13 files changed, 90 insertions, 23 deletions
diff --git a/nixos/modules/config/networking.nix b/nixos/modules/config/networking.nix
index 0c4f4cbfa5c6..8a2e630a917a 100644
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@@ -11,6 +11,9 @@ let
                    config.services.dnsmasq.resolveLocalQueries;
   hasLocalResolver = config.services.bind.enable || dnsmasqResolve;
 
+  resolvconfOptions = cfg.resolvconfOptions
+    ++ optional cfg.dnsSingleRequest "single-request"
+    ++ optional cfg.dnsExtensionMechanism "ends0";
 in
 
 {
@@ -59,6 +62,14 @@ in
       '';
     };
 
+    networking.resolvconfOptions = lib.mkOption {
+      type = types.listOf types.str;
+      default = [];
+      example = [ "ndots:1" "rotate" ];
+      description = ''
+        Set the options in <filename>/etc/resolv.conf</filename>.
+      '';
+    };
 
     networking.proxy = {
 
@@ -171,12 +182,9 @@ in
               # Invalidate the nscd cache whenever resolv.conf is
               # regenerated.
               libc_restart='${pkgs.systemd}/bin/systemctl try-restart --no-block nscd.service 2> /dev/null'
-            '' + optionalString cfg.dnsSingleRequest ''
-              # only send one DNS request at a time
-              resolv_conf_options+=' single-request'
-            '' + optionalString cfg.dnsExtensionMechanism ''
-              # enable extension mechanisms for DNS
-              resolv_conf_options+=' edns0'
+            '' + optionalString (length resolvconfOptions > 0) ''
+              # Options as described in resolv.conf(5)
+              resolv_conf_options='${concatStringsSep " " resolvconfOptions}'
             '' + optionalString hasLocalResolver ''
               # This hosts runs a full-blown DNS resolver.
               name_servers='127.0.0.1'
diff --git a/nixos/modules/installer/cd-dvd/iso-image.nix b/nixos/modules/installer/cd-dvd/iso-image.nix
index bdb3c227ecc8..4fc8bf5428f8 100644
--- a/nixos/modules/installer/cd-dvd/iso-image.nix
+++ b/nixos/modules/installer/cd-dvd/iso-image.nix
@@ -64,7 +64,7 @@ let
   # The EFI boot image.
   efiDir = pkgs.runCommand "efi-directory" {} ''
     mkdir -p $out/EFI/boot
-    cp -v ${pkgs.gummiboot}/lib/gummiboot/gummiboot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi
+    cp -v ${pkgs.systemd}/lib/systemd/boot/efi/systemd-boot${targetArch}.efi $out/EFI/boot/boot${targetArch}.efi
     mkdir -p $out/loader/entries
 
     echo "title NixOS Live CD" > $out/loader/entries/nixos-livecd.conf
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 149062a6b332..d421167c859c 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -268,6 +268,7 @@
       sniproxy = 244;
       nzbget = 245;
       mosquitto = 246;
+      toxvpn = 247;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
@@ -506,6 +507,7 @@
       sniproxy = 244;
       nzbget = 245;
       mosquitto = 246;
+      #toxvpn = 247; # unused
 
       # When adding a gid, make sure it doesn't match an existing
       # uid. Users and groups with the same name should have equal
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 6003b4b2dd6e..3944d7114c0b 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -399,6 +399,7 @@
   ./services/networking/tftpd.nix
   ./services/networking/tlsdated.nix
   ./services/networking/tox-bootstrapd.nix
+  ./services/networking/toxvpn.nix
   ./services/networking/tvheadend.nix
   ./services/networking/unbound.nix
   ./services/networking/unifi.nix
diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index ad8836f40094..ee38a42199ee 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -40,7 +40,7 @@ in
         defaultText = "pkgs.slurm-llnl";
         example = literalExample "pkgs.slurm-llnl-full";
         description = ''
-          The packge to use for slurm binaries.
+          The package to use for slurm binaries.
         '';
       };
 
@@ -111,7 +111,7 @@ in
         builder = pkgs.writeText "builder.sh" ''
           source $stdenv/setup
           mkdir -p $out/bin
-          find  ${cfg.package}/bin -type f -executable | while read EXE
+          find  ${getBin cfg.package}/bin -type f -executable | while read EXE
           do
             exename="$(basename $EXE)"
             wrappername="$out/bin/$exename"
diff --git a/nixos/modules/services/networking/syncthing.nix b/nixos/modules/services/networking/syncthing.nix
index 514c17c6e5d2..ef05e71ce076 100644
--- a/nixos/modules/services/networking/syncthing.nix
+++ b/nixos/modules/services/networking/syncthing.nix
@@ -121,7 +121,7 @@ in
           User = cfg.user;
           Group = cfg.group;
           PermissionsStartOnly = true;
-          ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser -home=${cfg.dataDir}";
+          ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
         };
       };
     };
@@ -129,7 +129,7 @@ in
     systemd.user.services =  {
       syncthing = header // {
         serviceConfig = service // {
-          ExecStart = "${pkgs.syncthing}/bin/syncthing -no-browser";
+          ExecStart = "${cfg.package}/bin/syncthing -no-browser";
         };
       };
     };
diff --git a/nixos/modules/services/networking/toxvpn.nix b/nixos/modules/services/networking/toxvpn.nix
new file mode 100644
index 000000000000..c38424c8e273
--- /dev/null
+++ b/nixos/modules/services/networking/toxvpn.nix
@@ -0,0 +1,54 @@
+{ config, stdenv, pkgs, lib, ... }:
+
+with lib;
+
+{
+  options = {
+    services.toxvpn = {
+      enable = mkEnableOption "enable toxvpn running on startup";
+
+      localip = mkOption {
+        type        = types.string;
+        default     = "10.123.123.1";
+        description = "your ip on the vpn";
+      };
+
+      port = mkOption {
+        type        = types.int;
+        default     = 33445;
+        description = "udp port for toxcore, port-forward to help with connectivity if you run many nodes behind one NAT";
+      };
+    };
+  };
+
+  config = mkIf config.services.toxvpn.enable {
+    systemd.services.toxvpn = {
+      description = "toxvpn daemon";
+
+      requires = [ "network-online.target" ]; # consider replacing by NetworkManager-wait-online.service
+      wantedBy = [ "multi-user.target" ];
+
+      preStart = ''
+        mkdir -p /run/toxvpn || true
+        chown toxvpn /run/toxvpn
+      '';
+
+      serviceConfig = {
+        ExecStart = "${pkgs.toxvpn}/bin/toxvpn -i ${config.services.toxvpn.localip} -l /run/toxvpn/control -u toxvpn -p ${toString config.services.toxvpn.port}";
+        KillMode  = "process";
+        Restart   = "on-success";
+        Type      = "notify";
+      };
+
+      restartIfChanged = false; # Likely to be used for remote admin
+    };
+
+    users.extraUsers = {
+      toxvpn = {
+        uid        = config.ids.uids.toxvpn;
+        home       = "/var/lib/toxvpn";
+        createHome = true;
+      };
+    };
+  };
+}
diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix
index 726634e664d7..6043c904c450 100644
--- a/nixos/modules/system/boot/loader/efi.nix
+++ b/nixos/modules/system/boot/loader/efi.nix
@@ -4,19 +4,16 @@ with lib;
 
 {
   options.boot.loader.efi = {
+
     canTouchEfiVariables = mkOption {
       default = false;
-
       type = types.bool;
-
-      description = "Whether or not the installation process should modify efi boot variables.";
+      description = "Whether the installation process is allowed to modify EFI boot variables.";
     };
 
     efiSysMountPoint = mkOption {
       default = "/boot";
-
       type = types.str;
-
       description = "Where the EFI System Partition is mounted.";
     };
   };
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix
index 2e06a684f0cc..0640ec306e18 100644
--- a/nixos/modules/system/boot/loader/grub/grub.nix
+++ b/nixos/modules/system/boot/loader/grub/grub.nix
@@ -488,7 +488,7 @@ in
         }
         {
           assertion = if args.efiSysMountPoint == null then true else hasPrefix "/" args.efiSysMountPoint;
-          message = "Efi paths must be absolute, not ${args.efiSysMountPoint}";
+          message = "EFI paths must be absolute, not ${args.efiSysMountPoint}";
         }
       ] ++ flip map args.devices (device: {
         assertion = device == "nodev" || hasPrefix "/" device;
diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
index ef431a7732e1..c38af1b67f17 100644
--- a/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
+++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot-builder.py
@@ -88,16 +88,16 @@ def remove_old_entries(gens):
         if not path in known_paths:
             os.unlink(path)
 
-parser = argparse.ArgumentParser(description='Update NixOS-related gummiboot files')
+parser = argparse.ArgumentParser(description='Update NixOS-related systemd-boot files')
 parser.add_argument('default_config', metavar='DEFAULT-CONFIG', help='The default NixOS config to boot')
 args = parser.parse_args()
 
 # We deserve our own env var!
 if os.getenv("NIXOS_INSTALL_GRUB") == "1":
     if "@canTouchEfiVariables@" == "1":
-        subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "install"])
+        subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
     else:
-        subprocess.check_call(["@gummiboot@/bin/gummiboot", "--path=@efiSysMountPoint@", "--no-variables", "install"])
+        subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
 
 mkdir_p("@efiSysMountPoint@/efi/nixos")
 mkdir_p("@efiSysMountPoint@/loader/entries")
diff --git a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
index aec697da4a1a..2225df348762 100644
--- a/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
+++ b/nixos/modules/system/boot/loader/gummiboot/gummiboot.nix
@@ -12,7 +12,9 @@ let
 
     isExecutable = true;
 
-    inherit (pkgs) python gummiboot;
+    inherit (pkgs) python;
+
+    systemd = config.systemd.package;
 
     nix = config.nix.package.out;
 
@@ -27,7 +29,7 @@ in {
 
       type = types.bool;
 
-      description = "Whether to enable the gummiboot UEFI boot manager";
+      description = "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager";
     };
   };
 
diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index dc65e4940549..13ecb8e25ed5 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -309,6 +309,10 @@ in
             touch "$root/etc/os-release"
           fi
 
+          if ! [ -e "$root/etc/machine-id" ]; then
+            touch "$root/etc/machine-id"
+          fi
+
           mkdir -p -m 0755 \
             "/nix/var/nix/profiles/per-container/$INSTANCE" \
             "/nix/var/nix/gcroots/per-container/$INSTANCE"
diff --git a/nixos/tests/installer.nix b/nixos/tests/installer.nix
index 3fdf6510953e..44c7c738d555 100644
--- a/nixos/tests/installer.nix
+++ b/nixos/tests/installer.nix
@@ -208,7 +208,6 @@ let
                 pkgs.unionfs-fuse
                 pkgs.ntp
                 pkgs.nixos-artwork
-                pkgs.gummiboot
                 pkgs.perlPackages.XMLLibXML
                 pkgs.perlPackages.ListCompare
               ]