerate.h;
+    ln -s $out/include/SDL2/SDL2_gfxPrimitives.h $out/include/SDL2/SDL_gfxPrimitives.h;
+    ln -s $out/include/SDL2/SDL2_rotozoom.h $out/include/SDL2/SDL_rotozoom.h;
+    ln -s $out/include/SDL2/*.h $out/include/;
+  '';
+
+  meta = {
+    description = "SDL graphics drawing primitives and support functions";
+
+    longDescription =
+      '' The SDL_gfx library evolved out of the SDL_gfxPrimitives code
+	 which provided basic drawing routines such as lines, circles or
+	 polygons and SDL_rotozoom which implemented a interpolating
+	 rotozoomer for SDL surfaces.
+
+	 The current components of the SDL_gfx library are:
+
+	    * Graphic Primitives (SDL_gfxPrimitves.h)
+	    * Rotozoomer (SDL_rotozoom.h)
+	    * Framerate control (SDL_framerate.h)
+	    * MMX image filters (SDL_imageFilter.h)
+	    * Custom Blit functions (SDL_gfxBlitFunc.h)
+
+	 The library is backwards compatible to the above mentioned
+         code. Its is written in plain C and can be used in C++ code.
+       '';
+
+    homepage = https://sourceforge.net/projects/sdlgfx/;
+    license = "LGPLv2+";
+
+    maintainers = [ stdenv.lib.maintainers.bjg ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/libraries/SDL2_image/default.nix b/pkgs/development/libraries/SDL2_image/default.nix
new file mode 100644
index 000000000000..73b5ba8d929a
--- /dev/null
+++ b/pkgs/development/libraries/SDL2_image/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl, SDL2, libpng, libjpeg, libtiff, libungif, libXpm, zlib }:
+
+stdenv.mkDerivation rec {
+  name = "SDL2_image-2.0.0";
+
+  src = fetchurl {
+    url = "http://www.libsdl.org/projects/SDL_image/release/${name}.tar.gz";
+    sha256 = "0d3jlhkmr0j5a2dd5h6y29jfcsj7mkl16wghm6n3nqqp7g3ib65j";
+  };
+
+  buildInputs = [SDL2 libpng libjpeg libtiff libungif libXpm zlib];
+
+  postInstall = ''
+    sed -i -e 's,"SDL.h",<SDL2/SDL.h>,' \
+      -e 's,"SDL_version.h",<SDL2/SDL_version.h>,' \
+      -e 's,"begin_code.h",<SDL2/begin_code.h>,' \
+      -e 's,"close_code.h",<SDL2/close_code.h>,' \
+      $out/include/SDL2/SDL_image.h
+    ln -sv SDL2/SDL_image.h $out/include/SDL_image.h
+  '';
+
+  meta = {
+    description = "SDL image library";
+    homepage = "http://www.libsdl.org/projects/SDL_image/";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/libraries/SDL2_mixer/default.nix b/pkgs/development/libraries/SDL2_mixer/default.nix
new file mode 100644
index 000000000000..6d29ddf6eea0
--- /dev/null
+++ b/pkgs/development/libraries/SDL2_mixer/default.nix
@@ -0,0 +1,20 @@
+{ stdenv, fetchurl, SDL2, libogg, libvorbis, enableNativeMidi ? false }:
+
+stdenv.mkDerivation rec {
+  name = "SDL2_mixer-2.0.0";
+
+  src = fetchurl {
+    url = "http://www.libsdl.org/projects/SDL_mixer/release/${name}.tar.gz";
+    sha256 = "0nvjdxjchrajrn0jag877hdx9zb788hsd315zzg1lyck2wb0xkm8";
+  };
+
+  buildInputs = [SDL2 libogg libvorbis];
+
+  configureFlags = "--disable-music-ogg-shared" + stdenv.lib.optionalString enableNativeMidi "--enable-music-native-midi-gpl";
+
+  postInstall = "ln -s $out/include/SDL2/SDL_mixer.h $out/include/";
+
+  meta = {
+    description = "SDL multi-channel audio mixer library";
+  };
+}
diff --git a/pkgs/development/libraries/Xaw3d/default.nix b/pkgs/development/libraries/Xaw3d/default.nix
index a0603b546cf6..454c4e882f56 100644
--- a/pkgs/development/libraries/Xaw3d/default.nix
+++ b/pkgs/development/libraries/Xaw3d/default.nix
@@ -10,4 +10,8 @@ stdenv.mkDerivation {
   patches = [./config.patch ./laylex.patch];
   buildInputs = [x11 imake gccmakedep libXmu libXpm libXp bison flex];
   propagatedBuildInputs = [x11 libXmu];
+
+  meta = {
+    description = "3D widget set based on the Athena Widget set";
+  };
 }
diff --git a/pkgs/development/libraries/a52dec/default.nix b/pkgs/development/libraries/a52dec/default.nix
index 82fef49cfc10..84a87df03e40 100644
--- a/pkgs/development/libraries/a52dec/default.nix
+++ b/pkgs/development/libraries/a52dec/default.nix
@@ -11,6 +11,7 @@ stdenv.mkDerivation rec {
   NIX_CFLAGS_COMPILE = "-fpic";
 
   meta = {
+    description = "ATSC A/52 stream decoder";
     homepage = http://liba52.sourceforge.net/;
   };
 }
diff --git a/pkgs/development/libraries/aalib/default.nix b/pkgs/development/libraries/aalib/default.nix
index 2da006a6cebe..897fc9db8de1 100644
--- a/pkgs/development/libraries/aalib/default.nix
+++ b/pkgs/development/libraries/aalib/default.nix
@@ -15,4 +15,8 @@ stdenv.mkDerivation {
 
   buildInputs = [ncurses];
   inherit ncurses;
+
+  meta = {
+    description = "ASCII art graphics library";
+  };
 }
diff --git a/pkgs/development/libraries/agg/default.nix b/pkgs/development/libraries/agg/default.nix
index 8c24ae6fdbee..59124f011dd4 100644
--- a/pkgs/development/libraries/agg/default.nix
+++ b/pkgs/development/libraries/agg/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
   configureFlags = "--x-includes=${libX11}/include --x-libraries=${libX11}/lib";
 
   meta = {
-    description = "The Anti-Grain Geometry (AGG) library, a high quality rendering engine for C++";
+    description = "High quality rendering engine for C++";
 
     longDescription = ''
       Anti-Grain Geometry (AGG) is an Open Source, free of charge
diff --git a/pkgs/development/libraries/apache-activemq/default.nix b/pkgs/development/libraries/apache-activemq/default.nix
index 90d0dafdd952..d55ff9049eda 100644
--- a/pkgs/development/libraries/apache-activemq/default.nix
+++ b/pkgs/development/libraries/apache-activemq/default.nix
@@ -22,9 +22,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://activemq.apache.org/;
-    description = ''
-      Messaging and Integration Patterns server written in Java.
-    '';
+    description = "Messaging and Integration Patterns server written in Java";
     license = stdenv.lib.licenses.asl20;
   };
 
diff --git a/pkgs/development/libraries/aspell/default.nix b/pkgs/development/libraries/aspell/default.nix
index dd8b68717aae..a69cee99b2b6 100644
--- a/pkgs/development/libraries/aspell/default.nix
+++ b/pkgs/development/libraries/aspell/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   # doesn't expand environment variables such as `$HOME'.
 
   meta = {
-    description = "GNU Aspell, A spell checker for many languages";
+    description = "Spell checker for many languages";
     homepage = http://aspell.net/;
     license = "LGPLv2+";
     maintainers = [ ];
diff --git a/pkgs/development/libraries/atk/default.nix b/pkgs/development/libraries/atk/default.nix
index 454f395a0087..d358b9c42310 100644
--- a/pkgs/development/libraries/atk/default.nix
+++ b/pkgs/development/libraries/atk/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   propagatedBuildInputs = [ glib gobjectIntrospection /*ToDo: why propagate*/ ];
 
   meta = {
-    description = "ATK, the accessibility toolkit";
+    description = "Accessibility toolkit";
 
     longDescription = ''
       ATK is the Accessibility Toolkit.  It provides a set of generic
diff --git a/pkgs/development/libraries/attica/default.nix b/pkgs/development/libraries/attica/default.nix
index 87f6c019fb75..3174dc57667d 100644
--- a/pkgs/development/libraries/attica/default.nix
+++ b/pkgs/development/libraries/attica/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ cmake ];
   
   meta = with stdenv.lib; {
-    description = "A library to access Open Collaboration Service providers";
+    description = "Library to access Open Collaboration Service providers";
     license = "LGPL";
     maintainers = [ maintainers.sander maintainers.urkud maintainers.phreedom ];
     inherit (qt4.meta) platforms;
diff --git a/pkgs/development/libraries/aubio/default.nix b/pkgs/development/libraries/aubio/default.nix
index 91d27254aede..abfb3985f261 100644
--- a/pkgs/development/libraries/aubio/default.nix
+++ b/pkgs/development/libraries/aubio/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     ];
 
   meta = { 
-    description = "A library for audio labelling";
+    description = "Library for audio labelling";
     homepage = http://aubio.org/;
     license = "GPLv2";
     maintainers = [ stdenv.lib.maintainers.marcweber ];
diff --git a/pkgs/development/libraries/audiofile/default.nix b/pkgs/development/libraries/audiofile/default.nix
index 2f4de88c94c2..73f38f028145 100644
--- a/pkgs/development/libraries/audiofile/default.nix
+++ b/pkgs/development/libraries/audiofile/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = with stdenv.lib; {
-    description = "A library for reading and writing audio files in various formats";
+    description = "Library for reading and writing audio files in various formats";
     homepage    = http://www.68k.org/~michael/audiofile/; 
     license     = licenses.lgpl21Plus;
     maintainers = with maintainers; [ lovek323 shlevy ];
diff --git a/pkgs/development/libraries/avahi/default.nix b/pkgs/development/libraries/avahi/default.nix
index f62dc2004476..f4795286e096 100644
--- a/pkgs/development/libraries/avahi/default.nix
+++ b/pkgs/development/libraries/avahi/default.nix
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = with stdenv.lib; {
-    description = "Avahi, an mDNS/DNS-SD implementation";
+    description = "mDNS/DNS-SD implementation";
     homepage    = http://avahi.org;
     license     = licenses.lgpl2Plus;
     platforms   = platforms.unix;
diff --git a/pkgs/development/libraries/bwidget/default.nix b/pkgs/development/libraries/bwidget/default.nix
index 31dc885bc433..17f2b545168e 100644
--- a/pkgs/development/libraries/bwidget/default.nix
+++ b/pkgs/development/libraries/bwidget/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://tcl.activestate.com/software/tcllib/";
-    description = "The BWidget toolkit is a high-level widget set for Tcl/Tk.";
+    description = "High-level widget set for Tcl/Tk";
     license = stdenv.lib.licenses.tcltk;
   };
 }
diff --git a/pkgs/development/libraries/classads/default.nix b/pkgs/development/libraries/classads/default.nix
index 5739690e59a1..080e854315dc 100644
--- a/pkgs/development/libraries/classads/default.nix
+++ b/pkgs/development/libraries/classads/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
   
   meta = {
     homepage = http://www.cs.wisc.edu/condor/classad/;
-    description = "The Classified Advertisements library provides a generic means for matching resources.";
+    description = "The Classified Advertisements library provides a generic means for matching resources";
     license = "Apache-2.0";
   };
 }
diff --git a/pkgs/development/libraries/clucene-core/2.x.nix b/pkgs/development/libraries/clucene-core/2.x.nix
index 97c7a4c9f53a..60e8da9c3fc8 100644
--- a/pkgs/development/libraries/clucene-core/2.x.nix
+++ b/pkgs/development/libraries/clucene-core/2.x.nix
@@ -21,7 +21,17 @@ stdenv.mkDerivation rec {
     ];
 
   meta = {
-    description = "CLucene is a port of the very popular Java Lucene text search engine API. Core package, 2.x branch.";
+    description = "Core library for full-featured text search engine";
+    longDescription = ''
+      CLucene is a high-performance, scalable, cross platform, full-featured,
+      open-source indexing and searching API. Specifically, CLucene is the guts
+      of a search engine, the hard stuff. You write the easy stuff: the UI and
+      the process of selecting and parsing your data files to pump them into
+      the search engine yourself, and any specialized queries to pull it back
+      for display or further processing.
+
+      CLucene is a port of the very popular Java Lucene text search engine API.
+    '';
     homepage = http://clucene.sourceforge.net;
   };
 }
diff --git a/pkgs/development/libraries/clucene-core/default.nix b/pkgs/development/libraries/clucene-core/default.nix
index abd6712736f5..33a789266d48 100644
--- a/pkgs/development/libraries/clucene-core/default.nix
+++ b/pkgs/development/libraries/clucene-core/default.nix
@@ -9,7 +9,17 @@ stdenv.mkDerivation rec {
   };
   
   meta = {
-    description = "CLucene is a port of the very popular Java Lucene text search engine API. Core package.";
+    description = "Core library for full-featured text search engine";
+    longDescription = ''
+      CLucene is a high-performance, scalable, cross platform, full-featured,
+      open-source indexing and searching API. Specifically, CLucene is the guts
+      of a search engine, the hard stuff. You write the easy stuff: the UI and
+      the process of selecting and parsing your data files to pump them into
+      the search engine yourself, and any specialized queries to pull it back
+      for display or further processing.
+
+      CLucene is a port of the very popular Java Lucene text search engine API.
+    '';
     homepage = http://clucene.sourceforge.net;
   };
 }
diff --git a/pkgs/development/libraries/cogl/default.nix b/pkgs/development/libraries/cogl/default.nix
index 9c3a1a4d6747..abb92f7b08b4 100644
--- a/pkgs/development/libraries/cogl/default.nix
+++ b/pkgs/development/libraries/cogl/default.nix
@@ -35,6 +35,6 @@ stdenv.mkDerivation rec {
       render without stepping on each other's toes.
     '';
 
-    inherit (glib.meta) platforms;
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/development/libraries/coin3d/default.nix b/pkgs/development/libraries/coin3d/default.nix
index b477a88ed530..2ada02441492 100644
--- a/pkgs/development/libraries/coin3d/default.nix
+++ b/pkgs/development/libraries/coin3d/default.nix
@@ -14,8 +14,7 @@ stdenv.mkDerivation rec {
   meta = {
     homepage = http://www.coin3d.org/;
     license = "GPLv2+";
-    description = "High-level, retained-mode toolkit for effective 3D graphics development.";
-
+    description = "High-level, retained-mode toolkit for effective 3D graphics development";
     maintainers = [ stdenv.lib.maintainers.viric ];
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index b47e3c4a0e07..8ec47f86e343 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -77,7 +77,8 @@ let
   });
 
 
-in rec {
+  attrs = rec {
+  # If you change much fix indentation
 
   # This package has been split because most applications only need dbus.lib
   # which serves as an interface to a *system-wide* daemon,
@@ -114,4 +115,5 @@ in rec {
   docs = dbus_drv "docs" "doc" {
     postInstall = ''rm -r "$out/lib"'';
   };
-}
+};
+in attrs.libs // attrs
diff --git a/pkgs/development/libraries/eventlog/default.nix b/pkgs/development/libraries/eventlog/default.nix
index b1239d6f4cf4..7a8ab8e464b4 100644
--- a/pkgs/development/libraries/eventlog/default.nix
+++ b/pkgs/development/libraries/eventlog/default.nix
@@ -9,7 +9,15 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "A new API to format and send structured log messages.";
+    description = "Syslog event logger library";
+    longDescription = ''
+      The EventLog library aims to be a replacement of the simple syslog() API
+      provided on UNIX systems. The major difference between EventLog and
+      syslog is that EventLog tries to add structure to messages.
+
+      Where you had a simple non-structrured string in syslog() you have a
+      combination of description and tag/value pairs.
+    '';
     homepage = "http://www.balabit.com/support/community/products/";
     license = "BSD";
   };
diff --git a/pkgs/development/libraries/ffmpeg/1.x.nix b/pkgs/development/libraries/ffmpeg/1.x.nix
index 9f731d118bc3..be9f1c56d97b 100644
--- a/pkgs/development/libraries/ffmpeg/1.x.nix
+++ b/pkgs/development/libraries/ffmpeg/1.x.nix
@@ -29,11 +29,11 @@ assert x11grabSupport -> libXext != null && libXfixes != null;
 assert playSupport -> SDL != null;
 
 stdenv.mkDerivation rec {
-  name = "ffmpeg-1.2";
+  name = "ffmpeg-1.2.3";
 
   src = fetchurl {
     url = "http://www.ffmpeg.org/releases/${name}.tar.bz2";
-    sha256 = "1bssxbn4p813xlgb8whg4b60j90yzfy92x70b4q8j35fgp0gnfcs";
+    sha256 = "0nvilgwaivzvikgp9lpvrwi4p1clxl4w8j961599bg0r2v7n4x6r";
   };
 
   # `--enable-gpl' (as well as the `postproc' and `swscale') mean that
diff --git a/pkgs/development/libraries/fox/fox-1.6.nix b/pkgs/development/libraries/fox/fox-1.6.nix
index 540c2c61d946..2a7bb1dc31a1 100644
--- a/pkgs/development/libraries/fox/fox-1.6.nix
+++ b/pkgs/development/libraries/fox/fox-1.6.nix
@@ -31,6 +31,6 @@ stdenv.mkDerivation rec {
     homepage = "http://fox-toolkit.org";
     license = "LGPLv3";
     maintainers = [ stdenv.lib.maintainers.bbenoist ];
-    platforms = stdenv.lib.platforms.all;
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/development/libraries/freetds/default.nix b/pkgs/development/libraries/freetds/default.nix
index 87a7f879be8d..b39da46e4a26 100644
--- a/pkgs/development/libraries/freetds/default.nix
+++ b/pkgs/development/libraries/freetds/default.nix
@@ -4,7 +4,7 @@ stdenv.mkDerivation {
   name = "freetds-0.91";
 
   src = fetchurl {
-    url = ftp://ftp.ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz;
+    url = ftp://ftp.astron.com/pub/freetds/stable/freetds-stable.tgz;
     sha256 = "0r946axzxs0czsmr7283w7vmk5jx3jnxxc32d2ncxsrsh2yli0ba";
   };
 
diff --git a/pkgs/development/libraries/gamin/default.nix b/pkgs/development/libraries/gamin/default.nix
index b61101654ba0..22a4597abbe3 100644
--- a/pkgs/development/libraries/gamin/default.nix
+++ b/pkgs/development/libraries/gamin/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, python, pkgconfig, glib }:
 
-stdenv.mkDerivation rec {
+stdenv.mkDerivation (rec {
   name = "gamin-0.1.10";
 
   src = fetchurl {
@@ -17,4 +17,19 @@ stdenv.mkDerivation rec {
   configureFlags = "--disable-debug --with-python=${python} CPPFLAGS=-D_GNU_SOURCE";
 
   patches = [ ./deadlock.patch ] ++ map fetchurl (import ./debian-patches.nix);
+
+
+  meta = with stdenv.lib; {
+    homepage    = https://people.gnome.org/~veillard/gamin/;
+    description = "A file and directory monitoring system";
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.unix;
+  };
 }
+
+// stdenv.lib.optionalAttrs stdenv.isDarwin {
+  preBuild =  ''
+    sed -i 's/,--version-script=.*$/\\/' libgamin/Makefile
+  '';
+})
+
diff --git a/pkgs/development/libraries/geoclue/2.0.nix b/pkgs/development/libraries/geoclue/2.0.nix
new file mode 100644
index 000000000000..d799dfb60271
--- /dev/null
+++ b/pkgs/development/libraries/geoclue/2.0.nix
@@ -0,0 +1,30 @@
+{ fetchurl, stdenv, intltool, pkgconfig, glib, json_glib, libsoup, geoip
+, dbus, dbus_glib
+}:
+
+stdenv.mkDerivation rec {
+  name = "geoclue-2.0.0";
+
+  src = fetchurl {
+    url = "http://www.freedesktop.org/software/geoclue/releases/2.0/${name}.tar.xz";
+    sha256 = "18b7ikdcw2rm04gzw82216shp5m9pghvnsddw233s5jswn2g30ja";
+  };
+
+  buildInputs =
+   [ intltool pkgconfig glib json_glib libsoup geoip
+     dbus dbus_glib
+   ];
+
+  preConfigure = ''
+     substituteInPlace configure --replace "-Werror" ""
+  '';
+
+  propagatedBuildInputs = [ dbus dbus_glib glib ];
+
+  meta = {
+    description = "Geolocation framework and some data providers";
+    maintainers = with stdenv.lib.maintainers; [ raskin garbas ];
+    platforms = stdenv.lib.platforms.linux;
+    license = stdenv.lib.licenses.lgpl2;
+  };
+}
diff --git a/pkgs/development/libraries/gettext/default.nix b/pkgs/development/libraries/gettext/default.nix
index 5468c9f2336d..4908662591cb 100644
--- a/pkgs/development/libraries/gettext/default.nix
+++ b/pkgs/development/libraries/gettext/default.nix
@@ -1,8 +1,10 @@
-{ stdenv, fetchurl, libiconv }:
+{ stdenv, fetchurl, libiconvOrEmpty }:
+
+with { inherit (stdenv.lib) optionals optionalAttrs; };
 
 stdenv.mkDerivation (rec {
   name = "gettext-0.18.1.1";
-  
+
   src = fetchurl {
     url = "mirror://gnu/gettext/${name}.tar.gz";
     sha256 = "1sa3ch12qxa4h3ya6hkz119yclcccmincl9j20dhrdx5mykp3b4k";
@@ -11,7 +13,7 @@ stdenv.mkDerivation (rec {
   patches = [ ./no-gets.patch ];
 
   configureFlags = [ "--disable-csharp" ]
-     ++ (stdenv.lib.optionals stdenv.isCygwin
+     ++ (optionals stdenv.isCygwin
           [ # We have a static libiconv, so we can only build the static lib.
             "--disable-shared" "--enable-static"
 
@@ -30,12 +32,12 @@ stdenv.mkDerivation (rec {
     fi
   '';
 
-  buildInputs = stdenv.lib.optional (!stdenv.isLinux) libiconv;
-  
+  buildInputs = libiconvOrEmpty;
+
   enableParallelBuilding = true;
-      
+
   crossAttrs = {
-    buildInputs = stdenv.lib.optional (stdenv.gccCross.libc ? libiconv)
+    buildInputs = optional (stdenv.gccCross.libc ? libiconv)
       stdenv.gccCross.libc.libiconv.crossDrv;
     # Gettext fails to guess the cross compiler
     configureFlags = "CXX=${stdenv.cross.config}-g++";
@@ -70,9 +72,11 @@ stdenv.mkDerivation (rec {
   };
 }
 
-//
+// optionalAttrs stdenv.isDarwin {
+  makeFlags = "CFLAGS=-D_FORTIFY_SOURCE=0";
+}
 
-stdenv.lib.optionalAttrs stdenv.isCygwin {
+// optionalAttrs stdenv.isCygwin {
   patchPhase =
    # Make sure `error.c' gets compiled and is part of `libgettextlib.la'.
    # This fixes:
diff --git a/pkgs/development/libraries/glew/default.nix b/pkgs/development/libraries/glew/default.nix
index 14b44801e76e..313eec0bc7de 100644
--- a/pkgs/development/libraries/glew/default.nix
+++ b/pkgs/development/libraries/glew/default.nix
@@ -8,6 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "11xpmsw7m5qn7y8fa2ihhqcislz1bdd83mp99didd5ac84756dlv";
   };
 
+
   buildInputs = [ x11 libXmu libXi ];
   propagatedBuildInputs = [ mesa_glu ]; # GL/glew.h includes GL/glu.h
 
@@ -15,8 +16,9 @@ stdenv.mkDerivation rec {
     sed -i 's|lib64|lib|' config/Makefile.linux
   '';
 
+buildPhase = "make all";
   installPhase = ''
-    GLEW_DEST=$out make install
+    GLEW_DEST=$out make install.all
     mkdir -pv $out/share/doc/glew
     mkdir -p $out/lib/pkgconfig
     cp glew*.pc $out/lib/pkgconfig
diff --git a/pkgs/development/libraries/gnu-efi/default.nix b/pkgs/development/libraries/gnu-efi/default.nix
index ca24db94cd05..f741a0b4f34d 100644
--- a/pkgs/development/libraries/gnu-efi/default.nix
+++ b/pkgs/development/libraries/gnu-efi/default.nix
@@ -2,13 +2,13 @@
 , fetchurl
 }:
 
-let version = "3.0s"; in stdenv.mkDerivation {
+let version = "3.0u"; in stdenv.mkDerivation {
 
   name = "gnu-efi-${version}";
 
   src = fetchurl {
     url = "mirror://sourceforge/gnu-efi/gnu-efi_${version}.orig.tar.gz";
-    sha256 = "18bpswzkj81dadq1b7n2s9g0cz60l34ggzxlq21mb8va10j9zmhh";
+    sha256 = "0klkdxh1aqwwfm393q67nxww6liffyp2lfybbnh4q819b06la39w";
   };
 
   meta = {
@@ -34,7 +34,7 @@ let version = "3.0s"; in stdenv.mkDerivation {
   '';
 
   installPhase = ''
-    make INSTALLROOT="$out" install
+    make PREFIX="$out" install
     mkdir -pv $out/share/gnu-efi
     install -D -m644 apps/*.efi $out/share/gnu-efi
   '';
diff --git a/pkgs/development/libraries/gnutls/3.2.nix b/pkgs/development/libraries/gnutls/3.2.nix
new file mode 100644
index 000000000000..5a5b6aa94e2b
--- /dev/null
+++ b/pkgs/development/libraries/gnutls/3.2.nix
@@ -0,0 +1,73 @@
+{ fetchurl, stdenv, zlib, lzo, libtasn1, nettle, pkgconfig, lzip
+, guileBindings, guile, perl, gmp }:
+
+assert guileBindings -> guile != null;
+
+stdenv.mkDerivation (rec {
+
+  name = "gnutls-3.2.4";
+
+  src = fetchurl {
+    url = "ftp://ftp.gnutls.org/gcrypt/gnutls/v3.2/${name}.tar.lz";
+    sha256 = "0zl4h37g51xyaalv3qp2hvn1m6z7xzfw4yvpvi6mby4x5sqrrp8i";
+  };
+
+  # Note: GMP is a dependency of Nettle, whose public headers include
+  # GMP headers, hence the hack.
+  configurePhase = ''
+    ./configure --prefix="$out"                                 \
+      --disable-dependency-tracking --enable-fast-install       \
+      --without-p11-kit                                         \
+      --with-lzo --with-libtasn1-prefix="${libtasn1}"           \
+      --with-libnettle-prefix="${nettle}"                       \
+      CPPFLAGS="-I${gmp}/include"                               \
+      ${if guileBindings
+        then "--enable-guile --with-guile-site-dir=\"$out/share/guile/site\""
+        else ""}
+  '';
+
+  # Build of the Guile bindings is not parallel-safe.  See
+  # <http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=330995a920037b6030ec0282b51dde3f8b493cad>
+  # for the actual fix.
+  enableParallelBuilding = false;
+
+  buildInputs = [ zlib lzo lzip ]
+    ++ stdenv.lib.optional guileBindings guile;
+
+  nativeBuildInputs = [ perl pkgconfig ];
+
+  propagatedBuildInputs = [ nettle libtasn1 ];
+
+  # XXX: Gnulib's `test-select' fails on FreeBSD:
+  # http://hydra.nixos.org/build/2962084/nixlog/1/raw .
+  doCheck = (!stdenv.isFreeBSD && !stdenv.isDarwin);
+
+  meta = with stdenv.lib; {
+    description = "The GNU Transport Layer Security Library";
+
+    longDescription = ''
+       GnuTLS is a project that aims to develop a library which
+       provides a secure layer, over a reliable transport
+       layer. Currently the GnuTLS library implements the proposed
+       standards by the IETF's TLS working group.
+
+       Quoting from the TLS protocol specification:
+
+       "The TLS protocol provides communications privacy over the
+       Internet. The protocol allows client/server applications to
+       communicate in a way that is designed to prevent eavesdropping,
+       tampering, or message forgery."
+    '';
+
+    homepage = http://www.gnu.org/software/gnutls/;
+    license = "LGPLv2.1+";
+    maintainers = [ ];
+  };
+}
+
+//
+
+(stdenv.lib.optionalAttrs stdenv.isFreeBSD {
+  # FreeBSD doesn't have <alloca.h>, and Gnulib's `alloca' module isn't used.
+  patches = [ ./guile-gnulib-includes.patch ];
+}))
diff --git a/pkgs/development/libraries/gssdp/default.nix b/pkgs/development/libraries/gssdp/default.nix
index 28bad546084a..c33457544f5f 100644
--- a/pkgs/development/libraries/gssdp/default.nix
+++ b/pkgs/development/libraries/gssdp/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
   buildInputs = [pkgconfig libsoup glib libxml2];
 
   meta = {
-    description = "A GObject-based API for handling resource discovery and announcement over SSDP.";
+    description = "GObject-based API for handling resource discovery and announcement over SSDP";
     homepage = http://www.gupnp.org/;
     license = "LGPL v2";
     platforms = stdenv.lib.platforms.all;
diff --git a/pkgs/development/libraries/gtk+/3.x.nix b/pkgs/development/libraries/gtk+/3.x.nix
index 31bdba716b90..76424d79d7ad 100644
--- a/pkgs/development/libraries/gtk+/3.x.nix
+++ b/pkgs/development/libraries/gtk+/3.x.nix
@@ -8,11 +8,11 @@ assert xineramaSupport -> xlibs.libXinerama != null;
 assert cupsSupport -> cups != null;
 
 stdenv.mkDerivation rec {
-  name = "gtk+-3.8.2";
+  name = "gtk+-3.8.4";
 
   src = fetchurl {
     url = "mirror://gnome/sources/gtk+/3.8/${name}.tar.xz";
-    sha256 = "15zjmyky4yw70ipi12dllira4av8wjpw5f7g9kbrbpx12nf0ra0w";
+    sha256 = "1qlj0qdhkp8j5xiris4l4xnx47g4pbk4qnj3nf8rwa82fwb610xh";
   };
 
   enableParallelBuilding = true;
@@ -45,7 +45,7 @@ stdenv.mkDerivation rec {
 
     license = "LGPLv2+";
 
-    maintainers = with stdenv.lib.maintainers; [urkud raskin];
+    maintainers = with stdenv.lib.maintainers; [ urkud raskin vcunat];
     platforms = stdenv.lib.platforms.all;
   };
 }
diff --git a/pkgs/development/libraries/gurobi/default.nix b/pkgs/development/libraries/gurobi/default.nix
new file mode 100644
index 000000000000..4bdee56ae991
--- /dev/null
+++ b/pkgs/development/libraries/gurobi/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, requireFile }:
+
+stdenv.mkDerivation {
+  name = "gurobi-5.6.0";
+
+  src = requireFile {
+    name = "gurobi5.6.0_linux64.tar.gz";
+    sha256 = "1qwfjyx5y71x97gkndqnl9h4xc8hl48zwcwss7jagqfj3gxwvnky";
+    url = "http://www.gurobi.com/download/gurobi-optimizer";
+  };
+
+  installPhase = "mv linux64 $out";
+
+  fixupPhase = ''
+    interp=`cat $NIX_GCC/nix-support/dynamic-linker`
+    find $out/bin -type f -executable -exec patchelf --interpreter "$interp" --set-rpath $out/lib {} \;
+  '';
+
+  meta = {
+    description = "State-of-the-art mathematical programming solver";
+    homepage = http://www.gurobi.com/;
+    license = "unfree";
+    maintainers = [ stdenv.lib.maintainers.shlevy ];
+  };
+}
diff --git a/pkgs/development/libraries/gusb/default.nix b/pkgs/development/libraries/gusb/default.nix
new file mode 100644
index 000000000000..0534df821cce
--- /dev/null
+++ b/pkgs/development/libraries/gusb/default.nix
@@ -0,0 +1,30 @@
+{stdenv, fetchurl, fetchgit
+, automake, autoconf, libtool, which, gtkdoc, gettext, pkgconfig, gobjectIntrospection, libxslt
+, glib, systemd, libusb1
+}:
+stdenv.mkDerivation {
+  name = "gusb-git";
+  enableParallelBuilding = true;
+
+  src = fetchgit {
+    url = git://gitorious.org/gusb/gusb.git;
+    rev = "53226a15a627b20fde38303c2141a17985d741ae";
+    sha256 = "01daf09f663e27bdd92532e3e2a3e87de895e9cc1f150d4e0fc75b0dc489fccf";
+  };
+
+  preConfigure = "./autogen.sh";
+
+  buildInputs = [
+    pkgconfig autoconf automake libtool which gtkdoc gettext gobjectIntrospection libxslt
+    systemd libusb1
+    glib
+  ];
+
+  meta = {
+    description = "GLib libusb wrapper";
+    homepage = http://gitorious.org/gusb;
+    license = stdenv.lib.licenses.lgpl21;
+    maintainers = [stdenv.lib.maintainers.marcweber];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/libraries/harfbuzz/default.nix b/pkgs/development/libraries/harfbuzz/default.nix
index 4fb024db0e13..1202ab5825d7 100644
--- a/pkgs/development/libraries/harfbuzz/default.nix
+++ b/pkgs/development/libraries/harfbuzz/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, pkgconfig, glib, freetype, libintlOrEmpty }:
+{ stdenv, fetchurl, pkgconfig, glib, freetype,
+  icu ? null, graphite2 ? null, libintlOrEmpty }:
 
 stdenv.mkDerivation rec {
   name = "harfbuzz-0.9.12";
@@ -8,7 +9,12 @@ stdenv.mkDerivation rec {
     sha256 = "19cx5y2m20rp7z5j7mwqfb4ph2g8lrri69zim44x362y4w5gfly6";
   };
 
-  buildInputs = [ pkgconfig glib freetype ] ++ libintlOrEmpty;
+  buildInputs = [ pkgconfig glib freetype ]
+    ++ libintlOrEmpty;
+  propagatedBuildInputs = []
+    ++ (stdenv.lib.optionals (icu != null) [icu])
+    ++ (stdenv.lib.optionals (graphite2 != null) [graphite2])
+    ;
 
   meta = {
     description = "An OpenType text shaping engine";
diff --git a/pkgs/development/libraries/haskell/Agda/default.nix b/pkgs/development/libraries/haskell/Agda/default.nix
index 64c9d9d51e58..749802f95b25 100644
--- a/pkgs/development/libraries/haskell/Agda/default.nix
+++ b/pkgs/development/libraries/haskell/Agda/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "Agda";
-  version = "2.3.2.1";
-  sha256 = "1dlf0cs913ma8wjvra8x6p0lwi1pk7ynbdq4lxgbdfgqkbnh43kr";
+  version = "2.3.2.2";
+  sha256 = "0zr2rg2yvq6pqg69c6h7hqqpc5nj8prfhcvj5p2alkby0vs110qc";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/Cabal/1.18.0.nix b/pkgs/development/libraries/haskell/Cabal/1.18.1.2.nix
index 6e0d3074bdb3..024a4d5c1352 100644
--- a/pkgs/development/libraries/haskell/Cabal/1.18.0.nix
+++ b/pkgs/development/libraries/haskell/Cabal/1.18.1.2.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "Cabal";
-  version = "1.18.0";
-  sha256 = "1nxvkfkjkyxsa4nbrwl59r84j63qh2qx4cbd3vnr6vvdnflbix8f";
+  version = "1.18.1.2";
+  sha256 = "0pbg9d40lskcps248fdcnm4hnib3vl10mbcdf830zw45q29gfkjr";
   buildDepends = [ deepseq filepath time ];
   testDepends = [
     extensibleExceptions filepath HUnit QuickCheck regexPosix
diff --git a/pkgs/development/libraries/haskell/ChasingBottoms/default.nix b/pkgs/development/libraries/haskell/ChasingBottoms/default.nix
index 719e5eb2cee9..b22272a77033 100644
--- a/pkgs/development/libraries/haskell/ChasingBottoms/default.nix
+++ b/pkgs/development/libraries/haskell/ChasingBottoms/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "ChasingBottoms";
-  version = "1.3.0.6";
-  sha256 = "1l40n1ylzrbp0lhm80q9djl8mf39zvmw7zzlg0gzxsqbzwbsggx8";
+  version = "1.3.0.7";
+  sha256 = "0g1bx6d2mi27qsb4bxvby50g39fm56gyi2658fyjiq1gamy50ypa";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [ mtl QuickCheck random syb ];
diff --git a/pkgs/development/libraries/haskell/GLFW/default.nix b/pkgs/development/libraries/haskell/GLFW/default.nix
index f204bcdf6554..26a132ae0286 100644
--- a/pkgs/development/libraries/haskell/GLFW/default.nix
+++ b/pkgs/development/libraries/haskell/GLFW/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "GLFW";
-  version = "0.5.1.0";
-  sha256 = "190d75w84y9gayxvdz13dnzpyflc5qy4vdg5iv9p2dpcamcih3km";
+  version = "0.5.2.0";
+  sha256 = "06vps929dmk9yimfv7jj12m0p0bf4ih0ssf6rbcq2j6i9wbhpxq3";
   buildDepends = [ OpenGL ];
   extraLibraries = [ libX11 mesa ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/GLURaw/1.4.0.0.nix b/pkgs/development/libraries/haskell/GLURaw/1.4.0.0.nix
new file mode 100644
index 000000000000..a6f0e61d2730
--- /dev/null
+++ b/pkgs/development/libraries/haskell/GLURaw/1.4.0.0.nix
@@ -0,0 +1,16 @@
+{ cabal, freeglut, mesa, OpenGLRaw }:
+
+cabal.mkDerivation (self: {
+  pname = "GLURaw";
+  version = "1.4.0.0";
+  sha256 = "0q86rpd5cx0vrb9d3y1fljc3mg0p8wy6xdn37ngv2s0f4kslq63g";
+  buildDepends = [ OpenGLRaw ];
+  extraLibraries = [ freeglut mesa ];
+  meta = {
+    homepage = "http://www.haskell.org/haskellwiki/Opengl";
+    description = "A raw binding for the OpenGL graphics system";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/GLUT/2.5.0.1.nix b/pkgs/development/libraries/haskell/GLUT/2.5.0.1.nix
new file mode 100644
index 000000000000..f57cb34fb4a5
--- /dev/null
+++ b/pkgs/development/libraries/haskell/GLUT/2.5.0.1.nix
@@ -0,0 +1,18 @@
+{ cabal, freeglut, libICE, libSM, libXi, libXmu, mesa, OpenGL
+, OpenGLRaw
+}:
+
+cabal.mkDerivation (self: {
+  pname = "GLUT";
+  version = "2.5.0.1";
+  sha256 = "0f0bz64j7fxa0np8w53n51ri5m0pkwyc1kv7pvdnx02h181gl6l0";
+  buildDepends = [ OpenGL OpenGLRaw ];
+  extraLibraries = [ freeglut libICE libSM libXi libXmu mesa ];
+  meta = {
+    homepage = "http://www.haskell.org/haskellwiki/Opengl";
+    description = "A binding for the OpenGL Utility Toolkit";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/HDBC/HDBC-postgresql.nix b/pkgs/development/libraries/haskell/HDBC/HDBC-postgresql.nix
index b66ed3ce28f6..94fcd71adbd2 100644
--- a/pkgs/development/libraries/haskell/HDBC/HDBC-postgresql.nix
+++ b/pkgs/development/libraries/haskell/HDBC/HDBC-postgresql.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "HDBC-postgresql";
-  version = "2.3.2.1";
-  sha256 = "1ji10w4d91dp3ci7pn1jd8nb3wasszwlsy1lfbb4mqnr15c9vnpb";
+  version = "2.3.2.2";
+  sha256 = "0x42lf429dxjkz22jn5fybimlixxs20zq01ap40344qlwh01hd90";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [ convertible HDBC mtl parsec time utf8String ];
diff --git a/pkgs/development/libraries/haskell/HTF/default.nix b/pkgs/development/libraries/haskell/HTF/default.nix
new file mode 100644
index 000000000000..7abdc9b4730a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/HTF/default.nix
@@ -0,0 +1,26 @@
+{ cabal, aeson, cpphs, Diff, filepath, haskellSrcExts, HUnit
+, liftedBase, monadControl, mtl, QuickCheck, random, regexCompat
+, temporary, text, unorderedContainers, xmlgen
+}:
+
+cabal.mkDerivation (self: {
+  pname = "HTF";
+  version = "0.11.0.1";
+  sha256 = "0c4z76rsmdck60p7p2ypxx0d0r7k2vcb9viqp2yalyxzaaj7a9f5";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [
+    aeson cpphs Diff haskellSrcExts HUnit liftedBase monadControl mtl
+    QuickCheck random regexCompat text xmlgen
+  ];
+  testDepends = [
+    aeson filepath mtl random regexCompat temporary text
+    unorderedContainers
+  ];
+  meta = {
+    homepage = "https://github.com/skogsbaer/HTF/";
+    description = "The Haskell Test Framework";
+    license = "LGPL";
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/HTTP/4000.2.8.nix b/pkgs/development/libraries/haskell/HTTP/4000.2.8.nix
index 1b52261dea08..09f0b25910b9 100644
--- a/pkgs/development/libraries/haskell/HTTP/4000.2.8.nix
+++ b/pkgs/development/libraries/haskell/HTTP/4000.2.8.nix
@@ -12,6 +12,7 @@ cabal.mkDerivation (self: {
     caseInsensitive conduit deepseq httpdShed httpTypes HUnit mtl
     network pureMD5 split testFramework testFrameworkHunit wai warp
   ];
+  jailbreak = true;
   doCheck = false;
   meta = {
     homepage = "https://github.com/haskell/HTTP";
diff --git a/pkgs/development/libraries/haskell/Hipmunk/default.nix b/pkgs/development/libraries/haskell/Hipmunk/default.nix
index 7ee64f4254eb..e2f78497a7a3 100644
--- a/pkgs/development/libraries/haskell/Hipmunk/default.nix
+++ b/pkgs/development/libraries/haskell/Hipmunk/default.nix
@@ -2,11 +2,11 @@
 
 cabal.mkDerivation (self: {
   pname = "Hipmunk";
-  version = "5.2.0.11";
-  sha256 = "0pcbwlq0njgj6dzh8h94gml63wv52f6l9hdas378lm7v8gbizxl7";
+  version = "5.2.0.12";
+  sha256 = "0gybmwwij6gs3gsklcvck0nc1niyh6pvirnxgrcwclrz94ivpj42";
   buildDepends = [ StateVar transformers ];
   meta = {
-    homepage = "http://patch-tag.com/r/felipe/hipmunk/home";
+    homepage = "https://github.com/meteficha/Hipmunk";
     description = "A Haskell binding for Chipmunk";
     license = "unknown";
     platforms = self.ghc.meta.platforms;
diff --git a/pkgs/development/libraries/haskell/JuicyPixels/default.nix b/pkgs/development/libraries/haskell/JuicyPixels/default.nix
index 2a7bc888c48c..b2947318a1f1 100644
--- a/pkgs/development/libraries/haskell/JuicyPixels/default.nix
+++ b/pkgs/development/libraries/haskell/JuicyPixels/default.nix
@@ -1,13 +1,13 @@
-{ cabal, binary, deepseq, mmap, mtl, primitive, transformers
-, vector, zlib
+{ cabal, binary, deepseq, mtl, primitive, transformers, vector
+, zlib
 }:
 
 cabal.mkDerivation (self: {
   pname = "JuicyPixels";
-  version = "3.1";
-  sha256 = "1z3adva85qgdyx85hldqi99lnb3pg7a42q44zxil4gxwi62pw4xr";
+  version = "3.1.1.1";
+  sha256 = "0lvhaa8pqknkcsfps5gcbwiqx0y1rhasiw9hwy7975vgpsh58dph";
   buildDepends = [
-    binary deepseq mmap mtl primitive transformers vector zlib
+    binary deepseq mtl primitive transformers vector zlib
   ];
   meta = {
     homepage = "https://github.com/Twinside/Juicy.Pixels";
diff --git a/pkgs/development/libraries/haskell/MonadRandom/default.nix b/pkgs/development/libraries/haskell/MonadRandom/default.nix
index 9018bc603cf4..32c2f9eeffe7 100644
--- a/pkgs/development/libraries/haskell/MonadRandom/default.nix
+++ b/pkgs/development/libraries/haskell/MonadRandom/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "MonadRandom";
-  version = "0.1.11";
-  sha256 = "107f3ch84riagxa9x6yk4gxq2vq5dsk63rd0780g1fdplnf1sky3";
+  version = "0.1.12";
+  sha256 = "0lr1lvpcj96i6n0w810bjy8k9jygx97nnv0k2zb51d7saw6y95p4";
   buildDepends = [ mtl random transformers ];
   meta = {
     description = "Random-number generation monad";
diff --git a/pkgs/development/libraries/haskell/OpenGL/2.9.1.0.nix b/pkgs/development/libraries/haskell/OpenGL/2.9.1.0.nix
new file mode 100644
index 000000000000..6f79b5c7a068
--- /dev/null
+++ b/pkgs/development/libraries/haskell/OpenGL/2.9.1.0.nix
@@ -0,0 +1,16 @@
+{ cabal, GLURaw, libX11, mesa, OpenGLRaw, text }:
+
+cabal.mkDerivation (self: {
+  pname = "OpenGL";
+  version = "2.9.1.0";
+  sha256 = "09xzjaa9qyh7bfsnq226v9zi6lhnalhmlqlca3808hgax8ijwhp3";
+  buildDepends = [ GLURaw OpenGLRaw text ];
+  extraLibraries = [ libX11 mesa ];
+  meta = {
+    homepage = "http://www.haskell.org/haskellwiki/Opengl";
+    description = "A binding for the OpenGL graphics system";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/OpenGLRaw/1.4.0.0.nix b/pkgs/development/libraries/haskell/OpenGLRaw/1.4.0.0.nix
new file mode 100644
index 000000000000..1145c16b4f8b
--- /dev/null
+++ b/pkgs/development/libraries/haskell/OpenGLRaw/1.4.0.0.nix
@@ -0,0 +1,15 @@
+{ cabal, mesa }:
+
+cabal.mkDerivation (self: {
+  pname = "OpenGLRaw";
+  version = "1.4.0.0";
+  sha256 = "112xaz01950pyjaw3cv9yvw4w3gqbf79idyyh05ain7x29m7bxkh";
+  extraLibraries = [ mesa ];
+  meta = {
+    homepage = "http://www.haskell.org/haskellwiki/Opengl";
+    description = "A raw binding for the OpenGL graphics system";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/accelerate-cuda/default.nix b/pkgs/development/libraries/haskell/accelerate-cuda/default.nix
index bc428ab1dc45..cabfccc02669 100644
--- a/pkgs/development/libraries/haskell/accelerate-cuda/default.nix
+++ b/pkgs/development/libraries/haskell/accelerate-cuda/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "accelerate-cuda";
-  version = "0.13.0.3";
-  sha256 = "1y0v7w08pywb8qlw0b5aw4f8pkx4bjlfwxpqq2zfqmjsclnlifkb";
+  version = "0.13.0.4";
+  sha256 = "0zdb02mj9sbkj51a1q7sl6kmjx51gvps52dwc70qpm3rk71qnp1k";
   buildDepends = [
     accelerate binary cryptohash cuda fclabels filepath hashable
     hashtables languageCQuote mainlandPretty mtl SafeSemaphore srcloc
diff --git a/pkgs/development/libraries/haskell/accelerate-fft/default.nix b/pkgs/development/libraries/haskell/accelerate-fft/default.nix
index 523e5ae1504c..b3c1cb90b299 100644
--- a/pkgs/development/libraries/haskell/accelerate-fft/default.nix
+++ b/pkgs/development/libraries/haskell/accelerate-fft/default.nix
@@ -9,6 +9,6 @@ cabal.mkDerivation (self: {
     homepage = "https://github.com/AccelerateHS/accelerate-fft";
     description = "FFT using the Accelerate library";
     license = self.stdenv.lib.licenses.bsd3;
-    platforms = self.ghc.meta.platforms;
+    platforms = self.stdenv.lib.platforms.none;
   };
 })
diff --git a/pkgs/development/libraries/haskell/accelerate/default.nix b/pkgs/development/libraries/haskell/accelerate/default.nix
index c2484116f465..b7979f6f5f2a 100644
--- a/pkgs/development/libraries/haskell/accelerate/default.nix
+++ b/pkgs/development/libraries/haskell/accelerate/default.nix
@@ -5,6 +5,7 @@ cabal.mkDerivation (self: {
   version = "0.13.0.5";
   sha256 = "1vqkv3k0w1zy0111a786npf3hypbcg675lbdkv2cf3zx5hqcnn6j";
   buildDepends = [ fclabels hashable hashtables ];
+  jailbreak = true;
   meta = {
     homepage = "https://github.com/AccelerateHS/accelerate/";
     description = "An embedded language for accelerated array processing";
diff --git a/pkgs/development/libraries/haskell/acid-state/default.nix b/pkgs/development/libraries/haskell/acid-state/default.nix
index 28d8def56cf4..8b9bce21d739 100644
--- a/pkgs/development/libraries/haskell/acid-state/default.nix
+++ b/pkgs/development/libraries/haskell/acid-state/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "acid-state";
-  version = "0.11.4";
-  sha256 = "1z9jswg5c2wp9k2lfp0yx7mvw6iiyizm72s552lgjn8i3slq8481";
+  version = "0.12.1";
+  sha256 = "0smqhj4layckdsm8xjz1rwgpcqwm5xj2vr8g4i463vgq776fl0q6";
   buildDepends = [
     cereal extensibleExceptions filepath mtl network safecopy stm
   ];
diff --git a/pkgs/development/libraries/haskell/active/default.nix b/pkgs/development/libraries/haskell/active/default.nix
index c51663a9d091..1d6df75e5fa3 100644
--- a/pkgs/development/libraries/haskell/active/default.nix
+++ b/pkgs/development/libraries/haskell/active/default.nix
@@ -4,12 +4,13 @@
 
 cabal.mkDerivation (self: {
   pname = "active";
-  version = "0.1.0.6";
-  sha256 = "0hh52hkmma4lxfv3gj7x23cwx8v6wd1cm9hblvhzhylxk8dyl5m7";
+  version = "0.1.0.8";
+  sha256 = "1q2zrx1i5j04c9bss7c19nm6lqasmwxyfzkh49my7yaik95k7bw9";
   buildDepends = [ newtype semigroupoids semigroups vectorSpace ];
   testDepends = [
     newtype QuickCheck semigroupoids semigroups vectorSpace
   ];
+  jailbreak = true;
   meta = {
     description = "Abstractions for animation";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/aeson-pretty/default.nix b/pkgs/development/libraries/haskell/aeson-pretty/default.nix
new file mode 100644
index 000000000000..d51274c83e94
--- /dev/null
+++ b/pkgs/development/libraries/haskell/aeson-pretty/default.nix
@@ -0,0 +1,20 @@
+{ cabal, aeson, attoparsec, cmdargs, text, unorderedContainers
+, vector
+}:
+
+cabal.mkDerivation (self: {
+  pname = "aeson-pretty";
+  version = "0.7";
+  sha256 = "0zkqs3f4mr0v0j582h9ssq7dxgfkk59s7y66b640hc4zf0b5p7g7";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [
+    aeson attoparsec cmdargs text unorderedContainers vector
+  ];
+  meta = {
+    homepage = "http://github.com/informatikr/aeson-pretty";
+    description = "JSON pretty-printing library and command-line tool";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/aeson/default.nix b/pkgs/development/libraries/haskell/aeson/default.nix
index bcb202c64d07..edd2a21040e8 100644
--- a/pkgs/development/libraries/haskell/aeson/default.nix
+++ b/pkgs/development/libraries/haskell/aeson/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "aeson";
-  version = "0.6.2.0";
-  sha256 = "1f7bzgwl9pm5a79gr3a8wxh7dyz4k2508d0bw4l0mbjgv6r7s4an";
+  version = "0.6.2.1";
+  sha256 = "00fa13qr38s4c0fwfvpks3x3sb21kh71cv1v0x2zqg0adnaydknb";
   buildDepends = [
     attoparsec blazeBuilder deepseq dlist hashable mtl syb text time
     unorderedContainers vector
diff --git a/pkgs/development/libraries/haskell/amqp/default.nix b/pkgs/development/libraries/haskell/amqp/default.nix
new file mode 100644
index 000000000000..432d353a0af6
--- /dev/null
+++ b/pkgs/development/libraries/haskell/amqp/default.nix
@@ -0,0 +1,23 @@
+{ cabal, binary, clock, dataBinaryIeee754, hspec, hspecExpectations
+, network, split, text, xml
+}:
+
+cabal.mkDerivation (self: {
+  pname = "amqp";
+  version = "0.7.0";
+  sha256 = "09zazmbdw8nphbjkmixn2dpwdgkjqjfbn6jv522ykvrcnsn35kc4";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [
+    binary clock dataBinaryIeee754 network split text xml
+  ];
+  testDepends = [
+    binary dataBinaryIeee754 hspec hspecExpectations network split text
+  ];
+  meta = {
+    homepage = "https://github.com/hreinhardt/amqp";
+    description = "Client library for AMQP servers (currently only RabbitMQ)";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/asn1-types/default.nix b/pkgs/development/libraries/haskell/asn1-types/default.nix
index a50ee82a38d3..c28885b38edb 100644
--- a/pkgs/development/libraries/haskell/asn1-types/default.nix
+++ b/pkgs/development/libraries/haskell/asn1-types/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "asn1-types";
-  version = "0.2.0";
-  sha256 = "0350g5p3zbvm29nnjd554i6fyc47vmzpb42w6q46v3i9fiy23kvd";
+  version = "0.2.1";
+  sha256 = "1gnyvinimxb9vw3gwvsdvja8ascm07v9f5grxh42fzqkx6fm5xvr";
   buildDepends = [ time ];
   meta = {
     homepage = "http://github.com/vincenthz/hs-asn1-types";
diff --git a/pkgs/development/libraries/haskell/basic-prelude/default.nix b/pkgs/development/libraries/haskell/basic-prelude/default.nix
index cdf929d80274..8d31acb399f8 100644
--- a/pkgs/development/libraries/haskell/basic-prelude/default.nix
+++ b/pkgs/development/libraries/haskell/basic-prelude/default.nix
@@ -1,13 +1,13 @@
-{ cabal, hashable, liftedBase, ReadArgs, systemFilepath, text
+{ cabal, hashable, liftedBase, ReadArgs, safe, systemFilepath, text
 , transformers, unorderedContainers, vector
 }:
 
 cabal.mkDerivation (self: {
   pname = "basic-prelude";
-  version = "0.3.5.0";
-  sha256 = "1nrfibvvh5vzzr2jz5hipsj29b7ml6d90ijlr917n9aq200w14ar";
+  version = "0.3.6.0";
+  sha256 = "1sm89mva8vkhqp230g965b0k4n3g0c8w4sfsad8m1wh434g3k732";
   buildDepends = [
-    hashable liftedBase ReadArgs systemFilepath text transformers
+    hashable liftedBase ReadArgs safe systemFilepath text transformers
     unorderedContainers vector
   ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/bifunctors/default.nix b/pkgs/development/libraries/haskell/bifunctors/default.nix
index c659c3bc3bea..d7c8fa6debb4 100644
--- a/pkgs/development/libraries/haskell/bifunctors/default.nix
+++ b/pkgs/development/libraries/haskell/bifunctors/default.nix
@@ -2,12 +2,12 @@
 
 cabal.mkDerivation (self: {
   pname = "bifunctors";
-  version = "3.2.0.1";
-  sha256 = "1biicx0zi48wzzi7vkhzvrdyk59hmmm1bqbsga6x5nbrbf3qrkm6";
+  version = "4.1.0.1";
+  sha256 = "1mf1v64g5pr2k1jpc7i4994ki2fp5vkxg4n5v84lfbl2r3kr92yg";
   buildDepends = [ semigroupoids semigroups tagged ];
   meta = {
     homepage = "http://github.com/ekmett/bifunctors/";
-    description = "Haskell 98 bifunctors";
+    description = "Bifunctors";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/bindings-DSL/default.nix b/pkgs/development/libraries/haskell/bindings-DSL/default.nix
index d333a2877497..ed2a631419ab 100644
--- a/pkgs/development/libraries/haskell/bindings-DSL/default.nix
+++ b/pkgs/development/libraries/haskell/bindings-DSL/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "bindings-DSL";
-  version = "1.0.17";
-  sha256 = "1203n6wzdp21hd7zdhvhppxhkz4xr3qykwkb8j5mb2s4kijx01bn";
+  version = "1.0.20";
+  sha256 = "11qc02fkmrpy6c1a85lwlz06m4fpvfpbpbxgv5rkyb1amg2cnklq";
   meta = {
     homepage = "http://bitbucket.org/mauricio/bindings-dsl";
     description = "FFI domain specific language, on top of hsc2hs";
diff --git a/pkgs/development/libraries/haskell/bindings-libusb/default.nix b/pkgs/development/libraries/haskell/bindings-libusb/default.nix
new file mode 100644
index 000000000000..aeea654577a2
--- /dev/null
+++ b/pkgs/development/libraries/haskell/bindings-libusb/default.nix
@@ -0,0 +1,15 @@
+{ cabal, bindingsDSL, libusb }:
+
+cabal.mkDerivation (self: {
+  pname = "bindings-libusb";
+  version = "1.4.4.1";
+  sha256 = "1cip5a0n8svjkzawpx3wi9z7nywmn9bl3k2w559b3awy0wixybrx";
+  buildDepends = [ bindingsDSL ];
+  pkgconfigDepends = [ libusb ];
+  meta = {
+    homepage = "https://github.com/basvandijk/bindings-libusb";
+    description = "Low level bindings to libusb";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/blaze-builder/default.nix b/pkgs/development/libraries/haskell/blaze-builder/default.nix
index 816537b1ab65..7c2ee140c1ab 100644
--- a/pkgs/development/libraries/haskell/blaze-builder/default.nix
+++ b/pkgs/development/libraries/haskell/blaze-builder/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "blaze-builder";
-  version = "0.3.1.1";
-  sha256 = "1pnw5kjpyxf3mh72cb9a0f1qwpq3a2bkgqp1j3ny8l6nmzw0c9d1";
+  version = "0.3.2.0";
+  sha256 = "169q318jxhk7rmb8r679zhcdcmcca87d55341cnzajmc0580n6ih";
   buildDepends = [ text ];
   meta = {
     homepage = "http://github.com/meiersi/blaze-builder";
diff --git a/pkgs/development/libraries/haskell/bson/default.nix b/pkgs/development/libraries/haskell/bson/default.nix
index e572e366bdd0..1fa5f3fb79f5 100644
--- a/pkgs/development/libraries/haskell/bson/default.nix
+++ b/pkgs/development/libraries/haskell/bson/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "bson";
-  version = "0.2.2";
-  sha256 = "043lbaj4rrvh4a1yc033np51vi8xlbczflbhyx2bsiryzbi27waf";
+  version = "0.2.3";
+  sha256 = "0p8c4cq8ldspwj4pmg0l8pg8bkwsk9xan07md32ikm4bfqsnv2rb";
   buildDepends = [
     binary cryptohash dataBinaryIeee754 mtl network text time
   ];
diff --git a/pkgs/development/libraries/haskell/bytestring-progress/default.nix b/pkgs/development/libraries/haskell/bytestring-progress/default.nix
index e9bb268b9fce..c73932b3760a 100644
--- a/pkgs/development/libraries/haskell/bytestring-progress/default.nix
+++ b/pkgs/development/libraries/haskell/bytestring-progress/default.nix
@@ -5,7 +5,6 @@ cabal.mkDerivation (self: {
   version = "1.0.3";
   sha256 = "1v9cl7d4fcchbdrpbgjj4ilg79cj241vzijiifdsgkq30ikv2yxs";
   buildDepends = [ terminalProgressBar time ];
-  noHaddock = true;
   meta = {
     homepage = "http://github.com/acw/bytestring-progress";
     description = "A library for tracking the consumption of a lazy ByteString";
diff --git a/pkgs/development/libraries/haskell/cabal-macosx/default.nix b/pkgs/development/libraries/haskell/cabal-macosx/default.nix
index 0f651e1eaae3..351979627cb5 100644
--- a/pkgs/development/libraries/haskell/cabal-macosx/default.nix
+++ b/pkgs/development/libraries/haskell/cabal-macosx/default.nix
@@ -1,12 +1,12 @@
-{ cabal, Cabal, fgl, filepath, MissingH, parsec }:
+{ cabal, Cabal, fgl, filepath, parsec, text }:
 
 cabal.mkDerivation (self: {
   pname = "cabal-macosx";
-  version = "0.2.2";
-  sha256 = "14dc7swk03q2kp5fmhwibjh0x0pzf9ah1004skgd5six0vzfc1ch";
+  version = "0.2.3";
+  sha256 = "0rvmb6lx2alr7f0v7nbv48xzg7wp4nrn03hdkjc4a4c97rai14i9";
   isLibrary = true;
   isExecutable = true;
-  buildDepends = [ Cabal fgl filepath MissingH parsec ];
+  buildDepends = [ Cabal fgl filepath parsec text ];
   meta = {
     homepage = "http://github.com/gimbo/cabal-macosx";
     description = "Cabal support for creating Mac OSX application bundles";
diff --git a/pkgs/development/libraries/haskell/case-insensitive/1.1.nix b/pkgs/development/libraries/haskell/case-insensitive/1.1.0.1.nix
index fb3a9d271011..4f63796850a0 100644
--- a/pkgs/development/libraries/haskell/case-insensitive/1.1.nix
+++ b/pkgs/development/libraries/haskell/case-insensitive/1.1.0.1.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "case-insensitive";
-  version = "1.1";
-  sha256 = "1likcqdlhbbk78s887n5g9a4jjxxyh46hj4wc7l7snf6f9ygd5lj";
+  version = "1.1.0.1";
+  sha256 = "1hwkdkpr88r3s7c8w1msw1pawz8cfi0lwj1z9dcsp0xs788yzapp";
   buildDepends = [ deepseq hashable text ];
   testDepends = [ HUnit testFramework testFrameworkHunit text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/cereal/default.nix b/pkgs/development/libraries/haskell/cereal/default.nix
index a28ea11c511e..4770d5216e2e 100644
--- a/pkgs/development/libraries/haskell/cereal/default.nix
+++ b/pkgs/development/libraries/haskell/cereal/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cereal";
-  version = "0.3.5.2";
-  sha256 = "0yjxvhagsm552idfrs6d9lzlz6x5878xj1vfg0zxf8w1kixgghil";
+  version = "0.4.0.0";
+  sha256 = "0q6lrfa2p70mh3d08mbj89anc3p9ycy6wyyiycj5pm62kcimv7rj";
   meta = {
     description = "A binary serialization library";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/certificate/default.nix b/pkgs/development/libraries/haskell/certificate/default.nix
index db314a122960..95b990b464b4 100644
--- a/pkgs/development/libraries/haskell/certificate/default.nix
+++ b/pkgs/development/libraries/haskell/certificate/default.nix
@@ -4,13 +4,14 @@
 
 cabal.mkDerivation (self: {
   pname = "certificate";
-  version = "1.3.8";
-  sha256 = "1id3jfaisl04n1mjj9lbq3gyz8hyn3r9p9chzmfbra0pcj3vf1m0";
+  version = "1.3.9";
+  sha256 = "18g5rq7lpxmvmlnz610537w6mix6z6kxjrfj2ylbhkc81r5pn9g6";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
     asn1Data cryptohash cryptoPubkeyTypes filepath mtl pem time
   ];
+  jailbreak = true;
   meta = {
     homepage = "http://github.com/vincenthz/hs-certificate";
     description = "Certificates and Key Reader/Writer";
diff --git a/pkgs/development/libraries/haskell/charset/default.nix b/pkgs/development/libraries/haskell/charset/default.nix
new file mode 100644
index 000000000000..829c35b75632
--- /dev/null
+++ b/pkgs/development/libraries/haskell/charset/default.nix
@@ -0,0 +1,14 @@
+{ cabal, semigroups, unorderedContainers }:
+
+cabal.mkDerivation (self: {
+  pname = "charset";
+  version = "0.3.5.1";
+  sha256 = "0bf9s5r2j9bkwmjxzvj5c2c7bhnf5gyh2kkx67lmy8xqalfxgmwn";
+  buildDepends = [ semigroups unorderedContainers ];
+  meta = {
+    homepage = "http://github.com/ekmett/charset";
+    description = "Fast unicode character sets based on complemented PATRICIA tries";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/cipher-aes/default.nix b/pkgs/development/libraries/haskell/cipher-aes/default.nix
index 5fc5905ebb92..d68d2389e0e7 100644
--- a/pkgs/development/libraries/haskell/cipher-aes/default.nix
+++ b/pkgs/development/libraries/haskell/cipher-aes/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cipher-aes";
-  version = "0.2.5";
-  sha256 = "1ayypdfn2nnxp595dpyivmzw2jc4iyjz2in3z7ldccx36gn5j6b3";
+  version = "0.2.6";
+  sha256 = "0ys5a1w5pwwr74k9wzcsh1flb2jdcvnp1zz7sjs14jpxclpd8x3i";
   buildDepends = [ byteable cryptoCipherTypes securemem ];
   testDepends = [
     byteable cryptoCipherTests cryptoCipherTypes QuickCheck
diff --git a/pkgs/development/libraries/haskell/cipher-blowfish/default.nix b/pkgs/development/libraries/haskell/cipher-blowfish/default.nix
index 535a4b97fcad..44a7d96907aa 100644
--- a/pkgs/development/libraries/haskell/cipher-blowfish/default.nix
+++ b/pkgs/development/libraries/haskell/cipher-blowfish/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cipher-blowfish";
-  version = "0.0.2";
-  sha256 = "08jc1qsvnyk7zm7bp0nibkc6lx3bkid79cn1r6fidmccf716r3sp";
+  version = "0.0.3";
+  sha256 = "0hb67gmiyqrknynz5am8nada1b1v47rqla87dw5nvfhxhl51fhcg";
   buildDepends = [ byteable cryptoCipherTypes securemem vector ];
   testDepends = [
     byteable cryptoCipherTests cryptoCipherTypes QuickCheck
diff --git a/pkgs/development/libraries/haskell/cipher-camellia/default.nix b/pkgs/development/libraries/haskell/cipher-camellia/default.nix
index 6d29792ea337..52217751d27a 100644
--- a/pkgs/development/libraries/haskell/cipher-camellia/default.nix
+++ b/pkgs/development/libraries/haskell/cipher-camellia/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cipher-camellia";
-  version = "0.0.1";
-  sha256 = "11narl4h77v7317hdqy8zxhym3k7xrmw97yfwh0vr8k1y5dkiqh3";
+  version = "0.0.2";
+  sha256 = "19z2mi1rvp8fsqjdbmrm1hdlxmx61yr55fyknmmn945qrlvx234d";
   buildDepends = [ byteable cryptoCipherTypes securemem vector ];
   testDepends = [
     byteable cryptoCipherTests cryptoCipherTypes QuickCheck
diff --git a/pkgs/development/libraries/haskell/cipher-des/default.nix b/pkgs/development/libraries/haskell/cipher-des/default.nix
index 0340372d54b7..fdc30278425c 100644
--- a/pkgs/development/libraries/haskell/cipher-des/default.nix
+++ b/pkgs/development/libraries/haskell/cipher-des/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cipher-des";
-  version = "0.0.4";
-  sha256 = "18xpc7v0xyh0qb7p03ail1lyh376h1vg000xn22b5shpgp5kxiqq";
+  version = "0.0.6";
+  sha256 = "1isazxa2nr1y13y0danfk7wghy34rfpn3f43rw714nk2xk6vrwc5";
   buildDepends = [ byteable cryptoCipherTypes securemem ];
   testDepends = [
     byteable cryptoCipherTests cryptoCipherTypes QuickCheck
diff --git a/pkgs/development/libraries/haskell/cipher-rc4/default.nix b/pkgs/development/libraries/haskell/cipher-rc4/default.nix
index 7d3cacdd67a9..6485487a0e58 100644
--- a/pkgs/development/libraries/haskell/cipher-rc4/default.nix
+++ b/pkgs/development/libraries/haskell/cipher-rc4/default.nix
@@ -1,11 +1,15 @@
-{ cabal, QuickCheck, testFramework, testFrameworkQuickcheck2 }:
+{ cabal, byteable, cryptoCipherTests, cryptoCipherTypes, QuickCheck
+, testFramework, testFrameworkQuickcheck2
+}:
 
 cabal.mkDerivation (self: {
   pname = "cipher-rc4";
-  version = "0.1.2";
-  sha256 = "0nyrqms7h3hq236h03sjjjqdcxn3iz3fg4ifqj43f4nb8gv0ifb1";
+  version = "0.1.4";
+  sha256 = "0k9qf0cn5yxc4qlqikcm5yyrnkkvr6g3v7306cp8iwz7r4dp6zn6";
+  buildDepends = [ byteable cryptoCipherTypes ];
   testDepends = [
-    QuickCheck testFramework testFrameworkQuickcheck2
+    cryptoCipherTests cryptoCipherTypes QuickCheck testFramework
+    testFrameworkQuickcheck2
   ];
   meta = {
     homepage = "http://github.com/vincenthz/hs-cipher-rc4";
diff --git a/pkgs/development/libraries/haskell/citeproc-hs/default.nix b/pkgs/development/libraries/haskell/citeproc-hs/default.nix
index 573c5085b109..bdc78984c7bd 100644
--- a/pkgs/development/libraries/haskell/citeproc-hs/default.nix
+++ b/pkgs/development/libraries/haskell/citeproc-hs/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "citeproc-hs";
-  version = "0.3.8";
-  sha256 = "0wlfwjxg852qcgx54m99xm7hxsmcw8c8r7fyrsxyxl3054xnfwz8";
+  version = "0.3.9";
+  sha256 = "0f3l33a3rcp8lm8nkbda42lijjpaqa7cxszswhjryy1inywpsssg";
   buildDepends = [
     filepath hexpat hsBibutils HTTP json mtl network pandocTypes parsec
     syb time utf8String
diff --git a/pkgs/development/libraries/haskell/classy-prelude-conduit/default.nix b/pkgs/development/libraries/haskell/classy-prelude-conduit/default.nix
index c04b4dfc25e1..b6bf865d1839 100644
--- a/pkgs/development/libraries/haskell/classy-prelude-conduit/default.nix
+++ b/pkgs/development/libraries/haskell/classy-prelude-conduit/default.nix
@@ -1,14 +1,14 @@
 { cabal, classyPrelude, conduit, hspec, monadControl, QuickCheck
-, resourcet, transformers, void, xmlConduit
+, resourcet, systemFileio, transformers, void
 }:
 
 cabal.mkDerivation (self: {
   pname = "classy-prelude-conduit";
-  version = "0.5.3";
-  sha256 = "1rmx439kdjipyz2s3v2s1xv1mb55kb4njl9k6f8mfhykgac39rhz";
+  version = "0.6.0";
+  sha256 = "122clkwrz1n009b5gxq96sbby7i8kb4dgvc90ydamd86bx3pvc84";
   buildDepends = [
-    classyPrelude conduit monadControl resourcet transformers void
-    xmlConduit
+    classyPrelude conduit monadControl resourcet systemFileio
+    transformers void
   ];
   testDepends = [ conduit hspec QuickCheck transformers ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/classy-prelude/default.nix b/pkgs/development/libraries/haskell/classy-prelude/default.nix
index 69acb897220c..f296ff21ced8 100644
--- a/pkgs/development/libraries/haskell/classy-prelude/default.nix
+++ b/pkgs/development/libraries/haskell/classy-prelude/default.nix
@@ -1,17 +1,21 @@
 { cabal, async, basicPrelude, deepseq, hashable, hspec, liftedBase
-, monadControl, QuickCheck, systemFilepath, text, transformers
-, unorderedContainers, vector
+, monadControl, monoTraversable, QuickCheck, semigroups
+, systemFilepath, text, transformers, unorderedContainers, vector
+, vectorInstances
 }:
 
 cabal.mkDerivation (self: {
   pname = "classy-prelude";
-  version = "0.5.9";
-  sha256 = "1qqmip3ynqdxlwynm60wsn82dcyymcfql79k039iablanj4mic61";
+  version = "0.6.0";
+  sha256 = "0wpymr2gl0hmbgpw0qd0h1ik1h42s8raykq7jsdjqnmcvsmww5j6";
   buildDepends = [
     async basicPrelude deepseq hashable liftedBase monadControl
-    systemFilepath text transformers unorderedContainers vector
+    monoTraversable semigroups systemFilepath text transformers
+    unorderedContainers vector vectorInstances
+  ];
+  testDepends = [
+    hspec QuickCheck transformers unorderedContainers
   ];
-  testDepends = [ hspec QuickCheck transformers ];
   meta = {
     homepage = "https://github.com/snoyberg/classy-prelude";
     description = "A typeclass-based Prelude";
diff --git a/pkgs/development/libraries/haskell/clock/default.nix b/pkgs/development/libraries/haskell/clock/default.nix
new file mode 100644
index 000000000000..65bfffec52ea
--- /dev/null
+++ b/pkgs/development/libraries/haskell/clock/default.nix
@@ -0,0 +1,13 @@
+{ cabal }:
+
+cabal.mkDerivation (self: {
+  pname = "clock";
+  version = "0.4.0.1";
+  sha256 = "1bn6dalank30l680iifyam0mg9izxbyscgq0vmr1aw5brba5kv6j";
+  meta = {
+    homepage = "http://corsis.github.com/clock/";
+    description = "High-resolution clock functions: monotonic, realtime, cputime";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/comonad-transformers/default.nix b/pkgs/development/libraries/haskell/comonad-transformers/default.nix
index ef0ffe061985..943a0718e03d 100644
--- a/pkgs/development/libraries/haskell/comonad-transformers/default.nix
+++ b/pkgs/development/libraries/haskell/comonad-transformers/default.nix
@@ -1,19 +1,16 @@
-{ cabal, comonad, contravariant, distributive, semigroupoids
-, semigroups, transformers
-}:
+{ cabal, comonad }:
 
 cabal.mkDerivation (self: {
   pname = "comonad-transformers";
-  version = "3.1";
-  sha256 = "024l437xfi0bkbn3121xi8slwsh9jby9a92qg1m5y0nmxzs9lxda";
-  buildDepends = [
-    comonad contravariant distributive semigroupoids semigroups
-    transformers
-  ];
+  version = "4.0";
+  sha256 = "13zzp6r6s6c80skniphwvzxhpazbyal5854m53139kgcw560rv6z";
+  buildDepends = [ comonad ];
+  noHaddock = true;
   meta = {
     homepage = "http://github.com/ekmett/comonad-transformers/";
-    description = "Comonad transformers";
+    description = "This package has been merged into comonad 4.0";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
   };
 })
diff --git a/pkgs/development/libraries/haskell/comonad/default.nix b/pkgs/development/libraries/haskell/comonad/default.nix
index 472e4e315c1c..9457a2ad44dc 100644
--- a/pkgs/development/libraries/haskell/comonad/default.nix
+++ b/pkgs/development/libraries/haskell/comonad/default.nix
@@ -1,14 +1,18 @@
-{ cabal, doctest, filepath, semigroups, tagged, transformers }:
+{ cabal, contravariant, distributive, doctest, filepath, mtl
+, semigroups, tagged, transformers
+}:
 
 cabal.mkDerivation (self: {
   pname = "comonad";
-  version = "3.1";
-  sha256 = "0sl9b3f1vwpjdvnrxv7b8n512w05pv4in6qx3l4sbksdp1zjvcyv";
-  buildDepends = [ semigroups tagged transformers ];
+  version = "4.0";
+  sha256 = "1f57wqxy1la59kippbj924prnj53a5hwc2ppg48n9xx2wfr63iha";
+  buildDepends = [
+    contravariant distributive mtl semigroups tagged transformers
+  ];
   testDepends = [ doctest filepath ];
   meta = {
     homepage = "http://github.com/ekmett/comonad/";
-    description = "Haskell 98 compatible comonads";
+    description = "Comonads";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/comonads-fd/default.nix b/pkgs/development/libraries/haskell/comonads-fd/default.nix
index aac28ff08711..f55123f8fe18 100644
--- a/pkgs/development/libraries/haskell/comonads-fd/default.nix
+++ b/pkgs/development/libraries/haskell/comonads-fd/default.nix
@@ -1,17 +1,14 @@
-{ cabal, comonad, comonadTransformers, mtl, semigroups
-, transformers
-}:
+{ cabal, comonad }:
 
 cabal.mkDerivation (self: {
   pname = "comonads-fd";
-  version = "3.0.3";
-  sha256 = "06x545yq5xc3kphjipkgjrgrfvvkjpy0wji9d5fw44ca91nzglww";
-  buildDepends = [
-    comonad comonadTransformers mtl semigroups transformers
-  ];
+  version = "4.0";
+  sha256 = "19xpv0dsz7w3a1sq1gdxwzglfal45vj2s22zb12g9mpk5rp3hw1s";
+  buildDepends = [ comonad ];
+  noHaddock = true;
   meta = {
     homepage = "http://github.com/ekmett/comonads-fd/";
-    description = "Comonad transformers using functional dependencies";
+    description = "This package has been merged into comonad 4.0";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/conduit/default.nix b/pkgs/development/libraries/haskell/conduit/default.nix
index 0e1757f7b507..ab41f5a5621d 100644
--- a/pkgs/development/libraries/haskell/conduit/default.nix
+++ b/pkgs/development/libraries/haskell/conduit/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "conduit";
-  version = "1.0.7.4";
-  sha256 = "1bvi9gw9sfi1fml339rn3cfq4i3yd9j9vw41p5cpz5pnv3gw225x";
+  version = "1.0.8";
+  sha256 = "0qsi9p7hwzaw1ridgydfmaagjjpkbgq755b1r9xm4apdy6fikcz5";
   buildDepends = [
     liftedBase mmorph monadControl mtl resourcet text transformers
     transformersBase void
diff --git a/pkgs/development/libraries/haskell/connection/default.nix b/pkgs/development/libraries/haskell/connection/default.nix
new file mode 100644
index 000000000000..a7930cab08b3
--- /dev/null
+++ b/pkgs/development/libraries/haskell/connection/default.nix
@@ -0,0 +1,18 @@
+{ cabal, certificate, cprngAes, dataDefault, network, socks, tls
+, tlsExtra
+}:
+
+cabal.mkDerivation (self: {
+  pname = "connection";
+  version = "0.1.3";
+  sha256 = "13bwlbga612kc7g3m3rrdzbdv4w0glp4af9r6crwgjsmxgimrgs9";
+  buildDepends = [
+    certificate cprngAes dataDefault network socks tls tlsExtra
+  ];
+  meta = {
+    homepage = "http://github.com/vincenthz/hs-connection";
+    description = "Simple and easy network connections API";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/constraints/default.nix b/pkgs/development/libraries/haskell/constraints/default.nix
index 87ec5d82724b..1e0dc901aaf5 100644
--- a/pkgs/development/libraries/haskell/constraints/default.nix
+++ b/pkgs/development/libraries/haskell/constraints/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "constraints";
-  version = "0.3.3";
-  sha256 = "0mglqd6l6bc333i7gymbm8q037hj5fny6jzyg1zmw5kg6r3xcwdi";
+  version = "0.3.4.2";
+  sha256 = "14bfar4d44yl9zxgqxj4p67ag2ndprm602l4pinfjk0ywbh63fwq";
   buildDepends = [ newtype ];
   meta = {
     homepage = "http://github.com/ekmett/constraints/";
diff --git a/pkgs/development/libraries/haskell/crypto-cipher-tests/default.nix b/pkgs/development/libraries/haskell/crypto-cipher-tests/default.nix
index 12118a375402..3c5149364682 100644
--- a/pkgs/development/libraries/haskell/crypto-cipher-tests/default.nix
+++ b/pkgs/development/libraries/haskell/crypto-cipher-tests/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "crypto-cipher-tests";
-  version = "0.0.4";
-  sha256 = "1c725zj94d6n33wldyzlm1qd32a0ais0w221ykpgs49rrd6hrpbh";
+  version = "0.0.11";
+  sha256 = "19wqignlq90qwpam01hnmmrxaxh5lkax9l1l6rlbi4a07nvp1dnz";
   buildDepends = [
     byteable cryptoCipherTypes HUnit mtl QuickCheck securemem
     testFramework testFrameworkHunit testFrameworkQuickcheck2
diff --git a/pkgs/development/libraries/haskell/crypto-cipher-types/default.nix b/pkgs/development/libraries/haskell/crypto-cipher-types/default.nix
index f1665950a554..8f52f724bcd6 100644
--- a/pkgs/development/libraries/haskell/crypto-cipher-types/default.nix
+++ b/pkgs/development/libraries/haskell/crypto-cipher-types/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "crypto-cipher-types";
-  version = "0.0.4";
-  sha256 = "0ipwplw1mn6amjxk2i5sksxvfsnf2fv8rnrgyncl21mp1gbnq7h0";
+  version = "0.0.9";
+  sha256 = "03qa1i1kj07pfrxsi7fiaqnnd0vi94jd4jfswbmnm4gp1nvzcwr0";
   buildDepends = [ byteable securemem ];
   meta = {
     homepage = "http://github.com/vincenthz/hs-crypto-cipher";
diff --git a/pkgs/development/libraries/haskell/crypto-conduit/default.nix b/pkgs/development/libraries/haskell/crypto-conduit/default.nix
index 61d6bcbeabea..1dc356b7f465 100644
--- a/pkgs/development/libraries/haskell/crypto-conduit/default.nix
+++ b/pkgs/development/libraries/haskell/crypto-conduit/default.nix
@@ -4,13 +4,14 @@
 
 cabal.mkDerivation (self: {
   pname = "crypto-conduit";
-  version = "0.5.2";
-  sha256 = "0ncqwr2a9nxl6q7qys9gb5db62lx622g5db1xhpfni045x324kbz";
+  version = "0.5.2.1";
+  sha256 = "1i9m4pzy4ib9n941zlh398idmxcjak2496c4c73i8bmikryahl8p";
   buildDepends = [ cereal conduit cryptoApi transformers ];
   testDepends = [
     cereal conduit cryptoApi cryptocipher cryptohashCryptoapi hspec
     skein transformers
   ];
+  jailbreak = true;
   doCheck = false;
   meta = {
     homepage = "https://github.com/meteficha/crypto-conduit";
diff --git a/pkgs/development/libraries/haskell/cryptocipher/default.nix b/pkgs/development/libraries/haskell/cryptocipher/default.nix
index 57d0e2483f86..7d3ddf57e529 100644
--- a/pkgs/development/libraries/haskell/cryptocipher/default.nix
+++ b/pkgs/development/libraries/haskell/cryptocipher/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cryptocipher";
-  version = "0.6.1";
-  sha256 = "1qa0s7mr1a3nv4ppyk8wr57rxbfc2qpw9rq26pfziwnpin5k2j3x";
+  version = "0.6.2";
+  sha256 = "0ip3a2as0df6drl29sryayxx22sx55v6bs60s2fh3i1nxqnydf9l";
   buildDepends = [
     cipherAes cipherBlowfish cipherCamellia cipherDes cipherRc4
     cryptoCipherTypes
diff --git a/pkgs/development/libraries/haskell/cryptohash/default.nix b/pkgs/development/libraries/haskell/cryptohash/default.nix
index d598b3639339..839bf4518a19 100644
--- a/pkgs/development/libraries/haskell/cryptohash/default.nix
+++ b/pkgs/development/libraries/haskell/cryptohash/default.nix
@@ -4,11 +4,11 @@
 
 cabal.mkDerivation (self: {
   pname = "cryptohash";
-  version = "0.10.0";
-  sha256 = "0szvx1dxf16chlksmp08g9qxy7f87w6hspigwbw78aygc3q9mzaq";
+  version = "0.11.1";
+  sha256 = "0ww7bikl8i50m1pwkqp145bfsiy07npnjw48j3il4w2ia0b3axmy";
   buildDepends = [ byteable ];
   testDepends = [
-    HUnit QuickCheck testFramework testFrameworkHunit
+    byteable HUnit QuickCheck testFramework testFrameworkHunit
     testFrameworkQuickcheck2
   ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/cufft/default.nix b/pkgs/development/libraries/haskell/cufft/default.nix
index 76039f065488..e9f1fe166bdc 100644
--- a/pkgs/development/libraries/haskell/cufft/default.nix
+++ b/pkgs/development/libraries/haskell/cufft/default.nix
@@ -10,6 +10,6 @@ cabal.mkDerivation (self: {
     homepage = "http://github.com/robeverest/cufft";
     description = "Haskell bindings for the CUFFT library";
     license = self.stdenv.lib.licenses.bsd3;
-    platforms = self.ghc.meta.platforms;
+    platforms = self.stdenv.lib.platforms.none;
   };
 })
diff --git a/pkgs/development/libraries/haskell/data-lens/default.nix b/pkgs/development/libraries/haskell/data-lens/default.nix
index e4cff67f3761..5276c1c97070 100644
--- a/pkgs/development/libraries/haskell/data-lens/default.nix
+++ b/pkgs/development/libraries/haskell/data-lens/default.nix
@@ -1,13 +1,10 @@
-{ cabal, comonad, comonadTransformers, semigroupoids, transformers
-}:
+{ cabal, comonad, semigroupoids, transformers }:
 
 cabal.mkDerivation (self: {
   pname = "data-lens";
-  version = "2.10.2";
-  sha256 = "1mv4lh5rhmq09d89ci07kj9anv7ckrlqh9x3xr4jq9idf7sf54b5";
-  buildDepends = [
-    comonad comonadTransformers semigroupoids transformers
-  ];
+  version = "2.10.4";
+  sha256 = "1pzswlpphpipsqja825pyqjixp4akc5nmw9y61jwv6r4vsgdpg5i";
+  buildDepends = [ comonad semigroupoids transformers ];
   meta = {
     homepage = "http://github.com/roconnor/data-lens/";
     description = "Haskell 98 Lenses";
diff --git a/pkgs/development/libraries/haskell/data-pprint/default.nix b/pkgs/development/libraries/haskell/data-pprint/default.nix
new file mode 100644
index 000000000000..b78096a18357
--- /dev/null
+++ b/pkgs/development/libraries/haskell/data-pprint/default.nix
@@ -0,0 +1,13 @@
+{ cabal, deepseq, mtl, parallel, time }:
+
+cabal.mkDerivation (self: {
+  pname = "data-pprint";
+  version = "0.2.3";
+  sha256 = "1ygbhn399d4hlrdjmg7gxbr5akydb78p6qa80rv7m6j0fsqzbf6y";
+  buildDepends = [ deepseq mtl parallel time ];
+  meta = {
+    description = "Prettyprint and compare Data values";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/dbus/default.nix b/pkgs/development/libraries/haskell/dbus/default.nix
index 16cb2c7ca033..e0072bd8446b 100644
--- a/pkgs/development/libraries/haskell/dbus/default.nix
+++ b/pkgs/development/libraries/haskell/dbus/default.nix
@@ -10,6 +10,7 @@ cabal.mkDerivation (self: {
     cereal libxmlSax network parsec random text transformers vector
     xmlTypes
   ];
+  jailbreak = true;
   meta = {
     homepage = "https://john-millikin.com/software/haskell-dbus/";
     description = "A client library for the D-Bus IPC system";
diff --git a/pkgs/development/libraries/haskell/diagrams/core.nix b/pkgs/development/libraries/haskell/diagrams/core.nix
index c2dbb27aebd1..33fa353628bb 100644
--- a/pkgs/development/libraries/haskell/diagrams/core.nix
+++ b/pkgs/development/libraries/haskell/diagrams/core.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "diagrams-core";
-  version = "0.7";
-  sha256 = "00ba31imq91w6lzy8blgxawr06igrjfrg4adrqy650wip8jafqwq";
+  version = "0.7.0.1";
+  sha256 = "1826f6yrb0ch07y4bjb1cnqi8giphn2i6g45484qr6bfbb8wj5dg";
   buildDepends = [
     dualTree MemoTrie monoidExtras newtype semigroups vectorSpace
     vectorSpacePoints
diff --git a/pkgs/development/libraries/haskell/diagrams/diagrams.nix b/pkgs/development/libraries/haskell/diagrams/diagrams.nix
index efa63bdc0b7e..2b000724f122 100644
--- a/pkgs/development/libraries/haskell/diagrams/diagrams.nix
+++ b/pkgs/development/libraries/haskell/diagrams/diagrams.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "diagrams";
-  version = "0.7.1";
-  sha256 = "0rdpp26zvimdhdw0jpw6w606jkzkqdx0pq4051fkyk2mldwk9ipj";
+  version = "0.7.1.1";
+  sha256 = "1fkrdds3p7ghjjscw5fmsjk8s5l31bz9a9z2qf3xwa1kp8p4d16d";
   buildDepends = [
     diagramsContrib diagramsCore diagramsLib diagramsSvg
   ];
diff --git a/pkgs/development/libraries/haskell/diagrams/lib.nix b/pkgs/development/libraries/haskell/diagrams/lib.nix
index 50afb16f2823..43ada20aecc4 100644
--- a/pkgs/development/libraries/haskell/diagrams/lib.nix
+++ b/pkgs/development/libraries/haskell/diagrams/lib.nix
@@ -5,12 +5,13 @@
 
 cabal.mkDerivation (self: {
   pname = "diagrams-lib";
-  version = "0.7";
-  sha256 = "02zb9j2qb5f26azscv1m4iivp1ixdhx6rcjns5smka1hdgyzld1j";
+  version = "0.7.1.1";
+  sha256 = "14d557y22dqyjr026vbawa2a2yjh7alh3rpavyidfdlrg48lqgrc";
   buildDepends = [
     active colour dataDefaultClass diagramsCore fingertree intervals
     monoidExtras newtype NumInstances semigroups vectorSpace
   ];
+  jailbreak = true;
   meta = {
     homepage = "http://projects.haskell.org/diagrams";
     description = "Embedded domain-specific language for declarative graphics";
diff --git a/pkgs/development/libraries/haskell/diagrams/svg.nix b/pkgs/development/libraries/haskell/diagrams/svg.nix
index 644037e946ee..062cee83e416 100644
--- a/pkgs/development/libraries/haskell/diagrams/svg.nix
+++ b/pkgs/development/libraries/haskell/diagrams/svg.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "diagrams-svg";
-  version = "0.7";
-  sha256 = "0vfykrx29dxii9mdjjkia5a42jfg4hbzgxzv5rp7zvf3fz9w8w1x";
+  version = "0.8.0.2";
+  sha256 = "0ahapj040qy74kcj9f786ddd28xysq1wch087wsh8sdfp57z5dbz";
   buildDepends = [
     blazeSvg cmdargs colour diagramsCore diagramsLib filepath
     monoidExtras mtl split time vectorSpace
diff --git a/pkgs/development/libraries/haskell/distributive/default.nix b/pkgs/development/libraries/haskell/distributive/default.nix
index d40952024ef2..d03257f54d34 100644
--- a/pkgs/development/libraries/haskell/distributive/default.nix
+++ b/pkgs/development/libraries/haskell/distributive/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "distributive";
-  version = "0.3.1";
-  sha256 = "0zf3wq1xz9sbb0g6fg852jckrwkffsfkghq3zx03d2q9ginc6jbc";
+  version = "0.3.2";
+  sha256 = "1n2xnjffrbfw736qn9w5fxy4pjl2319yhimkglhbayq85pz51r1h";
   buildDepends = [ transformers transformersCompat ];
   testDepends = [ doctest filepath ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/dns/default.nix b/pkgs/development/libraries/haskell/dns/default.nix
index e80f4379aa73..9dd35804f430 100644
--- a/pkgs/development/libraries/haskell/dns/default.nix
+++ b/pkgs/development/libraries/haskell/dns/default.nix
@@ -1,20 +1,21 @@
 { cabal, attoparsec, attoparsecConduit, binary, blazeBuilder
-, conduit, hspec, iproute, mtl, network, networkConduit, random
+, conduit, doctest, hspec, iproute, mtl, network, networkConduit
+, random
 }:
 
 cabal.mkDerivation (self: {
   pname = "dns";
-  version = "0.3.8";
-  sha256 = "1x2rfm89qpx7dpxr457i2wqmjry8r28f42j194131mfx4gc4mwdq";
+  version = "1.0.0";
+  sha256 = "16h7c332qdj77dw8kvrdn1jzhzsnrcybbbm5x7pxvgpnn0wzz8si";
   buildDepends = [
     attoparsec attoparsecConduit binary blazeBuilder conduit iproute
     mtl network networkConduit random
   ];
   testDepends = [
-    attoparsec attoparsecConduit binary blazeBuilder conduit hspec
-    iproute mtl network networkConduit random
+    attoparsec attoparsecConduit binary blazeBuilder conduit doctest
+    hspec iproute mtl network networkConduit random
   ];
-  doCheck = false;
+  testTarget = "spec";
   meta = {
     description = "DNS library in Haskell";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/doctest/default.nix b/pkgs/development/libraries/haskell/doctest/default.nix
index 3b8c03e2da27..08118ac4e1bf 100644
--- a/pkgs/development/libraries/haskell/doctest/default.nix
+++ b/pkgs/development/libraries/haskell/doctest/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "doctest";
-  version = "0.9.7";
-  sha256 = "0d3aywm5v3kx16c1i6cb4inr7hdnmsl8qawxp27g0yng03wdra5l";
+  version = "0.9.9";
+  sha256 = "1r1jdmch6sb4cdygh60pv42p4nr03shabrpd18hjnxs40dgc6pgy";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [ deepseq filepath ghcPaths syb transformers ];
diff --git a/pkgs/development/libraries/haskell/dual-tree/default.nix b/pkgs/development/libraries/haskell/dual-tree/default.nix
index 8500de5fcfb6..c0896557e339 100644
--- a/pkgs/development/libraries/haskell/dual-tree/default.nix
+++ b/pkgs/development/libraries/haskell/dual-tree/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "dual-tree";
-  version = "0.1.0.3";
-  sha256 = "0k3p1lqhynlqvkbnrs5vn478c76qcn754n5pb17p5i4jcw94bm0n";
+  version = "0.1.0.4";
+  sha256 = "0xrpb7kz6aazqy9w0b7hcbxgmy4ddy0zh7gdpv2w140vvyx5qjrn";
   buildDepends = [ monoidExtras newtype semigroups ];
   jailbreak = true;
   meta = {
diff --git a/pkgs/development/libraries/haskell/either/default.nix b/pkgs/development/libraries/haskell/either/default.nix
index 67c1962cbe9c..93dfd043c907 100644
--- a/pkgs/development/libraries/haskell/either/default.nix
+++ b/pkgs/development/libraries/haskell/either/default.nix
@@ -3,8 +3,8 @@
 
 cabal.mkDerivation (self: {
   pname = "either";
-  version = "3.4.1";
-  sha256 = "1cq4glqhxz9k8fxf0dc8b6hcxxfn4yci6h7wmfkmkfq5ca61ax1b";
+  version = "4.0";
+  sha256 = "07axaq43cqyglndr5az7ns4mvkjmybq6z8s32l1jxc5x7532scwr";
   buildDepends = [
     MonadRandom mtl semigroupoids semigroups transformers
   ];
diff --git a/pkgs/development/libraries/haskell/entropy/default.nix b/pkgs/development/libraries/haskell/entropy/default.nix
index 17409f05eed5..f2154ddddf7b 100644
--- a/pkgs/development/libraries/haskell/entropy/default.nix
+++ b/pkgs/development/libraries/haskell/entropy/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "entropy";
-  version = "0.2.2.2";
-  sha256 = "1xkpfi6njj5iqwn5wa6npyzxksj9hr0xqbxrslg646whxrkd8718";
+  version = "0.2.2.4";
+  sha256 = "1cjmpb0rh1ib4j9mwmf1irn401vmjawxkshxdmmb4643rmcgx1gm";
   meta = {
     homepage = "https://github.com/TomMD/entropy";
     description = "A platform independent entropy source";
diff --git a/pkgs/development/libraries/haskell/enumerator/default.nix b/pkgs/development/libraries/haskell/enumerator/default.nix
index 5b44c9efc62a..4dfa4e573dd9 100644
--- a/pkgs/development/libraries/haskell/enumerator/default.nix
+++ b/pkgs/development/libraries/haskell/enumerator/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "enumerator";
-  version = "0.4.19";
-  sha256 = "1avxy55vbvkz6yj512bkb2b986y3m0b28c9c5lfc3wd2na7w1s5g";
+  version = "0.4.20";
+  sha256 = "02a75dggj295zkhgjry5cb43s6y6ydpjb5w6vgl7kd9b6ma11qik";
   buildDepends = [ text transformers ];
   meta = {
     homepage = "https://john-millikin.com/software/enumerator/";
diff --git a/pkgs/development/libraries/haskell/enummapset/default.nix b/pkgs/development/libraries/haskell/enummapset/default.nix
new file mode 100644
index 000000000000..c43c246557b5
--- /dev/null
+++ b/pkgs/development/libraries/haskell/enummapset/default.nix
@@ -0,0 +1,14 @@
+{ cabal, deepseq }:
+
+cabal.mkDerivation (self: {
+  pname = "enummapset";
+  version = "0.5.2.0";
+  sha256 = "065gxljrjw59rdf7abq0v0c29wg1ymg984ckixnjrcs1yks0c2js";
+  buildDepends = [ deepseq ];
+  meta = {
+    homepage = "https://github.com/michalt/enummapset";
+    description = "IntMap and IntSet with Enum keys/elements";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/errors/default.nix b/pkgs/development/libraries/haskell/errors/default.nix
index d15ac59febab..1b0bc4282a75 100644
--- a/pkgs/development/libraries/haskell/errors/default.nix
+++ b/pkgs/development/libraries/haskell/errors/default.nix
@@ -2,9 +2,10 @@
 
 cabal.mkDerivation (self: {
   pname = "errors";
-  version = "1.4.2";
-  sha256 = "1csry8bbz7r4gc7x3lf1ih10rvnig2i91nfij227p9744yndl2xw";
+  version = "1.4.3";
+  sha256 = "02xvfh0kfca7z5vhnkmqg5gw5i5ad5bc3jf8flxj75ry7wqggfmm";
   buildDepends = [ either safe transformers ];
+  jailbreak = true;
   meta = {
     description = "Simplified error-handling";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/esqueleto/default.nix b/pkgs/development/libraries/haskell/esqueleto/default.nix
new file mode 100644
index 000000000000..4e0abd3c34f6
--- /dev/null
+++ b/pkgs/development/libraries/haskell/esqueleto/default.nix
@@ -0,0 +1,25 @@
+{ cabal, conduit, hspec, HUnit, monadControl, monadLogger
+, persistent, persistentSqlite, persistentTemplate, QuickCheck
+, resourcet, tagged, text, transformers, unorderedContainers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "esqueleto";
+  version = "1.3.4.2";
+  sha256 = "1gp0jy8ra11ansari659wqvwafw1pi2svl3w16wa5dv9xk3v9pr6";
+  buildDepends = [
+    conduit monadLogger persistent resourcet tagged text transformers
+    unorderedContainers
+  ];
+  testDepends = [
+    conduit hspec HUnit monadControl monadLogger persistent
+    persistentSqlite persistentTemplate QuickCheck text transformers
+  ];
+  meta = {
+    homepage = "https://github.com/meteficha/esqueleto";
+    description = "Bare bones, type-safe EDSL for SQL queries on persistent backends";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/fclabels/default.nix b/pkgs/development/libraries/haskell/fclabels/default.nix
index 71a3fe8d0c23..162b83733b13 100644
--- a/pkgs/development/libraries/haskell/fclabels/default.nix
+++ b/pkgs/development/libraries/haskell/fclabels/default.nix
@@ -2,12 +2,12 @@
 
 cabal.mkDerivation (self: {
   pname = "fclabels";
-  version = "1.1.7.1";
-  sha256 = "1f34r3bzn1cbba8d5d1j3wxrlrrj5vf09hpgd6ppina91wyj4dyn";
+  version = "2.0.0.2";
+  sha256 = "1c706v10g4av7jxiw3x4n1hg9h7sbwcnrj676b1q0rcb3pd32kz6";
   buildDepends = [ mtl transformers ];
   meta = {
     homepage = "https://github.com/sebastiaanvisser/fclabels";
-    description = "First class accessor labels";
+    description = "First class accessor labels implemented as lenses";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
     maintainers = [ self.stdenv.lib.maintainers.andres ];
diff --git a/pkgs/development/libraries/haskell/feed/default.nix b/pkgs/development/libraries/haskell/feed/default.nix
index a2c1ccde86bc..817276497da1 100644
--- a/pkgs/development/libraries/haskell/feed/default.nix
+++ b/pkgs/development/libraries/haskell/feed/default.nix
@@ -1,10 +1,10 @@
-{ cabal, utf8String, xml }:
+{ cabal, time, utf8String, xml }:
 
 cabal.mkDerivation (self: {
   pname = "feed";
-  version = "0.3.9.1";
-  sha256 = "1c7dj9w9qj8408qql1kfq8m28fwvfd7bpgkj32lmk5x9qm5iz04k";
-  buildDepends = [ utf8String xml ];
+  version = "0.3.9.2";
+  sha256 = "05sg2ly1pvni3sfv03rbf60vdjkrfa0f9mmc1dm1hrmp638j67gg";
+  buildDepends = [ time utf8String xml ];
   meta = {
     homepage = "https://github.com/sof/feed";
     description = "Interfacing with RSS (v 0.9x, 2.x, 1.0) + Atom feeds.";
diff --git a/pkgs/development/libraries/haskell/file-embed/default.nix b/pkgs/development/libraries/haskell/file-embed/default.nix
index 2eb9ac94d8c3..3d7015d7ec20 100644
--- a/pkgs/development/libraries/haskell/file-embed/default.nix
+++ b/pkgs/development/libraries/haskell/file-embed/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "file-embed";
-  version = "0.0.4.9";
-  sha256 = "128z3jwxn6d13dkrfjx7maxgmax8bfgr8n2jfhqg3rvv4ryjnqv2";
+  version = "0.0.5";
+  sha256 = "0s77g7azw73f7d07hvwwps8sx79jpwj8ap9iqzcglyjw1sw4l1n1";
   buildDepends = [ filepath ];
   testDepends = [ filepath HUnit ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/free/default.nix b/pkgs/development/libraries/haskell/free/default.nix
index 56bf80d71af4..64d9541f4019 100644
--- a/pkgs/development/libraries/haskell/free/default.nix
+++ b/pkgs/development/libraries/haskell/free/default.nix
@@ -1,15 +1,14 @@
-{ cabal, bifunctors, comonad, comonadsFd, comonadTransformers
-, distributive, mtl, profunctors, semigroupoids, semigroups
-, transformers
+{ cabal, bifunctors, comonad, distributive, mtl, profunctors
+, semigroupoids, semigroups, transformers
 }:
 
 cabal.mkDerivation (self: {
   pname = "free";
-  version = "3.4.2";
-  sha256 = "1x6pdkcxk6z9ndph2yzz5n21afc2330m0ryv4w67jsss5aa69fwb";
+  version = "4.1";
+  sha256 = "16951r4f7ggvcw2qgjwdrmaxxnrmrm69c67nixs77lm1d31nks4w";
   buildDepends = [
-    bifunctors comonad comonadsFd comonadTransformers distributive mtl
-    profunctors semigroupoids semigroups transformers
+    bifunctors comonad distributive mtl profunctors semigroupoids
+    semigroups transformers
   ];
   meta = {
     homepage = "http://github.com/ekmett/free/";
diff --git a/pkgs/development/libraries/haskell/generic-deriving/default.nix b/pkgs/development/libraries/haskell/generic-deriving/default.nix
index f1a1ec837fd4..5081d09939bf 100644
--- a/pkgs/development/libraries/haskell/generic-deriving/default.nix
+++ b/pkgs/development/libraries/haskell/generic-deriving/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "generic-deriving";
-  version = "1.6.1";
-  sha256 = "0c3b3xkjdfp14w48gfk3f6aqz4cgk6i3bl5mci23mbb3f33jcx1j";
+  version = "1.6.2";
+  sha256 = "1ryzg7zgnlhx6mbmpsh4fgqf2d758c94qz2zpg3jxns30hd4sfy6";
   meta = {
     description = "Generic programming library for generalised deriving";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/ghc-mod/default.nix b/pkgs/development/libraries/haskell/ghc-mod/default.nix
index 0f60a650d367..accce6f5c86a 100644
--- a/pkgs/development/libraries/haskell/ghc-mod/default.nix
+++ b/pkgs/development/libraries/haskell/ghc-mod/default.nix
@@ -1,11 +1,11 @@
-{ cabal, Cabal, convertible, emacs, filepath, ghcPaths, ghcSybUtils
-, hlint, hspec, ioChoice, syb, time, transformers
+{ cabal, Cabal, convertible, doctest, emacs, filepath, ghcPaths
+, ghcSybUtils, hlint, hspec, ioChoice, syb, time, transformers
 }:
 
 cabal.mkDerivation (self: {
   pname = "ghc-mod";
-  version = "3.0.0";
-  sha256 = "1ll2vn4vv4k7jaah0ngr2ml381cpprqy9ndqpf8cn44m5xd9qn6p";
+  version = "3.1.3";
+  sha256 = "0g12cj8yn2znhqi7wiz5jayzh4g5jdcj1qwy5g3pz456hcpb0jig";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
@@ -13,7 +13,7 @@ cabal.mkDerivation (self: {
     time transformers
   ];
   testDepends = [
-    Cabal convertible filepath ghcPaths ghcSybUtils hlint hspec
+    Cabal convertible doctest filepath ghcPaths ghcSybUtils hlint hspec
     ioChoice syb time transformers
   ];
   buildTools = [ emacs ];
@@ -30,7 +30,7 @@ cabal.mkDerivation (self: {
     #!/bin/sh
     COMMAND=\$1
     shift
-    eval exec $out/ghc-mod \$COMMAND \$( ${self.ghc.GHCGetPackages} ${self.ghc.ghcVersion} | tr " " "\n" | tail -n +2 | paste -d " " - - | sed 's/.*/-g "&"/' | tr "\n" " ") "\$@"
+    eval exec $out/ghc-mod \$COMMAND \$( ${self.ghc.GHCGetPackages} ${self.ghc.version} | tr " " "\n" | tail -n +2 | paste -d " " - - | sed 's/.*/-g "&"/' | tr "\n" " ") "\$@"
     EOF
     chmod +x $out/bin/ghc-mod
   '';
diff --git a/pkgs/development/libraries/haskell/gitit/default.nix b/pkgs/development/libraries/haskell/gitit/default.nix
index 45c96e64012d..905d02b70113 100644
--- a/pkgs/development/libraries/haskell/gitit/default.nix
+++ b/pkgs/development/libraries/haskell/gitit/default.nix
@@ -2,7 +2,7 @@
 , filepath, filestore, ghcPaths, happstackServer, highlightingKate
 , hslogger, HStringTemplate, HTTP, json, mtl, network, pandoc
 , pandocTypes, parsec, random, recaptcha, safe, SHA, syb, tagsoup
-, text, time, url, utf8String, xhtml, xml, xssSanitize, zlib
+, text, time, url, utf8String, xhtml, xml, xssSanitize, zlib, fetchurl
 }:
 
 cabal.mkDerivation (self: {
@@ -19,6 +19,10 @@ cabal.mkDerivation (self: {
     zlib
   ];
   jailbreak = true;
+  patches = [ (fetchurl { url = "https://github.com/jgm/gitit/commit/48155008397bdaed4f97c5678d83c70d4bc3f0ff.patch";
+                          sha256 = "0xdg9frr8lany8ry6vj4vpskmhkpww8jswnb05pzl8a4xfqxh9gd";
+                        })
+            ];
   meta = {
     homepage = "http://gitit.net";
     description = "Wiki using happstack, git or darcs, and pandoc";
diff --git a/pkgs/development/libraries/haskell/gloss/default.nix b/pkgs/development/libraries/haskell/gloss/default.nix
index f397a60017fb..0f0777909e82 100644
--- a/pkgs/development/libraries/haskell/gloss/default.nix
+++ b/pkgs/development/libraries/haskell/gloss/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "gloss";
-  version = "1.8.0.1";
-  sha256 = "17nnmv84pjls1my58yzifbin3pxcnlbpkprglad707rr4lrkkjvv";
+  version = "1.8.1.1";
+  sha256 = "135rrgzx4xq8279zbsl4538hjn8np4g6409fgva2cb9shw8z5pmj";
   buildDepends = [ bmp GLUT OpenGL ];
   jailbreak = true;
   meta = {
diff --git a/pkgs/development/libraries/haskell/groupoids/default.nix b/pkgs/development/libraries/haskell/groupoids/default.nix
index 4c085c0ae23b..7697e8e369f9 100644
--- a/pkgs/development/libraries/haskell/groupoids/default.nix
+++ b/pkgs/development/libraries/haskell/groupoids/default.nix
@@ -2,12 +2,13 @@
 
 cabal.mkDerivation (self: {
   pname = "groupoids";
-  version = "3.0.1.1";
-  sha256 = "0r4xjyq7icd52nas27bhr5k8q7li6lba8mlkcipghhsgxsyjfp63";
+  version = "4.0";
+  sha256 = "08la44c19pz2clws5mb939zc1d17cb6qy9qlh2n1634pl0zrawb6";
   buildDepends = [ semigroupoids ];
+  noHaddock = true;
   meta = {
     homepage = "http://github.com/ekmett/groupoids/";
-    description = "Haskell 98 Groupoids";
+    description = "This package has been absorbed into semigroupoids 4.0";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/groups/default.nix b/pkgs/development/libraries/haskell/groups/default.nix
index a03094970706..b2cf829f12ea 100644
--- a/pkgs/development/libraries/haskell/groups/default.nix
+++ b/pkgs/development/libraries/haskell/groups/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "groups";
-  version = "0.3.0.0";
-  sha256 = "07swv09l98fxh563w1x8n8xzgh9q7n9dbx4gx3i77kwi72vmxl8x";
+  version = "0.4.0.0";
+  sha256 = "1kp8h3617cimya8nnadljyy4vk66dzl5nzfm900k2gh3ci8kja6k";
   meta = {
     description = "Haskell 98 groups";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/hS3/default.nix b/pkgs/development/libraries/haskell/hS3/default.nix
index 83ee2c810ebd..1d6838e92f89 100644
--- a/pkgs/development/libraries/haskell/hS3/default.nix
+++ b/pkgs/development/libraries/haskell/hS3/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hS3";
-  version = "0.5.7";
-  sha256 = "1p5p6vwazqi5kpi3i0msbgcdf6flp25b2v1an6lvj7y8dx1pk6f2";
+  version = "0.5.8";
+  sha256 = "1wmrrmlz4qlhr75lixn385pjpvpq21aafgf0fw8jyfqgdyjkg7bm";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/hakyll/default.nix b/pkgs/development/libraries/haskell/hakyll/default.nix
index a594ce878803..22cdf149ef7b 100644
--- a/pkgs/development/libraries/haskell/hakyll/default.nix
+++ b/pkgs/development/libraries/haskell/hakyll/default.nix
@@ -1,6 +1,6 @@
-{ cabal, binary, blazeHtml, blazeMarkup, citeprocHs, cmdargs
-, cryptohash, dataDefault, deepseq, filepath, fsnotify, httpConduit
-, httpTypes, HUnit, lrucache, mtl, network, pandoc, parsec
+{ cabal, binary, blazeHtml, blazeMarkup, cmdargs, cryptohash
+, dataDefault, deepseq, filepath, fsnotify, httpConduit, httpTypes
+, HUnit, lrucache, mtl, network, pandoc, pandocCiteproc, parsec
 , QuickCheck, random, regexBase, regexTdfa, snapCore, snapServer
 , systemFilepath, tagsoup, testFramework, testFrameworkHunit
 , testFrameworkQuickcheck2, text, time
@@ -8,27 +8,24 @@
 
 cabal.mkDerivation (self: {
   pname = "hakyll";
-  version = "4.3.3.0";
-  sha256 = "11zfz55a7dr5l7xzknphqninyrb2pw2qmrs7v7ajq2gvbl0lf37n";
+  version = "4.4.1.2";
+  sha256 = "0rbl0gl5ds63mv8cbcwb8aj0vic9padqs3zrdxr2ny70md1v9m9y";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    binary blazeHtml blazeMarkup citeprocHs cmdargs cryptohash
-    dataDefault deepseq filepath fsnotify httpConduit httpTypes
-    lrucache mtl network pandoc parsec random regexBase regexTdfa
-    snapCore snapServer systemFilepath tagsoup text time
+    binary blazeHtml blazeMarkup cmdargs cryptohash dataDefault deepseq
+    filepath fsnotify httpConduit httpTypes lrucache mtl network pandoc
+    pandocCiteproc parsec random regexBase regexTdfa snapCore
+    snapServer systemFilepath tagsoup text time
   ];
   testDepends = [
-    binary blazeHtml blazeMarkup citeprocHs cmdargs cryptohash
-    dataDefault deepseq filepath fsnotify httpConduit httpTypes HUnit
-    lrucache mtl network pandoc parsec QuickCheck random regexBase
-    regexTdfa snapCore snapServer systemFilepath tagsoup testFramework
+    binary blazeHtml blazeMarkup cmdargs cryptohash dataDefault deepseq
+    filepath fsnotify httpConduit httpTypes HUnit lrucache mtl network
+    pandoc pandocCiteproc parsec QuickCheck random regexBase regexTdfa
+    snapCore snapServer systemFilepath tagsoup testFramework
     testFrameworkHunit testFrameworkQuickcheck2 text time
   ];
   doCheck = false;
-  patchPhase = ''
-    sed -i -e 's|cryptohash.*,|cryptohash,|' hakyll.cabal
-  '';
   meta = {
     homepage = "http://jaspervdj.be/hakyll";
     description = "A static website compiler library";
diff --git a/pkgs/development/libraries/haskell/hamlet/default.nix b/pkgs/development/libraries/haskell/hamlet/default.nix
index c29672767a6b..b40025ff7166 100644
--- a/pkgs/development/libraries/haskell/hamlet/default.nix
+++ b/pkgs/development/libraries/haskell/hamlet/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hamlet";
-  version = "1.1.7.2";
-  sha256 = "1pfpygbabfmgx01vjkxhf3p9map2v7x8jys06jd6qgc4j90dnk1c";
+  version = "1.1.7.3";
+  sha256 = "0532gf4xdbjxjpv7gsfv0bapnnb4g81jcfzkn71nwizi8zls3qck";
   buildDepends = [
     blazeBuilder blazeHtml blazeMarkup failure parsec shakespeare text
   ];
diff --git a/pkgs/development/libraries/haskell/happstack/happstack-server.nix b/pkgs/development/libraries/haskell/happstack/happstack-server.nix
index f58e4ba2d3d1..e12d848f00f9 100644
--- a/pkgs/development/libraries/haskell/happstack/happstack-server.nix
+++ b/pkgs/development/libraries/haskell/happstack/happstack-server.nix
@@ -7,8 +7,8 @@
 
 cabal.mkDerivation (self: {
   pname = "happstack-server";
-  version = "7.3.0";
-  sha256 = "094q6m6a4cxwmmw9hin2pphiq8gi0y4ma4vkvqv7rwqnn3mf9n0q";
+  version = "7.3.1";
+  sha256 = "0yk4ylyyc8pz7j5lxibah356f986w932ncxp4y612rqcd0abzrq4";
   buildDepends = [
     base64Bytestring blazeHtml extensibleExceptions filepath hslogger
     html monadControl mtl network parsec sendfile syb systemFilepath
diff --git a/pkgs/development/libraries/haskell/hashable/1.2.0.10.nix b/pkgs/development/libraries/haskell/hashable/1.2.1.0.nix
index 2bafe55f4204..092a3f691563 100644
--- a/pkgs/development/libraries/haskell/hashable/1.2.0.10.nix
+++ b/pkgs/development/libraries/haskell/hashable/1.2.1.0.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hashable";
-  version = "1.2.0.10";
-  sha256 = "155r7zqc0kisjdslr8d1c04yqwvzwqx4d99c0zla113dvsdjhp37";
+  version = "1.2.1.0";
+  sha256 = "09m1glpcxm3f6s9cwz8xzljy6j0n271cym4d9dllw5rpzrwp9h2f";
   buildDepends = [ text ];
   testDepends = [
     HUnit QuickCheck random testFramework testFrameworkHunit
diff --git a/pkgs/development/libraries/haskell/hashtables/default.nix b/pkgs/development/libraries/haskell/hashtables/default.nix
index ae62c051ec5e..ca0e2e529c56 100644
--- a/pkgs/development/libraries/haskell/hashtables/default.nix
+++ b/pkgs/development/libraries/haskell/hashtables/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hashtables";
-  version = "1.1.0.2";
-  sha256 = "0d103cvr168hgyghm6fp67r4lz1p592x45igwld6xq3nyxjxnbp9";
+  version = "1.1.2.1";
+  sha256 = "1166baqalpp9v735821drjvyasr44p4znbcs7njyr09fx87r23f5";
   buildDepends = [ hashable primitive vector ];
   meta = {
     homepage = "http://github.com/gregorycollins/hashtables";
diff --git a/pkgs/development/libraries/haskell/haskell-src-meta/default.nix b/pkgs/development/libraries/haskell/haskell-src-meta/default.nix
index 7c9e76940462..6ce8f9e72ba2 100644
--- a/pkgs/development/libraries/haskell/haskell-src-meta/default.nix
+++ b/pkgs/development/libraries/haskell/haskell-src-meta/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "haskell-src-meta";
-  version = "0.6.0.3";
-  sha256 = "1ag26pzppvqw9ch6jz1p0bhsld7fz0b01k7h9516hnmy215h7xai";
+  version = "0.6.0.4";
+  sha256 = "10dixf2abk0canwikf3wdp1ahc51400wxa7x4g59pygv8a3c1c1x";
   buildDepends = [ haskellSrcExts syb thOrphans uniplate ];
   jailbreak = true;
   meta = {
diff --git a/pkgs/development/libraries/haskell/haxr/default.nix b/pkgs/development/libraries/haskell/haxr/default.nix
index a5aaf44c3928..26ebbb9f8b02 100644
--- a/pkgs/development/libraries/haskell/haxr/default.nix
+++ b/pkgs/development/libraries/haskell/haxr/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "haxr";
-  version = "3000.9.3";
-  sha256 = "1jg7abgbykxjjpmakmfm6zcwxn0hf9q53430ibr4m9n6alh7nglq";
+  version = "3000.10.1.1";
+  sha256 = "0qvbl3bms2mf650w9j3r0pnl151vzkggy2if3f4rj34qwb2sxmvp";
   buildDepends = [
     base64Bytestring blazeBuilder HaXml HTTP mtl network time
     utf8String
diff --git a/pkgs/development/libraries/haskell/heist/default.nix b/pkgs/development/libraries/haskell/heist/default.nix
index 9def726fb69c..b8f709a402cb 100644
--- a/pkgs/development/libraries/haskell/heist/default.nix
+++ b/pkgs/development/libraries/haskell/heist/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "heist";
-  version = "0.13.0";
-  sha256 = "1f406i7jdz45s88n0nrd76vj927a0fx02nf1f98r4in0ic5anp11";
+  version = "0.13.0.2";
+  sha256 = "0rbzizgrvwj505dk7qyc9ky5vwyaxyj91xz1dsv0mv7cjl9pp17n";
   buildDepends = [
     aeson attoparsec blazeBuilder blazeHtml directoryTree dlist errors
     filepath hashable MonadCatchIOTransformers mtl random text time
diff --git a/pkgs/development/libraries/haskell/hexpat/default.nix b/pkgs/development/libraries/haskell/hexpat/default.nix
index 5a656bc19c78..03aa9c16ed24 100644
--- a/pkgs/development/libraries/haskell/hexpat/default.nix
+++ b/pkgs/development/libraries/haskell/hexpat/default.nix
@@ -1,14 +1,10 @@
-{ cabal, deepseq, extensibleExceptions, List, text, transformers
-, utf8String
-}:
+{ cabal, deepseq, List, text, transformers, utf8String }:
 
 cabal.mkDerivation (self: {
   pname = "hexpat";
-  version = "0.20.3";
-  sha256 = "13dh0cvcmp6yi4nncsn6q9pkisld9xvz6j4xabng5ax67vdgdvrs";
-  buildDepends = [
-    deepseq extensibleExceptions List text transformers utf8String
-  ];
+  version = "0.20.4";
+  sha256 = "09ixvwgrr1046v806d23ngdhc8xqkf0yadzlbwxcy228ka13xwdw";
+  buildDepends = [ deepseq List text transformers utf8String ];
   meta = {
     homepage = "http://haskell.org/haskellwiki/Hexpat/";
     description = "XML parser/formatter based on expat";
diff --git a/pkgs/development/libraries/haskell/hflags/default.nix b/pkgs/development/libraries/haskell/hflags/default.nix
index 89d2f2d518e5..04e70183781d 100644
--- a/pkgs/development/libraries/haskell/hflags/default.nix
+++ b/pkgs/development/libraries/haskell/hflags/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hflags";
-  version = "0.2";
-  sha256 = "1bz8w1vxqlc2c9iygr2dhy2ck1sd56zjwqzz707nqcmsqqsfmyhb";
+  version = "0.4";
+  sha256 = "17zzx273kmnwwazmmns78cllz3l7wad1gi7hizgcxi68j04blhd4";
   buildDepends = [ text ];
   meta = {
     homepage = "http://github.com/errge/hflags";
diff --git a/pkgs/development/libraries/haskell/hjsmin/default.nix b/pkgs/development/libraries/haskell/hjsmin/default.nix
index 9551581dadf6..5980141526b0 100644
--- a/pkgs/development/libraries/haskell/hjsmin/default.nix
+++ b/pkgs/development/libraries/haskell/hjsmin/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hjsmin";
-  version = "0.1.4.1";
-  sha256 = "0r73hd6kn37mdbm2i3g6v3qqm696kyflqs6ajq68qr5sr62sjb1a";
+  version = "0.1.4.3";
+  sha256 = "1jhpqfvwvzik41i4mi9fr9w1jlrlc1lj2illlbbwg7r3fwr5hnnl";
   buildDepends = [ blazeBuilder languageJavascript text ];
   testDepends = [
     blazeBuilder Cabal HUnit languageJavascript QuickCheck
diff --git a/pkgs/development/libraries/haskell/hoogle/default.nix b/pkgs/development/libraries/haskell/hoogle/default.nix
index c0b05ea82e0a..498e71d06d1e 100644
--- a/pkgs/development/libraries/haskell/hoogle/default.nix
+++ b/pkgs/development/libraries/haskell/hoogle/default.nix
@@ -7,8 +7,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hoogle";
-  version = "4.2.21";
-  sha256 = "167iw0rp37c1bixmaa5l06c943h33b457symllh8rcbmf880z09i";
+  version = "4.2.23";
+  sha256 = "1ykjf0w6c3pzsrzdhxs53nxj84aj2px3gpfc8f53dmgqv3wkyii7";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/hslua/default.nix b/pkgs/development/libraries/haskell/hslua/default.nix
new file mode 100644
index 000000000000..0cdd309d81bf
--- /dev/null
+++ b/pkgs/development/libraries/haskell/hslua/default.nix
@@ -0,0 +1,15 @@
+{ cabal, lua, mtl }:
+
+cabal.mkDerivation (self: {
+  pname = "hslua";
+  version = "0.3.8";
+  sha256 = "1yb23cyb3wj70z8lvk6w2sn13kc17v53fd8m587kb4fpqzpdz44d";
+  buildDepends = [ mtl ];
+  pkgconfigDepends = [ lua ];
+  configureFlags = "-fsystem-lua";
+  meta = {
+    description = "A Lua language interpreter embedding in Haskell";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/hspec/default.nix b/pkgs/development/libraries/haskell/hspec/default.nix
index 6d9caf6e6b63..57dab8852fdd 100644
--- a/pkgs/development/libraries/haskell/hspec/default.nix
+++ b/pkgs/development/libraries/haskell/hspec/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hspec";
-  version = "1.7.2";
-  sha256 = "0f0l5kzkpn957v7ibaxz9bxmjmbjaw50z2xs23g2w06zwnxii90h";
+  version = "1.7.2.1";
+  sha256 = "12khyg6ixk2rkbvxjbi210w57cais1s142v337kpcp3dfk6440bk";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/http-conduit/default.nix b/pkgs/development/libraries/haskell/http-conduit/default.nix
index 6d6ac6b3fd0e..4d639909d8e3 100644
--- a/pkgs/development/libraries/haskell/http-conduit/default.nix
+++ b/pkgs/development/libraries/haskell/http-conduit/default.nix
@@ -9,8 +9,8 @@
 
 cabal.mkDerivation (self: {
   pname = "http-conduit";
-  version = "1.9.4.5";
-  sha256 = "04b459x60dspd827k6ccikkm4j0cl7phcprvsdcqbc78yjf7vqpg";
+  version = "1.9.5.1";
+  sha256 = "1a53s5f9p0xnd33midi4pfj6i3nvckb9khn0p3l3v3xvqn5rrgf2";
   buildDepends = [
     asn1Data base64Bytestring blazeBuilder blazeBuilderConduit
     caseInsensitive certificate conduit cookie cprngAes dataDefault
diff --git a/pkgs/development/libraries/haskell/http-types/default.nix b/pkgs/development/libraries/haskell/http-types/default.nix
index b0b68eec434e..c099709e0dae 100644
--- a/pkgs/development/libraries/haskell/http-types/default.nix
+++ b/pkgs/development/libraries/haskell/http-types/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "http-types";
-  version = "0.8.1";
-  sha256 = "07hxxlhgnwsvjr2dzqbswwwkjxwsc0pk6shpkvzgclrsyn3xrg7p";
+  version = "0.8.2";
+  sha256 = "1536wpmicmq90qvnvcvq1dzk2vfhj7ls6hz4pqp0ll9aksk3msr1";
   buildDepends = [ blazeBuilder caseInsensitive text ];
   testDepends = [ blazeBuilder hspec QuickCheck text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/intervals/default.nix b/pkgs/development/libraries/haskell/intervals/default.nix
index 3cc44b05dbb5..788962412d7a 100644
--- a/pkgs/development/libraries/haskell/intervals/default.nix
+++ b/pkgs/development/libraries/haskell/intervals/default.nix
@@ -1,10 +1,9 @@
-{ cabal, numericExtras }:
+{ cabal }:
 
 cabal.mkDerivation (self: {
   pname = "intervals";
-  version = "0.2.2";
-  sha256 = "059xmk373xz6nwk61iyhx4d7xd328jxb694qmq9plry3k77mdh5q";
-  buildDepends = [ numericExtras ];
+  version = "0.3";
+  sha256 = "1k8dhhwa6y5hrkm9np9x953bdn3pgk5c2lkl3zgrrmrwmd075422";
   meta = {
     homepage = "http://github.com/ekmett/intervals";
     description = "Interval Arithmetic";
diff --git a/pkgs/development/libraries/haskell/keys/default.nix b/pkgs/development/libraries/haskell/keys/default.nix
new file mode 100644
index 000000000000..b657f3dd6b94
--- /dev/null
+++ b/pkgs/development/libraries/haskell/keys/default.nix
@@ -0,0 +1,16 @@
+{ cabal, comonad, free, semigroupoids, semigroups, transformers }:
+
+cabal.mkDerivation (self: {
+  pname = "keys";
+  version = "3.10";
+  sha256 = "1s2xkzvaqk507wrgabpxli8g8n83arflmdhxq40f7qkvyflhhmyh";
+  buildDepends = [
+    comonad free semigroupoids semigroups transformers
+  ];
+  meta = {
+    homepage = "http://github.com/ekmett/keys/";
+    description = "Keyed functors and containers";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/lambdabot/default.nix b/pkgs/development/libraries/haskell/lambdabot/default.nix
index 922130f4f9b9..bbf13bd3fe9e 100644
--- a/pkgs/development/libraries/haskell/lambdabot/default.nix
+++ b/pkgs/development/libraries/haskell/lambdabot/default.nix
@@ -10,8 +10,8 @@
 
 cabal.mkDerivation (self: {
   pname = "lambdabot";
-  version = "4.3";
-  sha256 = "0pjwxlq4rbmg9wj44vrillly967y35b4i995mz5167hpji05clvy";
+  version = "4.3.0.1";
+  sha256 = "19pkm4m2xk9ziai3ka4scxjavi0as8dmivz9q6vg3npmv0kyhkhb";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/language-ecmascript/default.nix b/pkgs/development/libraries/haskell/language-ecmascript/default.nix
new file mode 100644
index 000000000000..8fc147191ada
--- /dev/null
+++ b/pkgs/development/libraries/haskell/language-ecmascript/default.nix
@@ -0,0 +1,23 @@
+{ cabal, dataDefaultClass, Diff, filepath, HUnit, mtl, parsec
+, QuickCheck, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2, uniplate
+}:
+
+cabal.mkDerivation (self: {
+  pname = "language-ecmascript";
+  version = "0.15.2";
+  sha256 = "1iszs9f2jryddcz36a6anfyfxpwjhzn49xjqvnd5m6rjdq6y403w";
+  buildDepends = [
+    dataDefaultClass Diff mtl parsec QuickCheck uniplate
+  ];
+  testDepends = [
+    dataDefaultClass Diff filepath HUnit mtl parsec QuickCheck
+    testFramework testFrameworkHunit testFrameworkQuickcheck2
+  ];
+  meta = {
+    homepage = "http://github.com/jswebtools/language-ecmascript";
+    description = "JavaScript parser and pretty-printer library";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/language-java/default.nix b/pkgs/development/libraries/haskell/language-java/default.nix
index 13054c0714df..e665f5aadde9 100644
--- a/pkgs/development/libraries/haskell/language-java/default.nix
+++ b/pkgs/development/libraries/haskell/language-java/default.nix
@@ -5,7 +5,7 @@
 cabal.mkDerivation (self: {
   pname = "language-java";
   version = "0.2.5";
-  sha256 = "1l3q156m3l3fawsrgj3fr16qxr0apwg2si410j0f5hsgfmkhdrm6";
+  sha256 = "1ai6mvzasi8fji4b81nrpy48icf5h25g3kakhpfbzckwf20c9dkd";
   buildDepends = [ cpphs parsec syb ];
   testDepends = [
     filepath HUnit mtl QuickCheck testFramework testFrameworkHunit
diff --git a/pkgs/development/libraries/haskell/language-javascript/default.nix b/pkgs/development/libraries/haskell/language-javascript/default.nix
index 4571b869e3bd..abf8df4f5569 100644
--- a/pkgs/development/libraries/haskell/language-javascript/default.nix
+++ b/pkgs/development/libraries/haskell/language-javascript/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "language-javascript";
-  version = "0.5.7";
-  sha256 = "0mndz0bqxkayzm7g92cvai9ahb9msr99syp9djhaya1d45595ad3";
+  version = "0.5.8";
+  sha256 = "0slwj2bi9v7qjr6ai5dwql7fqgsh8k9k2bzlsq407iacsv0w3b9h";
   buildDepends = [ blazeBuilder mtl utf8Light utf8String ];
   testDepends = [
     blazeBuilder Cabal HUnit mtl QuickCheck testFramework
diff --git a/pkgs/development/libraries/haskell/lens-datetime/default.nix b/pkgs/development/libraries/haskell/lens-datetime/default.nix
index b1a472dfc7c1..2de451f4177f 100644
--- a/pkgs/development/libraries/haskell/lens-datetime/default.nix
+++ b/pkgs/development/libraries/haskell/lens-datetime/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "lens-datetime";
-  version = "0.1.1";
-  sha256 = "0p93211ibq1rkh4aj69xdwan0338k35vb5qyf7zp761nghnk3d47";
+  version = "0.2";
+  sha256 = "0wrs7alz1zfg1xrg04lhz01mrd1gcz2xr8b5mxfdvq94f5m87sdr";
   buildDepends = [ lens time ];
   meta = {
     homepage = "http://github.com/klao/lens-datetime";
diff --git a/pkgs/development/libraries/haskell/lens/default.nix b/pkgs/development/libraries/haskell/lens/default.nix
index 20541aa4a2ff..60aa29ac089a 100644
--- a/pkgs/development/libraries/haskell/lens/default.nix
+++ b/pkgs/development/libraries/haskell/lens/default.nix
@@ -1,23 +1,21 @@
-{ cabal, bifunctors, comonad, comonadsFd, comonadTransformers
-, contravariant, deepseq, distributive, doctest, filepath
-, genericDeriving, hashable, HUnit, MonadCatchIOTransformers, mtl
-, nats, parallel, profunctorExtras, profunctors, QuickCheck
-, reflection, semigroupoids, semigroups, simpleReflect, split
-, tagged, testFramework, testFrameworkHunit
+{ cabal, bifunctors, comonad, contravariant, deepseq, distributive
+, doctest, filepath, genericDeriving, hashable, HUnit
+, MonadCatchIOTransformers, mtl, nats, parallel, profunctors
+, QuickCheck, reflection, semigroupoids, semigroups, simpleReflect
+, split, tagged, testFramework, testFrameworkHunit
 , testFrameworkQuickcheck2, testFrameworkTh, text, transformers
 , transformersCompat, unorderedContainers, vector, void
 }:
 
 cabal.mkDerivation (self: {
   pname = "lens";
-  version = "3.9.1";
-  sha256 = "141v7b5ag6jxnim1hdyxqi5m2sm1j5fpspkcs8qnznfcd33gyfja";
+  version = "3.10";
+  sha256 = "086kbd59zlx3ldrxilssxd0gr9izwhcfhg5k6bqzm6gwvysrzq3y";
   buildDepends = [
-    bifunctors comonad comonadsFd comonadTransformers contravariant
-    distributive filepath genericDeriving hashable
-    MonadCatchIOTransformers mtl parallel profunctorExtras profunctors
-    reflection semigroupoids semigroups split tagged text transformers
-    transformersCompat unorderedContainers vector void
+    bifunctors comonad contravariant distributive filepath
+    genericDeriving hashable MonadCatchIOTransformers mtl parallel
+    profunctors reflection semigroupoids semigroups split tagged text
+    transformers transformersCompat unorderedContainers vector void
   ];
   testDepends = [
     deepseq doctest filepath genericDeriving HUnit mtl nats parallel
diff --git a/pkgs/development/libraries/haskell/linear/default.nix b/pkgs/development/libraries/haskell/linear/default.nix
index ba0f2ce1a3a9..feeeaed3be54 100644
--- a/pkgs/development/libraries/haskell/linear/default.nix
+++ b/pkgs/development/libraries/haskell/linear/default.nix
@@ -1,21 +1,26 @@
-{ cabal, distributive, doctest, filepath, hashable, lens
-, reflection, semigroupoids, semigroups, simpleReflect, tagged
-, transformers, unorderedContainers, vector
+{ cabal, binary, distributive, doctest, filepath, hashable, HUnit
+, lens, reflection, semigroupoids, semigroups, simpleReflect
+, tagged, testFramework, testFrameworkHunit, transformers
+, unorderedContainers, vector
 }:
 
 cabal.mkDerivation (self: {
   pname = "linear";
-  version = "1.2";
-  sha256 = "0mna8k6plq0akki5j5zjk1xk1hgks1076q1h5s14v87d0h45wlrh";
+  version = "1.3.1";
+  sha256 = "1s07qbdi12rc4djk4s0ds5sh79qcqfmgrbwfj1ygskq3ra88qqsa";
   buildDepends = [
-    distributive hashable reflection semigroupoids semigroups tagged
-    transformers unorderedContainers vector
+    binary distributive hashable reflection semigroupoids semigroups
+    tagged transformers unorderedContainers vector
+  ];
+  testDepends = [
+    binary doctest filepath HUnit lens simpleReflect testFramework
+    testFrameworkHunit
   ];
-  testDepends = [ doctest filepath lens simpleReflect ];
   meta = {
     homepage = "http://github.com/ekmett/linear/";
     description = "Linear Algebra";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
   };
 })
diff --git a/pkgs/development/libraries/haskell/list-tries/default.nix b/pkgs/development/libraries/haskell/list-tries/default.nix
new file mode 100644
index 000000000000..4eb91c67a476
--- /dev/null
+++ b/pkgs/development/libraries/haskell/list-tries/default.nix
@@ -0,0 +1,16 @@
+{ cabal, binary, dlist }:
+
+cabal.mkDerivation (self: {
+  pname = "list-tries";
+  version = "0.5.1";
+  sha256 = "15lbq41rikj5vm9gfgjxz98pamnib4dcs48fr2vm9r3s3fikd2kz";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [ binary dlist ];
+  meta = {
+    homepage = "http://iki.fi/matti.niemenmaa/list-tries/";
+    description = "Tries and Patricia tries: finite sets and maps for list keys";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/llvm-general-pure/default.nix b/pkgs/development/libraries/haskell/llvm-general-pure/default.nix
new file mode 100644
index 000000000000..0a8f455d9713
--- /dev/null
+++ b/pkgs/development/libraries/haskell/llvm-general-pure/default.nix
@@ -0,0 +1,20 @@
+{ cabal, HUnit, mtl, parsec, QuickCheck, setenv, testFramework
+, testFrameworkHunit, testFrameworkQuickcheck2, transformers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "llvm-general-pure";
+  version = "3.3.8.2";
+  sha256 = "171mp9rydw6r2khcmvkcfjk934ckfahwyx1b4a15gmj8sr1s9hzp";
+  buildDepends = [ mtl parsec setenv transformers ];
+  testDepends = [
+    HUnit mtl QuickCheck testFramework testFrameworkHunit
+    testFrameworkQuickcheck2
+  ];
+  doCheck = false;
+  meta = {
+    description = "Pure Haskell LLVM functionality (no FFI)";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/llvm-general/default.nix b/pkgs/development/libraries/haskell/llvm-general/default.nix
index 16d9859aae22..2eb0a2c5d206 100644
--- a/pkgs/development/libraries/haskell/llvm-general/default.nix
+++ b/pkgs/development/libraries/haskell/llvm-general/default.nix
@@ -1,18 +1,21 @@
-{ cabal, HUnit, llvmConfig, mtl, parsec, QuickCheck, setenv
-, testFramework, testFrameworkHunit, testFrameworkQuickcheck2, text
-, transformers
+{ cabal, HUnit, llvmConfig, llvmGeneralPure, mtl, parsec
+, QuickCheck, setenv, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2, transformers, utf8String
 }:
 
 cabal.mkDerivation (self: {
   pname = "llvm-general";
-  version = "3.3.5.0";
-  sha256 = "15zrav7339jn6p75g1d7h3qkr1wyal1jzfs8xy73kckw2fzn4nlf";
-  buildDepends = [ mtl parsec setenv text transformers ];
+  version = "3.3.8.2";
+  sha256 = "11qnvpnx4i8mjdgn5y58rl70wf8pzmd555hrdaki1f4q0035cmm5";
+  buildDepends = [
+    llvmGeneralPure mtl parsec setenv transformers utf8String
+  ];
   testDepends = [
-    HUnit mtl QuickCheck testFramework testFrameworkHunit
-    testFrameworkQuickcheck2
+    HUnit llvmGeneralPure mtl QuickCheck testFramework
+    testFrameworkHunit testFrameworkQuickcheck2
   ];
   buildTools = [ llvmConfig ];
+  doCheck = false;
   meta = {
     description = "General purpose LLVM bindings";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/math-functions/default.nix b/pkgs/development/libraries/haskell/math-functions/default.nix
index 2e29269a9fdf..8180c8bce753 100644
--- a/pkgs/development/libraries/haskell/math-functions/default.nix
+++ b/pkgs/development/libraries/haskell/math-functions/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "math-functions";
-  version = "0.1.3.0";
-  sha256 = "06wxr8fbhmsgkpyx2vimx9l6apk0p27mwrxrvbjk0b7m9vsg3ay5";
+  version = "0.1.4.0";
+  sha256 = "1cijm224gfvd7rvrrndcks8d7aj89c9qv0m4wx2qqngr7rk78kav";
   buildDepends = [ erf vector ];
   testDepends = [
     HUnit ieee754 QuickCheck testFramework testFrameworkHunit
diff --git a/pkgs/development/libraries/haskell/modular-arithmetic/default.nix b/pkgs/development/libraries/haskell/modular-arithmetic/default.nix
index 7d53d81f7bb6..9a15b32f3072 100644
--- a/pkgs/development/libraries/haskell/modular-arithmetic/default.nix
+++ b/pkgs/development/libraries/haskell/modular-arithmetic/default.nix
@@ -2,9 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "modular-arithmetic";
-  version = "1.0.1.1";
-  sha256 = "14n83kjmz8mqjivjhwxk1zckms5z3gn77yq2hsw2yybzff2vkdkd";
-  noHaddock = true;
+  version = "1.1.0.0";
+  sha256 = "02zxxz204ydyj28p65fqb920x5gbm7gba4yf9mhiw6ff0dcmxp37";
   meta = {
     description = "A type for integers modulo some constant";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/monad-control/default.nix b/pkgs/development/libraries/haskell/monad-control/default.nix
index ac59d470145b..12657a63b4cc 100644
--- a/pkgs/development/libraries/haskell/monad-control/default.nix
+++ b/pkgs/development/libraries/haskell/monad-control/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "monad-control";
-  version = "0.3.2.1";
-  sha256 = "17wfdg3a2kkx1jwh7gfgbyx4351b420krsf8syb8l9xrl9gdz5a3";
+  version = "0.3.2.2";
+  sha256 = "1wwcx2k0nzmjqxf8d8wasnhvdx5q3nxkcyq7vbprkfy85sj7ivxc";
   buildDepends = [
     baseUnicodeSymbols transformers transformersBase
   ];
diff --git a/pkgs/development/libraries/haskell/monad-logger/default.nix b/pkgs/development/libraries/haskell/monad-logger/default.nix
index c06809c261dc..0b92ca0bb903 100644
--- a/pkgs/development/libraries/haskell/monad-logger/default.nix
+++ b/pkgs/development/libraries/haskell/monad-logger/default.nix
@@ -1,14 +1,15 @@
-{ cabal, conduit, fastLogger, monadControl, mtl, resourcet, text
-, transformers, transformersBase
+{ cabal, conduit, fastLogger, liftedBase, monadControl, monadLoops
+, mtl, resourcet, stm, stmChans, text, transformers
+, transformersBase
 }:
 
 cabal.mkDerivation (self: {
   pname = "monad-logger";
-  version = "0.3.1.1";
-  sha256 = "11qqmflcydjfm5py7rkbi9qd0mkhw4kxzxff95wf0jmaia9knvx6";
+  version = "0.3.2.0";
+  sha256 = "0pgjayx6h1zqadqrzaf36070kir7qlinha9h4bf532lfx5yc1yxg";
   buildDepends = [
-    conduit fastLogger monadControl mtl resourcet text transformers
-    transformersBase
+    conduit fastLogger liftedBase monadControl monadLoops mtl resourcet
+    stm stmChans text transformers transformersBase
   ];
   meta = {
     homepage = "https://github.com/kazu-yamamoto/logger";
diff --git a/pkgs/development/libraries/haskell/monad-par/0.3.4.4.nix b/pkgs/development/libraries/haskell/monad-par/0.3.4.5.nix
index d682908dcf18..58cbb522fa24 100644
--- a/pkgs/development/libraries/haskell/monad-par/0.3.4.4.nix
+++ b/pkgs/development/libraries/haskell/monad-par/0.3.4.5.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "monad-par";
-  version = "0.3.4.4";
-  sha256 = "0mqvrg2izqjrgzbmr6pcl9v9827fkr4mwxpdckm3gj1miljsj314";
+  version = "0.3.4.5";
+  sha256 = "0xwjx3l9ssyxaa49v8kz7ic54va1qy6dqa1z5gvww7a5gw1ll81p";
   buildDepends = [
     abstractDeque abstractPar deepseq monadParExtras mtl mwcRandom
     parallel
diff --git a/pkgs/development/libraries/haskell/mono-traversable/default.nix b/pkgs/development/libraries/haskell/mono-traversable/default.nix
new file mode 100644
index 000000000000..42cfee3412b3
--- /dev/null
+++ b/pkgs/development/libraries/haskell/mono-traversable/default.nix
@@ -0,0 +1,20 @@
+{ cabal, comonad, hashable, hspec, semigroupoids, semigroups, text
+, transformers, unorderedContainers, vector
+}:
+
+cabal.mkDerivation (self: {
+  pname = "mono-traversable";
+  version = "0.1.0.0";
+  sha256 = "1pkg8lagfiixgq2xb4ficgcqv1hhmxy2r49lq9szar7knh0gcjn1";
+  buildDepends = [
+    comonad hashable semigroupoids semigroups text transformers
+    unorderedContainers vector
+  ];
+  testDepends = [ hspec text ];
+  meta = {
+    homepage = "https://github.com/snoyberg/mono-traversable";
+    description = "Type classes for mapping, folding, and traversing monomorphic containers";
+    license = self.stdenv.lib.licenses.mit;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/monoid-extras/default.nix b/pkgs/development/libraries/haskell/monoid-extras/default.nix
index a9a2b07e81b9..8eb61453f9c0 100644
--- a/pkgs/development/libraries/haskell/monoid-extras/default.nix
+++ b/pkgs/development/libraries/haskell/monoid-extras/default.nix
@@ -2,9 +2,10 @@
 
 cabal.mkDerivation (self: {
   pname = "monoid-extras";
-  version = "0.3.2.0";
-  sha256 = "0yhb55v0a2221xbpbm8jiqzqvps0lab5n8iakpq69ndr2l0d2r3x";
+  version = "0.3.2.3";
+  sha256 = "1q7aw4adg082rszkc3skdvidcn86n06xvr3x8qarpjb285znsmc4";
   buildDepends = [ groupoids groups semigroupoids semigroups ];
+  jailbreak = true;
   meta = {
     description = "Various extra monoid-related definitions and utilities";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/multiarg/default.nix b/pkgs/development/libraries/haskell/multiarg/default.nix
index 555435d3c583..3c5239b4737e 100644
--- a/pkgs/development/libraries/haskell/multiarg/default.nix
+++ b/pkgs/development/libraries/haskell/multiarg/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "multiarg";
-  version = "0.22.0.0";
-  sha256 = "1fswkgrn8mc92lrzmrxhv6hbgch2lqdvmjn88k4ajqc0gpmpb750";
+  version = "0.24.0.0";
+  sha256 = "0vdhrsqwa2wq9cvf96x3hqml2vbjcvik9mpz1kbbhb61f9lbhas6";
   buildDepends = [ utf8String ];
   meta = {
     homepage = "https://github.com/massysett/multiarg";
diff --git a/pkgs/development/libraries/haskell/multirec/default.nix b/pkgs/development/libraries/haskell/multirec/default.nix
index a7d7459b4558..61de0cace5b5 100644
--- a/pkgs/development/libraries/haskell/multirec/default.nix
+++ b/pkgs/development/libraries/haskell/multirec/default.nix
@@ -4,7 +4,6 @@ cabal.mkDerivation (self: {
   pname = "multirec";
   version = "0.7.3";
   sha256 = "0k1wbjsvkl08nwjikflc8yyalk654mf8bvi1rhm28i4na52myi5y";
-  noHaddock = true;
   meta = {
     homepage = "http://www.cs.uu.nl/wiki/GenericProgramming/Multirec";
     description = "Generic programming for families of recursive datatypes";
diff --git a/pkgs/development/libraries/haskell/mwc-random/default.nix b/pkgs/development/libraries/haskell/mwc-random/default.nix
index 3e9be2c5e587..d26980994e71 100644
--- a/pkgs/development/libraries/haskell/mwc-random/default.nix
+++ b/pkgs/development/libraries/haskell/mwc-random/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "mwc-random";
-  version = "0.12.0.1";
-  sha256 = "1sq4yxi231ka8rzwsihqziibs7amvl27ycr018wymm3yz36vsy7c";
+  version = "0.13.1.0";
+  sha256 = "16g6b1pphr4p36nn5qjj62iwf47rq8kfmpjgfvd35r3cz9qqb8cb";
   buildDepends = [ primitive time vector ];
   testDepends = [
     HUnit QuickCheck statistics testFramework testFrameworkHunit
diff --git a/pkgs/development/libraries/haskell/nats/default.nix b/pkgs/development/libraries/haskell/nats/default.nix
index 02f5c289836e..91cc79f52b88 100644
--- a/pkgs/development/libraries/haskell/nats/default.nix
+++ b/pkgs/development/libraries/haskell/nats/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "nats";
-  version = "0.1";
-  sha256 = "08gh7jjmws70919hmqqmvnfqcpxr34f03jmg3lzmmhqvr15gm1vy";
+  version = "0.1.2";
+  sha256 = "1r4083p8sbnqs74l8faqfs1i97k8bql762l55pbmapy0p1xrkzka";
   meta = {
     homepage = "http://github.com/ekmett/nats/";
     description = "Haskell 98 natural numbers";
diff --git a/pkgs/development/libraries/haskell/ncurses/default.nix b/pkgs/development/libraries/haskell/ncurses/default.nix
index c98f711f2971..f900e3c2ef95 100644
--- a/pkgs/development/libraries/haskell/ncurses/default.nix
+++ b/pkgs/development/libraries/haskell/ncurses/default.nix
@@ -2,17 +2,12 @@
 
 cabal.mkDerivation (self: {
   pname = "ncurses";
-  version = "0.2.4";
-  sha256 = "0d4h85qgva1sf59g55k9xidqdpw18qj51xj7w5cqsf5pcpxgkcwh";
+  version = "0.2.7";
+  sha256 = "026p6b2apgi9r65py45h3rl57xgwzyamq511a0rsb7myzagw22vz";
   buildDepends = [ text transformers ];
   buildTools = [ c2hs ];
   extraLibraries = [ ncurses ];
-  preConfigure = ''
-    sed -i -e "s,ncursesw/,," lib/UI/NCurses.chs
-    sed -i -e "s,ncursesw/,," lib/UI/NCurses/Enums.chs
-    sed -i -e "s,ncursesw/,," lib/UI/NCurses/Panel.chs
-    sed -i -e "s,ncursesw/,," cbits/hsncurses-shim.c
-  '';
+  patchPhase = "find . -type f -exec sed -i -e 's|ncursesw/||' {} \\;";
   meta = {
     homepage = "https://john-millikin.com/software/haskell-ncurses/";
     description = "Modernised bindings to GNU ncurses";
diff --git a/pkgs/development/libraries/haskell/network-conduit-tls/default.nix b/pkgs/development/libraries/haskell/network-conduit-tls/default.nix
index bfb96e304802..415c047a2f53 100644
--- a/pkgs/development/libraries/haskell/network-conduit-tls/default.nix
+++ b/pkgs/development/libraries/haskell/network-conduit-tls/default.nix
@@ -1,16 +1,17 @@
-{ cabal, aeson, certificate, conduit, cprngAes, cryptoApi
-, cryptoRandomApi, network, networkConduit, pem, systemFileio
-, systemFilepath, tls, tlsExtra, transformers
+{ cabal, aeson, certificate, conduit, connection, cprngAes
+, cryptoApi, cryptoRandomApi, dataDefault, monadControl, network
+, networkConduit, pem, systemFileio, systemFilepath, tls, tlsExtra
+, transformers
 }:
 
 cabal.mkDerivation (self: {
   pname = "network-conduit-tls";
-  version = "1.0.1.1";
-  sha256 = "0v5rspcjhd2vid5i74dy1sdcvci7dlr88sgr0v9vjp4gcyb29qlj";
+  version = "1.0.2";
+  sha256 = "0m3sbb4vpsjf568zaaxri8x7x46wngf5y2s5chgjzfmbj0amkl51";
   buildDepends = [
-    aeson certificate conduit cprngAes cryptoApi cryptoRandomApi
-    network networkConduit pem systemFileio systemFilepath tls tlsExtra
-    transformers
+    aeson certificate conduit connection cprngAes cryptoApi
+    cryptoRandomApi dataDefault monadControl network networkConduit pem
+    systemFileio systemFilepath tls tlsExtra transformers
   ];
   meta = {
     homepage = "https://github.com/snoyberg/conduit";
diff --git a/pkgs/development/libraries/haskell/network/2.4.2.0.nix b/pkgs/development/libraries/haskell/network/2.4.2.0.nix
new file mode 100644
index 000000000000..2912138daf7c
--- /dev/null
+++ b/pkgs/development/libraries/haskell/network/2.4.2.0.nix
@@ -0,0 +1,20 @@
+{ cabal, HUnit, parsec, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2
+}:
+
+cabal.mkDerivation (self: {
+  pname = "network";
+  version = "2.4.2.0";
+  sha256 = "1v6iwww8xym0sr2593ri0aa6gcs6n2975fi9gaz9n7rizbqm88qs";
+  buildDepends = [ parsec ];
+  testDepends = [
+    HUnit testFramework testFrameworkHunit testFrameworkQuickcheck2
+  ];
+  meta = {
+    homepage = "https://github.com/haskell/network";
+    description = "Low-level networking interface";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/numbers/default.nix b/pkgs/development/libraries/haskell/numbers/default.nix
index 81a3e866dc01..26ed2d77bd0f 100644
--- a/pkgs/development/libraries/haskell/numbers/default.nix
+++ b/pkgs/development/libraries/haskell/numbers/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "numbers";
-  version = "3000.1.0.3";
-  sha256 = "0w2m2m3vp3lpvnc7wkw6pqfz741a68dma4s0asl7cryykwf94xgz";
+  version = "3000.2.0.0";
+  sha256 = "035qc7dgh4nd661z4mm742v8y7xqdyyp0r0vkinxiifciqb1fkbm";
   testDepends = [
     QuickCheck testFramework testFrameworkQuickcheck2
   ];
diff --git a/pkgs/development/libraries/haskell/optparse-applicative/default.nix b/pkgs/development/libraries/haskell/optparse-applicative/default.nix
index a3ab241b28ca..6f7ef601d61a 100644
--- a/pkgs/development/libraries/haskell/optparse-applicative/default.nix
+++ b/pkgs/development/libraries/haskell/optparse-applicative/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "optparse-applicative";
-  version = "0.5.2.1";
-  sha256 = "0w4mk851mx8dch8lnck0g82asmzrsc47xrf34jygh0f6v4kbj40i";
+  version = "0.7.0.2";
+  sha256 = "1pq620236x8fch9nkq4g4vganbzksnwj8z1bb80c2mwvf6sbg5ci";
   buildDepends = [ transformers ];
   testDepends = [
     HUnit testFramework testFrameworkHunit testFrameworkThPrime
diff --git a/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix b/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix
new file mode 100644
index 000000000000..dd400ef550d1
--- /dev/null
+++ b/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix
@@ -0,0 +1,27 @@
+{ cabal, aeson, aesonPretty, attoparsec, Diff, filepath, hexpat
+, hsBibutils, HTTP, json, mtl, network, pandoc, pandocTypes, parsec
+, rfc5051, split, syb, tagsoup, texmath, text, time, utf8String
+, vector, yaml
+}:
+
+cabal.mkDerivation (self: {
+  pname = "pandoc-citeproc";
+  version = "0.1.2.1";
+  sha256 = "13i4shpbd9swbsrpmkpb7jx79m12z12m9f3x167fs78509dak3iv";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [
+    aeson attoparsec filepath hexpat hsBibutils HTTP json mtl network
+    pandoc pandocTypes parsec rfc5051 split syb tagsoup texmath text
+    time utf8String vector yaml
+  ];
+  testDepends = [
+    aeson aesonPretty Diff filepath pandoc pandocTypes yaml
+  ];
+  doCheck = false;
+  meta = {
+    description = "Supports using pandoc with citeproc";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/pandoc-types/default.nix b/pkgs/development/libraries/haskell/pandoc-types/default.nix
index d4f49791d306..41024c6b7d2a 100644
--- a/pkgs/development/libraries/haskell/pandoc-types/default.nix
+++ b/pkgs/development/libraries/haskell/pandoc-types/default.nix
@@ -1,10 +1,10 @@
-{ cabal, syb }:
+{ cabal, aeson, syb }:
 
 cabal.mkDerivation (self: {
   pname = "pandoc-types";
-  version = "1.10";
-  sha256 = "1xbqvgb95h0jhqx2y0jzds3xvycx5gwi3xn6agdmfkg7xhx9hnz6";
-  buildDepends = [ syb ];
+  version = "1.12.3";
+  sha256 = "1klfplpn2faw9da7xw5h5sx44annc2g7himyzyvb436wjnkjan0j";
+  buildDepends = [ aeson syb ];
   meta = {
     homepage = "http://johnmacfarlane.net/pandoc";
     description = "Types for representing a structured document";
diff --git a/pkgs/development/libraries/haskell/pandoc/default.nix b/pkgs/development/libraries/haskell/pandoc/default.nix
index f81fb4e56d9e..b5ccc95bd3fd 100644
--- a/pkgs/development/libraries/haskell/pandoc/default.nix
+++ b/pkgs/development/libraries/haskell/pandoc/default.nix
@@ -1,29 +1,31 @@
-{ cabal, ansiTerminal, base64Bytestring, blazeHtml, blazeMarkup
-, citeprocHs, dataDefault, Diff, extensibleExceptions, filepath
-, highlightingKate, HTTP, HUnit, json, mtl, network, pandocTypes
-, parsec, QuickCheck, random, syb, tagsoup, temporary
-, testFramework, testFrameworkHunit, testFrameworkQuickcheck2
-, texmath, text, time, xml, zipArchive, zlib
+{ cabal, aeson, alex, ansiTerminal, attoparsec, base64Bytestring
+, blazeHtml, blazeMarkup, dataDefault, Diff, extensibleExceptions
+, filepath, happy, highlightingKate, hslua, HTTP, httpConduit
+, httpTypes, HUnit, mtl, network, pandocTypes, parsec, QuickCheck
+, random, syb, tagsoup, temporary, testFramework
+, testFrameworkHunit, testFrameworkQuickcheck2, texmath, text, time
+, unorderedContainers, vector, xml, yaml, zipArchive, zlib
 }:
 
 cabal.mkDerivation (self: {
   pname = "pandoc";
-  version = "1.11.1";
-  sha256 = "0b23vrgkm1csykx1zrldkg5ka816j6m7a5fhs4cxffalifq91c7b";
+  version = "1.12.1";
+  sha256 = "0csyrcfdqv2mc7ngn63lan3c1dd6zy0pb24k0z1lsraqlmmw76nf";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    base64Bytestring blazeHtml blazeMarkup citeprocHs dataDefault
-    extensibleExceptions filepath highlightingKate HTTP json mtl
-    network pandocTypes parsec random syb tagsoup temporary texmath
-    text time xml zipArchive zlib
+    aeson alex attoparsec base64Bytestring blazeHtml blazeMarkup
+    dataDefault extensibleExceptions filepath happy highlightingKate
+    hslua HTTP httpConduit httpTypes mtl network pandocTypes parsec
+    random syb tagsoup temporary texmath text time unorderedContainers
+    vector xml yaml zipArchive zlib
   ];
   testDepends = [
     ansiTerminal Diff filepath highlightingKate HUnit pandocTypes
     QuickCheck syb testFramework testFrameworkHunit
     testFrameworkQuickcheck2 text
   ];
-  configureFlags = "-fblaze_html_0_5";
+  buildTools = [ alex happy ];
   doCheck = false;
   meta = {
     homepage = "http://johnmacfarlane.net/pandoc";
diff --git a/pkgs/development/libraries/haskell/parsers/0.10.nix b/pkgs/development/libraries/haskell/parsers/0.10.nix
new file mode 100644
index 000000000000..529fdf47124c
--- /dev/null
+++ b/pkgs/development/libraries/haskell/parsers/0.10.nix
@@ -0,0 +1,19 @@
+{ cabal, charset, doctest, filepath, parsec, text, transformers
+, unorderedContainers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "parsers";
+  version = "0.10";
+  sha256 = "090dvmdb1kmnc3k2x170y9fdifxi16hzkij1gzc51flx3bpx40i1";
+  buildDepends = [
+    charset parsec text transformers unorderedContainers
+  ];
+  testDepends = [ doctest filepath ];
+  meta = {
+    homepage = "http://github.com/ekmett/parsers/";
+    description = "Parsing combinators";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/parsers/0.9.nix b/pkgs/development/libraries/haskell/parsers/0.9.nix
new file mode 100644
index 000000000000..dc42228df66a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/parsers/0.9.nix
@@ -0,0 +1,17 @@
+{ cabal, charset, doctest, filepath, text, transformers
+, unorderedContainers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "parsers";
+  version = "0.9";
+  sha256 = "04lbayvdv2hax4s9sqlnia7jpzv1sgls41ylql0xbi2zhz5rvyyi";
+  buildDepends = [ charset text transformers unorderedContainers ];
+  testDepends = [ doctest filepath ];
+  meta = {
+    homepage = "http://github.com/ekmett/parsers/";
+    description = "Parsing combinators";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/path-pieces/default.nix b/pkgs/development/libraries/haskell/path-pieces/default.nix
index 14b9f8d70813..cdfe320a0609 100644
--- a/pkgs/development/libraries/haskell/path-pieces/default.nix
+++ b/pkgs/development/libraries/haskell/path-pieces/default.nix
@@ -1,11 +1,11 @@
-{ cabal, fileLocation, hspec, HUnit, QuickCheck, text, time }:
+{ cabal, hspec, HUnit, QuickCheck, text, time }:
 
 cabal.mkDerivation (self: {
   pname = "path-pieces";
-  version = "0.1.2";
-  sha256 = "1cxsa8lq1f2jf86iv6f17nraiav8k2vzjxln1y7z45qhcp1sbbaa";
+  version = "0.1.3";
+  sha256 = "03x9kfcaz1zsdpdzs05pcl0hv4hffgsl2js8xiy5slba6n841v4l";
   buildDepends = [ text time ];
-  testDepends = [ fileLocation hspec HUnit QuickCheck text ];
+  testDepends = [ hspec HUnit QuickCheck text ];
   meta = {
     description = "Components of paths";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/pem/default.nix b/pkgs/development/libraries/haskell/pem/default.nix
index 16b47a9c8ae0..473f15c4d1f3 100644
--- a/pkgs/development/libraries/haskell/pem/default.nix
+++ b/pkgs/development/libraries/haskell/pem/default.nix
@@ -1,14 +1,15 @@
-{ cabal, attoparsec, base64Bytestring, cereal, mtl, QuickCheck
-, testFramework, testFrameworkQuickcheck2
+{ cabal, base64Bytestring, HUnit, mtl, QuickCheck, testFramework
+, testFrameworkHunit, testFrameworkQuickcheck2
 }:
 
 cabal.mkDerivation (self: {
   pname = "pem";
-  version = "0.1.2";
-  sha256 = "1p2sw36b9w6lf53jzj86ibyy9a48fjd786mx3x8mvc5lczx8v78m";
-  buildDepends = [ attoparsec base64Bytestring cereal mtl ];
+  version = "0.2.0";
+  sha256 = "1hmsyavqzjx1chbn4a8vf0r2wz2fg0xl9cxgja4ap04si3qr458v";
+  buildDepends = [ base64Bytestring mtl ];
   testDepends = [
-    QuickCheck testFramework testFrameworkQuickcheck2
+    HUnit QuickCheck testFramework testFrameworkHunit
+    testFrameworkQuickcheck2
   ];
   meta = {
     homepage = "http://github.com/vincenthz/hs-pem";
diff --git a/pkgs/development/libraries/haskell/persistent-template/default.nix b/pkgs/development/libraries/haskell/persistent-template/default.nix
index 2afc416cb522..c3bb228933d3 100644
--- a/pkgs/development/libraries/haskell/persistent-template/default.nix
+++ b/pkgs/development/libraries/haskell/persistent-template/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "persistent-template";
-  version = "1.2.0.2";
-  sha256 = "0zj35mg7fzyk4b98s3s8m5i064s0wznz9aixgxa4kzm4xps7hj4z";
+  version = "1.2.0.4";
+  sha256 = "0lhqv4mcai9r5mzj5h6fsd1hd8mv1458id0rb6q157192gywxhzf";
   buildDepends = [
     aeson monadControl monadLogger persistent text transformers
   ];
diff --git a/pkgs/development/libraries/haskell/pipes-bytestring/default.nix b/pkgs/development/libraries/haskell/pipes-bytestring/default.nix
new file mode 100644
index 000000000000..715fcaa93383
--- /dev/null
+++ b/pkgs/development/libraries/haskell/pipes-bytestring/default.nix
@@ -0,0 +1,14 @@
+{ cabal, pipes, pipesParse, transformers }:
+
+cabal.mkDerivation (self: {
+  pname = "pipes-bytestring";
+  version = "1.0.1";
+  sha256 = "0zk2n9mly1mjh1zb3z33gab362abgh8c0mw88mmwnlfszq97hcz7";
+  buildDepends = [ pipes pipesParse transformers ];
+  meta = {
+    description = "ByteString support for pipes";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/pipes-concurrency/default.nix b/pkgs/development/libraries/haskell/pipes-concurrency/default.nix
index 3a14619d2662..7136a281f89b 100644
--- a/pkgs/development/libraries/haskell/pipes-concurrency/default.nix
+++ b/pkgs/development/libraries/haskell/pipes-concurrency/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "pipes-concurrency";
-  version = "2.0.0";
-  sha256 = "1f9l6qlaf8dyldzwaavj3k5akm74ycga5j173ypdna3pv0jbzfrk";
+  version = "2.0.1";
+  sha256 = "0grfwmmwzxrska2218php22f898nn3x92bz1lmhpw2qi8mywvkzh";
   buildDepends = [ pipes stm ];
   testDepends = [ async pipes stm ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/pipes-parse/default.nix b/pkgs/development/libraries/haskell/pipes-parse/default.nix
index 2584e001c4f7..33892ef8fc62 100644
--- a/pkgs/development/libraries/haskell/pipes-parse/default.nix
+++ b/pkgs/development/libraries/haskell/pipes-parse/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "pipes-parse";
-  version = "2.0.0";
-  sha256 = "092y0a4lvll451gnbz6ddrqgh22bd69wi00c0zd8s0hmf2f53y0s";
+  version = "2.0.1";
+  sha256 = "04sqjdmgkgk5qva0gyrblhdvmljgmci2yzzw7y17pmnwxwdja4f0";
   buildDepends = [ free pipes transformers ];
   meta = {
     description = "Parsing infrastructure for the pipes ecosystem";
diff --git a/pkgs/development/libraries/haskell/pointed/default.nix b/pkgs/development/libraries/haskell/pointed/default.nix
new file mode 100644
index 000000000000..15f4ba59aaad
--- /dev/null
+++ b/pkgs/development/libraries/haskell/pointed/default.nix
@@ -0,0 +1,19 @@
+{ cabal, comonad, dataDefaultClass, semigroupoids, semigroups, stm
+, tagged, transformers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "pointed";
+  version = "4.0";
+  sha256 = "02y7ba1pcpmwcp762516p4x75y3ma2kml9mbiv1y8gcnn4ylvir4";
+  buildDepends = [
+    comonad dataDefaultClass semigroupoids semigroups stm tagged
+    transformers
+  ];
+  meta = {
+    homepage = "http://github.com/ekmett/pointed/";
+    description = "Pointed and copointed data";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/postgresql-simple/default.nix b/pkgs/development/libraries/haskell/postgresql-simple/default.nix
index f9fa750b4b3a..4203c0cd84c0 100644
--- a/pkgs/development/libraries/haskell/postgresql-simple/default.nix
+++ b/pkgs/development/libraries/haskell/postgresql-simple/default.nix
@@ -1,15 +1,15 @@
-{ cabal, attoparsec, base16Bytestring, blazeBuilder, blazeTextual
-, cryptohash, HUnit, postgresqlLibpq, text, time, transformers
-, vector
+{ cabal, aeson, attoparsec, base16Bytestring, blazeBuilder
+, blazeTextual, cryptohash, HUnit, postgresqlLibpq, text, time
+, transformers, uuid, vector
 }:
 
 cabal.mkDerivation (self: {
   pname = "postgresql-simple";
-  version = "0.3.6.0";
-  sha256 = "1qszr3k7cihizbaq3naj134gavkpamk8q3g02rsilzvn0ivq8wb8";
+  version = "0.3.9.1";
+  sha256 = "0byzlmcbwlycvlk35w0gdp5x7860jcc589ypbdx0vm08aq5vz87v";
   buildDepends = [
-    attoparsec blazeBuilder blazeTextual postgresqlLibpq text time
-    transformers vector
+    aeson attoparsec blazeBuilder blazeTextual postgresqlLibpq text
+    time transformers uuid vector
   ];
   testDepends = [
     base16Bytestring cryptohash HUnit text time vector
diff --git a/pkgs/development/libraries/haskell/primitive/0.5.1.0.nix b/pkgs/development/libraries/haskell/primitive/0.5.1.0.nix
new file mode 100644
index 000000000000..ff62216b3f4a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/primitive/0.5.1.0.nix
@@ -0,0 +1,14 @@
+{ cabal }:
+
+cabal.mkDerivation (self: {
+  pname = "primitive";
+  version = "0.5.1.0";
+  sha256 = "0a8mf8k62xga5r5dd0fna1swqbx2r94c0mvqnc4mfq640zrsa5w8";
+  meta = {
+    homepage = "https://github.com/haskell/primitive";
+    description = "Primitive memory-related operations";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/profunctor-extras/default.nix b/pkgs/development/libraries/haskell/profunctor-extras/default.nix
index 6844bcc369a6..bf7e6ab71212 100644
--- a/pkgs/development/libraries/haskell/profunctor-extras/default.nix
+++ b/pkgs/development/libraries/haskell/profunctor-extras/default.nix
@@ -1,18 +1,13 @@
-{ cabal, comonad, profunctors, semigroupoidExtras, semigroupoids
-, tagged, transformers
-}:
+{ cabal, profunctors }:
 
 cabal.mkDerivation (self: {
   pname = "profunctor-extras";
-  version = "3.3.3.1";
-  sha256 = "16naa6ksgwy6fh8vwflcc9s0rpamn886as8qhjqrkpjlc8s83h7g";
-  buildDepends = [
-    comonad profunctors semigroupoidExtras semigroupoids tagged
-    transformers
-  ];
+  version = "4.0";
+  sha256 = "10j458liqlyz5s9gkg95c6aq7ap5fa7d8pc7hygy71nn87pm2g4a";
+  buildDepends = [ profunctors ];
   meta = {
     homepage = "http://github.com/ekmett/profunctor-extras/";
-    description = "Profunctor extras";
+    description = "This package has been absorbed into profunctors 4.0";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/profunctors/default.nix b/pkgs/development/libraries/haskell/profunctors/default.nix
index 83398295108b..83d06b10ca66 100644
--- a/pkgs/development/libraries/haskell/profunctors/default.nix
+++ b/pkgs/development/libraries/haskell/profunctors/default.nix
@@ -1,13 +1,13 @@
-{ cabal, comonad, tagged }:
+{ cabal, comonad, semigroupoids, tagged, transformers }:
 
 cabal.mkDerivation (self: {
   pname = "profunctors";
-  version = "3.3.0.1";
-  sha256 = "16d7xg929r4smmmcgi54bz7rsjxs6psksrdvzl4336sjpp3dw5h2";
-  buildDepends = [ comonad tagged ];
+  version = "4.0.1";
+  sha256 = "13yr3n7jkhxbk4gk6nd1j8p1a7g5ir8g9xprcy3s1x39cqf4m986";
+  buildDepends = [ comonad semigroupoids tagged transformers ];
   meta = {
     homepage = "http://github.com/ekmett/profunctors/";
-    description = "Haskell 98 Profunctors";
+    description = "Profunctors";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/pwstore-fast/default.nix b/pkgs/development/libraries/haskell/pwstore-fast/default.nix
index d75823d6025e..42aaeba82a8d 100644
--- a/pkgs/development/libraries/haskell/pwstore-fast/default.nix
+++ b/pkgs/development/libraries/haskell/pwstore-fast/default.nix
@@ -1,10 +1,10 @@
-{ cabal, base64Bytestring, cryptohash, random }:
+{ cabal, base64Bytestring, binary, cryptohash, random, SHA }:
 
 cabal.mkDerivation (self: {
   pname = "pwstore-fast";
-  version = "2.3";
-  sha256 = "014l4n00lpg5037fkdwnxnv7xjfc3vlz1dphr7hfbqnjwf1z9ibw";
-  buildDepends = [ base64Bytestring cryptohash random ];
+  version = "2.4.1";
+  sha256 = "1k98b1s2ld0jx8fy53k8d8pscp6n0plh51b2lj6ai6w8xj4vknw4";
+  buildDepends = [ base64Bytestring binary cryptohash random SHA ];
   meta = {
     homepage = "https://github.com/PeterScott/pwstore";
     description = "Secure password storage";
diff --git a/pkgs/development/libraries/haskell/reducers/default.nix b/pkgs/development/libraries/haskell/reducers/default.nix
new file mode 100644
index 000000000000..ea1049d2b40a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/reducers/default.nix
@@ -0,0 +1,20 @@
+{ cabal, comonad, fingertree, hashable, keys, pointed
+, semigroupoids, semigroups, text, transformers
+, unorderedContainers
+}:
+
+cabal.mkDerivation (self: {
+  pname = "reducers";
+  version = "3.10.1";
+  sha256 = "0pgywdgq0rqir95n4z3nzmyx5n54a1df9abyanz4qfv0g080fjkz";
+  buildDepends = [
+    comonad fingertree hashable keys pointed semigroupoids semigroups
+    text transformers unorderedContainers
+  ];
+  meta = {
+    homepage = "http://github.com/ekmett/reducers/";
+    description = "Semigroups, specialized containers and a general map/reduce framework";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/regex-compat-tdfa/default.nix b/pkgs/development/libraries/haskell/regex-compat-tdfa/default.nix
index 08c2f6556e28..6a45c87d9a6e 100644
--- a/pkgs/development/libraries/haskell/regex-compat-tdfa/default.nix
+++ b/pkgs/development/libraries/haskell/regex-compat-tdfa/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "regex-compat-tdfa";
-  version = "0.95.1.2";
-  sha256 = "0b7pp5xq4ybgji5shz5v1a91y6wwzila3vjiyq4nma0xj3njy802";
+  version = "0.95.1.4";
+  sha256 = "1p90fn90yhp7fvljjdqjp41cszidcfz4pw7fwvzyx4739b98x8sg";
   buildDepends = [ regexBase regexTdfa ];
   meta = {
     homepage = "http://hub.darcs.net/shelarcy/regex-compat-tdfa";
diff --git a/pkgs/development/libraries/haskell/resourcet/default.nix b/pkgs/development/libraries/haskell/resourcet/default.nix
index b0953cf9f7c3..b4d0fccd8a0b 100644
--- a/pkgs/development/libraries/haskell/resourcet/default.nix
+++ b/pkgs/development/libraries/haskell/resourcet/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "resourcet";
-  version = "0.4.8";
-  sha256 = "10pp4hm5c2k2fqzqpagy03gmr526ac2ji8h7k0mcypf4v0ga620m";
+  version = "0.4.9";
+  sha256 = "1jpaphmwvykjshjqwmmyfx64w1j99f6dphy9ygrzc32fjffk5laz";
   buildDepends = [
     liftedBase mmorph monadControl mtl transformers transformersBase
   ];
diff --git a/pkgs/development/libraries/haskell/rfc5051/default.nix b/pkgs/development/libraries/haskell/rfc5051/default.nix
new file mode 100644
index 000000000000..09b5d3e229ee
--- /dev/null
+++ b/pkgs/development/libraries/haskell/rfc5051/default.nix
@@ -0,0 +1,14 @@
+{ cabal }:
+
+cabal.mkDerivation (self: {
+  pname = "rfc5051";
+  version = "0.1.0.3";
+  sha256 = "0av4c3qvwbkbzrjrrg601ay9pds7wscqqp2lc2z78mv2lllap3g3";
+  isLibrary = true;
+  isExecutable = true;
+  meta = {
+    description = "Simple unicode collation as per RFC5051";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/scotty/default.nix b/pkgs/development/libraries/haskell/scotty/default.nix
index 9baaa89d2d4c..ad932df1ac79 100644
--- a/pkgs/development/libraries/haskell/scotty/default.nix
+++ b/pkgs/development/libraries/haskell/scotty/default.nix
@@ -1,14 +1,15 @@
 { cabal, aeson, blazeBuilder, caseInsensitive, conduit, dataDefault
-, httpTypes, mtl, regexCompat, resourcet, text, wai, waiExtra, warp
+, httpTypes, mtl, regexCompat, resourcet, text, transformers, wai
+, waiExtra, warp
 }:
 
 cabal.mkDerivation (self: {
   pname = "scotty";
-  version = "0.4.6";
-  sha256 = "0g83kgqr1p03z7dks6x00id2gz95kkw00wmwp5vyz4zvx1mmmvk8";
+  version = "0.5.0";
+  sha256 = "177c7nyjwksm2y98j2swgzfn1rmr2h0v4fk6s525kx803iibvfhc";
   buildDepends = [
     aeson blazeBuilder caseInsensitive conduit dataDefault httpTypes
-    mtl regexCompat resourcet text wai waiExtra warp
+    mtl regexCompat resourcet text transformers wai waiExtra warp
   ];
   meta = {
     homepage = "https://github.com/ku-fpg/scotty";
diff --git a/pkgs/development/libraries/haskell/semigroupoid-extras/default.nix b/pkgs/development/libraries/haskell/semigroupoid-extras/default.nix
index 263adb42f253..cb8ed865da3d 100644
--- a/pkgs/development/libraries/haskell/semigroupoid-extras/default.nix
+++ b/pkgs/development/libraries/haskell/semigroupoid-extras/default.nix
@@ -1,13 +1,13 @@
-{ cabal, comonad, distributive, groupoids, semigroupoids }:
+{ cabal, semigroupoids }:
 
 cabal.mkDerivation (self: {
   pname = "semigroupoid-extras";
-  version = "3.0.1";
-  sha256 = "1b6ix9myjav1h4bbq3jxlan8sn2pjw8x0zhazv3anxfab5n2sxpd";
-  buildDepends = [ comonad distributive groupoids semigroupoids ];
+  version = "4.0";
+  sha256 = "07aa7z4nywcrp9msq83b1pcmryl25yxha89sn5vwlgq40cibcm3g";
+  buildDepends = [ semigroupoids ];
   meta = {
     homepage = "http://github.com/ekmett/semigroupoid-extras";
-    description = "Semigroupoids requiring Haskell extensions";
+    description = "This package has been absorbed into semigroupoids 4.0";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/semigroupoids/default.nix b/pkgs/development/libraries/haskell/semigroupoids/default.nix
index aa7176f7e161..e0dbf4568049 100644
--- a/pkgs/development/libraries/haskell/semigroupoids/default.nix
+++ b/pkgs/development/libraries/haskell/semigroupoids/default.nix
@@ -1,13 +1,17 @@
-{ cabal, comonad, contravariant, semigroups, transformers }:
+{ cabal, comonad, contravariant, distributive, semigroups
+, transformers
+}:
 
 cabal.mkDerivation (self: {
   pname = "semigroupoids";
-  version = "3.1";
-  sha256 = "02147y0nnvyc9ykvjbbxa9gzmkk9kgpsmx40ahwnjk9igjkbyp9g";
-  buildDepends = [ comonad contravariant semigroups transformers ];
+  version = "4.0";
+  sha256 = "12h2b9pisy21xca3x9ilj0aix9clni0za35d2dmv55gb8y8df54l";
+  buildDepends = [
+    comonad contravariant distributive semigroups transformers
+  ];
   meta = {
     homepage = "http://github.com/ekmett/semigroupoids";
-    description = "Haskell 98 semigroupoids: Category sans id";
+    description = "Semigroupoids: Category sans id";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
   };
diff --git a/pkgs/development/libraries/haskell/semigroups/default.nix b/pkgs/development/libraries/haskell/semigroups/default.nix
index ded335ca524d..16e6eb60fcf6 100644
--- a/pkgs/development/libraries/haskell/semigroups/default.nix
+++ b/pkgs/development/libraries/haskell/semigroups/default.nix
@@ -1,13 +1,13 @@
-{ cabal, nats }:
+{ cabal, hashable, nats, text, unorderedContainers }:
 
 cabal.mkDerivation (self: {
   pname = "semigroups";
-  version = "0.9.2";
-  sha256 = "06r6zdfbks48yb7ib0bc168xxk4qciv4dbazq76dpmnlhwxcf1li";
-  buildDepends = [ nats ];
+  version = "0.11";
+  sha256 = "0w81ap41j28pbppqs33hz7b9n5ghyj2hnny0kgxgcg8iv2qg9czy";
+  buildDepends = [ hashable nats text unorderedContainers ];
   meta = {
     homepage = "http://github.com/ekmett/semigroups/";
-    description = "Haskell 98 semigroups";
+    description = "Anything that associates";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
     maintainers = [ self.stdenv.lib.maintainers.andres ];
diff --git a/pkgs/development/libraries/haskell/setenv/default.nix b/pkgs/development/libraries/haskell/setenv/default.nix
index b19728820aad..b00480279e18 100644
--- a/pkgs/development/libraries/haskell/setenv/default.nix
+++ b/pkgs/development/libraries/haskell/setenv/default.nix
@@ -1,10 +1,9 @@
-{ cabal, hspec, QuickCheck }:
+{ cabal }:
 
 cabal.mkDerivation (self: {
   pname = "setenv";
-  version = "0.1.0";
-  sha256 = "04w42bpfbrs5crjp19zzi9dg61xpz4wvmjs2vc7q7qxblyhdfdsy";
-  testDepends = [ hspec QuickCheck ];
+  version = "0.1.1";
+  sha256 = "1j0fj8nrx9z90kghasxjx5jycz9y9xdi7mrxmgnsc14csa65rhb8";
   doCheck = false;
   meta = {
     description = "A cross-platform library for setting environment variables";
diff --git a/pkgs/development/libraries/haskell/shake/default.nix b/pkgs/development/libraries/haskell/shake/default.nix
index 26171a56fdc5..ef7a6d699050 100644
--- a/pkgs/development/libraries/haskell/shake/default.nix
+++ b/pkgs/development/libraries/haskell/shake/default.nix
@@ -1,17 +1,22 @@
 { cabal, binary, deepseq, filepath, hashable, random, time
-, transformers, unorderedContainers
+, transformers, unorderedContainers, utf8String
 }:
 
 cabal.mkDerivation (self: {
   pname = "shake";
-  version = "0.10.6";
-  sha256 = "0d2wrgraifcj0rv9jmvc5a0gl0j1jjkc4r0nmaypnv6929kl26q8";
+  version = "0.10.8";
+  sha256 = "15r392b18nis9p0ys95kbj79hki19wid2gyrpy0z9zm2l5d1m3ya";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
     binary deepseq filepath hashable random time transformers
-    unorderedContainers
+    unorderedContainers utf8String
   ];
+  testDepends = [
+    binary deepseq filepath hashable random time transformers
+    unorderedContainers utf8String
+  ];
+  doCheck = false;
   meta = {
     homepage = "http://community.haskell.org/~ndm/shake/";
     description = "Build system library, like Make, but more accurate dependencies";
diff --git a/pkgs/development/libraries/haskell/shakespeare-css/default.nix b/pkgs/development/libraries/haskell/shakespeare-css/default.nix
index f24d60612d6f..03b6b057cd1e 100644
--- a/pkgs/development/libraries/haskell/shakespeare-css/default.nix
+++ b/pkgs/development/libraries/haskell/shakespeare-css/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "shakespeare-css";
-  version = "1.0.6.3";
-  sha256 = "1zwvrdb8kgknp2ri3ws6m0jg41d8kdprvjdimwxh98san7vmk744";
+  version = "1.0.6.4";
+  sha256 = "12f2b69grxpwk56b2d7idlg8axqfgzn0rn3m56r1hcpvkjbynlc4";
   buildDepends = [ parsec shakespeare text transformers ];
   testDepends = [ hspec HUnit shakespeare text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/shakespeare-js/default.nix b/pkgs/development/libraries/haskell/shakespeare-js/default.nix
index 6aa34026ce88..ed743d878324 100644
--- a/pkgs/development/libraries/haskell/shakespeare-js/default.nix
+++ b/pkgs/development/libraries/haskell/shakespeare-js/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "shakespeare-js";
-  version = "1.2.0";
-  sha256 = "1g37m7shqxfv7i2dk5qhvxldfzh1xipd91vcyqhks1jwa5byarzj";
+  version = "1.2.0.2";
+  sha256 = "1d7fmw2295ycjipaj9fjgw02y1088h2gxxk1d6sy4c165x95r6vx";
   buildDepends = [ aeson shakespeare text ];
   testDepends = [ aeson hspec HUnit shakespeare text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/shakespeare-text/default.nix b/pkgs/development/libraries/haskell/shakespeare-text/default.nix
index d05e2247710c..d5e91da61b1e 100644
--- a/pkgs/development/libraries/haskell/shakespeare-text/default.nix
+++ b/pkgs/development/libraries/haskell/shakespeare-text/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "shakespeare-text";
-  version = "1.0.0.7";
-  sha256 = "0vl8884a0x927svvkza5xzjn4g1rip8dak1zh9wkm4d0q7lhv2px";
+  version = "1.0.0.8";
+  sha256 = "0gf4gsdfjz9c15wvxz886gjzzifgzanfhblgab15inl2rblirv7l";
   buildDepends = [ shakespeare text ];
   testDepends = [ hspec HUnit text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/shakespeare/default.nix b/pkgs/development/libraries/haskell/shakespeare/default.nix
index 231470dca5a3..a5428b0ee3c1 100644
--- a/pkgs/development/libraries/haskell/shakespeare/default.nix
+++ b/pkgs/development/libraries/haskell/shakespeare/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "shakespeare";
-  version = "1.2.0";
-  sha256 = "0lzzdkry3sm5i5hhdygsikpnaps66k1sfdxi2mp0ly5aqi1n1blz";
+  version = "1.2.0.1";
+  sha256 = "07qfbqvq8fqbf7y43h0qq2gk9brpf4g0k7gghrjzyjrd57v5zygp";
   buildDepends = [ parsec systemFileio systemFilepath text time ];
   testDepends = [
     hspec parsec systemFileio systemFilepath text time
diff --git a/pkgs/development/libraries/haskell/shelly/default.nix b/pkgs/development/libraries/haskell/shelly/default.nix
index dc9367b44639..4272afd61a24 100644
--- a/pkgs/development/libraries/haskell/shelly/default.nix
+++ b/pkgs/development/libraries/haskell/shelly/default.nix
@@ -3,8 +3,8 @@
 
 cabal.mkDerivation (self: {
   pname = "shelly";
-  version = "1.3.0.7";
-  sha256 = "08ydsvgc8n0bvk5vcz3a3rpdbnranlbv8y84imkkh7i0p3nqyg2m";
+  version = "1.3.1";
+  sha256 = "1psgb1jqw6hqbrp7f217ayabchsn9q4fn2z77lc52r4mlvys13mh";
   buildDepends = [
     mtl systemFileio systemFilepath text time unixCompat
   ];
diff --git a/pkgs/development/libraries/haskell/simple-sendfile/default.nix b/pkgs/development/libraries/haskell/simple-sendfile/default.nix
index b8c527daf1a9..806feee295f7 100644
--- a/pkgs/development/libraries/haskell/simple-sendfile/default.nix
+++ b/pkgs/development/libraries/haskell/simple-sendfile/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "simple-sendfile";
-  version = "0.2.12";
-  sha256 = "019n82700fbhsqxgn1cwfqii27r436gljis7yl02zjnzy7xlvrha";
+  version = "0.2.13";
+  sha256 = "03cgbzfhkih1ln1xb78r1hfh6zzjjj6763n9nzr9cj6bxs0fiqd3";
   buildDepends = [ network ];
   testDepends = [ conduit hspec HUnit network networkConduit ];
   doCheck = false;
diff --git a/pkgs/development/libraries/haskell/skein/default.nix b/pkgs/development/libraries/haskell/skein/default.nix
index 6b8fc7eda284..7acc60e36016 100644
--- a/pkgs/development/libraries/haskell/skein/default.nix
+++ b/pkgs/development/libraries/haskell/skein/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "skein";
-  version = "1.0.6";
-  sha256 = "0jdh618k66bhiwrxb9i2yckxz0w3cpc7q15ilz49lqjjpl86bndk";
+  version = "1.0.8";
+  sha256 = "0qga3r73zzbj4kkwl8c3p7d1myjyv6dv6g0dwc77fqnmikzcnils";
   buildDepends = [ cereal cryptoApi tagged ];
   testDepends = [ cereal cryptoApi filepath hspec tagged ];
   jailbreak = true;
diff --git a/pkgs/development/libraries/haskell/snap/snap.nix b/pkgs/development/libraries/haskell/snap/snap.nix
index b93adda166c7..8df654049627 100644
--- a/pkgs/development/libraries/haskell/snap/snap.nix
+++ b/pkgs/development/libraries/haskell/snap/snap.nix
@@ -8,8 +8,8 @@
 
 cabal.mkDerivation (self: {
   pname = "snap";
-  version = "0.13.0";
-  sha256 = "03m6fi8dbc69i6mafyq2xxdmqp1zm0akfilahvjd7cknf4qhdyq7";
+  version = "0.13.0.4";
+  sha256 = "1cbc42x7p87fmazm0dqc519rdaiiiwmkri8y1n4hgvr70kfi6569";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/snaplet-acid-state/default.nix b/pkgs/development/libraries/haskell/snaplet-acid-state/default.nix
new file mode 100644
index 000000000000..838f45eccaad
--- /dev/null
+++ b/pkgs/development/libraries/haskell/snaplet-acid-state/default.nix
@@ -0,0 +1,15 @@
+{ cabal, acidState, snap, text }:
+
+cabal.mkDerivation (self: {
+  pname = "snaplet-acid-state";
+  version = "0.2.5";
+  sha256 = "0qx6as1m0fwb5fkhvl0k71kx65njwq0dk183xi4gmdzhf83hkjbs";
+  buildDepends = [ acidState snap text ];
+  meta = {
+    homepage = "https://github.com/mightybyte/snaplet-acid-state";
+    description = "acid-state snaplet for Snap Framework";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/socks/default.nix b/pkgs/development/libraries/haskell/socks/default.nix
index 27dd54b29598..1953e3436eed 100644
--- a/pkgs/development/libraries/haskell/socks/default.nix
+++ b/pkgs/development/libraries/haskell/socks/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "socks";
-  version = "0.5.1";
-  sha256 = "08zwbkglkahjadqn2m7l0k5yp4lcd9h6kgb8k8mjlwxayx82a0ay";
+  version = "0.5.4";
+  sha256 = "1nmldlwxqasmg359i2aa3a903gi3lmnlspvf12xk49jrg3mf3dg9";
   buildDepends = [ cereal network ];
   meta = {
     homepage = "http://github.com/vincenthz/hs-socks";
diff --git a/pkgs/development/libraries/haskell/statistics/default.nix b/pkgs/development/libraries/haskell/statistics/default.nix
index 54876a879fcc..5db264d3c7b3 100644
--- a/pkgs/development/libraries/haskell/statistics/default.nix
+++ b/pkgs/development/libraries/haskell/statistics/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "statistics";
-  version = "0.10.4.1";
-  sha256 = "0kd3zn8ckz3h9dnighmfviacw5cy6czsj90ryn8c0h6yb2s3gqi1";
+  version = "0.10.5.0";
+  sha256 = "0yn0bqvh922zi0cg2nyb9vn5jk9k4j4vz96fl0h3ayxhfds08m6v";
   buildDepends = [
     binary deepseq erf mathFunctions monadPar mwcRandom primitive
     vector vectorAlgorithms vectorBinaryInstances
diff --git a/pkgs/development/libraries/haskell/stringable/default.nix b/pkgs/development/libraries/haskell/stringable/default.nix
new file mode 100644
index 000000000000..663b198b2eef
--- /dev/null
+++ b/pkgs/development/libraries/haskell/stringable/default.nix
@@ -0,0 +1,13 @@
+{ cabal, systemFilepath, text }:
+
+cabal.mkDerivation (self: {
+  pname = "stringable";
+  version = "0.1.2";
+  sha256 = "17lhry3x90s88lplbv2kvzyak8wrc9r80czng5s3dirmyp9rn5gs";
+  buildDepends = [ systemFilepath text ];
+  meta = {
+    description = "A Stringable type class, in the spirit of Foldable and Traversable";
+    license = self.stdenv.lib.licenses.mit;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/symbol/default.nix b/pkgs/development/libraries/haskell/symbol/default.nix
index e92c2ec03ad1..7b1c2d3821ce 100644
--- a/pkgs/development/libraries/haskell/symbol/default.nix
+++ b/pkgs/development/libraries/haskell/symbol/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "symbol";
-  version = "0.1.4";
-  sha256 = "00318syprv1ixfbr4v7xq86z10f0psxk0b8kaxvawvacm8hp61bn";
+  version = "0.2.0";
+  sha256 = "13vr6j3wkxbdbd27xklnidfkpkjwl0kldf69z470bm5indvaaxfd";
   buildDepends = [ deepseq syb ];
   jailbreak = true;
   meta = {
diff --git a/pkgs/development/libraries/haskell/system-filepath/default.nix b/pkgs/development/libraries/haskell/system-filepath/default.nix
index 851b28baafea..84ca453c6c16 100644
--- a/pkgs/development/libraries/haskell/system-filepath/default.nix
+++ b/pkgs/development/libraries/haskell/system-filepath/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "system-filepath";
-  version = "0.4.7";
-  sha256 = "108bmgz6rynkyabr4pws07smdh31syqvzry9cshrw3zd07c3mn89";
+  version = "0.4.8";
+  sha256 = "15x0yxakqqrdqvghr0l4pzvy5a68xxdv1c75d3qwx604665j3xkw";
   buildDepends = [ deepseq text ];
   meta = {
     homepage = "https://john-millikin.com/software/haskell-filesystem/";
diff --git a/pkgs/development/libraries/haskell/tagsoup/default.nix b/pkgs/development/libraries/haskell/tagsoup/default.nix
index 3258267f0120..5dc83178be00 100644
--- a/pkgs/development/libraries/haskell/tagsoup/default.nix
+++ b/pkgs/development/libraries/haskell/tagsoup/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "tagsoup";
-  version = "0.12.8";
-  sha256 = "05cm9h80qmxvk7xhlgly9zcmpbsajagspaa8p6k4ddch6q9lj7m3";
+  version = "0.13";
+  sha256 = "1pfkcfrmhzxplfkdzb0zj24dfsddw91plqp3mg2gqkv82y8blzk1";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [ text ];
diff --git a/pkgs/development/libraries/haskell/tagstream-conduit/default.nix b/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
index 1b290bd310ba..ca177a80a101 100644
--- a/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
+++ b/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "tagstream-conduit";
-  version = "0.5.4";
-  sha256 = "1djf66kn3m4sdwmis82f9w2nkmjyrq12zda7ic9pcsvra579868i";
+  version = "0.5.4.1";
+  sha256 = "1gahdil5jasm6v7gp519ahr2yc7ppysdnmkl21cd4zzn6y1r0gw9";
   buildDepends = [
     attoparsec attoparsecConduit blazeBuilder blazeBuilderConduit
     caseInsensitive conduit text transformers
diff --git a/pkgs/development/libraries/haskell/tasty/default.nix b/pkgs/development/libraries/haskell/tasty/default.nix
index 37030681e340..df14857f9ab3 100644
--- a/pkgs/development/libraries/haskell/tasty/default.nix
+++ b/pkgs/development/libraries/haskell/tasty/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "tasty";
-  version = "0.3";
-  sha256 = "0sgc0529sqhj0b75a4mkdw0bkx56ynyl4msmi8hd20jvv5wnzyi6";
+  version = "0.3.1";
+  sha256 = "0ipndrpywzg40s5hiwyyly29mcppcfqbbpwqqp4apma57m8cdpb0";
   buildDepends = [
     ansiTerminal mtl optparseApplicative regexPosix stm tagged
   ];
diff --git a/pkgs/development/libraries/haskell/test-framework-hunit/default.nix b/pkgs/development/libraries/haskell/test-framework-hunit/default.nix
index 011d791643cc..9efcff9a6d1e 100644
--- a/pkgs/development/libraries/haskell/test-framework-hunit/default.nix
+++ b/pkgs/development/libraries/haskell/test-framework-hunit/default.nix
@@ -2,11 +2,11 @@
 
 cabal.mkDerivation (self: {
   pname = "test-framework-hunit";
-  version = "0.3.0";
-  sha256 = "1jwbpbf9q3g936gk71632h830l2wsiic8h6ms1jlmw209mpm7c84";
+  version = "0.3.0.1";
+  sha256 = "1h0h55kf6ff25nbfx1mhliwyknc0glwv3zi78wpzllbjbs7gvyfk";
   buildDepends = [ extensibleExceptions HUnit testFramework ];
   meta = {
-    homepage = "http://batterseapower.github.com/test-framework/";
+    homepage = "https://batterseapower.github.io/test-framework/";
     description = "HUnit support for the test-framework package";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
diff --git a/pkgs/development/libraries/haskell/test-framework-quickcheck2/default.nix b/pkgs/development/libraries/haskell/test-framework-quickcheck2/default.nix
index b944c1e104cc..627c9f6347a5 100644
--- a/pkgs/development/libraries/haskell/test-framework-quickcheck2/default.nix
+++ b/pkgs/development/libraries/haskell/test-framework-quickcheck2/default.nix
@@ -2,14 +2,14 @@
 
 cabal.mkDerivation (self: {
   pname = "test-framework-quickcheck2";
-  version = "0.3.0.1";
-  sha256 = "1177cvlb4qsa5x2k12dd60y7b14dyd3jr1ygb49aackhjx52c41s";
+  version = "0.3.0.2";
+  sha256 = "0zgsbmxidyv735jbgajczn25pnhwq66haaadhh6lxj2jsq5fnqpy";
   buildDepends = [
     extensibleExceptions QuickCheck random testFramework
   ];
   jailbreak = true;
   meta = {
-    homepage = "http://batterseapower.github.com/test-framework/";
+    homepage = "https://batterseapower.github.io/test-framework/";
     description = "QuickCheck2 support for the test-framework package";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
diff --git a/pkgs/development/libraries/haskell/test-framework/default.nix b/pkgs/development/libraries/haskell/test-framework/default.nix
index b9f335e1a5af..735666734e3b 100644
--- a/pkgs/development/libraries/haskell/test-framework/default.nix
+++ b/pkgs/development/libraries/haskell/test-framework/default.nix
@@ -1,19 +1,18 @@
-{ cabal, ansiTerminal, ansiWlPprint, extensibleExceptions, hostname
-, random, regexPosix, time, xml
+{ cabal, ansiTerminal, ansiWlPprint, hostname, random, regexPosix
+, time, xml
 }:
 
 cabal.mkDerivation (self: {
   pname = "test-framework";
-  version = "0.8";
-  sha256 = "1w895nq357zpc4v6vr5nbszyrw7cpsjq5bj38vdd10bfpjjmijcl";
+  version = "0.8.0.3";
+  sha256 = "136nw5dapsz3jrnw1pdfkjgplxigpr2mrf6i85154vx342zvw5ar";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    ansiTerminal ansiWlPprint extensibleExceptions hostname random
-    regexPosix time xml
+    ansiTerminal ansiWlPprint hostname random regexPosix time xml
   ];
   meta = {
-    homepage = "http://batterseapower.github.com/test-framework/";
+    homepage = "https://batterseapower.github.io/test-framework/";
     description = "Framework for running and organising tests, with HUnit and QuickCheck support";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
diff --git a/pkgs/development/libraries/haskell/text-format/default.nix b/pkgs/development/libraries/haskell/text-format/default.nix
new file mode 100644
index 000000000000..b9507d7777ab
--- /dev/null
+++ b/pkgs/development/libraries/haskell/text-format/default.nix
@@ -0,0 +1,14 @@
+{ cabal, doubleConversion, text, time, transformers }:
+
+cabal.mkDerivation (self: {
+  pname = "text-format";
+  version = "0.3.1.0";
+  sha256 = "13k5a1kfmapd4yckm2vcrwz4vrrf32c2dpisdw0hyvzvmdib3n60";
+  buildDepends = [ doubleConversion text time transformers ];
+  meta = {
+    homepage = "https://github.com/bos/text-format";
+    description = "Text formatting";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/th-lift/default.nix b/pkgs/development/libraries/haskell/th-lift/default.nix
index b8a118b56a65..c479955db645 100644
--- a/pkgs/development/libraries/haskell/th-lift/default.nix
+++ b/pkgs/development/libraries/haskell/th-lift/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "th-lift";
-  version = "0.5.5";
-  sha256 = "1zp9alv3nbvra1rscddak3i33c2jnv6g6806h94qbfkq3zbimfi0";
+  version = "0.5.6";
+  sha256 = "128rbpqbm4fgn1glbv8bvlqnvn2wvca7wj08xri25w3bikmfy2z4";
   meta = {
     description = "Derive Template Haskell's Lift class for datatypes";
     license = "unknown";
diff --git a/pkgs/development/libraries/haskell/th-orphans/default.nix b/pkgs/development/libraries/haskell/th-orphans/default.nix
index 8fb51c77dbf1..9196e9ef76b2 100644
--- a/pkgs/development/libraries/haskell/th-orphans/default.nix
+++ b/pkgs/development/libraries/haskell/th-orphans/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "th-orphans";
-  version = "0.7.0.1";
-  sha256 = "19lfq2m7c6n2z8gz4n57wc92x5x5rkgv4chbfq7w4n531qya4bgr";
+  version = "0.8";
+  sha256 = "0kzzcicn6pggvvblhbrs3vh0bf71izlb99lb0f5qww7ymi4smldr";
   buildDepends = [ thLift ];
   meta = {
     description = "Orphan instances for TH datatypes";
diff --git a/pkgs/development/libraries/haskell/thyme/default.nix b/pkgs/development/libraries/haskell/thyme/default.nix
index 60999f51898c..f40730b5e56e 100644
--- a/pkgs/development/libraries/haskell/thyme/default.nix
+++ b/pkgs/development/libraries/haskell/thyme/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "thyme";
-  version = "0.3.0.0";
-  sha256 = "0nv8kp5ax0088z0d9y93xkv59v1i8wrrdprsj7bknk3yn0gd2gb3";
+  version = "0.3.0.1";
+  sha256 = "086i8cadq2s894157s1bh3zhd9zb9apr7w39gnydywzgkx47478h";
   buildDepends = [
     attoparsec deepseq lens QuickCheck random text time transformers
     vector vectorSpace
diff --git a/pkgs/development/libraries/haskell/tls-extra/default.nix b/pkgs/development/libraries/haskell/tls-extra/default.nix
index 8c2a50255b1b..6d63c267c61c 100644
--- a/pkgs/development/libraries/haskell/tls-extra/default.nix
+++ b/pkgs/development/libraries/haskell/tls-extra/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "tls-extra";
-  version = "0.6.5";
-  sha256 = "09b8wxg4k88gdzpbxhd2apf0x5y51zh2zbw2cvraffjnnfkgvzqc";
+  version = "0.6.6";
+  sha256 = "0k0sj3nq1lrvbmd582mjj8cxbxigivz1hm8hhij1ncl2pgnq5xyv";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/trifecta/1.1.nix b/pkgs/development/libraries/haskell/trifecta/1.1.nix
new file mode 100644
index 000000000000..ac6cfdd43ae1
--- /dev/null
+++ b/pkgs/development/libraries/haskell/trifecta/1.1.nix
@@ -0,0 +1,30 @@
+{ cabal, ansiTerminal, ansiWlPprint, blazeBuilder, blazeHtml
+, blazeMarkup, charset, comonad, deepseq, doctest, filepath
+, fingertree, hashable, lens, mtl, parsers, reducers, semigroups
+, transformers, unorderedContainers, utf8String
+}:
+
+cabal.mkDerivation (self: {
+  pname = "trifecta";
+  version = "1.1";
+  sha256 = "19wnblpn31hvdi5dc8ir24s0hfjj4vvzr43gg9ydl2qdjq6s166w";
+  buildDepends = [
+    ansiTerminal ansiWlPprint blazeBuilder blazeHtml blazeMarkup
+    charset comonad deepseq fingertree hashable lens mtl parsers
+    reducers semigroups transformers unorderedContainers utf8String
+  ];
+  testDepends = [ doctest filepath ];
+  postPatch = ''
+    substituteInPlace trifecta.cabal \
+      --replace "blaze-html           >= 0.5     && < 0.6," "blaze-html           >= 0.5     && < 0.7," \
+      --replace "hashable             >= 1.2     && < 1.3," "hashable             >= 1.1     && < 1.3," \
+      --replace "fingertree           >= 0.0.1   && < 0.1," "fingertree           >= 0.0.1   && < 0.2," \
+      --replace "comonad              == 3.*,"              "comonad              >= 3       && < 5,"
+  '';
+  meta = {
+    homepage = "http://github.com/ekmett/trifecta/";
+    description = "A modern parser combinator library with convenient diagnostics";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/trifecta/1.2.nix b/pkgs/development/libraries/haskell/trifecta/1.2.nix
new file mode 100644
index 000000000000..de876fa7f67a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/trifecta/1.2.nix
@@ -0,0 +1,30 @@
+{ cabal, ansiTerminal, ansiWlPprint, blazeBuilder, blazeHtml
+, blazeMarkup, charset, comonad, deepseq, doctest, filepath
+, fingertree, hashable, lens, mtl, parsers, reducers, semigroups
+, transformers, unorderedContainers, utf8String
+}:
+
+cabal.mkDerivation (self: {
+  pname = "trifecta";
+  version = "1.2.1.1";
+  sha256 = "1bv35ip7g0h7r2w0s8pkcbvm0b9hx91vblf5w57q3jr843v9314c";
+  buildDepends = [
+    ansiTerminal ansiWlPprint blazeBuilder blazeHtml blazeMarkup
+    charset comonad deepseq fingertree hashable lens mtl parsers
+    reducers semigroups transformers unorderedContainers utf8String
+  ];
+  testDepends = [ doctest filepath ];
+  postPatch = ''
+    substituteInPlace trifecta.cabal \
+      --replace "blaze-html           >= 0.5     && < 0.6," "blaze-html           >= 0.5     && < 0.7," \
+      --replace "hashable             >= 1.2     && < 1.3," "hashable             >= 1.1     && < 1.3," \
+      --replace "fingertree           >= 0.0.1   && < 0.1," "fingertree           >= 0.0.1   && < 0.2," \
+      --replace "comonad              >= 3       && < 4,"   "comonad              >= 3       && < 5,"
+  '';
+  meta = {
+    homepage = "http://github.com/ekmett/trifecta/";
+    description = "A modern parser combinator library with convenient diagnostics";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/uniplate/default.nix b/pkgs/development/libraries/haskell/uniplate/default.nix
index 8b0825ea119c..ab9471bc3f28 100644
--- a/pkgs/development/libraries/haskell/uniplate/default.nix
+++ b/pkgs/development/libraries/haskell/uniplate/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "uniplate";
-  version = "1.6.11";
-  sha256 = "10ppc9hqc0y17r3y4vdajshrp3956dybna7qa5zm0akgl3pbla9j";
+  version = "1.6.12";
+  sha256 = "1dx8f9aw27fz8kw0ad1nm6355w5rdl7bjvb427v2bsgnng30pipw";
   buildDepends = [ hashable syb unorderedContainers ];
   meta = {
     homepage = "http://community.haskell.org/~ndm/uniplate/";
diff --git a/pkgs/development/libraries/haskell/unix-time/default.nix b/pkgs/development/libraries/haskell/unix-time/default.nix
index 846e3d888837..67dbdac34859 100644
--- a/pkgs/development/libraries/haskell/unix-time/default.nix
+++ b/pkgs/development/libraries/haskell/unix-time/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "unix-time";
-  version = "0.2.0";
-  sha256 = "1gmchi6crbd3lpnw1j0zaaj7y0gib8dbqd8ip2s5p3f50qqlsxj8";
+  version = "0.2.1";
+  sha256 = "15kg1rxbw86p5jzig9ac7lsizmlvqkxikq7h8jfi04rri39a9jiy";
   testDepends = [ doctest hspec QuickCheck time ];
   meta = {
     description = "Unix time parser/formatter and utilities";
diff --git a/pkgs/development/libraries/haskell/unordered-containers/0.2.3.2.nix b/pkgs/development/libraries/haskell/unordered-containers/0.2.3.3.nix
index 669f45d83f2d..03cdd824d29f 100644
--- a/pkgs/development/libraries/haskell/unordered-containers/0.2.3.2.nix
+++ b/pkgs/development/libraries/haskell/unordered-containers/0.2.3.3.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "unordered-containers";
-  version = "0.2.3.2";
-  sha256 = "0fgfb2zqa2zi2hb9nkj92nwnxr54wkqa6gmqbcn4h5zks5anfvn5";
+  version = "0.2.3.3";
+  sha256 = "09sn19fk4smhf4zi3326wy2a62lh231k2nm8jd64j51arch42sdi";
   buildDepends = [ deepseq hashable ];
   testDepends = [
     ChasingBottoms hashable HUnit QuickCheck testFramework
diff --git a/pkgs/development/libraries/haskell/usb/default.nix b/pkgs/development/libraries/haskell/usb/default.nix
new file mode 100644
index 000000000000..41a716185462
--- /dev/null
+++ b/pkgs/development/libraries/haskell/usb/default.nix
@@ -0,0 +1,14 @@
+{ cabal, baseUnicodeSymbols, bindingsLibusb, text, vector }:
+
+cabal.mkDerivation (self: {
+  pname = "usb";
+  version = "1.2";
+  sha256 = "1k73avkmpbmg6iq2kmwhg2ifibni5c1yp202afdb6v7w5akvmc0b";
+  buildDepends = [ baseUnicodeSymbols bindingsLibusb text vector ];
+  meta = {
+    homepage = "http://basvandijk.github.com/usb";
+    description = "Communicate with USB devices";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/utf8-light/default.nix b/pkgs/development/libraries/haskell/utf8-light/default.nix
index 42591158cd7c..1c2e1f5c116b 100644
--- a/pkgs/development/libraries/haskell/utf8-light/default.nix
+++ b/pkgs/development/libraries/haskell/utf8-light/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "utf8-light";
-  version = "0.4.0.1";
-  sha256 = "1y2vfxjgq8r90bpaxhha0s837vklpwdj4cj3h61bimc0lcx22905";
+  version = "0.4.2";
+  sha256 = "0rwyc5z331yfnm4hpx0sph6i1zvkd1z10vvglhnp0vc9wy644k0q";
   meta = {
     description = "Unicode";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/uuid/default.nix b/pkgs/development/libraries/haskell/uuid/default.nix
index 65115ef9a98f..a38a108bc033 100644
--- a/pkgs/development/libraries/haskell/uuid/default.nix
+++ b/pkgs/development/libraries/haskell/uuid/default.nix
@@ -1,17 +1,20 @@
-{ cabal, binary, criterion, cryptohash, deepseq, HUnit, maccatcher
-, mersenneRandomPure64, QuickCheck, random, testFramework
-, testFrameworkHunit, testFrameworkQuickcheck2, time
+{ cabal, binary, cryptohash, deepseq, hashable, HUnit, networkInfo
+, QuickCheck, random, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2, time
 }:
 
 cabal.mkDerivation (self: {
   pname = "uuid";
-  version = "1.2.14";
-  sha256 = "13r2yzhb9nj1h6wfy7w9k59d27z9iza5r4apmf72zby2fi9vdnwy";
-  buildDepends = [ binary cryptohash maccatcher random time ];
+  version = "1.3.3";
+  sha256 = "12sfspmrnpqbwwscv3w41pkkdbfvy1aaa84y7is0d3ffk5rll80m";
+  buildDepends = [
+    binary cryptohash deepseq hashable networkInfo random time
+  ];
   testDepends = [
-    criterion deepseq HUnit mersenneRandomPure64 QuickCheck random
-    testFramework testFrameworkHunit testFrameworkQuickcheck2
+    HUnit QuickCheck random testFramework testFrameworkHunit
+    testFrameworkQuickcheck2
   ];
+  jailbreak = true;
   doCheck = false;
   meta = {
     homepage = "http://projects.haskell.org/uuid/";
diff --git a/pkgs/development/libraries/haskell/vault/default.nix b/pkgs/development/libraries/haskell/vault/default.nix
index 4632d599a2e6..3f2842844443 100644
--- a/pkgs/development/libraries/haskell/vault/default.nix
+++ b/pkgs/development/libraries/haskell/vault/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "vault";
-  version = "0.3.0.0";
-  sha256 = "1lvv2sw5j48jbxniw55bxq88dhn46l7lk0blv2cnaf1vw6wms4m8";
+  version = "0.3.0.2";
+  sha256 = "1m9vanwzlw61fbdcy7qvv2prmbax5y9dsl52dldcf5zr7vip2hpb";
   buildDepends = [ hashable unorderedContainers ];
   jailbreak = true;
   meta = {
diff --git a/pkgs/development/libraries/haskell/vector-instances/default.nix b/pkgs/development/libraries/haskell/vector-instances/default.nix
new file mode 100644
index 000000000000..c6ff62f86cdd
--- /dev/null
+++ b/pkgs/development/libraries/haskell/vector-instances/default.nix
@@ -0,0 +1,17 @@
+{ cabal, comonad, keys, pointed, semigroupoids, semigroups, vector
+}:
+
+cabal.mkDerivation (self: {
+  pname = "vector-instances";
+  version = "3.3";
+  sha256 = "0iiw9p2ivcdfsh81vdy4yn6hbigdwclrkssd68hdsg9n6q3fmq5y";
+  buildDepends = [
+    comonad keys pointed semigroupoids semigroups vector
+  ];
+  meta = {
+    homepage = "http://github.com/ekmett/vector-instances";
+    description = "Orphan Instances for 'Data.Vector'";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/vector/0.10.9.1.nix b/pkgs/development/libraries/haskell/vector/0.10.9.1.nix
new file mode 100644
index 000000000000..975d75526a60
--- /dev/null
+++ b/pkgs/development/libraries/haskell/vector/0.10.9.1.nix
@@ -0,0 +1,15 @@
+{ cabal, deepseq, primitive }:
+
+cabal.mkDerivation (self: {
+  pname = "vector";
+  version = "0.10.9.1";
+  sha256 = "1rdx0r7bwx6217ip9mg9yfymvgv52szqv63y89p41b8sfklmcmi0";
+  buildDepends = [ deepseq primitive ];
+  meta = {
+    homepage = "https://github.com/haskell/vector";
+    description = "Efficient Arrays";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/libraries/haskell/wai-app-static/default.nix b/pkgs/development/libraries/haskell/wai-app-static/default.nix
index ec0612ae1170..d88eb2df0bc9 100644
--- a/pkgs/development/libraries/haskell/wai-app-static/default.nix
+++ b/pkgs/development/libraries/haskell/wai-app-static/default.nix
@@ -1,23 +1,23 @@
 { cabal, base64Bytestring, blazeBuilder, blazeHtml, blazeMarkup
 , cereal, cryptoApi, cryptoConduit, cryptohashCryptoapi, fileEmbed
 , hspec, httpDate, httpTypes, mimeTypes, network, systemFileio
-, systemFilepath, text, time, transformers, unixCompat, wai
-, waiTest
+, systemFilepath, text, time, transformers, unixCompat
+, unorderedContainers, wai, waiTest, zlib
 }:
 
 cabal.mkDerivation (self: {
   pname = "wai-app-static";
-  version = "1.3.1.4";
-  sha256 = "1457643xkigqnacg1fw25jp9kjqiy55d22ll8fml07bxs37hlr63";
+  version = "1.3.3";
+  sha256 = "0lsqfvlh65rggp9z6m5gyx8gv0wk3b44jrk57s8yj2bh74pbr64f";
   buildDepends = [
     base64Bytestring blazeBuilder blazeHtml blazeMarkup cereal
     cryptoApi cryptoConduit cryptohashCryptoapi fileEmbed httpDate
     httpTypes mimeTypes systemFileio systemFilepath text time
-    transformers unixCompat wai
+    transformers unixCompat unorderedContainers wai zlib
   ];
   testDepends = [
     hspec httpDate httpTypes mimeTypes network text time transformers
-    unixCompat wai waiTest
+    unixCompat wai waiTest zlib
   ];
   meta = {
     homepage = "http://www.yesodweb.com/book/web-application-interface";
diff --git a/pkgs/development/libraries/haskell/warp/default.nix b/pkgs/development/libraries/haskell/warp/default.nix
index c96e7bfd7383..100dbbd7024e 100644
--- a/pkgs/development/libraries/haskell/warp/default.nix
+++ b/pkgs/development/libraries/haskell/warp/default.nix
@@ -1,13 +1,13 @@
 { cabal, blazeBuilder, blazeBuilderConduit, caseInsensitive
-, conduit, hashable, hspec, httpAttoparsec, httpTypes, HUnit
+, conduit, hashable, hspec, HTTP, httpAttoparsec, httpTypes, HUnit
 , liftedBase, network, networkConduit, QuickCheck, simpleSendfile
 , transformers, unixCompat, void, wai
 }:
 
 cabal.mkDerivation (self: {
   pname = "warp";
-  version = "1.3.9.2";
-  sha256 = "0l4iq7dl7iv9sf0bj52g577x9i84miscfr27b2vm8g8n6306jr77";
+  version = "1.3.10.1";
+  sha256 = "1pi2x0gi4r6qy151a9gmfq223yiy53j7prj2pyn00cprr0m4mk2v";
   buildDepends = [
     blazeBuilder blazeBuilderConduit caseInsensitive conduit hashable
     httpAttoparsec httpTypes liftedBase network networkConduit
@@ -15,7 +15,7 @@ cabal.mkDerivation (self: {
   ];
   testDepends = [
     blazeBuilder blazeBuilderConduit caseInsensitive conduit hashable
-    hspec httpAttoparsec httpTypes HUnit liftedBase network
+    hspec HTTP httpAttoparsec httpTypes HUnit liftedBase network
     networkConduit QuickCheck simpleSendfile transformers unixCompat
     void wai
   ];
diff --git a/pkgs/development/libraries/haskell/word8/default.nix b/pkgs/development/libraries/haskell/word8/default.nix
index e8abded24381..535f4103d126 100644
--- a/pkgs/development/libraries/haskell/word8/default.nix
+++ b/pkgs/development/libraries/haskell/word8/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "word8";
-  version = "0.0.3";
-  sha256 = "1k5sq91pidgw7w8fc62k9gl8iynb65pcza6mjx8pa3n2lslp7125";
+  version = "0.0.4";
+  sha256 = "1jrys2crl1yfkgwc4ny6x1kr24kx8j3zsy0zql5ms19rfb0rnkki";
   testDepends = [ hspec ];
   meta = {
     description = "Word8 library";
diff --git a/pkgs/development/libraries/haskell/wxHaskell/wxc.nix b/pkgs/development/libraries/haskell/wxHaskell/wxc.nix
index 74ca4f91d70f..b89b39acb50a 100644
--- a/pkgs/development/libraries/haskell/wxHaskell/wxc.nix
+++ b/pkgs/development/libraries/haskell/wxHaskell/wxc.nix
@@ -6,7 +6,6 @@ cabal.mkDerivation (self: {
   sha256 = "1bh20i1rb8ng0ni1v98nm8qv5wni19dvxwf5i3ijxhrxqdq4i7p6";
   buildDepends = [ wxdirect ];
   extraLibraries = [ libX11 mesa wxGTK ];
-  noHaddock = true;
   postInstall = ''
     cp -v dist/build/libwxc.so.${self.version} $out/lib/libwxc.so
   '';
diff --git a/pkgs/development/libraries/haskell/xdot/default.nix b/pkgs/development/libraries/haskell/xdot/default.nix
index 130402ec75bf..f7a2b731d037 100644
--- a/pkgs/development/libraries/haskell/xdot/default.nix
+++ b/pkgs/development/libraries/haskell/xdot/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "xdot";
-  version = "0.2.3.1";
-  sha256 = "1gricrnssxgzaq1z7nnyppmz284nix0m89477x22mal125pkcf7n";
+  version = "0.2.4";
+  sha256 = "0723drp9zs3hrayld99j4fniyvm65fz19hkk4001vpvgjw27dfja";
   buildDepends = [ cairo graphviz gtk mtl polyparse text ];
   meta = {
     description = "Parse Graphviz xdot files and interactively view them using GTK and Cairo";
diff --git a/pkgs/development/libraries/haskell/xmlgen/default.nix b/pkgs/development/libraries/haskell/xmlgen/default.nix
new file mode 100644
index 000000000000..f45b7b4a6a0e
--- /dev/null
+++ b/pkgs/development/libraries/haskell/xmlgen/default.nix
@@ -0,0 +1,15 @@
+{ cabal, blazeBuilder, filepath, HUnit, hxt, mtl, QuickCheck, text
+}:
+
+cabal.mkDerivation (self: {
+  pname = "xmlgen";
+  version = "0.6.2.0";
+  sha256 = "0b6fyg6mlm068f2jjmil52az4hk144pryf1c0wr1gx6ddx9yzjy4";
+  buildDepends = [ blazeBuilder mtl text ];
+  testDepends = [ filepath HUnit hxt QuickCheck text ];
+  meta = {
+    description = "Fast XML generation library";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/yaml/default.nix b/pkgs/development/libraries/haskell/yaml/default.nix
index 7e2bd368c7e2..8d06099b77e5 100644
--- a/pkgs/development/libraries/haskell/yaml/default.nix
+++ b/pkgs/development/libraries/haskell/yaml/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yaml";
-  version = "0.8.5";
-  sha256 = "12jj785gzcnrif460cx2k69pc2h9h956g0w1gp8pcr5hawrvd6rg";
+  version = "0.8.5.1";
+  sha256 = "0vbampykc5a027q5fh5w6i1bxblyxx7s3nzhpzaa4c1yz8nz3k57";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/yesod-auth/default.nix b/pkgs/development/libraries/haskell/yesod-auth/default.nix
index c437b5b86244..bdc299939196 100644
--- a/pkgs/development/libraries/haskell/yesod-auth/default.nix
+++ b/pkgs/development/libraries/haskell/yesod-auth/default.nix
@@ -8,8 +8,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yesod-auth";
-  version = "1.2.2.1";
-  sha256 = "1f3zdqywak54f2s11v26iyzb3svb0mdpfskxhps30jmkji2ph2iz";
+  version = "1.2.3";
+  sha256 = "1hnppb36acr18prra702r9hdbs803zfvaj8krq4idlvwb6g7l0d8";
   buildDepends = [
     aeson authenticate blazeHtml blazeMarkup dataDefault emailValidate
     fileEmbed hamlet httpConduit httpTypes liftedBase mimeMail network
diff --git a/pkgs/development/libraries/haskell/yesod-bin/default.nix b/pkgs/development/libraries/haskell/yesod-bin/default.nix
index 3afb8747547c..a86417f6b397 100644
--- a/pkgs/development/libraries/haskell/yesod-bin/default.nix
+++ b/pkgs/development/libraries/haskell/yesod-bin/default.nix
@@ -10,8 +10,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yesod-bin";
-  version = "1.2.3.2";
-  sha256 = "10q4xjhcrskz3h0nay2vxfz2b3c2d532bvbggl2615aih05zdhwc";
+  version = "1.2.3.4";
+  sha256 = "0xwav5ghik0vzg706rcqlzk64gnvr4nn4iikx1bzymzz2p5zyg0z";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/yesod-core/default.nix b/pkgs/development/libraries/haskell/yesod-core/default.nix
index bd2d0d97b2f0..0bd73c2ade4f 100644
--- a/pkgs/development/libraries/haskell/yesod-core/default.nix
+++ b/pkgs/development/libraries/haskell/yesod-core/default.nix
@@ -10,8 +10,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yesod-core";
-  version = "1.2.4.2";
-  sha256 = "0zrhqh3phla8p7fjv30n4ypicbd6x6rwkrhpag79p1w4wwvkjxnn";
+  version = "1.2.4.5";
+  sha256 = "091f89bwjsf2qimivbz74rykjjgzghfvs66sv9cz305pgw6kpjc7";
   buildDepends = [
     aeson attoparsecConduit blazeBuilder blazeHtml blazeMarkup
     caseInsensitive cereal clientsession conduit cookie dataDefault
@@ -25,6 +25,7 @@ cabal.mkDerivation (self: {
     QuickCheck random resourcet shakespeareCss shakespeareJs text
     transformers wai waiTest
   ];
+  jailbreak = true;
   meta = {
     homepage = "http://www.yesodweb.com/";
     description = "Creation of type-safe, RESTful web applications";
diff --git a/pkgs/development/libraries/haskell/yesod-form/default.nix b/pkgs/development/libraries/haskell/yesod-form/default.nix
index aca42bfce6ca..5c0220f1f2aa 100644
--- a/pkgs/development/libraries/haskell/yesod-form/default.nix
+++ b/pkgs/development/libraries/haskell/yesod-form/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yesod-form";
-  version = "1.3.2.1";
-  sha256 = "0lybrw244y2ca1jvz218jh2kfypj4wblpdvk4n8wllll79dm3pq7";
+  version = "1.3.3";
+  sha256 = "1maf8yczijx8rdjy4abr2jq1ds4g61jg3zbqxjzaaxsbs77gna4a";
   buildDepends = [
     aeson attoparsec blazeBuilder blazeHtml blazeMarkup cryptoApi
     dataDefault emailValidate hamlet network persistent resourcet
diff --git a/pkgs/development/libraries/haskell/yesod-platform/default.nix b/pkgs/development/libraries/haskell/yesod-platform/default.nix
index 9fe24ca4a747..f75b5706f6aa 100644
--- a/pkgs/development/libraries/haskell/yesod-platform/default.nix
+++ b/pkgs/development/libraries/haskell/yesod-platform/default.nix
@@ -30,8 +30,8 @@
 
 cabal.mkDerivation (self: {
   pname = "yesod-platform";
-  version = "1.2.4.2";
-  sha256 = "1hmzdwjqi3cxdmyvcr48kprrsa8h548z272mif07114d0qh48x4w";
+  version = "1.2.4.3";
+  sha256 = "1ilkfmg4sdrz45hc2m8b8rqz242phgxzgizrnd41d5g04jib3hl3";
   buildDepends = [
     aeson ansiTerminal asn1Data asn1Types attoparsec attoparsecConduit
     authenticate base64Bytestring baseUnicodeSymbols blazeBuilder
diff --git a/pkgs/development/libraries/haskell/yst/default.nix b/pkgs/development/libraries/haskell/yst/default.nix
index d194b1970c8d..ee9bb33cdba9 100644
--- a/pkgs/development/libraries/haskell/yst/default.nix
+++ b/pkgs/development/libraries/haskell/yst/default.nix
@@ -1,16 +1,17 @@
-{ cabal, csv, filepath, HDBC, HDBCSqlite3, HsSyck, HStringTemplate
-, pandoc, parsec, split, time, utf8String, xhtml
+{ cabal, aeson, csv, filepath, HDBC, HDBCSqlite3, HStringTemplate
+, pandoc, parsec, split, text, time, unorderedContainers, xhtml
+, yaml
 }:
 
 cabal.mkDerivation (self: {
   pname = "yst";
-  version = "0.3.1.1";
-  sha256 = "1wc2s5aan4rqdrpqgqvka5pqm3d691si5hdf0m0wpi2hzkwl3qv3";
+  version = "0.4.0.1";
+  sha256 = "0j260lvprgsi9qgjwji2cc25k0dzrw94h2527rwghik8baa1ha3r";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
-    csv filepath HDBC HDBCSqlite3 HsSyck HStringTemplate pandoc parsec
-    split time utf8String xhtml
+    aeson csv filepath HDBC HDBCSqlite3 HStringTemplate pandoc parsec
+    split text time unorderedContainers xhtml yaml
   ];
   meta = {
     homepage = "http://github.com/jgm/yst";
diff --git a/pkgs/development/libraries/haskell/zip-archive/default.nix b/pkgs/development/libraries/haskell/zip-archive/default.nix
index 38290c8cd544..bddf09bc405d 100644
--- a/pkgs/development/libraries/haskell/zip-archive/default.nix
+++ b/pkgs/development/libraries/haskell/zip-archive/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "zip-archive";
-  version = "0.1.3.4";
-  sha256 = "0hvndr3gb7fiv4qjwjvic5mg7wq7h7nw3c3v5xq8fnlr1l943vyb";
+  version = "0.1.4";
+  sha256 = "0ipk8gwa2k8iqg2gg4lbawr8l9sjwhy2p7b8qxazpq0i88dyy3lb";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [ binary digest filepath mtl time utf8String zlib ];
diff --git a/pkgs/development/libraries/hunspell/default.nix b/pkgs/development/libraries/hunspell/default.nix
index 04be58eb50a6..95516dadacf7 100644
--- a/pkgs/development/libraries/hunspell/default.nix
+++ b/pkgs/development/libraries/hunspell/default.nix
@@ -13,9 +13,15 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://hunspell.sourceforge.net;
-    description = "The spell checker of OpenOffice.org and Mozilla Firefox 3 & Thunderbird, Google Chrome etc.";
+    description = "Spell checker";
     longDescription = ''
+      Hunspell is the spell checker of LibreOffice, OpenOffice.org, Mozilla
+      Firefox 3 & Thunderbird, Google Chrome, and it is also used by
+      proprietary software packages, like Mac OS X, InDesign, memoQ, Opera and
+      SDL Trados.
+
       Main features:
+
       * Extended support for language peculiarities; Unicode character encoding, compounding and complex morphology.
       * Improved suggestion using n-gram similarity, rule and dictionary based pronounciation data.
       * Morphological analysis, stemming and generation.
diff --git a/pkgs/development/libraries/jansson/default.nix b/pkgs/development/libraries/jansson/default.nix
index a1f9983abe2c..4908c737ece4 100644
--- a/pkgs/development/libraries/jansson/default.nix
+++ b/pkgs/development/libraries/jansson/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://www.digip.org/jansson/";
-    description = "Jansson is a C library for encoding, decoding and manipulating JSON data.";
+    description = "C library for encoding, decoding and manipulating JSON data";
     license = "MIT";
   };
 }
diff --git a/pkgs/development/libraries/jsoncpp/default.nix b/pkgs/development/libraries/jsoncpp/default.nix
new file mode 100644
index 000000000000..b1aa03991bd9
--- /dev/null
+++ b/pkgs/development/libraries/jsoncpp/default.nix
@@ -0,0 +1,32 @@
+{ stdenv, fetchurl, scons}:
+
+let
+  basename = "jsoncpp";
+  version = "0.6.0-rc2";
+  pkgname = "${basename}-src-${version}.tar.gz";
+in 
+stdenv.mkDerivation rec {
+  name = "${basename}-${version}";
+  src = fetchurl {
+    url = "mirror://sourceforge/${basename}/${pkgname}";
+    sha256 = "10xj15nziqpwc6r3yznpb49wm4jqc5wakjsmj65v087mcg8r7lfl";
+  };
+
+  buildInputs = [ scons ];
+
+  buildPhase = ''
+    mkdir -p $out
+    scons platform=linux-gcc check
+  '';
+
+  installPhase = ''
+    cp -r include $out
+    cp -r libs/* $out/lib
+  '';
+
+  meta = {
+    homepage = http://jsoncpp.sourceforge.net;
+    repositories.svn = svn://svn.code.sf.net/p/jsoncpp/code;
+    description = "A simple API to manipulate JSON data in C++";
+  };
+}
diff --git a/pkgs/development/libraries/leveldb/default.nix b/pkgs/development/libraries/leveldb/default.nix
index 12846dfbe8b5..7c990e99c33c 100644
--- a/pkgs/development/libraries/leveldb/default.nix
+++ b/pkgs/development/libraries/leveldb/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "https://code.google.com/p/leveldb/";
-    description = "A fast and lightweight key/value database library by Google.";
+    description = "Fast and lightweight key/value database library by Google";
     license = "BSD";
   };
 }
diff --git a/pkgs/development/libraries/libav/default.nix b/pkgs/development/libraries/libav/default.nix
index ea45902b7493..287ac32fff5f 100644
--- a/pkgs/development/libraries/libav/default.nix
+++ b/pkgs/development/libraries/libav/default.nix
@@ -26,7 +26,7 @@ with { inherit (stdenv.lib) optional optionals; };
 
 let
   result = {
-    libav_9   = libavFun   "9.9" "1rwphyqb2c4zyp20y4ywxjiddmd46vd4dbpdm1lxqm3q63rmmdk9";
+    libav_9   = libavFun  "9.10" "039hx7z8lmsiljy4wj87hk8lkxspbxbrjv43v3lc38cxfx0fdnw3";
     libav_0_8 = libavFun "0.8.8" "1wnbmbs0z4f55y8r9bwb63l04zn383l1avy4c9x1ffb2xccgcp79";
   };
 
diff --git a/pkgs/development/libraries/libdevil/default.nix b/pkgs/development/libraries/libdevil/default.nix
index 6efb785b6577..d3053b4d2a5f 100644
--- a/pkgs/development/libraries/libdevil/default.nix
+++ b/pkgs/development/libraries/libdevil/default.nix
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
     homepage = http://openil.sourceforge.net/;
     description = "An image library which can can load, save, convert, manipulate, filter and display a wide variety of image formats";
     license = licenses.lgpl2;
-    platforms = platforms.all;
+    platforms = platforms.mesaPlatforms;
     maintainers = [ maintainers.phreedom maintainers.urkud ];
   };
 }
diff --git a/pkgs/development/libraries/libedit/default.nix b/pkgs/development/libraries/libedit/default.nix
index dca4d8efc134..1382af16484c 100644
--- a/pkgs/development/libraries/libedit/default.nix
+++ b/pkgs/development/libraries/libedit/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ncurses, groff }:
 
 stdenv.mkDerivation rec {
-  name = "libedit-20100424-3.0";
+  name = "libedit-20130712-3.1";
 
   src = fetchurl {
     url = "http://www.thrysoee.dk/editline/${name}.tar.gz";
-    sha256 = "11hxaq58gym7kqccjhxywjxdibffzg545z1aj997y1dn0rckhav0";
+    sha256 = "0dwav34041sariyl00nr106xmn123bnxir4qpn5y47vgssfim6sx";
   };
 
   # Have `configure' avoid `/usr/bin/nroff' in non-chroot builds.
@@ -15,12 +15,16 @@ stdenv.mkDerivation rec {
     sed -i s/-lncurses/-lncursesw/g $out/lib/pkgconfig/libedit.pc
   '';
 
+  # taken from gentoo http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/libedit/files/
+  patches = [ ./freebsd.patch ./freebsd_weak_ref.patch ];
+
   configureFlags = "--enable-widec";
 
   propagatedBuildInputs = [ ncurses ];
 
-  meta = {
+  meta = with stdenv.lib; {
     homepage = "http://www.thrysoee.dk/editline/";
     description = "A port of the NetBSD Editline library (libedit)";
+    license = licenses.bsd3; 
   };
 }
diff --git a/pkgs/development/libraries/libedit/freebsd.patch b/pkgs/development/libraries/libedit/freebsd.patch
new file mode 100644
index 000000000000..e230a76d709f
--- /dev/null
+++ b/pkgs/development/libraries/libedit/freebsd.patch
@@ -0,0 +1,13 @@
+diff --git a/src/chartype.h b/src/chartype.h
+index c35825c..be5aac0 100644
+--- a/src/chartype.h
++++ b/src/chartype.h
+@@ -44,7 +44,7 @@
+  * supports non-BMP code points without requiring UTF-16, but nothing
+  * seems to actually advertise this properly, despite Unicode 3.1 having
+  * been around since 2001... */
+-#if !defined(__NetBSD__) && !defined(__sun) && !(defined(__APPLE__) && defined(__MACH__))
++#if !defined(__NetBSD__) && !defined(__sun) && !(defined(__APPLE__) && defined(__MACH__)) && !defined(__DragonFly__) && !defined(__FreeBSD__)
+ #ifndef __STDC_ISO_10646__
+ /* In many places it is assumed that the first 127 code points are ASCII
+  * compatible, so ensure wchar_t indeed does ISO 10646 and not some other
diff --git a/pkgs/development/libraries/libedit/freebsd_weak_ref.patch b/pkgs/development/libraries/libedit/freebsd_weak_ref.patch
new file mode 100644
index 000000000000..a4399593d636
--- /dev/null
+++ b/pkgs/development/libraries/libedit/freebsd_weak_ref.patch
@@ -0,0 +1,20 @@
+--- libedit-20110709-3.0/src/vi.c.old	2011-07-11 18:21:16.000000000 +0000
++++ libedit-20110709-3.0/src/vi.c	2011-07-11 18:24:29.000000000 +0000
+@@ -918,7 +918,7 @@
+  * NB: posix implies that we should enter insert mode, however
+  * this is against historical precedent...
+  */
+-#ifdef __weak_reference
++#if defined(__weak_reference) && defined(__NetBSD__)
+ __weakref_visible char *my_get_alias_text(const char *)
+     __weak_reference(get_alias_text);
+ #endif
+@@ -926,7 +926,7 @@
+ /*ARGSUSED*/
+ vi_alias(EditLine *el, Int c)
+ {
+-#ifdef __weak_reference
++#if defined(__weak_reference) && defined(__NetBSD__)
+ 	char alias_name[3];
+ 	char *alias_text;
+ 
diff --git a/pkgs/development/libraries/libffi/default.nix b/pkgs/development/libraries/libffi/default.nix
index 807fe54c27e8..9db9b801952e 100644
--- a/pkgs/development/libraries/libffi/default.nix
+++ b/pkgs/development/libraries/libffi/default.nix
@@ -12,13 +12,13 @@ stdenv.mkDerivation rec {
 
   configureFlags = [ "--with-gcc-arch=generic" ]; # no detection of -march= or -mtune=
 
-  doCheck = !stdenv.isDarwin; # until we solve dejagnu problems on darwin
+  doCheck = stdenv.isLinux; # until we solve dejagnu problems on darwin and expect on BSD
 
   dontStrip = stdenv ? cross; # Don't run the native `strip' when cross-compiling.
 
   postInstall =
     # Install headers in the right place.
-    '' ln -srv "$out/lib/"libffi*/include "$out/include"
+    '' ln -s${if stdenv.isFreeBSD then "" else "r"}v "$out/lib/"libffi*/include "$out/include"
     '';
 
   meta = {
diff --git a/pkgs/development/libraries/libgsf/default.nix b/pkgs/development/libraries/libgsf/default.nix
index 249e9291fa37..9253468b8df5 100644
--- a/pkgs/development/libraries/libgsf/default.nix
+++ b/pkgs/development/libraries/libgsf/default.nix
@@ -1,6 +1,5 @@
 { fetchurl, stdenv, pkgconfig, intltool, gettext, glib, libxml2, zlib, bzip2
-, python, gdk_pixbuf, libiconvOrEmpty
-}:
+, python, gdk_pixbuf, libiconvOrEmpty, libintlOrEmpty }:
 
 with { inherit (stdenv.lib) optionals; };
 
@@ -8,28 +7,32 @@ stdenv.mkDerivation rec {
   name = "libgsf-1.14.26";
 
   src = fetchurl {
-    url = "mirror://gnome/sources/libgsf/1.14/${name}.tar.xz";
+    url    = "mirror://gnome/sources/libgsf/1.14/${name}.tar.xz";
     sha256 = "1md67l60li7rkma9m6mwchqz6b6q4xsfr38c6n056y6xm8jyf6c9";
   };
 
   nativeBuildInputs = [ pkgconfig intltool ];
+
   buildInputs = [ gettext bzip2 zlib python ];
 
-  propagatedBuildInputs = [ libxml2 glib gdk_pixbuf ] ++ libiconvOrEmpty;
+  propagatedBuildInputs = [ libxml2 glib gdk_pixbuf ]
+    ++ libiconvOrEmpty
+    ++ libintlOrEmpty;
 
   doCheck = true;
 
-  meta = {
-    homepage = http://www.gnome.org/projects/libgsf;
-    license = "LGPLv2";
+  NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
+
+  meta = with stdenv.lib; {
     description = "GNOME's Structured File Library";
+    homepage    = http://www.gnome.org/projects/libgsf;
+    license     = licenses.lgpl2Plus;
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = stdenv.lib.platforms.unix;
 
     longDescription = ''
       Libgsf aims to provide an efficient extensible I/O abstraction for
       dealing with different structured file formats.
     '';
-
-    maintainers = [ ];
-    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/libraries/libical/default.nix b/pkgs/development/libraries/libical/default.nix
index 59d352cf730e..dbb104546ad6 100644
--- a/pkgs/development/libraries/libical/default.nix
+++ b/pkgs/development/libraries/libical/default.nix
@@ -1,11 +1,11 @@
-{stdenv, fetchsvn, perl, cmake}:
+{stdenv, fetchurl, perl, cmake}:
 
 stdenv.mkDerivation rec {
-  name = "libical-0.48-p20120623";
-  src = fetchsvn {
-    url = "https://freeassociation.svn.sourceforge.net/svnroot/freeassociation/trunk/libical";
-    rev = "1130";
-    sha256 = "56caf19abdf44807fda75a67ef0886319551e53c4e4ece4da4fc862e34c64e1a";
+  pName = "libical";
+  name = "${pName}-1.0";
+  src = fetchurl {
+    url = "mirror://sourceforge/freeassociation/${pName}/${name}/${name}.tar.gz";
+    sha256 = "1dy0drz9hy0sn2q3s2lp00jb9bis5gsm7n3m4zga49s9ir2b6fbw";
   };
   nativeBuildInputs = [ perl cmake ];
 
diff --git a/pkgs/development/libraries/libid3tag/default.nix b/pkgs/development/libraries/libid3tag/default.nix
index e137c9397715..3b701b703c1a 100644
--- a/pkgs/development/libraries/libid3tag/default.nix
+++ b/pkgs/development/libraries/libid3tag/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
   propagatedBuildInputs = [zlib];
 
   meta = {
-    description = "An ID3 tag manipulation library.";
+    description = "ID3 tag manipulation library";
     homepage = http://mad.sourceforge.net/;
     license = "GPL";
   };
diff --git a/pkgs/development/libraries/libimobiledevice/default.nix b/pkgs/development/libraries/libimobiledevice/default.nix
index a21d9bf7b5de..a05d176554e9 100644
--- a/pkgs/development/libraries/libimobiledevice/default.nix
+++ b/pkgs/development/libraries/libimobiledevice/default.nix
@@ -2,7 +2,7 @@
   libtasn1, libplist, readline }:
 
 stdenv.mkDerivation rec {
-  name = "libimobiledevice-1.0.6";
+  name = "libimobiledevice-1.0.7";
 
   nativeBuildInputs = [ python libplist.swig pkgconfig ];
   buildInputs = [ readline ];
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "${meta.homepage}/downloads/${name}.tar.bz2";
-    sha256 = "0r5gjprrnwgad5zsidn41w01gihramagcpl8cwi540qiwq43svqi";
+    sha256 = "15jznqc52yfwkbw19hgv3r1qd4gcymakbfkyizmr6v4n0sn27n0f";
   };
 
   meta = {
diff --git a/pkgs/development/libraries/libjson-rpc-cpp/default.nix b/pkgs/development/libraries/libjson-rpc-cpp/default.nix
new file mode 100644
index 000000000000..3dca6a04af7b
--- /dev/null
+++ b/pkgs/development/libraries/libjson-rpc-cpp/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, fetchurl, cmake, curl }:
+
+let
+  name = "libjson-rpc-cpp";
+  version = "0.2.1";
+in
+
+stdenv.mkDerivation {
+  name = "${name}-${version}";
+
+  src = fetchurl {
+    url = "https://github.com/cinemast/${name}/archive/${version}.tar.gz";
+    sha256 = "1pc9nn4968qkda8vr4f9dijn2fcldm8i0ymwmql29h4cl5ghdnpw";
+  };
+
+  buildInputs = [ cmake curl ];
+
+  NIX_LDFLAGS = "-lpthread";
+  enableParallelBuilding = true;
+  doCheck = true;
+
+  checkPhase = "LD_LIBRARY_PATH=out/ ctest";
+
+  meta = {
+    description = "C++ framework for json-rpc (json remote procedure call)";
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/libraries/liblockfile/default.nix b/pkgs/development/libraries/liblockfile/default.nix
index 2db90845f699..f991fdc2f299 100644
--- a/pkgs/development/libraries/liblockfile/default.nix
+++ b/pkgs/development/libraries/liblockfile/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
 
 
   meta = {
-    description = "Liblockfile is a shared library with NFS-safe locking functions.";
+    description = "Shared library with NFS-safe locking functions";
     homepage = http://packages.debian.org/unstable/libs/liblockfile1;
     license = "GPLv2+";
 
diff --git a/pkgs/development/libraries/libmcrypt/default.nix b/pkgs/development/libraries/libmcrypt/default.nix
index 79019cbc4891..afa661617318 100644
--- a/pkgs/development/libraries/libmcrypt/default.nix
+++ b/pkgs/development/libraries/libmcrypt/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     [ "--disable-posix-threads" ];
 
   meta = {
-    description = "MCrypt is a replacement for the old crypt() package and crypt(1) command, with extensions.";
+    description = "Replacement for the old crypt() package and crypt(1) command, with extensions";
     homepage = http://mcrypt.sourceforge.net;
     license = "GPL";
   };
diff --git a/pkgs/development/libraries/libmemcached/default.nix b/pkgs/development/libraries/libmemcached/default.nix
index 487b4de6cb76..b724f915150a 100644
--- a/pkgs/development/libraries/libmemcached/default.nix
+++ b/pkgs/development/libraries/libmemcached/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://libmemcached.org;
-    description = "libMemcached is an open source C/C++ client library and tools for the memcached server.";
+    description = "Open source C/C++ client library and tools for the memcached server";
     license = "BSD";
   };
 }
diff --git a/pkgs/development/libraries/libnet/default.nix b/pkgs/development/libraries/libnet/default.nix
new file mode 100644
index 000000000000..783739dda717
--- /dev/null
+++ b/pkgs/development/libraries/libnet/default.nix
@@ -0,0 +1,18 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "libnet-${version}";
+  version = "1.2-rc2";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/libnet-dev/${name}.tar.gz";
+    sha256 = "1pc74p839a7wvhjdgy0scj7c4yarr6mqdqvj56k6sp8pkc763az7";
+  };
+
+  meta = {
+    homepage = http://github.com/sam-github/libnet;
+    description = "Portable framework for low-level network packet construction";
+    license = stdenv.lib.licenses.bsd3;
+    platforms = stdenv.lib.platforms.unix;
+  };
+}
diff --git a/pkgs/development/libraries/libnetfilter_conntrack/default.nix b/pkgs/development/libraries/libnetfilter_conntrack/default.nix
index 99624911077d..8e689ed25687 100644
--- a/pkgs/development/libraries/libnetfilter_conntrack/default.nix
+++ b/pkgs/development/libraries/libnetfilter_conntrack/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pkgconfig libnfnetlink libmnl ];
 
   meta = {
-    description = "userspace library providing an API to the in-kernel connection tracking state table.";
+    description = "Userspace library providing an API to the in-kernel connection tracking state table";
     longDescription = ''
       libnetfilter_conntrack is a userspace library providing a programming interface (API) to the
       in-kernel connection tracking state table. The library libnetfilter_conntrack has been
diff --git a/pkgs/development/libraries/libnfnetlink/default.nix b/pkgs/development/libraries/libnfnetlink/default.nix
index 07a182dff10f..3bb698e9bf63 100644
--- a/pkgs/development/libraries/libnfnetlink/default.nix
+++ b/pkgs/development/libraries/libnfnetlink/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = {
-    description = "low-level library for netfilter related kernel/userspace communication.";
+    description = "Low-level library for netfilter related kernel/userspace communication";
     longDescription = ''
       libnfnetlink is the low-level library for netfilter related kernel/userspace communication.
       It provides a generic messaging infrastructure for in-kernel netfilter subsystems
diff --git a/pkgs/development/libraries/liboop/default.nix b/pkgs/development/libraries/liboop/default.nix
index 20793eb3140f..a963288e869a 100644
--- a/pkgs/development/libraries/liboop/default.nix
+++ b/pkgs/development/libraries/liboop/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "`liboop', an event loop library.";
+    description = "Event loop library";
     homepage = http://liboop.ofb.net/;
     license = "LGPL";
   };
diff --git a/pkgs/development/libraries/libpng/default.nix b/pkgs/development/libraries/libpng/default.nix
index e602c910fc78..09cacdec09d4 100644
--- a/pkgs/development/libraries/libpng/default.nix
+++ b/pkgs/development/libraries/libpng/default.nix
@@ -3,10 +3,10 @@
 assert zlib != null;
 
 let
-  version = "1.6.3";
-  sha256 = "0i8gz8mbkygc0ny7aa2i2wiavysxy6fdaphl52l49fb3hv9w1v65";
-  patch_src = fetchurl {
-    url = "mirror://sourceforge/libpng-apng/libpng-${version}-apng.patch.gz";
+  version = "1.6.4";
+  sha256 = "15pqany43q2hzaxqn84p9dba071xmvqi8h1bhnjxnxdf3g64zayg";
+  patch_src = fetchurl { # not released yet, hopefully OK
+    url = "mirror://sourceforge/libpng-apng/libpng-1.6.3-apng.patch.gz";
     sha256 = "0fjnb6cgbj2c7ggl0qzcnliml2ylrjxzigp89vw0hxq221k5mlsx";
   };
   whenPatched = stdenv.lib.optionalString apngSupport;
@@ -31,10 +31,11 @@ in stdenv.mkDerivation rec {
 
   passthru = { inherit zlib; };
 
-  meta = {
+  meta = with stdenv.lib; {
     description = "The official reference implementation for the PNG file format" + whenPatched " with animation patch";
     homepage = http://www.libpng.org/pub/png/libpng.html;
     license = "free-non-copyleft"; # http://www.libpng.org/pub/png/src/libpng-LICENSE.txt
-    platforms = stdenv.lib.platforms.all;
+    platforms = platforms.all;
+    maintainers = [ maintainers.vcunat ];
   };
 }
diff --git a/pkgs/development/libraries/librdf/default.nix b/pkgs/development/libraries/librdf/default.nix
index 21c952b7fb89..9b51f694ab3e 100644
--- a/pkgs/development/libraries/librdf/default.nix
+++ b/pkgs/development/libraries/librdf/default.nix
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
   #doCheck = true; # would need swh_lv2 and some path patching
 
   meta = {
-    description = "A lightweight RDF library with special support for LADSPA plugins.";
+    description = "Lightweight RDF library with special support for LADSPA plugins";
     homepage = http://sourceforge.net/projects/lrdf/;
     license = "GPLv2";
     maintainers = [ stdenv.lib.maintainers.marcweber ];
diff --git a/pkgs/development/libraries/librsvg/default.nix b/pkgs/development/libraries/librsvg/default.nix
index 13385dfb65c0..15e07af9f1ed 100644
--- a/pkgs/development/libraries/librsvg/default.nix
+++ b/pkgs/development/libraries/librsvg/default.nix
@@ -1,5 +1,5 @@
-{ stdenv, fetchurl, pkgconfig, glib, gdk_pixbuf, pango, cairo
-, libxml2, libgsf, bzip2, libcroco
+{ stdenv, fetchurl, pkgconfig, glib, gdk_pixbuf, pango, cairo, libxml2, libgsf
+, bzip2, libcroco
 , gtk2 ? null, gtk3 ? null
 , gobjectIntrospection ? null, enableIntrospection ? false }:
 
@@ -9,15 +9,22 @@ stdenv.mkDerivation rec {
   name = "librsvg-2.36.4";
 
   src = fetchurl {
-    url = "mirror://gnome/sources/librsvg/2.36/${name}.tar.xz";
+    url    = "mirror://gnome/sources/librsvg/2.36/${name}.tar.xz";
     sha256 = "1hp6325gdkzx8yqn2d2r915ak3k6hfshjjh0sc54z3vr0i99688h";
   };
-  buildInputs = [ libxml2 libgsf bzip2 libcroco pango cairo ]
+
+  buildInputs = [ libxml2 libgsf bzip2 libcroco pango ]
     ++ stdenv.lib.optional enableIntrospection [ gobjectIntrospection ];
-  propagatedBuildInputs = [ glib gdk_pixbuf gtk2 gtk3 ];
+
+  propagatedBuildInputs = [ glib gdk_pixbuf cairo gtk2 gtk3 ];
+
   nativeBuildInputs = [ pkgconfig ];
 
-  configureFlags = ["--enable-introspection=auto"];
+  configureFlags = [ "--enable-introspection=auto" ]
+    ++ stdenv.lib.optional stdenv.isDarwin "--disable-Bsymbolic";
+
+  NIX_CFLAGS_COMPILE
+    = stdenv.lib.optionalString stdenv.isDarwin "-I${cairo}/include/cairo";
 
   # It wants to add loaders and update the loaders.cache in gdk-pixbuf
   # Patching the Makefiles to it creates rsvg specific loaders and the
diff --git a/pkgs/development/libraries/libsodium/default.nix b/pkgs/development/libraries/libsodium/default.nix
new file mode 100644
index 000000000000..e8124c2643ab
--- /dev/null
+++ b/pkgs/development/libraries/libsodium/default.nix
@@ -0,0 +1,21 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "libsodium-0.4.3";
+
+  src = fetchurl {
+    url = "https://download.libsodium.org/libsodium/releases/${name}.tar.gz";
+    sha256 = "0hk0zca1kpj6xlc2j2qx9qy7287pi0896frmxq5d7qmcwsdf372r";
+  };
+
+  NIX_LDFLAGS = "-lssp";
+
+  doCheck = true;
+
+  meta = {
+    description = "Version of NaCl with harwdare tests at runtime, not build time";
+    license = "ISC";
+    maintainers = with stdenv.lib.maintainers; [ viric ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/development/libraries/libsoup/2.40.nix b/pkgs/development/libraries/libsoup/2.40.nix
new file mode 100644
index 000000000000..ca37ceb941c8
--- /dev/null
+++ b/pkgs/development/libraries/libsoup/2.40.nix
@@ -0,0 +1,32 @@
+{ stdenv, fetchurl, pkgconfig, glib, libxml2, sqlite, intltool, python
+, gnomeSupport ? true, libgnome_keyring, glib_networking
+}:
+
+stdenv.mkDerivation {
+  name = "libsoup-2.44.1";
+
+  src = fetchurl {
+    url = mirror://gnome/sources/libsoup/2.44/libsoup-2.44.1.tar.xz;
+    sha256 = "07acjwvik3gagcsdjzi85g44ga4pd3nh4ww6722bfzjzvlqw6cn5";
+  };
+
+
+  preConfigure = ''
+    substituteInPlace libsoup/tld-parser.py \
+      --replace "!/usr/bin/env python" "!${python}/bin/${python.executable}"
+  '';
+  buildInputs = [ pkgconfig intltool python ];
+  nativeBuildInputs = [ pkgconfig ];
+  propagatedBuildInputs = [ glib libxml2 sqlite ]
+    ++ stdenv.lib.optionals gnomeSupport [ libgnome_keyring ];
+  passthru.propagatedUserEnvPackages = [ glib_networking ];
+
+  # glib_networking is a runtime dependency, not a compile-time dependency
+  configureFlags = "--disable-tls-check";
+
+  NIX_CFLAGS_COMPILE = stdenv.lib.optionalString stdenv.isDarwin "-lintl";
+
+  meta = {
+#    inherit (glib.meta) maintainers platforms;
+  };
+}
diff --git a/pkgs/development/libraries/libtoxcore/default.nix b/pkgs/development/libraries/libtoxcore/default.nix
new file mode 100644
index 000000000000..0098ddb9d77a
--- /dev/null
+++ b/pkgs/development/libraries/libtoxcore/default.nix
@@ -0,0 +1,36 @@
+{ stdenv, fetchurl, autoconf, libtool, automake, libsodium, ncurses
+, libconfig, pkgconfig }:
+
+let
+  version = "31f5d7a8ab";
+  date = "20131011";
+in
+stdenv.mkDerivation rec {
+  name = "tox-core-${date}-${version}";
+
+  src = fetchurl {
+    url = "https://github.com/irungentoo/ProjectTox-Core/tarball/${version}";
+    name = "${name}.tar.gz";
+    sha256 = "0frz8ylvi33i7zkiz3hp28ylqg4c3ffrbc2m3ibb4zv9rwfzf77r";
+  };
+
+  preConfigure = ''
+    autoreconf -i
+  '';
+
+  configureFlags = [ "--with-libsodium-headers=${libsodium}/include"
+    "--with-libsodium-libs=${libsodium}/lib" 
+    "--enable-ntox" ];
+
+  buildInputs = [ autoconf libtool automake libsodium ncurses libconfig
+    pkgconfig ];
+
+  doCheck = true;
+
+  meta = {
+    description = "P2P FOSS instant messaging application aimed to replace Skype with crypto";
+    license = "GPLv3+";
+    maintainers = with stdenv.lib.maintainers; [ viric ];
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/development/libraries/libtxc_dxtn/default.nix b/pkgs/development/libraries/libtxc_dxtn/default.nix
index 9cf8decf4c83..33e01f86dacf 100644
--- a/pkgs/development/libraries/libtxc_dxtn/default.nix
+++ b/pkgs/development/libraries/libtxc_dxtn/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoconf, automake, libtool, mesa }:
+{ stdenv, fetchurl, autoreconfHook, mesa }:
 
 let version = "1.0.1"; in
 
@@ -6,15 +6,14 @@ stdenv.mkDerivation rec {
   name = "libtxc_dxtn-${version}";
 
   src = fetchurl {
-    url = "http://cgit.freedesktop.org/~mareko/${name}.tar.gz";
-    sha256 = "0g6lymik9cs7nbzigwzaf49fnhhfsvjanhg92wykw7rfq9zvkhvv";
+    url = "http://people.freedesktop.org/~cbrill/libtxc_dxtn/${name}.tar.bz2";
+    sha256 = "0q5fjaknl7s0z206dd8nzk9bdh8g4p23bz7784zrllnarl90saa5";
   };
 
-  buildInputs = [ autoconf automake libtool mesa ];
-
-  preConfigure = "autoreconf -vfi";
+  buildInputs = [ autoreconfHook mesa ];
 
   meta = {
     homepage = http://dri.freedesktop.org/wiki/S3TC;
+    repositories.git = git://people.freedesktop.org/~mareko/libtxc_dxtn;
   };
 }
diff --git a/pkgs/development/libraries/libunibreak/default.nix b/pkgs/development/libraries/libunibreak/default.nix
new file mode 100644
index 000000000000..e5e7f5ff0ae8
--- /dev/null
+++ b/pkgs/development/libraries/libunibreak/default.nix
@@ -0,0 +1,18 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "libunibreak-${version}";
+  version = "1.0";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/vimgadgets/libunibreak/${version}/${name}.tar.gz";
+    sha256 = "0rsivyxnp9nfngf83fiy4v58s5mgdhcjz75nv5nyhxwxnjq35d25";
+  };
+
+  meta = {
+    homepage = http://vimgadgets.sourceforge.net/libunibreak/;
+    description = "A library implementing a line breaking algorithm as described in Unicode 6.0.0 Standard";
+    license = "ZLIB";
+    maintainer = [ stdenv.lib.maintainers.coroa ];
+  };
+}
diff --git a/pkgs/development/libraries/libusb1/default.nix b/pkgs/development/libraries/libusb1/default.nix
index c01baa2fd0f6..9a6a303fe32e 100644
--- a/pkgs/development/libraries/libusb1/default.nix
+++ b/pkgs/development/libraries/libusb1/default.nix
@@ -11,6 +11,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ pkgconfig ];
   propagatedBuildInputs = stdenv.lib.optional (stdenv.isLinux) udev;
 
+  NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s";
+
   meta = {
     homepage = http://www.libusb.org;
     description = "User-space USB library";
diff --git a/pkgs/development/libraries/libvirt/default.nix b/pkgs/development/libraries/libvirt/default.nix
index 06ead3ca23f1..ce81c1b2e8c2 100644
--- a/pkgs/development/libraries/libvirt/default.nix
+++ b/pkgs/development/libraries/libvirt/default.nix
@@ -1,23 +1,27 @@
 { stdenv, fetchurl, pkgconfig, libxml2, gnutls, devicemapper, perl, python
 , iproute, iptables, readline, lvm2, utillinux, udev, libpciaccess, gettext
-, libtasn1, ebtables, libgcrypt, yajl, makeWrapper, pmutils
+, libtasn1, ebtables, libgcrypt, yajl, makeWrapper, pmutils, libcap_ng
 }:
 
-let version = "1.1.1"; in
+let version = "1.1.2"; in
 
 stdenv.mkDerivation {
   name = "libvirt-${version}";
 
   src = fetchurl {
     url = "http://libvirt.org/sources/libvirt-${version}.tar.gz";
-    sha256 = "1hi27d5pld925g1azx8jq0wv557wpkd6xrq6lzm91cdr2lg1wvyw";
+    md5 = "1835bbfa492099bce12e2934870e5611";
   };
 
   buildInputs =
     [ pkgconfig libxml2 gnutls devicemapper perl python readline lvm2
       utillinux udev libpciaccess gettext libtasn1 libgcrypt yajl makeWrapper
+      libcap_ng
     ];
 
+  # see http://www.mail-archive.com/libvir-list@redhat.com/msg83693.html
+  patches = [ ./securtyfs_userns.patch ];
+
   preConfigure =
     ''
       PATH=${iproute}/sbin:${iptables}/sbin:${ebtables}/sbin:${lvm2}/sbin:${udev}/sbin:$PATH
diff --git a/pkgs/development/libraries/libvirt/securtyfs_userns.patch b/pkgs/development/libraries/libvirt/securtyfs_userns.patch
new file mode 100644
index 000000000000..2723334f94af
--- /dev/null
+++ b/pkgs/development/libraries/libvirt/securtyfs_userns.patch
@@ -0,0 +1,30 @@
+--- a/src/lxc/lxc_container.c
++++ b/src/lxc/lxc_container.c
+@@ -750,7 +750,7 @@ err:
+ }
+ 
+ 
+-static int lxcContainerMountBasicFS(void)
++static int lxcContainerMountBasicFS(bool userns_enabled)
+ {
+     const struct {
+         const char *src;
+@@ -801,6 +801,9 @@ static int lxcContainerMountBasicFS(void)
+             continue;
+ #endif
+ 
++        if (STREQ(mnts[i].src, "securityfs") && userns_enabled)
++            continue;
++
+         if (virFileMakePath(mnts[i].dst) < 0) {
+             virReportSystemError(errno,
+                                  _("Failed to mkdir %s"),
+@@ -1530,7 +1533,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
+         goto cleanup;
+ 
+     /* Mounts the core /proc, /sys, etc filesystems */
+-    if (lxcContainerMountBasicFS() < 0)
++    if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap) < 0)
+         goto cleanup;
+ 
+     /* Mounts /proc/meminfo etc sysinfo */
diff --git a/pkgs/development/libraries/libvncserver/default.nix b/pkgs/development/libraries/libvncserver/default.nix
index 7856183e5e9b..da9e1dc31482 100644
--- a/pkgs/development/libraries/libvncserver/default.nix
+++ b/pkgs/development/libraries/libvncserver/default.nix
@@ -1,29 +1,41 @@
-args :  
-let 
-  lib = args.lib;
-  fetchurl = args.fetchurl;
+{stdenv, fetchurl,
+  libtool, libjpeg, openssl, libX11, libXdamage, xproto, damageproto, 
+  xextproto, libXext, fixesproto, libXfixes, xineramaproto, libXinerama, 
+  libXrandr, randrproto, libXtst, zlib
+}:
 
-  version = lib.attrByPath ["version"] "0.9.9" args; 
-  buildInputs = with args; [
+assert stdenv.isLinux;
+
+let
+  s = # Generated upstream information
+  rec {
+    baseName="libvncserver";
+    version="0.9.9";
+    name="${baseName}-${version}";
+    hash="1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+    url="mirror://sourceforge/project/libvncserver/libvncserver/0.9.9/LibVNCServer-0.9.9.tar.gz";
+    sha256="1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+  };
+  buildInputs = [
     libtool libjpeg openssl libX11 libXdamage xproto damageproto
     xextproto libXext fixesproto libXfixes xineramaproto libXinerama
     libXrandr randrproto libXtst zlib
   ];
 in
-rec {
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
   src = fetchurl {
-    url = "mirror://sourceforge/libvncserver/LibVNCServer-${version}.tar.gz";
-    sha256 = "1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+    inherit (s) url sha256;
   };
-
-  inherit buildInputs;
-  configureFlags = [];
-
-  /* doConfigure should be specified separately */
-  phaseNames = ["doConfigure" "doMakeInstall"];
-      
-  name = "libvncserver-" + version;
+  preConfigure = ''
+    sed -e 's@/usr/include/linux@${stdenv.gcc.libc}/include/linux@g' -i configure
+  '';
   meta = {
-    description = "VNC server library";
+    inherit (s) version;
+    description =  "VNC server library";
+    license = stdenv.lib.licenses.gpl2Plus ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/libraries/libvncserver/default.upstream b/pkgs/development/libraries/libvncserver/default.upstream
new file mode 100644
index 000000000000..eae481974398
--- /dev/null
+++ b/pkgs/development/libraries/libvncserver/default.upstream
@@ -0,0 +1,4 @@
+url http://sourceforge.net/projects/libvncserver/files/libvncserver/
+SF_version_dir
+version_link '[.]tar[.][bgx]z[0-9]*/download$'
+SF_redirect
diff --git a/pkgs/development/libraries/libxtc_dxtn/default.nix b/pkgs/development/libraries/libxtc_dxtn/default.nix
deleted file mode 100644
index 1f94bcbef99e..000000000000
--- a/pkgs/development/libraries/libxtc_dxtn/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ stdenv, fetchurl, mesa }:
-
-stdenv.mkDerivation rec {
-  name = "libtxc_dxtn-1.0.1";
-
-  src = fetchurl {
-    url = "http://people.freedesktop.org/~cbrill/libtxc_dxtn/${name}.tar.bz2";
-    sha256 = "0q5fjaknl7s0z206dd8nzk9bdh8g4p23bz7784zrllnarl90saa5";
-  };
-
-  NIX_CFLAGS_COMPILE = "-I ${mesa}/include";
-}
diff --git a/pkgs/development/libraries/libyaml-cpp/0.3.x.nix b/pkgs/development/libraries/libyaml-cpp/0.3.x.nix
new file mode 100644
index 000000000000..4b0acd83fc39
--- /dev/null
+++ b/pkgs/development/libraries/libyaml-cpp/0.3.x.nix
@@ -0,0 +1,18 @@
+{stdenv, fetchurl, cmake, boostHeaders}:
+
+stdenv.mkDerivation {
+  name = "libyaml-cpp-0.3.0";
+
+  src = fetchurl {
+    url = http://yaml-cpp.googlecode.com/files/yaml-cpp-0.3.0.tar.gz;
+    sha256 = "10kv25zgq96ybxc6c19lzpax1xi5lpxrdqa9x52nffsql6skil1c";
+  };
+
+  buildInputs = [ cmake boostHeaders ];
+
+  meta = {
+    homepage = http://code.google.com/p/yaml-cpp/;
+    description = "A YAML parser and emitter for C++";
+    license = "MIT";
+  };
+}
diff --git a/pkgs/development/libraries/libyaml-cpp/default.nix b/pkgs/development/libraries/libyaml-cpp/default.nix
new file mode 100644
index 000000000000..09860522ef41
--- /dev/null
+++ b/pkgs/development/libraries/libyaml-cpp/default.nix
@@ -0,0 +1,18 @@
+{stdenv, fetchurl, cmake, boostHeaders}:
+
+stdenv.mkDerivation {
+  name = "libyaml-cpp-0.5.1";
+
+  src = fetchurl {
+    url = http://yaml-cpp.googlecode.com/files/yaml-cpp-0.5.1.tar.gz;
+    sha256 = "01kg0h8ksp162kdhyzn67vnlxpj5zjbks84sh50pv61xni990z1y";
+  };
+
+  buildInputs = [ cmake boostHeaders ];
+
+  meta = {
+    homepage = http://code.google.com/p/yaml-cpp/;
+    description = "A YAML parser and emitter for C++";
+    license = "MIT";
+  };
+}
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index 26a3f139d021..137c84593f41 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -24,6 +24,7 @@ else
 
 let
   version = "9.1.6";
+  # this is the default search path for DRI drivers (note: X server introduces an overriding env var)
   driverLink = "/run/opengl-driver" + stdenv.lib.optionalString stdenv.isi686 "-32";
 in
 stdenv.mkDerivation {
@@ -130,6 +131,8 @@ stdenv.mkDerivation {
         patchelf --set-rpath "$(patchelf --print-rpath $lib):$drivers/lib" "$lib"
       fi
     done
+  '' + /* set the default search path for DRI drivers; used e.g. by X server */ ''
+    substituteInPlace "$out/lib/pkgconfig/dri.pc" --replace '$(drivers)' "${driverLink}"
   '';
   #ToDo: @vcunat isn't sure if drirc will be found when in $out/etc/, but it doesn't seem important ATM
 
diff --git a/pkgs/development/libraries/mlt/default.nix b/pkgs/development/libraries/mlt/default.nix
index 4d17184a6082..1d21e03efa6c 100644
--- a/pkgs/development/libraries/mlt/default.nix
+++ b/pkgs/development/libraries/mlt/default.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "mlt-${version}";
-  version = "0.8.8";
+  version = "0.9.0";
 
   src = fetchurl {
     url = "mirror://sourceforge/mlt/${name}.tar.gz";
-    sha256 = "0m4nzxli1pl8w59m4iwwhpmr1xdz7xfknmbl3a0mkkd1jzdiq3nc";
+    sha256 = "1j8wbkwpa6k5anyf4nvf71l8251d7clzj6v09jl3vvfakaf6l37j";
   };
 
   buildInputs =
diff --git a/pkgs/development/libraries/nspr/default.nix b/pkgs/development/libraries/nspr/default.nix
index 1aef55c9b2cc..803680313493 100644
--- a/pkgs/development/libraries/nspr/default.nix
+++ b/pkgs/development/libraries/nspr/default.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl }:
 
-let version = "4.10"; in
+let version = "4.10.1"; in
 
 stdenv.mkDerivation {
   name = "nspr-${version}";
 
   src = fetchurl {
     url = "http://ftp.mozilla.org/pub/mozilla.org/nspr/releases/v${version}/src/nspr-${version}.tar.gz";
-    sha1 = "10dbf68c07497dab30be09db526931c885d5a7e9";
+    sha1 = "bd1cdf5e7e107846ffe431c5c62b81a560e8c3f7";
   };
 
   preConfigure = "cd nspr";
diff --git a/pkgs/development/libraries/nss/default.nix b/pkgs/development/libraries/nss/default.nix
index de980d718f33..49f3754bc140 100644
--- a/pkgs/development/libraries/nss/default.nix
+++ b/pkgs/development/libraries/nss/default.nix
@@ -17,11 +17,11 @@ let
 
 in stdenv.mkDerivation rec {
   name = "nss-${version}";
-  version = "3.15.1";
+  version = "3.15.2";
 
   src = fetchurl {
-    url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_1_RTM/src/${name}.tar.gz";
-    sha1 = "1aa7c0ff8af7fb2c8b6e4886ae2291f4bfe0d5c0";
+    url = "http://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_15_2_RTM/src/${name}.tar.gz";
+    sha1 = "2d900c296bf11deabbf833ebd6ecdea549c97a5f";
   };
 
   buildInputs = [ nspr perl zlib sqlite ];
diff --git a/pkgs/development/libraries/oniguruma/default.nix b/pkgs/development/libraries/oniguruma/default.nix
index 984b84085fe4..684d6475c637 100644
--- a/pkgs/development/libraries/oniguruma/default.nix
+++ b/pkgs/development/libraries/oniguruma/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
   
   meta = {
     homepage = http://www.geocities.jp/kosako3/oniguruma/;
-    description = "Oniguruma is a regular expressions library.";
+    description = "Oniguruma regular expressions library";
     license = "BSD";
   };
 }
diff --git a/pkgs/development/libraries/openjpeg/default.nix b/pkgs/development/libraries/openjpeg/default.nix
index a47cacd62bc8..75999f18d62c 100644
--- a/pkgs/development/libraries/openjpeg/default.nix
+++ b/pkgs/development/libraries/openjpeg/default.nix
@@ -1,16 +1,17 @@
-{ stdenv, fetchurl, pkgconfig, libpng, libtiff, lcms, glib/*passthru only*/ }:
+{ stdenv, fetchurl, pkgconfig, libpng, libtiff, lcms, cmake, glib/*passthru only*/ }:
 
 stdenv.mkDerivation rec {
-  name = "openjpeg-1.5.1";
+  name = "openjpeg-2.0.0";
   passthru = {
-    incDir = "openjpeg-1.5";
+    incDir = "openjpeg-2.0";
   };
 
   src = fetchurl {
     url = "http://openjpeg.googlecode.com/files/${name}.tar.gz";
-    sha256 = "13dbyf3jwr4h2dn1k11zph3jgx17z7d66xmi640mbsf8l6bk1yvc";
+    sha1 = "0af78ab2283b43421458f80373422d8029a9f7a7";
   };
 
+  buildInputs = [ cmake ];
   nativebuildInputs = [ pkgconfig ];
   propagatedBuildInputs = [ libpng libtiff lcms ]; # in closure anyway
 
diff --git a/pkgs/development/libraries/phonon-backend-vlc/default.nix b/pkgs/development/libraries/phonon-backend-vlc/default.nix
index 97e778cc1f58..257c80f0b118 100644
--- a/pkgs/development/libraries/phonon-backend-vlc/default.nix
+++ b/pkgs/development/libraries/phonon-backend-vlc/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation {
 
   meta = {
     description = "VideoLAN backend for Phonon multimedia framework";
-    inherit (qt4.meta) platforms;
+    platforms = stdenv.lib.platforms.linux;
     maintainers = [ stdenv.lib.maintainers.urkud ];
   };
 }
diff --git a/pkgs/development/libraries/polkit/default.nix b/pkgs/development/libraries/polkit/default.nix
index 788b6d6d32b8..9d1f0d18c1ad 100644
--- a/pkgs/development/libraries/polkit/default.nix
+++ b/pkgs/development/libraries/polkit/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, pkgconfig, glib, expat, pam, intltool, gettext
 , gobjectIntrospection
-, useSystemd ? true, systemd }:
+, useSystemd ? stdenv.isLinux, systemd }:
 
 let
 
diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix
index 6b8fb898d90d..9cd094855d24 100644
--- a/pkgs/development/libraries/poppler/default.nix
+++ b/pkgs/development/libraries/poppler/default.nix
@@ -54,7 +54,6 @@ let
     };
   } merge ]); # poppler_drv
 
-in rec {
   /* We always use cairo in poppler, so we always depend on glib,
      so we always build the glib wrapper (~350kB).
      We also always build the cpp wrapper (<100kB).
@@ -69,4 +68,5 @@ in rec {
     NIX_LDFLAGS = "-lpoppler";
     postConfigure = "cd qt4";
   };
-}
+
+in { inherit poppler_glib poppler_qt4; } // poppler_glib
diff --git a/pkgs/development/libraries/portmidi/default.nix b/pkgs/development/libraries/portmidi/default.nix
new file mode 100644
index 000000000000..19eb390388bb
--- /dev/null
+++ b/pkgs/development/libraries/portmidi/default.nix
@@ -0,0 +1,54 @@
+{ stdenv, fetchurl, unzip, cmake, /*openjdk,*/ alsaLib }:
+
+stdenv.mkDerivation rec {
+  name = "portmidi-${version}";
+  version = "217";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/portmedia/portmidi-src-${version}.zip";
+    sha256 = "03rfsk7z6rdahq2ihy5k13qjzgx757f75yqka88v3gc0pn9ais88";
+  };
+
+  cmakeFlags = let
+    #base = "${openjdk}/jre/lib/${openjdk.architecture}";
+  in [
+    "-DPORTMIDI_ENABLE_JAVA=0"
+    /* TODO: Fix Java support.
+    "-DJAVA_AWT_LIBRARY=${base}/libawt.so"
+    "-DJAVA_JVM_LIBRARY=${base}/server/libjvm.so"
+    */
+    "-DCMAKE_ARCHIVE_OUTPUT_DIRECTORY=Release"
+    "-DCMAKE_LIBRARY_OUTPUT_DIRECTORY=Release"
+    "-DCMAKE_RUNTIME_OUTPUT_DIRECTORY=Release"
+  ];
+
+  # XXX: This is to deactivate Java support.
+  patches = stdenv.lib.singleton (fetchurl rec {
+    url = "https://raw.github.com/Rogentos/argent-gentoo/master/media-libs/"
+        + "portmidi/files/portmidi-217-cmake-libdir-java-opts.patch";
+    sha256 = "1jbjwan61iqq9fqfpq2a4fd30k3clg7a6j0gfgsw87r8c76kqf6h";
+  });
+
+  postPatch = ''
+    sed -i -e 's|/usr/local/|'"$out"'|' -e 's|/usr/share/|'"$out"'/share/|' \
+      pm_common/CMakeLists.txt pm_dylib/CMakeLists.txt pm_java/CMakeLists.txt
+    sed -i \
+        -e 's|-classpath .|-classpath '"$(pwd)"'/pm_java|' \
+        -e 's|pmdefaults/|'"$(pwd)"'/pm_java/&|g' \
+        -e 's|jportmidi/|'"$(pwd)"'/pm_java/&|g' \
+        -e 's/WORKING_DIRECTORY pm_java//' \
+        pm_java/CMakeLists.txt
+  '';
+
+  postInstall = ''
+    ln -s libportmidi.so "$out/lib/libporttime.so"
+  '';
+
+  buildInputs = [ unzip cmake /*openjdk*/ alsaLib ];
+
+  meta = {
+    homepage = "http://portmedia.sourceforge.net/portmidi/";
+    description = "Platform independent library for MIDI I/O";
+    license = stdenv.lib.licenses.mit;
+  };
+}
diff --git a/pkgs/development/libraries/qhull/default.nix b/pkgs/development/libraries/qhull/default.nix
index b81dbda15860..a82acd2745db 100644
--- a/pkgs/development/libraries/qhull/default.nix
+++ b/pkgs/development/libraries/qhull/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.qhull.org/;
-    description = "Computes the convex hull, Delaunay triangulation, ...";
+    description = "Computes the convex hull, Delaunay triangulation, Voronoi diagram and more";
     license = "free";
   };
 }
diff --git a/pkgs/development/libraries/qt-4.x/4.8/default.nix b/pkgs/development/libraries/qt-4.x/4.8/default.nix
index 311ed43729ea..59151d35326d 100644
--- a/pkgs/development/libraries/qt-4.x/4.8/default.nix
+++ b/pkgs/development/libraries/qt-4.x/4.8/default.nix
@@ -1,10 +1,7 @@
-{ stdenv, fetchurl, substituteAll
-, libXrender, libXinerama, libXcursor, libXmu , libXv, libXext
-, libXfixes, libXrandr, libSM, freetype, fontconfig
-, zlib, libjpeg, libpng, libmng, which, mesaSupported, mesa, mesa_glu, openssl, dbus, cups, pkgconfig
-, libtiff, glib, icu
-, mysql, postgresql, sqlite
-, perl, coreutils, libXi
+{ stdenv, fetchurl, substituteAll, libXrender, libXinerama, libXcursor, libXmu, libXv, libXext
+, libXfixes, libXrandr, libSM, freetype, fontconfig, zlib, libjpeg, libpng
+, libmng, which, mesaSupported, mesa, mesa_glu, openssl, dbus, cups, pkgconfig
+, libtiff, glib, icu, mysql, postgresql, sqlite, perl, coreutils, libXi
 , buildMultimedia ? stdenv.isLinux, alsaLib, gstreamer, gst_plugins_base
 , buildWebkit ? stdenv.isLinux
 , flashplayerFix ? false, gdk_pixbuf
@@ -40,6 +37,11 @@ stdenv.mkDerivation rec {
     substituteInPlace configure --replace /bin/pwd pwd
     substituteInPlace src/corelib/global/global.pri --replace /bin/ls ${coreutils}/bin/ls
     sed -e 's@/\(usr\|opt\)/@/var/empty/@g' -i config.tests/*/*.test -i mkspecs/*/*.conf
+  '' + stdenv.lib.optionalString stdenv.isDarwin ''
+    # remove impure reference to /usr/lib/libstdc++.6.dylib
+    # there might be more references, but this is the only one I could find
+    substituteInPlace tools/macdeployqt/tests/tst_deployment_mac.cpp \
+      --replace /usr/lib/libstdc++.6.dylib "${stdenv.gcc}/lib/libstdc++.6.dylib"
   '';
 
   patches =
diff --git a/pkgs/development/libraries/qwt/default.nix b/pkgs/development/libraries/qwt/default.nix
index 814550d2b18a..fe73e0beabd9 100644
--- a/pkgs/development/libraries/qwt/default.nix
+++ b/pkgs/development/libraries/qwt/default.nix
@@ -17,4 +17,13 @@ stdenv.mkDerivation rec {
     '';
 
   configurePhase = ''qmake INSTALLBASE=$out -after doc.path=$out/share/doc/${name} -r'';
+
+  meta = with stdenv.lib; {
+    description = "Qt widgets for technical applications";
+    homepage = http://qwt.sourceforge.net/;
+    # LGPL 2.1 plus a few exceptions (more liberal)
+    license = "Qwt License, Version 1.0";
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
 }
diff --git a/pkgs/development/libraries/science/math/blas/default.nix b/pkgs/development/libraries/science/math/blas/default.nix
index 7066ebad87c0..1bc7eff31819 100644
--- a/pkgs/development/libraries/science/math/blas/default.nix
+++ b/pkgs/development/libraries/science/math/blas/default.nix
@@ -1,10 +1,10 @@
 { stdenv, fetchurl, gfortran }:
 
 stdenv.mkDerivation {
-  name = "blas-20070405";
+  name = "blas-20110419";
   src = fetchurl {
     url = "http://www.netlib.org/blas/blas.tgz";
-    sha256 = "07alzd2yxkah96vjczqwi3ld5w00bvqv7qxb2fayvhs1h64jabxw";
+    sha256 = "1d931d91byv2svydpj2ipjh1f2sm1h9ns8ik2w5fwaa8qinxz1za";
   };
 
   buildInputs = [gfortran];
diff --git a/pkgs/development/libraries/sfml/default.nix b/pkgs/development/libraries/sfml/default.nix
index 99b0f2e725cd..844505cb3599 100644
--- a/pkgs/development/libraries/sfml/default.nix
+++ b/pkgs/development/libraries/sfml/default.nix
@@ -16,7 +16,12 @@ stdenv.mkDerivation rec {
   ";
   meta = with stdenv.lib; {
     homepage = http://www.sfml-dev.org/;
-    description = "A multimedia C++ API that provides access to graphics, input, audio, etc.";
+    description = "Simple and fast multimedia library";
+    longDescription = ''
+      SFML provides a simple interface to the various components of your PC, to
+      ease the development of games and multimedia applications. It is composed
+      of five modules: system, window, graphics, audio and network.
+    '';
     license = licenses.zlib;
     maintainers = [ maintainers.astsmtl ];
   };
diff --git a/pkgs/development/libraries/silgraphite/graphite2.nix b/pkgs/development/libraries/silgraphite/graphite2.nix
new file mode 100644
index 000000000000..0a36efbc982b
--- /dev/null
+++ b/pkgs/development/libraries/silgraphite/graphite2.nix
@@ -0,0 +1,21 @@
+{ stdenv, fetchurl, pkgconfig, freetype, libXft, pango, fontconfig, cmake }:
+
+stdenv.mkDerivation rec {
+  version = "1.2.3";
+  name = "graphite2-${version}";
+  
+  src = fetchurl {
+    url = "mirror://sourceforge/silgraphite/graphite2/${name}.tgz";
+    sha256 = "1xgwnd81gm6p293x8paxb3yisnvpj5qnv1dzr7bjdi7b7h00ls7g";
+  };
+
+  buildInputs = [pkgconfig freetype libXft pango fontconfig cmake];
+
+  NIX_CFLAGS_COMPILE = "-I${freetype}/include/freetype2";
+
+  meta = {
+    description = "An advanced font engine";
+    maintainers = [ stdenv.lib.maintainers.raskin ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/libraries/simgear/default.nix b/pkgs/development/libraries/simgear/default.nix
index de8e1d1df1da..cb534cfbf313 100644
--- a/pkgs/development/libraries/simgear/default.nix
+++ b/pkgs/development/libraries/simgear/default.nix
@@ -1,7 +1,7 @@
 x@{builderDefsPackage
   , plib, freeglut, xproto, libX11, libXext, xextproto, libXi , inputproto
   , libICE, libSM, libXt, libXmu, mesa, boost, zlib, libjpeg , freealut
-  , openscenegraph, openal, expat, cmake
+  , openscenegraph, openal, expat, cmake, apr
   , ...}:
 builderDefsPackage
 (a :
@@ -13,11 +13,11 @@ let
     (builtins.attrNames (builtins.removeAttrs x helperArgNames));
   sourceInfo = rec {
     baseName="simgear";
-    version="2.10.0";
+    version="2.12.0";
     name="${baseName}-${version}";
     extension="tar.bz2";
     url="http://mirrors.ibiblio.org/pub/mirrors/simgear/ftp/Source/${name}.${extension}";
-    hash="0pb148hb35p1c5iz0kpiclmswjl9bax9xfm087ldpxsqg9a0sb2q";
+    hash="0spl6afk8rm96ss4lh7zy5561m5m2qgwsnqjyp35jr1gyyrc944f";
   };
 in
 rec {
diff --git a/pkgs/development/libraries/sodium/default.nix b/pkgs/development/libraries/sodium/default.nix
index 0d40df405744..13248753105f 100644
--- a/pkgs/development/libraries/sodium/default.nix
+++ b/pkgs/development/libraries/sodium/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="sodium";
-    version="0.3";
+    version="0.4.3";
     name="${baseName}-${version}";
-    hash="0l1p0d7ag186hhs65kifp8jfgf4mm9rngv41bhq35d7d9gw2d2lh";
-    url="http://download.dnscrypt.org/libsodium/releases/libsodium-0.3.tar.gz";
-    sha256="0l1p0d7ag186hhs65kifp8jfgf4mm9rngv41bhq35d7d9gw2d2lh";
+    hash="0hk0zca1kpj6xlc2j2qx9qy7287pi0896frmxq5d7qmcwsdf372r";
+    url="http://download.dnscrypt.org/libsodium/releases/libsodium-0.4.3.tar.gz";
+    sha256="0hk0zca1kpj6xlc2j2qx9qy7287pi0896frmxq5d7qmcwsdf372r";
   };
   buildInputs = [
   ];
diff --git a/pkgs/development/libraries/spice-protocol/default.nix b/pkgs/development/libraries/spice-protocol/default.nix
index e281b1fcf9d1..162a832c93af 100644
--- a/pkgs/development/libraries/spice-protocol/default.nix
+++ b/pkgs/development/libraries/spice-protocol/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = {
-    description = "Protocol headers for the SPICE protocol.";
+    description = "Protocol headers for the SPICE protocol";
     homepage = http://www.spice-space.org;
     license = stdenv.lib.licenses.bsd3;
 
diff --git a/pkgs/development/libraries/sqlite/3.7.14.nix b/pkgs/development/libraries/sqlite/3.7.14.nix
deleted file mode 100644
index 50338f98a2c2..000000000000
--- a/pkgs/development/libraries/sqlite/3.7.14.nix
+++ /dev/null
@@ -1,25 +0,0 @@
-{ stdenv, fetchurl, readline ? null, ncurses ? null }:
-
-assert readline != null -> ncurses != null;
-
-stdenv.mkDerivation {
-  name = "sqlite-3.7.14.1";
-
-  src = fetchurl {
-    url = http://www.sqlite.org/sqlite-autoconf-3071401.tar.gz;
-    sha1 = "c464e0e3efe98227c6546b9b1e786b51b8b642fc";
-  };
-
-  buildInputs = [ readline ncurses ];
-
-  configureFlags = "--enable-threadsafe";
-
-  CFLAGS = "-DSQLITE_ENABLE_COLUMN_METADATA=1 -DSQLITE_SECURE_DELETE=1 -DSQLITE_ENABLE_UNLOCK_NOTIFY=1";
-  LDFLAGS = if readline != null then "-lncurses" else "";
-
-  meta = {
-    homepage = http://www.sqlite.org/;
-    description = "A self-contained, serverless, zero-configuration, transactional SQL database engine";
-    platforms = stdenv.lib.platforms.linux;
-  };
-}
diff --git a/pkgs/development/libraries/sqlite/3.7.9-full.nix b/pkgs/development/libraries/sqlite/3.7.9-full.nix
deleted file mode 100644
index c6ef448ea122..000000000000
--- a/pkgs/development/libraries/sqlite/3.7.9-full.nix
+++ /dev/null
@@ -1,44 +0,0 @@
-{ stdenv, fetchurl, tcl, readline ? null, ncurses ? null }:
-
-assert readline != null -> ncurses != null;
-
-stdenv.mkDerivation {
-  # I try to keep a version no newer than default.nix, and similar CFLAGS,
-  # for this to be compatible with it.
-  name = "sqlite-3.7.9-full";
-
-  src = fetchurl {
-    url = "http://www.sqlite.org/cgi/src/tarball/SQLite-3.7.9.tar.gz?uuid=version-3.7.9";
-    sha256 = "0v11slxgjpx2nv7wp8c76wk2pa1dijs9v6zlcn2dj9jblp3bx8fk";
-  };
-
-  buildInputs = [ readline ncurses ];
-  nativeBuildInputs = [ tcl ];
-
-  doCheck = true;
-  checkTarget = "test";
-  
-  configureFlags = "--enable-threadsafe --enable-tempstore";
-
-  preConfigure = ''
-    ${ # The tests oserror-1.1.{1,2,3} need the fd limit < 2000
-       # and on the builders in NixOS we have 4096 now.
-       if stdenv.isLinux then "ulimit -n 1024" else ""}
-    export TCLLIBDIR=$out/${tcl.libdir}
-  '';
-
-  CFLAGS = "-DSQLITE_ENABLE_COLUMN_METADATA=1 -DSQLITE_SECURE_DELETE=1 -DSQLITE_ENABLE_UNLOCK_NOTIFY=1";
-  LDFLAGS = if readline != null then "-lncurses" else "";
-
-  postInstall = ''
-    make sqlite3_analyzer
-    cp sqlite3_analyzer $out/bin
-  '';
-
-  meta = {
-    homepage = http://www.sqlite.org/;
-    description = "A self-contained, serverless, zero-configuration, transactional SQL database engine";
-    maintainers = with stdenv.lib.maintainers; [viric];
-    platforms = with stdenv.lib.platforms; all;
-  };
-}
diff --git a/pkgs/development/libraries/sqlite/3.7.16.nix b/pkgs/development/libraries/sqlite/default.nix
index f681e94c6baf..7521abc599be 100644
--- a/pkgs/development/libraries/sqlite/3.7.16.nix
+++ b/pkgs/development/libraries/sqlite/default.nix
@@ -3,11 +3,11 @@
 assert readline != null -> ncurses != null;
 
 stdenv.mkDerivation {
-  name = "sqlite-3.7.16.2";
+  name = "sqlite-3.8.0.2";
 
   src = fetchurl {
-    url = http://www.sqlite.org/2013/sqlite-autoconf-3071602.tar.gz;
-    sha1 = "85bf857cf86f34831d55d7ba97606dba581b8d62";
+    url = http://www.sqlite.org/2013/sqlite-autoconf-3080002.tar.gz;
+    sha1 = "294c30e882a0d45877bce09afe72d08ccfc6b650";
   };
 
   buildInputs = [ readline ncurses ];
diff --git a/pkgs/development/libraries/tinyxml/2.6.2.nix b/pkgs/development/libraries/tinyxml/2.6.2.nix
index fde30a98fe98..e1cc1f27c1d0 100644
--- a/pkgs/development/libraries/tinyxml/2.6.2.nix
+++ b/pkgs/development/libraries/tinyxml/2.6.2.nix
@@ -58,7 +58,7 @@ in stdenv.mkDerivation {
   '';
   
   meta = {
-    description = "TinyXML is a simple, small, C++ XML parser that can be easily integrating into other programs.";
+    description = "Simple, small, C++ XML parser that can be easily integrating into other programs";
     homepage = "http://www.grinninglizard.com/tinyxml/index.html";
     license = "free-non-copyleft";
   };
diff --git a/pkgs/development/libraries/unixODBCDrivers/default.nix b/pkgs/development/libraries/unixODBCDrivers/default.nix
index 421843b27372..47925520ab47 100644
--- a/pkgs/development/libraries/unixODBCDrivers/default.nix
+++ b/pkgs/development/libraries/unixODBCDrivers/default.nix
@@ -78,19 +78,29 @@ args : with args;
       "FileUsage       = 3\n ";
  };
  sqlite = rec {
-    deriv = stdenv.mkDerivation {
-      name = "sqlite-connector-odbc-3.51.12";
+    deriv = let version = "0.995"; in
+    stdenv.mkDerivation {
+      name = "sqlite-connector-odbc-${version}";
+
       src = fetchurl {
-        url = http://www.ch-werner.de/sqliteodbc/sqliteodbc-0.70.tar.gz;
-        sha256 = "0ysyqdqkxqcqxrxgi15cbrzia9z6yalim5c88faad85bwanx4db8";
+        url = "http://www.ch-werner.de/sqliteodbc/sqliteodbc-${version}.tar.gz";
+        sha256 = "1r97fw6xy5w2f8c0ii7blfqfi6salvd3k8wnxpx9wqc1gxk8jnyy";
       };
+
+      buildInputs = [ sqlite ];
+
       configureFlags = "--with-sqlite3=${sqlite} --with-odbc=${unixODBC}";
-      postInstall = ''mkdir lib; mv $out/* lib; mv lib $out'';
-      buildInputs = [libtool zlib sqlite];
+
+      postInstall = ''
+        mkdir -p  $out/lib
+      '';
+
       meta = { 
-        description = "sqlite odbc connector, install using configuration.nix";
-        homepage = http://www.ch-werner.de/sqliteodbc/html/index.html;
-        license = "BSD";
+        description = "ODBC driver for SQLite";
+        homepage = http://www.ch-werner.de/sqliteodbc;
+        license = stdenv.lib.licenses.bsd2;
+        platforms = stdenv.lib.platforms.linux;
+        maintainers = with stdenv.lib.maintainers; [ vlstill ];
       };
     };
     ini =
diff --git a/pkgs/development/libraries/v8/default.nix b/pkgs/development/libraries/v8/default.nix
index 3fc3138ef526..5ac2487c9edc 100644
--- a/pkgs/development/libraries/v8/default.nix
+++ b/pkgs/development/libraries/v8/default.nix
@@ -56,7 +56,7 @@ stdenv.mkDerivation {
 
     meta = with stdenv.lib; {
       description = "V8 is Google's open source JavaScript engine";
-      platforms = platforms.unix; 
+      platforms = platforms.linux ++ platforms.darwin;
       license = licenses.bsd3;
     };
 }
diff --git a/pkgs/development/libraries/vcdimager/default.nix b/pkgs/development/libraries/vcdimager/default.nix
index 58b9d2f25735..e93f071aefac 100644
--- a/pkgs/development/libraries/vcdimager/default.nix
+++ b/pkgs/development/libraries/vcdimager/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://www.gnu.org/software/vcdimager/;
-    description = "GNU VCDImager is a full-featured mastering suite for authoring, disassembling and analyzing Video CDs and Super Video CDs.";
+    description = "Full-featured mastering suite for authoring, disassembling and analyzing Video CDs and Super Video CDs";
     platforms = stdenv.lib.platforms.gnu; # random choice
   };
 }
diff --git a/pkgs/development/lisp-modules/asdf/default.nix b/pkgs/development/lisp-modules/asdf/default.nix
new file mode 100644
index 000000000000..48b49ee3583b
--- /dev/null
+++ b/pkgs/development/lisp-modules/asdf/default.nix
@@ -0,0 +1,40 @@
+{stdenv, fetchurl, texinfo, texLive}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="asdf";
+    version="3.0.2.4";
+    name="${baseName}-${version}";
+    hash="0b6rkpghw2vndvmgyacijdn3d76ykbjfwpxwv8m0jl7ynrf6l5ag";
+    url="http://common-lisp.net/project/asdf/archives/asdf-3.0.2.4.tar.gz";
+    sha256="0b6rkpghw2vndvmgyacijdn3d76ykbjfwpxwv8m0jl7ynrf6l5ag";
+  };
+  buildInputs = [
+    texinfo texLive
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  buildPhase = ''
+    make build/asdf.lisp
+    make -C doc asdf.info asdf.html
+  '';
+  installPhase = ''
+    mkdir -p "$out"/lib/common-lisp/asdf/
+    mkdir -p "$out"/share/doc/asdf/
+    cp -r ./* "$out"/lib/common-lisp/asdf/
+    cp -r doc/* "$out"/share/doc/asdf/
+  '';
+  sourceRoot=".";
+  meta = {
+    inherit (s) version;
+    description = ''Standard software-system definition library for Common Lisp'';
+    license = stdenv.lib.licenses.mit ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/lisp-modules/asdf/default.upstream b/pkgs/development/lisp-modules/asdf/default.upstream
new file mode 100644
index 000000000000..d8625182352f
--- /dev/null
+++ b/pkgs/development/lisp-modules/asdf/default.upstream
@@ -0,0 +1,2 @@
+url http://common-lisp.net/project/asdf/archives/
+version_link asdf-[0-9].*[.]tar[.].*
diff --git a/pkgs/development/lisp-modules/clwrapper/cl-wrapper.sh b/pkgs/development/lisp-modules/clwrapper/cl-wrapper.sh
new file mode 100755
index 000000000000..91b8a0c2bb0f
--- /dev/null
+++ b/pkgs/development/lisp-modules/clwrapper/cl-wrapper.sh
@@ -0,0 +1,44 @@
+#! /bin/sh
+# Part of NixPkgs package collection
+# This script can be used at your option under the same license as NixPkgs or 
+# under MIT/X11 license
+
+eval "$NIX_LISP_PREHOOK"
+
+NIX_LISP_COMMAND="$1"
+shift
+
+[ -z "$NIX_LISP" ] && NIX_LISP="${NIX_LISP_COMMAND##*/}"
+
+export NIX_LISP NIX_LISP_LOAD_FILE NIX_LISP_EXEC_CODE NIX_LISP_COMMAND NIX_LISP_FINAL_PARAMETERS
+
+case "$NIX_LISP" in
+	sbcl)
+		NIX_LISP_LOAD_FILE="--load"
+		NIX_LISP_EXEC_CODE="--eval"
+		NIX_LISP_FINAL_PARAMETERS=
+		;;
+	ecl)
+		NIX_LISP_LOAD_FILE="-load"
+		NIX_LISP_EXEC_CODE="-eval"
+		NIX_LISP_FINAL_PARAMETERS=
+		;;
+	clisp)
+		NIX_LISP_LOAD_FILE="-c -l"
+		NIX_LISP_EXEC_CODE="-x"
+		NIX_LISP_FINAL_PARAMETERS="-repl"
+		;;
+esac
+
+NIX_LISP_ASDF_REGISTRY_CODE="
+  (progn
+    (setf asdf:*default-source-registries* '(asdf/source-registry:environment-source-registry))
+    (asdf:initialize-source-registry)
+    )
+"
+
+[ -z "$NIX_LISP_SKIP_CODE" ] && "$NIX_LISP_COMMAND" $NIX_LISP_EARLY_OPTIONS \
+	$NIX_LISP_EXEC_CODE "(load \"$NIX_LISP_ASDF/lib/common-lisp/asdf/build/asdf.lisp\")" \
+	$NIX_LISP_EXEC_CODE "$NIX_LISP_ASDF_REGISTRY_CODE" \
+	$NIX_LISP_FINAL_PARAMETERS \
+	"$@"
diff --git a/pkgs/development/lisp-modules/clwrapper/common-lisp.sh b/pkgs/development/lisp-modules/clwrapper/common-lisp.sh
new file mode 100755
index 000000000000..b22ca016128a
--- /dev/null
+++ b/pkgs/development/lisp-modules/clwrapper/common-lisp.sh
@@ -0,0 +1,3 @@
+#! /bin/sh
+
+"$(dirname "$0")"/cl-wrapper.sh "${NIX_LISP_COMMAND:-sbcl}" "$@"
diff --git a/pkgs/development/lisp-modules/clwrapper/default.nix b/pkgs/development/lisp-modules/clwrapper/default.nix
new file mode 100644
index 000000000000..0ae4ce13064c
--- /dev/null
+++ b/pkgs/development/lisp-modules/clwrapper/default.nix
@@ -0,0 +1,28 @@
+{stdenv, fetchurl, asdf, lisp ? null}:
+stdenv.mkDerivation {
+  name = "cl-wrapper-script";
+
+  buildPhase="";
+
+  installPhase=''
+    mkdir -p "$out"/bin
+    cp ${./cl-wrapper.sh} "$out"/bin/cl-wrapper.sh
+    cp ${./common-lisp.sh} "$out"/bin/common-lisp.sh
+    chmod a+x "$out"/bin/*
+  '';
+
+  inherit asdf lisp;
+
+  setupHook = ./setup-hook.sh;
+
+  phases="installPhase fixupPhase";
+
+  passthru = {
+    inherit lisp;
+  };
+
+  meta = {
+    description = ''Script used to wrap Common Lisp implementations'';
+    maintainers = [stdenv.lib.maintainers.raskin];
+  };
+}
diff --git a/pkgs/development/lisp-modules/clwrapper/setup-hook.sh b/pkgs/development/lisp-modules/clwrapper/setup-hook.sh
new file mode 100644
index 000000000000..e5deb47fd5df
--- /dev/null
+++ b/pkgs/development/lisp-modules/clwrapper/setup-hook.sh
@@ -0,0 +1,39 @@
+NIX_LISP_ASDF="@asdf@"
+
+CL_SOURCE_REGISTRY="@asdf@/lib/common-lisp/asdf/:@asdf@/lib/common-lisp/asdf/uiop/"
+
+addASDFPaths () {
+    for j in "$1"/lib/common-lisp/*; do
+	if [ -d "$j" ]; then
+            CL_SOURCE_REGISTRY="$CL_SOURCE_REGISTRY:$j/"
+	fi
+    done
+}
+
+setLisp () {
+    if [ -z "$NIX_LISP_COMMAND" ]; then 
+      for j in "$1"/bin/*; do
+          case "$(basename "$j")" in
+              sbcl) NIX_LISP_COMMAND="$j" ;;
+              ecl) NIX_LISP_COMMAND="$j" ;;
+              clisp) NIX_LISP_COMMAND="$j" ;;
+          esac
+      done
+    fi
+    if [ -z "$NIX_LISP" ]; then 
+        NIX_LISP="${NIX_LISP_COMMAND##*/}"
+    fi
+}
+
+collectNixLispLDLP () {
+     if echo "$1/lib"/lib*.so* | grep . > /dev/null; then
+	 export NIX_LISP_LD_LIBRARY_PATH="$NIX_LISP_LD_LIBRARY_PATH${NIX_LISP_LD_LIBRARY_PATH:+:}$1/lib"
+     fi
+}
+
+export NIX_LISP_COMMAND NIX_LISP CL_SOURCE_REGISTRY NIX_LISP_ASDF
+
+envHooks=(envHooks[@] addASDFPaths setLisp collectNixLispLDLP)
+
+mkdir -p "$HOME"/.cache/common-lisp || HOME="$TMP/.temp-$USER-home"
+mkdir -p "$HOME"/.cache/common-lisp
diff --git a/pkgs/development/lisp-modules/define-package.nix b/pkgs/development/lisp-modules/define-package.nix
new file mode 100644
index 000000000000..675fc7e74681
--- /dev/null
+++ b/pkgs/development/lisp-modules/define-package.nix
@@ -0,0 +1,50 @@
+args @ {stdenv, clwrapper, baseName, version ? "latest", src, description, deps, 
+  buildInputs ? [], meta ? {}, overrides?(x: {})}:
+let 
+  deployConfigScript = ''
+    config_script="$out"/lib/common-lisp-settings/${args.baseName}-shell-config.sh
+    mkdir -p "$(dirname "$config_script")"
+    touch "$config_script"
+    chmod a+x "$config_script"
+    echo "export NIX_LISP_COMMAND='$NIX_LISP_COMMAND'" >> "$config_script"
+    echo "export NIX_LISP_ASDF='$NIX_LISP_ASDF'" >> "$config_script"
+    echo "export CL_SOURCE_REGISTRY="\$CL_SOURCE_REGISTRY\''${CL_SOURCE_REGISTRY:+:}"'$CL_SOURCE_REGISTRY:$out/lib/common-lisp/${args.baseName}/'" >> "$config_script"
+    test -n "$LD_LIBRARY_PATH" &&
+        echo "export LD_LIBRARY_PATH=\"\$LD_LIBRARY_PATH\''${LD_LIBRARY_PATH:+:}\"'$LD_LIBRARY_PATH'" >> "$config_script"
+    test -n "$NIX_LISP_LD_LIBRARY_PATH" &&
+        echo "export NIX_LISP_LD_LIBRARY_PATH=\"\$NIX_LISP_LD_LIBRARY_PATH\''${NIX_LISP_LD_LIBRARY_PATH:+:}\"'$NIX_LISP_LD_LIBRARY_PATH'" >> "$config_script"
+  '';
+  deployLaunchScript = ''
+    launch_script="$out"/bin/${args.baseName}-lisp-launcher.sh
+    mkdir -p "$(dirname "$launch_script")"
+    touch "$launch_script"
+    chmod a+x "$launch_script"
+    echo "#! /bin/sh" >> "$launch_script"
+    echo "source '$config_script'" >> "$launch_script"
+    echo "export LD_LIBRARY_PATH=\"\$NIX_LISP_LD_LIBRARY_PATH\''${NIX_LISP_LD_LIBRARY_PATH:+:}\$LD_LIBRARY_PATH\"" >> "$launch_script"
+    echo '"${clwrapper}/bin/common-lisp.sh" "$@"' >> "$launch_script" 
+  '';
+basePackage = {
+  name = "lisp-${baseName}-${version}";
+  inherit src;
+
+  inherit deployConfigScript deployLaunchScript;
+  installPhase = ''
+    mkdir -p "$out"/share/doc/${args.baseName};
+    mkdir -p "$out"/lib/common-lisp/${args.baseName};
+    cp -r . "$out"/lib/common-lisp/${args.baseName};
+    cp -rf doc/* LICENCE LICENSE COPYING README README.html README.md readme.html "$out"/share/doc/${args.baseName} || true
+
+    ${deployConfigScript}
+    ${deployLaunchScript}
+  '';
+  propagatedBuildInputs = args.deps ++ [clwrapper clwrapper.lisp];
+  buildInputs = buildInputs;
+  dontStrip=true;
+  meta = {
+    inherit description version;
+  } // meta;
+};
+package = basePackage // (overrides basePackage);
+in
+stdenv.mkDerivation package
diff --git a/pkgs/development/lisp-modules/from-quicklisp/asdf-description.sh b/pkgs/development/lisp-modules/from-quicklisp/asdf-description.sh
new file mode 100755
index 000000000000..6c240d15c76e
--- /dev/null
+++ b/pkgs/development/lisp-modules/from-quicklisp/asdf-description.sh
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+[ -z "$NIX_QUICKLISP_DIR" ] && {
+  export NIX_QUICKLISP_DIR="$(mktemp -d --tmpdir nix-quicklisp.XXXXXX)"
+}
+
+[ -f "$NIX_QUICKLISP_DIR/setup.lisp" ] || {
+  "$(dirname "$0")/quicklisp-beta-env.sh" "$NIX_QUICKLISP_DIR" &> /dev/null < /dev/null
+}
+
+name="$1"
+
+sbcl --noinform --load "$NIX_QUICKLISP_DIR"/setup.lisp --eval "(ql:quickload :$name)" \
+	--eval "(format t \"~a~%\" (or (asdf::system-description (asdf::find-system \"$name\")) \"\"))" \
+	--eval '(quit)' --script |
+    tee /dev/stderr | tail -n 1
diff --git a/pkgs/development/lisp-modules/from-quicklisp/barebones-quicklisp-expression.sh b/pkgs/development/lisp-modules/from-quicklisp/barebones-quicklisp-expression.sh
new file mode 100755
index 000000000000..61c00eb92ae8
--- /dev/null
+++ b/pkgs/development/lisp-modules/from-quicklisp/barebones-quicklisp-expression.sh
@@ -0,0 +1,78 @@
+#! /bin/sh
+
+name="$1"
+
+nix-instantiate "$(dirname "$0")"/../../../../ -A "lispPackages.$name" > /dev/null && exit
+[ "$NIX_LISP_PACKAGES_DEFINED" != "${NIX_LISP_PACKAGES_DEFINED/$name/@@}" ] && exit
+
+NIX_LISP_PACKAGES_DEFINED="$NIX_LISP_PACKAGES_DEFINED $1 "
+
+[ -z "$NIX_QUICKLISP_DIR" ] && {
+  export NIX_QUICKLISP_DIR="$(mktemp -d --tmpdir nix-quicklisp.XXXXXX)"
+}
+
+[ -f "$NIX_QUICKLISP_DIR/setup.lisp" ] || {
+  "$(dirname "$0")/quicklisp-beta-env.sh" "$NIX_QUICKLISP_DIR" &> /dev/null < /dev/null
+}
+
+description="$("$(dirname "$0")/asdf-description.sh" "$name")"
+[ -z "$description" ] && {
+  description="$(curl -L https://github.com/quicklisp/quicklisp-projects/raw/master/"$name"/description.txt)"
+  [ "$(echo "$description" | wc -l)" -gt 10 ] && description=""
+}
+
+dependencies="$("$(dirname "$0")/quicklisp-dependencies.sh" "$name" | xargs)"
+ql_src="$(curl -L https://github.com/quicklisp/quicklisp-projects/raw/master/"$name"/source.txt)"
+ql_src_type="${ql_src%% *}"
+url="${ql_src##* }"
+
+[ "$ql_src_type" = git ] && {
+  fetcher="pkgs.fetchgit"
+  [ "${url#git://github.com/}" != "$url" ] && {
+    url="${url/git:/https:}"
+    url="${url%.git}"
+    rev=$("$(dirname "$0")/../../../build-support/upstream-updater/urls-from-page.sh" "$url/commits" | grep /commit/ | head -n 1 | xargs basename)
+    hash=$("$(dirname "$0")/../../../build-support/fetchgit/nix-prefetch-git" "$url" "$rev")
+    version="git-$(date +%Y%m%d)";
+  }
+  [ "${url#git://common-lisp.net/}" != "$url" ] && {
+    http_repo_url="$url"
+    http_repo_url="${http_repo_url/git:/http:}"
+    http_repo_url="${http_repo_url/\/projects\// /r/projects/}"
+    http_repo_head="$http_repo_url/refs/heads/master"
+    echo "$http_repo_head" >&2
+    rev=$(curl -L "$http_repo_head");
+    hash=$("$(dirname "$0")/../../../build-support/fetchgit/nix-prefetch-git" "$url" "$rev")
+    version="git-$(date +%Y%m%d)";
+  }
+}
+
+[ "$ql_src_type" = cvs ] && {
+  fetcher="pkgs.fetchcvs"
+  date="$(date -d yesterday +%Y-%m-%d)"
+  version="cvs-$date"
+  module="${module:-$name}"
+  hash=$(USE_DATE=1 "$(dirname "$0")/../../../build-support/fetchcvs/nix-prefetch-cvs" "$url" "$module" "$date")
+  cvsRoot="$url"
+  unset url
+}
+
+cat << EOF
+
+  $name = buildLispPackage rec {
+    baseName = "$name";
+    version = "${version:-\${Set me //}";
+    description = "$description";
+    deps = [$dependencies];
+    src = ${fetcher:-pkgs.fetchurl} {
+      ${url:+url = ''$url'';}
+      sha256 = "${hash:-0000000000000000000000000000000000000000000000000000000000000000}";
+      ${rev:+rev = ''$rev'';}
+      ${date:+date = ''$date'';}
+      ${module:+module = ''$module'';}
+      ${cvsRoot:+cvsRoot = ''$cvsRoot'';}
+    };
+  };
+EOF
+
+for i in $dependencies; do "$0" "$i"; done
diff --git a/pkgs/development/lisp-modules/from-quicklisp/quicklisp-beta-env.sh b/pkgs/development/lisp-modules/from-quicklisp/quicklisp-beta-env.sh
new file mode 100755
index 000000000000..32fbbe4bb2bc
--- /dev/null
+++ b/pkgs/development/lisp-modules/from-quicklisp/quicklisp-beta-env.sh
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+WORK_DIR=$(mktemp -d "/tmp/ql-venv-XXXXXX")
+mkdir -p "${1:-.}"
+TARGET="$(cd "${1:-.}"; pwd)"
+
+curl http://beta.quicklisp.org/quicklisp.lisp > "$WORK_DIR/ql.lisp"
+
+sbcl --noinform \
+     --load "$WORK_DIR/ql.lisp" \
+     --eval "(quicklisp-quickstart:install :path \"$TARGET/\")" \
+     --eval "(cl-user::quit)" \
+     --script
+
+
+rm -rf "$WORK_DIR"
diff --git a/pkgs/development/lisp-modules/from-quicklisp/quicklisp-dependencies.sh b/pkgs/development/lisp-modules/from-quicklisp/quicklisp-dependencies.sh
new file mode 100755
index 000000000000..24efbdd3e16e
--- /dev/null
+++ b/pkgs/development/lisp-modules/from-quicklisp/quicklisp-dependencies.sh
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+[ -z "$NIX_QUICKLISP_DIR" ] && {
+  export NIX_QUICKLISP_DIR="$(mktemp -d --tmpdir nix-quicklisp.XXXXXX)"
+}
+
+[ -f "$NIX_QUICKLISP_DIR/setup.lisp" ] || {
+  "$(dirname "$0")/quicklisp-beta-env.sh" "$NIX_QUICKLISP_DIR" &> /dev/null < /dev/null
+}
+
+sbcl --noinform --eval "(with-output-to-string (*standard-output*) (load \"$NIX_QUICKLISP_DIR/setup.lisp\"))" --eval "(with-output-to-string (*standard-output*) (with-output-to-string (*error-output*) (with-output-to-string (*trace-output*) (ql:quickload :$1))))" --eval "(format t \"~{~a~%~}\" (mapcar 'ql::name (mapcar 'car (cdr (ql::dependency-tree \"$1\")))))" --eval '(quit)' --script
diff --git a/pkgs/development/lisp-modules/from-quicklisp/tmp.nix b/pkgs/development/lisp-modules/from-quicklisp/tmp.nix
new file mode 100644
index 000000000000..e69de29bb2d1
--- /dev/null
+++ b/pkgs/development/lisp-modules/from-quicklisp/tmp.nix
diff --git a/pkgs/development/lisp-modules/lisp-packages.nix b/pkgs/development/lisp-modules/lisp-packages.nix
new file mode 100644
index 000000000000..015d5fccdc35
--- /dev/null
+++ b/pkgs/development/lisp-modules/lisp-packages.nix
@@ -0,0 +1,103 @@
+{stdenv, clwrapper, pkgs}:
+let lispPackages = rec {
+  inherit pkgs clwrapper stdenv;
+  nixLib = pkgs.lib;
+  callPackage = nixLib.callPackageWith lispPackages;
+
+  buildLispPackage =  callPackage ./define-package.nix;
+
+  cl-ppcre = buildLispPackage rec {
+    baseName = "cl-ppcre";
+    version = "2.0.4";
+    description = "Regular expression library for Common Lisp";
+    deps = [];
+    src = pkgs.fetchurl {
+      url = "https://github.com/edicl/cl-ppcre/archive/v${version}.tar.gz";
+      sha256 = "16nkfg6j7nn8qkzxn462kqpdlbajpz2p55pdl12sia6yqkj3lh97";
+    };
+  };
+
+  clx = buildLispPackage rec {
+    baseName = "clx";
+    version = "2013-09";
+    description = "X11 bindings for Common Lisp";
+    deps = [];
+    src = pkgs.fetchgit {
+      url = "https://github.com/sharplispers/clx/";
+      rev = "e2b762ac93d78d6eeca4f36698c8dfd1537ce998";
+      sha256 = "0jcrmlaayz7m8ixgriq7id3pdklyk785qvpcxdpcp4aqnfiiqhij";
+    };
+  };
+
+  iterate = buildLispPackage rec {
+    baseName = "iterate";
+    version = "1.4.3";
+    description = "Iteration package for Common Lisp";
+    deps = [];
+    src = pkgs.fetchdarcs {
+      url = "http://common-lisp.net/project/iterate/darcs/iterate";
+      sha256 = "0m3q0s7h5s8varwx584m2akgdslj14df7kg4w1bj1fbgzsag5m1w";
+      tag=version;
+    };
+    overrides = x: {
+      configurePhase="buildPhase(){ true; }";
+    };
+  };
+
+  stumpwm = callPackage ./stumpwm {};
+
+  alexandria = buildLispPackage rec {
+    baseName = "alexandria";
+    version = "git-20131029";
+    description = "Alexandria is a collection of portable public domain utilities.";
+    deps = [];
+    src = pkgs.fetchgit {
+      url = "git://common-lisp.net/projects/alexandria/alexandria.git";
+      sha256 = "1d981a243f9d4d3c9fd86cc47698050507ff615b87b9a710449abdb4234e501b";
+      rev = ''2b1eb4067fb34bc501e527de75d09166a8ba9ceb'';
+    };
+  };
+
+  esrap-peg = buildLispPackage rec {
+    baseName = "esrap-peg";
+    version = "git-20131029";
+    description = "A wrapper around Esrap to allow generating Esrap grammars from PEG definitions";
+    deps = [alexandria cl-unification esrap iterate];
+    src = pkgs.fetchgit {
+      url = "https://github.com/fb08af68/esrap-peg";
+      sha256 = "48e616a697aca95e90e55052fdc9a7f96bf29b3208b1b4012fcd3189c2eceeb1";
+      rev = ''1f2f21e32e618f71ed664cdc5e7005f8b6b0f7c8'';
+      
+      
+    };
+  };
+
+  cl-unification = buildLispPackage rec {
+    baseName = "cl-unification";
+    version = "cvs-2013-10-28";
+    description = "";
+    deps = [];
+    src = pkgs.fetchcvs {
+      sha256 = "a574b7f9615232366e3e5e7ee400d60dbff23f6d0e1def5a3c77aafdfd786e6a";
+      
+      date = ''2013-10-28'';
+      module = ''cl-unification'';
+      cvsRoot = '':pserver:anonymous:anonymous@common-lisp.net:/project/cl-unification/cvsroot'';
+    };
+  };
+
+  esrap = buildLispPackage rec {
+    baseName = "esrap";
+    version = "git-20131029";
+    description = "A Packrat / Parsing Grammar / TDPL parser for Common Lisp.";
+    deps = [alexandria];
+    src = pkgs.fetchgit {
+      url = "https://github.com/scymtym/esrap";
+      sha256 = "c56616ac01be0f69e72902f9fd830a8af2c2fa9018b66747a5da3988ae38817f";
+      rev = ''c71933b84e220f21e8a509ec26afe3e3871e2e26'';
+      
+      
+    };
+  };
+};
+in lispPackages
diff --git a/pkgs/development/lisp-modules/stumpwm/default.nix b/pkgs/development/lisp-modules/stumpwm/default.nix
new file mode 100644
index 000000000000..f6ef41dda1da
--- /dev/null
+++ b/pkgs/development/lisp-modules/stumpwm/default.nix
@@ -0,0 +1,33 @@
+{pkgs, nixLib, clwrapper, cl-ppcre, clx, buildLispPackage}: 
+buildLispPackage rec {
+  baseName = "stumpwm";
+  version = "2013-09";
+  src = pkgs.fetchgit {
+    url = "https://github.com/sabetts/stumpwm";
+    sha256 = "0dd69myssfn2bsdx3xdp65mjrvs9x81dl3y3659pyf1avnjlir7h";
+    rev = "565ef58f04f59e1667ec1da4087f1a43a32cd67f";
+  };
+  description = "Tiling window manager for X11";
+  deps = [cl-ppcre clx];
+  buildInputs = with pkgs; [texinfo autoconf which makeWrapper];
+  meta = {
+    maintainers = [nixLib.maintainers.raskin];
+    platforms = nixLib.platforms.linux;
+  };
+  overrides = x: {
+    preConfigure = ''
+      ${x.deployConfigScript}
+      export CL_SOURCE_REGISTRY="$CL_SOURCE_REGISTRY:$PWD/"
+      ./autogen.sh 
+      configureFlags=" --with-lisp=$NIX_LISP --with-$NIX_LISP=$(which common-lisp.sh) "
+    '';
+    installPhase=x.installPhase + ''
+      make install 
+
+      if [ "$NIX_LISP" = "sbcl" ]; then
+        wrapProgram "$out"/bin/stumpwm --set SBCL_HOME "${clwrapper.lisp}/lib/sbcl"
+      fi;
+    '';
+    postInstall = ''false'';
+  };
+}
diff --git a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix
index 3c28ed04dba2..5218f5b77448 100644
--- a/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix
+++ b/pkgs/development/misc/avr-gcc-with-avr-libc/default.nix
@@ -79,7 +79,7 @@ stdenv.mkDerivation {
   };
 
   meta = { 
-      description = "avr gcc developement environment including binutils, avr-gcc and avr-libc";
+      description = "AVR developement environment including binutils, avr-gcc and avr-libc";
       # I've tried compiling the packages separately.. too much hassle. This just works. Fine.
       license =  ["GPL" "LGPL"]; # see single packages ..
       homepage = []; # dito
diff --git a/pkgs/development/mobile/androidenv/addon.xml b/pkgs/development/mobile/androidenv/addon.xml
index 635d0ae964f6..2020f48b1d2c 100644
--- a/pkgs/development/mobile/androidenv/addon.xml
+++ b/pkgs/development/mobile/androidenv/addon.xml
@@ -781,14 +781,14 @@ August 15, 2011
     </sdk:add-on>
 
     <sdk:add-on>
-        <!-- Generated at Tue Jul 23 17:14:07 2013 from git_jb-mr2-release @ 737497 -->
+        <!-- Generated at Mon Aug 12 12:42:05 2013 from git_jb-mr2-dev @ 774058 -->
         <sdk:vendor-id>google</sdk:vendor-id>
         <sdk:vendor-display>Google Inc.</sdk:vendor-display>
         <sdk:name-id>google_apis</sdk:name-id>
         <sdk:name-display>Google APIs</sdk:name-display>
         <sdk:description>Android + Google APIs</sdk:description>
         <sdk:api-level>18</sdk:api-level>
-        <sdk:revision>1</sdk:revision>
+        <sdk:revision>2</sdk:revision>
         <sdk:libs>
             <sdk:lib>
                 <sdk:name>com.google.android.maps</sdk:name>
@@ -802,9 +802,9 @@ August 15, 2011
         </sdk:libs>
         <sdk:archives>
             <sdk:archive arch="any" os="any">
-                <sdk:size>147899839</sdk:size>
-                <sdk:checksum type="sha1">5c0c24f04e6b65c61da83408b7aee79228c24a40</sdk:checksum>
-                <sdk:url>google_apis-18_r01.zip</sdk:url>
+                <sdk:size>142778022</sdk:size>
+                <sdk:checksum type="sha1">40f2a6a6d6227dadd82cfe0f9783bd4c6bdb29c2</sdk:checksum>
+                <sdk:url>google_apis-18_r02.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
         <sdk:uses-license ref="android-sdk-license"/>
@@ -855,14 +855,14 @@ August 15, 2011
         <sdk:vendor-display>Google Inc.</sdk:vendor-display>
         <sdk:name-display>Google Repository</sdk:name-display>
         <sdk:path>m2repository</sdk:path>
-        <sdk:revision>1</sdk:revision>
+        <sdk:revision>2</sdk:revision>
         <sdk:description>Local Maven repository for Google Libraries</sdk:description>
         <sdk:uses-license ref="android-sdk-license"/>
         <sdk:archives>
             <sdk:archive os="any">
-                <sdk:size>660833</sdk:size>
-                <sdk:checksum type="sha1">d9a20d960f0d9a8de61a9ced5fc6c2c605f6c6c0</sdk:checksum>
-                <sdk:url>google_m2repository_r01.zip</sdk:url>
+                <sdk:size>2043649</sdk:size>
+                <sdk:checksum type="sha1">f518e0170e84a6bccbadb8a043989cc61f4c37aa</sdk:checksum>
+                <sdk:url>google_m2repository_r02.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
     </sdk:extra>
@@ -910,15 +910,15 @@ August 15, 2011
         <sdk:vendor-display>Google Inc.</sdk:vendor-display>
         <sdk:name-display>Google Play services</sdk:name-display>
         <sdk:path>google_play_services</sdk:path>
-        <sdk:revision>9</sdk:revision>
+        <sdk:revision>11</sdk:revision>
         <sdk:description>Google Play Services client library and sample code</sdk:description>
         <sdk:desc-url>https://developers.google.com/android/google-play-services/index</sdk:desc-url>
         <sdk:uses-license ref="android-sdk-license"/>
         <sdk:archives>
             <sdk:archive os="any">
-                <sdk:size>5125755</sdk:size>
-                <sdk:checksum type="sha1">3e31fc0b982f938edf216afe9e532774db12607a</sdk:checksum>
-                <sdk:url>google_play_services_3159130_r09.zip</sdk:url>
+                <sdk:size>5265306</sdk:size>
+                <sdk:checksum type="sha1">00851350c55b016bef202700f643f246fb0c24ea</sdk:checksum>
+                <sdk:url>google_play_services_3264130_r11.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
     </sdk:extra>
diff --git a/pkgs/development/mobile/androidenv/addons.nix b/pkgs/development/mobile/androidenv/addons.nix
index 651c84533f06..2fd66420cf6e 100644
--- a/pkgs/development/mobile/androidenv/addons.nix
+++ b/pkgs/development/mobile/androidenv/addons.nix
@@ -197,8 +197,8 @@ in
   google_apis_18 = buildGoogleApis {
     name = "google_apis-18";
       src = fetchurl {
-        url = https://dl-ssl.google.com/android/repository/google_apis-18_r01.zip;
-        sha1 = "5c0c24f04e6b65c61da83408b7aee79228c24a40";
+        url = https://dl-ssl.google.com/android/repository/google_apis-18_r02.zip;
+        sha1 = "40f2a6a6d6227dadd82cfe0f9783bd4c6bdb29c2";
       };
       meta = {
         description = "Android + Google APIs";
diff --git a/pkgs/development/mobile/androidenv/androidsdk.nix b/pkgs/development/mobile/androidenv/androidsdk.nix
index 38377cf8bbb4..0b5f69ed3e2b 100644
--- a/pkgs/development/mobile/androidenv/androidsdk.nix
+++ b/pkgs/development/mobile/androidenv/androidsdk.nix
@@ -8,16 +8,16 @@
 {platformVersions, abiVersions, useGoogleAPIs}:
 
 stdenv.mkDerivation {
-  name = "android-sdk-22.05";
+  name = "android-sdk-22.2";
   
   src = if (stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux")
     then fetchurl {
-      url = http://dl.google.com/android/android-sdk_r22.0.5-linux.tgz;
-      md5 = "8201b10c21510f082c54f58a9bb082c8";
+      url = http://dl.google.com/android/android-sdk_r22.2-linux.tgz;
+      md5 = "2a3776839e823ba9acb7a87a3fe26e02";
     }
     else if stdenv.system == "x86_64-darwin" then fetchurl {
-      url = http://dl.google.com/android/android-sdk_r22.0.5-macosx.zip;
-      md5 = "94f3cbe896c332b94ee0408ae610a4b8";
+      url = http://dl.google.com/android/android-sdk_r22.2-macosx.zip;
+      md5 = "9dfef6404e2f842c433073796aed8b7d";
     }
     else throw "platform not ${stdenv.system} supported!";
   
diff --git a/pkgs/development/mobile/androidenv/build-app.nix b/pkgs/development/mobile/androidenv/build-app.nix
index 2792d364f15c..db7067c989c5 100644
--- a/pkgs/development/mobile/androidenv/build-app.nix
+++ b/pkgs/development/mobile/androidenv/build-app.nix
@@ -1,6 +1,7 @@
 { stdenv, androidsdk, jdk, ant }:
-{ name, src, platformVersions ? [ "8" ], useGoogleAPIs ? false, antFlags ? ""
+args@{ name, src, platformVersions ? [ "8" ], useGoogleAPIs ? false, antFlags ? ""
 , release ? false, keyStore ? null, keyAlias ? null, keyStorePassword ? null, keyAliasPassword ? null
+, ...
 }:
 
 assert release -> keyStore != null && keyAlias != null && keyStorePassword != null && keyAliasPassword != null;
@@ -15,9 +16,8 @@ let
     abiVersions = [];
   };
 in
-stdenv.mkDerivation {
+stdenv.mkDerivation ({
   name = stdenv.lib.replaceChars [" "] [""] name;
-  inherit src;
   
   ANDROID_HOME = "${androidsdkComposition}/libexec/android-sdk-${platformName}";
 
@@ -45,4 +45,5 @@ stdenv.mkDerivation {
     mkdir -p $out/nix-support
     echo "file binary-dist \"$(echo $out/*.apk)\"" > $out/nix-support/hydra-build-products
   '';
-}
+} //
+builtins.removeAttrs args ["name"])
diff --git a/pkgs/development/mobile/androidenv/build-tools.nix b/pkgs/development/mobile/androidenv/build-tools.nix
index 0d9cbc220803..58bf35493618 100644
--- a/pkgs/development/mobile/androidenv/build-tools.nix
+++ b/pkgs/development/mobile/androidenv/build-tools.nix
@@ -1,15 +1,15 @@
 {stdenv, stdenv_32bit, fetchurl, unzip, zlib_32bit}:
 
 stdenv.mkDerivation {
-  name = "android-build-tools-r18.0.1";
+  name = "android-build-tools-r18.1.0";
   src = if (stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux")
     then fetchurl {
-      url = https://dl-ssl.google.com/android/repository/build-tools_r18.0.1-linux.zip;
-      sha1 = "f11618492b0d2270c332325d45d752d3656a9640";
+      url = https://dl-ssl.google.com/android/repository/build-tools_r18.1-linux.zip;
+      sha1 = "f314a0599e51397f0886fe888b50dd98f2f050d8";
     }
     else if stdenv.system == "x86_64-darwin" then fetchurl {
-      url = https://dl-ssl.google.com/android/repository/build-tools_r18.0.1-macosx.zip;
-      sha1 = "d84f5692fb44d60fc53e5b2507cebf9f24626902";
+      url = https://dl-ssl.google.com/android/repository/build-tools_r18.1-macosx.zip;
+      sha1 = "16ddb299b8b43063e5bb3387ec17147c5053dfd8";
     }
     else throw "System ${stdenv.system} not supported!";
   
diff --git a/pkgs/development/mobile/androidenv/default.nix b/pkgs/development/mobile/androidenv/default.nix
index 3339a065e2ae..3c6263f125d9 100644
--- a/pkgs/development/mobile/androidenv/default.nix
+++ b/pkgs/development/mobile/androidenv/default.nix
@@ -64,6 +64,12 @@ rec {
     useGoogleAPIs = true;
   };
   
+  androidsdk_4_3 = androidsdk {
+    platformVersions = [ "18" ];
+    abiVersions = [ "armeabi-v7a" "x86" ];
+    useGoogleAPIs = true;
+  };
+  
   buildApp = import ./build-app.nix {
     inherit (pkgs) stdenv jdk ant;
     inherit androidsdk;
diff --git a/pkgs/development/mobile/androidenv/fetch b/pkgs/development/mobile/androidenv/fetch
new file mode 100755
index 000000000000..30aabc9e0863
--- /dev/null
+++ b/pkgs/development/mobile/androidenv/fetch
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+# this shows a list of available xmls
+android list sdk | grep 'Parse XML:' | cut -f8- -d\  # | xargs -n 1 curl -O
+
+# we skip the intel addons, as they are Windows+osX only
+# we skip the default sys-img (arm?) because it is empty
+curl -o repository-8.xml https://dl-ssl.google.com/android/repository/repository-8.xml
+curl -o addon.xml        https://dl-ssl.google.com/android/repository/addon.xml
+curl -o sys-img-mips.xml https://dl-ssl.google.com/android/repository/sys-img/mips/sys-img.xml
+curl -o sys-img-x86.xml  https://dl-ssl.google.com/android/repository/sys-img/x86/sys-img.xml
+
+./generate-addons.sh
+./generate-platforms.sh
+./generate-sysimages.sh
diff --git a/pkgs/development/mobile/androidenv/platforms-linux.nix b/pkgs/development/mobile/androidenv/platforms-linux.nix
index 2ca937b5534e..5db90ffef1c0 100644
--- a/pkgs/development/mobile/androidenv/platforms-linux.nix
+++ b/pkgs/development/mobile/androidenv/platforms-linux.nix
@@ -209,8 +209,8 @@ in
   platform_18 = buildPlatform {
     name = "android-platform-4.3";
     src = fetchurl {
-      url = https://dl-ssl.google.com/android/repository/android-18_r01.zip;
-      sha1 = "c24de91d6f296cf453701aef281609779fffb379";
+      url = https://dl-ssl.google.com/android/repository/android-18_r02.zip;
+      sha1 = "62a9438d4cf6692f4d6510c27a380be195db9534";
     };
     meta = {
       description = "Android SDK Platform 4.3";
diff --git a/pkgs/development/mobile/androidenv/platforms-macosx.nix b/pkgs/development/mobile/androidenv/platforms-macosx.nix
index c89cb9ed1272..c5ddf714cdf6 100644
--- a/pkgs/development/mobile/androidenv/platforms-macosx.nix
+++ b/pkgs/development/mobile/androidenv/platforms-macosx.nix
@@ -209,8 +209,8 @@ in
   platform_18 = buildPlatform {
     name = "android-platform-4.3";
     src = fetchurl {
-      url = https://dl-ssl.google.com/android/repository/android-18_r01.zip;
-      sha1 = "c24de91d6f296cf453701aef281609779fffb379";
+      url = https://dl-ssl.google.com/android/repository/android-18_r02.zip;
+      sha1 = "62a9438d4cf6692f4d6510c27a380be195db9534";
     };
     meta = {
       description = "Android SDK Platform 4.3";
diff --git a/pkgs/development/mobile/androidenv/repository-8.xml b/pkgs/development/mobile/androidenv/repository-8.xml
index 4e180ac4b3e6..79795aa49396 100644
--- a/pkgs/development/mobile/androidenv/repository-8.xml
+++ b/pkgs/development/mobile/androidenv/repository-8.xml
@@ -616,8 +616,8 @@ November 13, 2012
     </sdk:platform>
 
     <sdk:platform>
-        <!-- Generated at Tue Jul 23 17:16:25 2013 from git_jb-mr2-release @ 737497 -->
-        <sdk:revision>1</sdk:revision>
+        <!-- Generated at Wed Sep 11 18:15:07 2013 from git_jb-mr2-dev @ 819563 -->
+        <sdk:revision>2</sdk:revision>
         <sdk:description>Android SDK Platform 4.3</sdk:description>
         <sdk:version>4.3</sdk:version>
         <sdk:api-level>18</sdk:api-level>
@@ -625,14 +625,14 @@ November 13, 2012
             <sdk:major>21</sdk:major>
         </sdk:min-tools-rev>
         <sdk:layoutlib>
-            <sdk:api>9</sdk:api>
+            <sdk:api>10</sdk:api>
             <sdk:revision>1</sdk:revision>
         </sdk:layoutlib>
         <sdk:archives>
             <sdk:archive arch="any" os="any">
-                <sdk:size>48752456</sdk:size>
-                <sdk:checksum type="sha1">c24de91d6f296cf453701aef281609779fffb379</sdk:checksum>
-                <sdk:url>android-18_r01.zip</sdk:url>
+                <sdk:size>57319855</sdk:size>
+                <sdk:checksum type="sha1">62a9438d4cf6692f4d6510c27a380be195db9534</sdk:checksum>
+                <sdk:url>android-18_r02.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
         <sdk:uses-license ref="android-sdk-license"/>
@@ -705,16 +705,16 @@ November 13, 2012
     </sdk:system-image>
 
     <sdk:system-image>
-        <!-- Generated at Tue Jul 23 17:18:11 2013 from git_jb-mr2-release @ 737497 -->
-        <sdk:revision>1</sdk:revision>
+        <!-- Generated at Mon Aug 12 12:43:28 2013 from git_jb-mr2-dev @ 774058 -->
+        <sdk:revision>2</sdk:revision>
         <sdk:description>Android SDK Platform 4.3</sdk:description>
         <sdk:api-level>18</sdk:api-level>
         <sdk:abi>armeabi-v7a</sdk:abi>
         <sdk:archives>
             <sdk:archive arch="any" os="any">
-                <sdk:size>125597583</sdk:size>
-                <sdk:checksum type="sha1">5a9b8ac5b57dd0e3278f47deb5ee58e1db6f1f9e</sdk:checksum>
-                <sdk:url>sysimg_armv7a-18_r01.zip</sdk:url>
+                <sdk:size>125457135</sdk:size>
+                <sdk:checksum type="sha1">4a1a93200210d8c42793324362868846f67401ab</sdk:checksum>
+                <sdk:url>sysimg_armv7a-18_r02.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
         <sdk:uses-license ref="android-sdk-license"/>
@@ -1006,33 +1006,60 @@ November 13, 2012
         <sdk:uses-license ref="android-sdk-license"/>
     </sdk:build-tool>
 
+    <sdk:build-tool>
+        <!-- Generated at Wed Sep 11 17:41:47 2013 from git_jb-mr2-dev @ 819563 -->
+        <sdk:revision>
+            <sdk:major>18</sdk:major>
+            <sdk:minor>1</sdk:minor>
+            <sdk:micro>0</sdk:micro>
+        </sdk:revision>
+        <sdk:archives>
+            <sdk:archive arch="any" os="windows">
+                <sdk:size>19659547</sdk:size>
+                <sdk:checksum type="sha1">3a9810fc8559ab03c09378f07531e8cae2f1db30</sdk:checksum>
+                <sdk:url>build-tools_r18.1-windows.zip</sdk:url>
+            </sdk:archive>
+            <sdk:archive arch="any" os="linux">
+                <sdk:size>20229298</sdk:size>
+                <sdk:checksum type="sha1">f314a0599e51397f0886fe888b50dd98f2f050d8</sdk:checksum>
+                <sdk:url>build-tools_r18.1-linux.zip</sdk:url>
+            </sdk:archive>
+            <sdk:archive arch="any" os="macosx">
+                <sdk:size>20451524</sdk:size>
+                <sdk:checksum type="sha1">16ddb299b8b43063e5bb3387ec17147c5053dfd8</sdk:checksum>
+                <sdk:url>build-tools_r18.1-macosx.zip</sdk:url>
+            </sdk:archive>
+        </sdk:archives>
+        <sdk:uses-license ref="android-sdk-license"/>
+    </sdk:build-tool>
+
     <!-- TOOLS ........................ -->
 
     <sdk:tool>
-        <!-- Generated at Mon Jul 29 16:02:44 2013 from git_tools_r22 @ 757759 -->
+        <!-- Generated at Wed Sep 11 18:24:51 2013 from git_mirror-aosp-tools_r22.2 @ 822324 -->
         <sdk:revision>
             <sdk:major>22</sdk:major>
-            <sdk:minor>0</sdk:minor>
-            <sdk:micro>5</sdk:micro>
+            <sdk:minor>2</sdk:minor>
+            <sdk:micro>0</sdk:micro>
         </sdk:revision>
         <sdk:min-platform-tools-rev>
             <sdk:major>18</sdk:major>
         </sdk:min-platform-tools-rev>
         <sdk:archives>
             <sdk:archive arch="any" os="windows">
-                <sdk:size>113389691</sdk:size>
-                <sdk:checksum type="sha1">a3f450706b5374122f0edb76a4488462ba5171ca</sdk:checksum>
-                <sdk:url>tools_r22.0.5-windows.zip</sdk:url>
+                <sdk:size>108669997</sdk:size>
+                <sdk:checksum type="sha1">c4231cd769ef9d1b6ae69202a1a0d0f783f04ea7</sdk:checksum>
+                <sdk:url>tools_r22.2-windows.zip</sdk:url>
             </sdk:archive>
             <sdk:archive arch="any" os="linux">
-                <sdk:size>105904090</sdk:size>
-                <sdk:checksum type="sha1">06a3e1d66b9280cba49c7ba1893ea14beae072d2</sdk:checksum>
-                <sdk:url>tools_r22.0.5-linux.zip</sdk:url>
+                <sdk:size>101168674</sdk:size>
+                <sdk:checksum type="sha1">a11febd30023ed2590bca4c2d7b1dc2b0cfcd715</sdk:checksum>
+                <sdk:url>tools_r22.2-linux.zip</sdk:url>
             </sdk:archive>
             <sdk:archive arch="any" os="macosx">
-                <sdk:size>77191184</sdk:size>
-                <sdk:checksum type="sha1">318947edef0ab46603eb7f4d21333ee4b4fa1ff3</sdk:checksum>
-                <sdk:url>tools_r22.0.5-macosx.zip</sdk:url>
+                <sdk:size>74822802</sdk:size>
+                <sdk:checksum type="sha1">76896171d0c9ba91c875c8f13ac58cd2e50e9f28</sdk:checksum>
+                <sdk:url>tools_r22.2-macosx.zip</sdk:url>
             </sdk:archive>
         </sdk:archives>
         <sdk:uses-license ref="android-sdk-license"/>
diff --git a/pkgs/development/mobile/androidenv/sys-img-x86.xml b/pkgs/development/mobile/androidenv/sys-img-x86.xml
index f0e8347f6db4..75ddf73eb1d2 100644
--- a/pkgs/development/mobile/androidenv/sys-img-x86.xml
+++ b/pkgs/development/mobile/androidenv/sys-img-x86.xml
@@ -136,4 +136,19 @@ ANY PRE-RELEASE MATERIALS ARE NON-QUALIFIED AND, AS SUCH, ARE PROVIDED POSSIBLY
     </sdk:archives>
 </sdk:system-image>
 
+<sdk:system-image>
+    <sdk:description>Android SDK Platform 4.3</sdk:description>
+    <sdk:revision>1</sdk:revision>
+    <sdk:api-level>18</sdk:api-level>
+    <sdk:abi>x86</sdk:abi>
+    <sdk:uses-license ref="intel-android-sysimage-license"/>
+    <sdk:archives>
+        <sdk:archive arch="any" os="any">
+            <sdk:size>155656419</sdk:size>
+            <sdk:checksum type="sha1">f11bc9fccd3e7e46c07d8b26e112a8d0b45966c1</sdk:checksum>
+            <sdk:url>sysimg_x86-18_r01.zip</sdk:url>
+        </sdk:archive>
+    </sdk:archives>
+</sdk:system-image>
+
 </sdk:sdk-sys-img>
diff --git a/pkgs/development/mobile/androidenv/sysimages.nix b/pkgs/development/mobile/androidenv/sysimages.nix
index bc78ea11e6f7..4c1f0a309075 100644
--- a/pkgs/development/mobile/androidenv/sysimages.nix
+++ b/pkgs/development/mobile/androidenv/sysimages.nix
@@ -48,8 +48,8 @@ in
   sysimg_armeabi-v7a_18 = buildSystemImage {
     name = "armeabi-v7a-18";
     src = fetchurl {
-      url = https://dl-ssl.google.com/android/repository/sysimg_armv7a-18_r01.zip;
-      sha1 = "5a9b8ac5b57dd0e3278f47deb5ee58e1db6f1f9e";
+      url = https://dl-ssl.google.com/android/repository/sysimg_armv7a-18_r02.zip;
+      sha1 = "4a1a93200210d8c42793324362868846f67401ab";
     };
   };
     
@@ -85,6 +85,14 @@ in
     };
   };
     
+  sysimg_x86_18 = buildSystemImage {
+    name = "x86-18";
+    src = fetchurl {
+      url = https://dl-ssl.google.com/android/repository/sys-img/x86/sysimg_x86-18_r01.zip;
+      sha1 = "f11bc9fccd3e7e46c07d8b26e112a8d0b45966c1";
+    };
+  };
+    
   sysimg_mips_15 = buildSystemImage {
     name = "mips-15";
     src = fetchurl {
diff --git a/pkgs/development/mobile/titaniumenv/titaniumsdk.nix b/pkgs/development/mobile/titaniumenv/titaniumsdk.nix
index 46227e5f14d5..276b442af0cf 100644
--- a/pkgs/development/mobile/titaniumenv/titaniumsdk.nix
+++ b/pkgs/development/mobile/titaniumenv/titaniumsdk.nix
@@ -1,14 +1,14 @@
 {stdenv, fetchurl, unzip, makeWrapper, python, jdk}:
 
 stdenv.mkDerivation {
-  name = "titanium-mobilesdk-3.1.1.v20130612114553";
+  name = "mobilesdk-3.1.4.v20130926144546";
   src = if (stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux") then fetchurl {
-    url = http://builds.appcelerator.com.s3.amazonaws.com/mobile/3_1_X/mobilesdk-3.1.1.v20130612114553-linux.zip;
-    sha1 = "410ba7e8171a887b6a4b3173116430657c3d84aa";
+    url = http://builds.appcelerator.com.s3.amazonaws.com/mobile/3_1_X/mobilesdk-3.1.4.v20130926144546-linux.zip;
+    sha1 = "da4a03ced67f0e8f442d551bbd41ea01fceeee00";
   }
   else if stdenv.system == "x86_64-darwin" then fetchurl {
-    url = http://builds.appcelerator.com.s3.amazonaws.com/mobile/3_1_X/mobilesdk-3.1.1.v20130612114553-osx.zip;
-    sha1 = "0893a1560ac6fb63369fc9f6ea9550b6649438fa";
+    url = http://builds.appcelerator.com.s3.amazonaws.com/mobile/3_1_X/mobilesdk-3.1.4.v20130926144546-osx.zip;
+    sha1 = "55f604c8edb989ba214c8ed7538d1b416df0419e";
   }
   else throw "Platform: ${stdenv.system} not supported!";
   
diff --git a/pkgs/development/mobile/xcodeenv/xcodewrapper.nix b/pkgs/development/mobile/xcodeenv/xcodewrapper.nix
index 1cbab99e365d..7515fcdd121f 100644
--- a/pkgs/development/mobile/xcodeenv/xcodewrapper.nix
+++ b/pkgs/development/mobile/xcodeenv/xcodewrapper.nix
@@ -1,4 +1,4 @@
-{stdenv, version ? "4.6"}:
+{stdenv, version ? "5.0"}:
 
 stdenv.mkDerivation {
   name = "xcode-wrapper-"+version;
@@ -9,6 +9,7 @@ stdenv.mkDerivation {
     ln -s /usr/bin/xcodebuild
     ln -s /usr/bin/xcrun
     ln -s /usr/bin/security
+    ln -s /usr/bin/codesign
     ln -s "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/Applications/iPhone Simulator.app/Contents/MacOS/iPhone Simulator"
 
     cd ..
diff --git a/pkgs/development/ocaml-modules/ocamlgraph/default.nix b/pkgs/development/ocaml-modules/ocamlgraph/default.nix
index 2e109f1d6210..997ca2206105 100644
--- a/pkgs/development/ocaml-modules/ocamlgraph/default.nix
+++ b/pkgs/development/ocaml-modules/ocamlgraph/default.nix
@@ -36,7 +36,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://ocamlgraph.lri.fr/;
-    description = "ocamlgraph is a graph library for Objective Caml.";
+    description = "Graph library for Objective Caml";
     license = "GNU Library General Public License version 2, with the special exception on linking described in file LICENSE";
     platforms = ocaml.meta.platforms;
     maintainers = [
diff --git a/pkgs/development/ocaml-modules/sexplib/default.nix b/pkgs/development/ocaml-modules/sexplib/default.nix
index 32d5c842dc8c..7c40b5e6cfb8 100644
--- a/pkgs/development/ocaml-modules/sexplib/default.nix
+++ b/pkgs/development/ocaml-modules/sexplib/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://forge.ocamlcore.org/projects/sexplib/";
-    description = "Library for serializing OCaml values to and from S-expressions.";
+    description = "Library for serializing OCaml values to and from S-expressions";
     license = "LGPL";
     platforms = ocaml.meta.platforms;
   };
diff --git a/pkgs/development/perl-modules/maatkit/default.nix b/pkgs/development/perl-modules/maatkit/default.nix
index d560a5d8e410..d9a1f777f3ab 100644
--- a/pkgs/development/perl-modules/maatkit/default.nix
+++ b/pkgs/development/perl-modules/maatkit/default.nix
@@ -25,7 +25,15 @@ buildPerlPackage rec {
   '' ;
 
   meta = {
-    description = "Maatkit makes MySQL easier and safer to manage. It provides simple, predictable ways to do things you cannot otherwise do.";
+    description = "Database toolkit";
+    longDescription = ''
+      You can use Maatkit to prove replication is working correctly, fix
+      corrupted data, automate repetitive tasks, speed up your servers, and
+      much more.
+
+      In addition to MySQL, there is support for PostgreSQL, Memcached, and a
+      growing variety of other databases and technologies.
+    '';
     license = "GPLv2+";
     homepage = http://www.maatkit.org/;
   };
diff --git a/pkgs/development/python-modules/blivet/default.nix b/pkgs/development/python-modules/blivet/default.nix
index 403bb264892f..c1b36bf909de 100644
--- a/pkgs/development/python-modules/blivet/default.nix
+++ b/pkgs/development/python-modules/blivet/default.nix
@@ -36,7 +36,9 @@ in buildPythonPackage rec {
       c libudev = "${udev}/lib/libudev.so.1"
     }' blivet/pyudev.py
   '' else ''
-    sed -i -e '/^somajor *=/s/=.*/= ${toString udevSoMajor}/p' \
+    sed -i \
+      -e '/^somajor *=/s/=.*/= ${toString udevSoMajor}/p' \
+      -e 's|common =.*|& + ["/lib/x86_64-linux-gnu", "/lib/i686-linux-gnu"]|' \
       blivet/pyudev.py
   '');
 
@@ -51,5 +53,6 @@ in buildPythonPackage rec {
     homepage = "https://fedoraproject.org/wiki/Blivet";
     description = "Module for management of a system's storage configuration";
     license = [ "GPLv2+" "LGPLv2.1+" ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/python-modules/buildout-nix/nix.patch b/pkgs/development/python-modules/buildout-nix/nix.patch
index a09163518a96..dd3b8e12aa89 100644
--- a/pkgs/development/python-modules/buildout-nix/nix.patch
+++ b/pkgs/development/python-modules/buildout-nix/nix.patch
@@ -1,21 +1,36 @@
 --- a/src/zc/buildout/easy_install.py	2013-08-27 22:28:40.233718116 +0200
-+++ b/src/zc/buildout/easy_install.py	2013-08-27 22:31:07.967871186 +0200
-@@ -508,16 +508,15 @@
++++ b/src/zc/buildout/easy_install.py   2013-10-07 00:29:31.077413935 +0200
+@@ -508,16 +508,31 @@
                          self._dest, os.path.basename(dist.location))
  
                      if os.path.isdir(dist.location):
 -                        # we got a directory. It must have been
 -                        # obtained locally.  Just copy it.
 -                        shutil.copytree(dist.location, newloc)
-+                        # Symlink to dists in /nix/store
-+                        if not os.path.exists(newloc):
++                        # Replace links to garbage collected eggs in
++                        # /nix/store
++                        if os.path.islink(newloc):
++                            # It seems necessary to jump through these
++                            # hoops, otherwise we end up in an
++                            # infinite loop because
++                            # self._env.best_match fails to find the dist
++                            os.remove(newloc)
++                            dist = self._fetch(avail, tmp, self._download_cache)
 +                            os.symlink(dist.location, newloc)
++                            newdist = pkg_resources.Distribution.from_filename(
++                                newloc)
++                            self._env.add(newdist)
++                            logger.info("Updated link to %s" %dist.location)
++                        # Symlink to the egg in /nix/store
++                        elif not os.path.exists(newloc):
++                            os.symlink(dist.location, newloc)
++                            logger.info("Created link to %s" %dist.location)
                      else:
  
  
                          setuptools.archive_util.unpack_archive(
                              dist.location, newloc)
--
+ 
 -                    redo_pyc(newloc)
 +                        redo_pyc(newloc)
  
diff --git a/pkgs/development/python-modules/gyp/no-xcode.patch b/pkgs/development/python-modules/gyp/no-xcode.patch
index 951be7b005ac..eb33a2b9987c 100644
--- a/pkgs/development/python-modules/gyp/no-xcode.patch
+++ b/pkgs/development/python-modules/gyp/no-xcode.patch
@@ -56,11 +56,11 @@ index b2aab986a427d5285d70558bf97f0a42bfe1556e..20592c73fae660009aac621097cf3c4f
          l = '-l' + m.group(1)
        else:
          l = library
--    return l.replace('$(SDKROOT)', self._SdkPath())
+-    return l.replace('$(SDKROOT)', self._SdkPath(config_name))
 +    if self._SdkPath():
-+      return l.replace('$(SDKROOT)', self._SdkPath())
++      return l.replace('$(SDKROOT)', self._SdkPath(config_name))
 +    else:
 +      return l
  
-   def AdjustLibraries(self, libraries):
+   def AdjustLibraries(self, libraries, config_name=None):
      """Transforms entries like 'Cocoa.framework' in libraries into entries like
diff --git a/pkgs/development/python-modules/pyside/default.nix b/pkgs/development/python-modules/pyside/default.nix
index 791d5e83d3c1..dc4f733a4cf0 100644
--- a/pkgs/development/python-modules/pyside/default.nix
+++ b/pkgs/development/python-modules/pyside/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation {
   makeFlags = "QT_PLUGIN_PATH=" + pysideShiboken + "/lib/generatorrunner";
 
   meta = {
-    description = "LGPL-licensed Python bindings for the Qt cross-platform application and UI framework.";
+    description = "LGPL-licensed Python bindings for the Qt cross-platform application and UI framework";
     license = stdenv.lib.licenses.lgpl21;
     homepage = "http://www.pyside.org";
     maintainers = [ stdenv.lib.maintainers.chaoflow ];
diff --git a/pkgs/development/python-modules/pyside/tools.nix b/pkgs/development/python-modules/pyside/tools.nix
index 0b5e6851761c..a3153bed2177 100644
--- a/pkgs/development/python-modules/pyside/tools.nix
+++ b/pkgs/development/python-modules/pyside/tools.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation {
   buildInputs = [ cmake pyside python27 qt4 pysideShiboken ];
 
   meta = {
-    description = "Tools for pyside, the LGPL-licensed Python bindings for the Qt cross-platform application and UI framework.";
+    description = "Tools for pyside, the LGPL-licensed Python bindings for the Qt cross-platform application and UI framework";
     license = stdenv.lib.licenses.gpl2;
     homepage = "http://www.pyside.org";
     maintainers = [ stdenv.lib.maintainers.chaoflow ];
diff --git a/pkgs/development/qtcreator/default.nix b/pkgs/development/qtcreator/default.nix
index 97f238302ecc..55e33c45ca95 100644
--- a/pkgs/development/qtcreator/default.nix
+++ b/pkgs/development/qtcreator/default.nix
@@ -30,14 +30,14 @@ stdenv.mkDerivation rec {
   installFlags = "INSTALL_ROOT=$(out)";
 
   meta = {
-    description = "Qt Creator is a cross-platform IDE tailored to the needs of Qt developers.";
+    description = "Cross-platform IDE tailored to the needs of Qt developers";
     longDescription = ''
-        Qt Creator is a cross-platform IDE (integrated development environment) tailored to the needs of Qt developers.
-        It includes features such as an advanced code editor, a visual debugger and a GUI designer.
-      '';
+      Qt Creator is a cross-platform IDE (integrated development environment)
+      tailored to the needs of Qt developers. It includes features such as an
+      advanced code editor, a visual debugger and a GUI designer.
+    '';
     homepage = "http://qt-project.org/wiki/Category:Tools::QtCreator";
     license = "LGPL";
-
     maintainers = [ stdenv.lib.maintainers.bbenoist ];
     platforms = stdenv.lib.platforms.all;
   };
diff --git a/pkgs/development/r-modules/generic/builder.sh b/pkgs/development/r-modules/generic/builder.sh
new file mode 100644
index 000000000000..0c5d934c10c3
--- /dev/null
+++ b/pkgs/development/r-modules/generic/builder.sh
@@ -0,0 +1,23 @@
+source $stdenv/setup
+
+export R_LIBS_SITE="$R_LIBS_SITE${R_LIBS_SITE:+:}$out/library"
+
+
+if test -n "$rPreHook"; then
+    eval "$rPreHook"
+fi
+
+installPhase() {
+	runHook preInstall
+	mkdir -p $out/library
+	R CMD INSTALL -l $out/library $src
+	runHook postInstall
+}
+
+postFixup() {
+    if test -e $out/nix-support/propagated-native-build-inputs; then
+        ln -s $out/nix-support/propagated-native-build-inputs $out/nix-support/propagated-user-env-packages
+    fi
+}
+
+genericBuild
diff --git a/pkgs/development/r-modules/generic/default.nix b/pkgs/development/r-modules/generic/default.nix
new file mode 100644
index 000000000000..d405cc018d15
--- /dev/null
+++ b/pkgs/development/r-modules/generic/default.nix
@@ -0,0 +1,17 @@
+R:
+
+{ buildInputs ? [], ... } @ attrs:
+
+R.stdenv.mkDerivation (
+  {
+  }
+  //
+  attrs
+  //
+  {
+    name = "r-" + attrs.name;
+    builder = ./builder.sh;
+    buildInputs = buildInputs ++ [ R ];
+    phases = [ "installPhase" "fixupPhase" ];
+  }
+)
diff --git a/pkgs/development/tools/analysis/checkstyle/default.nix b/pkgs/development/tools/analysis/checkstyle/default.nix
index 09656dc520a8..1dfaa5cf875b 100644
--- a/pkgs/development/tools/analysis/checkstyle/default.nix
+++ b/pkgs/development/tools/analysis/checkstyle/default.nix
@@ -15,7 +15,12 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "A development tool to help programmers write Java code that adheres to a coding standard. By default it supports the Sun Code Conventions, but is highly configurable." ;
+    description = "Checks Java source against a coding standard";
+    longDescription = ''
+      checkstyle is a development tool to help programmers write Java code that
+      adheres to a coding standard. By default it supports the Sun Code
+      Conventions, but is highly configurable.
+    '';
     homepage = http://checkstyle.sourceforge.net/;
   };
 }
diff --git a/pkgs/development/tools/analysis/cppcheck/default.nix b/pkgs/development/tools/analysis/cppcheck/default.nix
index b152f0537e3b..8aea7bc8aa8e 100644
--- a/pkgs/development/tools/analysis/cppcheck/default.nix
+++ b/pkgs/development/tools/analysis/cppcheck/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation {
   configurePhase = "makeFlags=PREFIX=$out";
 
   meta = {
-    description = "check C/C++ code for memory leaks, mismatching allocation-deallocation, buffer overrun, etc.";
+    description = "Check C/C++ code for memory leaks, mismatching allocation-deallocation, buffer overrun and more";
     homepage = "http://sourceforge.net/apps/mediawiki/cppcheck/";
     license = "GPL";
     platforms = stdenv.lib.platforms.unix;
diff --git a/pkgs/development/tools/analysis/jdepend/default.nix b/pkgs/development/tools/analysis/jdepend/default.nix
index 7498d3b652ac..586e9d5cd5d3 100644
--- a/pkgs/development/tools/analysis/jdepend/default.nix
+++ b/pkgs/development/tools/analysis/jdepend/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "Depend traverses Java class file directories and generates design quality metrics for each Java package." ;
+    description = "Traverses Java class file directories and generates design quality metrics for each Java package";
     homepage = http://www.clarkware.com/software/JDepend.html ;
   };
 }
diff --git a/pkgs/development/tools/analysis/pmd/default.nix b/pkgs/development/tools/analysis/pmd/default.nix
index b830ee008389..14007d80b0fb 100644
--- a/pkgs/development/tools/analysis/pmd/default.nix
+++ b/pkgs/development/tools/analysis/pmd/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "PMD scans Java source code and looks for potential problems." ;
+    description = "Scans Java source code and looks for potential problems";
     homepage = http://pmd.sourceforge.net/;
   };
 }
diff --git a/pkgs/development/tools/build-managers/apache-ant/default.nix b/pkgs/development/tools/build-managers/apache-ant/default.nix
index 034285522292..c14e09e25b7f 100644
--- a/pkgs/development/tools/build-managers/apache-ant/default.nix
+++ b/pkgs/development/tools/build-managers/apache-ant/default.nix
@@ -23,4 +23,8 @@ stdenv.mkDerivation {
     url = "mirror://apache/ant/binaries/apache-ant-${version}-bin.tar.bz2";
     sha1 = "d9e3e83dd9664cfe1dcd4841c082db3f559af922";
   };
+
+  meta = {
+    description = "Java-based build tool";
+  };
 }
diff --git a/pkgs/development/tools/build-managers/apache-ant/from-source.nix b/pkgs/development/tools/build-managers/apache-ant/from-source.nix
index 01fdd5541ecf..14213415ff84 100644
--- a/pkgs/development/tools/build-managers/apache-ant/from-source.nix
+++ b/pkgs/development/tools/build-managers/apache-ant/from-source.nix
@@ -57,7 +57,7 @@ EOF
   '';
 
   meta = {
-    description = "Apache Ant, a Java-based build tool";
+    description = "Java-based build tool";
 
     longDescription = ''
       Apache Ant is a Java-based build tool.  In theory, it is kind of like
diff --git a/pkgs/development/tools/build-managers/colormake/default.nix b/pkgs/development/tools/build-managers/colormake/default.nix
index 9d62b4e187b1..25ef7ef0b246 100644
--- a/pkgs/development/tools/build-managers/colormake/default.nix
+++ b/pkgs/development/tools/build-managers/colormake/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "A simple wrapper around make to colorize the output.";
+    description = "Simple wrapper around make to colorize the output";
     license = "GPLv2";
   };
 }
diff --git a/pkgs/development/tools/build-managers/gradle/default.nix b/pkgs/development/tools/build-managers/gradle/default.nix
index 576d8e357f4b..97b50d0019fa 100644
--- a/pkgs/development/tools/build-managers/gradle/default.nix
+++ b/pkgs/development/tools/build-managers/gradle/default.nix
@@ -1,24 +1,25 @@
-{ stdenv, fetchurl, unzip }:
-
-# at runtime, need jdk
+{ stdenv, fetchurl, unzip, jdk, makeWrapper }:
 
 stdenv.mkDerivation rec {
-  name = "gradle-0.8";
+  name = "gradle-1.8";
 
   src = fetchurl {
-    url = "http://dist.codehaus.org/gradle/gradle-0.8-bin.zip";
-    sha256 = "940e623ea98e40ea9ad398770a6ebb91a61c0869d394dda81aa86b0f4f0025e7";
+    url = "http://services.gradle.org/distributions/${name}-bin.zip";
+    sha256 = "00spxad9b5vddshp02cic0ds8icgb1clknl7494f467x2pxbnhm3";
   };
 
   installPhase = ''
-    mkdir -p $out
-    rm bin/*.bat
-    mv * $out
+    mkdir -pv $out
+    cp -rv lib $out
+
+    makeWrapper ${jdk}/bin/java $out/bin/gradle \
+      --set JAVA_HOME ${jdk} \
+      --add-flags "-classpath $out/lib/gradle-launcher-1.8.jar org.gradle.launcher.GradleMain"
   '';
 
   phases = "unpackPhase installPhase";
 
-  buildInputs = [unzip];
+  buildInputs = [ unzip jdk makeWrapper ];
 
   meta = {
     description = "Gradle is an enterprise-grade build system";
diff --git a/pkgs/development/tools/build-managers/leiningen/builder.sh b/pkgs/development/tools/build-managers/leiningen/builder.sh
index f5489a4a76fc..8d0924028cc8 100644
--- a/pkgs/development/tools/build-managers/leiningen/builder.sh
+++ b/pkgs/development/tools/build-managers/leiningen/builder.sh
@@ -20,4 +20,6 @@ chmod -v 755 $out_bin
 
 patchShebangs $out
 
-wrapProgram $out_bin --prefix PATH ":" ${rlwrap}/bin
+wrapProgram $out_bin \
+    --prefix PATH ":" ${rlwrap}/bin \
+    --set LEIN_GPG ${gnupg}/bin/gpg
diff --git a/pkgs/development/tools/build-managers/leiningen/default.nix b/pkgs/development/tools/build-managers/leiningen/default.nix
index 4ca362ede0a2..b16640105503 100644
--- a/pkgs/development/tools/build-managers/leiningen/default.nix
+++ b/pkgs/development/tools/build-managers/leiningen/default.nix
@@ -1,23 +1,23 @@
-{ stdenv, fetchurl, makeWrapper, jdk, rlwrap, clojure }:
+{ stdenv, fetchurl, makeWrapper, jdk, rlwrap, clojure, gnupg }:
 
 stdenv.mkDerivation rec {
   pname = "leiningen";
-  version = "2.3.1";
+  version = "2.3.2";
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "https://raw.github.com/technomancy/leiningen/${version}/bin/lein-pkg";
-    sha256 = "07z4sr4ssi9lqr1kydxn4gp992n44jsr6llarlvpx0ns8yi4gx0l";
+    sha256 = "1dpvs6b2n309ixglmdpw64k8fbz8n4rd61xp4jrih0z7dgvcql6h";
   };
 
   jarsrc = fetchurl {
     url = "https://leiningen.s3.amazonaws.com/downloads/${pname}-${version}-standalone.jar";
-    sha256 = "00hmxyvrzxjwa2qz3flnrvg2k2llzvprk9b5szyrh3rv5z5jd4hw";
+    sha256 = "0g6sgmgl0azawwchi86qxqsknk753ffwiszsxg4idqb713ac6cda";
   };
 
   patches = ./lein_2.3.0.patch;
 
-  inherit rlwrap clojure;
+  inherit rlwrap clojure gnupg;
 
   builder = ./builder.sh;
 
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
     homepage = http://leiningen.org/;
     description = "Project automation for Clojure";
     license = "EPL";
-    platforms = stdenv.lib.platforms.unix;
+    platforms = stdenv.lib.platforms.linux;
     maintainer = with stdenv.lib.maintainers; [ the-kenny ];
   };
 }
diff --git a/pkgs/development/tools/build-managers/ninja/default.nix b/pkgs/development/tools/build-managers/ninja/default.nix
index 68a6640951ba..ed9890150a37 100644
--- a/pkgs/development/tools/build-managers/ninja/default.nix
+++ b/pkgs/development/tools/build-managers/ninja/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   name = "ninja-${version}";
-  version = "1.3.4";
+  version = "1.4.0";
 
   src = fetchurl {
     name = "${name}.tar.gz";
     url = "https://github.com/martine/ninja/archive/v${version}.tar.gz";
-    sha256 = "16b0dxq3v19qjchcmfqq3m4l8s4qx2d674vfvamg0s3vvfqnc477";
+    sha256 = "05y3whnp0fvfv1wsp862x0w1vrn3yjzzg8ypvbpcv6y6qlrsn73h";
   };
 
   buildInputs = [ python asciidoc re2c ];
diff --git a/pkgs/development/tools/build-managers/rebar/default.nix b/pkgs/development/tools/build-managers/rebar/default.nix
index 68eacf8d2ea4..ac6951785416 100644
--- a/pkgs/development/tools/build-managers/rebar/default.nix
+++ b/pkgs/development/tools/build-managers/rebar/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "https://github.com/rebar/rebar";
-    description = "Erlang build tool that makes it easy to compile and test Erlang applications, port drivers and releases.";
+    description = "Erlang build tool that makes it easy to compile and test Erlang applications, port drivers and releases";
 
     longDescription = ''
       rebar is a self-contained Erlang script, so it's easy to
diff --git a/pkgs/development/tools/casperjs/default.nix b/pkgs/development/tools/casperjs/default.nix
index f140f0d7862d..bd63a0e68eeb 100644
--- a/pkgs/development/tools/casperjs/default.nix
+++ b/pkgs/development/tools/casperjs/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Navigation scripting & testing utility for PhantomJS.";
+    description = "Navigation scripting & testing utility for PhantomJS";
     longDescription = ''
       CasperJS is a navigation scripting & testing utility for PhantomJS.
       It eases the process of defining a full navigation scenario and provides useful high-level
@@ -41,6 +41,6 @@ stdenv.mkDerivation rec {
     license = stdenv.lib.licenses.mit;
 
     maintainers = [ stdenv.lib.maintainers.bluescreen303 ];
-    platforms = stdenv.lib.platforms.all;
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/tools/documentation/haddock/2.7.2.nix b/pkgs/development/tools/documentation/haddock/2.7.2.nix
index 8dd3460b6f8f..fd31a96b2913 100644
--- a/pkgs/development/tools/documentation/haddock/2.7.2.nix
+++ b/pkgs/development/tools/documentation/haddock/2.7.2.nix
@@ -10,7 +10,7 @@ cabal.mkDerivation (self : {
   doCheck = false;
 
   postInstall = ''
-   wrapProgram $out/bin/haddock --add-flags "\$(${self.ghc.GHCGetPackages} ${self.ghc.ghcVersion} \"\$(dirname \$0)\" \"--optghc=-package-conf --optghc=\")"
+   wrapProgram $out/bin/haddock --add-flags "\$(${self.ghc.GHCGetPackages} ${self.ghc.version} \"\$(dirname \$0)\" \"--optghc=-package-conf --optghc=\")"
   '';
 
   meta = {
diff --git a/pkgs/development/tools/documentation/haddock/2.9.2.nix b/pkgs/development/tools/documentation/haddock/2.9.2.nix
index 61e457426dec..fcae14d789e9 100644
--- a/pkgs/development/tools/documentation/haddock/2.9.2.nix
+++ b/pkgs/development/tools/documentation/haddock/2.9.2.nix
@@ -10,7 +10,7 @@ cabal.mkDerivation (self : {
   doCheck = false;
 
   postInstall = ''
-   wrapProgram $out/bin/haddock --add-flags "\$(${self.ghc.GHCGetPackages} ${self.ghc.ghcVersion} \"\$(dirname \$0)\" \"--optghc=-package-conf --optghc=\")"
+   wrapProgram $out/bin/haddock --add-flags "\$(${self.ghc.GHCGetPackages} ${self.ghc.version} \"\$(dirname \$0)\" \"--optghc=-package-conf --optghc=\")"
   '';
 
   meta = {
diff --git a/pkgs/development/tools/gnulib/default.nix b/pkgs/development/tools/gnulib/default.nix
index 24896aa58266..0d298558e5ee 100644
--- a/pkgs/development/tools/gnulib/default.nix
+++ b/pkgs/development/tools/gnulib/default.nix
@@ -1,12 +1,12 @@
 { stdenv, fetchgit }:
 
 stdenv.mkDerivation {
-  name = "gnulib-0.0-7952-g439b0e9";
+  name = "gnulib-0.0-8015-gf0aab22";
 
   src = fetchgit {
     url = "http://git.savannah.gnu.org/r/gnulib.git";
-    rev = "439b0e925f9ffb6fe58481717def708af96a9321";
-    sha256 = "0xvnqn3323w0wnd1p7dhkcd4mihfh2dby88kv2dsclszppd9g4dc";
+    rev = "f0aab227265173908ecaa2353de6cf791cec3304";
+    sha256 = "162i39wvrmjhkg8w07i92vg9l0f0lk57zl1ynf0lvs70rkdd8a82";
   };
 
   buildPhase = ":";
diff --git a/pkgs/development/tools/haskell/HaRe/default.nix b/pkgs/development/tools/haskell/HaRe/default.nix
index efdc65c389e6..f7d67f4be666 100644
--- a/pkgs/development/tools/haskell/HaRe/default.nix
+++ b/pkgs/development/tools/haskell/HaRe/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "HaRe";
-  version = "0.7.0.2";
-  sha256 = "05dlrx4wfadv798098bclkmsmm6f226n9rqp19ajdwaa11x5mf8d";
+  version = "0.7.0.7";
+  sha256 = "0pgl5mav4sqc453by7nddf5fz7nj231072bklzj6crcph7qw4zy4";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/tools/haskell/cabal2nix/default.nix b/pkgs/development/tools/haskell/cabal2nix/default.nix
index 4e2bbf63b315..cc44268f3a3c 100644
--- a/pkgs/development/tools/haskell/cabal2nix/default.nix
+++ b/pkgs/development/tools/haskell/cabal2nix/default.nix
@@ -3,8 +3,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cabal2nix";
-  version = "1.54";
-  sha256 = "169syf99gs0gj44hcnpgx0xvrmz5mq70hb6bq6ydma9ivjvz2jg4";
+  version = "1.55";
+  sha256 = "0rda8g595pr7vlhzyflw9kz6fw1iz76yimbl1zizgrnpnq3h11w3";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [ Cabal filepath hackageDb HTTP mtl regexPosix ];
diff --git a/pkgs/development/tools/haskell/hlint/default.nix b/pkgs/development/tools/haskell/hlint/default.nix
index d1d03c2c8909..73ab425ea8de 100644
--- a/pkgs/development/tools/haskell/hlint/default.nix
+++ b/pkgs/development/tools/haskell/hlint/default.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "hlint";
-  version = "1.8.51";
-  sha256 = "0cm78921ksysiz81x3m7kjq343fr46fpm61cw367aljd86lhivv1";
+  version = "1.8.53";
+  sha256 = "1gnv9h909qgf80bpb769mr1paf8lzp3xlwmyw4nxdj84fn0y57q0";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/tools/haskell/keter/default.nix b/pkgs/development/tools/haskell/keter/default.nix
index 4cb75151b001..e6377a201fe4 100644
--- a/pkgs/development/tools/haskell/keter/default.nix
+++ b/pkgs/development/tools/haskell/keter/default.nix
@@ -9,8 +9,8 @@
 
 cabal.mkDerivation (self: {
   pname = "keter";
-  version = "1.0.1";
-  sha256 = "0ghgwp1winf0jj70jrwsk4b85f8m4v78n8kijhqghh4kskh457b5";
+  version = "1.0.1.1";
+  sha256 = "1bcp9yxmh5z7cvap4nrj8gxnndwws21w6y352yasf35bf432nxa9";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/tools/haskell/packunused/default.nix b/pkgs/development/tools/haskell/packunused/default.nix
index 814c2774cb27..35d318d36bae 100644
--- a/pkgs/development/tools/haskell/packunused/default.nix
+++ b/pkgs/development/tools/haskell/packunused/default.nix
@@ -2,11 +2,12 @@
 
 cabal.mkDerivation (self: {
   pname = "packunused";
-  version = "0.1.0.0";
-  sha256 = "131x99id3jcxglj24p5sjb6mnhphj925pp4jdjy09y6ai7wss3rs";
+  version = "0.1.0.1";
+  sha256 = "130717k4rknj5jl904cmb4h09msp4xjj84w6iwzc10lz736dk3jd";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [ Cabal cmdargs filepath haskellSrcExts ];
+  jailbreak = true;
   meta = {
     homepage = "https://github.com/hvr/packunused";
     description = "Tool for detecting redundant Cabal package dependencies";
diff --git a/pkgs/development/tools/misc/astyle/default.nix b/pkgs/development/tools/misc/astyle/default.nix
index 9b1e99557324..6128406bbe5b 100644
--- a/pkgs/development/tools/misc/astyle/default.nix
+++ b/pkgs/development/tools/misc/astyle/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://astyle.sourceforge.net/";
-    description = "source code reformatter";
+    description = "Source code indenter, formatter, and beautifier for C, C++, C# and Java";
     license = "LGPL";
 
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/development/tools/misc/autobuild/default.nix b/pkgs/development/tools/misc/autobuild/default.nix
index f8497b5deced..88246e4bb6eb 100644
--- a/pkgs/development/tools/misc/autobuild/default.nix
+++ b/pkgs/development/tools/misc/autobuild/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Simon Josefsson's Autobuild, a continuous integration tool";
+    description = "Continuous integration tool";
 
     longDescription = ''
       Autobuild is a package that process output from building
diff --git a/pkgs/development/tools/misc/autoconf/2.13.nix b/pkgs/development/tools/misc/autoconf/2.13.nix
index 1dfe4d4a0a7b..2d8169d408fe 100644
--- a/pkgs/development/tools/misc/autoconf/2.13.nix
+++ b/pkgs/development/tools/misc/autoconf/2.13.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/autoconf/;
-    description = "GNU Autoconf, a part of the GNU Build System";
+    description = "Part of the GNU Build System";
 
     longDescription = ''
       GNU Autoconf is an extensible package of M4 macros that produce
diff --git a/pkgs/development/tools/misc/autoconf/default.nix b/pkgs/development/tools/misc/autoconf/default.nix
index b4de66d9bafc..08fcd95afb5e 100644
--- a/pkgs/development/tools/misc/autoconf/default.nix
+++ b/pkgs/development/tools/misc/autoconf/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/autoconf/;
-    description = "GNU Autoconf, a part of the GNU Build System";
+    description = "Part of the GNU Build System";
 
     longDescription = ''
       GNU Autoconf is an extensible package of M4 macros that produce
diff --git a/pkgs/development/tools/misc/autogen/default.nix b/pkgs/development/tools/misc/autogen/default.nix
index 25fa29526c9b..cd4f19694b2e 100644
--- a/pkgs/development/tools/misc/autogen/default.nix
+++ b/pkgs/development/tools/misc/autogen/default.nix
@@ -25,7 +25,7 @@ let version = "5.17"; in
     #doCheck = true; # 2 tests fail because of missing /dev/tty
 
     meta = {
-      description = "GNU AutoGen, an automated text and program generation tool";
+      description = "Automated text and program generation tool";
 
       longDescription = ''
         AutoGen is a tool designed to simplify the creation and maintenance
diff --git a/pkgs/development/tools/misc/automake/automake-1.10.x.nix b/pkgs/development/tools/misc/automake/automake-1.10.x.nix
index c015c0115fe4..80b033425a13 100644
--- a/pkgs/development/tools/misc/automake/automake-1.10.x.nix
+++ b/pkgs/development/tools/misc/automake/automake-1.10.x.nix
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/automake/;
-    description = "GNU Automake, a GNU standard-compliant makefile generator";
+    description = "GNU standard-compliant makefile generator";
 
     longDescription = ''
       GNU Automake is a tool for automatically generating
diff --git a/pkgs/development/tools/misc/automake/automake-1.11.x.nix b/pkgs/development/tools/misc/automake/automake-1.11.x.nix
index 91c27deb8b82..0af9877c9355 100644
--- a/pkgs/development/tools/misc/automake/automake-1.11.x.nix
+++ b/pkgs/development/tools/misc/automake/automake-1.11.x.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/automake/;
-    description = "GNU Automake, a GNU standard-compliant makefile generator";
+    description = "GNU standard-compliant makefile generator";
 
     longDescription = ''
       GNU Automake is a tool for automatically generating
diff --git a/pkgs/development/tools/misc/automake/automake-1.12.x.nix b/pkgs/development/tools/misc/automake/automake-1.12.x.nix
index bd609c4a40d3..8bee4790bcb7 100644
--- a/pkgs/development/tools/misc/automake/automake-1.12.x.nix
+++ b/pkgs/development/tools/misc/automake/automake-1.12.x.nix
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/automake/;
-    description = "GNU Automake, a GNU standard-compliant makefile generator";
+    description = "GNU standard-compliant makefile generator";
 
     longDescription = ''
       GNU Automake is a tool for automatically generating
diff --git a/pkgs/development/tools/misc/automake/automake-1.13.x.nix b/pkgs/development/tools/misc/automake/automake-1.13.x.nix
index 400d554b65e2..96a93e8d60b5 100644
--- a/pkgs/development/tools/misc/automake/automake-1.13.x.nix
+++ b/pkgs/development/tools/misc/automake/automake-1.13.x.nix
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://www.gnu.org/software/automake/";
-    description = "GNU Automake, a GNU standard-compliant makefile generator";
+    description = "GNU standard-compliant makefile generator";
     license = "GPLv2+";
 
     longDescription = ''
diff --git a/pkgs/development/tools/misc/avarice/default.nix b/pkgs/development/tools/misc/avarice/default.nix
index bc3785181a8f..e2c4c89e9987 100644
--- a/pkgs/development/tools/misc/avarice/default.nix
+++ b/pkgs/development/tools/misc/avarice/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     license = stdenv.lib.licenses.gpl2;
-    description = "AVaRICE translates between GDB's remote debug protocol and the AVR JTAG ICE protocol";
+    description = "Translator between GDB's remote debug protocol and the AVR JTAG ICE protocol";
     homepage = http://sourceforge.net/projects/avarice/files/avarice/;
     maintainers = [ stdenv.lib.maintainers.smironov ];
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/development/tools/misc/avrdude/default.nix b/pkgs/development/tools/misc/avrdude/default.nix
index 7574500dbbb2..133e1c381940 100644
--- a/pkgs/development/tools/misc/avrdude/default.nix
+++ b/pkgs/development/tools/misc/avrdude/default.nix
@@ -3,11 +3,11 @@
 let edf = composableDerivation.edf; in
 
 composableDerivation.composableDerivation {} rec {
-  name="avrdude-5.10";
+  name="avrdude-5.11";
 
   src = fetchurl {
     url = "mirror://savannah/avrdude/${name}.tar.gz";
-    sha256 = "0pmy73777x8p7f2aj2w2q1dnk1bvhd1cm7hcs1s9hsdqsmiinl41";
+    sha256 = "1mwmslqysak25a3x61pj97wygqgk79s5qpp50xzay6yb1zrz85v3";
   };
 
   configureFlags = [ "--disable-dependency-tracking" ];
diff --git a/pkgs/development/tools/misc/ccache/default.nix b/pkgs/development/tools/misc/ccache/default.nix
index 2cd00f51d9d4..05a0d9bbeb50 100644
--- a/pkgs/development/tools/misc/ccache/default.nix
+++ b/pkgs/development/tools/misc/ccache/default.nix
@@ -38,7 +38,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "ccache, a tool that caches compilation results.";
+    description = "Compiler cache for fast recompilation of C/C++ code";
     homepage = http://ccache.samba.org/;
     license = "GPL";
   };
diff --git a/pkgs/development/tools/misc/cl-launch/default.nix b/pkgs/development/tools/misc/cl-launch/default.nix
index 63c585b00a95..3978d96400cd 100644
--- a/pkgs/development/tools/misc/cl-launch/default.nix
+++ b/pkgs/development/tools/misc/cl-launch/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="cl-launch";
-    version="3.21.1";
+    version="3.22.1";
     name="${baseName}-${version}";
-    hash="1241lyn2a3ry06ii9zlns0cj462bi7rih41vlbbmra1chj4c21ij";
-    url="http://common-lisp.net/project/xcvb/cl-launch/cl-launch-3.21.1.tar.gz";
-    sha256="1241lyn2a3ry06ii9zlns0cj462bi7rih41vlbbmra1chj4c21ij";
+    hash="08lb8nm4dvkbgraqclw5xd7j6xskw9hgjpg9ql087gib5a90k09i";
+    url="http://common-lisp.net/project/xcvb/cl-launch/cl-launch-3.22.1.tar.gz";
+    sha256="08lb8nm4dvkbgraqclw5xd7j6xskw9hgjpg9ql087gib5a90k09i";
   };
   buildInputs = [
   ];
diff --git a/pkgs/development/tools/misc/gtkdialog/default.nix b/pkgs/development/tools/misc/gtkdialog/default.nix
index 80a7fe489259..b447cf918cf1 100644
--- a/pkgs/development/tools/misc/gtkdialog/default.nix
+++ b/pkgs/development/tools/misc/gtkdialog/default.nix
@@ -1,17 +1,17 @@
 {stdenv, fetchurl, gtk, pkgconfig}:
 
 stdenv.mkDerivation {
-  name = "gtkdialog-0.7.9";
+  name = "gtkdialog-0.8.3";
 
   src = fetchurl {
-    url = ftp://linux.pte.hu/pub/gtkdialog/gtkdialog-0.7.9.tar.gz;
-    sha256 = "142k8fnh1b8jclm7my2rhk7n8j1b0xh76b2gg712r738r94qwka2";
+    url = http://gtkdialog.googlecode.com/files/gtkdialog-0.8.3.tar.gz;
+    sha256 = "ff89d2d7f1e6488e5df5f895716ac1d4198c2467a2a5dc1f51ab408a2faec38e";
   };
 
   buildInputs = [ gtk pkgconfig ];
 
   meta = {
-    homepage = http://linux.pte.hu/~pipas/gtkdialog/;
+    homepage = http://gtkdialog.googlecode.com/;
     description = "Small utility for fast and easy GUI building from many scripted and compiled languages";
     license = "GPLv2+";
   };
diff --git a/pkgs/development/tools/misc/luarocks/default.nix b/pkgs/development/tools/misc/luarocks/default.nix
index 7681c8153dbb..d905d078d40b 100644
--- a/pkgs/development/tools/misc/luarocks/default.nix
+++ b/pkgs/development/tools/misc/luarocks/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="luarocks";
-    version="2.0.13-rc1";
+    version="2.1.0";
     name="${baseName}-${version}";
-    hash="1cpdi61dwcc2i4bwrn7bb8fibkd1s75jrr0bjcbs8p76rn6hkb2y";
-    url="http://luarocks.org/releases/luarocks-2.0.13-rc1.tar.gz";
-    sha256="1cpdi61dwcc2i4bwrn7bb8fibkd1s75jrr0bjcbs8p76rn6hkb2y";
+    hash="12aqwchzn77yin2ahpxnc3lam5w0xhksrnhf31n3r7cxdsfh446c";
+    url="http://luarocks.org/releases/luarocks-2.1.0-rc3.tar.gz";
+    sha256="12aqwchzn77yin2ahpxnc3lam5w0xhksrnhf31n3r7cxdsfh446c";
   };
   buildInputs = [
     lua curl
diff --git a/pkgs/development/tools/misc/ninka/default.nix b/pkgs/development/tools/misc/ninka/default.nix
index 1cb491df8d1e..a54102043408 100644
--- a/pkgs/development/tools/misc/ninka/default.nix
+++ b/pkgs/development/tools/misc/ninka/default.nix
@@ -1,41 +1,34 @@
-{stdenv, fetchgit, perl}:
+{ stdenv, fetchurl, perl }:
 
 assert stdenv ? glibc;
 
-let
-  rev = "7a9a5c48ede207eec881";
-in
-stdenv.mkDerivation {
-  name = "ninka-"+rev;
-  src = fetchgit {
-    url = http://github.com/dmgerman/ninka.git;
-    inherit rev;
-    sha256 = "3e877fadf074b9c5abfe36ff10b7e332423d1d4c5b17accc5586c7cffdb2c7dd";
+stdenv.mkDerivation rec {
+  name = "ninka-${version}";
+  version = "1.1";
+
+  src = fetchurl {
+    url = "https://github.com/dmgerman/ninka/archive/${version}.tar.gz";
+    sha256 = "1cvbsmanw3i9igiafpx0ghg658c37riw56mjk5vsgpmnn3flvhib";
   };
   
   buildInputs = [ perl ];
   
   buildPhase = ''
     cd comments
-    tar xfvz comments.tar.gz
-    cd comments
     sed -i -e "s|/usr/local/bin|$out/bin|g" -e "s|/usr/local/man|$out/share/man|g" Makefile
     make
   '';
   
   installPhase = ''
-    cd ../..
-    mkdir -p $out/bin
-    cp ninka.pl $out/bin
-    cp -av {extComments,splitter,filter,senttok,matcher} $out/bin
-    
-    cd comments/comments    
     mkdir -p $out/{bin,share/man/man1}
     make install    
+
+    cp -a ../{ninka.pl,extComments,splitter,filter,senttok,matcher} $out/bin
   '';
   
   meta = {
-    license = "AGPLv3+";
     description = "A sentence based license detector";
+    homepage = "http://ninka.turingmachine.org/";
+    license = "AGPLv3+";
   };
 }
diff --git a/pkgs/development/tools/misc/stm32flash/default.nix b/pkgs/development/tools/misc/stm32flash/default.nix
index 496288285c7b..6b99a5755e42 100644
--- a/pkgs/development/tools/misc/stm32flash/default.nix
+++ b/pkgs/development/tools/misc/stm32flash/default.nix
@@ -8,19 +8,17 @@ stdenv.mkDerivation {
     sha256 = "04k631g9lzvp9xr4sw51xpq1g542np61s1l8fpwx9rbsc8m5l0i6";
   };
 
-  buildInputs = [];
-
   installPhase = ''
     # Manually copy, make install copies to /usr/local/bin
     mkdir -pv $out/bin/
     cp stm32flash $out/bin/
   '';
 
-  meta = { 
-    description = "Open source flash program for the STM32 ARM processors using the ST bootloader.";
+  meta = with stdenv.lib; {
+    description = "Open source flash program for the STM32 ARM processors using the ST bootloader";
     homepage = https://code.google.com/p/stm32flash/;
     license = "GPLv2";
-    platforms = stdenv.lib.platforms.all; # Should work on all platforms
-    maintainers = [ stdenv.lib.maintainers.the-kenny ];
+    platforms = platforms.all; # Should work on all platforms
+    maintainers = [ maintainers.the-kenny ];
   };
 }
diff --git a/pkgs/development/tools/misc/sysbench/default.nix b/pkgs/development/tools/misc/sysbench/default.nix
index f09ab2af7d1d..e3acf620c73b 100644
--- a/pkgs/development/tools/misc/sysbench/default.nix
+++ b/pkgs/development/tools/misc/sysbench/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "SysBench is a modular, cross-platform and multi-threaded benchmark tool.";
+    description = "Modular, cross-platform and multi-threaded benchmark tool";
     license = "GPLv2";
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/development/tools/misc/texinfo/5.1.nix b/pkgs/development/tools/misc/texinfo/5.1.nix
index cca368f619a6..2f318f18d542 100644
--- a/pkgs/development/tools/misc/texinfo/5.1.nix
+++ b/pkgs/development/tools/misc/texinfo/5.1.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses perl ];
 
   preInstall = ''
-    installFlags="TEXMF=$out/texmf";
+    installFlags="TEXMF=$out/texmf-dist";
     installTargets="install install-tex";
   '';
 
diff --git a/pkgs/development/tools/misc/xc3sprog/default.nix b/pkgs/development/tools/misc/xc3sprog/default.nix
new file mode 100644
index 000000000000..52471c30fd07
--- /dev/null
+++ b/pkgs/development/tools/misc/xc3sprog/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, fetchsvn, cmake, libusb, libftdi }:
+
+# The xc3sprog project doesn't seem to make proper releases, they only put out
+# prebuilt binary subversion snapshots on sourceforge.
+
+stdenv.mkDerivation rec {
+  version = "748"; # latest @ 2013-10-26
+  name = "xc3sprog-${version}";
+
+  src = fetchsvn rec {
+    url = "https://svn.code.sf.net/p/xc3sprog/code/trunk";
+    sha256 = "0wkz6094kkqz91qpa24pzlbhndc47sjmqhwk3p7ccabv0041rzk0";
+    rev = "${version}";
+  };
+
+  buildInputs = [ cmake libusb libftdi ];
+
+  meta = with stdenv.lib; {
+    description = "Command-line tools for programming FPGAs, microcontrollers and PROMs via JTAG";
+    homepage = http://xc3sprog.sourceforge.net/;
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}
diff --git a/pkgs/development/tools/parsing/alex/3.1.0.nix b/pkgs/development/tools/parsing/alex/3.1.0.nix
new file mode 100644
index 000000000000..b6d46bea58e7
--- /dev/null
+++ b/pkgs/development/tools/parsing/alex/3.1.0.nix
@@ -0,0 +1,18 @@
+{ cabal, perl, QuickCheck }:
+
+cabal.mkDerivation (self: {
+  pname = "alex";
+  version = "3.1.0";
+  sha256 = "1d2kdn4g3zyc3ijiscbqayzg1apy0iih603dv90pr9w2f36djrkh";
+  isLibrary = false;
+  isExecutable = true;
+  buildDepends = [ QuickCheck ];
+  buildTools = [ perl ];
+  meta = {
+    homepage = "http://www.haskell.org/alex/";
+    description = "Alex is a tool for generating lexical analysers in Haskell";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/tools/parsing/happy/1.18.11.nix b/pkgs/development/tools/parsing/happy/1.18.11.nix
new file mode 100644
index 000000000000..41f6d5c49a4b
--- /dev/null
+++ b/pkgs/development/tools/parsing/happy/1.18.11.nix
@@ -0,0 +1,18 @@
+{ cabal, mtl, perl }:
+
+cabal.mkDerivation (self: {
+  pname = "happy";
+  version = "1.18.11";
+  sha256 = "1hssiihzl7xipmn5bz71q30wbq2sj92lh2f7z4jarckhldwcqfi9";
+  isLibrary = false;
+  isExecutable = true;
+  buildDepends = [ mtl ];
+  buildTools = [ perl ];
+  meta = {
+    homepage = "http://www.haskell.org/happy/";
+    description = "Happy is a parser generator for Haskell";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/tools/parsing/happy/1.19.0.nix b/pkgs/development/tools/parsing/happy/1.19.0.nix
new file mode 100644
index 000000000000..2ff2950591ec
--- /dev/null
+++ b/pkgs/development/tools/parsing/happy/1.19.0.nix
@@ -0,0 +1,18 @@
+{ cabal, mtl, perl }:
+
+cabal.mkDerivation (self: {
+  pname = "happy";
+  version = "1.19.0";
+  sha256 = "1phk44crr1zi4sd3slxj1ik5ll799zl48k69z1miws3mxq6w076z";
+  isLibrary = false;
+  isExecutable = true;
+  buildDepends = [ mtl ];
+  buildTools = [ perl ];
+  meta = {
+    homepage = "http://www.haskell.org/happy/";
+    description = "Happy is a parser generator for Haskell";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.andres ];
+  };
+})
diff --git a/pkgs/development/tools/parsing/re2c/default.nix b/pkgs/development/tools/parsing/re2c/default.nix
index b7ed4fb8934a..e603768b8cc2 100644
--- a/pkgs/development/tools/parsing/re2c/default.nix
+++ b/pkgs/development/tools/parsing/re2c/default.nix
@@ -8,6 +8,6 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Re2c is a tool for writing very fast and very flexible scanners.";
+    description = "Tool for writing very fast and very flexible scanners";
   };
 }
diff --git a/pkgs/development/tools/phantomjs/default.nix b/pkgs/development/tools/phantomjs/default.nix
index e17038692f57..7eea3bedcef0 100644
--- a/pkgs/development/tools/phantomjs/default.nix
+++ b/pkgs/development/tools/phantomjs/default.nix
@@ -1,9 +1,9 @@
-{ stdenv, fetchurl, freetype, fontconfig }:
+{ stdenv, fetchurl, freetype, fontconfig, openssl }:
 
 assert stdenv.lib.elem stdenv.system [ "i686-linux" "x86_64-linux" ];
 
 stdenv.mkDerivation rec {
-  name = "phantomjs-1.9.1";
+  name = "phantomjs-1.9.2";
 
   # I chose to use the binary build for now.
   # The source version is quite nasty to compile
@@ -13,22 +13,23 @@ stdenv.mkDerivation rec {
   src = if stdenv.system == "i686-linux" then
           fetchurl {
             url = "http://phantomjs.googlecode.com/files/${name}-linux-i686.tar.bz2";
-            sha256 = "1r4ssx6v0ah18jy3vjswhki2i21r45qbs1jzh4x672wdc9lxz2p6";
+            sha256 = "1nywb9xhcfjark6zfjlnrljc08r5185vv25vfcc65jzla8hy75qp";
           }
         else # x86_64-linux
           fetchurl {
             url = "http://phantomjs.googlecode.com/files/${name}-linux-x86_64.tar.bz2";
-            sha256 = "1l7hlhspzw3zzsgz9cq0a3j26giynjicvb6y96fj3ipkn4shznnn";
+            sha256 = "1xsjx4j6rwkq27y4iqdn0ai4yrq70a3g9309blywki0g976phccg";
           };
 
   buildPhase = ''
     patchelf \
       --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
-      --set-rpath ${freetype}/lib:${fontconfig}/lib:${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib \
+      --set-rpath "${freetype}/lib:${fontconfig}/lib:${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib:${openssl}/lib" \
       bin/phantomjs
   '';
 
-  dontStrip = true;
+  dontPatchELF = true;
+  dontStrip    = true;
 
   installPhase = ''
     mkdir -p $out/share/doc/phantomjs
diff --git a/pkgs/development/tools/slimerjs/default.nix b/pkgs/development/tools/slimerjs/default.nix
new file mode 100644
index 000000000000..0fe10a0003ab
--- /dev/null
+++ b/pkgs/development/tools/slimerjs/default.nix
@@ -0,0 +1,46 @@
+{stdenv, fetchurl, fetchgit, zip, unzip, xulrunner, bash}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="slimerjs";
+    version="git-2013-10-31";
+    name="${baseName}-${version}";
+    hash="643a9d2f97f238bbd9debb17c010946d507a3b740079d9398939e7fdd70256b9";
+    url="https://github.com/laurentj/slimerjs";
+    rev="fdeb7364d3e29b47391ed0651176c1aedcb5277f";
+    sha256="643a9d2f97f238bbd9debb17c010946d507a3b740079d9398939e7fdd70256b9";
+  };
+  buildInputs = [
+    unzip zip
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  # src = fetchurl {
+  #   inherit (s) url sha256;
+  # };
+  src = fetchgit {
+    inherit (s) url sha256 rev;
+  };
+  preConfigure = ''
+    test -d src && cd src
+    test -f omni.ja || zip omni.ja -r */
+  '';
+  installPhase = ''
+    mkdir -p "$out"/{bin,share/doc/slimerjs,lib/slimerjs}
+    cp LICENSE README* "$out/share/doc/slimerjs"
+    cp -r * "$out/lib/slimerjs"
+    echo '#!${bash}/bin/bash' >>  "$out/bin/slimerjs"
+    echo 'export SLIMERJSLAUNCHER=${xulrunner}/bin/xulrunner' >>  "$out/bin/slimerjs"
+    echo "'$out/lib/slimerjs/slimerjs' \"\$@\"" >> "$out/bin/slimerjs"
+    chmod a+x "$out/bin/slimerjs"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''Gecko-based programmatically-driven browser'';
+    license = stdenv.lib.licenses.mpl20 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/tools/slimerjs/default.upstream b/pkgs/development/tools/slimerjs/default.upstream
new file mode 100644
index 000000000000..f2d6b89e51b4
--- /dev/null
+++ b/pkgs/development/tools/slimerjs/default.upstream
@@ -0,0 +1,2 @@
+url http://slimerjs.org/download.html
+version_link '/slimerjs-[0-9.]+[.]zip$'
diff --git a/pkgs/development/tools/slimerjs/default.upstream.git b/pkgs/development/tools/slimerjs/default.upstream.git
new file mode 100644
index 000000000000..3066d5de8293
--- /dev/null
+++ b/pkgs/development/tools/slimerjs/default.upstream.git
@@ -0,0 +1,3 @@
+url https://github.com/laurentj/slimerjs
+target default.nix
+GH_latest
diff --git a/pkgs/development/web/nodejs/default.nix b/pkgs/development/web/nodejs/default.nix
index 720f77d86f96..62665fe4935f 100644
--- a/pkgs/development/web/nodejs/default.nix
+++ b/pkgs/development/web/nodejs/default.nix
@@ -6,7 +6,7 @@ let
     ln -sv /usr/sbin/dtrace $out/bin
   '';
 
-  version = "0.10.12";
+  version = "0.10.21";
 
   # !!! Should we also do shared libuv?
   deps = {
@@ -27,7 +27,7 @@ in stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://nodejs.org/dist/v${version}/node-v${version}.tar.gz";
-    sha256 = "1dlnjjr135h2xcxifb06g33yi2bc5zpvc06985x5cjj56g1sffbk";
+    sha256 = "038l4j0ilrsmc6m2z2qprqs82z7p4940scb8597hcmhp5kr5n4kw";
   };
 
   configureFlags = concatMap sharedConfigureFlags (builtins.attrNames deps);
diff --git a/pkgs/games/LambdaHack/default.nix b/pkgs/games/LambdaHack/default.nix
index 48c4809e5cd9..4f276d50105c 100644
--- a/pkgs/games/LambdaHack/default.nix
+++ b/pkgs/games/LambdaHack/default.nix
@@ -1,15 +1,17 @@
-{ cabal, binary, ConfigFile, filepath, gtk, miniutter, mtl, random
-, text, zlib
+{ cabal, binary, ConfigFile, deepseq, enummapset, filepath, gtk
+, hashable, keys, miniutter, mtl, random, stm, text, transformers
+, unorderedContainers, zlib
 }:
 
 cabal.mkDerivation (self: {
   pname = "LambdaHack";
-  version = "0.2.6.5";
-  sha256 = "114s3adqs5mh566dbn0bb20v088wgg8arsm6m8hs9vx8j3jc8nx5";
+  version = "0.2.8";
+  sha256 = "0dwv6ljigwc46czyivn4ivszfiykvhjx6n4agv7lwx8faan7kax3";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    binary ConfigFile filepath gtk miniutter mtl random text zlib
+    binary ConfigFile deepseq enummapset filepath gtk hashable keys
+    miniutter mtl random stm text transformers unorderedContainers zlib
   ];
   meta = {
     homepage = "http://github.com/kosmikus/LambdaHack";
diff --git a/pkgs/games/alienarena/default.nix b/pkgs/games/alienarena/default.nix
index 856d9afe0f92..d9852971adfc 100644
--- a/pkgs/games/alienarena/default.nix
+++ b/pkgs/games/alienarena/default.nix
@@ -2,11 +2,11 @@
 , libvorbis, freetype, openal, mesa }:
 
 stdenv.mkDerivation rec {
-  name = "alienarena-7.52";
+  name = "alienarena-7.65";
 
   src = fetchurl {
-    url = "http://icculus.org/alienarena/Files/alienarena-7_52-linux20110929.tar.gz";
-    sha256 = "1s1l3apxsxnd8lyi568y38a1fcdr0gwmc3lkgq2nkc676k4gki3m";
+    url = "http://icculus.org/alienarena/Files/alienarena-7.65-linux20130207.tar.gz";
+    sha256 = "03nnv4m2xmswr0020hssajncdb8sy95jp5yccsm53sgxga4r8igg";
   };
 
   buildInputs = [ pkgconfig libjpeg libX11 curl libogg libvorbis
@@ -14,7 +14,8 @@ stdenv.mkDerivation rec {
 
   patchPhase = ''
     substituteInPlace ./configure \
-      --replace libopenal.so.1 ${openal}/lib/libopenal.so.1
+      --replace libopenal.so.1 ${openal}/lib/libopenal.so.1 \
+      --replace libGL.so.1 ${mesa}/lib/libGL.so.1
   '';
 
   meta = {
diff --git a/pkgs/games/anki/default.nix b/pkgs/games/anki/default.nix
index 41d70533437c..7437e2e2262c 100644
--- a/pkgs/games/anki/default.nix
+++ b/pkgs/games/anki/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl
+{ stdenv, lib, fetchurl, lame, mplayer, pulseaudio, portaudio
 , python, pyqt4, pythonPackages
 # This little flag adds a huge number of dependencies, but we assume that
 # everyone wants Anki to draw plots with statistics by default.
@@ -9,16 +9,16 @@ let
 in
 
 stdenv.mkDerivation rec {
-    name = "anki-2.0.3";
+    name = "anki-2.0.12";
     src = fetchurl {
       url = "http://ankisrs.net/download/mirror/${name}.tgz";
-      sha256 = "f40ee4ef29c91101cf9978ce7bd4c513f13ca7c77497a3fb50b8128adf3a5178";
+      sha256 = "1pccws3rgfpyxdx5xph5x72c4a46is0alfz73icn9ppgjdizzipr";
     };
 
-    pythonPath = [ pyqt4 py.pysqlite py.sqlalchemy ]
+    pythonPath = [ pyqt4 py.pysqlite py.sqlalchemy py.pyaudio ]
               ++ lib.optional plotsSupport py.matplotlib;
 
-    buildInputs = [ python py.wrapPython ];
+    buildInputs = [ python py.wrapPython lame mplayer pulseaudio ];
 
     preConfigure = ''
       substituteInPlace anki \
@@ -39,6 +39,9 @@ stdenv.mkDerivation rec {
     '';
 
     postInstall = ''
+      mkdir -p "$out/lib/${python.libPrefix}/site-packages"
+      ln -s $out/share/anki/* $out/lib/${python.libPrefix}/site-packages/
+      export PYTHONPATH="$out/lib/${python.libPrefix}/site-packages:$PYTHONPATH"
       wrapPythonPrograms
     '';
 
@@ -63,6 +66,6 @@ stdenv.mkDerivation rec {
         * even practicing guitar chords!
       '';
       license = "GPLv3";
-      platforms = stdenv.lib.platforms.all;
+      platforms = stdenv.lib.platforms.mesaPlatforms;
     };
 }
diff --git a/pkgs/games/blobby/default.nix b/pkgs/games/blobby/default.nix
index 7e4f6b00587b..faf7366f2494 100644
--- a/pkgs/games/blobby/default.nix
+++ b/pkgs/games/blobby/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = ''A blobby volleyball game.'';
+    description = ''A blobby volleyball game'';
     license = with stdenv.lib.licenses; bsd3;
     platforms = with stdenv.lib.platforms; linux;
     maintainers = with stdenv.lib.maintainers; [raskin];
diff --git a/pkgs/games/dwarf-fortress/default.nix b/pkgs/games/dwarf-fortress/default.nix
index 24c0b40edb3c..6e53aff65a57 100644
--- a/pkgs/games/dwarf-fortress/default.nix
+++ b/pkgs/games/dwarf-fortress/default.nix
@@ -1,13 +1,14 @@
-{stdenv, fetchurl, SDL, SDL_image, SDL_ttf, gtk, glib, mesa, openal, glibc, libsndfile}:
+{ stdenv, fetchurl, SDL, SDL_image, SDL_ttf, gtk, glib, mesa, openal, glibc, libsndfile
+, copyDataDirectory ? false }:
 
 assert stdenv.system == "i686-linux";
 
 stdenv.mkDerivation rec {
-  name = "dwarf-fortress-0.31.25";
+  name = "dwarf-fortress-0.34.11";
 
   src = fetchurl {
-    url = "http://www.bay12games.com/dwarves/df_31_25_linux.tar.bz2";
-    sha256 = "0d3klvf5n99j38pdhx9mak78px65aw47smck82jb92la97drmcg3";
+    url = "http://www.bay12games.com/dwarves/df_34_11_linux.tar.bz2";
+    sha256 = "1qk9vmdxzs0li81c8bglpj3m7aw9k71x1slf58hv2bz7hdndl3kj";
   };
 
   phases = "unpackPhase patchPhase installPhase";
@@ -22,10 +23,10 @@ stdenv.mkDerivation rec {
     mkdir -p $out/share/df_linux
     cp -r * $out/share/df_linux
     cp $permission $out/share/df_linux/nix_permission
- 
+
     patchelf --set-interpreter ${glibc}/lib/ld-linux.so.2 $out/share/df_linux/libs/Dwarf_Fortress
     ln -s ${libsndfile}/lib/libsndfile.so $out/share/df_linux/libs/
-          
+
     cat > $out/bin/dwarf-fortress << EOF
     #!${stdenv.shell}
     export DF_DIR="\$HOME/.config/df_linux"
@@ -33,39 +34,48 @@ stdenv.mkDerivation rec {
      then export DF_DIR="\$XDG_DATA_HOME/df_linux"
     fi
 
-    # Recreate a directory sturctor reflecting the original distribution in the user directory
-
-    # Link in the static stuff
-    mkdir -p \$DF_DIR
-    ln -sf $out/share/df_linux/libs \$DF_DIR/
-    ln -sf $out/share/df_linux/raw \$DF_DIR/
-    ln -sf $out/share/df_linux/df \$DF_DIR/
-
-    # Delete old data directory
-    rm -rf \$DF_DIR/data
-    
-    # Link in the static data directory
-    mkdir \$DF_DIR/data
-    for i in $out/share/df_linux/data/*
-    do
-     ln -s \$i \$DF_DIR/data/
-    done
-
-    # index initial_movies, announcement, dipscript and help files are as of 0.31.16 opened in read/write mode instead of read-only mode
-    # this is a hack to work around this
-    # Should I just apply this to the whole data directory?
-    for i in index initial_movies announcement dipscript help
-    do
-     rm \$DF_DIR/data/\$i
-     cp -rf $out/share/df_linux/data/\$i \$DF_DIR/data/
-     chmod -R u+w \$DF_DIR/data/\$i
-    done
-
-    # link in persistant data
-    mkdir -p \$DF_DIR/save
-    ln -s \$DF_DIR/save \$DF_DIR/data/
-
-    # now run Dwarf Fortress! 
+    # Recreate a directory structure reflecting the original
+    # distribution in the user directory (for modding support)
+    ${if copyDataDirectory then ''
+      if [ ! -d "\$DF_DIR" ];
+      then
+        mkdir -p \$DF_DIR
+        cp -r $out/share/df_linux/* \$DF_DIR/
+        chmod -R u+rw \$DF_DIR/
+      fi
+    '' else ''
+      # Link in the static stuff
+      mkdir -p \$DF_DIR
+      ln -sf $out/share/df_linux/libs \$DF_DIR/
+      ln -sf $out/share/df_linux/raw \$DF_DIR/
+      ln -sf $out/share/df_linux/df \$DF_DIR/
+
+      # Delete old data directory
+      rm -rf \$DF_DIR/data
+
+      # Link in the static data directory
+      mkdir \$DF_DIR/data
+      for i in $out/share/df_linux/data/*
+      do
+       ln -s \$i \$DF_DIR/data/
+      done
+
+      # index initial_movies, announcement, dipscript and help files are as of 0.31.16 opened in read/write mode instead of read-only mode
+      # this is a hack to work around this
+      # Should I just apply this to the whole data directory?
+      for i in index initial_movies announcement dipscript help
+      do
+       rm \$DF_DIR/data/\$i
+       cp -rf $out/share/df_linux/data/\$i \$DF_DIR/data/
+       chmod -R u+w \$DF_DIR/data/\$i
+      done
+
+      # link in persistant data
+      mkdir -p \$DF_DIR/save
+      ln -s \$DF_DIR/save \$DF_DIR/data/
+    ''}
+
+    # now run Dwarf Fortress!
     export LD_LIBRARY_PATH=\$DF_DIR/df_linux/libs/:${SDL}/lib:${SDL_image}/lib/:${SDL_ttf}/lib/:${gtk}/lib/:${glib}/lib/:${mesa}/lib/:${openal}/lib/
     \$DF_DIR/df "\$@"
     EOF
diff --git a/pkgs/games/dwarf-therapist/default.nix b/pkgs/games/dwarf-therapist/default.nix
new file mode 100644
index 000000000000..d8f39ceeea4a
--- /dev/null
+++ b/pkgs/games/dwarf-therapist/default.nix
@@ -0,0 +1,60 @@
+{ stdenv, coreutils, fetchhg, qt4, dwarf_fortress, bash, makeWrapper }:
+
+stdenv.mkDerivation rec {
+  name = "dwarf-therapist-${rev}";
+  rev = "eeeac8544d94";
+
+  src = fetchhg {
+    url = "https://code.google.com/r/splintermind-attributes/";
+    tag = rev;
+    sha256 = "0a9m967q6p2q3plrl6qysg1xrdmg65jzil6awjh2wr3g10x2x15z";
+  };
+
+  # Needed for hashing
+  dwarfBinary = "${dwarf_fortress}/share/df_linux/libs/Dwarf_Fortress";
+
+  buildInputs = [ coreutils qt4 dwarf_fortress makeWrapper ];
+  enableParallelBuilding = false;
+
+  preConfigure = ''
+    substituteInPlace dwarftherapist.pro \
+      --replace /usr/bin $out/bin     \
+      --replace /usr/share $out/share \
+      --replace "INSTALLS += doc" ""
+  '';
+
+  preBuild = ''
+    # Log to current directory, otherwise it crashes if log/ doesn't
+    # exist Note: Whis is broken because we cd to the nix store in the
+    # wrapper-script
+    substituteInPlace src/dwarftherapist.cpp \
+      --replace "log/run.log" "dwarf-therapist.log"
+  '';
+
+  buildPhase = ''
+    qmake INSTALL_PREFIX=$out;
+    make;
+  '';
+
+  postInstall = ''
+    # DwarfTherapist assumes it's run in $out/share/dwarftherapist and
+    # therefore uses many relative paths.
+    rm $out/bin/dwarftherapist
+    wrapProgram $out/bin/DwarfTherapist \
+      --run "cd $out/share/dwarftherapist"
+  '';
+
+  postFixup = ''
+    # Fix checksum of memory access directives
+    substituteInPlace $out/share/dwarftherapist/etc/memory_layouts/linux/v034.11.ini \
+      --replace "e966ee88" $(md5sum ${dwarfBinary} | cut -c1-8)
+  '';
+
+  meta = {
+    description = "Tool to manage dwarves in in a running game of Dwarf Fortress";
+    maintainers = with stdenv.lib.maintainers; [ the-kenny ];
+    license = "MIT";
+    platforms = stdenv.lib.platforms.none;
+    homepage = https://code.google.com/r/splintermind-attributes/;
+  };
+}
diff --git a/pkgs/games/extremetuxracer/default.nix b/pkgs/games/extremetuxracer/default.nix
index 898334a1d4ab..e35eb3266c2d 100644
--- a/pkgs/games/extremetuxracer/default.nix
+++ b/pkgs/games/extremetuxracer/default.nix
@@ -26,6 +26,9 @@ rec {
 
   name = "extremetuxracer-" + version;
   meta = {
-    description = "ExtremeTuxRacer - Tux lies on his belly and accelerates down ice slopes..";
+    description = "High speed arctic racing game based on Tux Racer";
+    longDescription = ''
+      ExtremeTuxRacer - Tux lies on his belly and accelerates down ice slopes.
+    '';
   };
 }
diff --git a/pkgs/games/flightgear/default.nix b/pkgs/games/flightgear/default.nix
index 9b9e7ab96806..71183d0ea2ad 100644
--- a/pkgs/games/flightgear/default.nix
+++ b/pkgs/games/flightgear/default.nix
@@ -1,58 +1,63 @@
-x@{builderDefsPackage
-  , freeglut, freealut, mesa, libICE, libjpeg, openal, openscenegraph, plib
-  , libSM, libunwind, libX11, xproto, libXext, xextproto, libXi, inputproto
-  , libXmu, libXt, simgear, zlib, boost, cmake, libpng
-  , ...}:
-builderDefsPackage
-(a :
-let
-  helperArgNames = ["stdenv" "fetchurl" "builderDefsPackage"] ++
-    [];
-
-  buildInputs = map (n: builtins.getAttr n x)
-    (builtins.attrNames (builtins.removeAttrs x helperArgNames));
-  sourceInfo = rec {
-    baseName="flightgear";
-    version="2.10.0";
-    name="${baseName}-${version}";
-    extension="tar.bz2";
-    url="http://ftp.linux.kiev.ua/pub/fgfs/Source/${name}.${extension}";
-    hash="0pq5nwyxwp8ar5rr0jh8p04bv0i9i841m374jwd748csnsn28zh6";
+{ stdenv, fetchurl
+, freeglut, freealut, mesa, libICE, libjpeg, openal, openscenegraph, plib
+, libSM, libunwind, libX11, xproto, libXext, xextproto, libXi, inputproto
+, libXmu, libXt, simgear, zlib, boost, cmake, libpng, udev, fltk13, apr
+, makeDesktopItem
+}:
+
+stdenv.mkDerivation rec {
+  version = "2.12.0";
+  name = "flightgear-${version}";
+
+  src = fetchurl {
+    url = "http://ftp.linux.kiev.ua/pub/fgfs/Source/${name}.tar.bz2";
+    sha256 = "0h9ka4pa2njxbvy5jlmnsjy5ynzms504ygqn7hd80g3c58drsjc4";
   };
-in
-rec {
-  src = a.fetchurl {
-    url = sourceInfo.url;
-    sha256 = sourceInfo.hash;
+
+  datasrc = fetchurl {
+    url = "http://ftp.igh.cnrs.fr/pub/flightgear/ftp/Shared/FlightGear-data-${version}.tar.bz";
+    sha256 = "0qjvcj2cz7ypa91v95lws44fg8c1p0pazv24ljkai2m2r0jgsv8k";
+  };
+
+  # Of all the files in the source and data archives, there doesn't seem to be
+  # a decent icon :-)
+  iconsrc = fetchurl {
+    url = "http://wiki.flightgear.org/images/6/62/FlightGear_logo.png";
+    sha256 = "1ikz413jia55vfnmx8iwrlxvx8p16ggm81mbrj66wam3q7s2dm5p";
   };
 
-  datasrc = a.fetchurl {
-    url = "http://ftp.igh.cnrs.fr/pub/flightgear/ftp/Shared/FlightGear-data-2.0.0.tar.bz2";
-    sha256 = "0kvmvh5qycbpdjx12l20cbhljwimmcgww2dg4lkc2sky0kg14ic1";
+  desktopItem = makeDesktopItem {
+    name = "flightgear";
+    exec = "fgfs";
+    icon = "${iconsrc}";
+    comment = "FlightGear Flight Simulator";
+    desktopName = "FlightGear";
+    genericName = "Flight simulator";
+    categories = "Game;Simulation";
   };
 
-  inherit (sourceInfo) name version;
-  inherit buildInputs;
+  buildInputs = [
+    freeglut freealut mesa libICE libjpeg openal openscenegraph plib
+    libSM libunwind libX11 xproto libXext xextproto libXi inputproto
+    libXmu libXt simgear zlib boost cmake libpng udev fltk13 apr
+  ];
 
-  /* doConfigure should be removed if not needed */
-  phaseNames = ["doCmake" "doMakeInstall" "deployData"];
+  preConfigure = ''
+    export cmakeFlagsArray=(-DFG_DATA_DIR="$out/share/FlightGear/")
+  '';
 
-  deployData = a.fullDepEntry ''
+  postInstall = ''
     mkdir -p "$out/share/FlightGear"
-    cd "$out/share/FlightGear"
-    tar xvf ${datasrc}
-  '' ["minInit" "defEnsureDir"];
-
-  meta = {
-    description = "A flight simulator";
-    maintainers = with a.lib.maintainers;
-    [
-      raskin
-    ];
-    #platforms = a.lib.platforms.linux;
-    license = a.lib.licenses.gpl2;
-  };
-  passthru = {
-  };
-}) x
+    tar xvf "${datasrc}" -C "$out/share/FlightGear/" --strip-components=1
 
+    mkdir -p "$out/share/applications/"
+    cp "${desktopItem}"/share/applications/* "$out/share/applications/"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Flight simulator";
+    maintainers = with maintainers; [ raskin ];
+    #platforms = platforms.linux; # disabled from hydra because it's so big
+    license = licenses.gpl2;
+  };
+}
diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix
index 049f10ad15b2..ac1fc7395ae2 100644
--- a/pkgs/games/freeciv/default.nix
+++ b/pkgs/games/freeciv/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, zlib, bzip2, pkgconfig
+{ stdenv, fetchurl, zlib, bzip2, pkgconfig, curl, lzma, gettext
 , sdlClient ? true, SDL, SDL_mixer, SDL_image, SDL_ttf, SDL_gfx, freetype
 , gtkClient ? false, gtk
 , server ? true, readline }:
@@ -6,24 +6,29 @@
 let
   inherit (stdenv.lib) optional optionals;
   client = sdlClient || gtkClient;
+
+  sdlName = if sdlClient then "-sdl" else "";
+  gtkName = if gtkClient then "-gtk" else "";
+
+  baseName = "freeciv-2.4.0";
 in
-stdenv.mkDerivation rec {
-  name = "freeciv-2.3.1";
+stdenv.mkDerivation {
+  name = baseName + sdlName + gtkName;
 
   src = fetchurl {
-    url = "mirror://sourceforge/freeciv/${name}.tar.bz2";
-    sha256 = "1n3ak0y9hj9kha0r3cdbi8zb47vrgal1jsbblamqgwwwgzy8cri3";
+    url = "mirror://sourceforge/freeciv/${baseName}.tar.bz2";
+    sha256 = "1bc01pyihsrby6w95n49gi90ggp40dyxsy4kmlmwcakxfxprwakv";
   };
 
   nativeBuildInputs = [ pkgconfig ];
 
-  buildInputs = [ zlib bzip2 ]
+  buildInputs = [ zlib bzip2 curl lzma gettext ]
     ++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype ]
     ++ optional gtkClient gtk
     ++ optional server readline;
 
   meta = with stdenv.lib; {
-    description = "multiplayer (or single player), turn-based strategy game.";
+    description = "Multiplayer (or single player), turn-based strategy game";
 
     longDescription = ''
       Freeciv is a Free and Open Source empire-building strategy game
diff --git a/pkgs/games/gsb/default.nix b/pkgs/games/gsb/default.nix
new file mode 100644
index 000000000000..52c3830c22a4
--- /dev/null
+++ b/pkgs/games/gsb/default.nix
@@ -0,0 +1,74 @@
+{ stdenv, config, requireFile
+, curl3, SDL, SDL_image, libpng12, libjpeg62, libvorbis, libogg, openal, mesa
+, libX11, libXext, libXft, fontconfig, zlib }:
+
+assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
+
+stdenv.mkDerivation rec {
+  name = "gsb-1.56.0";
+
+  goBuyItNow = '' 
+    We cannot download the full version automatically, as you require a license.
+    Once you bought a license, you need to add your downloaded version to the nix store.
+    You can do this by using "nix-prefetch-url file://gsb1324679796.tar.gz" in the
+    directory where you saved it.
+  ''; 
+
+  src = requireFile {
+     message = goBuyItNow;
+     name = "gsb1324679796.tar.gz";
+     sha256 = "12jsz9v55w9zxwiz4kbm6phkv60q3c2kyv5imsls13385pzwcs8i";
+  };
+
+  arch = if stdenv.system == "i686-linux" then "x86" else "x86_64";
+
+  phases = "unpackPhase installPhase";
+
+  # XXX: stdenv.lib.makeLibraryPath doesn't pick up /lib64
+  libPath = stdenv.lib.makeLibraryPath [ stdenv.gcc.gcc stdenv.gcc.libc ] 
+    + ":" + stdenv.lib.makeLibraryPath [ SDL SDL_image libjpeg62 libpng12 mesa ]
+    + ":" + stdenv.lib.makeLibraryPath [ curl3 openal libvorbis libogg ]
+    + ":" + stdenv.lib.makeLibraryPath [ libX11 libXext libXft fontconfig zlib ]
+    + ":" + stdenv.gcc.gcc + "/lib64";
+
+  installPhase = ''
+    ensureDir $out/libexec/positech/GSB/
+    ensureDir $out/bin
+
+    patchelf \
+      --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+      --set-rpath $libPath \
+      ./GSB.bin.$arch
+
+    cp -r * $out/libexec/positech/GSB/
+    rm -rf $out/libexec/positech/GSB/lib64/
+    rm -rf $out/libexec/positech/GSB/lib/
+
+    #makeWrapper doesn't do cd. :(
+
+    cat > $out/bin/GSB << EOF
+    #!/bin/sh
+    cd $out/libexec/positech/GSB
+    exec ./GSB.bin.$arch
+    EOF
+    chmod +x $out/bin/GSB
+  '';
+
+  meta = {
+    description = "Gratuitous Space Battles";
+    longDescription = ''
+      a strategy / management / simulation game that does away with all the
+      base building and delays and gets straight to the meat and potatoes of
+      science-fiction games : The big space battles fought by huge spaceships with
+      tons of laser beams and things going 'zap!', 'ka-boom!' and 'ka-pow!'. In GSB
+      you put your ships together from modular components, arrange them into fleets,
+      give your ships orders of engagement and then hope they emerge victorious from
+      battle (or at least blow to bits in aesthetically pleasing ways).
+    '';
+    homepage = http://www.positech.co.uk/gratuitousspacebattles/index.html;
+    license = [ "unfree" ];
+    maintainers = with stdenv.lib.maintainers; [ jcumming ];
+    platforms = [ "x86_64-linux" "i686-linux" ] ;
+  };
+
+}
diff --git a/pkgs/games/gtypist/default.nix b/pkgs/games/gtypist/default.nix
index 3dded927ba1f..195679183776 100644
--- a/pkgs/games/gtypist/default.nix
+++ b/pkgs/games/gtypist/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://www.gnu.org/software/gtypist;
-    description = "GNU Typist (also called gtypist) is a universal typing tutor.";
+    description = "Universal typing tutor";
     license = stdenv.lib.licenses.gpl3Plus;
   };
 }
diff --git a/pkgs/games/minetest/default.nix b/pkgs/games/minetest/default.nix
index 6c860d42925a..f2ac737486c6 100644
--- a/pkgs/games/minetest/default.nix
+++ b/pkgs/games/minetest/default.nix
@@ -34,7 +34,7 @@ in stdenv.mkDerivation {
 
   meta = {
     homepage = "http://minetest.net/";
-    description = "Minetest is an infinite-world block sandbox game.";
+    description = "Infinite-world block sandbox game";
     license = "LGPLv2.1+";
   };
 }
diff --git a/pkgs/games/openttd/default.nix b/pkgs/games/openttd/default.nix
index 616adf002243..bf9f6d1060e4 100644
--- a/pkgs/games/openttd/default.nix
+++ b/pkgs/games/openttd/default.nix
@@ -1,21 +1,21 @@
-{stdenv, fetchurl, pkgconfig, SDL, libpng, zlib, xz, freetype, fontconfig}:
+{ stdenv, fetchurl, pkgconfig, SDL, libpng, zlib, xz, freetype, fontconfig }:
 
 stdenv.mkDerivation rec {
   name = "openttd-${version}";
-  version = "1.2.2";
+  version = "1.3.2";
 
   src = fetchurl {
     url = "http://binaries.openttd.org/releases/${version}/${name}-source.tar.xz";
-    sha256 = "158znfx389bhs9gd2hadnbc2a32z4ma1vz8704cmw9yh0fmhbcap";
+    sha256 = "02r7xfq9a5x1y2wpdhqyczaj48z0qan33hs4i2liahsg1k6w1vzn";
   };
 
-  buildInputs = [SDL libpng pkgconfig xz zlib freetype fontconfig];
+  buildInputs = [ SDL libpng pkgconfig xz zlib freetype fontconfig ];
   prefixKey = "--prefix-dir=";
 
-  configureFlags = ''
-    --with-zlib=${zlib}/lib/libz.a 
-    --without-liblzo2
-  '';
+  configureFlags = [
+    "--with-zlib=${zlib}/lib/libz.a"
+    "--without-liblzo2"
+  ];
 
   makeFlags = "INSTALL_PERSONAL_DIR=";
 
@@ -24,11 +24,11 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = ''OpenTTD is an open source clone of the Microprose game "Transport Tycoon Deluxe".'';
+    description = ''OpenTTD is an open source clone of the Microprose game "Transport Tycoon Deluxe"'';
     longDescription = ''
       OpenTTD is a transportation economics simulator. In single player mode,
-      players controll a transportation business, and use rail, road, sea, and air
-      transport to move goods and people around the simulated world. 
+      players control a transportation business, and use rail, road, sea, and air
+      transport to move goods and people around the simulated world.
 
       In multiplayer networked mode, players may:
         - play competitively as different businesses
@@ -37,6 +37,7 @@ stdenv.mkDerivation rec {
     '';
     homepage = http://www.openttd.org/;
     license = "GPLv2";
-    maintainers = with stdenv.lib.maintainers; [ jcumming ];
+    platforms = stdenv.lib.platforms.unix;
+    maintainers = with stdenv.lib.maintainers; [ jcumming the-kenny ];
   };
 }
diff --git a/pkgs/games/quantumminigolf/default.nix b/pkgs/games/quantumminigolf/default.nix
new file mode 100644
index 000000000000..940351790166
--- /dev/null
+++ b/pkgs/games/quantumminigolf/default.nix
@@ -0,0 +1,40 @@
+{stdenv, fetchurl, fftwSinglePrec, freetype, SDL, SDL_ttf}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="quantumminigolf";
+    version="1.1.1";
+    name="${baseName}-${version}";
+    hash="16av7fk0irhi5nd7y9h9vhb0kf0dk12p6976ai3f60m99qdd8wk3";
+    url="mirror://sourceforge/project/quantumminigolf/quantumminigolf/1.1.1/quantumminigolf-1.1.1.src.tar.gz";
+    sha256="16av7fk0irhi5nd7y9h9vhb0kf0dk12p6976ai3f60m99qdd8wk3";
+  };
+  buildInputs = [
+    fftwSinglePrec freetype SDL SDL_ttf
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  preBuild = ''
+    export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${SDL}/include/SDL"
+
+    sed -re 's@"(gfx|fonts|tracks)/@"'"$out"'/share/quantumminigolf/\1/@g' -i *.cpp
+  '';
+  installPhase = ''
+    mkdir -p "$out"/{share/doc,share/quantumminigolf,bin}
+    cp README THANKS LICENSE "$out/share/doc"
+    cp -r fonts gfx tracks "$out/share/quantumminigolf"
+    cp quantumminigolf "$out/bin"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''Quantum mechanics-based minigolf-like game'';
+    license = stdenv.lib.licenses.gpl2 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/games/quantumminigolf/default.upstream b/pkgs/games/quantumminigolf/default.upstream
new file mode 100644
index 000000000000..813c3643a3cc
--- /dev/null
+++ b/pkgs/games/quantumminigolf/default.upstream
@@ -0,0 +1,4 @@
+url http://sourceforge.net/projects/quantumminigolf/files/quantumminigolf/
+SF_version_dir
+version_link '[.]tar[.][^.]+/download$'
+SF_redirect
diff --git a/pkgs/games/residualvm/default.nix b/pkgs/games/residualvm/default.nix
new file mode 100644
index 000000000000..36c40f9bec5e
--- /dev/null
+++ b/pkgs/games/residualvm/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchurl, SDL, zlib, libmpeg2, libmad, libogg, libvorbis, flac, alsaLib
+, openglSupport ? false, mesa ? null
+}:
+
+assert openglSupport -> mesa != null;
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  version = "0.1.1";
+  name = "residualvm-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/residualvm/residualvm-${version}-sources.tar.bz2";
+    sha256 = "99c419b13885a49bdfc10a50a3a6000fd1ba9504f6aae04c74b840ec6f57a963";
+  };
+
+  buildInputs = [ stdenv SDL zlib libmpeg2 libmad libogg libvorbis flac alsaLib ]
+    ++ optional openglSupport [ mesa ];
+
+  configureFlags="--enable-all-engines";
+
+  meta = {
+    description = "Interpreter for LucasArts' Lua-based 3D adventure games";
+    homepage = http://residualvm.org/;
+    repositories.git = https://github.com/residualvm/residualvm.git;
+    licencse = licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/games/sauerbraten/default.nix b/pkgs/games/sauerbraten/default.nix
index ff99b428cef7..8bec0f7b1a95 100644
--- a/pkgs/games/sauerbraten/default.nix
+++ b/pkgs/games/sauerbraten/default.nix
@@ -14,7 +14,7 @@ let
     baseName="sauerbraten";
     version="3331";
     name="${baseName}-r${version}";
-    url="https://sauerbraten.svn.sourceforge.net/svnroot/sauerbraten";
+    url="https://svn.code.sf.net/p/sauerbraten/code";
     hash="0904hk9rz2x941c9587bfxa4rca81260j3m2hjjrp984w67x2w7y";
   };
 in
diff --git a/pkgs/games/sdlmame/default.nix b/pkgs/games/sdlmame/default.nix
new file mode 100644
index 000000000000..645312dd54e9
--- /dev/null
+++ b/pkgs/games/sdlmame/default.nix
@@ -0,0 +1,44 @@
+{ stdenv, fetchurl, alsaLib, qt48, SDL, fontconfig, freetype, SDL_ttf, xlibs }:
+
+assert stdenv.system == "x86_64-linux" || stdenv.system == "i686-linux";
+
+stdenv.mkDerivation rec {
+  version = "0.150.u0-1";
+  name    = "sdlmame-${version}";
+
+  src = if stdenv.system == "x86_64-linux"
+    then fetchurl {
+      url    = "ftp://ftp.archlinux.org/community/os/x86_64/${name}-x86_64.pkg.tar.xz";
+      sha256 = "0393xnzrzq53szmicn96lvapm66wmlykdxaa1n7smx8a0mcz0kah";
+    }
+    else fetchurl {
+      url    = "ftp://ftp.archlinux.org/community/os/i686/${name}-i686.pkg.tar.xz";
+      sha256 = "0js67w2szd0qs7ycgxb3bbmcdziv1fywyd9ihra2f6bq5rhcs2jp";
+    };
+
+  buildPhase = ''
+    sed -i "s|/usr|$out|" bin/sdlmame
+  '';
+
+  installPhase = ''
+    patchelf \
+      --set-interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+      --set-rpath "${alsaLib}/lib:${qt48}/lib:${SDL}/lib:${fontconfig}/lib:${freetype}/lib:${SDL_ttf}/lib:${xlibs.libX11}/lib:${xlibs.libXinerama}/lib:${stdenv.gcc.gcc}/lib" \
+      share/sdlmame/sdlmame
+
+    mkdir -p "$out/bin"
+    cp -r bin/sdlmame "$out/bin"
+    cp -r share "$out"
+  '';
+
+  dontPatchELF = true;
+  dontStrip    = true;
+
+  meta = with stdenv.lib; {
+    homepage    = http://sdlmame.lngn.net;
+    description = "A port of the popular Multiple Arcade Machine Emulator using SDL with OpenGL support.";
+    license     = "MAME";
+    maintainers = with maintainers; [ lovek323 ];
+    platforms   = platforms.linux;
+  };
+}
diff --git a/pkgs/games/spring/default.nix b/pkgs/games/spring/default.nix
index ba45360ccb6d..109cb239d2be 100644
--- a/pkgs/games/spring/default.nix
+++ b/pkgs/games/spring/default.nix
@@ -27,9 +27,9 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://springrts.com/;
-    description = "A powerful real-time strategy(RTS) game engine";
+    description = "A powerful real-time strategy (RTS) game engine";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom maintainers.qknight ];
-    platforms = platforms.unix;
+    platforms = platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/games/spring/springlobby.nix b/pkgs/games/spring/springlobby.nix
index e6051a12a267..b78fd7d77888 100644
--- a/pkgs/games/spring/springlobby.nix
+++ b/pkgs/games/spring/springlobby.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://springlobby.info/;
-    description = "A free cross-platform lobby client for the Spring RTS project.";
+    description = "Cross-platform lobby client for the Spring RTS project";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom maintainers.qknight];
     platforms = platforms.linux;
diff --git a/pkgs/games/steam/chrootenv.nix b/pkgs/games/steam/chrootenv.nix
new file mode 100644
index 000000000000..2173d12666e5
--- /dev/null
+++ b/pkgs/games/steam/chrootenv.nix
@@ -0,0 +1,12 @@
+{ buildFHSChrootEnv, steam
+, xterm, libX11, zenity, python, mesa, xdg_utils, dbus_tools, alsaLib
+}:
+
+buildFHSChrootEnv {
+  name = "steam";
+  pkgs = [ steam xterm libX11 zenity python mesa xdg_utils dbus_tools alsaLib ];
+  profile = ''
+    export LD_LIBRARY_PATH=/run/opengl-driver/lib:/run/opengl-driver-32/lib:/lib
+    export FONTCONFIG_FILE=/etc/fonts/fonts.conf
+  '';
+}
diff --git a/pkgs/games/steam/default.nix b/pkgs/games/steam/default.nix
index 1e8c0db90455..80be4ec85957 100644
--- a/pkgs/games/steam/default.nix
+++ b/pkgs/games/steam/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, dpkg, makeWrapper, xz, libX11, gcc, glibc
+/*{ stdenv, fetchurl, dpkg, makeWrapper, xz, libX11, gcc, glibc
 , libselinux, libXrandr, pango, freetype, fontconfig, glib, gtk
 , gdk_pixbuf, cairo, libXi, alsaLib, libXrender, nss, nspr, zlib
 , dbus, libpng12, libXfixes, cups, libgcrypt, openal, pulseaudio
@@ -97,3 +97,28 @@ stdenv.mkDerivation rec {
     license = "unfree";
   };
 }
+*/
+
+{stdenv, fetchurl, dpkg}:
+
+stdenv.mkDerivation {
+  name = "steam-1.0.0.42";
+  src = fetchurl {
+    url = http://repo.steampowered.com/steam/archive/precise/steam-launcher_1.0.0.42_all.deb;
+    sha256 = "1jyvk0h1z78sdpvl4hs1kdvr6z2kwamf09vjgjx1f6j04kgqrfbw";
+  };
+  buildInputs = [ dpkg ];
+  unpackPhase = "true";
+  installPhase = ''
+    mkdir -p $out
+    dpkg -x $src $out
+    cp -av $out/usr/* $out
+    rm -Rf $out/usr
+  '';
+  
+  meta = {
+    description = "A digital distribution platform";
+    homepage = http://store.steampowered.com/;
+    license = "unfree";
+  };
+}
diff --git a/pkgs/games/super-tux/default.nix b/pkgs/games/super-tux/default.nix
index 60e9cc537bf0..945eaa7fbf88 100644
--- a/pkgs/games/super-tux/default.nix
+++ b/pkgs/games/super-tux/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation {
   patches = [ ./g++4.patch ];
 
   meta = {
-    description = "SuperTux is a classic 2D jump'n run sidescroller game in a style similar to the original Super Mario games covered under the GPL.";
+    description = "Classic 2D jump'n run sidescroller game";
 
     homepage = http://supertux.lethargik.org/index.html;
 
diff --git a/pkgs/games/unvanquished/default.nix b/pkgs/games/unvanquished/default.nix
index 6d1c8e5607c9..2768d2fad9e1 100644
--- a/pkgs/games/unvanquished/default.nix
+++ b/pkgs/games/unvanquished/default.nix
@@ -32,7 +32,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "A FLOSS FPS combining RTS elements with a futuristic, sci-fi setting.";
+    description = "FPS game set in a futuristic, sci-fi setting";
     longDescription = ''
       Unvanquished is a free, open-source first-person shooter
       combining real-time strategy elements with a futuristic, sci-fi
diff --git a/pkgs/games/warsow/default.nix b/pkgs/games/warsow/default.nix
index aeb7e37cd7e4..84d15efb810f 100644
--- a/pkgs/games/warsow/default.nix
+++ b/pkgs/games/warsow/default.nix
@@ -47,7 +47,7 @@ stdenv.mkDerivation rec {
     patchelf --set-rpath $cur_rpath:${mesa}/lib $p
   '';
   meta = {
-    description = "A multiplayer FPS designed for competitive gaming.";
+    description = "Multiplayer FPS game designed for competitive gaming";
     longDescription = ''
       Set in a futuristic cartoon-like world where rocketlauncher-wielding
       pigs and lasergun-carrying cyberpunks roam the streets, Warsow is a
diff --git a/pkgs/games/worldofgoo/default.nix b/pkgs/games/worldofgoo/default.nix
index 216ec0d8041a..13e7e487c8f0 100644
--- a/pkgs/games/worldofgoo/default.nix
+++ b/pkgs/games/worldofgoo/default.nix
@@ -77,7 +77,6 @@ stdenv.mkDerivation rec {
     homepage = http://worldofgoo.com;
     license = [ "unfree" ];
     maintainers = with stdenv.lib.maintainers; [ jcumming ];
-    platforms = [ "x86_64-linux"] ;
   };
 
 }
diff --git a/pkgs/games/xboard/default.nix b/pkgs/games/xboard/default.nix
index 7e73bfad5403..454112638768 100644
--- a/pkgs/games/xboard/default.nix
+++ b/pkgs/games/xboard/default.nix
@@ -5,11 +5,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="xboard";
-    version="4.7.1";
+    version="4.7.2";
     name="${baseName}-${version}";
-    hash="0hnav2swswaf0463c4wnmgwaif3g42f2a1mqyqc5fa1py32iy6ry";
-    url="mirror://gnu/xboard/xboard-4.7.1.tar.gz";
-    sha256="0hnav2swswaf0463c4wnmgwaif3g42f2a1mqyqc5fa1py32iy6ry";
+    hash="1vm95fjp3pkvvjvamfs7zqw4l4b4v7v52h2npvf9j5059fckcrwv";
+    url="http://ftp.gnu.org/gnu/xboard/xboard-4.7.2.tar.gz";
+    sha256="1vm95fjp3pkvvjvamfs7zqw4l4b4v7v52h2npvf9j5059fckcrwv";
   };
   buildInputs = [
     libX11 xproto libXt libXaw libSM libICE libXmu 
diff --git a/pkgs/lib/modules.nix b/pkgs/lib/modules.nix
deleted file mode 100644
index acd10e7bf576..000000000000
--- a/pkgs/lib/modules.nix
+++ /dev/null
@@ -1,380 +0,0 @@
-# NixOS module handling.
-
-let lib = import ./default.nix; in
-
-with { inherit (builtins) head; };
-with import ./trivial.nix;
-with import ./lists.nix;
-with import ./misc.nix;
-with import ./attrsets.nix;
-with import ./options.nix;
-with import ./properties.nix;
-
-rec {
-
-  # Unfortunately this can also be a string.
-  isPath = x: !(
-     builtins.isFunction x
-  || builtins.isAttrs x
-  || builtins.isInt x
-  || builtins.isBool x
-  || builtins.isList x
-  );
-
-
-  importIfPath = path:
-    if isPath path then
-      import path
-    else
-      path;
-
-
-  applyIfFunction = f: arg:
-    if builtins.isFunction f then
-      f arg
-    else
-      f;
-
-
-  isModule = m:
-       (m ? config && isAttrs m.config && ! isOption m.config)
-    || (m ? options && isAttrs m.options && ! isOption m.options);
-
-
-  # Convert module to a set which has imports / options and config
-  # attributes.
-  unifyModuleSyntax = m:
-    let
-      delayedModule = delayProperties m;
-
-      getImports =
-        toList (rmProperties (delayedModule.require or []));
-      getImportedPaths = filter isPath getImports;
-      getImportedSets = filter (x: !isPath x) getImports;
-
-      getConfig =
-        removeAttrs delayedModule ["require" "key" "imports"];
-
-    in
-      if isModule m then
-        { key = "<unknown location>"; } // m
-      else
-        { key = "<unknown location>";
-          imports = (m.imports or []) ++ getImportedPaths;
-          config = getConfig;
-        } // (
-          if getImportedSets != [] then
-            assert length getImportedSets == 1;
-            { options = head getImportedSets; }
-          else
-            {}
-        );
-
-
-  unifyOptionModule = {key ? "<unknown location>"}: name: index: m: (args:
-    let
-      module = lib.applyIfFunction m args;
-      key_ = rec {
-        file = key;
-        option = name;
-        number = index;
-        outPath = key;
-      };
-    in if lib.isModule module then
-      { key = key_; } // module
-    else
-      { key = key_; options = module; }
-  );
-
-
-  moduleClosure = initModules: args:
-    let
-      moduleImport = origin: index: m:
-        let m' = applyIfFunction (importIfPath m) args;
-        in (unifyModuleSyntax m') // {
-          # used by generic closure to avoid duplicated imports.
-          key =
-            if isPath m then m
-            else m'.key or (newModuleName origin index);
-        };
-
-      getImports = m: m.imports or [];
-
-      newModuleName = origin: index:
-        "${origin.key}:<import-${toString index}>";
-
-      topLevel = {
-        key = "<top-level>";
-      };
-
-    in
-      (lazyGenericClosure {
-        startSet = imap (moduleImport topLevel) initModules;
-        operator = m: imap (moduleImport m) (getImports m);
-      });
-
-
-  moduleApply = funs: module:
-    lib.mapAttrs (name: value:
-      if builtins.hasAttr name funs then
-        let fun = lib.getAttr name funs; in
-        fun value
-      else
-        value
-    ) module;
-
-
-  # Handle mkMerge function left behind after a delay property.
-  moduleFlattenMerge = module:
-    if module ? config &&
-       isProperty module.config &&
-       isMerge module.config.property
-    then
-      (map (cfg: { key = module.key; config = cfg; }) module.config.content)
-      ++ [ (module // { config = {}; }) ]
-    else
-      [ module ];
-
-
-  # Handle mkMerge attributes which are left behind by previous delay
-  # properties and convert them into a list of modules. Delay properties
-  # inside the config attribute of a module and create a second module if a
-  # mkMerge attribute was left behind.
-  #
-  # Module -> [ Module ]
-  delayModule = module:
-    map (moduleApply { config = delayProperties; }) (moduleFlattenMerge module);
-
-
-  evalDefinitions = opt: values:
-    if opt.type.delayOnGlobalEval or false then
-      map (delayPropertiesWithIter opt.type.iter opt.name)
-        (evalLocalProperties values)
-    else
-      evalProperties values;
-
-
-  selectModule = name: m:
-    { inherit (m) key;
-    } // (
-      if m ? options && builtins.hasAttr name m.options then
-        { options = lib.getAttr name m.options; }
-      else {}
-    ) // (
-      if m ? config && builtins.hasAttr name m.config then
-        { config = lib.getAttr name m.config; }
-      else {}
-    );
-
-  filterModules = name: modules:
-    filter (m: m ? config || m ? options) (
-      map (selectModule name) modules
-    );
-
-
-  modulesNames = modules:
-    lib.concatMap (m: []
-    ++ optionals (m ? options) (lib.attrNames m.options)
-    ++ optionals (m ? config) (lib.attrNames m.config)
-    ) modules;
-
-
-  moduleZip = funs: modules:
-    lib.mapAttrs (name: fun:
-      fun (catAttrs name modules)
-    ) funs;
-
-
-  moduleMerge = path: modules:
-    let modules_ = modules; in
-    let
-      addName = name:
-        if path == "" then name else path + "." + name;
-
-      modules = concatLists (map delayModule modules_);
-
-      modulesOf = name: filterModules name modules;
-      declarationsOf = name: filter (m: m ? options) (modulesOf name);
-      definitionsOf  = name: filter (m: m ? config ) (modulesOf name);
-
-      recurseInto = name:
-        moduleMerge (addName name) (modulesOf name);
-
-      recurseForOption = name: modules: args:
-        moduleMerge name (
-          moduleClosure modules args
-        );
-
-      errorSource = modules:
-        "The error may come from the following files:\n" + (
-          lib.concatStringsSep "\n" (
-            map (m:
-              if m ? key then toString m.key else "<unknown location>"
-            ) modules
-          )
-        );
-
-      eol = "\n";
-
-      allNames = modulesNames modules;
-
-      getResults = m:
-        let fetchResult = s: mapAttrs (n: v: v.result) s; in {
-          options = fetchResult m.options;
-          config = fetchResult m.config;
-        };
-
-      endRecursion =  { options = {}; config = {}; };
-
-    in if modules == [] then endRecursion else
-      getResults (fix (crossResults: moduleZip {
-        options = lib.zipWithNames allNames (name: values: rec {
-          config = lib.getAttr name crossResults.config;
-
-          declarations = declarationsOf name;
-          declarationSources =
-            map (m: {
-              source = m.key;
-            }) declarations;
-
-          hasOptions = values != [];
-          isOption = any lib.isOption values;
-
-          decls = # add location to sub-module options.
-            map (m:
-              mapSubOptions
-                (unifyOptionModule {inherit (m) key;} name)
-                m.options
-            ) declarations;
-
-          decl =
-            lib.addErrorContext "${eol
-              }while enhancing option `${addName name}':${eol
-              }${errorSource declarations}${eol
-            }" (
-              addOptionMakeUp
-                { name = addName name; recurseInto = recurseForOption; }
-                (mergeOptionDecls decls)
-            );
-
-          value = decl // (with config; {
-            inherit (config) isNotDefined;
-            isDefined = ! isNotDefined;
-            declarations = declarationSources;
-            definitions = definitionSources;
-            config = strictResult;
-          });
-
-          recurse = (recurseInto name).options;
-
-          result =
-            if isOption then value
-            else if !hasOptions then {}
-            else if all isAttrs values then recurse
-            else
-              throw "${eol
-                }Unexpected type where option declarations are expected.${eol
-                }${errorSource declarations}${eol
-              }";
-
-        });
-
-        config = lib.zipWithNames allNames (name: values_: rec {
-          option = lib.getAttr name crossResults.options;
-
-          definitions = definitionsOf name;
-          definitionSources =
-            map (m: {
-              source = m.key;
-              value = m.config;
-            }) definitions;
-
-          values = values_ ++
-            optionals (option.isOption && option.decl ? extraConfigs)
-              option.decl.extraConfigs;
-
-          defs = evalDefinitions option.decl values;
-
-          isNotDefined = defs == [];
-
-          value =
-            lib.addErrorContext "${eol
-              }while evaluating the option `${addName name}':${eol
-              }${errorSource (modulesOf name)}${eol
-            }" (
-              let opt = option.decl; in
-              opt.apply (
-                if isNotDefined then
-                  opt.default or (throw "Option `${addName name}' not defined and does not have a default value.")
-                else opt.merge defs
-              )
-            );
-
-          strictResult = builtins.tryEval (builtins.toXML value);
-
-          recurse = (recurseInto name).config;
-
-          configIsAnOption = v: isOption (rmProperties v);
-          errConfigIsAnOption =
-            let badModules = filter (m: configIsAnOption m.config) definitions; in
-            "${eol
-              }Option ${addName name} is defined in the configuration section.${eol
-              }${errorSource badModules}${eol
-            }";
-
-          errDefinedWithoutDeclaration =
-            let badModules = definitions; in
-            "${eol
-              }Option '${addName name}' defined without option declaration.${eol
-              }${errorSource badModules}${eol
-            }";
-
-          result =
-            if option.isOption then value
-            else if !option.hasOptions then throw errDefinedWithoutDeclaration
-            else if any configIsAnOption values then throw errConfigIsAnOption
-            else if all isAttrs values then recurse
-            # plain value during the traversal
-            else throw errDefinedWithoutDeclaration;
-
-        });
-      } modules));
-
-
-  fixMergeModules = initModules: {...}@args:
-    lib.fix (result:
-      # This trick avoids an infinite loop because names of attribute
-      # are know and it is not required to evaluate the result of
-      # moduleMerge to know which attributes are present as arguments.
-      let module = { inherit (result) options config; }; in
-      moduleMerge "" (
-        moduleClosure initModules (module // args)
-      )
-    );
-
-
-  # Visit all definitions to raise errors related to undeclared options.
-  checkModule = path: {config, options, ...}@m:
-    let
-      eol = "\n";
-      addName = name:
-        if path == "" then name else path + "." + name;
-    in
-    if lib.isOption options then
-      if options ? options then
-        options.type.fold
-          (cfg: res: res && checkModule (options.type.docPath path) cfg._args)
-          true config
-      else
-        true
-    else if isAttrs options && lib.attrNames m.options != [] then
-      all (name:
-        lib.addErrorContext "${eol
-          }while checking the attribute `${addName name}':${eol
-        }" (checkModule (addName name) (selectModule name m))
-      ) (lib.attrNames m.config)
-    else
-      builtins.trace "try to evaluate config ${lib.showVal config}."
-      false;
-
-}
diff --git a/pkgs/lib/options.nix b/pkgs/lib/options.nix
deleted file mode 100644
index e8e01083a77a..000000000000
--- a/pkgs/lib/options.nix
+++ /dev/null
@@ -1,315 +0,0 @@
-# Nixpkgs/NixOS option handling.
-
-let lib = import ./default.nix; in
-
-with { inherit (builtins) head length; };
-with import ./trivial.nix;
-with import ./lists.nix;
-with import ./misc.nix;
-with import ./attrsets.nix;
-with import ./properties.nix;
-
-rec {
-
-  inherit (lib) isType;
-  
-
-  isOption = isType "option";
-  mkOption = attrs: attrs // {
-    _type = "option";
-    # name (this is the name of the attributem it is automatically generated by the traversal)
-    # default (value used when no definition exists)
-    # example (documentation)
-    # description (documentation)
-    # type (option type, provide a default merge function and ensure type correctness)
-    # merge (function used to merge definitions into one definition: [ /type/ ] -> /type/)
-    # apply (convert the option value to ease the manipulation of the option result)
-    # options (set of sub-options declarations & definitions)
-    # extraConfigs (list of possible configurations)
-  };
-
-  mkEnableOption = name: mkOption {
-    default = false;
-    example = true;
-    description = "Whether to enable ${name}";
-    type = lib.types.bool;
-  };
-
-  mapSubOptions = f: opt:
-    if opt ? options then
-      opt // {
-        options = imap f (toList opt.options);
-      }
-    else
-      opt;
-
-  # Make the option declaration more user-friendly by adding default
-  # settings and some verifications based on the declaration content (like
-  # type correctness).
-  addOptionMakeUp = {name, recurseInto}: decl:
-    let
-      init = {
-        inherit name;
-        merge = mergeDefaultOption;
-        apply = lib.id;
-      };
-
-      functionsFromType = opt:
-        opt // (builtins.intersectAttrs { merge = 1; check = 1; } (decl.type or {})); 
-
-      addDeclaration = opt: opt // decl;
-
-      ensureMergeInputType = opt:
-        if opt ? check then
-          opt // {
-            merge = list:
-              if all opt.check list then
-                opt.merge list
-              else
-                throw "One of option ${name} values has a bad type.";
-          }
-        else opt;
-
-      checkDefault = opt:
-        if opt ? check && opt ? default then
-          opt // {
-            default =
-              if opt.check opt.default then
-                opt.default
-              else
-                throw "The default value of option ${name} has a bad type.";
-          }
-        else opt;
-
-      handleOptionSets = opt:
-        if opt ? type && opt.type.hasOptions then
-          let
-            # Evaluate sub-modules.
-            subModuleMerge = path: vals:
-              lib.fix (args:
-                let
-                  result = recurseInto path (opt.options ++ imap (index: v: args: {
-                    key = rec {
-                      #!!! Would be nice if we had the file the val was from
-                      option = path;
-                      number = index;
-                      outPath = "option ${option} config number ${toString number}";
-                    };
-                  } // (lib.applyIfFunction v args)) (toList vals)) args;
-                  name = lib.removePrefix (opt.name + ".") path;
-                  extraArgs = opt.extraArgs or {};
-                  individualExtraArgs = opt.individualExtraArgs or {};
-                in {
-                  inherit (result) config options;
-                  inherit name;
-                } //
-                  (opt.extraArgs or {}) //
-                  (if hasAttr name individualExtraArgs then getAttr name individualExtraArgs else {})
-              );
-
-            # Add _options in sub-modules to make it viewable from other
-            # modules.
-            subModuleMergeConfig = path: vals:
-              let result = subModuleMerge path vals; in
-                { _args = result; } // result.config;
-
-          in
-            opt // {
-              merge = list:
-                opt.type.iter
-                  subModuleMergeConfig
-                  opt.name
-                  (opt.merge list);
-              options =
-                let path = opt.type.docPath opt.name; in
-                  (subModuleMerge path []).options;
-            }
-        else
-          opt;
-    in
-      foldl (opt: f: f opt) init [
-        # default settings
-        functionsFromType
-
-        # user settings
-        addDeclaration
-
-        # override settings
-        ensureMergeInputType
-        checkDefault
-        handleOptionSets
-      ];
-
-  # Merge a list of options containning different field.  This is useful to
-  # separate the merge & apply fields from the interface.
-  mergeOptionDecls = opts:
-    if opts == [] then {}
-    else if length opts == 1 then
-      let opt = head opts; in
-      if opt ? options then
-        opt // { options = toList opt.options; }
-      else
-        opt
-    else
-      fold (opt1: opt2:
-        lib.addErrorContext "opt1 = ${lib.showVal opt1}\nopt2 = ${lib.showVal opt2}" (
-        # You cannot merge if two options have the same field.
-        assert opt1 ? default -> ! opt2 ? default;
-        assert opt1 ? example -> ! opt2 ? example;
-        assert opt1 ? description -> ! opt2 ? description;
-        assert opt1 ? merge -> ! opt2 ? merge;
-        assert opt1 ? apply -> ! opt2 ? apply;
-        assert opt1 ? type -> ! opt2 ? type;
-        opt1 // opt2
-        // optionalAttrs (opt1 ? options || opt2 ? options) {
-            options =
-               (toList (opt1.options or []))
-            ++ (toList (opt2.options or []));
-          }
-        // optionalAttrs (opt1 ? extraConfigs || opt2 ? extraConfigs) {
-            extraConfigs = opt1.extraConfigs or [] ++ opt2.extraConfigs or [];
-          }
-        // optionalAttrs (opt1 ? extraArgs || opt2 ? extraArgs) {
-            extraArgs = opt1.extraArgs or {} // opt2.extraArgs or {};
-          }
-        // optionalAttrs (opt1 ? individualExtraArgs || opt2 ? individualExtraArgs) {
-            individualExtraArgs = zipAttrsWith (name: values:
-              if length values == 1 then head values else (head values // (head (tail values)))
-            ) [ (opt1.individualExtraArgs or {}) (opt2.individualExtraArgs or {}) ];
-          }
-      )) {} opts;
-
-  
-  # !!! This function will be removed because this can be done with the
-  # multiple option declarations.
-  addDefaultOptionValues = defs: opts: opts //
-    builtins.listToAttrs (map (defName:
-      { name = defName;
-        value = 
-          let
-            defValue = builtins.getAttr defName defs;
-            optValue = builtins.getAttr defName opts;
-          in
-          if isOption defValue
-          then
-            # `defValue' is an option.
-            if hasAttr defName opts
-            then builtins.getAttr defName opts
-            else defValue.default
-          else
-            # `defValue' is an attribute set containing options.
-            # So recurse.
-            if hasAttr defName opts && isAttrs optValue 
-            then addDefaultOptionValues defValue optValue
-            else addDefaultOptionValues defValue {};
-      }
-    ) (attrNames defs));
-
-  mergeDefaultOption = list:
-    if length list == 1 then head list
-    else if all builtins.isFunction list then x: mergeDefaultOption (map (f: f x) list)
-    else if all isList list then concatLists list
-    else if all isAttrs list then fold lib.mergeAttrs {} list
-    else if all builtins.isBool list then fold lib.or false list
-    else if all builtins.isString list then lib.concatStrings list
-    else if all builtins.isInt list && all (x: x == head list) list
-         then head list
-    else throw "Cannot merge values.";
-
-  mergeTypedOption = typeName: predicate: merge: list:
-    if all predicate list then merge list
-    else throw "Expect a ${typeName}.";
-
-  mergeEnableOption = mergeTypedOption "boolean"
-    (x: true == x || false == x) (fold lib.or false);
-
-  mergeListOption = mergeTypedOption "list" isList concatLists;
-
-  mergeStringOption = mergeTypedOption "string"
-    (x: if builtins ? isString then builtins.isString x else x + "")
-    lib.concatStrings;
-
-  mergeOneOption = list:
-    if list == [] then abort "This case should never happen."
-    else if length list != 1 then throw "Multiple definitions. Only one is allowed for this option."
-    else head list;
-
-
-  fixableMergeFun = merge: f: config:
-    merge (
-      # generate the list of option sets.
-      f config
-    );
-
-  fixableMergeModules = merge: initModules: {...}@args: config:
-    fixableMergeFun merge (config:
-      lib.moduleClosure initModules (args // { inherit config; })
-    ) config;
-
-
-  fixableDefinitionsOf = initModules: {...}@args:
-    fixableMergeModules (modules: (lib.moduleMerge "" modules).config) initModules args;
-
-  fixableDeclarationsOf = initModules: {...}@args:
-    fixableMergeModules (modules: (lib.moduleMerge "" modules).options) initModules args;
-
-  definitionsOf = initModules: {...}@args:
-    (lib.fix (module:
-      fixableMergeModules (lib.moduleMerge "") initModules args module.config
-    )).config;
-
-  declarationsOf = initModules: {...}@args:
-    (lib.fix (module:
-      fixableMergeModules (lib.moduleMerge "") initModules args module.config
-    )).options;
-
-
-  # Generate documentation template from the list of option declaration like
-  # the set generated with filterOptionSets.
-  optionAttrSetToDocList = ignore: newOptionAttrSetToDocList;
-  newOptionAttrSetToDocList = attrs:
-    let options = collect isOption attrs; in
-      fold (opt: rest:
-        let
-          docOption = {
-            inherit (opt) name;
-            description = if opt ? description then opt.description else
-              throw "Option ${opt.name}: No description.";
-
-            declarations = map (x: toString x.source) opt.declarations;
-            #definitions = map (x: toString x.source) opt.definitions;
-          }
-          // optionalAttrs (opt ? example) { example = scrubOptionValue opt.example; }
-          // optionalAttrs (opt ? default) { default = scrubOptionValue opt.default; }
-          // optionalAttrs (opt ? defaultText) { default = opt.defaultText; };
-
-          subOptions =
-            if opt ? options then
-              newOptionAttrSetToDocList opt.options
-            else
-              [];
-        in
-          [ docOption ] ++ subOptions ++ rest
-      ) [] options;
-
-
-  /* This function recursively removes all derivation attributes from
-     `x' except for the `name' attribute.  This is to make the
-     generation of `options.xml' much more efficient: the XML
-     representation of derivations is very large (on the order of
-     megabytes) and is not actually used by the manual generator. */
-  scrubOptionValue = x: 
-    if isDerivation x then { type = "derivation"; drvPath = x.name; outPath = x.name; name = x.name; }
-    else if isList x then map scrubOptionValue x
-    else if isAttrs x then mapAttrs (n: v: scrubOptionValue v) (removeAttrs x ["_args"])
-    else x;
-
-
-  /* For use in the ‘example’ option attribute.  It causes the given
-     text to be included verbatim in documentation.  This is necessary
-     for example values that are not simple values, e.g.,
-     functions. */
-  literalExample = text: { _type = "literalExample"; inherit text; };
-
-
-}
diff --git a/pkgs/lib/properties.nix b/pkgs/lib/properties.nix
deleted file mode 100644
index 22aa8d891d8a..000000000000
--- a/pkgs/lib/properties.nix
+++ /dev/null
@@ -1,464 +0,0 @@
-# Nixpkgs/NixOS properties.  Generalize the problem of delayable (not yet
-# evaluable) properties like mkIf.
-
-let lib = import ./default.nix; in
-
-with { inherit (builtins) head tail; };
-with import ./trivial.nix;
-with import ./lists.nix;
-with import ./misc.nix;
-with import ./attrsets.nix;
-
-rec {
-
-  inherit (lib) isType;
-
-  # Tell that nothing is defined.  When properties are evaluated, this type
-  # is used to remove an entry.  Thus if your property evaluation semantic
-  # implies that you have to mute the content of an attribute, then your
-  # property should produce this value.
-  isNotdef = isType "notdef";
-  mkNotdef = {_type = "notdef";};
-
-  # General property type, it has a property attribute and a content
-  # attribute.  The property attribute refers to an attribute set which
-  # contains a _type attribute and a list of functions which are used to
-  # evaluate this property.  The content attribute is used to stack properties
-  # on top of each other.
-  #
-  # The optional functions which may be contained in the property attribute
-  # are:
-  #  - onDelay: run on a copied property.
-  #  - onGlobalDelay: run on all copied properties.
-  #  - onEval: run on an evaluated property.
-  #  - onGlobalEval: run on a list of property stack on top of their values.
-  isProperty = isType "property";
-  mkProperty = p@{property, content, ...}: p // {
-    _type = "property";
-  };
-
-  # Go through the stack of properties and apply the function `op' on all
-  # property and call the function `nul' on the final value which is not a
-  # property.  The stack is traversed in reversed order.  The `op' function
-  # should expect a property with a content which have been modified.
-  #
-  # Warning: The `op' function expects only one argument in order to avoid
-  # calls to mkProperties as the argument is already a valid property which
-  # contains the result of the folding inside the content attribute.
-  foldProperty = op: nul: attrs:
-    if isProperty attrs then
-      op (attrs // {
-        content = foldProperty op nul attrs.content;
-      })
-    else
-      nul attrs;
-
-  # Simple function which can be used as the `op' argument of the
-  # foldProperty function.  Properties that you don't want to handle can be
-  # ignored with the `id' function.  `isSearched' is a function which should
-  # check the type of a property and return a boolean value.  `thenFun' and
-  # `elseFun' are functions which behave as the `op' argument of the
-  # foldProperty function.
-  foldFilter = isSearched: thenFun: elseFun: attrs:
-    if isSearched attrs.property then
-      thenFun attrs
-    else
-      elseFun attrs;
-
-
-  # Move properties from the current attribute set to the attribute
-  # contained in this attribute set.  This trigger property handlers called
-  # `onDelay' and `onGlobalDelay'.
-  delayPropertiesWithIter = iter: path: attrs:
-    let cleanAttrs = rmProperties attrs; in
-    if isProperty attrs then
-      iter (a: v:
-        lib.addErrorContext "while moving properties on the attribute `${a}':" (
-          triggerPropertiesGlobalDelay a (
-            triggerPropertiesDelay a (
-              copyProperties attrs v
-      )))) path cleanAttrs
-    else
-      attrs;
-
-  delayProperties = # implicit attrs argument.
-    let
-      # mapAttrs except that it also recurse into potential mkMerge
-      # functions.  This may cause a strictness issue because looking the
-      # type of a string implies evaluating it.
-      iter = fun: path: value:
-        lib.mapAttrs (attr: val:
-          if isProperty val && isMerge val.property then
-            val // { content = map (fun attr) val.content; }
-          else
-            fun attr val
-        ) value;
-    in
-      delayPropertiesWithIter iter "";
-
-  # Call onDelay functions.
-  triggerPropertiesDelay = name: attrs:
-    let
-      callOnDelay = p@{property, ...}:
-        if property ? onDelay then
-          property.onDelay name p
-        else
-          p;
-    in
-      foldProperty callOnDelay id attrs;
-
-  # Call onGlobalDelay functions.
-  triggerPropertiesGlobalDelay = name: attrs:
-    let
-      globalDelayFuns = uniqListExt {
-        getter = property: property._type;
-        inputList = foldProperty (p@{property, content, ...}:
-          if property ? onGlobalDelay then
-            [ property ] ++ content
-          else
-            content
-        ) (a: []) attrs;
-      };
-
-      callOnGlobalDelay = property: content:
-        property.onGlobalDelay name content;
-    in
-      fold callOnGlobalDelay attrs globalDelayFuns;
-
-  # Expect a list of values which may have properties and return the same
-  # list of values where all properties have been evaluated and where all
-  # ignored values are removed.  This trigger property handlers called
-  # `onEval' and `onGlobalEval'.
-  evalProperties = valList:
-    if valList != [] then
-      filter (x: !isNotdef x) (
-        triggerPropertiesGlobalEval (
-          evalLocalProperties valList
-        )
-      )
-    else
-      valList;
-
-  evalLocalProperties = valList:
-    filter (x: !isNotdef x) (
-      map triggerPropertiesEval valList
-    );
-
-  # Call onEval function
-  triggerPropertiesEval = val:
-    foldProperty (p@{property, ...}:
-      if property ? onEval then
-        property.onEval p
-      else
-        p
-    ) id val;
-
-  # Call onGlobalEval function
-  triggerPropertiesGlobalEval = valList:
-    let
-      globalEvalFuns = uniqListExt {
-        getter = property: property._type;
-        inputList =
-          fold (attrs: list:
-            foldProperty (p@{property, content, ...}:
-              if property ? onGlobalEval then
-                [ property ] ++ content
-              else
-                content
-            ) (a: list) attrs
-          ) [] valList;
-      };
-
-      callOnGlobalEval = property: valList: property.onGlobalEval valList;
-    in
-      fold callOnGlobalEval valList globalEvalFuns;
-
-  # Remove all properties on top of a value and return the value.
-  rmProperties =
-    foldProperty (p@{content, ...}: content) id;
-
-  # Copy properties defined on a value on another value.
-  copyProperties = attrs: newAttrs:
-    foldProperty id (x: newAttrs) attrs;
-
-  /* Merge. */
-
-  # Create "merge" statement which is skipped by the delayProperty function
-  # and interpreted by the underlying system using properties (modules).
-
-  # Create a "Merge" property which only contains a condition.
-  isMerge = isType "merge";
-  mkMerge = content: mkProperty {
-    property = {
-      _type = "merge";
-      onDelay = name: val: throw "mkMerge is not the first of the list of properties.";
-      onEval = val: throw "mkMerge is not allowed on option definitions.";
-    };
-    inherit content;
-  };
-
-  /* If. ThenElse. Always. */
-
-  # create "if" statement that can be delayed on sets until a "then-else" or
-  # "always" set is reached.  When an always set is reached the condition
-  # is ignore.
-
-  # Create a "If" property which only contains a condition.
-  isIf = isType "if";
-  mkIf = condition: content: mkProperty {
-    property = {
-      _type = "if";
-      onGlobalDelay = onIfGlobalDelay;
-      onEval = onIfEval;
-      inherit condition;
-    };
-    inherit content;
-  };
-
-  mkAssert = assertion: message: content:
-    mkIf
-      (if assertion then true else throw "\nFailed assertion: ${message}")
-      content;
-
-  # Evaluate the "If" statements when either "ThenElse" or "Always"
-  # statement is encountered.  Otherwise it removes multiple If statements and
-  # replaces them by one "If" statement where the condition is the list of all
-  # conditions joined with a "and" operation.
-  onIfGlobalDelay = name: content:
-    let
-      # extract if statements and non-if statements and repectively put them
-      # in the attribute list and attrs.
-      ifProps =
-        foldProperty
-          (foldFilter (p: isIf p)
-            # then, push the condition inside the list list
-            (p@{property, content, ...}:
-              { inherit (content) attrs;
-                list = [property] ++ content.list;
-              }
-            )
-            # otherwise, add the propertie.
-            (p@{property, content, ...}:
-              { inherit (content) list;
-                attrs = p // { content = content.attrs; };
-              }
-            )
-          )
-          (attrs: { list = []; inherit attrs; })
-          content;
-
-      # compute the list of if statements.
-      evalIf = content: condition: list:
-        if list == [] then
-          mkIf condition content
-        else
-          let p = head list; in
-          evalIf content (condition && p.condition) (tail list);
-    in
-      evalIf ifProps.attrs true ifProps.list;
-
-  # Evaluate the condition of the "If" statement to either get the value or
-  # to ignore the value.
-  onIfEval = p@{property, content, ...}:
-    if property.condition then
-      content
-    else
-      mkNotdef;
-
-  /* mkOverride */
-
-  # Create an "Override" statement which allow the user to define
-  # priorities between values.  The default priority is 100. The lowest
-  # priorities are kept.  The template argument must reproduce the same
-  # attribute set hierarchy to override leaves of the hierarchy.
-  isOverride = isType "override";
-  mkOverrideTemplate = priority: template: content: mkProperty {
-    property = {
-      _type = "override";
-      onDelay = onOverrideDelay;
-      onGlobalEval = onOverrideGlobalEval;
-      inherit priority template;
-    };
-    inherit content;
-  };
-
-  # Like mkOverrideTemplate, but without the template argument.
-  mkOverride = priority: content: mkOverrideTemplate priority {} content;
-
-  # Sugar to override the default value of the option by making a new
-  # default value based on the configuration.
-  mkDefaultValue = mkOverride 1000;
-  mkDefault = mkOverride 1000;
-  mkForce = mkOverride 50;
-  mkStrict = mkOverride 0;
-
-  # Make the template traversal in function of the property traversal.  If
-  # the template define a non-empty attribute set, then the property is
-  # copied only on all mentionned attributes inside the template.
-  # Otherwise, the property is kept on all sub-attribute definitions.
-  onOverrideDelay = name: p@{property, content, ...}:
-    let inherit (property) template; in
-    if isAttrs template && template != {} then
-      if hasAttr name template then
-        p // {
-          property = p.property // {
-            template = builtins.getAttr name template;
-          };
-        }
-      # Do not override the attribute \name\
-      else
-        content
-    # Override values defined inside the attribute \name\.
-    else
-      p;
-
-  # Keep values having lowest priority numbers only throwing away those having
-  # a higher priority assigned.
-  onOverrideGlobalEval = valList:
-    let
-      defaultPrio = 100;
-
-      inherit (builtins) lessThan;
-
-      getPrioVal =
-        foldProperty
-          (foldFilter isOverride
-            (p@{property, content, ...}:
-              if content ? priority && lessThan content.priority property.priority then
-                content
-              else
-                content // {
-                  inherit (property) priority;
-                }
-            )
-            (p@{property, content, ...}:
-              content // {
-                value = p // { content = content.value; };
-              }
-            )
-          ) (value: { inherit value; });
-
-      addDefaultPrio = x:
-        if x ? priority then x
-        else x // { priority = defaultPrio; };
-
-      prioValList = map (x: addDefaultPrio (getPrioVal x)) valList;
-
-      higherPrio =
-        if prioValList == [] then
-          defaultPrio
-        else
-          fold (x: min:
-            if lessThan x.priority min then
-              x.priority
-            else
-              min
-          ) (head prioValList).priority (tail prioValList);
-    in
-      map (x:
-        if x.priority == higherPrio then
-          x.value
-        else
-          mkNotdef
-      ) prioValList;
-
-  /* mkOrder */
-
-  # Order definitions based on there index value.  This property is useful
-  # when the result of the merge function depends on the order on the
-  # initial list.  (e.g. concatStrings) Definitions are ordered based on
-  # their rank.  The lowest ranked definition would be the first to element
-  # of the list used by the merge function.  And the highest ranked
-  # definition would be the last.  Definitions which does not have any rank
-  # value have the default rank of 100.
-  isOrder = isType "order";
-  mkOrder = rank: content: mkProperty {
-    property = {
-      _type = "order";
-      onGlobalEval = onOrderGlobalEval;
-      inherit rank;
-    };
-    inherit content;
-  };
-
-  mkHeader = mkOrder 10;
-  mkFooter = mkOrder 1000;
-
-  # Fetch the rank of each definition (add the default rank is none) and
-  # sort them based on their ranking.
-  onOrderGlobalEval = valList:
-    let
-      defaultRank = 100;
-
-      inherit (builtins) lessThan;
-
-      getRankVal =
-        foldProperty
-          (foldFilter isOrder
-            (p@{property, content, ...}:
-              if content ? rank then
-                content
-              else
-                content // {
-                  inherit (property) rank;
-                }
-            )
-            (p@{property, content, ...}:
-              content // {
-                value = p // { content = content.value; };
-              }
-            )
-          ) (value: { inherit value; });
-
-      addDefaultRank = x:
-        if x ? rank then x
-        else x // { rank = defaultRank; };
-
-      rankValList = map (x: addDefaultRank (getRankVal x)) valList;
-
-      cmp = x: y:
-        builtins.lessThan x.rank y.rank;
-    in
-      map (x: x.value) (sort cmp rankValList);
-
-  /* mkFixStrictness */
-
-  # This is a hack used to restore laziness on some option definitions.
-  # Some option definitions are evaluated when they are not used.  This
-  # error is caused by the strictness of type checking builtins.  Builtins
-  # like 'isAttrs' are too strict because they have to evaluate their
-  # arguments to check if the type is correct.  This evaluation, cause the
-  # strictness of properties.
-  #
-  # Properties can be stacked on top of each other.  The stackability of
-  # properties on top of the option definition is nice for user manipulation
-  # but require to check if the content of the property is not another
-  # property.  Such testing implies to verify if this is an attribute set
-  # and if it possess the type 'property'. (see isProperty & typeOf/isType)
-  #
-  # To avoid strict evaluation of option definitions, 'mkFixStrictness' is
-  # introduced.  This property protects an option definition by replacing
-  # the base of the stack of properties by 'mkNotDef', when this property is
-  # evaluated it returns the original definition.
-  #
-  # This property is useful over any elements which depends on options which
-  # are raising errors when they get evaluated without the proper settings.
-  #
-  # Plain list and attribute set are lazy structures, which means that the
-  # container gets evaluated but not the content.  Thus, using this property
-  # on top of plain list or attribute set is pointless.
-  #
-  # This is a Hack, you should avoid it!
-
-  # This property has a long name because you should avoid it.
-  isFixStrictness = attrs: (typeOf attrs) == "fix-strictness";
-  mkFixStrictness = value:
-    mkProperty {
-      property = {
-        _type = "fix-strictness";
-        onEval = p: value;
-      };
-      content = mkNotdef;
-    };
-
-}
diff --git a/pkgs/lib/types.nix b/pkgs/lib/types.nix
deleted file mode 100644
index 156d72ac5e73..000000000000
--- a/pkgs/lib/types.nix
+++ /dev/null
@@ -1,226 +0,0 @@
-# Definitions related to run-time type checking.  Used in particular
-# to type-check NixOS configurations.
-
-let lib = import ./default.nix; in
-
-with import ./lists.nix;
-with import ./attrsets.nix;
-with import ./options.nix;
-with import ./trivial.nix;
-
-rec {
-
-  isType = type: x: (x._type or "") == type;
-  hasType = x: isAttrs x && x ? _type;
-  typeOf = x: x._type or "";
-
-  setType = typeName: value: value // {
-    _type = typeName;
-  };
-
-
-  # name (name of the type)
-  # check (check the config value. Before returning false it should trace the bad value eg using traceValIfNot)
-  # merge (default merge function)
-  # iter (iterate on all elements contained in this type)
-  # fold (fold all elements contained in this type)
-  # hasOptions (boolean: whatever this option contains an option set)
-  # delayOnGlobalEval (boolean: should properties go through the evaluation of this option)
-  # docPath (path concatenated to the option name contained in the option set)
-  isOptionType = isType "option-type";
-  mkOptionType =
-    { name
-    , check ? (x: true)
-    , merge ? mergeDefaultOption
-    # Handle complex structure types.
-    , iter ? (f: path: v: f path v)
-    , fold ? (op: nul: v: op v nul)
-    , docPath ? lib.id
-    # If the type can contains option sets.
-    , hasOptions ? false
-    , delayOnGlobalEval ? false
-    }:
-
-    { _type = "option-type";
-      inherit name check merge iter fold docPath hasOptions delayOnGlobalEval;
-    };
-
-
-  types = rec {
-
-    bool = mkOptionType {
-      name = "boolean";
-      check = lib.traceValIfNot builtins.isBool;
-      merge = fold lib.or false;
-    };
-
-    int = mkOptionType {
-      name = "integer";
-      check = lib.traceValIfNot builtins.isInt;
-    };
-
-    string = mkOptionType {
-      name = "string";
-      check = lib.traceValIfNot builtins.isString;
-      merge = lib.concatStrings;
-    };
-
-    # Like ‘string’, but add newlines between every value.  Useful for
-    # configuration file contents.
-    lines = mkOptionType {
-      name = "string";
-      check = lib.traceValIfNot builtins.isString;
-      merge = lib.concatStringsSep "\n";
-    };
-
-    envVar = mkOptionType {
-      name = "environment variable";
-      inherit (string) check;
-      merge = lib.concatStringsSep ":";
-    };
-
-    attrs = mkOptionType {
-      name = "attribute set";
-      check = lib.traceValIfNot isAttrs;
-      merge = fold lib.mergeAttrs {};
-    };
-
-    # derivation is a reserved keyword.
-    package = mkOptionType {
-      name = "derivation";
-      check = lib.traceValIfNot isDerivation;
-    };
-
-    path = mkOptionType {
-      name = "path";
-      # Hacky: there is no ‘isPath’ primop.
-      check = lib.traceValIfNot (x: builtins.unsafeDiscardStringContext (builtins.substring 0 1 (toString x)) == "/");
-    };
-
-    # drop this in the future:
-    list = builtins.trace "types.list is deprecated, use types.listOf instead" types.listOf;
-
-    listOf = elemType: mkOptionType { 
-      name = "list of ${elemType.name}s";
-      check = value: lib.traceValIfNot isList value && all elemType.check value;
-      merge = concatLists;
-      iter = f: path: list: map (elemType.iter f (path + ".*")) list;
-      fold = op: nul: list: lib.fold (e: l: elemType.fold op l e) nul list;
-      docPath = path: elemType.docPath (path + ".*");
-      inherit (elemType) hasOptions;
-
-      # You cannot define multiple configurations of one entity, therefore
-      # no reason justify to delay properties inside list elements.
-      delayOnGlobalEval = false;
-    };
-
-    attrsOf = elemType: mkOptionType {
-      name = "attribute set of ${elemType.name}s";
-      check = x: lib.traceValIfNot isAttrs x
-        && all elemType.check (lib.attrValues x); 
-      merge = lib.zipAttrsWith (name: elemType.merge);
-      iter = f: path: set: lib.mapAttrs (name: elemType.iter f (path + "." + name)) set;
-      fold = op: nul: set: fold (e: l: elemType.fold op l e) nul (lib.attrValues set);
-      docPath = path: elemType.docPath (path + ".<name>");
-      inherit (elemType) hasOptions delayOnGlobalEval;
-    };
-
-    # List or attribute set of ...
-    loaOf = elemType:
-      let
-        convertIfList = defIdx: def:
-          if isList def then
-            listToAttrs (
-              flip imap def (elemIdx: elem:
-                nameValuePair "unnamed-${toString defIdx}.${toString elemIdx}" elem))
-          else
-            def;
-        listOnly = listOf elemType;
-        attrOnly = attrsOf elemType;
-
-      in mkOptionType {
-        name = "list or attribute set of ${elemType.name}s";
-        check = x:
-          if isList x       then listOnly.check x
-          else if isAttrs x then attrOnly.check x
-          else lib.traceValIfNot (x: false) x;
-        ## The merge function returns an attribute set
-        merge = defs:
-          attrOnly.merge (imap convertIfList defs);
-        iter = f: path: def:
-          if isList def       then listOnly.iter f path def
-          else if isAttrs def then attrOnly.iter f path def
-          else throw "Unexpected value";
-        fold = op: nul: def:
-          if isList def       then listOnly.fold op nul def
-          else if isAttrs def then attrOnly.fold op nul def
-          else throw "Unexpected value";
-
-        docPath = path: elemType.docPath (path + ".<name?>");
-        inherit (elemType) hasOptions delayOnGlobalEval;
-      }
-    ;
-
-    uniq = elemType: mkOptionType {
-      inherit (elemType) name check iter fold docPath hasOptions;
-      merge = list:
-        if length list == 1 then
-          head list
-        else
-          throw "Multiple definitions of ${elemType.name}. Only one is allowed for this option.";
-    };
-
-    none = elemType: mkOptionType {
-      inherit (elemType) name check iter fold docPath hasOptions;
-      merge = list:
-        throw "No definitions are allowed for this option.";
-    };
-
-    nullOr = elemType: mkOptionType {
-      inherit (elemType) name merge docPath hasOptions;
-      check = x: builtins.isNull x || elemType.check x;
-      iter = f: path: v: if v == null then v else elemType.iter f path v;
-      fold = op: nul: v: if v == null then nul else elemType.fold op nul v;
-    };
-
-    functionTo = elemType: mkOptionType {
-      name = "function that evaluates to a(n) ${elemType.name}";
-      check = lib.traceValIfNot builtins.isFunction;
-      merge = fns:
-        args: elemType.merge (map (fn: fn args) fns);
-      # These are guesses, I don't fully understand iter, fold, delayOnGlobalEval
-      iter = f: path: v:
-        args: elemType.iter f path (v args);
-      fold = op: nul: v:
-        args: elemType.fold op nul (v args);
-      inherit (elemType) delayOnGlobalEval;
-      hasOptions = false;
-    };
-
-    # usually used with listOf, attrsOf, loaOf like this:
-    # users = mkOption {
-    #   type = loaOf optionSet;
-    #
-    #   # you can omit the list if there is one element only
-    #   options = [ {
-    #     name = mkOption {
-    #       description = "name of the user"
-    #       ...
-    #     };
-    #     # more options here
-    #   } { more options } ];
-    # }
-    # TODO: !!! document passing options as an argument to optionSet,
-    # deprecate the current approach.
-    optionSet = mkOptionType {
-      name = "option set";
-      # merge is done in "options.nix > addOptionMakeUp > handleOptionSets"
-      merge = lib.id;
-      check = x: isAttrs x || builtins.isFunction x;
-      hasOptions = true;
-      delayOnGlobalEval = true;
-    };
-
-  };
-
-}
diff --git a/pkgs/misc/emulators/hatari/default.nix b/pkgs/misc/emulators/hatari/default.nix
index e4eeff9cd544..150b45dd7275 100644
--- a/pkgs/misc/emulators/hatari/default.nix
+++ b/pkgs/misc/emulators/hatari/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://hatari.tuxfamily.org/";
-    description = "Hatari is an Atari ST/STE/TT/Falcon emulator.";
+    description = "Atari ST/STE/TT/Falcon emulator";
     license = "GPLv2+";
     platforms = with stdenv.lib.platforms; all;
   };
diff --git a/pkgs/misc/emulators/wine/default.nix b/pkgs/misc/emulators/wine/stable.nix
index 4e6ef5af00db..9c1f7fd24ae0 100644
--- a/pkgs/misc/emulators/wine/default.nix
+++ b/pkgs/misc/emulators/wine/stable.nix
@@ -6,7 +6,16 @@
 assert stdenv.isLinux;
 assert stdenv.gcc.gcc != null;
 
-let gecko = fetchurl {
+let 
+    version = "1.6";
+    name = "wine-${version}";
+
+    src = fetchurl {
+      url = "mirror://sourceforge/wine/${name}.tar.bz2";
+      sha256 = "1bj21d94i0mqvkmzxd4971232yniribk7q3fllf23ynbpppk1wg1";
+    };
+
+    gecko = fetchurl {
       url = "mirror://sourceforge/wine/wine_gecko-2.21-x86.msi";
       sha256 = "1n0zccnvchkg0m896sjx5psk4bxw9if32xyxib1rbfdasykay7zh";
     };
@@ -22,13 +31,7 @@ let gecko = fetchurl {
     };
 
 in stdenv.mkDerivation rec {
-  version = "1.6";
-  name = "wine-${version}";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/wine/${name}.tar.bz2";
-    sha256 = "1bj21d94i0mqvkmzxd4971232yniribk7q3fllf23ynbpppk1wg1";
-  };
+  inherit version name src;
 
   buildInputs = [
     xlibs.xlibs flex bison xlibs.libXi mesa
diff --git a/pkgs/misc/emulators/wine/stable.upstream b/pkgs/misc/emulators/wine/stable.upstream
new file mode 100644
index 000000000000..b5913798a886
--- /dev/null
+++ b/pkgs/misc/emulators/wine/stable.upstream
@@ -0,0 +1,8 @@
+url http://sourceforge.net/projects/wine/files/Source/
+version_link '[-][0-9]+[.][0-9]*[24680][.]([0-9]+[.])*tar[.][^./]+/download$'
+SF_redirect
+do_overwrite () {
+  ensure_hash
+  set_var_value version "$CURRENT_VERSION"
+  set_var_value sha256 "$CURRENT_HASH"
+}
diff --git a/pkgs/misc/emulators/wine/unstable.nix b/pkgs/misc/emulators/wine/unstable.nix
new file mode 100644
index 000000000000..02ce076ce0fd
--- /dev/null
+++ b/pkgs/misc/emulators/wine/unstable.nix
@@ -0,0 +1,77 @@
+{ stdenv, fetchurl, xlibs, flex, bison, mesa, alsaLib
+, ncurses, libpng, libjpeg, lcms, freetype, fontconfig, fontforge
+, libxml2, libxslt, openssl, gnutls, cups, libdrm, makeWrapper
+}:
+
+assert stdenv.isLinux;
+assert stdenv.gcc.gcc != null;
+
+let 
+    version = "1.7.4";
+    name = "wine-${version}";
+
+    src = fetchurl {
+      url = "mirror://sourceforge/wine/${name}.tar.bz2";
+      sha256 = "0sb9zfrvlrjx1icfb94clgac239i9yfhyv48zv9iddgmvdjk8ysi";
+    };
+
+    gecko = fetchurl {
+      url = "mirror://sourceforge/wine/wine_gecko-2.21-x86.msi";
+      sha256 = "1n0zccnvchkg0m896sjx5psk4bxw9if32xyxib1rbfdasykay7zh";
+    };
+
+    gecko64 = fetchurl {
+      url = "mirror://sourceforge/wine/wine_gecko-2.21-x86_64.msi";
+      sha256 = "0grc86dkq90i59zw43hakh62ra1ajnk11m64667xjrlzi7f0ndxw";
+    };
+
+    mono = fetchurl {
+      url = "mirror://sourceforge/wine/wine-mono-0.0.8.msi";
+      sha256 = "00jl24qp7vh3hlqv7wsw1s529lr5p0ybif6s73jy85chqaxj7z1x";
+    };
+
+in stdenv.mkDerivation rec {
+  inherit version name src;
+
+  buildInputs = [
+    xlibs.xlibs flex bison xlibs.libXi mesa
+    xlibs.libXcursor xlibs.libXinerama xlibs.libXrandr
+    xlibs.libXrender xlibs.libXxf86vm xlibs.libXcomposite
+    alsaLib ncurses libpng libjpeg lcms fontforge
+    libxml2 libxslt openssl gnutls cups makeWrapper
+  ];
+
+  # Wine locates a lot of libraries dynamically through dlopen().  Add
+  # them to the RPATH so that the user doesn't have to set them in
+  # LD_LIBRARY_PATH.
+  NIX_LDFLAGS = map (path: "-rpath ${path}/lib ") [
+    freetype fontconfig stdenv.gcc.gcc mesa libdrm
+    xlibs.libXinerama xlibs.libXrender xlibs.libXrandr
+    xlibs.libXcursor xlibs.libXcomposite libpng libjpeg
+    openssl gnutls cups
+  ];
+
+  # Don't shrink the ELF RPATHs in order to keep the extra RPATH
+  # elements specified above.
+  dontPatchELF = true;
+
+  postInstall = ''
+    install -D ${gecko} $out/share/wine/gecko/${gecko.name}
+  '' + stdenv.lib.optionalString (stdenv.system == "x86_64-linux") ''
+    install -D ${gecko} $out/share/wine/gecko/${gecko64.name}
+  '' + ''
+    install -D ${mono} $out/share/wine/mono/${mono.name}
+    wrapProgram $out/bin/wine --prefix LD_LIBRARY_PATH : ${stdenv.gcc.gcc}/lib
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = {
+    homepage = "http://www.winehq.org/";
+    license = "LGPL";
+    inherit version;
+    description = "An Open Source implementation of the Windows API on top of X, OpenGL, and Unix";
+    maintainers = [stdenv.lib.maintainers.raskin stdenv.lib.maintainers.simons];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/misc/emulators/wine/default.upstream b/pkgs/misc/emulators/wine/unstable.upstream
index e23f341c28a2..e3616df76802 100644
--- a/pkgs/misc/emulators/wine/default.upstream
+++ b/pkgs/misc/emulators/wine/unstable.upstream
@@ -1,4 +1,5 @@
 url http://sourceforge.net/projects/wine/files/Source/
+attribute_name wine_unstable
 version_link '[.]tar[.][^./]+/download$'
 SF_redirect
 do_overwrite () {
diff --git a/pkgs/misc/ghostscript/default.nix b/pkgs/misc/ghostscript/default.nix
index ba136530593a..142c75aeb0fa 100644
--- a/pkgs/misc/ghostscript/default.nix
+++ b/pkgs/misc/ghostscript/default.nix
@@ -41,10 +41,10 @@ let
   };
 
   mainlineSrc = rec {
-    name = "ghostscript-9.10";
+    name = "ghostscript-9.06";
     src = fetchurl {
       url = "http://downloads.ghostscript.com/public/${name}.tar.bz2";
-      sha256 = "106mglk77dhdra1m0ddnmaq645xj1aj45qvlh8izv3xx4cdrv3bc";
+      sha256 = "014f10rxn4ihvcr1frby4szd1jvkrwvmdhnbivpp55c9fssx3b05";
     };
     meta = meta_common // {
       homepage = "http://www.ghostscript.com/";
@@ -79,10 +79,13 @@ stdenv.mkDerivation rec {
     # ... add other fonts here
   ];
 
-  buildInputs = [
-    pkgconfig zlib expat openssl
-    libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec
-  ] ++ stdenv.lib.optional x11Support x11
+  enableParallelBuilding = true;
+
+  buildInputs =
+    [ pkgconfig zlib expat openssl
+      libjpeg libpng libtiff freetype fontconfig lcms2 libpaper jbig2dec
+    ]
+    ++ stdenv.lib.optional x11Support x11
     ++ stdenv.lib.optional cupsSupport cups
     ++ libiconvOrEmpty
     # [] # maybe sometimes jpeg2000 support
@@ -102,11 +105,11 @@ stdenv.mkDerivation rec {
     makeFlagsArray=(CUPSSERVERBIN=$out/lib/cups CUPSSERVERROOT=$out/etc/cups CUPSDATA=$out/share/cups)
   '' + stdenv.lib.optionalString (variant ? preConfigure) variant.preConfigure;
 
-  configureFlags = [
-    "--with-system-libtiff"
-    (if x11Support then "--with-x" else "--without-x")
-    (if cupsSupport then "--enable-cups" else "--disable-cups")
-  ];
+  configureFlags =
+    [ "--with-system-libtiff"
+      (if x11Support then "--with-x" else "--without-x")
+      (if cupsSupport then "--enable-cups --with-install-cups" else "--disable-cups")
+    ];
 
   doCheck = true;
 
diff --git a/pkgs/misc/lilypond/default.nix b/pkgs/misc/lilypond/default.nix
index 6d5d87faad6e..2b6606faf3b5 100644
--- a/pkgs/misc/lilypond/default.nix
+++ b/pkgs/misc/lilypond/default.nix
@@ -24,7 +24,10 @@ stdenv.mkDerivation rec{
   '';
 
   postInstall = ''
-     for f in $out/bin/*; do wrapProgram $f --set GUILE_AUTO_COMPILE 0; done
+    for f in "$out"/bin/*; do
+        wrapProgram "$f" --set GUILE_AUTO_COMPILE 0 \
+                         --set PATH "${ghostscript}/bin"
+    done
   '';
 
   configureFlags = [ "--disable-documentation" "--with-ncsb-dir=${urwfonts}"];
diff --git a/pkgs/misc/my-env/default.nix b/pkgs/misc/my-env/default.nix
index ac2dc7f8cda5..1c0dc0cbfe9b 100644
--- a/pkgs/misc/my-env/default.nix
+++ b/pkgs/misc/my-env/default.nix
@@ -59,7 +59,7 @@
 { mkDerivation, substituteAll, pkgs }:
     { stdenv ? pkgs.stdenv, name, buildInputs ? []
     , propagatedBuildInputs ? [], gcc ? stdenv.gcc, cTags ? [], extraCmds ? ""
-    , cleanupCmds ? "", shell ? "${pkgs.bashInteractive}/bin/bash"}:
+    , cleanupCmds ? "", shell ? "${pkgs.bashInteractive}/bin/bash --norc"}:
 
 mkDerivation {
   # The setup.sh script from stdenv will expect the native build inputs in
@@ -146,8 +146,8 @@ mkDerivation {
     EOF
 
     mkdir -p $out/bin
-    sed -e s,@shell@,${shell}, -e s,@myenvpath@,$out/dev-envs/${name}, \
-      -e s,@name@,${name}, ${./loadenv.sh} > $out/bin/load-env-${name}
+    sed -e 's,@shell@,${shell},' -e s,@myenvpath@,$out/dev-envs/${name}, \
+      -e 's,@name@,${name},' ${./loadenv.sh} > $out/bin/load-env-${name}
     chmod +x $out/bin/load-env-${name}
   '';
 }
diff --git a/pkgs/misc/my-env/loadenv.sh b/pkgs/misc/my-env/loadenv.sh
index 5d126f0c29bb..6752d1c03b5f 100644
--- a/pkgs/misc/my-env/loadenv.sh
+++ b/pkgs/misc/my-env/loadenv.sh
@@ -10,5 +10,5 @@ export buildInputs
 export NIX_STRIP_DEBUG=0
 export TZ="$OLDTZ"
 
-@shell@ --norc
+@shell@
 
diff --git a/pkgs/misc/screensavers/xlockmore/default.nix b/pkgs/misc/screensavers/xlockmore/default.nix
index 2df8f2fd97a7..b3c71c891912 100644
--- a/pkgs/misc/screensavers/xlockmore/default.nix
+++ b/pkgs/misc/screensavers/xlockmore/default.nix
@@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
     + (if pam != null then " --enable-pam --enable-bad-pam" else " --disable-pam");
 
   meta = {
-    description = "Xlockmore, a screen locker for the X Window System.";
+    description = "Screen locker for the X Window System";
     homepage = "http://www.tux.org/~bagleyd/xlockmore.html";
     license = "GPL";
   };
diff --git a/pkgs/misc/vim-plugins/default.nix b/pkgs/misc/vim-plugins/default.nix
index af4363f9217e..01ce5f423c35 100644
--- a/pkgs/misc/vim-plugins/default.nix
+++ b/pkgs/misc/vim-plugins/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, python, cmake, vim, perl, ruby, unzip }:
+{ fetchurl, stdenv, python, cmake, vim, perl, ruby, unzip, which }:
 
 /*
 About Vim and plugins
@@ -90,14 +90,13 @@ let vimHelpTags = ''
     installPhase = ''
       target=$out/vim-plugins/$path
       ensureDir $out/vim-plugins
-      ls -l
       cp -r . $target
       ${vimHelpTags}
       vimHelpTags $target
     '';
   });
 
-in
+in rec
 
 {
 
@@ -198,6 +197,23 @@ in
     };
   };
 
+  ipython = simpleDerivation {
+    name = "vim-ipython-ff8f88f3fe518851a91dc88aaa5a75f8f352a960";
+    src = fetchurl {
+      url    = "https://github.com/ivanov/vim-ipython/archive/ff8f88f3fe518851a91dc88aaa5a75f8f352a960.tar.gz";
+      sha256 = "0hlx526dm8amrvh41kwnmgvvdzs6sh5yc5sfq4nk1zjkfcp1ah5j";
+    };
+    path = "ipython";
+    meta = with stdenv.lib; {
+      description = "A two-way integration between vim and iPython";
+      homepage    = https://github.com/ivanov/vim-ipython;
+      repositories.git = https://github.com/ivanov/vim-ipython.git;
+      license     = licenses.publicDomain;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+  };
+
   taglist = simpleDerivation {
     name = "vim-taglist-4.6";
     meta = with stdenv.lib; {
@@ -251,4 +267,61 @@ in
     path = "xdebug";
     postInstall = false;
   };
+
+  vimshell = simpleDerivation rec {
+    version = "9.2";
+    name = "vimshell-${version}";
+
+    meta = with stdenv.lib; {
+      description = "An extreme shell that doesn't depend on external shells and is written completely in Vim script";
+      homepage    = https://github.com/Shougo/vimshell.vim;
+      repositories.git = https://github.com/Shougo/vimshell.vim.git;
+      license     = licenses.gpl3;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+
+    src = fetchurl {
+      url    = "https://github.com/Shougo/vimshell.vim/archive/ver.${version}.tar.gz";
+      sha256 = "1pbwxdhpv6pr09b6hwkgy7grpmpwlqpsgsawl38r40q6yib8zb4a";
+    };
+
+    buildInputs = [ vimproc ];
+
+    preBuild = ''
+      sed -ie '1 i\
+      set runtimepath+=${vimproc}/vim-plugins/vimproc\
+      ' autoload/vimshell.vim
+    '';
+
+    path = "vimshell";
+  };
+
+  vimproc = simpleDerivation rec {
+    version = "5cf4c6bfe9bf0649159b5648d736d54c96e99b3e";
+    name    = "vimproc-${version}";
+
+    meta = with stdenv.lib; {
+      description = "An asynchronous execution library for Vim";
+      homepage    = https://github.com/Shougo/vimproc.vim;
+      repositories.git = https://github.com/Shougo/vimproc.vim.git;
+      license     = licenses.gpl3;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+
+    src = fetchurl {
+      url    = "${meta.homepage}/archive/${version}.tar.gz";
+      sha256 = "0f76mc7v3656sf9syaq1rxzk3dqz6i5w190wgj15sjjnapzd956p";
+    };
+
+    buildInputs = [ which ];
+
+    buildPhase = ''
+      sed -i 's/vimproc_mac\.so/vimproc_unix\.so/' autoload/vimproc.vim
+      make -f make_unix.mak
+    '';
+
+    path = "vimproc";
+  };
 }
diff --git a/pkgs/os-specific/darwin/setfile/default.nix b/pkgs/os-specific/darwin/setfile/default.nix
index 94320c94bc0c..98dd6b3e2e72 100644
--- a/pkgs/os-specific/darwin/setfile/default.nix
+++ b/pkgs/os-specific/darwin/setfile/default.nix
@@ -20,7 +20,6 @@ stdenv.mkDerivation {
   meta = with stdenv.lib; {
     description = "Set attributes of files and directories";
     homepage    = "http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/setfile.1.html";
-    license     = licenses.unfree;
     maintainers = with maintainers; [ lovek323 ];
     platforms   = platforms.darwin;
 
@@ -32,4 +31,3 @@ stdenv.mkDerivation {
     '';
   };
 }
-
diff --git a/pkgs/os-specific/linux/acpi/default.nix b/pkgs/os-specific/linux/acpi/default.nix
index 6bb44d7db449..d694a9e5ed24 100644
--- a/pkgs/os-specific/linux/acpi/default.nix
+++ b/pkgs/os-specific/linux/acpi/default.nix
@@ -10,6 +10,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = {
+    description = "Show battery status and other ACPI information";
     longDescription = ''
       Linux ACPI client is a small command-line
       program that attempts to replicate the functionality of
diff --git a/pkgs/os-specific/linux/apparmor/default.nix b/pkgs/os-specific/linux/apparmor/default.nix
index da71eb8c7095..858be431a91d 100644
--- a/pkgs/os-specific/linux/apparmor/default.nix
+++ b/pkgs/os-specific/linux/apparmor/default.nix
@@ -85,7 +85,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://apparmor.net/;
-    description = "A Linux application security system";
+    description = "Linux application security system";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom ];
     platforms = platforms.linux;
diff --git a/pkgs/os-specific/linux/broadcom-sta-v6/default.nix b/pkgs/os-specific/linux/broadcom-sta-v6/default.nix
new file mode 100644
index 000000000000..db4337c0ff28
--- /dev/null
+++ b/pkgs/os-specific/linux/broadcom-sta-v6/default.nix
@@ -0,0 +1,49 @@
+{ stdenv, fetchurl, kernelDev }:
+let
+  version = "6_30_223_141";
+in
+stdenv.mkDerivation {
+  name = "broadcom-sta-${version}-${kernelDev.version}";
+
+  src = if stdenv.system == "i686-linux" then (
+    fetchurl {
+      url = "http://www.broadcom.com/docs/linux_sta/hybrid-v35-nodebug-pcoem-${version}.tar.gz";
+      sha256 = "19wra62dpm0x0byksh871yxr128b4v13kzkzqv56igjfpzv36z6m";
+    } ) else (
+    fetchurl {
+      url = "http://www.broadcom.com/docs/linux_sta/hybrid-v35_64-nodebug-pcoem-${version}.tar.gz";
+      sha256 = "0jlvch7d3khmmg5kp80x4ka33hidj8yykqjcqq6j56z2g6wb4dsz";
+    }
+  );
+
+  buildInputs = [ kernelDev ];
+  patches = [
+    ./linux-recent.patch
+    ./license.patch
+  ];
+
+  makeFlags = "KBASE=${kernelDev}/lib/modules/${kernelDev.modDirVersion}";
+
+  unpackPhase = ''
+      sourceRoot=broadcom-sta
+      mkdir "$sourceRoot"
+      tar xvf "$src" -C "$sourceRoot"
+  '';
+
+  installPhase =
+    ''
+      binDir="$out/lib/modules/${kernelDev.modDirVersion}/kernel/net/wireless/"
+      docDir="$out/share/doc/broadcom-sta/"
+      mkdir -p "$binDir" "$docDir"
+      cp wl.ko "$binDir"
+      cp lib/LICENSE.txt "$docDir"
+    '';
+
+  meta = {
+    description = "Kernel module driver for some Broadcom's wireless cards";
+    homepage = http://www.broadcom.com/support/802.11/linux_sta.php;
+    license = "unfree-redistributable";
+    maintainers = with stdenv.lib.maintainers; [ phreedom vcunat ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/broadcom-sta-v6/license.patch b/pkgs/os-specific/linux/broadcom-sta-v6/license.patch
new file mode 100644
index 000000000000..aebb46365195
--- /dev/null
+++ b/pkgs/os-specific/linux/broadcom-sta-v6/license.patch
@@ -0,0 +1,13 @@
+diff -Naur hybrid-portsrc-x86_32-v5_10_91_9.orig/src/wl/sys/wl_linux.c hybrid-portsrc-x86_32-v5_10_91_9/src/wl/sys/wl_linux.c
+--- hybrid-portsrc-x86_32-v5_10_91_9.orig/src/wl/sys/wl_linux.c	2009-04-23 02:48:59.000000000 +0900
++++ hybrid-portsrc-x86_32-v5_10_91_9/src/wl/sys/wl_linux.c	2009-05-08 00:48:20.000000000 +0900
+@@ -171,6 +171,8 @@
+ static void wl_free_if(wl_info_t *wl, wl_if_t *wlif);
+ static void wl_get_driver_info(struct net_device *dev, struct ethtool_drvinfo *info);
+ 
++MODULE_LICENSE("MIXED/Proprietary");
++
+ #if defined(WL_CONFIG_RFKILL)
+ #include <linux/rfkill.h>
+ static int wl_init_rfkill(wl_info_t *wl);
+
diff --git a/pkgs/os-specific/linux/broadcom-sta-v6/linux-recent.patch b/pkgs/os-specific/linux/broadcom-sta-v6/linux-recent.patch
new file mode 100644
index 000000000000..97a331a2bd73
--- /dev/null
+++ b/pkgs/os-specific/linux/broadcom-sta-v6/linux-recent.patch
@@ -0,0 +1,126 @@
+--- a/src/wl/sys/wl_linux.c	2013-08-01 08:52:22.000000000 +0200
++++ b/src/wl/sys/wl_linux.c	2013-09-13 14:25:36.463020788 +0200
+@@ -910,7 +910,11 @@
+ 	pci_set_drvdata(pdev, NULL);
+ }
+ 
++#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 8, 0)
+ static struct pci_driver wl_pci_driver = {
++#else
++static struct pci_driver wl_pci_driver __refdata = {
++#endif
+ 	name:		"wl",
+ 	probe:		wl_pci_probe,
+ 	suspend:	wl_suspend,
+@@ -3235,7 +3239,7 @@
+ void
+ wl_tkip_printstats(wl_info_t *wl, bool group_key)
+ {
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 14)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 14) && LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0)
+ 	char debug_buf[512];
+ 	int idx;
+ 	if (wl->tkipmodops) {
+@@ -3408,6 +3412,7 @@
+ 	return 0;
+ }
+ 
++#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0)
+ static int
+ wl_proc_read(char *buffer, char **start, off_t offset, int length, int *eof, void *data)
+ {
+@@ -3462,19 +3467,90 @@
+ 	return length;
+ }
+ 
++#else
++
++static int
++wl_proc_read(struct seq_file *seq, void *offset)
++{
++	wl_info_t * wl = (wl_info_t *)seq->private;
++	int bcmerror, to_user;
++
++	WL_LOCK(wl);
++	bcmerror = wlc_ioctl(wl->wlc, WLC_GET_MONITOR, &to_user, sizeof(int), NULL);
++	WL_UNLOCK(wl);
++
++	seq_printf(seq, "%d\n", to_user);
++	return bcmerror;
++}
++
++static ssize_t wl_proc_write(struct file *file, const char __user *buff,
++			     size_t length, loff_t *ppos)
++{
++	struct seq_file *seq = file->private_data;
++	wl_info_t * wl = (wl_info_t *)seq->private;
++	int bcmerror, from_user = 0;
++
++	if (length != 1) {
++		WL_ERROR(("%s: Invalid data length\n", __FUNCTION__));
++		return -EIO;
++	}
++
++	if (copy_from_user(&from_user, buff, 1)) {
++		WL_ERROR(("%s: copy from user failed\n", __FUNCTION__));
++		return -EFAULT;
++	}
++
++	if (from_user >= 0x30)
++		from_user -= 0x30;
++
++	WL_LOCK(wl);
++	bcmerror = wlc_ioctl(wl->wlc, WLC_SET_MONITOR, &from_user, sizeof(int), NULL);
++	WL_UNLOCK(wl);
++
++	if (bcmerror < 0) {
++		WL_ERROR(("%s: SET_MONITOR failed with %d\n", __FUNCTION__, bcmerror));
++		return -EIO;
++	}
++	*ppos += length;
++	return length;
++}
++
++static int wl_proc_open(struct inode *inode, struct file *file)
++{
++	return single_open(file, wl_proc_read, PDE_DATA(inode));
++}
++
++static const struct file_operations wl_proc_fops = {
++	.owner = THIS_MODULE,
++	.open = wl_proc_open,
++	.read = seq_read,
++	.write = wl_proc_write,
++	.llseek = seq_lseek,
++	.release = single_release,
++};
++#endif
++
+ static int
+ wl_reg_proc_entry(wl_info_t *wl)
+ {
+ 	char tmp[32];
+ 	sprintf(tmp, "%s%d", HYBRID_PROC, wl->pub->unit);
+-	if ((wl->proc_entry = create_proc_entry(tmp, 0644, NULL)) == NULL) {
++
++#if LINUX_VERSION_CODE < KERNEL_VERSION(3, 10, 0)
++	wl->proc_entry = create_proc_entry(tmp, 0644, NULL);
++	if (wl->proc_entry) {
++		wl->proc_entry->read_proc = wl_proc_read;
++		wl->proc_entry->write_proc = wl_proc_write;
++		wl->proc_entry->data = wl;
++	} 
++#else
++	wl->proc_entry = proc_create_data(tmp, 0644, NULL, &wl_proc_fops, wl);
++#endif
++	if (!wl->proc_entry) {
+ 		WL_ERROR(("%s: create_proc_entry %s failed\n", __FUNCTION__, tmp));
+ 		ASSERT(0);
+ 		return -1;
+ 	}
+-	wl->proc_entry->read_proc = wl_proc_read;
+-	wl->proc_entry->write_proc = wl_proc_write;
+-	wl->proc_entry->data = wl;
+ 	return 0;
+ }
+ #ifdef WLOFFLD
diff --git a/pkgs/os-specific/linux/conspy/default.nix b/pkgs/os-specific/linux/conspy/default.nix
new file mode 100644
index 000000000000..44689cd5d62d
--- /dev/null
+++ b/pkgs/os-specific/linux/conspy/default.nix
@@ -0,0 +1,37 @@
+{stdenv, fetchurl, autoconf, automake, ncurses}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="conspy";
+    version="1.8";
+    name="${baseName}-${version}";
+    hash=sha256;
+    url="http://ace-host.stuart.id.au/russell/files/conspy/conspy-1.8.tar.gz";
+    sha256="1jc2maqp4w4mzlr3s8yni03w1p9sir5hb7gha3ffxj4n32nx42dq";
+  };
+  buildInputs = [
+    autoconf automake ncurses
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+    curlOpts = " -A application/octet-stream ";
+  };
+  preConfigure = ''
+    touch NEWS
+    echo "EPL 1.0" > COPYING
+    aclocal
+    automake --add-missing
+    autoconf
+  '';
+  meta = {
+    inherit (s) version;
+    description = "Linux text console viewer";
+    license = stdenv.lib.licenses.epl10 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/conspy/default.upstream b/pkgs/os-specific/linux/conspy/default.upstream
new file mode 100644
index 000000000000..db0c0fd96802
--- /dev/null
+++ b/pkgs/os-specific/linux/conspy/default.upstream
@@ -0,0 +1 @@
+url http://ace-host.stuart.id.au/russell/files/conspy/
diff --git a/pkgs/os-specific/linux/dstat/default.nix b/pkgs/os-specific/linux/dstat/default.nix
index fb454c78788b..138b4ff468f1 100644
--- a/pkgs/os-specific/linux/dstat/default.nix
+++ b/pkgs/os-specific/linux/dstat/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://dag.wieers.com/home-made/dstat/;
-    description = "Versatile resource statistics tool.";
+    description = "Versatile resource statistics tool";
     license = "GPLv2";
     platforms = stdenv.lib.platforms.linux;
     maintainers = [ ];
diff --git a/pkgs/os-specific/linux/forktty/default.nix b/pkgs/os-specific/linux/forktty/default.nix
new file mode 100644
index 000000000000..6402b5c69d82
--- /dev/null
+++ b/pkgs/os-specific/linux/forktty/default.nix
@@ -0,0 +1,36 @@
+{stdenv, fetchurl}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="forktty";
+    version="1.3";
+    name="${baseName}-${version}";
+    hash="0nd55zdqly6nl98k9lc7j751x86cw9hayx1qn0725f22r1x3j5zb";
+    url="http://sunsite.unc.edu/pub/linux/utils/terminal/forktty-1.3.tgz";
+    sha256="0nd55zdqly6nl98k9lc7j751x86cw9hayx1qn0725f22r1x3j5zb";
+  };
+  buildInputs = [
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  preBuild = ''
+    sed -e s@/usr/bin/ginstall@install@g -i Makefile
+  '';
+  preInstall = ''
+    mkdir -p "$out/bin"
+    mkdir -p "$out/share/man/man8"
+  '';
+  makeFlags='' prefix="''${out}" manprefix="''${out}/share/" '';
+  meta = {
+    inherit (s) version;
+    description = ''Tool to detach from controlling TTY and attach to another'';
+    license = stdenv.lib.licenses.gpl2 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/forktty/default.upstream b/pkgs/os-specific/linux/forktty/default.upstream
new file mode 100644
index 000000000000..45cb775a0ae3
--- /dev/null
+++ b/pkgs/os-specific/linux/forktty/default.upstream
@@ -0,0 +1,2 @@
+url http://sunsite.unc.edu/pub/linux/utils/terminal/
+version_link 'forktty.*tgz'
diff --git a/pkgs/os-specific/linux/gfxtablet/default.nix b/pkgs/os-specific/linux/gfxtablet/default.nix
new file mode 100644
index 000000000000..394defdb19ae
--- /dev/null
+++ b/pkgs/os-specific/linux/gfxtablet/default.nix
@@ -0,0 +1,35 @@
+{stdenv, fetchgit, linuxHeaders}:
+let
+  s = # Generated upstream information
+  rec {
+    version="git-2013-10-21";
+    name = "gfxtablet-uinput-driver-${version}";
+    rev = "c4e337ae0b53a8ccdfe11b904ff129714bd25ec4";
+    sha256 = "19d96r2vw9xv82fnfwdyyyf0fja6n06mgg14va996knsn2x5l4la";
+    url = "https://github.com/rfc2822/GfxTablet.git";
+  };
+  buildInputs = [
+    linuxHeaders
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchgit {
+    inherit (s) url sha256 rev;
+  };
+  preBuild = ''cd driver-uinput'';
+  installPhase = ''
+    mkdir -p "$out/bin"
+    cp networktablet "$out/bin"
+    mkdir -p "$out/share/doc/gfxtablet/"
+    cp ../*.md "$out/share/doc/gfxtablet/"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''Uinput driver for Android GfxTablet tablet-as-input-device app'';
+    license = stdenv.lib.licenses.mit ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/hostapd/default.nix b/pkgs/os-specific/linux/hostapd/default.nix
index b8e5055f056c..410fa6a7ad64 100644
--- a/pkgs/os-specific/linux/hostapd/default.nix
+++ b/pkgs/os-specific/linux/hostapd/default.nix
@@ -2,11 +2,11 @@
 stdenv.mkDerivation rec {
 
   name = "hostapd-${version}";
-  version = "1.0";
+  version = "2.0";
 
   src = fetchurl {
-    url = "http://w1.fi/releases/${name}.tar.gz";
-    sha256 = "1k6z2g0g324593a7ybd76bywvj0gnf9cybqaj2sq5ks6gv5rsbh0";
+    url = "http://hostap.epitest.fi/releases/${name}.tar.gz";
+    sha256 = "262ce394b930bccc3d65fb99ee380f28d36444978f524c845a98e8e29f4e9d35";
   };
 
   buildInputs = [ libnl openssl pkgconfig ];
@@ -22,7 +22,7 @@ stdenv.mkDerivation rec {
   preInstall = "mkdir -p $out/bin";
 
   meta = with stdenv.lib; {
-    homepage = http://w1.fi/hostapd/;
+    homepage = http://hostap.epitest.fi;
     description = "A user space daemon for access point and authentication servers";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom ];
diff --git a/pkgs/os-specific/linux/i7z/default.nix b/pkgs/os-specific/linux/i7z/default.nix
index 2d0fde3c7836..33ac05aef478 100644
--- a/pkgs/os-specific/linux/i7z/default.nix
+++ b/pkgs/os-specific/linux/i7z/default.nix
@@ -1,19 +1,15 @@
 { stdenv, fetchurl, qt4, ncurses}:
 
 stdenv.mkDerivation rec {
-  name = "i7z-0.27.1";
+  name = "i7z-0.27.2";
 
   src = fetchurl {
     url = "http://i7z.googlecode.com/files/${name}.tar.gz";
-    sha256 = "0n3pry1qmpq4basnny3gddls2zlwz0813ixnas87092rvlgjhbc6";
+    sha256 = "1wa7ix6m75wl3k2n88sz0x8cckvlzqklja2gvzqfw5rcfdjjvxx7";
   };
 
   buildInputs = [qt4 ncurses];
 
-  patchPhase = ''
-    substituteInPlace Makefile --replace "/usr/sbin" "$out/sbin"
-  '';
-
   buildPhase = ''
     make
     cd GUI
@@ -24,15 +20,15 @@ stdenv.mkDerivation rec {
   '';
 
   installPhase = ''
-    pwd
     ensureDir $out/sbin
-    make install
+    make install prefix=$out
     install -Dm755 GUI/i7z_GUI $out/sbin/i7z-gui
   '';
 
   meta = {
     description = "A better i7 (and now i3, i5) reporting tool for Linux";
     homepage = http://code.google.com/p/i7z;
+    repositories.git = https://github.com/ajaiantilal/i7z.git;
     license = "GPLv2";
     maintainers = [ stdenv.lib.maintainers.bluescreen303 ];
   };
diff --git a/pkgs/os-specific/linux/iotop/default.nix b/pkgs/os-specific/linux/iotop/default.nix
index e394b6123880..8e181d3d5cf5 100644
--- a/pkgs/os-specific/linux/iotop/default.nix
+++ b/pkgs/os-specific/linux/iotop/default.nix
@@ -1,16 +1,22 @@
 { stdenv, fetchurl, buildPythonPackage, pythonPackages }:
 
 buildPythonPackage rec {
-  name = "iotop-0.4.1";
+  name = "iotop-0.6";
   namePrefix = "";
 
   src = fetchurl {
     url = "http://guichaz.free.fr/iotop/files/${name}.tar.bz2";
-    sha256 = "1dfvw3khr2rvqllvs9wad9ca3ld4i7szqf0ibq87rn36ickrf3ll";
+    sha256 = "0nzprs6zqax0cwq8h7hnszdl3d2m4c2d4vjfxfxbnjfs9sia5pis";
   };
 
   pythonPath = [ pythonPackages.curses ];
 
+  postInstall =
+    ''
+      # Put the man page in the right place.
+      mv $out/lib/python*/site-packages/iotop-*/share $out
+    '';
+
   doCheck = false;
 
   meta = {
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index d4f7c4e67187..01a605aac309 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -86,9 +86,6 @@ with stdenv.lib;
   ''}
   BCMA_HOST_PCI y
 
-  # Some settings to make sure that fbcondecor works - in particular,
-  # disable tileblitting and the drivers that need it.
-
   # Enable various FB devices.
   FB y
   FB_EFI y
@@ -169,6 +166,9 @@ with stdenv.lib;
   SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
   DEVKMEM n # Disable /dev/kmem
   CC_STACKPROTECTOR y # Detect buffer overflows on the stack
+  ${optionalString (versionAtLeast version "3.12") ''
+    USER_NS y # Support for user namespaces
+  ''}
 
   # Misc. options.
   8139TOO_8129 y
@@ -242,6 +242,8 @@ with stdenv.lib;
     CGROUP_MEM_RES_CTLR_SWAP y
   ''}
   DEVPTS_MULTIPLE_INSTANCES y
+  BLK_DEV_THROTTLING y
+  CFQ_GROUP_IOSCHED y
 
   # Enable staging drivers.  These are somewhat experimental, but
   # they generally don't hurt.
diff --git a/pkgs/os-specific/linux/kernel/linux-3.0.nix b/pkgs/os-specific/linux/kernel/linux-3.0.nix
index 48197ae14ca5..30b70035dfac 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.0.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.0.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.0.88";
+  version = "3.0.99";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1icfkbn9a5cpwiax1xklvpqyjcvqij3dwib009fipp53z4pn5bz4";
+    sha256 = "1p31gq9kzwfks980y6rb2mjyagj8lrh6y156a550v7mk0bd4fzdi";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.10.nix b/pkgs/os-specific/linux/kernel/linux-3.10.nix
index fa57fdd93ddc..65660619857b 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.10.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.10.10";
+  version = "3.10.15";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "01cpg6j1jsjh4vgvmia12y6rci4gqb967gc0gqpz5gcimzg4bb5p";
+    sha256 = "07wjh58sylbbw9hwxd5xvbz3dxd05iar8ahzk90lki38m5157ffk";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.11.nix b/pkgs/os-specific/linux/kernel/linux-3.11.nix
index 34b2d4882897..6531895d8a7b 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.11.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.11.nix
@@ -1,12 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.11";
-  modDirVersion = "3.11.0";
+  version = "3.11.6";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1yfpa4fzhsn4r5dwkcf3azy0vqdms865jaikn3fdwbabmpqchgl0";
+    sha256 = "0klbyx6qy3ifwrwh5w7yzk6m6jd32flkk73z95bih3ihmbnbzlvs";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.12.nix b/pkgs/os-specific/linux/kernel/linux-3.12.nix
new file mode 100644
index 000000000000..f0929af1d292
--- /dev/null
+++ b/pkgs/os-specific/linux/kernel/linux-3.12.nix
@@ -0,0 +1,16 @@
+{ stdenv, fetchurl, ... } @ args:
+
+import ./generic.nix (args // rec {
+  version = "3.12-rc3";
+
+  src = fetchurl {
+    url = "https://www.kernel.org/pub/linux/kernel/v3.0/testing/linux-${version}.tar.xz";
+    sha256 = "1rayb0f4n81yp9ghcws0v36dpqyl9ks3naf37p2qy7jvrwagmj28";
+  };
+
+  features.iwlwifi = true;
+  features.efiBootStub = true;
+  features.needsCifsUtils = true;
+  features.canDisableNetfilterConntrackHelpers = true;
+  features.netfilterRPFilter = true;
+})
diff --git a/pkgs/os-specific/linux/kernel/linux-3.2.nix b/pkgs/os-specific/linux/kernel/linux-3.2.nix
index 7597a9c695ec..ae065499c658 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.2.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.2.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.2.50";
+  version = "3.2.52";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "0yg936syhay9x0qxqxdqrgi6ijdqklhqdrd8zk7l4zvgxaayaj68";
+    sha256 = "1wpr5xs6vg0xjlzrlbkv7bjvv34psw57crkdh4lybghi4rgrmkzl";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.4.nix b/pkgs/os-specific/linux/kernel/linux-3.4.nix
index 5bcb8aaf2506..47393b0ae744 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.4.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.4.60";
+  version = "3.4.67";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "16pg9sdsf5nwp1lc583dcbn1ay67b7yb55xg8cgv63bvmh4h3vrb";
+    sha256 = "1ndzlwhxvlm4lr86240h3ysxhmdkgdcp0n6qhid5nwrmxf5fpb1d";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 561cdc8f9576..613f40c6fc96 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -131,12 +131,14 @@ rec {
       patch = ./mips-ext3-n32.patch;
     };
 
-  grsecurity_2_9_1_3_2_50 =
-    { name = "grsecurity-2.9.1-3.2.50";
+  grsecurity_2_9_1_3_2_52 =
+    { name = "grsecurity-2.9.1-3.2.52";
       patch = fetchurl {
-        url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.50-201308052151.patch;
-        sha256 = "178y68bx4h4r9gq1p4izbjah8vhjmb3yvr3sfjglz8blxxahgd6n";
+        url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.52-201310271550.patch;
+        sha256 = "08y4y323y2lfvdj67gmg3ca8gaf3snhr3pyrmgvj877avaz0475m";
       };
+      # The grsec kernel patch seems to include the apparmor patches as of 2.9.1-3.2.52
+      features.apparmor = true;
     };
 
 }
diff --git a/pkgs/os-specific/linux/kexectools/default.nix b/pkgs/os-specific/linux/kexectools/default.nix
index 0feba1b1c319..09594a5c59eb 100644
--- a/pkgs/os-specific/linux/kexectools/default.nix
+++ b/pkgs/os-specific/linux/kexectools/default.nix
@@ -1,17 +1,18 @@
-{ stdenv, fetchurl, zlib, xz}:
+{ stdenv, fetchurl, zlib }:
+
+stdenv.mkDerivation rec {
+  name = "kexec-tools-2.0.4";
 
-stdenv.mkDerivation {
-  name = "kexectools-2.0.3";
-  
   src = fetchurl {
-    url = http://horms.net/projects/kexec/kexec-tools/kexec-tools-2.0.3.tar.xz;
-    sha256 = "1ac6szvm6pdhn5b8ba5l06rx09rylsqhgv1l6wmy4b5b1hrbip52";
+    url = "http://horms.net/projects/kexec/kexec-tools/${name}.tar.xz";
+    sha256 = "1ikqm4w125h060dsvg9brri6ma51qn76mjjff6s1bss6sw0apxg5";
   };
 
-  buildInputs = [ xz zlib ];
-  
+  buildInputs = [ zlib ];
+
   meta = {
-    homepage = http://horms.net/projects/kexec/kexec-tools/;
-    description = "Tools related to the kexec linux feature";
+    homepage = http://horms.net/projects/kexec/kexec-tools;
+    description = "Tools related to the kexec Linux feature";
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/os-specific/linux/lvm2/assume-uevent-generated.patch b/pkgs/os-specific/linux/lvm2/assume-uevent-generated.patch
deleted file mode 100644
index 4098d042fd53..000000000000
--- a/pkgs/os-specific/linux/lvm2/assume-uevent-generated.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-Work around LVM/cryptsetup errors like:
-
-  semid 32768: semop failed for cookie 0xd4d41f4: incorrect semaphore state
-  Failed to set a proper state for notification semaphore identified by cookie value 223166964 (0xd4d41f4) to initialize waiting for incoming notifications.
-
-and (when running "cryptsetup --debug"):
-
-  Uevent not generated! Calling udev_complete internally to avoid process lock-up.
-
-Here for some reason libdm *thinks* that the uevent hasn't been
-emitted, so it calls udev_complete.  But the uevent actually *has*
-been emitted, so udev calls ‘dmsetup udevcomplete’ as well, leading to
-a race.
-
-This is probably a reoccurence of the problem described here:
-
-  http://www.redhat.com/archives/dm-devel/2011-August/msg00075.html
-  http://www.redhat.com/archives/linux-lvm/2011-September/msg00023.html
-
-which was fixed in the kernel, so it's not clear why it's surfacing
-again.  Maybe netlink_broadcast_filtered() has started returning some
-other bogus error code.
-  
-diff -ru -x '*~' LVM2.2.02.98/libdm/ioctl/libdm-iface.c LVM2.2.02.98-new/libdm/ioctl/libdm-iface.c
---- LVM2.2.02.98/libdm/ioctl/libdm-iface.c	2012-10-15 10:24:58.000000000 -0400
-+++ LVM2.2.02.98-new/libdm/ioctl/libdm-iface.c	2012-10-15 14:19:06.774363736 -0400
-@@ -1754,9 +1754,12 @@
- 
- 	if (ioctl_with_uevent && dm_udev_get_sync_support() &&
- 	    !_check_uevent_generated(dmi)) {
-+		log_debug("warning: Uevent might not be generated!");
-+#if 0
- 		log_debug("Uevent not generated! Calling udev_complete "
- 			  "internally to avoid process lock-up.");
- 		_udev_complete(dmt);
-+#endif
- 	}
- 
- 	if (!_dm_ioctl_unmangle_names(dmt->type, dmi))
diff --git a/pkgs/os-specific/linux/lvm2/default.nix b/pkgs/os-specific/linux/lvm2/default.nix
index ec68304c9355..53127e4458ce 100644
--- a/pkgs/os-specific/linux/lvm2/default.nix
+++ b/pkgs/os-specific/linux/lvm2/default.nix
@@ -1,19 +1,17 @@
 { stdenv, fetchurl, pkgconfig, udev, utillinux, coreutils }:
 
 let
-  v = "2.02.98";
+  v = "2.02.100";
 in
 
 stdenv.mkDerivation {
   name = "lvm2-${v}";
 
   src = fetchurl {
-    url = "ftp://sources.redhat.com/pub/lvm2/old/LVM2.${v}.tgz";
-    sha256 = "0r6q6z8ip6q5qgkzng0saljassp4912k6i21ra10vq7pzrc0l0vi";
+    url = "ftp://sources.redhat.com/pub/lvm2/releases/LVM2.${v}.tgz";
+    md5 = "9629cf5728544d7e637cafde1f73d777";
   };
 
-  patches = [ ./assume-uevent-generated.patch ];
-
   configureFlags =
     "--disable-readline --enable-udev_rules --enable-udev_sync --enable-pkgconfig --enable-applib";
 
@@ -24,7 +22,11 @@ stdenv.mkDerivation {
       substituteInPlace scripts/lvmdump.sh \
         --replace /usr/bin/tr ${coreutils}/bin/tr
       substituteInPlace scripts/lvm2_activation_generator_systemd_red_hat.c \
-        --replace /usr/sbin/lvm $out/sbin/lvm
+        --replace /usr/sbin/lvm $out/sbin/lvm \
+        --replace /usr/bin/udevadm ${udev}/bin/udevadm
+
+      sed -i /DEFAULT_SYS_DIR/d Makefile.in
+      sed -i /DEFAULT_PROFILE_DIR/d conf/Makefile.in
     '';
 
   #patches = [ ./purity.patch ];
@@ -39,6 +41,11 @@ stdenv.mkDerivation {
     ''
       substituteInPlace $out/lib/udev/rules.d/13-dm-disk.rules \
         --replace $out/sbin/blkid ${utillinux}/sbin/blkid
+
+      # Systemd stuff
+      mkdir -p $out/etc/systemd/system $out/lib/systemd/system-generators
+      cp scripts/blk_availability_systemd_red_hat.service $out/etc/systemd/system
+      cp scripts/lvm2_activation_generator_systemd_red_hat $out/lib/systemd/system-generators
     '';
 
   meta = {
diff --git a/pkgs/os-specific/linux/lxc/default.nix b/pkgs/os-specific/linux/lxc/default.nix
index c1dec8b926a3..5a9b3587870f 100644
--- a/pkgs/os-specific/linux/lxc/default.nix
+++ b/pkgs/os-specific/linux/lxc/default.nix
@@ -1,20 +1,18 @@
-{ stdenv, fetchurl, libcap, apparmor, perl, docbook2x, docbook_xml_dtd_45 }:
+{ stdenv, autoreconfHook, fetchurl, libcap, apparmor, perl, docbook2x
+, docbook_xml_dtd_45, gnutls, pkgconfig
+}:
 
 stdenv.mkDerivation rec {
-  name = "lxc-0.9.0";
+  name = "lxc-1.0.0.alpha1-92-g8111adf";
 
   src = fetchurl {
-    url = "mirror://sourceforge/lxc/${name}.tar.gz";
-    sha256 = "0821clxymkgp71n720xj5ngs22s2v8jks68f5j4vypycwvm6f5qy";
+    url = "http://github.com/lxc/lxc/archive/${name}.tar.gz";
+    sha256 = "05hjrn79wyjnm4ynf8y0j7pk2hwfrzp4dzwynxq4z2wxlc1ficd5";
   };
 
-  buildInputs = [ libcap apparmor perl docbook2x ];
+  buildInputs = [ libcap apparmor perl docbook2x gnutls autoreconfHook pkgconfig ];
 
-  patches = [
-    ./dont-run-ldconfig.patch
-    ./install-localstatedir-in-store.patch
-    ./support-db2x.patch
-  ];
+  patches = [ ./install-localstatedir-in-store.patch ./support-db2x.patch ];
 
   preConfigure = "export XML_CATALOG_FILES=${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml";
 
diff --git a/pkgs/os-specific/linux/lxc/dont-run-ldconfig.patch b/pkgs/os-specific/linux/lxc/dont-run-ldconfig.patch
deleted file mode 100644
index 6904eec5175a..000000000000
--- a/pkgs/os-specific/linux/lxc/dont-run-ldconfig.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-diff -ubr lxc-0.9.0-orig/src/lxc/Makefile.am lxc-0.9.0/src/lxc/Makefile.am
---- lxc-0.9.0-orig/src/lxc/Makefile.am	2013-04-15 10:50:22.898102973 +0200
-+++ lxc-0.9.0/src/lxc/Makefile.am	2013-04-15 10:50:44.264862808 +0200
-@@ -193,7 +193,6 @@
- 	mkdir -p $(DESTDIR)$(datadir)/lxc
- 	install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
- 	mv $(DESTDIR)$(libdir)/liblxc.so $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
--	/sbin/ldconfig -l $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
- 	cd $(DESTDIR)$(libdir); \
- 	ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., ,$(VERSION))); \
- 	ln -sf liblxc.so.$(firstword $(subst ., ,$(VERSION))) liblxc.so
-diff -ubr lxc-0.9.0-orig/src/lxc/Makefile.in lxc-0.9.0/src/lxc/Makefile.in
---- lxc-0.9.0-orig/src/lxc/Makefile.in	2013-04-15 10:50:22.898102973 +0200
-+++ lxc-0.9.0/src/lxc/Makefile.in	2013-04-15 10:51:08.755810177 +0200
-@@ -1519,7 +1519,6 @@
- 	mkdir -p $(DESTDIR)$(datadir)/lxc
- 	install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
- 	mv $(DESTDIR)$(libdir)/liblxc.so $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
--	/sbin/ldconfig -l $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
- 	cd $(DESTDIR)$(libdir); \
- 	ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., ,$(VERSION))); \
- 	ln -sf liblxc.so.$(firstword $(subst ., ,$(VERSION))) liblxc.so
diff --git a/pkgs/os-specific/linux/lxc/install-localstatedir-in-store.patch b/pkgs/os-specific/linux/lxc/install-localstatedir-in-store.patch
index 061875aa3b6f..d45335a02324 100644
--- a/pkgs/os-specific/linux/lxc/install-localstatedir-in-store.patch
+++ b/pkgs/os-specific/linux/lxc/install-localstatedir-in-store.patch
@@ -1,7 +1,8 @@
-diff -ubr lxc-0.9.0-orig/Makefile.am lxc-0.9.0/Makefile.am
---- lxc-0.9.0-orig/Makefile.am	2013-04-15 10:50:22.899103057 +0200
-+++ lxc-0.9.0/Makefile.am	2013-04-15 10:58:41.189504254 +0200
-@@ -25,8 +25,8 @@
+diff --git a/Makefile.am b/Makefile.am
+index eac2bfd..8f040d3 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -25,8 +25,8 @@ pcdatadir = $(libdir)/pkgconfig
  pcdata_DATA = lxc.pc
  
  install-data-local:
@@ -12,17 +13,3 @@ diff -ubr lxc-0.9.0-orig/Makefile.am lxc-0.9.0/Makefile.am
  
  ChangeLog::
  	@touch ChangeLog
-diff -ubr lxc-0.9.0-orig/Makefile.in lxc-0.9.0/Makefile.in
---- lxc-0.9.0-orig/Makefile.in	2013-04-15 10:50:22.899103057 +0200
-+++ lxc-0.9.0/Makefile.in	2013-04-15 10:58:58.817870957 +0200
-@@ -805,8 +805,8 @@
- 
- 
- install-data-local:
--	$(MKDIR_P) $(DESTDIR)$(LXCPATH)
--	$(MKDIR_P) $(DESTDIR)$(localstatedir)/cache/lxc
-+	$(MKDIR_P) $(out)$(LXCPATH)
-+	$(MKDIR_P) $(out)$(localstatedir)/cache/lxc
- 
- ChangeLog::
- 	@touch ChangeLog
diff --git a/pkgs/os-specific/linux/lxc/support-db2x.patch b/pkgs/os-specific/linux/lxc/support-db2x.patch
index 8be7f5f0a92b..4662ca2e5048 100644
--- a/pkgs/os-specific/linux/lxc/support-db2x.patch
+++ b/pkgs/os-specific/linux/lxc/support-db2x.patch
@@ -1,29 +1,16 @@
-diff -ubr lxc-0.9.0-orig/configure lxc-0.9.0/configure
---- lxc-0.9.0-orig/configure	2013-04-15 10:50:22.899103057 +0200
-+++ lxc-0.9.0/configure	2013-04-15 11:08:08.696539776 +0200
-@@ -4792,7 +4792,7 @@
- 
- 	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for docbook2x-man" >&5
- $as_echo_n "checking for docbook2x-man... " >&6; }
--	for name in docbook2x-man db2x_docbook2man; do
-+	for name in docbook2x-man db2x_docbook2man docbook2man; do
- 		if "$name" --help >/dev/null 2>&1; then
- 			db2xman="$name"
- 			break;
-@@ -8353,4 +8353,3 @@
-   { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
- $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+diff --git a/configure.ac b/configure.ac
+index 92a4690..4dd341b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -91,9 +91,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; then
+ 	AC_SUBST(db2xman)
  fi
--
-diff -ubr lxc-0.9.0-orig/configure.ac lxc-0.9.0/configure.ac
---- lxc-0.9.0-orig/configure.ac	2013-04-15 10:50:22.896102806 +0200
-+++ lxc-0.9.0/configure.ac	2013-04-15 11:07:52.399582819 +0200
-@@ -67,7 +67,7 @@
- 	db2xman=""
+ AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"])
+-AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"])
++AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "no-no-no"])
  
- 	AC_MSG_CHECKING(for docbook2x-man)
--	for name in docbook2x-man db2x_docbook2man; do
-+	for name in docbook2x-man db2x_docbook2man docbook2man; do
- 		if "$name" --help >/dev/null 2>&1; then
- 			db2xman="$name"
- 			break;
+-if test "x$db2xman" = "xdocbook2man"; then
++if test "x$db2xman" = "no-no-no"; then
+ 	docdtd="\"-//Davenport//DTD DocBook V3.0//EN\""
+ else
+ 	docdtd="\"-//OASIS//DTD DocBook XML\" \"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\""
diff --git a/pkgs/os-specific/linux/microcode/intel.nix b/pkgs/os-specific/linux/microcode/intel.nix
index ad7cea180846..d96a49436251 100644
--- a/pkgs/os-specific/linux/microcode/intel.nix
+++ b/pkgs/os-specific/linux/microcode/intel.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl, microcode2ucode }:
 
-let version = "20130808"; in
+let version = "20130906"; in
 
 stdenv.mkDerivation {
   name = "microcode-intel-${version}";
 
   src = fetchurl {
-    url = "http://downloadmirror.intel.com/23082/eng/microcode-${version}.tgz";
-    sha256 = "19v0059v6dxv7ly57wgqy9nkjjnmprgwz4s94khdf213k5vikpfm";
+    url = "http://downloadmirror.intel.com/23166/eng/microcode-${version}.tgz";
+    sha256 = "11k327icvijadq2zkgkc3sqwzraip9cviqm25566g09523ds0svv";
   };
 
   buildInputs = [ microcode2ucode ];
diff --git a/pkgs/os-specific/linux/mountall/default.nix b/pkgs/os-specific/linux/mountall/default.nix
deleted file mode 100644
index 4cad810cc5f1..000000000000
--- a/pkgs/os-specific/linux/mountall/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{ stdenv, fetchurl, pkgconfig, libnih, dbus, udev, gettext, autoreconfHook }:
-
-stdenv.mkDerivation {
-  name = "mountall-2.35";
-
-  src = fetchurl {
-    url = https://launchpad.net/ubuntu/+archive/primary/+files/mountall_2.35.tar.gz;
-    sha256 = "1k52d4x75balnwcsqgznvzrdqgbp2dqnrzw0n25kajdcwr192wwy";
-  };
-
-  patches = [ ./no-plymouth.patch ./fix-usr1-race.patch ];
-
-  buildInputs = [ pkgconfig libnih dbus.libs udev gettext autoreconfHook ];
-
-  makeFlags = "initramfshookdir=$(out)/share/initramfs-tools/hooks upstart_jobs_initramfs_configdir=$(out)/share/initramfs-tools/event-driven/upstart-jobs";
-
-  meta = {
-    homepage = https://launchpad.net/ubuntu/+source/mountall;
-    description = "Utility to mount all filesystems and emit Upstart events";
-    platforms = stdenv.lib.platforms.linux;
-  };
-}
diff --git a/pkgs/os-specific/linux/mountall/fix-usr1-race.patch b/pkgs/os-specific/linux/mountall/fix-usr1-race.patch
deleted file mode 100644
index e970b77733cc..000000000000
--- a/pkgs/os-specific/linux/mountall/fix-usr1-race.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-diff -ru mountall-2.35-orig/src/mountall.c mountall-2.35/src/mountall.c
---- mountall-2.35-orig/src/mountall.c	2012-03-20 11:01:14.035898815 +0100
-+++ mountall-2.35/src/mountall.c	2012-03-20 11:20:39.194786311 +0100
-@@ -3746,6 +3746,12 @@
- 		exit (EXIT_ERROR);
- 	}
- 
-+	/* SIGUSR1 tells us that a network device came up.  Install
-+           the handler before daemonising so that the mountall-net job
-+           won't kill us by sending USR1. */
-+	nih_signal_set_handler (SIGUSR1, nih_signal_handler);
-+	NIH_MUST (nih_signal_add_handler (NULL, SIGUSR1, usr1_handler, NULL));
-+
- 	/* Become daemon */
- 	if (daemonise) {
- 		pid_t pid;
-@@ -3799,10 +3805,6 @@
- 	nih_signal_set_handler (SIGTERM, nih_signal_handler);
- 	NIH_MUST (nih_signal_add_handler (NULL, SIGTERM, nih_main_term_signal, NULL));
- 
--	/* SIGUSR1 tells us that a network device came up */
--	nih_signal_set_handler (SIGUSR1, nih_signal_handler);
--	NIH_MUST (nih_signal_add_handler (NULL, SIGUSR1, usr1_handler, NULL));
--
- 	/* Check for force-fsck on the kernel command line */
- 	cmdline = fopen ("/proc/cmdline", "r");
- 	if (cmdline) {
diff --git a/pkgs/os-specific/linux/mountall/no-plymouth.patch b/pkgs/os-specific/linux/mountall/no-plymouth.patch
deleted file mode 100644
index 890dab9bc885..000000000000
--- a/pkgs/os-specific/linux/mountall/no-plymouth.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-diff -ru -x '*~' mountall-2.31-orig/configure.ac mountall-2.31/configure.ac
---- mountall-2.31-orig/configure.ac	2011-07-15 14:00:15.000000000 +0200
-+++ mountall-2.31/configure.ac	2011-07-25 00:13:13.000000000 +0200
-@@ -29,7 +29,7 @@
- PKG_CHECK_MODULES([NIH_DBUS], [libnih-dbus >= 1.0.0])
- PKG_CHECK_MODULES([DBUS], [dbus-1 >= 1.2.16])
- PKG_CHECK_MODULES([UDEV], [libudev >= 146])
--PKG_CHECK_MODULES([PLYMOUTH], [ply-boot-client >= 0.8.0])
-+#PKG_CHECK_MODULES([PLYMOUTH], [ply-boot-client >= 0.8.0])
- 
- # Checks for header files.
- 
-diff -ru -x '*~' mountall-2.31-orig/src/mountall.c mountall-2.31/src/mountall.c
---- mountall-2.31-orig/src/mountall.c	2011-07-15 14:00:15.000000000 +0200
-+++ mountall-2.31/src/mountall.c	2011-07-25 00:21:13.000000000 +0200
-@@ -64,8 +64,10 @@
- #include <nih-dbus/dbus_proxy.h>
- #include <nih-dbus/errors.h>
- 
-+#if 0
- #include <ply-event-loop.h>
- #include <ply-boot-client.h>
-+#endif
- 
- #include "ioprio.h"
- 
-@@ -219,15 +221,19 @@
- void   boredom_timeout       (void *data, NihTimer *timer);
- 
- int    plymouth_connect      (void);
-+#if 0
- void   plymouth_disconnected (void *user_data, ply_boot_client_t *client);
-+#endif
- 
- void   plymouth_progress     (Mount *mnt, int progress);
- void   plymouth_update       (int only_clear);
- 
-+#if 0
- void   plymouth_response     (void *user_data, ply_boot_client_t *client);
- void   plymouth_failed       (void *user_data, ply_boot_client_t *client);
- void   plymouth_answer       (void *user_data, const char *keys,
- 			      ply_boot_client_t *client);
-+#endif
- 
- void   usr1_handler          (void *data, NihSignal *signal);
- int    set_dev_wait_time        (NihOption *option, const char *arg);
-@@ -247,8 +253,10 @@
-  **/
- size_t num_local = 0;
- size_t num_local_mounted = 0;
-+size_t num_local_failed = 0;
- size_t num_remote = 0;
- size_t num_remote_mounted = 0;
-+size_t num_remote_failed = 0;
- size_t num_virtual = 0;
- size_t num_virtual_mounted = 0;
- size_t num_swap = 0;
-@@ -318,6 +326,7 @@
-  **/
- static struct udev *udev = NULL;
- 
-+#if 0
- /**
-  * ply_event_loop:
-  *
-@@ -331,6 +340,7 @@
-  * Plymouth boot client.
-  **/
- static ply_boot_client_t *ply_boot_client = NULL;
-+#endif
- 
- /**
-  * plymouth_error:
-@@ -1253,11 +1263,12 @@
- 			nih_debug ("%s is root filesystem", MOUNT_NAME (mnt));
- 			tag = TAG_LOCAL;
- 		} else if (is_remote (mnt)) {
--			if ((! strcmp (mnt->mountpoint, "/usr"))
-+			if ((! has_option (mnt, "nobootwait", FALSE)) && (
-+                            (! strcmp (mnt->mountpoint, "/usr"))
- 			    || (! strcmp (mnt->mountpoint, "/var"))
- 			    || (! strncmp (mnt->mountpoint, "/usr/", 5))
- 			    || (! strncmp (mnt->mountpoint, "/var/", 5))
--			    || (has_option (mnt, "bootwait", FALSE)))
-+			    || (has_option (mnt, "bootwait", FALSE))))
- 			{
- 				tag = TAG_REMOTE;
- 			} else {
-@@ -1566,7 +1577,8 @@
- 	/* Enforce local only after virtual filesystems triggered */
- 	if ((! local_triggered)
- 	    && virtual_triggered
--	    && (num_local_mounted == num_local)) {
-+	    && (num_local_mounted == num_local)
-+	    && (num_local_failed == 0)) {
- 		nih_info (_("%s finished"), "local");
- 		emit_event ("local-filesystems", NULL);
- 		local_triggered = TRUE;
-@@ -1575,7 +1587,8 @@
- 	/* Enforce remote only after virtual filesystems triggrered */
- 	if ((! remote_triggered)
- 	    && virtual_triggered
--	    && (num_remote_mounted == num_remote)) {
-+	    && (num_remote_mounted == num_remote)
-+	    && (num_remote_failed == 0)) {
- 		nih_info (_("%s finished"), "remote");
- 		emit_event ("remote-filesystems", NULL);
- 		remote_triggered = TRUE;
-@@ -1585,7 +1598,9 @@
- 	if ((! filesystem_triggered)
- 	    && virtual_triggered
- 	    && local_triggered
--	    && remote_triggered) {
-+	    && remote_triggered
-+	    && (num_local_failed == 0)
-+	    && (num_remote_failed == 0)) {
- 		nih_info (_("All filesystems mounted"));
- 		emit_event ("filesystem", NULL);
- 		filesystem_triggered = TRUE;
-@@ -1599,9 +1614,9 @@
- 		swap_triggered = TRUE;
- 	}
- 
--	nih_info ("local %zi/%zi remote %zi/%zi virtual %zi/%zi swap %zi/%zi",
--		   num_local_mounted, num_local,
--		   num_remote_mounted, num_remote,
-+	nih_info ("local %zi/%zi/%zi remote %zi/%zi/%zi virtual %zi/%zi swap %zi/%zi",
-+		   num_local_mounted, num_local, num_local_failed,
-+		   num_remote_mounted, num_remote, num_remote_failed,
- 		   num_virtual_mounted, num_virtual,
- 		   num_swap_mounted, num_swap);
- }
-@@ -2442,12 +2457,14 @@
- 	if (no_events)
- 		return;
- 
-+#if 0
- 	/* Flush the Plymouth connection to ensure all updates are sent,
- 	 * since the event may kill plymouth.
- 	 */
- 	if (ply_boot_client)
- 		ply_boot_client_flush (ply_boot_client);
--
-+#endif
-+        
- 	env = NIH_MUST (nih_str_array_new (NULL));
- 
- 	if (mnt) {
-@@ -3026,6 +3043,7 @@
- int
- plymouth_connect (void)
- {
-+#if 0
- 	/* If we were already connected, just re-use that connection */
- 	if (ply_boot_client)
- 		return TRUE;
-@@ -3052,8 +3070,13 @@
- 	nih_info (_("Connected to Plymouth"));
- 
- 	return TRUE;
-+#else
-+        return FALSE;
-+#endif
- }
- 
-+
-+#if 0
- void
- plymouth_disconnected (void *             user_data,
- 		       ply_boot_client_t *client)
-@@ -3066,6 +3089,7 @@
- 	ply_boot_client_free (ply_boot_client);
- 	ply_boot_client = NULL;
- }
-+#endif
- 
- 
- void
-@@ -3076,6 +3100,7 @@
- 
- 	nih_assert (mnt != NULL);
- 
-+#if 0
- 	/* No Plymouth => no progress information */
- 	if (! plymouth_connect ())
- 		return;
-@@ -3105,6 +3130,7 @@
- 				       plymouth_response,
- 				       plymouth_failed,
- 				       NULL);
-+#endif
- }
- 
- void
-@@ -3120,20 +3146,31 @@
- 		NIH_LIST_FOREACH (mounts, iter) {
- 			Mount *mnt = (Mount *)iter;
- 
--			if (mnt->error <= ERROR_BORED)
-+			if (mnt->error == ERROR_NONE)
- 				continue;
- 
--			nih_error (_("Skipping mounting %s since Plymouth is not available"),
-+			nih_error (_("Could not mount %s"),
- 				   MOUNT_NAME (mnt));
- 
- 			mnt->error = ERROR_NONE;
- 
-+			if (mnt->tag == TAG_LOCAL) {
-+			    num_local_failed++;
-+			    emit_event ("mount-failed", mnt);
-+			}
-+			
-+			if (mnt->tag == TAG_REMOTE) {
-+			    num_remote_failed++;
-+			    emit_event ("mount-failed", mnt);
-+			}
-+
- 			skip_mount (mnt);
- 		}
- 
- 		return;
- 	}
- 
-+#if 0
- 	/* If we're already displaying messages, don't change them unless
- 	 * the message is no longer valid for that mount point; otherwise
- 	 * clear the message.
-@@ -3244,8 +3281,10 @@
- 							   plymouth_answer,
- 							   plymouth_failed,
- 							   NULL);
-+#endif
- }
- 
-+#if 0
- void
- plymouth_response (void *             user_data,
- 		   ply_boot_client_t *client)
-@@ -3364,6 +3403,7 @@
- 		break;
- 	}
- }
-+#endif
- 
- /*
-  * set_dev_wait_time:
-@@ -3399,7 +3439,6 @@
-         return err;
- }
- 
--
- /**
-  * stop_mountpoint_timer:
-  * @mountpoint: mountpoint whose timer you want to stop.
-@@ -3673,6 +3712,7 @@
- 				    (NihIoWatcher)udev_monitor_watcher,
- 				    udev_monitor));
- 
-+#if 0
- 	/* Initialise a Plymouth event loop; this is an epoll instance that
- 	 * we can poll within our own main loop and call out to when needs
- 	 * be.
-@@ -3686,6 +3726,7 @@
- 
- 	/* Attempt an early connection to Plymouth */
- 	plymouth_connect ();
-+#endif
- 
- 	mounts = NIH_MUST (nih_list_new (NULL));
- 
-@@ -3698,7 +3739,9 @@
- 	 * from /etc/fstab and /proc/self/mountinfo to find out what else
- 	 * we need to do.
- 	 */
-+#if 0
- 	parse_fstab (BUILTIN_FSTAB);
-+#endif
- 	parse_fstab (_PATH_MNTTAB);
- 	parse_mountinfo ();
- 
-@@ -3822,10 +3865,12 @@
- 	/* Flush the D-Bus connection to ensure all messages are sent */
- 	dbus_connection_flush (connection);
- 
-+#if 0
- 	/* Flush the Plymouth connection to ensure all updates are sent */
- 	if (ply_boot_client)
- 		ply_boot_client_flush (ply_boot_client);
--
-+#endif
-+        
- 	return ret;
- }
- 
diff --git a/pkgs/os-specific/linux/nvidia-x11/default.nix b/pkgs/os-specific/linux/nvidia-x11/default.nix
index f8413b0e5416..35595a7b8f4f 100644
--- a/pkgs/os-specific/linux/nvidia-x11/default.nix
+++ b/pkgs/os-specific/linux/nvidia-x11/default.nix
@@ -10,7 +10,7 @@ with stdenv.lib;
 
 let
 
-  versionNumber = "319.49";
+  versionNumber = "319.60";
 
 in
 
@@ -28,12 +28,12 @@ stdenv.mkDerivation {
     if stdenv.system == "i686-linux" then
       fetchurl {
         url = "http://us.download.nvidia.com/XFree86/Linux-x86/${versionNumber}/NVIDIA-Linux-x86-${versionNumber}.run";
-        sha256 = "1ngss9zw109a5xfr3vvhf1ajqjvvqc7j3dzw9h56vddck6kpbc22";
+        sha256 = "0kjidkwd2b5aik74663mxk3ffq4a3fmaybq2aq1lcbfhvvh49j6j";
       }
     else if stdenv.system == "x86_64-linux" then
       fetchurl {
         url = "http://us.download.nvidia.com/XFree86/Linux-x86_64/${versionNumber}/NVIDIA-Linux-x86_64-${versionNumber}-no-compat32.run";
-        sha256 = "1i68jfms8033p2x0r3z4fdjcmkkhbi6yizzc0ck9ydagdgg3liwp";
+        sha256 = "0fhrxcfsw2jaycnz9gr04c9w585wydx8kpm6rjjbw19wkf8hlq3z";
       }
     else throw "nvidia-x11 does not support platform ${stdenv.system}";
 
diff --git a/pkgs/os-specific/linux/pam_ccreds/default.nix b/pkgs/os-specific/linux/pam_ccreds/default.nix
index 4d48c86dd142..7f84918156c4 100644
--- a/pkgs/os-specific/linux/pam_ccreds/default.nix
+++ b/pkgs/os-specific/linux/pam_ccreds/default.nix
@@ -14,6 +14,6 @@ stdenv.mkDerivation {
   buildInputs = [pam openssl db];
   meta = {
     homepage = "http://www.padl.com/OSS/pam_ccreds.html";
-    description = "The pam_ccreds module provides the means for Linux workstations to locally authenticate using an enterprise identity when the network is unavailable.";
+    description = "PAM module to locally authenticate using an enterprise identity when the network is unavailable";
   };
 }
diff --git a/pkgs/os-specific/linux/pam_krb5/default.nix b/pkgs/os-specific/linux/pam_krb5/default.nix
index 62f9b5c119b5..5f95811e0f6a 100644
--- a/pkgs/os-specific/linux/pam_krb5/default.nix
+++ b/pkgs/os-specific/linux/pam_krb5/default.nix
@@ -14,6 +14,10 @@ stdenv.mkDerivation {
   meta = {
 #    homepage = "http://www.eyrie.org/~eagle/software/pam-krb5";
     homepage = "https://fedorahosted.org/pam_krb5/";
-    description = "The pam_krb5 module allows PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC. It can optionally convert Kerberos 5 credentials to Kerberos IV credentials and/or use them to set up AFS tokens for a user's session.";
+    description = "PAM module allowing PAM-aware applications to authenticate users by performing an AS exchange with a Kerberos KDC";
+    longDescription = ''
+      pam_krb5 can optionally convert Kerberos 5 credentials to Kerberos IV
+      credentials and/or use them to set up AFS tokens for a user's session.
+    '';
   };
 }
diff --git a/pkgs/os-specific/linux/splashutils/default.nix b/pkgs/os-specific/linux/splashutils/default.nix
deleted file mode 100644
index 86bdd7eee9ba..000000000000
--- a/pkgs/os-specific/linux/splashutils/default.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ stdenv, fetchurl, zlib, libjpeg }:
-
-stdenv.mkDerivation {
-  name = "splashutils-1.5.4.3";
-
-  src = fetchurl {
-    url = http://dev.gentoo.org/~spock/projects/splashutils/current/splashutils-1.5.4.3.tar.bz2;
-    sha256 = "0vn0ifqp9a3bmprzx2yr82hgq8m2y5xv8qcifs2plz6p3lidagpg";
-  };
-
-  buildInputs = [ zlib libjpeg ];
-  
-  configureFlags = "--without-ttf --without-png --without-gpm --with-themedir=/etc/splash KLCC=gcc";
-
-  dontDisableStatic = true;
-
-  preConfigure = ''
-    configureFlags="$configureFlags --with-essential-prefix=$out"
-    substituteInPlace src/common.h \
-      --replace 'FBSPLASH_DIR"/sys"' '"/sys"' \
-      --replace 'FBSPLASH_DIR"/proc"' '"/proc"'
-    substituteInPlace src/Makefile.in \
-      --replace '-all-static' "" \
-      --replace '-static' ""
-  '';
-
-  CPP = "gcc -E";
-  CXXCPP = "g++ -E";
-  NIX_CFLAGS_COMPILE = "-fPIC";
-
-  passthru = {
-    helperName = "sbin/fbcondecor_helper";
-    controlName = "sbin/fbcondecor_ctl";
-    helperProcFile = "/proc/sys/kernel/fbcondecor";
-  };
-}
diff --git a/pkgs/os-specific/linux/systemd/0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch b/pkgs/os-specific/linux/systemd/0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
deleted file mode 100644
index bcc8d8f32f77..000000000000
--- a/pkgs/os-specific/linux/systemd/0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From 8f861550827e750fb56954c3f91a2f565abb42bb Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:44:33 +0100
-Subject: [PATCH 1/9] Make "systemctl daemon-reexec" do the right thing on
- NixOS
-
----
- src/core/main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/main.c b/src/core/main.c
-index 7fc06be..7575223 100644
---- a/src/core/main.c
-+++ b/src/core/main.c
-@@ -1857,7 +1857,7 @@ finish:
-                         char_array_0(sfd);
- 
-                         i = 0;
--                        args[i++] = SYSTEMD_BINARY_PATH;
-+                        args[i++] = "/run/current-system/systemd/lib/systemd/systemd";
-                         if (switch_root_dir)
-                                 args[i++] = "--switched-root";
-                         args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0002-Ignore-duplicate-paths-in-systemctl-start.patch b/pkgs/os-specific/linux/systemd/0002-Ignore-duplicate-paths-in-systemctl-start.patch
deleted file mode 100644
index 27ac6183efc8..000000000000
--- a/pkgs/os-specific/linux/systemd/0002-Ignore-duplicate-paths-in-systemctl-start.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-From 2afcee0b4da066fb5f8fc00b749d88f5bd9df3d3 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:45:01 +0100
-Subject: [PATCH 2/9] Ignore duplicate paths in "systemctl start"
-
----
- src/systemctl/systemctl.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
-index 3cca861..16791a2 100644
---- a/src/systemctl/systemctl.c
-+++ b/src/systemctl/systemctl.c
-@@ -1867,7 +1867,7 @@ static int start_unit_one(
-                         return log_oom();
- 
-                 r = set_consume(s, p);
--                if (r < 0) {
-+                if (r < 0 && r != -EEXIST) {
-                         log_error("Failed to add path to set.");
-                         return r;
-                 }
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0003-Start-device-units-for-uninitialised-encrypted-devic.patch b/pkgs/os-specific/linux/systemd/0003-Start-device-units-for-uninitialised-encrypted-devic.patch
deleted file mode 100644
index ad162fa789ae..000000000000
--- a/pkgs/os-specific/linux/systemd/0003-Start-device-units-for-uninitialised-encrypted-devic.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From b288ca7d376e3a78368a2b59529ebe5ba812babf Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:46:30 +0100
-Subject: [PATCH 3/9] Start device units for uninitialised encrypted devices
-
-This is necessary because the NixOS service that initialises the
-filesystem depends on the appearance of the device unit.  Also, this
-makes more sense to me: the device is ready; it's the filesystem
-that's not, but taking care of that is the responsibility of the mount
-unit.  (However, this ignores the fsck unit, so it's not perfect...)
----
- rules/99-systemd.rules.in | 4 ----
- 1 file changed, 4 deletions(-)
-
-diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
-index d17bdd9..040b10e 100644
---- a/rules/99-systemd.rules.in
-+++ b/rules/99-systemd.rules.in
-@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
- SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
- 
--# Ignore encrypted devices with no identified superblock on it, since
--# we are probably still calling mke2fs or mkswap on it.
--SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
--
- # Ignore raid devices that are not yet assembled and started
- SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
- SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0004-Set-switch-to-configuration-hints-for-some-units.patch b/pkgs/os-specific/linux/systemd/0004-Set-switch-to-configuration-hints-for-some-units.patch
deleted file mode 100644
index 7fe18f378f98..000000000000
--- a/pkgs/os-specific/linux/systemd/0004-Set-switch-to-configuration-hints-for-some-units.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 7a498e661f3d111fa09700a6cfa62cfd6733b1cc Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:48:19 +0100
-Subject: [PATCH 4/9] Set switch-to-configuration hints for some units
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Target units like local-fs.target need ‘X-StopOnReconfiguration=yes’
-to ensure dependencies *on* that target properly take into account the
-dependencies *of* the target.
-
-‘X-RestartIfChanged=no’ is necessary for systemd-journald.service
-because restarting it causes services connected to journald to stop
-logging.
-
-‘X-RestartIfChanged=no’ is necessary for systemd-user-sessions.service
-to prevent all user sessions from being killed when this unit changes.
----
- units/local-fs.target                  | 2 ++
- units/remote-fs.target                 | 2 ++
- units/systemd-journald.service.in      | 5 +++++
- units/systemd-user-sessions.service.in | 3 +++
- 4 files changed, 12 insertions(+)
-
-diff --git a/units/local-fs.target b/units/local-fs.target
-index 18c3d74..a09054c 100644
---- a/units/local-fs.target
-+++ b/units/local-fs.target
-@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
- After=local-fs-pre.target
- OnFailure=emergency.target
- OnFailureIsolate=no
-+
-+X-StopOnReconfiguration=yes
-diff --git a/units/remote-fs.target b/units/remote-fs.target
-index 09213e8..47b4cf5 100644
---- a/units/remote-fs.target
-+++ b/units/remote-fs.target
-@@ -10,5 +10,7 @@ Description=Remote File Systems
- Documentation=man:systemd.special(7)
- After=remote-fs-pre.target
- 
-+X-StopOnReconfiguration=yes
-+
- [Install]
- WantedBy=multi-user.target
-diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
-index ab2e50c..9563a7d 100644
---- a/units/systemd-journald.service.in
-+++ b/units/systemd-journald.service.in
-@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
- # Increase the default a bit in order to allow many simultaneous
- # services being run since we keep one fd open per service.
- LimitNOFILE=16384
-+
-+# Don't restart journald, since that causes services connected to
-+# journald to stop logging (see
-+# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
-+X-RestartIfChanged=no
-diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
-index 0869e73..b6ed958 100644
---- a/units/systemd-user-sessions.service.in
-+++ b/units/systemd-user-sessions.service.in
-@@ -15,3 +15,6 @@ Type=oneshot
- RemainAfterExit=yes
- ExecStart=@rootlibexecdir@/systemd-user-sessions start
- ExecStop=@rootlibexecdir@/systemd-user-sessions stop
-+
-+# Restart kills all active sessions.
-+X-RestartIfChanged=no
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch b/pkgs/os-specific/linux/systemd/0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
deleted file mode 100644
index 78683f0cf08d..000000000000
--- a/pkgs/os-specific/linux/systemd/0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From e6bbe5fa858bd8196c8e1f264904679e6bda426d Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 15:56:03 +0100
-Subject: [PATCH 5/9] sysinit.target: Drop the dependency on local-fs.target
- and swap.target
-
-Having all services with DefaultDependencies=yes depend on
-local-fs.target is annoying, because some of those services might be
-necessary to mount local filesystems.  For instance, Charon's
-send-keys feature requires sshd to be running in order to receive LUKS
-encryption keys, which in turn requires dhcpcd, and so on.  So we drop
-this dependency (and swap.target as well for consistency).  If
-services require a specific mount, they should use RequiresMountsFor
-in any case.
----
- units/sysinit.target | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/units/sysinit.target b/units/sysinit.target
-index 8f4fb8f..e0f0147 100644
---- a/units/sysinit.target
-+++ b/units/sysinit.target
-@@ -9,6 +9,5 @@
- Description=System Initialization
- Documentation=man:systemd.special(7)
- Conflicts=emergency.service emergency.target
--Wants=local-fs.target swap.target
--After=local-fs.target swap.target emergency.service emergency.target
-+After=emergency.service emergency.target
- RefuseManualStart=yes
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0006-Don-t-call-plymouth-quit.patch b/pkgs/os-specific/linux/systemd/0006-Don-t-call-plymouth-quit.patch
deleted file mode 100644
index e440f6113dc0..000000000000
--- a/pkgs/os-specific/linux/systemd/0006-Don-t-call-plymouth-quit.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-From 4731a9074538e9e24d2b81fc737917b064e194e6 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 8 Jan 2013 18:36:28 +0100
-Subject: [PATCH 6/9] Don't call "plymouth quit"
-
-NixOS doesn't use Plymouth (yet).
----
- units/emergency.service.in | 1 -
- units/rescue.service.m4.in | 1 -
- 2 files changed, 2 deletions(-)
-
-diff --git a/units/emergency.service.in b/units/emergency.service.in
-index 442f0e0..6b7eafd 100644
---- a/units/emergency.service.in
-+++ b/units/emergency.service.in
-@@ -15,7 +15,6 @@ Before=shutdown.target
- [Service]
- Environment=HOME=/root
- WorkingDirectory=/root
--ExecStartPre=-/bin/plymouth quit
- ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
- ExecStart=-/sbin/sulogin
- ExecStopPost=@SYSTEMCTL@ --fail --no-block default
-diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
-index 269797a..2c640f4 100644
---- a/units/rescue.service.m4.in
-+++ b/units/rescue.service.m4.in
-@@ -16,7 +16,6 @@ Before=shutdown.target
- [Service]
- Environment=HOME=/root
- WorkingDirectory=/root
--ExecStartPre=-/bin/plymouth quit
- ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
- ExecStart=-/sbin/sulogin
- ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch b/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch
deleted file mode 100644
index 9c322c9fc597..000000000000
--- a/pkgs/os-specific/linux/systemd/0007-Ignore-IPv6-link-local-addresses.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From f0c362873860526579bf9bda216005fd5a0936dd Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Mon, 4 Feb 2013 12:41:14 +0100
-Subject: [PATCH 7/9] Ignore IPv6 link-local addresses
-
-Returning IPv6 link-local addresses is a bad idea, because they only
-work if an application connects specifically over the corresponding
-interface.  So you get errors like:
-
-  $ curl -6 http://my-machine/
-  curl: (7) Failed to connect to fe80::d6be:d9ff:fe1b:8477: Invalid argument
-
-To prevent this, this patch filters out link-local addresses.  So if
-you don't have a routable IPv6 address, nss-myhostname will fall back
-to returning ::1.
----
- src/nss-myhostname/netlink.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
-index b1ef912..4f2ab5c 100644
---- a/src/nss-myhostname/netlink.c
-+++ b/src/nss-myhostname/netlink.c
-@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
-                     ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
-                         continue;
- 
-+                if (ifaddrmsg->ifa_family == AF_INET6 &&
-+                    ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
-+                        continue;
-+
-                 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
-                         continue;
- 
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch b/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch
deleted file mode 100644
index 803227031f79..000000000000
--- a/pkgs/os-specific/linux/systemd/0008-Don-t-try-to-unmount-nix-or-nix-store.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 0112df74e576dd683c132ec33861b7099dc94454 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Fri, 12 Apr 2013 13:16:57 +0200
-Subject: [PATCH 8/9] Don't try to unmount /nix or /nix/store
-
-They'll still be remounted read-only.
-
-https://github.com/NixOS/nixos/issues/126
----
- src/core/umount.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/core/umount.c b/src/core/umount.c
-index 1e95ad7..9f0e471 100644
---- a/src/core/umount.c
-+++ b/src/core/umount.c
-@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
-                  * anyway, since we are running from it. They have
-                  * already been remounted ro. */
-                 if (path_equal(m->path, "/")
-+                    || path_equal(m->path, "/nix")
-+                    || path_equal(m->path, "/nix/store")
- #ifndef HAVE_SPLIT_USR
-                     || path_equal(m->path, "/usr")
- #endif
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/0009-Start-ctrl-alt-del.target-irreversibly.patch b/pkgs/os-specific/linux/systemd/0009-Start-ctrl-alt-del.target-irreversibly.patch
deleted file mode 100644
index d0bade9ba5bc..000000000000
--- a/pkgs/os-specific/linux/systemd/0009-Start-ctrl-alt-del.target-irreversibly.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From ed7c22c76e1399861ec8e0216f08a7f9419eea50 Mon Sep 17 00:00:00 2001
-From: Eelco Dolstra <eelco.dolstra@logicblox.com>
-Date: Tue, 7 May 2013 14:03:13 +0200
-Subject: [PATCH 9/9] Start ctrl-alt-del.target irreversibly
-
-This makes ctrl-alt-del reboots more robust, just like "systemctl
-reboot".
----
- src/core/manager.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/core/manager.c b/src/core/manager.c
-index c7f8f20..0508628 100644
---- a/src/core/manager.c
-+++ b/src/core/manager.c
-@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
- 
-                 case SIGINT:
-                         if (m->running_as == SYSTEMD_SYSTEM) {
--                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
-+                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
-                                 break;
-                         }
- 
--- 
-1.8.2.1
-
diff --git a/pkgs/os-specific/linux/systemd/default.nix b/pkgs/os-specific/linux/systemd/default.nix
index 4f0157e48ca5..4e6c64d4c7b0 100644
--- a/pkgs/os-specific/linux/systemd/default.nix
+++ b/pkgs/os-specific/linux/systemd/default.nix
@@ -1,6 +1,7 @@
 { stdenv, fetchurl, pkgconfig, intltool, gperf, libcap, dbus, kmod
 , xz, pam, acl, cryptsetup, libuuid, m4, utillinux
 , glib, kbd, libxslt, coreutils, libgcrypt, sysvtools, docbook_xsl
+, kexectools
 }:
 
 assert stdenv.isLinux;
@@ -17,16 +18,11 @@ stdenv.mkDerivation rec {
   outputs = [ "out" "man" "libudev" ];
 
   patches =
-    [ ./0001-Make-systemctl-daemon-reexec-do-the-right-thing-on-N.patch
-      ./0002-Ignore-duplicate-paths-in-systemctl-start.patch
-      ./0003-Start-device-units-for-uninitialised-encrypted-devic.patch
-      ./0004-Set-switch-to-configuration-hints-for-some-units.patch
-      ./0005-sysinit.target-Drop-the-dependency-on-local-fs.targe.patch
-      ./0006-Don-t-call-plymouth-quit.patch
-      ./0007-Ignore-IPv6-link-local-addresses.patch
-      ./0008-Don-t-try-to-unmount-nix-or-nix-store.patch
-      ./0009-Start-ctrl-alt-del.target-irreversibly.patch
-    ] ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
+    [ # These are all changes between upstream and
+      # https://github.com/edolstra/systemd/tree/nixos-v203.
+      ./fixes.patch
+    ]
+    ++ stdenv.lib.optional stdenv.isArm ./libc-bug-accept4-arm.patch;
 
   buildInputs =
     [ pkgconfig intltool gperf libcap dbus.libs kmod xz pam acl
@@ -52,7 +48,7 @@ stdenv.mkDerivation rec {
     ''
       # FIXME: patch this in systemd properly (and send upstream).
       # FIXME: use sulogin from util-linux once updated.
-      for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c; do
+      for i in src/remount-fs/remount-fs.c src/core/mount.c src/core/swap.c src/fsck/fsck.c units/emergency.service.in units/rescue.service.m4.in src/journal/cat.c src/core/shutdown.c; do
         test -e $i
         substituteInPlace $i \
           --replace /bin/mount ${utillinux.bin}/bin/mount \
@@ -62,7 +58,8 @@ stdenv.mkDerivation rec {
           --replace /sbin/fsck ${utillinux.bin}/sbin/fsck \
           --replace /bin/echo ${coreutils}/bin/echo \
           --replace /bin/cat ${coreutils}/bin/cat \
-          --replace /sbin/sulogin ${sysvtools}/sbin/sulogin
+          --replace /sbin/sulogin ${sysvtools}/sbin/sulogin \
+          --replace /sbin/kexec ${kexectools}/sbin/kexec
       done
 
       substituteInPlace src/journal/catalog.c \
diff --git a/pkgs/os-specific/linux/systemd/fix-tests-1.patch b/pkgs/os-specific/linux/systemd/fix-tests-1.patch
deleted file mode 100644
index 14bb0fa27081..000000000000
--- a/pkgs/os-specific/linux/systemd/fix-tests-1.patch
+++ /dev/null
@@ -1,68 +0,0 @@
-Signed-off-by: Ramkumar Ramachandra <artag...@gmail.com>
----
- Ramkumar Ramachandra wrote:
- > $ ./test-id128
- > random: a08ea8ed34594d4bbd953dd182ec86f9
- > Assertion 'sd_id128_get_machine(&id) == 0' failed at
- > src/test/test-id128.c:41, function main(). Aborting.
- > [1]    8017 abort (core dumped)  ./test-id128
- 
- Okay, this test fails because I don't have a /etc/machine-id -- I
- thought systemd is supposed to create it?  However, from the logic in
- src/core/machine-id-setup.c, it looks like although open() is called
- with O_CREAT on /etc/machine-id, systemd barfs if the file isn't
- present.  How about changing this?
-
- src/core/machine-id-setup.c |   12 +++++-------
- src/test/test-id128.c       |    6 ++++--
- 2 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/src/core/machine-id-setup.c b/src/core/machine-id-setup.c
-index 7f4c23b..3f21d58 100644
---- a/src/core/machine-id-setup.c
-+++ b/src/core/machine-id-setup.c
-@@ -168,12 +168,8 @@ int machine_id_setup(void) {
-                 writable = true;
-         else {
-                 fd = open("/etc/machine-id", O_RDONLY|O_CLOEXEC|O_NOCTTY);
--                if (fd < 0) {
--                        umask(m);
--                        log_error("Cannot open /etc/machine-id: %m");
--                        return -errno;
--                }
--
-+                if (fd < 0)
-+                        goto generate;
-                 writable = false;
-         }
- 
-@@ -192,7 +188,9 @@ int machine_id_setup(void) {
-                 }
-         }
- 
--        /* Hmm, so, the id currently stored is not useful, then let's
-+generate:
-+        /* Hmm, so, either /etc/machine-id doesn't exist, the id
-+         * currently stored is not useful, then let's
-          * generate one */
- 
-         r = generate(id);
-diff --git a/src/test/test-id128.c b/src/test/test-id128.c
-index bfd743e..60902d0 100644
---- a/src/test/test-id128.c
-+++ b/src/test/test-id128.c
-@@ -38,8 +38,10 @@ int main(int argc, char *argv[]) {
-         assert_se(sd_id128_from_string(t, &id2) == 0);
-         assert_se(sd_id128_equal(id, id2));
- 
--        assert_se(sd_id128_get_machine(&id) == 0);
--        printf("machine: %s\n", sd_id128_to_string(id, t));
-+        if (sd_id128_get_machine(&id) < 0)
-+                printf("machine: run systemd-machine-id-setup first\n");
-+        else
-+                printf("machine: %s\n", sd_id128_to_string(id, t));
- 
-         assert_se(sd_id128_get_boot(&id) == 0);
-         printf("boot: %s\n", sd_id128_to_string(id, t));
--- 
-1.7.8.1.362.g5d6df.dirty
diff --git a/pkgs/os-specific/linux/systemd/fixes.patch b/pkgs/os-specific/linux/systemd/fixes.patch
new file mode 100644
index 000000000000..0ad420cd35cc
--- /dev/null
+++ b/pkgs/os-specific/linux/systemd/fixes.patch
@@ -0,0 +1,757 @@
+diff --git a/man/systemd.special.xml b/man/systemd.special.xml
+index 7164b1e..29401eb 100644
+--- a/man/systemd.special.xml
++++ b/man/systemd.special.xml
+@@ -381,7 +381,7 @@
+                                         this unit during
+                                         installation. This is best
+                                         configured via
+-                                        <varname>WantedBy=multi-uer.target</varname>
++                                        <varname>WantedBy=multi-user.target</varname>
+                                         in the unit's
+                                         <literal>[Install]</literal>
+                                         section.</para>
+diff --git a/rules/80-net-name-slot.rules b/rules/80-net-name-slot.rules
+index 15b5bc4..c5f1b38 100644
+--- a/rules/80-net-name-slot.rules
++++ b/rules/80-net-name-slot.rules
+@@ -1,6 +1,6 @@
+ # do not edit this file, it will be overwritten on update
+ 
+-ACTION=="remove", GOTO="net_name_slot_end"
++ACTION!="add", GOTO="net_name_slot_end"
+ SUBSYSTEM!="net", GOTO="net_name_slot_end"
+ NAME!="", GOTO="net_name_slot_end"
+ 
+diff --git a/rules/99-systemd.rules.in b/rules/99-systemd.rules.in
+index d17bdd9..040b10e 100644
+--- a/rules/99-systemd.rules.in
++++ b/rules/99-systemd.rules.in
+@@ -14,10 +14,6 @@ KERNEL=="vport*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*|loop*", TAG+="systemd"
+ SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UDEV_DISABLE_OTHER_RULES_FLAG}=="1", ENV{SYSTEMD_READY}="0"
+ 
+-# Ignore encrypted devices with no identified superblock on it, since
+-# we are probably still calling mke2fs or mkswap on it.
+-SUBSYSTEM=="block", KERNEL!="ram*|loop*", ENV{DM_UUID}=="CRYPT-*", ENV{ID_PART_TABLE_TYPE}=="", ENV{ID_FS_USAGE}=="", ENV{SYSTEMD_READY}="0"
+-
+ # Ignore raid devices that are not yet assembled and started
+ SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", TEST!="md/array_state", ENV{SYSTEMD_READY}="0"
+ SUBSYSTEM=="block", ENV{DEVTYPE}=="disk", KERNEL=="md*", ATTR{md/array_state}=="|clear|inactive", ENV{SYSTEMD_READY}="0"
+diff --git a/src/core/cgroup-semantics.c b/src/core/cgroup-semantics.c
+index 82b02bb..7df9d01 100644
+--- a/src/core/cgroup-semantics.c
++++ b/src/core/cgroup-semantics.c
+@@ -255,7 +255,7 @@ static int map_blkio(const CGroupSemantics *s, const char *value, char **ret) {
+ }
+ 
+ static const CGroupSemantics semantics[] = {
+-        { "cpu",     "cpu.shares",                 "CPUShare",              false, parse_cpu_shares,          NULL,       NULL },
++        { "cpu",     "cpu.shares",                 "CPUShares",             false, parse_cpu_shares,          NULL,       NULL },
+         { "memory",  "memory.soft_limit_in_bytes", "MemorySoftLimit",       false, parse_memory_limit,        NULL,       NULL },
+         { "memory",  "memory.limit_in_bytes",      "MemoryLimit",           false, parse_memory_limit,        NULL,       NULL },
+         { "devices", "devices.allow",              "DeviceAllow",           true,  parse_device,              map_device, NULL },
+diff --git a/src/core/dbus-execute.h b/src/core/dbus-execute.h
+index 91d70e5..698102f 100644
+--- a/src/core/dbus-execute.h
++++ b/src/core/dbus-execute.h
+@@ -63,7 +63,7 @@
+         "  <property name=\"CPUSchedulingPolicy\" type=\"i\" access=\"read\"/>\n" \
+         "  <property name=\"CPUSchedulingPriority\" type=\"i\" access=\"read\"/>\n" \
+         "  <property name=\"CPUAffinity\" type=\"ay\" access=\"read\"/>\n" \
+-        "  <property name=\"TimerSlackNS\" type=\"t\" access=\"read\"/>\n" \
++        "  <property name=\"TimerSlackNSec\" type=\"t\" access=\"read\"/>\n" \
+         "  <property name=\"CPUSchedulingResetOnFork\" type=\"b\" access=\"read\"/>\n" \
+         "  <property name=\"NonBlocking\" type=\"b\" access=\"read\"/>\n" \
+         "  <property name=\"StandardInput\" type=\"s\" access=\"read\"/>\n" \
+diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
+index 56b02a1..2b6d799 100644
+--- a/src/core/dbus-manager.c
++++ b/src/core/dbus-manager.c
+@@ -1550,7 +1550,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 _cleanup_strv_free_ char **l = NULL;
+                 char **e = NULL;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
++                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 r = bus_parse_strv(message, &l);
+                 if (r == -ENOMEM)
+@@ -1577,7 +1577,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 _cleanup_strv_free_ char **l = NULL;
+                 char **e = NULL;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
++                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 r = bus_parse_strv(message, &l);
+                 if (r == -ENOMEM)
+@@ -1605,7 +1605,7 @@ static DBusHandlerResult bus_manager_message_handler(DBusConnection *connection,
+                 char **f = NULL;
+                 DBusMessageIter iter;
+ 
+-                SELINUX_ACCESS_CHECK(connection, message, "reboot");
++                SELINUX_ACCESS_CHECK(connection, message, "reload");
+ 
+                 if (!dbus_message_iter_init(message, &iter))
+                         goto oom;
+diff --git a/src/core/dbus-swap.c b/src/core/dbus-swap.c
+index 2e99fba..e72749a 100644
+--- a/src/core/dbus-swap.c
++++ b/src/core/dbus-swap.c
+@@ -93,6 +93,7 @@ static DEFINE_BUS_PROPERTY_APPEND_ENUM(bus_swap_append_swap_result, swap_result,
+ static const BusProperty bus_swap_properties[] = {
+         { "What",       bus_property_append_string, "s", offsetof(Swap, what),  true },
+         { "Priority",   bus_swap_append_priority,   "i", 0 },
++        { "TimeoutUSec",bus_property_append_usec,   "t", offsetof(Swap, timeout_usec)},
+         BUS_EXEC_COMMAND_PROPERTY("ExecActivate",   offsetof(Swap, exec_command[SWAP_EXEC_ACTIVATE]),   false),
+         BUS_EXEC_COMMAND_PROPERTY("ExecDeactivate", offsetof(Swap, exec_command[SWAP_EXEC_DEACTIVATE]), false),
+         { "ControlPID", bus_property_append_pid,    "u", offsetof(Swap, control_pid) },
+diff --git a/src/core/main.c b/src/core/main.c
+index 7fc06be..101ce79 100644
+--- a/src/core/main.c
++++ b/src/core/main.c
+@@ -1590,14 +1590,14 @@ int main(int argc, char *argv[]) {
+                         log_error("Failed to adjust timer slack: %m");
+ 
+         if (arg_capability_bounding_set_drop) {
+-                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
++                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
+                 if (r < 0) {
+-                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
++                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
+                         goto finish;
+                 }
+-                r = capability_bounding_set_drop_usermode(arg_capability_bounding_set_drop);
++                r = capability_bounding_set_drop(arg_capability_bounding_set_drop, true);
+                 if (r < 0) {
+-                        log_error("Failed to drop capability bounding set of usermode helpers: %s", strerror(-r));
++                        log_error("Failed to drop capability bounding set: %s", strerror(-r));
+                         goto finish;
+                 }
+         }
+@@ -1650,6 +1650,7 @@ int main(int argc, char *argv[]) {
+         /* This will close all file descriptors that were opened, but
+          * not claimed by any unit. */
+         fdset_free(fds);
++        fds = NULL;
+ 
+         if (serialization) {
+                 fclose(serialization);
+@@ -1857,7 +1858,7 @@ finish:
+                         char_array_0(sfd);
+ 
+                         i = 0;
+-                        args[i++] = SYSTEMD_BINARY_PATH;
++                        args[i++] = "/run/current-system/systemd/lib/systemd/systemd";
+                         if (switch_root_dir)
+                                 args[i++] = "--switched-root";
+                         args[i++] = arg_running_as == SYSTEMD_SYSTEM ? "--system" : "--user";
+diff --git a/src/core/manager.c b/src/core/manager.c
+index c7f8f20..0508628 100644
+--- a/src/core/manager.c
++++ b/src/core/manager.c
+@@ -1372,7 +1372,7 @@ static int manager_process_signal_fd(Manager *m) {
+ 
+                 case SIGINT:
+                         if (m->running_as == SYSTEMD_SYSTEM) {
+-                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE);
++                                manager_start_target(m, SPECIAL_CTRL_ALT_DEL_TARGET, JOB_REPLACE_IRREVERSIBLY);
+                                 break;
+                         }
+ 
+diff --git a/src/core/service.c b/src/core/service.c
+index 3617c24..4d0e2ad 100644
+--- a/src/core/service.c
++++ b/src/core/service.c
+@@ -2642,6 +2642,9 @@ static int service_serialize(Unit *u, FILE *f, FDSet *fds) {
+         if (s->exec_context.var_tmp_dir)
+                 unit_serialize_item(u, f, "var-tmp-dir", s->exec_context.var_tmp_dir);
+ 
++        if (s->forbid_restart)
++                unit_serialize_item(u, f, "forbid-restart", yes_no(s->forbid_restart));
++
+         return 0;
+ }
+ 
+@@ -2776,6 +2779,14 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
+                         return log_oom();
+ 
+                 s->exec_context.var_tmp_dir = t;
++        } else if (streq(key, "forbid-restart")) {
++                int b;
++
++                b = parse_boolean(value);
++                if (b < 0)
++                        log_debug_unit(u->id, "Failed to parse forbid-restart value %s", value);
++                else
++                        s->forbid_restart = b;
+         } else
+                 log_debug_unit(u->id, "Unknown serialization key '%s'", key);
+ 
+diff --git a/src/core/snapshot.c b/src/core/snapshot.c
+index a63eccd..a6807eb 100644
+--- a/src/core/snapshot.c
++++ b/src/core/snapshot.c
+@@ -217,8 +217,10 @@ int snapshot_create(Manager *m, const char *name, bool cleanup, DBusError *e, Sn
+                         if (asprintf(&n, "snapshot-%u.snapshot", ++ m->n_snapshots) < 0)
+                                 return -ENOMEM;
+ 
+-                        if (!manager_get_unit(m, n))
++                        if (!manager_get_unit(m, n)) {
++                                name = n;
+                                 break;
++                        }
+ 
+                         free(n);
+                 }
+diff --git a/src/core/umount.c b/src/core/umount.c
+index 1e95ad7..9f0e471 100644
+--- a/src/core/umount.c
++++ b/src/core/umount.c
+@@ -435,6 +435,8 @@ static int mount_points_list_umount(MountPoint **head, bool *changed, bool log_e
+                  * anyway, since we are running from it. They have
+                  * already been remounted ro. */
+                 if (path_equal(m->path, "/")
++                    || path_equal(m->path, "/nix")
++                    || path_equal(m->path, "/nix/store")
+ #ifndef HAVE_SPLIT_USR
+                     || path_equal(m->path, "/usr")
+ #endif
+diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
+index 81b7708..edd0b40 100644
+--- a/src/cryptsetup/cryptsetup-generator.c
++++ b/src/cryptsetup/cryptsetup-generator.c
+@@ -111,6 +111,7 @@ static int create_disk(
+                 "Conflicts=umount.target\n"
+                 "DefaultDependencies=no\n"
+                 "BindsTo=dev-mapper-%i.device\n"
++                "IgnoreOnIsolate=true\n"
+                 "After=systemd-readahead-collect.service systemd-readahead-replay.service\n",
+                 f);
+ 
+diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
+index c17299f..6b3e67e 100644
+--- a/src/fstab-generator/fstab-generator.c
++++ b/src/fstab-generator/fstab-generator.c
+@@ -351,7 +351,7 @@ static int add_mount(
+ 
+         if (automount && !path_equal(where, "/")) {
+                 automount_name = unit_name_from_path(where, ".automount");
+-                if (!name)
++                if (!automount_name)
+                         return log_oom();
+ 
+                 automount_unit = strjoin(arg_dest, "/", automount_name, NULL);
+@@ -596,9 +596,9 @@ static int parse_proc_cmdline(void) {
+                 } else if (startswith(word, "rd.fstab=")) {
+ 
+                         if (in_initrd()) {
+-                                r = parse_boolean(word + 6);
++                                r = parse_boolean(word + 9);
+                                 if (r < 0)
+-                                        log_warning("Failed to parse fstab switch %s. Ignoring.", word + 6);
++                                        log_warning("Failed to parse fstab switch %s. Ignoring.", word + 9);
+                                 else
+                                         arg_enabled = r;
+                         }
+diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
+index 38499a6..bb80905 100644
+--- a/src/journal/journal-file.c
++++ b/src/journal/journal-file.c
+@@ -907,6 +907,8 @@ static int journal_file_append_field(
+ 
+         osize = offsetof(Object, field.payload) + size;
+         r = journal_file_append_object(f, OBJECT_FIELD, osize, &o, &p);
++        if (r < 0)
++                return r;
+ 
+         o->field.hash = htole64(hash);
+         memcpy(o->field.payload, field, size);
+diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
+index 88163c0..e09ba4c 100644
+--- a/src/journal/journald-server.c
++++ b/src/journal/journald-server.c
+@@ -333,8 +333,10 @@ void server_rotate(Server *s) {
+                 if (r < 0)
+                         if (f)
+                                 log_error("Failed to rotate %s: %s", f->path, strerror(-r));
+-                        else
++                        else {
+                                 log_error("Failed to create user journal: %s", strerror(-r));
++                                hashmap_remove(s->user_journals, k);
++                        }
+                 else {
+                         hashmap_replace(s->user_journals, k, f);
+                         server_fix_perms(s, f, PTR_TO_UINT32(k));
+@@ -975,7 +977,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+                 ssize_t n;
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
++                        log_error("Got invalid event from epoll for %s: %"PRIx32,
++                                  "signal fd", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1024,8 +1027,12 @@ int process_event(Server *s, struct epoll_event *ev) {
+         } else if (ev->data.fd == s->dev_kmsg_fd) {
+                 int r;
+ 
+-                if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
++                if (ev->events & EPOLLERR)
++                        log_warning("/dev/kmsg buffer overrun, some messages lost.");
++
++                if (!(ev->events & EPOLLIN)) {
++                        log_error("Got invalid event from epoll for %s: %"PRIx32,
++                                  "/dev/kmsg", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1039,7 +1046,9 @@ int process_event(Server *s, struct epoll_event *ev) {
+                    ev->data.fd == s->syslog_fd) {
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
++                        log_error("Got invalid event from epoll for %s: %"PRIx32,
++                                  ev->data.fd == s->native_fd ? "native fd" : "syslog fd",
++                                  ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1140,12 +1149,7 @@ int process_event(Server *s, struct epoll_event *ev) {
+                                 char *e;
+ 
+                                 if (n > 0 && n_fds == 0) {
+-                                        e = memchr(s->buffer, '\n', n);
+-                                        if (e)
+-                                                *e = 0;
+-                                        else
+-                                                s->buffer[n] = 0;
+-
++                                        s->buffer[n] = 0;
+                                         server_process_syslog_message(s, strstrip(s->buffer), ucred, tv, label, label_len);
+                                 } else if (n_fds > 0)
+                                         log_warning("Got file descriptors via syslog socket. Ignoring.");
+@@ -1167,7 +1171,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+         } else if (ev->data.fd == s->stdout_fd) {
+ 
+                 if (ev->events != EPOLLIN) {
+-                        log_error("Got invalid event from epoll.");
++                        log_error("Got invalid event from epoll for %s: %"PRIx32,
++                                  "stdout fd", ev->events);
+                         return -EIO;
+                 }
+ 
+@@ -1178,6 +1183,8 @@ int process_event(Server *s, struct epoll_event *ev) {
+                 StdoutStream *stream;
+ 
+                 if ((ev->events|EPOLLIN|EPOLLHUP) != (EPOLLIN|EPOLLHUP)) {
++                        log_error("Got invalid event from epoll for %s: %"PRIx32,
++                                  "stdout stream", ev->events);
+                         log_error("Got invalid event from epoll.");
+                         return -EIO;
+                 }
+diff --git a/src/journal/mmap-cache.c b/src/journal/mmap-cache.c
+index 54bf114..bd197d0 100644
+--- a/src/journal/mmap-cache.c
++++ b/src/journal/mmap-cache.c
+@@ -308,9 +308,13 @@ static void mmap_cache_free(MMapCache *m) {
+         while ((c = hashmap_first(m->contexts)))
+                 context_free(c);
+ 
++        hashmap_free(m->contexts);
++
+         while ((f = hashmap_first(m->fds)))
+                 fd_free(f);
+ 
++        hashmap_free(m->fds);
++
+         while (m->unused)
+                 window_free(m->unused);
+ 
+diff --git a/src/libsystemd-bus/bus-internal.c b/src/libsystemd-bus/bus-internal.c
+index 0e66f3d..cac948e 100644
+--- a/src/libsystemd-bus/bus-internal.c
++++ b/src/libsystemd-bus/bus-internal.c
+@@ -63,7 +63,7 @@ bool object_path_is_valid(const char *p) {
+ 
+ bool interface_name_is_valid(const char *p) {
+         const char *q;
+-        bool dot, found_dot;
++        bool dot, found_dot = false;
+ 
+         if (isempty(p))
+                 return false;
+@@ -103,7 +103,7 @@ bool interface_name_is_valid(const char *p) {
+ 
+ bool service_name_is_valid(const char *p) {
+         const char *q;
+-        bool dot, found_dot, unique;
++        bool dot, found_dot = false, unique;
+ 
+         if (isempty(p))
+                 return false;
+diff --git a/src/libsystemd-bus/sd-bus.c b/src/libsystemd-bus/sd-bus.c
+index 7d6d848..b0eb2f1 100644
+--- a/src/libsystemd-bus/sd-bus.c
++++ b/src/libsystemd-bus/sd-bus.c
+@@ -1088,11 +1088,11 @@ static int dispatch_rqueue(sd_bus *bus, sd_bus_message **m) {
+                 if (r == 0)
+                         return ret;
+ 
+-                r = 1;
++                ret = 1;
+         } while (!z);
+ 
+         *m = z;
+-        return 1;
++        return ret;
+ }
+ 
+ int sd_bus_send(sd_bus *bus, sd_bus_message *m, uint64_t *serial) {
+diff --git a/src/libudev/libudev-enumerate.c b/src/libudev/libudev-enumerate.c
+index 5ccaabd..100c1fb 100644
+--- a/src/libudev/libudev-enumerate.c
++++ b/src/libudev/libudev-enumerate.c
+@@ -299,7 +299,7 @@ _public_ struct udev_list_entry *udev_enumerate_get_list_entry(struct udev_enume
+                         /* skip to be delayed devices, and move the to
+                          * the point where the prefix changes. We can
+                          * only move one item at a time. */
+-                        if (!move_later) {
++                        if (move_later == -1) {
+                                 move_later_prefix = devices_delay_later(udev_enumerate->udev, entry->syspath);
+ 
+                                 if (move_later_prefix > 0) {
+@@ -718,6 +718,8 @@ static bool match_subsystem(struct udev_enumerate *udev_enumerate, const char *s
+ {
+         struct udev_list_entry *list_entry;
+ 
++        subsystem = subsystem ? : "";
++
+         udev_list_entry_foreach(list_entry, udev_list_get_entry(&udev_enumerate->subsystem_nomatch_list)) {
+                 if (fnmatch(udev_list_entry_get_name(list_entry), subsystem, 0) == 0)
+                         return false;
+@@ -826,23 +828,27 @@ nomatch:
+ static int parent_add_child(struct udev_enumerate *enumerate, const char *path)
+ {
+         struct udev_device *dev;
++        int r = 0;
+ 
+         dev = udev_device_new_from_syspath(enumerate->udev, path);
+         if (dev == NULL)
+                 return -ENODEV;
+ 
+         if (!match_subsystem(enumerate, udev_device_get_subsystem(dev)))
+-                return 0;
++                goto nomatch;
+         if (!match_sysname(enumerate, udev_device_get_sysname(dev)))
+-                return 0;
++                goto nomatch;
+         if (!match_property(enumerate, dev))
+-                return 0;
++                goto nomatch;
+         if (!match_sysattr(enumerate, dev))
+-                return 0;
++                goto nomatch;
+ 
+         syspath_add(enumerate, udev_device_get_syspath(dev));
++        r = 1;
++
++nomatch:
+         udev_device_unref(dev);
+-        return 1;
++        return r;
+ }
+ 
+ static int parent_crawl_children(struct udev_enumerate *enumerate, const char *path, int maxdepth)
+diff --git a/src/libudev/libudev.sym b/src/libudev/libudev.sym
+index 8e09430..1e6f885 100644
+--- a/src/libudev/libudev.sym
++++ b/src/libudev/libudev.sym
+@@ -109,5 +109,6 @@ global:
+ } LIBUDEV_189;
+ 
+ LIBUDEV_199 {
++global:
+         udev_device_set_sysattr_value;
+ } LIBUDEV_196;
+diff --git a/src/modules-load/modules-load.c b/src/modules-load/modules-load.c
+index 7b19ee0..49ee420 100644
+--- a/src/modules-load/modules-load.c
++++ b/src/modules-load/modules-load.c
+@@ -302,8 +302,8 @@ int main(int argc, char *argv[]) {
+ 
+                 STRV_FOREACH(i, arg_proc_cmdline_modules) {
+                         k = load_module(ctx, *i);
+-                        if (k < 0)
+-                                r = EXIT_FAILURE;
++                        if (k < 0 && r == 0)
++                                r = k;
+                 }
+ 
+                 r = conf_files_list_nulstr(&files, ".conf", NULL, conf_file_dirs);
+diff --git a/src/nss-myhostname/netlink.c b/src/nss-myhostname/netlink.c
+index b1ef912..4f2ab5c 100644
+--- a/src/nss-myhostname/netlink.c
++++ b/src/nss-myhostname/netlink.c
+@@ -113,6 +113,10 @@ static int read_reply(int fd, struct address **list, unsigned *n_list) {
+                     ifaddrmsg->ifa_scope == RT_SCOPE_NOWHERE)
+                         continue;
+ 
++                if (ifaddrmsg->ifa_family == AF_INET6 &&
++                    ifaddrmsg->ifa_scope == RT_SCOPE_LINK)
++                        continue;
++
+                 if (ifaddrmsg->ifa_flags & IFA_F_DEPRECATED)
+                         continue;
+ 
+diff --git a/src/shared/efivars.c b/src/shared/efivars.c
+index 8d004ba..99340c9 100644
+--- a/src/shared/efivars.c
++++ b/src/shared/efivars.c
+@@ -383,7 +383,8 @@ int efi_get_boot_options(uint16_t **options) {
+                 list[count ++] = id;
+         }
+ 
+-        qsort(list, count, sizeof(uint16_t), cmp_uint16);
++        if (list)
++                qsort(list, count, sizeof(uint16_t), cmp_uint16);
+ 
+         *options = list;
+         return count;
+diff --git a/src/shared/env-util.c b/src/shared/env-util.c
+index 6a52fb9..598222c 100644
+--- a/src/shared/env-util.c
++++ b/src/shared/env-util.c
+@@ -406,7 +406,9 @@ char **strv_env_clean_log(char **e, const char *message) {
+                 e[k++] = *p;
+         }
+ 
+-        e[k] = NULL;
++        if (e)
++                e[k] = NULL;
++
+         return e;
+ }
+ 
+diff --git a/src/shared/log.c b/src/shared/log.c
+index 27317f7..8f4995a 100644
+--- a/src/shared/log.c
++++ b/src/shared/log.c
+@@ -115,16 +115,20 @@ void log_close_syslog(void) {
+ 
+ static int create_log_socket(int type) {
+         int fd;
++        struct timeval tv;
+ 
+-        /* All output to the syslog/journal fds we do asynchronously,
+-         * and if the buffers are full we just drop the messages */
+-
+-        fd = socket(AF_UNIX, type|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
++        fd = socket(AF_UNIX, type|SOCK_CLOEXEC, 0);
+         if (fd < 0)
+                 return -errno;
+ 
+         fd_inc_sndbuf(fd, SNDBUF_SIZE);
+ 
++        /* We need a blocking fd here since we'd otherwise lose
++        messages way too early. However, let's not hang forever in the
++        unlikely case of a deadlock. */
++        timeval_store(&tv, 1*USEC_PER_MINUTE);
++        setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv));
++
+         return fd;
+ }
+ 
+diff --git a/src/shared/polkit.c b/src/shared/polkit.c
+index cea7074..1c5e9e3 100644
+--- a/src/shared/polkit.c
++++ b/src/shared/polkit.c
+@@ -38,12 +38,8 @@ int verify_polkit(
+ 
+ #ifdef ENABLE_POLKIT
+         DBusMessage *m = NULL, *reply = NULL;
+-        const char *unix_process = "unix-process", *pid = "pid", *starttime = "start-time", *cancel_id = "";
++        const char *system_bus_name = "system-bus-name", *name = "name", *cancel_id = "";
+         uint32_t flags = interactive ? 1 : 0;
+-        pid_t pid_raw;
+-        uint32_t pid_u32;
+-        unsigned long long starttime_raw;
+-        uint64_t starttime_u64;
+         DBusMessageIter iter_msg, iter_struct, iter_array, iter_dict, iter_variant;
+         int r;
+         dbus_bool_t authorized = FALSE, challenge = FALSE;
+@@ -68,14 +64,6 @@ int verify_polkit(
+ 
+ #ifdef ENABLE_POLKIT
+ 
+-        pid_raw = bus_get_unix_process_id(c, sender, error);
+-        if (pid_raw == 0)
+-                return -EINVAL;
+-
+-        r = get_starttime_of_pid(pid_raw, &starttime_raw);
+-        if (r < 0)
+-                return r;
+-
+         m = dbus_message_new_method_call(
+                         "org.freedesktop.PolicyKit1",
+                         "/org/freedesktop/PolicyKit1/Authority",
+@@ -86,22 +74,13 @@ int verify_polkit(
+ 
+         dbus_message_iter_init_append(m, &iter_msg);
+ 
+-        pid_u32 = (uint32_t) pid_raw;
+-        starttime_u64 = (uint64_t) starttime_raw;
+-
+         if (!dbus_message_iter_open_container(&iter_msg, DBUS_TYPE_STRUCT, NULL, &iter_struct) ||
+-            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &unix_process) ||
++            !dbus_message_iter_append_basic(&iter_struct, DBUS_TYPE_STRING, &system_bus_name) ||
+             !dbus_message_iter_open_container(&iter_struct, DBUS_TYPE_ARRAY, "{sv}", &iter_array) ||
+             !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
+-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &pid) ||
+-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "u", &iter_variant) ||
+-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT32, &pid_u32) ||
+-            !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
+-            !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
+-            !dbus_message_iter_open_container(&iter_array, DBUS_TYPE_DICT_ENTRY, NULL, &iter_dict) ||
+-            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &starttime) ||
+-            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "t", &iter_variant) ||
+-            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_UINT64, &starttime_u64) ||
++            !dbus_message_iter_append_basic(&iter_dict, DBUS_TYPE_STRING, &name) ||
++            !dbus_message_iter_open_container(&iter_dict, DBUS_TYPE_VARIANT, "s", &iter_variant) ||
++            !dbus_message_iter_append_basic(&iter_variant, DBUS_TYPE_STRING, &sender) ||
+             !dbus_message_iter_close_container(&iter_dict, &iter_variant) ||
+             !dbus_message_iter_close_container(&iter_array, &iter_dict) ||
+             !dbus_message_iter_close_container(&iter_struct, &iter_array) ||
+diff --git a/src/systemctl/systemctl.c b/src/systemctl/systemctl.c
+index 3cca861..f6052dd 100644
+--- a/src/systemctl/systemctl.c
++++ b/src/systemctl/systemctl.c
+@@ -1482,7 +1482,7 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+ 
+         } else if (dbus_message_is_signal(message, "org.freedesktop.systemd1.Manager", "JobRemoved")) {
+                 uint32_t id;
+-                const char *path, *result, *unit;
++                const char *path, *result, *unit, *r;
+ 
+                 if (dbus_message_get_args(message, &error,
+                                           DBUS_TYPE_UINT32, &id,
+@@ -1491,7 +1491,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+                                           DBUS_TYPE_STRING, &result,
+                                           DBUS_TYPE_INVALID)) {
+ 
+-                        free(set_remove(d->set, (char*) path));
++                        r = set_remove(d->set, (char*) path);
++                        if (!r)
++                                return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
++
++                        free(r);
+ 
+                         if (!isempty(result))
+                                 d->result = strdup(result);
+@@ -1511,7 +1515,11 @@ static DBusHandlerResult wait_filter(DBusConnection *connection, DBusMessage *me
+                         /* Compatibility with older systemd versions <
+                          * 183 during upgrades. This should be dropped
+                          * one day. */
+-                        free(set_remove(d->set, (char*) path));
++                        r = set_remove(d->set, (char*) path);
++                        if (!r)
++                                return DBUS_HANDLER_RESULT_NOT_YET_HANDLED;
++
++                        free(r);
+ 
+                         if (*result)
+                                 d->result = strdup(result);
+@@ -1867,7 +1875,7 @@ static int start_unit_one(
+                         return log_oom();
+ 
+                 r = set_consume(s, p);
+-                if (r < 0) {
++                if (r < 0 && r != -EEXIST) {
+                         log_error("Failed to add path to set.");
+                         return r;
+                 }
+diff --git a/units/emergency.service.in b/units/emergency.service.in
+index 442f0e0..6b7eafd 100644
+--- a/units/emergency.service.in
++++ b/units/emergency.service.in
+@@ -15,7 +15,6 @@ Before=shutdown.target
+ [Service]
+ Environment=HOME=/root
+ WorkingDirectory=/root
+-ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type "journalctl -xb" to view\\nsystem logs, "systemctl reboot" to reboot, "systemctl default" to try again\\nto boot into default mode.'
+ ExecStart=-/sbin/sulogin
+ ExecStopPost=@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/local-fs.target b/units/local-fs.target
+index 18c3d74..a09054c 100644
+--- a/units/local-fs.target
++++ b/units/local-fs.target
+@@ -11,3 +11,5 @@ Documentation=man:systemd.special(7)
+ After=local-fs-pre.target
+ OnFailure=emergency.target
+ OnFailureIsolate=no
++
++X-StopOnReconfiguration=yes
+diff --git a/units/remote-fs.target b/units/remote-fs.target
+index 09213e8..47b4cf5 100644
+--- a/units/remote-fs.target
++++ b/units/remote-fs.target
+@@ -10,5 +10,7 @@ Description=Remote File Systems
+ Documentation=man:systemd.special(7)
+ After=remote-fs-pre.target
+ 
++X-StopOnReconfiguration=yes
++
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/units/rescue.service.m4.in b/units/rescue.service.m4.in
+index 269797a..2c640f4 100644
+--- a/units/rescue.service.m4.in
++++ b/units/rescue.service.m4.in
+@@ -16,7 +16,6 @@ Before=shutdown.target
+ [Service]
+ Environment=HOME=/root
+ WorkingDirectory=/root
+-ExecStartPre=-/bin/plymouth quit
+ ExecStartPre=-/bin/echo -e 'Welcome to rescue mode! Type "systemctl default" or ^D to enter default mode.\\nType "journalctl -xb" to view system logs. Type "systemctl reboot" to reboot.'
+ ExecStart=-/sbin/sulogin
+ ExecStopPost=-@SYSTEMCTL@ --fail --no-block default
+diff --git a/units/sysinit.target b/units/sysinit.target
+index 8f4fb8f..e0f0147 100644
+--- a/units/sysinit.target
++++ b/units/sysinit.target
+@@ -9,6 +9,5 @@
+ Description=System Initialization
+ Documentation=man:systemd.special(7)
+ Conflicts=emergency.service emergency.target
+-Wants=local-fs.target swap.target
+-After=local-fs.target swap.target emergency.service emergency.target
++After=emergency.service emergency.target
+ RefuseManualStart=yes
+diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
+index ab2e50c..9563a7d 100644
+--- a/units/systemd-journald.service.in
++++ b/units/systemd-journald.service.in
+@@ -24,3 +24,8 @@ CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_SYSLOG C
+ # Increase the default a bit in order to allow many simultaneous
+ # services being run since we keep one fd open per service.
+ LimitNOFILE=16384
++
++# Don't restart journald, since that causes services connected to
++# journald to stop logging (see
++# https://bugs.freedesktop.org/show_bug.cgi?id=56043).
++X-RestartIfChanged=no
+diff --git a/units/systemd-user-sessions.service.in b/units/systemd-user-sessions.service.in
+index 0869e73..b6ed958 100644
+--- a/units/systemd-user-sessions.service.in
++++ b/units/systemd-user-sessions.service.in
+@@ -15,3 +15,6 @@ Type=oneshot
+ RemainAfterExit=yes
+ ExecStart=@rootlibexecdir@/systemd-user-sessions start
+ ExecStop=@rootlibexecdir@/systemd-user-sessions stop
++
++# Restart kills all active sessions.
++X-RestartIfChanged=no
diff --git a/pkgs/os-specific/linux/systemd/no-global-install.patch b/pkgs/os-specific/linux/systemd/no-global-install.patch
deleted file mode 100644
index 6567251d57a1..000000000000
--- a/pkgs/os-specific/linux/systemd/no-global-install.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-diff --git a/Makefile.am b/Makefile.am
-index 05bf582..aa16a7c 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -2568,11 +2568,6 @@ endif
- # "adm" and "wheel".
- libsystemd-journal-install-hook:
- 	libname=libsystemd-journal.so && $(move-to-rootlibdir)
--	$(MKDIR_P) $(DESTDIR)/var/log/journal
--	-chown 0:0 $(DESTDIR)/var/log/journal
--	-chmod 755 $(DESTDIR)/var/log/journal
--	-setfacl -nm g:adm:rx,d:g:adm:rx $(DESTDIR)/var/log/journal/
--	-setfacl -nm g:wheel:rx,d:g:wheel:rx $(DESTDIR)/var/log/journal/
- 
- libsystemd-journal-uninstall-hook:
- 	rm -f $(DESTDIR)$(rootlibdir)/libsystemd-journal.so*
-@@ -3676,9 +3671,6 @@ if HAVE_SYSV_COMPAT
- sysvinit_DATA = \
- 	docs/sysvinit/README
- 
--varlog_DATA = \
--	docs/var-log/README
--
- docs/sysvinit/README: docs/sysvinit/README.in
- 	$(SED_PROCESS)
- 
diff --git a/pkgs/os-specific/linux/ttysnoop/default.nix b/pkgs/os-specific/linux/ttysnoop/default.nix
new file mode 100644
index 000000000000..670c96083443
--- /dev/null
+++ b/pkgs/os-specific/linux/ttysnoop/default.nix
@@ -0,0 +1,38 @@
+{stdenv, fetchurl}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="ttysnoop";
+    version="0.12d.k26";
+    name="${baseName}-${version}";
+    hash="0jb2zchaiqmmickj0la7wjw3sf9vy65qfhhs11yrzx4mmwkp0395";
+    url="http://sysd.org/stas/files/active/0/ttysnoop-0.12d.k26.tar.gz";
+    sha256="0jb2zchaiqmmickj0la7wjw3sf9vy65qfhhs11yrzx4mmwkp0395";
+  };
+  buildInputs = [
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  preBuild = ''
+    sed -e "s@/sbin@$out/sbin@g" -i Makefile
+    sed -e "s@/usr/man@$out/share/man@g" -i Makefile
+    mkdir -p "$out/share/man/man8"
+    mkdir -p "$out/sbin"
+  '';
+  postInstall = ''
+    mkdir -p "$out/etc"
+    cp snooptab.dist "$out/etc/snooptab"
+  '';
+  meta = {
+    inherit (s) version;
+    description = "A tool to clone input and output of another tty/pty to the current one";
+    license = stdenv.lib.licenses.gpl2 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/ttysnoop/default.upstream b/pkgs/os-specific/linux/ttysnoop/default.upstream
new file mode 100644
index 000000000000..905a639c31e7
--- /dev/null
+++ b/pkgs/os-specific/linux/ttysnoop/default.upstream
@@ -0,0 +1,3 @@
+url http://sysd.org/stas/node/35
+ensure_choice
+version '.*-([0-9a-z.]+)[.]tar[.].*' '\1'
diff --git a/pkgs/os-specific/linux/udisks-glue/default.nix b/pkgs/os-specific/linux/udisks-glue/default.nix
new file mode 100644
index 000000000000..9f99d5e9f209
--- /dev/null
+++ b/pkgs/os-specific/linux/udisks-glue/default.nix
@@ -0,0 +1,22 @@
+{ stdenv, fetchurl, pkgconfig, automake, autoconf, udisks, dbus_glib, glib, confuse }:
+
+stdenv.mkDerivation {
+  name = "udisks-glue-1.3.5";
+
+  src = fetchurl {
+    url = "https://github.com/fernandotcl/udisks-glue/archive/release-1.3.5.tar.gz";
+    sha256 = "317d25bf249278dc8f6a5dcf18f760512427c772b9afe3cfe34e6e1baa258176";
+  };
+
+  buildInputs = [ automake autoconf pkgconfig udisks dbus_glib glib confuse ];
+
+  preConfigure = "sh autogen.sh";
+
+  meta = {
+    homepage = https://github.com/fernandotcl/udisks-glue;
+    description = "A tool to associate udisks events to user-defined actions";
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [pSub];
+    license = "free";
+  };
+}
diff --git a/pkgs/os-specific/linux/upower/default.nix b/pkgs/os-specific/linux/upower/default.nix
index 8f244c3d6454..d5dc292ac339 100644
--- a/pkgs/os-specific/linux/upower/default.nix
+++ b/pkgs/os-specific/linux/upower/default.nix
@@ -36,6 +36,8 @@ stdenv.mkDerivation rec {
         --replace /usr/bin/dbus-send ${dbus_tools}/bin/dbus-send
     '';
 
+  NIX_CFLAGS_LINK = "-lgcc_s";
+
   installFlags = "historydir=$(TMPDIR)/foo";
 
   meta = {
diff --git a/pkgs/os-specific/linux/usbutils/default.nix b/pkgs/os-specific/linux/usbutils/default.nix
index b7d139a534f0..aff730e387a5 100644
--- a/pkgs/os-specific/linux/usbutils/default.nix
+++ b/pkgs/os-specific/linux/usbutils/default.nix
@@ -4,8 +4,8 @@ let
 
   # Obtained from http://www.linux-usb.org/usb.ids.bz2.
   usbids = fetchurl {
-    url = http://tarballs.nixos.org/usb.ids.20120920.bz2;
-    sha256 = "0sz860g7grf6kx22p49s6j8h85c69ymcw16a8110klzfl9hl9hli";
+    url = http://tarballs.nixos.org/usb.ids.20130821.bz2;
+    sha256 = "0x7mf4h5h5wjzhygfr4lc8yz0cwm7mahxrnp5nkxcmawmyxwsg53";
   };
 
 in
@@ -20,8 +20,14 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig libusb1 ];
 
-  # currently up-to-date
-  #preBuild = "bunzip2 < ${usbids} > usb.ids";
+  preBuild = "bunzip2 < ${usbids} > usb.ids";
+
+  postInstall =
+    ''
+      rm $out/sbin/update-usbids.sh
+      substituteInPlace $out/bin/lsusb.py \
+        --replace /usr/share/usb.ids $out/share/usb.ids
+    '';
 
   meta = {
     homepage = http://www.linux-usb.org/;
diff --git a/pkgs/os-specific/linux/x86info/default.nix b/pkgs/os-specific/linux/x86info/default.nix
index 297991ff4d95..6cd2a431a605 100644
--- a/pkgs/os-specific/linux/x86info/default.nix
+++ b/pkgs/os-specific/linux/x86info/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "An identification utility for the x86 series of processors.";
+    description = "Identification utility for the x86 series of processors";
     longDescription =
     ''
       x86info will identify all Intel/AMD/Centaur/Cyrix/VIA CPUs. It leverages
diff --git a/pkgs/servers/amqp/qpid-cpp/default.nix b/pkgs/servers/amqp/qpid-cpp/default.nix
new file mode 100644
index 000000000000..9fc3520002c9
--- /dev/null
+++ b/pkgs/servers/amqp/qpid-cpp/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, fetchurl, cmake, python, boost, libuuid }:
+
+stdenv.mkDerivation rec {
+  name = "${project}-cpp-${version}";
+
+  project = "qpid";
+  version = "0.24";
+
+  src = fetchurl {
+    url = "mirror://apache/${project}/${version}/${name}.tar.gz";
+    sha256 = "08nfks5jjipy5i4b6mz62ijrz5ryq32c478ix7l3fzmaim3cy8b8";
+  };
+
+  buildInputs = [ cmake python boost libuuid ];
+
+  # workaround this
+  #/nix/store/n38ns73bm4iv62fihd9ih5b39w54yyaf-boost-1.54.0/include/boost/ptr_container/detail/map_iterator.hpp:52:48:
+  #error: type qualifiers ignored on function return type [-Werror=ignored-qualifiers]
+  cmakeFlags = "-DENABLE_WARNINGS=OFF";
+
+  # the subdir managementgen wants to install python stuff in ${python} and
+  # the installation tries to create some folders in /var
+  patchPhase = ''
+    sed -i '/managementgen/d' CMakeLists.txt
+    sed -i '/ENV/d' src/CMakeLists.txt
+  '';
+
+  meta = {
+    homepage = http://qpid.apache.org;
+    repositories.git = git://git.apache.org/qpid.git;
+    repositories.svn = http://svn.apache.org/repos/asf/qpid;
+    description = "An AMQP message broker and a C++ messaging API";
+    license = stdenv.lib.licenses.asl20;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.page ];
+  };
+}
diff --git a/pkgs/servers/apcupsd/default.nix b/pkgs/servers/apcupsd/default.nix
index 877be1d74b8a..4ccb1b069c93 100644
--- a/pkgs/servers/apcupsd/default.nix
+++ b/pkgs/servers/apcupsd/default.nix
@@ -45,7 +45,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = with stdenv.lib; {
-    description = "A daemon for controlling APC UPSes";
+    description = "Daemon for controlling APC UPSes";
     homepage = http://www.apcupsd.com/;
     license = licenses.gpl2;
     platforms = platforms.linux;
diff --git a/pkgs/servers/bird/default.nix b/pkgs/servers/bird/default.nix
new file mode 100644
index 000000000000..ae50091add1d
--- /dev/null
+++ b/pkgs/servers/bird/default.nix
@@ -0,0 +1,19 @@
+{ stdenv, fetchurl, flex, bison, readline }:
+
+stdenv.mkDerivation rec {
+  name = "bird-1.3.11";
+
+  src = fetchurl {
+    url = "ftp://bird.network.cz/pub/bird/${name}.tar.gz";
+    sha256 = "15c4d9cyd6l8jdlrvmzvwmpga81llm8zxqvbsir9gvwgzn6zbmna";
+  };
+
+  buildInputs = [ flex bison readline ];
+
+  meta = {
+    description = "";
+    homepage = http://bird.network.cz;
+    license = "GPLv2+";
+    maintainers = with stdenv.lib.maintainers; [viric];
+  };
+}
diff --git a/pkgs/servers/computing/storm/default.nix b/pkgs/servers/computing/storm/default.nix
index ca3f5333b30e..88837f9bb427 100644
--- a/pkgs/servers/computing/storm/default.nix
+++ b/pkgs/servers/computing/storm/default.nix
@@ -42,7 +42,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://storm-project.net";
-    description = "Storm, free and open source distributed realtime computation system.";
+    description = "Distributed realtime computation system";
     license = "Eclipse Public License 1.0";
     maintainers = [ lib.maintainers.vizanto ];
   };
diff --git a/pkgs/servers/http/apache-modules/mod_evasive/default.nix b/pkgs/servers/http/apache-modules/mod_evasive/default.nix
index d796d0a6dc5e..129f44ab502f 100644
--- a/pkgs/servers/http/apache-modules/mod_evasive/default.nix
+++ b/pkgs/servers/http/apache-modules/mod_evasive/default.nix
@@ -23,8 +23,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.zdziarski.com/blog/?page_id=442";
-    description = "mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack.";
-
+    description = "Evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack";
     platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/servers/http/lighttpd/default.nix b/pkgs/servers/http/lighttpd/default.nix
index f967a7aaa2a8..61070ef22b6e 100644
--- a/pkgs/servers/http/lighttpd/default.nix
+++ b/pkgs/servers/http/lighttpd/default.nix
@@ -1,4 +1,8 @@
-{ stdenv, fetchurl, pcre, libxml2, zlib, attr, bzip2, which, file, openssl }:
+{ stdenv, fetchurl, pkgconfig, pcre, libxml2, zlib, attr, bzip2, which, file
+, openssl, enableMagnet ? false, lua5 ? null
+}:
+
+assert enableMagnet -> lua5 != null;
 
 stdenv.mkDerivation {
   name = "lighttpd-1.4.32";
@@ -8,9 +12,11 @@ stdenv.mkDerivation {
     sha256 = "1hgd9bi4mrak732h57na89lqg58b1kkchnddij9gawffd40ghs0k";
   };
 
-  buildInputs = [ pcre libxml2 zlib attr bzip2 which file openssl ];
+  buildInputs = [ pkgconfig pcre libxml2 zlib attr bzip2 which file openssl ]
+             ++ stdenv.lib.optional enableMagnet lua5;
 
-  configureFlags = "--with-openssl --with-openssl-libs=${openssl}";
+  configureFlags = [ "--with-openssl" ]
+                ++ stdenv.lib.optional enableMagnet "--with-lua";
 
   preConfigure = ''
     sed -i "s:/usr/bin/file:${file}/bin/file:g" configure
diff --git a/pkgs/servers/http/nginx/default.nix b/pkgs/servers/http/nginx/default.nix
index 083dbc482f0a..28390aa38da0 100644
--- a/pkgs/servers/http/nginx/default.nix
+++ b/pkgs/servers/http/nginx/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2, libxslt, expat, fullWebDAV ? false }:
+{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2, libxslt, expat, fullWebDAV ? false, syslog ? false }:
 
 let
   dav-ext = fetchgit {
@@ -6,6 +6,12 @@ let
     rev = "54cebc1f21fc13391aae692c6cce672fa7986f9d";
     sha256 = "1dvpq1fg5rslnl05z8jc39sgnvh3akam9qxfl033akpczq1bh8nq";
   };
+
+  syslog-ext = fetchgit {
+    url = https://github.com/yaoweibin/nginx_syslog_patch.git;
+    rev = "165affd9741f0e30c4c8225da5e487d33832aca3";
+    sha256 = "14dkkafjnbapp6jnvrjg9ip46j00cr8pqc2g7374z9aj7hrvdvhs";
+  };
 in
 
 stdenv.mkDerivation rec {
@@ -13,11 +19,13 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "http://nginx.org/download/${name}.tar.gz";
-    sha256 = "06ficmjiya3m8mdlyq3bgqx604h475n77qc5c502kfjijzld39dw";
+    sha256 = "116yfy0k65mwxdkld0w7c3gly77jdqlvga5hpbsw79i3r62kh4mf";
   };
 
   buildInputs = [ openssl zlib pcre libxml2 libxslt ] ++ stdenv.lib.optional fullWebDAV expat;
 
+  patches = if syslog then [ "${syslog-ext}/syslog_1.4.0.patch" ] else [];
+
   configureFlags = [
     "--with-http_ssl_module"
     "--with-http_xslt_module"
@@ -27,7 +35,8 @@ stdenv.mkDerivation rec {
     "--with-http_secure_link_module"
     # Install destination problems
     # "--with-http_perl_module"
-  ] ++ stdenv.lib.optional fullWebDAV "--add-module=${dav-ext}";
+  ] ++ stdenv.lib.optional fullWebDAV "--add-module=${dav-ext}"
+    ++ stdenv.lib.optional syslog "--add-module=${syslog-ext}";
 
   preConfigure = ''
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2"
@@ -41,6 +50,6 @@ stdenv.mkDerivation rec {
     description = "A reverse proxy and lightweight webserver";
     maintainers = [ stdenv.lib.maintainers.raskin];
     platforms = stdenv.lib.platforms.all;
-    version = "1.4.1";
+    version = "1.4.3";
   };
 }
diff --git a/pkgs/servers/icecast/default.nix b/pkgs/servers/icecast/default.nix
index 24ae245a8a07..8b940fdb0cfc 100644
--- a/pkgs/servers/icecast/default.nix
+++ b/pkgs/servers/icecast/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ libxml2 libxslt curl libvorbis libtheora speex libkate ];
 
   meta = {
-    description = "icecast is free server software for streaming multimedia.";
+    description = "Server software for streaming multimedia";
 
     longDescription = ''
       Icecast is a streaming media server which currently supports Ogg Vorbis and MP3
diff --git a/pkgs/servers/mail/dovecot-pigeonhole/default.nix b/pkgs/servers/mail/dovecot-pigeonhole/default.nix
index 844219925b17..5c0f39ca135f 100644
--- a/pkgs/servers/mail/dovecot-pigeonhole/default.nix
+++ b/pkgs/servers/mail/dovecot-pigeonhole/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   name = "dovecot-pigeonhole-${version}";
-  version = "0.4.1";
+  version = "0.4.2";
 
   src = fetchurl {
     url = "http://www.rename-it.nl/dovecot/2.2/dovecot-2.2-pigeonhole-${version}.tar.gz";
-    sha256 = "0vk9khwijl8qbjlm1q36a5dvpilrminp756n87c452kc3cfgc71n";
+    sha256 = "04rybb7ipsrhqapcqfr787n60lwd56gb33ylq7yqjr5q6xqg1684";
   };  
 
   buildInputs = [ dovecot22 openssl ];
@@ -28,7 +28,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://pigeonhole.dovecot.org/;
-    description = "A sieve plugin for the Dovecot IMAP server.";
+    description = "A sieve plugin for the Dovecot IMAP server";
     license = licenses.lgpl21;
     maintainers = [ maintainers.rickynils ];
   };  
diff --git a/pkgs/servers/mail/dovecot/2.2.x.nix b/pkgs/servers/mail/dovecot/2.2.x.nix
index 15c3b65b7543..06635e33954f 100644
--- a/pkgs/servers/mail/dovecot/2.2.x.nix
+++ b/pkgs/servers/mail/dovecot/2.2.x.nix
@@ -2,13 +2,13 @@
 , inotifyTools }:
 
 stdenv.mkDerivation rec {
-  name = "dovecot-2.2.4";
+  name = "dovecot-2.2.6";
 
   buildInputs = [perl systemd openssl pam bzip2 zlib openldap inotifyTools];
 
   src = fetchurl {
     url = "http://dovecot.org/releases/2.2/${name}.tar.gz";
-    sha256 = "1i5x7l03q854h4j210cpzair4vak95saccp9gb5p4xx7ndggm3q1";
+    sha256 = "1rfnsg0a57cv02pl68h3jhbd5v3071a75bvf9gs95fd41g72n9v2";
   };
 
   preConfigure = ''
diff --git a/pkgs/servers/mail/mailman/default.nix b/pkgs/servers/mail/mailman/default.nix
new file mode 100644
index 000000000000..cda5dba32e0c
--- /dev/null
+++ b/pkgs/servers/mail/mailman/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchurl, python }:
+
+stdenv.mkDerivation rec {
+  name = "mailman-2.1.16";
+
+  src = fetchurl {
+    url = "mirror://gnu/mailman/${name}.tgz";
+    sha256 = "0qsgnqjfi07kdiwzik0i78a5q3q5kcw1r61g48abix9qjc32n5ax";
+  };
+
+  buildInputs = [ python ];
+
+  patches = [ ./fix-var-prefix.patch ];
+
+  configureFlags = "--without-permcheck --with-cgi-ext=.cgi --with-var-prefix=/var/lib/mailman";
+
+  installTargets = "doinstall";         # Leave out the 'update' target that's implied by 'install'.
+
+  meta = {
+    homepage = "http://www.gnu.org/software/mailman/";
+    description = "Free software for managing electronic mail discussion and e-newsletter lists";
+    license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.simons ];
+  };
+}
diff --git a/pkgs/servers/mail/mailman/fix-var-prefix.patch b/pkgs/servers/mail/mailman/fix-var-prefix.patch
new file mode 100644
index 000000000000..9bb735ecbed7
--- /dev/null
+++ b/pkgs/servers/mail/mailman/fix-var-prefix.patch
@@ -0,0 +1,33 @@
+diff -ubr mailman-2.1.16-orig/contrib/redhat_fhs.patch mailman-2.1.16/contrib/redhat_fhs.patch
+--- mailman-2.1.16-orig/contrib/redhat_fhs.patch	2013-10-21 14:55:48.797631434 +0200
++++ mailman-2.1.16/contrib/redhat_fhs.patch	2013-10-21 14:56:42.534310378 +0200
+@@ -197,7 +197,7 @@
+ +	    else true; \
+ +	    fi; \
+ +	done
+- 	chmod o-r $(DESTDIR)$(var_prefix)/archives/private
++ 	chmod o-r $(prefix)$(var_prefix)/archives/private
+  	@for d in $(ARCH_INDEP_DIRS); \
+  	do \
+ Only in mailman-2.1.5.FHS: Makefile.in~
+diff -ubr mailman-2.1.16-orig/Makefile.in mailman-2.1.16/Makefile.in
+--- mailman-2.1.16-orig/Makefile.in	2013-10-21 14:55:48.798631519 +0200
++++ mailman-2.1.16/Makefile.in	2013-10-21 14:56:42.562313220 +0200
+@@ -87,7 +87,7 @@
+ 	@echo "Creating architecture independent directories..."
+ 	@for d in $(VAR_DIRS); \
+ 	do \
+-	    dir=$(DESTDIR)$(var_prefix)/$$d; \
++	    dir=$(prefix)$(var_prefix)/$$d; \
+ 	    if test ! -d $$dir; then \
+ 		echo "Creating directory hierarchy $$dir"; \
+ 		$(srcdir)/mkinstalldirs $$dir; \
+@@ -96,7 +96,7 @@
+ 	    else true; \
+ 	    fi; \
+ 	done
+-	chmod o-r $(DESTDIR)$(var_prefix)/archives/private
++	chmod o-r $(prefix)$(var_prefix)/archives/private
+ 	@for d in $(ARCH_INDEP_DIRS); \
+ 	do \
+ 	    dir=$(DESTDIR)$(prefix)/$$d; \
diff --git a/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch b/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch
new file mode 100644
index 000000000000..856f3d73011e
--- /dev/null
+++ b/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch
@@ -0,0 +1,84 @@
+From 75a3ec48814e7b9a9b22259a04009076363be3f1 Mon Sep 17 00:00:00 2001
+From: Igor Kolar <igor.kolar@gmail.com>
+Date: Thu, 17 Oct 2013 00:48:23 +0200
+Subject: [PATCH 1/2] node: added --servicedir switch to munin-node
+
+This code is copied over from munin-node-config, that already does the same
+---
+ node/sbin/munin-node | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/node/sbin/munin-node b/node/sbin/munin-node
+index 7b2e180..0a93450 100755
+--- a/node/sbin/munin-node
++++ b/node/sbin/munin-node
+@@ -35,7 +35,7 @@ use Munin::Node::OS;
+ use Munin::Node::Service;
+ use Munin::Node::Server;
+ 
+-my $servicedir;
++my $servicedir = "$Munin::Common::Defaults::MUNIN_CONFDIR/plugins";
+ my $sconfdir = "$Munin::Common::Defaults::MUNIN_CONFDIR/plugin-conf.d";
+ my $conffile = "$Munin::Common::Defaults::MUNIN_CONFDIR/munin-node.conf";
+ my $DEBUG    = 0;
+@@ -101,6 +101,7 @@ sub parse_args
+ 
+     print_usage_and_exit() unless GetOptions(
+         "config=s"     => \$conffile,
++        "servicedir=s" => \$servicedir,
+         "debug!"       => \$DEBUG,
+         "pidebug!"     => \$PIDEBUG,
+         "paranoia!"    => \$paranoia,
+@@ -166,6 +167,10 @@ and returning the output they produce.
+ 
+ Use E<lt>fileE<gt> as configuration file. [@@CONFDIR@@/munin-node.conf]
+ 
++=item B<< --servicedir <dir> >>
++
++Override plugin directory [@@CONFDIR@@/plugins/]
++
+ =item B< --[no]paranoia >
+ 
+ Only run plugins owned by root. Check permissions as well. [--noparanoia]
+-- 
+1.8.4
+
+
+From b8e17cbe73ae4c71b93ff5687ba86db1d0c1f5bd Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Thu, 17 Oct 2013 11:52:10 +0200
+Subject: [PATCH 2/2] node: untaint the service-dir args
+
+---
+ node/sbin/munin-node | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/node/sbin/munin-node b/node/sbin/munin-node
+index 0a93450..909c8c4 100755
+--- a/node/sbin/munin-node
++++ b/node/sbin/munin-node
+@@ -99,9 +99,10 @@ sub parse_args
+ {
+     my @ORIG_ARGV  = @ARGV;
+ 
++    my $servicedir_cmdline;
+     print_usage_and_exit() unless GetOptions(
+         "config=s"     => \$conffile,
+-        "servicedir=s" => \$servicedir,
++        "servicedir=s" => \$servicedir_cmdline,
+         "debug!"       => \$DEBUG,
+         "pidebug!"     => \$PIDEBUG,
+         "paranoia!"    => \$paranoia,
+@@ -109,6 +110,9 @@ sub parse_args
+         "help"         => \&print_usage_and_exit,
+     );
+ 
++    # We untaint the args brutally, since the sysadm should know what he does
++    $servicedir = $1 if defined $servicedir_cmdline && $servicedir_cmdline =~ m/(.*)/;
++
+     # Reset ARGV (for HUPing)
+     @ARGV = @ORIG_ARGV;
+ 
+-- 
+1.8.4
+
diff --git a/pkgs/servers/monitoring/munin/default.nix b/pkgs/servers/monitoring/munin/default.nix
index 8329a9a05c95..4f16ab35527b 100644
--- a/pkgs/servers/monitoring/munin/default.nix
+++ b/pkgs/servers/monitoring/munin/default.nix
@@ -1,17 +1,13 @@
 { stdenv, fetchurl, makeWrapper, which, coreutils, rrdtool, perl, perlPackages
-, python, ruby, openjdk }:
-
-# TODO: split into server/node derivations
-
-# FIXME: munin tries to write log files and web graphs to its installation path.
+, python, ruby, openjdk, nettools }:
 
 stdenv.mkDerivation rec {
-  version = "2.0.14";
+  version = "2.0.17";
   name = "munin-${version}";
 
   src = fetchurl {
     url = "https://github.com/munin-monitoring/munin/archive/${version}.tar.gz";
-    sha256 = "1d71gvmkrck42z1h1dfk9napbhn7apfmlnp7r62fyylv0m7s2ylx";
+    sha256 = "0xfml2r6nssn3lcfqcf3yshxfijyrf9frnhdp83mg6raaznlhx1z";
   };
 
   buildInputs = [ 
@@ -19,6 +15,7 @@ stdenv.mkDerivation rec {
     which
     coreutils
     rrdtool
+    nettools
     perl
     perlPackages.ModuleBuild
     perlPackages.HTMLTemplate
@@ -36,17 +33,49 @@ stdenv.mkDerivation rec {
     perlPackages.NetServer
     perlPackages.ListMoreUtils
     perlPackages.TimeHiRes
+    perlPackages.LWPUserAgent
+    perlPackages.DBDPg
     python
     ruby
     openjdk
+    # tests
+    perlPackages.TestLongString
+    perlPackages.TestDifferences
+    perlPackages.TestDeep
+    perlPackages.TestMockModule
+    perlPackages.TestMockObject
+    perlPackages.FileSlurp
+    perlPackages.IOStringy
+  ];
+
+  # TODO: tests are failing http://munin-monitoring.org/ticket/1390#comment:1
+  # NOTE: important, test command always exits with 0, think of a way to abort the build once tests pass
+  doCheck = false;
+
+  checkPhase = ''
+   export PERL5LIB="$PERL5LIB:${rrdtool}/lib/perl"
+   LC_ALL=C make -j1 test 
+  '';
+
+  patches = [
+    # https://rt.cpan.org/Public/Bug/Display.html?id=75112
+    ./dont_preserve_source_dir_permissions.patch
+
+    # https://github.com/munin-monitoring/munin/pull/134
+    ./adding_servicedir_munin-node.patch
   ];
 
   preBuild = ''
+    substituteInPlace "Makefile" \
+      --replace "/bin/pwd" "pwd"
+
+    # munin checks at build time if user/group exists, unpure
     sed -i '/CHECKUSER/d' Makefile
     sed -i '/CHOWN/d' Makefile
     sed -i '/CHECKGROUP/d' Makefile
-    substituteInPlace "Makefile" \
-      --replace "/usr/pwd" "pwd"
+
+    # munin hardcodes PATH, we need it to obey $PATH
+    sed -i '/ENV{PATH}/d' node/lib/Munin/Node/Service.pm
   '';
 
   # DESTDIR shouldn't be needed (and shouldn't have worked), but munin
@@ -60,7 +89,7 @@ stdenv.mkDerivation rec {
     PYTHON=${python}/bin/python
     RUBY=${ruby}/bin/ruby
     JAVARUN=${openjdk}/bin/java
-    HOSTNAME=default
+    PLUGINUSER=munin
   '';
 
   postFixup = ''
@@ -78,7 +107,8 @@ stdenv.mkDerivation rec {
         case "$file" in
             *.jar) continue;;
         esac
-        wrapProgram "$file" --set PERL5LIB $out/lib/perl5/site_perl:${perlPackages.Log4Perl}/lib/perl5/site_perl:${perlPackages.IOSocketInet6}/lib/perl5/site_perl:${perlPackages.Socket6}/lib/perl5/site_perl:${perlPackages.URI}/lib/perl5/site_perl:${perlPackages.DBFile}/lib/perl5/site_perl:${perlPackages.DateManip}/lib/perl5/site_perl:${perlPackages.HTMLTemplate}/lib/perl5/site_perl:${perlPackages.FileCopyRecursive}/lib/perl5/site_perl:${perlPackages.FCGI}/lib/perl5/site_perl:${perlPackages.NetSNMP}/lib/perl5/site_perl:${perlPackages.NetServer}/lib/perl5/site_perl:${perlPackages.ListMoreUtils}/lib/perl5/site_perl:${perlPackages.TimeHiRes}/lib/perl5/site_perl:${rrdtool}/lib/perl
+        wrapProgram "$file" \
+          --set PERL5LIB "$out/lib/perl5/site_perl:${perlPackages.Log4Perl}/lib/perl5/site_perl:${perlPackages.IOSocketInet6}/lib/perl5/site_perl:${perlPackages.Socket6}/lib/perl5/site_perl:${perlPackages.URI}/lib/perl5/site_perl:${perlPackages.DBFile}/lib/perl5/site_perl:${perlPackages.DateManip}/lib/perl5/site_perl:${perlPackages.HTMLTemplate}/lib/perl5/site_perl:${perlPackages.FileCopyRecursive}/lib/perl5/site_perl:${perlPackages.FCGI}/lib/perl5/site_perl:${perlPackages.NetSNMP}/lib/perl5/site_perl:${perlPackages.NetServer}/lib/perl5/site_perl:${perlPackages.ListMoreUtils}/lib/perl5/site_perl:${perlPackages.TimeHiRes}/lib/perl5/site_perl:${rrdtool}/lib/perl:${perlPackages.DBDPg}/lib/perl5/site_perl:${perlPackages.LWPUserAgent}/lib/perl5/site_perl"
     done
   '';
 
diff --git a/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch b/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch
new file mode 100644
index 000000000000..78eac7283051
--- /dev/null
+++ b/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch
@@ -0,0 +1,18 @@
+# https://rt.cpan.org/Public/Bug/Display.html?id=75112
+diff --git a/master/lib/Munin/Master/HTMLOld.pm b/master/lib/Munin/Master/HTMLOld.pm
+index 2b6e71f..c0aa2c0 100644
+--- a/master/lib/Munin/Master/HTMLOld.pm
++++ b/master/lib/Munin/Master/HTMLOld.pm
+@@ -711,10 +711,12 @@ sub emit_main_index {
+ 
+ sub copy_web_resources {
+     my ($staticdir, $htmldir) = @_;
++       local $File::Copy::Recursive::KeepMode = 0;
+ 	unless(dircopy($staticdir, "$htmldir/static")){
+ 		ERROR "[ERROR] Could not copy contents from $staticdir to $htmldir";
+ 		die "[ERROR] Could not copy contents from $staticdir to $htmldir";
+ 	}
++       local $File::Copy::Recursive::KeepMode = 1;
+ }
+ 
+ sub instanciate_comparison_templates {
diff --git a/pkgs/servers/monitoring/zabbix/2.0.nix b/pkgs/servers/monitoring/zabbix/2.0.nix
index 14a4e8bd5a58..1386e1609eb9 100644
--- a/pkgs/servers/monitoring/zabbix/2.0.nix
+++ b/pkgs/servers/monitoring/zabbix/2.0.nix
@@ -5,11 +5,11 @@ assert enableJabber -> minmay != null;
 
 let
 
-  version = "2.0.8";
+  version = "2.0.9";
 
   src = fetchurl {
     url = "mirror://sourceforge/zabbix/zabbix-${version}.tar.gz";
-    sha256 = "16jiwjw4041j3qn1cs4k812mih8mjwz5022ac0h0n78avrh4kff4";
+    sha256 = "057fjqww0qzs56nm8m3c36kbrhwriysvjvqzgwm9j2bg9ylixvym";
   };
 
   preConfigure =
diff --git a/pkgs/servers/monitoring/zabbix/default.nix b/pkgs/servers/monitoring/zabbix/default.nix
index 6ee4712ae657..b106921cdf69 100644
--- a/pkgs/servers/monitoring/zabbix/default.nix
+++ b/pkgs/servers/monitoring/zabbix/default.nix
@@ -2,11 +2,11 @@
 
 let
 
-  version = "1.8.17";
+  version = "1.8.18rc1";
 
   src = fetchurl {
     url = "mirror://sourceforge/zabbix/zabbix-${version}.tar.gz";
-    sha256 = "0c2dpx7ncahp161p6zymrrxwyn3algkfzh6dz7x2j0wsnvb6lrp2";
+    sha256 = "1pa4656dcl5r7r36nwk05zy38z49np6j717wjmmd8sqlz6szw01n";
   };
 
   preConfigure =
diff --git a/pkgs/servers/mpd/clientlib.nix b/pkgs/servers/mpd/clientlib.nix
index 4f689bae6580..612ec0456f2a 100644
--- a/pkgs/servers/mpd/clientlib.nix
+++ b/pkgs/servers/mpd/clientlib.nix
@@ -1,10 +1,19 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchurl, doxygen }:
 
 stdenv.mkDerivation rec {
-  name = "libmpdclient-2.6";
+  version = "${passthru.majorVersion}.${passthru.minorVersion}";
+  name = "libmpdclient-${version}";
+
   src = fetchurl {
-    url = "mirror://sourceforge/musicpd/${name}.tar.bz2";
-    sha256 = "1j8kn0fawdsvczrkhf6xm2yp0h6w49b326i3c08zwvhskd3phljw";
+    url = "http://www.musicpd.org/download/libmpdclient/2/${name}.tar.bz2";
+    sha256 = "1qwjkb56rsbk0hwhg7fl15d6sf580a19gh778zcdg374j4yym3hh";
+  };
+
+  buildInputs = [ doxygen ];
+
+  passthru = {
+    majorVersion = "2";
+    minorVersion = "8";
   };
 
   meta = {
diff --git a/pkgs/servers/mpd/default.nix b/pkgs/servers/mpd/default.nix
index 43da84dcb819..238176aadff9 100644
--- a/pkgs/servers/mpd/default.nix
+++ b/pkgs/servers/mpd/default.nix
@@ -34,8 +34,8 @@ in stdenv.mkDerivation rec {
   };
 
   buildInputs = [ pkgconfig glib ]
-    ++ opt (!stdenv.isDarwin) systemd
-    ++ opt (!stdenv.isDarwin && alsaSupport) alsaLib
+    ++ opt stdenv.isLinux systemd
+    ++ opt (stdenv.isLinux && alsaSupport) alsaLib
     ++ opt flacSupport flac
     ++ opt vorbisSupport libvorbis
     # using libmad to decode mp3 files on darwin is causing a segfault -- there
@@ -81,7 +81,7 @@ in stdenv.mkDerivation rec {
       (mkFlag mpg123Support "mpg123")
       (mkFlag aacSupport "aac")
       "--enable-debugging" ]
-    ++ opt (!stdenv.isDarwin)
+    ++ opt stdenv.isLinux
       "--with-systemdsystemunitdir=$(out)/etc/systemd/system";
 
   NIX_LDFLAGS = ''
diff --git a/pkgs/servers/nosql/riak/1.3.1.nix b/pkgs/servers/nosql/riak/1.3.1.nix
index c71283570e0f..ccac6e331fdc 100644
--- a/pkgs/servers/nosql/riak/1.3.1.nix
+++ b/pkgs/servers/nosql/riak/1.3.1.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, unzip, erlang }:
+{ stdenv, fetchurl, unzip, erlangR15B03 }:
 
 let
   srcs = {
@@ -15,7 +15,7 @@ in
 stdenv.mkDerivation rec {
   name = "riak-1.3.1";
 
-  buildInputs = [unzip erlang];
+  buildInputs = [unzip erlangR15B03];
 
   src = srcs.riak;
 
diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix
index 629dcb5bbce8..4b23cb4173c6 100644
--- a/pkgs/servers/pulseaudio/default.nix
+++ b/pkgs/servers/pulseaudio/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
 
   # Since `libpulse*.la' contain `-lgdbm' and `-lcap', it must be propagated.
   propagatedBuildInputs
-    = [ gdbm ] ++ stdenv.lib.optionals (!stdenv.isDarwin) [ libcap ];
+    = [ gdbm ] ++ stdenv.lib.optionals stdenv.isLinux [ libcap ];
 
   buildInputs =
     [ pkgconfig gnum4 libtool intltool glib dbus avahi libsamplerate libsndfile
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
     ++ stdenv.lib.optional jackaudioSupport jackaudio
     ++ stdenv.lib.optionals x11Support [ xlibs.xlibs xlibs.libXtst xlibs.libXi ]
     ++ stdenv.lib.optional useSystemd systemd
-    ++ stdenv.lib.optionals (!stdenv.isDarwin) [ alsaLib bluez sbc udev ];
+    ++ stdenv.lib.optionals stdenv.isLinux [ alsaLib bluez sbc udev ];
 
   preConfigure = ''
     # Move the udev rules under $(prefix).
diff --git a/pkgs/servers/sabnzbd/default.nix b/pkgs/servers/sabnzbd/default.nix
index 599f6ee31f3e..ace96fbed637 100644
--- a/pkgs/servers/sabnzbd/default.nix
+++ b/pkgs/servers/sabnzbd/default.nix
@@ -14,6 +14,6 @@ stdenv.mkDerivation {
   builder = ./builder.sh;
   
   meta = {
-    description = "Usenet NZB downloader, par2 repairer and auto extracting server.";
+    description = "Usenet NZB downloader, par2 repairer and auto extracting server";
   };
 }
diff --git a/pkgs/servers/sql/mysql51/default.nix b/pkgs/servers/sql/mysql/5.1.x.nix
index b0f125faef7a..c210c9965327 100644
--- a/pkgs/servers/sql/mysql51/default.nix
+++ b/pkgs/servers/sql/mysql/5.1.x.nix
@@ -3,11 +3,11 @@
 # Note: zlib is not required; MySQL can use an internal zlib.
 
 stdenv.mkDerivation rec {
-  name = "mysql-5.1.69";
+  name = "mysql-5.1.72";
 
   src = fetchurl {
     url = "http://cdn.mysql.com/Downloads/MySQL-5.1/${name}.tar.gz";
-    md5 = "06bbb6a11a2cbe042f80dbd333ff9f12";
+    md5 = "ed79cd48e3e7402143548917813cdb80";
   };
 
   buildInputs = [ncurses zlib perl openssl] ++ stdenv.lib.optional stdenv.isLinux ps;
diff --git a/pkgs/servers/sql/mysql55/default.nix b/pkgs/servers/sql/mysql/5.5.x.nix
index 898acc1ba493..bd30b7db75ff 100644
--- a/pkgs/servers/sql/mysql55/default.nix
+++ b/pkgs/servers/sql/mysql/5.5.x.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "mysql-${version}";
-  version = "5.5.31";
+  version = "5.5.34";
 
   src = fetchurl {
     url = "http://cdn.mysql.com/Downloads/MySQL-5.5/${name}.tar.gz";
-    md5 = "bf402cbd52a9af33e5c25b2a4bbc56db";
+    md5 = "930970a42d51e48599deb7fe01778a4a";
   };
 
   buildInputs = [ cmake bison ncurses openssl readline zlib ]
diff --git a/pkgs/servers/sql/mysql51/abi_check.patch b/pkgs/servers/sql/mysql/abi_check.patch
index e9f9cfdc9d95..e9f9cfdc9d95 100644
--- a/pkgs/servers/sql/mysql51/abi_check.patch
+++ b/pkgs/servers/sql/mysql/abi_check.patch
diff --git a/pkgs/servers/sql/mysql/default.nix b/pkgs/servers/sql/mysql/default.nix
deleted file mode 100644
index 3a13aa323a19..000000000000
--- a/pkgs/servers/sql/mysql/default.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{stdenv, fetchurl, ps, ncurses, zlib ? null, perl}:
-
-# Note: zlib is not required; MySQL can use an internal zlib.
-
-stdenv.mkDerivation {
-  name = "mysql-4.1.18";
-
-  src = fetchurl {
-    url = http://downloads.mysql.com/archives/mysql-4.1/mysql-4.1.18.tar.gz;
-    md5 = "a2db4edb3e1e3b8e0f8c2242225ea513";
-  };
-
-  buildInputs = [ps ncurses zlib perl];
-
-  configureFlags = "--enable-thread-safe-client";
-}
diff --git a/pkgs/servers/sql/mysql5/default.nix b/pkgs/servers/sql/mysql5/default.nix
deleted file mode 100644
index 908ae3fc70c6..000000000000
--- a/pkgs/servers/sql/mysql5/default.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{stdenv, fetchurl, ps, ncurses, zlib, perl, openssl}:
-
-# Note: zlib is not required; MySQL can use an internal zlib.
-
-stdenv.mkDerivation {
-  name = "mysql-5.0.77";
-
-  src = fetchurl {
-    url = http://downloads.mysql.com/archives/mysql-5.0/mysql-5.0.77.tar.gz;
-    sha256 = "1s0m991aynim8ny28cfwhjw0ly8j5d72xi00461w6yc2hlaijcd9";
-  };
-
-  buildInputs = [ps ncurses zlib perl openssl];
-  
-  configureFlags = "--enable-thread-safe-client --with-openssl=${openssl} --with-berkeley-db --with-embedded-server" +
-    (if stdenv.system == "x86_64-linux" then " --with-lib-ccflags=-fPIC" else "");
-
-  NIX_CFLAGS_COMPILE = if stdenv.system == "x86_64-linux" then "-fPIC" else "";
-  
-  NIX_CFLAGS_CXXFLAGS = if stdenv.system == "x86_64-linux" then "-fPIC" else "";
-
-  NIX_LDFLAGS = stdenv.lib.optionalString stdenv.isLinux "-lgcc_s";
-
-  postInstall =
-    ''
-      ln -s mysqld_safe $out/bin/mysqld
-      rm -rf $out/mysql-test $out/sql-bench $out/share/info
-    '';
-
-  meta = {
-    homepage = http://www.mysql.com/;
-    description = "The world's most popular open source database";
-  };
-}
diff --git a/pkgs/servers/sql/postgresql/8.4.x.nix b/pkgs/servers/sql/postgresql/8.4.x.nix
index c8597def61e9..a99d7536a8a2 100644
--- a/pkgs/servers/sql/postgresql/8.4.x.nix
+++ b/pkgs/servers/sql/postgresql/8.4.x.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl, zlib, ncurses, readline }:
 
-let version = "8.4.17"; in
+let version = "8.4.18"; in
 
 stdenv.mkDerivation rec {
   name = "postgresql-${version}";
 
   src = fetchurl {
     url = "mirror://postgresql/source/v${version}/${name}.tar.bz2";
-    sha256 = "0dh4rn4q2amqjwmjjiya99bz1ph3lx45j5brnpwdjd9mxhs4r26w";
+    sha256 = "c08e5e93dac9d484019a07ff91db9f224350b90ef4be1543e33282cc20daf872";
   };
 
   buildInputs = [ zlib ncurses readline ];
diff --git a/pkgs/servers/sql/postgresql/9.0.x.nix b/pkgs/servers/sql/postgresql/9.0.x.nix
index ea25cf0d476c..3810eeba72c5 100644
--- a/pkgs/servers/sql/postgresql/9.0.x.nix
+++ b/pkgs/servers/sql/postgresql/9.0.x.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl, zlib, readline }:
 
-let version = "9.0.13"; in
+let version = "9.0.14"; in
 
 stdenv.mkDerivation rec {
   name = "postgresql-${version}";
 
   src = fetchurl {
     url = "mirror://postgresql/source/v${version}/${name}.tar.bz2";
-    sha256 = "0xwrmwrx0pm21w3ifrqcmb8k2sa46w491ff3gqqfxynyk78a9bji";
+    sha256 = "de42b669cb891fc9b925406e71d1669ed5c856aae6d552ac6f14bf6dec0b79f1";
   };
 
   buildInputs = [ zlib readline ];
diff --git a/pkgs/servers/sql/postgresql/9.1.x.nix b/pkgs/servers/sql/postgresql/9.1.x.nix
index b9436cb4b083..65a969b4db0e 100644
--- a/pkgs/servers/sql/postgresql/9.1.x.nix
+++ b/pkgs/servers/sql/postgresql/9.1.x.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl, zlib, readline }:
 
-let version = "9.1.9"; in
+let version = "9.1.10"; in
 
 stdenv.mkDerivation rec {
   name = "postgresql-${version}";
 
   src = fetchurl {
     url = "mirror://postgresql/source/v${version}/${name}.tar.bz2";
-    sha256 = "1n1dc1kqc487dylc22iq1j8sn93jxbqm2g4b5rr0i4q0h7hk7998";
+    sha256 = "8329bcd160fcb76ee8c79676f6c979a94069ca5c108449fbb365e1ea98f92b77";
   };
 
   buildInputs = [ zlib readline ];
diff --git a/pkgs/servers/sql/postgresql/9.2.x.nix b/pkgs/servers/sql/postgresql/9.2.x.nix
index 46a6aa0c032c..46b7e7ff3c57 100644
--- a/pkgs/servers/sql/postgresql/9.2.x.nix
+++ b/pkgs/servers/sql/postgresql/9.2.x.nix
@@ -1,13 +1,13 @@
 { stdenv, fetchurl, zlib, readline }:
 
-let version = "9.2.4"; in
+let version = "9.2.5"; in
 
 stdenv.mkDerivation rec {
   name = "postgresql-${version}";
 
   src = fetchurl {
     url = "mirror://postgresql/source/v${version}/${name}.tar.bz2";
-    sha256 = "14xfzw3hb2fn60c438v3j7wa65jjm2pnmx4qb4i4ji4am0cdjzfr";
+    sha256 = "22c1edfd6a404bb15fba655863e94f09a10716ded1910a8bc98ee85f413007a4";
   };
 
   buildInputs = [ zlib readline ];
diff --git a/pkgs/servers/sql/virtuoso/default.nix b/pkgs/servers/sql/virtuoso/6.x.nix
index 9453b8d2cdb2..9453b8d2cdb2 100644
--- a/pkgs/servers/sql/virtuoso/default.nix
+++ b/pkgs/servers/sql/virtuoso/6.x.nix
diff --git a/pkgs/servers/sql/virtuoso/7.x.nix b/pkgs/servers/sql/virtuoso/7.x.nix
new file mode 100644
index 000000000000..630095782fa4
--- /dev/null
+++ b/pkgs/servers/sql/virtuoso/7.x.nix
@@ -0,0 +1,35 @@
+{ stdenv, fetchurl, libxml2, openssl, readline, gawk }:
+
+stdenv.mkDerivation rec {
+  name = "virtuoso-opensource-7.0.0";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/virtuoso/${name}.tar.gz";
+    sha256 = "1z0jdzayv45y57jj8kii6csqfjhswcs8s2krqqfhab54xy6gynbl";
+  };
+
+  buildInputs = [ libxml2 openssl readline gawk ];
+
+  CPP = "${stdenv.gcc}/bin/gcc -E";
+
+  configureFlags = "
+    --enable-shared --disable-all-vads --with-readline=${readline}
+    --disable-hslookup --disable-wbxml2 --without-iodbc
+    --enable-openssl=${openssl}
+    ";
+
+  postInstall=''
+    echo Moving documentation
+    mkdir -pv $out/share/doc
+    mv -v $out/share/virtuoso/doc $out/share/doc/${name}
+    echo Removing jars and empty directories
+    find $out -name "*.a" -delete -o -name "*.jar" -delete -o -type d -empty -delete
+    '';
+  
+  meta = with stdenv.lib; {
+    description = "SQL/RDF database used by, e.g., KDE-nepomuk";
+    homepage = http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/;
+    platforms = platforms.all;
+    maintainers = [ maintainers.urkud ];
+  };
+}
diff --git a/pkgs/servers/varnish/default.nix b/pkgs/servers/varnish/default.nix
index 528c03e3aa38..8d0f3b306f26 100644
--- a/pkgs/servers/varnish/default.nix
+++ b/pkgs/servers/varnish/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ pcre libxslt groff ncurses pkgconfig ];
 
   meta = {
-    description = "Varnish Cache is a web application accelerator also known as a caching HTTP reverse proxy.";
+    description = "Web application accelerator also known as a caching HTTP reverse proxy";
     homepage = "https://www.varnish-cache.org";
     license = stdenv.lib.licenses.bsd2;
     maintainers = [ stdenv.lib.maintainers.garbas ];
diff --git a/pkgs/servers/x11/xorg/overrides.nix b/pkgs/servers/x11/xorg/overrides.nix
index 7286f71a8dcc..fb8b5856ecb1 100644
--- a/pkgs/servers/x11/xorg/overrides.nix
+++ b/pkgs/servers/x11/xorg/overrides.nix
@@ -185,7 +185,11 @@ in
       "--with-default-font-path= "  # there were only paths containing "${prefix}",
                                     # and there are no fonts in this package anyway
     ];
-    patches = [./xorgserver-dri-path.patch ./xorgserver-xkbcomp-path.patch];
+    patches =
+      [ ./xorgserver-dri-path.patch
+        ./xorgserver-xkbcomp-path.patch
+        ./xorgserver-cve-2013-4396.patch
+      ];
     buildInputs = attrs.buildInputs ++ [ xtrans ];
     propagatedBuildInputs =
       [ args.zlib args.udev args.mesa args.dbus.libs
diff --git a/pkgs/servers/x11/xorg/xorgserver-cve-2013-4396.patch b/pkgs/servers/x11/xorg/xorgserver-cve-2013-4396.patch
new file mode 100644
index 000000000000..4b6727e61c05
--- /dev/null
+++ b/pkgs/servers/x11/xorg/xorgserver-cve-2013-4396.patch
@@ -0,0 +1,75 @@
+From 7bddc2ba16a2a15773c2ea8947059afa27727764 Mon Sep 17 00:00:00 2001
+From: Alan Coopersmith <alan.coopersmith@oracle.com>
+Date: Mon, 16 Sep 2013 21:47:16 -0700
+Subject: [PATCH] Avoid use-after-free in dix/dixfonts.c: doImageText()
+ [CVE-2013-4396]
+
+Save a pointer to the passed in closure structure before copying it
+and overwriting the *c pointer to point to our copy instead of the
+original.  If we hit an error, once we free(c), reset c to point to
+the original structure before jumping to the cleanup code that
+references *c.
+
+Since one of the errors being checked for is whether the server was
+able to malloc(c->nChars * itemSize), the client can potentially pass
+a number of characters chosen to cause the malloc to fail and the
+error path to be taken, resulting in the read from freed memory.
+
+Since the memory is accessed almost immediately afterwards, and the
+X server is mostly single threaded, the odds of the free memory having
+invalid contents are low with most malloc implementations when not using
+memory debugging features, but some allocators will definitely overwrite
+the memory there, leading to a likely crash.
+
+Reported-by: Pedro Ribeiro <pedrib@gmail.com>
+Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
+Reviewed-by: Julien Cristau <jcristau@debian.org>
+---
+ dix/dixfonts.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/dix/dixfonts.c b/dix/dixfonts.c
+index feb765d..2e34d37 100644
+--- a/dix/dixfonts.c
++++ b/dix/dixfonts.c
+@@ -1425,6 +1425,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+             GC *pGC;
+             unsigned char *data;
+             ITclosurePtr new_closure;
++            ITclosurePtr old_closure;
+ 
+             /* We're putting the client to sleep.  We need to
+                save some state.  Similar problem to that handled
+@@ -1436,12 +1437,14 @@ doImageText(ClientPtr client, ITclosurePtr c)
+                 err = BadAlloc;
+                 goto bail;
+             }
++            old_closure = c;
+             *new_closure = *c;
+             c = new_closure;
+ 
+             data = malloc(c->nChars * itemSize);
+             if (!data) {
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+@@ -1452,6 +1455,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+             if (!pGC) {
+                 free(c->data);
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+@@ -1464,6 +1468,7 @@ doImageText(ClientPtr client, ITclosurePtr c)
+                 FreeScratchGC(pGC);
+                 free(c->data);
+                 free(c);
++                c = old_closure;
+                 err = BadAlloc;
+                 goto bail;
+             }
+-- 
+1.7.9.2
diff --git a/pkgs/shells/fish/default.nix b/pkgs/shells/fish/default.nix
index 091da2c68f0d..7beca2109ea6 100644
--- a/pkgs/shells/fish/default.nix
+++ b/pkgs/shells/fish/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, autoconf, ncurses, which }:
+{ stdenv, fetchurl, autoconf, ncurses, which, groff, gettext }:
 
 stdenv.mkDerivation rec {
   name = "fish-2.0.0";
@@ -16,7 +16,18 @@ stdenv.mkDerivation rec {
     autoconf
   '';
 
-  meta = {
-    homepage = http://fishshell.com;
+  postInstall = ''
+    sed -i "s|which |command -v |" "$out/share/fish/functions/type.fish"
+    sed -i "s|nroff |${groff}/bin/nroff |" "$out/share/fish/functions/__fish_print_help.fish"
+    sed -e "s|gettext |${gettext}/bin/gettext |" \
+        -e "s|which |command -v |" \
+        -i "$out/share/fish/functions/_.fish"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Smart and user-friendly command line shell";
+    homepage = http://fishshell.com/;
+    license = licenses.gpl2;
+    platforms = platforms.linux;
   };
 }
\ No newline at end of file
diff --git a/pkgs/shells/ipython/default.nix b/pkgs/shells/ipython/default.nix
index 79c61b8ed233..b9b9129cb486 100644
--- a/pkgs/shells/ipython/default.nix
+++ b/pkgs/shells/ipython/default.nix
@@ -13,12 +13,12 @@ assert qtconsoleSupport == true -> pyqt4 != null;
 assert pylabQtSupport == true -> pyqt4 != null && sip != null;
 
 buildPythonPackage rec {
-  name = "ipython-1.0.0";
+  name = "ipython-1.1.0";
   namePrefix = "";
 
   src = fetchurl {
     url = "http://pypi.python.org/packages/source/i/ipython/${name}.tar.gz";
-    sha256 = "074i08a1zr7wjpqc7rm0k3rnq0laf0gjrcxlfvvb3qc48wdm41qd";
+    sha256 = "1glivwy7k2dciy0y5i39syngip84nrqhpggn4glmpd2s49jllkkc";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix
index 9b8fd5615e70..f8aff33a327f 100644
--- a/pkgs/stdenv/generic/default.nix
+++ b/pkgs/stdenv/generic/default.nix
@@ -14,7 +14,7 @@ else
 
 let
 
-  lib = import ../../lib;
+  lib = import ../../../lib;
 
   allowUnfree = config.allowUnfree or true && builtins.getEnv "HYDRA_DISALLOW_UNFREE" != "1";
 
@@ -49,7 +49,7 @@ let
         # Add a utility function to produce derivations that use this
         # stdenv and its shell.
         mkDerivation = attrs:
-          if !allowUnfree && (let l = attrs.meta.license or ""; in l == "unfree" || l == "unfree-redistributable") then
+          if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then
             throw "package ‘${attrs.name}’ has an unfree license, refusing to evaluate"
           else
             lib.addPassthru (derivation (
diff --git a/pkgs/tools/X11/arandr/default.nix b/pkgs/tools/X11/arandr/default.nix
new file mode 100644
index 000000000000..8c3886cebff3
--- /dev/null
+++ b/pkgs/tools/X11/arandr/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, fetchurl, python, xrandr, pythonPackages }:
+
+pythonPackages.buildPythonPackage rec {
+  name = "arandr-0.1.7.1";
+
+  src = fetchurl {
+    url = "http://christian.amsuess.com/tools/arandr/files/${name}.tar.gz";
+    sha256 = "1nj84ww1kf024n5xgxwqmzscv8i1gixx7nmg05dbjj2xs28alwxb";
+  };
+
+  buildPhase = ''
+    rm -rf data/po/*
+    python setup.py build
+  '';
+
+  # no tests
+  doCheck = false;
+
+  buildInputs = [pythonPackages.docutils];
+  propagatedBuildInputs = [ xrandr pythonPackages.pygtk ];
+
+  meta = {
+    homepage = http://christian.amsuess.com/tools/arandr/;
+    description = "A simple visual front end for XRandR";
+    license = stdenv.lib.licenses.gpl3;
+    maintainers = [ stdenv.lib.maintainers.iElectric ];
+  };
+}
diff --git a/pkgs/tools/X11/autocutsel/default.nix b/pkgs/tools/X11/autocutsel/default.nix
index f4776933e53d..bc7679b1670e 100644
--- a/pkgs/tools/X11/autocutsel/default.nix
+++ b/pkgs/tools/X11/autocutsel/default.nix
@@ -19,7 +19,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.nongnu.org/autocutsel/";
-    description = "Autocutsel tracks changes in the server's cutbuffer and CLIPBOARD selection.";
+    description = "Tracks changes in the server's cutbuffer and CLIPBOARD selection";
     license = "GPLv2+";
     platforms = with stdenv.lib.platforms; all;
   };
diff --git a/pkgs/tools/X11/bgs/default.nix b/pkgs/tools/X11/bgs/default.nix
new file mode 100644
index 000000000000..0c6951aa3e76
--- /dev/null
+++ b/pkgs/tools/X11/bgs/default.nix
@@ -0,0 +1,24 @@
+{stdenv, fetchurl, libX11, libXinerama, imlib2}:
+
+stdenv.mkDerivation rec {
+
+  name = "bgs-${version}";
+  version = "0.5";
+
+  src = fetchurl {
+    url = "https://github.com/Gottox/bgs/archive/${version}.tar.gz";
+    sha256 = "67fe16e3483f30f940005856fbb3246e1f99cf58371470e0d6668a27acbaefb9";
+  };
+
+  buildInputs = [ libX11 libXinerama imlib2 ];
+
+  preConfigure = ''sed -i "s@PREFIX = /usr/local@PREFIX = $out@g" config.mk'';
+
+  meta = { 
+      description = "Extremely fast and small background setter for X";
+      license = "MIT";
+      platforms = with stdenv.lib.platforms; all;
+      maintainers = with stdenv.lib.maintainers; [pSub]; 
+  };
+}
+
diff --git a/pkgs/tools/X11/keynav/default.nix b/pkgs/tools/X11/keynav/default.nix
index 19de62990e2c..02b6321d18c8 100644
--- a/pkgs/tools/X11/keynav/default.nix
+++ b/pkgs/tools/X11/keynav/default.nix
@@ -20,6 +20,6 @@ stdenv.mkDerivation rec {
     '';
 
   meta = {
-    description = "A tool to generate X11 mouse clicks from keyboard.";
+    description = "Generate X11 mouse clicks from keyboard";
   };
 }
diff --git a/pkgs/tools/X11/winswitch/default.nix b/pkgs/tools/X11/winswitch/default.nix
index b53db509dafe..bd160940b573 100644
--- a/pkgs/tools/X11/winswitch/default.nix
+++ b/pkgs/tools/X11/winswitch/default.nix
@@ -38,6 +38,8 @@ let
     '';
 
     doCheck = false;
+
+    meta.platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 in stdenv.lib.overrideDerivation base (b: {
   postFixup = b.postFixup + ''
diff --git a/pkgs/tools/X11/x2x/default.nix b/pkgs/tools/X11/x2x/default.nix
index 5d68e1da1ba9..237ea6140599 100644
--- a/pkgs/tools/X11/x2x/default.nix
+++ b/pkgs/tools/X11/x2x/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "x2x allows the keyboard, mouse on one X display to be used to control another X display.";
+    description = "Allows the keyboard, mouse on one X display to be used to control another X display";
     homepage = http://x2x.dottedmag.net;
     license = "BSD";
   };
diff --git a/pkgs/tools/X11/xpra/default.nix b/pkgs/tools/X11/xpra/default.nix
index 71c5d5f3a44e..b8995430f92a 100644
--- a/pkgs/tools/X11/xpra/default.nix
+++ b/pkgs/tools/X11/xpra/default.nix
@@ -40,5 +40,6 @@ buildPythonPackage rec {
   meta = {
     homepage = http://xpra.org/;
     description = "Persistent remote applications for X";
+    platforms = stdenv.lib.platforms.mesaPlatforms;
   };
 }
diff --git a/pkgs/tools/admin/analog/default.nix b/pkgs/tools/admin/analog/default.nix
index debd6e4c2b77..ec139e7240d3 100644
--- a/pkgs/tools/admin/analog/default.nix
+++ b/pkgs/tools/admin/analog/default.nix
@@ -30,7 +30,7 @@ stdenv.mkDerivation {
   meta = {
     homepage = "http://www.analog.cx/";
     license = "GPL";
-    description = "a powerful tool to generate web server statistics";
+    description = "Powerful tool to generate web server statistics";
     maintainers = [ stdenv.lib.maintainers.simons ];
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/tools/archivers/zpaq/default.nix b/pkgs/tools/archivers/zpaq/default.nix
index 6b04fe172687..3159bae1826f 100644
--- a/pkgs/tools/archivers/zpaq/default.nix
+++ b/pkgs/tools/archivers/zpaq/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="zpaq";
-    version="625";
+    version="642";
     name="${baseName}-${version}";
-    hash="0d3ly8l6mzbqxkg68yz7mid3dr056fgr5n49rlkjwcfg533c5gwx";
-    url="http://mattmahoney.net/dc/zpaq625.zip";
-    sha256="0d3ly8l6mzbqxkg68yz7mid3dr056fgr5n49rlkjwcfg533c5gwx";
+    hash="020nd5gzzynhccldbf1kh4x1cc3445b7ig2cl30xvxaz16h1r2p5";
+    url="http://mattmahoney.net/dc/zpaq642.zip";
+    sha256="020nd5gzzynhccldbf1kh4x1cc3445b7ig2cl30xvxaz16h1r2p5";
   };
   buildInputs = [
     unzip
@@ -29,14 +29,13 @@ stdenv.mkDerivation {
   };
   sourceRoot = ".";
   buildPhase = ''
-    g++ -shared -O3 libzpaq.cpp divsufsort.c ${compileFlags} -o libzpaq.so
-    g++ -O3 -L. -L"$out/lib" -lzpaq zpaq.cpp -o zpaq
-    g++ -O3 -L. -L"$out/lib" -lzpaq zpaqd.cpp -o zpaqd
+    g++ -shared -O3 libzpaq.cpp ${compileFlags} -o libzpaq.so
+    g++ -O3 -L. -L"$out/lib" -lzpaq divsufsort.c zpaq.cpp -o zpaq
   '';
   installPhase = ''
     mkdir -p "$out"/{bin,include,lib,share/doc/zpaq}
     cp libzpaq.so "$out/lib"
-    cp zpaq zpaqd "$out/bin"
+    cp zpaq "$out/bin"
     cp libzpaq.h divsufsort.h "$out/include"
     cp readme.txt "$out/share/doc/zpaq"
   '';
diff --git a/pkgs/tools/archivers/zpaq/zpaqd.nix b/pkgs/tools/archivers/zpaq/zpaqd.nix
new file mode 100644
index 000000000000..cfb76d2ff9bf
--- /dev/null
+++ b/pkgs/tools/archivers/zpaq/zpaqd.nix
@@ -0,0 +1,49 @@
+{stdenv, fetchurl, unzip}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="zpaqd";
+    version="633";
+    name="${baseName}-${version}";
+    hash="00zgc4mcmsd3d4afgzmrp6ymcyy8gb9kap815d5a3f9zhhzkz4dx";
+    url="http://mattmahoney.net/dc/zpaqd633.zip";
+    sha256="00zgc4mcmsd3d4afgzmrp6ymcyy8gb9kap815d5a3f9zhhzkz4dx";
+  };
+  buildInputs = [
+    unzip
+  ];
+  isUnix = stdenv.isLinux || stdenv.isGNU || stdenv.isDarwin || stdenv.isBSD;
+  isx86 = stdenv.isi686 || stdenv.isx86_64;
+  compileFlags = ""
+    + (stdenv.lib.optionalString isUnix " -Dunix -pthread ")
+    + (stdenv.lib.optionalString (!isx86) " -DNOJIT ")
+    + " -DNDEBUG "
+    + " -fPIC "
+    ;
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  sourceRoot = ".";
+  buildPhase = ''
+    g++ -shared -O3 libzpaq.cpp ${compileFlags} -o libzpaq.so
+    g++ -O3 -L. -L"$out/lib" -lzpaq zpaqd.cpp -o zpaqd
+  '';
+  installPhase = ''
+    mkdir -p "$out"/{bin,include,lib,share/doc/zpaq}
+    cp libzpaq.so "$out/lib"
+    cp zpaqd "$out/bin"
+    cp libzpaq.h "$out/include"
+    cp readme_zpaqd.txt "$out/share/doc/zpaq"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''ZPAQ archiver decompressor and algorithm development tool'';
+    license = stdenv.lib.licenses.gpl3Plus ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/tools/archivers/zpaq/zpaqd.upstream b/pkgs/tools/archivers/zpaq/zpaqd.upstream
new file mode 100644
index 000000000000..ef83c58e4600
--- /dev/null
+++ b/pkgs/tools/archivers/zpaq/zpaqd.upstream
@@ -0,0 +1,5 @@
+url http://mattmahoney.net/dc/zpaqutil.html
+version_link 'zpaqd[0-9]+[.]zip'
+version "[^0-9]*([0-9]+)[^0-9]*" '\1'
+name zpaqd
+attribute_name zpaqd
diff --git a/pkgs/tools/backup/httrack/default.nix b/pkgs/tools/backup/httrack/default.nix
index ecdf40be0a5a..c02a16d821ac 100644
--- a/pkgs/tools/backup/httrack/default.nix
+++ b/pkgs/tools/backup/httrack/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://www.httrack.com";
-    description = "HTTrack is a free (GPL, libre/free software) and easy-to-use offline browser utility.";
+    description = "Easy-to-use offline browser utility";
     license = "GPL";
   };
 }
diff --git a/pkgs/tools/backup/obnam/default.nix b/pkgs/tools/backup/obnam/default.nix
index 69927e015827..6d550e95a9df 100644
--- a/pkgs/tools/backup/obnam/default.nix
+++ b/pkgs/tools/backup/obnam/default.nix
@@ -18,7 +18,7 @@ pythonPackages.buildPythonPackage rec {
 
   meta = {
     homepage = http://liw.fi/obnam/;
-    description = "A backup program supporting deduplication, compression and encryption.";
+    description = "Backup program supporting deduplication, compression and encryption";
     maintainers = [ stdenv.lib.maintainers.rickynils ];
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/tools/backup/rsnapshot/default.nix b/pkgs/tools/backup/rsnapshot/default.nix
index 3da2fad21f29..9b147d68230f 100644
--- a/pkgs/tools/backup/rsnapshot/default.nix
+++ b/pkgs/tools/backup/rsnapshot/default.nix
@@ -1,10 +1,25 @@
-{fetchurl, stdenv, perl, openssh, rsync, logger}:
+{ fetchurl, stdenv, writeText, perl, openssh, rsync, logger,
+  configFile ? "/etc/rsnapshot.conf" }:
 
+let patch = writeText "rsnapshot-config.patch" ''
+--- rsnapshot-program.pl	2013-10-05 20:31:08.715991442 +0200
++++ rsnapshot-program.pl	2013-10-05 20:31:42.496193633 +0200
+@@ -383,7 +383,7 @@
+ 	}
+ 	
+ 	# set global variable
+-	$config_file = $default_config_file;
++	$config_file = '${configFile}';
+ }
+ 
+ # accepts no args
+'';
+in
 stdenv.mkDerivation rec {
-  name = "rsnapshot-1.3.0";
+  name = "rsnapshot-1.3.1";
   src = fetchurl {
     url = "mirror://sourceforge/rsnapshot/${name}.tar.gz";
-    sha256 = "19p35ycm73a8vd4ccjpah18h5jagvcr11rqca6ya87sg8k0a5h9z";
+    sha256 = "0pn7vlg3yxl7xrvfwmp4zlrg3cckmlldq6qr5bs3b2b281zcgdll";
   };
 
   propagatedBuildInputs = [perl openssh rsync logger];
@@ -12,6 +27,7 @@ stdenv.mkDerivation rec {
   patchPhase = ''
     substituteInPlace "Makefile.in" --replace \
       "/usr/bin/pod2man" "${perl}/bin/pod2man"
+    patch -p0 <${patch}
   '';
 
   meta = {
diff --git a/pkgs/tools/compression/gzrt/default.nix b/pkgs/tools/compression/gzrt/default.nix
new file mode 100644
index 000000000000..44073f84a5d8
--- /dev/null
+++ b/pkgs/tools/compression/gzrt/default.nix
@@ -0,0 +1,23 @@
+{ stdenv, fetchurl, zlib }:
+
+stdenv.mkDerivation rec {
+  name = "gzrt-0.8";
+
+  src = fetchurl {
+    url = "http://www.urbanophile.com/arenn/coding/gzrt/${name}.tar.gz";
+    sha256 = "1vhzazj47xfpbfhzkwalz27cc0n5gazddmj3kynhk0yxv99xrdxh";
+  };
+
+  buildInputs = [ zlib ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp gzrecover $out/bin
+  '';
+
+  meta = {
+    homepage = http://www.urbanophile.com/arenn/hacking/gzrt/;
+    description = "The gzip Recovery Toolkit";
+    license = stdenv.lib.licenses.gpl3;
+  };
+}
diff --git a/pkgs/tools/compression/lrzip/default.nix b/pkgs/tools/compression/lrzip/default.nix
index 23b516e32e4d..6fd1ae97d960 100644
--- a/pkgs/tools/compression/lrzip/default.nix
+++ b/pkgs/tools/compression/lrzip/default.nix
@@ -1,12 +1,12 @@
 {stdenv, fetchurl, zlib, lzo, bzip2, nasm, perl}:
 
 stdenv.mkDerivation rec {
-  version = "0.614";
+  version = "0.616";
   name = "lrzip-${version}";
 
   src = fetchurl {
     url = "http://ck.kolivas.org/apps/lrzip/${name}.tar.bz2";
-    sha256 = "16i6mz2z6gx8xiva7zb0j78yvkwq1bjbdkl7w3i10195ll097ad8";
+    sha256 = "1bimlbsfzjvippbma08ifm1grcy9i7avryrkdvnvrfyqnj6mlbcq";
   };
 
   buildInputs = [ zlib lzo bzip2 nasm perl ];
diff --git a/pkgs/tools/filesystems/archivemount/default.nix b/pkgs/tools/filesystems/archivemount/default.nix
index c05d2e98af32..8c7593121bbe 100644
--- a/pkgs/tools/filesystems/archivemount/default.nix
+++ b/pkgs/tools/filesystems/archivemount/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation {
   buildInputs = [ pkgconfig fuse libarchive ];
 
   meta = {
-    description = "Gateway between FUSE and libarchive: allows mounting of cpio, .tar.gz, .tar.bz2 archives.";
+    description = "Gateway between FUSE and libarchive: allows mounting of cpio, .tar.gz, .tar.bz2 archives";
     license = "GPL2";
 
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/tools/filesystems/btrfsprogs/default.nix b/pkgs/tools/filesystems/btrfsprogs/default.nix
index 9c8d18231f0f..0661755d2e17 100644
--- a/pkgs/tools/filesystems/btrfsprogs/default.nix
+++ b/pkgs/tools/filesystems/btrfsprogs/default.nix
@@ -13,6 +13,9 @@ stdenv.mkDerivation {
 
   buildInputs = [ zlib libuuid acl attr e2fsprogs lzo ];
 
+  # for btrfs to get the rpath to libgcc_s, needed for pthread_cancel to work
+  NIX_CFLAGS_LINK = "-lgcc_s";
+
   postPatch = ''
     cp ${./btrfs-set-received-uuid.c} btrfs-set-received-uuid.c
   '';
diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index 712cd32d9c33..c01342511cc0 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, libuuid }:
 
 stdenv.mkDerivation rec {
-  name = "e2fsprogs-1.42.7";
+  name = "e2fsprogs-1.42.8";
 
   src = fetchurl {
     url = "mirror://sourceforge/e2fsprogs/${name}.tar.gz";
-    sha256 = "0ibkkvp6kan0hn0d1anq4n2md70j5gcm7mwna515w82xwyr02rfw";
+    sha256 = "b984aaf1fe888d6a4cf8c2e8d397207879599b5368f1d33232c1ec9d68d00c97";
   };
 
   buildInputs = [ pkgconfig libuuid ];
diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix
index 7cae84a19c71..9d4168b2d7da 100644
--- a/pkgs/tools/filesystems/glusterfs/default.nix
+++ b/pkgs/tools/filesystems/glusterfs/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information 
   rec {
     baseName="glusterfs";
-    version="3.3.1";
-    name="glusterfs-3.3.1";
-    hash="06bmnyl3vh8s21kk98idm2fl7kq38na94k5l67l9l1grl3iyzahr";
-    url="http://download.gluster.org/pub/gluster/glusterfs/3.3/3.3.1/glusterfs-3.3.1.tar.gz";
-    sha256="06bmnyl3vh8s21kk98idm2fl7kq38na94k5l67l9l1grl3iyzahr";
+    version="3.4.1";
+    name="${baseName}-${version}";
+    hash="0fdp3bifd7n20xlmsmj374pbp11k7np71f7ibzycsvmqqviv9wdm";
+    url="http://download.gluster.org/pub/gluster/glusterfs/3.4/3.4.1/glusterfs-3.4.1.tar.gz";
+    sha256="0fdp3bifd7n20xlmsmj374pbp11k7np71f7ibzycsvmqqviv9wdm";
   };
   buildInputs = [
     fuse bison flex openssl python ncurses readline
diff --git a/pkgs/tools/filesystems/netatalk/default.nix b/pkgs/tools/filesystems/netatalk/default.nix
new file mode 100644
index 000000000000..21a93774758f
--- /dev/null
+++ b/pkgs/tools/filesystems/netatalk/default.nix
@@ -0,0 +1,27 @@
+{ fetchurl, stdenv, pkgconfig, db48, libgcrypt, avahi, libiconv, pam, openssl }:
+
+stdenv.mkDerivation rec {
+  name = "netatalk-3.0.5";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/netatalk/netatalk/${name}.tar.bz2";
+    sha256 = "1adlcj509czxsx60r1s96qlznspp5nz7dxc5fws11danidr4fhl8";
+  };
+
+  buildInputs = [ pkgconfig db48 libgcrypt avahi libiconv pam openssl ];
+
+  configureFlags = [
+    "--with-bdb=${db48}"
+    "--with-openssl=${openssl}"
+  ];
+
+  enableParallelBuild = true;
+
+  meta = {
+    description = "Apple File Protocl Server";
+    homepage = http://netatalk.sourceforge.net/;
+    license = stdenv.lib.licenses.gpl3;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [ jcumming ];
+  };
+}
diff --git a/pkgs/tools/filesystems/nixpart/default.nix b/pkgs/tools/filesystems/nixpart/default.nix
index 2cd40bb08675..633f04320c37 100644
--- a/pkgs/tools/filesystems/nixpart/default.nix
+++ b/pkgs/tools/filesystems/nixpart/default.nix
@@ -24,5 +24,6 @@ in buildPythonPackage rec {
     description = "NixOS storage manager/partitioner";
     license = stdenv.lib.licenses.gpl2Plus;
     maintainers = [ stdenv.lib.maintainers.aszlig ];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/tools/graphics/argyllcms/default.nix b/pkgs/tools/graphics/argyllcms/default.nix
index 934a27ef25b7..d9eed4df224a 100644
--- a/pkgs/tools/graphics/argyllcms/default.nix
+++ b/pkgs/tools/graphics/argyllcms/default.nix
@@ -77,7 +77,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://www.argyllcms.com;
-    description = "An ICC compatible color management system";
+    description = "Color management system (compatible with ICC)";
     license = licenses.gpl3;
     maintainers = [ maintainers.rickynils ];
     platforms = platforms.linux;
diff --git a/pkgs/tools/graphics/asymptote/default.nix b/pkgs/tools/graphics/asymptote/default.nix
index e32a3901a92b..e9f61228bedb 100644
--- a/pkgs/tools/graphics/asymptote/default.nix
+++ b/pkgs/tools/graphics/asymptote/default.nix
@@ -11,11 +11,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="asymptote";
-    version="2.21";
-    name="asymptote-2.21";
-    hash="07lkj0xnxpanfscmbm30lw6j9484rlmmqpnl0mhs7nx9h2lczrjz";
-    url="mirror://sourceforge/project/asymptote/2.21/asymptote-2.21.src.tgz";
-    sha256="07lkj0xnxpanfscmbm30lw6j9484rlmmqpnl0mhs7nx9h2lczrjz";
+    version="2.24";
+    name="asymptote-2.24";
+    hash="0iypv3n89h8mx46b0c3msl0ldmg7fxf8v9fl4zy4sxfszazrvivl";
+    url="mirror://sourceforge/project/asymptote/2.24/asymptote-2.24.src.tgz";
+    sha256="0iypv3n89h8mx46b0c3msl0ldmg7fxf8v9fl4zy4sxfszazrvivl";
   };
   buildInputs = with a; [
     freeglut ghostscriptX imagemagick fftw boehmgc
diff --git a/pkgs/tools/graphics/cuneiform/default.nix b/pkgs/tools/graphics/cuneiform/default.nix
index 3c75af4bcf38..2638594903ab 100644
--- a/pkgs/tools/graphics/cuneiform/default.nix
+++ b/pkgs/tools/graphics/cuneiform/default.nix
@@ -36,6 +36,7 @@ rec {
 
   name = "cuneiform-" + version;
   meta = {
+    inherit version;
     description = "Cuneiform OCR";
   };
 }
diff --git a/pkgs/tools/graphics/ditaa/default.nix b/pkgs/tools/graphics/ditaa/default.nix
new file mode 100644
index 000000000000..86ff9ec8fae5
--- /dev/null
+++ b/pkgs/tools/graphics/ditaa/default.nix
@@ -0,0 +1,41 @@
+{ stdenv, fetchurl, unzip, jre }:
+
+stdenv.mkDerivation rec {
+  name = "ditaa-0.9";
+
+  src = fetchurl {
+    name = "${name}.zip";
+    url = "mirror://sourceforge/project/ditaa/ditaa/0.9/ditaa0_9.zip";
+    sha256 = "12g6k3hacvyw3s9pijli7vfnkspyp37qkr29qgbmq1hbp0ryk2fn";
+  };
+
+  buildInputs = [ unzip ];
+
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    unzip "$src"
+    
+    mkdir -p "$out/bin"
+    mkdir -p "$out/lib"
+    mkdir -p "$out/share/ditaa"
+
+    cp dita*.jar "$out/lib/ditaa.jar"
+    cp COPYING HISTORY "$out/share/ditaa"
+
+    cat > "$out/bin/ditaa" << EOF
+    #!${stdenv.shell}
+    exec ${jre}/bin/java -jar "$out/lib/ditaa.jar" "\$@"
+    EOF
+
+    chmod a+x "$out/bin/ditaa"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Convert ascii art diagrams into proper bitmap graphics";
+    homepage = http://ditaa.sourceforge.net/;
+    license = licenses.gpl2;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}
diff --git a/pkgs/tools/graphics/dmtx/default.nix b/pkgs/tools/graphics/dmtx/default.nix
index 29c6b5ebf795..74b1a2bf4edf 100644
--- a/pkgs/tools/graphics/dmtx/default.nix
+++ b/pkgs/tools/graphics/dmtx/default.nix
@@ -24,7 +24,7 @@ rec {
       
   name = "dmtx-" + version;
   meta = {
-    description = "DataMatrix (2D bar code) processing tools.";
+    description = "DataMatrix (2D bar code) processing tools";
     maintainers = [args.lib.maintainers.raskin];
     platforms = args.lib.platforms.linux;
   };
diff --git a/pkgs/tools/graphics/optipng/default.nix b/pkgs/tools/graphics/optipng/default.nix
index a7cb20ca1cf7..1b2fc6dbb90c 100644
--- a/pkgs/tools/graphics/optipng/default.nix
+++ b/pkgs/tools/graphics/optipng/default.nix
@@ -3,11 +3,11 @@
 # This package comes with its own copy of zlib, libpng and pngxtern
 
 stdenv.mkDerivation rec {
-  name = "optipng-0.6.5";
+  name = "optipng-0.7.4";
 
   src = fetchurl {
     url = "mirror://sourceforge/optipng/${name}.tar.gz";
-    sha256 = "0i2vpakj60bb0zgy4bynly2mwxiv5fq48yjqjzmrbnqwjh1y5619";
+    sha256 = "1zrphbz17rhhfl1l95q5s979rrhifbwczl2xj1fdrnq5jid5s2sj";
   };
 
   meta = {
diff --git a/pkgs/tools/graphics/pngquant/default.nix b/pkgs/tools/graphics/pngquant/default.nix
new file mode 100644
index 000000000000..560352c481ea
--- /dev/null
+++ b/pkgs/tools/graphics/pngquant/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchgit, libpng }:
+
+stdenv.mkDerivation rec {
+  name = "pngquant-${version}";
+  version = "2.0.1";
+
+  src = fetchgit {
+    url = https://github.com/pornel/pngquant.git;
+    rev = "refs/tags/${version}";
+    sha256 = "00mrv9wgxbwy517l8i4n7n3jpzirjdgi0zass3wj29i7xyipwlhf";
+  };
+
+  buildInputs = [ libpng ];
+
+  preInstall = ''
+    mkdir -p $out/bin
+    export PREFIX=$out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/pornel/pngquant;
+    description = "pngquant converts 24/32-bit RGBA PNGs to 8-bit palette with alpha channel preserved";
+    platforms = platforms.all;
+    license = licenses.bsd2; # Not exactly bsd2, but alike
+  };
+}
diff --git a/pkgs/tools/inputmethods/fcitx/default.nix b/pkgs/tools/inputmethods/fcitx/default.nix
index ac60cd6134f9..94d819680ab1 100644
--- a/pkgs/tools/inputmethods/fcitx/default.nix
+++ b/pkgs/tools/inputmethods/fcitx/default.nix
@@ -1,18 +1,18 @@
 { stdenv, fetchurl, pkgconfig, cmake, intltool, gettext
 , libxml2, enchant, isocodes, icu, libpthreadstubs
-, pango, cairo, libxkbfile, xorg
+, pango, cairo, libxkbfile, libXau, libXdmcp
 }:
 
 stdenv.mkDerivation rec {
-  name = "fcitx-4.2.7";
+  name = "fcitx-4.2.8.3";
   src = fetchurl {
-    url = "https://fcitx.googlecode.com/files/${name}_dict.tar.xz";
-    sha256 = "1dfvr77j9vnlg76155clrjxnm59r5fzv0d3n6c6yn10zb0bjd40c";
+    url = "http://download.fcitx-im.org/fcitx/${name}_dict.tar.xz";
+    sha256 = "05dw6cbjh2jyjrkr4qx2bcq6nyhhrs0akf6fcjk5a72bgphhwqnb";
   };
 
   buildInputs = [
     cmake enchant pango gettext libxml2 isocodes pkgconfig libxkbfile
-    intltool cairo icu libpthreadstubs xorg.libXau xorg.libXdmcp
+    intltool cairo icu libpthreadstubs libXau libXdmcp
   ];
 
   cmakeFlags = ''
@@ -28,5 +28,7 @@ stdenv.mkDerivation rec {
     homepage = "https://code.google.com/p/fcitx/";
     description = "A Flexible Input Method Framework";
     license = "GPLv2";
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = with stdenv.lib.maintainers; [iyzsong];
   };
 }
diff --git a/pkgs/tools/misc/autojump/default.nix b/pkgs/tools/misc/autojump/default.nix
index 9b9155a1edbb..a92b4ae3b1bb 100644
--- a/pkgs/tools/misc/autojump/default.nix
+++ b/pkgs/tools/misc/autojump/default.nix
@@ -1,7 +1,7 @@
 { fetchurl, stdenv, python, bash }:
 
 let 
-  version = "21.5.8";
+  version = "21.6.9";
 in
   stdenv.mkDerivation rec {
     name = "autojump-${version}";
@@ -9,7 +9,7 @@ in
     src = fetchurl {
       url = "http://github.com/joelthelion/autojump/archive/release-v${version}.tar.gz";
       name = "autojump-${version}.tar.gz";
-      sha256 = "07jf5pa9xwmbswsc0h6law9f5qwczsj25w7h034s379imid5h62f";
+      sha256 = "0js6jp9l83zxhd9bn8hjn4yf8gydnldrlmafgvlg3rd4i1v82649";
     };
 
     buildInputs = [ python bash ];
@@ -19,18 +19,17 @@ in
       # don't check shell support (we're running with bash anyway)
       sed -i -e 150,153d install.sh
 
-      bash ./install.sh -d $out
+      bash ./install.sh -d $out -p ""
+      chmod +x $out/etc/profile.d/*
 
       mkdir -p "$out/etc/bash_completion.d"
       cp -v $out/etc/profile.d/autojump.bash "$out/etc/bash_completion.d"
-      mkdir -p $out/bin
-      ln -s $out/usr/local/bin/autojump $out/bin/j
 
       # FIXME: What's the right place for `autojump.zsh'?
     '';
 
     meta = {
-      description = "Autojump, a `cd' command that learns";
+      description = "A `cd' command that learns";
       longDescription = ''
         One of the most used shell commands is “cd”.  A quick survey
         among my friends revealed that between 10 and 20% of all
diff --git a/pkgs/tools/misc/autorandr/default.nix b/pkgs/tools/misc/autorandr/default.nix
new file mode 100644
index 000000000000..2c7505260a69
--- /dev/null
+++ b/pkgs/tools/misc/autorandr/default.nix
@@ -0,0 +1,40 @@
+{ fetchgit
+, stdenv
+, enableXRandr ? true, xrandr ? null
+, enableDisper ? false, disper ? null
+, xdpyinfo }:
+
+assert enableXRandr -> xrandr != null;
+assert enableDisper -> disper != null;
+
+let
+  rev = "4f5e2401ef";
+in
+  stdenv.mkDerivation {
+    name = "autorandr-${rev}";
+
+    src = fetchgit {
+      inherit rev;
+      url = "https://github.com/wertarbyte/autorandr.git";
+    };
+
+    patchPhase = ''
+      substituteInPlace "autorandr" \
+        --replace "/usr/bin/xrandr" "${if enableXRandr then xrandr else "/nowhere"}/bin/xrandr" \
+        --replace "/usr/bin/disper" "${if enableDisper then disper else "/nowhere"}/bin/disper" \
+        --replace "/usr/bin/xdpyinfo" "${xdpyinfo}/bin/xdpyinfo"
+    '';
+
+    installPhase = ''
+      mkdir -p "$out/etc/bash_completion.d"
+      cp -v bash_completion/autorandr "$out/etc/bash_completion.d"
+      mkdir -p "$out/bin"
+      cp -v autorandr auto-disper $out/bin
+    '';
+
+    meta = {
+      description = "Automatic display configuration selector based on connected devices";
+      homepage = https://github.com/wertarbyte/autorandr;
+      maintainer = [ stdenv.lib.maintainers.coroa ];
+    };
+  }
diff --git a/pkgs/tools/misc/byobu/default.nix b/pkgs/tools/misc/byobu/default.nix
index 6766e0bb474f..03b3719c9f0a 100644
--- a/pkgs/tools/misc/byobu/default.nix
+++ b/pkgs/tools/misc/byobu/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = https://launchpad.net/byobu/;
-    description = "Byobu is a GPLv3 open source text-based window manager and terminal multiplexer.";
+    description = "Text-based window manager and terminal multiplexer";
 
     longDescription =
       ''Byobu is a GPLv3 open source text-based window manager and terminal multiplexer. 
diff --git a/pkgs/tools/misc/colord/default.nix b/pkgs/tools/misc/colord/default.nix
new file mode 100644
index 000000000000..e6787ec76c8a
--- /dev/null
+++ b/pkgs/tools/misc/colord/default.nix
@@ -0,0 +1,57 @@
+{ stdenv, fetchurl, fetchgit
+, glib, polkit, pkgconfig, intltool, gusb, libusb1, lcms2, sqlite, systemd, dbus
+
+, automake, autoconf, libtool, gtk_doc, which, gobjectIntrospection
+, version ? "git"
+}:
+
+# colord wants to write to the etc/colord.conf and var/run/colord/mapping.db
+# thus they get symlinked to /etc and /var
+
+stdenv.mkDerivation (stdenv.lib.mergeAttrsByVersion "colord" version {
+  "0.1.33" = {
+    name = "colord-0.1.33";
+    src = fetchurl {
+      url = http://www.freedesktop.org/software/colord/releases/colord-0.1.32.tar.xz;
+      sha256 = "1smbkh4z1c2jjwxg626f12sslv7ff3yzak1zqrc493cl467ll0y7";
+    };
+  };
+  "git" = {
+    name = "colord-git-11dca";
+    src = fetchgit {
+      url = "https://github.com/hughsie/colord.git";
+      rev = "11dcaba034edff3955ceff53795df82c57c34adc";
+      sha256 = "1280q7zbfm5wqql872kcxmk5rmwjs7cv7cgz8nx0i9g4ac8j2mrf";
+    };
+
+    preConfigure = ''
+      ./autogen.sh
+    '';
+    buildInputs = [ automake autoconf libtool gtk_doc which gobjectIntrospection ];
+  };
+} {
+
+  enableParallelBuilding = true;
+
+  preConfigure = ''
+    configureFlags="$configureFlags --with-udevrulesdir=$out/lib/udev/rules.d --with-systemdsystemunitdir=$out/lib/udev/rules.d"
+  '';
+
+  buildInputs = [glib polkit pkgconfig intltool gusb libusb1 lcms2 sqlite systemd dbus];
+
+  postInstall = ''
+    sed -i '/usb_id\|usb-db/d' $out/lib/udev/rules.d/69-cd-sensors.rules
+    mv $out/etc/colord.conf{,.default}
+    ln -s /etc/colord.conf $out/etc/colord.conf
+    rm -fr $out/var/lib/colord
+    ln -s /var/lib/colord $out/var/lib/colord
+  '';
+
+  meta = {
+    description = "system service that makes it easy to manage, install and generate color profiles to accurately color manage input and output devices";
+    homepage = http://www.freedesktop.org/software/colord/intro.html;
+    license = stdenv.lib.licenses.lgpl2Plus;
+    maintainers = [stdenv.lib.maintainers.marcweber];
+    platforms = stdenv.lib.platforms.linux;
+  };
+})
diff --git a/pkgs/tools/misc/coreutils/8.19.nix b/pkgs/tools/misc/coreutils/8.19.nix
deleted file mode 100644
index 23db167f3070..000000000000
--- a/pkgs/tools/misc/coreutils/8.19.nix
+++ /dev/null
@@ -1,70 +0,0 @@
-{ stdenv, fetchurl, perl, gmp ? null
-, aclSupport ? false, acl ? null
-, selinuxSupport? false, libselinux ? null, libsepol ? null
-}:
-
-assert aclSupport -> acl != null;
-assert selinuxSupport -> libselinux != null && libsepol != null;
-
-stdenv.mkDerivation rec {
-  name = "coreutils-8.19";
-
-  src = fetchurl {
-    url = "mirror://gnu/coreutils/${name}.tar.xz";
-    sha256 = "1rx9x3fp848w4nny7irdkcpkan9fcx24d99v5dkwgkyq7wc76f5d";
-  };
-
-  nativeBuildInputs = [ perl ];
-  buildInputs = [ gmp ]
-    ++ stdenv.lib.optional aclSupport acl
-    ++ stdenv.lib.optional selinuxSupport libselinux
-    ++ stdenv.lib.optional selinuxSupport libsepol;
-
-  crossAttrs = ({
-    buildInputs = [ gmp ]
-      ++ stdenv.lib.optional aclSupport acl.crossDrv
-      ++ stdenv.lib.optional selinuxSupport libselinux.crossDrv
-      ++ stdenv.lib.optional selinuxSupport libsepol.crossDrv
-      ++ stdenv.lib.optional (stdenv.gccCross.libc ? libiconv)
-        stdenv.gccCross.libc.libiconv.crossDrv;
-
-    # Needed for fstatfs()
-    # I don't know why it is not properly detected cross building with glibc.
-    configureFlags = [ "fu_cv_sys_stat_statfs2_bsize=yes" ];
-    doCheck = false;
-  }
-
-  //
-
-  # XXX: Temporary workaround to allow GNU/Hurd builds with newer libcs.
-  (stdenv.lib.optionalAttrs (stdenv.cross.config == "i586-pc-gnu") {
-    patches = [ ./gets-undeclared.patch ];
-  }));
-
-  # The tests are known broken on Cygwin
-  # (http://thread.gmane.org/gmane.comp.gnu.core-utils.bugs/19025),
-  # Darwin (http://thread.gmane.org/gmane.comp.gnu.core-utils.bugs/19351),
-  # and {Open,Free}BSD.
-  doCheck = stdenv ? glibc;
-
-  enableParallelBuilding = true;
-
-  NIX_LDFLAGS = stdenv.lib.optionalString selinuxSupport "-lsepol";
-
-  meta = {
-    homepage = http://www.gnu.org/software/coreutils/;
-    description = "The basic file, shell and text manipulation utilities of the GNU operating system";
-
-    longDescription = ''
-      The GNU Core Utilities are the basic file, shell and text
-      manipulation utilities of the GNU operating system.  These are
-      the core utilities which are expected to exist on every
-      operating system.
-    '';
-
-    license = "GPLv3+";
-
-    maintainers = [ ];
-  };
-}
-
diff --git a/pkgs/tools/misc/coreutils/default.nix b/pkgs/tools/misc/coreutils/default.nix
index da3e8d09a237..65a3bec555ef 100644
--- a/pkgs/tools/misc/coreutils/default.nix
+++ b/pkgs/tools/misc/coreutils/default.nix
@@ -6,8 +6,11 @@
 assert aclSupport -> acl != null;
 assert selinuxSupport -> libselinux != null && libsepol != null;
 
+
+with { inherit (stdenv.lib) optional optionals optionalString optionalAttrs; };
+
 let
-  self = stdenv.mkDerivation rec {
+  self = stdenv.mkDerivation (rec {
     name = "coreutils-8.21";
 
     src = fetchurl {
@@ -17,16 +20,14 @@ let
 
     nativeBuildInputs = [ perl ];
     buildInputs = [ gmp ]
-      ++ stdenv.lib.optional aclSupport acl
-      ++ stdenv.lib.optional selinuxSupport libselinux
-      ++ stdenv.lib.optional selinuxSupport libsepol;
+      ++ optional aclSupport acl
+      ++ optionals selinuxSupport [ libselinux libsepol ];
 
     crossAttrs = {
       buildInputs = [ gmp ]
-        ++ stdenv.lib.optional aclSupport acl.crossDrv
-        ++ stdenv.lib.optional selinuxSupport libselinux.crossDrv
-        ++ stdenv.lib.optional selinuxSupport libsepol.crossDrv
-        ++ stdenv.lib.optional (stdenv.gccCross.libc ? libiconv)
+        ++ optional aclSupport acl.crossDrv
+        ++ optionals selinuxSupport [ libselinux.crossDrv libsepol.crossDrv ]
+        ++ optional (stdenv.gccCross.libc ? libiconv)
           stdenv.gccCross.libc.libiconv.crossDrv;
 
       buildPhase = ''
@@ -57,7 +58,7 @@ let
 
     enableParallelBuilding = true;
 
-    NIX_LDFLAGS = stdenv.lib.optionalString selinuxSupport "-lsepol";
+    NIX_LDFLAGS = optionalString selinuxSupport "-lsepol";
 
     meta = {
       homepage = http://www.gnu.org/software/coreutils/;
@@ -74,6 +75,8 @@ let
 
       maintainers = [ ];
     };
-  };
+  } // optionalAttrs stdenv.isDarwin {
+    makeFlags = "CFLAGS=-D_FORTIFY_SOURCE=0";
+  });
 in
   self
diff --git a/pkgs/tools/misc/detox/default.nix b/pkgs/tools/misc/detox/default.nix
index ade13382033c..435115ffc596 100644
--- a/pkgs/tools/misc/detox/default.nix
+++ b/pkgs/tools/misc/detox/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation {
   buildInputs = [flex];
 
   meta = {
-    description = "Detox is a utility designed to clean up filenames.";
+    description = "Utility designed to clean up filenames";
     longDescription = ''
       Detox is a utility designed to clean up filenames. It replaces
       difficult to work with characters, such as spaces, with standard
diff --git a/pkgs/tools/misc/disper/default.nix b/pkgs/tools/misc/disper/default.nix
index cc11427f65aa..b4a159745d46 100644
--- a/pkgs/tools/misc/disper/default.nix
+++ b/pkgs/tools/misc/disper/default.nix
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = {
-    description = "Disper is an on-the-fly display switch utility.";
+    description = "On-the-fly display switch utility";
     homepage = http://willem.engen.nl/projects/disper/;
   };
 
diff --git a/pkgs/tools/misc/expect/default.nix b/pkgs/tools/misc/expect/default.nix
index 885fd040e47d..2b1108846d73 100644
--- a/pkgs/tools/misc/expect/default.nix
+++ b/pkgs/tools/misc/expect/default.nix
@@ -23,6 +23,8 @@ stdenv.mkDerivation {
     substituteInPlace configure --replace /bin/stty "$(type -tP stty)"
     sed -e '1i\#include <tclInt.h>' -i exp_inter.c
     export NIX_LDFLAGS="-rpath $out/lib $NIX_LDFLAGS"
+  '' + stdenv.lib.optionalString stdenv.isFreeBSD ''
+    ln -s libexpect.so.1 libexpect545.so
   '';
 
   configureFlags = [
diff --git a/pkgs/tools/misc/fdupes/default.nix b/pkgs/tools/misc/fdupes/default.nix
index 2de9efdac58a..14e6a2f6681f 100644
--- a/pkgs/tools/misc/fdupes/default.nix
+++ b/pkgs/tools/misc/fdupes/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
   makeFlags = "PREFIX=\${out}";
 
   meta = {
-    description = "identifies duplicate files residing within specified directories.";
+    description = "Identifies duplicate files residing within specified directories";
     longDescription = ''
       FDUPES uses md5sums and then a byte by byte comparison to finde duplicate
       files within a set of directories.
diff --git a/pkgs/tools/misc/gnuvd/default.nix b/pkgs/tools/misc/gnuvd/default.nix
index 6436a14047ab..122694af4567 100644
--- a/pkgs/tools/misc/gnuvd/default.nix
+++ b/pkgs/tools/misc/gnuvd/default.nix
@@ -9,7 +9,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "gnuvd is a command-line dutch dictionary application.";
+    description = "Command-line dutch dictionary application";
     homepage = http://www.djcbsoftware.nl/code/gnuvd/;
   };
 }
diff --git a/pkgs/tools/misc/grc/default.nix b/pkgs/tools/misc/grc/default.nix
index ea54ab4a543d..cd3ea6eda6f0 100644
--- a/pkgs/tools/misc/grc/default.nix
+++ b/pkgs/tools/misc/grc/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = with stdenv.lib; {
-    description = "Yet another colouriser for beautifying your logfiles or output of commands.";
+    description = "Yet another colouriser for beautifying your logfiles or output of commands";
     homepage    = http://korpus.juls.savba.sk/~garabik/software/grc.html;
     license     = licenses.gpl2;
     maintainers = with maintainers; [ lovek323 ];
diff --git a/pkgs/tools/misc/gsmartcontrol/default.nix b/pkgs/tools/misc/gsmartcontrol/default.nix
index abbd8f20fd08..6cb528cca1dd 100644
--- a/pkgs/tools/misc/gsmartcontrol/default.nix
+++ b/pkgs/tools/misc/gsmartcontrol/default.nix
@@ -14,7 +14,16 @@ stdenv.mkDerivation rec {
   #installTargets = "install datainstall";
 
   meta = {
-    description = "GSmartControl is a graphical user interface for smartctl (from smartmontools package), which is a tool for querying and controlling SMART (Self-Monitoring, Analysis, and Reporting Technology) data on modern hard disk drives.";
+    description = "Hard disk drive health inspection tool";
+    longDescription = ''
+      GSmartControl is a graphical user interface for smartctl (from
+      smartmontools package), which is a tool for querying and controlling
+      SMART (Self-Monitoring, Analysis, and Reporting Technology) data on
+      modern hard disk drives.
+
+      It allows you to inspect the drive's SMART data to determine its health,
+      as well as run various tests on it.
+    '';
     homepage = http://gsmartcontrol.berlios.de;
     license = "GPLv2+";
     maintainers = with stdenv.lib.maintainers; [qknight];
diff --git a/pkgs/tools/misc/gummiboot/default.nix b/pkgs/tools/misc/gummiboot/default.nix
index cf2fe713461f..1098e9d09207 100644
--- a/pkgs/tools/misc/gummiboot/default.nix
+++ b/pkgs/tools/misc/gummiboot/default.nix
@@ -1,19 +1,20 @@
-{ stdenv, fetchurl, gnu_efi, unzip, pkgconfig, utillinux, libxslt, docbook_xsl, docbook_xml_dtd_42 }:
+{ stdenv, fetchurl, gnu-efi, unzip, pkgconfig, utillinux, libxslt, docbook_xsl, docbook_xml_dtd_42 }:
 
 stdenv.mkDerivation rec {
-  name = "gummiboot-23";
+  name = "gummiboot-38";
 
-  buildInputs = [ unzip pkgconfig utillinux libxslt docbook_xsl docbook_xml_dtd_42 ];
+  buildInputs = [ gnu-efi pkgconfig libxslt utillinux ];
 
-  patches = [ ./no-usr.patch ];
-
-  buildFlags = [ "GNU_EFI=${gnu_efi}" ];
-
-  makeFlags = [ "PREFIX=$(out)" ];
+  # Sigh, gummiboot should be able to find this in buildInputs
+  configureFlags = [
+    "--with-efi-includedir=${gnu-efi}/include"
+    "--with-efi-libdir=${gnu-efi}/lib"
+    "--with-efi-ldsdir=${gnu-efi}/lib"
+  ];
 
   src = fetchurl {
-    url = "http://cgit.freedesktop.org/gummiboot/snapshot/${name}.zip";
-    sha256 = "1lmfk4k52ha00ppna5g7h51vhd27i9fipf5k7mc2d9jkm2480z4j";
+    url = http://pkgs.fedoraproject.org/repo/pkgs/gummiboot/gummiboot-38.tar.xz/0504791387e1998bf2075728c237f27e/gummiboot-38.tar.xz;
+    sha256 = "1aid2a29ym8dqldxpcihnrls7vrr9ijbla3dad0r8qwkca43d4lm";
   };
 
   meta = {
diff --git a/pkgs/tools/misc/gummiboot/no-usr.patch b/pkgs/tools/misc/gummiboot/no-usr.patch
deleted file mode 100644
index db9068947407..000000000000
--- a/pkgs/tools/misc/gummiboot/no-usr.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-diff -Naur gummiboot-23-orig/Makefile gummiboot-23/Makefile
---- gummiboot-23-orig/Makefile	2013-02-20 00:55:44.000000000 -0500
-+++ gummiboot-23/Makefile	2013-02-21 12:00:35.783637645 -0500
-@@ -10,7 +10,8 @@
- export E Q
- 
- ARCH=$(shell $(CC) -dumpmachine | sed "s/\(-\).*$$//")
--LIBDIR=$(shell echo $$(cd /usr/lib/$$(gcc -print-multi-os-directory); pwd))
-+PREFIX=/usr
-+LIBDIR=$(GNU_EFI)/lib
- LIBEFIDIR=$(or $(wildcard $(LIBDIR)/gnuefi), $(LIBDIR))
- 
- ifeq ($(ARCH),i686)
-@@ -25,13 +26,13 @@
- 		-mno-red-zone
- endif
- 
--all: gummiboot$(MACHINE_TYPE_NAME).efi gummiboot
-+all: gummiboot$(MACHINE_TYPE_NAME).efi gummiboot man
- 
- # ------------------------------------------------------------------------------
- CPPFLAGS = \
- 	-I. \
--	-I/usr/include/efi \
--	-I/usr/include/efi/$(ARCH)
-+	-I$(GNU_EFI)/include/efi \
-+	-I$(GNU_EFI)/include/efi/$(ARCH)
- 
- CFLAGS = \
- 	-DVERSION=$(VERSION) \
-@@ -82,6 +83,7 @@
- 	  `pkg-config --cflags --libs blkid` \
- 	  src/setup/setup.c \
- 	  src/setup/efivars.c \
-+	  -DPREFIX=\"$(PREFIX)\" \
- 	  -o $@
- 
- # ------------------------------------------------------------------------------
-@@ -101,11 +103,11 @@
- 	rm -f src/efi/gummiboot.o src/efi/gummiboot.so gummiboot gummiboot$(MACHINE_TYPE_NAME).efi
- 
- install: all
--	mkdir -p $(DESTDIR)/usr/bin/
--	cp gummiboot $(DESTDIR)/usr/bin
--	mkdir -p $(DESTDIR)/usr/lib/gummiboot/
--	cp gummiboot$(MACHINE_TYPE_NAME).efi $(DESTDIR)/usr/lib/gummiboot/
--	[ -e gummiboot.1 ] && mkdir -p $(DESTDIR)/usr/share/man/man1/ && cp gummiboot.1 $(DESTDIR)/usr/share/man/man1/ || :
-+	mkdir -p $(DESTDIR)$(PREFIX)/bin/
-+	cp gummiboot $(DESTDIR)$(PREFIX)/bin
-+	mkdir -p $(DESTDIR)$(PREFIX)/lib/gummiboot/
-+	cp gummiboot$(MACHINE_TYPE_NAME).efi $(DESTDIR)$(PREFIX)/lib/gummiboot/
-+	[ -e gummiboot.1 ] && mkdir -p $(DESTDIR)$(PREFIX)/share/man/man1/ && cp gummiboot.1 $(DESTDIR)$(PREFIX)/share/man/man1/ || :
- 
- tar:
- 	git archive --format=tar --prefix=gummiboot-$(VERSION)/ $(VERSION) | xz > gummiboot-$(VERSION).tar.xz
-diff -Naur gummiboot-23-orig/src/setup/setup.c gummiboot-23/src/setup/setup.c
---- gummiboot-23-orig/src/setup/setup.c	2013-02-20 00:55:44.000000000 -0500
-+++ gummiboot-23/src/setup/setup.c	2013-02-21 11:57:43.295324700 -0500
-@@ -736,7 +736,7 @@
-         char *p = NULL, *q = NULL, *v = NULL;
-         int r;
- 
--        if (asprintf(&p, "/usr/lib/gummiboot/%s", name) < 0) {
-+        if (asprintf(&p, PREFIX "/lib/gummiboot/%s", name) < 0) {
-                 fprintf(stderr, "Out of memory.\n");
-                 r = -ENOMEM;
-                 goto finish;
-@@ -791,9 +791,9 @@
-                         return r;
-         }
- 
--        d = opendir("/usr/lib/gummiboot");
-+        d = opendir(PREFIX "/lib/gummiboot");
-         if (!d) {
--                fprintf(stderr, "Failed to open /usr/lib/gummiboot: %m\n");
-+                fprintf(stderr, "Failed to open " PREFIX "/lib/gummiboot: %m\n");
-                 return -errno;
-         }
- 
diff --git a/pkgs/tools/misc/hdf5/default.nix b/pkgs/tools/misc/hdf5/default.nix
index 0aacf744b1ab..01820aaf7780 100644
--- a/pkgs/tools/misc/hdf5/default.nix
+++ b/pkgs/tools/misc/hdf5/default.nix
@@ -13,9 +13,9 @@ stdenv.mkDerivation {
   patches = [./bin-mv.patch];
   
   meta = {
-    description = "HDF5 is a data model, library, and file format for storing and managing data.";
+    description = "Data model, library, and file format for storing and managing data";
     longDescription = ''
-      It supports an unlimited variety of datatypes, and is designed for flexible and efficient 
+      HDF5 supports an unlimited variety of datatypes, and is designed for flexible and efficient
       I/O and for high volume and complex data. HDF5 is portable and is extensible, allowing 
       applications to evolve in their use of HDF5. The HDF5 Technology suite includes tools and 
       applications for managing, manipulating, viewing, and analyzing data in the HDF5 format.
diff --git a/pkgs/tools/misc/logstash/default.nix b/pkgs/tools/misc/logstash/default.nix
index b273e4630a3f..6ee427bc5066 100644
--- a/pkgs/tools/misc/logstash/default.nix
+++ b/pkgs/tools/misc/logstash/default.nix
@@ -1,11 +1,11 @@
 { fetchurl }:
 
-let version = "1.1.0"; in
+let version = "1.2.1"; in
 
 fetchurl {
-  url = "http://semicomplete.com/files/logstash/logstash-${version}-monolithic.jar";
+  url = "https://logstash.objects.dreamhost.com/release/logstash-${version}-flatjar.jar";
 
   name = "logstash-${version}.jar";
 
-  sha256 = "03s9g2appsmdg973212dl37ldws36fgsvxi9w1lxbvmmclc4k7vc";
+  sha256 = "08zfhq6klhkqapqnyzbdikgryd8bj2fp0wdb5d6dawdan5psbf6h";
 }
diff --git a/pkgs/tools/misc/mcrypt/default.nix b/pkgs/tools/misc/mcrypt/default.nix
index 7701f0e20590..761b2c5bdbfb 100644
--- a/pkgs/tools/misc/mcrypt/default.nix
+++ b/pkgs/tools/misc/mcrypt/default.nix
@@ -12,7 +12,12 @@ stdenv.mkDerivation rec {
   buildInputs = [libmcrypt libmhash];
  
   meta = {
-    description = "mcrypt, and the accompanying libmcrypt, are intended to be replacements for the old Unix crypt, except that they are under the GPL and support an ever-wider range of algorithms and modes.";
+    description = "Replacement for old UNIX crypt(1)";
+    longDescription = ''
+      mcrypt, and the accompanying libmcrypt, are intended to be replacements
+      for the old Unix crypt, except that they are under the GPL and support an
+      ever-wider range of algorithms and modes.
+    '';
     homepage = http://mcrypt.sourceforge.net;
     license = "GPLv2";
     platforms = stdenv.lib.platforms.all;
diff --git a/pkgs/tools/misc/megacli/default.nix b/pkgs/tools/misc/megacli/default.nix
new file mode 100644
index 000000000000..2b15d4470c36
--- /dev/null
+++ b/pkgs/tools/misc/megacli/default.nix
@@ -0,0 +1,35 @@
+{ stdenv, rpm, cpio, ncurses, patchelf, makeWrapper, requireFile, unzip }:
+
+assert stdenv.system == "x86_64-linux";
+
+stdenv.mkDerivation rec {
+  name = "megacli-8.07.07";
+
+  src =
+    requireFile {
+      name = "8.07.07_MegaCLI.zip";
+      url = http://www.lsi.com/downloads/Public/MegaRAID%20Common%20Files/8.07.07_MegaCLI.zip;
+      sha256 = "11jzvh25mlygflazd37gi05xv67im4rgq7sbs5nwgw3gxdh4xfjj";
+    };
+
+  buildInputs = [rpm cpio ncurses unzip makeWrapper];
+  libPath =
+    stdenv.lib.makeLibraryPath
+       [ stdenv.gcc.gcc stdenv.gcc.libc ncurses ];
+
+  buildCommand = ''
+    ensureDir $out/bin
+    cd $out
+    unzip ${src}
+    rpm2cpio linux/MegaCli-8.07.07-1.noarch.rpm | cpio -idmv
+    ${patchelf}/bin/patchelf --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" --set-rpath ${libPath}:$out/opt/lsi/3rdpartylibs/x86_64:$out/opt/lsi/3rdpartylibs:${stdenv.gcc.gcc}/lib64:${stdenv.gcc.gcc}/lib opt/MegaRAID/MegaCli/MegaCli64
+    wrapProgram $out/opt/MegaRAID/MegaCli/MegaCli64 --set LD_LIBRARY_PATH $out/opt/lsi/3rdpartylibs/x86_64
+    ln -s $out/opt/MegaRAID/MegaCli/MegaCli64 $out/bin/MegaCli64
+    eval fixupPhase
+  '';
+
+  meta = {
+    description = "CLI program for LSI MegaRAID cards, which also works with some Dell PERC RAID cards";
+    license = "unfree";
+  };
+}
diff --git a/pkgs/tools/misc/memtest86/plus.nix b/pkgs/tools/misc/memtest86+/default.nix
index 262811d330d6..500d7e815d26 100644
--- a/pkgs/tools/misc/memtest86/plus.nix
+++ b/pkgs/tools/misc/memtest86+/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
-stdenv.mkDerivation {
-  name = "memtest86+-4.20";
-  
+stdenv.mkDerivation rec {
+  name = "memtest86+-5.01";
+
   src = fetchurl {
-    url = http://www.memtest.org/download/4.20/memtest86+-4.20.tar.gz;
-    sha256 = "0dw7kvfxiwqdmhapbz6ds1j9fralbky56hnzj4c6fsqfinbwwc2n";
+    url = "http://www.memtest.org/download/5.01/${name}.tar.gz";
+    sha256 = "0fch1l55753y6jkk0hj8f6vw4h1kinkn9ysp22dq5g9zjnvjf88l";
   };
 
   preBuild = ''
@@ -18,14 +18,18 @@ stdenv.mkDerivation {
   '';
 
   NIX_CFLAGS_COMPILE = "-I.";
-  
+
+  buildFlags = "memtest.bin";
+
   installPhase = ''
     mkdir -p $out
+    chmod -x memtest.bin
     cp memtest.bin $out/
   '';
 
   meta = {
     homepage = http://www.memtest.org/;
-    description = "A tool to detect memory errors, fork from memtest86";
+    description = "A tool to detect memory errors";
+    license = stdenv.lib.licenses.gpl2;
   };
 }
diff --git a/pkgs/tools/misc/ncdu/default.nix b/pkgs/tools/misc/ncdu/default.nix
index 2d3a67db8c55..47b96023ce0f 100644
--- a/pkgs/tools/misc/ncdu/default.nix
+++ b/pkgs/tools/misc/ncdu/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses ];
 
   meta = {
-    description = "An ncurses disk usage analyzer.";
+    description = "Ncurses disk usage analyzer";
     homepage = http://dev.yorhel.nl/ncdu;
     license = stdenv.lib.licenses.mit;
     platforms = stdenv.lib.platforms.all;
diff --git a/pkgs/tools/misc/ngrok/default.nix b/pkgs/tools/misc/ngrok/default.nix
new file mode 100644
index 000000000000..971c42aac71c
--- /dev/null
+++ b/pkgs/tools/misc/ngrok/default.nix
@@ -0,0 +1,94 @@
+{ stdenv, fetchurl, go, fetchgit, fetchbzr, fetchhg }:
+
+let
+  go-websocket = fetchgit {
+    url = "git://github.com/garyburd/go-websocket";
+    rev = "refs/heads/master";
+    sha256 = "1e4fcff29c961cd7433ba1b655412d466edfeb1f0829b41f578764857bc801fe";
+  };
+  go-metrics = fetchgit {
+    url = "https://github.com/inconshreveable/go-metrics";
+    sha256 = "3dc8c229ce5123d86269c0c48401a9cdd2cde7558d85374c9dbc4bbd531e86d5";
+  };
+  termbox-go = fetchgit {
+    url = "https://github.com/nsf/termbox-go";
+    sha256 = "6b23e8eabb1c7a99dc8c5a7dd5ecb2c2ae736c7f54e485548d08ac337b3a0400";
+  };
+  go-bindata = fetchgit {
+    url = "https://github.com/inconshreveable/go-bindata";
+    sha256 = "518a5b61cfbe58f8bc55bd6139adcd69997b6ba474536a70b538879aaf118578";
+  };
+  go-update = fetchgit {
+    url = "https://github.com/inconshreveable/go-update";
+    sha256 = "34647689a50b9d12e85a280d9034cc1772079163481c4778ee4b3e6c4b41e2f4";
+  };
+  goyaml = fetchbzr {
+    url = "https://launchpad.net/goyaml";
+    sha256 = "03is37cgw62cha316xrs5h7q97im46ry5qldkfvbhimjq3ww0swj";
+    revision = "branch:lp:goyaml";
+  };
+  log4go = fetchhg {
+    url = "https://code.google.com/p/log4go/";
+    sha256 = "0q906sxrmwir295virfibqvdzlaj340qh2r4ysx1ccjrjazc0q5p";
+  };
+  osext = fetchhg {
+    url = "https://bitbucket.org/kardianos/osext";
+    sha256 = "1w9x2zj716agfd5x5497ajb9nz3ljar74768vjidsyly143vzjws";
+  };
+in stdenv.mkDerivation rec {
+  name = "ngrok-${version}";
+  version = "1.6";
+
+  src = fetchurl {
+    url = "https://github.com/inconshreveable/ngrok/archive/${version}.tar.gz";
+    sha256 = "0w54ck00ma8wd87gc3dligypdjs7vrzbi9py46sqphsid3rihkjr";
+  };
+
+  buildInputs = [ go ];
+
+  preBuild = ''
+    export HOME="$PWD"
+
+    mkdir -p src/github.com/garyburd/go-websocket/
+    ln -s ${go-websocket}/* src/github.com/garyburd/go-websocket
+
+    mkdir -p src/github.com/inconshreveable/go-metrics/
+    ln -s ${go-metrics}/* src/github.com/inconshreveable/go-metrics
+
+    mkdir -p src/github.com/inconshreveable/go-bindata
+    ln -s ${go-bindata}/* src/github.com/inconshreveable/go-bindata
+
+    mkdir -p src/github.com/inconshreveable/go-update
+    ln -s ${go-update}/* src/github.com/inconshreveable/go-update
+
+    mkdir -p src/github.com/nsf/termbox-go/
+    ln -s ${termbox-go}/* src/github.com/nsf/termbox-go
+
+    mkdir -p src/launchpad.net/goyaml
+    ln -s ${goyaml}/* src/launchpad.net/goyaml
+
+    mkdir -p src/code.google.com/p/log4go
+    ln -s ${log4go}/* src/code.google.com/p/log4go
+
+    mkdir -p src/bitbucket.org/kardianos/osext
+    ln -s ${osext}/* src/bitbucket.org/kardianos/osext
+
+    # don't download dependencies as we already have them
+    sed -i '/go get/d' Makefile
+  '';
+
+  installPhase = ''
+    make release-client
+    mkdir -p $out/bin
+    cp bin/ngrok $out/bin
+    cp -R assets $out
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Reverse proxy that creates a secure tunnel between from a public endpoint to a locally running web service";
+    homepage = https://ngrok.com/;
+    license = licenses.asl20;
+    maintainers = with maintainers; [ iElectric ];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/tools/misc/plantuml/default.nix b/pkgs/tools/misc/plantuml/default.nix
new file mode 100644
index 000000000000..10886e969a2c
--- /dev/null
+++ b/pkgs/tools/misc/plantuml/default.nix
@@ -0,0 +1,37 @@
+{ stdenv, fetchurl, jre, graphviz }:
+
+stdenv.mkDerivation rec {
+  version = "7982";
+  name = "plantuml-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/project/plantuml/plantuml.${version}.jar";
+    sha256 = "0hxs0whjgx36j5azdcna40rw2c7smhg0qm3kzld9vx88m0c51dgl";
+  };
+
+  # It's only a .jar file and a shell wrapper
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    mkdir -p "$out/bin"
+    mkdir -p "$out/lib"
+
+    cp "$src" "$out/lib/plantuml.jar"
+
+    cat > "$out/bin/plantuml" << EOF
+    #!${stdenv.shell}
+    export GRAPHVIZ_DOT="${graphviz}/bin/dot"
+    exec "${jre}/bin/java" -jar "$out/lib/plantuml.jar" "\$@"
+    EOF
+    chmod a+x "$out/bin/plantuml"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Draw UML diagrams using a simple and human readable text description";
+    homepage = http://plantuml.sourceforge.net/;
+    # "java -jar plantuml.jar -license" says GPLv3 or later
+    license = licenses.gpl3Plus;
+    maintainers = [ maintainers.bjornfor ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/misc/ponysay/default.nix b/pkgs/tools/misc/ponysay/default.nix
index 17be93dda8f7..1da0d70a14fa 100644
--- a/pkgs/tools/misc/ponysay/default.nix
+++ b/pkgs/tools/misc/ponysay/default.nix
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "cowsay reimplemention for ponies.";
+    description = "Cowsay reimplemention for ponies";
     homepage = http://terse.tk/ponysay/;
     license = "GPLv3";
     maintainers = with stdenv.lib.maintainers; [ bodil ];
diff --git a/pkgs/tools/misc/pv/default.nix b/pkgs/tools/misc/pv/default.nix
index 444408fec41d..bf0c44de1419 100644
--- a/pkgs/tools/misc/pv/default.nix
+++ b/pkgs/tools/misc/pv/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl } :
 
 stdenv.mkDerivation rec {
-  name = "pv-1.3.4";
+  name = "pv-1.4.12";
 
   src = fetchurl {
     url = "http://www.ivarch.com/programs/sources/${name}.tar.bz2";
-    sha256 = "114b730pghgg4gv9d798817n3am88p2b0xgdavch1vhklzh33c16";
+    sha256 = "0hnpv4l5kidfwxzba7ibm9wjs71ing9gzx0m80bgr3ia8k4s8nka";
   };
 
   meta = {
diff --git a/pkgs/tools/misc/refind/default.nix b/pkgs/tools/misc/refind/default.nix
index 1fbb177afa06..6f4e031e4419 100644
--- a/pkgs/tools/misc/refind/default.nix
+++ b/pkgs/tools/misc/refind/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, gnu_efi, unzip }:
+{ stdenv, fetchurl, gnu-efi, unzip }:
 
 let version = "0.4.5"; in
 
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   buildInputs = [ unzip ];
 
-  buildFlags = [ "prefix=" "EFIINC=${gnu_efi}/include/efi" "GNUEFILIB=${gnu_efi}/lib" "EFILIB=${gnu_efi}/lib" "EFICRT0=${gnu_efi}/lib" "LOCAL_CFLAGS=-I${gnu_efi}/include" ];
+  buildFlags = [ "prefix=" "EFIINC=${gnu-efi}/include/efi" "GNUEFILIB=${gnu-efi}/lib" "EFILIB=${gnu-efi}/lib" "EFICRT0=${gnu-efi}/lib" "LOCAL_CFLAGS=-I${gnu-efi}/include" ];
 
   installPhase = ''
     mkdir -pv $out
diff --git a/pkgs/tools/misc/rockbox-utility/default.nix b/pkgs/tools/misc/rockbox-utility/default.nix
index 4f271bcd6237..adb2a456b88f 100644
--- a/pkgs/tools/misc/rockbox-utility/default.nix
+++ b/pkgs/tools/misc/rockbox-utility/default.nix
@@ -1,15 +1,15 @@
-{ stdenv, fetchurl, libusb, qt4 }:
+{ stdenv, fetchurl, libusb1, qt4 }:
 
 stdenv.mkDerivation  rec {
   name = "rockbox-utility-${version}";
-  version = "1.2.8";
+  version = "1.3.1";
 
   src = fetchurl {
-    url = "http://download.rockbox.org/rbutil/source/rbutil_${version}-src.tar.bz2";
-    sha256 = "1gjwlyrwvzfdhqdwvq1chdnjkcn9lk21ixp92h5y74826j3ahdgs";
+    url = "http://download.rockbox.org/rbutil/source/RockboxUtility-v${version}-src.tar.bz2";
+    sha256 = "6c04b5c7eaad1762577908dedb9e40f5b0cee675150ae5ba844ea2c9bea294ca";
   };
 
-  buildInputs = [ libusb qt4 ];
+  buildInputs = [ libusb1 qt4 ];
 
   preBuild = ''
     cd rbutil/rbutilqt
diff --git a/pkgs/tools/misc/screen/default.nix b/pkgs/tools/misc/screen/default.nix
index 7363719b66d3..c2c0a5aa534f 100644
--- a/pkgs/tools/misc/screen/default.nix
+++ b/pkgs/tools/misc/screen/default.nix
@@ -22,7 +22,8 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://www.gnu.org/software/screen/;
-    description = "GNU Screen, a window manager that multiplexes a physical terminal";
+    description = "a window manager that multiplexes a physical terminal";
+    license = stdenv.lib.licenses.gpl2Plus;
 
     longDescription =
       '' GNU Screen is a full-screen window manager that multiplexes a physical
@@ -46,8 +47,6 @@ stdenv.mkDerivation rec {
          terminal.
       '';
 
-    license = stdenv.lib.licenses.gpl2Plus;
-
     platforms = stdenv.lib.platforms.unix;
     maintainers = [ stdenv.lib.maintainers.simons ];
   };
diff --git a/pkgs/tools/misc/stow/default.nix b/pkgs/tools/misc/stow/default.nix
index e0d7985ae07c..58f30a021fa3 100644
--- a/pkgs/tools/misc/stow/default.nix
+++ b/pkgs/tools/misc/stow/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
   doCheck = true;
 
   meta = {
-    description = "Stow is a tool for managing the installation of multiple software packages in the same run-time directory tree.";
+    description = "A tool for managing the installation of multiple software packages in the same run-time directory tree";
 
     longDescription = ''
       GNU Stow is a symlink farm manager which takes distinct packages
diff --git a/pkgs/tools/misc/ttmkfdir/default.nix b/pkgs/tools/misc/ttmkfdir/default.nix
index 3f05d600944b..12adb5318a89 100644
--- a/pkgs/tools/misc/ttmkfdir/default.nix
+++ b/pkgs/tools/misc/ttmkfdir/default.nix
@@ -26,6 +26,6 @@ stdenv.mkDerivation {
   buildInputs = [freetype fontconfig libunwind libtool flex bison];
 
   meta = {
-    description = "Create fonts.dir for TTF font directory.";
+    description = "Create fonts.dir for TTF font directory";
   };
 }
diff --git a/pkgs/tools/misc/unclutter/default.nix b/pkgs/tools/misc/unclutter/default.nix
index b267074e77fa..542530532de0 100644
--- a/pkgs/tools/misc/unclutter/default.nix
+++ b/pkgs/tools/misc/unclutter/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation {
   '';
 
   meta = with stdenv.lib; {
-    description = "Hides mouse pointer while not in use.";
+    description = "Hides mouse pointer while not in use";
     longDescription = ''
       Unclutter hides your X mouse cursor when you do not need it, to prevent
       it from getting in the way. You have only to move the mouse to restore
diff --git a/pkgs/tools/misc/units/default.nix b/pkgs/tools/misc/units/default.nix
index d4cd07aa4c6f..c609d2275dad 100644
--- a/pkgs/tools/misc/units/default.nix
+++ b/pkgs/tools/misc/units/default.nix
@@ -8,6 +8,6 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Unit conversion tool.";
+    description = "Unit conversion tool";
   };
 }
diff --git a/pkgs/tools/misc/venus/default.nix b/pkgs/tools/misc/venus/default.nix
index b4f9732dec6c..b7f2be179c47 100644
--- a/pkgs/tools/misc/venus/default.nix
+++ b/pkgs/tools/misc/venus/default.nix
@@ -41,7 +41,12 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Planet Venus is an awesome ‘river of news’ feed reader. It downloads news feeds published by web sites and aggregates their content together into a single combined feed, latest news first.";
+    description = "News feed reader";
+    longDescription = ''
+      Planet Venus is an awesome ‘river of news’ feed reader. It downloads news
+      feeds published by web sites and aggregates their content together into a
+      single combined feed, latest news first.
+    '';
     homepage = "http://intertwingly.net/code/venus/docs/index.html";
     license = stdenv.lib.licenses.psfl;
     platforms = stdenv.lib.platforms.all;
diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix
index e4d934968b2e..86ef76178081 100644
--- a/pkgs/tools/misc/youtube-dl/default.nix
+++ b/pkgs/tools/misc/youtube-dl/default.nix
@@ -1,14 +1,14 @@
 { stdenv, fetchurl, python, zip }:
 
 let
-  version = "2013.06.21";
+  version = "2013.10.23.2";
 in
 stdenv.mkDerivation rec {
   name = "youtube-dl-${version}";
 
   src = fetchurl {
     url = "http://youtube-dl.org/downloads/${version}/${name}.tar.gz";
-    sha256 = "3d4e9cc38af3c2fccfafd83d0c6382080531fd03e9067ceccc6864dfbea92b1e";
+    sha256 = "d3f4c9e0da165395856e690314caa5eef4382bd994dd46f041a520bf9747c35d";
   };
 
   buildInputs = [ python ];
diff --git a/pkgs/tools/networking/aria/default.nix b/pkgs/tools/networking/aria/default.nix
index 4f58463ecf93..f6432f8aa225 100644
--- a/pkgs/tools/networking/aria/default.nix
+++ b/pkgs/tools/networking/aria/default.nix
@@ -16,6 +16,6 @@ rec {
       
   name = "aria-" + version;
   meta = {
-    description = "aria - multiprotocol DL manager";
+    description = "Multiprotocol download manager";
   };
 }
diff --git a/pkgs/tools/networking/axel/default.nix b/pkgs/tools/networking/axel/default.nix
index 0ee018509402..8a6d63d164c0 100644
--- a/pkgs/tools/networking/axel/default.nix
+++ b/pkgs/tools/networking/axel/default.nix
@@ -8,6 +8,6 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "A console downloading program. Has some features for parallel connections for faster downloading.";
+    description = "Console downloading program with some features for parallel connections for faster downloading";
   };
 }
diff --git a/pkgs/tools/networking/bwm-ng/default.nix b/pkgs/tools/networking/bwm-ng/default.nix
index 88460d86730c..4d18c4adb373 100644
--- a/pkgs/tools/networking/bwm-ng/default.nix
+++ b/pkgs/tools/networking/bwm-ng/default.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses ];
 
   meta = with stdenv.lib; {
-    description = "Bandwidth Monitor NG is a small and simple console-based live network and disk io bandwidth monitor.";
+    description = "Bandwidth Monitor NG is a small and simple console-based live network and disk io bandwidth monitor";
     homepage = "http://www.gropp.org/?id=projects&sub=bwm-ng";
     license = licenses.gpl2;
     platforms = platforms.unix;
diff --git a/pkgs/tools/networking/chrony/default.nix b/pkgs/tools/networking/chrony/default.nix
index d7fe07570574..d15559961f6b 100644
--- a/pkgs/tools/networking/chrony/default.nix
+++ b/pkgs/tools/networking/chrony/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ readline ] ++ stdenv.lib.optional stdenv.isLinux libcap;
 
   meta = with stdenv.lib; {
-    description = "A pair of programs which are used to maintain the accuracy of the system clock on a computer.";
+    description = "Sets your computer's clock from time servers on the Net";
     homepage = "http://chrony.tuxfamily.org/";
     license = licenses.gpl2;
     platforms = platforms.unix;
diff --git a/pkgs/tools/networking/connect/default.nix b/pkgs/tools/networking/connect/default.nix
index 67f2b63c2928..c6291efad312 100644
--- a/pkgs/tools/networking/connect/default.nix
+++ b/pkgs/tools/networking/connect/default.nix
@@ -20,7 +20,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "make network connection via SOCKS and https proxy.";
+    description = "Make network connection via SOCKS and https proxy";
     longDescription = ''
       This proxy traversal tool is intended to assist OpenSSH (via ProxyCommand
       in ~/.ssh/config) and GIT (via $GIT_PROXY_COMMAND) utilize SOCKS and https proxies. 
diff --git a/pkgs/tools/networking/curl/7.15.nix b/pkgs/tools/networking/curl/7.15.nix
new file mode 100644
index 000000000000..0a87eaa944cd
--- /dev/null
+++ b/pkgs/tools/networking/curl/7.15.nix
@@ -0,0 +1,75 @@
+{ stdenv, fetchurl
+, zlibSupport ? false, zlib ? null
+, sslSupport ? false, openssl ? null
+, scpSupport ? false, libssh2 ? null
+, gssSupport ? false, gss ? null
+, c-aresSupport ? false, c-ares ? null
+, linkStatic ? false
+}:
+
+assert zlibSupport -> zlib != null;
+assert sslSupport -> openssl != null;
+assert scpSupport -> libssh2 != null;
+assert c-aresSupport -> c-ares != null;
+
+stdenv.mkDerivation rec {
+  name = "curl-7.15.0";
+
+  src = fetchurl {
+    url = "http://curl.haxx.se/download/archeology/${name}.tar.gz";
+    sha256 = "061bgjm6rv0l9804vmm4jvr023l52qvmy9qq4zjv4lgqhlljvhz3";
+  };
+
+  # Zlib and OpenSSL must be propagated because `libcurl.la' contains
+  # "-lz -lssl", which aren't necessary direct build inputs of
+  # applications that use Curl.
+  propagatedBuildInputs = with stdenv.lib;
+    optional zlibSupport zlib ++
+    optional gssSupport gss ++
+    optional c-aresSupport c-ares ++
+    optional sslSupport openssl;
+
+  preConfigure = ''
+    sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure
+  '';
+  configureFlags = [
+      ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )
+      ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )
+    ]
+    ++ stdenv.lib.optional c-aresSupport "--enable-ares=${c-ares}"
+    ++ stdenv.lib.optional gssSupport "--with-gssapi=${gss}"
+    ++ stdenv.lib.optionals linkStatic [ "--enable-static" "--disable-shared" ]
+  ;
+
+  dontDisableStatic = linkStatic;
+
+  CFLAGS = if stdenv ? isDietLibC then "-DHAVE_INET_NTOA_R_2_ARGS=1" else "";
+  LDFLAGS = if linkStatic then "-static" else "";
+  CXX = "g++";
+  CXXCPP = "g++ -E";
+
+  # libtool hack to get a static binary. Notice that to 'configure' I passed
+  # other LDFLAGS, because it doesn't use libtool for linking in the tests.
+  makeFlags = if linkStatic then "LDFLAGS=-all-static" else "";
+
+  crossAttrs = {
+    # We should refer to the cross built openssl
+    # For the 'urandom', maybe it should be a cross-system option
+    configureFlags = [
+        ( if sslSupport then "--with-ssl=${openssl.crossDrv}" else "--without-ssl" )
+        "--with-random /dev/urandom"
+      ]
+      ++ stdenv.lib.optionals linkStatic [ "--enable-static" "--disable-shared" ]
+    ;
+  };
+
+  passthru = {
+    inherit sslSupport openssl;
+  };
+
+  meta = {
+    homepage = "http://curl.haxx.se/";
+    description = "A command line tool for transferring files with URL syntax";
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/tools/networking/filegive/default.nix b/pkgs/tools/networking/filegive/default.nix
index fc2b56efd105..443feee2ea03 100644
--- a/pkgs/tools/networking/filegive/default.nix
+++ b/pkgs/tools/networking/filegive/default.nix
@@ -11,15 +11,16 @@ let
     sha256 = "1swwfyzaj3l40yh9np3x4fcracgs79nwryc85sxbdakx8wwxs2xb";
   };
 
-  version = "0.6.1";
+  version = "0.7.1";
 
 in
 stdenv.mkDerivation rec {
   name = "filegive-${version}";
 
   src = fetchurl {
-    url = "http://viric.name/cgi-bin/filegive/tarball/${name}.tar.gz";
-    sha256 = "11rjw906nr73kysm9l84yg443rxzh22l934hir7892h02924i4c4";
+    url = "http://viric.name/cgi-bin/filegive/tarball/${name}.tar.gz?uuid=v${version}";
+    name = "${name}.tar.gz";
+    sha256 = "14yyif6q89ihn28kliszaf19vywjg9f7192q1ak8823da1svbq8a";
   };
 
   buildInputs = [ go ];
diff --git a/pkgs/tools/networking/fping/default.nix b/pkgs/tools/networking/fping/default.nix
index c51c8f59ff76..4bda944c68a5 100644
--- a/pkgs/tools/networking/fping/default.nix
+++ b/pkgs/tools/networking/fping/default.nix
@@ -10,6 +10,6 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://fping.org/";
-    description = "A program to send ICMP echo probes to network hosts.";
+    description = "Send ICMP echo probes to network hosts";
   };
 }
diff --git a/pkgs/tools/networking/gmvault/default.nix b/pkgs/tools/networking/gmvault/default.nix
index 8ab939481915..e78dfa5b2cae 100644
--- a/pkgs/tools/networking/gmvault/default.nix
+++ b/pkgs/tools/networking/gmvault/default.nix
@@ -28,7 +28,7 @@ buildPythonPackage rec {
   '';
 
   meta = {
-    description = "Gmvault Gmail Backup - Backup and restore your gmail account at will.";
+    description = "Backup and restore your gmail account";
     homepage = "http://gmvault.org";
     license = pkgs.lib.licenses.agpl3Plus;
   };
diff --git a/pkgs/tools/networking/haproxy/default.nix b/pkgs/tools/networking/haproxy/default.nix
index d44c9f831f34..e4a32e14260c 100644
--- a/pkgs/tools/networking/haproxy/default.nix
+++ b/pkgs/tools/networking/haproxy/default.nix
@@ -3,7 +3,7 @@
 stdenv.mkDerivation rec {
   version = "1.4.24";
   name = "haproxy-${version}";
-  
+
   src = fetchurl {
     url = "http://haproxy.1wt.eu/download/1.4/src/${name}.tar.gz";
     sha256 = "1vy7jz7l8qdd6ah3y65zarz9x9pf3bs02icxnrckpgh1s3s2h2b8";
@@ -17,7 +17,15 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications.";
+    description = "Reliable, high performance TCP/HTTP load balancer";
+    longDescription = ''
+      HAProxy is a free, very fast and reliable solution offering high
+      availability, load balancing, and proxying for TCP and HTTP-based
+      applications. It is particularly suited for web sites crawling under very
+      high loads while needing persistence or Layer7 processing. Supporting
+      tens of thousands of connections is clearly realistic with todays
+      hardware.
+    '';
     homepage = http://haproxy.1wt.eu;
     maintainers = [ stdenv.lib.maintainers.garbas ];
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/tools/networking/mosh/default.nix b/pkgs/tools/networking/mosh/default.nix
index f9562f7eff60..2708210af805 100644
--- a/pkgs/tools/networking/mosh/default.nix
+++ b/pkgs/tools/networking/mosh/default.nix
@@ -17,7 +17,15 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = http://mosh.mit.edu/;
-    description = "Remote terminal application that allows roaming, local echo, etc.";
+    description = "Mobile shell (ssh replacement)";
+    longDescription = ''
+      Remote terminal application that allows roaming, supports intermittent
+      connectivity, and provides intelligent local echo and line editing of
+      user keystrokes.
+
+      Mosh is a replacement for SSH. It's more robust and responsive,
+      especially over Wi-Fi, cellular, and long-distance links.
+    '';
     license = "GPLv3+";
     maintainers = with stdenv.lib.maintainers; [viric];
     platforms = with stdenv.lib.platforms; linux;
diff --git a/pkgs/tools/networking/mu/default.nix b/pkgs/tools/networking/mu/default.nix
index 7495c3bcd7f0..e42dfee7cae2 100644
--- a/pkgs/tools/networking/mu/default.nix
+++ b/pkgs/tools/networking/mu/default.nix
@@ -1,25 +1,39 @@
-{ fetchurl, stdenv, sqlite, pkgconfig, xapian, glib, gmime, texinfo, emacs, guile }:
+{ fetchurl, stdenv, sqlite, pkgconfig, xapian, glib, gmime, texinfo, emacs, guile
+, gtk3, webkit, libsoup, icu }:
 
 stdenv.mkDerivation rec {
-  version = "0.9.9";
+  version = "0.9.9.5";
   name = "mu-${version}";
 
   src = fetchurl {
     url = "https://mu0.googlecode.com/files/mu-${version}.tar.gz";
-    sha256 = "04r0y05awsyb5hqwaxn1hq9jxijw20hwsgdbacqrma519f0y5y43";
+    sha256 = "1hwkliyb8fjrz5sw9fcisssig0jkdxzhccw0ld0l9a10q1l9mqhp";
   };
 
-  buildInputs = [ sqlite pkgconfig xapian glib gmime texinfo emacs guile ];
+  buildInputs = [ sqlite pkgconfig xapian glib gmime texinfo emacs guile
+                  gtk3 webkit libsoup icu ];
 
-  meta = {
-    description = "mu is a collection of utilties for indexing and searching Maildirs";
-
-    licenses = [ "GPLv3+" ];
+  preBuild = ''
+    # Fix mu4e-builddir (set it to $out)
+    substituteInPlace mu4e/mu4e-meta.el.in \
+      --replace "@abs_top_builddir@" "$out"
 
-    homepage = "http://www.djcbsoftware.nl/code/mu/";
+    # We install msg2pdf to bin/msg2pdf, fix its location in elisp
+    substituteInPlace mu4e/mu4e-actions.el \
+      --replace "/toys/msg2pdf/msg2pdf" "/bin/msg2pdf"
+  '';
 
-    platforms = stdenv.lib.platforms.all;
+  # Install mug and msg2pdf
+  postInstall = ''
+    cp -v toys/msg2pdf/msg2pdf $out/bin/
+    cp -v toys/mug/mug $out/bin/
+  '';
 
-    maintainers = [ stdenv.lib.maintainers.antono ];
+  meta = {
+    description = "A collection of utilties for indexing and searching Maildirs";
+    license = "GPLv3+";
+    homepage = "http://www.djcbsoftware.nl/code/mu/";
+    platforms = stdenv.lib.platforms.mesaPlatforms;
+    maintainers = with stdenv.lib.maintainers; [ antono the-kenny ];
   };
 }
diff --git a/pkgs/tools/networking/netcat-openbsd/default.nix b/pkgs/tools/networking/netcat-openbsd/default.nix
new file mode 100644
index 000000000000..c7bbf3892d29
--- /dev/null
+++ b/pkgs/tools/networking/netcat-openbsd/default.nix
@@ -0,0 +1,32 @@
+{stdenv, fetchurl, pkgconfig, libbsd}:
+
+stdenv.mkDerivation rec {
+  name = "netcat-openbsd-1.105";
+  version = "1.105";
+
+  srcs = [
+    (fetchurl {
+      url = "mirror://debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.105.orig.tar.gz";
+      md5 = "7e67b22f1ad41a1b7effbb59ff28fca1";
+    })
+    (fetchurl {
+      url = "mirror://debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.105-7.debian.tar.gz";
+      md5 = "e914f8eb7eda5c75c679dd77787ac76b";
+    })
+  ];
+
+  buildInputs = [ pkgconfig libbsd ];
+  sourceRoot = name;
+  patches = [ "../debian/patches/*.patch" ];
+
+  installPhase = ''
+    install -Dm0755 nc $out/bin/nc
+  '';
+
+  meta = {
+    homepage = "http://packages.debian.org/netcat-openbsd";
+    description = "TCP/IP swiss army knife. OpenBSD variant.";
+    platforms = stdenv.lib.platforms.linux;
+  };
+
+}
diff --git a/pkgs/tools/networking/netrw/default.nix b/pkgs/tools/networking/netrw/default.nix
index 23ff6ddba55a..77ef6e0ad306 100644
--- a/pkgs/tools/networking/netrw/default.nix
+++ b/pkgs/tools/networking/netrw/default.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
   };
 
   meta = {
-    description = "A simple tool for transporting data over the network.";
+    description = "Simple tool for transporting data over the network";
     license = stdenv.lib.licenses.gpl2;
     homepage = "http://mamuti.net/netrw/index.en.html";
   };
diff --git a/pkgs/tools/networking/network-manager-applet/default.nix b/pkgs/tools/networking/network-manager-applet/default.nix
index 81bf7c908eff..a196c309197e 100644
--- a/pkgs/tools/networking/network-manager-applet/default.nix
+++ b/pkgs/tools/networking/network-manager-applet/default.nix
@@ -7,7 +7,7 @@
 let
   pn = "network-manager-applet";
   major = "0.9";
-  version = "${major}.8.2";
+  version = networkmanager.version;
 in
 
 stdenv.mkDerivation rec {
@@ -15,7 +15,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pn}/${major}/${name}.tar.xz";
-    sha256 = "1ixd19b7ap29lz9lq4mmlq9lqsmnisix1a33hrxrl68wjx1wfh55";
+    sha256 = "130rdin3wh9vlwhscbgh3lsssi89p5n4maws4y3l9ja720llk27n";
   };
 
   buildInputs = [
diff --git a/pkgs/tools/networking/network-manager/default.nix b/pkgs/tools/networking/network-manager/default.nix
index af35e3f71da2..25494d75f0dc 100644
--- a/pkgs/tools/networking/network-manager/default.nix
+++ b/pkgs/tools/networking/network-manager/default.nix
@@ -4,11 +4,11 @@
 
 stdenv.mkDerivation rec {
   name = "network-manager-${version}";
-  version = "0.9.8.0";
+  version = "0.9.8.4";
 
   src = fetchurl {
     url = "mirror://gnome/sources/NetworkManager/0.9/NetworkManager-${version}.tar.xz";
-    sha256 = "0sq9yvln0yjff1sgk483m98ca2x2sqk5vh4kmn382k9msvgbqrn3";
+    sha256 = "168dv290mc19szgv1l108i8gyha47wmyr41jlzwqvvibynmg17sc";
   };
 
   preConfigure = ''
@@ -59,6 +59,9 @@ stdenv.mkDerivation rec {
       
       # FIXME: Workaround until NixOS' dbus+systemd supports at_console policy
       substituteInPlace $out/etc/dbus-1/system.d/org.freedesktop.NetworkManager.conf --replace 'at_console="true"' 'group="networkmanager"'
+
+      # As NixOS doesn't seem to handle systemd Aliases, we just rename the dispatcher service file
+      mv $out/etc/systemd/system/NetworkManager-dispatcher.service $out/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service
     '';
 
   meta = with stdenv.lib; {
diff --git a/pkgs/tools/networking/network-manager/openconnect.nix b/pkgs/tools/networking/network-manager/openconnect.nix
index ccb5badd9031..fc9a964004e5 100644
--- a/pkgs/tools/networking/network-manager/openconnect.nix
+++ b/pkgs/tools/networking/network-manager/openconnect.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/0.9/${pname}-${version}.tar.xz";
-    sha256 = "16sdgrabbh2y7j6g9ic9lm5z6sxn7iz3j0xininkiwnjgbsqf961";
+    sha256 = "1dl7wcmibrzf9qnpchgk9fxfhw0j2hzzzqmylkm2c41iv81xrd4r";
   };
 
   buildInputs = [ openconnect networkmanager ]
diff --git a/pkgs/tools/networking/network-manager/openvpn.nix b/pkgs/tools/networking/network-manager/openvpn.nix
index c51bf09f99c0..b72312a1af2d 100644
--- a/pkgs/tools/networking/network-manager/openvpn.nix
+++ b/pkgs/tools/networking/network-manager/openvpn.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/0.9/${pname}-${version}.tar.xz";
-    sha256 = "1klmhcizp6fmbxjbyihsk2w0alnkyiw2a3ldgijq8s224k0z95j1";
+    sha256 = "11v63s1f3bsa7pmkvr7x65rsigh48wfqzsnixrwc3wqslsv5535g";
   };
 
   buildInputs = [ openvpn networkmanager ]
diff --git a/pkgs/tools/networking/network-manager/pptp.nix b/pkgs/tools/networking/network-manager/pptp.nix
index 41dda0086e4b..dc2c800e7971 100644
--- a/pkgs/tools/networking/network-manager/pptp.nix
+++ b/pkgs/tools/networking/network-manager/pptp.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation rec {
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/0.9/${pname}-${version}.tar.xz";
-    sha256 = "7f46ea61376d13d03685eca3f26a26e0022f6e92e6f1fc356034ca9717eb6dac";
+    sha256 = "7f46ea61376d13d03685eca3f26a26e0022f6e92e6f1fc356034ca9717eb6daa";
   };
 
   buildInputs = [ networkmanager pptp ppp ]
diff --git a/pkgs/tools/networking/network-manager/vpnc.nix b/pkgs/tools/networking/network-manager/vpnc.nix
index 683a7e76948d..10a497e0238f 100644
--- a/pkgs/tools/networking/network-manager/vpnc.nix
+++ b/pkgs/tools/networking/network-manager/vpnc.nix
@@ -4,11 +4,13 @@
 stdenv.mkDerivation rec {
   name = "${pname}${if withGnome then "-gnome" else ""}-${version}";
   pname = "NetworkManager-vpnc";
-  version = networkmanager.version;
+  # TODO: version doesn't match due to bad release
+  #version = networkmanager.version;
+  version = "0.9.8.6";
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/0.9/${pname}-${version}.tar.xz";
-    sha256 = "1hdigqfvsjlr1zr23lwmcsvcv1x74cqhfpwrd0j0zhhmjdb4ql74";
+    sha256 = "1mmbm3q27b3dbbs4vs976cxif8jdcs92j3ajdbgykrnl2gbnqc20";
   };
 
   buildInputs = [ vpnc networkmanager ]
diff --git a/pkgs/tools/networking/networkmanagement/default.nix b/pkgs/tools/networking/networkmanagement/default.nix
index 474a46387588..1c3191f3bf57 100644
--- a/pkgs/tools/networking/networkmanagement/default.nix
+++ b/pkgs/tools/networking/networkmanagement/default.nix
@@ -2,7 +2,7 @@
 
 let
   pname = "networkmanagement";
-  version = "0.9.0.4";
+  version = "0.9.0.9";
   name = "${pname}-${version}";
 in
 stdenv.mkDerivation {
@@ -10,7 +10,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "mirror://kde/unstable/${pname}/${version}/src/${name}.tar.bz2";
-    sha256 = "0mp2jai6f2qpywjwgvxcl1nh27idgy740vwiahfamq8w2y90a3aj";
+    sha256 = "1jiij9iz8v9mgcq811svmlyfvmvkazpclkf4yk7193m4y8yn19yn";
   };
 
   buildInputs = [ kdelibs kde_workspace networkmanager ];
diff --git a/pkgs/tools/networking/nylon/default.nix b/pkgs/tools/networking/nylon/default.nix
index 3d1563f9520d..9050423cfafb 100644
--- a/pkgs/tools/networking/nylon/default.nix
+++ b/pkgs/tools/networking/nylon/default.nix
@@ -13,7 +13,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = http://monkey.org/~marius/nylon;
-    description = "Proxy server, supporting SOCKS 4 and 5, as well as a mirror mode.";
+    description = "Proxy server, supporting SOCKS 4 and 5, as well as a mirror mode";
     license = "free";
   };
 }
diff --git a/pkgs/tools/networking/offlineimap/default.nix b/pkgs/tools/networking/offlineimap/default.nix
index a5b46ebbc3c6..fa1d2fb805a7 100644
--- a/pkgs/tools/networking/offlineimap/default.nix
+++ b/pkgs/tools/networking/offlineimap/default.nix
@@ -18,7 +18,7 @@ buildPythonPackage rec {
   ];
 
   meta = {
-    description = "OfflineImap synchronizes emails between two repositories, so that you can read the same mailbox from multiple computers.";
+    description = "Synchronize emails between two repositories, so that you can read the same mailbox from multiple computers";
     homepage = "http://offlineimap.org";
     license = pkgs.lib.licenses.gpl2Plus;
     maintainers = [ pkgs.lib.maintainers.garbas ];
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 6d3120e7b996..35586031ef55 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -71,7 +71,7 @@ stdenv.mkDerivation rec {
     homepage = http://www.openssh.org/;
     description = "An implementation of the SSH protocol";
     license = "bsd";
-    platforms = stdenv.lib.platforms.linux;
+    platforms = stdenv.lib.platforms.unix;
     maintainers = stdenv.lib.maintainers.eelco;
   };
 }
diff --git a/pkgs/tools/networking/p2p/amule/default.nix b/pkgs/tools/networking/p2p/amule/default.nix
index 43de92afe9aa..44384507a79d 100644
--- a/pkgs/tools/networking/p2p/amule/default.nix
+++ b/pkgs/tools/networking/p2p/amule/default.nix
@@ -46,7 +46,7 @@ mkDerivation rec {
 
   meta = {
     homepage = http://amule.org/;
-    description = "aMule, a peer-to-peer client for the eD2K and Kademlia networks";
+    description = "Peer-to-peer client for the eD2K and Kademlia networks";
 
     longDescription = ''
       aMule is an eMule-like client for the eD2k and Kademlia
diff --git a/pkgs/tools/networking/p2p/bit-tornado/default.nix b/pkgs/tools/networking/p2p/bit-tornado/default.nix
index 14e13a17559f..92458b3d1459 100644
--- a/pkgs/tools/networking/p2p/bit-tornado/default.nix
+++ b/pkgs/tools/networking/p2p/bit-tornado/default.nix
@@ -19,6 +19,6 @@ stdenv.mkDerivation {
   '';
 
   meta = {
-    description = "Bittorrent client with IPv6 support.";
+    description = "Bittorrent client with IPv6 support";
   };
 }
diff --git a/pkgs/tools/networking/pdsh/default.nix b/pkgs/tools/networking/pdsh/default.nix
index ec0b7c6f60b7..80fc075107c1 100644
--- a/pkgs/tools/networking/pdsh/default.nix
+++ b/pkgs/tools/networking/pdsh/default.nix
@@ -35,7 +35,7 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://code.google.com/p/pdsh/";
-    description = "A high-performance, parallel remote shell utility.";
+    description = "High-performance, parallel remote shell utility";
     license = "GPLv2";
 
     longDescription = ''
diff --git a/pkgs/tools/networking/proxychains/default.nix b/pkgs/tools/networking/proxychains/default.nix
index e2eeb73fc649..6778cf94907e 100644
--- a/pkgs/tools/networking/proxychains/default.nix
+++ b/pkgs/tools/networking/proxychains/default.nix
@@ -8,7 +8,7 @@ stdenv.mkDerivation {
   };
 
   meta = {
-    description = "Proxifier for SOCKS proxies.";
+    description = "Proxifier for SOCKS proxies";
     homepage = http://proxychains.sourceforge.net;
     license = "GPLv2+";
   };
diff --git a/pkgs/tools/networking/tinc/default.nix b/pkgs/tools/networking/tinc/default.nix
index dd6bfb82aab0..c2b25e863f20 100644
--- a/pkgs/tools/networking/tinc/default.nix
+++ b/pkgs/tools/networking/tinc/default.nix
@@ -1,12 +1,12 @@
 {stdenv, fetchurl, lzo, openssl, zlib}:
 
 stdenv.mkDerivation rec {
-  version = "1.0.21";
+  version = "1.0.22";
   name = "tinc-${version}";
 
   src = fetchurl {
     url = "http://www.tinc-vpn.org/packages/tinc-${version}.tar.gz";
-    sha256 = "12v1x9p4f8y9967ypwxhkr10q6pk4cdallr0k4lic0kcfsmmxhba";
+    sha256 = "0b2w5jic0zs8smfq2a9w99ql7lspb7jph3psmqaflw0hq4gdsfa7";
   };
 
   buildInputs = [ lzo openssl zlib ];
diff --git a/pkgs/tools/networking/trickle/default.nix b/pkgs/tools/networking/trickle/default.nix
index 646108525d3c..254dc168ec8c 100644
--- a/pkgs/tools/networking/trickle/default.nix
+++ b/pkgs/tools/networking/trickle/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation rec {
   configureFlags = "--with-libevent";
 
   meta = {
-    description = "Trickle, a portable lightweight userspace bandwidth shaper.";
+    description = "Lightweight userspace bandwidth shaper";
     license = "BSD";
     homepage = http://monkey.org/~marius/pages/?page=trickle;
     platforms = stdenv.lib.platforms.linux;
diff --git a/pkgs/tools/networking/unbound/default.nix b/pkgs/tools/networking/unbound/default.nix
index 98fc8e4d1451..ea9719dd9b29 100644
--- a/pkgs/tools/networking/unbound/default.nix
+++ b/pkgs/tools/networking/unbound/default.nix
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
     "--localstatedir=/var" ];
 
   meta = {
-    description = "Unbound, a validating, recursive, and caching DNS resolver.";
+    description = "Validating, recursive, and caching DNS resolver";
     license = "BSD";
     homepage = http://www.unbound.net;
     platforms = with stdenv.lib.platforms; linux;
diff --git a/pkgs/tools/package-management/cabal-install/1.18.0.1.nix b/pkgs/tools/package-management/cabal-install/1.18.0.2.nix
index ceb54effdd97..9b56f60546ce 100644
--- a/pkgs/tools/package-management/cabal-install/1.18.0.1.nix
+++ b/pkgs/tools/package-management/cabal-install/1.18.0.2.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "cabal-install";
-  version = "1.18.0.1";
-  sha256 = "0b44w4iqzaq5119zjkpagd3a2279kz6xq5pk5rqnlnfn8a8ihdbb";
+  version = "1.18.0.2";
+  sha256 = "0ah9yzp486p3cvs9b7nid0jmf0a56fg65s3jx2r8lb84pi50d92c";
   isLibrary = false;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/tools/package-management/nix-repl/default.nix b/pkgs/tools/package-management/nix-repl/default.nix
new file mode 100644
index 000000000000..648abe882c4f
--- /dev/null
+++ b/pkgs/tools/package-management/nix-repl/default.nix
@@ -0,0 +1,35 @@
+{ stdenv, fetchgit, nix, readline, boehmgc }:
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  name = "nix-repl-${getVersion nix}-${substring 0 7 src.rev}";
+
+  src = fetchgit {
+    url = https://github.com/edolstra/nix-repl.git;
+    rev = "81d658fe4afda234028cd4551e12491db4303957";
+    sha256 = "067mj8as99n0hkrr2qss3y3hnr8c5zy4n8bqx3z900n3j43cwzyc";
+  };
+
+  buildInputs = [ nix readline boehmgc ];
+
+  buildPhase = "true";
+
+  # FIXME: unfortunate cut&paste.
+  installPhase =
+    ''
+      mkdir -p $out/bin
+      g++ -O3 -Wall -std=c++0x \
+        -o $out/bin/nix-repl nix-repl.cc \
+        -I${nix}/include/nix -L${nix}/lib/nix \
+        -lformat -lutil -lstore -lexpr -lmain -lreadline -lgc
+    '';
+
+  meta = {
+    homepage = https://github.com/edolstra/nix-repl;
+    description = "An interactive environment for evaluating and building Nix expressions";
+    maintainers = [ maintainers.eelco ];
+    license = licenses.gpl3;
+    platforms = nix.meta.platforms;
+  };
+}
diff --git a/pkgs/tools/package-management/nix/default.nix b/pkgs/tools/package-management/nix/default.nix
index 89cf2d1e00e3..9b0b8b3f24e8 100644
--- a/pkgs/tools/package-management/nix/default.nix
+++ b/pkgs/tools/package-management/nix/default.nix
@@ -5,11 +5,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "nix-1.6";
+  name = "nix-1.6.1";
 
   src = fetchurl {
     url = "http://nixos.org/releases/nix/${name}/${name}.tar.xz";
-    sha256 = "2e451a6ad0b43997d8df71d29a7d20ef42f7715fe16efbf4b53bdcdd1d5227fe";
+    sha256 = "31d15f99b2405924a4be278334cc973a71999303631e6798c1d294db9be4bf84";
   };
 
   nativeBuildInputs = [ perl pkgconfig ];
@@ -69,5 +69,7 @@ stdenv.mkDerivation rec {
     description = "The Nix Deployment System";
     homepage = http://nixos.org/;
     license = "LGPLv2+";
+    maintainers = [ stdenv.lib.maintainers.eelco ];
+    platforms = stdenv.lib.platforms.all;
   };
 }
diff --git a/pkgs/tools/package-management/nix/unstable.nix b/pkgs/tools/package-management/nix/unstable.nix
index 17e860f7d7cd..7bdc8d1aefb6 100644
--- a/pkgs/tools/package-management/nix/unstable.nix
+++ b/pkgs/tools/package-management/nix/unstable.nix
@@ -5,11 +5,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "nix-1.6pre3220_fecad91";
+  name = "nix-1.7pre3267_2d9bb56";
 
   src = fetchurl {
-    url = "http://hydra.nixos.org/build/6038922/download/5/${name}.tar.xz";
-    sha256 = "0251b8cb7ad2a4974a9c8002c65f1c6e1b334be082d3dd2f085929594637f947";
+    url = "http://hydra.nixos.org/build/6611474/download/5/${name}.tar.xz";
+    sha256 = "f62b48910651c4651cd4473a0bb433d65cf60c93c0f80d589b26fec52b3b82b3";
   };
 
   nativeBuildInputs = [ perl pkgconfig ];
@@ -69,5 +69,7 @@ stdenv.mkDerivation rec {
     description = "The Nix Deployment System";
     homepage = http://nixos.org/;
     license = "LGPLv2+";
+    maintainers = [ stdenv.lib.maintainers.eelco ];
+    platforms = stdenv.lib.platforms.all;
   };
 }
diff --git a/pkgs/tools/package-management/nixops/default.nix b/pkgs/tools/package-management/nixops/default.nix
index 3381e3644fe5..b23c8139309d 100644
--- a/pkgs/tools/package-management/nixops/default.nix
+++ b/pkgs/tools/package-management/nixops/default.nix
@@ -1,12 +1,12 @@
 { lib, pythonPackages, fetchurl, libxslt, docbook5_xsl, openssh }:
 
 pythonPackages.buildPythonPackage rec {
-  name = "nixops-1.1";
+  name = "nixops-1.1.1";
   namePrefix = "";
 
   src = fetchurl {
     url = "http://nixos.org/releases/nixops/${name}/${name}.tar.bz2";
-    sha256 = "1i0v4v83s663izw6al63avhs0378rp3nxchy8nkb1zam5rj097z2";
+    sha256 = "0hb77cf9l8qcjp6a1gzkzv7k10j5zvp23ilxgx5x6j93602d5jwb";
   };
 
   buildInputs = [ libxslt ];
@@ -40,6 +40,6 @@ pythonPackages.buildPythonPackage rec {
     homepage = https://github.com/NixOS/nixops;
     description = "NixOS cloud provisioning and deployment tool";
     maintainers = [ lib.maintainers.eelco lib.maintainers.rob ];
-    platforms = lib.platforms.linux;
+    platforms = lib.platforms.unix;
   };
 }
diff --git a/pkgs/tools/security/apg/default.nix b/pkgs/tools/security/apg/default.nix
index 28f66e1e4929..2190a1ffbe63 100644
--- a/pkgs/tools/security/apg/default.nix
+++ b/pkgs/tools/security/apg/default.nix
@@ -12,7 +12,7 @@ stdenv.mkDerivation rec {
   patches = [ ./apg.patch ];
 
   meta = {
-    description = "A tool set for random password generation.";
+    description = "Tools for random password generation";
     longDescription = ''
       APG (Automated Password Generator) is the tool set for random
       password generation.
diff --git a/pkgs/tools/security/clamav/default.nix b/pkgs/tools/security/clamav/default.nix
index cb32085a8cfe..ec00137b36f7 100644
--- a/pkgs/tools/security/clamav/default.nix
+++ b/pkgs/tools/security/clamav/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://www.clamav.net;
-    description = "an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats.";
+    description = "Antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom ];
     platforms = platforms.linux;
diff --git a/pkgs/tools/security/fail2ban/default.nix b/pkgs/tools/security/fail2ban/default.nix
index 5ac059070801..1a443fc18b61 100644
--- a/pkgs/tools/security/fail2ban/default.nix
+++ b/pkgs/tools/security/fail2ban/default.nix
@@ -1,53 +1,53 @@
 { stdenv, fetchurl, pythonPackages, unzip, gamin }:
 
-let version = "0.8.6"; in
+let version = "0.8.10"; in
 
 pythonPackages.buildPythonPackage {
   name = "fail2ban-${version}";
   namePrefix = "";
 
   src = fetchurl {
-    url = "https://github.com/fail2ban/fail2ban/zipball/${version}";
-    name = "fail2ban-${version}.zip";
-    sha256 = "1linfz5qxmm4225lzi9vawsa79y41d3rcdahvrzlyqlhb02ipd55";
+    url    = "https://github.com/fail2ban/fail2ban/zipball/${version}";
+    name   = "fail2ban-${version}.zip";
+    sha256 = "0zbjwnghpdnzan7hn40cjjh2r06p2ph5kblpm0w1r72djwsk67x9";
   };
 
   buildInputs = [ unzip ];
 
   pythonPath = [ gamin ];
 
-  preConfigure =
-    ''
-      substituteInPlace setup.cfg \
-        --replace /usr $out
-
-      substituteInPlace setup.py \
-        --replace /etc $out/etc \
-        --replace /var $TMPDIR/var \
-
-      for i in fail2ban-client fail2ban-regex fail2ban-server; do
-        substituteInPlace $i \
-          --replace /usr/share/fail2ban $out/share/fail2ban
-      done
-      
-      for i in config/action.d/sendmail*.conf; do
-        substituteInPlace $i \
-          --replace /usr/sbin/sendmail sendmail \
-          --replace /usr/bin/whois whois
-      done
-    '';
+  preConfigure = ''
+    substituteInPlace setup.cfg \
+      --replace /usr $out
+
+    substituteInPlace setup.py \
+      --replace /usr $out \
+      --replace /etc $out/etc \
+      --replace /var $TMPDIR/var \
+
+    for i in fail2ban-client fail2ban-regex fail2ban-server; do
+      substituteInPlace $i \
+        --replace /usr/share/fail2ban $out/share/fail2ban
+    done
+
+    for i in config/action.d/sendmail*.conf; do
+      substituteInPlace $i \
+        --replace /usr/sbin/sendmail sendmail \
+        --replace /usr/bin/whois whois
+    done
+  '';
 
   doCheck = false;
-  
-  installCommand =
-    ''
-      python setup.py install --prefix=$out
-    '';
-
-  meta = {
-    homepage = http://www.fail2ban.org/;
+
+  installCommand = ''
+    python setup.py install --prefix=$out
+  '';
+
+  meta = with stdenv.lib; {
+    homepage    = http://www.fail2ban.org/;
     description = "A program that scans log files for repeated failing login attempts and bans IP addresses";
-    license = stdenv.lib.licenses.gpl2Plus;
-    maintainers = [ stdenv.lib.maintainers.eelco ];
+    license     = licenses.gpl2Plus;
+    maintainers = with maintainers; [ eelco lovek323 ];
+    platforms   = platforms.unix;
   };
 }
diff --git a/pkgs/tools/security/gnupg/default.nix b/pkgs/tools/security/gnupg/default.nix
index baa8dd87ec1f..f242c3f323ae 100644
--- a/pkgs/tools/security/gnupg/default.nix
+++ b/pkgs/tools/security/gnupg/default.nix
@@ -13,11 +13,11 @@ assert useUsb -> (libusb != null);
 assert useCurl -> (curl != null);
 
 stdenv.mkDerivation rec {
-  name = "gnupg-2.0.21";
+  name = "gnupg-2.0.22";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${name}.tar.bz2";
-    sha256 = "1xgf1q1phdawk6y66haaqcvfnlsqk12jmjin1m2d5x6fqw18kpq0";
+    sha256 = "0lg210acj2rxq291q4cwamg9gx6gh2prb1xa93y5jhw5b6r0lza3";
   };
 
   buildInputs
@@ -39,7 +39,7 @@ stdenv.mkDerivation rec {
 
   meta = {
     homepage = "http://gnupg.org/";
-    description = "GNU Privacy Guard (GnuPG), GNU Project's implementation of the OpenPGP standard";
+    description = "free implementation of the OpenPGP standard for encrypting and signing data";
     license = stdenv.lib.licenses.gpl3Plus;
 
     longDescription = ''
diff --git a/pkgs/tools/security/gnupg1/default.nix b/pkgs/tools/security/gnupg1/default.nix
index f9b959061da0..192970b5caed 100644
--- a/pkgs/tools/security/gnupg1/default.nix
+++ b/pkgs/tools/security/gnupg1/default.nix
@@ -1,38 +1,19 @@
-{ # Support for the IDEA cipher (used by the old PGP) should only be
-  # enabled if it is legal for you to do so.
-  ideaSupport ? false
-
-, stdenv, fetchurl, readline, bzip2
-}:
-
-let
-
-  idea = fetchurl {
-    url = http://tarballs.nixos.org/idea.c.gz;
-    md5 = "9dc3bc086824a8c7a331f35e09a3e57f";
-  };
-
-in
+{ stdenv, fetchurl, readline, bzip2 }:
 
 stdenv.mkDerivation rec {
-  name = "gnupg-1.4.13";
+  name = "gnupg-1.4.15";
 
   src = fetchurl {
     url = "mirror://gnupg/gnupg/${name}.tar.bz2";
-    sha1 = "17a75c54d292bd0923f0a1817a1b02ded37d1de1";
+    sha1 = "63ebf0ab375150903c65738070e4105200197fd4";
   };
 
   buildInputs = [ readline bzip2 ];
 
-  preConfigure = stdenv.lib.optionalString ideaSupport
-    ''
-      gunzip < ${idea} > ./cipher/idea.c
-    '';
-
   doCheck = true;
 
   meta = {
-    description = "GnuPG, a free implementation of the OpenPGP standard for encrypting and signing data";
+    description = "free implementation of the OpenPGP standard for encrypting and signing data";
     homepage = http://www.gnupg.org/;
     license = "GPLv3+";
     platforms = stdenv.lib.platforms.gnu; # arbitrary choice
diff --git a/pkgs/tools/security/haveged/default.nix b/pkgs/tools/security/haveged/default.nix
new file mode 100644
index 000000000000..48f9727b3c03
--- /dev/null
+++ b/pkgs/tools/security/haveged/default.nix
@@ -0,0 +1,27 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "haveged-${version}";
+  version = "1.7c";
+
+  src = fetchurl {
+    url = "http://www.issihosts.com/haveged/haveged-${version}.tar.gz";
+    sha256 = "08gi3d9lbrllk5lyxw8l65py88xhia48w758lqjddh3gv7g7wfa0";
+  };
+
+  meta = {
+    description = "A simple entropy daemon";
+    longDescription = ''
+      The haveged project is an attempt to provide an easy-to-use, unpredictable
+      random number generator based upon an adaptation of the HAVEGE algorithm.
+      Haveged was created to remedy low-entropy conditions in the Linux random device
+      that can occur under some workloads, especially on headless servers. Current development
+      of haveged is directed towards improving overall reliablity and adaptability while minimizing
+      the barriers to using haveged for other tasks.
+    '';
+    homepage = http://www.issihosts.com/haveged/;
+    license = stdenv.lib.licenses.gpl3;
+    maintainers = stdenv.lib.maintainers.iElectric;
+    platforms = stdenv.lib.platforms.unix;
+  };
+}
diff --git a/pkgs/tools/security/mkpasswd/default.nix b/pkgs/tools/security/mkpasswd/default.nix
index f131fcef4ce2..b27707a00159 100644
--- a/pkgs/tools/security/mkpasswd/default.nix
+++ b/pkgs/tools/security/mkpasswd/default.nix
@@ -4,11 +4,11 @@
 stdenv.mkDerivation rec {
   name = "mkpasswd-${version}";
 
-  version = "5.0.25";
+  version = "5.0.26";
 
   src = fetchurl {
     url = "http://ftp.debian.org/debian/pool/main/w/whois/whois_${version}.tar.xz";
-    sha256 = "0qb859vwd6g93cb5zbf19gpw2g2b9s1qlq4nqia1a966pjkvw1qj";
+    sha256 = "729625ef81425f4771e06492bb4f3e9f24bff75b8176044ce8d2f605f7ad6af5";
   };
 
   preConfigure = ''
diff --git a/pkgs/tools/security/pass/default.nix b/pkgs/tools/security/pass/default.nix
index ba86b0b1d9ce..e78002837c72 100644
--- a/pkgs/tools/security/pass/default.nix
+++ b/pkgs/tools/security/pass/default.nix
@@ -1,4 +1,6 @@
-{ stdenv, fetchurl, getopt }:
+{ stdenv, fetchurl
+, coreutils, gnused, getopt, pwgen, git, tree, gnupg
+, makeWrapper }:
 
 stdenv.mkDerivation rec {
   version = "1.4.2";
@@ -9,11 +11,13 @@ stdenv.mkDerivation rec {
     sha256 = "00m3q6dihrhw8cxsrham3bdqg5841an8ch4s3a4k5fynlcb802m1";
   };
 
+  buildInputs = [ makeWrapper ];
+
   meta = with stdenv.lib; {
-    description = "Stores, retrieves, generates, and synchronizes passwords securely.";
+    description = "Stores, retrieves, generates, and synchronizes passwords securely";
     homepage    = http://zx2c4.com/projects/password-store/;
     license     = licenses.gpl2Plus;
-    maintainers = with maintainers; [ lovek323 ];
+    maintainers = with maintainers; [ lovek323 the-kenny ];
     platforms   = platforms.unix;
 
     longDescription = ''
@@ -25,8 +29,6 @@ stdenv.mkDerivation rec {
     '';
   };
 
-  propagatedBuildInputs = [ getopt ];
-
   installPhase = ''
     # link zsh and fish completions
     sed -ie '22s/^#//' Makefile
@@ -44,5 +46,14 @@ stdenv.mkDerivation rec {
     sed -ie '34c GETOPT="${getopt}/bin/getopt"' \
       "$out/lib/password-store.platform.sh"
   '';
-}
 
+  postFixup = ''
+    # Fix program name in --help
+    substituteInPlace $out/bin/pass \
+      --replace "\$program" "pass"
+
+    # Ensure all dependencies are in PATH
+    wrapProgram $out/bin/pass \
+      --prefix PATH : "${coreutils}/bin:${gnused}/bin:${getopt}/bin:${gnupg}/bin:${git}/bin:${tree}/bin:${pwgen}/bin"
+  '';
+}
diff --git a/pkgs/tools/security/prey/default.nix b/pkgs/tools/security/prey/default.nix
new file mode 100644
index 000000000000..fe71806301dd
--- /dev/null
+++ b/pkgs/tools/security/prey/default.nix
@@ -0,0 +1,46 @@
+{ stdenv, fetchurl, fetchgit, curl, scrot, imagemagick, xawtv, inetutils, makeWrapper, coreutils
+, apiKey ? ""
+, deviceKey ? "" }:
+
+# TODO: this should assert keys are set, somehow if set through .override assertion fails
+#assert apiKey != "";
+#assert deviceKey != "";
+
+let
+  modulesSrc = fetchgit {
+    url = "git://github.com/prey/prey-bash-client-modules.git";
+    rev = "aba260ef110834cb2e92923a31f50c15970639ee";
+  };
+in stdenv.mkDerivation rec {
+  name = "prey-bash-client-${version}";
+  version = "0.6.0";
+
+  src = fetchurl {
+    url = "https://github.com/prey/prey-bash-client/archive/v${version}.tar.gz";
+    sha256 = "09cb15jh4jdwvix9nx048ajkw2r5jaflk68y3rkha541n8n0qwh0";
+  };
+
+  buildInputs = [ curl scrot imagemagick xawtv makeWrapper ];
+
+  phases = "unpackPhase installPhase";
+
+  installPhase = ''
+    substituteInPlace config --replace api_key=\'\' "api_key='${apiKey}'"
+    substituteInPlace config --replace device_key=\'\' "device_key='${deviceKey}'"
+
+    substituteInPlace prey.sh --replace /bin/bash $(type -Pp bash)
+    mkdir -p $out/modules
+    cp -R . $out
+    cp -R ${modulesSrc}/* $out/modules/
+    wrapProgram "$out/prey.sh" \
+      --prefix PATH ":" "${xawtv}/bin:${imagemagick}/bin:${curl}/bin:${scrot}/bin:${inetutils}/bin:${coreutils}/bin" \
+      --set CURL_CA_BUNDLE "/etc/ssl/certs/ca-bundle.crt"
+  '';
+
+  meta = with stdenv.lib; {
+    homepage = http://preyproject.com;
+    description = "Proven tracking software that helps you find, lock and recover your devices when stolen or missing";
+    maintainers = with maintainers; [ iElectric ];
+    license = licenses.gpl3;
+  };
+}
diff --git a/pkgs/tools/security/pwgen/default.nix b/pkgs/tools/security/pwgen/default.nix
index aaa3b577657f..ef91e69428a3 100644
--- a/pkgs/tools/security/pwgen/default.nix
+++ b/pkgs/tools/security/pwgen/default.nix
@@ -7,7 +7,7 @@ stdenv.mkDerivation {
     sha256 = "1afxbkdl9b81760pyb972k18dmidrciy3vzcnspp3jg0aa316yn8";
   };
   meta = {
-	description = "Small, GPL'ed password generator which creates passwords which can be easily memorized by a human.";
-        platforms = stdenv.lib.platforms.all;
+    description = "Password generator which creates passwords which can be easily memorized by a human";
+    platforms = stdenv.lib.platforms.all;
   };
 }
diff --git a/pkgs/tools/security/seccure/0.4.nix b/pkgs/tools/security/seccure/default.nix
index 33a77c078446..33a77c078446 100644
--- a/pkgs/tools/security/seccure/0.4.nix
+++ b/pkgs/tools/security/seccure/default.nix
diff --git a/pkgs/tools/security/sshuttle/default.nix b/pkgs/tools/security/sshuttle/default.nix
new file mode 100644
index 000000000000..61ba63862afa
--- /dev/null
+++ b/pkgs/tools/security/sshuttle/default.nix
@@ -0,0 +1,34 @@
+{ stdenv, fetchurl, iptables, python, pythonPackages }:
+  
+stdenv.mkDerivation rec {
+  name = "sshuttle-${version}";
+  version = "0.61";
+
+  src = fetchurl {
+    url = "https://github.com/apenwarr/sshuttle/archive/sshuttle-0.61.tar.gz";
+    sha256 = "1v2v1kbwnmx6ygzhbgqcmyafx914s2p7vjp7l0pf52sa7qkliy9b";
+  };
+
+  preBuild = ''
+   substituteInPlace Documentation/all.do --replace "/bin/ls" "$(type -tP ls)";
+   substituteInPlace Documentation/md2man.py --replace "/usr/bin/env python" "${python}/bin/python"
+  '';
+
+  phases = "unpackPhase installPhase";
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -R . $out
+    ln -s $out/sshuttle $out/bin/sshuttle
+  '';
+  
+
+  buildInputs = [ iptables python pythonPackages.markdown pythonPackages.beautifulsoup ];
+
+  meta = with stdenv.lib; {
+    homepage = https://github.com/apenwarr/sshuttle;
+    description = "Transparent proxy server that works as a poor man's VPN";
+    maintainers = with maintainers; [ iElectric ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch b/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch
new file mode 100644
index 000000000000..addf00796a8a
--- /dev/null
+++ b/pkgs/tools/security/tcpcrypt/0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch
@@ -0,0 +1,25 @@
+From 4ef50d76a2da61be60fea448690e24f35bc37299 Mon Sep 17 00:00:00 2001
+From: Peter Simons <simons@cryp.to>
+Date: Wed, 11 Sep 2013 17:19:29 +0200
+Subject: [PATCH] Run tcpcryptd under uid 93 instead of 666.
+
+---
+ user/src/linux.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/user/src/linux.c b/user/src/linux.c
+index b51e6b2..8199193 100644
+--- a/user/src/linux.c
++++ b/user/src/linux.c
+@@ -198,7 +198,7 @@ void linux_drop_privs(void)
+ 
+ 	cap_free(caps);
+ 
+-	if (setuid(666) == -1)
++	if (setuid(93) == -1)
+ 		err(1, "setuid()");
+ 
+ 	caps = cap_init();
+-- 
+1.8.3.4
+
diff --git a/pkgs/tools/security/tcpcrypt/default.nix b/pkgs/tools/security/tcpcrypt/default.nix
index 3026ed66d72f..17c6993826d8 100644
--- a/pkgs/tools/security/tcpcrypt/default.nix
+++ b/pkgs/tools/security/tcpcrypt/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv
+{ fetchurl, stdenv, autoconf, automake, libtool
 , openssl, libcap, libnfnetlink, libnetfilter_queue
 }:
 
@@ -14,9 +14,13 @@ stdenv.mkDerivation rec {
     name = "${name}.tar.gz";
   };
 
-  buildInputs = [ openssl libcap libnfnetlink libnetfilter_queue ];
+  dontStrip = true;
 
-  preConfigure = "cd user";
+  buildInputs = [ autoconf automake libtool openssl libcap libnfnetlink libnetfilter_queue ];
+
+  patches = [ ./0001-Run-tcpcryptd-under-uid-93-instead-of-666.patch ];
+
+  preConfigure = "cd user; autoreconf -i";
 
   meta = {
     homepage = "http://tcpcrypt.org/";
diff --git a/pkgs/tools/security/tor/torsocks.nix b/pkgs/tools/security/tor/torsocks.nix
index ac60ccb16a1f..0254b143edfd 100644
--- a/pkgs/tools/security/tor/torsocks.nix
+++ b/pkgs/tools/security/tor/torsocks.nix
@@ -1,14 +1,16 @@
-{ stdenv, fetchurl }:
+{ stdenv, fetchgit, autoreconfHook }:
 stdenv.mkDerivation rec {
   pname = "torsocks";
   name = "${pname}-${version}";
-  version = "1.2";
+  version = "1.3";
   
-  src = fetchurl {
-    url = "http://${pname}.googlecode.com/files/${name}.tar.gz";
-    sha256 = "1m0is5q24sf7jjlkl0icfkdc0m53nbkg0q72s57p48yp4hv7v9dy";
+  src = fetchgit {
+    url = meta.repositories.git;
+    rev = "refs/tags/${version}";
+    sha256 = "1cqplb36fkdb81kzf48xlxclf64wnp8r56x1gjayax1h6x4aal1w";
   };
 
+  buildInputs = [ autoreconfHook ];
   preConfigure = ''
       export configureFlags="$configureFlags --libdir=$out/lib"
   '';
@@ -16,6 +18,7 @@ stdenv.mkDerivation rec {
   meta = {
     description = "use socks-friendly applications with Tor";
     homepage = http://code.google.com/p/torsocks/;
+    repositories.git = https://git.torproject.org/torsocks.git;
     license = "GPLv2";
   };
 }
diff --git a/pkgs/tools/security/torbutton/default.nix b/pkgs/tools/security/torbutton/default.nix
index 348d96b00247..05bab06d3827 100644
--- a/pkgs/tools/security/torbutton/default.nix
+++ b/pkgs/tools/security/torbutton/default.nix
@@ -21,7 +21,12 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = https://www.torproject.org/torbutton/;
-    description = "the component in Tor Browser Bundle that takes care of application-level security and privacy concerns in Firefox. To keep you safe, Torbutton disables many types of active content.";
+    description = "Part of the Tor Browser Bundle";
+    longDescription = ''
+      The component in Tor Browser Bundle that takes care of application-level
+      security and privacy concerns in Firefox. To keep you safe, Torbutton
+      disables many types of active content.
+    '';
     license = licenses.mit;
     maintainers = [ maintainers.phreedom ];
     platforms = platforms.linux;
diff --git a/pkgs/tools/system/gptfdisk/default.nix b/pkgs/tools/system/gptfdisk/default.nix
index 9db39411854b..7c8c2ec09ed3 100644
--- a/pkgs/tools/system/gptfdisk/default.nix
+++ b/pkgs/tools/system/gptfdisk/default.nix
@@ -1,11 +1,11 @@
 { fetchurl, stdenv, libuuid, popt, icu, ncurses }:
 
 stdenv.mkDerivation rec {
-  name = "gptfdisk-0.8.5";
+  name = "gptfdisk-0.8.6";
 
   src = fetchurl {
     url = "mirror://sourceforge/gptfdisk/${name}.tar.gz";
-    sha256 = "1yaax2mga7n847x1ihbgvv4drzvndgnn4mii0mz1ab1150gnkk0m";
+    sha256 = "1cj7lribq8f3i4q6463q08bs42pvlzfj0iz2f2cnjn94hiacsya5";
   };
 
   buildInputs = [ libuuid popt icu ncurses ];
@@ -13,9 +13,11 @@ stdenv.mkDerivation rec {
   installPhase = ''
     mkdir -p $out/sbin
     mkdir -p $out/share/man/man8
-    install -v -m755 gdisk sgdisk fixparts $out/sbin
-    install -v -m644 gdisk.8 sgdisk.8 fixparts.8 \
-        $out/share/man/man8
+    for prog in gdisk sgdisk fixparts cgdisk
+    do
+        install -v -m755 $prog $out/sbin
+        install -v -m644 $prog.8 $out/share/man/man8
+    done
   '';
 
   meta = {
@@ -26,6 +28,7 @@ stdenv.mkDerivation rec {
     homepage = http://www.rodsbooks.com/gdisk/;
 
     maintainers = stdenv.lib.maintainers.shlevy;
+
     platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/tools/system/logcheck/default.nix b/pkgs/tools/system/logcheck/default.nix
index 1c57711940bf..7d15ade348cf 100644
--- a/pkgs/tools/system/logcheck/default.nix
+++ b/pkgs/tools/system/logcheck/default.nix
@@ -29,7 +29,7 @@ stdenv.mkDerivation rec {
  ];
 
   meta = {
-    description = "Mails anomalies in the system logfiles to the administrator.";
+    description = "Mails anomalies in the system logfiles to the administrator";
     longDescription = ''
       Mails anomalies in the system logfiles to the administrator.
 
diff --git a/pkgs/tools/system/lshw/default.nix b/pkgs/tools/system/lshw/default.nix
index a0f838cfcf93..930cb7b7bff0 100644
--- a/pkgs/tools/system/lshw/default.nix
+++ b/pkgs/tools/system/lshw/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
 
   meta = with stdenv.lib; {
     homepage = http://ezix.org/project/wiki/HardwareLiSter;
-    description = "A small tool to provide detailed information on the hardware configuration of the machine.";
+    description = "Provide detailed information on the hardware configuration of the machine";
     license = licenses.gpl2;
     maintainers = [ maintainers.phreedom ];
     platforms = platforms.linux;
diff --git a/pkgs/tools/system/pciutils/default.nix b/pkgs/tools/system/pciutils/default.nix
index 3f63d077c7fa..93486d3decf2 100644
--- a/pkgs/tools/system/pciutils/default.nix
+++ b/pkgs/tools/system/pciutils/default.nix
@@ -3,8 +3,8 @@
 let
   pciids = fetchurl {
     # Obtained from http://pciids.sourceforge.net/v2.2/pci.ids.bz2.
-    url = http://tarballs.nixos.org/pci.ids.20120929.bz2;
-    sha256 = "1q3i479ay88wam1zz1vbgkbqb2axg8av9qjxaigrqbnw2pv0srmb";
+    url = http://tarballs.nixos.org/pci.ids.20131006.bz2;
+    sha256 = "1vmshcgxqminiyh52pdcak24lm24qlic49py9cmkp96y1s48lvsc";
   };
 in
 stdenv.mkDerivation rec {
@@ -17,8 +17,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ pkgconfig zlib kmod which ];
 
-  # currently up-to-date
-  #preBuild = "bunzip2 < ${pciids} > pci.ids";
+  preBuild = "bunzip2 < ${pciids} > pci.ids";
 
   makeFlags = "SHARED=yes PREFIX=\${out}";
 
diff --git a/pkgs/tools/system/rsyslog/default.nix b/pkgs/tools/system/rsyslog/default.nix
index 0189d04902a2..3b5c06483845 100644
--- a/pkgs/tools/system/rsyslog/default.nix
+++ b/pkgs/tools/system/rsyslog/default.nix
@@ -14,9 +14,8 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.rsyslog.com/";
-    description = "Rsyslog is an enhanced syslogd. It can be used as a drop-in replacement for stock sysklogd.";
+    description = "Enhanced syslog implementation";
     license = "GPLv3";
-
     platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/tools/system/sleuthkit/default.nix b/pkgs/tools/system/sleuthkit/default.nix
index 86ec54ecb8fa..0148e3c699eb 100644
--- a/pkgs/tools/system/sleuthkit/default.nix
+++ b/pkgs/tools/system/sleuthkit/default.nix
@@ -1,48 +1,24 @@
-x@{builderDefsPackage
-  , libewf, afflib, openssl, zlib
-  , ...}:
-builderDefsPackage
-(a :  
-let 
-  helperArgNames = ["stdenv" "fetchurl" "builderDefsPackage"] ++ 
-    [];
+{ stdenv, fetchurl, libewf, afflib, openssl, zlib }:
 
-  buildInputs = map (n: builtins.getAttr n x)
-    (builtins.attrNames (builtins.removeAttrs x helperArgNames));
-  sourceInfo = rec {
-    baseName="sleuthkit";
-    version="3.2.2";
-    name="${baseName}-${version}";
-    url="mirror://sourceforge/project/${baseName}/${baseName}/${version}/${name}.tar.gz";
-    hash="02hik5xvbgh1dpisvc3wlhhq1aprnlsk0spbw6h5khpbq9wqnmgj";
-  };
-in
-rec {
-  src = a.fetchurl {
-    url = sourceInfo.url;
-    sha256 = sourceInfo.hash;
+stdenv.mkDerivation rec {
+  name = "sleuthkit-3.2.2";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/sleuthkit/${name}.tar.gz";
+    sha256 = "02hik5xvbgh1dpisvc3wlhhq1aprnlsk0spbw6h5khpbq9wqnmgj";
   };
 
-  inherit (sourceInfo) name version;
-  inherit buildInputs;
+  enableParallelBuilding = true;
+
+  buildInputs = [ libewf afflib openssl zlib ];
+
+  # Hack to fix the RPATH.
+  preFixup = "rm -rf */.libs";
 
-  /* doConfigure should be removed if not needed */
-  phaseNames = ["doConfigure" "doMakeInstall"];
-      
   meta = {
     description = "A forensic/data recovery tool";
-    maintainers = with a.lib.maintainers;
-    [
-      raskin
-    ];
-    platforms = with a.lib.platforms;
-      linux;
+    maintainers = [ stdenv.lib.maintainers.raskin ];
+    platforms = stdenv.lib.platforms.linux;
     license = "IBM Public License";
   };
-  passthru = {
-    updateInfo = {
-      downloadPage = "http://sourceforge.net/projects/sleuthkit/files/sleuthkit";
-    };
-  };
-}) x
-
+}
diff --git a/pkgs/tools/system/syslog-ng/default.nix b/pkgs/tools/system/syslog-ng/default.nix
index f5ee2f1bcbba..f2cb221cb321 100644
--- a/pkgs/tools/system/syslog-ng/default.nix
+++ b/pkgs/tools/system/syslog-ng/default.nix
@@ -13,9 +13,8 @@ stdenv.mkDerivation {
 
   meta = {
     homepage = "http://www.balabit.com/network-security/syslog-ng/";
-    description = "Next-generation syslogd with advanced networking and filtering capabilities.";
+    description = "Next-generation syslogd with advanced networking and filtering capabilities";
     license = "GPLv2";
-
     platforms = stdenv.lib.platforms.linux;
     maintainers = [ stdenv.lib.maintainers.simons ];
   };
diff --git a/pkgs/tools/system/vboot_reference/default.nix b/pkgs/tools/system/vboot_reference/default.nix
index ed48a9976d4c..e1c4734bbdaf 100644
--- a/pkgs/tools/system/vboot_reference/default.nix
+++ b/pkgs/tools/system/vboot_reference/default.nix
@@ -40,7 +40,7 @@ stdenv.mkDerivation rec {
   '';
 
   meta = {
-    description = "Chrome OS partitioning and kernel signing tools.";
+    description = "Chrome OS partitioning and kernel signing tools";
     license = stdenv.lib.licenses.bsd3;
     platforms = stdenv.lib.platforms.linux;
   };
diff --git a/pkgs/tools/text/poedit/default.nix b/pkgs/tools/text/poedit/default.nix
new file mode 100644
index 000000000000..10822f1809fb
--- /dev/null
+++ b/pkgs/tools/text/poedit/default.nix
@@ -0,0 +1,20 @@
+{ stdenv, fetchurl, wxGTK29, boost }:
+
+stdenv.mkDerivation rec {
+  name = "poedit-1.5.7";
+
+  src = fetchurl {
+    url = "http://prdownloads.sourceforge.net/poedit/${name}.tar.gz";
+    sha256 = "0y0gbkb1jvp61qhh8sh7ar8849mwirizc42pk57zpxy84an5qlr4";
+  };
+
+  buildInputs = [ wxGTK29 boost ];
+
+  meta = with stdenv.lib; {
+    description = "Cross-platform gettext catalogs (.po files) editor";
+    homepage = http://www.poedit.net/;
+    license = licenses.mit;
+    platforms = with platforms; unix;
+    maintainers = with maintainers; [ iElectric ];
+  };
+}
diff --git a/pkgs/tools/text/source-highlight/default.nix b/pkgs/tools/text/source-highlight/default.nix
index 148bbfce99da..e5928e162560 100644
--- a/pkgs/tools/text/source-highlight/default.nix
+++ b/pkgs/tools/text/source-highlight/default.nix
@@ -18,7 +18,7 @@ stdenv.mkDerivation {
   doCheck = true;
 
   meta = {
-    description = "GNU Source-Highlight, source code renderer with syntax highlighting";
+    description = "source code renderer with syntax highlighting";
     homepage = "http://www.gnu.org/software/src-highlite/";
     license = "GPLv3+";
     maintainers = [ ];
diff --git a/pkgs/tools/text/wgetpaste/default.nix b/pkgs/tools/text/wgetpaste/default.nix
index 04102093aae4..a47eb2ddf9f9 100644
--- a/pkgs/tools/text/wgetpaste/default.nix
+++ b/pkgs/tools/text/wgetpaste/default.nix
@@ -19,7 +19,7 @@
     '';
 
     meta = {
-      description = "wgetpaste";
+      description = "Command-line interface to various pastebins";
       homepage = http://wgetpaste.zlin.dk/;
       license = "publicDomain";
       maintainers = with stdenv.lib.maintainers; [qknight];
diff --git a/pkgs/tools/text/xml/html-xml-utils/default.nix b/pkgs/tools/text/xml/html-xml-utils/default.nix
new file mode 100644
index 000000000000..f52855dfc538
--- /dev/null
+++ b/pkgs/tools/text/xml/html-xml-utils/default.nix
@@ -0,0 +1,20 @@
+{ stdenv, fetchurl }:
+
+stdenv.mkDerivation rec {
+  name = "html-xml-utils-6.4";
+
+  src = fetchurl {
+    url = "http://www.w3.org/Tools/HTML-XML-utils/${name}.tar.gz";
+
+    sha256 = "0dqa8vjk5my728hmb7dhl6nbg7946fh905j0yzlwx7p7rg2zrxcp";
+  };
+
+  patches = [ ./no-Boolean-type.patch ];
+
+  meta = {
+    description = "Utilities for manipulating HTML and XML files";
+    homepage = http://www.w3.org/Tools/HTML-XML-utils/;
+    license = "free-non-copyleft";
+    maintainers = [ stdenv.lib.maintainers.shlevy ];
+  };
+}
diff --git a/pkgs/tools/text/xml/html-xml-utils/no-Boolean-type.patch b/pkgs/tools/text/xml/html-xml-utils/no-Boolean-type.patch
new file mode 100644
index 000000000000..f675c4280e78
--- /dev/null
+++ b/pkgs/tools/text/xml/html-xml-utils/no-Boolean-type.patch
@@ -0,0 +1,20 @@
+diff -Naur html-xml-utils-6.4-orig/openurl.c html-xml-utils-6.4/openurl.c
+--- html-xml-utils-6.4-orig/openurl.c	2012-10-23 09:55:12.000000000 -0400
++++ html-xml-utils-6.4/openurl.c	2013-10-17 14:05:11.424077842 -0400
+@@ -66,6 +66,7 @@
+ #include <stdlib.h>
+ #include <stdarg.h>
+ #include <assert.h>
++#include <stdbool.h>
+ #include "export.h"
+ #if HAVE_LIBCURL && !HAVE_FOPENCOOKIE
+ # include "fopencookie.e"	/* Use our own fopencookie() */
+@@ -505,7 +506,7 @@
+ 			const conststring path, Dictionary request,
+ 			Dictionary response, int maxredirs, int *status)
+ {
+-  Boolean delete_response = !response;
++  bool delete_response = !response;
+   conststring h, v;
+   char buf[BUFLEN];
+   int fd, n, i;
diff --git a/pkgs/tools/typesetting/asciidoc/default.nix b/pkgs/tools/typesetting/asciidoc/default.nix
index f392ad065cc8..aeeaf04e7bad 100644
--- a/pkgs/tools/typesetting/asciidoc/default.nix
+++ b/pkgs/tools/typesetting/asciidoc/default.nix
@@ -1,32 +1,263 @@
-{ fetchurl, stdenv, python }:
+{ fetchurl, stdenv, python
+
+, enableStandardFeatures ? false
+, sourceHighlight ? null
+, highlight ? null
+, pygments ? null
+, graphviz ? null
+, tetex ? null
+, dblatexFull ? null
+, libxslt ? null
+, w3m ? null
+, lynx ? null
+, imagemagick ? null
+, lilypond ? null
+, libxml2 ? null
+, docbook_xml_dtd_45 ? null
+, docbook5_xsl ? null
+, docbook_xsl ? null
+, fop ? null
+# TODO: Package this:
+#, epubcheck ? null
+, gnused ? null
+, coreutils ? null
+
+, unzip ? null
+# filters
+, enableDitaaFilter ? false, jre ? null
+, enableMscgenFilter ? false, mscgen ? null
+, enableDiagFilter ? false, blockdiag ? null, seqdiag ? null, actdiag ? null, nwdiag ? null
+, enableQrcodeFilter ? false, qrencode ? null
+, enableMatplotlibFilter ? false, matplotlib ? null, numpy ? null
+, enableAafigureFilter ? false, aafigure ? null, recursivePthLoader ? null
+# backends
+, enableDeckjsBackend ? false
+, enableOdfBackend ? false
+}:
+
+assert enableStandardFeatures ->
+  sourceHighlight != null &&
+  highlight != null &&
+  pygments != null &&
+  graphviz != null &&
+  tetex != null &&
+  dblatexFull != null &&
+  libxslt != null &&
+  w3m != null &&
+  lynx != null &&
+  imagemagick != null &&
+  lilypond != null &&
+  libxml2 != null &&
+  docbook_xml_dtd_45 != null &&
+  docbook5_xsl != null &&
+  docbook_xsl != null &&
+  fop != null &&
+# TODO: Package this:
+#  epubcheck != null &&
+  gnused != null &&
+  coreutils != null;
+
+# filters
+assert (enableDitaaFilter || enableMscgenFilter || enableDiagFilter || enableQrcodeFilter || enableAafigureFilter) -> unzip != null;
+assert enableDitaaFilter -> jre != null;
+assert enableMscgenFilter -> mscgen != null;
+assert enableDiagFilter -> blockdiag != null && seqdiag != null && actdiag != null && nwdiag != null;
+assert enableMatplotlibFilter -> matplotlib != null && numpy != null;
+assert enableAafigureFilter -> aafigure != null && recursivePthLoader != null;
+# backends
+assert (enableDeckjsBackend || enableOdfBackend) -> unzip != null;
+
+let
+
+  #
+  # filters
+  #
+
+  ditaaFilterSrc = fetchurl {
+    url = "https://asciidoc-ditaa-filter.googlecode.com/files/ditaa-filter-1.1.zip";
+    sha256 = "0p7hm2a1xywx982ia3vg4c0lam5sz0xknsc10i2a5vswy026naf6";
+  };
+
+  mscgenFilterSrc = fetchurl {
+    url = "https://asciidoc-mscgen-filter.googlecode.com/files/mscgen-filter-1.2.zip";
+    sha256 = "1nfwmj375gpv5dn9i770pjv59aihzy2kja0fflsk96xwnlqsqq61";
+  };
+
+  diagFilterSrc = fetchurl {
+    # unfortunately no version number
+    url = "https://asciidoc-diag-filter.googlecode.com/files/diag_filter.zip";
+    sha256 = "1qlqrdbqkdqqgfdhjsgdws1al0sacsyq6jmwxdfy7r8k7bv7n7mm";
+  };
+
+  qrcodeFilterSrc = fetchurl {
+    url = "https://asciidoc-qrencode-filter.googlecode.com/files/qrcode-filter-1.0.zip";
+    sha256 = "0h4bql1nb4y4fmg2yvlpfjhvy22ln8jsaxdr10f8bfcg5lr0zkxs";
+  };
+
+  # there are no archives or tags, using latest commit in master branch as per 2013-09-22
+  matplotlibFilterSrc = let commit = "75f0d009629f93f33fab04b83faca20cc35dd358"; in fetchurl rec {
+    name = "mplw-${commit}.tar.gz";
+    url = "https://api.github.com/repos/lvv/mplw/tarball/${commit}";
+    sha256 = "0yfhkm2dr8gnp0fcg25x89hwiymkri2m5cyqzmzragzwj0hbmcf1";
+  };
+
+  aafigureFilterSrc = fetchurl {
+    url = "https://asciidoc-aafigure-filter.googlecode.com/files/aafigure-filter-1.1.zip";
+    sha256 = "1hq2s30dvmv5dqvj0xm1qwdwafhgm9w1iyr0lr0c40cyk8h00j8j";
+  };
+
+  #
+  # backends
+  #
+
+  deckjsBackendSrc = fetchurl {
+    url = "https://github.com/downloads/houqp/asciidoc-deckjs/deckjs-1.6.2.zip";
+    sha256 = "1siy1j8naj5irrrrv5bfgl4d8nal6j9pyahy4f50wmrr9wv59s46";
+  };
+
+  # the odf backend is actually two plugins: odt + odp
+  odtBackendSrc = fetchurl {
+    url = "https://github.com/downloads/dagwieers/asciidoc-odf/odt-backend-0.1.zip";
+    sha256 = "1zaa97h9sx6ncxcdkl1x3ggydi7f8kjgvrnpjnkjiizi45k350kw";
+  };
+  odpBackendSrc = fetchurl {
+    url = "https://github.com/downloads/dagwieers/asciidoc-odf/odp-backend-0.1.zip";
+    sha256 = "08ya4bskygzqkfqwjllpg31qc5k08xp2k78z9b2480g8y57bfy10";
+  };
+
+in
 
 stdenv.mkDerivation rec {
   name = "asciidoc-8.6.8";
+
   src = fetchurl {
     url = "mirror://sourceforge/asciidoc/${name}.tar.gz";
     sha256 = "ffb67f59dccaf6f15db72fcd04fdf21a2f9b703d31f94fcd0c49a424a9fcfbc4";
   };
 
-  patchPhase = ''
-    for n in `find . -name \*.py `; do
-      sed -i -e "s,^#!/usr/bin/env python,#!${python}/bin/python,g" "$n"
+  buildInputs = [ python unzip ];
+
+  # install filters early, so their shebangs are patched too
+  patchPhase = with stdenv.lib; ''
+    mkdir -p "$out/etc/asciidoc/filters"
+    mkdir -p "$out/etc/asciidoc/backends"
+  '' + optionalString enableDitaaFilter ''
+    echo "Extracting ditaa filter"
+    unzip -d "$out/etc/asciidoc/filters/ditaa" "${ditaaFilterSrc}"
+    sed -i -e "s|java -jar|${jre}/bin/java -jar|" \
+        "$out/etc/asciidoc/filters/ditaa/ditaa2img.py"
+  '' + optionalString enableMscgenFilter ''
+    echo "Extracting mscgen filter"
+    unzip -d "$out/etc/asciidoc/filters/mscgen" "${mscgenFilterSrc}"
+    sed -i -e "s|filter-wrapper.py mscgen|filter-wrapper.py ${mscgen}/bin/mscgen|" \
+        "$out/etc/asciidoc/filters/mscgen/mscgen-filter.conf"
+  '' + optionalString enableDiagFilter ''
+    echo "Extracting diag filter"
+    unzip -d "$out/etc/asciidoc/filters/diag" "${diagFilterSrc}"
+    sed -i \
+        -e "s|filter='blockdiag|filter=\'${blockdiag}/bin/blockdiag|" \
+        -e "s|filter='seqdiag|filter=\'${seqdiag}/bin/seqdiag|" \
+        -e "s|filter='actdiag|filter=\'${actdiag}/bin/actdiag|" \
+        -e "s|filter='nwdiag|filter=\'${nwdiag}/bin/nwdiag|" \
+        -e "s|filter='packetdiag|filter=\'${nwdiag}/bin/packetdiag|" \
+        "$out/etc/asciidoc/filters/diag/diag-filter.conf"
+  '' + optionalString enableQrcodeFilter ''
+    echo "Extracting qrcode filter"
+    unzip -d "$out/etc/asciidoc/filters/qrcode" "${qrcodeFilterSrc}"
+    sed -i -e "s|systemcmd('qrencode|systemcmd('${qrencode}/bin/qrencode|" \
+        "$out/etc/asciidoc/filters/qrcode/qrcode2img.py"
+  '' + optionalString enableMatplotlibFilter ''
+    echo "Extracting mpl (matplotlib) filter"
+    mkdir -p "$out/etc/asciidoc/filters/mpl"
+    tar xvf "${matplotlibFilterSrc}" -C "$out/etc/asciidoc/filters/mpl" --strip-components=1
+    # Stop asciidoc from loading mpl/.old/chart-filter.conf
+    rm -rf "$out/etc/asciidoc/filters/mpl/.old"
+    # Add matplotlib and numpy to sys.path
+    matplotlib_path="$(toPythonPath ${matplotlib})"
+    numpy_path="$(toPythonPath ${numpy})"
+    sed -i "/^import.*sys/asys.path.append(\"$matplotlib_path\"); sys.path.append(\"$numpy_path\");" \
+        "$out/etc/asciidoc/filters/mpl/mplw.py"
+  '' + optionalString enableAafigureFilter ''
+    echo "Extracting aafigure filter"
+    unzip -d "$out/etc/asciidoc/filters/aafigure" "${aafigureFilterSrc}"
+    # Add aafigure to sys.path (and it needs recursive-pth-loader)
+    pth_loader_path="$(toPythonPath ${recursivePthLoader})"
+    aafigure_path="$(toPythonPath ${aafigure})"
+    sed -i "/^import.*sys/asys.path.append(\"$pth_loader_path\"); sys.path.append(\"$aafigure_path\"); import sitecustomize" \
+        "$out/etc/asciidoc/filters/aafigure/aafig2img.py"
+  '' + optionalString enableDeckjsBackend ''
+    echo "Extracting deckjs backend"
+    unzip -d "$out/etc/asciidoc/backends/deckjs" "${deckjsBackendSrc}"
+  '' + optionalString enableOdfBackend ''
+    echo "Extracting odf backend (odt + odp)"
+    unzip -d "$out/etc/asciidoc/backends/odt" "${odtBackendSrc}"
+    unzip -d "$out/etc/asciidoc/backends/odp" "${odpBackendSrc}"
+    # The odt backend has a TODO note about removing this hardcoded path, but
+    # the odp backend already has that fix. Copy it here until fixed upstream.
+    sed -i "s|'/etc/asciidoc/backends/odt/asciidoc.ott'|os.path.dirname(__file__),'asciidoc.ott'|" \
+        "$out/etc/asciidoc/backends/odt/a2x-backend.py"
+  '' + optionalString enableStandardFeatures ''
+    sed -e "s|dot|${graphviz}/bin/dot|g" \
+        -e "s|neato|${graphviz}/bin/neato|g" \
+        -e "s|twopi|${graphviz}/bin/circo|g" \
+        -e "s|circo|${graphviz}/bin/circo|g" \
+        -e "s|fdp|${graphviz}/bin/fdp|g" \
+        -i "filters/graphviz/graphviz2png.py"
+
+    sed -e "s|run('latex|run('${tetex}/bin/latex|g" \
+        -e "s|cmd = 'dvipng'|cmd = '${tetex}/bin/dvipng'|g" \
+        -i "filters/latex/latex2png.py"
+
+    sed -e "s|run('abc2ly|run('${lilypond}/bin/abc2ly|g" \
+        -e "s|run('lilypond|run('${lilypond}/bin/lilypond|g" \
+        -e "s|run('convert|run('${imagemagick}/bin/convert|g" \
+        -i "filters/music/music2png.py"
+
+    sed -e 's|filter="source-highlight|filter="${sourceHighlight}/bin/source-highlight|' \
+        -e 's|filter="highlight|filter="${highlight}/bin/highlight|' \
+        -e 's|filter="pygmentize|filter="${pygments}/bin/pygmentize|' \
+        -i "filters/source/source-highlight-filter.conf"
+
+    # ENV is custom environment passed to programs that a2x invokes. Here we
+    # use it to work around an impurity in the tetex package; tetex tools
+    # cannot find their neighbours (e.g. pdflatex doesn't find mktextfm).
+    # We can remove PATH= when those impurities are fixed.
+    sed -e "s|^ENV =.*|ENV = dict(XML_CATALOG_FILES='${docbook_xml_dtd_45}/xml/dtd/docbook/catalog.xml ${docbook5_xsl}/xml/xsl/docbook/catalog.xml ${docbook_xsl}/xml/xsl/docbook/catalog.xml', PATH='${tetex}/bin:${coreutils}/bin:${gnused}/bin')|" \
+        -e "s|^ASCIIDOC =.*|ASCIIDOC = '$out/bin/asciidoc'|" \
+        -e "s|^XSLTPROC =.*|XSLTPROC = '${libxslt}/bin/xsltproc'|" \
+        -e "s|^DBLATEX =.*|DBLATEX = '${dblatexFull}/bin/dblatex'|" \
+        -e "s|^FOP =.*|FOP = '${fop}/bin/fop'|" \
+        -e "s|^W3M =.*|W3M = '${w3m}/bin/w3m'|" \
+        -e "s|^LYNX =.*|LYNX = '${lynx}/bin/lynx'|" \
+        -e "s|^XMLLINT =.*|XMLLINT = '${libxml2}/bin/xmllint'|" \
+        -e "s|^EPUBCHECK =.*|EPUBCHECK = 'nixpkgs_is_missing_epubcheck'|" \
+        -i a2x.py
+  '' + ''
+    for n in $(find "$out" . -name \*.py); do
+      sed -i -e "s,^#![[:space:]]*.*/bin/env python,#!${python}/bin/python,g" "$n"
       chmod +x "$n"
     done
+
     sed -i -e "s,/etc/vim,,g" Makefile.in
   '';
 
   preInstall = "mkdir -p $out/etc/vim";
 
-  buildInputs = [ python ];
-
-  meta = {
-    homepage = "http://www.methods.co.nz/asciidoc/";
-    description = "ASCII text-based document generation system";
-    license = "GPLv2+";
-
+  meta = with stdenv.lib; {
+    description = "Text-based document generation system";
     longDescription = ''
-      AsciiDoc is a text-based document generation system.  AsciiDoc
-      input files can be translated to HTML and DocBook markups.
+      AsciiDoc is a text document format for writing notes, documentation,
+      articles, books, ebooks, slideshows, web pages, man pages and blogs.
+      AsciiDoc files can be translated to many formats including HTML, PDF,
+      EPUB, man page.
+
+      AsciiDoc is highly configurable: both the AsciiDoc source file syntax and
+      the backend output markups (which can be almost any type of SGML/XML
+      markup) can be customized and extended by the user.
     '';
+    homepage = "http://www.methods.co.nz/asciidoc/";
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
   };
 }
diff --git a/pkgs/tools/typesetting/fop/default.nix b/pkgs/tools/typesetting/fop/default.nix
new file mode 100644
index 000000000000..bc4486ed49cf
--- /dev/null
+++ b/pkgs/tools/typesetting/fop/default.nix
@@ -0,0 +1,56 @@
+{ fetchurl, stdenv, ant, jdk }:
+
+stdenv.mkDerivation rec {
+  name = "fop-1.1";
+
+  src = fetchurl {
+    url = "http://apache.uib.no/xmlgraphics/fop/source/${name}-src.tar.gz";
+    sha256 = "08i56d57w5dl5bqchr34x9165hvi5h4bhiflxhi0a4wd56rlq5jq";
+  };
+
+  buildInputs = [ ant jdk ];
+
+  buildPhase = ''
+    ant
+  '';
+
+  installPhase = ''
+    mkdir -p "$out/bin"
+    mkdir -p "$out/lib"
+    mkdir -p "$out/share/doc/fop"
+
+    cp build/*.jar lib/*.jar "$out/lib/"
+    cp -r README examples/ "$out/share/doc/fop/"
+
+    # There is a fop script in the source archive, but it has many impurities.
+    # Instead of patching out 90 % of the script, we write our own.
+    cat > "$out/bin/fop" <<EOF
+    #!${stdenv.shell}
+    java_exec_args="-Djava.awt.headless=true"
+    # Note the wildcard; it will be passed to java and java will expand it
+    LOCALCLASSPATH="$out/lib/*"
+    exec "${jdk}/bin/java" \$java_exec_args -classpath "\$LOCALCLASSPATH" org.apache.fop.cli.Main "\$@"
+    EOF
+    chmod a+x "$out/bin/fop"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "XML formatter driven by XSL Formatting Objects (XSL-FO)";
+    longDescription = ''
+      FOP is a Java application that reads a formatting object tree and then
+      turns it into a wide variety of output presentations (including AFP, PCL,
+      PDF, PNG, PostScript, RTF, TIFF, and plain text), or displays the result
+      on-screen.
+
+      The formatting object tree can be in the form of an XML document (output
+      by an XSLT engine like xalan) or can be passed in memory as a DOM
+      Document or (in the case of xalan) SAX events.
+
+      This package contains the fop command line tool.
+    '';
+    homepage = http://xmlgraphics.apache.org/fop/;
+    license = licenses.asl20;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}
diff --git a/pkgs/tools/typesetting/pdf2djvu/default.nix b/pkgs/tools/typesetting/pdf2djvu/default.nix
index b7204b957842..b97252e74de0 100644
--- a/pkgs/tools/typesetting/pdf2djvu/default.nix
+++ b/pkgs/tools/typesetting/pdf2djvu/default.nix
@@ -1,12 +1,12 @@
 {stdenv, fetchurl, pkgconfig, djvulibre, poppler, fontconfig, libjpeg }:
 
 stdenv.mkDerivation rec {
-  version = "0.7.16";
+  version = "0.7.17";
   name = "pdf2djvu-${version}";
 
   src = fetchurl {
     url = "http://pdf2djvu.googlecode.com/files/pdf2djvu_${version}.tar.gz";
-    sha256 = "1yg4ppqxpfda89yi4c3rrq2zhar5dzyqypvqdvdd0r7is2321nnv";
+    sha256 = "1nplcabb8526bs5707k9212pi000wnskq3c9hbq9acgmdlnnwvgy";
   };
 
   buildInputs = [ pkgconfig djvulibre poppler fontconfig libjpeg ];
diff --git a/pkgs/tools/typesetting/tex/auctex/default.nix b/pkgs/tools/typesetting/tex/auctex/default.nix
index 9774d7d1a948..3a8b41da6609 100644
--- a/pkgs/tools/typesetting/tex/auctex/default.nix
+++ b/pkgs/tools/typesetting/tex/auctex/default.nix
@@ -6,7 +6,7 @@ stdenv.mkDerivation ( rec {
   name = "${pname}-${version}";
 
   meta = {
-    description = "AUCTeX is an extensible package for writing and formatting TeX files in GNU Emacs and XEmacs.";
+    description = "Extensible package for writing and formatting TeX files in GNU Emacs and XEmacs";
     homepage = http://www.gnu.org/software/auctex;
   };
 
diff --git a/pkgs/tools/typesetting/tex/dblatex/default.nix b/pkgs/tools/typesetting/tex/dblatex/default.nix
index fa4746a562ea..6993158291c2 100644
--- a/pkgs/tools/typesetting/tex/dblatex/default.nix
+++ b/pkgs/tools/typesetting/tex/dblatex/default.nix
@@ -1,4 +1,15 @@
-{ stdenv, fetchurl, python, libxslt, tetex }:
+{ stdenv, fetchurl, python, libxslt, tetex
+, enableAllFeatures ? false, imagemagick ? null, transfig ? null, inkscape ? null, fontconfig ? null, ghostscript ? null }:
+
+# NOTE: enableAllFeatures just purifies the expression, it doesn't actually
+# enable any extra features.
+
+assert enableAllFeatures ->
+  imagemagick != null &&
+  transfig != null &&
+  inkscape != null &&
+  fontconfig != null &&
+  ghostscript != null;
 
 stdenv.mkDerivation rec {
   name = "dblatex-0.3.4";
@@ -8,15 +19,39 @@ stdenv.mkDerivation rec {
     sha256 = "120w3wm07qx0k1grgdhjwm2vpwil71icshjvqznskp1f6ggch290";
   };
 
+  buildInputs = [ python libxslt tetex ]
+    ++ stdenv.lib.optionals enableAllFeatures [ imagemagick transfig ];
+
+  # TODO: dblatex tries to execute texindy command, but nixpkgs doesn't have
+  # that yet. In Ubuntu, texindy is a part of the xindy package.
+  preConfigure = ''
+    sed -i 's|self.install_layout == "deb"|False|' setup.py
+  '' + stdenv.lib.optionalString enableAllFeatures ''
+    for file in $(find -name "*.py"); do
+        sed -e 's|cmd = \["xsltproc|cmd = \["${libxslt}/bin/xsltproc|g' \
+            -e 's|Popen(\["xsltproc|Popen(\["${libxslt}/bin/xsltproc|g' \
+            -e 's|cmd = \["texindy|cmd = ["nixpkgs_is_missing_texindy|g' \
+            -e 's|cmd = "epstopdf|cmd = "${tetex}/bin/epstopdf|g' \
+            -e 's|cmd = \["makeindex|cmd = ["${tetex}/bin/makeindex|g' \
+            -e 's|doc.program = "pdflatex"|doc.program = "${tetex}/bin/pdflatex"|g' \
+            -e 's|self.program = "latex"|self.program = "${tetex}/bin/latex"|g' \
+            -e 's|Popen("pdflatex|Popen("${tetex}/bin/pdflatex|g' \
+            -e 's|"fc-match"|"${fontconfig}/bin/fc-match"|g' \
+            -e 's|"fc-list"|"${fontconfig}/bin/fc-list"|g' \
+            -e 's|cmd = "inkscape|cmd = "${inkscape}/bin/inkscape|g' \
+            -e 's|cmd = "fig2dev|cmd = "${transfig}/bin/fig2dev|g' \
+            -e 's|cmd = \["ps2pdf|cmd = ["${ghostscript}/bin/ps2pdf|g' \
+            -e 's|cmd = "convert|cmd = "${imagemagick}/bin/convert|g' \
+            -i "$file"
+    done
+  '';
+
   buildPhase = "true";
   
   installPhase = ''
-    sed -i 's|self.install_layout == "deb"|False|' setup.py
-    python ./setup.py install --prefix=$out
+    python ./setup.py install --prefix="$out" --use-python-path --verbose
   '';
 
-  buildInputs = [ python libxslt tetex ];
-
   meta = {
     description = "A program to convert DocBook to DVI, PostScript or PDF via LaTeX or ConTeXt";
     homepage = http://dblatex.sourceforge.net/;
diff --git a/pkgs/tools/typesetting/tex/tex4ht/default.nix b/pkgs/tools/typesetting/tex/tex4ht/default.nix
index 24612de549e0..f903ef5792f4 100644
--- a/pkgs/tools/typesetting/tex/tex4ht/default.nix
+++ b/pkgs/tools/typesetting/tex/tex4ht/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
     for f in src/tex4ht src/t4ht src/htcmd "bin/unix/"*; do
       mv $f $out/bin/
     done
-    mv texmf $out/
+    mv texmf $out/texmf-dist
   '';
 
   meta = {
diff --git a/pkgs/tools/typesetting/tex/texlive/aggregate.nix b/pkgs/tools/typesetting/tex/texlive/aggregate.nix
index 84fa1cfab75a..2d1de93fed87 100644
--- a/pkgs/tools/typesetting/tex/texlive/aggregate.nix
+++ b/pkgs/tools/typesetting/tex/texlive/aggregate.nix
@@ -3,6 +3,7 @@ rec {
   name = "TeXLive-linkdir";
 
   buildInputs = lib.closePropagation paths
+    ++ [perl]
     ++ stdenv.lib.optional stdenv.isDarwin makeWrapper;
 
   phaseNames = [ "doAggregate" ];
@@ -11,12 +12,15 @@ rec {
     mkdir -p $out/bin
     for currentPath in ${lib.concatStringsSep " " buildInputs}; do
         echo Symlinking "$currentPath"
+        find $currentPath/share/info $currentPath/share/man $(echo $currentPath/texmf*/) -type d | while read; do
+            REPLY="''${REPLY#$currentPath}"
+            mkdir -p $out/"$REPLY"
+	done
         find $currentPath/share/info $currentPath/share/man $(echo $currentPath/texmf*/) ! -type d | while read; do
             REPLY="''${REPLY#$currentPath}"
-            mkdir -p $out/"$(dirname "$REPLY")"
             ln -fs $currentPath/"$REPLY" $out/"$REPLY"
             echo
-        done | while read; do head -n 99 >/dev/null; echo -n .; done
+        done | while read; do head -n 999 >/dev/null; echo -n .; done
 
         for i in "$currentPath/bin/"* :; do
             test "$i" != : || continue
@@ -31,8 +35,8 @@ rec {
 
     ln -s $out/texmf* $out/share/
 
-    rm -r $out/texmf-config
-    find $out/texmf/ -type d | while read; do
+    rm -rf $out/texmf-config
+    find $out/texmf*/ -type d | while read; do
       REPLY="''${REPLY#$out/texmf}"
       mkdir -p $out/texmf-config/"$REPLY"
     done
@@ -45,9 +49,10 @@ rec {
         chmod a+x $out/bin/$(basename $i)
     done
 
-    rm $out/texmf*/ls-R
+    rm -f $out/texmf*/ls-R
     for i in web2c texconfig fonts/map; do
-        cp -Lr $out/texmf/$i/* $out/texmf-config/$i || true
+        mkdir -p $out/texmf-config/$i 
+        cp -Lr $out/texmf*/$i/* $out/texmf-config/$i || true
     done
     chmod -R u+w $out/texmf-config
 
diff --git a/pkgs/tools/typesetting/tex/texlive/cm-super.nix b/pkgs/tools/typesetting/tex/texlive/cm-super.nix
index e23b39368507..4d161c3e0536 100644
--- a/pkgs/tools/typesetting/tex/texlive/cm-super.nix
+++ b/pkgs/tools/typesetting/tex/texlive/cm-super.nix
@@ -10,16 +10,16 @@ rec {
   doCopy = fullDepEntry (''
     mkdir -p $out/share/
 
-    mkdir -p $out/texmf/fonts/enc
-    mkdir -p $out/texmf/fonts/map
-    mkdir -p $out/texmf/fonts/type1/public/cm-super
-    cp pfb/*.pfb $out/texmf/fonts/type1/public/cm-super
-    mkdir -p $out/texmf/dvips/cm-super
-    cp dvips/*.{map,enc}  $out/texmf/dvips/cm-super
-    cp dvips/*.enc  $out/texmf/fonts/enc
-    cp dvips/*.map  $out/texmf/fonts/map
-    mkdir -p $out/texmf/dvipdfm/config
-    cp dvipdfm/*.map  $out/texmf/dvipdfm/config
+    mkdir -p $out/texmf-dist/fonts/enc
+    mkdir -p $out/texmf-dist/fonts/map
+    mkdir -p $out/texmf-dist/fonts/type1/public/cm-super
+    cp pfb/*.pfb $out/texmf-dist/fonts/type1/public/cm-super
+    mkdir -p $out/texmf-dist/dvips/cm-super
+    cp dvips/*.{map,enc}  $out/texmf-dist/dvips/cm-super
+    cp dvips/*.enc  $out/texmf-dist/fonts/enc
+    cp dvips/*.map  $out/texmf-dist/fonts/map
+    mkdir -p $out/texmf-dist/dvipdfm/config
+    cp dvipdfm/*.map  $out/texmf-dist/dvipdfm/config
 
     ln -s $out/texmf* $out/share/
   '') ["minInit" "doUnpack" "defEnsureDir" "addInputs"];
diff --git a/pkgs/tools/typesetting/tex/texlive/context.nix b/pkgs/tools/typesetting/tex/texlive/context.nix
index a7161cea4c1b..c0c702cd4189 100644
--- a/pkgs/tools/typesetting/tex/texlive/context.nix
+++ b/pkgs/tools/typesetting/tex/texlive/context.nix
@@ -11,8 +11,8 @@ rec {
   doCopy = fullDepEntry (''
     mkdir -p $out/share/
 
-    mkdir -p $out/texmf
-    cp -r * $out/texmf
+    mkdir -p $out/texmf-dist
+    cp -r * $out/texmf-dist
 
     ln -s $out/texmf* $out/share/
   '') ["minInit" "doUnpack" "defEnsureDir" "addInputs"];
diff --git a/pkgs/tools/typesetting/tex/texlive/default.nix b/pkgs/tools/typesetting/tex/texlive/default.nix
index 820d6f7038fb..9119ded9c136 100644
--- a/pkgs/tools/typesetting/tex/texlive/default.nix
+++ b/pkgs/tools/typesetting/tex/texlive/default.nix
@@ -1,18 +1,18 @@
 args : with args;
 rec {
   src = fetchurl {
-    url = mirror://debian/pool/main/t/texlive-bin/texlive-bin_2012.20120628.orig.tar.xz;
-    sha256 = "0k94df3lfvghngzdzi2d4fz2z0gs8iglz7h3w2lxvlhiwwpmx601";
+    url = mirror://debian/pool/main/t/texlive-bin/texlive-bin_2013.20130729.30972.orig.tar.xz;
+    sha256 = "1idgyim6r4bi3id245k616qrdarfh65xv3gi2psarqqmsw504yhd";
   };
 
   texmfSrc = fetchurl {
-    url = mirror://debian/pool/main/t/texlive-base/texlive-base_2012.20120611.orig.tar.xz;
-    sha256 = "116zm0qdq9rd4vakhd2py9q7lq3ihspc7hy33bh8wy5v1rgiqsm6";
+    url = mirror://debian/pool/main/t/texlive-base/texlive-base_2013.20130918.orig.tar.xz;
+    sha256 = "0h7x49zsd2gs8fr28f4h04dv5m8p2mpgqxk2vvl5xlf4wwxxbm2p";
   };
 
   langTexmfSrc = fetchurl {
-    url = mirror://debian/pool/main/t/texlive-lang/texlive-lang_2012.20120611.orig.tar.xz;
-    sha256 = "0zh9svszfkbjx72i7sa9gg0gak93wf05845mxpjv56h8qwk4bffv";
+    url = mirror://debian/pool/main/t/texlive-lang/texlive-lang_2013.20131010.orig.tar.xz;
+    sha256 = "17wfd2qmyafv74ac3ssy9aga12g09l2q0r1p19fb4vvs0wrkwzbz";
   };
 
   setupHook = ./setup-hook.sh;
@@ -34,6 +34,8 @@ rec {
     sed -e 's@\<env python@${python}/bin/python@' -i $(grep 'env python' -rl . )
 
     sed -e '/ubidi_open/i#include <unicode/urename.h>' -i $(find . -name configure)
+    sed -e 's/-lttf/-lfreetype/' -i $(find . -name configure)
+
     sed -e s@ncurses/curses.h@curses.h@g -i $(grep ncurses/curses.h -rl . )
     sed -e '1i\#include <string.h>\n\#include <stdlib.h>' -i $( find libs/teckit -name '*.cpp' -o -name '*.c' )
 
@@ -44,7 +46,7 @@ rec {
     cd Work
   '' ) [ "minInit" "doUnpack" "addInputs" "defEnsureDir" ];
 
-  doPostInstall = fullDepEntry( ''
+  promoteLibexec = fullDepEntry (''
     mkdir -p $out/libexec/
     mv $out/bin $out/libexec/$(uname -m)
     mkdir -p $out/bin
@@ -61,13 +63,15 @@ rec {
           rm "$out/libexec/$(basename "$i")"
       fi;
     done
+  '') ["doMakeInstall"];
 
-    [ -d $out/texmf-config ] || ln -s $out/texmf $out/texmf-config
-    ln -s -v "$out/"*texmf* "$out/share/" || true
-
-    sed -e 's/.*pyhyph.*/=&/' -i $out/texmf-config/tex/generic/config/language.dat
+  doPostInstall = fullDepEntry( ''
+    cp -r "$out/"texmf* "$out/share/" || true
+    rm -rf "$out"/texmf*
+    [ -d $out/share/texmf-config ] || ln -s $out/share/texmf-dist $out/share/texmf-config
+    ln -s "$out"/share/texmf* "$out"/
 
-    PATH=$PATH:$out/bin mktexlsr $out/texmf*
+    PATH=$PATH:$out/bin mktexlsr $out/share/texmf*
 
     HOME=. PATH=$PATH:$out/bin updmap-sys --syncwithtrees
 
@@ -80,25 +84,37 @@ rec {
     #
     # I find it acceptable, hence the "|| true".
     echo "building format files..."
-    mkdir -p "$out/texmf-var/web2c"
+    mkdir -p "$out/share/texmf-var/web2c"
+    ln -sf "$out"/out/share/texmf* "$out"/
     PATH="$PATH:$out/bin" fmtutil-sys --all || true
 
-    PATH=$PATH:$out/bin mktexlsr $out/texmf*
+    PATH=$PATH:$out/bin mktexlsr $out/share/texmf*
   '' + stdenv.lib.optionalString stdenv.isDarwin ''
     for prog in $out/bin/*; do
       wrapProgram "$prog" --prefix DYLD_LIBRARY_PATH : "${poppler}/lib"
     done
-  '' ) [ "minInit" "defEnsureDir" "doUnpack" "doMakeInstall" ];
+  '' ) [ "minInit" "defEnsureDir" "doUnpack" "doMakeInstall" "promoteLibexec" "patchShebangsInterim"];
+
+  patchShebangsInterimBin = doPatchShebangs ''$out/bin/'';
+  patchShebangsInterimLibexec = doPatchShebangs ''$out/libexec/'';
+  patchShebangsInterimShareTexmfDist = doPatchShebangs ''$out/share/texmf-dist/scripts/'';
+  patchShebangsInterimTexmfDist = doPatchShebangs ''$out/texmf-dist/scripts/'';
+
+  patchShebangsInterim = fullDepEntry ("") ["patchShebangsInterimBin" 
+    "patchShebangsInterimLibexec" "patchShebangsInterimTexmfDist" 
+    "patchShebangsInterimShareTexmfDist"];
 
   buildInputs = [ zlib bzip2 ncurses libpng flex bison libX11.out libICE xproto
     freetype t1lib gd libXaw icu ghostscript ed libXt libXpm libXmu libXext
     xextproto perl libSM ruby expat curl libjpeg python fontconfig xz pkgconfig
-    poppler silgraphite lesstif zziplib ]
+    poppler graphite2 lesstif zziplib harfbuzz texinfo ]
     ++ stdenv.lib.optionals stdenv.isDarwin [ makeWrapper ];
 
   configureFlags = [ "--with-x11" "--enable-ipc" "--with-mktexfmt"
     "--enable-shared" "--disable-native-texlive-build" "--with-system-zziplib"
-    "--with-system-libgs" "--with-system-t1lib" "--with-system-freetype2" ]
+    "--with-system-libgs" "--with-system-t1lib" "--with-system-freetype2" 
+    "--with-system-freetype=no" "--disable-ttf2pk" "--enable-ttf2pk2"
+    ]
     ++ ( if stdenv.isDarwin
          # ironically, couldn't get xetex compiling on darwin
          then [ "--disable-xetex" "--disable-xdv2pdf" "--disable-xdvipdfmx" ]
@@ -107,7 +123,7 @@ rec {
 
   phaseNames = [ "addInputs" "doMainBuild" "doMakeInstall" "doPostInstall" ];
 
-  name = "texlive-core-2012";
+  name = "texlive-core-2013";
 
   meta = with stdenv.lib; {
     description = "A TeX distribution";
diff --git a/pkgs/tools/typesetting/tex/texlive/extra.nix b/pkgs/tools/typesetting/tex/texlive/extra.nix
index 180019bb205f..6613578e2c67 100644
--- a/pkgs/tools/typesetting/tex/texlive/extra.nix
+++ b/pkgs/tools/typesetting/tex/texlive/extra.nix
@@ -1,9 +1,9 @@
 args: with args;
 rec {
-  name = "texlive-extra-2012";
+  name = "texlive-extra-2013";
   src = fetchurl {
-    url = mirror://debian/pool/main/t/texlive-extra/texlive-extra_2012.20120611.orig.tar.xz;
-    sha256 = "1wn2gwifb5ww6nb15zdbkk5yz5spynvwqscvrgxzb84p0z3hy8dq";
+    url = mirror://debian/pool/main/t/texlive-extra/texlive-extra_2013.20131010.orig.tar.xz;
+    sha256 = "1wciyjwp0swny22amwcnr6vvdwjy423856q7c3l1sd5b31xfbc18";
   };
 
   buildInputs = [texLive xz];
diff --git a/pkgs/tools/typesetting/tex/texlive/moderncv.nix b/pkgs/tools/typesetting/tex/texlive/moderncv.nix
index 28329cff9167..0ce1afbb41b3 100644
--- a/pkgs/tools/typesetting/tex/texlive/moderncv.nix
+++ b/pkgs/tools/typesetting/tex/texlive/moderncv.nix
@@ -10,9 +10,9 @@ rec {
   buildInputs = [texLive unzip];
   phaseNames = ["doCopy"];
   doCopy = fullDepEntry (''
-    mkdir -p $out/texmf/tex/latex/moderncv $out/texmf/doc $out/share
-    mv *.cls *.sty $out/texmf/tex/latex/moderncv/
-    mv examples $out/texmf/doc/moderncv
+    mkdir -p $out/texmf-dist/tex/latex/moderncv $out/texmf-dist/doc $out/share
+    mv *.cls *.sty $out/texmf-dist/tex/latex/moderncv/
+    mv examples $out/texmf-dist/doc/moderncv
     ln -s $out/texmf* $out/share/
   '') ["minInit" "addInputs" "doUnpack" "defEnsureDir"];
 
diff --git a/pkgs/tools/typesetting/tex/texlive/moderntimeline.nix b/pkgs/tools/typesetting/tex/texlive/moderntimeline.nix
index d129cc62020e..4cb93794edfe 100644
--- a/pkgs/tools/typesetting/tex/texlive/moderntimeline.nix
+++ b/pkgs/tools/typesetting/tex/texlive/moderntimeline.nix
@@ -13,9 +13,9 @@ rec {
   buildInputs = [texLive unzip];
   phaseNames = ["doCopy"];
   doCopy = fullDepEntry (''
-    mkdir -p $out/texmf/tex/latex/moderntimeline $out/texmf/doc/moderntimeline $out/share
-    mv *.dtx *.ins $out/texmf/tex/latex/moderntimeline/
-    mv *.pdf $out/texmf/doc/moderntimeline/
+    mkdir -p $out/texmf-dist/tex/latex/moderntimeline $out/texmf-dist/doc/moderntimeline $out/share
+    mv *.dtx *.ins $out/texmf-dist/tex/latex/moderntimeline/
+    mv *.pdf $out/texmf-dist/doc/moderntimeline/
     ln -s $out/texmf* $out/share/
   '') ["minInit" "addInputs" "doUnpack" "defEnsureDir"];
 
diff --git a/pkgs/tools/typesetting/tex/texlive/pgf.nix b/pkgs/tools/typesetting/tex/texlive/pgf.nix
index 1f7abc126c3a..b46229e98285 100644
--- a/pkgs/tools/typesetting/tex/texlive/pgf.nix
+++ b/pkgs/tools/typesetting/tex/texlive/pgf.nix
@@ -14,8 +14,8 @@ rec {
   phaseNames = ["doCopy"];
   doCopy = fullDepEntry (''
     mkdir -p $out/share/
-    mkdir -p $out/texmf/tex/generic/pgf
-    cp -r * $out/texmf/tex/generic/pgf
+    mkdir -p $out/texmf-dist/tex/generic/pgf
+    cp -r * $out/texmf-dist/tex/generic/pgf
     ln -s $out/texmf* $out/share/
   '') ["minInit" "doUnpack" "defEnsureDir" "addInputs"];
 
diff --git a/pkgs/tools/typesetting/tex/texlive/xcolor.nix b/pkgs/tools/typesetting/tex/texlive/xcolor.nix
index e59a58ce9b26..892734afe461 100644
--- a/pkgs/tools/typesetting/tex/texlive/xcolor.nix
+++ b/pkgs/tools/typesetting/tex/texlive/xcolor.nix
@@ -12,11 +12,11 @@ rec {
     export HOME=$PWD
     mkdir -p $out/share/
 
-    mkdir -p $out/texmf/tex/latex/xcolor
-    mkdir -p $out/texmf/dvips/xcolor
+    mkdir -p $out/texmf-dist/tex/latex/xcolor
+    mkdir -p $out/texmf-dist/dvips/xcolor
     latex xcolor.ins 
-    cp *.sty *.def $out/texmf/tex/latex/xcolor
-    cp *.pro $out/texmf/dvips/xcolor
+    cp *.sty *.def $out/texmf-dist/tex/latex/xcolor
+    cp *.pro $out/texmf-dist/dvips/xcolor
 
     #latex xcolor.dtx
     #latex xcolor.dtx
@@ -25,8 +25,8 @@ rec {
     #latex xcolor.dtx
 
     rm *.sty *.pro *.ins *.def *.dtx
-    mkdir -p $out/texmf/doc/latex-xcolor
-    cp *  $out/texmf/doc/latex-xcolor
+    mkdir -p $out/texmf-dist/doc/latex-xcolor
+    cp *  $out/texmf-dist/doc/latex-xcolor
 
     ln -s $out/texmf* $out/share/
   '') ["minInit" "doUnpack" "defEnsureDir" "addInputs"];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 050ba7a4fad1..3889c77b90cd 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -46,7 +46,7 @@ let config_ = config; platform_ = platform; in # rename the function arguments
 
 let
 
-  lib = import ../lib;
+  lib = import ../../lib;
 
   # The contents of the configuration file found at $NIXPKGS_CONFIG or
   # $HOME/.nixpkgs/config.nix.
@@ -267,6 +267,12 @@ let
     inherit (pkgs) runCommand perl;
   };
 
+  buildFHSChrootEnv = import ../build-support/build-fhs-chrootenv {
+    inherit stdenv glibc glibcLocales gcc coreutils diffutils findutils;
+    inherit gnused gnugrep gnutar gzip bzip2 bashInteractive xz shadow gawk;
+    inherit less buildEnv;
+  };
+
   dotnetenv = import ../build-support/dotnetenv {
     inherit stdenv;
     dotnetfx = dotnetfx40;
@@ -375,7 +381,7 @@ let
     inherit pkgs;
   };
 
-  composableDerivation = (import ../lib/composable-derivation.nix) {
+  composableDerivation = (import ../../lib/composable-derivation.nix) {
     inherit pkgs lib;
   };
 
@@ -389,6 +395,8 @@ let
   acoustidFingerprinter = callPackage
     ../tools/audio/acoustid-fingerprinter { };
 
+  actdiag = pythonPackages.actdiag;
+
   aefs = callPackage ../tools/filesystems/aefs { };
 
   aespipe = callPackage ../tools/security/aespipe { };
@@ -403,6 +411,8 @@ let
 
   archivemount = callPackage ../tools/filesystems/archivemount { };
 
+  arandr = callPackage ../tools/X11/arandr { };
+
   arduino_core = callPackage ../development/arduino/arduino-core {
     jdk = jdk;
     jre = jdk;
@@ -487,6 +497,10 @@ let
 
   autojump = callPackage ../tools/misc/autojump { };
 
+  autorandr = callPackage ../tools/misc/autorandr {
+    inherit (xorg) xrandr xdpyinfo;
+  };
+
   avahi = callPackage ../development/libraries/avahi {
     qt4Support = config.avahi.qt4Support or false;
   };
@@ -513,6 +527,8 @@ let
 
   bfr = callPackage ../tools/misc/bfr { };
 
+  blockdiag = pythonPackages.blockdiag;
+
   bmon = callPackage ../tools/misc/bmon { };
 
   boomerang = callPackage ../development/tools/boomerang {
@@ -533,12 +549,16 @@ let
 
   catdoc = callPackage ../tools/text/catdoc { };
 
+  ditaa = callPackage ../tools/graphics/ditaa { };
+
   dlx = callPackage ../misc/emulators/dlx { };
 
   eggdrop = callPackage ../tools/networking/eggdrop { };
 
   enca = callPackage ../tools/text/enca { };
 
+  fop = callPackage ../tools/typesetting/fop { };
+
   mcrl = callPackage ../tools/misc/mcrl { };
 
   mcrl2 = callPackage ../tools/misc/mcrl2 { };
@@ -550,12 +570,22 @@ let
 
   mcelog = callPackage ../os-specific/linux/mcelog { };
 
-  asciidoc = callPackage ../tools/typesetting/asciidoc { };
+  asciidoc = callPackage ../tools/typesetting/asciidoc {
+    inherit (pythonPackages) matplotlib numpy aafigure recursivePthLoader;
+    enableStandardFeatures = false;
+  };
+
+  asciidocFull = appendToName "full" (asciidoc.override {
+    inherit (pythonPackages) pygments;
+    enableStandardFeatures = true;
+  });
 
   autossh = callPackage ../tools/networking/autossh { };
 
   bacula = callPackage ../tools/backup/bacula { };
 
+  bgs = callPackage ../tools/X11/bgs { };
+
   bibtextools = callPackage ../tools/typesetting/bibtex-tools {
     inherit (strategoPackages016) strategoxt sdf;
   };
@@ -625,10 +655,14 @@ let
 
   ciopfs = callPackage ../tools/filesystems/ciopfs { };
 
+  colord = callPackage ../tools/misc/colord { };
+
   colordiff = callPackage ../tools/text/colordiff { };
 
   connect = callPackage ../tools/networking/connect { };
 
+  conspy = callPackage ../os-specific/linux/conspy {};
+
   convertlit = callPackage ../tools/text/convertlit { };
 
   collectd = callPackage ../tools/system/collectd { };
@@ -657,11 +691,7 @@ let
 
   convmv = callPackage ../tools/misc/convmv { };
 
-  coreutils = (if stdenv.isDarwin then
-      # 8.20 doesn't build on Darwin
-      callPackage ../tools/misc/coreutils/8.19.nix
-    else
-      callPackage ../tools/misc/coreutils)
+  coreutils = callPackage ../tools/misc/coreutils
     {
       # TODO: Add ACL support for cross-Linux.
       aclSupport = crossSystem == null && stdenv.isLinux;
@@ -684,6 +714,11 @@ let
     scpSupport = zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin;
   };
 
+  curl3 = callPackage ../tools/networking/curl/7.15.nix rec {
+    zlibSupport = true;
+    sslSupport = zlibSupport;
+  };
+
   cunit = callPackage ../tools/misc/cunit { };
 
   curlftpfs = callPackage ../tools/filesystems/curlftpfs { };
@@ -798,10 +833,17 @@ let
 
   encfs = callPackage ../tools/filesystems/encfs { };
 
-  enscript = callPackage ../tools/text/enscript { };
+  enscript = callPackage ../tools/text/enscript {
+    # fix syntax errors
+    stdenv = if stdenv.isDarwin
+      then clangStdenv
+      else stdenv;
+  };
 
   ethtool = callPackage ../tools/misc/ethtool { };
 
+  ettercap = callPackage ../applications/networking/sniffers/ettercap { };
+
   euca2ools = callPackage ../tools/virtualization/euca2ools { pythonPackages = python26Packages; };
 
   evtest = callPackage ../applications/misc/evtest { };
@@ -856,6 +898,8 @@ let
     withX11 = true;
   };
 
+  forktty = callPackage ../os-specific/linux/forktty {};
+
   fortune = callPackage ../tools/misc/fortune { };
 
   fox = callPackage ../development/libraries/fox/default.nix {
@@ -936,9 +980,7 @@ let
 
   gnupatch = callPackage ../tools/text/gnupatch { };
 
-  gnupg1orig = callPackage ../tools/security/gnupg1 {
-    ideaSupport = false;
-  };
+  gnupg1orig = callPackage ../tools/security/gnupg1 { };
 
   gnupg1compat = callPackage ../tools/security/gnupg1compat { };
 
@@ -1009,7 +1051,7 @@ let
 
   gtmess = callPackage ../applications/networking/instant-messengers/gtmess { };
 
-  gummiboot = callPackage ../tools/misc/gummiboot { };
+  gummiboot = callPackage ../tools/misc/gummiboot { stdenv = overrideGCC stdenv gcc47; };
 
   gupnp = callPackage ../development/libraries/gupnp {
     inherit (gnome) libsoup;
@@ -1027,6 +1069,8 @@ let
 
   gzip = callPackage ../tools/compression/gzip { };
 
+  gzrt = callPackage ../tools/compression/gzrt { };
+
   partclone = callPackage ../tools/backup/partclone { };
 
   partimage = callPackage ../tools/backup/partimage { };
@@ -1035,6 +1079,8 @@ let
 
   haproxy = callPackage ../tools/networking/haproxy { };
 
+  haveged = callPackage ../tools/security/haveged { };
+
   hardlink = callPackage ../tools/system/hardlink { };
 
   halibut = callPackage ../tools/typesetting/halibut { };
@@ -1220,7 +1266,7 @@ let
 
   memtest86 = callPackage ../tools/misc/memtest86 { };
 
-  memtest86plus = callPackage ../tools/misc/memtest86/plus.nix { };
+  memtest86plus = callPackage ../tools/misc/memtest86+ { };
 
   meo = callPackage ../tools/security/meo { };
 
@@ -1236,6 +1282,8 @@ let
 
   mdbtools_git = callPackage ../tools/misc/mdbtools/git.nix { };
 
+  megacli = callPackage ../tools/misc/megacli { };
+
   megatools = callPackage ../tools/networking/megatools { };
 
   minecraft = callPackage ../games/minecraft { };
@@ -1315,6 +1363,8 @@ let
 
   nbd = callPackage ../tools/networking/nbd { };
 
+  netatalk = callPackage ../tools/filesystems/netatalk { };
+
   netcdf = callPackage ../development/libraries/netcdf { };
 
   nc6 = callPackage ../tools/networking/nc6 { };
@@ -1331,6 +1381,8 @@ let
 
   netcat = callPackage ../tools/networking/netcat { };
 
+  netcat-openbsd = callPackage ../tools/networking/netcat-openbsd { };
+
   netkittftp = callPackage ../tools/networking/netkit/tftp { };
 
   netpbm = callPackage ../tools/graphics/netpbm { };
@@ -1355,6 +1407,8 @@ let
 
   newsbeuter = callPackage ../applications/networking/feedreaders/newsbeuter { };
 
+  ngrok = callPackage ../tools/misc/ngrok { };
+
   mpack = callPackage ../tools/networking/mpack { };
 
   pa_applet = callPackage ../tools/audio/pa-applet { };
@@ -1384,6 +1438,8 @@ let
 
   nssmdns = callPackage ../tools/networking/nss-mdns { };
 
+  nwdiag = pythonPackages.nwdiag;
+
   nylon = callPackage ../tools/networking/nylon { };
 
   nzbget = callPackage ../tools/networking/nzbget { };
@@ -1520,6 +1576,8 @@ let
 
   pk2cmd = callPackage ../tools/misc/pk2cmd { };
 
+  plantuml = callPackage ../tools/misc/plantuml { };
+
   plan9port = callPackage ../tools/system/plan9port { };
 
   ploticus = callPackage ../tools/graphics/ploticus {
@@ -1538,8 +1596,12 @@ let
     libpng = libpng12;
   };
 
+  pngquant = callPackage ../tools/graphics/pngquant { };
+
   podiff = callPackage ../tools/text/podiff { };
 
+  poedit = callPackage ../tools/text/poedit { };
+
   polipo = callPackage ../servers/polipo { };
 
   polkit_gnome = callPackage ../tools/security/polkit-gnome { };
@@ -1554,6 +1616,8 @@ let
 
   pptp = callPackage ../tools/networking/pptp {};
 
+  prey-bash-client = callPackage ../tools/security/prey { };
+
   proxychains = callPackage ../tools/networking/proxychains { };
 
   proxytunnel = callPackage ../tools/misc/proxytunnel { };
@@ -1684,12 +1748,14 @@ let
 
   sdcv = callPackage ../applications/misc/sdcv { };
 
-  seccure = callPackage ../tools/security/seccure/0.4.nix { };
+  seccure = callPackage ../tools/security/seccure { };
 
   setserial = builderDefsPackage (import ../tools/system/setserial) {
     inherit groff;
   };
 
+  seqdiag = pythonPackages.seqdiag;
+
   sg3_utils = callPackage ../tools/system/sg3_utils { };
 
   sharutils = callPackage ../tools/archivers/sharutils { };
@@ -1750,6 +1816,8 @@ let
 
   sshfsFuse = callPackage ../tools/filesystems/sshfs-fuse { };
 
+  sshuttle = callPackage ../tools/security/sshuttle { };
+
   sudo = callPackage ../tools/security/sudo { };
 
   suidChroot = builderDefsPackage (import ../tools/system/suid-chroot) { };
@@ -1827,6 +1895,8 @@ let
 
   ttf2pt1 = callPackage ../tools/misc/ttf2pt1 { };
 
+  ttysnoop = callPackage ../os-specific/linux/ttysnoop {};
+
   twitterBootstrap = callPackage ../development/web/twitter-bootstrap {};
 
   txt2man = callPackage ../tools/misc/txt2man { };
@@ -1846,6 +1916,8 @@ let
   unoconv = callPackage ../tools/text/unoconv { };
 
   upx = callPackage ../tools/compression/upx { };
+ 
+  urlview = callPackage ../applications/misc/urlview {};
 
   usbmuxd = callPackage ../tools/misc/usbmuxd {};
 
@@ -1897,6 +1969,8 @@ let
 
   htmlTidy = callPackage ../tools/text/html-tidy { };
 
+  html-xml-utils = callPackage ../tools/text/xml/html-xml-utils { };
+
   tftp_hpa = callPackage ../tools/networking/tftp-hpa {};
 
   tigervnc = callPackage ../tools/admin/tigervnc {
@@ -2093,6 +2167,7 @@ let
   zip = callPackage ../tools/archivers/zip { };
 
   zpaq = callPackage ../tools/archivers/zpaq { };
+  zpaqd = callPackage ../tools/archivers/zpaq/zpaqd.nix { };
 
   zsync = callPackage ../tools/compression/zsync { };
 
@@ -2136,6 +2211,8 @@ let
 
   aspectj = callPackage ../development/compilers/aspectj { };
 
+  ats2 = callPackage ../development/compilers/ats2 { };
+
   avra = callPackage ../development/compilers/avra { };
 
   bigloo = callPackage ../development/compilers/bigloo { };
@@ -2686,7 +2763,11 @@ let
 
   go_1_0 = callPackage ../development/compilers/go { };
 
-  go_1_1 = callPackage ../development/compilers/go/1.1.nix { };
+  go_1_1 =
+    if stdenv.isDarwin then
+      callPackage ../development/compilers/go/1.1-darwin.nix { }
+    else
+      callPackage ../development/compilers/go/1.1.nix { };
 
   go = go_1_1;
 
@@ -2798,6 +2879,8 @@ let
 
   ocaml_4_00_1 = callPackage ../development/compilers/ocaml/4.00.1.nix { };
 
+  ocaml_4_01_0 = callPackage ../development/compilers/ocaml/4.01.0.nix { };
+
   orc = callPackage ../development/compilers/orc { };
 
   metaocaml_3_09 = callPackage ../development/compilers/ocaml/metaocaml-3.09.nix { };
@@ -2956,6 +3039,8 @@ let
     boost = boost149; # sdcc 3.2.0 fails to build with boost 1.53
   };
 
+  smlnj = callPackage_i686 ../development/compilers/smlnj { };
+
   stalin = callPackage ../development/compilers/stalin { };
 
   strategoPackages = recurseIntoAttrs strategoPackages018;
@@ -3094,6 +3179,8 @@ let
 
   j = callPackage ../development/interpreters/j {};
 
+  jmeter = callPackage ../applications/networking/jmeter {};
+
   kaffe = callPackage ../development/interpreters/kaffe { };
 
   kona = callPackage ../development/interpreters/kona {};
@@ -3101,9 +3188,10 @@ let
   love = callPackage ../development/interpreters/love {};
 
   lua4 = callPackage ../development/interpreters/lua-4 { };
-  lua5 = callPackage ../development/interpreters/lua-5 { };
   lua5_0 = callPackage ../development/interpreters/lua-5/5.0.3.nix { };
   lua5_1 = callPackage ../development/interpreters/lua-5/5.1.nix { };
+  lua5_2 = callPackage ../development/interpreters/lua-5/5.2.nix { };
+  lua5 = lua5_1;
 
   luarocks = callPackage ../development/tools/misc/luarocks {
      lua = lua5;
@@ -3190,6 +3278,8 @@ let
 
   pythonLinkmeWrapper = callPackage ../development/interpreters/python/python-linkme-wrapper.nix { };
 
+  pypi2nix = python27Packages.pypi2nix;
+
   pyrex = pyrex095;
 
   pyrex095 = callPackage ../development/interpreters/pyrex/0.9.5.nix { };
@@ -3662,6 +3752,8 @@ let
 
   simpleBuildTool = callPackage ../development/tools/build-managers/simple-build-tool { };
 
+  slimerjs = callPackage ../development/tools/slimerjs {};
+
   sloccount = callPackage ../development/tools/misc/sloccount { };
 
   smatch = callPackage ../development/tools/analysis/smatch {
@@ -3724,6 +3816,8 @@ let
 
   valkyrie = callPackage ../development/tools/analysis/valkyrie { };
 
+  xc3sprog = callPackage ../development/tools/misc/xc3sprog { };
+
   xxdiff = callPackage ../development/tools/misc/xxdiff { };
 
   yacc = bison;
@@ -3918,8 +4012,7 @@ let
 
   db48 = callPackage ../development/libraries/db4/db4-4.8.nix { };
 
-  dbus = let dbus_all = callPackage ../development/libraries/dbus { };
-    in dbus_all.libs // dbus_all; # previously dbus.libs also contained the daemon
+  dbus = callPackage ../development/libraries/dbus { };
   dbus_cplusplus  = callPackage ../development/libraries/dbus-cplusplus { };
   dbus_glib       = callPackage ../development/libraries/dbus-glib { };
   dbus_java       = callPackage ../development/libraries/java/dbus-java { };
@@ -4048,6 +4141,8 @@ let
 
   gav = callPackage ../games/gav { };
 
+  gsb = callPackage ../games/gsb { };
+
   gdome2 = callPackage ../development/libraries/gdome2 {
     inherit (gnome) gtkdoc;
   };
@@ -4065,6 +4160,10 @@ let
 
   geoclue = callPackage ../development/libraries/geoclue {};
 
+  geoclue2 = callPackage ../development/libraries/geoclue/2.0.nix {
+    libsoup = libsoup_2_40;
+  };
+
   geoip = builderDefsPackage ../development/libraries/geoip {
     inherit zlib;
   };
@@ -4254,12 +4353,16 @@ let
 
   gnonlin = callPackage ../development/libraries/gstreamer/gnonlin {};
 
+  gusb = callPackage ../development/libraries/gusb {
+    inherit (gnome) gtkdoc;
+  };
+
   qt_gstreamer = callPackage ../development/libraries/gstreamer/qt-gstreamer {};
 
   gnet = callPackage ../development/libraries/gnet { };
 
-  gnu_efi = callPackage ../development/libraries/gnu-efi {
-    stdenv = overrideInStdenv stdenv [gnumake381];
+  gnu-efi = callPackage ../development/libraries/gnu-efi {
+    stdenv = overrideGCC stdenv gcc47;
   };
 
   gnutls = callPackage ../development/libraries/gnutls {
@@ -4270,6 +4373,10 @@ let
     guileBindings = config.gnutls.guile or true;
   };
 
+  gnutls32 = callPackage ../development/libraries/gnutls/3.2.nix {
+    guileBindings = config.gnutls.guile or true;
+  };
+
   gnutls_without_guile = lowPrio (gnutls.override { guileBindings = false; });
   gnutls2_without_guile = lowPrio (gnutls2.override { guileBindings = false; });
 
@@ -4372,6 +4479,8 @@ let
 
   gts = callPackage ../development/libraries/gts { };
 
+  gurobi = callPackage ../development/libraries/gurobi {};
+
   gvfs = callPackage ../development/libraries/gvfs { };
 
   gwenhywfar = callPackage ../development/libraries/gwenhywfar { };
@@ -4381,7 +4490,10 @@ let
 
   heimdal = callPackage ../development/libraries/kerberos/heimdal.nix { };
 
-  harfbuzz = callPackage ../development/libraries/harfbuzz { };
+  harfbuzz = callPackage ../development/libraries/harfbuzz {
+    icu = null;
+    graphite2 = null;
+  };
 
   hawknl = callPackage ../development/libraries/hawknl { };
 
@@ -4463,6 +4575,8 @@ let
 
   json_c = callPackage ../development/libraries/json-c { };
 
+  jsoncpp = callPackage ../development/libraries/jsoncpp { };
+
   libjson = callPackage ../development/libraries/libjson { };
 
   judy = callPackage ../development/libraries/judy { };
@@ -4762,6 +4876,8 @@ let
     libtool = libtool_1_5;
   };
 
+  libjson_rpc_cpp = callPackage ../development/libraries/libjson-rpc-cpp { };
+
   libkate = callPackage ../development/libraries/libkate { };
 
   libksba = callPackage ../development/libraries/libksba { };
@@ -4815,6 +4931,8 @@ let
 
   libmusicbrainz = libmusicbrainz3;
 
+  libnet = callPackage ../development/libraries/libnet { };
+
   libnetfilter_conntrack = callPackage ../development/libraries/libnetfilter_conntrack { };
 
   libnetfilter_queue = callPackage ../development/libraries/libnetfilter_queue { };
@@ -4887,7 +5005,10 @@ let
     stdenv = if stdenv.isDarwin then overrideGCC stdenv gccApple else stdenv;
   };
 
+  libsodium = callPackage ../development/libraries/libsodium { };
+
   libsoup = callPackage ../development/libraries/libsoup { };
+  libsoup_2_40 = callPackage ../development/libraries/libsoup/2.40.nix { };
 
   libssh = callPackage ../development/libraries/libssh { };
 
@@ -4909,7 +5030,14 @@ let
 
   libtommath = callPackage ../development/libraries/libtommath { };
 
-  libtorrentRasterbar = callPackage ../development/libraries/libtorrent-rasterbar { };
+  libtorrentRasterbar = callPackage ../development/libraries/libtorrent-rasterbar {
+    # fix "unrecognized option -arch" error
+    stdenv = if stdenv.isDarwin
+      then clangStdenv
+      else stdenv;
+  };
+
+  libtoxcore = callPackage ../development/libraries/libtoxcore { };
 
   libtunepimp = callPackage ../development/libraries/libtunepimp { };
 
@@ -4925,6 +5053,8 @@ let
 
   libungif = callPackage ../development/libraries/giflib/libungif.nix { };
 
+  libunibreak = callPackage ../development/libraries/libunibreak/default.nix { };
+
   libunique = callPackage ../development/libraries/libunique/default.nix { };
 
   liburcu = callPackage ../development/libraries/liburcu { };
@@ -4957,12 +5087,7 @@ let
 
   libvisual = callPackage ../development/libraries/libvisual { };
 
-  libvncserver = builderDefsPackage (import ../development/libraries/libvncserver) {
-    inherit libtool libjpeg openssl zlib;
-    inherit (xlibs) xproto libX11 damageproto libXdamage
-      libXext xextproto fixesproto libXfixes xineramaproto
-      libXinerama libXrandr randrproto libXtst;
-  };
+  libvncserver = callPackage ../development/libraries/libvncserver {};
 
   libviper = callPackage ../development/libraries/libviper { };
 
@@ -5007,14 +5132,15 @@ let
 
   libxslt = callPackage ../development/libraries/libxslt { };
 
-  libxtc_dxtn = callPackage ../development/libraries/libxtc_dxtn { };
-
   libixp_for_wmii = lowPrio (import ../development/libraries/libixp_for_wmii {
     inherit fetchurl stdenv;
   });
 
   libyaml = callPackage ../development/libraries/libyaml { };
 
+  libyamlcpp = callPackage ../development/libraries/libyaml-cpp { };
+  libyamlcpp03 = callPackage ../development/libraries/libyaml-cpp/0.3.x.nix { };
+
   libzip = callPackage ../development/libraries/libzip { };
 
   libzrtpcpp = callPackage ../development/libraries/libzrtpcpp { };
@@ -5091,6 +5217,10 @@ let
 
   minmay = callPackage ../development/libraries/minmay { };
 
+  miro = callPackage ../applications/video/miro {
+    inherit (pythonPackages) pywebkitgtk pysqlite pycurl mutagen;
+  };
+
   mkvtoolnix = callPackage ../applications/video/mkvtoolnix { };
 
   mlt = callPackage ../development/libraries/mlt {
@@ -5276,8 +5406,7 @@ let
 
   policykit = callPackage ../development/libraries/policykit { };
 
-  poppler = let popplers = callPackage ../development/libraries/poppler { lcms = lcms2; };
-    in popplers // popplers.poppler_glib;
+  poppler = callPackage ../development/libraries/poppler { lcms = lcms2; };
   popplerQt4 = poppler.poppler_qt4;
 
   poppler_0_18 = callPackage ../development/libraries/poppler/0.18.nix {
@@ -5298,6 +5427,8 @@ let
 
   portaudioSVN = callPackage ../development/libraries/portaudio/svn-head.nix { };
 
+  portmidi = callPackage ../development/libraries/portmidi {};
+
   prison = callPackage ../development/libraries/prison { };
 
   proj = callPackage ../development/libraries/proj { };
@@ -5434,9 +5565,23 @@ let
 
   SDL_ttf = callPackage ../development/libraries/SDL_ttf { };
 
+  SDL2 = callPackage ../development/libraries/SDL2 {
+    openglSupport = mesaSupported;
+    alsaSupport = true;
+    x11Support = true;
+    pulseaudioSupport = false; # better go through ALSA
+  };
+
+  SDL2_image = callPackage ../development/libraries/SDL2_image { };
+
+  SDL2_mixer = callPackage ../development/libraries/SDL2_mixer { };
+
+  SDL2_gfx = callPackage ../development/libraries/SDL2_gfx { };
+
   serd = callPackage ../development/libraries/serd {};
 
   silgraphite = callPackage ../development/libraries/silgraphite {};
+  graphite2 = callPackage ../development/libraries/silgraphite/graphite2.nix {};
 
   simgear = callPackage ../development/libraries/simgear { };
 
@@ -5490,26 +5635,15 @@ let
 
   srtp_linphone = callPackage ../development/libraries/srtp/linphone.nix { };
 
-  sqlite_3_7_16 = lowPrio (callPackage ../development/libraries/sqlite/3.7.16.nix {
+  sqlite = lowPrio (callPackage ../development/libraries/sqlite {
     readline = null;
     ncurses = null;
   });
 
-  sqlite_3_7_14 = lowPrio (callPackage ../development/libraries/sqlite/3.7.14.nix {
-    readline = null;
-    ncurses = null;
-  });
-
-  sqlite = sqlite_3_7_16;
-
   sqliteInteractive = appendToName "interactive" (sqlite.override {
     inherit readline ncurses;
   });
 
-  sqliteFull = lowPrio (callPackage ../development/libraries/sqlite/3.7.9-full.nix {
-    inherit readline ncurses;
-  });
-
   stfl = callPackage ../development/libraries/stfl {
     stdenv = if stdenv.isDarwin
       then overrideGCC stdenv gccApple
@@ -5623,8 +5757,7 @@ let
       inherit (gnome) gtkdoc libsoup;
       inherit pkgconfig libtool intltool autoconf automake gperf bison flex
         libjpeg libpng libtiff libxml2 libxslt sqlite icu curl
-        which libproxy geoclue enchant python ruby perl
-        mesa xlibs;
+        which libproxy geoclue enchant python ruby perl mesa xlibs;
       inherit gstreamer gst_plugins_base gst_ffmpeg gst_plugins_good;
     };
 
@@ -5634,8 +5767,7 @@ let
       inherit (gnome) gtkdoc libsoup;
       inherit pkgconfig libtool intltool autoconf automake gperf bison flex
         libjpeg libpng libtiff libxml2 libxslt sqlite icu curl
-        which libproxy geoclue enchant python ruby perl
-        mesa xlibs;
+        which libproxy geoclue enchant python ruby perl mesa xlibs;
       inherit gstreamer gst_plugins_base gst_ffmpeg gst_plugins_good;
     };
 
@@ -5796,6 +5928,17 @@ let
 
   jquery_ui = callPackage ../development/libraries/javascript/jquery-ui { };
 
+  ### DEVELOPMENT / LISP MODULES
+
+  asdf = callPackage ../development/lisp-modules/asdf {};
+  clwrapperFunction = callPackage ../development/lisp-modules/clwrapper;
+  wrapLisp = lisp: clwrapperFunction {lisp=lisp;};
+  lispPackagesFor = clwrapper: callPackage ../development/lisp-modules/lisp-packages.nix{
+    inherit clwrapper;
+  };
+  lispPackagesClisp = lispPackagesFor (wrapLisp clisp);
+  lispPackagesSBCL = lispPackagesFor (wrapLisp sbcl);
+  lispPackages = recurseIntoAttrs lispPackagesSBCL;
 
   ### DEVELOPMENT / PERL MODULES
 
@@ -5941,6 +6084,14 @@ let
 
   ZopeInterface = pythonPackages.zope_interface;
 
+  ### DEVELOPMENT / R MODULES
+
+  buildRPackage = import ../development/r-modules/generic R;
+
+  rPackages = recurseIntoAttrs (import ./r-packages.nix {
+    inherit pkgs;
+    __overrides = (config.rPackageOverrides or (p: {})) pkgs;
+  });
 
   ### SERVERS
 
@@ -5962,6 +6113,8 @@ let
 
   bind = callPackage ../servers/dns/bind { };
 
+  bird = callPackage ../servers/bird { };
+
   couchdb = callPackage ../servers/http/couchdb {
     spidermonkey = spidermonkey_185;
   };
@@ -6027,6 +6180,8 @@ let
 
   lighttpd = callPackage ../servers/http/lighttpd { };
 
+  mailman = callPackage ../servers/mail/mailman { };
+
   mediatomb = callPackage ../servers/mediatomb {
     ffmpeg = ffmpeg_0_6_90;
   };
@@ -6087,22 +6242,12 @@ let
 
   riak = callPackage ../servers/nosql/riak/1.3.1.nix { };
 
-  mysql4 = import ../servers/sql/mysql {
-    inherit fetchurl stdenv ncurses zlib perl;
-    ps = procps; /* !!! Linux only */
-  };
-
-  mysql5 = import ../servers/sql/mysql5 {
-    inherit fetchurl stdenv ncurses zlib perl openssl;
-    ps = procps; /* !!! Linux only */
-  };
-
-  mysql51 = import ../servers/sql/mysql51 {
+  mysql51 = import ../servers/sql/mysql/5.1.x.nix {
     inherit fetchurl ncurses zlib perl openssl stdenv;
     ps = procps; /* !!! Linux only */
   };
 
-  mysql55 = callPackage ../servers/sql/mysql55 { };
+  mysql55 = callPackage ../servers/sql/mysql/5.5.x.nix { };
 
   mysql = mysql51;
 
@@ -6150,6 +6295,8 @@ let
     inherit xmpppy python makeWrapper fetchcvs;
   };
 
+  qpid-cpp = callPackage ../servers/amqp/qpid-cpp { };
+
   rabbitmq_server = callPackage ../servers/amqp/rabbitmq-server { };
 
   radius = callPackage ../servers/radius { };
@@ -6206,7 +6353,11 @@ let
 
   axis2 = callPackage ../servers/http/tomcat/axis2 { };
 
-  virtuoso = callPackage ../servers/sql/virtuoso { };
+  virtuoso6 = callPackage ../servers/sql/virtuoso/6.x.nix { };
+
+  virtuoso7 = callPackage ../servers/sql/virtuoso/7.x.nix { };
+
+  virtuoso = virtuoso6;
 
   vsftpd = callPackage ../servers/ftp/vsftpd { };
 
@@ -6363,6 +6514,8 @@ let
 
   fxload = callPackage ../os-specific/linux/fxload { };
 
+  gfxtablet = callPackage ../os-specific/linux/gfxtablet {};
+
   gpm = callPackage ../servers/gpm { };
 
   hdparm = callPackage ../os-specific/linux/hdparm { };
@@ -6457,9 +6610,27 @@ let
       ];
   };
 
+  # Note: grsec is not enabled automatically, you need to specify which kernel
+  # config options you need (e.g. by overriding extraConfig). See list of options here:
+  # https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options
   linux_3_2_grsecurity = lowPrio (lib.overrideDerivation (linux_3_2.override (args: {
-    kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_2_9_1_3_2_50 ];
-  })) (args: { makeFlags = "DISABLE_PAX_PLUGINS=y";}));
+    kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_2_9_1_3_2_52 ];
+  })) (args: {
+    # Install gcc plugins. These are needed for compiling dependant packages.
+    postInstall = ''
+      ${args.postInstall or ""}
+      cp tools/gcc/*.so $out/lib/modules/$version/build/tools/gcc/
+    '';
+    # Apparently as of gcc 4.6, gcc-plugin headers (which are needed by PaX plugins)
+    # include libgmp headers, so we need these extra tweaks
+    buildInputs = args.buildInputs ++ [ gmp ];
+    preConfigure = ''
+      ${args.preConfigure or ""}
+      sed -i 's|-I|-I${gmp}/include -I|' scripts/gcc-plugin.sh
+      sed -i 's|HOST_EXTRACFLAGS +=|HOST_EXTRACFLAGS += -I${gmp}/include|' tools/gcc/Makefile
+      sed -i 's|HOST_EXTRACXXFLAGS +=|HOST_EXTRACXXFLAGS += -I${gmp}/include|' tools/gcc/Makefile
+    '';
+  }));
 
   linux_3_2_apparmor = lowPrio (linux_3_2.override {
     kernelPatches = [ kernelPatches.apparmor_3_2 ];
@@ -6534,6 +6705,19 @@ let
       ];
   };
 
+  linux_3_12 = makeOverridable (import ../os-specific/linux/kernel/linux-3.12.nix) {
+    inherit fetchurl stdenv perl mktemp bc kmod ubootChooser;
+    kernelPatches =
+      [
+        kernelPatches.sec_perm_2_6_24
+      ] ++ lib.optionals (platform.kernelArch == "mips")
+      [ kernelPatches.mips_fpureg_emu
+        kernelPatches.mips_fpu_sigill
+        kernelPatches.mips_ext3_n32
+      ];
+  };
+
+
   /* Linux kernel modules are inherently tied to a specific kernel.  So
      rather than provide specific instances of those packages for a
      specific kernel, we have a function that builds those packages
@@ -6587,6 +6771,8 @@ let
 
     broadcom_sta = callPackage ../os-specific/linux/broadcom-sta/default.nix { };
 
+    broadcom_sta6 = callPackage ../os-specific/linux/broadcom-sta-v6/default.nix { };
+
     nvidia_x11 = callPackage ../os-specific/linux/nvidia-x11 { };
 
     nvidia_x11_legacy96 = callPackage ../os-specific/linux/nvidia-x11/legacy96.nix { };
@@ -6603,11 +6789,6 @@ let
       linuxHeaders = glibc.kernelHeaders;
     };
 
-    splashutils = let hasFbConDecor = if self.kernel ? features
-      then self.kernel.features ? fbConDecor
-      else self.kernel.config.isEnabled "FB_CON_DECOR";
-    in if hasFbConDecor then pkgs.splashutils else null;
-
     /* compiles but has to be integrated into the kernel somehow
        Let's have it uncommented and finish it..
     */
@@ -6649,6 +6830,7 @@ let
   linuxPackages_3_0 = recurseIntoAttrs (linuxPackagesFor linux_3_0 linuxPackages_3_0);
   linuxPackages_3_2 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_2 linuxPackages_3_2);
   linuxPackages_3_2_apparmor = linuxPackagesFor pkgs.linux_3_2_apparmor linuxPackages_3_2_apparmor;
+  linuxPackages_3_2_grsecurity = linuxPackagesFor pkgs.linux_3_2_grsecurity linuxPackages_3_2_grsecurity;
   linuxPackages_3_2_xen = linuxPackagesFor pkgs.linux_3_2_xen linuxPackages_3_2_xen;
   linuxPackages_3_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_4 linuxPackages_3_4);
   linuxPackages_3_4_apparmor = linuxPackagesFor pkgs.linux_3_4_apparmor linuxPackages_3_4_apparmor;
@@ -6656,6 +6838,7 @@ let
   linuxPackages_3_9 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_9 linuxPackages_3_9);
   linuxPackages_3_10 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_10 linuxPackages_3_10);
   linuxPackages_3_11 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_11 linuxPackages_3_11);
+  linuxPackages_3_12 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_12 linuxPackages_3_12);
   # Update this when adding a new version!
   linuxPackages_latest = pkgs.linuxPackages_3_11;
 
@@ -6722,8 +6905,6 @@ let
 
   module_init_tools = callPackage ../os-specific/linux/module-init-tools { };
 
-  mountall = callPackage ../os-specific/linux/mountall { };
-
   aggregateModules = modules:
     callPackage ../os-specific/linux/kmod/aggregator.nix {
       inherit modules;
@@ -6812,8 +6993,6 @@ let
 
   shadow = callPackage ../os-specific/linux/shadow { };
 
-  splashutils = callPackage ../os-specific/linux/splashutils/default.nix { };
-
   statifier = builderDefsPackage (import ../os-specific/linux/statifier) { };
 
   sysfsutils = callPackage ../os-specific/linux/sysfsutils { };
@@ -6830,6 +7009,15 @@ let
 
   systemd = callPackage ../os-specific/linux/systemd { };
 
+  # In nixos, you can set systemd.package = pkgs.systemd_with_lvm2 to get
+  # LVM2 working in systemd.
+  systemd_with_lvm2 = pkgs.lib.overrideDerivation pkgs.systemd (p: {
+      name = p.name + "-with-lvm2";
+      postInstall = p.postInstall + ''
+        cp "${pkgs.lvm2}/lib/systemd/system-generators/"* $out/lib/systemd/system-generators
+      '';
+  });
+
   sysvinit = callPackage ../os-specific/linux/sysvinit { };
 
   sysvtools = callPackage ../os-specific/linux/sysvinit {
@@ -6877,11 +7065,13 @@ let
   udisks2 = callPackage ../os-specific/linux/udisks/2-default.nix { };
   udisks = udisks1;
 
+  udisks_glue = callPackage ../os-specific/linux/udisks-glue { };
+
   untie = callPackage ../os-specific/linux/untie { };
 
   upower = callPackage ../os-specific/linux/upower {
     libusb1 = callPackage ../development/libraries/libusb1/1_0_9.nix {};
-    };
+  };
 
   upstart = callPackage ../os-specific/linux/upstart { };
 
@@ -7186,6 +7376,8 @@ let
 
   arora = callPackage ../applications/networking/browsers/arora { };
 
+  aseprite = callPackage ../applications/editors/aseprite { };
+
   audacious = callPackage ../applications/audio/audacious { };
 
   audacity = callPackage ../applications/audio/audacity { };
@@ -7393,6 +7585,8 @@ let
 
   dvswitch = callPackage ../applications/video/dvswitch { };
 
+  dwb = callPackage ../applications/networking/browsers/dwb { };
+
   dwm = callPackage ../applications/window-managers/dwm {
     patches = config.dwm.patches or [];
   };
@@ -7430,17 +7624,16 @@ let
     # use override to enable additional features
     libXaw = if stdenv.isDarwin then xlibs.libXaw else null;
     Xaw3d = null;
-    gtk = if stdenv.isDarwin then null else gtk;
     gconf = null;
     librsvg = null;
     alsaLib = null;
     imagemagick = null;
     texinfo = texinfo5;
 
-    # use gccApple on darwin to deal with: unexec: 'my_edata is not in section
-    # __data'
+    # use clangStdenv on darwin to deal with: unexec: 'my_edata is not in
+    # section __data'
     stdenv = if stdenv.isDarwin
-      then stdenvAdapters.overrideGCC stdenv gccApple
+      then clangStdenv
       else stdenv;
   };
 
@@ -7580,6 +7773,8 @@ let
 
   fbpanel = callPackage ../applications/window-managers/fbpanel { };
 
+  fbreader = callPackage ../applications/misc/fbreader { };
+
   fetchmail = import ../applications/misc/fetchmail {
     inherit stdenv fetchurl openssl;
   };
@@ -7588,12 +7783,18 @@ let
 
   fossil = callPackage ../applications/version-management/fossil { };
 
+  fribid = callPackage ../applications/networking/browsers/mozilla-plugins/fribid { };
+
   fvwm = callPackage ../applications/window-managers/fvwm { };
 
   geany = callPackage ../applications/editors/geany { };
 
   goldendict = callPackage ../applications/misc/goldendict { };
 
+  google-musicmanager = callPackage ../applications/audio/google-musicmanager { };
+
+  gpicview = callPackage ../applications/graphics/gpicview { };
+
   grass = import ../applications/misc/grass {
     inherit (xlibs) libXmu libXext libXp libX11 libXt libSM libICE libXpm
       libXaw libXrender;
@@ -7612,6 +7813,8 @@ let
     inherit (gnome) libgnome libgnomeui vte;
   };
 
+  gtimelog = pythonPackages.gtimelog;
+
   guitarix = callPackage ../applications/audio/guitarix {
     fftw = fftwSinglePrec;
   };
@@ -7892,6 +8095,8 @@ let
 
   ii = callPackage ../applications/networking/irc/ii { };
 
+  ike = callPackage ../applications/ike { };
+
   ikiwiki = callPackage ../applications/misc/ikiwiki {
     inherit (perlPackages) TextMarkdown URI HTMLParser HTMLScrubber
       HTMLTemplate TimeDate CGISession DBFile CGIFormBuilder LocaleGettext
@@ -8100,6 +8305,10 @@ let
 
   mirage = callPackage ../applications/graphics/mirage {};
 
+  mixxx = callPackage ../applications/audio/mixxx {
+    inherit (vamp) vampSDK;
+  };
+
   mmex = callPackage ../applications/office/mmex { };
 
   monkeysAudio = callPackage ../applications/audio/monkeys-audio { };
@@ -8126,7 +8335,6 @@ let
   };
 
   mopidy = callPackage ../applications/audio/mopidy { };
-  mopidy_git = callPackage ../applications/audio/mopidy/git.nix { };
 
   mozilla = callPackage ../applications/networking/browsers/mozilla {
     inherit (gnome) libIDL;
@@ -8147,6 +8355,8 @@ let
 
   mpg321 = callPackage ../applications/audio/mpg321 { };
 
+  mpc_cli = callPackage ../applications/audio/mpc { };
+
   ncmpcpp = callPackage ../applications/audio/ncmpcpp { };
 
   normalize = callPackage ../applications/audio/normalize { };
@@ -8191,23 +8401,18 @@ let
 
   smplayer = callPackage ../applications/video/smplayer { };
 
-  sup = callPackage ../applications/networking/mailreaders/sup {
-    ruby = ruby19;
+  sup = with rubyLibs; callPackage ../applications/networking/mailreaders/sup {
+    ruby = ruby19.override {
+      cursesSupport = true;
+    };
+
+    inherit gettext highline iconv locale lockfile mime_types rmail_sup text
+      trollop unicode xapian_ruby which;
 
-    chronic = rubyLibs.chronic;
-    gettext = rubyLibs.gettext;
-    gpgme = ruby_gpgme;
-    highline = rubyLibs.highline;
-    iconv = rubyLibs.iconv;
-    locale = rubyLibs.locale;
-    lockfile = rubyLibs.lockfile;
-    mime_types = rubyLibs.mime_types;
+    chronic      = chronic_0_9_1;
+    gpgme        = ruby_gpgme;
     ncursesw_sup = ruby_ncursesw_sup;
-    rake = rubyLibs.rake_10_1_0;
-    rmail = rubyLibs.rmail;
-    text = rubyLibs.text;
-    trollop = rubyLibs.trollop;
-    xapian_ruby = rubyLibs.xapian_ruby;
+    rake         = rake_10_1_0;
   };
 
   msmtp = callPackage ../applications/networking/msmtp { };
@@ -8331,6 +8536,8 @@ let
 
   pidginsipe = callPackage ../applications/networking/instant-messengers/pidgin-plugins/sipe { };
 
+  toxprpl = callPackage ../applications/networking/instant-messengers/pidgin-plugins/tox-prpl { };
+
   pinfo = callPackage ../applications/misc/pinfo { };
 
   pinta = callPackage ../applications/graphics/pinta {
@@ -8405,6 +8612,8 @@ let
     enableCopyDevicesPatch = (config.rsync.enableCopyDevicesPatch or false);
   };
 
+  rubyripper = callPackage ../applications/audio/rubyripper {};
+
   rxvt = callPackage ../applications/misc/rxvt { };
 
   # = urxvt
@@ -8447,6 +8656,8 @@ let
 
   skype_call_recorder = callPackage ../applications/networking/instant-messengers/skype-call-recorder { };
 
+  ssvnc = callPackage ../applications/networking/remote/ssvnc { };
+
   st = callPackage ../applications/misc/st {
     conf = config.st.conf or null;
   };
@@ -8510,10 +8721,7 @@ let
 
   stalonetray = callPackage ../applications/window-managers/stalonetray {};
 
-  stumpwm = builderDefsPackage (import ../applications/window-managers/stumpwm) {
-    inherit texinfo;
-    clisp = clisp_2_44_1;
-  };
+  stumpwm = lispPackages.stumpwm;
 
   sublime = callPackage ../applications/editors/sublime { };
 
@@ -8610,10 +8818,10 @@ let
     wrapPython = pythonPackages.wrapPython;
   };
 
-  # This builds the gtk client
-  transmission_260 = callPackage ../applications/networking/p2p/transmission/2.60.nix { };
+  toxic = callPackage ../applications/networking/instant-messengers/toxic { };
 
   transmission = callPackage ../applications/networking/p2p/transmission { };
+  transmission_gtk = transmission.override { enableGTK3 = true; };
 
   transmission_remote_gtk = callPackage ../applications/networking/p2p/transmission-remote-gtk {};
 
@@ -8699,6 +8907,7 @@ let
   virtviewer = callPackage ../applications/virtualization/virt-viewer {};
   virtmanager = callPackage ../applications/virtualization/virt-manager {
     inherit (gnome) gnome_python;
+    vte = gnome.vte.override { pythonSupport = true; };
   };
 
   virtinst = callPackage ../applications/virtualization/virtinst {};
@@ -8727,7 +8936,10 @@ let
     graphicsSupport = false;
   };
 
-  weechat = callPackage ../applications/networking/irc/weechat { };
+  weechat = callPackage ../applications/networking/irc/weechat {
+    # weechat crashes on /exit when using gnutls 3.1.x. gnutls 3.2.x works.
+    gnutls = gnutls32;
+  };
 
   weston = callPackage ../applications/window-managers/weston {
     cairo = cairo.override {
@@ -8780,7 +8992,7 @@ let
       enableGnash = cfg.enableGnash or false;
     in
     import ../applications/networking/browsers/firefox/wrapper.nix {
-      inherit stdenv makeWrapper makeDesktopItem browser browserName desktopName nameSuffix icon;
+      inherit stdenv lib makeWrapper makeDesktopItem browser browserName desktopName nameSuffix icon;
       plugins =
          assert !(enableGnash && enableAdobeFlash);
          ([ ]
@@ -8791,6 +9003,7 @@ let
           ++ lib.optional (cfg.enableGeckoMediaPlayer or false) gecko_mediaplayer
           ++ lib.optional (supportsJDK && cfg.jre or false && jrePlugin ? mozillaPlugin) jrePlugin
           ++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin
+          ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
          );
       libs =
         if cfg.enableQuakeLive or false
@@ -8817,6 +9030,8 @@ let
 
   xbmc = callPackage ../applications/video/xbmc { };
 
+  xca = callPackage ../applications/misc/xca { };
+
   xcalib = callPackage ../tools/X11/xcalib { };
 
   xcape = callPackage ../tools/X11/xcape { };
@@ -8976,7 +9191,17 @@ let
 
   drumkv1 = callPackage ../applications/audio/drumkv1 { };
 
-  dwarf_fortress = callPackage_i686 ../games/dwarf-fortress { };
+  dwarf_fortress = callPackage_i686 ../games/dwarf-fortress {
+    SDL_image = pkgsi686Linux.SDL_image.override {
+      libpng = pkgsi686Linux.libpng12;
+    };
+  };
+
+  dwarf_fortress_modable = appendToName "moddable" (dwarf_fortress.override {
+    copyDataDirectory = true;
+  });
+
+  dwarf-therapist = callPackage ../games/dwarf-therapist { };
 
   d1x_rebirth = callPackage ../games/d1x-rebirth { };
 
@@ -8997,6 +9222,11 @@ let
 
   freeciv = callPackage ../games/freeciv { };
 
+  freeciv_gtk = callPackage ../games/freeciv {
+    gtkClient = true;
+    sdlClient = false;
+  };
+
   freedink = callPackage ../games/freedink { };
 
   fsg = callPackage ../games/fsg {
@@ -9078,8 +9308,14 @@ let
 
   quake3game = callPackage ../games/quake3/game { };
 
+  quantumminigolf = callPackage ../games/quantumminigolf {};
+
   racer = callPackage ../games/racer { };
 
+  residualvm = callPackage ../games/residualvm { 
+    openglSupport = mesaSupported; 
+  };
+
   rigsofrods = callPackage ../games/rigsofrods {
     mygui = myguiSvn;
   };
@@ -9098,6 +9334,8 @@ let
 
   scorched3d = callPackage ../games/scorched3d { };
 
+  sdlmame = callPackage ../games/sdlmame { };
+
   sgtpuzzles = builderDefsPackage (import ../games/sgt-puzzles) {
     inherit pkgconfig fetchsvn perl gtk;
     inherit (xlibs) libX11;
@@ -9118,6 +9356,10 @@ let
 
   steam = callPackage_i686 ../games/steam {};
 
+  steamChrootEnv = callPackage_i686 ../games/steam/chrootenv.nix {
+    zenity = gnome2.zenity;
+  };
+
   stuntrally = callPackage ../games/stuntrally { };
 
   superTux = callPackage ../games/super-tux { };
@@ -9243,14 +9485,6 @@ let
 
   kde4 = recurseIntoAttrs pkgs.kde410;
 
-  kde48 = kdePackagesFor (pkgs.kde48 // {
-      boost = boost149;
-      eigen = eigen2;
-      libotr = libotr_3_2;
-      libgphoto2 = libgphoto2_4;
-      libcanberra = libcanberra_kde;
-    }) ../desktops/kde-4.8;
-
   kde410 = kdePackagesFor (pkgs.kde410 // {
       boost = boost149;
       eigen = eigen2;
@@ -9300,6 +9534,8 @@ let
         else
           callPackage ../applications/graphics/digikam { };
 
+      eventlist = callPackage ../applications/office/eventlist {};
+
       k3b = callPackage ../applications/misc/k3b { };
 
       kadu = callPackage ../applications/networking/instant-messengers/kadu { };
@@ -9328,6 +9564,8 @@ let
 
       konversation = callPackage ../applications/networking/irc/konversation { };
 
+      kvirc = callPackage ../applications/networking/irc/kvirc { };
+
       krename = callPackage ../applications/misc/krename { };
 
       krusader = callPackage ../applications/misc/krusader { };
@@ -9388,6 +9626,9 @@ let
   redshift = callPackage ../applications/misc/redshift {
     inherit (xorg) libX11 libXrandr libxcb randrproto libXxf86vm
       xf86vidmodeproto;
+    inherit (gnome) GConf;
+    inherit (pythonPackages) pyxdg;
+    geoclue = geoclue2;
   };
 
   oxygen_gtk = callPackage ../misc/themes/gtk2/oxygen-gtk { };
@@ -9469,6 +9710,8 @@ let
 
   pal2nal = callPackage ../applications/science/biology/pal2nal { };
 
+  plink = callPackage ../applications/science/biology/plink/default.nix { };
+
 
   ### SCIENCE/MATH
 
@@ -9494,6 +9737,7 @@ let
 
   openblas = callPackage ../development/libraries/science/math/openblas { };
 
+  mathematica = callPackage ../applications/science/math/mathematica { };
 
   ### SCIENCE/MOLECULAR-DYNAMICS
 
@@ -9620,6 +9864,10 @@ let
 
   pari = callPackage ../applications/science/math/pari {};
 
+  pspp = callPackage ../applications/science/math/pssp {
+    inherit (gnome) libglade gtksourceview;
+  };
+
   R = callPackage ../applications/science/math/R {
     inherit (xlibs) libX11 libXt;
     texLive = texLiveAggregationFun { paths = [ texLive texLiveExtra ]; };
@@ -9641,6 +9889,11 @@ let
 
   yacas = callPackage ../applications/science/math/yacas { };
 
+  speedcrunch = callPackage ../applications/science/math/speedcrunch {
+    qt = qt4;
+    cmake = cmakeCurses;
+  };
+
 
   ### SCIENCE / MISC
 
@@ -9679,7 +9932,13 @@ let
 
   dbacl = callPackage ../tools/misc/dbacl { };
 
-  dblatex = callPackage ../tools/typesetting/tex/dblatex { };
+  dblatex = callPackage ../tools/typesetting/tex/dblatex {
+    enableAllFeatures = false;
+  };
+
+  dblatexFull = appendToName "full" (dblatex.override {
+    enableAllFeatures = true;
+  });
 
   dosbox = callPackage ../misc/emulators/dosbox { };
 
@@ -9762,6 +10021,8 @@ let
 
   nixops = callPackage ../tools/package-management/nixops { };
 
+  nix-repl = callPackage ../tools/package-management/nix-repl { };
+
   nut = callPackage ../applications/misc/nut { };
 
   solfege = callPackage ../misc/solfege {
@@ -9862,11 +10123,14 @@ let
 
   texLive = builderDefsPackage (import ../tools/typesetting/tex/texlive) {
     inherit builderDefs zlib bzip2 ncurses libpng ed lesstif ruby
-      gd t1lib freetype icu perl expat curl xz pkgconfig zziplib
-      libjpeg bison python fontconfig flex poppler silgraphite makeWrapper;
+      gd t1lib freetype icu perl expat curl xz pkgconfig zziplib texinfo
+      libjpeg bison python fontconfig flex poppler graphite2 makeWrapper;
     inherit (xlibs) libXaw libX11 xproto libXt libXpm
       libXmu libXext xextproto libSM libICE;
     ghostscript = ghostscriptX;
+    harfbuzz = harfbuzz.override {
+      inherit icu graphite2;
+    };
   };
 
   texLiveFull = lib.setName "texlive-full" (texLiveAggregationFun {
@@ -9889,7 +10153,7 @@ let
   */
   texLiveAggregationFun = params:
     builderDefsPackage (import ../tools/typesetting/tex/texlive/aggregate.nix)
-      ({inherit poppler makeWrapper;} // params);
+      ({inherit poppler perl makeWrapper;} // params);
 
   texDisser = callPackage ../tools/typesetting/tex/disser {};
 
@@ -9947,7 +10211,9 @@ let
   VisualBoyAdvance = callPackage ../misc/emulators/VisualBoyAdvance { };
 
   # Wine cannot be built in 64-bit; use a 32-bit build instead.
-  wine = callPackage_i686 ../misc/emulators/wine { };
+  wineStable = callPackage_i686 ../misc/emulators/wine/stable.nix { };
+  wineUnstable = lowPrio (callPackage_i686 ../misc/emulators/wine/unstable.nix { });
+  wine = wineStable;
 
   # winetricks is a shell script with no binary components. Safe to just use the current platforms
   # build instead of the i686 specific build.
@@ -9997,6 +10263,10 @@ let
 
   znc = callPackage ../applications/networking/znc { };
 
+  zncModules = recurseIntoAttrs (
+    callPackage ../applications/networking/znc/modules.nix { }
+  );
+
   zsnes = callPackage_i686 ../misc/emulators/zsnes {
     libpng = libpng12;
   };
diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix
index e38fff602424..be07da47393d 100644
--- a/pkgs/top-level/haskell-packages.nix
+++ b/pkgs/top-level/haskell-packages.nix
@@ -58,7 +58,12 @@
 #
 # For most packages, however, we keep only one version, and use default.nix.
 
-{pkgs, newScope, ghc, prefFun, enableLibraryProfiling ? false, modifyPrio ? (x : x)}:
+{ pkgs, newScope, ghc, prefFun, modifyPrio ? (x : x)
+, enableLibraryProfiling ? false
+, enableSharedLibraries ? false
+, enableSharedExecutables ? false
+, enableCheckPhase ? pkgs.stdenv.lib.versionOlder "7.4" ghc.version
+}:
 
 # We redefine callPackage to take into account the new scope. The optional
 # modifyPrio argument can be set to lowPrio to make all Haskell packages have
@@ -91,16 +96,6 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
     ghc = ghc; # refers to ghcPlain
   };
 
-  # The normal GHC wrapper doesn't create links to the documentation in
-  # ~/.nix-profile. Having this second wrapper allows us to remedy the
-  # situation without re-building all Haskell packages. At the next
-  # stdenv-updates merge, this second wrapper will go away.
-
-  ghcUserEnvWrapper = pkgs.appendToName "new" (callPackage ../development/compilers/ghc/wrapper.nix {
-    ghc = ghc; # refers to ghcPlain
-    forUserEnv = true;
-  });
-
   # An experimental wrapper around ghcPlain that does not automatically
   # pick up packages from the profile, but instead has a fixed set of packages
   # in its global database. The set of packages can be specified as an
@@ -115,8 +110,11 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   # packages. It isn't the Cabal library, which is spelled "Cabal".
 
   cabal = callPackage ../build-support/cabal {
-    enableLibraryProfiling = enableLibraryProfiling;
-    enableCheckPhase = pkgs.stdenv.lib.versionOlder "7.4" self.ghc.ghcVersion;
+    inherit enableLibraryProfiling;
+    inherit enableSharedLibraries;
+    inherit enableSharedExecutables;
+    inherit enableCheckPhase;
+    glibcLocales = if pkgs.stdenv.isLinux then pkgs.glibcLocales else null;
   };
 
   # A variant of the cabal build driver that disables unit testing.
@@ -143,20 +141,20 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
     inherit (self) cabal ghc;
     async        = self.async_2_0_1_4;
     attoparsec   = self.attoparsec_0_10_4_0;
-    caseInsensitive = self.caseInsensitive_1_1;
+    caseInsensitive = self.caseInsensitive_1_1_0_1;
     cgi          = self.cgi_3001_1_7_5;
     fgl          = self.fgl_5_4_2_4;
-    GLUT         = self.GLUT_2_4_0_0;
-    GLURaw       = self.GLURaw_1_3_0_0;
+    GLUT         = self.GLUT_2_5_0_1;
+    GLURaw       = self.GLURaw_1_4_0_0;
     haskellSrc   = self.haskellSrc_1_0_1_5;
-    hashable     = self.hashable_1_2_0_10;
+    hashable     = self.hashable_1_2_1_0;
     html         = self.html_1_0_1_2;
     HTTP         = self.HTTP_4000_2_8;
     HUnit        = self.HUnit_1_2_5_2;
     mtl          = self.mtl_2_1_2;
-    network      = self.network_2_4_1_2;
-    OpenGL       = self.OpenGL_2_8_0_0;
-    OpenGLRaw    = self.OpenGLRaw_1_3_0_0;
+    network      = self.network_2_4_2_0;
+    OpenGL       = self.OpenGL_2_9_1_0;
+    OpenGLRaw    = self.OpenGLRaw_1_4_0_0;
     parallel     = self.parallel_3_2_0_3;
     parsec       = self.parsec_3_1_3;
     QuickCheck   = self.QuickCheck_2_6;
@@ -169,15 +167,15 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
     syb          = self.syb_0_4_1;
     text         = self.text_0_11_3_1;
     transformers = null;                        # this has become a core package in GHC 7.7
-    unorderedContainers = self.unorderedContainers_0_2_3_2;
-    vector       = self.vector_0_10_0_1;
+    unorderedContainers = self.unorderedContainers_0_2_3_3;
+    vector       = self.vector_0_10_9_1;
     xhtml        = self.xhtml_3000_2_1;
     zlib         = self.zlib_0_5_4_1;
-    cabalInstall = self.cabalInstall_1_18_0_1;
-    alex         = self.alex_3_0_5;
+    cabalInstall = self.cabalInstall_1_18_0_2;
+    alex         = self.alex_3_1_0;
     haddock      = self.haddock_2_13_2;
-    happy        = self.happy_1_18_10;
-    primitive    = self.primitive_0_5_0_1;      # semi-official, but specified
+    happy        = self.happy_1_19_0;
+    primitive    = self.primitive_0_5_1_0;      # semi-official, but specified
   };
 
   haskellPlatformArgs_2013_2_0_0 = self : {
@@ -524,12 +522,16 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   aeson = callPackage ../development/libraries/haskell/aeson {};
 
+  aesonPretty = callPackage ../development/libraries/haskell/aeson-pretty {};
+
   alternativeIo = callPackage ../development/libraries/haskell/alternative-io {};
 
   alsaCore = callPackage ../development/libraries/haskell/alsa-core {};
 
   alsaPcm = callPackage ../development/libraries/haskell/alsa-pcm {};
 
+  amqp = callPackage ../development/libraries/haskell/amqp {};
+
   appar = callPackage ../development/libraries/haskell/appar {};
 
   ansiTerminal = callPackage ../development/libraries/haskell/ansi-terminal {};
@@ -595,6 +597,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   bindingsDSL = callPackage ../development/libraries/haskell/bindings-DSL {};
 
+  bindingsLibusb = callPackage ../development/libraries/haskell/bindings-libusb {
+    libusb = pkgs.libusb1;
+  };
+
   bindingsPosix = callPackage ../development/libraries/haskell/bindings-posix {};
 
   bitarray = callPackage ../development/libraries/haskell/bitarray {};
@@ -653,7 +659,7 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   Cabal_1_14_0 = callPackage ../development/libraries/haskell/Cabal/1.14.0.nix { cabal = self.cabal.override { Cabal = null; }; };
   Cabal_1_16_0_3 = callPackage ../development/libraries/haskell/Cabal/1.16.0.3.nix { cabal = self.cabal.override { Cabal = null; }; };
-  Cabal_1_18_0 = callPackage ../development/libraries/haskell/Cabal/1.18.0.nix {
+  Cabal_1_18_1_2 = callPackage ../development/libraries/haskell/Cabal/1.18.1.2.nix {
     cabal = self.cabal.override { Cabal = null; };
     deepseq = self.deepseq_1_3_0_1;
   };
@@ -671,8 +677,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   carray = callPackage ../development/libraries/haskell/carray {};
 
   caseInsensitive_1_0_0_1 = callPackage ../development/libraries/haskell/case-insensitive/1.0.0.1.nix {};
-  caseInsensitive_1_1 = callPackage ../development/libraries/haskell/case-insensitive/1.1.nix {};
-  caseInsensitive = self.caseInsensitive_1_1;
+  caseInsensitive_1_1_0_1 = callPackage ../development/libraries/haskell/case-insensitive/1.1.0.1.nix {};
+  caseInsensitive = self.caseInsensitive_1_1_0_1;
 
   cautiousFile = callPackage ../development/libraries/haskell/cautious-file {};
 
@@ -690,6 +696,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   cgi_3001_1_8_4 = callPackage ../development/libraries/haskell/cgi/3001.1.8.4.nix {};
   cgi = self.cgi_3001_1_8_4;
 
+  charset = callPackage ../development/libraries/haskell/charset {};
+
   Chart = callPackage ../development/libraries/haskell/Chart {};
   ChartCairo = callPackage ../development/libraries/haskell/Chart-cairo {};
   ChartGtk = callPackage ../development/libraries/haskell/Chart-gtk {};
@@ -718,6 +726,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   clientsession = callPackage ../development/libraries/haskell/clientsession {};
 
+  clock = callPackage ../development/libraries/haskell/clock {};
+
   cmdargs = callPackage ../development/libraries/haskell/cmdargs {};
 
   cmdlib = callPackage ../development/libraries/haskell/cmdlib {};
@@ -744,6 +754,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   configurator = callPackage ../development/libraries/haskell/configurator {};
 
+  connection = callPackage ../development/libraries/haskell/connection {};
+
   constraints = callPackage ../development/libraries/haskell/constraints {};
 
   convertible = callPackage ../development/libraries/haskell/convertible {};
@@ -828,6 +840,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   dataMemocombinators = callPackage ../development/libraries/haskell/data-memocombinators {};
 
+  dataPprint = callPackage ../development/libraries/haskell/data-pprint {};
+
   dataReify = callPackage ../development/libraries/haskell/data-reify {};
 
   dateCache = callPackage ../development/libraries/haskell/date-cache {};
@@ -929,6 +943,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   enumerator = callPackage ../development/libraries/haskell/enumerator {};
 
+  enummapset = callPackage ../development/libraries/haskell/enummapset {};
+
   entropy = callPackage ../development/libraries/haskell/entropy {};
 
   erf = callPackage ../development/libraries/haskell/erf {};
@@ -937,6 +953,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   either = callPackage ../development/libraries/haskell/either {};
 
+  esqueleto = callPackage ../development/libraries/haskell/esqueleto {};
+
   exceptionMtl = callPackage ../development/libraries/haskell/exception-mtl {};
 
   exceptionTransformers = callPackage ../development/libraries/haskell/exception-transformers {};
@@ -1056,15 +1074,13 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   GlomeVec = callPackage ../development/libraries/haskell/GlomeVec {};
 
-  gloss = callPackage ../development/libraries/haskell/gloss {
-    OpenGL = self.OpenGL_2_6_0_1;
-    GLUT   = self.GLUT_2_3_1_0;
-  };
+  gloss = callPackage ../development/libraries/haskell/gloss {};
 
   glpkHs = callPackage ../development/libraries/haskell/glpk-hs {};
 
   GLURaw_1_3_0_0 = callPackage ../development/libraries/haskell/GLURaw/1.3.0.0.nix {};
-  GLURaw = self.GLURaw_1_3_0_0;
+  GLURaw_1_4_0_0 = callPackage ../development/libraries/haskell/GLURaw/1.4.0.0.nix {};
+  GLURaw = self.GLURaw_1_4_0_0;
 
   GLUT_2_1_1_2 = callPackage ../development/libraries/haskell/GLUT/2.1.1.2.nix {};
   GLUT_2_1_2_1 = callPackage ../development/libraries/haskell/GLUT/2.1.2.1.nix {};
@@ -1078,7 +1094,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   GLUT_2_4_0_0 = callPackage ../development/libraries/haskell/GLUT/2.4.0.0.nix {
     OpenGL = self.OpenGL_2_8_0_0;
   };
-  GLUT = self.GLUT_2_4_0_0;
+  GLUT_2_5_0_1 = callPackage ../development/libraries/haskell/GLUT/2.5.0.1.nix {
+    OpenGL = self.OpenGL_2_9_0_1;
+  };
+  GLUT = self.GLUT_2_5_0_1;
 
   gnuidn = callPackage ../development/libraries/haskell/gnuidn {};
 
@@ -1116,8 +1135,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   happstackLite = callPackage ../development/libraries/haskell/happstack/happstack-lite.nix {};
 
   hashable_1_1_2_5 = callPackage ../development/libraries/haskell/hashable/1.1.2.5.nix {};
-  hashable_1_2_0_10 = callPackage ../development/libraries/haskell/hashable/1.2.0.10.nix {};
-  hashable = self.hashable_1_2_0_10;
+  hashable_1_2_1_0 = callPackage ../development/libraries/haskell/hashable/1.2.1.0.nix {};
+  hashable = self.hashable_1_2_1_0;
 
   hashedStorage = callPackage ../development/libraries/haskell/hashed-storage {};
 
@@ -1140,7 +1159,7 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   haskellSrcExts_1_13_5 = callPackage ../development/libraries/haskell/haskell-src-exts/1.13.5.nix {};
   haskellSrcExts_1_14_0 = callPackage ../development/libraries/haskell/haskell-src-exts/1.14.0.nix {};
-  haskellSrcExts = self.haskellSrcExts_1_13_5;
+  haskellSrcExts = self.haskellSrcExts_1_14_0;
 
   haskellSrcMeta = callPackage ../development/libraries/haskell/haskell-src-meta {};
 
@@ -1148,6 +1167,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   hexpat = callPackage ../development/libraries/haskell/hexpat {};
 
+  HTF = callPackage ../development/libraries/haskell/HTF {};
+
   HTTP_4000_0_6 = callPackage ../development/libraries/haskell/HTTP/4000.0.6.nix {};
   HTTP_4000_0_9 = callPackage ../development/libraries/haskell/HTTP/4000.0.9.nix {};
   HTTP_4000_1_1 = callPackage ../development/libraries/haskell/HTTP/4000.1.1.nix {};
@@ -1235,6 +1256,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   hsemail = callPackage ../development/libraries/haskell/hsemail {};
 
+  hslua = callPackage ../development/libraries/haskell/hslua {
+    lua = pkgs.lua5_1;
+  };
+
   HSH = callPackage ../development/libraries/haskell/HSH {};
 
   HsSyck = callPackage ../development/libraries/haskell/HsSyck {};
@@ -1334,12 +1359,16 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   kansasLava = callPackage ../development/libraries/haskell/kansas-lava {};
 
+  keys = callPackage ../development/libraries/haskell/keys {};
+
   knob = callPackage ../development/libraries/haskell/knob {};
 
   languageC = callPackage ../development/libraries/haskell/language-c {};
 
   languageCQuote = callPackage ../development/libraries/haskell/language-c-quote {};
 
+  languageEcmascript = callPackage ../development/libraries/haskell/language-ecmascript {};
+
   languageJava = callPackage ../development/libraries/haskell/language-java {};
 
   languageJavascript = callPackage ../development/libraries/haskell/language-javascript {};
@@ -1380,6 +1409,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   List = callPackage ../development/libraries/haskell/List {};
 
+  listTries = callPackage ../development/libraries/haskell/list-tries {};
+
   ListLike = callPackage ../development/libraries/haskell/ListLike {};
 
   ListZipper = callPackage ../development/libraries/haskell/ListZipper {};
@@ -1388,6 +1419,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
     llvmConfig = pkgs.llvm;
   };
 
+  llvmGeneralPure = callPackage ../development/libraries/haskell/llvm-general-pure {};
+
   lrucache = callPackage ../development/libraries/haskell/lrucache {};
 
   ltk = callPackage ../development/libraries/haskell/ltk {};
@@ -1445,8 +1478,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   monadLogger = callPackage ../development/libraries/haskell/monad-logger {};
 
   monadPar_0_1_0_3 = callPackage ../development/libraries/haskell/monad-par/0.1.0.3.nix {};
-  monadPar_0_3_4_4 = callPackage ../development/libraries/haskell/monad-par/0.3.4.4.nix {};
-  monadPar = self.monadPar_0_3_4_4;
+  monadPar_0_3_4_5 = callPackage ../development/libraries/haskell/monad-par/0.3.4.5.nix {};
+  monadPar = self.monadPar_0_3_4_5;
 
   monadParExtras = callPackage ../development/libraries/haskell/monad-par-extras {};
 
@@ -1462,6 +1495,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   mongoDB = callPackage ../development/libraries/haskell/mongoDB {};
 
+  monoTraversable = callPackage ../development/libraries/haskell/mono-traversable {};
+
   mmorph = callPackage ../development/libraries/haskell/mmorph {};
 
   mpppc = callPackage ../development/libraries/haskell/mpppc {};
@@ -1522,7 +1557,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   network_2_3_0_13 = callPackage ../development/libraries/haskell/network/2.3.0.13.nix {};
   network_2_3_1_0 = callPackage ../development/libraries/haskell/network/2.3.1.0.nix {};
   network_2_4_1_2 = callPackage ../development/libraries/haskell/network/2.4.1.2.nix {};
-  network = self.network_2_4_1_2;
+  network_2_4_2_0 = callPackage ../development/libraries/haskell/network/2.4.2.0.nix {};
+  network = self.network_2_4_2_0;
 
   networkConduit = callPackage ../development/libraries/haskell/network-conduit {};
   networkConduitTls = callPackage ../development/libraries/haskell/network-conduit-tls {};
@@ -1571,10 +1607,12 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   OpenGL_2_4_0_2 = callPackage ../development/libraries/haskell/OpenGL/2.4.0.2.nix {};
   OpenGL_2_6_0_1 = callPackage ../development/libraries/haskell/OpenGL/2.6.0.1.nix {};
   OpenGL_2_8_0_0 = callPackage ../development/libraries/haskell/OpenGL/2.8.0.0.nix {};
-  OpenGL = self.OpenGL_2_8_0_0;
+  OpenGL_2_9_0_1 = callPackage ../development/libraries/haskell/OpenGL/2.9.1.0.nix {};
+  OpenGL = self.OpenGL_2_9_1_0;
 
   OpenGLRaw_1_3_0_0 = callPackage ../development/libraries/haskell/OpenGLRaw/1.3.0.0.nix {};
-  OpenGLRaw = self.OpenGLRaw_1_3_0_0;
+  OpenGLRaw_1_4_0_0 = callPackage ../development/libraries/haskell/OpenGLRaw/1.4.0.0.nix {};
+  OpenGLRaw = self.OpenGLRaw_1_4_0_0;
 
   operational = callPackage ../development/libraries/haskell/operational {};
 
@@ -1584,6 +1622,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   pandoc = callPackage ../development/libraries/haskell/pandoc {};
 
+  pandocCiteproc = callPackage ../development/libraries/haskell/pandoc-citeproc {};
+
   pandocTypes = callPackage ../development/libraries/haskell/pandoc-types {};
 
   pango = callPackage ../development/libraries/haskell/pango {
@@ -1610,6 +1650,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   parsec3 = self.parsec_3_1_3;
   parsec  = self.parsec3;
 
+  parsers_0_9 = callPackage ../development/libraries/haskell/parsers/0.9.nix {};
+  parsers_0_10 = callPackage ../development/libraries/haskell/parsers/0.10.nix {};
+  parsers = self.parsers_0_10;
+
   parsimony = callPackage ../development/libraries/haskell/parsimony {};
 
   Pathfinder = callPackage ../development/libraries/haskell/Pathfinder {};
@@ -1642,6 +1686,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   pipesAttoparsec = callPackage ../development/libraries/haskell/pipes-attoparsec {};
 
+  pipesBytestring = callPackage ../development/libraries/haskell/pipes-bytestring {};
+
   pipesConcurrency = callPackage ../development/libraries/haskell/pipes-concurrency {};
 
   pipesNetwork = callPackage ../development/libraries/haskell/pipes-network {};
@@ -1654,6 +1700,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   polyparse = callPackage ../development/libraries/haskell/polyparse {};
 
+  pointed = callPackage ../development/libraries/haskell/pointed {};
+
   poolConduit = callPackage ../development/libraries/haskell/pool-conduit {};
 
   pop3client = callPackage ../development/libraries/haskell/pop3-client {};
@@ -1673,7 +1721,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   punycode = callPackage ../development/libraries/haskell/punycode {};
 
   primitive_0_5_0_1 = callPackage ../development/libraries/haskell/primitive/0.5.0.1.nix   {};
-  primitive = self.primitive_0_5_0_1;
+  primitive_0_5_1_0 = callPackage ../development/libraries/haskell/primitive/0.5.1.0.nix   {};
+  primitive = self.primitive_0_5_1_0;
 
   profunctors = callPackage ../development/libraries/haskell/profunctors {};
 
@@ -1748,6 +1797,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   recaptcha = callPackage ../development/libraries/haskell/recaptcha {};
 
+  reducers = callPackage ../development/libraries/haskell/reducers {};
+
   reflection = callPackage ../development/libraries/haskell/reflection {};
 
   regexBase_0_72_0_2 = callPackage ../development/libraries/haskell/regex-base/0.72.0.2.nix {};
@@ -1799,6 +1850,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   resourcet = callPackage ../development/libraries/haskell/resourcet {};
 
+  rfc5051 = callPackage ../development/libraries/haskell/rfc5051 {};
+
   rosezipper = callPackage ../development/libraries/haskell/rosezipper {};
 
   RSA = callPackage ../development/libraries/haskell/RSA {};
@@ -1843,6 +1896,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   snap = callPackage ../development/libraries/haskell/snap/snap.nix {};
 
+  snapletAcidState = callPackage ../development/libraries/haskell/snaplet-acid-state {};
+
   snapCore = callPackage ../development/libraries/haskell/snap/core.nix {};
 
   snapLoaderDynamic = callPackage ../development/libraries/haskell/snap/loader-dynamic.nix {};
@@ -1869,6 +1924,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   strict = callPackage ../development/libraries/haskell/strict {};
 
+  stringable = callPackage ../development/libraries/haskell/stringable {};
+
   stringCombinators = callPackage ../development/libraries/haskell/string-combinators {};
 
   stringprep = callPackage ../development/libraries/haskell/stringprep {};
@@ -2023,6 +2080,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   text_0_11_3_1 = callPackage ../development/libraries/haskell/text/0.11.3.1.nix {};
   text = self.text_0_11_3_1;
 
+  textFormat = callPackage ../development/libraries/haskell/text-format {};
+
   textIcu = callPackage ../development/libraries/haskell/text-icu {};
 
   thespian = callPackage ../development/libraries/haskell/thespian {};
@@ -2059,6 +2118,12 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   transformersCompat = callPackage ../development/libraries/haskell/transformers-compat {};
 
+  trifecta_1_1 = callPackage ../development/libraries/haskell/trifecta/1.1.nix {
+    parsers = self.parsers_0_9;
+  };
+  trifecta_1_2 = callPackage ../development/libraries/haskell/trifecta/1.2.nix {};
+  trifecta = self.trifecta_1_2;
+
   tuple = callPackage ../development/libraries/haskell/tuple {};
 
   typeEquality = callPackage ../development/libraries/haskell/type-equality {};
@@ -2086,13 +2151,15 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   unlambda = callPackage ../development/libraries/haskell/unlambda {};
 
   unorderedContainers_0_2_3_0 = callPackage ../development/libraries/haskell/unordered-containers/0.2.3.0.nix {};
-  unorderedContainers_0_2_3_2 = callPackage ../development/libraries/haskell/unordered-containers/0.2.3.2.nix {};
-  unorderedContainers = self.unorderedContainers_0_2_3_2;
+  unorderedContainers_0_2_3_3 = callPackage ../development/libraries/haskell/unordered-containers/0.2.3.3.nix {};
+  unorderedContainers = self.unorderedContainers_0_2_3_3;
 
   url = callPackage ../development/libraries/haskell/url {};
 
   urlencoded = callPackage ../development/libraries/haskell/urlencoded {};
 
+  usb = callPackage ../development/libraries/haskell/usb {};
+
   utf8Light = callPackage ../development/libraries/haskell/utf8-light {};
 
   utf8String = callPackage ../development/libraries/haskell/utf8-string {};
@@ -2122,12 +2189,15 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   vect = callPackage ../development/libraries/haskell/vect {};
 
   vector_0_10_0_1  = callPackage ../development/libraries/haskell/vector/0.10.0.1.nix  {};
-  vector = self.vector_0_10_0_1;
+  vector_0_10_9_1  = callPackage ../development/libraries/haskell/vector/0.10.9.1.nix  {};
+  vector = self.vector_0_10_9_1;
 
   vectorAlgorithms = callPackage ../development/libraries/haskell/vector-algorithms {};
 
   vectorBinaryInstances = callPackage ../development/libraries/haskell/vector-binary-instances {};
 
+  vectorInstances = callPackage ../development/libraries/haskell/vector-instances {};
+
   vectorSpace = callPackage ../development/libraries/haskell/vector-space {};
 
   vectorSpacePoints = callPackage ../development/libraries/haskell/vector-space-points {};
@@ -2215,6 +2285,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   xmlConduit = callPackage ../development/libraries/haskell/xml-conduit {};
 
+  xmlgen = callPackage ../development/libraries/haskell/xmlgen {};
+
   xmlHamlet = callPackage ../development/libraries/haskell/xml-hamlet {};
 
   xmlhtml = callPackage ../development/libraries/haskell/xmlhtml {};
@@ -2314,7 +2386,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   alex_3_0_1 = callPackage ../development/tools/parsing/alex/3.0.1.nix {};
   alex_3_0_2 = callPackage ../development/tools/parsing/alex/3.0.2.nix {};
   alex_3_0_5 = callPackage ../development/tools/parsing/alex/3.0.5.nix {};
-  alex = self.alex_3_0_5;
+  alex_3_1_0 = callPackage ../development/tools/parsing/alex/3.1.0.nix {};
+  alex = self.alex_3_1_0;
 
   alexMeta = callPackage ../development/tools/haskell/alex-meta {};
 
@@ -2343,7 +2416,9 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   happy_1_18_8 = callPackage ../development/tools/parsing/happy/1.18.8.nix {};
   happy_1_18_9 = callPackage ../development/tools/parsing/happy/1.18.9.nix {};
   happy_1_18_10 = callPackage ../development/tools/parsing/happy/1.18.10.nix {};
-  happy = self.happy_1_18_10;
+  happy_1_18_11 = callPackage ../development/tools/parsing/happy/1.18.11.nix {};
+  happy_1_19_0 = callPackage ../development/tools/parsing/happy/1.19.0.nix {};
+  happy = self.happy_1_19_0;
 
   happyMeta = callPackage ../development/tools/haskell/happy-meta {};
 
@@ -2373,7 +2448,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   darcs = callPackage ../applications/version-management/darcs {};
 
-  idris_plain = callPackage ../development/compilers/idris {};
+  idris_plain = callPackage ../development/compilers/idris {
+    parsers = self.parsers_0_9;
+    trifecta = self.trifecta_1_1;
+  };
 
   idris = callPackage ../development/compilers/idris/wrapper.nix {};
 
@@ -2405,10 +2483,10 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   cabalInstall_0_10_2 = callPackage ../tools/package-management/cabal-install/0.10.2.nix {};
   cabalInstall_0_14_0 = callPackage ../tools/package-management/cabal-install/0.14.0.nix {};
   cabalInstall_1_16_0_2 = callPackage ../tools/package-management/cabal-install/1.16.0.2.nix {};
-  cabalInstall_1_18_0_1 = callPackage ../tools/package-management/cabal-install/1.18.0.1.nix {
-    Cabal = self.Cabal_1_18_0;
+  cabalInstall_1_18_0_2 = callPackage ../tools/package-management/cabal-install/1.18.0.2.nix {
+    Cabal = self.Cabal_1_18_1_2;
   };
-  cabalInstall = self.cabalInstall_1_18_0;
+  cabalInstall = self.cabalInstall_1_18_0_2;
 
   gitAnnex = callPackage ../applications/version-management/git-and-tools/git-annex {};
 
diff --git a/pkgs/top-level/make-tarball.nix b/pkgs/top-level/make-tarball.nix
index 2e5d92b8ed25..b50f064af0c6 100644
--- a/pkgs/top-level/make-tarball.nix
+++ b/pkgs/top-level/make-tarball.nix
@@ -1,4 +1,4 @@
-/* Hydra job to build a tarball for Nixpkgs from a SVN checkout.  It
+/* Hydra job to build a tarball for Nixpkgs from a Git checkout.  It
    also builds the documentation and tests whether the Nix expressions
    evaluate correctly. */
 
@@ -6,13 +6,13 @@
 
 with import nixpkgs.outPath {};
 
-releaseTools.sourceTarball {
+releaseTools.sourceTarball rec {
   name = "nixpkgs-tarball";
   src = nixpkgs;
-  inherit officialRelease;
 
-  version = builtins.readFile ../../VERSION;
-  versionSuffix = if officialRelease then "" else "pre${toString nixpkgs.revCount}_${nixpkgs.shortRev}";
+  inherit officialRelease;
+  version = builtins.readFile ../../.version;
+  versionSuffix = "pre${toString nixpkgs.revCount}.${nixpkgs.shortRev}";
 
   buildInputs = [
     lzma
@@ -26,8 +26,8 @@ releaseTools.sourceTarball {
   configurePhase = ''
     eval "$preConfigure"
     releaseName=nixpkgs-$VERSION$VERSION_SUFFIX
+    echo -n $VERSION_SUFFIX > .version-suffix
     echo "release name is $releaseName"
-    echo $releaseName > relname
   '';
 
   dontBuild = false;
@@ -47,14 +47,14 @@ releaseTools.sourceTarball {
     nix-store --init
 
     # Run the regression tests in `lib'.
-    res="$(nix-instantiate --eval-only --strict --show-trace pkgs/lib/tests.nix)"
+    res="$(nix-instantiate --eval-only --strict --show-trace lib/tests.nix)"
     if test "$res" != "[ ]"; then
         echo "regression tests for lib failed, got: $res"
         exit 1
     fi
 
     # Check that all-packages.nix evaluates on a number of platforms.
-    for platform in i686-linux x86_64-linux powerpc-linux i686-freebsd; do
+    for platform in i686-linux x86_64-linux x86_64-darwin i686-freebsd x86_64-freebsd; do
         header "checking pkgs/top-level/all-packages.nix on $platform"
         nix-env --readonly-mode -f pkgs/top-level/all-packages.nix \
             --show-trace --argstr system "$platform" \
@@ -63,8 +63,7 @@ releaseTools.sourceTarball {
     done
 
     header "checking eval-release.nix"
-    nix-instantiate --eval-only --strict --xml --show-trace ./maintainers/scripts/eval-release.nix > $TMPDIR/out.xml
-    xmllint --noout $TMPDIR/out.xml
+    nix-instantiate --eval-only --strict --show-trace ./maintainers/scripts/eval-release.nix > /dev/null
     stopNest
   '';
 
diff --git a/pkgs/top-level/node-packages-generated.nix b/pkgs/top-level/node-packages-generated.nix
index 15c01748a44b..18ec19437dba 100644
--- a/pkgs/top-level/node-packages-generated.nix
+++ b/pkgs/top-level/node-packages-generated.nix
@@ -2,33 +2,33 @@
 
 {
   full."CSSselect"."0.x" = lib.makeOverridable self.buildNodePackage {
-    name = "CSSselect-0.3.5";
+    name = "CSSselect-0.3.11";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/CSSselect/-/CSSselect-0.3.5.tgz";
-        sha1 = "b85cae765678432aa54be73c140e3d4de78938a1";
+        url = "http://registry.npmjs.org/CSSselect/-/CSSselect-0.3.11.tgz";
+        sha1 = "0779a069d12da9ff5875dd125a0287599c05b6a5";
       })
     ];
     buildInputs =
       (self.nativeDeps."CSSselect"."0.x" or []);
     deps = [
-      self.full."CSSwhat"."0.3"
-      self.full."domutils"."1"
+      self.full."CSSwhat"."0.4"
+      self.full."domutils"."1.2"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "CSSselect" ];
   };
-  full."CSSwhat"."0.3" = lib.makeOverridable self.buildNodePackage {
-    name = "CSSwhat-0.3.0";
+  full."CSSwhat"."0.4" = lib.makeOverridable self.buildNodePackage {
+    name = "CSSwhat-0.4.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/CSSwhat/-/CSSwhat-0.3.0.tgz";
-        sha1 = "44e93c6a50dab70f59575a539cb09f4016e188ae";
+        url = "http://registry.npmjs.org/CSSwhat/-/CSSwhat-0.4.1.tgz";
+        sha1 = "fe6580461b2a3ad550d2a7785a051234974dfca7";
       })
     ];
     buildInputs =
-      (self.nativeDeps."CSSwhat"."0.3" or []);
+      (self.nativeDeps."CSSwhat"."0.4" or []);
     deps = [
     ];
     peerDependencies = [
@@ -165,46 +165,29 @@
     passthru.names = [ "almond" ];
   };
   "almond" = self.full."almond"."*";
-  full."ambi"."~2.0.0" = lib.makeOverridable self.buildNodePackage {
-    name = "ambi-2.0.0";
+  full."ambi"."~2.1.4" = lib.makeOverridable self.buildNodePackage {
+    name = "ambi-2.1.4";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/ambi/-/ambi-2.0.0.tgz";
-        sha1 = "42c2bf98e8d101aa4da28a812678a5dbe36ada66";
+        url = "http://registry.npmjs.org/ambi/-/ambi-2.1.4.tgz";
+        sha1 = "1c0bafb3b1058754e1c3f9d7383948fc1b7c6926";
       })
     ];
     buildInputs =
-      (self.nativeDeps."ambi"."~2.0.0" or []);
+      (self.nativeDeps."ambi"."~2.1.4" or []);
     deps = [
-      self.full."typechecker"."~2.0.1"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "ambi" ];
-  };
-  full."ambi"."~2.1.0" = lib.makeOverridable self.buildNodePackage {
-    name = "ambi-2.1.1";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/ambi/-/ambi-2.1.1.tgz";
-        sha1 = "254ea79bf4203ed74a7038632e176e64640bb91d";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."ambi"."~2.1.0" or []);
-    deps = [
-      self.full."typechecker"."~2.0.1"
+      self.full."typechecker"."~2.0.6"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "ambi" ];
   };
   full."amdefine"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "amdefine-0.0.8";
+    name = "amdefine-0.1.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/amdefine/-/amdefine-0.0.8.tgz";
-        sha1 = "34dc8c981e6acb3be1853bef8f0ec94a39d55ba0";
+        url = "http://registry.npmjs.org/amdefine/-/amdefine-0.1.0.tgz";
+        sha1 = "3ca9735cf1dde0edf7a4bf6641709c8024f9b227";
       })
     ];
     buildInputs =
@@ -217,11 +200,11 @@
   };
   "amdefine" = self.full."amdefine"."*";
   full."amdefine".">=0.0.4" = lib.makeOverridable self.buildNodePackage {
-    name = "amdefine-0.0.8";
+    name = "amdefine-0.1.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/amdefine/-/amdefine-0.0.8.tgz";
-        sha1 = "34dc8c981e6acb3be1853bef8f0ec94a39d55ba0";
+        url = "http://registry.npmjs.org/amdefine/-/amdefine-0.1.0.tgz";
+        sha1 = "3ca9735cf1dde0edf7a4bf6641709c8024f9b227";
       })
     ];
     buildInputs =
@@ -331,11 +314,11 @@
     passthru.names = [ "apparatus" ];
   };
   full."archiver"."~0.4.6" = lib.makeOverridable self.buildNodePackage {
-    name = "archiver-0.4.9";
+    name = "archiver-0.4.10";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/archiver/-/archiver-0.4.9.tgz";
-        sha1 = "7c8a5c8f186497b430698855b1a827af81ce94f1";
+        url = "http://registry.npmjs.org/archiver/-/archiver-0.4.10.tgz";
+        sha1 = "df0feac8f1d1295e5eceb3a205559072d21f4747";
       })
     ];
     buildInputs =
@@ -466,6 +449,22 @@
     ];
     passthru.names = [ "assert-plus" ];
   };
+  full."assertion-error"."1.0.0" = lib.makeOverridable self.buildNodePackage {
+    name = "assertion-error-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/assertion-error/-/assertion-error-1.0.0.tgz";
+        sha1 = "c7f85438fdd466bc7ca16ab90c81513797a5d23b";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."assertion-error"."1.0.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "assertion-error" ];
+  };
   full."async"."*" = lib.makeOverridable self.buildNodePackage {
     name = "async-0.2.9";
     src = [
@@ -644,11 +643,11 @@
     passthru.names = [ "async" ];
   };
   full."aws-sdk"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "aws-sdk-1.5.1";
+    name = "aws-sdk-1.9.0";
     src = [
       (self.patchLatest {
-        url = "http://registry.npmjs.org/aws-sdk/-/aws-sdk-1.5.1.tgz";
-        sha1 = "5927d9539c9c82116501aed0747a2073375dfacd";
+        url = "http://registry.npmjs.org/aws-sdk/-/aws-sdk-1.9.0.tgz";
+        sha1 = "b4b0c2c954d07c40fa036447fae63181b4f83770";
       })
     ];
     buildInputs =
@@ -663,11 +662,11 @@
   };
   "aws-sdk" = self.full."aws-sdk"."*";
   full."aws-sdk".">=1.2.0 <2" = lib.makeOverridable self.buildNodePackage {
-    name = "aws-sdk-1.5.1";
+    name = "aws-sdk-1.9.0";
     src = [
       (self.patchLatest {
-        url = "http://registry.npmjs.org/aws-sdk/-/aws-sdk-1.5.1.tgz";
-        sha1 = "5927d9539c9c82116501aed0747a2073375dfacd";
+        url = "http://registry.npmjs.org/aws-sdk/-/aws-sdk-1.9.0.tgz";
+        sha1 = "b4b0c2c954d07c40fa036447fae63181b4f83770";
       })
     ];
     buildInputs =
@@ -713,11 +712,11 @@
     passthru.names = [ "aws-sign" ];
   };
   full."backbone"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "backbone-1.0.0";
+    name = "backbone-1.1.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/backbone/-/backbone-1.0.0.tgz";
-        sha1 = "5e146e1efa8a5361462e578377c39ed0f16b0b4c";
+        url = "http://registry.npmjs.org/backbone/-/backbone-1.1.0.tgz";
+        sha1 = "a3c845ea707dc210aa12b0dc16fceca4bbc18a3e";
       })
     ];
     buildInputs =
@@ -746,28 +745,6 @@
     ];
     passthru.names = [ "backoff" ];
   };
-  full."bal-util"."~2.0.0" = lib.makeOverridable self.buildNodePackage {
-    name = "bal-util-2.0.5";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/bal-util/-/bal-util-2.0.5.tgz";
-        sha1 = "b5a3b78e520b17892dfa051d2a819e8a48455b9c";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."bal-util"."~2.0.0" or []);
-    deps = [
-      self.full."ambi"."~2.0.0"
-      self.full."eachr"."~2.0.2"
-      self.full."extendr"."~2.0.1"
-      self.full."safefs"."~3.0.1"
-      self.full."taskgroup"."~3.1.1"
-      self.full."typechecker"."~2.0.1"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "bal-util" ];
-  };
   full."base64id"."0.1.0" = lib.makeOverridable self.buildNodePackage {
     name = "base64id-0.1.0";
     src = [
@@ -785,11 +762,11 @@
     passthru.names = [ "base64id" ];
   };
   full."bcrypt"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "bcrypt-0.7.6";
+    name = "bcrypt-0.7.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/bcrypt/-/bcrypt-0.7.6.tgz";
-        sha1 = "97eae4472baf2352699f5fd1662e77e63d0cd0aa";
+        url = "http://registry.npmjs.org/bcrypt/-/bcrypt-0.7.7.tgz";
+        sha1 = "966a2e709b8cf62c2e05408baf7c5ed663b3c868";
       })
     ];
     buildInputs =
@@ -886,6 +863,22 @@
     ];
     passthru.names = [ "block-stream" ];
   };
+  full."blueimp-md5"."~1.0.3" = lib.makeOverridable self.buildNodePackage {
+    name = "blueimp-md5-1.0.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/blueimp-md5/-/blueimp-md5-1.0.3.tgz";
+        sha1 = "932f8fa56652701823cee46cecc0477c88333ab2";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."blueimp-md5"."~1.0.3" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "blueimp-md5" ];
+  };
   full."boom"."0.3.x" = lib.makeOverridable self.buildNodePackage {
     name = "boom-0.3.8";
     src = [
@@ -921,11 +914,11 @@
     passthru.names = [ "boom" ];
   };
   full."bower"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "bower-1.2.6";
+    name = "bower-1.2.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/bower/-/bower-1.2.6.tgz";
-        sha1 = "a8b7bd344601554821957b9ab62fb436febc674d";
+        url = "http://registry.npmjs.org/bower/-/bower-1.2.7.tgz";
+        sha1 = "5b0505c8192bd61a752a7cf8b718d1b3054cd554";
       })
     ];
     buildInputs =
@@ -949,7 +942,7 @@
       self.full."inquirer"."~0.3.0"
       self.full."junk"."~0.2.0"
       self.full."mkdirp"."~0.3.5"
-      self.full."mout"."~0.6.0"
+      self.full."mout"."~0.7.0"
       self.full."nopt"."~2.1.1"
       self.full."lru-cache"."~2.3.0"
       self.full."open"."~0.0.3"
@@ -975,11 +968,11 @@
   };
   "bower" = self.full."bower"."*";
   full."bower".">=0.9.0" = lib.makeOverridable self.buildNodePackage {
-    name = "bower-1.2.6";
+    name = "bower-1.2.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/bower/-/bower-1.2.6.tgz";
-        sha1 = "a8b7bd344601554821957b9ab62fb436febc674d";
+        url = "http://registry.npmjs.org/bower/-/bower-1.2.7.tgz";
+        sha1 = "5b0505c8192bd61a752a7cf8b718d1b3054cd554";
       })
     ];
     buildInputs =
@@ -1003,7 +996,7 @@
       self.full."inquirer"."~0.3.0"
       self.full."junk"."~0.2.0"
       self.full."mkdirp"."~0.3.5"
-      self.full."mout"."~0.6.0"
+      self.full."mout"."~0.7.0"
       self.full."nopt"."~2.1.1"
       self.full."lru-cache"."~2.3.0"
       self.full."open"."~0.0.3"
@@ -1119,11 +1112,11 @@
     passthru.names = [ "bower-logger" ];
   };
   full."bower-registry-client"."~0.1.4" = lib.makeOverridable self.buildNodePackage {
-    name = "bower-registry-client-0.1.4";
+    name = "bower-registry-client-0.1.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/bower-registry-client/-/bower-registry-client-0.1.4.tgz";
-        sha1 = "334669747ca0b60fdda24b0de1f4c3057429813c";
+        url = "http://registry.npmjs.org/bower-registry-client/-/bower-registry-client-0.1.5.tgz";
+        sha1 = "1c64d70bfca833c95121ffc23da48a54527912d3";
       })
     ];
     buildInputs =
@@ -1185,11 +1178,11 @@
     passthru.names = [ "broadway" ];
   };
   full."browserchannel"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "browserchannel-1.0.7";
+    name = "browserchannel-1.0.8";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/browserchannel/-/browserchannel-1.0.7.tgz";
-        sha1 = "0966d021d6001011f3fae3377db4bd2992458b57";
+        url = "http://registry.npmjs.org/browserchannel/-/browserchannel-1.0.8.tgz";
+        sha1 = "96da83d139d8943f5bd616c334f148bd008dbac4";
       })
     ];
     buildInputs =
@@ -1385,6 +1378,25 @@
     ];
     passthru.names = [ "cardinal" ];
   };
+  full."chai"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "chai-1.8.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/chai/-/chai-1.8.1.tgz";
+        sha1 = "cc77866d5e7ebca2bd75144b1edc370a88785f72";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."chai"."*" or []);
+    deps = [
+      self.full."assertion-error"."1.0.0"
+      self.full."deep-eql"."0.1.3"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "chai" ];
+  };
+  "chai" = self.full."chai"."*";
   full."chainsaw"."~0.1.0" = lib.makeOverridable self.buildNodePackage {
     name = "chainsaw-0.1.0";
     src = [
@@ -1493,11 +1505,11 @@
     passthru.names = [ "cheerio" ];
   };
   full."cheerio"."~0.12.0" = lib.makeOverridable self.buildNodePackage {
-    name = "cheerio-0.12.2";
+    name = "cheerio-0.12.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/cheerio/-/cheerio-0.12.2.tgz";
-        sha1 = "d9908e29679e6d1b501c2cfe0e4ada330ea278c7";
+        url = "http://registry.npmjs.org/cheerio/-/cheerio-0.12.3.tgz";
+        sha1 = "8eb05ace0a3fc72d9d9ce0b5d364fe8bb565d7fa";
       })
     ];
     buildInputs =
@@ -1513,11 +1525,11 @@
     passthru.names = [ "cheerio" ];
   };
   full."cheerio"."~0.12.1" = lib.makeOverridable self.buildNodePackage {
-    name = "cheerio-0.12.2";
+    name = "cheerio-0.12.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/cheerio/-/cheerio-0.12.2.tgz";
-        sha1 = "d9908e29679e6d1b501c2cfe0e4ada330ea278c7";
+        url = "http://registry.npmjs.org/cheerio/-/cheerio-0.12.3.tgz";
+        sha1 = "8eb05ace0a3fc72d9d9ce0b5d364fe8bb565d7fa";
       })
     ];
     buildInputs =
@@ -1613,18 +1625,18 @@
     ];
     passthru.names = [ "chownr" ];
   };
-  full."clean-css"."~1.0.4" = lib.makeOverridable self.buildNodePackage {
-    name = "clean-css-1.0.12";
+  full."clean-css"."~1.1.1" = lib.makeOverridable self.buildNodePackage {
+    name = "clean-css-1.1.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/clean-css/-/clean-css-1.0.12.tgz";
-        sha1 = "e6e0d977860466363d9110a17423d27cd6874300";
+        url = "http://registry.npmjs.org/clean-css/-/clean-css-1.1.3.tgz";
+        sha1 = "5442cbf45643e09bdcfae25f2b5d8eb36e168ae1";
       })
     ];
     buildInputs =
-      (self.nativeDeps."clean-css"."~1.0.4" or []);
+      (self.nativeDeps."clean-css"."~1.1.1" or []);
     deps = [
-      self.full."commander"."1.3.x"
+      self.full."commander"."2.0.x"
     ];
     peerDependencies = [
     ];
@@ -1648,18 +1660,18 @@
     passthru.names = [ "cli" ];
   };
   full."cli-color"."~0.2.2" = lib.makeOverridable self.buildNodePackage {
-    name = "cli-color-0.2.2";
+    name = "cli-color-0.2.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/cli-color/-/cli-color-0.2.2.tgz";
-        sha1 = "2220dcbd5e8410e15c435946b6c8daa22e076741";
+        url = "http://registry.npmjs.org/cli-color/-/cli-color-0.2.3.tgz";
+        sha1 = "0a25ceae5a6a1602be7f77d28563c36700274e88";
       })
     ];
     buildInputs =
       (self.nativeDeps."cli-color"."~0.2.2" or []);
     deps = [
-      self.full."es5-ext"."~0.9.1"
-      self.full."memoizee"."0.2.x"
+      self.full."es5-ext"."~0.9.2"
+      self.full."memoizee"."~0.2.5"
     ];
     peerDependencies = [
     ];
@@ -1866,6 +1878,57 @@
     ];
     passthru.names = [ "coffee-script" ];
   };
+  full."color"."~0.4.4" = lib.makeOverridable self.buildNodePackage {
+    name = "color-0.4.4";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/color/-/color-0.4.4.tgz";
+        sha1 = "f8bae8a848854616328704e64ce4a94ab336b7b5";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."color"."~0.4.4" or []);
+    deps = [
+      self.full."color-convert"."0.2.x"
+      self.full."color-string"."0.1.x"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "color" ];
+  };
+  full."color-convert"."0.2.x" = lib.makeOverridable self.buildNodePackage {
+    name = "color-convert-0.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/color-convert/-/color-convert-0.2.1.tgz";
+        sha1 = "363cab23c94b31a0d64db71048b8c6a940f8c68c";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."color-convert"."0.2.x" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "color-convert" ];
+  };
+  full."color-string"."0.1.x" = lib.makeOverridable self.buildNodePackage {
+    name = "color-string-0.1.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/color-string/-/color-string-0.1.2.tgz";
+        sha1 = "a413fb7dd137162d5d4ea784cbeb36d931ad9b4a";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."color-string"."0.1.x" or []);
+    deps = [
+      self.full."color-convert"."0.2.x"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "color-string" ];
+  };
   full."colors"."0.3.0" = lib.makeOverridable self.buildNodePackage {
     name = "colors-0.3.0";
     src = [
@@ -1882,6 +1945,22 @@
     ];
     passthru.names = [ "colors" ];
   };
+  full."colors"."0.5.x" = lib.makeOverridable self.buildNodePackage {
+    name = "colors-0.5.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/colors/-/colors-0.5.1.tgz";
+        sha1 = "7d0023eaeb154e8ee9fce75dcb923d0ed1667774";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."colors"."0.5.x" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "colors" ];
+  };
   full."colors"."0.6.0-1" = lib.makeOverridable self.buildNodePackage {
     name = "colors-0.6.0-1";
     src = [
@@ -2011,41 +2090,23 @@
     ];
     passthru.names = [ "commander" ];
   };
-  full."commander"."1.2.0" = lib.makeOverridable self.buildNodePackage {
-    name = "commander-1.2.0";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/commander/-/commander-1.2.0.tgz";
-        sha1 = "fd5713bfa153c7d6cc599378a5ab4c45c535029e";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."commander"."1.2.0" or []);
-    deps = [
-      self.full."keypress"."0.1.x"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "commander" ];
-  };
-  full."commander"."1.3.x" = lib.makeOverridable self.buildNodePackage {
-    name = "commander-1.3.2";
+  full."commander"."2.0.0" = lib.makeOverridable self.buildNodePackage {
+    name = "commander-2.0.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/commander/-/commander-1.3.2.tgz";
-        sha1 = "8a8f30ec670a6fdd64af52f1914b907d79ead5b5";
+        url = "http://registry.npmjs.org/commander/-/commander-2.0.0.tgz";
+        sha1 = "d1b86f901f8b64bd941bdeadaf924530393be928";
       })
     ];
     buildInputs =
-      (self.nativeDeps."commander"."1.3.x" or []);
+      (self.nativeDeps."commander"."2.0.0" or []);
     deps = [
-      self.full."keypress"."0.1.x"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "commander" ];
   };
-  full."commander"."2.0.0" = lib.makeOverridable self.buildNodePackage {
+  full."commander"."2.0.x" = lib.makeOverridable self.buildNodePackage {
     name = "commander-2.0.0";
     src = [
       (fetchurl {
@@ -2054,7 +2115,7 @@
       })
     ];
     buildInputs =
-      (self.nativeDeps."commander"."2.0.0" or []);
+      (self.nativeDeps."commander"."2.0.x" or []);
     deps = [
     ];
     peerDependencies = [
@@ -2097,11 +2158,11 @@
     passthru.names = [ "config" ];
   };
   full."config-chain"."~1.1.1" = lib.makeOverridable self.buildNodePackage {
-    name = "config-chain-1.1.7";
+    name = "config-chain-1.1.8";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/config-chain/-/config-chain-1.1.7.tgz";
-        sha1 = "99fcaaaf343a557782a142d201747bb8142bbf9a";
+        url = "http://registry.npmjs.org/config-chain/-/config-chain-1.1.8.tgz";
+        sha1 = "0943d0b7227213a20d4eaff4434f4a1c0a052cad";
       })
     ];
     buildInputs =
@@ -2134,6 +2195,25 @@
     ];
     passthru.names = [ "configstore" ];
   };
+  full."connect"."1.x" = lib.makeOverridable self.buildNodePackage {
+    name = "connect-1.9.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/connect/-/connect-1.9.2.tgz";
+        sha1 = "42880a22e9438ae59a8add74e437f58ae8e52807";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."connect"."1.x" or []);
+    deps = [
+      self.full."qs".">= 0.4.0"
+      self.full."mime".">= 0.0.1"
+      self.full."formidable"."1.0.x"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "connect" ];
+  };
   full."connect"."2.7.11" = lib.makeOverridable self.buildNodePackage {
     name = "connect-2.7.11";
     src = [
@@ -2212,19 +2292,18 @@
     ];
     passthru.names = [ "connect" ];
   };
-  full."connect"."2.8.8" = lib.makeOverridable self.buildNodePackage {
-    name = "connect-2.8.8";
+  full."connect"."2.9.1" = lib.makeOverridable self.buildNodePackage {
+    name = "connect-2.9.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/connect/-/connect-2.8.8.tgz";
-        sha1 = "b9abf8caf0bd9773cb3dea29344119872582446d";
+        url = "http://registry.npmjs.org/connect/-/connect-2.9.1.tgz";
+        sha1 = "a0a733f2e629b8af85aa0701fbd0737f52549052";
       })
     ];
     buildInputs =
-      (self.nativeDeps."connect"."2.8.8" or []);
+      (self.nativeDeps."connect"."2.9.1" or []);
     deps = [
       self.full."qs"."0.6.5"
-      self.full."formidable"."1.0.14"
       self.full."cookie-signature"."1.0.1"
       self.full."buffer-crc32"."0.2.1"
       self.full."cookie"."0.1.0"
@@ -2235,24 +2314,24 @@
       self.full."uid2"."0.0.2"
       self.full."debug"."*"
       self.full."methods"."0.0.1"
+      self.full."multiparty"."2.2.0"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "connect" ];
   };
   full."connect"."~2" = lib.makeOverridable self.buildNodePackage {
-    name = "connect-2.8.8";
+    name = "connect-2.9.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/connect/-/connect-2.8.8.tgz";
-        sha1 = "b9abf8caf0bd9773cb3dea29344119872582446d";
+        url = "http://registry.npmjs.org/connect/-/connect-2.9.1.tgz";
+        sha1 = "a0a733f2e629b8af85aa0701fbd0737f52549052";
       })
     ];
     buildInputs =
       (self.nativeDeps."connect"."~2" or []);
     deps = [
       self.full."qs"."0.6.5"
-      self.full."formidable"."1.0.14"
       self.full."cookie-signature"."1.0.1"
       self.full."buffer-crc32"."0.2.1"
       self.full."cookie"."0.1.0"
@@ -2263,6 +2342,7 @@
       self.full."uid2"."0.0.2"
       self.full."debug"."*"
       self.full."methods"."0.0.1"
+      self.full."multiparty"."2.2.0"
     ];
     peerDependencies = [
     ];
@@ -2329,6 +2409,24 @@
     ];
     passthru.names = [ "connect-flash" ];
   };
+  full."connect-jade-static"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "connect-jade-static-0.1.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/connect-jade-static/-/connect-jade-static-0.1.1.tgz";
+        sha1 = "11d16fa00aca28cb004e89cd0a7d6b0fa0342cdb";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."connect-jade-static"."*" or []);
+    deps = [
+      self.full."jade"."*"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "connect-jade-static" ];
+  };
+  "connect-jade-static" = self.full."connect-jade-static"."*";
   full."connect-mongo"."*" = lib.makeOverridable self.buildNodePackage {
     name = "connect-mongo-0.3.3";
     src = [
@@ -2508,6 +2606,22 @@
     ];
     passthru.names = [ "cookies" ];
   };
+  full."core-util-is"."~1.0.0" = lib.makeOverridable self.buildNodePackage {
+    name = "core-util-is-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/core-util-is/-/core-util-is-1.0.0.tgz";
+        sha1 = "740c74c400e72707b95cc75d509543f8ad7f83de";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."core-util-is"."~1.0.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "core-util-is" ];
+  };
   full."couch-login"."~0.1.15" = lib.makeOverridable self.buildNodePackage {
     name = "couch-login-0.1.18";
     src = [
@@ -2543,11 +2657,11 @@
     passthru.names = [ "couch-login" ];
   };
   full."coveralls"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "coveralls-2.2.0";
+    name = "coveralls-2.3.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/coveralls/-/coveralls-2.2.0.tgz";
-        sha1 = "9bfe310447895b5665fee55bfee0743cc47fa4e4";
+        url = "http://registry.npmjs.org/coveralls/-/coveralls-2.3.0.tgz";
+        sha1 = "9eda569c115214acb7f58ca3a28401e866485144";
       })
     ];
     buildInputs =
@@ -2563,6 +2677,23 @@
     passthru.names = [ "coveralls" ];
   };
   "coveralls" = self.full."coveralls"."*";
+  full."crossroads"."~0.12.0" = lib.makeOverridable self.buildNodePackage {
+    name = "crossroads-0.12.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/crossroads/-/crossroads-0.12.0.tgz";
+        sha1 = "24114f9de3abfa0271df66b4ec56c3b984b7f56e";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."crossroads"."~0.12.0" or []);
+    deps = [
+      self.full."signals"."<2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "crossroads" ];
+  };
   full."cryptiles"."0.1.x" = lib.makeOverridable self.buildNodePackage {
     name = "cryptiles-0.1.3";
     src = [
@@ -2823,12 +2954,45 @@
     ];
     passthru.names = [ "debug" ];
   };
+  full."debuglog"."0.0.2" = lib.makeOverridable self.buildNodePackage {
+    name = "debuglog-0.0.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/debuglog/-/debuglog-0.0.2.tgz";
+        sha1 = "83f4cd091f955f5da7053789727ad506f1010f1c";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."debuglog"."0.0.2" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "debuglog" ];
+  };
+  full."deep-eql"."0.1.3" = lib.makeOverridable self.buildNodePackage {
+    name = "deep-eql-0.1.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/deep-eql/-/deep-eql-0.1.3.tgz";
+        sha1 = "ef558acab8de25206cd713906d74e56930eb69f2";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."deep-eql"."0.1.3" or []);
+    deps = [
+      self.full."type-detect"."0.1.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "deep-eql" ];
+  };
   full."deep-equal"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "deep-equal-0.0.0";
+    name = "deep-equal-0.1.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/deep-equal/-/deep-equal-0.0.0.tgz";
-        sha1 = "99679d3bbd047156fcd450d3d01eeb9068691e83";
+        url = "http://registry.npmjs.org/deep-equal/-/deep-equal-0.1.0.tgz";
+        sha1 = "81fcefc84551d9d67cccdd80e1fced7f355e146f";
       })
     ];
     buildInputs =
@@ -2871,37 +3035,37 @@
     ];
     passthru.names = [ "deep-extend" ];
   };
-  full."delayed-stream"."0.0.5" = lib.makeOverridable self.buildNodePackage {
-    name = "delayed-stream-0.0.5";
+  full."deep-extend"."~0.2.6" = lib.makeOverridable self.buildNodePackage {
+    name = "deep-extend-0.2.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz";
-        sha1 = "d4b1f43a93e8296dfe02694f4680bc37a313c73f";
+        url = "http://registry.npmjs.org/deep-extend/-/deep-extend-0.2.6.tgz";
+        sha1 = "1f767e02b46d88d0a4087affa4b11b1b0b804250";
       })
     ];
     buildInputs =
-      (self.nativeDeps."delayed-stream"."0.0.5" or []);
+      (self.nativeDeps."deep-extend"."~0.2.6" or []);
     deps = [
     ];
     peerDependencies = [
     ];
-    passthru.names = [ "delayed-stream" ];
+    passthru.names = [ "deep-extend" ];
   };
-  full."dequeue"."1.0.3" = lib.makeOverridable self.buildNodePackage {
-    name = "dequeue-1.0.3";
+  full."delayed-stream"."0.0.5" = lib.makeOverridable self.buildNodePackage {
+    name = "delayed-stream-0.0.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/dequeue/-/dequeue-1.0.3.tgz";
-        sha1 = "30b8f4da2fc240951a15d31b35283e29b2de8978";
+        url = "http://registry.npmjs.org/delayed-stream/-/delayed-stream-0.0.5.tgz";
+        sha1 = "d4b1f43a93e8296dfe02694f4680bc37a313c73f";
       })
     ];
     buildInputs =
-      (self.nativeDeps."dequeue"."1.0.3" or []);
+      (self.nativeDeps."delayed-stream"."0.0.5" or []);
     deps = [
     ];
     peerDependencies = [
     ];
-    passthru.names = [ "dequeue" ];
+    passthru.names = [ "delayed-stream" ];
   };
   full."di"."~0.0.1" = lib.makeOverridable self.buildNodePackage {
     name = "di-0.0.1";
@@ -2919,16 +3083,16 @@
     ];
     passthru.names = [ "di" ];
   };
-  full."diff"."1.0.2" = lib.makeOverridable self.buildNodePackage {
-    name = "diff-1.0.2";
+  full."diff"."1.0.7" = lib.makeOverridable self.buildNodePackage {
+    name = "diff-1.0.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/diff/-/diff-1.0.2.tgz";
-        sha1 = "4ae73f1aee8d6fcf484f1a1ce77ce651d9b7f0c9";
+        url = "http://registry.npmjs.org/diff/-/diff-1.0.7.tgz";
+        sha1 = "24bbb001c4a7d5522169e7cabdb2c2814ed91cf4";
       })
     ];
     buildInputs =
-      (self.nativeDeps."diff"."1.0.2" or []);
+      (self.nativeDeps."diff"."1.0.7" or []);
     deps = [
     ];
     peerDependencies = [
@@ -2936,11 +3100,11 @@
     passthru.names = [ "diff" ];
   };
   full."diff"."~1.0.3" = lib.makeOverridable self.buildNodePackage {
-    name = "diff-1.0.6";
+    name = "diff-1.0.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/diff/-/diff-1.0.6.tgz";
-        sha1 = "987bbd1ed596bd2f0c61d57ba2d9eb27b34f7e50";
+        url = "http://registry.npmjs.org/diff/-/diff-1.0.7.tgz";
+        sha1 = "24bbb001c4a7d5522169e7cabdb2c2814ed91cf4";
       })
     ];
     buildInputs =
@@ -2952,11 +3116,11 @@
     passthru.names = [ "diff" ];
   };
   full."diff"."~1.0.4" = lib.makeOverridable self.buildNodePackage {
-    name = "diff-1.0.6";
+    name = "diff-1.0.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/diff/-/diff-1.0.6.tgz";
-        sha1 = "987bbd1ed596bd2f0c61d57ba2d9eb27b34f7e50";
+        url = "http://registry.npmjs.org/diff/-/diff-1.0.7.tgz";
+        sha1 = "24bbb001c4a7d5522169e7cabdb2c2814ed91cf4";
       })
     ];
     buildInputs =
@@ -3016,16 +3180,16 @@
     ];
     passthru.names = [ "domhandler" ];
   };
-  full."domutils"."1" = lib.makeOverridable self.buildNodePackage {
-    name = "domutils-1.1.4";
+  full."domutils"."1.0" = lib.makeOverridable self.buildNodePackage {
+    name = "domutils-1.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/domutils/-/domutils-1.1.4.tgz";
-        sha1 = "14b774276187066c76f80141f7eac47a22f77248";
+        url = "http://registry.npmjs.org/domutils/-/domutils-1.0.1.tgz";
+        sha1 = "58b58d774774911556c16b8b02d99c609d987869";
       })
     ];
     buildInputs =
-      (self.nativeDeps."domutils"."1" or []);
+      (self.nativeDeps."domutils"."1.0" or []);
     deps = [
       self.full."domelementtype"."1"
     ];
@@ -3033,16 +3197,16 @@
     ];
     passthru.names = [ "domutils" ];
   };
-  full."domutils"."1.0" = lib.makeOverridable self.buildNodePackage {
-    name = "domutils-1.0.1";
+  full."domutils"."1.1" = lib.makeOverridable self.buildNodePackage {
+    name = "domutils-1.1.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/domutils/-/domutils-1.0.1.tgz";
-        sha1 = "58b58d774774911556c16b8b02d99c609d987869";
+        url = "http://registry.npmjs.org/domutils/-/domutils-1.1.6.tgz";
+        sha1 = "bddc3de099b9a2efacc51c623f28f416ecc57485";
       })
     ];
     buildInputs =
-      (self.nativeDeps."domutils"."1.0" or []);
+      (self.nativeDeps."domutils"."1.1" or []);
     deps = [
       self.full."domelementtype"."1"
     ];
@@ -3050,16 +3214,16 @@
     ];
     passthru.names = [ "domutils" ];
   };
-  full."domutils"."1.1" = lib.makeOverridable self.buildNodePackage {
-    name = "domutils-1.1.4";
+  full."domutils"."1.2" = lib.makeOverridable self.buildNodePackage {
+    name = "domutils-1.2.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/domutils/-/domutils-1.1.4.tgz";
-        sha1 = "14b774276187066c76f80141f7eac47a22f77248";
+        url = "http://registry.npmjs.org/domutils/-/domutils-1.2.1.tgz";
+        sha1 = "6ced9837e63d2c3a06eb46d1150f0058a13178d1";
       })
     ];
     buildInputs =
-      (self.nativeDeps."domutils"."1.1" or []);
+      (self.nativeDeps."domutils"."1.2" or []);
     deps = [
       self.full."domelementtype"."1"
     ];
@@ -3083,23 +3247,6 @@
     ];
     passthru.names = [ "dtrace-provider" ];
   };
-  full."eachr"."~2.0.2" = lib.makeOverridable self.buildNodePackage {
-    name = "eachr-2.0.2";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/eachr/-/eachr-2.0.2.tgz";
-        sha1 = "f1100c5bb1619f6ee86a0661fe604e3a9ad7559d";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."eachr"."~2.0.2" or []);
-    deps = [
-      self.full."typechecker"."~2.0.1"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "eachr" ];
-  };
   full."editor"."0.0.4" = lib.makeOverridable self.buildNodePackage {
     name = "editor-0.0.4";
     src = [
@@ -3132,6 +3279,22 @@
     ];
     passthru.names = [ "ejs" ];
   };
+  full."emitter-component"."0.0.6" = lib.makeOverridable self.buildNodePackage {
+    name = "emitter-component-0.0.6";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/emitter-component/-/emitter-component-0.0.6.tgz";
+        sha1 = "c155d82f6d0c01b5bee856d58074a4cc59795bca";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."emitter-component"."0.0.6" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "emitter-component" ];
+  };
   full."emitter-component"."1.0.0" = lib.makeOverridable self.buildNodePackage {
     name = "emitter-component-1.0.0";
     src = [
@@ -3181,22 +3344,6 @@
     ];
     passthru.names = [ "entities" ];
   };
-  full."es5-ext"."~0.9.1" = lib.makeOverridable self.buildNodePackage {
-    name = "es5-ext-0.9.2";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/es5-ext/-/es5-ext-0.9.2.tgz";
-        sha1 = "d2e309d1f223b0718648835acf5b8823a8061f8a";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."es5-ext"."~0.9.1" or []);
-    deps = [
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "es5-ext" ];
-  };
   full."es5-ext"."~0.9.2" = lib.makeOverridable self.buildNodePackage {
     name = "es5-ext-0.9.2";
     src = [
@@ -3428,18 +3575,18 @@
     passthru.names = [ "events.node" ];
   };
   full."express"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "express-3.3.8";
+    name = "express-3.4.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/express/-/express-3.3.8.tgz";
-        sha1 = "8e98ac30d81f4c95b85d71d2af6cf84f62ef19bd";
+        url = "http://registry.npmjs.org/express/-/express-3.4.1.tgz";
+        sha1 = "3b4fb8862b6a1dfce3dc760629833d0cfef9314c";
       })
     ];
     buildInputs =
       (self.nativeDeps."express"."*" or []);
     deps = [
-      self.full."connect"."2.8.8"
-      self.full."commander"."1.2.0"
+      self.full."connect"."2.9.1"
+      self.full."commander"."2.0.0"
       self.full."range-parser"."0.0.4"
       self.full."mkdirp"."0.3.5"
       self.full."cookie"."0.1.0"
@@ -3455,6 +3602,26 @@
     passthru.names = [ "express" ];
   };
   "express" = self.full."express"."*";
+  full."express"."2.5.11" = lib.makeOverridable self.buildNodePackage {
+    name = "express-2.5.11";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/express/-/express-2.5.11.tgz";
+        sha1 = "4ce8ea1f3635e69e49f0ebb497b6a4b0a51ce6f0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."express"."2.5.11" or []);
+    deps = [
+      self.full."connect"."1.x"
+      self.full."mime"."1.2.4"
+      self.full."qs"."0.4.x"
+      self.full."mkdirp"."0.3.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "express" ];
+  };
   full."express"."3.2.0" = lib.makeOverridable self.buildNodePackage {
     name = "express-3.2.0";
     src = [
@@ -3510,18 +3677,18 @@
     passthru.names = [ "express" ];
   };
   full."express"."3.x" = lib.makeOverridable self.buildNodePackage {
-    name = "express-3.3.8";
+    name = "express-3.4.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/express/-/express-3.3.8.tgz";
-        sha1 = "8e98ac30d81f4c95b85d71d2af6cf84f62ef19bd";
+        url = "http://registry.npmjs.org/express/-/express-3.4.1.tgz";
+        sha1 = "3b4fb8862b6a1dfce3dc760629833d0cfef9314c";
       })
     ];
     buildInputs =
       (self.nativeDeps."express"."3.x" or []);
     deps = [
-      self.full."connect"."2.8.8"
-      self.full."commander"."1.2.0"
+      self.full."connect"."2.9.1"
+      self.full."commander"."2.0.0"
       self.full."range-parser"."0.0.4"
       self.full."mkdirp"."0.3.5"
       self.full."cookie"."0.1.0"
@@ -3563,6 +3730,33 @@
     ];
     passthru.names = [ "express" ];
   };
+  full."express"."~3.4" = lib.makeOverridable self.buildNodePackage {
+    name = "express-3.4.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/express/-/express-3.4.1.tgz";
+        sha1 = "3b4fb8862b6a1dfce3dc760629833d0cfef9314c";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."express"."~3.4" or []);
+    deps = [
+      self.full."connect"."2.9.1"
+      self.full."commander"."2.0.0"
+      self.full."range-parser"."0.0.4"
+      self.full."mkdirp"."0.3.5"
+      self.full."cookie"."0.1.0"
+      self.full."buffer-crc32"."0.2.1"
+      self.full."fresh"."0.2.0"
+      self.full."methods"."0.0.1"
+      self.full."send"."0.1.4"
+      self.full."cookie-signature"."1.0.1"
+      self.full."debug"."*"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "express" ];
+  };
   full."express-form"."*" = lib.makeOverridable self.buildNodePackage {
     name = "express-form-0.8.1";
     src = [
@@ -3600,11 +3794,11 @@
     passthru.names = [ "express-partials" ];
   };
   full."extend"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "extend-1.2.0";
+    name = "extend-1.2.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/extend/-/extend-1.2.0.tgz";
-        sha1 = "da1a81af472a5a3e7fd607f85cdeaf69c169294d";
+        url = "http://registry.npmjs.org/extend/-/extend-1.2.1.tgz";
+        sha1 = "a0f5fd6cfc83a5fe49ef698d60ec8a624dd4576c";
       })
     ];
     buildInputs =
@@ -3616,22 +3810,22 @@
     passthru.names = [ "extend" ];
   };
   "extend" = self.full."extend"."*";
-  full."extendr"."~2.0.1" = lib.makeOverridable self.buildNodePackage {
-    name = "extendr-2.0.1";
+  full."extract-opts"."~2.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "extract-opts-2.2.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/extendr/-/extendr-2.0.1.tgz";
-        sha1 = "d8ab375fcbb833e4ba2cd228540f04e4aa07de90";
+        url = "http://registry.npmjs.org/extract-opts/-/extract-opts-2.2.0.tgz";
+        sha1 = "1fa28eba7352c6db480f885ceb71a46810be6d7d";
       })
     ];
     buildInputs =
-      (self.nativeDeps."extendr"."~2.0.1" or []);
+      (self.nativeDeps."extract-opts"."~2.2.0" or []);
     deps = [
       self.full."typechecker"."~2.0.1"
     ];
     peerDependencies = [
     ];
-    passthru.names = [ "extendr" ];
+    passthru.names = [ "extract-opts" ];
   };
   full."extsprintf"."1.0.0" = lib.makeOverridable self.buildNodePackage {
     name = "extsprintf-1.0.0";
@@ -3698,34 +3892,35 @@
     passthru.names = [ "eyes" ];
   };
   full."faye-websocket"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "faye-websocket-0.6.1";
+    name = "faye-websocket-0.7.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/faye-websocket/-/faye-websocket-0.6.1.tgz";
-        sha1 = "43a54b2ab807761d7ec335d12f48eb69ec4ab61c";
+        url = "http://registry.npmjs.org/faye-websocket/-/faye-websocket-0.7.0.tgz";
+        sha1 = "c16c50ec0d483357a8eafd1ec6fcc313d027f5be";
       })
     ];
     buildInputs =
       (self.nativeDeps."faye-websocket"."*" or []);
     deps = [
-      self.full."websocket-driver".">=0.2.0"
+      self.full."websocket-driver".">=0.3.0"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "faye-websocket" ];
   };
   "faye-websocket" = self.full."faye-websocket"."*";
-  full."faye-websocket"."0.4.4" = lib.makeOverridable self.buildNodePackage {
-    name = "faye-websocket-0.4.4";
+  full."faye-websocket"."0.7.0" = lib.makeOverridable self.buildNodePackage {
+    name = "faye-websocket-0.7.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/faye-websocket/-/faye-websocket-0.4.4.tgz";
-        sha1 = "c14c5b3bf14d7417ffbfd990c0a7495cd9f337bc";
+        url = "http://registry.npmjs.org/faye-websocket/-/faye-websocket-0.7.0.tgz";
+        sha1 = "c16c50ec0d483357a8eafd1ec6fcc313d027f5be";
       })
     ];
     buildInputs =
-      (self.nativeDeps."faye-websocket"."0.4.4" or []);
+      (self.nativeDeps."faye-websocket"."0.7.0" or []);
     deps = [
+      self.full."websocket-driver".">=0.3.0"
     ];
     peerDependencies = [
     ];
@@ -3828,6 +4023,23 @@
     ];
     passthru.names = [ "flatiron" ];
   };
+  full."follow-redirects"."0.0.3" = lib.makeOverridable self.buildNodePackage {
+    name = "follow-redirects-0.0.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/follow-redirects/-/follow-redirects-0.0.3.tgz";
+        sha1 = "6ce67a24db1fe13f226c1171a72a7ef2b17b8f65";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."follow-redirects"."0.0.3" or []);
+    deps = [
+      self.full."underscore"."*"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "follow-redirects" ];
+  };
   full."forEachAsync"."~2.2" = lib.makeOverridable self.buildNodePackage {
     name = "forEachAsync-2.2.0";
     src = [
@@ -3846,11 +4058,11 @@
     passthru.names = [ "forEachAsync" ];
   };
   full."forever"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "forever-0.10.8";
+    name = "forever-0.10.9";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/forever/-/forever-0.10.8.tgz";
-        sha1 = "a78137a46fb8ca4adbf2f497d98816a526bb1f82";
+        url = "http://registry.npmjs.org/forever/-/forever-0.10.9.tgz";
+        sha1 = "e4849f459ec27d5a6524fd466e67dfd6222bd9bb";
       })
     ];
     buildInputs =
@@ -3859,7 +4071,7 @@
       self.full."colors"."0.6.0-1"
       self.full."cliff"."0.1.8"
       self.full."flatiron"."0.3.5"
-      self.full."forever-monitor"."1.2.2"
+      self.full."forever-monitor"."1.2.3"
       self.full."nconf"."0.6.7"
       self.full."nssocket"."~0.5.1"
       self.full."optimist"."0.4.0"
@@ -3907,18 +4119,18 @@
     passthru.names = [ "forever-agent" ];
   };
   full."forever-monitor"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "forever-monitor-1.2.2";
+    name = "forever-monitor-1.2.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/forever-monitor/-/forever-monitor-1.2.2.tgz";
-        sha1 = "c1ad6c6ab837a89fa2d47bb439727ca968235684";
+        url = "http://registry.npmjs.org/forever-monitor/-/forever-monitor-1.2.3.tgz";
+        sha1 = "b27ac3acb6fdcc7315d6cd85830f2d004733028b";
       })
     ];
     buildInputs =
       (self.nativeDeps."forever-monitor"."*" or []);
     deps = [
       self.full."broadway"."0.2.x"
-      self.full."minimatch"."0.0.x"
+      self.full."minimatch"."0.2.x"
       self.full."pkginfo"."0.x.x"
       self.full."ps-tree"."0.0.x"
       self.full."watch"."0.5.x"
@@ -3951,19 +4163,19 @@
     ];
     passthru.names = [ "forever-monitor" ];
   };
-  full."forever-monitor"."1.2.2" = lib.makeOverridable self.buildNodePackage {
-    name = "forever-monitor-1.2.2";
+  full."forever-monitor"."1.2.3" = lib.makeOverridable self.buildNodePackage {
+    name = "forever-monitor-1.2.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/forever-monitor/-/forever-monitor-1.2.2.tgz";
-        sha1 = "c1ad6c6ab837a89fa2d47bb439727ca968235684";
+        url = "http://registry.npmjs.org/forever-monitor/-/forever-monitor-1.2.3.tgz";
+        sha1 = "b27ac3acb6fdcc7315d6cd85830f2d004733028b";
       })
     ];
     buildInputs =
-      (self.nativeDeps."forever-monitor"."1.2.2" or []);
+      (self.nativeDeps."forever-monitor"."1.2.3" or []);
     deps = [
       self.full."broadway"."0.2.x"
-      self.full."minimatch"."0.0.x"
+      self.full."minimatch"."0.2.x"
       self.full."pkginfo"."0.x.x"
       self.full."ps-tree"."0.0.x"
       self.full."watch"."0.5.x"
@@ -4012,11 +4224,11 @@
     passthru.names = [ "form-data" ];
   };
   full."form-data"."~0.1.0" = lib.makeOverridable self.buildNodePackage {
-    name = "form-data-0.1.1";
+    name = "form-data-0.1.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/form-data/-/form-data-0.1.1.tgz";
-        sha1 = "0d5f2805647b45533ba10bc8a59cf17d1efa5f12";
+        url = "http://registry.npmjs.org/form-data/-/form-data-0.1.2.tgz";
+        sha1 = "1143c21357911a78dd7913b189b4bab5d5d57445";
       })
     ];
     buildInputs =
@@ -4094,6 +4306,22 @@
     ];
     passthru.names = [ "formidable" ];
   };
+  full."formidable"."1.0.x" = lib.makeOverridable self.buildNodePackage {
+    name = "formidable-1.0.14";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/formidable/-/formidable-1.0.14.tgz";
+        sha1 = "2b3f4c411cbb5fdd695c44843e2a23514a43231a";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."formidable"."1.0.x" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "formidable" ];
+  };
   full."fresh"."0.1.0" = lib.makeOverridable self.buildNodePackage {
     name = "fresh-0.1.0";
     src = [
@@ -4303,11 +4531,11 @@
     passthru.names = [ "fstream-ignore" ];
   };
   full."fstream-npm"."~0.1.3" = lib.makeOverridable self.buildNodePackage {
-    name = "fstream-npm-0.1.5";
+    name = "fstream-npm-0.1.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/fstream-npm/-/fstream-npm-0.1.5.tgz";
-        sha1 = "8f9fdd38c0940f91f7b6ebda4b6611be88f97ec9";
+        url = "http://registry.npmjs.org/fstream-npm/-/fstream-npm-0.1.6.tgz";
+        sha1 = "1369323075d9bd85cfcc9409f33f0d6fe5be104d";
       })
     ];
     buildInputs =
@@ -4321,11 +4549,11 @@
     passthru.names = [ "fstream-npm" ];
   };
   full."generator-angular"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "generator-angular-0.4.0";
+    name = "generator-angular-0.5.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/generator-angular/-/generator-angular-0.4.0.tgz";
-        sha1 = "4fbaaa87b829f3f2fc72fac3da1fa47ff801ca1d";
+        url = "http://registry.npmjs.org/generator-angular/-/generator-angular-0.5.0.tgz";
+        sha1 = "f637a6c42984fd949678358be369e413a2e7c6e2";
       })
     ];
     buildInputs =
@@ -4376,11 +4604,11 @@
     passthru.names = [ "generator-mocha" ];
   };
   full."generator-webapp"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "generator-webapp-0.4.1";
+    name = "generator-webapp-0.4.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/generator-webapp/-/generator-webapp-0.4.1.tgz";
-        sha1 = "b2d3f1b3ea83fbbc0043c81fdf82a3fe725b6001";
+        url = "http://registry.npmjs.org/generator-webapp/-/generator-webapp-0.4.3.tgz";
+        sha1 = "c0ad11753e0f4403d1d7fad1b298e52bfa5e231b";
       })
     ];
     buildInputs =
@@ -4396,6 +4624,25 @@
     passthru.names = [ "generator-webapp" ];
   };
   "generator-webapp" = self.full."generator-webapp"."*";
+  full."getmac"."~1.0.5" = lib.makeOverridable self.buildNodePackage {
+    name = "getmac-1.0.5";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/getmac/-/getmac-1.0.5.tgz";
+        sha1 = "4ce0468a83e5fc2f2d337fc0c3c9be2c94a6344f";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."getmac"."~1.0.5" or []);
+    deps = [
+      self.full."extract-opts"."~2.2.0"
+      self.full."joe".">=1.0.0-0 >=1.3.0-0 <1.4.0-0"
+      self.full."joe-reporter-console"."~1.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "getmac" ];
+  };
   full."github-url-from-git"."1.1.1" = lib.makeOverridable self.buildNodePackage {
     name = "github-url-from-git-1.1.1";
     src = [
@@ -4446,20 +4693,20 @@
     ];
     passthru.names = [ "glob" ];
   };
-  full."glob"."3.2.1" = lib.makeOverridable self.buildNodePackage {
-    name = "glob-3.2.1";
+  full."glob"."3.2.3" = lib.makeOverridable self.buildNodePackage {
+    name = "glob-3.2.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/glob/-/glob-3.2.1.tgz";
-        sha1 = "57af70ec73ba2323bfe3f29a067765db64c5d758";
+        url = "http://registry.npmjs.org/glob/-/glob-3.2.3.tgz";
+        sha1 = "e313eeb249c7affaa5c475286b0e115b59839467";
       })
     ];
     buildInputs =
-      (self.nativeDeps."glob"."3.2.1" or []);
+      (self.nativeDeps."glob"."3.2.3" or []);
     deps = [
       self.full."minimatch"."~0.2.11"
-      self.full."graceful-fs"."~1.2.0"
-      self.full."inherits"."1"
+      self.full."graceful-fs"."~2.0.0"
+      self.full."inherits"."2"
     ];
     peerDependencies = [
     ];
@@ -4591,11 +4838,11 @@
     passthru.names = [ "graceful-fs" ];
   };
   full."graceful-fs"."2" = lib.makeOverridable self.buildNodePackage {
-    name = "graceful-fs-2.0.0";
+    name = "graceful-fs-2.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.0.tgz";
-        sha1 = "c9a206f6f5f4b94e1046dfaaccfe9e12d0ab8cef";
+        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.1.tgz";
+        sha1 = "7fd6e0a4837c35d0cc15330294d9584a3898cf84";
       })
     ];
     buildInputs =
@@ -4687,11 +4934,11 @@
     passthru.names = [ "graceful-fs" ];
   };
   full."graceful-fs"."~2" = lib.makeOverridable self.buildNodePackage {
-    name = "graceful-fs-2.0.0";
+    name = "graceful-fs-2.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.0.tgz";
-        sha1 = "c9a206f6f5f4b94e1046dfaaccfe9e12d0ab8cef";
+        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.1.tgz";
+        sha1 = "7fd6e0a4837c35d0cc15330294d9584a3898cf84";
       })
     ];
     buildInputs =
@@ -4703,11 +4950,11 @@
     passthru.names = [ "graceful-fs" ];
   };
   full."graceful-fs"."~2.0.0" = lib.makeOverridable self.buildNodePackage {
-    name = "graceful-fs-2.0.0";
+    name = "graceful-fs-2.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.0.tgz";
-        sha1 = "c9a206f6f5f4b94e1046dfaaccfe9e12d0ab8cef";
+        url = "http://registry.npmjs.org/graceful-fs/-/graceful-fs-2.0.1.tgz";
+        sha1 = "7fd6e0a4837c35d0cc15330294d9584a3898cf84";
       })
     ];
     buildInputs =
@@ -4783,6 +5030,38 @@
     ];
     passthru.names = [ "grunt" ];
   };
+  full."grunt"."~0.4" = lib.makeOverridable self.buildNodePackage {
+    name = "grunt-0.4.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/grunt/-/grunt-0.4.1.tgz";
+        sha1 = "d5892e5680add9ed1befde9aa635cf46b8f49729";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."grunt"."~0.4" or []);
+    deps = [
+      self.full."async"."~0.1.22"
+      self.full."coffee-script"."~1.3.3"
+      self.full."colors"."~0.6.0-1"
+      self.full."dateformat"."1.0.2-1.2.3"
+      self.full."eventemitter2"."~0.4.9"
+      self.full."findup-sync"."~0.1.0"
+      self.full."glob"."~3.1.21"
+      self.full."hooker"."~0.2.3"
+      self.full."iconv-lite"."~0.2.5"
+      self.full."minimatch"."~0.2.6"
+      self.full."nopt"."~1.0.10"
+      self.full."rimraf"."~2.0.2"
+      self.full."lodash"."~0.9.0"
+      self.full."underscore.string"."~2.2.0rc"
+      self.full."which"."~1.0.5"
+      self.full."js-yaml"."~2.0.2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "grunt" ];
+  };
   full."grunt"."~0.4.0" = lib.makeOverridable self.buildNodePackage {
     name = "grunt-0.4.1";
     src = [
@@ -4855,17 +5134,17 @@
     passthru.names = [ "grunt-cli" ];
   };
   full."grunt-contrib-cssmin"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "grunt-contrib-cssmin-0.6.1";
+    name = "grunt-contrib-cssmin-0.6.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/grunt-contrib-cssmin/-/grunt-contrib-cssmin-0.6.1.tgz";
-        sha1 = "534e632bfe19521b21c364677157b8b11e173efc";
+        url = "http://registry.npmjs.org/grunt-contrib-cssmin/-/grunt-contrib-cssmin-0.6.2.tgz";
+        sha1 = "2804dc0e81f98e8a54d61eee84a1d3fe1a3af8e2";
       })
     ];
     buildInputs =
       (self.nativeDeps."grunt-contrib-cssmin"."*" or []);
     deps = [
-      self.full."clean-css"."~1.0.4"
+      self.full."clean-css"."~1.1.1"
       self.full."grunt-lib-contrib"."~0.6.0"
     ];
     peerDependencies = [
@@ -5006,6 +5285,25 @@
     ];
     passthru.names = [ "grunt-lib-contrib" ];
   };
+  full."grunt-sed"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "grunt-sed-0.1.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/grunt-sed/-/grunt-sed-0.1.1.tgz";
+        sha1 = "2613d486909319b3f8f4bd75dafb46a642ec3f82";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."grunt-sed"."*" or []);
+    deps = [
+      self.full."replace"."~0.2.4"
+    ];
+    peerDependencies = [
+      self.full."grunt"."~0.4"
+    ];
+    passthru.names = [ "grunt-sed" ];
+  };
+  "grunt-sed" = self.full."grunt-sed"."*";
   full."guifi-earth"."https://github.com/jmendeth/guifi-earth/tarball/f3ee96835fd4fb0e3e12fadbd2cb782770d64854 " = lib.makeOverridable self.buildNodePackage {
     name = "guifi-earth-0.2.1";
     src = [
@@ -5098,6 +5396,23 @@
     ];
     passthru.names = [ "has-color" ];
   };
+  full."hasher"."~1.1.4" = lib.makeOverridable self.buildNodePackage {
+    name = "hasher-1.1.4";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/hasher/-/hasher-1.1.4.tgz";
+        sha1 = "cb0a6c480bfa402adfbd4208452c64c684da9490";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."hasher"."~1.1.4" or []);
+    deps = [
+      self.full."signals".">0.7 <2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "hasher" ];
+  };
   full."hat"."*" = lib.makeOverridable self.buildNodePackage {
     name = "hat-0.0.3";
     src = [
@@ -5477,11 +5792,11 @@
     passthru.names = [ "i" ];
   };
   full."i18next"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "i18next-1.6.8";
+    name = "i18next-1.7.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/i18next/-/i18next-1.6.8.tgz";
-        sha1 = "9c5806d50d374d09ad76e13da4c6d7357e8c555b";
+        url = "http://registry.npmjs.org/i18next/-/i18next-1.7.1.tgz";
+        sha1 = "39616a1fe88258edbdd0da918b9ee49a1bd1e124";
       })
     ];
     buildInputs =
@@ -5731,11 +6046,11 @@
     passthru.names = [ "inquirer" ];
   };
   full."inquirer"."~0.3.0" = lib.makeOverridable self.buildNodePackage {
-    name = "inquirer-0.3.2";
+    name = "inquirer-0.3.4";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/inquirer/-/inquirer-0.3.2.tgz";
-        sha1 = "a061f2ad3488bd2b38e5ac237c059a79f160bdd4";
+        url = "http://registry.npmjs.org/inquirer/-/inquirer-0.3.4.tgz";
+        sha1 = "af4673b3e1cb746b74d5dafe14ef55c3c1bf7222";
       })
     ];
     buildInputs =
@@ -5751,11 +6066,11 @@
     passthru.names = [ "inquirer" ];
   };
   full."inquirer"."~0.3.1" = lib.makeOverridable self.buildNodePackage {
-    name = "inquirer-0.3.2";
+    name = "inquirer-0.3.4";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/inquirer/-/inquirer-0.3.2.tgz";
-        sha1 = "a061f2ad3488bd2b38e5ac237c059a79f160bdd4";
+        url = "http://registry.npmjs.org/inquirer/-/inquirer-0.3.4.tgz";
+        sha1 = "af4673b3e1cb746b74d5dafe14ef55c3c1bf7222";
       })
     ];
     buildInputs =
@@ -5809,16 +6124,17 @@
     passthru.names = [ "intersect" ];
   };
   full."ironhorse"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "ironhorse-0.0.7";
+    name = "ironhorse-0.0.9";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/ironhorse/-/ironhorse-0.0.7.tgz";
-        sha1 = "5217f2cced8caffe15df95033492f8582e44e5ef";
+        url = "http://registry.npmjs.org/ironhorse/-/ironhorse-0.0.9.tgz";
+        sha1 = "9cfaf75e464a0bf394d511a05c0a8b8de080a1d9";
       })
     ];
     buildInputs =
       (self.nativeDeps."ironhorse"."*" or []);
     deps = [
+      self.full."underscore"."~1.5.2"
       self.full."winston"."*"
       self.full."nconf"."*"
       self.full."fs-walk"."*"
@@ -5827,7 +6143,7 @@
       self.full."jade"."*"
       self.full."passport"."*"
       self.full."passport-http"."*"
-      self.full."libyaml"."*"
+      self.full."js-yaml"."*"
       self.full."mongoose"."*"
       self.full."gridfs-stream"."*"
       self.full."temp"."*"
@@ -5872,12 +6188,40 @@
     ];
     passthru.names = [ "isbinaryfile" ];
   };
+  full."istanbul"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "istanbul-0.1.44";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/istanbul/-/istanbul-0.1.44.tgz";
+        sha1 = "7ea1d55e34234e7b7d8f2f61cceb29b59439d983";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."istanbul"."*" or []);
+    deps = [
+      self.full."esprima"."1.0.x"
+      self.full."escodegen"."0.0.23"
+      self.full."handlebars"."1.0.x"
+      self.full."mkdirp"."0.3.x"
+      self.full."nopt"."2.1.x"
+      self.full."fileset"."0.1.x"
+      self.full."which"."1.0.x"
+      self.full."async"."0.2.x"
+      self.full."abbrev"."1.0.x"
+      self.full."wordwrap"."0.0.x"
+      self.full."resolve"."0.5.x"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "istanbul" ];
+  };
+  "istanbul" = self.full."istanbul"."*";
   full."istanbul"."~0.1.41" = lib.makeOverridable self.buildNodePackage {
-    name = "istanbul-0.1.43";
+    name = "istanbul-0.1.44";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/istanbul/-/istanbul-0.1.43.tgz";
-        sha1 = "8dfd86802b345209f366d29093330ace17f1539d";
+        url = "http://registry.npmjs.org/istanbul/-/istanbul-0.1.44.tgz";
+        sha1 = "7ea1d55e34234e7b7d8f2f61cceb29b59439d983";
       })
     ];
     buildInputs =
@@ -5893,7 +6237,7 @@
       self.full."async"."0.2.x"
       self.full."abbrev"."1.0.x"
       self.full."wordwrap"."0.0.x"
-      self.full."resolve"."0.4.x"
+      self.full."resolve"."0.5.x"
     ];
     peerDependencies = [
     ];
@@ -5941,6 +6285,24 @@
     ];
     passthru.names = [ "jade" ];
   };
+  full."jade"."0.27.0" = lib.makeOverridable self.buildNodePackage {
+    name = "jade-0.27.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/jade/-/jade-0.27.0.tgz";
+        sha1 = "dc5ebed10d04a5e0eaf49ef0009bec473d1a6b31";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."jade"."0.27.0" or []);
+    deps = [
+      self.full."commander"."0.6.1"
+      self.full."mkdirp"."0.3.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "jade" ];
+  };
   full."jade".">= 0.0.1" = lib.makeOverridable self.buildNodePackage {
     name = "jade-0.35.0";
     src = [
@@ -5982,6 +6344,94 @@
     passthru.names = [ "jayschema" ];
   };
   "jayschema" = self.full."jayschema"."*";
+  full."joe"."1.x" = lib.makeOverridable self.buildNodePackage {
+    name = "joe-1.3.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/joe/-/joe-1.3.0.tgz";
+        sha1 = "dbde3133917f5f1683b67ba9dd5ca4d561306efa";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."joe"."1.x" or []);
+    deps = [
+      self.full."taskgroup"."~3.2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "joe" ];
+  };
+  full."joe".">=1.0.0-0 >=1.3.0-0 <1.4.0-0" = lib.makeOverridable self.buildNodePackage {
+    name = "joe-1.3.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/joe/-/joe-1.3.0.tgz";
+        sha1 = "dbde3133917f5f1683b67ba9dd5ca4d561306efa";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."joe".">=1.0.0-0 >=1.3.0-0 <1.4.0-0" or []);
+    deps = [
+      self.full."taskgroup"."~3.2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "joe" ];
+  };
+  full."joe"."~1.3.0" = lib.makeOverridable self.buildNodePackage {
+    name = "joe-1.3.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/joe/-/joe-1.3.0.tgz";
+        sha1 = "dbde3133917f5f1683b67ba9dd5ca4d561306efa";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."joe"."~1.3.0" or []);
+    deps = [
+      self.full."taskgroup"."~3.2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "joe" ];
+  };
+  full."joe-reporter-console"."~1.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "joe-reporter-console-1.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/joe-reporter-console/-/joe-reporter-console-1.2.1.tgz";
+        sha1 = "6887fa067121b0e67b571672aa63b358055eddc1";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."joe-reporter-console"."~1.2.1" or []);
+    deps = [
+      self.full."cli-color"."~0.2.2"
+    ];
+    peerDependencies = [
+      self.full."joe"."1.x"
+    ];
+    passthru.names = [ "joe-reporter-console" ];
+  };
+  full."js-yaml"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "js-yaml-2.1.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/js-yaml/-/js-yaml-2.1.3.tgz";
+        sha1 = "0ffb5617be55525878063d7a16aee7fdd282e84c";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."js-yaml"."*" or []);
+    deps = [
+      self.full."argparse"."~ 0.1.11"
+      self.full."esprima"."~ 1.0.2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "js-yaml" ];
+  };
+  "js-yaml" = self.full."js-yaml"."*";
   full."js-yaml"."0.3.x" = lib.makeOverridable self.buildNodePackage {
     name = "js-yaml-0.3.7";
     src = [
@@ -6035,11 +6485,11 @@
     passthru.names = [ "js-yaml" ];
   };
   full."js-yaml"."~2.1.0" = lib.makeOverridable self.buildNodePackage {
-    name = "js-yaml-2.1.0";
+    name = "js-yaml-2.1.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/js-yaml/-/js-yaml-2.1.0.tgz";
-        sha1 = "a55a6e4706b01d06326259a6f4bfc42e6ae38b1f";
+        url = "http://registry.npmjs.org/js-yaml/-/js-yaml-2.1.3.tgz";
+        sha1 = "0ffb5617be55525878063d7a16aee7fdd282e84c";
       })
     ];
     buildInputs =
@@ -6053,11 +6503,11 @@
     passthru.names = [ "js-yaml" ];
   };
   full."jshint"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "jshint-2.1.10";
+    name = "jshint-2.2.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/jshint/-/jshint-2.1.10.tgz";
-        sha1 = "0c015ec5bc5ad65c11c4b5152f221f24b7af5522";
+        url = "http://registry.npmjs.org/jshint/-/jshint-2.2.0.tgz";
+        sha1 = "9cd120e17c6635a5bfd6339531b088ed33eb5af2";
       })
     ];
     buildInputs =
@@ -6075,11 +6525,11 @@
   };
   "jshint" = self.full."jshint"."*";
   full."jshint"."~2.1.10" = lib.makeOverridable self.buildNodePackage {
-    name = "jshint-2.1.10";
+    name = "jshint-2.1.11";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/jshint/-/jshint-2.1.10.tgz";
-        sha1 = "0c015ec5bc5ad65c11c4b5152f221f24b7af5522";
+        url = "http://registry.npmjs.org/jshint/-/jshint-2.1.11.tgz";
+        sha1 = "eb5108fef9ba5ddebb830983f572d242e49e3f96";
       })
     ];
     buildInputs =
@@ -6576,17 +7026,17 @@
   full."karma-requirejs"."*" = self.full."karma"."~0.10.0";
   "karma-requirejs" = self.full."karma-requirejs"."*";
   full."karma-sauce-launcher"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "karma-sauce-launcher-0.1.0";
+    name = "karma-sauce-launcher-0.1.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/karma-sauce-launcher/-/karma-sauce-launcher-0.1.0.tgz";
-        sha1 = "46be4b9888fda09e6512516cd5dc6ab8b114d392";
+        url = "http://registry.npmjs.org/karma-sauce-launcher/-/karma-sauce-launcher-0.1.1.tgz";
+        sha1 = "34b82b8cb285c239b0fede1a8363488cc02f429b";
       })
     ];
     buildInputs =
       (self.nativeDeps."karma-sauce-launcher"."*" or []);
     deps = [
-      self.full."wd"."~0.0.32"
+      self.full."wd"."~0.1.5"
       self.full."sauce-connect-launcher"."~0.1.10"
       self.full."q"."~0.9.6"
     ];
@@ -6597,6 +7047,24 @@
   };
   "karma-sauce-launcher" = self.full."karma-sauce-launcher"."*";
   full."karma-script-launcher"."*" = self.full."karma"."~0.10.0";
+  full."keen.io"."0.0.3" = lib.makeOverridable self.buildNodePackage {
+    name = "keen.io-0.0.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/keen.io/-/keen.io-0.0.3.tgz";
+        sha1 = "2d6ae2baa6d24b618f378b2a44413e1283fbcb63";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."keen.io"."0.0.3" or []);
+    deps = [
+      self.full."superagent"."~0.13.0"
+      self.full."underscore"."~1.4.4"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "keen.io" ];
+  };
   full."keep-alive-agent"."0.0.1" = lib.makeOverridable self.buildNodePackage {
     name = "keep-alive-agent-0.0.1";
     src = [
@@ -6645,22 +7113,6 @@
     ];
     passthru.names = [ "kew" ];
   };
-  full."keypress"."0.1.x" = lib.makeOverridable self.buildNodePackage {
-    name = "keypress-0.1.0";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/keypress/-/keypress-0.1.0.tgz";
-        sha1 = "4a3188d4291b66b4f65edb99f806aa9ae293592a";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."keypress"."0.1.x" or []);
-    deps = [
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "keypress" ];
-  };
   full."knox"."*" = lib.makeOverridable self.buildNodePackage {
     name = "knox-0.8.6";
     src = [
@@ -6738,11 +7190,11 @@
     passthru.names = [ "lcov-parse" ];
   };
   full."lcov-result-merger"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "lcov-result-merger-0.0.1";
+    name = "lcov-result-merger-0.0.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/lcov-result-merger/-/lcov-result-merger-0.0.1.tgz";
-        sha1 = "8b0e68a7f9136de084f62d92ecafcfa41ce9e4d9";
+        url = "http://registry.npmjs.org/lcov-result-merger/-/lcov-result-merger-0.0.2.tgz";
+        sha1 = "72a538c09f76e5c79b511bcd1053948d4aa98f10";
       })
     ];
     buildInputs =
@@ -6775,6 +7227,23 @@
     ];
     passthru.names = [ "less" ];
   };
+  full."libxmljs"."~0.8.1" = lib.makeOverridable self.buildNodePackage {
+    name = "libxmljs-0.8.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/libxmljs/-/libxmljs-0.8.1.tgz";
+        sha1 = "b8b1d3962a92dbc5be9dc798bac028e09db8d630";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."libxmljs"."~0.8.1" or []);
+    deps = [
+      self.full."bindings"."1.0.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "libxmljs" ];
+  };
   full."libyaml"."*" = lib.makeOverridable self.buildNodePackage {
     name = "libyaml-0.2.2";
     src = [
@@ -6936,6 +7405,473 @@
     ];
     passthru.names = [ "lodash" ];
   };
+  full."lodash._arraypool"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._arraypool-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._arraypool/-/lodash._arraypool-2.2.1.tgz";
+        sha1 = "09c741461dde7a7bc467d826ee50c8b1216427f4";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._arraypool"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._arraypool" ];
+  };
+  full."lodash._basecreatecallback"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._basecreatecallback-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._basecreatecallback/-/lodash._basecreatecallback-2.2.1.tgz";
+        sha1 = "486940419a6f195996cb0f7644af71341c608ce4";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._basecreatecallback"."~2.2.1" or []);
+    deps = [
+      self.full."lodash.bind"."~2.2.1"
+      self.full."lodash.identity"."~2.2.1"
+      self.full."lodash._setbinddata"."~2.2.1"
+      self.full."lodash.support"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._basecreatecallback" ];
+  };
+  full."lodash._baseisequal"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._baseisequal-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._baseisequal/-/lodash._baseisequal-2.2.1.tgz";
+        sha1 = "8bd0156ad5c47d927b58d54456329922b24ce0e7";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._baseisequal"."~2.2.1" or []);
+    deps = [
+      self.full."lodash.forin"."~2.2.1"
+      self.full."lodash._getarray"."~2.2.1"
+      self.full."lodash.isfunction"."~2.2.1"
+      self.full."lodash._objecttypes"."~2.2.1"
+      self.full."lodash._releasearray"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._baseisequal" ];
+  };
+  full."lodash._createbound"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._createbound-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._createbound/-/lodash._createbound-2.2.1.tgz";
+        sha1 = "27218a40dc73eaf7a1bc90c3f86b0bf79c272ccc";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._createbound"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._createobject"."~2.2.1"
+      self.full."lodash.isfunction"."~2.2.1"
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+      self.full."lodash._setbinddata"."~2.2.1"
+      self.full."lodash.support"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._createbound" ];
+  };
+  full."lodash._createobject"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._createobject-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._createobject/-/lodash._createobject-2.2.1.tgz";
+        sha1 = "8c38ad5d83de703537c863330b97059417fbfee9";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._createobject"."~2.2.1" or []);
+    deps = [
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash._noop"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._createobject" ];
+  };
+  full."lodash._getarray"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._getarray-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._getarray/-/lodash._getarray-2.2.1.tgz";
+        sha1 = "aa5caa269f1649a186811d5be4a78e56e70e9699";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._getarray"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._arraypool"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._getarray" ];
+  };
+  full."lodash._maxpoolsize"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._maxpoolsize-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._maxpoolsize/-/lodash._maxpoolsize-2.2.1.tgz";
+        sha1 = "1e8b6d433271db7c12ec953d49604ea098542fa7";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._maxpoolsize"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._maxpoolsize" ];
+  };
+  full."lodash._noop"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._noop-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._noop/-/lodash._noop-2.2.1.tgz";
+        sha1 = "f790734f9f683c9fda8da9f4d8a8000a2201c6e9";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._noop"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._noop" ];
+  };
+  full."lodash._objecttypes"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._objecttypes-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._objecttypes/-/lodash._objecttypes-2.2.1.tgz";
+        sha1 = "c72d42a5dec0b55664f82162ed74c5f3f94942ba";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._objecttypes"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._objecttypes" ];
+  };
+  full."lodash._releasearray"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._releasearray-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._releasearray/-/lodash._releasearray-2.2.1.tgz";
+        sha1 = "81626c89e26ce2fbc90a11ce8f6ef26ea15c4b28";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._releasearray"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._arraypool"."~2.2.1"
+      self.full."lodash._maxpoolsize"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._releasearray" ];
+  };
+  full."lodash._renative"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._renative-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._renative/-/lodash._renative-2.2.1.tgz";
+        sha1 = "ab77d711371ebae8ffdcf5c83b576d558d6bb522";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._renative"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._renative" ];
+  };
+  full."lodash._setbinddata"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._setbinddata-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._setbinddata/-/lodash._setbinddata-2.2.1.tgz";
+        sha1 = "df1d5228229c71e28185aae4f828f3b5e78f0904";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._setbinddata"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._noop"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._setbinddata" ];
+  };
+  full."lodash._shimkeys"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash._shimkeys-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash._shimkeys/-/lodash._shimkeys-2.2.1.tgz";
+        sha1 = "ed4e4b5d61214b2685400b185a59fabf59343455";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash._shimkeys"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._objecttypes"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash._shimkeys" ];
+  };
+  full."lodash.bind"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.bind-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.bind/-/lodash.bind-2.2.1.tgz";
+        sha1 = "4c24fe00b4c6fa277e4058d353edcf399b3755c2";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.bind"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._createbound"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.bind" ];
+  };
+  full."lodash.createcallback"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.createcallback-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.createcallback/-/lodash.createcallback-2.2.1.tgz";
+        sha1 = "bb5291c473202a391c1a495a0806bf4b1d1842d2";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.createcallback"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._basecreatecallback"."~2.2.1"
+      self.full."lodash._baseisequal"."~2.2.1"
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash.keys"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.createcallback" ];
+  };
+  full."lodash.debounce"."~2.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.debounce-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.debounce/-/lodash.debounce-2.2.1.tgz";
+        sha1 = "46e0ded9b392afa45a8fb54efac564a17fe78be0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.debounce"."~2.2.0" or []);
+    deps = [
+      self.full."lodash.isfunction"."~2.2.1"
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.debounce" ];
+  };
+  full."lodash.debounce"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.debounce-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.debounce/-/lodash.debounce-2.2.1.tgz";
+        sha1 = "46e0ded9b392afa45a8fb54efac564a17fe78be0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.debounce"."~2.2.1" or []);
+    deps = [
+      self.full."lodash.isfunction"."~2.2.1"
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.debounce" ];
+  };
+  full."lodash.find"."~2.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.find-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.find/-/lodash.find-2.2.1.tgz";
+        sha1 = "768cc2149a589d2fd7b7203c6abe34bcb724d01a";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.find"."~2.2.0" or []);
+    deps = [
+      self.full."lodash.createcallback"."~2.2.1"
+      self.full."lodash.forown"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.find" ];
+  };
+  full."lodash.forin"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.forin-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.forin/-/lodash.forin-2.2.1.tgz";
+        sha1 = "d96a47f547002f322dcdc533b0f9e914cba7d050";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.forin"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._basecreatecallback"."~2.2.1"
+      self.full."lodash._objecttypes"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.forin" ];
+  };
+  full."lodash.forown"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.forown-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.forown/-/lodash.forown-2.2.1.tgz";
+        sha1 = "77ee0877c135b603dafe8f2d9ceff215b16458ea";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.forown"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._basecreatecallback"."~2.2.1"
+      self.full."lodash.keys"."~2.2.1"
+      self.full."lodash._objecttypes"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.forown" ];
+  };
+  full."lodash.identity"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.identity-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.identity/-/lodash.identity-2.2.1.tgz";
+        sha1 = "63518772143d450a772511f6671e23038c67bcae";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.identity"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.identity" ];
+  };
+  full."lodash.isfunction"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.isfunction-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.isfunction/-/lodash.isfunction-2.2.1.tgz";
+        sha1 = "fcfa79b7b2c072b320468ecdc0244bbbac5e49c0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.isfunction"."~2.2.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.isfunction" ];
+  };
+  full."lodash.isobject"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.isobject-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.isobject/-/lodash.isobject-2.2.1.tgz";
+        sha1 = "cbce101e3e3b718cb51b1113e4597d6e8e038831";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.isobject"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._objecttypes"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.isobject" ];
+  };
+  full."lodash.keys"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.keys-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.keys/-/lodash.keys-2.2.1.tgz";
+        sha1 = "f372597e6f411d7537e32ba0efc85b5f874d5cca";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.keys"."~2.2.1" or []);
+    deps = [
+      self.full."lodash.isobject"."~2.2.1"
+      self.full."lodash._renative"."~2.2.1"
+      self.full."lodash._shimkeys"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.keys" ];
+  };
+  full."lodash.support"."~2.2.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.support-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.support/-/lodash.support-2.2.1.tgz";
+        sha1 = "5b6c267c6fc5302011f0c14e4529c7fbc08e94ce";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.support"."~2.2.1" or []);
+    deps = [
+      self.full."lodash._renative"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.support" ];
+  };
+  full."lodash.throttle"."~2.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "lodash.throttle-2.2.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lodash.throttle/-/lodash.throttle-2.2.1.tgz";
+        sha1 = "ae49bd6173b0cfb4e09d9645fdac507db77211f0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lodash.throttle"."~2.2.0" or []);
+    deps = [
+      self.full."lodash.debounce"."~2.2.1"
+      self.full."lodash.isfunction"."~2.2.1"
+      self.full."lodash.isobject"."~2.2.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lodash.throttle" ];
+  };
   full."log-driver"."1.2.1" = lib.makeOverridable self.buildNodePackage {
     name = "log-driver-1.2.1";
     src = [
@@ -6953,18 +7889,17 @@
     passthru.names = [ "log-driver" ];
   };
   full."log4js"."~0.6.3" = lib.makeOverridable self.buildNodePackage {
-    name = "log4js-0.6.8";
+    name = "log4js-0.6.9";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/log4js/-/log4js-0.6.8.tgz";
-        sha1 = "86baebdcaf8ef989295d65a07773f7e32093d0b6";
+        url = "http://registry.npmjs.org/log4js/-/log4js-0.6.9.tgz";
+        sha1 = "2e327189c1c0dec17448ec5255f58cd0fddf4596";
       })
     ];
     buildInputs =
       (self.nativeDeps."log4js"."~0.6.3" or []);
     deps = [
       self.full."async"."0.1.15"
-      self.full."dequeue"."1.0.3"
       self.full."semver"."~1.1.4"
       self.full."readable-stream"."~1.0.2"
     ];
@@ -7068,12 +8003,28 @@
     ];
     passthru.names = [ "lru-cache" ];
   };
+  full."lru-cache"."~2.3.1" = lib.makeOverridable self.buildNodePackage {
+    name = "lru-cache-2.3.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/lru-cache/-/lru-cache-2.3.1.tgz";
+        sha1 = "b3adf6b3d856e954e2c390e6cef22081245a53d6";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."lru-cache"."~2.3.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "lru-cache" ];
+  };
   full."mailcomposer".">= 0.1.27" = lib.makeOverridable self.buildNodePackage {
-    name = "mailcomposer-0.2.1";
+    name = "mailcomposer-0.2.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mailcomposer/-/mailcomposer-0.2.1.tgz";
-        sha1 = "89e1326147fb2c222feb931b40e98b6be133f14a";
+        url = "http://registry.npmjs.org/mailcomposer/-/mailcomposer-0.2.2.tgz";
+        sha1 = "ce93bdea7cb51e60eb76491b6a64c39f382c20e5";
       })
     ];
     buildInputs =
@@ -7104,16 +8055,39 @@
     ];
     passthru.names = [ "match-stream" ];
   };
-  full."memoizee"."0.2.x" = lib.makeOverridable self.buildNodePackage {
-    name = "memoizee-0.2.5";
+  full."meat"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "meat-0.2.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/memoizee/-/memoizee-0.2.5.tgz";
-        sha1 = "44ad0ce73439705f3954a58dbf5f792cd496c01c";
+        url = "http://registry.npmjs.org/meat/-/meat-0.2.5.tgz";
+        sha1 = "8f277ec68f51794365e271166c7b7bba8d046869";
       })
     ];
     buildInputs =
-      (self.nativeDeps."memoizee"."0.2.x" or []);
+      (self.nativeDeps."meat"."*" or []);
+    deps = [
+      self.full."express"."2.5.11"
+      self.full."jade"."0.27.0"
+      self.full."open"."0.0.2"
+      self.full."winston"."0.6.2"
+      self.full."mkdirp"."0.3.0"
+      self.full."node.extend"."1.0.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "meat" ];
+  };
+  "meat" = self.full."meat"."*";
+  full."memoizee"."~0.2.5" = lib.makeOverridable self.buildNodePackage {
+    name = "memoizee-0.2.6";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/memoizee/-/memoizee-0.2.6.tgz";
+        sha1 = "bb45a7ad02530082f1612671dab35219cd2e0741";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."memoizee"."~0.2.5" or []);
     deps = [
       self.full."es5-ext"."~0.9.2"
       self.full."event-emitter"."~0.2.2"
@@ -7155,6 +8129,22 @@
     ];
     passthru.names = [ "mime" ];
   };
+  full."mime"."1.2.4" = lib.makeOverridable self.buildNodePackage {
+    name = "mime-1.2.4";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/mime/-/mime-1.2.4.tgz";
+        sha1 = "11b5fdaf29c2509255176b80ad520294f5de92b7";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."mime"."1.2.4" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "mime" ];
+  };
   full."mime"."1.2.5" = lib.makeOverridable self.buildNodePackage {
     name = "mime-1.2.5";
     src = [
@@ -7219,6 +8209,22 @@
     ];
     passthru.names = [ "mime" ];
   };
+  full."mime".">= 0.0.1" = lib.makeOverridable self.buildNodePackage {
+    name = "mime-1.2.11";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/mime/-/mime-1.2.11.tgz";
+        sha1 = "58203eed86e3a5ef17aed2b7d9ebd47f0a60dd10";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."mime".">= 0.0.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "mime" ];
+  };
   full."mime"."~1.2" = lib.makeOverridable self.buildNodePackage {
     name = "mime-1.2.11";
     src = [
@@ -7300,11 +8306,11 @@
     passthru.names = [ "mime" ];
   };
   full."mimelib"."~0.2" = lib.makeOverridable self.buildNodePackage {
-    name = "mimelib-0.2.12";
+    name = "mimelib-0.2.13";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mimelib/-/mimelib-0.2.12.tgz";
-        sha1 = "5dcbb99c7369e5d62d7e12e71fa334179aebd748";
+        url = "http://registry.npmjs.org/mimelib/-/mimelib-0.2.13.tgz";
+        sha1 = "0668eb85e870c510be747a67ece43b9bbf8e20b0";
       })
     ];
     buildInputs =
@@ -7352,6 +8358,24 @@
     ];
     passthru.names = [ "minimatch" ];
   };
+  full."minimatch"."0.2.x" = lib.makeOverridable self.buildNodePackage {
+    name = "minimatch-0.2.12";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/minimatch/-/minimatch-0.2.12.tgz";
+        sha1 = "ea82a012ac662c7ddfaa144f1c147e6946f5dafb";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."minimatch"."0.2.x" or []);
+    deps = [
+      self.full."lru-cache"."2"
+      self.full."sigmund"."~1.0.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "minimatch" ];
+  };
   full."minimatch"."0.x" = lib.makeOverridable self.buildNodePackage {
     name = "minimatch-0.2.12";
     src = [
@@ -7496,12 +8520,30 @@
     ];
     passthru.names = [ "minimatch" ];
   };
+  full."minimatch"."~0.2.9" = lib.makeOverridable self.buildNodePackage {
+    name = "minimatch-0.2.12";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/minimatch/-/minimatch-0.2.12.tgz";
+        sha1 = "ea82a012ac662c7ddfaa144f1c147e6946f5dafb";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."minimatch"."~0.2.9" or []);
+    deps = [
+      self.full."lru-cache"."2"
+      self.full."sigmund"."~1.0.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "minimatch" ];
+  };
   full."minimist"."~0.0.1" = lib.makeOverridable self.buildNodePackage {
-    name = "minimist-0.0.2";
+    name = "minimist-0.0.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/minimist/-/minimist-0.0.2.tgz";
-        sha1 = "3297e0500be195b8fcb56668c45b925bc9bca7ab";
+        url = "http://registry.npmjs.org/minimist/-/minimist-0.0.5.tgz";
+        sha1 = "d7aa327bcecf518f9106ac6b8f003fa3bcea8566";
       })
     ];
     buildInputs =
@@ -7690,11 +8732,11 @@
     passthru.names = [ "mkdirp" ];
   };
   full."mocha"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "mocha-1.12.1";
+    name = "mocha-1.13.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mocha/-/mocha-1.12.1.tgz";
-        sha1 = "5212e3f5914eef8c0888ae344e6a7dd2e5ac294a";
+        url = "http://registry.npmjs.org/mocha/-/mocha-1.13.0.tgz";
+        sha1 = "8d8fa4e310b94cc6efeb3ed26aeca96dea93307c";
       })
     ];
     buildInputs =
@@ -7703,16 +8745,33 @@
       self.full."commander"."0.6.1"
       self.full."growl"."1.7.x"
       self.full."jade"."0.26.3"
-      self.full."diff"."1.0.2"
+      self.full."diff"."1.0.7"
       self.full."debug"."*"
       self.full."mkdirp"."0.3.5"
-      self.full."glob"."3.2.1"
+      self.full."glob"."3.2.3"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "mocha" ];
   };
   "mocha" = self.full."mocha"."*";
+  full."mocha-unfunk-reporter"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "mocha-unfunk-reporter-0.2.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/mocha-unfunk-reporter/-/mocha-unfunk-reporter-0.2.3.tgz";
+        sha1 = "41c2aa001dc44eef80d073404728d2e4d4a09c90";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."mocha-unfunk-reporter"."*" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "mocha-unfunk-reporter" ];
+  };
+  "mocha-unfunk-reporter" = self.full."mocha-unfunk-reporter"."*";
   full."moment"."2.0.0" = lib.makeOverridable self.buildNodePackage {
     name = "moment-2.0.0";
     src = [
@@ -7817,11 +8876,11 @@
     passthru.names = [ "mongodb" ];
   };
   full."mongoose"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "mongoose-3.7.3";
+    name = "mongoose-3.7.4";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mongoose/-/mongoose-3.7.3.tgz";
-        sha1 = "32c707bd919db3ae534326042be0b9ef9ee7ff57";
+        url = "http://registry.npmjs.org/mongoose/-/mongoose-3.7.4.tgz";
+        sha1 = "5ed8cdbc91c92b18ab49ac3526c7ac5264c7b292";
       })
     ];
     buildInputs =
@@ -7835,7 +8894,7 @@
       self.full."mpromise"."0.3.0"
       self.full."mpath"."0.1.1"
       self.full."regexp-clone"."0.0.1"
-      self.full."mquery"."0.3.1"
+      self.full."mquery"."0.3.2"
     ];
     peerDependencies = [
     ];
@@ -7865,11 +8924,11 @@
     passthru.names = [ "mongoose" ];
   };
   full."mongoose"."3.6.x" = lib.makeOverridable self.buildNodePackage {
-    name = "mongoose-3.6.18";
+    name = "mongoose-3.6.20";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mongoose/-/mongoose-3.6.18.tgz";
-        sha1 = "cdf41325433ea795a1b3632ef1d7591db487d224";
+        url = "http://registry.npmjs.org/mongoose/-/mongoose-3.6.20.tgz";
+        sha1 = "47263843e6b812ea207eec104c40a36c8d215f53";
       })
     ];
     buildInputs =
@@ -7906,11 +8965,11 @@
     passthru.names = [ "mongoose-lifecycle" ];
   };
   full."mongoose-schema-extend"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "mongoose-schema-extend-0.1.4";
+    name = "mongoose-schema-extend-0.1.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mongoose-schema-extend/-/mongoose-schema-extend-0.1.4.tgz";
-        sha1 = "9f61b2abba5352fcd3d7b1193ee4b4d9f2a83804";
+        url = "http://registry.npmjs.org/mongoose-schema-extend/-/mongoose-schema-extend-0.1.5.tgz";
+        sha1 = "d2ab3d2005033daaa215a806bbd3f6637c9c96c3";
       })
     ];
     buildInputs =
@@ -7956,6 +9015,22 @@
     ];
     passthru.names = [ "mout" ];
   };
+  full."mout"."~0.7.0" = lib.makeOverridable self.buildNodePackage {
+    name = "mout-0.7.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/mout/-/mout-0.7.1.tgz";
+        sha1 = "218de2b0880b220d99f4fbaee3fc0c3a5310bda8";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."mout"."~0.7.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "mout" ];
+  };
   full."mpath"."0.1.1" = lib.makeOverridable self.buildNodePackage {
     name = "mpath-0.1.1";
     src = [
@@ -8006,16 +9081,16 @@
     ];
     passthru.names = [ "mpromise" ];
   };
-  full."mquery"."0.3.1" = lib.makeOverridable self.buildNodePackage {
-    name = "mquery-0.3.1";
+  full."mquery"."0.3.2" = lib.makeOverridable self.buildNodePackage {
+    name = "mquery-0.3.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/mquery/-/mquery-0.3.1.tgz";
-        sha1 = "b67051685b3ec71c9dc6d0ca41385297325c4c45";
+        url = "http://registry.npmjs.org/mquery/-/mquery-0.3.2.tgz";
+        sha1 = "074cb82c51ec1b15897d8afb80a7b3567a2f8eca";
       })
     ];
     buildInputs =
-      (self.nativeDeps."mquery"."0.3.1" or []);
+      (self.nativeDeps."mquery"."0.3.2" or []);
     deps = [
       self.full."sliced"."0.0.5"
       self.full."debug"."0.7.0"
@@ -8057,6 +9132,24 @@
     ];
     passthru.names = [ "msgpack" ];
   };
+  full."multiparty"."2.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "multiparty-2.2.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/multiparty/-/multiparty-2.2.0.tgz";
+        sha1 = "a567c2af000ad22dc8f2a653d91978ae1f5316f4";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."multiparty"."2.2.0" or []);
+    deps = [
+      self.full."readable-stream"."~1.1.9"
+      self.full."stream-counter"."~0.2.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "multiparty" ];
+  };
   full."muri"."0.3.1" = lib.makeOverridable self.buildNodePackage {
     name = "muri-0.3.1";
     src = [
@@ -8295,11 +9388,11 @@
     passthru.names = [ "nib" ];
   };
   full."nijs"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "nijs-0.0.10";
+    name = "nijs-0.0.12";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/nijs/-/nijs-0.0.10.tgz";
-        sha1 = "79d09c5c9a2f1f3e96708c9dc6b4547b89cf8177";
+        url = "http://registry.npmjs.org/nijs/-/nijs-0.0.12.tgz";
+        sha1 = "23bb40746b409e8556f9a4fe97ca314410a685df";
       })
     ];
     buildInputs =
@@ -8330,11 +9423,11 @@
   };
   "node-expat" = self.full."node-expat"."*";
   full."node-gyp"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "node-gyp-0.10.9";
+    name = "node-gyp-0.10.10";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.9.tgz";
-        sha1 = "de5e20f75ee291975d67c105a5653b981bf8974f";
+        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.10.tgz";
+        sha1 = "74290b46b72046d648d301fae3813feb0d07edd9";
       })
     ];
     buildInputs =
@@ -8359,16 +9452,16 @@
     passthru.names = [ "node-gyp" ];
   };
   "node-gyp" = self.full."node-gyp"."*";
-  full."node-gyp"."~0.10.2" = lib.makeOverridable self.buildNodePackage {
-    name = "node-gyp-0.10.9";
+  full."node-gyp"."~0.10.10" = lib.makeOverridable self.buildNodePackage {
+    name = "node-gyp-0.10.10";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.9.tgz";
-        sha1 = "de5e20f75ee291975d67c105a5653b981bf8974f";
+        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.10.tgz";
+        sha1 = "74290b46b72046d648d301fae3813feb0d07edd9";
       })
     ];
     buildInputs =
-      (self.nativeDeps."node-gyp"."~0.10.2" or []);
+      (self.nativeDeps."node-gyp"."~0.10.10" or []);
     deps = [
       self.full."glob"."3"
       self.full."graceful-fs"."2"
@@ -8388,16 +9481,16 @@
     ];
     passthru.names = [ "node-gyp" ];
   };
-  full."node-gyp"."~0.10.9" = lib.makeOverridable self.buildNodePackage {
-    name = "node-gyp-0.10.9";
+  full."node-gyp"."~0.10.2" = lib.makeOverridable self.buildNodePackage {
+    name = "node-gyp-0.10.10";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.9.tgz";
-        sha1 = "de5e20f75ee291975d67c105a5653b981bf8974f";
+        url = "http://registry.npmjs.org/node-gyp/-/node-gyp-0.10.10.tgz";
+        sha1 = "74290b46b72046d648d301fae3813feb0d07edd9";
       })
     ];
     buildInputs =
-      (self.nativeDeps."node-gyp"."~0.10.9" or []);
+      (self.nativeDeps."node-gyp"."~0.10.2" or []);
     deps = [
       self.full."glob"."3"
       self.full."graceful-fs"."2"
@@ -8417,6 +9510,29 @@
     ];
     passthru.names = [ "node-gyp" ];
   };
+  full."node-inspector"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "node-inspector-0.5.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/node-inspector/-/node-inspector-0.5.0.tgz";
+        sha1 = "3104821cb4d6436212331ef3f3539943fd370603";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."node-inspector"."*" or []);
+    deps = [
+      self.full."socket.io"."~0.9.14"
+      self.full."express"."~3.4"
+      self.full."async"."~0.2.8"
+      self.full."glob"."~3.2.1"
+      self.full."rc"."~0.3.0"
+      self.full."strong-data-uri"."~0.1.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "node-inspector" ];
+  };
+  "node-inspector" = self.full."node-inspector"."*";
   full."node-syslog"."1.1.3" = lib.makeOverridable self.buildNodePackage {
     name = "node-syslog-1.1.3";
     src = [
@@ -8545,6 +9661,22 @@
     ];
     passthru.names = [ "node-uuid" ];
   };
+  full."node.extend"."1.0.0" = lib.makeOverridable self.buildNodePackage {
+    name = "node.extend-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/node.extend/-/node.extend-1.0.0.tgz";
+        sha1 = "ab83960c477280d01ba5554a0d8fd3acfe39336e";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."node.extend"."1.0.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "node.extend" ];
+  };
   full."nodemailer"."0.3.35" = lib.makeOverridable self.buildNodePackage {
     name = "nodemailer-0.3.35";
     src = [
@@ -8581,6 +9713,24 @@
     passthru.names = [ "nodemon" ];
   };
   "nodemon" = self.full."nodemon"."*";
+  full."nomnom"."1.6.x" = lib.makeOverridable self.buildNodePackage {
+    name = "nomnom-1.6.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/nomnom/-/nomnom-1.6.1.tgz";
+        sha1 = "bfed4506642d81278738e891c557e80694c1e0c9";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."nomnom"."1.6.x" or []);
+    deps = [
+      self.full."colors"."0.5.x"
+      self.full."underscore"."~1.4.4"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "nomnom" ];
+  };
   full."nopt"."2" = lib.makeOverridable self.buildNodePackage {
     name = "nopt-2.1.2";
     src = [
@@ -8684,11 +9834,11 @@
     passthru.names = [ "nopt" ];
   };
   full."normalize-package-data"."~0.2" = lib.makeOverridable self.buildNodePackage {
-    name = "normalize-package-data-0.2.2";
+    name = "normalize-package-data-0.2.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/normalize-package-data/-/normalize-package-data-0.2.2.tgz";
-        sha1 = "9efde8d32a96e797ea61f8b4916e0f48a5ad83d9";
+        url = "http://registry.npmjs.org/normalize-package-data/-/normalize-package-data-0.2.6.tgz";
+        sha1 = "830bda1412f7ccae09b903fc080edbcdbb0947c0";
       })
     ];
     buildInputs =
@@ -8702,11 +9852,11 @@
     passthru.names = [ "normalize-package-data" ];
   };
   full."npm"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "npm-1.3.9";
+    name = "npm-1.3.11";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/npm/-/npm-1.3.9.tgz";
-        sha1 = "dbf815e1661845046e82105a705f8df1735bb1ee";
+        url = "http://registry.npmjs.org/npm/-/npm-1.3.11.tgz";
+        sha1 = "4bf7f005fe1038c4fe9207603b961c97bd0ba5a3";
       })
     ];
     buildInputs =
@@ -8714,21 +9864,21 @@
     deps = [
       self.full."semver"."~2.1.0"
       self.full."ini"."~1.1.0"
-      self.full."slide"."~1.1.4"
+      self.full."slide"."~1.1.5"
       self.full."abbrev"."~1.0.4"
       self.full."graceful-fs"."~2.0.0"
       self.full."minimatch"."~0.2.12"
       self.full."nopt"."~2.1.2"
       self.full."rimraf"."~2.2.0"
-      self.full."request"."~2.25.0"
+      self.full."request"."~2.27.0"
       self.full."which"."1"
       self.full."tar"."~0.1.18"
       self.full."fstream"."~0.1.23"
       self.full."block-stream"."0.0.7"
       self.full."mkdirp"."~0.3.3"
       self.full."read"."~1.0.4"
-      self.full."lru-cache"."~2.3.0"
-      self.full."node-gyp"."~0.10.9"
+      self.full."lru-cache"."~2.3.1"
+      self.full."node-gyp"."~0.10.10"
       self.full."fstream-npm"."~0.1.3"
       self.full."uid-number"."0"
       self.full."archy"."0"
@@ -8736,7 +9886,7 @@
       self.full."npmlog"."0.0.4"
       self.full."ansi"."~0.1.2"
       self.full."npm-registry-client"."~0.2.28"
-      self.full."read-package-json"."~1.1.0"
+      self.full."read-package-json"."~1.1.3"
       self.full."read-installed"."~0.2.2"
       self.full."glob"."~3.2.6"
       self.full."init-package-json"."0.0.11"
@@ -9194,6 +10344,22 @@
     ];
     passthru.names = [ "once" ];
   };
+  full."open"."0.0.2" = lib.makeOverridable self.buildNodePackage {
+    name = "open-0.0.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/open/-/open-0.0.2.tgz";
+        sha1 = "0a620ba2574464742f51e69f8ba8eccfd97b5dfc";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."open"."0.0.2" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "open" ];
+  };
   full."open"."0.0.4" = lib.makeOverridable self.buildNodePackage {
     name = "open-0.0.4";
     src = [
@@ -9513,6 +10679,23 @@
     ];
     passthru.names = [ "over" ];
   };
+  full."owl-deepcopy"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "owl-deepcopy-0.0.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/owl-deepcopy/-/owl-deepcopy-0.0.2.tgz";
+        sha1 = "056c40e1af73dff6e2c7afae983d2a7760fdff88";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."owl-deepcopy"."*" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "owl-deepcopy" ];
+  };
+  "owl-deepcopy" = self.full."owl-deepcopy"."*";
   full."owl-deepcopy"."~0.0.1" = lib.makeOverridable self.buildNodePackage {
     name = "owl-deepcopy-0.0.2";
     src = [
@@ -9675,11 +10858,11 @@
     passthru.names = [ "pause" ];
   };
   full."phantomjs"."~1.9" = lib.makeOverridable self.buildNodePackage {
-    name = "phantomjs-1.9.1-9";
+    name = "phantomjs-1.9.2-2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/phantomjs/-/phantomjs-1.9.1-9.tgz";
-        sha1 = "f18671f4bcbbb5d5fc4a20ddcd6800ab0edc4453";
+        url = "http://registry.npmjs.org/phantomjs/-/phantomjs-1.9.2-2.tgz";
+        sha1 = "256228800bc18292395eb0f54b14cd42c8093889";
       })
     ];
     buildInputs =
@@ -9697,6 +10880,29 @@
     ];
     passthru.names = [ "phantomjs" ];
   };
+  full."phantomjs"."~1.9.1-2" = lib.makeOverridable self.buildNodePackage {
+    name = "phantomjs-1.9.2-2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/phantomjs/-/phantomjs-1.9.2-2.tgz";
+        sha1 = "256228800bc18292395eb0f54b14cd42c8093889";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."phantomjs"."~1.9.1-2" or []);
+    deps = [
+      self.full."adm-zip"."0.2.1"
+      self.full."kew"."~0.1.7"
+      self.full."ncp"."0.4.2"
+      self.full."npmconf"."0.0.24"
+      self.full."mkdirp"."0.3.5"
+      self.full."rimraf"."~2.0.2"
+      self.full."which"."~1.0.5"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "phantomjs" ];
+  };
   full."pkginfo"."0.2.x" = lib.makeOverridable self.buildNodePackage {
     name = "pkginfo-0.2.3";
     src = [
@@ -9761,6 +10967,24 @@
     ];
     passthru.names = [ "pkginfo" ];
   };
+  full."plist-native"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "plist-native-0.2.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/plist-native/-/plist-native-0.2.2.tgz";
+        sha1 = "6abde856b07a52f0d6bc027f7750f4d97ff93858";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."plist-native"."*" or []);
+    deps = [
+      self.full."libxmljs"."~0.8.1"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "plist-native" ];
+  };
+  "plist-native" = self.full."plist-native"."*";
   full."policyfile"."0.0.4" = lib.makeOverridable self.buildNodePackage {
     name = "policyfile-0.0.4";
     src = [
@@ -9940,11 +11164,11 @@
     passthru.names = [ "pullstream" ];
   };
   full."q"."0.9.x" = lib.makeOverridable self.buildNodePackage {
-    name = "q-0.9.6";
+    name = "q-0.9.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/q/-/q-0.9.6.tgz";
-        sha1 = "5884b2154bdb3b6d5765e0fafddcb1506e133619";
+        url = "http://registry.npmjs.org/q/-/q-0.9.7.tgz";
+        sha1 = "4de2e6cb3b29088c9e4cbc03bf9d42fb96ce2f75";
       })
     ];
     buildInputs =
@@ -9956,11 +11180,11 @@
     passthru.names = [ "q" ];
   };
   full."q".">= 0.0.1" = lib.makeOverridable self.buildNodePackage {
-    name = "q-0.9.6";
+    name = "q-0.9.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/q/-/q-0.9.6.tgz";
-        sha1 = "5884b2154bdb3b6d5765e0fafddcb1506e133619";
+        url = "http://registry.npmjs.org/q/-/q-0.9.7.tgz";
+        sha1 = "4de2e6cb3b29088c9e4cbc03bf9d42fb96ce2f75";
       })
     ];
     buildInputs =
@@ -9972,11 +11196,11 @@
     passthru.names = [ "q" ];
   };
   full."q"."~0.9" = lib.makeOverridable self.buildNodePackage {
-    name = "q-0.9.6";
+    name = "q-0.9.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/q/-/q-0.9.6.tgz";
-        sha1 = "5884b2154bdb3b6d5765e0fafddcb1506e133619";
+        url = "http://registry.npmjs.org/q/-/q-0.9.7.tgz";
+        sha1 = "4de2e6cb3b29088c9e4cbc03bf9d42fb96ce2f75";
       })
     ];
     buildInputs =
@@ -9988,11 +11212,11 @@
     passthru.names = [ "q" ];
   };
   full."q"."~0.9.2" = lib.makeOverridable self.buildNodePackage {
-    name = "q-0.9.6";
+    name = "q-0.9.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/q/-/q-0.9.6.tgz";
-        sha1 = "5884b2154bdb3b6d5765e0fafddcb1506e133619";
+        url = "http://registry.npmjs.org/q/-/q-0.9.7.tgz";
+        sha1 = "4de2e6cb3b29088c9e4cbc03bf9d42fb96ce2f75";
       })
     ];
     buildInputs =
@@ -10004,11 +11228,11 @@
     passthru.names = [ "q" ];
   };
   full."q"."~0.9.6" = lib.makeOverridable self.buildNodePackage {
-    name = "q-0.9.6";
+    name = "q-0.9.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/q/-/q-0.9.6.tgz";
-        sha1 = "5884b2154bdb3b6d5765e0fafddcb1506e133619";
+        url = "http://registry.npmjs.org/q/-/q-0.9.7.tgz";
+        sha1 = "4de2e6cb3b29088c9e4cbc03bf9d42fb96ce2f75";
       })
     ];
     buildInputs =
@@ -10019,6 +11243,22 @@
     ];
     passthru.names = [ "q" ];
   };
+  full."qs"."0.4.x" = lib.makeOverridable self.buildNodePackage {
+    name = "qs-0.4.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/qs/-/qs-0.4.2.tgz";
+        sha1 = "3cac4c861e371a8c9c4770ac23cda8de639b8e5f";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."qs"."0.4.x" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "qs" ];
+  };
   full."qs"."0.5.1" = lib.makeOverridable self.buildNodePackage {
     name = "qs-0.5.1";
     src = [
@@ -10035,6 +11275,22 @@
     ];
     passthru.names = [ "qs" ];
   };
+  full."qs"."0.5.2" = lib.makeOverridable self.buildNodePackage {
+    name = "qs-0.5.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/qs/-/qs-0.5.2.tgz";
+        sha1 = "e5734acb7009fb918e800fd5c60c2f5b94a7ff43";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."qs"."0.5.2" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "qs" ];
+  };
   full."qs"."0.5.5" = lib.makeOverridable self.buildNodePackage {
     name = "qs-0.5.5";
     src = [
@@ -10067,6 +11323,22 @@
     ];
     passthru.names = [ "qs" ];
   };
+  full."qs".">= 0.4.0" = lib.makeOverridable self.buildNodePackage {
+    name = "qs-0.6.5";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/qs/-/qs-0.6.5.tgz";
+        sha1 = "294b268e4b0d4250f6dde19b3b8b34935dff14ef";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."qs".">= 0.4.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "qs" ];
+  };
   full."qs"."~0.5.0" = lib.makeOverridable self.buildNodePackage {
     name = "qs-0.5.6";
     src = [
@@ -10148,11 +11420,11 @@
     passthru.names = [ "range-parser" ];
   };
   full."raw-socket"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "raw-socket-1.2.1";
+    name = "raw-socket-1.2.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/raw-socket/-/raw-socket-1.2.1.tgz";
-        sha1 = "3ca811bd4bf173b7b4e2304d5e680fd458da3963";
+        url = "http://registry.npmjs.org/raw-socket/-/raw-socket-1.2.2.tgz";
+        sha1 = "c9be873878a1ef70497a27e40b6e55b563d8f886";
       })
     ];
     buildInputs =
@@ -10199,6 +11471,25 @@
     ];
     passthru.names = [ "rc" ];
   };
+  full."rc"."~0.3.0" = lib.makeOverridable self.buildNodePackage {
+    name = "rc-0.3.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/rc/-/rc-0.3.1.tgz";
+        sha1 = "1da1bef8cf8201cafd3725bd82b31d1cf7321248";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."rc"."~0.3.0" or []);
+    deps = [
+      self.full."optimist"."~0.3.4"
+      self.full."deep-extend"."~0.2.5"
+      self.full."ini"."~1.1.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "rc" ];
+  };
   full."read"."1" = lib.makeOverridable self.buildNodePackage {
     name = "read-1.0.5";
     src = [
@@ -10327,6 +11618,26 @@
     ];
     passthru.names = [ "read-package-json" ];
   };
+  full."read-package-json"."~1.1.3" = lib.makeOverridable self.buildNodePackage {
+    name = "read-package-json-1.1.3";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/read-package-json/-/read-package-json-1.1.3.tgz";
+        sha1 = "a361ab3da88f6f78998df223ad8186a4b7e1f391";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."read-package-json"."~1.1.3" or []);
+    deps = [
+      self.full."glob"."~3.2.1"
+      self.full."lru-cache"."2"
+      self.full."normalize-package-data"."~0.2"
+      self.full."graceful-fs"."2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "read-package-json" ];
+  };
   full."readable-stream"."1.0" = lib.makeOverridable self.buildNodePackage {
     name = "readable-stream-1.0.17";
     src = [
@@ -10375,6 +11686,42 @@
     ];
     passthru.names = [ "readable-stream" ];
   };
+  full."readable-stream"."~1.1.8" = lib.makeOverridable self.buildNodePackage {
+    name = "readable-stream-1.1.9";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/readable-stream/-/readable-stream-1.1.9.tgz";
+        sha1 = "d87130fbf8f9ee9c3b4058b3c58a3e30db2fcfdd";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."readable-stream"."~1.1.8" or []);
+    deps = [
+      self.full."core-util-is"."~1.0.0"
+      self.full."debuglog"."0.0.2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "readable-stream" ];
+  };
+  full."readable-stream"."~1.1.9" = lib.makeOverridable self.buildNodePackage {
+    name = "readable-stream-1.1.9";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/readable-stream/-/readable-stream-1.1.9.tgz";
+        sha1 = "d87130fbf8f9ee9c3b4058b3c58a3e30db2fcfdd";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."readable-stream"."~1.1.9" or []);
+    deps = [
+      self.full."core-util-is"."~1.0.0"
+      self.full."debuglog"."0.0.2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "readable-stream" ];
+  };
   full."readdirp"."~0.2.3" = lib.makeOverridable self.buildNodePackage {
     name = "readdirp-0.2.5";
     src = [
@@ -10410,11 +11757,11 @@
     passthru.names = [ "redeyed" ];
   };
   full."redis"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "redis-0.8.4";
+    name = "redis-0.9.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/redis/-/redis-0.8.4.tgz";
-        sha1 = "14609f26414e211c31e3cd07dc79b04bf9ff1980";
+        url = "http://registry.npmjs.org/redis/-/redis-0.9.0.tgz";
+        sha1 = "b0f5b9c5619b4f1784837718677212c1af33ee67";
       })
     ];
     buildInputs =
@@ -10460,11 +11807,11 @@
     passthru.names = [ "redis" ];
   };
   full."redis".">= 0.6.6" = lib.makeOverridable self.buildNodePackage {
-    name = "redis-0.8.4";
+    name = "redis-0.9.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/redis/-/redis-0.8.4.tgz";
-        sha1 = "14609f26414e211c31e3cd07dc79b04bf9ff1980";
+        url = "http://registry.npmjs.org/redis/-/redis-0.9.0.tgz";
+        sha1 = "b0f5b9c5619b4f1784837718677212c1af33ee67";
       })
     ];
     buildInputs =
@@ -10509,6 +11856,25 @@
     ];
     passthru.names = [ "regexp-clone" ];
   };
+  full."replace"."~0.2.4" = lib.makeOverridable self.buildNodePackage {
+    name = "replace-0.2.7";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/replace/-/replace-0.2.7.tgz";
+        sha1 = "e22d08a9e2e6764337bb530166a4dd89c2558fda";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."replace"."~0.2.4" or []);
+    deps = [
+      self.full."nomnom"."1.6.x"
+      self.full."colors"."0.5.x"
+      self.full."minimatch"."~0.2.9"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "replace" ];
+  };
   full."request"."2" = lib.makeOverridable self.buildNodePackage {
     name = "request-2.27.0";
     src = [
@@ -10893,11 +12259,11 @@
     passthru.names = [ "request-replay" ];
   };
   full."requirejs"."~2.1.0" = lib.makeOverridable self.buildNodePackage {
-    name = "requirejs-2.1.8";
+    name = "requirejs-2.1.9";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/requirejs/-/requirejs-2.1.8.tgz";
-        sha1 = "f0dfa656d60d404947da796f9c661d92c1b0257a";
+        url = "http://registry.npmjs.org/requirejs/-/requirejs-2.1.9.tgz";
+        sha1 = "624e10d22863e8db9aebfb8f21809ca59da42344";
       })
     ];
     buildInputs =
@@ -10908,16 +12274,16 @@
     ];
     passthru.names = [ "requirejs" ];
   };
-  full."resolve"."0.4.x" = lib.makeOverridable self.buildNodePackage {
-    name = "resolve-0.4.3";
+  full."resolve"."0.5.x" = lib.makeOverridable self.buildNodePackage {
+    name = "resolve-0.5.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/resolve/-/resolve-0.4.3.tgz";
-        sha1 = "dcadad202e7cacc2467e3a38800211f42f9c13df";
+        url = "http://registry.npmjs.org/resolve/-/resolve-0.5.1.tgz";
+        sha1 = "15e4a222c4236bcd4cf85454412c2d0fb6524576";
       })
     ];
     buildInputs =
-      (self.nativeDeps."resolve"."0.4.x" or []);
+      (self.nativeDeps."resolve"."0.5.x" or []);
     deps = [
     ];
     peerDependencies = [
@@ -11176,23 +12542,6 @@
     passthru.names = [ "s3http" ];
   };
   "s3http" = self.full."s3http"."*";
-  full."safefs"."~3.0.1" = lib.makeOverridable self.buildNodePackage {
-    name = "safefs-3.0.3";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/safefs/-/safefs-3.0.3.tgz";
-        sha1 = "1d511e2945f0e7eccdd6bb12ec2e309abf13514e";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."safefs"."~3.0.1" or []);
-    deps = [
-      self.full."taskgroup"."~3.2.0"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "safefs" ];
-  };
   full."sauce-connect-launcher"."~0.1.10" = lib.makeOverridable self.buildNodePackage {
     name = "sauce-connect-launcher-0.1.11";
     src = [
@@ -11244,6 +12593,23 @@
     ];
     passthru.names = [ "sax" ];
   };
+  full."selenium-webdriver"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "selenium-webdriver-2.37.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-2.37.0.tgz";
+        sha1 = "02a8c9240203c22d0400d466253d4af3f63748b8";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."selenium-webdriver"."*" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "selenium-webdriver" ];
+  };
+  "selenium-webdriver" = self.full."selenium-webdriver"."*";
   full."semver"."*" = lib.makeOverridable self.buildNodePackage {
     name = "semver-2.1.0";
     src = [
@@ -11665,11 +13031,11 @@
     passthru.names = [ "shelljs" ];
   };
   full."should"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "should-1.2.2";
+    name = "should-2.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/should/-/should-1.2.2.tgz";
-        sha1 = "0f03f775066d9ea2632690c917b12824fcc1d582";
+        url = "http://registry.npmjs.org/should/-/should-2.0.1.tgz";
+        sha1 = "d244c90bb919f3e51dca472ef7d93c244eb7b79a";
       })
     ];
     buildInputs =
@@ -11697,12 +13063,60 @@
     ];
     passthru.names = [ "sigmund" ];
   };
+  full."signals"."<2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "signals-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/signals/-/signals-1.0.0.tgz";
+        sha1 = "65f0c1599352b35372ecaae5a250e6107376ed69";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."signals"."<2.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "signals" ];
+  };
+  full."signals".">0.7 <2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "signals-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/signals/-/signals-1.0.0.tgz";
+        sha1 = "65f0c1599352b35372ecaae5a250e6107376ed69";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."signals".">0.7 <2.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "signals" ];
+  };
+  full."signals"."~1.0.0" = lib.makeOverridable self.buildNodePackage {
+    name = "signals-1.0.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/signals/-/signals-1.0.0.tgz";
+        sha1 = "65f0c1599352b35372ecaae5a250e6107376ed69";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."signals"."~1.0.0" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "signals" ];
+  };
   full."simplesmtp".">= 0.1.22" = lib.makeOverridable self.buildNodePackage {
-    name = "simplesmtp-0.3.8";
+    name = "simplesmtp-0.3.10";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/simplesmtp/-/simplesmtp-0.3.8.tgz";
-        sha1 = "64bea183c9d95211e17e21e228a20312661def09";
+        url = "http://registry.npmjs.org/simplesmtp/-/simplesmtp-0.3.10.tgz";
+        sha1 = "f395f4b118de45f82ac4fdae4bd88f12dc326f5d";
       })
     ];
     buildInputs =
@@ -11812,12 +13226,28 @@
     ];
     passthru.names = [ "slide" ];
   };
+  full."slide"."~1.1.5" = lib.makeOverridable self.buildNodePackage {
+    name = "slide-1.1.5";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/slide/-/slide-1.1.5.tgz";
+        sha1 = "31732adeae78f1d2d60a29b63baf6a032df7c25d";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."slide"."~1.1.5" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "slide" ];
+  };
   full."smartdc"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "smartdc-7.0.0";
+    name = "smartdc-7.1.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/smartdc/-/smartdc-7.0.0.tgz";
-        sha1 = "367ce274e10e3400e19ec62697f9b5ecb3f25c39";
+        url = "http://registry.npmjs.org/smartdc/-/smartdc-7.1.1.tgz";
+        sha1 = "acc4378e0967b43dd8ded8c67f99e6508277bfb9";
       })
     ];
     buildInputs =
@@ -11829,23 +13259,23 @@
       self.full."restify"."2.4.1"
       self.full."bunyan"."0.21.1"
       self.full."clone"."0.1.6"
-      self.full."smartdc-auth"."1.0.0"
+      self.full."smartdc-auth"."1.0.1"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "smartdc" ];
   };
   "smartdc" = self.full."smartdc"."*";
-  full."smartdc-auth"."1.0.0" = lib.makeOverridable self.buildNodePackage {
-    name = "smartdc-auth-1.0.0";
+  full."smartdc-auth"."1.0.1" = lib.makeOverridable self.buildNodePackage {
+    name = "smartdc-auth-1.0.1";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/smartdc-auth/-/smartdc-auth-1.0.0.tgz";
-        sha1 = "9b8569b914f25da53816fe158f80b6571470f270";
+        url = "http://registry.npmjs.org/smartdc-auth/-/smartdc-auth-1.0.1.tgz";
+        sha1 = "520bbf918313bdf2da372927d33756d46356b87b";
       })
     ];
     buildInputs =
-      (self.nativeDeps."smartdc-auth"."1.0.0" or []);
+      (self.nativeDeps."smartdc-auth"."1.0.1" or []);
     deps = [
       self.full."assert-plus"."0.1.2"
       self.full."clone"."0.1.5"
@@ -11951,6 +13381,26 @@
     ];
     passthru.names = [ "socket.io" ];
   };
+  full."socket.io"."~0.9.14" = lib.makeOverridable self.buildNodePackage {
+    name = "socket.io-0.9.16";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/socket.io/-/socket.io-0.9.16.tgz";
+        sha1 = "3bab0444e49b55fbbc157424dbd41aa375a51a76";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."socket.io"."~0.9.14" or []);
+    deps = [
+      self.full."socket.io-client"."0.9.16"
+      self.full."policyfile"."0.0.4"
+      self.full."base64id"."0.1.0"
+      self.full."redis"."0.7.3"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "socket.io" ];
+  };
   full."socket.io-client"."0.9.11" = lib.makeOverridable self.buildNodePackage {
     name = "socket.io-client-0.9.11";
     src = [
@@ -11992,18 +13442,18 @@
     passthru.names = [ "socket.io-client" ];
   };
   full."sockjs"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "sockjs-0.3.7";
+    name = "sockjs-0.3.8";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/sockjs/-/sockjs-0.3.7.tgz";
-        sha1 = "2950e0586d8a9d3044958a831ade68db197749cb";
+        url = "http://registry.npmjs.org/sockjs/-/sockjs-0.3.8.tgz";
+        sha1 = "c083cb0505db1ea1a949d3bd12d8a1ea385a456c";
       })
     ];
     buildInputs =
       (self.nativeDeps."sockjs"."*" or []);
     deps = [
       self.full."node-uuid"."1.3.3"
-      self.full."faye-websocket"."0.4.4"
+      self.full."faye-websocket"."0.7.0"
     ];
     peerDependencies = [
     ];
@@ -12011,11 +13461,11 @@
   };
   "sockjs" = self.full."sockjs"."*";
   full."source-map"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "source-map-0.1.29";
+    name = "source-map-0.1.30";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.29.tgz";
-        sha1 = "39d571a0988fb7a548a676c4de72db78914d173c";
+        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.30.tgz";
+        sha1 = "182726b50671d8fccaefc5ec35bf2a65c1956afb";
       })
     ];
     buildInputs =
@@ -12029,11 +13479,11 @@
   };
   "source-map" = self.full."source-map"."*";
   full."source-map".">= 0.1.2" = lib.makeOverridable self.buildNodePackage {
-    name = "source-map-0.1.29";
+    name = "source-map-0.1.30";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.29.tgz";
-        sha1 = "39d571a0988fb7a548a676c4de72db78914d173c";
+        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.30.tgz";
+        sha1 = "182726b50671d8fccaefc5ec35bf2a65c1956afb";
       })
     ];
     buildInputs =
@@ -12046,11 +13496,11 @@
     passthru.names = [ "source-map" ];
   };
   full."source-map"."~0.1.7" = lib.makeOverridable self.buildNodePackage {
-    name = "source-map-0.1.29";
+    name = "source-map-0.1.30";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.29.tgz";
-        sha1 = "39d571a0988fb7a548a676c4de72db78914d173c";
+        url = "http://registry.npmjs.org/source-map/-/source-map-0.1.30.tgz";
+        sha1 = "182726b50671d8fccaefc5ec35bf2a65c1956afb";
       })
     ];
     buildInputs =
@@ -12165,6 +13615,23 @@
     ];
     passthru.names = [ "stream-counter" ];
   };
+  full."stream-counter"."~0.2.0" = lib.makeOverridable self.buildNodePackage {
+    name = "stream-counter-0.2.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/stream-counter/-/stream-counter-0.2.0.tgz";
+        sha1 = "ded266556319c8b0e222812b9cf3b26fa7d947de";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."stream-counter"."~0.2.0" or []);
+    deps = [
+      self.full."readable-stream"."~1.1.8"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "stream-counter" ];
+  };
   full."stream-splitter-transform"."*" = lib.makeOverridable self.buildNodePackage {
     name = "stream-splitter-transform-0.0.3";
     src = [
@@ -12200,11 +13667,11 @@
     passthru.names = [ "streamsearch" ];
   };
   full."stringify-object"."~0.1.4" = lib.makeOverridable self.buildNodePackage {
-    name = "stringify-object-0.1.6";
+    name = "stringify-object-0.1.7";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/stringify-object/-/stringify-object-0.1.6.tgz";
-        sha1 = "f6f66711ef72225ea6e82e6147e43b03e732e40c";
+        url = "http://registry.npmjs.org/stringify-object/-/stringify-object-0.1.7.tgz";
+        sha1 = "bb54d1ceed118b428c1256742b40a53f03599581";
       })
     ];
     buildInputs =
@@ -12215,12 +13682,29 @@
     ];
     passthru.names = [ "stringify-object" ];
   };
+  full."strong-data-uri"."~0.1.0" = lib.makeOverridable self.buildNodePackage {
+    name = "strong-data-uri-0.1.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/strong-data-uri/-/strong-data-uri-0.1.0.tgz";
+        sha1 = "a41235806b8c3bf0f6f324dc57dfe85bbab681a0";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."strong-data-uri"."~0.1.0" or []);
+    deps = [
+      self.full."truncate"."~1.0.2"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "strong-data-uri" ];
+  };
   full."stylus"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "stylus-0.37.0";
+    name = "stylus-0.38.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/stylus/-/stylus-0.37.0.tgz";
-        sha1 = "3f18ba693960e3408e2951b4a22e337c33d239d8";
+        url = "http://registry.npmjs.org/stylus/-/stylus-0.38.0.tgz";
+        sha1 = "6bd0581db0ee0491251639d338685f7232ca0610";
       })
     ];
     buildInputs =
@@ -12317,12 +13801,34 @@
     ];
     passthru.names = [ "superagent" ];
   };
+  full."superagent"."~0.13.0" = lib.makeOverridable self.buildNodePackage {
+    name = "superagent-0.13.0";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/superagent/-/superagent-0.13.0.tgz";
+        sha1 = "ddfbfa5c26f16790f9c5bce42815ccbde2ca36f2";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."superagent"."~0.13.0" or []);
+    deps = [
+      self.full."qs"."0.5.2"
+      self.full."formidable"."1.0.9"
+      self.full."mime"."1.2.5"
+      self.full."emitter-component"."0.0.6"
+      self.full."methods"."0.0.1"
+      self.full."cookiejar"."1.3.0"
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "superagent" ];
+  };
   full."supertest"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "supertest-0.7.1";
+    name = "supertest-0.8.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/supertest/-/supertest-0.7.1.tgz";
-        sha1 = "349a65a8bfb5207250658f71761279ad3a671d88";
+        url = "http://registry.npmjs.org/supertest/-/supertest-0.8.0.tgz";
+        sha1 = "c8dd008358ed60175cfd4dfab0ab1af81d0dc55b";
       })
     ];
     buildInputs =
@@ -12482,70 +13988,55 @@
     ];
     passthru.names = [ "tar" ];
   };
-  full."taskgroup"."~3.1.1" = lib.makeOverridable self.buildNodePackage {
-    name = "taskgroup-3.1.2";
-    src = [
-      (fetchurl {
-        url = "http://registry.npmjs.org/taskgroup/-/taskgroup-3.1.2.tgz";
-        sha1 = "81fec5dc7eb647fd5a0ba8ed02ee3a730244ca16";
-      })
-    ];
-    buildInputs =
-      (self.nativeDeps."taskgroup"."~3.1.1" or []);
-    deps = [
-      self.full."ambi"."~2.0.0"
-      self.full."eventemitter2"."~0.4.11"
-    ];
-    peerDependencies = [
-    ];
-    passthru.names = [ "taskgroup" ];
-  };
   full."taskgroup"."~3.2.0" = lib.makeOverridable self.buildNodePackage {
-    name = "taskgroup-3.2.0";
+    name = "taskgroup-3.2.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/taskgroup/-/taskgroup-3.2.0.tgz";
-        sha1 = "ac45e79852a080bd20716eae6d79931968d637d2";
+        url = "http://registry.npmjs.org/taskgroup/-/taskgroup-3.2.3.tgz";
+        sha1 = "5bbfa9fb0312f04251140f2f858f8f4ee0086958";
       })
     ];
     buildInputs =
       (self.nativeDeps."taskgroup"."~3.2.0" or []);
     deps = [
-      self.full."ambi"."~2.1.0"
+      self.full."ambi"."~2.1.4"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "taskgroup" ];
   };
   full."temp"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "temp-0.5.1";
+    name = "temp-0.6.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/temp/-/temp-0.5.1.tgz";
-        sha1 = "77ab19c79aa7b593cbe4fac2441768cad987b8df";
+        url = "http://registry.npmjs.org/temp/-/temp-0.6.0.tgz";
+        sha1 = "6b13df5cddf370f2e3a606ca40f202c419173f07";
       })
     ];
     buildInputs =
       (self.nativeDeps."temp"."*" or []);
     deps = [
       self.full."rimraf"."~2.1.4"
+      self.full."osenv"."0.0.3"
     ];
     peerDependencies = [
     ];
     passthru.names = [ "temp" ];
   };
   "temp" = self.full."temp"."*";
-  full."temp"."0.5.0" = lib.makeOverridable self.buildNodePackage {
-    name = "temp-0.5.0";
+  full."temp"."0.6.0" = lib.makeOverridable self.buildNodePackage {
+    name = "temp-0.6.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/temp/-/temp-0.5.0.tgz";
-        sha1 = "605fa983bcbed88bac99370bc5bf934678cb289e";
+        url = "http://registry.npmjs.org/temp/-/temp-0.6.0.tgz";
+        sha1 = "6b13df5cddf370f2e3a606ca40f202c419173f07";
       })
     ];
     buildInputs =
-      (self.nativeDeps."temp"."0.5.0" or []);
+      (self.nativeDeps."temp"."0.6.0" or []);
     deps = [
+      self.full."rimraf"."~2.1.4"
+      self.full."osenv"."0.0.3"
     ];
     peerDependencies = [
     ];
@@ -12683,6 +14174,22 @@
     ];
     passthru.names = [ "traverse" ];
   };
+  full."truncate"."~1.0.2" = lib.makeOverridable self.buildNodePackage {
+    name = "truncate-1.0.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/truncate/-/truncate-1.0.2.tgz";
+        sha1 = "3221c41f6e747f83e8613f5466c8bfb596226a66";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."truncate"."~1.0.2" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "truncate" ];
+  };
   full."tunnel-agent"."~0.2.0" = lib.makeOverridable self.buildNodePackage {
     name = "tunnel-agent-0.2.0";
     src = [
@@ -12715,12 +14222,28 @@
     ];
     passthru.names = [ "tunnel-agent" ];
   };
+  full."type-detect"."0.1.1" = lib.makeOverridable self.buildNodePackage {
+    name = "type-detect-0.1.1";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/type-detect/-/type-detect-0.1.1.tgz";
+        sha1 = "0ba5ec2a885640e470ea4e8505971900dac58822";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."type-detect"."0.1.1" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "type-detect" ];
+  };
   full."typechecker"."~2.0.1" = lib.makeOverridable self.buildNodePackage {
-    name = "typechecker-2.0.1";
+    name = "typechecker-2.0.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/typechecker/-/typechecker-2.0.1.tgz";
-        sha1 = "e18e99be60762c01bde38ef02f9a067ed887c454";
+        url = "http://registry.npmjs.org/typechecker/-/typechecker-2.0.6.tgz";
+        sha1 = "f9dc9a161d05957c5e8225b7470261e16a8409cb";
       })
     ];
     buildInputs =
@@ -12731,6 +14254,22 @@
     ];
     passthru.names = [ "typechecker" ];
   };
+  full."typechecker"."~2.0.6" = lib.makeOverridable self.buildNodePackage {
+    name = "typechecker-2.0.6";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/typechecker/-/typechecker-2.0.6.tgz";
+        sha1 = "f9dc9a161d05957c5e8225b7470261e16a8409cb";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."typechecker"."~2.0.6" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "typechecker" ];
+  };
   full."uglify-js"."1.2.5" = lib.makeOverridable self.buildNodePackage {
     name = "uglify-js-1.2.5";
     src = [
@@ -12873,11 +14412,11 @@
     passthru.names = [ "uid2" ];
   };
   full."underscore"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "underscore-1.5.1";
+    name = "underscore-1.5.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.1.tgz";
-        sha1 = "d2bde817d176ffade894ab71458e682a14b86dc9";
+        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz";
+        sha1 = "1335c5e4f5e6d33bbb4b006ba8c86a00f556de08";
       })
     ];
     buildInputs =
@@ -12889,7 +14428,7 @@
     passthru.names = [ "underscore" ];
   };
   "underscore" = self.full."underscore"."*";
-  full."underscore"."1.4.4" = lib.makeOverridable self.buildNodePackage {
+  full."underscore"."1.4.x" = lib.makeOverridable self.buildNodePackage {
     name = "underscore-1.4.4";
     src = [
       (fetchurl {
@@ -12898,62 +14437,62 @@
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore"."1.4.4" or []);
+      (self.nativeDeps."underscore"."1.4.x" or []);
     deps = [
     ];
     peerDependencies = [
     ];
     passthru.names = [ "underscore" ];
   };
-  full."underscore"."1.4.x" = lib.makeOverridable self.buildNodePackage {
-    name = "underscore-1.4.4";
+  full."underscore".">=1.1.7" = lib.makeOverridable self.buildNodePackage {
+    name = "underscore-1.5.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/underscore/-/underscore-1.4.4.tgz";
-        sha1 = "61a6a32010622afa07963bf325203cf12239d604";
+        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz";
+        sha1 = "1335c5e4f5e6d33bbb4b006ba8c86a00f556de08";
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore"."1.4.x" or []);
+      (self.nativeDeps."underscore".">=1.1.7" or []);
     deps = [
     ];
     peerDependencies = [
     ];
     passthru.names = [ "underscore" ];
   };
-  full."underscore".">=1.1.7" = lib.makeOverridable self.buildNodePackage {
-    name = "underscore-1.5.1";
+  full."underscore".">=1.4.3" = lib.makeOverridable self.buildNodePackage {
+    name = "underscore-1.5.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.1.tgz";
-        sha1 = "d2bde817d176ffade894ab71458e682a14b86dc9";
+        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz";
+        sha1 = "1335c5e4f5e6d33bbb4b006ba8c86a00f556de08";
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore".">=1.1.7" or []);
+      (self.nativeDeps."underscore".">=1.4.3" or []);
     deps = [
     ];
     peerDependencies = [
     ];
     passthru.names = [ "underscore" ];
   };
-  full."underscore".">=1.4.3" = lib.makeOverridable self.buildNodePackage {
-    name = "underscore-1.5.1";
+  full."underscore"."~1.4" = lib.makeOverridable self.buildNodePackage {
+    name = "underscore-1.4.4";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.1.tgz";
-        sha1 = "d2bde817d176ffade894ab71458e682a14b86dc9";
+        url = "http://registry.npmjs.org/underscore/-/underscore-1.4.4.tgz";
+        sha1 = "61a6a32010622afa07963bf325203cf12239d604";
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore".">=1.4.3" or []);
+      (self.nativeDeps."underscore"."~1.4" or []);
     deps = [
     ];
     peerDependencies = [
     ];
     passthru.names = [ "underscore" ];
   };
-  full."underscore"."~1.4" = lib.makeOverridable self.buildNodePackage {
+  full."underscore"."~1.4.3" = lib.makeOverridable self.buildNodePackage {
     name = "underscore-1.4.4";
     src = [
       (fetchurl {
@@ -12962,14 +14501,14 @@
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore"."~1.4" or []);
+      (self.nativeDeps."underscore"."~1.4.3" or []);
     deps = [
     ];
     peerDependencies = [
     ];
     passthru.names = [ "underscore" ];
   };
-  full."underscore"."~1.4.3" = lib.makeOverridable self.buildNodePackage {
+  full."underscore"."~1.4.4" = lib.makeOverridable self.buildNodePackage {
     name = "underscore-1.4.4";
     src = [
       (fetchurl {
@@ -12978,7 +14517,23 @@
       })
     ];
     buildInputs =
-      (self.nativeDeps."underscore"."~1.4.3" or []);
+      (self.nativeDeps."underscore"."~1.4.4" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "underscore" ];
+  };
+  full."underscore"."~1.5.2" = lib.makeOverridable self.buildNodePackage {
+    name = "underscore-1.5.2";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/underscore/-/underscore-1.5.2.tgz";
+        sha1 = "1335c5e4f5e6d33bbb4b006ba8c86a00f556de08";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."underscore"."~1.5.2" or []);
     deps = [
     ];
     peerDependencies = [
@@ -13018,11 +14573,11 @@
     passthru.names = [ "underscore.string" ];
   };
   full."ungit"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "ungit-0.1.8";
+    name = "ungit-0.3.2";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/ungit/-/ungit-0.1.8.tgz";
-        sha1 = "9d6c45b3771d983bf011424f4cb284c1e79ef0c8";
+        url = "http://registry.npmjs.org/ungit/-/ungit-0.3.2.tgz";
+        sha1 = "bb52c4af06280e81c6499cc92f13436e0fefa0d8";
       })
     ];
     buildInputs =
@@ -13030,9 +14585,10 @@
     deps = [
       self.full."express"."3.2.6"
       self.full."superagent"."0.14.7"
-      self.full."underscore"."1.4.4"
-      self.full."temp"."0.5.0"
-      self.full."watchr"."2.4.3"
+      self.full."lodash.debounce"."~2.2.0"
+      self.full."lodash.find"."~2.2.0"
+      self.full."lodash.throttle"."~2.2.0"
+      self.full."temp"."0.6.0"
       self.full."socket.io"."0.9.16"
       self.full."moment"."2.0.0"
       self.full."async"."0.2.9"
@@ -13047,6 +14603,14 @@
       self.full."forever-monitor"."1.1.0"
       self.full."open"."0.0.4"
       self.full."optimist"."0.6.0"
+      self.full."crossroads"."~0.12.0"
+      self.full."signals"."~1.0.0"
+      self.full."hasher"."~1.1.4"
+      self.full."blueimp-md5"."~1.0.3"
+      self.full."color"."~0.4.4"
+      self.full."keen.io"."0.0.3"
+      self.full."getmac"."~1.0.5"
+      self.full."deep-extend"."~0.2.6"
     ];
     peerDependencies = [
     ];
@@ -13076,11 +14640,11 @@
     passthru.names = [ "unzip" ];
   };
   full."update-notifier"."~0.1.3" = lib.makeOverridable self.buildNodePackage {
-    name = "update-notifier-0.1.5";
+    name = "update-notifier-0.1.6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/update-notifier/-/update-notifier-0.1.5.tgz";
-        sha1 = "adf98004c29bf521f242c2970c471f310b353b44";
+        url = "http://registry.npmjs.org/update-notifier/-/update-notifier-0.1.6.tgz";
+        sha1 = "c814e7eabaadaba789f75c3f652366db8efec471";
       })
     ];
     buildInputs =
@@ -13335,11 +14899,11 @@
     passthru.names = [ "verror" ];
   };
   full."view-helpers"."*" = lib.makeOverridable self.buildNodePackage {
-    name = "view-helpers-0.1.2";
+    name = "view-helpers-0.1.3";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/view-helpers/-/view-helpers-0.1.2.tgz";
-        sha1 = "20643e9f50d00cf46da754dc934d791d4f6e3bb2";
+        url = "http://registry.npmjs.org/view-helpers/-/view-helpers-0.1.3.tgz";
+        sha1 = "97b061548a753eff5b432e6c1598cb10417bff02";
       })
     ];
     buildInputs =
@@ -13419,60 +14983,62 @@
     ];
     passthru.names = [ "watch" ];
   };
-  full."watchr"."2.4.3" = lib.makeOverridable self.buildNodePackage {
-    name = "watchr-2.4.3";
+  full."wd"."~0.1.5" = lib.makeOverridable self.buildNodePackage {
+    name = "wd-0.1.5";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/watchr/-/watchr-2.4.3.tgz";
-        sha1 = "b7e32fc1cc7a730043a73b3fc6559ad2283af79e";
+        url = "http://registry.npmjs.org/wd/-/wd-0.1.5.tgz";
+        sha1 = "c0a9c8fb5f62ed6628a6f6e1d1958f9316dadfec";
       })
     ];
     buildInputs =
-      (self.nativeDeps."watchr"."2.4.3" or []);
+      (self.nativeDeps."wd"."~0.1.5" or []);
     deps = [
-      self.full."bal-util"."~2.0.0"
-      self.full."typechecker"."~2.0.1"
-      self.full."extendr"."~2.0.1"
-      self.full."eachr"."~2.0.2"
-      self.full."safefs"."~3.0.1"
-      self.full."taskgroup"."~3.1.1"
+      self.full."async"."0.2.x"
+      self.full."vargs"."~0.1.0"
+      self.full."q"."0.9.x"
+      self.full."request"."~2.21.0"
+      self.full."archiver"."~0.4.6"
+      self.full."lodash"."~1.3.1"
     ];
     peerDependencies = [
     ];
-    passthru.names = [ "watchr" ];
+    passthru.names = [ "wd" ];
   };
-  full."wd"."~0.0.32" = lib.makeOverridable self.buildNodePackage {
-    name = "wd-0.0.34";
+  full."webdrvr"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "webdrvr-2.35.0-6";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/wd/-/wd-0.0.34.tgz";
-        sha1 = "c8d00ccdbb2862f914b7bd5935330a53cfa88562";
+        url = "http://registry.npmjs.org/webdrvr/-/webdrvr-2.35.0-6.tgz";
+        sha1 = "1dffadb2960c82c7b9baba6512cd6f35f6e8d706";
       })
     ];
     buildInputs =
-      (self.nativeDeps."wd"."~0.0.32" or []);
+      (self.nativeDeps."webdrvr"."*" or []);
     deps = [
-      self.full."async"."0.2.x"
-      self.full."underscore"."1.4.x"
-      self.full."vargs"."~0.1.0"
-      self.full."q"."0.9.x"
-      self.full."request"."~2.21.0"
-      self.full."archiver"."~0.4.6"
+      self.full."adm-zip"."~0.4.3"
+      self.full."kew"."~0.1.7"
+      self.full."mkdirp"."~0.3.5"
+      self.full."npmconf"."~0.1.2"
+      self.full."phantomjs"."~1.9.1-2"
+      self.full."tmp"."~0.0.20"
+      self.full."follow-redirects"."0.0.3"
     ];
     peerDependencies = [
     ];
-    passthru.names = [ "wd" ];
+    passthru.names = [ "webdrvr" ];
   };
-  full."websocket-driver".">=0.2.0" = lib.makeOverridable self.buildNodePackage {
-    name = "websocket-driver-0.2.2";
+  "webdrvr" = self.full."webdrvr"."*";
+  full."websocket-driver".">=0.3.0" = lib.makeOverridable self.buildNodePackage {
+    name = "websocket-driver-0.3.0";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/websocket-driver/-/websocket-driver-0.2.2.tgz";
-        sha1 = "998bc1855d8cd0d1e9aa8f8056b83b46ac3e81ef";
+        url = "http://registry.npmjs.org/websocket-driver/-/websocket-driver-0.3.0.tgz";
+        sha1 = "497b258c508b987249ab9b6f79f0c21dd3467c64";
       })
     ];
     buildInputs =
-      (self.nativeDeps."websocket-driver".">=0.2.0" or []);
+      (self.nativeDeps."websocket-driver".">=0.3.0" or []);
     deps = [
     ];
     peerDependencies = [
@@ -13720,11 +15286,11 @@
     passthru.names = [ "wordwrap" ];
   };
   full."ws"."0.4.x" = lib.makeOverridable self.buildNodePackage {
-    name = "ws-0.4.30";
+    name = "ws-0.4.31";
     src = [
       (fetchurl {
-        url = "http://registry.npmjs.org/ws/-/ws-0.4.30.tgz";
-        sha1 = "5e2c18b7bb7ee0f9c9fcc3d3ec50f513ba5f99e8";
+        url = "http://registry.npmjs.org/ws/-/ws-0.4.31.tgz";
+        sha1 = "5a4849e7a9ccd1ed5a81aeb4847c9fedf3122927";
       })
     ];
     buildInputs =
@@ -13756,6 +15322,23 @@
     passthru.names = [ "wu" ];
   };
   "wu" = self.full."wu"."*";
+  full."x509"."*" = lib.makeOverridable self.buildNodePackage {
+    name = "x509-0.0.6";
+    src = [
+      (fetchurl {
+        url = "http://registry.npmjs.org/x509/-/x509-0.0.6.tgz";
+        sha1 = "b58747854ff33df7ff8f1653756bff6a32a8c838";
+      })
+    ];
+    buildInputs =
+      (self.nativeDeps."x509"."*" or []);
+    deps = [
+    ];
+    peerDependencies = [
+    ];
+    passthru.names = [ "x509" ];
+  };
+  "x509" = self.full."x509"."*";
   full."xml2js"."0.2.4" = lib.makeOverridable self.buildNodePackage {
     name = "xml2js-0.2.4";
     src = [
diff --git a/pkgs/top-level/node-packages.json b/pkgs/top-level/node-packages.json
index d3dcbe665c5b..1057e3f6f287 100644
--- a/pkgs/top-level/node-packages.json
+++ b/pkgs/top-level/node-packages.json
@@ -84,6 +84,7 @@
 , "grunt-contrib-cssmin"
 , "grunt-contrib-uglify"
 , "grunt-karma"
+, "grunt-sed"
 , "karma"
 , "karma-mocha"
 , "karma-coverage"
@@ -94,4 +95,16 @@
 , "almond"
 , "lcov-result-merger"
 , "coveralls"
+, "js-yaml"
+, "node-inspector"
+, "istanbul"
+, "mocha-unfunk-reporter"
+, "chai"
+, "selenium-webdriver"
+, "webdrvr"
+, "connect-jade-static"
+, "plist-native"
+, "x509"
+, "owl-deepcopy"
+, "meat"
 ]
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 6f3162cd7d48..a90a3f4e33c6 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -11,6 +11,8 @@ rec {
 
   inherit (pkgs) buildPerlPackage fetchurl stdenv perl fetchsvn gnused;
 
+  inherit (stdenv.lib) maintainers;
+
   inherit __overrides;
 
   # Helper functions for packages that use Module::Build to build.
@@ -33,17 +35,15 @@ rec {
     # use gnused so that the preCheck command passes
     buildInputs = stdenv.lib.optional stdenv.isDarwin [ gnused ];
     propagatedBuildInputs = [ FileNext ];
-    meta = with stdenv.lib; {
+    meta = {
       description = "A grep-like tool tailored to working with large trees of source code";
       homepage    = http://betterthangrep.com/;
       license     = "free";  # Artistic 2.0
       maintainers = with maintainers; [ lovek323 ];
       platforms   = stdenv.lib.platforms.unix;
     };
-    # t/swamp/{0,perl-without-extension} are datafiles for the test
-    # t/ack-show-types.t, but the perl generic builder confuses them
-    # for scripts and purifies them, making the test fail.
-    preCheck = "sed -i '1s,.*,#!/usr/bin/perl -w,' t/swamp/0 t/swamp/perl-without-extension";
+    # tests fails on nixos and hydra because of different purity issues
+    doCheck = false;
   };
 
   AlgorithmAnnotate = buildPerlPackage {
@@ -83,6 +83,10 @@ rec {
       sha256 = "1kqn13wd0lfjrf6h19b9kgdqqwp7k2d9yfq5i0wvii0xi8jqh1lw";
     };
     propagatedBuildInputs = [ AlgorithmDiff ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   aliased = buildPerlPackage rec {
@@ -108,6 +112,10 @@ rec {
       url = mirror://cpan/authors/id/M/ML/MLEHMANN/AnyEvent-7.04.tar.gz;
       sha256 = "6a9d94fa61c7f5dc515c834eb224dbc6ce4123da8fd5bfa0cf3815f3f3e908b2";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   AnyEventRabbitMQ = buildPerlPackage {
@@ -121,6 +129,8 @@ rec {
     meta = {
       description = "An asynchronous and multi channel Perl AMQP client";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -168,6 +178,8 @@ rec {
       homepage = https://github.com/rjbs/app-cmd;
       description = "Write command line apps with less suffering";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -289,6 +301,8 @@ rec {
     meta = {
       description = "Replace functions with ones that succeed or die with lexical scope";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -321,6 +335,8 @@ rec {
     meta = {
       description = "Wrap OP check callbacks";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -331,6 +347,10 @@ rec {
       sha256 = "0gcg1173i1bsx2qvyw77kw90xbf03b861jc42hvq744vzc5k6xjs";
     };
     propagatedBuildInputs = [CarpClan];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   BKeywords = buildPerlPackage {
@@ -392,6 +412,10 @@ rec {
       sha256 = "1aa2mjn5767b13063nnsrwcikrnbspby7j1c5q007bzaq0gcbcri";
     };
     propagatedBuildInputs = [ StringCRC32 ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   CacheMemcachedFast = buildPerlPackage {
@@ -403,6 +427,8 @@ rec {
     meta = {
       description = "Perl client for B<memcached>, in C language";
       license = "unknown";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -413,6 +439,10 @@ rec {
       sha256 = "1zykapgl9lxnlx79xfghzb26qimhry94xfxfyswwfhra1ywd9yyg";
     };
     propagatedBuildInputs = [ TimeDate DBFile DigestSHA1 FileNFSLock HeapFibonacci IOString ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   cam_pdf = buildPerlPackage rec {
@@ -433,6 +463,10 @@ rec {
     };
     propagatedBuildInputs = [HTMLTiny LWP];
     buildInputs = [TestPod];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   CaptureTiny = buildPerlPackage {
@@ -518,6 +552,8 @@ rec {
     meta = {
       description = "HTTP Basic and Digest authentication";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -720,6 +756,8 @@ rec {
     meta = {
       description = "Flexible caching support for Catalyst.";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -734,6 +772,8 @@ rec {
     meta = {
       description = "HTTP/1.1 cache validators for Catalyst";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -769,6 +809,8 @@ rec {
     meta = {
       description = "Unicode aware Catalyst";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -941,6 +983,8 @@ rec {
     propagatedBuildInputs = [ TestException ];
     meta = {
       description = "Convert flat hash to nested data using TT2's dot convention";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1002,6 +1046,8 @@ rec {
     };
     meta = {
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1407,6 +1453,10 @@ rec {
       sha256 = "1s8gxfg4xqp543aqanv5lbp64vqqyw6ic4x3fm4imkk1h3amjb6d";
     };
     propagatedBuildInputs = [ SymbolUtil ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   constantdefer = pkgs.perlPackages.constant-defer;
@@ -1445,6 +1495,10 @@ rec {
       sha256 = "a73ace48d940b28e3dfb32d2f3507205d3ddfdc6610075ecc72e19476bb6de44";
     };
     propagatedBuildInputs = [ AnyEvent Guard CommonSense ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   CPANChanges = buildPerlPackage {
@@ -1586,6 +1640,8 @@ rec {
       homepage = http://search.cpan.org/dist/Crypt-Random-Source;
       description = "Get weak or strong random data from pluggable sources";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1678,6 +1734,8 @@ rec {
     meta = {
       description = "Polymorphic data cloning";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1837,6 +1895,8 @@ rec {
       homepage = https://metacpan.org/release/Data-UUID-MT;
       description = "Fast random UUID generator using the Mersenne Twister algorithm";
       license = "apache_2_0";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1858,6 +1918,10 @@ rec {
       sha256 = "14yvbgy9n8icwlm5zi86lskvxd6nsl42i1g9f5dwdaw9my463diy";
     };
     propagatedBuildInputs = [CarpClan BitVector];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   DateManip = buildPerlPackage {
@@ -1966,6 +2030,8 @@ rec {
     meta = {
       description = "Parses ISO8601 formats";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -1993,6 +2059,8 @@ rec {
     meta = {
       description = "Parse and format PostgreSQL dates and times";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2235,6 +2303,8 @@ rec {
       homepage = http://search.cpan.org/dist/DBIx-Connector/;
       description = "Fast, safe DBI connection and transaction management";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2247,6 +2317,8 @@ rec {
     propagatedBuildInputs = [ DBI ];
     meta = {
       description = "Very complete easy-to-use OO interface to DBI";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2258,6 +2330,8 @@ rec {
     };
     meta = {
       description = "Find memory cycles in objects";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2272,6 +2346,8 @@ rec {
     meta = {
       description = "Adding keywords to perl, in perl";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2317,6 +2393,10 @@ rec {
       sha256 = "0xm42030qlbimay5x72sjj0na43ciniai2xdcdx8zf191jw5dz7n";
     };
     propagatedBuildInputs = [ Moose namespaceclean SubExporter Testuseok TestWarn ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   DevelStackTrace = buildPerlPackage {
@@ -2385,6 +2465,8 @@ rec {
     meta = {
       description = "Keyed-Hashing for Message Authentication";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2405,6 +2487,8 @@ rec {
     propagatedBuildInputs = [ LWP ];
     meta = {
       description = "Perl extension for getting MD5 sums for files and urls.";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2795,6 +2879,8 @@ rec {
     meta = {
       description = "Generate world unique message-ids";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2807,6 +2893,8 @@ rec {
     propagatedBuildInputs = [ EmailMessageID EmailMIMEContentType EmailMIMEEncodings EmailSimple MIMETypes ];
     meta = {
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2819,6 +2907,8 @@ rec {
     meta = {
       description = "Parse a MIME Content-Type Header";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2830,6 +2920,8 @@ rec {
     };
     meta = {
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -2901,6 +2993,10 @@ rec {
       url = mirror://cpan/authors/id/D/DS/DSB/Env-Path-0.19.tar.gz;
       sha256 = "1qhmj15a66h90pjl2dgnxsb9jj3b1r5mpvnr87cafcl8g69z0jr4";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   Error = buildPerlPackage rec {
@@ -2933,6 +3029,10 @@ rec {
       sha256 = "1s2is862xba2yy633wn2nklrya36yrlwxlbpqjrv8m31xj2c8khw";
     };
     buildInputs = [ TestUnitLite ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   ExceptionClass = buildPerlPackage rec {
@@ -2952,6 +3052,10 @@ rec {
     };
     buildInputs = [ TestAssert TestUnitLite ];
     propagatedBuildInputs = [ constantboolean ExceptionBase ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   ExceptionWarning = buildPerlPackage {
@@ -2962,6 +3066,10 @@ rec {
     };
     buildInputs = [ TestAssert TestUnitLite ];
     propagatedBuildInputs = [ ExceptionBase ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   ExporterDeclare = buildPerlModule {
@@ -2976,6 +3084,8 @@ rec {
       homepage = http://open-exodus.net/projects/Exporter-Declare;
       description = "Exporting done right";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3028,6 +3138,8 @@ rec {
     };
     meta = {
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3142,6 +3254,10 @@ rec {
     };
     buildInputs = [ ExceptionWarning TestAssert TestUnitLite ];
     propagatedBuildInputs = [ ExceptionBase ExceptionDied ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   FCGI = buildPerlPackage rec {
@@ -3163,6 +3279,8 @@ rec {
       homepage = http://open-exodus.net/projects/Fennec-Lite;
       description = "Minimalist Fennec, the commonly used bits";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3278,6 +3396,15 @@ rec {
     propagatedBuildInputs = [ HTTPDate ];
   };
 
+  FileMimeInfo = buildPerlPackage {
+    name = "File-MimeInfo-0.20";
+    src = fetchurl {
+      url = "http://search.cpan.org/CPAN/authors/id/M/MI/MICHIELB/File-MimeInfo-0.20.tar.gz";
+      sha256 = "1738yi3a0xcbvffqymjb6cyh999q4pryalfwbkmdbjdks2y0bxz0";
+    };
+    propagatedBuildInputs = [ FileBaseDir FileDesktopEntry ];
+  };
+
   FileModified = buildPerlPackage {
     name = "File-Modified-0.07";
     src = fetchurl {
@@ -3300,6 +3427,10 @@ rec {
       url = mirror://cpan/authors/id/B/BB/BBB/File-NFSLock-1.21.tar.gz;
       sha256 = "1kclhmyha2xijq49darlz82f3bn7gq3saycxpfiz3dndqhr5i9iz";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   Filepushd = buildPerlPackage {
@@ -3312,6 +3443,8 @@ rec {
       homepage = https://metacpan.org/release/File-pushd;
       description = "Change directory temporarily for a limited scope";
       license = "apache";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3334,6 +3467,8 @@ rec {
       homepage = http://github.com/ingydotnet/file-share-pm/tree;
       description = "Extend File::ShareDir to Local Libraries";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3359,6 +3494,8 @@ rec {
     meta = {
       description = "Install shared files";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3505,6 +3642,19 @@ rec {
     };
   };
 
+  GnuPG = buildPerlPackage {
+    name = "GnuPG-0.19";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/Y/YA/YANICK/GnuPG-0.19.tar.gz;
+      sha256 = "af53f2d3f63297e046676eae14a76296afdd2910e09723b6b113708622b7989b";
+    };
+    buildInputs = [ pkgs.gnupg1orig ];
+    meta = {
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   GoogleProtocolBuffers = buildPerlPackage rec {
     name = "Google-ProtocolBuffers-0.08";
     src = fetchurl {
@@ -3563,6 +3713,10 @@ rec {
       url = mirror://cpan/authors/id/M/ML/MLEHMANN/Guard-1.022.tar.gz;
       sha256 = "0saq9949d13mdvpnls7mw1cy74lm4ncl7agbs7n2jl4sy6bvmw9m";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   HashFlatten = buildPerlPackage rec {
@@ -3619,6 +3773,10 @@ rec {
       sha256 = "0pmai98a89j82fjksfax87brmpimjn74kr7bl874lc1k40dfhx47";
     };
     propagatedBuildInputs = [ Testuseok ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };  
 
   HeapFibonacci = buildPerlPackage {
@@ -3627,6 +3785,10 @@ rec {
       url = mirror://cpan/authors/id/J/JM/JMM/Heap-0.80.tar.gz;
       sha256 = "1plv2djbyhvkdcw2ic54rdqb745cwksxckgzvw7ssxiir7rjknnc";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   HookLexWrap = buildPerlPackage rec {
@@ -3692,6 +3854,8 @@ rec {
     meta = {
       description = "HTML forms using Moose";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3715,6 +3879,10 @@ rec {
       sha256 = "0wnb561yp1r3mqw2hmd16zm45lqqm2mp823s1rx2k4qw141rmkpv";
     };
     buildInputs = [ TestBase ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   HTMLScrubber = buildPerlPackage {
@@ -3785,6 +3953,8 @@ rec {
     meta = {
       description = "Add XPath support to HTML::TreeBuilder";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -3966,6 +4136,8 @@ rec {
       homepage = https://github.com/ingydotnet/io-all-pm/tree;
       description = "IO::All of it to Graham and Damian!";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4093,6 +4265,8 @@ rec {
       homepage = https://github.com/rjbs/io-tiecombine;
       description = "Produce tied (and other) separate but combined variables";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4288,6 +4462,10 @@ rec {
       url = mirror://cpan/authors/id/G/GU/GUIDO/libintl-perl-1.23.tar.gz;
       sha256 = "1ylz6yhjifblhmnva0k05ch12a4cdii5v0icah69ma1gdhsidnk0";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   libxml_perl = buildPerlPackage rec {
@@ -4371,6 +4549,8 @@ rec {
     meta = {
       description = "Combines List::Util and List::MoreUtils in one bite-sized package";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4392,6 +4572,10 @@ rec {
       url = mirror://cpan/authors/id/P/PE/PEVANS/List-UtilsBy-0.09.tar.gz;
       sha256 = "1xcsgz8898h670zmwqd8azfn3a2y9nq7z8cva9dsyhzkk8ajmra1";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   LocaleGettext = buildPerlPackage {
@@ -4428,6 +4612,21 @@ rec {
     };
   };
 
+  LocalePO = buildPerlPackage {
+    name = "Locale-PO-0.23";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/C/CO/COSIMO/Locale-PO-0.23.tar.gz;
+      sha256 = "52e5fdc88ec4eb00512418a938dc5089476ea66c9e744fee3c6bbfdf17a0d302";
+    };
+    propagatedBuildInputs = [ FileSlurp ];
+    meta = {
+      description = "Perl module for manipulating .po entries from GNU gettext";
+      license = "unknown";
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   LockFileSimple = buildPerlPackage rec {
     name = "LockFile-Simple-0.207";
     src = fetchurl {
@@ -4447,6 +4646,8 @@ rec {
     meta = {
       description = "Simple logging interface with a contextual log";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4460,6 +4661,8 @@ rec {
     meta = {
       description = "Dispatches messages to one or more outputs";
       license = "artistic_2";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4585,6 +4788,10 @@ rec {
       sha256 = "1z89jszgifvjb8irzd8wrzim7l5m4hypdl9mj4dpkb4jm4189kmn";
     };
     propagatedBuildInputs = [ LWP HookLexWrap ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   LWPxParanoidAgent = buildPerlPackage rec {
@@ -4683,6 +4890,8 @@ rec {
       homepage = http://search.cpan.org/dist/Math-Random-ISAAC;
       description = "Perl interface to the ISAAC PRNG algorithm";
       license = "unrestricted";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4696,6 +4905,8 @@ rec {
     meta = {
       description = "Auto-seeded Mersenne Twister PRNGs";
       license = "unrestricted";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4710,6 +4921,8 @@ rec {
     meta = {
       description = "Cryptographically-secure, cross-platform replacement for rand()";
       license = "artistic_2";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4731,6 +4944,8 @@ rec {
     meta = {
       description = "Tools for creating Meta objects to track custom metrics";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4744,6 +4959,8 @@ rec {
     meta = {
       description = "Basic method declarations with signatures, without source filters";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4890,6 +5107,8 @@ rec {
     meta = {
       description = "Declare author-only dependencies";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -4903,6 +5122,8 @@ rec {
     meta = {
       description = "Designate tests only run by module authors";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5012,6 +5233,10 @@ rec {
       sha256 = "0g7qs6vqg91xpwg1cdy91m3kh9m1zbkzyz1qsy453b572xdscf0d";
     };
     buildInputs = [ pkgs.unzip ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   Moo = buildPerlPackage {
@@ -5069,6 +5294,8 @@ rec {
       homepage = http://metacpan.org/release/MooseX-ABC;
       description = "Abstract base classes for Moose";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5094,6 +5321,8 @@ rec {
       homepage = http://metacpan.org/release/MooseX-App-Cmd;
       description = "Mashes up MooseX::Getopt and App::Cmd";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5117,6 +5346,8 @@ rec {
     meta = {
       description = "Extend your attribute interfaces (deprecated)";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5127,6 +5358,10 @@ rec {
       sha256 = "11pbw3zdbcn54hrj6z74qisnmj9k4qliy6yjj9d71qndq3xg3x0f";
     };
     propagatedBuildInputs = [ DataVisitor HashUtilFieldHashCompat Moose namespaceclean Testuseok ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXConfigFromFile = buildPerlPackage {
@@ -5140,6 +5375,8 @@ rec {
     meta = {
       description = "An abstract Moose role for setting attributes from a configfile";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5198,6 +5435,8 @@ rec {
       homepage = https://github.com/pshangov/moosex-has-options;
       description = "Succinct options for Moose";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5352,6 +5591,10 @@ rec {
     };
     buildInputs = [ Testuseok TestTableDriven ];
     propagatedBuildInputs = [ ListMoreUtils Moose MooseXGetopt MooseXTypes MooseXTypesPathClass namespaceautoclean ParamsUtil ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXSemiAffordanceAccessor = buildPerlPackage rec {
@@ -5380,6 +5623,10 @@ rec {
       sha256 = "0103f0hi7fp3mc0y0ydnz4ghcnag5gwgn2160y2zp6rnydx2p2sc";
     };
     buildInputs = [ Moose TestFatal TestRequires ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXStrictConstructor = buildPerlPackage {
@@ -5440,6 +5687,10 @@ rec {
     };
     buildInputs = [ TestFatal ];
     propagatedBuildInputs = [ Moose MooseXTypes ];
+    meta = { 
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXTypesDateTime = buildPerlPackage {
@@ -5449,6 +5700,10 @@ rec {
       sha256 = "0q0d1dd8737rc3k3jb22wvybf03hg3lp1iyda0ivkd8020cib996";
     };
     propagatedBuildInputs = [ DateTime DateTimeLocale DateTimeTimeZone Moose MooseXTypes namespaceclean TestException Testuseok ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXTypesDateTimeMoreCoercions = buildPerlPackage {
@@ -5472,6 +5727,10 @@ rec {
       sha256 = "0wh4zxknqv98nrmsp6yg6mazjyl3vacrgywarzjg5gks78c84i8g";
     };
     propagatedBuildInputs = [ ClassLoad Moose MooseXTypes namespaceclean ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   MooseXTypesPathClass = buildPerlPackage {
@@ -5499,6 +5758,8 @@ rec {
       homepage = https://github.com/karenetheridge/moosex-types-path-tiny;
       description = "Path::Tiny types and coercions for Moose";
       license = "apache";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5527,6 +5788,8 @@ rec {
       homepage = https://github.com/dagolden/moosex-types-stringlike;
       description = "Moose type constraints for strings or string-like objects";
       license = "apache";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5542,6 +5805,8 @@ rec {
       homepage = http://metacpan.org/release/MooseX-Types-Structured;
       description = "MooseX::Types::Structured - Structured Type Constraints for Moose";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5552,6 +5817,10 @@ rec {
       sha256 = "056v08kzcd93h8l69iqdxbr05h85bgz6jvp6iwc0vv68dacr299s";
     };
     propagatedBuildInputs = [ Moose MooseXTypes MooseXTypesPathClass namespaceclean Testuseok URI URIFromHash ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   Mouse = buildPerlPackage rec {
@@ -5646,6 +5915,8 @@ rec {
     propagatedBuildInputs = [ URI ];
     meta = {
       description = "Perl extension to create signatures for AWS requests";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5710,6 +5981,8 @@ rec {
     meta = {
       description = "Manage Amazon S3 policies for HTTP POST forms";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5724,6 +5997,8 @@ rec {
     meta = {
       description = "Advanced Message Queue Protocol (de)serialization and representation";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
     preConfigure =
       ''
@@ -5746,6 +6021,8 @@ rec {
       homepage = https://github.com/metabrainz/CoverArtArchive;
       description = "Query the coverartarchive.org";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5825,6 +6102,8 @@ rec {
     meta = {
       description = "An Asynchronous and multi channel Perl AMQP client";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -5874,6 +6153,7 @@ rec {
       url = "mirror://cpan/authors/id/D/DT/DTOWN/${name}.tar.gz";
       sha256 = "0hdpn1cw52x8cw24m9ayzpf4rwarm0khygn1sv3wvwxkrg0pphql";
     };
+    doCheck = false; # The test suite fails, see https://rt.cpan.org/Public/Bug/Display.html?id=85799
   };
 
   NetSSLeay = buildPerlPackage rec {
@@ -5938,6 +6218,8 @@ rec {
     meta = {
       description = "Comprehensive inside-out object support module";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6116,6 +6398,8 @@ rec {
       homepage = https://metacpan.org/release/Path-Tiny;
       description = "File path utility";
       license = "apache";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
     preConfigure =
       ''
@@ -6174,11 +6458,11 @@ rec {
     };
   };
 
-  PerlMagick = buildPerlPackage {
-    name = "PerlMagick-6.77";
+  PerlMagick = buildPerlPackage rec {
+    name = "PerlMagick-6.86";
     src = fetchurl {
-      url = mirror://cpan/authors/id/J/JC/JCRISTY/PerlMagick-6.77.tar.gz;
-      sha256 = "0axbj3n5avjxvlxradjs9zxiv84i00drmnjsb7hq9sjn9fzggngg";
+      url = "mirror://cpan/authors/id/J/JC/JCRISTY/${name}.tar.gz";
+      sha256 = "18xgh8r9pjxg9yi119gnsln1r4p4sk1r8bxd3iy0qj77frmksisi";
     };
     buildInputs = [pkgs.imagemagick];
     preConfigure =
@@ -6242,6 +6526,8 @@ rec {
     meta = {
       description = "Display information about the current request/response";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6560,6 +6846,8 @@ rec {
       homepage = http://metacpan.org/release/Redis/;
       description = "Perl binding for Redis database";
       license = "artistic_2";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6611,6 +6899,8 @@ rec {
       homepage = http://jaldhar.github.com/REST-Utils;
       description = "Utility functions for REST applications";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6680,6 +6970,10 @@ rec {
       sha256 = "1spvi0z62saz2cam8kwk2k561aavw2w42g3ykj38w1kmydvsk8z6";
     };
     propagatedBuildInputs = [ SOAPLite ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   SafeIsa = buildPerlPackage {
@@ -6755,6 +7049,8 @@ rec {
     };
     meta = {
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6776,6 +7072,8 @@ rec {
     meta = {
       description = "Perl's Web Services Toolkit";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6911,6 +7209,8 @@ rec {
     propagatedBuildInputs = [ NumberFormat ];
     meta = {
       license = "open_source";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -6984,6 +7284,10 @@ rec {
         url = mirror://cpan/authors/id/S/SO/SOENKE/String-CRC32-1.4.tar.gz;
         sha256 = "0lc3d4szxagwzcw6pxq3mmkvdlrz2zkw4i13crf42nvivv7gda8l";
       };
+      meta = {
+        maintainers = with maintainers; [ ocharles ];
+        platforms   = stdenv.lib.platforms.unix;
+      };
   };
 
   StringErrf = buildPerlPackage {
@@ -7006,6 +7310,10 @@ rec {
         url = mirror://cpan/authors/id/E/EV/EVO/String-Escape-2010.002.tar.gz;
         sha256 = "12ls7f7847i4qcikkp3skwraqvjphjiv2zxfhl5d49326f5myr7x";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   StringFlogger = buildPerlPackage {
@@ -7071,6 +7379,10 @@ rec {
       url = mirror://cpan/authors/id/R/RO/ROSCH/String-ShellQuote-1.04.tar.gz;
       sha256 = "0dfxhr6hxc2majkkrm0qbx3qcbykzpphbj2ms93dc86f7183c1p6";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   StringToIdentifierEN = buildPerlPackage rec {
@@ -7107,6 +7419,8 @@ rec {
     meta = {
       description = "Use TT to interpolate lexical variables";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7297,6 +7611,10 @@ rec {
       url = mirror://cpan/authors/id/D/DE/DEXTER/Symbol-Util-0.0203.tar.gz;
       sha256 = "0cnwwrd5d6i80f33s7n2ak90rh4s53ss7q57wndrpkpr4bfn3djm";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   syntax = buildPerlPackage {
@@ -7335,6 +7653,21 @@ rec {
     doCheck = false; # no `hostname' in stdenv
   };
 
+  TAPParserSourceHandlerpgTAP = buildPerlModule {
+    name = "TAP-Parser-SourceHandler-pgTAP-3.29";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/D/DW/DWHEELER/TAP-Parser-SourceHandler-pgTAP-3.29.tar.gz;
+      sha256 = "918aa9ada7a05334ace7304e7b9e002bbf0b569bfcf8fb06118777bdabd60e1b";
+    };
+    meta = {
+      homepage = http://search.cpan.org/dist/Tap-Parser-Sourcehandler-pgTAP/;
+      description = "Stream TAP from pgTAP test scripts";
+      license = "perl";
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   TaskCatalystTutorial = buildPerlPackage rec {
     name = "Task-Catalyst-Tutorial-0.06";
     src = fetchurl {
@@ -7386,6 +7719,10 @@ rec {
       sha256 = "1hq7jy6zg1iaslsyi05afz0i944y9jnv3nb4krkxjfmzwy5gw106";
     };
     propagatedBuildInputs = [ TemplateToolkit ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TemplatePluginJavaScript = buildPerlPackage {
@@ -7395,6 +7732,23 @@ rec {
       sha256 = "1mqqqs0dhfr6bp1305j9ns05q4pq1n3f561l6p8848k5ml3dh87a";
     };
     propagatedBuildInputs = [ TemplateToolkit ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
+  };
+
+  TemplatePluginJSONEscape = buildPerlPackage {
+    name = "Template-Plugin-JSON-Escape-0.02";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/N/NA/NANTO/Template-Plugin-JSON-Escape-0.02.tar.gz;
+      sha256 = "051a8b1d3bc601d58fc51e246067d36450cfe970278a0456e8ab61940f13cd86";
+    };
+    propagatedBuildInputs = [ JSON TemplateToolkit ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TemplateTimer = buildPerlPackage {
@@ -7533,6 +7887,10 @@ rec {
     };
     buildInputs = [ ClassInspector TestUnitLite ];
     propagatedBuildInputs = [ constantboolean ExceptionBase SymbolUtil ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TestAssertions = buildPerlPackage rec {
@@ -7629,6 +7987,8 @@ rec {
       homepage = http://metacpan.org/release/Test-EOL;
       description = "Check the correct line endings in your project";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7652,6 +8012,8 @@ rec {
       homepage = https://metacpan.org/release/Test-FailWarnings;
       description = "Add test failures if warnings are caught";
       license = "apache";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7699,6 +8061,10 @@ rec {
       sha256 = "1cyp46w3q7dg89qkw31ik2h2a6mdx6pzdz2lmp8m0a61zjr8mh07";
     };
     propagatedBuildInputs = [ JSONAny TestDifferences TestTester ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TestLongString = buildPerlPackage rec {
@@ -7718,6 +8084,8 @@ rec {
     propagatedBuildInputs = [ DevelCycle PadWalker ];
     meta = {
       description = "Verifies code hasn't left circular references";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7732,6 +8100,8 @@ rec {
     meta = {
       description = "Simulating other classes";
       license = "lgpl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7741,6 +8111,10 @@ rec {
       url = mirror://cpan/authors/id/S/SI/SIMONFLK/Test-MockModule-0.05.tar.gz;
       sha256 = "01vf75higpap5mwm5fyas08b3qcmy5bfq1c3wl4h0y3nihjibib7";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TestMockObject = buildPerlPackage {
@@ -7812,6 +8186,8 @@ rec {
     meta = {
       description = "Check the presence of tabs in your project";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7929,6 +8305,8 @@ rec {
       homepage = https://github.com/rjbs/Test-Routine;
       description = "Composable units of assertion";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -7981,6 +8359,8 @@ rec {
     meta = {
       description = "Write tests, not scripts that run them";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8014,6 +8394,8 @@ rec {
     meta = {
       description = "Unit testing without external dependencies";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8067,6 +8449,8 @@ rec {
     meta = {
       description = "Test fallback behaviour in absence of modules";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8105,6 +8489,10 @@ rec {
       sha256 = "0bwwdk0iai5dlvvfpja971qpgvmf6yq67iag4z4szl9v5sra0xm5";
     };
     propagatedBuildInputs = [ TestWWWMechanize WWWMechanizeCGI ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TestWWWMechanizePSGI = buildPerlPackage {
@@ -8127,6 +8515,10 @@ rec {
       sha256 = "09s47d5jcrx35dz623gjiqn0qmjrv0wb54czr7h01wffw1w8akxi";
     };
     propagatedBuildInputs = [ XMLLibXML ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TextAligner = buildPerlPackage {
@@ -8202,6 +8594,8 @@ rec {
     meta = {
       description = "Spy on objects to achieve test doubles (mock testing)";
       license = "perl5";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8228,6 +8622,8 @@ rec {
     meta = {
       description = "Micro template engine with Perl5 language";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8353,6 +8749,8 @@ rec {
     meta = {
       description = "Remove leading and/or trailing whitespace from strings";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8362,6 +8760,10 @@ rec {
       url = mirror://cpan/authors/id/L/LD/LDACHARY/Text-Unaccent-1.08.tar.gz;
       sha256 = "0avk50kia78kxryh2whmaj5l18q2wvmkdyqyjsf6kwr4kgy6x3i7";
     };
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   TextUnidecode = buildPerlPackage rec {
@@ -8379,6 +8781,10 @@ rec {
       sha256 = "0i1mg3ivxhx09x0w06k15izc92bknwqwh0ghpmhlq9s9iw12mmry";
     };
     propagatedBuildInputs = [ URI ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   Throwable = buildPerlPackage rec {
@@ -8551,6 +8957,8 @@ rec {
     meta = {
       description = "Wrapper around ICU collation services";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
     buildInputs = [ pkgs.icu ];
   };
@@ -8599,6 +9007,8 @@ rec {
     meta = {
       description = "Build a URI from a set of named parameters";
       license = "perl";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8699,7 +9109,14 @@ rec {
       sha256 = "046jm18liq7rwkdawdh9520cnalkfrk26yqryp7xgw71y65lvq61";
     };
     propagatedBuildInputs = [ HTTPRequestAsCGI WWWMechanize ];
-    preConfigure = "sed -i 's|#!/usr/bin/perl|#!${perl}/bin/perl|' t/cgi-bin/script.cgi";
+    preConfigure = ''
+      substituteInPlace t/cgi-bin/script.cgi \
+        --replace '#!/usr/bin/perl' '#!${perl}/bin/perl'
+    '';
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   WWWRobotRules = buildPerlPackage {
@@ -8802,6 +9219,8 @@ rec {
     };
     meta = {
       description = "A re-usable XPath engine for DOM-like trees";
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
     };
   };
 
@@ -8829,6 +9248,10 @@ rec {
       sha256 = "05rzm433vvndh49k8p4gqnyw4x4lxa4zr6qdlrlgplqkxvhvk6jk";
     };
     propagatedBuildInputs = [ XMLParser ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
   };
 
   XMLSimple = buildPerlPackage {
diff --git a/pkgs/top-level/python-packages-generated.nix b/pkgs/top-level/python-packages-generated.nix
index ff86757c979d..e7308e2b8164 100644
--- a/pkgs/top-level/python-packages-generated.nix
+++ b/pkgs/top-level/python-packages-generated.nix
@@ -55,7 +55,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -67,15 +67,15 @@ in
   };
 
 
-  "Products.Archetypes-1.9.1" = self.buildPythonPackage {
-    name = "Products.Archetypes-1.9.1";
+  "Products.Archetypes-1.9.4" = self.buildPythonPackage {
+    name = "Products.Archetypes-1.9.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.Archetypes/Products.Archetypes-1.9.1.zip";
-        md5 = "c2343539f9f3e485f0bc98b46c12cd85";
+        url = "https://pypi.python.org/packages/source/P/Products.Archetypes/Products.Archetypes-1.9.4.zip";
+        md5 = "fc5679b10df703a542b58da044f7d9c6";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.app.folder-1.0.5" self."plone.folder-1.0.4" self."plone.uuid-1.0.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.3" self."Products.Marshall-2.1.2" self."Products.MimetypesRegistry-2.0.4" self."Products.PlacelessTranslationService-2.0.3" self."Products.PortalTransforms-2.1.2" self."Products.statusmessages-4.0" self."Products.validation-2.0" self."Products.ZSQLMethods-2.13.4" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.contenttype-3.5.5" self."zope.datetime-3.4.1" self."zope.deferredimport-3.5.3" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.tal-3.5.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.app.folder-1.0.5" self."plone.folder-1.0.4" self."plone.uuid-1.0.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.4" self."Products.Marshall-2.1.2" self."Products.MimetypesRegistry-2.0.5" self."Products.PlacelessTranslationService-2.0.4" self."Products.PortalTransforms-2.1.2" self."Products.statusmessages-4.0" self."Products.validation-2.0" self."Products.ZSQLMethods-2.13.4" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.contenttype-3.5.5" self."zope.datetime-3.4.1" self."zope.deferredimport-3.5.3" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.tal-3.5.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -87,6 +87,26 @@ in
   };
 
 
+  "plone.app.contentlisting-1.0.5" = self.buildPythonPackage {
+    name = "plone.app.contentlisting-1.0.5";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.app.contentlisting/plone.app.contentlisting-1.0.5.zip";
+        md5 = "9fc15b8ecad1c918778c3ea9a75bf533";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."plone.uuid-1.0.3" self.setuptools ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Listing of content for the Plone CMS
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.app.contentlisting";
+      license = "GPL version 2";
+    };
+  };
+
+
   "Products.Marshall-2.1.2" = self.buildPythonPackage {
     name = "Products.Marshall-2.1.2";
     src = fetchurl {
@@ -95,7 +115,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.uuid-1.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."transaction-1.1.1" self."zope.contenttype-3.5.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.uuid-1.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."transaction-1.1.1" self."zope.contenttype-3.5.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -127,15 +147,55 @@ in
   };
 
 
-  "Products.CMFPlone-4.3.1" = self.buildPythonPackage {
-    name = "Products.CMFPlone-4.3.1";
+  "plone.z3cform-0.8.0" = self.buildPythonPackage {
+    name = "plone.z3cform-0.8.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.CMFPlone/Products.CMFPlone-4.3.1.zip";
-        md5 = "2fee0c66e0d9bdf28b513bcd6d95a602";
+        url = "https://pypi.python.org/packages/source/p/plone.z3cform/plone.z3cform-0.8.0.zip";
+        md5 = "bdb23dd162544964d2f8f8f5f002e874";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."archetypes.querywidget-1.0.8" self."archetypes.referencebrowserwidget-2.4.18" self."borg.localrole-3.0.2" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."five.customerize-1.1" self."five.localsitemanager-2.0.5" self."Pillow-1.7.8" self."plone.app.blob-1.5.8" self."plone.app.collection-1.0.10" self."plone.app.content-2.1.2" self."plone.app.contentlisting-1.0.4" self."plone.app.contentmenu-2.0.8" self."plone.app.contentrules-3.0.3" self."plone.app.controlpanel-2.3.6" self."plone.app.customerize-1.2.2" self."plone.app.discussion-2.2.6" self."plone.app.folder-1.0.5" self."plone.app.form-2.2.2" self."plone.app.i18n-2.0.2" self."plone.app.jquery-1.7.2" self."plone.app.jquerytools-1.5.5" self."plone.app.layout-2.3.5" self."plone.app.linkintegrity-1.5.2" self."plone.app.locales-4.3.1" self."plone.app.portlets-2.4.4" self."plone.app.redirector-1.2" self."plone.app.search-1.1.4" self."plone.app.upgrade-1.3.3" self."plone.app.users-1.2a2" self."plone.app.uuid-1.0" self."plone.app.viewletmanager-2.0.3" self."plone.app.vocabularies-2.1.10" self."plone.app.workflow-2.1.5" self."plone.batching-1.0" self."plone.browserlayer-2.1.2" self."plone.contentrules-2.0.3" self."plone.fieldsets-2.0.2" self."plone.i18n-2.0.8" self."plone.indexer-1.0.2" self."plone.intelligenttext-2.0.2" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.portlet.collection-2.1.5" self."plone.portlet.static-2.0.2" self."plone.portlets-2.2" self."plone.protect-2.0.2" self."plone.registry-1.0.1" self."plone.session-3.5.3" self."plone.theme-2.1" self."plonetheme.classic-1.3.2" self."plonetheme.sunburst-1.4.4" self."Products.Archetypes-1.9.1" self."Products.ATContentTypes-2.1.13" self."Products.CMFActionIcons-2.1.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDiffTool-2.1" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.CMFEditions-2.2.8" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.CMFUid-2.2.1" self."Products.DCWorkflow-2.2.4" self."Products.ExtendedPathIndex-3.1" self."Products.ExternalEditor-1.1.0" self."Products.GenericSetup-1.7.3" self."Products.MimetypesRegistry-2.0.4" self."Products.PasswordResetTool-2.0.14" self."Products.PlacelessTranslationService-2.0.3" self."Products.PloneLanguageTool-3.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self."Products.PluginRegistry-1.3" self."Products.PortalTransforms-2.1.2" self."Products.ResourceRegistries-2.2.9" self."Products.statusmessages-4.0" self."Products.TinyMCE-1.3.4" self.setuptools self."transaction-1.1.1" self."z3c.autoinclude-0.3.4" self."ZODB3-3.10.5" self."zope.app.locales-3.6.2" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.deferredimport-3.5.3" self."zope.deprecation-3.4.1" self."zope.dottedname-3.4.6" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.site-3.9.2" self."zope.structuredtext-3.5.1" self."zope.tal-3.5.2" self."zope.tales-3.5.3" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.batching-1.0" self.setuptools self."z3c.form-3.0.2" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        plone.z3cform is a library that allows use of z3c.form with Zope 2 and the CMF.
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.z3cform";
+      license = "ZPL 2.1";
+    };
+  };
+
+
+  "six-1.4.1" = self.buildPythonPackage {
+    name = "six-1.4.1";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/s/six/six-1.4.1.tar.gz";
+        md5 = "bdbb9e12d3336c198695aa4cf3a61d62";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [  ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Python 2 and 3 compatibility utilities
+        '';
+      homepage = "http://pypi.python.org/pypi/six/";
+      license = "UNKNOWN";
+    };
+  };
+
+
+  "Products.CMFPlone-4.3.2" = self.buildPythonPackage {
+    name = "Products.CMFPlone-4.3.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/P/Products.CMFPlone/Products.CMFPlone-4.3.2.zip";
+        md5 = "b9948583429d7d90475148d276fa5cf4";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."archetypes.querywidget-1.0.9" self."archetypes.referencebrowserwidget-2.4.19" self."borg.localrole-3.0.2" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."five.customerize-1.1" self."five.localsitemanager-2.0.5" self."Pillow-1.7.8" self."plone.app.blob-1.5.8" self."plone.app.collection-1.0.11" self."plone.app.content-2.1.3" self."plone.app.contentlisting-1.0.5" self."plone.app.contentmenu-2.0.8" self."plone.app.contentrules-3.0.4" self."plone.app.controlpanel-2.3.7" self."plone.app.customerize-1.2.2" self."plone.app.discussion-2.2.8" self."plone.app.folder-1.0.5" self."plone.app.form-2.2.3" self."plone.app.i18n-2.0.2" self."plone.app.jquery-1.7.2" self."plone.app.jquerytools-1.5.6" self."plone.app.layout-2.3.7" self."plone.app.linkintegrity-1.5.3" self."plone.app.locales-4.3.2" self."plone.app.portlets-2.4.5" self."plone.app.redirector-1.2" self."plone.app.search-1.1.5" self."plone.app.upgrade-1.3.4" self."plone.app.users-1.2a2" self."plone.app.uuid-1.0" self."plone.app.viewletmanager-2.0.4" self."plone.app.vocabularies-2.1.11" self."plone.app.workflow-2.1.6" self."plone.batching-1.0" self."plone.browserlayer-2.1.2" self."plone.contentrules-2.0.3" self."plone.fieldsets-2.0.2" self."plone.i18n-2.0.9" self."plone.indexer-1.0.2" self."plone.intelligenttext-2.0.2" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.portlet.collection-2.1.5" self."plone.portlet.static-2.0.2" self."plone.portlets-2.2" self."plone.protect-2.0.2" self."plone.registry-1.0.1" self."plone.session-3.5.3" self."plone.theme-2.1" self."plonetheme.classic-1.3.2" self."plonetheme.sunburst-1.4.5" self."Products.Archetypes-1.9.4" self."Products.ATContentTypes-2.1.13" self."Products.CMFActionIcons-2.1.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDiffTool-2.1" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.CMFEditions-2.2.8" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.CMFUid-2.2.1" self."Products.DCWorkflow-2.2.4" self."Products.ExtendedPathIndex-3.1" self."Products.ExternalEditor-1.1.0" self."Products.GenericSetup-1.7.4" self."Products.MimetypesRegistry-2.0.5" self."Products.PasswordResetTool-2.0.15" self."Products.PlacelessTranslationService-2.0.4" self."Products.PloneLanguageTool-3.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self."Products.PluginRegistry-1.3" self."Products.PortalTransforms-2.1.2" self."Products.ResourceRegistries-2.2.9" self."Products.statusmessages-4.0" self."Products.TinyMCE-1.3.5" self.setuptools self."transaction-1.1.1" self."z3c.autoinclude-0.3.4" self."ZODB3-3.10.5" self."zope.app.locales-3.6.2" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.deferredimport-3.5.3" self."zope.deprecation-3.4.1" self."zope.dottedname-3.4.6" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.site-3.9.2" self."zope.structuredtext-3.5.1" self."zope.tal-3.5.2" self."zope.tales-3.5.3" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -156,7 +216,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.proxy-3.6.1" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         zope.deferredimport allows you to perform imports names that will only be resolved when used in the code.
@@ -167,11 +227,31 @@ in
   };
 
 
-  "waitress-0.8.6" = self.buildPythonPackage {
-    name = "waitress-0.8.6";
+  "Mako-0.9.0" = self.buildPythonPackage {
+    name = "Mako-0.9.0";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/M/Mako/Mako-0.9.0.tar.gz";
+        md5 = "e2627ba5c65f83dfe39d9a0892ae517d";
+    };
+    doCheck = true;
+    buildInputs = [ self."nose-1.3.0" ];
+    propagatedBuildInputs = [ self."MarkupSafe-0.18" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        A super-fast templating language that borrows the  best ideas from the existing templating languages.
+        '';
+      homepage = "http://www.makotemplates.org/";
+      license = "MIT";
+    };
+  };
+
+
+  "waitress-0.8.7" = self.buildPythonPackage {
+    name = "waitress-0.8.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/w/waitress/waitress-0.8.6.tar.gz";
-        md5 = "eb5a8968780cfbc6b75364683b09f5fe";
+        url = "https://pypi.python.org/packages/source/w/waitress/waitress-0.8.7.tar.gz";
+        md5 = "714f3d458d82a47f12fb168460de8366";
     };
     doCheck = false;
     buildInputs = [  ];
@@ -187,11 +267,11 @@ in
   };
 
 
-  "coverage-3.6" = self.buildPythonPackage {
-    name = "coverage-3.6";
+  "coverage-3.7" = self.buildPythonPackage {
+    name = "coverage-3.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/c/coverage/coverage-3.6.tar.gz";
-        md5 = "67d4e393f4c6a5ffc18605409d2aa1ac";
+        url = "https://pypi.python.org/packages/source/c/coverage/coverage-3.7.tar.gz";
+        md5 = "055d82e6849d882ec6cf2ae1faca8e56";
     };
     doCheck = true;
     buildInputs = [  ];
@@ -207,26 +287,6 @@ in
   };
 
 
-  "plone.app.workflow-2.1.5" = self.buildPythonPackage {
-    name = "plone.app.workflow-2.1.5";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.workflow/plone.app.workflow-2.1.5.zip";
-        md5 = "b3589b4def82201adc196b3075b54213";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.3" self."Products.statusmessages-4.0" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        workflow and security settings for Plone
-        '';
-      homepage = "http://pypi.python.org/pypi/plone.app.workflow";
-      license = "GPL version 2";
-    };
-  };
-
-
   "Products.CMFUid-2.2.1" = self.buildPythonPackage {
     name = "Products.CMFUid-2.2.1";
     src = fetchurl {
@@ -235,7 +295,7 @@ in
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."Zope2-2.13.20" self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."Zope2-2.13.21" self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -247,35 +307,15 @@ in
   };
 
 
-  "roman-1.4.0" = self.buildPythonPackage {
-    name = "roman-1.4.0";
+  "plone.autoform-1.5" = self.buildPythonPackage {
+    name = "plone.autoform-1.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/r/roman/roman-1.4.0.tar.gz";
-        md5 = "4f8832ed4108174b159c2afb4bd1d1dd";
-    };
-    doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Integer to Roman numerals converter
-        '';
-      homepage = "http://pypi.python.org/pypi/roman";
-      license = "Python 2.1.1";
-    };
-  };
-
-
-  "plone.autoform-1.4" = self.buildPythonPackage {
-    name = "plone.autoform-1.4";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.autoform/plone.autoform-1.4.zip";
-        md5 = "01e5ccb59253bfaaa02c1ab4be3f212f";
+        url = "https://pypi.python.org/packages/source/p/plone.autoform/plone.autoform-1.5.zip";
+        md5 = "a62216fb76017077643f5af8b1e17949";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.supermodel-1.2.2" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" ];
+    propagatedBuildInputs = [ self."plone.supermodel-1.2.3" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0.2" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -396,7 +436,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self."mechanize-0.2.5" self."pytz-2013b" self.setuptools self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Programmable browser for functional black-box tests
@@ -415,7 +455,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -427,26 +467,6 @@ in
   };
 
 
-  "plone.outputfilters-1.10" = self.buildPythonPackage {
-    name = "plone.outputfilters-1.10";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.outputfilters/plone.outputfilters-1.10.zip";
-        md5 = "2c8ba3b7fd2bf18406eb49d01b478139";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self."Products.MimetypesRegistry-2.0.4" self."Products.PortalTransforms-2.1.2" self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Transformations applied to HTML in Plone text fields as they are rendered
-        '';
-      homepage = "http://github.com/plone/plone.outputfilters";
-      license = "GPL";
-    };
-  };
-
-
   "zope.site-3.9.2" = self.buildPythonPackage {
     name = "zope.site-3.9.2";
     src = fetchurl {
@@ -456,7 +476,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.security__untrustedpython-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Local registries for zope component architecture
@@ -487,41 +507,21 @@ in
   };
 
 
-  "six-1.3.0" = self.buildPythonPackage {
-    name = "six-1.3.0";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/s/six/six-1.3.0.tar.gz";
-        md5 = "ec47fe6070a8a64c802363d2c2b1e2ee";
-    };
-    doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
-    meta = {
-      description = ''
-        Python 2 and 3 compatibility utilities
-        '';
-      homepage = "http://pypi.python.org/pypi/six/";
-      license = "UNKNOWN";
-    };
-  };
-
-
-  "Products.CMFEditions-2.2.8" = self.buildPythonPackage {
-    name = "Products.CMFEditions-2.2.8";
+  "Products.PlacelessTranslationService-2.0.4" = self.buildPythonPackage {
+    name = "Products.PlacelessTranslationService-2.0.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.CMFEditions/Products.CMFEditions-2.2.8.zip";
-        md5 = "1806f2e17e2527fad9364670b343bd11";
+        url = "https://pypi.python.org/packages/source/P/Products.PlacelessTranslationService/Products.PlacelessTranslationService-2.0.4.zip";
+        md5 = "4b5a1ddc66eeaa02d32ee4a685905c10";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.CMFDiffTool-2.1" self."Products.CMFUid-2.2.1" self."Products.GenericSetup-1.7.3" self."Products.ZopeVersionControl-1.1.3" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.copy-3.5.0" self."zope.dottedname-3.4.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."python-gettext-1.2" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deferredimport-3.5.3" self."zope.deprecation-3.4.1" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Versioning for Plone
+        PTS provides a way of internationalizing (i18n'ing) and localizing (l10n'ing) software for Zope 2.
         '';
-      homepage = "http://pypi.python.org/pypi/Products.CMFEditions";
+      homepage = "http://pypi.python.org/pypi/Products.PlacelessTranslationService";
       license = "GPL";
     };
   };
@@ -564,7 +564,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Structured Configuration Library
@@ -575,26 +575,6 @@ in
   };
 
 
-  "Products.PlacelessTranslationService-2.0.3" = self.buildPythonPackage {
-    name = "Products.PlacelessTranslationService-2.0.3";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.PlacelessTranslationService/Products.PlacelessTranslationService-2.0.3.zip";
-        md5 = "a94635eb712563c5a002520713f5d6dc";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."python-gettext-1.2" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deferredimport-3.5.3" self."zope.deprecation-3.4.1" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        PTS provides a way of internationalizing (i18n'ing) and localizing (l10n'ing) software for Zope 2.
-        '';
-      homepage = "http://pypi.python.org/pypi/Products.PlacelessTranslationService";
-      license = "GPL";
-    };
-  };
-
-
   "zope.deprecation-3.4.1" = self.buildPythonPackage {
     name = "zope.deprecation-3.4.1";
     src = fetchurl {
@@ -623,7 +603,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."transaction-1.1.1" self."zope.interface-3.6.7" self."zope.structuredtext-3.5.1" self."zope.tales-3.5.3" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."transaction-1.1.1" self."zope.interface-3.6.7" self."zope.structuredtext-3.5.1" self."zope.tales-3.5.3" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -643,7 +623,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self.setuptools self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self.setuptools self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -683,7 +663,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."five.globalrequest-1.0" self."plone.registry-1.0.1" self."plone.transformchain-1.0.3" self.setuptools self."z3c.caching__zcml-2.0a1" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."five.globalrequest-1.0" self."plone.registry-1.0.1" self."plone.transformchain-1.0.3" self.setuptools self."z3c.caching__zcml-2.0a1" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -704,7 +684,7 @@ in
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Generic Transparent Proxies
@@ -735,22 +715,22 @@ in
   };
 
 
-  "zope.component-4.1.0" = self.buildPythonPackage {
-    name = "zope.component-4.1.0";
+  "Products.CMFCore-2.2.7" = self.buildPythonPackage {
+    name = "Products.CMFCore-2.2.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.component/zope.component-4.1.0.zip";
-        md5 = "8e185893699f9fa577bd9ada0a5302fa";
+        url = "https://pypi.python.org/packages/source/P/Products.CMFCore/Products.CMFCore-2.2.7.tar.gz";
+        md5 = "9320a4023b8575097feacfd4a400e930";
     };
     doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."zope.event-4.0.2" self."zope.interface-4.0.5" ];
-    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self."five.localsitemanager-2.0.5" self."Products.GenericSetup-1.7.4" self."Products.ZSQLMethods-2.13.4" self.setuptools self."zope.app.publication-3.12.0" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Zope Component Architecture
+        Zope Content Management Framework core components
         '';
-      homepage = "http://pypi.python.org/pypi/zope.component";
-      license = "ZPL 2.1";
+      homepage = "http://pypi.python.org/pypi/Products.CMFCore";
+      license = "ZPL 2.1 (http://www.zope.org/Resources/License/ZPL-2.1)";
     };
   };
 
@@ -763,7 +743,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.i18n-2.0.8" self."plone.memoize-1.1.1" self."plone.session-3.5.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self."Products.PluggableAuthService-1.10.0" self.setuptools self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.i18n-2.0.9" self."plone.memoize-1.1.1" self."plone.session-3.5.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self."Products.PluggableAuthService-1.10.0" self.setuptools self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -803,7 +783,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."archetypes.referencebrowserwidget-2.4.18" self.setuptools self."zope.deprecation-3.4.1" ];
+    propagatedBuildInputs = [ self."archetypes.referencebrowserwidget-2.4.19" self.setuptools self."zope.deprecation-3.4.1" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -824,7 +804,7 @@ in
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self."ExtensionClass-2.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Special MultiMapping objects used in Zope2.
@@ -843,7 +823,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."Missing-2.13.1" self."Persistence-2.13.2" self."Record-2.13.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."Missing-2.13.1" self."Persistence-2.13.2" self."Record-2.13.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -855,26 +835,6 @@ in
   };
 
 
-  "Mako-0.8.1" = self.buildPythonPackage {
-    name = "Mako-0.8.1";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/M/Mako/Mako-0.8.1.tar.gz";
-        md5 = "96d962464ce6316004af0cc48495d73e";
-    };
-    doCheck = true;
-    buildInputs = [ self."nose-1.3.0" ];
-    propagatedBuildInputs = [ self."MarkupSafe-0.18" ];
-    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
-    meta = {
-      description = ''
-        A super-fast templating language that borrows the  best ideas from the existing templating languages.
-        '';
-      homepage = "http://www.makotemplates.org/";
-      license = "MIT";
-    };
-  };
-
-
   "plone.transformchain-1.0.3" = self.buildPythonPackage {
     name = "plone.transformchain-1.0.3";
     src = fetchurl {
@@ -895,21 +855,23 @@ in
   };
 
 
-  "zope.schema-4.3.2" = self.buildPythonPackage {
-    name = "zope.schema-4.3.2";
+  "plone.recipe.zope2instance" = self."plone.recipe.zope2instance-4.2.13";
+
+  "plone.recipe.zope2instance-4.2.13" = self.buildPythonPackage {
+    name = "plone.recipe.zope2instance-4.2.13";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.schema/zope.schema-4.3.2.zip";
-        md5 = "b63df4a3035f29113f8130c8ae28bb13";
+        url = "https://pypi.python.org/packages/source/p/plone.recipe.zope2instance/plone.recipe.zope2instance-4.2.13.zip";
+        md5 = "1ff990a15e77a92a7339b5092bfb9cc3";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."zope.event-4.0.2" self."zope.interface-4.0.5" ];
+    propagatedBuildInputs = [ self."mailinglogger-3.7.0" self.setuptools self."zc.buildout-1.7.1" self."zc.recipe.egg-1.3.2" self."ZODB3-3.10.5" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        zope.interface extension for defining data schemas
+        Buildout recipe for creating a Zope 2 instance
         '';
-      homepage = "http://pypi.python.org/pypi/zope.schema";
+      homepage = "http://pypi.python.org/pypi/plone.recipe.zope2instance";
       license = "ZPL 2.1";
     };
   };
@@ -923,7 +885,7 @@ in
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -955,15 +917,35 @@ in
   };
 
 
-  "plone.app.form-2.2.2" = self.buildPythonPackage {
-    name = "plone.app.form-2.2.2";
+  "Products.CMFEditions-2.2.8" = self.buildPythonPackage {
+    name = "Products.CMFEditions-2.2.8";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/P/Products.CMFEditions/Products.CMFEditions-2.2.8.zip";
+        md5 = "1806f2e17e2527fad9364670b343bd11";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.CMFDiffTool-2.1" self."Products.CMFUid-2.2.1" self."Products.GenericSetup-1.7.4" self."Products.ZopeVersionControl-1.1.3" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.copy-3.5.0" self."zope.dottedname-3.4.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Versioning for Plone
+        '';
+      homepage = "http://pypi.python.org/pypi/Products.CMFEditions";
+      license = "GPL";
+    };
+  };
+
+
+  "plone.app.form-2.2.3" = self.buildPythonPackage {
+    name = "plone.app.form-2.2.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.form/plone.app.form-2.2.2.zip";
-        md5 = "6101e6a5bd4de6cc8cdef09ced2743eb";
+        url = "https://pypi.python.org/packages/source/p/plone.app.form/plone.app.form-2.2.3.zip";
+        md5 = "4b7dcabcda1407a40185782a4d1f9a01";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."five.formlib-1.0.4" self."plone.app.vocabularies-2.1.10" self."plone.locking-2.0.4" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."five.formlib-1.0.4" self."plone.app.vocabularies-2.1.11" self."plone.locking-2.0.4" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -983,7 +965,7 @@ in
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."five.formlib-1.0.4" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."Zope2-2.13.20" self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."five.formlib-1.0.4" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."Zope2-2.13.21" self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1004,7 +986,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope process lifetime events
@@ -1015,42 +997,22 @@ in
   };
 
 
-  "Products.PasswordResetTool-2.0.14" = self.buildPythonPackage {
-    name = "Products.PasswordResetTool-2.0.14";
+  "zope.component-4.1.0" = self.buildPythonPackage {
+    name = "zope.component-4.1.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.PasswordResetTool/Products.PasswordResetTool-2.0.14.zip";
-        md5 = "4267a5fef471d0ebe5ca848e86630702";
+        url = "https://pypi.python.org/packages/source/z/zope.component/zope.component-4.1.0.zip";
+        md5 = "8e185893699f9fa577bd9ada0a5302fa";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Password reset tool for Plone
-        '';
-      homepage = "http://pypi.python.org/pypi/Products.PasswordResetTool";
-      license = "GPL";
-    };
-  };
-
-
-  "WSGIProxy2-0.2" = self.buildPythonPackage {
-    name = "WSGIProxy2-0.2";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/W/WSGIProxy2/WSGIProxy2-0.2.tar.gz";
-        md5 = "d8c764aa68173e0d4851874ed6021211";
-    };
-    doCheck = true;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self."six-1.3.0" self."WebOb-1.2.3" ];
+    propagatedBuildInputs = [ self.setuptools self."zope.event-4.0.2" self."zope.interface-4.0.5" ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        UNKNOWN
+        Zope Component Architecture
         '';
-      homepage = "https://github.com/gawel/WSGIProxy2/";
-      license = "MIT";
+      homepage = "http://pypi.python.org/pypi/zope.component";
+      license = "ZPL 2.1";
     };
   };
 
@@ -1115,11 +1077,11 @@ in
   };
 
 
-  "plonetheme.sunburst-1.4.4" = self.buildPythonPackage {
-    name = "plonetheme.sunburst-1.4.4";
+  "plonetheme.sunburst-1.4.5" = self.buildPythonPackage {
+    name = "plonetheme.sunburst-1.4.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plonetheme.sunburst/plonetheme.sunburst-1.4.4.zip";
-        md5 = "f2cb3fdd66ecc14d1a542d2ca76252db";
+        url = "https://pypi.python.org/packages/source/p/plonetheme.sunburst/plonetheme.sunburst-1.4.5.zip";
+        md5 = "a8438d6f4a27ad6c10dc3554a9145705";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
@@ -1164,7 +1126,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Sequence Sorting
@@ -1183,7 +1145,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.PluggableAuthService-1.10.0" self."python-openid-2.2.5" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.PluggableAuthService-1.10.0" self."python-openid-2.2.5" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1203,7 +1165,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.resource-1.0.2" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.resource-1.0.2" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1215,26 +1177,6 @@ in
   };
 
 
-  "z3c.form-3.0" = self.buildPythonPackage {
-    name = "z3c.form-3.0";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/z3c.form/z3c.form-3.0.zip";
-        md5 = "f9fa3cf56c83722425b3b1be4467ce46";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."six-1.2.0" self."zope.browser-1.3" self."zope.browserpage-3.12.2" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.contentprovider-3.7.2" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.site-3.9.2" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        An advanced form and widget framework for Zope 3
-        '';
-      homepage = "https://launchpad.net/z3c.form";
-      license = "ZPL 2.1";
-    };
-  };
-
-
   "zope.app.publication-3.12.0" = self.buildPythonPackage {
     name = "zope.app.publication-3.12.0";
     src = fetchurl {
@@ -1264,7 +1206,7 @@ in
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.event-3.5.2" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         zope.interface extension for defining data schemas
@@ -1275,35 +1217,15 @@ in
   };
 
 
-  "Products.ExternalEditor-1.1.0" = self.buildPythonPackage {
-    name = "Products.ExternalEditor-1.1.0";
+  "plone.app.content-2.1.3" = self.buildPythonPackage {
+    name = "plone.app.content-2.1.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.ExternalEditor/Products.ExternalEditor-1.1.0.zip";
-        md5 = "475fea6e0b958c0c51cfdbfef2f4e623";
+        url = "https://pypi.python.org/packages/source/p/plone.app.content/plone.app.content-2.1.3.zip";
+        md5 = "3463a245414518f058fa6d658a6b9caf";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Zope External Editor
-        '';
-      homepage = "http://pypi.python.org/pypi/Products.ExternalEditor";
-      license = "ZPL 2.1";
-    };
-  };
-
-
-  "plone.app.content-2.1.2" = self.buildPythonPackage {
-    name = "plone.app.content-2.1.2";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.content/plone.app.content-2.1.2.zip";
-        md5 = "247eb174269b2ab03c05f318915f087e";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.batching-1.0" self."plone.i18n-2.0.8" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.batching-1.0" self."plone.i18n-2.0.9" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self.setuptools self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1323,7 +1245,7 @@ in
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1375,25 +1297,22 @@ in
   };
 
 
-  "diazo-1.0.3" = self.buildPythonPackage {
-    name = "diazo-1.0.3";
+  "plone.dexterity-2.1.3" = self.buildPythonPackage {
+    name = "plone.dexterity-2.1.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/d/diazo/diazo-1.0.3.zip";
-        md5 = "d3c2b017af521db4c86fb360c86e0bc8";
+        url = "https://pypi.python.org/packages/source/p/plone.dexterity/plone.dexterity-2.1.3.zip";
+        md5 = "7f6444a2c26488e4068217266fd243b7";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."experimental.cssselect-0.3" self."lxml-2.3.6" self.setuptools ];
+    propagatedBuildInputs = [ self."plone.alterego-1.0" self."plone.autoform-1.5" self."plone.behavior-1.0.2" self."plone.folder-1.0.4" self."plone.memoize-1.1.1" self."plone.rfc822-1.1" self."plone.supermodel-1.2.3" self."plone.synchronize-1.0.1" self."plone.uuid-1.0.3" self."plone.z3cform-0.8.0" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.dottedname-3.4.6" self."zope.filerepresentation-3.6.1" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.size-3.4.1" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Diazo implements a Deliverance like language using a pure XSLT engine. With Diazo, you
-"compile" your theme and ruleset in one step, then use a superfast/simple
-transform on each request thereafter. Alternatively, compile your theme during
-development, check it into Subversion, and not touch Diazo during deployment.
+        Flexible CMF content
         '';
-      homepage = "http://diazo.org";
-      license = "New BSD";
+      homepage = "http://code.google.com/p/dexterity";
+      license = "GPL version 2";
     };
   };
 
@@ -1418,6 +1337,30 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "diazo-1.0.4" = self.buildPythonPackage {
+    name = "diazo-1.0.4";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/d/diazo/diazo-1.0.4.zip";
+        md5 = "b5f07cfd928e06bcb964b3f830767bab";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."experimental.cssselect-0.3" self."lxml-2.3.6" self.setuptools ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Diazo implements a Deliverance like language using a pure
+        XSLT engine. With Diazo, you "compile" your theme and ruleset in one
+        step, then use a superfast/simple transform on each request thereafter.
+        Alternatively, compile your theme during development, check it into
+        Subversion, and not touch Diazo during deployment.
+        '';
+      homepage = "http://diazo.org";
+      license = "New BSD";
+    };
+  };
+
+
   "zc.lockfile-1.0.2" = self.buildPythonPackage {
     name = "zc.lockfile-1.0.2";
     src = fetchurl {
@@ -1427,7 +1370,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Basic inter-process locks
@@ -1447,7 +1390,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" self."zope.tal-3.5.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Template Application Language Expression Syntax (TALES)
@@ -1467,7 +1410,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self."pytz-2013b" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         This package provides a DateTime data type, as known from Zope 2.Unless you need to communicate with Zope 2 APIs, you're probablybetter off using Python's built-in datetime module.
@@ -1507,7 +1450,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         World timezone definitions, modern and historical
@@ -1518,21 +1461,21 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "zope.location-4.0.2" = self.buildPythonPackage {
-    name = "zope.location-4.0.2";
+  "zope.configuration-3.7.4" = self.buildPythonPackage {
+    name = "zope.configuration-3.7.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.location/zope.location-4.0.2.zip";
-        md5 = "44d865b2c0b1e1cc93898c7df938d353";
+        url = "https://pypi.python.org/packages/source/z/zope.configuration/zope.configuration-3.7.4.zip";
+        md5 = "5b0271908ef26c05059eda76928896ea";
     };
-    doCheck = true;
+    doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."zope.interface-4.0.5" self."zope.proxy-4.1.3" self."zope.schema-4.3.2" ];
+    propagatedBuildInputs = [ self.setuptools self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Zope Location
+        Zope Configuration Markup Language (ZCML)
         '';
-      homepage = "http://pypi.python.org/pypi/zope.location/";
+      homepage = "http://pypi.python.org/pypi/zope.configuration";
       license = "ZPL 2.1";
     };
   };
@@ -1546,7 +1489,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."Products.Archetypes-1.9.1" self."Products.CMFCore-2.2.7" self."Products.CMFEditions-2.2.8" self."Products.CMFPlacefulWorkflow-1.5.9" self."Products.DCWorkflow-2.2.4" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."Products.Archetypes-1.9.4" self."Products.CMFCore-2.2.7" self."Products.CMFEditions-2.2.8" self."Products.CMFPlacefulWorkflow-1.5.9" self."Products.DCWorkflow-2.2.4" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1558,21 +1501,21 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.PortalTransforms-2.1.2" = self.buildPythonPackage {
-    name = "Products.PortalTransforms-2.1.2";
+  "python-openid-2.2.5" = self.buildPythonPackage {
+    name = "python-openid-2.2.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.PortalTransforms/Products.PortalTransforms-2.1.2.zip";
-        md5 = "9f429f3c3b9e0019d0f6c9b7a8a9376e";
+        url = "https://pypi.python.org/packages/source/p/python-openid/python-openid-2.2.5.tar.gz";
+        md5 = "393f48b162ec29c3de9e2973548ea50d";
     };
     doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Markdown-2.0.3" self."plone.intelligenttext-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.MimetypesRegistry-2.0.4" self.setuptools self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."zope.structuredtext-3.5.1" self."Zope2-2.13.20" ];
+    buildInputs = [  ];
+    propagatedBuildInputs = [  ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        MIME based content transformations
+        OpenID support for servers and consumers.
         '';
-      homepage = "http://pypi.python.org/pypi/Products.PortalTransforms";
+      homepage = "http://github.com/openid/python-openid";
       license = "UNKNOWN";
     };
   };
@@ -1598,6 +1541,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "zope.broken-3.6.0" = self.buildPythonPackage {
+    name = "zope.broken-3.6.0";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/z/zope.broken/zope.broken-3.6.0.zip";
+        md5 = "eff24d7918099a3e899ee63a9c31bee6";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Zope Broken Object Interfaces
+        '';
+      homepage = "http://pypi.python.org/pypi/zope.broken";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "lxml-3.2.3" = self.buildPythonPackage {
     name = "lxml-3.2.3";
     src = fetchurl {
@@ -1618,35 +1581,35 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "DocumentTemplate-2.13.2" = self.buildPythonPackage {
-    name = "DocumentTemplate-2.13.2";
+  "Products.PythonScripts-2.13.2" = self.buildPythonPackage {
+    name = "Products.PythonScripts-2.13.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/D/DocumentTemplate/DocumentTemplate-2.13.2.zip";
-        md5 = "07bb086c77c1dfe94125ad2efbba94b7";
+        url = "https://pypi.python.org/packages/source/P/Products.PythonScripts/Products.PythonScripts-2.13.2.zip";
+        md5 = "04c86f2c45a29a162297a80dac61d14f";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."RestrictedPython-3.6.0" self."zExceptions-2.13.0" self."zope.sequencesort-3.4.0" self."zope.structuredtext-3.5.1" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."RestrictedPython-3.6.0" self.setuptools self."zExceptions-2.13.0" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Document Templating Markup Language (DTML)
+        Provides support for restricted execution of Python scripts in Zope 2.
         '';
-      homepage = "http://pypi.python.org/pypi/DocumentTemplate";
+      homepage = "http://pypi.python.org/pypi/Products.PythonScripts";
       license = "ZPL 2.1";
     };
   };
 
 
-  "plone.app.controlpanel-2.3.6" = self.buildPythonPackage {
-    name = "plone.app.controlpanel-2.3.6";
+  "plone.app.controlpanel-2.3.7" = self.buildPythonPackage {
+    name = "plone.app.controlpanel-2.3.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.controlpanel/plone.app.controlpanel-2.3.6.zip";
-        md5 = "ca5e0e0c8497d9860603e39e0eeba9b8";
+        url = "https://pypi.python.org/packages/source/p/plone.app.controlpanel/plone.app.controlpanel-2.3.7.zip";
+        md5 = "537072fe22237a2148310b8714755356";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.form-2.2.2" self."plone.app.vocabularies-2.1.10" self."plone.app.workflow-2.1.5" self."plone.fieldsets-2.0.2" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.protect-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.PlonePAS-4.1.1" self."Products.PortalTransforms-2.1.2" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.cachedescriptors-3.5.1" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.ramcache-1.0" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.form-2.2.3" self."plone.app.vocabularies-2.1.11" self."plone.app.workflow-2.1.6" self."plone.fieldsets-2.0.2" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.protect-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.PlonePAS-4.1.1" self."Products.PortalTransforms-2.1.2" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.cachedescriptors-3.5.1" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.ramcache-1.0" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1667,7 +1630,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.browserresource-3.10.3" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.security__untrustedpython-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Page template resource plugin for zope.browserresource
@@ -1678,26 +1641,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.MimetypesRegistry-2.0.4" = self.buildPythonPackage {
-    name = "Products.MimetypesRegistry-2.0.4";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.MimetypesRegistry/Products.MimetypesRegistry-2.0.4.zip";
-        md5 = "898166bb2aaececc8238ad4ee4826793";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self.setuptools self."ZODB3-3.10.5" self."zope.contenttype-3.5.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        MIME type handling for Zope
-        '';
-      homepage = "http://pypi.python.org/pypi/Products.MimetypesRegistry";
-      license = "UNKNOWN";
-    };
-  };
-
-
   "docutils-0.9.1" = self.buildPythonPackage {
     name = "docutils-0.9.1";
     src = fetchurl {
@@ -1707,7 +1650,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Docutils -- Python Documentation Utilities
@@ -1718,11 +1661,11 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "beautifulsoup4-4.3.1" = self.buildPythonPackage {
-    name = "beautifulsoup4-4.3.1";
+  "beautifulsoup4-4.3.2" = self.buildPythonPackage {
+    name = "beautifulsoup4-4.3.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/b/beautifulsoup4/beautifulsoup4-4.3.1.tar.gz";
-        md5 = "508095f2784c64114e06856edc1dafed";
+        url = "https://pypi.python.org/packages/source/b/beautifulsoup4/beautifulsoup4-4.3.2.tar.gz";
+        md5 = "b8d157a204d56512a4cc196e53e7d8ee";
     };
     doCheck = false;
     buildInputs = [  ];
@@ -1730,7 +1673,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        UNKNOWN
+        Screen-scraping library
         '';
       homepage = "http://www.crummy.com/software/BeautifulSoup/bs4/";
       license = "MIT";
@@ -1738,62 +1681,42 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "nose-1.3.0" = self.buildPythonPackage {
-    name = "nose-1.3.0";
+  "Products.PloneLanguageTool-3.2.7" = self.buildPythonPackage {
+    name = "Products.PloneLanguageTool-3.2.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/n/nose/nose-1.3.0.tar.gz";
-        md5 = "95d6d32b9d6b029c3c65674bd9e7eabe";
+        url = "https://pypi.python.org/packages/source/P/Products.PloneLanguageTool/Products.PloneLanguageTool-3.2.7.zip";
+        md5 = "bd9eb6278bf76e8cbce99437ca362164";
     };
-    doCheck = true;
-    buildInputs = [  ];
-    propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self.setuptools ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        nose extends unittest to make testing easier
+        PloneLanguageTool allows you to set the available languages in your Plone site, select various fallback mechanisms, and control the use of flags for language selection and translations.
         '';
-      homepage = "http://readthedocs.org/docs/nose/";
-      license = "GNU LGPL";
+      homepage = "http://pypi.python.org/pypi/Products.PloneLanguageTool";
+      license = "GPL";
     };
   };
 
 
-  "Distutils2-1.0a4" = self.buildPythonPackage {
-    name = "Distutils2-1.0a4";
+  "nose-1.3.0" = self.buildPythonPackage {
+    name = "nose-1.3.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/D/Distutils2/Distutils2-1.0a4.tar.gz";
-        md5 = "52bc9dffb394970c27e02853ae3a3241";
+        url = "https://pypi.python.org/packages/source/n/nose/nose-1.3.0.tar.gz";
+        md5 = "95d6d32b9d6b029c3c65674bd9e7eabe";
     };
-    doCheck = false;
+    doCheck = true;
     buildInputs = [  ];
     propagatedBuildInputs = [  ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Python Packaging Library
-        '';
-      homepage = "http://wiki.python.org/moin/Distutils2";
-      license = "Python license";
-    };
-  };
-
-
-  "plone.app.upgrade-1.3.3" = self.buildPythonPackage {
-    name = "plone.app.upgrade-1.3.3";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.upgrade/plone.app.upgrade-1.3.3.zip";
-        md5 = "1c45e809fba27bec11e8a40f686f0f5b";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."borg.localrole-3.0.2" self."five.localsitemanager-2.0.5" self."plone.app.folder-1.0.5" self."plone.app.portlets-2.4.4" self."plone.portlets-2.2" self."plone.session-3.5.3" self."Products.Archetypes-1.9.1" self."Products.CMFActionIcons-2.1.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDiffTool-2.1" self."Products.CMFEditions-2.2.8" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.CMFUid-2.2.1" self."Products.contentmigration-2.1.4" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.3" self."Products.MimetypesRegistry-2.0.4" self."Products.PloneLanguageTool-3.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self."Products.PortalTransforms-2.1.2" self."Products.ResourceRegistries-2.2.9" self."Products.SecureMailHost-1.1.2" self."Products.ZCatalog-2.13.23" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.ramcache-1.0" self."zope.site-3.9.2" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Upgrade machinery for Plone.
+        nose extends unittest to make testing easier
         '';
-      homepage = "http://pypi.python.org/pypi/plone.app.upgrade";
-      license = "GPL version 2";
+      homepage = "http://readthedocs.org/docs/nose/";
+      license = "GNU LGPL";
     };
   };
 
@@ -1826,7 +1749,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."plone.app.portlets-2.4.4" self."plone.openid-2.0.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.app.portlets-2.4.5" self."plone.openid-2.0.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1838,42 +1761,42 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "five.globalrequest-1.0" = self.buildPythonPackage {
-    name = "five.globalrequest-1.0";
+  "Products.PortalTransforms-2.1.2" = self.buildPythonPackage {
+    name = "Products.PortalTransforms-2.1.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/f/five.globalrequest/five.globalrequest-1.0.tar.gz";
-        md5 = "87f8996bd21d4aa156aa26e7d21b8744";
+        url = "https://pypi.python.org/packages/source/P/Products.PortalTransforms/Products.PortalTransforms-2.1.2.zip";
+        md5 = "9f429f3c3b9e0019d0f6c9b7a8a9376e";
     };
     doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self.setuptools self."zope.globalrequest-1.0" self."Zope2-2.13.20" ];
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Markdown-2.0.3" self."plone.intelligenttext-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.MimetypesRegistry-2.0.5" self.setuptools self."ZODB3-3.10.5" self."zope.interface-3.6.7" self."zope.structuredtext-3.5.1" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Zope 2 integration for zope.globalrequest
+        MIME based content transformations
         '';
-      homepage = "http://pypi.python.org/pypi/five.globalrequest";
-      license = "ZPL";
+      homepage = "http://pypi.python.org/pypi/Products.PortalTransforms";
+      license = "UNKNOWN";
     };
   };
 
 
-  "plone.indexer-1.0.2" = self.buildPythonPackage {
-    name = "plone.indexer-1.0.2";
+  "zope.schema-4.3.2" = self.buildPythonPackage {
+    name = "zope.schema-4.3.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.indexer/plone.indexer-1.0.2.zip";
-        md5 = "538aeee1f9db78bc8c85ae1bcb0153ed";
+        url = "https://pypi.python.org/packages/source/z/zope.schema/zope.schema-4.3.2.zip";
+        md5 = "b63df4a3035f29113f8130c8ae28bb13";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    propagatedBuildInputs = [ self.setuptools self."zope.event-4.0.2" self."zope.interface-4.0.5" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Hooks to facilitate managing custom index values in Zope 2/CMF applications
+        zope.interface extension for defining data schemas
         '';
-      homepage = "http://pypi.python.org/pypi/plone.indexer";
-      license = "BSD";
+      homepage = "http://pypi.python.org/pypi/zope.schema";
+      license = "ZPL 2.1";
     };
   };
 
@@ -1898,15 +1821,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.portlets-2.4.4" = self.buildPythonPackage {
-    name = "plone.app.portlets-2.4.4";
+  "plone.app.portlets-2.4.5" = self.buildPythonPackage {
+    name = "plone.app.portlets-2.4.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.portlets/plone.app.portlets-2.4.4.zip";
-        md5 = "c1144f7686cacf3d64fcd202ab2e5e2d";
+        url = "https://pypi.python.org/packages/source/p/plone.app.portlets/plone.app.portlets-2.4.5.zip";
+        md5 = "409aeeed42d87af8338197514363ec76";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."feedparser-5.0.1" self."five.customerize-1.1" self."five.formlib-1.0.4" self."plone.app.form-2.2.2" self."plone.app.i18n-2.0.2" self."plone.app.vocabularies-2.1.10" self."plone.i18n-2.0.8" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.3" self."Products.PluggableAuthService-1.10.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.container-3.11.2" self."zope.contentprovider-3.7.2" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."feedparser-5.0.1" self."five.customerize-1.1" self."five.formlib-1.0.4" self."plone.app.form-2.2.3" self."plone.app.i18n-2.0.2" self."plone.app.vocabularies-2.1.11" self."plone.i18n-2.0.9" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.4" self."Products.PluggableAuthService-1.10.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.container-3.11.2" self."zope.contentprovider-3.7.2" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1918,26 +1841,48 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.dexterity-2.1.3" = self.buildPythonPackage {
-    name = "plone.dexterity-2.1.3";
+  "Plone" = self."Plone-4.3.2";
+
+  "Plone-4.3.2" = self.buildPythonPackage {
+    name = "Plone-4.3.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.dexterity/plone.dexterity-2.1.3.zip";
-        md5 = "7f6444a2c26488e4068217266fd243b7";
+        url = "https://pypi.python.org/packages/source/P/Plone/Plone-4.3.2.zip";
+        md5 = "809f9fe8b8d23b49778e8ce304ea34f6";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.alterego-1.0" self."plone.autoform-1.4" self."plone.behavior-1.0.2" self."plone.folder-1.0.4" self."plone.memoize-1.1.1" self."plone.rfc822-1.0.1" self."plone.supermodel-1.2.2" self."plone.synchronize-1.0.1" self."plone.uuid-1.0.3" self."plone.z3cform-0.8.0" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.dottedname-3.4.6" self."zope.filerepresentation-3.6.1" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.size-3.4.1" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.app.caching-1.1.6" self."plone.app.dexterity-2.0.9" self."plone.app.iterate-2.1.10" self."plone.app.openid-2.0.2" self."plone.app.theming-1.1.1" self."Products.CMFPlacefulWorkflow-1.5.9" self."Products.CMFPlone-4.3.2" self.setuptools self."wicked-1.1.10" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Flexible CMF content
+        The Plone Content Management System
         '';
-      homepage = "http://code.google.com/p/dexterity";
+      homepage = "http://plone.org/";
       license = "GPL version 2";
     };
   };
 
 
+  "Persistence-2.13.2" = self.buildPythonPackage {
+    name = "Persistence-2.13.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/P/Persistence/Persistence-2.13.2.zip";
+        md5 = "92693648ccdc59c8fc71f7f06b1d228c";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."ExtensionClass-2.13.2" self."ZODB3-3.10.5" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Persistent ExtensionClass
+        '';
+      homepage = "http://pypi.python.org/pypi/Persistence";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "feedparser-5.0.1" = self.buildPythonPackage {
     name = "feedparser-5.0.1";
     src = fetchurl {
@@ -1958,6 +1903,66 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "zc.recipe.egg-1.3.2" = self.buildPythonPackage {
+    name = "zc.recipe.egg-1.3.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/z/zc.recipe.egg/zc.recipe.egg-1.3.2.tar.gz";
+        md5 = "1cb6af73f527490dde461d3614a36475";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self.setuptools self."zc.buildout-1.7.1" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Recipe for installing Python package distributions as eggs
+        '';
+      homepage = "http://cheeseshop.python.org/pypi/zc.recipe.egg";
+      license = "ZPL 2.1";
+    };
+  };
+
+
+  "mailinglogger-3.7.0" = self.buildPythonPackage {
+    name = "mailinglogger-3.7.0";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/m/mailinglogger/mailinglogger-3.7.0.tar.gz";
+        md5 = "f865f0df6059ce23062b7457d01dbac5";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [  ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Enhanced emailing handlers for the python logging package.
+        '';
+      homepage = "http://www.simplistix.co.uk/software/python/mailinglogger";
+      license = "MIT";
+    };
+  };
+
+
+  "plone.app.jquerytools-1.5.6" = self.buildPythonPackage {
+    name = "plone.app.jquerytools-1.5.6";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.app.jquerytools/plone.app.jquerytools-1.5.6.zip";
+        md5 = "4ae9a72baa8e9899c1706b4fedbb516b";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."zope.component__zcml-3.9.5" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        jQuery Tools integration for Plone plus overlay and AJAX form helpers.
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.app.jquerytools";
+      license = "GPL version 2";
+    };
+  };
+
+
   "Products.BTreeFolder2-2.13.3" = self.buildPythonPackage {
     name = "Products.BTreeFolder2-2.13.3";
     src = fetchurl {
@@ -1966,7 +1971,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."Persistence-2.13.2" self.setuptools self."ZODB3-3.10.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.lifecycleevent-3.6.2" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."Persistence-2.13.2" self.setuptools self."ZODB3-3.10.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.lifecycleevent-3.6.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -1978,22 +1983,42 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.MIMETools-2.13.0" = self.buildPythonPackage {
-    name = "Products.MIMETools-2.13.0";
+  "plone.locking-2.0.4" = self.buildPythonPackage {
+    name = "plone.locking-2.0.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.MIMETools/Products.MIMETools-2.13.0.zip";
-        md5 = "ad5372fc1190599a19493db0864448ec";
+        url = "https://pypi.python.org/packages/source/p/plone.locking/plone.locking-2.0.4.zip";
+        md5 = "a7f8b8db78f57272d351d7fe0d067eb2";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."DocumentTemplate-2.13.2" self.setuptools ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        MIMETools provides the &lt;!--#mime--&gt; tag for DocumentTemplate.
+        webdav locking support
         '';
-      homepage = "http://pypi.python.org/pypi/Products.MIMETools";
-      license = "ZPL 2.1";
+      homepage = "http://pypi.python.org/pypi/plone.locking";
+      license = "GPL version 2";
+    };
+  };
+
+
+  "plone.formwidget.namedfile-1.0.7" = self.buildPythonPackage {
+    name = "plone.formwidget.namedfile-1.0.7";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.formwidget.namedfile/plone.formwidget.namedfile-1.0.7.zip";
+        md5 = "6fa3cd99bf9b30971034b0f6dc31cfb3";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."plone.namedfile__scales-2.0.2" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0.2" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Image widget for z3c.form and Plone
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.formwidget.namedfile";
+      license = "GPL";
     };
   };
 
@@ -2007,7 +2032,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.exceptions-3.6.2" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope testing framework, including the testrunner script.
@@ -2027,7 +2052,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Object life-cycle events
@@ -2047,7 +2072,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Metaclass for subclassable extension types
@@ -2058,15 +2083,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.contentrules-3.0.3" = self.buildPythonPackage {
-    name = "plone.app.contentrules-3.0.3";
+  "plone.app.contentrules-3.0.4" = self.buildPythonPackage {
+    name = "plone.app.contentrules-3.0.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.contentrules/plone.app.contentrules-3.0.3.zip";
-        md5 = "518c1e22a9cfe187b6770e62be4f8bd8";
+        url = "https://pypi.python.org/packages/source/p/plone.app.contentrules/plone.app.contentrules-3.0.4.zip";
+        md5 = "15e86e2739096bff5bf0745590d5ebb0";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."five.formlib-1.0.4" self."plone.app.form-2.2.2" self."plone.app.vocabularies-2.1.10" self."plone.contentrules-2.0.3" self."plone.memoize-1.1.1" self."plone.stringinterp-1.0.10" self."plone.uuid-1.0.3" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.GenericSetup-1.7.3" self."Products.statusmessages-4.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."five.formlib-1.0.4" self."plone.app.form-2.2.3" self."plone.app.vocabularies-2.1.11" self."plone.contentrules-2.0.3" self."plone.memoize-1.1.1" self."plone.stringinterp-1.0.10" self."plone.uuid-1.0.3" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.GenericSetup-1.7.4" self."Products.statusmessages-4.0" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2127,7 +2152,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.security__untrustedpython-3.7.4" self."zope.tal-3.5.2" self."zope.tales-3.5.3" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Page Templates
@@ -2167,7 +2192,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         System for managing development buildouts
@@ -2207,7 +2232,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope 3 Template Application Languate (TAL)
@@ -2226,7 +2251,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Persistence-2.13.2" self.setuptools ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Persistence-2.13.2" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2238,11 +2263,11 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "cssselect-0.8" = self.buildPythonPackage {
-    name = "cssselect-0.8";
+  "cssselect-0.9" = self.buildPythonPackage {
+    name = "cssselect-0.9";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/c/cssselect/cssselect-0.8.tar.gz";
-        md5 = "c4683e050351abcbbd5990b01f5344e2";
+        url = "https://pypi.python.org/packages/source/c/cssselect/cssselect-0.9.tar.gz";
+        md5 = "3aba1e431787da957a9cd1e2c2e0bf1c";
     };
     doCheck = false;
     buildInputs = [  ];
@@ -2258,15 +2283,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.search-1.1.4" = self.buildPythonPackage {
-    name = "plone.app.search-1.1.4";
+  "plone.app.search-1.1.5" = self.buildPythonPackage {
+    name = "plone.app.search-1.1.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.search/plone.app.search-1.1.4.zip";
-        md5 = "fb24320380ed2ba11e6f20cc1fe3b6df";
+        url = "https://pypi.python.org/packages/source/p/plone.app.search/plone.app.search-1.1.5.zip";
+        md5 = "eeb42889464d35e9d8169e062bc9c827";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.contentlisting-1.0.4" self.setuptools ];
+    propagatedBuildInputs = [ self."plone.app.contentlisting-1.0.5" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2287,7 +2312,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."ZODB3-3.10.5" self."zope.broken-3.6.0" self."zope.component__zcml-3.9.5" self."zope.dottedname-3.4.6" self."zope.event-3.5.2" self."zope.filerepresentation-3.6.1" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.size-3.4.1" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Container
@@ -2306,7 +2331,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.ATContentTypes-2.1.13" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.1" self."Products.GenericSetup-1.7.3" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.ATContentTypes-2.1.13" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.2" self."Products.GenericSetup-1.7.4" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2347,7 +2372,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.security__untrustedpython-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         zExceptions contains common exceptions used in Zope2.
@@ -2358,26 +2383,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Persistence-2.13.2" = self.buildPythonPackage {
-    name = "Persistence-2.13.2";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Persistence/Persistence-2.13.2.zip";
-        md5 = "92693648ccdc59c8fc71f7f06b1d228c";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."ExtensionClass-2.13.2" self."ZODB3-3.10.5" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Persistent ExtensionClass
-        '';
-      homepage = "http://pypi.python.org/pypi/Persistence";
-      license = "ZPL 2.1";
-    };
-  };
-
-
   "Products.CMFDynamicViewFTI-4.0.5" = self.buildPythonPackage {
     name = "Products.CMFDynamicViewFTI-4.0.5";
     src = fetchurl {
@@ -2386,7 +2391,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."zope.browsermenu-3.9.1" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."zope.browsermenu-3.9.1" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2407,7 +2412,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.contenttype-3.5.5" self."zope.event-3.5.2" self."zope.exceptions-3.6.2" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.proxy-3.6.1" self."zope.security__untrustedpython-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         The Zope publisher publishes Python objects on the web.
@@ -2418,21 +2423,21 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "zope.browserpage-3.12.2" = self.buildPythonPackage {
-    name = "zope.browserpage-3.12.2";
+  "Products.ExternalEditor-1.1.0" = self.buildPythonPackage {
+    name = "Products.ExternalEditor-1.1.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.browserpage/zope.browserpage-3.12.2.tar.gz";
-        md5 = "a543ef3cb1b42f7233b3fca23dc9ea60";
+        url = "https://pypi.python.org/packages/source/P/Products.ExternalEditor/Products.ExternalEditor-1.1.0.zip";
+        md5 = "475fea6e0b958c0c51cfdbfef2f4e623";
     };
     doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" ];
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        ZCML directives for configuring browser views for Zope.
+        Zope External Editor
         '';
-      homepage = "http://pypi.python.org/pypi/zope.browserpage/";
+      homepage = "http://pypi.python.org/pypi/Products.ExternalEditor";
       license = "ZPL 2.1";
     };
   };
@@ -2467,7 +2472,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.proxy-3.6.1" self."zope.schema-4.2.2" self."RestrictedPython-3.6.0" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Security Framework
@@ -2486,7 +2491,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."five.globalrequest-1.0" self."plone.registry-1.0.1" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."five.globalrequest-1.0" self."plone.registry-1.0.1" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2498,22 +2503,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.jquerytools-1.5.5" = self.buildPythonPackage {
-    name = "plone.app.jquerytools-1.5.5";
+  "roman-1.4.0" = self.buildPythonPackage {
+    name = "roman-1.4.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.jquerytools/plone.app.jquerytools-1.5.5.zip";
-        md5 = "7a4957a3a8482e4963e49e2d02772e33";
+        url = "https://pypi.python.org/packages/source/r/roman/roman-1.4.0.tar.gz";
+        md5 = "4f8832ed4108174b159c2afb4bd1d1dd";
     };
     doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."zope.component__zcml-3.9.5" self."Zope2-2.13.20" ];
+    buildInputs = [  ];
+    propagatedBuildInputs = [  ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        jQuery Tools integration for Plone plus overlay and AJAX form helpers.
+        Integer to Roman numerals converter
         '';
-      homepage = "http://pypi.python.org/pypi/plone.app.jquerytools";
-      license = "GPL version 2";
+      homepage = "http://pypi.python.org/pypi/roman";
+      license = "Python 2.1.1";
     };
   };
 
@@ -2527,7 +2532,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.configuration-3.7.4" self."zope.i18nmessageid-3.5.3" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Component Architecture
@@ -2538,6 +2543,48 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "psycopg2" = self."psycopg2-2.5.1";
+
+  "psycopg2-2.5.1" = self.buildPythonPackage {
+    name = "psycopg2-2.5.1";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/psycopg2/psycopg2-2.5.1.tar.gz";
+        md5 = "1b433f83d50d1bc61e09026e906d84c7";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [  ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Python-PostgreSQL Database Adapter
+        '';
+      homepage = "http://initd.org/psycopg/";
+      license = "GPL with exceptions or ZPL";
+    };
+  };
+
+
+  "plone.rfc822-1.1" = self.buildPythonPackage {
+    name = "plone.rfc822-1.1";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.rfc822/plone.rfc822-1.1.zip";
+        md5 = "ba3e26cab9e751fb1cf40639d661d2f0";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."python-dateutil-1.5" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        RFC822 marshalling for zope.schema fields
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.rfc822";
+      license = "BSD";
+    };
+  };
+
+
   "zope.viewlet-3.7.2" = self.buildPythonPackage {
     name = "zope.viewlet-3.7.2";
     src = fetchurl {
@@ -2547,7 +2594,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.contentprovider-3.7.2" self."zope.event-3.5.2" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Viewlets
@@ -2567,7 +2614,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self."pytz-2013b" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.schema-4.2.2" self."zope.configuration-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Internationalization Support
@@ -2586,7 +2633,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."archetypes.referencebrowserwidget-2.4.18" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.app.folder-1.0.5" self."plone.app.layout-2.3.5" self."plone.i18n-2.0.8" self."plone.memoize-1.1.1" self."Products.Archetypes-1.9.1" self."Products.ATReferenceBrowserWidget-3.0" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.3" self."Products.MimetypesRegistry-2.0.4" self."Products.PortalTransforms-2.1.2" self."Products.validation-2.0" self.setuptools self."transaction-1.1.1" self."ZConfig-2.9.1" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.tal-3.5.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."archetypes.referencebrowserwidget-2.4.19" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."plone.app.folder-1.0.5" self."plone.app.layout-2.3.7" self."plone.i18n-2.0.9" self."plone.memoize-1.1.1" self."Products.Archetypes-1.9.4" self."Products.ATReferenceBrowserWidget-3.0" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.4" self."Products.MimetypesRegistry-2.0.5" self."Products.PortalTransforms-2.1.2" self."Products.validation-2.0" self.setuptools self."transaction-1.1.1" self."ZConfig-2.9.1" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.tal-3.5.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2598,6 +2645,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "WSGIProxy2-0.3" = self.buildPythonPackage {
+    name = "WSGIProxy2-0.3";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/W/WSGIProxy2/WSGIProxy2-0.3.zip";
+        md5 = "8b2cb207932eb8c341c3fa41f0cbe994";
+    };
+    doCheck = true;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."six-1.4.1" self."WebOb-1.2.3" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        UNKNOWN
+        '';
+      homepage = "https://github.com/gawel/WSGIProxy2/";
+      license = "MIT";
+    };
+  };
+
+
   "zope.browserresource-3.10.3" = self.buildPythonPackage {
     name = "zope.browserresource-3.10.3";
     src = fetchurl {
@@ -2607,7 +2674,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.contenttype-3.5.5" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Browser resources implementation for Zope.
@@ -2618,6 +2685,28 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "RelStorage" = self."RelStorage-1.5.1";
+
+  "RelStorage-1.5.1" = self.buildPythonPackage {
+    name = "RelStorage-1.5.1";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/R/RelStorage/RelStorage-1.5.1.tar.gz";
+        md5 = "2454211d086ac02a4af10f7292e260ec";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self."zc.lockfile-1.0.2" self."ZODB3-3.10.5" self."zope.interface-3.6.7" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        A backend for ZODB that stores pickles in a relational database.
+        '';
+      homepage = "http://pypi.python.org/pypi/RelStorage";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "Products.ResourceRegistries-2.2.9" = self.buildPythonPackage {
     name = "Products.ResourceRegistries-2.2.9";
     src = fetchurl {
@@ -2626,7 +2715,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2646,7 +2735,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."ExtensionClass-2.13.2" self.setuptools self."transaction-1.1.1" self."zope.app.form-4.0.2" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."ExtensionClass-2.13.2" self.setuptools self."transaction-1.1.1" self."zope.app.form-4.0.2" self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2678,15 +2767,17 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "pyramid-1.4.3" = self.buildPythonPackage {
-    name = "pyramid-1.4.3";
+  "pyramid" = self."pyramid-1.4.5";
+
+  "pyramid-1.4.5" = self.buildPythonPackage {
+    name = "pyramid-1.4.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/pyramid/pyramid-1.4.3.tar.gz";
-        md5 = "28fabf42cf585ecec7a57b5acc1174e3";
+        url = "https://pypi.python.org/packages/source/p/pyramid/pyramid-1.4.5.tar.gz";
+        md5 = "321731aad69e9788b7819e257a50be1a";
     };
     doCheck = true;
-    buildInputs = [ self."nose-1.3.0" self."WebTest-2.0.7" self."zope.component-4.1.0" self."zope.interface-4.0.5" ];
-    propagatedBuildInputs = [ self."Chameleon-2.11" self."Mako-0.8.1" self."PasteDeploy-1.5.0" self."repoze.lru-0.6" self.setuptools self."translationstring-1.1" self."venusian-1.0a8" self."WebOb-1.2.3" self."zope.deprecation-4.0.2" self."zope.interface-4.0.5" ];
+    buildInputs = [ self."nose-1.3.0" self."WebTest-2.0.9" self."zope.component-4.1.0" self."zope.interface-4.0.5" ];
+    propagatedBuildInputs = [ self."Chameleon-2.12" self."Mako-0.9.0" self."PasteDeploy-1.5.0" self."repoze.lru-0.6" self.setuptools self."translationstring-1.1" self."venusian-1.0a8" self."WebOb-1.2.3" self."zope.deprecation-4.0.2" self."zope.interface-4.0.5" ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
@@ -2698,6 +2789,46 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "Products.contentmigration-2.1.5" = self.buildPythonPackage {
+    name = "Products.contentmigration-2.1.5";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/P/Products.contentmigration/Products.contentmigration-2.1.5.zip";
+        md5 = "f08e5f2572fc6f4c61b930a17f99418f";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self.setuptools ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        A generic content migration framework for Plone.
+        '';
+      homepage = "http://pypi.python.org/pypi/Products.contentmigration";
+      license = "LGPL";
+    };
+  };
+
+
+  "Products.MimetypesRegistry-2.0.5" = self.buildPythonPackage {
+    name = "Products.MimetypesRegistry-2.0.5";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/P/Products.MimetypesRegistry/Products.MimetypesRegistry-2.0.5.zip";
+        md5 = "1be555ad13648e139174c034631fce34";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self.setuptools self."ZODB3-3.10.5" self."zope.contenttype-3.5.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        MIME type handling for Zope
+        '';
+      homepage = "http://pypi.python.org/pypi/Products.MimetypesRegistry";
+      license = "UNKNOWN";
+    };
+  };
+
+
   "python-dateutil-1.5" = self.buildPythonPackage {
     name = "python-dateutil-1.5";
     src = fetchurl {
@@ -2718,22 +2849,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.PloneLanguageTool-3.2.7" = self.buildPythonPackage {
-    name = "Products.PloneLanguageTool-3.2.7";
+  "plone.app.upgrade-1.3.4" = self.buildPythonPackage {
+    name = "plone.app.upgrade-1.3.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.PloneLanguageTool/Products.PloneLanguageTool-3.2.7.zip";
-        md5 = "bd9eb6278bf76e8cbce99437ca362164";
+        url = "https://pypi.python.org/packages/source/p/plone.app.upgrade/plone.app.upgrade-1.3.4.zip";
+        md5 = "10c192ee4a2422f901e020fd5b39879a";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."borg.localrole-3.0.2" self."five.localsitemanager-2.0.5" self."plone.app.folder-1.0.5" self."plone.app.portlets-2.4.5" self."plone.portlets-2.2" self."plone.session-3.5.3" self."Products.Archetypes-1.9.4" self."Products.CMFActionIcons-2.1.3" self."Products.CMFCalendar-2.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDiffTool-2.1" self."Products.CMFEditions-2.2.8" self."Products.CMFFormController-3.0.3" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.CMFUid-2.2.1" self."Products.contentmigration-2.1.5" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.4" self."Products.MimetypesRegistry-2.0.5" self."Products.PloneLanguageTool-3.2.7" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self."Products.PortalTransforms-2.1.2" self."Products.ResourceRegistries-2.2.9" self."Products.SecureMailHost-1.1.2" self."Products.ZCatalog-2.13.23" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.ramcache-1.0" self."zope.site-3.9.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        PloneLanguageTool allows you to set the available languages in your Plone site, select various fallback mechanisms, and control the use of flags for language selection and translations.
+        Upgrade machinery for Plone.
         '';
-      homepage = "http://pypi.python.org/pypi/Products.PloneLanguageTool";
-      license = "GPL";
+      homepage = "http://pypi.python.org/pypi/plone.app.upgrade";
+      license = "GPL version 2";
     };
   };
 
@@ -2766,7 +2897,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.rfc822-1.0.1" self.setuptools self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" self."plone.scale__storage-1.3.2" ];
+    propagatedBuildInputs = [ self."plone.rfc822-1.1" self.setuptools self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" self."plone.scale__storage-1.3.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2787,7 +2918,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope contenttype
@@ -2838,26 +2969,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.rfc822-1.0.1" = self.buildPythonPackage {
-    name = "plone.rfc822-1.0.1";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.rfc822/plone.rfc822-1.0.1.zip";
-        md5 = "b5b79bb5a9181da624a7e88940a45424";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."python-dateutil-1.5" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        RFC822 marshalling for zope.schema fields
-        '';
-      homepage = "http://pypi.python.org/pypi/plone.rfc822";
-      license = "BSD";
-    };
-  };
-
-
   "zope.sendmail-3.7.5" = self.buildPythonPackage {
     name = "zope.sendmail-3.7.5";
     src = fetchurl {
@@ -2867,7 +2978,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope sendmail
@@ -2878,22 +2989,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.locking-2.0.4" = self.buildPythonPackage {
-    name = "plone.locking-2.0.4";
+  "Products.MIMETools-2.13.0" = self.buildPythonPackage {
+    name = "Products.MIMETools-2.13.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.locking/plone.locking-2.0.4.zip";
-        md5 = "a7f8b8db78f57272d351d7fe0d067eb2";
+        url = "https://pypi.python.org/packages/source/P/Products.MIMETools/Products.MIMETools-2.13.0.zip";
+        md5 = "ad5372fc1190599a19493db0864448ec";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."Products.CMFCore-2.2.7" self.setuptools self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    propagatedBuildInputs = [ self."DocumentTemplate-2.13.2" self.setuptools ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        webdav locking support
+        MIMETools provides the &lt;!--#mime--&gt; tag for DocumentTemplate.
         '';
-      homepage = "http://pypi.python.org/pypi/plone.locking";
-      license = "GPL version 2";
+      homepage = "http://pypi.python.org/pypi/Products.MIMETools";
+      license = "ZPL 2.1";
     };
   };
 
@@ -2907,7 +3018,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.proxy-3.6.1" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Object annotation mechanism
@@ -2926,7 +3037,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."five.customerize-1.1" self."plone.browserlayer-2.1.2" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."five.customerize-1.1" self."plone.browserlayer-2.1.2" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2938,26 +3049,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "WebTest-2.0.7" = self.buildPythonPackage {
-    name = "WebTest-2.0.7";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/W/WebTest/WebTest-2.0.7.zip";
-        md5 = "4ca4e944a7f5f08b5aebd3bf90699890";
-    };
-    doCheck = true;
-    buildInputs = [ self."nose-1.3.0" self."unittest2-0.5.1" self."pyquery-1.2.4" self."WSGIProxy2-0.2" self."PasteDeploy-1.5.0" self."mock-1.0.1" self."coverage-3.6" pkgs.unzip ];
-    propagatedBuildInputs = [ self."beautifulsoup4-4.3.1" self."six-1.3.0" self."waitress-0.8.6" self."WebOb-1.2.3" ];
-    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
-    meta = {
-      description = ''
-        Helper to test WSGI applications
-        '';
-      homepage = "http://webtest.pythonpaste.org/";
-      license = "MIT";
-    };
-  };
-
-
   "plone.app.registry-1.2.3" = self.buildPythonPackage {
     name = "plone.app.registry-1.2.3";
     src = fetchurl {
@@ -2966,7 +3057,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."lxml-2.3.6" self."plone.app.z3cform-0.7.3" self."plone.autoform-1.4" self."plone.registry-1.0.1" self."plone.supermodel-1.2.2" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.1" self."Products.GenericSetup-1.7.3" self."Products.statusmessages-4.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.dottedname-3.4.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."lxml-2.3.6" self."plone.app.z3cform-0.7.4" self."plone.autoform-1.5" self."plone.registry-1.0.1" self."plone.supermodel-1.2.3" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.2" self."Products.GenericSetup-1.7.4" self."Products.statusmessages-4.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.dottedname-3.4.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -2986,7 +3077,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.keyring-2.0.1" self."plone.protect-2.0.2" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.keyring-2.0.1" self."plone.protect-2.0.2" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3026,7 +3117,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."Persistence-2.13.2" self.setuptools self."transaction-1.1.1" self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.interface-3.6.7" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."Persistence-2.13.2" self.setuptools self."transaction-1.1.1" self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.interface-3.6.7" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3047,7 +3138,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         File-system Representation Interfaces
@@ -3087,7 +3178,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Interfaces for Python
@@ -3107,7 +3198,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Interfaces and simple adapter that give the size of an object
@@ -3118,6 +3209,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "ZODB3-3.10.5" = self.buildPythonPackage {
+    name = "ZODB3-3.10.5";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/Z/ZODB3/ZODB3-3.10.5.tar.gz";
+        md5 = "6f180c6897a1820948fee2a6290503cd";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self."transaction-1.1.1" self."zc.lockfile-1.0.2" self."ZConfig-2.9.1" self."zdaemon-2.0.7" self."zope.event-3.5.2" self."zope.interface-3.6.7" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Zope Object Database: object database and persistence
+        '';
+      homepage = "UNKNOWN";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "five.customerize-1.1" = self.buildPythonPackage {
     name = "five.customerize-1.1";
     src = fetchurl {
@@ -3126,7 +3237,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.portlets-2.2" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.componentvocabulary-1.0.1" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."zope.traversing-3.13.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.portlets-2.2" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.componentvocabulary-1.0.1" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."zope.traversing-3.13.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3147,7 +3258,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Resolver for Python dotted names.
@@ -3166,7 +3277,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.caching-1.0" self."python-dateutil-1.5" self.setuptools self."z3c.caching__zcml-2.0a1" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.filerepresentation-3.6.1" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.caching-1.0" self."python-dateutil-1.5" self.setuptools self."z3c.caching__zcml-2.0a1" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.filerepresentation-3.6.1" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3186,7 +3297,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."Zope2-2.13.20" self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."Zope2-2.13.21" self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3198,11 +3309,11 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.locales-4.3.1" = self.buildPythonPackage {
-    name = "plone.app.locales-4.3.1";
+  "plone.app.locales-4.3.2" = self.buildPythonPackage {
+    name = "plone.app.locales-4.3.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.locales/plone.app.locales-4.3.1.zip";
-        md5 = "c88b2da05361a24a564bdef30fb371aa";
+        url = "https://pypi.python.org/packages/source/p/plone.app.locales/plone.app.locales-4.3.2.zip";
+        md5 = "c06d6574c1e1df4e253b80751a468ad5";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
@@ -3218,15 +3329,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "collective.z3cform.datetimewidget-1.2.3" = self.buildPythonPackage {
-    name = "collective.z3cform.datetimewidget-1.2.3";
+  "collective.z3cform.datetimewidget-1.2.5" = self.buildPythonPackage {
+    name = "collective.z3cform.datetimewidget-1.2.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/c/collective.z3cform.datetimewidget/collective.z3cform.datetimewidget-1.2.3.zip";
-        md5 = "439117021c93f26c677510504ee245d3";
+        url = "https://pypi.python.org/packages/source/c/collective.z3cform.datetimewidget/collective.z3cform.datetimewidget-1.2.5.zip";
+        md5 = "38fa463ea9b0b3cf5f61540250968214";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."z3c.form-3.0" self."zope.deprecation-3.4.1" self."zope.i18n__zcml-3.7.4" ];
+    propagatedBuildInputs = [ self.setuptools self."z3c.form-3.0.2" self."zope.deprecation-3.4.1" self."zope.i18n__zcml-3.7.4" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3238,62 +3349,62 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.contentlisting-1.0.4" = self.buildPythonPackage {
-    name = "plone.app.contentlisting-1.0.4";
+  "Zope2-2.13.21" = self.buildPythonPackage {
+    name = "Zope2-2.13.21";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.contentlisting/plone.app.contentlisting-1.0.4.zip";
-        md5 = "fa6eb45c4ffd0eb3817ad4813ca24916";
+        url = "https://pypi.python.org/packages/source/Z/Zope2/Zope2-2.13.21.zip";
+        md5 = "7d6e1661e365ee562fea9d3593f03f0e";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.uuid-1.0.3" self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."docutils-0.9.1" self."ExtensionClass-2.13.2" self."initgroups-2.13.0" self."Missing-2.13.1" self."MultiMapping-2.13.0" self."Persistence-2.13.2" self."Products.BTreeFolder2-2.13.3" self."Products.ExternalMethod-2.13.0" self."Products.MailHost-2.13.1" self."Products.MIMETools-2.13.0" self."Products.OFSP-2.13.2" self."Products.PythonScripts-2.13.2" self."Products.StandardCacheManagers-2.13.0" self."Products.ZCatalog-2.13.23" self."Products.ZCTextIndex-2.13.4" self."pytz-2013b" self."Record-2.13.0" self."RestrictedPython-3.6.0" self.setuptools self."tempstorage-2.12.2" self."transaction-1.1.1" self."ZConfig-2.9.1" self."zdaemon-2.0.7" self."zExceptions-2.13.0" self."zLOG-2.11.1" self."ZODB3-3.10.5" self."zope.browser-1.3" self."zope.browsermenu-3.9.1" self."zope.browserpage-3.12.2" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.container-3.11.2" self."zope.contentprovider-3.7.2" self."zope.contenttype-3.5.5" self."zope.deferredimport-3.5.3" self."zope.event-3.5.2" self."zope.exceptions-3.6.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.processlifetime-1.0" self."zope.proxy-3.6.1" self."zope.ptresource-3.9.0" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.sendmail-3.7.5" self."zope.sequencesort-3.4.0" self."zope.site-3.9.2" self."zope.size-3.4.1" self."zope.structuredtext-3.5.1" self."zope.tal-3.5.2" self."zope.tales-3.5.3" self."zope.testbrowser-3.11.1" self."zope.testing-3.9.7" self."zope.traversing-3.13.2" self."zope.viewlet-3.7.2" self."ZopeUndo-2.12.0" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Listing of content for the Plone CMS
+        Zope2 application server / web framework
         '';
-      homepage = "http://pypi.python.org/pypi/plone.app.contentlisting";
-      license = "GPL version 2";
+      homepage = "http://zope2.zope.org";
+      license = "ZPL 2.1";
     };
   };
 
 
-  "Zope2-2.13.20" = self.buildPythonPackage {
-    name = "Zope2-2.13.20";
+  "Products.ExternalMethod-2.13.0" = self.buildPythonPackage {
+    name = "Products.ExternalMethod-2.13.0";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/Z/Zope2/Zope2-2.13.20.zip";
-        md5 = "557b08fec37620c37e32f2dc01020f29";
+        url = "https://pypi.python.org/packages/source/P/Products.ExternalMethod/Products.ExternalMethod-2.13.0.zip";
+        md5 = "15ba953ef6cb632eb571977651252ea6";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."docutils-0.9.1" self."ExtensionClass-2.13.2" self."initgroups-2.13.0" self."Missing-2.13.1" self."MultiMapping-2.13.0" self."Persistence-2.13.2" self."Products.BTreeFolder2-2.13.3" self."Products.ExternalMethod-2.13.0" self."Products.MailHost-2.13.1" self."Products.MIMETools-2.13.0" self."Products.OFSP-2.13.2" self."Products.PythonScripts-2.13.2" self."Products.StandardCacheManagers-2.13.0" self."Products.ZCatalog-2.13.23" self."Products.ZCTextIndex-2.13.4" self."pytz-2013b" self."Record-2.13.0" self."RestrictedPython-3.6.0" self.setuptools self."tempstorage-2.12.2" self."transaction-1.1.1" self."ZConfig-2.9.1" self."zdaemon-2.0.7" self."zExceptions-2.13.0" self."zLOG-2.11.1" self."ZODB3-3.10.5" self."zope.browser-1.3" self."zope.browsermenu-3.9.1" self."zope.browserpage-3.12.2" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.container-3.11.2" self."zope.contentprovider-3.7.2" self."zope.contenttype-3.5.5" self."zope.deferredimport-3.5.3" self."zope.event-3.5.2" self."zope.exceptions-3.6.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.processlifetime-1.0" self."zope.proxy-3.6.1" self."zope.ptresource-3.9.0" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.sendmail-3.7.5" self."zope.sequencesort-3.4.0" self."zope.site-3.9.2" self."zope.size-3.4.1" self."zope.structuredtext-3.5.1" self."zope.tal-3.5.2" self."zope.tales-3.5.3" self."zope.testbrowser-3.11.1" self."zope.testing-3.9.7" self."zope.traversing-3.13.2" self."zope.viewlet-3.7.2" self."ZopeUndo-2.12.0" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."Persistence-2.13.2" self.setuptools self."ZODB3-3.10.5" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Zope2 application server / web framework
+        This package provides support for external Python methods within a Zope 2 environment.
         '';
-      homepage = "http://zope2.zope.org";
+      homepage = "http://pypi.python.org/pypi/Products.ExternalMethod";
       license = "ZPL 2.1";
     };
   };
 
 
-  "Products.ExternalMethod-2.13.0" = self.buildPythonPackage {
-    name = "Products.ExternalMethod-2.13.0";
+  "plone.app.workflow-2.1.6" = self.buildPythonPackage {
+    name = "plone.app.workflow-2.1.6";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.ExternalMethod/Products.ExternalMethod-2.13.0.zip";
-        md5 = "15ba953ef6cb632eb571977651252ea6";
+        url = "https://pypi.python.org/packages/source/p/plone.app.workflow/plone.app.workflow-2.1.6.zip";
+        md5 = "68a76865382b9db82aaa60c16efb1d14";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."Persistence-2.13.2" self.setuptools self."ZODB3-3.10.5" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.DCWorkflow-2.2.4" self."Products.GenericSetup-1.7.4" self."Products.statusmessages-4.0" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        This package provides support for external Python methods within a Zope 2 environment.
+        workflow and security settings for Plone
         '';
-      homepage = "http://pypi.python.org/pypi/Products.ExternalMethod";
-      license = "ZPL 2.1";
+      homepage = "http://pypi.python.org/pypi/plone.app.workflow";
+      license = "GPL version 2";
     };
   };
 
@@ -3306,7 +3417,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3338,11 +3449,11 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Chameleon-2.11" = self.buildPythonPackage {
-    name = "Chameleon-2.11";
+  "Chameleon-2.12" = self.buildPythonPackage {
+    name = "Chameleon-2.12";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/C/Chameleon/Chameleon-2.11.tar.gz";
-        md5 = "df72458bf3dd26a744dcff5ad555c34b";
+        url = "https://pypi.python.org/packages/source/C/Chameleon/Chameleon-2.12.tar.gz";
+        md5 = "c2947c7b615bf758fa4a710e759c658b";
     };
     doCheck = false;
     buildInputs = [ self."zope.event-4.0.2" ];
@@ -3352,7 +3463,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
       description = ''
         Fast HTML/XML Template Compiler.
         '';
-      homepage = "https://chameleon.readthedocs.org/en/latest/";
+      homepage = "http://www.pagetemplates.org/";
       license = "BSD-like (http://repoze.org/license.html)";
     };
   };
@@ -3366,7 +3477,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3387,7 +3498,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         RestrictedPython provides a restricted execution environment for Python, e.g. for running untrusted code.
@@ -3407,7 +3518,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."ZODB3-3.10.5" self."zope.testing-3.9.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         A RAM-based storage for ZODB
@@ -3447,7 +3558,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self."ExtensionClass-2.13.2" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Acquisition is a mechanism that allows objects to obtain attributes from the containment hierarchy they're in.
@@ -3498,15 +3609,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.dexterity-2.0.8" = self.buildPythonPackage {
-    name = "plone.app.dexterity-2.0.8";
+  "plone.app.dexterity-2.0.9" = self.buildPythonPackage {
+    name = "plone.app.dexterity-2.0.9";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.dexterity/plone.app.dexterity-2.0.8.zip";
-        md5 = "2e0ec48224a3a8afd51656c22d574359";
+        url = "https://pypi.python.org/packages/source/p/plone.app.dexterity/plone.app.dexterity-2.0.9.zip";
+        md5 = "aa9d6ee719a6918f99f0aa0066ebf024";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."collective.z3cform.datetimewidget-1.2.3" self."lxml-2.3.6" self."plone.app.content-2.1.2" self."plone.app.layout-2.3.5" self."plone.app.textfield-1.2.2" self."plone.app.uuid-1.0" self."plone.app.z3cform-0.7.3" self."plone.autoform-1.4" self."plone.behavior-1.0.2" self."plone.contentrules-2.0.3" self."plone.dexterity-2.1.3" self."plone.formwidget.namedfile-1.0.6" self."plone.namedfile__scales-2.0.2" self."plone.portlets-2.2" self."plone.rfc822-1.0.1" self."plone.schemaeditor-1.3.2" self."plone.supermodel-1.2.2" self."plone.z3cform-0.8.0" self."Products.ATContentTypes-2.1.13" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.1" self."Products.GenericSetup-1.7.3" self.setuptools self."z3c.form-3.0" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."collective.z3cform.datetimewidget-1.2.5" self."lxml-2.3.6" self."plone.app.content-2.1.3" self."plone.app.layout-2.3.7" self."plone.app.textfield-1.2.2" self."plone.app.uuid-1.0" self."plone.app.z3cform-0.7.4" self."plone.autoform-1.5" self."plone.behavior-1.0.2" self."plone.contentrules-2.0.3" self."plone.dexterity-2.1.3" self."plone.formwidget.namedfile-1.0.7" self."plone.namedfile__scales-2.0.2" self."plone.portlets-2.2" self."plone.rfc822-1.1" self."plone.schemaeditor-1.3.3" self."plone.supermodel-1.2.3" self."plone.z3cform-0.8.0" self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.2" self."Products.GenericSetup-1.7.4" self.setuptools self."z3c.form-3.0.2" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3518,6 +3629,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "zope.location-4.0.2" = self.buildPythonPackage {
+    name = "zope.location-4.0.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/z/zope.location/zope.location-4.0.2.zip";
+        md5 = "44d865b2c0b1e1cc93898c7df938d353";
+    };
+    doCheck = true;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self.setuptools self."zope.interface-4.0.5" self."zope.proxy-4.1.3" self."zope.schema-4.3.2" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Zope Location
+        '';
+      homepage = "http://pypi.python.org/pypi/zope.location/";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "zope.app.locales-3.6.2" = self.buildPythonPackage {
     name = "zope.app.locales-3.6.2";
     src = fetchurl {
@@ -3538,15 +3669,55 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.layout-2.3.5" = self.buildPythonPackage {
-    name = "plone.app.layout-2.3.5";
+  "five.globalrequest-1.0" = self.buildPythonPackage {
+    name = "five.globalrequest-1.0";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/f/five.globalrequest/five.globalrequest-1.0.tar.gz";
+        md5 = "87f8996bd21d4aa156aa26e7d21b8744";
+    };
+    doCheck = false;
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self.setuptools self."zope.globalrequest-1.0" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Zope 2 integration for zope.globalrequest
+        '';
+      homepage = "http://pypi.python.org/pypi/five.globalrequest";
+      license = "ZPL";
+    };
+  };
+
+
+  "plone.indexer-1.0.2" = self.buildPythonPackage {
+    name = "plone.indexer-1.0.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.indexer/plone.indexer-1.0.2.zip";
+        md5 = "538aeee1f9db78bc8c85ae1bcb0153ed";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        Hooks to facilitate managing custom index values in Zope 2/CMF applications
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.indexer";
+      license = "BSD";
+    };
+  };
+
+
+  "plone.app.layout-2.3.7" = self.buildPythonPackage {
+    name = "plone.app.layout-2.3.7";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.layout/plone.app.layout-2.3.5.zip";
-        md5 = "960665807ad60eb3e12c52a0cf092ceb";
+        url = "https://pypi.python.org/packages/source/p/plone.app.layout/plone.app.layout-2.3.7.zip";
+        md5 = "c68be1efeef54124211a676d0dbaa655";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.app.portlets-2.4.4" self."plone.app.viewletmanager-2.0.3" self."plone.i18n-2.0.8" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.CMFEditions-2.2.8" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deprecation-3.4.1" self."zope.dottedname-3.4.6" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.app.portlets-2.4.5" self."plone.app.viewletmanager-2.0.4" self."plone.i18n-2.0.9" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.CMFEditions-2.2.8" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deprecation-3.4.1" self."zope.dottedname-3.4.6" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3587,7 +3758,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Stateful programmatic web browsing.
@@ -3606,7 +3777,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."z3c.form-3.0" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
+    propagatedBuildInputs = [ self.setuptools self."z3c.form-3.0.2" self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3618,15 +3789,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.z3cform-0.7.3" = self.buildPythonPackage {
-    name = "plone.app.z3cform-0.7.3";
+  "plone.app.z3cform-0.7.4" = self.buildPythonPackage {
+    name = "plone.app.z3cform-0.7.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.z3cform/plone.app.z3cform-0.7.3.zip";
-        md5 = "deddc1af36efb26a6792c9803531c665";
+        url = "https://pypi.python.org/packages/source/p/plone.app.z3cform/plone.app.z3cform-0.7.4.zip";
+        md5 = "6350db39b32c3bf6edbb820b91b70b0f";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."collective.z3cform.datetimewidget-1.2.3" self."plone.protect-2.0.2" self."plone.z3cform-0.8.0" self.setuptools self."z3c.formwidget.query-0.9" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.traversing-3.13.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."collective.z3cform.datetimewidget-1.2.5" self."plone.protect-2.0.2" self."plone.z3cform-0.8.0" self.setuptools self."z3c.formwidget.query-0.9" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.traversing-3.13.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3646,7 +3817,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."DateTime-3.0.3" self."plone.app.contentlisting-1.0.4" self."plone.app.layout-2.3.5" self."plone.app.vocabularies-2.1.10" self."plone.registry-1.0.1" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.dottedname-3.4.6" self."zope.globalrequest-1.0" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" ];
+    propagatedBuildInputs = [ self."DateTime-3.0.3" self."plone.app.contentlisting-1.0.5" self."plone.app.layout-2.3.7" self."plone.app.vocabularies-2.1.11" self."plone.registry-1.0.1" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.dottedname-3.4.6" self."zope.globalrequest-1.0" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3678,42 +3849,62 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.i18n-2.0.8" = self.buildPythonPackage {
-    name = "plone.i18n-2.0.8";
+  "Products.PasswordResetTool-2.0.15" = self.buildPythonPackage {
+    name = "Products.PasswordResetTool-2.0.15";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.i18n/plone.i18n-2.0.8.zip";
-        md5 = "572c21e86b99316a06dc9998454d7750";
+        url = "https://pypi.python.org/packages/source/P/Products.PasswordResetTool/Products.PasswordResetTool-2.0.15.zip";
+        md5 = "74b46348d023052285124683bf122272";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."Unidecode-0.04.1" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Advanced i18n/l10n features
+        Password reset tool for Plone
         '';
-      homepage = "http://pypi.python.org/pypi/plone.i18n";
+      homepage = "http://pypi.python.org/pypi/Products.PasswordResetTool";
+      license = "GPL";
+    };
+  };
+
+
+  "plone.portlet.static-2.0.2" = self.buildPythonPackage {
+    name = "plone.portlet.static-2.0.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/p/plone.portlet.static/plone.portlet.static-2.0.2.zip";
+        md5 = "ec0dc691b4191a41ff97779b117f9985";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."plone.app.form-2.2.3" self."plone.app.portlets-2.4.5" self."plone.i18n-2.0.9" self."plone.portlets-2.2" self.setuptools self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
+    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    meta = {
+      description = ''
+        A simple static HTML portlet for Plone.
+        '';
+      homepage = "http://pypi.python.org/pypi/plone.portlet.static";
       license = "GPL version 2";
     };
   };
 
 
-  "Products.contentmigration-2.1.4" = self.buildPythonPackage {
-    name = "Products.contentmigration-2.1.4";
+  "plone.i18n-2.0.9" = self.buildPythonPackage {
+    name = "plone.i18n-2.0.9";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.contentmigration/Products.contentmigration-2.1.4.zip";
-        md5 = "711f9d4ea3cc2130acaa74efb0f9da5e";
+        url = "https://pypi.python.org/packages/source/p/plone.i18n/plone.i18n-2.0.9.zip";
+        md5 = "8e8ceffc64f04beecf1579a24edc2670";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools ];
+    propagatedBuildInputs = [ self.setuptools self."Unidecode-0.04.1" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        A generic content migration framework for Plone.
+        Advanced i18n/l10n features
         '';
-      homepage = "http://pypi.python.org/pypi/Products.contentmigration";
-      license = "LGPL";
+      homepage = "http://pypi.python.org/pypi/plone.i18n";
+      license = "GPL version 2";
     };
   };
 
@@ -3727,7 +3918,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self."ExtensionClass-2.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Special Missing objects used in Zope2.
@@ -3767,7 +3958,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Browser menu implementation for Zope.
@@ -3778,35 +3969,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "ZODB3-3.10.5" = self.buildPythonPackage {
-    name = "ZODB3-3.10.5";
+  "archetypes.referencebrowserwidget-2.4.19" = self.buildPythonPackage {
+    name = "archetypes.referencebrowserwidget-2.4.19";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/Z/ZODB3/ZODB3-3.10.5.tar.gz";
-        md5 = "6f180c6897a1820948fee2a6290503cd";
-    };
-    doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self."transaction-1.1.1" self."zc.lockfile-1.0.2" self."ZConfig-2.9.1" self."zdaemon-2.0.7" self."zope.event-3.5.2" self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Zope Object Database: object database and persistence
-        '';
-      homepage = "UNKNOWN";
-      license = "ZPL 2.1";
-    };
-  };
-
-
-  "archetypes.referencebrowserwidget-2.4.18" = self.buildPythonPackage {
-    name = "archetypes.referencebrowserwidget-2.4.18";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/a/archetypes.referencebrowserwidget/archetypes.referencebrowserwidget-2.4.18.zip";
-        md5 = "6eff85cbde401ff1566a76323792d514";
+        url = "https://pypi.python.org/packages/source/a/archetypes.referencebrowserwidget/archetypes.referencebrowserwidget-2.4.19.zip";
+        md5 = "b70af6b2da6d8c57c1138a52e94e588c";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.form-2.2.2" self."plone.app.jquerytools-1.5.5" self.setuptools self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.interface-3.6.7" ];
+    propagatedBuildInputs = [ self."plone.app.form-2.2.3" self."plone.app.jquerytools-1.5.6" self.setuptools self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.interface-3.6.7" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3818,22 +3989,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "zope.configuration-3.7.4" = self.buildPythonPackage {
-    name = "zope.configuration-3.7.4";
+  "plone.app.jquery-1.7.2" = self.buildPythonPackage {
+    name = "plone.app.jquery-1.7.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.configuration/zope.configuration-3.7.4.zip";
-        md5 = "5b0271908ef26c05059eda76928896ea";
+        url = "https://pypi.python.org/packages/source/p/plone.app.jquery/plone.app.jquery-1.7.2.tar.gz";
+        md5 = "e204cf45456d26217263531832b5bdac";
     };
     doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" ];
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Zope Configuration Markup Language (ZCML)
+        jQuery integration for Plone
         '';
-      homepage = "http://pypi.python.org/pypi/zope.configuration";
-      license = "ZPL 2.1";
+      homepage = "http://pypi.python.org/pypi/plone.app.jquery";
+      license = "GPL version 2";
     };
   };
 
@@ -3858,6 +4029,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "WebTest-2.0.9" = self.buildPythonPackage {
+    name = "WebTest-2.0.9";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/W/WebTest/WebTest-2.0.9.zip";
+        md5 = "bf0a04fcf8b2cdcaa13b04324cefb53d";
+    };
+    doCheck = true;
+    buildInputs = [ self."nose-1.3.0" self."unittest2-0.5.1" self."pyquery-1.2.6" self."WSGIProxy2-0.3" self."PasteDeploy-1.5.0" self."mock-1.0.1" self."coverage-3.7" pkgs.unzip ];
+    propagatedBuildInputs = [ self."beautifulsoup4-4.3.2" self."six-1.4.1" self."waitress-0.8.7" self."WebOb-1.2.3" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Helper to test WSGI applications
+        '';
+      homepage = "http://webtest.pythonpaste.org/";
+      license = "MIT";
+    };
+  };
+
+
   "plone.app.contentmenu-2.0.8" = self.buildPythonPackage {
     name = "plone.app.contentmenu-2.0.8";
     src = fetchurl {
@@ -3866,7 +4057,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.content-2.1.2" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self.setuptools self."zope.browsermenu-3.9.1" self."zope.component__zcml-3.9.5" self."zope.contentprovider-3.7.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.content-2.1.3" self."plone.locking-2.0.4" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self.setuptools self."zope.browsermenu-3.9.1" self."zope.component__zcml-3.9.5" self."zope.contentprovider-3.7.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3906,7 +4097,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.keyring-2.0.1" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.keyring-2.0.1" self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3927,7 +4118,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Transaction management for Python
@@ -3946,7 +4137,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."diazo-1.0.3" self."docutils-0.9.1" self."five.globalrequest-1.0" self."lxml-2.3.6" self."plone.app.registry-1.2.3" self."plone.resource-1.0.2" self."plone.resourceeditor-1.0" self."plone.subrequest-1.6.7" self."plone.transformchain-1.0.3" self."Products.CMFPlone-4.3.1" self."repoze.xmliter-0.5" self."roman-1.4.0" self.setuptools self."zope.traversing-3.13.2" ];
+    propagatedBuildInputs = [ self."diazo-1.0.4" self."docutils-0.9.1" self."five.globalrequest-1.0" self."lxml-2.3.6" self."plone.app.registry-1.2.3" self."plone.resource-1.0.2" self."plone.resourceeditor-1.0" self."plone.subrequest-1.6.7" self."plone.transformchain-1.0.3" self."Products.CMFPlone-4.3.2" self."repoze.xmliter-0.5" self."roman-1.4.0" self.setuptools self."zope.traversing-3.13.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -3958,26 +4149,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.discussion-2.2.6" = self.buildPythonPackage {
-    name = "plone.app.discussion-2.2.6";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.discussion/plone.app.discussion-2.2.6.zip";
-        md5 = "36cf9cd22119282f49facd03fb3c2632";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."collective.monkeypatcher-1.0.1" self."plone.app.layout-2.3.5" self."plone.app.uuid-1.0" self."plone.app.z3cform-0.7.3" self."plone.indexer-1.0.2" self."plone.registry-1.0.1" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.site-3.9.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Enhanced discussion support for Plone
-        '';
-      homepage = "http://pypi.python.org/pypi/plone.app.discussion";
-      license = "GPL";
-    };
-  };
-
-
   "borg.localrole-3.0.2" = self.buildPythonPackage {
     name = "borg.localrole-3.0.2";
     src = fetchurl {
@@ -3986,7 +4157,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deferredimport-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.memoize-1.1.1" self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self."Products.PlonePAS-4.1.1" self."Products.PluggableAuthService-1.10.0" self.setuptools self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.deferredimport-3.5.3" self."zope.interface-3.6.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4006,7 +4177,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."ExtensionClass-2.13.2" self."Missing-2.13.1" self."Persistence-2.13.2" self."Products.ZCTextIndex-2.13.4" self."Record-2.13.0" self."RestrictedPython-3.6.0" self.setuptools self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.testing-3.9.7" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."ExtensionClass-2.13.2" self."Missing-2.13.1" self."Persistence-2.13.2" self."Products.ZCTextIndex-2.13.4" self."Record-2.13.0" self."RestrictedPython-3.6.0" self.setuptools self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.dottedname-3.4.6" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.testing-3.9.7" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4018,51 +4189,51 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.TinyMCE-1.3.4" = self.buildPythonPackage {
-    name = "Products.TinyMCE-1.3.4";
+  "plone.app.discussion-2.2.8" = self.buildPythonPackage {
+    name = "plone.app.discussion-2.2.8";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.TinyMCE/Products.TinyMCE-1.3.4.zip";
-        md5 = "e697dfdd72f3b6238e26908bb455d39a";
+        url = "https://pypi.python.org/packages/source/p/plone.app.discussion/plone.app.discussion-2.2.8.zip";
+        md5 = "97cc5b204076f8803fcdaccbf0565bb6";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.imaging-1.0.9" self."plone.app.layout-2.3.5" self."plone.caching-1.0" self."plone.namedfile__scales-2.0.2" self."plone.outputfilters-1.10" self."Products.Archetypes-1.9.1" self."Products.ResourceRegistries-2.2.9" self.setuptools self."zope.app.content-3.5.1" self."zope.schema-4.2.2" ];
+    propagatedBuildInputs = [ self."collective.monkeypatcher-1.0.1" self."plone.app.layout-2.3.7" self."plone.app.uuid-1.0" self."plone.app.z3cform-0.7.4" self."plone.indexer-1.0.2" self."plone.registry-1.0.1" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0.2" self."ZODB3-3.10.5" self."zope.annotation-3.5.0" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.site-3.9.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Adds support for TinyMCE, a platform independent web based Javascript HTML WYSIWYG editor, to Plone.
+        Enhanced discussion support for Plone
         '';
-      homepage = "http://plone.org/products/tinymce";
-      license = "LGPL";
+      homepage = "http://pypi.python.org/pypi/plone.app.discussion";
+      license = "GPL";
     };
   };
 
 
-  "python-openid-2.2.5" = self.buildPythonPackage {
-    name = "python-openid-2.2.5";
+  "Products.TinyMCE-1.3.5" = self.buildPythonPackage {
+    name = "Products.TinyMCE-1.3.5";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/python-openid/python-openid-2.2.5.tar.gz";
-        md5 = "393f48b162ec29c3de9e2973548ea50d";
+        url = "https://pypi.python.org/packages/source/P/Products.TinyMCE/Products.TinyMCE-1.3.5.zip";
+        md5 = "b972ff26c90d99c13ded0aeb33af2a2e";
     };
     doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [  ];
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."plone.app.imaging-1.0.9" self."plone.app.layout-2.3.7" self."plone.caching-1.0" self."plone.namedfile__scales-2.0.2" self."plone.outputfilters-1.11.1" self."Products.ResourceRegistries-2.2.9" self.setuptools self."zope.app.content-3.5.1" self."zope.schema-4.2.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        OpenID support for servers and consumers.
+        Adds support for TinyMCE, a platform independent web based Javascript HTML WYSIWYG editor, to Plone.
         '';
-      homepage = "http://github.com/openid/python-openid";
-      license = "UNKNOWN";
+      homepage = "http://plone.org/products/tinymce";
+      license = "LGPL";
     };
   };
 
 
-  "plone.supermodel-1.2.2" = self.buildPythonPackage {
-    name = "plone.supermodel-1.2.2";
+  "plone.supermodel-1.2.3" = self.buildPythonPackage {
+    name = "plone.supermodel-1.2.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.supermodel/plone.supermodel-1.2.2.zip";
-        md5 = "6e829dc362d6ff8e3c7696277e11e322";
+        url = "https://pypi.python.org/packages/source/p/plone.supermodel/plone.supermodel-1.2.3.zip";
+        md5 = "34610edccd7f93409b95a6b9ecd3da9e";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
@@ -4087,7 +4258,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Exceptions
@@ -4106,7 +4277,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."five.formlib-1.0.4" self."plone.app.controlpanel-2.3.6" self."plone.app.layout-2.3.5" self."plone.protect-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."five.formlib-1.0.4" self."plone.app.controlpanel-2.3.7" self."plone.app.layout-2.3.7" self."plone.protect-2.0.2" self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.statusmessages-4.0" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4118,42 +4289,42 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.z3cform-0.8.0" = self.buildPythonPackage {
-    name = "plone.z3cform-0.8.0";
+  "plone.app.caching-1.1.6" = self.buildPythonPackage {
+    name = "plone.app.caching-1.1.6";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.z3cform/plone.z3cform-0.8.0.zip";
-        md5 = "bdb23dd162544964d2f8f8f5f002e874";
+        url = "https://pypi.python.org/packages/source/p/plone.app.caching/plone.app.caching-1.1.6.zip";
+        md5 = "52f817d67e6da1508bf6f1486e5466d2";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.batching-1.0" self.setuptools self."z3c.form-3.0" self."zope.browserpage-3.12.2" self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.registry-1.2.3" self."plone.app.z3cform-0.7.4" self."plone.cachepurging-1.0.4" self."plone.caching-1.0" self."plone.memoize-1.1.1" self."plone.protect-2.0.2" self."plone.registry-1.0.1" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.4" self."Products.statusmessages-4.0" self."python-dateutil-1.5" self.setuptools self."z3c.form-3.0.2" self."z3c.zcmlhook-1.0b1" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        plone.z3cform is a library that allows use of z3c.form with Zope 2 and the CMF.
+        Plone UI and default rules for plone.caching/z3c.caching
         '';
-      homepage = "http://pypi.python.org/pypi/plone.z3cform";
-      license = "ZPL 2.1";
+      homepage = "http://pypi.python.org/pypi/plone.app.caching";
+      license = "GPL version 2";
     };
   };
 
 
-  "plone.app.caching-1.1.4" = self.buildPythonPackage {
-    name = "plone.app.caching-1.1.4";
+  "AccessControl-3.0.8" = self.buildPythonPackage {
+    name = "AccessControl-3.0.8";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.caching/plone.app.caching-1.1.4.zip";
-        md5 = "bbb46c9dc36f0ac6cc833ee152203a81";
+        url = "https://pypi.python.org/packages/source/A/AccessControl/AccessControl-3.0.8.zip";
+        md5 = "06bea3be59d1ce76c815661180b7ffd9";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.registry-1.2.3" self."plone.app.z3cform-0.7.3" self."plone.cachepurging-1.0.4" self."plone.caching-1.0" self."plone.memoize-1.1.1" self."plone.protect-2.0.2" self."plone.registry-1.0.1" self."Products.CMFCore-2.2.7" self."Products.CMFDynamicViewFTI-4.0.5" self."Products.GenericSetup-1.7.3" self."Products.statusmessages-4.0" self."python-dateutil-1.5" self.setuptools self."z3c.form-3.0" self."z3c.zcmlhook-1.0b1" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."Persistence-2.13.2" self."Record-2.13.0" self."RestrictedPython-3.6.0" self."transaction-1.1.1" self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.deferredimport-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.testing-3.9.7" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Plone UI and default rules for plone.caching/z3c.caching
+        Security framework for Zope2.
         '';
-      homepage = "http://pypi.python.org/pypi/plone.app.caching";
-      license = "GPL version 2";
+      homepage = "http://pypi.python.org/pypi/AccessControl";
+      license = "ZPL 2.1";
     };
   };
 
@@ -4167,7 +4338,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self."ExtensionClass-2.13.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Special Record objects used in Zope2.
@@ -4178,21 +4349,21 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "AccessControl-3.0.6" = self.buildPythonPackage {
-    name = "AccessControl-3.0.6";
+  "z3c.form-3.0.2" = self.buildPythonPackage {
+    name = "z3c.form-3.0.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/A/AccessControl/AccessControl-3.0.6.zip";
-        md5 = "a8ce472482adabf9ec969f3971a39a19";
+        url = "https://pypi.python.org/packages/source/z/z3c.form/z3c.form-3.0.2.zip";
+        md5 = "8eab166766c6ae2e44e40f54136b3f79";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."DateTime-3.0.3" self."ExtensionClass-2.13.2" self."Persistence-2.13.2" self."Record-2.13.0" self."RestrictedPython-3.6.0" self."transaction-1.1.1" self."zExceptions-2.13.0" self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.deferredimport-3.5.3" self."zope.interface-3.6.7" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.testing-3.9.7" ];
+    propagatedBuildInputs = [ self.setuptools self."six-1.2.0" self."zope.browser-1.3" self."zope.browserpage-3.12.2" self."zope.browserresource-3.10.3" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.contentprovider-3.7.2" self."zope.event-3.5.2" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.site-3.9.2" self."zope.traversing-3.13.2" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Security framework for Zope2.
+        An advanced form and widget framework for Zope 3
         '';
-      homepage = "http://pypi.python.org/pypi/AccessControl";
+      homepage = "https://launchpad.net/z3c.form";
       license = "ZPL 2.1";
     };
   };
@@ -4206,7 +4377,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.1" self."Products.GenericSetup-1.7.3" self."Products.PloneTestCase-0.9.17" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.testing-3.9.7" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFPlone-4.3.2" self."Products.GenericSetup-1.7.4" self."Products.PloneTestCase-0.9.17" self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.testing-3.9.7" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4238,42 +4409,42 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "zope.event-3.5.2" = self.buildPythonPackage {
-    name = "zope.event-3.5.2";
+  "pyquery-1.2.6" = self.buildPythonPackage {
+    name = "pyquery-1.2.6";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.event/zope.event-3.5.2.tar.gz";
-        md5 = "6e8af2a16157a74885d4f0d88137cefb";
+        url = "https://pypi.python.org/packages/source/p/pyquery/pyquery-1.2.6.zip";
+        md5 = "af51aa835f24eef06175c48dc1218029";
     };
-    doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    doCheck = true;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."cssselect-0.9" self."lxml-3.2.3" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        Very basic event publishing system
+        A jquery-like library for python
         '';
-      homepage = "http://pypi.python.org/pypi/zope.event";
-      license = "ZPL 2.1";
+      homepage = "https://github.com/gawel/pyquery";
+      license = "BSD";
     };
   };
 
 
-  "pyquery-1.2.4" = self.buildPythonPackage {
-    name = "pyquery-1.2.4";
+  "zope.event-3.5.2" = self.buildPythonPackage {
+    name = "zope.event-3.5.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/pyquery/pyquery-1.2.4.tar.gz";
-        md5 = "268f08258738d21bc1920d7522f2a63b";
+        url = "https://pypi.python.org/packages/source/z/zope.event/zope.event-3.5.2.tar.gz";
+        md5 = "6e8af2a16157a74885d4f0d88137cefb";
     };
-    doCheck = true;
+    doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."cssselect-0.8" self."lxml-3.2.3" ];
+    propagatedBuildInputs = [ self.setuptools ];
     installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        A jquery-like library for python
+        Very basic event publishing system
         '';
-      homepage = "https://github.com/gawel/pyquery";
-      license = "BSD";
+      homepage = "http://pypi.python.org/pypi/zope.event";
+      license = "ZPL 2.1";
     };
   };
 
@@ -4287,7 +4458,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Convenience uid/gid helper function used in Zope2.
@@ -4307,7 +4478,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self."ZConfig-2.9.1" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Daemon process control library and tools for Unix-based systems
@@ -4406,7 +4577,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.form-2.2.2" self."plone.app.portlets-2.4.4" self."plone.app.vocabularies-2.1.10" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self.setuptools ];
+    propagatedBuildInputs = [ self."plone.app.form-2.2.3" self."plone.app.portlets-2.4.5" self."plone.app.vocabularies-2.1.11" self."plone.memoize-1.1.1" self."plone.portlets-2.2" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4427,7 +4598,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Shared Zope Toolkit browser components
@@ -4438,15 +4609,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.collection-1.0.10" = self.buildPythonPackage {
-    name = "plone.app.collection-1.0.10";
+  "plone.app.collection-1.0.11" = self.buildPythonPackage {
+    name = "plone.app.collection-1.0.11";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.collection/plone.app.collection-1.0.10.zip";
-        md5 = "1042ac059be2311d4758452a3fa4f82e";
+        url = "https://pypi.python.org/packages/source/p/plone.app.collection/plone.app.collection-1.0.11.zip";
+        md5 = "3f97abc0cd5e370c4bbb1a73f7ee05a7";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."archetypes.querywidget-1.0.8" self."plone.app.contentlisting-1.0.4" self."plone.app.form-2.2.2" self."plone.app.portlets-2.4.4" self."plone.app.vocabularies-2.1.10" self."plone.portlet.collection-2.1.5" self."plone.portlets-2.2" self."Products.Archetypes-1.9.1" self."Products.CMFCore-2.2.7" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.validation-2.0" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."archetypes.querywidget-1.0.9" self."plone.app.contentlisting-1.0.5" self."plone.app.form-2.2.3" self."plone.app.portlets-2.4.5" self."plone.app.vocabularies-2.1.11" self."plone.portlet.collection-2.1.5" self."plone.portlets-2.2" self."Products.Archetypes-1.9.4" self."Products.CMFCore-2.2.7" self."Products.CMFQuickInstallerTool-3.0.6" self."Products.validation-2.0" self.setuptools self."transaction-1.1.1" self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4466,7 +4637,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.GenericSetup-1.7.3" self.setuptools self."Zope2-2.13.20" self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.CMFDefault-2.2.3" self."Products.GenericSetup-1.7.4" self.setuptools self."Zope2-2.13.21" self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4486,7 +4657,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.GenericSetup-1.7.3" self."Products.PluginRegistry-1.3" self.setuptools self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Products.GenericSetup-1.7.4" self."Products.PluginRegistry-1.3" self.setuptools self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4498,26 +4669,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Plone-4.3.1" = self.buildPythonPackage {
-    name = "Plone-4.3.1";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Plone/Plone-4.3.1.zip";
-        md5 = "faefd5d2044a9f7660fd18388fd71a4e";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.caching-1.1.4" self."plone.app.dexterity-2.0.8" self."plone.app.iterate-2.1.10" self."plone.app.openid-2.0.2" self."plone.app.theming-1.1.1" self."Products.CMFPlacefulWorkflow-1.5.9" self."Products.CMFPlone-4.3.1" self.setuptools self."wicked-1.1.10" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        The Plone Content Management System
-        '';
-      homepage = "http://plone.org/";
-      license = "GPL version 2";
-    };
-  };
-
-
   "wicked-1.1.10" = self.buildPythonPackage {
     name = "wicked-1.1.10";
     src = fetchurl {
@@ -4538,75 +4689,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "zope.broken-3.6.0" = self.buildPythonPackage {
-    name = "zope.broken-3.6.0";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/z/zope.broken/zope.broken-3.6.0.zip";
-        md5 = "eff24d7918099a3e899ee63a9c31bee6";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self.setuptools self."zope.interface-3.6.7" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Zope Broken Object Interfaces
-        '';
-      homepage = "http://pypi.python.org/pypi/zope.broken";
-      license = "ZPL 2.1";
-    };
-  };
-
-
-  "plone.formwidget.namedfile-1.0.6" = self.buildPythonPackage {
-    name = "plone.formwidget.namedfile-1.0.6";
+  "Products.GenericSetup-1.7.4" = self.buildPythonPackage {
+    name = "Products.GenericSetup-1.7.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.formwidget.namedfile/plone.formwidget.namedfile-1.0.6.zip";
-        md5 = "afd20f030906a72fca7548876bdcbb48";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.namedfile__scales-2.0.2" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Image widget for z3c.form and Plone
-        '';
-      homepage = "http://pypi.python.org/pypi/plone.formwidget.namedfile";
-      license = "GPL";
-    };
-  };
-
-
-  "plone.app.viewletmanager-2.0.3" = self.buildPythonPackage {
-    name = "plone.app.viewletmanager-2.0.3";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.viewletmanager/plone.app.viewletmanager-2.0.3.zip";
-        md5 = "1dbc51c7664ce3e6ca4dcca1b7b86082";
-    };
-    doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.vocabularies-2.1.10" self."Products.GenericSetup-1.7.3" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.contentprovider-3.7.2" self."zope.interface-3.6.7" self."zope.site-3.9.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        configurable viewlet manager
-        '';
-      homepage = "http://pypi.python.org/pypi/plone.app.viewletmanager";
-      license = "GPL version 2";
-    };
-  };
-
-
-  "Products.GenericSetup-1.7.3" = self.buildPythonPackage {
-    name = "Products.GenericSetup-1.7.3";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.GenericSetup/Products.GenericSetup-1.7.3.tar.gz";
-        md5 = "c48967c81c880ed33ee16a14caab3b11";
+        url = "https://pypi.python.org/packages/source/P/Products.GenericSetup/Products.GenericSetup-1.7.4.tar.gz";
+        md5 = "f93251ed519e8c4aea0bc001416027b1";
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."five.localsitemanager-2.0.5" self.setuptools self."zope.formlib-4.0.6" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."five.localsitemanager-2.0.5" self.setuptools self."zope.formlib-4.0.6" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4618,35 +4709,35 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.jquery-1.7.2" = self.buildPythonPackage {
-    name = "plone.app.jquery-1.7.2";
+  "plone.app.viewletmanager-2.0.4" = self.buildPythonPackage {
+    name = "plone.app.viewletmanager-2.0.4";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.jquery/plone.app.jquery-1.7.2.tar.gz";
-        md5 = "e204cf45456d26217263531832b5bdac";
+        url = "https://pypi.python.org/packages/source/p/plone.app.viewletmanager/plone.app.viewletmanager-2.0.4.zip";
+        md5 = "565a12ac71d20b2823b9e44daebe432f";
     };
     doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools ];
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."plone.app.vocabularies-2.1.11" self."Products.GenericSetup-1.7.4" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.contentprovider-3.7.2" self."zope.interface-3.6.7" self."zope.site-3.9.2" self."zope.viewlet-3.7.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        jQuery integration for Plone
+        configurable viewlet manager
         '';
-      homepage = "http://pypi.python.org/pypi/plone.app.jquery";
+      homepage = "http://pypi.python.org/pypi/plone.app.viewletmanager";
       license = "GPL version 2";
     };
   };
 
 
-  "plone.schemaeditor-1.3.2" = self.buildPythonPackage {
-    name = "plone.schemaeditor-1.3.2";
+  "plone.schemaeditor-1.3.3" = self.buildPythonPackage {
+    name = "plone.schemaeditor-1.3.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.schemaeditor/plone.schemaeditor-1.3.2.zip";
-        md5 = "ab9cb4e929f305063dc8f33e9a33fd21";
+        url = "https://pypi.python.org/packages/source/p/plone.schemaeditor/plone.schemaeditor-1.3.3.zip";
+        md5 = "25a04a0bf6cd6411669dd3850a1d04b8";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.autoform-1.4" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."plone.autoform-1.5" self."plone.z3cform-0.8.0" self.setuptools self."z3c.form-3.0.2" self."zope.component__zcml-3.9.5" self."zope.container-3.11.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4667,7 +4758,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         StructuredText parser
@@ -4707,7 +4798,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [  ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         ZODB undo support for Zope2.
@@ -4727,7 +4818,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.proxy-3.6.1" self."zope.publisher-3.12.6" self."zope.security__untrustedpython-3.7.4" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Resolving paths in the object hierarchy
@@ -4747,7 +4838,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.location-3.9.1" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.tales-3.5.3" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Content Provider Framework for Zope Templates
@@ -4778,26 +4869,6 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.CMFCore-2.2.7" = self.buildPythonPackage {
-    name = "Products.CMFCore-2.2.7";
-    src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.CMFCore/Products.CMFCore-2.2.7.tar.gz";
-        md5 = "9320a4023b8575097feacfd4a400e930";
-    };
-    doCheck = false;
-    buildInputs = [  ];
-    propagatedBuildInputs = [ self."five.localsitemanager-2.0.5" self."Products.GenericSetup-1.7.3" self."Products.ZSQLMethods-2.13.4" self.setuptools self."zope.app.publication-3.12.0" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
-    meta = {
-      description = ''
-        Zope Content Management Framework core components
-        '';
-      homepage = "http://pypi.python.org/pypi/Products.CMFCore";
-      license = "ZPL 2.1 (http://www.zope.org/Resources/License/ZPL-2.1)";
-    };
-  };
-
-
   "plone.scale__storage-1.3.2" = self.buildPythonPackage {
     name = "plone.scale__storage-1.3.2";
     src = fetchurl {
@@ -4818,22 +4889,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.portlet.static-2.0.2" = self.buildPythonPackage {
-    name = "plone.portlet.static-2.0.2";
+  "zope.browserpage-3.12.2" = self.buildPythonPackage {
+    name = "zope.browserpage-3.12.2";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.portlet.static/plone.portlet.static-2.0.2.zip";
-        md5 = "ec0dc691b4191a41ff97779b117f9985";
+        url = "https://pypi.python.org/packages/source/z/zope.browserpage/zope.browserpage-3.12.2.tar.gz";
+        md5 = "a543ef3cb1b42f7233b3fca23dc9ea60";
     };
     doCheck = false;
-    buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.form-2.2.2" self."plone.app.portlets-2.4.4" self."plone.i18n-2.0.8" self."plone.portlets-2.2" self.setuptools self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."Zope2-2.13.20" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    buildInputs = [  ];
+    propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.configuration-3.7.4" self."zope.interface-3.6.7" self."zope.pagetemplate-3.6.3" self."zope.publisher-3.12.6" self."zope.schema-4.2.2" self."zope.security__untrustedpython-3.7.4" self."zope.traversing-3.13.2" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
-        A simple static HTML portlet for Plone.
+        ZCML directives for configuring browser views for Zope.
         '';
-      homepage = "http://pypi.python.org/pypi/plone.portlet.static";
-      license = "GPL version 2";
+      homepage = "http://pypi.python.org/pypi/zope.browserpage/";
+      license = "ZPL 2.1";
     };
   };
 
@@ -4898,15 +4969,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "archetypes.querywidget-1.0.8" = self.buildPythonPackage {
-    name = "archetypes.querywidget-1.0.8";
+  "archetypes.querywidget-1.0.9" = self.buildPythonPackage {
+    name = "archetypes.querywidget-1.0.9";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/a/archetypes.querywidget/archetypes.querywidget-1.0.8.zip";
-        md5 = "3416b6b4948c624e1b5b8dd8d7e33f59";
+        url = "https://pypi.python.org/packages/source/a/archetypes.querywidget/archetypes.querywidget-1.0.9.zip";
+        md5 = "67e51c20990bb3eefbc9e8e953d7c9f5";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."plone.app.jquerytools-1.5.5" self."plone.app.querystring-1.0.8" self.setuptools ];
+    propagatedBuildInputs = [ self."plone.app.jquerytools-1.5.6" self."plone.app.querystring-1.0.8" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4926,7 +4997,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.GenericSetup-1.7.3" self.setuptools self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Products.GenericSetup-1.7.4" self.setuptools self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -4967,7 +5038,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self."ZConfig-2.9.1" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         A general logging facility
@@ -4987,7 +5058,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools self."zope.component__zcml-3.9.5" self."zope.interface-3.6.7" self."zope.proxy-3.6.1" self."zope.schema-4.2.2" ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Zope Location
@@ -5078,15 +5149,15 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.vocabularies-2.1.10" = self.buildPythonPackage {
-    name = "plone.app.vocabularies-2.1.10";
+  "plone.app.vocabularies-2.1.11" = self.buildPythonPackage {
+    name = "plone.app.vocabularies-2.1.11";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.vocabularies/plone.app.vocabularies-2.1.10.tar.gz";
-        md5 = "166a0d6f9a3e3cd753efa56aaef585be";
+        url = "https://pypi.python.org/packages/source/p/plone.app.vocabularies/plone.app.vocabularies-2.1.11.tar.gz";
+        md5 = "08c773a5093780aaa27709a890f1e21f";
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self."Products.CMFCore-2.2.7" self.setuptools self."zope.browser-1.3" self."zope.component__zcml-3.9.5" self."zope.formlib-4.0.6" self."zope.i18n__zcml-3.7.4" self."zope.i18nmessageid-3.5.3" self."zope.interface-3.6.7" self."zope.schema-4.2.2" self."zope.site-3.9.2" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -5098,6 +5169,26 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
+  "DocumentTemplate-2.13.2" = self.buildPythonPackage {
+    name = "DocumentTemplate-2.13.2";
+    src = fetchurl {
+        url = "https://pypi.python.org/packages/source/D/DocumentTemplate/DocumentTemplate-2.13.2.zip";
+        md5 = "07bb086c77c1dfe94125ad2efbba94b7";
+    };
+    doCheck = false;
+    buildInputs = [ pkgs.unzip ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self."Acquisition-2.13.8" self."ExtensionClass-2.13.2" self."RestrictedPython-3.6.0" self."zExceptions-2.13.0" self."zope.sequencesort-3.4.0" self."zope.structuredtext-3.5.1" ];
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
+    meta = {
+      description = ''
+        Document Templating Markup Language (DTML)
+        '';
+      homepage = "http://pypi.python.org/pypi/DocumentTemplate";
+      license = "ZPL 2.1";
+    };
+  };
+
+
   "plone.registry-1.0.1" = self.buildPythonPackage {
     name = "plone.registry-1.0.1";
     src = fetchurl {
@@ -5126,7 +5217,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."AccessControl-3.0.8" self.setuptools self."transaction-1.1.1" self."ZODB3-3.10.5" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -5147,7 +5238,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     doCheck = false;
     buildInputs = [  ];
     propagatedBuildInputs = [ self.setuptools ];
-    installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
+    installCommand = ''easy_install --always-unzip --prefix="$out" .'';
     meta = {
       description = ''
         Message Identifiers for internationalization
@@ -5158,11 +5249,11 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "plone.app.linkintegrity-1.5.2" = self.buildPythonPackage {
-    name = "plone.app.linkintegrity-1.5.2";
+  "plone.app.linkintegrity-1.5.3" = self.buildPythonPackage {
+    name = "plone.app.linkintegrity-1.5.3";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/p/plone.app.linkintegrity/plone.app.linkintegrity-1.5.2.zip";
-        md5 = "f97c61da9f243391cafdfe3fe1cf6d6c";
+        url = "https://pypi.python.org/packages/source/p/plone.app.linkintegrity/plone.app.linkintegrity-1.5.3.zip";
+        md5 = "f2eed92f433fe73b4056d3ba48ba8eb0";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
@@ -5186,7 +5277,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [  ];
-    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.3" self.setuptools self."eggtestinfo-0.3" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self.setuptools self."eggtestinfo-0.3" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -5226,7 +5317,7 @@ development, check it into Subversion, and not touch Diazo during deployment.
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."Acquisition-2.13.8" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.20" ];
+    propagatedBuildInputs = [ self."Acquisition-2.13.8" self.setuptools self."ZODB3-3.10.5" self."zope.component__zcml-3.9.5" self."zope.event-3.5.2" self."zope.interface-3.6.7" self."zope.lifecycleevent-3.6.2" self."zope.location-3.9.1" self."zope.site-3.9.2" self."zope.testing-3.9.7" self."Zope2-2.13.21" ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
@@ -5238,22 +5329,22 @@ development, check it into Subversion, and not touch Diazo during deployment.
   };
 
 
-  "Products.PythonScripts-2.13.2" = self.buildPythonPackage {
-    name = "Products.PythonScripts-2.13.2";
+  "plone.outputfilters-1.11.1" = self.buildPythonPackage {
+    name = "plone.outputfilters-1.11.1";
     src = fetchurl {
-        url = "https://pypi.python.org/packages/source/P/Products.PythonScripts/Products.PythonScripts-2.13.2.zip";
-        md5 = "04c86f2c45a29a162297a80dac61d14f";
+        url = "https://pypi.python.org/packages/source/p/plone.outputfilters/plone.outputfilters-1.11.1.zip";
+        md5 = "6b7506f09ad98621f8bb388c55183d6d";
     };
     doCheck = false;
     buildInputs = [ pkgs.unzip ];
-    propagatedBuildInputs = [ self."AccessControl-3.0.6" self."Acquisition-2.13.8" self."DateTime-3.0.3" self."DocumentTemplate-2.13.2" self."RestrictedPython-3.6.0" self.setuptools self."zExceptions-2.13.0" ];
+    propagatedBuildInputs = [ self."Products.CMFCore-2.2.7" self."Products.GenericSetup-1.7.4" self."Products.MimetypesRegistry-2.0.5" self."Products.PortalTransforms-2.1.2" self.setuptools ];
     installCommand = ''easy_install --always-unzip --no-deps --prefix="$out" .'';
     meta = {
       description = ''
-        Provides support for restricted execution of Python scripts in Zope 2.
+        Transformations applied to HTML in Plone text fields as they are rendered
         '';
-      homepage = "http://pypi.python.org/pypi/Products.PythonScripts";
-      license = "ZPL 2.1";
+      homepage = "http://github.com/plone/plone.outputfilters";
+      license = "GPL";
     };
   };
 
diff --git a/pkgs/top-level/python-packages.json b/pkgs/top-level/python-packages.json
index a87f7eb78bec..aefd911a5583 100644
--- a/pkgs/top-level/python-packages.json
+++ b/pkgs/top-level/python-packages.json
@@ -82,7 +82,7 @@
     }
   },
   { "name": "Plone",
-    "extends": "http://dist.plone.org/release/4.3.1/versions.cfg",
+    "extends": "http://dist.plone.org/release/4.3.2/versions.cfg",
     "doCheck": false,
     "installCommand": "easy_install --always-unzip --no-deps --prefix=\"$out\" .",
     "override": {
@@ -123,7 +123,17 @@
       }
     }
   },
-  { "name": "Distutils2",
+  { "name": "plone.recipe.zope2instance",
+    "extends": "http://dist.plone.org/release/4.3.2/versions.cfg",
+    "doCheck": false
+  },
+  { "name": "RelStorage",
+    "extends": "http://dist.plone.org/release/4.3.2/versions.cfg",
+    "doCheck": false
+  },
+  { "name": "psycopg2",
+    "buildInputs": [ "pkgs.postgresql" ],
     "doCheck": false
   }
+
 ]
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index cb77e11babd0..3dc6a36bb7e0 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5,7 +5,7 @@ isPy26 = python.majorVersion == "2.6";
 isPy27 = python.majorVersion == "2.7";
 optional = pkgs.lib.optional;
 optionals = pkgs.lib.optionals;
-modules = python.modules or { readline = null; sqlite3 = null; curses = null; ssl = null; crypt = null; };
+modules = python.modules or { readline = null; sqlite3 = null; curses = null; curses_panel = null; ssl = null; crypt = null; };
 
 pythonPackages = modules // import ./python-packages-generated.nix {
   inherit pkgs python;
@@ -131,6 +131,61 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
   # packages defined here
 
+  aafigure = buildPythonPackage rec {
+    name = "aafigure-0.5";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/a/aafigure/${name}.tar.gz";
+      md5 = "5322888a21eb0bb2e749fbf98eddf574";
+    };
+
+    propagatedBuildInputs = [ pillow ];
+
+    # error: invalid command 'test'
+    doCheck = false;
+
+    # Fix impurity. TODO: Do the font lookup using fontconfig instead of this
+    # manual method. Until that is fixed, we get this whenever we run aafigure:
+    #   WARNING: font not found, using PIL default font
+    patchPhase = ''
+      sed -i "s|/usr/share/fonts|/nonexisting-fonts-path|" aafigure/PILhelper.py
+    '';
+
+    meta = with stdenv.lib; {
+      description = "ASCII art to image converter";
+      homepage = https://launchpad.net/aafigure/;
+      license = licenses.bsd2;
+      platforms = platforms.linux;
+      maintainers = [ maintainers.bjornfor ];
+    };
+  };
+
+
+  actdiag = buildPythonPackage rec {
+    name = "actdiag-0.4.3";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/a/actdiag/${name}.tar.gz";
+      md5 = "428aaab849f04668fa12388b964a56ea";
+    };
+
+    buildInputs = [ pep8 nose unittest2 docutils ];
+
+    propagatedBuildInputs = [ blockdiag ];
+
+    # One test fails, because of missing simple.diag input file
+    doCheck = false;
+
+    meta = with stdenv.lib; {
+      description = "Generate activity-diagram image from spec-text file (similar to Graphviz)";
+      homepage = http://blockdiag.com/;
+      license = licenses.asl20;
+      platforms = platforms.linux;
+      maintainers = [ maintainers.bjornfor ];
+    };
+  };
+
+
   afew = buildPythonPackage rec {
     rev = "6bb3915636aaf86f046a017ffffd9a4ef395e199";
     name = "afew-1.0_${rev}";
@@ -159,6 +214,25 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  alembic = buildPythonPackage rec {
+    name = "alembic-0.6.0";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/a/alembic/${name}.tar.gz";
+      md5 = "084fe81b48ebae43b0f6031af68a03d6";
+    };
+
+    buildInputs = [ nose ];
+    propagatedBuildInputs = [ Mako sqlalchemy ];
+
+    meta = {
+      homepage = http://bitbucket.org/zzzeek/alembic;
+      description = "A database migration tool for SQLAlchemy.";
+      license = stdenv.lib.licenses.mit;
+    };
+  };
+
+
   almir = buildPythonPackage rec {
     name = "almir-0.1.8";
 
@@ -491,6 +565,34 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+
+  blockdiag = buildPythonPackage rec {
+    name = "blockdiag-1.2.4";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/b/blockdiag/${name}.tar.gz";
+      md5 = "244334f60cc10b0cb73b5df5279bcdd1";
+    };
+
+    buildInputs = [ pep8 nose unittest2 docutils ];
+
+    propagatedBuildInputs = [ pil webcolors funcparserlib ];
+
+    # One test fails:
+    #   ...
+    #   FAIL: test_auto_font_detection (blockdiag.tests.test_boot_params.TestBootParams)
+    doCheck = false;
+
+    meta = with stdenv.lib; {
+      description = "Generate block-diagram image from spec-text file (similar to Graphviz)";
+      homepage = http://blockdiag.com/;
+      license = licenses.asl20;
+      platforms = platforms.linux;
+      maintainers = [ maintainers.bjornfor ];
+    };
+  };
+
+
   bpython = buildPythonPackage rec {
      name = "bpython-0.12";
      src = fetchurl {
@@ -834,6 +936,29 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+
+  ColanderAlchemy = buildPythonPackage rec {
+    name = "ColanderAlchemy-0.2.0";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/C/ColanderAlchemy/${name}.tar.gz";
+      md5 = "b054837bd2753cbf15f7d5028cba421b";
+    };
+
+    buildInputs = [ unittest2 ];
+    propagatedBuildInputs = [ colander sqlalchemy8 ];
+
+    # string: argument name cannot be overridden via info kwarg.
+    doCheck = false;
+
+    meta = {
+      description = "Autogenerate Colander schemas based on SQLAlchemy models.";
+      homepage = https://github.com/stefanofontanelli/ColanderAlchemy;
+      license = pkgs.lib.licenses.mit;
+    };
+  };
+
+
   configobj = buildPythonPackage (rec {
     name = "configobj-4.7.2";
 
@@ -991,10 +1116,31 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       md5 = "18f150e7be96b5fe3c388b0e817b8087";
     };
 
-    buildInputs = [ py ];
+    propagatedBuildInputs = [ pythonPackages.py ]
+      ++ stdenv.lib.optional
+        pkgs.config.pythonPackages.pytest.selenium or false
+        pythonPackages.selenium;
+
+    meta = with stdenv.lib; {
+      maintainers = with maintainers; [ iElectric lovek323 ];
+      platforms   = platforms.unix;
+    };
+  };
+
+  pytest_xdist = buildPythonPackage rec {
+    name = "pytest-xdist-1.8";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/p/pytest-xdist/pytest-xdist-1.8.zip";
+      md5 = "9c0b8efe9d43b460f8cf049fa46ce14d";
+    };
+
+    buildInputs = [ pkgs.unzip pytest ];
+    propagatedBuildInputs = [ execnet ];
 
     meta = {
-      maintainers = [ stdenv.lib.maintainers.iElectric ];
+      description = "py.test xdist plugin for distributed testing and loop-on-failing modes";
+      homepage = http://bitbucket.org/hpk42/pytest-xdist;
     };
   };
 
@@ -1201,6 +1347,7 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       homepage = http://pythonhosted.org/evdev;
       license = licenses.bsd3;
       maintainers = [ maintainers.goibhniu ];
+      platforms = stdenv.lib.platforms.linux;
     };
   };
 
@@ -1239,6 +1386,53 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  execnet = buildPythonPackage rec {
+    name = "execnet-1.1";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/e/execnet/${name}.zip";
+      md5 = "be885ccd9612966bb81839670d2da099";
+    };
+
+    buildInputs = [ pkgs.unzip ];
+
+    meta = {
+      description = "rapid multi-Python deployment";
+      license = stdenv.lib.licenses.gpl2;
+    };
+  };
+
+  faker = buildPythonPackage rec {
+    name = "faker-0.0.4";
+    src = fetchurl {
+      url = https://pypi.python.org/packages/source/F/Faker/Faker-0.0.4.tar.gz;
+      sha256 = "09q5jna3j8di0gw5yjx0dvlndkrk2x9vvqzwyfsvg3nlp8h38js1";
+    };
+    buildInputs = [ nose ];
+    meta = with stdenv.lib; {
+      description = "A Python library for generating fake user data.";
+      homepage    = http://pypi.python.org/pypi/Faker;
+      license     = licenses.mit;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+  };
+
+  fake_factory = buildPythonPackage rec {
+    name = "fake-factory-0.2";
+    src = fetchurl {
+      url = https://pypi.python.org/packages/source/f/fake-factory/fake-factory-0.2.tar.gz;
+      sha256 = "0qdmk8p4anrj9mf95dh9v7bkhv1pz69hvhlw380kj4iz7b44b6zn";
+    };
+    meta = with stdenv.lib; {
+      description = "A Python package that generates fake data for you.";
+      homepage    = https://pypi.python.org/pypi/fake-factory;
+      license     = licenses.mit;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+  };
+
   fabric = buildPythonPackage rec {
     name = "fabric-1.6.1";
     src = fetchurl {
@@ -1260,6 +1454,23 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  funcparserlib = buildPythonPackage rec {
+    name = "funcparserlib-0.3.6";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/f/funcparserlib/${name}.tar.gz";
+      md5 = "3aba546bdad5d0826596910551ce37c0";
+    };
+
+    meta = with stdenv.lib; {
+      description = "Recursive descent parsing library based on functional combinators";
+      homepage = https://code.google.com/p/funcparserlib/;
+      license = licenses.mit;
+      platforms = platforms.linux;
+    };
+  };
+
+
   googlecl = buildPythonPackage rec {
     version = "0.9.14";
     name    = "googlecl-${version}";
@@ -1280,6 +1491,21 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     propagatedBuildInputs = [ gdata ];
   };
 
+  gtimelog = buildPythonPackage rec {
+    name = "gtimelog-0.8.1";
+    src = fetchurl {
+      url = https://launchpad.net/gtimelog/devel/0.8.1/+download/gtimelog-0.8.1.tar.gz;
+      sha256 = "010sbw4rmslf5ifg9bgicn0f6mgsy76v8218xi0jndi9z6pva7y6";
+    };
+    propagatedBuildInputs = [ pygtk ];
+    meta = with stdenv.lib; {
+      description = "A small Gtk+ app for keeping track of your time. It's main goal is to be as unintrusive as possible.";
+      homepage = http://mg.pov.lt/gtimelog/;
+      license = licenses.gpl2Plus;
+      maintainers = [ maintainers.ocharles ];
+      platforms = platforms.unix;
+    };
+  };
 
   logilab_astng = buildPythonPackage rec {
     name = "logilab-astng-0.24.1";
@@ -1337,11 +1563,11 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
 
   pudb = buildPythonPackage rec {
-    name = "pudb-2013.1";
+    name = "pudb-2013.3.6";
 
     src = fetchurl {
-      url = "http://pypi.python.org/packages/source/p/pudb/${name}.tar.gz";
-      md5 = "f94922aba7f862f13886457dc3fadc6a";
+      url = "https://pypi.python.org/packages/source/p/pudb/${name}.tar.gz";
+      md5 = "063030763bf914166a0b2bc8c011143b";
     };
 
     propagatedBuildInputs = [ pythonPackages.pygments pythonPackages.urwid ];
@@ -1467,6 +1693,24 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  pyramid_multiauth = buildPythonPackage rec {
+    name = "pyramid_multiauth-${version}";
+    version = "0.3.2";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/p/pyramid_multiauth/${name}.tar.gz";
+      md5 = "044e423abc4fb76937ac0c21c1205e9c";
+    };
+
+    propagatedBuildInputs = [ pyramid ];
+
+    meta = with stdenv.lib; {
+      description = "Authentication policy for Pyramid that proxies to a stack of other authentication policies";
+      homepage = https://github.com/mozilla-services/pyramid_multiauth;
+    };
+  };
+
+
   raven = buildPythonPackage rec {
     name = "raven-3.4.1";
 
@@ -1607,6 +1851,7 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     src = fetchgit {
       inherit rev;
       url = "https://github.com/Pylons/substanced.git";
+      sha256 = "eded6468563328af37a07aeb88ef81ed78ccaff2ab687cac34ad2b36e19abcb4";
     };
 
     buildInputs = [ mock ];
@@ -2055,6 +2300,27 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  ecdsa = buildPythonPackage rec {
+    name = "ecdsa-${version}";
+    version = "0.10";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/e/ecdsa/${name}.tar.gz";
+      md5 = "e95941b3bcbf1726472bb724d7478551";
+    };
+
+    # Only needed for tests
+    buildInputs = [ pkgs.openssl ];
+
+    meta = {
+      description = "ECDSA cryptographic signature library";
+      homepage = "https://github.com/warner/python-ecdsa";
+      license = stdenv.lib.licenses.mit;
+      maintainers = [ stdenv.lib.maintainers.aszlig ];
+    };
+  };
+
+
   elpy = buildPythonPackage rec {
     name = "elpy-1.0.1";
     src = fetchurl {
@@ -2189,17 +2455,18 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
-
-  flexget = buildPythonPackage (rec {
-    name = "FlexGet-1.0.3353";
+  flexget = buildPythonPackage rec {
+    name = "FlexGet-1.1.121";
 
     src = fetchurl {
-      url = "http://download.flexget.com/archive/${name}.tar.gz";
-      md5 = "cffc4e51b5c5efddb339d265524e46b8";
+      url = "https://pypi.python.org/packages/source/F/FlexGet/${name}.tar.gz";
+      md5 = "44521bcbc2c1e941b656ecfa358adcaa";
     };
 
     buildInputs = [ nose ];
-    propagatedBuildInputs = [ beautifulsoup4 pyrss2gen feedparser pynzb html5lib dateutil beautifulsoup flask jinja2 requests sqlalchemy pyyaml cherrypy progressbar deluge ];
+    propagatedBuildInputs = [ beautifulsoup4 pyrss2gen feedparser pynzb html5lib dateutil
+        beautifulsoup flask jinja2 requests sqlalchemy pyyaml cherrypy progressbar deluge
+        python_tvrage jsonschema ];
 
     meta = {
       homepage = http://flexget.com/;
@@ -2207,8 +2474,51 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       license = stdenv.lib.licenses.mit;
       maintainers = [ stdenv.lib.maintainers.iElectric ];
     };
+  };
+
+  python_tvrage = buildPythonPackage (rec {
+    version = "0.4.1";
+    name = "tvrage-${version}";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/p/python-tvrage/python-tvrage-${version}.tar.gz";
+      md5 = "cdfec252158c5047b626861900186dfb";
+    };
+
+    # has mostly networking dependent tests
+    doCheck = false;
+    propagatedBuildInputs = [ beautifulsoup ];
+
+    meta = {
+      homepage = https://github.com/ckreutzer/python-tvrage;
+      description = "Client interface for tvrage.com's XML-based api feeds";
+      license = stdenv.lib.licenses.bsd3;
+      maintainers = [ stdenv.lib.maintainers.iElectric ];
+    };
   });
 
+  jsonschema = buildPythonPackage (rec {
+    version = "2.0.0";
+    name = "jsonschema-${version}";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/j/jsonschema/jsonschema-${version}.tar.gz";
+      md5 = "1793d97a668760ef540fadd342aa08e5";
+    };
+
+    buildInputs = [ nose mock ];
+
+    checkPhase = ''
+      nosetests
+    '';
+
+    meta = {
+      homepage = https://github.com/Julian/jsonschema;
+      description = "An implementation of JSON Schema validation for Python";
+      license = stdenv.lib.licenses.mit;
+      maintainers = [ stdenv.lib.maintainers.iElectric ];
+    };
+  });
 
   flup = buildPythonPackage (rec {
     name = "flup-1.0.2";
@@ -2389,6 +2699,31 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+  glances = buildPythonPackage rec {
+    name = "glances-${meta.version}";
+
+    src = fetchurl {
+      url = "https://github.com/nicolargo/glances/archive/v${meta.version}.tar.gz";
+      sha256 = "0g2yg9qf7qgjwv13x0rx51rzhn99pcmjpb3vk0g3gmmdsqyqi0d6";
+    };
+
+    buildInputs = [ pkgs.hddtemp ];
+
+    propagatedBuildInputs = [ psutil jinja2 modules.curses modules.curses_panel];
+
+    doCheck = false;
+
+    preConfigure = ''
+      sed -i -r -e '/data_files.append[(][(](conf|etc)_path/ietc_path="etc/glances"; conf_path="etc/glances"' setup.py;
+    '';
+
+    meta = {
+      version = "1.7.1";
+      homepage = "http://nicolargo.github.io/glances/";
+      description = "Cross-platform curses-based monitoring tool";
+    };
+  };
+
 
   greenlet = buildPythonPackage rec {
     name = "greenlet-0.3.1";
@@ -2406,24 +2741,23 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
 
   gyp = buildPythonPackage rec {
-    rev = "1635";
+    rev = "1738";
     name = "gyp-r${rev}";
 
     src = fetchsvn {
       url = "http://gyp.googlecode.com/svn/trunk";
       inherit rev;
-      sha256 = "1hn5gxgj2z399f71kz11m61ifds7mx4zkymnd1c87k1wyp7bs5k5";
+      sha256 = "155k7v6453j2kg02xqfqbkzkbaqc8aynxs2k462jmrp638vxia9s";
     };
 
-   patches = if pkgs.stdenv.isDarwin then [ ../development/python-modules/gyp/no-xcode.patch ../development/python-modules/gyp/no-darwin-cflags.patch ] else null;
-
-    # error: invalid command 'test'
-    doCheck = false;
-
-    postUnpack = "find . -print0 | xargs -0 touch";
+    patches = optionals pkgs.stdenv.isDarwin [
+      ../development/python-modules/gyp/no-xcode.patch
+      ../development/python-modules/gyp/no-darwin-cflags.patch
+    ];
 
     meta = {
       homepage = http://code.google.com/p/gyp;
+      license = stdenv.lib.licenses.bsd3;
       description = "Generate Your Projects";
     };
   };
@@ -2431,12 +2765,12 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
   hetzner = buildPythonPackage rec {
     name = "hetzner-${version}";
-    version = "0.5.0";
+    version = "0.6.0";
 
     src = fetchurl {
       url = "https://github.com/RedMoonStudios/hetzner/archive/"
           + "v${version}.tar.gz";
-      sha256 = "0i8b2nx4mf87qn4zz7kz321cl1bxlvjdwm7yh8md5hrhqbya4jw5";
+      sha256 = "1cgi77f453ahw3ad6hvqwbyp6fwnh90rlzfgl9cp79wg58wyar4w";
     };
 
     # not there yet, but coming soon.
@@ -2451,6 +2785,28 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  htmllaundry = buildPythonPackage rec {
+    name = "htmllaundry-2.0";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/h/htmllaundry/${name}.tar.gz";
+      md5 = "6db6909de76c4b259e65d90b5debdbda";
+    };
+
+    buildInputs = [ nose ];
+    propagatedBuildInputs = [ six lxml ];
+
+    # some tests fail, probably because of changes in lxml
+    # not relevant for me, if releavnt for you, fix it...
+    doCheck = false;
+
+    meta = {
+      description = "Simple HTML cleanup utilities";
+      license = stdenv.lib.licenses.bsd3;
+    };
+  };
+
+
   html5lib = buildPythonPackage (rec {
     name = "html5lib-0.95";
 
@@ -2553,10 +2909,10 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
   ipdbplugin = buildPythonPackage {
-    name = "ipdbplugin-1.2";
+    name = "ipdbplugin-1.4";
     src = fetchurl {
-      url = "https://pypi.python.org/packages/source/i/ipdbplugin/ipdbplugin-1.2.tar.gz";
-      md5 = "39169b00a2186b99469249c5b0613753";
+      url = "https://pypi.python.org/packages/source/i/ipdbplugin/ipdbplugin-1.4.tar.gz";
+      md5 = "f9a41512e5d901ea0fa199c3f648bba7";
     };
     propagatedBuildInputs = [ pythonPackages.nose pythonPackages.ipython ];
   };
@@ -2999,6 +3355,25 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+
+  memory_profiler = buildPythonPackage rec {
+    name = "memory_profiler-0.27";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/m/memory_profiler/memory_profiler-0.27.tar.gz";
+      md5 = "212c0d7452dbaffb6b09474ac07b0668";
+    };
+
+    # error: invalid command 'test'
+    doCheck = false;
+
+    meta = {
+      description = "A module for monitoring memory usage of a python program";
+      homepage = http://pypi.python.org/pypi/memory_profiler;
+    };
+  };
+
+
   mitmproxy = buildPythonPackage rec {
     baseName = "mitmproxy";
     name = "${baseName}-${meta.version}";
@@ -3334,17 +3709,14 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   });
 
   nose = buildPythonPackage rec {
-    name = "nose-1.3.0";
+    version = "1.3.0";
+    name = "nose-${version}";
 
     src = fetchurl {
       url = "http://pypi.python.org/packages/source/n/nose/${name}.tar.gz";
       sha256 = "0q2j9zz39h3liwbp6lb94kl3sxb9z9rbwh5dzyccyxfy4lrwqqsf";
     };
 
-    meta = {
-      description = "A unittest-based testing framework for python that makes writing and running tests easier";
-    };
-
     buildInputs = [ coverage ];
 
     doCheck = ! stdenv.isDarwin;
@@ -3353,6 +3725,10 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     '' else "" + ''
       ${python}/bin/${python.executable} selftest.py
     '';
+
+    meta = {
+      description = "A unittest-based testing framework for python that makes writing and running tests easier";
+    };
   };
 
   nose2 = if isPy26 then null else (buildPythonPackage rec {
@@ -3488,6 +3864,32 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   });
 
+
+  nwdiag = buildPythonPackage rec {
+    name = "nwdiag-0.9.4";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/n/nwdiag/${name}.tar.gz";
+      md5 = "199b22f66ec3012c3999177d376a3842";
+    };
+
+    buildInputs = [ pep8 nose unittest2 docutils ];
+
+    propagatedBuildInputs = [ blockdiag ];
+
+    # tests fail
+    doCheck = false;
+
+    meta = with stdenv.lib; {
+      description = "Generate network-diagram image from spec-text file (similar to Graphviz)";
+      homepage = http://blockdiag.com/;
+      license = licenses.asl20;
+      platforms = platforms.linux;
+      maintainers = [ maintainers.bjornfor ];
+    };
+  };
+
+
   oauth2 = buildPythonPackage (rec {
     name = "oauth2-1.5.211";
 
@@ -3613,11 +4015,11 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   });
 
   pandas = buildPythonPackage rec {
-    name = "pandas-0.11.0";
+    name = "pandas-0.12.0";
 
     src = fetchurl {
       url = "https://pypi.python.org/packages/source/p/pandas/${name}.tar.gz";
-      sha256 = "1mwh783hcch6lywgjayj8aqmbfv6n8fd2qbf1xlwqk2913ad8x2d";
+      sha256 = "0vf865wh1kcq33189ykqgngb25nxhxxch6skfdl3c6w024v4r6xy";
     };
 
     buildInputs = [ nose ];
@@ -3636,33 +4038,29 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
   paramiko = buildPythonPackage rec {
-    name = "paramiko-1.11.0";
+    name = "paramiko-1.12.0";
 
     src = fetchurl {
       url = "http://pypi.python.org/packages/source/p/paramiko/${name}.tar.gz";
-      md5 = "a2c55dc04904bd08d984533703177084";
+      md5 = "4187f77b1a5a313c899993930e30c321";
     };
 
-    propagatedBuildInputs = [ pycrypto ];
+    propagatedBuildInputs = [ pycrypto ecdsa ];
 
     checkPhase = "python test.py";
 
     meta = {
-      homepage = "http://www.lag.net/paramiko/";
-      description = "SSH2 protocol for python";
-      license = "LGPL";
+      homepage = "https://github.com/paramiko/paramiko/";
+      description = "Native Python SSHv2 protocol library";
+      license = stdenv.lib.licenses.lgpl21Plus;
+      maintainers = [ stdenv.lib.maintainers.aszlig ];
 
       longDescription = ''
-        paramiko is a module for python 2.2 (or higher) that implements the
-        SSH2 protocol for secure (encrypted and authenticated) connections to
-        remote machines. unlike SSL (aka TLS), SSH2 protocol does not require
-        heirarchical certificates signed by a powerful central authority. you
-        may know SSH2 as the protocol that replaced telnet and rsh for secure
-        access to remote shells, but the protocol also includes the ability
-        to open arbitrary channels to remote services across the encrypted
-        tunnel -- this is how sftp works, for example.  it is written
-        entirely in python (no C or platform-dependent code) and is released
-        under the GNU LGPL (lesser GPL).  '';
+        This is a library for making SSH2 connections (client or server).
+        Emphasis is on using SSH2 as an alternative to SSL for making secure
+        connections between python scripts. All major ciphers and hash methods
+        are supported. SFTP client and server mode are both supported too.
+      '';
     };
   };
 
@@ -3793,14 +4191,16 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
-  pip = buildPythonPackage {
-    name = "pip-1.2.1";
+  pip = buildPythonPackage rec {
+    version = "1.4.1";
+    name = "pip-${version}";
     src = fetchurl {
-      url = "http://pypi.python.org/packages/source/p/pip/pip-1.2.1.tar.gz";
-      md5 = "db8a6d8a4564d3dc7f337ebed67b1a85";
+      url = "http://pypi.python.org/packages/source/p/pip/pip-${version}.tar.gz";
+      sha256 = "0knhj3c1nqqzxgqin8l0gzy6nzsbcxinyr0cbp1j99hi8xahcyjf";
     };
     buildInputs = [ mock scripttest virtualenv nose ];
     # ValueError: Working directory tests not found, or not a directory
+    # see https://github.com/pypa/pip/issues/92
     doCheck = false;
   };
 
@@ -3959,13 +4359,16 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
 
   psutil = buildPythonPackage rec {
-    name = "psutil-0.6.1";
+    name = "psutil-1.0.1";
 
     src = fetchurl {
       url = "http://psutil.googlecode.com/files/${name}.tar.gz";
-      sha256 = "0vqarv63jqzghr4fi1fqdbvg847fq2gqdj8dzc3x59f9b36a8rfn";
+      sha256 = "1zrzh7hi0f79sf9axwrw3c2kl86qs72kvx8xbbrdwlp39rfa1i1f";
     };
 
+    # failed tests: https://code.google.com/p/psutil/issues/detail?id=434
+    doCheck = false;
+
     meta = {
       description = "Process and system utilization information interface for python";
       homepage = http://code.google.com/p/psutil/;
@@ -4111,13 +4514,13 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
 
   pyblock = stdenv.mkDerivation rec {
-    name = "python-pyblock-${version}";
-    version = "0.52-1";
+    name = "pyblock-${version}";
+    version = "0.53";
 
-    src = fetchurl {
-      url = "https://git.fedorahosted.org/cgit/pyblock.git/snapshot/"
-          + "pyblock-${version}.tar.bz2";
-      sha256 = "1jj5hd1dcr8xx00rg3jynsf4ak88wwr5id3fmb0qf6zvim1whj7l";
+    src = fetchurl rec {
+      url = "http://pkgs.fedoraproject.org/repo/pkgs/python-pyblock/"
+          + "${name}.tar.bz2/${md5}/${name}.tar.bz2";
+      md5 = "f6d33a8362dee358517d0a9e2ebdd044";
     };
 
     postPatch = ''
@@ -4200,6 +4603,9 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       sha256 = "0mhg7f9y5zl0m2xgz3rf1yqjd6l8n0qhfk7bpf36r44jfnhj75ld";
     };
 
+    # error: (6, "Couldn't resolve host 'h.wrttn.me'")
+    doCheck = false;
+
     buildInputs = [ pkgs.curl simplejson unittest2 nose ];
 
     meta = {
@@ -4279,6 +4685,7 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       homepage = "http://www.pyglet.org/";
       description = "A cross-platform windowing and multimedia library";
       license = stdenv.lib.licenses.bsd3;
+      platforms = stdenv.lib.platforms.mesaPlatforms;
     };
   };
 
@@ -4346,12 +4753,12 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
   pykickstart = buildPythonPackage rec {
     name = "pykickstart-${version}";
-    version = "1.99.32-1";
+    version = "1.99.39";
 
-    src = fetchurl {
-      url = "https://git.fedorahosted.org/cgit/pykickstart.git/snapshot/"
-          + "r${version}.tar.bz2";
-      sha256 = "1sq68jvc39k9wrkcc4xlabhwi8gdz019yh2k5nrl7ya35b8daqw0";
+    src = fetchurl rec {
+      url = "http://pkgs.fedoraproject.org/repo/pkgs/pykickstart/"
+          + "${name}.tar.gz/${md5}/${name}.tar.gz";
+      md5 = "d249f60aa89b1b4facd63f776925116d";
     };
 
     postPatch = ''
@@ -4446,7 +4853,8 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     meta = {
       homepage = "https://fedorahosted.org/pyparted/";
       description = "Python interface for libparted";
-      license = pkgs.lib.licenses.gpl2Plus;
+      license = stdenv.lib.licenses.gpl2Plus;
+      platforms = stdenv.lib.platforms.linux;
     };
   };
 
@@ -4502,6 +4910,7 @@ pythonPackages = modules // import ./python-packages-generated.nix {
       homepage = "http://pyudev.readthedocs.org/";
       description = "Pure Python libudev binding";
       license = stdenv.lib.licenses.lgpl21Plus;
+      platforms = stdenv.lib.platforms.linux;
     };
   };
 
@@ -4625,6 +5034,7 @@ pythonPackages = modules // import ./python-packages-generated.nix {
           '';
 
           license = "BSD-style";
+          platforms = stdenv.lib.platforms.mesaPlatforms;
         };
       };
 
@@ -4826,6 +5236,27 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   });
 
 
+  pywebkitgtk = stdenv.mkDerivation rec {
+    name = "pywebkitgtk-${version}";
+    version = "1.1.8";
+
+    src = fetchurl {
+      url = "http://pywebkitgtk.googlecode.com/files/${name}.tar.bz2";
+      sha256 = "1svlwyl61rvbqbcbalkg6pbf38yjyv7qkq9sx4x35yk69lscaac2";
+    };
+
+    buildInputs = with pkgs; [
+      pkgconfig python gtk2 pygtk libxml2 libxslt libsoup webkit_gtk2 icu
+    ];
+
+    meta = {
+      homepage = "https://code.google.com/p/pywebkitgtk/";
+      description = "Python bindings for the WebKit GTK+ port";
+      license = stdenv.lib.licenses.lgpl2Plus;
+    };
+  };
+
+
   pyxattr = buildPythonPackage (rec {
     name = "pyxattr-0.5.1";
 
@@ -4934,6 +5365,37 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  qutip = buildPythonPackage rec {
+    name = "qutip-2.2.0";
+
+    src = fetchurl {
+      url = "https://qutip.googlecode.com/files/QuTiP-2.2.0.tar.gz";
+      sha1 = "76ba4991322a991d580e78a197adc80d58bd5fb3";
+    };
+
+    propagatedBuildInputs = [ numpy scipy matplotlib pkgs.pyqt4
+      pkgs.cython ];
+
+    buildInputs = with pkgs; [ gcc qt4 blas ] ++ [ nose ];
+
+    meta = {
+      description = "QuTiP - Quantum Toolbox in Python";
+      longDescription = ''
+        QuTiP is open-source software for simulating the dynamics of
+        open quantum systems. The QuTiP library depends on the
+        excellent Numpy and Scipy numerical packages. In addition,
+        graphical output is provided by Matplotlib. QuTiP aims to
+        provide user-friendly and efficient numerical simulations of a
+        wide variety of Hamiltonians, including those with arbitrary
+        time-dependence, commonly found in a wide range of physics
+        applications such as quantum optics, trapped ions,
+        superconducting circuits, and quantum nanomechanical
+        resonators.
+      '';
+      homepage = http://qutip.org/;
+    };
+  };
+
   requests_oauth2 = buildPythonPackage rec {
     name = "requests-oauth2-0.1.1";
 
@@ -5058,12 +5520,39 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  seqdiag = buildPythonPackage rec {
+    name = "seqdiag-0.8.2";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/s/seqdiag/${name}.tar.gz";
+      md5 = "61b3da29b5efaa89701b4db6d2d4d5fa";
+    };
+
+    buildInputs = [ pep8 nose unittest2 docutils ];
+
+    propagatedBuildInputs = [ blockdiag ];
+
+    # Some tests fail (because of missing input files?):
+    #   ...
+    #   IOError: [Errno 2] No such file or directory: '/tmp/nix-build-python2.7-seqdiag-0.8.2.drv-0/seqdiag-0.8.2/src/seqdiag/tests/diagrams/separators.diag'
+    doCheck = false;
+
+    meta = with stdenv.lib; {
+      description = "Generate sequence-diagram image from spec-text file (similar to Graphviz)";
+      homepage = http://blockdiag.com/;
+      license = licenses.asl20;
+      platforms = platforms.linux;
+      maintainers = [ maintainers.bjornfor ];
+    };
+  };
+
+
   scipy = buildPythonPackage rec {
-    name = "scipy-0.9.0";
+    name = "scipy-0.12.0";
 
     src = fetchurl {
       url = "http://pypi.python.org/packages/source/s/scipy/${name}.tar.gz";
-      md5 = "ebfef6e8e82d15c875a4ee6a46d4e1cd";
+      md5 = "8fb4da324649f655e8557ea92b998786";
     };
 
     buildInputs = [pkgs.gfortran];
@@ -5105,10 +5594,10 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
   selenium =
     buildPythonPackage rec {
-      name = "selenium-2.25.0";
+      name = "selenium-2.35.0";
       src = pkgs.fetchurl {
-        url = http://pypi.python.org/packages/source/s/selenium/selenium-2.25.0.tar.gz;
-        sha256 = "0iinpry1vr4dydh44sc0ny22sa9fqhy2302hf56pf8fakvza9m0a";
+        url = "http://pypi.python.org/packages/source/s/selenium/${name}.tar.gz";
+        sha256 = "0c8apd538ji8kmryvcdiz0dndf33mnf8wzpp9k8zmkpmfdfcwnk0";
       };
 
       buildInputs = [pkgs.xlibs.libX11];
@@ -5126,7 +5615,11 @@ pythonPackages = modules // import ./python-packages-generated.nix {
         cp "${x_ignore_nofocus}/"* .
         sed -i 's|dlopen(library,|dlopen("libX11.so.6",|' x_ignore_nofocus.c
         gcc -c -fPIC x_ignore_nofocus.c -o x_ignore_nofocus.o
-        gcc -shared -Wl,-soname,x_ignore_nofocus.so -o x_ignore_nofocus.so  x_ignore_nofocus.o
+        gcc -shared \
+          -Wl,${if stdenv.isDarwin then "-install_name" else "-soname"},x_ignore_nofocus.so \
+          -o x_ignore_nofocus.so \
+          x_ignore_nofocus.o \
+          ${if stdenv.isDarwin then "-lx11" else ""}
         cp -v x_ignore_nofocus.so py/selenium/webdriver/firefox/${if pkgs.stdenv.is64bit then "amd64" else "x86"}/
       '';
     };
@@ -5198,6 +5691,135 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   });
 
+  sigal = buildPythonPackage rec {
+    name = "sigal-0.5.0";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/s/sigal/${name}.tar.gz";
+      md5 = "93c93725674c0702583a638f5a09c9e4";
+    };
+
+    propagatedBuildInputs = [ jinja2 markdown pillow pilkit clint argh ];
+
+    meta = with stdenv.lib; {
+      description = "Yet another simple static gallery generator";
+      homepage = http://sigal.saimon.org/en/latest/index.html;
+      license = licenses.mit;
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
+
+  sympy = buildPythonPackage rec {
+    name = "sympy-0.7.3";
+
+    src = fetchurl {
+      url    = "https://github.com/sympy/sympy/releases/download/${name}/${name}.tar.gz";
+      sha256 = "081g9gs2d1d41ipn8zr034d98cnrxvc4zsmihqmfwzirwzpcii5x";
+    };
+
+    meta = with stdenv.lib; {
+      description = "A Python library for symbolic mathematics";
+      homepage    = http://www.sympy.org/;
+      license     = "free";
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+  };
+
+  pilkit = buildPythonPackage rec {
+    name = "pilkit-1.1.4";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/p/pilkit/${name}.tar.gz";
+      md5 = "659dd67440f4b576889f2cd350f43d7b";
+    };
+
+    preConfigure = ''
+      substituteInPlace setup.py --replace 'nose==1.2.1' 'nose'
+    '';
+
+    # tests fail, see https://github.com/matthewwithanm/pilkit/issues/9
+    doCheck = false;
+
+    buildInputs = [ pillow nose_progressive nose mock blessings ];
+
+    meta = with stdenv.lib; {
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
+
+  clint = buildPythonPackage rec {
+    name = "clint-0.3.1";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/c/clint/${name}.tar.gz";
+      md5 = "7dcd43fb08bfb84c7d63e9356ada7b73";
+    };
+
+    checkPhase = ''
+      nosetests
+    '';
+
+    buildInputs = [ pillow nose_progressive nose mock blessings nose ];
+
+    meta = with stdenv.lib; {
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
+
+  argh = buildPythonPackage rec {
+    name = "argh-0.23.3";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/a/argh/${name}.tar.gz";
+      md5 = "25bb02c6552b42875f2c36714e0ff16c";
+    };
+
+    preCheck = ''
+      export LANG="en_US.UTF-8"
+      export LOCALE_ARCHIVE=${pkgs.glibcLocales}/lib/locale/locale-archive
+    '';
+
+    buildInputs = [ pytest py mock ];
+
+    meta = with stdenv.lib; {
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
+
+  nose_progressive = buildPythonPackage rec {
+    name = "nose-progressive-1.3";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/n/nose-progressive/${name}.tar.gz";
+      md5 = "180be93929c5962044a35489f193259d";
+    };
+
+    buildInputs = [ pillow blessings nose ];
+    propagatedBuildInputs = [ modules.curses ];
+
+    meta = with stdenv.lib; {
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
+
+  blessings = buildPythonPackage rec {
+    name = "blessings-1.5.1";
+
+    src = fetchurl {
+      url = "http://pypi.python.org/packages/source/b/blessings/${name}.tar.gz";
+      md5 = "fbbddbf20b1f9a13e3fa612b1e086fd8";
+    };
+
+    # 4 failing tests
+    doCheck = false; 
+
+    buildInputs = [ nose modules.curses ];
+
+    meta = with stdenv.lib; {
+      maintainers = [ maintainers.iElectric ];
+    };
+  };
 
   sexpdata = buildPythonPackage rec {
     name = "sexpdata-0.0.2";
@@ -5337,6 +5959,44 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   });
 
 
+  sphinxcontrib_httpdomain = buildPythonPackage (rec {
+    name = "sphinxcontrib-httpdomain-1.1.9";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/s/sphinxcontrib-httpdomain/${name}.tar.gz";
+      md5 = "0f63aea612cc9e0b55a6c39e5b0f87b7";
+    };
+
+    propagatedBuildInputs = [sphinx];
+
+    meta = {
+      description = "Provides a Sphinx domain for describing RESTful HTTP APIs";
+
+      homepage = http://bitbucket.org/birkenfeld/sphinx-contrib;
+
+      license = "BSD";
+    };
+  });
+
+
+  sphinx_pypi_upload = buildPythonPackage (rec {
+    name = "Sphinx-PyPI-upload-0.2.1";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/S/Sphinx-PyPI-upload/${name}.tar.gz";
+      md5 = "b9f1df5c8443197e4d49abbba1cfddc4";
+    };
+
+    meta = {
+      description = "Setuptools command for uploading Sphinx documentation to PyPI";
+
+      homepage = http://bitbucket.org/jezdez/sphinx-pypi-upload/;
+
+      license = "BSD";
+    };
+  });
+
+
   sqlalchemy = buildPythonPackage rec {
     name = "sqlalchemy-${version}";
     version = "0.7.10";
@@ -5363,6 +6023,49 @@ pythonPackages = modules // import ./python-packages-generated.nix {
   };
 
 
+  sqlalchemy8 = buildPythonPackage rec {
+    name = "SQLAlchemy-${version}";
+    version = "0.8.2";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/S/SQLAlchemy/${name}.tar.gz";
+      md5 = "5a33fb43dea93468dbb2a6562ee80b54";
+    };
+
+    buildInputs = [ nose mock ];
+
+    propagatedBuildInputs = [ modules.sqlite3 ];
+
+    meta = {
+      homepage = http://www.sqlalchemy.org/;
+      description = "A Python SQL toolkit and Object Relational Mapper";
+    };
+  };
+
+
+  sqlalchemy_imageattach = buildPythonPackage rec {
+    name = "SQLAlchemy-ImageAttach-${version}";
+    version = "0.8.1";
+
+    src = fetchgit {
+      url = https://github.com/crosspop/sqlalchemy-imageattach.git;
+      rev = "refs/tags/${version}";
+      md5 = "051dd9de0757714d33c3ecd5ab37b97d";
+    };
+
+    buildInputs = [ pytest webob pkgs.imagemagick ];
+    propagatedBuildInputs = [ sqlalchemy8 wand ];
+
+    checkPhase = "cd tests && LD_LIBRARY_PATH=${pkgs.imagemagick}/lib py.test";
+
+    meta = {
+      homepage = https://github.com/crosspop/sqlalchemy-imageattach;
+      description = "SQLAlchemy extension for attaching images to entity objects";
+      license = pkgs.lib.licenses.mit;
+    };
+  };
+
+
   sqlalchemy_migrate = buildPythonPackage rec {
     name = "sqlalchemy-migrate-0.6.1";
 
@@ -5389,6 +6092,26 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+
+  statd = buildPythonPackage rec {
+    name = "python-statsd-${version}";
+    version = "1.6.0";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/p/python-statsd/${name}.tar.gz";
+      md5 = "3a0c71a160b504b843703c3041c7d7fb";
+    };
+
+    buildInputs = [ mock nose coverage ];
+
+    meta = {
+      description = "A client for Etsy's node-js statsd server";
+      homepage = https://github.com/WoLpH/python-statsd;
+      license = pkgs.lib.licenses.bsd3;
+    };
+  };
+
+
   stompclient = buildPythonPackage (rec {
     name = "stompclient-0.3.2";
 
@@ -5802,6 +6525,45 @@ pythonPackages = modules // import ./python-packages-generated.nix {
     };
   };
 
+
+  webcolors = buildPythonPackage rec {
+    name = "webcolors-1.4";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/w/webcolors/${name}.tar.gz";
+      md5 = "35de9d785b5c04a9cc66a2eae0519254";
+    };
+
+    # error: invalid command 'test'
+    doCheck = false;
+
+    meta = with stdenv.lib; {
+      description = "Library for working with color names/values defined by the HTML and CSS specifications";
+      homepage = https://bitbucket.org/ubernostrum/webcolors/overview/;
+      license = licenses.bsd3;
+      platforms = platforms.linux;
+    };
+  };
+
+
+  wand = buildPythonPackage rec {
+    name = "Wand-0.3.5";
+
+    src = fetchurl {
+      url = "https://pypi.python.org/packages/source/W/Wand/${name}.tar.gz";
+      md5 = "10bab03bf86ce8da2a95a3b15197ae2e";
+    };
+
+    buildInputs = [ pkgs.imagemagick pytest psutil memory_profiler pytest_xdist ];
+
+    meta = {
+      description = "Ctypes-based simple MagickWand API binding for Python";
+      homepage = http://wand-py.org/;
+      platforms = stdenv.lib.platforms.all;
+    };
+  };
+
+
   webob = buildPythonPackage rec {
     version = "1.2.3";
     name = "webob-${version}";
@@ -7018,16 +7780,15 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 } // pkgs.lib.optionalAttrs (python.majorVersion == "2.7") {
 
   pypi2nix = pythonPackages.buildPythonPackage rec {
-    rev = "e85eb9e75e7290c17e89822d6a5c1c52c1b59269";
+    rev = "04a68d8577acbceb88bdf51b1231a9dbdead7003";
     name = "pypi2nix-1.0_${rev}";
 
     src = pkgs.fetchurl {
       url = "https://github.com/garbas/pypi2nix/tarball/${rev}";
       name = "${name}.tar.bz";
-      sha256 = "0wk9019pgpc2467819cz98fdvihjkpihlh1yywfxlvn04ymb315q";
+      sha256 = "1fv85x2bz442iyxsvka2g75zibjcq48gp2fc7szaqcfqxq42syy9";
     };
 
-    propagatedBuildInputs = [ pythonPackages."Distutils2-1.0a4" ];
     doCheck = false;
 
     meta = {
diff --git a/pkgs/top-level/r-packages.nix b/pkgs/top-level/r-packages.nix
new file mode 100644
index 000000000000..8280b6c2d53c
--- /dev/null
+++ b/pkgs/top-level/r-packages.nix
@@ -0,0 +1,246 @@
+/* This file defines the composition for CRAN (R) packages. */
+
+{pkgs, __overrides}:
+
+rec {
+
+  inherit (pkgs) buildRPackage fetchurl stdenv R;
+
+  inherit (stdenv.lib) maintainers;
+
+  inherit __overrides;
+
+  abind = buildRPackage rec {
+    name = "abind-1.4-0";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/abind_1.4-0.tar.gz";
+      sha256 = "1b9634bf6ad68022338d71a23a689f1af4afd9d6c12c0b982b88fc21363ff568";
+    };
+  };
+
+  chron = buildRPackage rec {
+    name = "chron-2.3-44";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/chron_2.3-44.tar.gz";
+      sha256 = "ba7d46223e615b4d09145a364a4c37ccff718384486ca154a6e025cf3ed91148";
+    };
+  };
+
+  colorspace = buildRPackage rec {
+    name = "colorspace-1.2-2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/colorspace_1.2-2.tar.gz";
+      sha256 = "7f6ca98e5d005bc7d6e37b03577d65995809150d1d293ce68b6720e7a6b2054d";
+    };
+  };
+
+  DBI = buildRPackage rec {
+    name = "DBI-0.2-7";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/DBI_0.2-7.tar.gz";
+      sha256 = "e90a988740f99060d5c4aacb1f2b148b0eb81c5b468bafeadf3aaeccf563b5e3";
+    };
+  };
+
+  dichromat = buildRPackage rec {
+    name = "dichromat-2.0-0";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/dichromat_2.0-0.tar.gz";
+      sha256 = "31151eaf36f70bdc1172da5ff5088ee51cc0a3db4ead59c7c38c25316d580dd1";
+    };
+  };
+
+  digest = buildRPackage rec {
+    name = "digest-0.6.3";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/digest_0.6.3.tar.gz";
+      sha256 = "5be8f1386c0c273fcc915df7b557393c5f3de43c44fd16614db9cc5ba6d1d57c";
+    };
+  };
+
+  ggplot2 = buildRPackage rec {
+    name = "ggplot2-0.9.3.1";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/ggplot2_0.9.3.1.tar.gz";
+      sha256 = "b4c97404fd44571f9980712af963949ed204b5d4e639d97df9ba9a17423a6601";
+    };
+    propagatedBuildInputs = [ digest plyr gtable reshape2 scales proto ];
+  };
+
+  gtable = buildRPackage rec {
+    name = "gtable-0.1.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/gtable_0.1.2.tar.gz";
+      sha256 = "b08ba8e62e0ce05e7a4c07ba3ffa67719161db62438b04f14343f8928d74304d";
+    };
+  };
+
+  gtools = buildRPackage rec {
+    name = "gtools-3.0.0";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/gtools_3.0.0.tar.gz";
+      sha256 = "e35f08ac9df875b57dcf23028baa226372d7482d7814a011f9b1fdd0697ee73c";
+    };
+  };
+
+  gsubfn = buildRPackage rec {
+    name = "gsubfn-0.6-5";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/gsubfn_0.6-5.tar.gz";
+      sha256 = "9a7b51ae6aabd1c99e8633d3dc75232d8c4a175df750c7d1c359bd0f5fc197be";
+    };
+    propagatedBuildInputs = [ proto ];
+  };
+
+  labeling = buildRPackage rec {
+    name = "labeling-0.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/labeling_0.2.tar.gz";
+      sha256 = "8aaa7f8b91923088da4e47ae42620fadcff7f2bc566064c63d138e2145e38aa4";
+    };
+  };
+
+  lars = buildRPackage rec {
+    name = "lars-1.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/lars_1.2.tar.gz";
+      sha256 = "64745b568f20b2cfdae3dad02fba92ebf78ffee466a71aaaafd4f48c3921922e";
+    };
+  };
+
+  LiblineaR = buildRPackage rec {
+    name = "LiblineaR-1.80-7";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/LiblineaR_1.80-7.tar.gz";
+      sha256 = "9ba0280c5165bf0bbd46cb5ec7c66fdece38fc3f73fce2ec800763923ae8e4bd";
+    };
+  };
+
+  linprog = buildRPackage rec {
+    name = "linprog-0.9-2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/linprog_0.9-2.tar.gz";
+      sha256 = "8937b2e30692e38de1713f1513b78f505f73da6f5b4a576d151ad60bac2221ce";
+    };
+    propagatedBuildInputs = [ lpSolve ];
+  };
+
+  lpSolve = buildRPackage rec {
+    name = "lpSolve-5.6.7";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/lpSolve_5.6.7.tar.gz";
+      sha256 = "16def9237f38c4d7a59651173fd87df3cd3c563f640c6952e13bdd2a084737ef";
+    };
+  };
+
+  munsell = buildRPackage rec {
+    name = "munsell-0.4.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/munsell_0.4.2.tar.gz";
+      sha256 = "84e787f58f626c52a1e3fc1201f724835dfa8023358bfed742e7001441f425ae";
+    };
+    propagatedBuildInputs = [ colorspace ];
+  };
+
+  pamr = buildRPackage rec {
+    name = "pamr-1.54.1";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/pamr_1.54.1.tar.gz";
+      sha256 = "139dbc39b4eccd6a55b6a3c42a1c8be61dcce0613535a634c3e42731fc315516";
+    };
+  };
+
+  penalized = buildRPackage rec {
+    name = "penalized-0.9-42";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/penalized_0.9-42.tar.gz";
+      sha256 = "98e8e39b02ecbabaa7050211e34941c73e1e687f39250cf3cbacb7c5dcbb1e98";
+    };
+  };
+
+  plyr = buildRPackage rec {
+    name = "plyr-1.8";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/plyr_1.8.tar.gz";
+      sha256 = "0bd6861af241e6c5ce777ef3f1b0eb72b31cc026669a68f6250b8ecfadf71a66";
+    };
+  };
+
+  proto = buildRPackage rec {
+    name = "proto-0.3-10";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/proto_0.3-10.tar.gz";
+      sha256 = "d0d941bfbf247879b3510c8ef3e35853b1fbe83ff3ce952e93d3f8244afcbb0e";
+    };
+  };
+
+  randomForest = buildRPackage rec {
+    name = "randomForest-4.6-7";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/randomForest_4.6-7.tar.gz";
+      sha256 = "8206e88b242c07efc10f148d17dfcc265a31361e1bcf44bfe17aed95c357be0b";
+    };
+    propagatedBuildInputs = [ plyr stringr ];
+  };
+
+  reshape2 = buildRPackage rec {
+    name = "reshape2-1.2.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/reshape2_1.2.2.tar.gz";
+      sha256 = "9131025b8f684e1629ab3e2748d4cf2b907b7c89cfbff667c925bc0fb5dfc103";
+    };
+    propagatedBuildInputs = [ plyr stringr ];
+  };
+
+  RColorBrewer = buildRPackage rec {
+    name = "RColorBrewer-1.0-5";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/RColorBrewer_1.0-5.tar.gz";
+      sha256 = "5ac1c44c1a53f9521134e7ed7c148c72e49271cbd229c5263d2d7fd91c8b8e78";
+    };
+  };
+
+  RSQLite = buildRPackage rec {
+    name = "RSQlite-0.11.4";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/RSQLite_0.11.4.tar.gz";
+      sha256 = "bba0cbf2a1a3120d667a731da1ca5b9bd4db23b813e1abf6f51fb01540c2000c";
+    };
+    propagatedBuildInputs = [ DBI ];
+  };
+
+  RSQLiteExtfuns = buildRPackage rec {
+    name = "RSQlite.extfuns-0.0.1";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/RSQLite.extfuns_0.0.1.tar.gz";
+      sha256 = "ca5c7947c041e17ba83bed3f5866f7eeb9b7f361e5c050c9b58eec5670f03d0e";
+    };
+    propagatedBuildInputs = [ RSQLite ];
+  };
+
+  scales = buildRPackage rec {
+    name = "scales-0.2.3";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/scales_0.2.3.tar.gz";
+      sha256 = "46aef8eb261abc39f87b71184e5484bc8c2c94e01d3714ce4b2fd60727bc40d9";
+    };
+    propagatedBuildInputs = [ RColorBrewer stringr dichromat munsell plyr labeling ];
+  };
+
+  stringr = buildRPackage rec {
+    name = "stringr-0.6.2";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/stringr_0.6.2.tar.gz";
+      sha256 = "c3fc9c71d060ad592d2cfc51c36ab2f8e5f8cf9a25dfe42c637447dd416b6737";
+    };
+  };
+
+  sqldf = buildRPackage rec {
+    name = "sqldf-0.4-6.4";
+    src = fetchurl {
+      url = "mirror://cran/src/contrib/sqldf_0.4-6.4.tar.gz";
+      sha256 = "6c51e4e48b93310f765c661a1756fe068629da775248d38a98c38f5b6f7511c4";
+    };
+    propagatedBuildInputs = [ DBI gsubfn proto chron RSQLite RSQLiteExtfuns ];
+  };
+}
diff --git a/pkgs/top-level/release-python.nix b/pkgs/top-level/release-python.nix
index 1de3a8aff8bd..2453712584ac 100644
--- a/pkgs/top-level/release-python.nix
+++ b/pkgs/top-level/release-python.nix
@@ -1166,7 +1166,6 @@ let
   monodoc = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
   monotone = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
   monotoneViz = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
-  mountall = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
   mozart = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
   mozilla = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
   mozplugger = { type = "job"; systems = ["x86_64-linux"]; schedulingPriority = 4; };
diff --git a/pkgs/top-level/release-small.nix b/pkgs/top-level/release-small.nix
index d03e3e7ea3b2..2143337c4851 100644
--- a/pkgs/top-level/release-small.nix
+++ b/pkgs/top-level/release-small.nix
@@ -158,7 +158,6 @@ with import ./release-lib.nix { supportedSystems = [ "x86_64-linux" ]; };
   sharutils = all;
   sloccount = allBut "i686-cygwin";
   smartmontools = all;
-  splashutils = linux;
   sqlite = allBut "i686-cygwin";
   squid = linux;
   ssmtp = linux;
diff --git a/pkgs/top-level/release.nix b/pkgs/top-level/release.nix
index 1aae2ce4ee23..87b63e33891f 100644
--- a/pkgs/top-level/release.nix
+++ b/pkgs/top-level/release.nix
@@ -218,8 +218,6 @@ let
       ncat = linux;
       netcat = all;
       nfsUtils = linux;
-      nix = all;
-      nixUnstable = all;
       nmap = linux;
       nss_ldap = linux;
       nssmdns = linux;
@@ -273,7 +271,6 @@ let
       sloccount = allBut "i686-cygwin";
       smartmontools = linux;
       spidermonkey = linux;
-      splashutils = linux;
       sqlite = allBut "i686-cygwin";
       squid = linux;
       ssmtp = linux;