treewide: use attrs instead of list for types.loaOf options

5 years ago · 1d61efb7f1
parent 6bd13ccd8e
commit 1d61efb7f1
153 changed files with 817 additions and 1012 deletions
--- a/nixos/modules/config/i18n.nix
+++ b/nixos/modules/config/i18n.nix
@ -80,14 +80,11 @@ with lib;
    };

    # ‘/etc/locale.conf’ is used by systemd.
-    environment.etc = singleton
-      { target = "locale.conf";
-        source = pkgs.writeText "locale.conf"
-          ''
-            LANG=${config.i18n.defaultLocale}
-            ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
-          '';
-      };
+    environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
+      ''
+        LANG=${config.i18n.defaultLocale}
+        ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
+      '';

  };
 }
--- a/nixos/modules/config/ldap.nix
+++ b/nixos/modules/config/ldap.nix
@ -224,7 +224,9 @@ in

  config = mkIf cfg.enable {

-    environment.etc = optional (!cfg.daemon.enable) ldapConfig;
+    environment.etc = optionalAttrs (!cfg.daemon.enable) {
+      "ldap.conf" = ldapConfig;
+    };

    system.activationScripts = mkIf (!cfg.daemon.enable) {
      ldap = stringAfter [ "etc" "groups" "users" ] ''
--- a/nixos/modules/config/pulseaudio.nix
+++ b/nixos/modules/config/pulseaudio.nix
@ -215,9 +215,8 @@ in {

  config = mkMerge [
    {
-      environment.etc = singleton {
-        target = "pulse/client.conf";
-        source = clientConf;
+      environment.etc = {
+        "pulse/client.conf".source = clientConf;
      };

      hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";
@ -228,19 +227,16 @@ in {

      sound.enable = true;

-      environment.etc = [
-        { target = "asound.conf";
-          source = alsaConf; }
+      environment.etc = {
+        "asound.conf".source = alsaConf;

-        { target = "pulse/daemon.conf";
-          source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }
+        "pulse/daemon.conf".source = writeText "daemon.conf"
+          (lib.generators.toKeyValue {} cfg.daemon.config);

-        { target = "openal/alsoft.conf";
-          source = writeText "alsoft.conf" "drivers=pulse"; }
+        "openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";

-        { target = "libao.conf";
-          source = writeText "libao.conf" "default_driver=pulse"; }
-      ];
+        "libao.conf".source = writeText "libao.conf" "default_driver=pulse";
+      };

      # Disable flat volumes to enable relative ones
      hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";
@ -275,9 +271,8 @@ in {
    })

    (mkIf nonSystemWide {
-      environment.etc = singleton {
-        target = "pulse/default.pa";
-        source = myConfigFile;
+      environment.etc = {
+        "pulse/default.pa".source = myConfigFile;
      };
      systemd.user = {
        services.pulseaudio = {
--- a/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball-pc.nix
@ -122,11 +122,10 @@ in

  /* fake entry, just to have a happy stage-1. Users
     may boot without having stage-1 though */
-  fileSystems = [
+  fileSystems.fake =
    { mountPoint = "/";
      device = "/dev/something";
-      }
-  ];
+    };

  nixpkgs.config = {
    packageOverrides = p: {
--- a/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix
@ -117,11 +117,10 @@ in

  /* fake entry, just to have a happy stage-1. Users
     may boot without having stage-1 though */
-  fileSystems = [
+  fileSystems.fake =
    { mountPoint = "/";
      device = "/dev/something";
-      }
-  ];
+    };

  services.mingetty = {
    # Some more help text.
--- a/nixos/modules/installer/cd-dvd/system-tarball.nix
+++ b/nixos/modules/installer/cd-dvd/system-tarball.nix
@ -41,7 +41,7 @@ in

    # In stage 1 of the boot, mount the CD/DVD as the root FS by label
    # so that we don't need to know its device.
-    fileSystems = [ ];
+    fileSystems = { };

    # boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];

--- a/nixos/modules/programs/dconf.nix
+++ b/nixos/modules/programs/dconf.nix
@ -6,7 +6,10 @@ let
  cfg = config.programs.dconf;

  mkDconfProfile = name: path:
-    { source = path; target = "dconf/profile/${name}"; };
+    {
+      name = "dconf/profile/${name}";
+      value.source = path; 
+    };

 in
 {
@ -29,8 +32,8 @@ in
  ###### implementation

  config = mkIf (cfg.profiles != {} || cfg.enable) {
-    environment.etc = optionals (cfg.profiles != {})
-      (mapAttrsToList mkDconfProfile cfg.profiles);
+    environment.etc = optionalAttrs (cfg.profiles != {})
+      (mapAttrs' mkDconfProfile cfg.profiles);

    services.dbus.packages = [ pkgs.dconf ];

--- a/nixos/modules/programs/shadow.nix
+++ b/nixos/modules/programs/shadow.nix
@ -76,22 +76,18 @@ in
        config.users.defaultUserShell;

    environment.etc =
-      [ { # /etc/login.defs: global configuration for pwdutils.  You
-          # cannot login without it!
-          source = pkgs.writeText "login.defs" loginDefs;
-          target = "login.defs";
-        }
-
-        { # /etc/default/useradd: configuration for useradd.
-          source = pkgs.writeText "useradd"
-            ''
-              GROUP=100
-              HOME=/home
-              SHELL=${utils.toShellPath config.users.defaultUserShell}
-            '';
-          target = "default/useradd";
-        }
-      ];
+      { # /etc/login.defs: global configuration for pwdutils.  You
+        # cannot login without it!
+        "login.defs".source = pkgs.writeText "login.defs" loginDefs;
+
+        # /etc/default/useradd: configuration for useradd.
+        "default/useradd".source = pkgs.writeText "useradd"
+          ''
+            GROUP=100
+            HOME=/home
+            SHELL=${utils.toShellPath config.users.defaultUserShell}
+          '';
+      };

    security.pam.services =
      { chsh = { rootOK = true; };
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@ -25,19 +25,21 @@ let
    accept_env_factor=${boolToStr cfg.acceptEnvFactor}
  '';

-  loginCfgFile = optional cfg.ssh.enable
-    { source = pkgs.writeText "login_duo.conf" configFileLogin;
-      mode   = "0600";
-      user   = "sshd";
-      target = "duo/login_duo.conf";
-    };
+  loginCfgFile = optionalAttrs cfg.ssh.enable {
+    "duo/login_duo.conf" =
+      { source = pkgs.writeText "login_duo.conf" configFileLogin;
+        mode   = "0600";
+        user   = "sshd";
+      };
+  };

-  pamCfgFile = optional cfg.pam.enable
-    { source = pkgs.writeText "pam_duo.conf" configFilePam;
-      mode   = "0600";
-      user   = "sshd";
-      target = "duo/pam_duo.conf";
-    };
+  pamCfgFile = optional cfg.pam.enable {
+    "duo/pam_duo.conf" =
+      { source = pkgs.writeText "pam_duo.conf" configFilePam;
+        mode   = "0600";
+        user   = "sshd";
+      };
+  };
 in
 {
  options = {
@ -186,7 +188,7 @@ in
     environment.systemPackages = [ pkgs.duo-unix ];

     security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
-     environment.etc = loginCfgFile ++ pamCfgFile;
+     environment.etc = loginCfgFile // pamCfgFile;

     /* If PAM *and* SSH are enabled, then don't do anything special.
     If PAM isn't used, set the default SSH-only options. */
--- a/nixos/modules/security/pam.nix
+++ b/nixos/modules/security/pam.nix
@ -475,9 +475,9 @@ let

  motd = pkgs.writeText "motd" config.users.motd;

-  makePAMService = pamService:
-    { source = pkgs.writeText "${pamService.name}.pam" pamService.text;
-      target = "pam.d/${pamService.name}";
+  makePAMService = name: service:
+    { name = "pam.d/${name}";
+      value.source = pkgs.writeText "${name}.pam" service.text;
    };

 in
@ -760,8 +760,7 @@ in
      };
    };

-    environment.etc =
-      mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
+    environment.etc = mapAttrs' makePAMService config.security.pam.services;

    security.pam.services =
      { other.text =
--- a/nixos/modules/security/pam_mount.nix
+++ b/nixos/modules/security/pam_mount.nix
@ -36,8 +36,7 @@ in
  config = mkIf (cfg.enable || anyPamMount) {

    environment.systemPackages = [ pkgs.pam_mount ];
-    environment.etc = [{
-      target = "security/pam_mount.conf.xml";
+    environment.etc."security/pam_mount.conf.xml" = {
      source =
        let
          extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
@ -66,7 +65,7 @@ in
          ${concatStringsSep "\n" cfg.extraVolumes}
          </pam_mount>
          '';
-    }];
+    };

  };
 }
--- a/nixos/modules/security/rtkit.nix
+++ b/nixos/modules/security/rtkit.nix
@ -34,9 +34,8 @@ with lib;

    services.dbus.packages = [ pkgs.rtkit ];

-    users.users = singleton
-      { name = "rtkit";
-        uid = config.ids.uids.rtkit;
+    users.users.rtkit =
+      { uid = config.ids.uids.rtkit;
        description = "RealtimeKit daemon";
      };

--- a/nixos/modules/security/sudo.nix
+++ b/nixos/modules/security/sudo.nix
@ -212,7 +212,7 @@ in

    security.pam.services.sudo = { sshAgentAuth = true; };

-    environment.etc = singleton
+    environment.etc.sudoers =
      { source =
          pkgs.runCommand "sudoers"
          {
@ -222,7 +222,6 @@ in
          # Make sure that the sudoers file is syntactically valid.
          # (currently disabled - NIXOS-66)
          "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
-        target = "sudoers";
        mode = "0440";
      };

--- a/nixos/modules/services/audio/mpd.nix
+++ b/nixos/modules/services/audio/mpd.nix
@ -184,19 +184,19 @@ in {
      };
    };

-    users.users = optionalAttrs (cfg.user == name) (singleton {
-      inherit uid;
-      inherit name;
-      group = cfg.group;
-      extraGroups = [ "audio" ];
-      description = "Music Player Daemon user";
-      home = "${cfg.dataDir}";
-    });
-
-    users.groups = optionalAttrs (cfg.group == name) (singleton {
-      inherit name;
-      gid = gid;
-    });
+    users.users = optionalAttrs (cfg.user == name) {
+      ${name} = {
+        inherit uid;
+        group = cfg.group;
+        extraGroups = [ "audio" ];
+        description = "Music Player Daemon user";
+        home = "${cfg.dataDir}";
+      };
+    };
+
+    users.groups = optionalAttrs (cfg.group == name) {
+      ${name}.gid = gid;
+    };
  };

 }
--- a/nixos/modules/services/backup/mysql-backup.nix
+++ b/nixos/modules/services/backup/mysql-backup.nix
@ -84,13 +84,14 @@ in
  };

  config = mkIf cfg.enable {
-    users.users = optionalAttrs (cfg.user == defaultUser) (singleton
-      { name = defaultUser;
+    users.users = optionalAttrs (cfg.user == defaultUser) {
+      ${defaultUser} = {
        isSystemUser = true;
        createHome = false;
        home = cfg.location;
        group = "nogroup";
-      });
+      };
+    };

    services.mysql.ensureUsers = [{
      name = cfg.user;
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@ -266,8 +266,7 @@ in {
        "d /var/lib/kubernetes 0755 kubernetes kubernetes -"
      ];

-      users.users = singleton {
-        name = "kubernetes";
+      users.users.kubernetes = {
        uid = config.ids.uids.kubernetes;
        description = "Kubernetes user";
        extraGroups = [ "docker" ];
--- a/nixos/modules/services/continuous-integration/buildbot/master.nix
+++ b/nixos/modules/services/continuous-integration/buildbot/master.nix
@ -223,18 +223,19 @@ in {

  config = mkIf cfg.enable {
    users.groups = optional (cfg.group == "buildbot") {
-      name = "buildbot";
+      buildbot = { };
    };

-    users.users = optional (cfg.user == "buildbot") {
-      name = "buildbot";
-      description = "Buildbot User.";
-      isNormalUser = true;
-      createHome = true;
-      home = cfg.home;
-      group = cfg.group;
-      extraGroups = cfg.extraGroups;
-      useDefaultShell = true;
+    users.users = optionalAttrs (cfg.user == "buildbot") {
+      buildbot = {
+        description = "Buildbot User.";
+        isNormalUser = true;
+        createHome = true;
+        home = cfg.home;
+        group = cfg.group;
+        extraGroups = cfg.extraGroups;
+        useDefaultShell = true;
+      };
    };

    systemd.services.buildbot-master = {
--- a/nixos/modules/services/continuous-integration/buildbot/worker.nix
+++ b/nixos/modules/services/continuous-integration/buildbot/worker.nix
@ -137,18 +137,19 @@ in {
    services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);

    users.groups = optional (cfg.group == "bbworker") {
-      name = "bbworker";
+      bbworker = { };
    };

-    users.users = optional (cfg.user == "bbworker") {
-      name = "bbworker";
-      description = "Buildbot Worker User.";
-      isNormalUser = true;
-      createHome = true;
-      home = cfg.home;
-      group = cfg.group;
-      extraGroups = cfg.extraGroups;
-      useDefaultShell = true;
+    users.users = optionalAttrs (cfg.user == "bbworker") {
+      bbworker = {
+        description = "Buildbot Worker User.";
+        isNormalUser = true;
+        createHome = true;
+        home = cfg.home;
+        group = cfg.group;
+        extraGroups = cfg.extraGroups;
+        useDefaultShell = true;
+      };
    };

    systemd.services.buildbot-worker = {
--- a/nixos/modules/services/continuous-integration/gocd-agent/default.nix
+++ b/nixos/modules/services/continuous-integration/gocd-agent/default.nix
@ -135,20 +135,20 @@ in {
  };

  config = mkIf cfg.enable {
-    users.groups = optional (cfg.group == "gocd-agent") {
-      name = "gocd-agent";
-      gid = config.ids.gids.gocd-agent;
+    users.groups = optionalAttrs (cfg.group == "gocd-agent") {
+      gocd-agent.gid = config.ids.gids.gocd-agent;
    };

-    users.users = optional (cfg.user == "gocd-agent") {
-      name = "gocd-agent";
-      description = "gocd-agent user";
-      createHome = true;
-      home = cfg.workDir;
-      group = cfg.group;
-      extraGroups = cfg.extraGroups;
-      useDefaultShell = true;
-      uid = config.ids.uids.gocd-agent;
+    users.users = optionalAttrs (cfg.user == "gocd-agent") {
+      gocd-agent = {
+        description = "gocd-agent user";
+        createHome = true;
+        home = cfg.workDir;
+        group = cfg.group;
+        extraGroups = cfg.extraGroups;
+        useDefaultShell = true;
+        uid = config.ids.uids.gocd-agent;
+      };
    };

    systemd.services.gocd-agent = {
--- a/nixos/modules/services/continuous-integration/gocd-server/default.nix
+++ b/nixos/modules/services/continuous-integration/gocd-server/default.nix
@ -143,20 +143,20 @@ in {
  };

  config = mkIf cfg.enable {
-    users.groups = optional (cfg.group == "gocd-server") {
-      name = "gocd-server";
-      gid = config.ids.gids.gocd-server;
+    users.groups = optionalAttrs (cfg.group == "gocd-server") {
+      gocd-server.gid = config.ids.gids.gocd-server;
    };

-    users.users = optional (cfg.user == "gocd-server") {
-      name = "gocd-server";
-      description = "gocd-server user";
-      createHome = true;
-      home = cfg.workDir;
-      group = cfg.group;
-      extraGroups = cfg.extraGroups;
-      useDefaultShell = true;
-      uid = config.ids.uids.gocd-server;
+    users.users = optionalAttrs (cfg.user == "gocd-server") {
+      gocd-server = {
+        description = "gocd-server user";
+        createHome = true;
+        home = cfg.workDir;
+        group = cfg.group;
+        extraGroups = cfg.extraGroups;
+        useDefaultShell = true;
+        uid = config.ids.uids.gocd-server;
+      };
    };

    systemd.services.gocd-server = {
--- a/nixos/modules/services/continuous-integration/jenkins/default.nix
+++ b/nixos/modules/services/continuous-integration/jenkins/default.nix
@ -150,20 +150,20 @@ in {
      pkgs.dejavu_fonts
    ];

-    users.groups = optional (cfg.group == "jenkins") {
-      name = "jenkins";
-      gid = config.ids.gids.jenkins;
+    users.groups = optionalAttrs (cfg.group == "jenkins") {
+      jenkins.gid = config.ids.gids.jenkins;
    };

-    users.users = optional (cfg.user == "jenkins") {
-      name = "jenkins";
-      description = "jenkins user";
-      createHome = true;
-      home = cfg.home;
-      group = cfg.group;
-      extraGroups = cfg.extraGroups;
-      useDefaultShell = true;
-      uid = config.ids.uids.jenkins;
+    users.users = optionalAttrs (cfg.user == "jenkins") {
+      jenkins = {
+        description = "jenkins user";
+        createHome = true;
+        home = cfg.home;
+        group = cfg.group;
+        extraGroups = cfg.extraGroups;
+        useDefaultShell = true;
+        uid = config.ids.uids.jenkins;
+      };
    };

    systemd.services.jenkins = {
--- a/nixos/modules/services/continuous-integration/jenkins/slave.nix
+++ b/nixos/modules/services/continuous-integration/jenkins/slave.nix
@ -51,18 +51,18 @@ in {

  config = mkIf (cfg.enable && !masterCfg.enable) {
    users.groups = optional (cfg.group == "jenkins") {
-      name = "jenkins";
-      gid = config.ids.gids.jenkins;
+      jenkins.gid = config.ids.gids.jenkins;
    };

-    users.users = optional (cfg.user == "jenkins") {
-      name = "jenkins";
-      description = "jenkins user";
-      createHome = true;
-      home = cfg.home;
-      group = cfg.group;
-      useDefaultShell = true;
-      uid = config.ids.uids.jenkins;
+    users.users = optionalAttrs (cfg.user == "jenkins") {
+      jenkins = {
+        description = "jenkins user";
+        createHome = true;
+        home = cfg.home;
+        group = cfg.group;
+        useDefaultShell = true;
+        uid = config.ids.uids.jenkins;
+      };
    };
  };
 }
--- a/nixos/modules/services/databases/cockroachdb.nix
+++ b/nixos/modules/services/databases/cockroachdb.nix
@ -171,17 +171,17 @@ in

    environment.systemPackages = [ crdb ];

-    users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton
-      { name        = "cockroachdb";
+    users.users = optionalAttrs (cfg.user == "cockroachdb") {
+      cockroachdb = {
        description = "CockroachDB Server User";
        uid         = config.ids.uids.cockroachdb;
        group       = cfg.group;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton
-      { name = "cockroachdb";
-        gid  = config.ids.gids.cockroachdb;
-      });
+    users.groups = optionalAttrs (cfg.group == "cockroachdb") {
+      cockroachdb.gid = config.ids.gids.cockroachdb;
+    };

    networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts
      [ cfg.http.port cfg.listen.port ];
--- a/nixos/modules/services/databases/foundationdb.nix
+++ b/nixos/modules/services/databases/foundationdb.nix
@ -341,17 +341,17 @@ in

    environment.systemPackages = [ pkg ];

-    users.users = optionalAttrs (cfg.user == "foundationdb") (singleton
-      { name        = "foundationdb";
+    users.users = optionalAttrs (cfg.user == "foundationdb") {
+      foundationdb = {
        description = "FoundationDB User";
        uid         = config.ids.uids.foundationdb;
        group       = cfg.group;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton
-      { name = "foundationdb";
-        gid  = config.ids.gids.foundationdb;
-      });
+    users.groups = optionalAttrs (cfg.group == "foundationdb") {
+      foundationdb.gid = config.ids.gids.foundationdb;
+    };

    networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall
      [ { from = cfg.listenPortStart;
--- a/nixos/modules/services/databases/influxdb.nix
+++ b/nixos/modules/services/databases/influxdb.nix
@ -182,15 +182,15 @@ in
        '';
    };

-    users.users = optional (cfg.user == "influxdb") {
-      name = "influxdb";
-      uid = config.ids.uids.influxdb;
-      description = "Influxdb daemon user";
+    users.users = optionalAttrs (cfg.user == "influxdb") {
+      influxdb = {
+        uid = config.ids.uids.influxdb;
+        description = "Influxdb daemon user";
+      };
    };

-    users.groups = optional (cfg.group == "influxdb") {
-      name = "influxdb";
-      gid = config.ids.gids.influxdb;
+    users.groups = optionalAttrs (cfg.group == "influxdb") {
+      influxdb.gid = config.ids.gids.influxdb;
    };
  };

--- a/nixos/modules/services/databases/memcached.nix
+++ b/nixos/modules/services/databases/memcached.nix
@ -64,10 +64,9 @@ in

  config = mkIf config.services.memcached.enable {

-    users.users = optional (cfg.user == "memcached") {
-      name = "memcached";
-      description = "Memcached server user";
-      isSystemUser = true;
+    users.users = optionalAttrs (cfg.user == "memcached") {
+      memcached.description = "Memcached server user";
+      memcached.isSystemUser = true;
    };

    environment.systemPackages = [ memcached ];
--- a/nixos/modules/services/databases/neo4j.nix
+++ b/nixos/modules/services/databases/neo4j.nix
@ -650,8 +650,7 @@ in {

      environment.systemPackages = [ cfg.package ];

-      users.users = singleton {
-        name = "neo4j";
+      users.users.neo4j = {
        uid = config.ids.uids.neo4j;
        description = "Neo4j daemon user";
        home = cfg.directories.home;
--- a/nixos/modules/services/databases/virtuoso.nix
+++ b/nixos/modules/services/databases/virtuoso.nix
@ -54,9 +54,8 @@ with lib;

  config = mkIf cfg.enable {

-    users.users = singleton
-      { name = virtuosoUser;
-        uid = config.ids.uids.virtuoso;
+    users.users.${virtuosoUser} =
+      { uid = config.ids.uids.virtuoso;
        description = "virtuoso user";
        home = stateDir;
      };
--- a/nixos/modules/services/editors/infinoted.nix
+++ b/nixos/modules/services/editors/infinoted.nix
@ -111,14 +111,15 @@ in {
  };

  config = mkIf (cfg.enable) {
-    users.users = optional (cfg.user == "infinoted")
-      { name = "infinoted";
-        description = "Infinoted user";
-        group = cfg.group;
-        isSystemUser = true;
+    users.users = optionalAttrs (cfg.user == "infinoted")
+      { infinoted = {
+          description = "Infinoted user";
+          group = cfg.group;
+          isSystemUser = true;
+        };
      };
-    users.groups = optional (cfg.group == "infinoted")
-      { name = "infinoted";
+    users.groups = optionalAttrs (cfg.group == "infinoted")
+      { infinoted = { };
      };

    systemd.services.infinoted =
--- a/nixos/modules/services/hardware/bluetooth.nix
+++ b/nixos/modules/services/hardware/bluetooth.nix
@ -74,9 +74,9 @@ in {

    environment.systemPackages = [ bluez-bluetooth ];

-    environment.etc = singleton {
-      source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
-      target = "bluetooth/main.conf";
+    environment.etc."bluetooth/main.conf"= {
+      source = pkgs.writeText "main.conf"
+        (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
    };

    services.udev.packages = [ bluez-bluetooth ];
--- a/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
+++ b/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix
@ -67,11 +67,11 @@ in
 {
  options = {

-    hardware.sane.brscan4.enable = 
+    hardware.sane.brscan4.enable =
      mkEnableOption "Brother's brscan4 scan backend" // {
      description = ''
        When enabled, will automatically register the "brscan4" sane
-        backend and bring configuration files to their expected location. 
+        backend and bring configuration files to their expected location.
      '';
    };

@ -95,14 +95,11 @@ in
      pkgs.brscan4
    ];

-    environment.etc = singleton {
-      target = "opt/brother/scanner/brscan4";
-      source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
-    };
+    environment.etc."opt/brother/scanner/brscan4" =
+      { source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };

    assertions = [
      { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
-          
        message = ''
          When describing a network device as part of the attribute list
          `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`
--- a/nixos/modules/services/hardware/tcsd.nix
+++ b/nixos/modules/services/hardware/tcsd.nix
@ -137,15 +137,15 @@ in
      serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
    };

-    users.users = optionalAttrs (cfg.user == "tss") (singleton
-      { name = "tss";
+    users.users = optionalAttrs (cfg.user == "tss") {
+      tss = {
        group = "tss";
        uid = config.ids.uids.tss;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "tss") (singleton
-      { name = "tss";
-        gid = config.ids.gids.tss;
-      });
+    users.groups = optionalAttrs (cfg.group == "tss") {
+      tss.gid = config.ids.gids.tss;
+    };
  };
 }
--- a/nixos/modules/services/hardware/tlp.nix
+++ b/nixos/modules/services/hardware/tlp.nix
@ -103,13 +103,14 @@ in

    services.udev.packages = [ tlp ];

-    environment.etc = [{ source = confFile;
-                         target = "default/tlp";
-                       }
-                      ] ++ optional enableRDW {
-                        source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
-                        target = "NetworkManager/dispatcher.d/99tlp-rdw-nm";
-                      };
+    environment.etc =
+      {
+        "default/tlp".source = confFile;
+      } // optionalAttrs enableRDW {
+        "NetworkManager/dispatcher.d/99tlp-rdw-nm" = {
+          source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
+        };
+      };

    environment.systemPackages = [ tlp ];

--- a/nixos/modules/services/hardware/udev.nix
+++ b/nixos/modules/services/hardware/udev.nix
@ -281,13 +281,10 @@ in
    boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];

    environment.etc =
-      [ { source = udevRules;
-          target = "udev/rules.d";
-        }
-        { source = hwdbBin;
-          target = "udev/hwdb.bin";
-        }
-      ];
+      {
+        "udev/rules.d".source = udevRules;
+        "udev/hwdb.bin".source = hwdbBin;
+      };

    system.requiredKernelConfig = with config.lib.kernelConfig; [
      (isEnabled "UNIX")
--- a/nixos/modules/services/hardware/usbmuxd.nix
+++ b/nixos/modules/services/hardware/usbmuxd.nix
@ -43,15 +43,16 @@ in

  config = mkIf cfg.enable {

-    users.users = optional (cfg.user == defaultUserGroup) {
-      name = cfg.user;
-      description = "usbmuxd user";
-      group = cfg.group;
-      isSystemUser = true;
+    users.users = optionalAttrs (cfg.user == defaultUserGroup) {
+      ${cfg.user} = {
+        description = "usbmuxd user";
+        group = cfg.group;
+        isSystemUser = true;
+      };
    };

    users.groups = optional (cfg.group == defaultUserGroup) {
-      name = cfg.group;
+      ${cfg.group} = { };
    };

    # Give usbmuxd permission for Apple devices
--- a/nixos/modules/services/logging/logcheck.nix
+++ b/nixos/modules/services/logging/logcheck.nix
@ -213,13 +213,14 @@ in
        mapAttrsToList writeIgnoreRule cfg.ignore
        ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;

-    users.users = optionalAttrs (cfg.user == "logcheck") (singleton
-      { name = "logcheck";
+    users.users = optionalAttrs (cfg.user == "logcheck") {
+      logcheck = {
        uid = config.ids.uids.logcheck;
        shell = "/bin/sh";
        description = "Logcheck user account";
        extraGroups = cfg.extraGroups;
-      });
+      };
+    };

    system.activationScripts.logcheck = ''
      mkdir -m 700 -p /var/{lib,lock}/logcheck
--- a/nixos/modules/services/mail/dovecot.nix
+++ b/nixos/modules/services/mail/dovecot.nix
@ -310,36 +310,32 @@ in
     ++ optional cfg.enablePop3 "pop3"
     ++ optional cfg.enableLmtp "lmtp";

-    users.users = [
-      { name = "dovenull";
-        uid = config.ids.uids.dovenull2;
-        description = "Dovecot user for untrusted logins";
-        group = "dovenull";
-      }
-    ] ++ optional (cfg.user == "dovecot2")
-         { name = "dovecot2";
-           uid = config.ids.uids.dovecot2;
+    users.users = {
+      dovenull =
+        { uid = config.ids.uids.dovenull2;
+          description = "Dovecot user for untrusted logins";
+          group = "dovenull";
+        };
+    } // optionalAttrs (cfg.user == "dovecot2") {
+      dovecot2 =
+         { uid = config.ids.uids.dovecot2;
           description = "Dovecot user";
           group = cfg.group;
-         }
-      ++ optional (cfg.createMailUser && cfg.mailUser != null)
-         ({ name = cfg.mailUser;
-            description = "Virtual Mail User";
-         } // optionalAttrs (cfg.mailGroup != null) {
-           group = cfg.mailGroup;
-         });
-
-    users.groups = optional (cfg.group == "dovecot2")
-      { name = "dovecot2";
-        gid = config.ids.gids.dovecot2;
-      }
-    ++ optional (cfg.createMailUser && cfg.mailGroup != null)
-      { name = cfg.mailGroup;
-      }
-    ++ singleton
-      { name = "dovenull";
-        gid = config.ids.gids.dovenull2;
-      };
+         };
+    } // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {
+      ${cfg.mailUser} =
+        { description = "Virtual Mail User"; } //
+        optionalAttrs (cfg.mailGroup != null)
+          { group = cfg.mailGroup; };
+    };
+
+    users.groups = {
+      dovenull.gid = config.ids.gids.dovenull2;
+    } // optionalAttrs (cfg.group == "dovecot2") {
+      dovecot2.gid = config.ids.gids.dovecot2;
+    } // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {
+      ${cfg.mailgroup} = { };
+    };

    environment.etc."dovecot/modules".source = modulesDir;
    environment.etc."dovecot/dovecot.conf".source = cfg.configFile;
--- a/nixos/modules/services/mail/dspam.nix
+++ b/nixos/modules/services/mail/dspam.nix
@ -86,16 +86,16 @@ in {

  config = mkIf cfg.enable (mkMerge [
    {
-      users.users = optionalAttrs (cfg.user == "dspam") (singleton
-        { name = "dspam";
+      users.users = optionalAttrs (cfg.user == "dspam") {
+        dspam = {
          group = cfg.group;
          uid = config.ids.uids.dspam;
-        });
+        };
+      };

-      users.groups = optionalAttrs (cfg.group == "dspam") (singleton
-        { name = "dspam";
-          gid = config.ids.gids.dspam;
-        });
+      users.groups = optionalAttrs (cfg.group == "dspam") {
+        dspam.gid = config.ids.gids.dspam;
+      };

      environment.systemPackages = [ dspam ];

--- a/nixos/modules/services/mail/exim.nix
+++ b/nixos/modules/services/mail/exim.nix
@ -87,15 +87,13 @@ in
      systemPackages = [ cfg.package ];
    };

-    users.users = singleton {
-      name = cfg.user;
+    users.users.${cfg.user} = {
      description = "Exim mail transfer agent user";
      uid = config.ids.uids.exim;
      group = cfg.group;
    };

-    users.groups = singleton {
-      name = cfg.group;
+    users.groups.${cfg.group} = {
      gid = config.ids.gids.exim;
    };

--- a/nixos/modules/services/mail/mlmmj.nix
+++ b/nixos/modules/services/mail/mlmmj.nix
@ -94,8 +94,7 @@ in

  config = mkIf cfg.enable {

-    users.users = singleton {
-      name = cfg.user;
+    users.users.${cfg.user} = {
      description = "mlmmj user";
      home = stateDir;
      createHome = true;
@ -104,8 +103,7 @@ in
      useDefaultShell = true;
    };

-    users.groups = singleton {
-      name = cfg.group;
+    users.groups.${cfg.group} = {
      gid = config.ids.gids.mlmmj;
    };

--- a/nixos/modules/services/mail/nullmailer.nix
+++ b/nixos/modules/services/mail/nullmailer.nix
@ -201,15 +201,12 @@ with lib;
    };

    users = {
-      users = singleton {
-        name = cfg.user;
+      users.${cfg.user} = {
        description = "Nullmailer relay-only mta user";
        group = cfg.group;
      };

-      groups = singleton {
-        name = cfg.group;
-      };
+      groups.${cfg.group} = { };
    };

    systemd.tmpfiles.rules = [
--- a/nixos/modules/services/mail/opendkim.nix
+++ b/nixos/modules/services/mail/opendkim.nix
@ -91,16 +91,16 @@ in {

  config = mkIf cfg.enable {

-    users.users = optionalAttrs (cfg.user == "opendkim") (singleton
-      { name = "opendkim";
+    users.users = optionalAttrs (cfg.user == "opendkim") {
+      opendkim = {
        group = cfg.group;
        uid = config.ids.uids.opendkim;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "opendkim") (singleton
-      { name = "opendkim";
-        gid = config.ids.gids.opendkim;
-      });
+    users.groups = optionalAttrs (cfg.group == "opendkim") {
+      opendkimgid = config.ids.gids.opendkim;
+    };

    environment.systemPackages = [ pkgs.opendkim ];

--- a/nixos/modules/services/mail/postfix.nix
+++ b/nixos/modules/services/mail/postfix.nix
@ -655,21 +655,20 @@ in
        setgid = true;
      };

-      users.users = optional (user == "postfix")
-        { name = "postfix";
-          description = "Postfix mail server user";
-          uid = config.ids.uids.postfix;
-          group = group;
+      users.users = optionalAttrs (user == "postfix")
+        { postfix = {
+            description = "Postfix mail server user";
+            uid = config.ids.uids.postfix;
+            group = group;
+          };
        };

      users.groups =
-        optional (group == "postfix")
-        { name = group;
-          gid = config.ids.gids.postfix;
+        optionalAttrs (group == "postfix")
+        { group.gid = config.ids.gids.postfix;
        }
-        ++ optional (setgidGroup == "postdrop")
-        { name = setgidGroup;
-          gid = config.ids.gids.postdrop;
+        ++ optionalAttrs (setgidGroup == "postdrop")
+        { ${setgidGroup}.gid = config.ids.gids.postdrop;
        };

      systemd.services.postfix =
--- a/nixos/modules/services/mail/postsrsd.nix
+++ b/nixos/modules/services/mail/postsrsd.nix
@ -90,16 +90,16 @@ in {

    services.postsrsd.domain = mkDefault config.networking.hostName;

-    users.users = optionalAttrs (cfg.user == "postsrsd") (singleton
-      { name = "postsrsd";
+    users.users = optionalAttrs (cfg.user == "postsrsd") {
+      postsrsd = {
        group = cfg.group;
        uid = config.ids.uids.postsrsd;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton
-      { name = "postsrsd";
-        gid = config.ids.gids.postsrsd;
-      });
+    users.groups = optionalAttrs (cfg.group == "postsrsd") {
+      postsrsd.gid = config.ids.gids.postsrsd;
+    };

    systemd.services.postsrsd = {
      description = "PostSRSd SRS rewriting server";
--- a/nixos/modules/services/mail/rspamd.nix
+++ b/nixos/modules/services/mail/rspamd.nix
@ -374,15 +374,13 @@ in
    # Allow users to run 'rspamc' and 'rspamadm'.
    environment.systemPackages = [ pkgs.rspamd ];

-    users.users = singleton {
-      name = cfg.user;
+    users.users.${cfg.user} = {
      description = "rspamd daemon";
      uid = config.ids.uids.rspamd;
      group = cfg.group;
    };

-    users.groups = singleton {
-      name = cfg.group;
+    users.groups.${cfg.group} = {
      gid = config.ids.gids.rspamd;
    };

--- a/nixos/modules/services/mail/spamassassin.nix
+++ b/nixos/modules/services/mail/spamassassin.nix
@ -128,15 +128,13 @@ in
      systemPackages = [ pkgs.spamassassin ];
    };

-    users.users = singleton {
-      name = "spamd";
+    users.users.spamd = {
      description = "Spam Assassin Daemon";
      uid = config.ids.uids.spamd;
      group = "spamd";
    };

-    users.groups = singleton {
-      name = "spamd";
+    users.groups.spamd = {
      gid = config.ids.gids.spamd;
    };

--- a/nixos/modules/services/misc/apache-kafka.nix
+++ b/nixos/modules/services/misc/apache-kafka.nix
@ -124,8 +124,7 @@ in {

    environment.systemPackages = [cfg.package];

-    users.users = singleton {
-      name = "apache-kafka";
+    users.users.apache-kafka = {
      uid = config.ids.uids.apache-kafka;
      description = "Apache Kafka daemon user";
      home = head cfg.logDirs;
--- a/nixos/modules/services/misc/bepasty.nix
+++ b/nixos/modules/services/misc/bepasty.nix
@ -168,16 +168,12 @@ in
        })
    ) cfg.servers;

-    users.users = [{
-      uid = config.ids.uids.bepasty;
-      name = user;
-      group = group;
-      home = default_home;
-    }];
-
-    users.groups = [{
-      name = group;
-      gid = config.ids.gids.bepasty;
-    }];
+    users.users.${user} =
+      { uid = config.ids.uids.bepasty;
+        group = group;
+        home = default_home;
+      };
+
+    users.groups.${group}.gid = config.ids.gids.bepasty;
  };
 }
--- a/nixos/modules/services/misc/cgminer.nix
+++ b/nixos/modules/services/misc/cgminer.nix
@ -110,11 +110,12 @@ in

  config = mkIf config.services.cgminer.enable {

-    users.users = optionalAttrs (cfg.user == "cgminer") (singleton
-      { name = "cgminer";
+    users.users = optionalAttrs (cfg.user == "cgminer") {
+      cgminer = {
        uid = config.ids.uids.cgminer;
        description = "Cgminer user";
-      });
+      };
+    };

    environment.systemPackages = [ cfg.package ];

--- a/nixos/modules/services/misc/couchpotato.nix
+++ b/nixos/modules/services/misc/couchpotato.nix
@ -29,17 +29,14 @@ in
      };
    };

-    users.users = singleton
-      { name = "couchpotato";
-        group = "couchpotato";
+    users.users.couchpotato =
+      { group = "couchpotato";
        home = "/var/lib/couchpotato/";
        description = "CouchPotato daemon user";
        uid = config.ids.uids.couchpotato;
      };

-    users.groups = singleton
-      { name = "couchpotato";
-        gid = config.ids.gids.couchpotato;
-      };
+    users.groups.couchpotato =
+      { gid = config.ids.gids.couchpotato; };
  };
 }
--- a/nixos/modules/services/misc/dictd.nix
+++ b/nixos/modules/services/misc/dictd.nix
@ -45,18 +45,14 @@ in
    # get the command line client on system path to make some use of the service
    environment.systemPackages = [ pkgs.dict ];

-    users.users = singleton
-      { name = "dictd";
-        group = "dictd";
+    users.users.dictd =
+      { group = "dictd";
        description = "DICT.org dictd server";
        home = "${dictdb}/share/dictd";
        uid = config.ids.uids.dictd;
      };

-    users.groups = singleton
-      { name = "dictd";
-        gid = config.ids.gids.dictd;
-      };
+    users.groups.dictd.gid = config.ids.gids.dictd;

    systemd.services.dictd = {
      description = "DICT.org Dictionary Server";
--- a/nixos/modules/services/misc/etcd.nix
+++ b/nixos/modules/services/misc/etcd.nix
@ -186,8 +186,7 @@ in {

    environment.systemPackages = [ pkgs.etcdctl ];

-    users.users = singleton {
-      name = "etcd";
+    users.users.etcd = {
      uid = config.ids.uids.etcd;
      description = "Etcd daemon user";
      home = cfg.dataDir;
--- a/nixos/modules/services/misc/exhibitor.nix
+++ b/nixos/modules/services/misc/exhibitor.nix
@ -410,8 +410,7 @@ in
        sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh
      '';
    };
-    users.users = singleton {
-      name = "zookeeper";
+    users.users.zookeeper = {
      uid = config.ids.uids.zookeeper;
      description = "Zookeeper daemon user";
      home = cfg.baseDir;
--- a/nixos/modules/services/misc/felix.nix
+++ b/nixos/modules/services/misc/felix.nix
@ -47,14 +47,10 @@ in
  ###### implementation

  config = mkIf cfg.enable {
-    users.groups = singleton
-      { name = "osgi";
-        gid = config.ids.gids.osgi;
-      };
+    users.groups.osgi.gid = config.ids.gids.osgi;

-    users.users = singleton
-      { name = "osgi";
-        uid = config.ids.uids.osgi;
+    users.users.osgi =
+      { uid = config.ids.uids.osgi;
        description = "OSGi user";
        home = "/homeless-shelter";
      };
--- a/nixos/modules/services/misc/folding-at-home.nix
+++ b/nixos/modules/services/misc/folding-at-home.nix
@ -42,9 +42,8 @@ in {

  config = mkIf cfg.enable {

-    users.users = singleton
-      { name = fahUser;
-        uid = config.ids.uids.foldingathome;
+    users.users.${fahUser} =
+      { uid = config.ids.uids.foldingathome;
        description = "Folding@Home user";
        home = stateDir;
      };
--- a/nixos/modules/services/misc/gitlab.nix
+++ b/nixos/modules/services/misc/gitlab.nix
@ -633,20 +633,14 @@ in {
    # Use postfix to send out mails.
    services.postfix.enable = mkDefault true;

-    users.users = [
-      { name = cfg.user;
-        group = cfg.group;
+    users.users.${cfg.user} =
+      { group = cfg.group;
        home = "${cfg.statePath}/home";
        shell = "${pkgs.bash}/bin/bash";
        uid = config.ids.uids.gitlab;
-      }
-    ];
+      };

-    users.groups = [
-      { name = cfg.group;
-        gid = config.ids.gids.gitlab;
-      }
-    ];
+    users.groups.${cfg.group}.gid = config.ids.gids.gitlab;

    systemd.tmpfiles.rules = [
      "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"
--- a/nixos/modules/services/misc/gpsd.nix
+++ b/nixos/modules/services/misc/gpsd.nix
@ -86,17 +86,13 @@ in

  config = mkIf cfg.enable {

-    users.users = singleton
-      { name = "gpsd";
-        inherit uid;
+    users.users.gpsd =
+      { inherit uid;
        description = "gpsd daemon user";
        home = "/var/empty";
      };

-    users.groups = singleton
-      { name = "gpsd";
-        inherit gid;
-      };
+    users.groups.gpsd = { inherit gid; };

    systemd.services.gpsd = {
      description = "GPSD daemon";
--- a/nixos/modules/services/misc/headphones.nix
+++ b/nixos/modules/services/misc/headphones.nix
@ -59,19 +59,19 @@ in

  config = mkIf cfg.enable {

-    users.users = optionalAttrs (cfg.user == name) (singleton {
-      name = name;
-      uid = config.ids.uids.headphones;
-      group = cfg.group;
-      description = "headphones user";
-      home = cfg.dataDir;
-      createHome = true;
-    });
+    users.users = optionalAttrs (cfg.user == name) {
+      ${name} = {
+        uid = config.ids.uids.headphones;
+        group = cfg.group;
+        description = "headphones user";
+        home = cfg.dataDir;
+        createHome = true;
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == name) (singleton {
-      name = name;
-      gid = config.ids.gids.headphones;
-    });
+    users.groups = optionalAttrs (cfg.group == name) {
+      ${name}.gid = config.ids.gids.headphones;
+    };

    systemd.services.headphones = {
        description = "Headphones Server";
--- a/nixos/modules/services/misc/matrix-synapse.nix
+++ b/nixos/modules/services/misc/matrix-synapse.nix
@ -657,19 +657,18 @@ in {
  };

  config = mkIf cfg.enable {
-    users.users = [
-      { name = "matrix-synapse";
+    users.users.matrix-synapse =
+      { name = "";
        group = "matrix-synapse";
        home = cfg.dataDir;
        createHome = true;
        shell = "${pkgs.bash}/bin/bash";
        uid = config.ids.uids.matrix-synapse;
-      } ];
+      };

-    users.groups = [
-      { name = "matrix-synapse";
-        gid = config.ids.gids.matrix-synapse;
-      } ];
+    users.groups.matrix-synapse = {
+      gid = config.ids.gids.matrix-synapse;
+    };

    services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
      enable = mkDefault true;
--- a/nixos/modules/services/misc/mediatomb.nix
+++ b/nixos/modules/services/misc/mediatomb.nix
@ -266,19 +266,19 @@ in {
      serviceConfig.User = "${cfg.user}";
    };

-    users.groups = optionalAttrs (cfg.group == "mediatomb") (singleton {
-      name = "mediatomb";
-      gid = gid;
-    });
+    users.groups = optionalAttrs (cfg.group == "mediatomb") {
+      mediatomb.gid = gid;
+    };

-    users.users = optionalAttrs (cfg.user == "mediatomb") (singleton {
-      name = "mediatomb";
-      isSystemUser = true;
-      group = cfg.group;
-      home = "${cfg.dataDir}";
-      createHome = true;
-      description = "Mediatomb DLNA Server User";
-    });
+    users.users = optionalAttrs (cfg.user == "mediatomb") {
+      mediatomb = {
+        isSystemUser = true;
+        group = cfg.group;
+        home = "${cfg.dataDir}";
+        createHome = true;
+        description = "Mediatomb DLNA Server User";
+      };
+    };

    networking.firewall = {
      allowedUDPPorts = [ 1900 cfg.port ];
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@ -12,8 +12,9 @@ let

  isNix23 = versionAtLeast nixVersion "2.3pre";

-  makeNixBuildUser = nr:
-    { name = "nixbld${toString nr}";
+  makeNixBuildUser = nr: {
+    name  = "nixbld${toString nr}";
+    value = {
      description = "Nix build user ${toString nr}";

      /* For consistency with the setgid(2), setuid(2), and setgroups(2)
@ -23,8 +24,9 @@ let
      group = "nixbld";
      extraGroups = [ "nixbld" ];
    };
+  };

-  nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
+  nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));

  nixConf =
    assert versionAtLeast nixVersion "2.2";
@ -445,7 +447,7 @@ in

    users.users = nixbldUsers;

-    services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
+    services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;

    system.activationScripts.nix = stringAfter [ "etc" "users" ]
      ''
--- a/nixos/modules/services/misc/octoprint.nix
+++ b/nixos/modules/services/misc/octoprint.nix
@ -86,16 +86,16 @@ in

  config = mkIf cfg.enable {

-    users.users = optionalAttrs (cfg.user == "octoprint") (singleton
-      { name = "octoprint";
+    users.users = optionalAttrs (cfg.user == "octoprint") {
+      octoprint = {
        group = cfg.group;
        uid = config.ids.uids.octoprint;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "octoprint") (singleton
-      { name = "octoprint";
-        gid = config.ids.gids.octoprint;
-      });
+    users.groups = optionalAttrs (cfg.group == "octoprint") {
+      octoprint.gid = config.ids.gids.octoprint;
+    };

    systemd.tmpfiles.rules = [
      "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"
--- a/nixos/modules/services/misc/redmine.nix
+++ b/nixos/modules/services/misc/redmine.nix
@ -367,17 +367,17 @@ in

    };

-    users.users = optionalAttrs (cfg.user == "redmine") (singleton
-      { name = "redmine";
+    users.users = optionalAttrs (cfg.user == "redmine") {
+      redmine = {
        group = cfg.group;
        home = cfg.stateDir;
        uid = config.ids.uids.redmine;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "redmine") (singleton
-      { name = "redmine";
-        gid = config.ids.gids.redmine;
-      });
+    users.groups = optionalAttrs (cfg.group == "redmine") {
+      redmine.gid = config.ids.gids.redmine;
+    };

    warnings = optional (cfg.database.password != "")
      ''config.services.redmine.database.password will be stored as plaintext
--- a/nixos/modules/services/misc/ripple-data-api.nix
+++ b/nixos/modules/services/misc/ripple-data-api.nix
@ -185,9 +185,8 @@ in {
      ];
    };

-    users.users = singleton
-      { name = "ripple-data-api";
-        description = "Ripple data api user";
+    users.users.ripple-data-api =
+      { description = "Ripple data api user";
        uid = config.ids.uids.ripple-data-api;
      };
  };
--- a/nixos/modules/services/misc/rippled.nix
+++ b/nixos/modules/services/misc/rippled.nix
@ -406,9 +406,8 @@ in

  config = mkIf cfg.enable {

-    users.users = singleton
-      { name = "rippled";
-        description = "Ripple server user";
+    users.users.rippled =
+      { description = "Ripple server user";
        uid = config.ids.uids.rippled;
        home = cfg.databasePath;
        createHome = true;
--- a/nixos/modules/services/misc/serviio.nix
+++ b/nixos/modules/services/misc/serviio.nix
@ -63,20 +63,15 @@ in {
      };
    };

-    users.users = [
-      {
-        name = "serviio";
-        group = "serviio";
+    users.users.serviio =
+      { group = "serviio";
        home = cfg.dataDir;
        description = "Serviio Media Server User";
        createHome = true;
        isSystemUser = true;
-      }
-    ];
+      };

-    users.groups = [
-      { name = "serviio";}
-    ];
+    users.groups.serviio = { };

    networking.firewall = {
      allowedTCPPorts = [
--- a/nixos/modules/services/misc/sickbeard.nix
+++ b/nixos/modules/services/misc/sickbeard.nix
@ -63,19 +63,19 @@ in

  config = mkIf cfg.enable {

-    users.users = optionalAttrs (cfg.user == name) (singleton {
-      name = name;
-      uid = config.ids.uids.sickbeard;
-      group = cfg.group;
-      description = "sickbeard user";
-      home = cfg.dataDir;
-      createHome = true;
-    });
+    users.users = optionalAttrs (cfg.user == name) {
+      ${name} = {
+        uid = config.ids.uids.sickbeard;
+        group = cfg.group;
+        description = "sickbeard user";
+        home = cfg.dataDir;
+        createHome = true;
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == name) (singleton {
-      name = name;
-      gid = config.ids.gids.sickbeard;
-    });
+    users.groups = optionalAttrs (cfg.group == name) {
+      ${name}.gid = config.ids.gids.sickbeard;
+    };

    systemd.services.sickbeard = {
      description = "Sickbeard Server";
--- a/nixos/modules/services/misc/siproxd.nix
+++ b/nixos/modules/services/misc/siproxd.nix
@ -161,8 +161,7 @@ in

  config = mkIf cfg.enable {

-    users.users = singleton {
-      name = "siproxyd";
+    users.users.siproxyd = {
      uid = config.ids.uids.siproxd;
    };

--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@ -368,16 +368,16 @@ in {
    (mkIf cfg.enable {
      environment.systemPackages = [ nixos-taskserver ];

-      users.users = optional (cfg.user == "taskd") {
-        name = "taskd";
-        uid = config.ids.uids.taskd;
-        description = "Taskserver user";
-        group = cfg.group;
+      users.users = optionalAttrs (cfg.user == "taskd") {
+        taskd = {
+          uid = config.ids.uids.taskd;
+          description = "Taskserver user";
+          group = cfg.group;
+        };
      };

-      users.groups = optional (cfg.group == "taskd") {
-        name = "taskd";
-        gid = config.ids.gids.taskd;
+      users.groups = optionalAttrs (cfg.group == "taskd") {
+        taskd.gid = config.ids.gids.taskd;
      };

      services.taskserver.config = {
--- a/nixos/modules/services/misc/uhub.nix
+++ b/nixos/modules/services/misc/uhub.nix
@ -41,31 +41,31 @@ in
      enable = mkOption {
        type = types.bool;
        default = false;
-	description = "Whether to enable the uhub ADC hub.";
+        description = "Whether to enable the uhub ADC hub.";
      };

      port = mkOption {
        type = types.int;
        default = 1511;
-	description = "TCP port to bind the hub to.";
+        description = "TCP port to bind the hub to.";
      };

      address = mkOption {
        type = types.str;
        default = "any";
-	description = "Address to bind the hub to.";
+        description = "Address to bind the hub to.";
      };

      enableTLS = mkOption {
        type = types.bool;
        default = false;
-	description = "Whether to enable TLS support.";
+        description = "Whether to enable TLS support.";
      };

      hubConfig = mkOption {
        type = types.lines;
        default = "";
-	description = "Contents of uhub configuration file.";
+        description = "Contents of uhub configuration file.";
      };

      aclConfig = mkOption {
@ -77,11 +77,11 @@ in
      plugins = {

        authSqlite = {
-	  enable = mkOption {
+          enable = mkOption {
            type = types.bool;
            default = false;
            description = "Whether to enable the Sqlite authentication database plugin";
-	  };
+          };
          file = mkOption {
            type = types.path;
            example = "/var/db/uhub-users";
@ -161,14 +161,8 @@ in
  config = mkIf cfg.enable {

    users = {
-      users = singleton {
-        name = "uhub";
-        uid = config.ids.uids.uhub;
-      };
-      groups = singleton {
-        name = "uhub";
-        gid = config.ids.gids.uhub;
-      };
+      users.uhub.uid = config.ids.uids.uhub;
+      groups.uhub.gid = config.ids.gids.uhub;
    };

    systemd.services.uhub = {
--- a/nixos/modules/services/misc/zookeeper.nix
+++ b/nixos/modules/services/misc/zookeeper.nix
@ -146,8 +146,7 @@ in {
      '';
    };

-    users.users = singleton {
-      name = "zookeeper";
+    users.users.zookeeper = {
      uid = config.ids.uids.zookeeper;
      description = "Zookeeper daemon user";
      home = cfg.dataDir;
--- a/nixos/modules/services/monitoring/collectd.nix
+++ b/nixos/modules/services/monitoring/collectd.nix
@ -129,9 +129,10 @@ in {
      };
    };

-    users.users = optional (cfg.user == "collectd") {
-      name = "collectd";
-      isSystemUser = true;
+    users.users = optionalAttrs (cfg.user == "collectd") {
+      collectd = {
+        isSystemUser = true;
+      };
    };
  };
 }
--- a/nixos/modules/services/monitoring/datadog-agent.nix
+++ b/nixos/modules/services/monitoring/datadog-agent.nix
@ -22,9 +22,9 @@ let
  # Generate Datadog configuration files for each configured checks.
  # This works because check configurations have predictable paths,
  # and because JSON is a valid subset of YAML.
-  makeCheckConfigs = entries: mapAttrsToList (name: conf: {
-    source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
-    target = "datadog-agent/conf.d/${name}.d/conf.yaml";
+  makeCheckConfigs = entries: mapAttrs' (name: conf: {
+    name = "datadog-agent/conf.d/${name}.d/conf.yaml";
+    value.source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
  }) entries;

  defaultChecks = {
@ -34,10 +34,11 @@ let

  # Assemble all check configurations and the top-level agent
  # configuration.
-  etcfiles = with pkgs; with builtins; [{
-    source = writeText "datadog.yaml" (toJSON ddConf);
-    target = "datadog-agent/datadog.yaml";
-  }] ++ makeCheckConfigs (cfg.checks // defaultChecks);
+  etcfiles = with pkgs; with builtins;
+  { "datadog-agent/datadog.yaml" = {
+      source = writeText "datadog.yaml" (toJSON ddConf);
+    };
+  } // makeCheckConfigs (cfg.checks // defaultChecks);

  # Apply the configured extraIntegrations to the provided agent
  # package. See the documentation of `dd-agent/integrations-core.nix`
@ -204,7 +205,7 @@ in {
  config = mkIf cfg.enable {
    environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ];

-    users.extraUsers.datadog = {
+    users.users.datadog = {
      description = "Datadog Agent User";
      uid = config.ids.uids.datadog;
      group = "datadog";
@ -212,7 +213,7 @@ in {
      createHome = true;
    };

-    users.extraGroups.datadog.gid = config.ids.gids.datadog;
+    users.groups.datadog.gid = config.ids.gids.datadog;

    systemd.services = let
      makeService = attrs: recursiveUpdate {
@ -224,7 +225,7 @@ in {
          Restart = "always";
          RestartSec = 2;
        };
-        restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
+        restartTriggers = [ datadogPkg ] ++ attrNames etcfiles;
      } attrs;
    in {
      datadog-agent = makeService {
--- a/nixos/modules/services/monitoring/dd-agent/dd-agent.nix
+++ b/nixos/modules/services/monitoring/dd-agent/dd-agent.nix
@ -78,37 +78,35 @@ let
  etcfiles =
    let
      defaultConfd = import ./dd-agent-defaults.nix;
-    in (map (f: { source = "${pkgs.dd-agent}/agent/conf.d-system/${f}";
-                  target = "dd-agent/conf.d/${f}";
-                }) defaultConfd) ++ [
-      { source = ddConf;
-        target = "dd-agent/datadog.conf";
-      }
-      { source = diskConfig;
-        target = "dd-agent/conf.d/disk.yaml";
-      }
-      { source = networkConfig;
-        target = "dd-agent/conf.d/network.yaml";
-      } ] ++
-    (optional (cfg.postgresqlConfig != null)
-      { source = postgresqlConfig;
-        target = "dd-agent/conf.d/postgres.yaml";
-      }) ++
-    (optional (cfg.nginxConfig != null)
-      { source = nginxConfig;
-        target = "dd-agent/conf.d/nginx.yaml";
-      }) ++
-    (optional (cfg.mongoConfig != null)
-      { source = mongoConfig;
-        target = "dd-agent/conf.d/mongo.yaml";
-      }) ++
-    (optional (cfg.processConfig != null)
-      { source = processConfig;
-        target = "dd-agent/conf.d/process.yaml";
-      }) ++
-    (optional (cfg.jmxConfig != null)
-      { source = jmxConfig;
-        target = "dd-agent/conf.d/jmx.yaml";
+    in
+      listToAttrs (map (f: {
+        name = "dd-agent/conf.d/${f}";
+        value.source = "${pkgs.dd-agent}/agent/conf.d-system/${f}";
+      }) defaultConfd) //
+      {
+        "dd-agent/datadog.conf".source = ddConf;
+        "dd-agent/conf.d/disk.yaml".source = diskConfig;
+        "dd-agent/conf.d/network.yaml".source = networkConfig;
+      } //
+      (optionalAttrs (cfg.postgresqlConfig != null)
+      {
+        "dd-agent/conf.d/postgres.yaml".source = postgresqlConfig;
+      }) //
+      (optionalAttrs (cfg.nginxConfig != null)
+      {
+        "dd-agent/conf.d/nginx.yaml".source = nginxConfig;
+      }) //
+      (optionalAttrs (cfg.mongoConfig != null)
+      { 
+        "dd-agent/conf.d/mongo.yaml".source = mongoConfig;
+      }) //
+      (optionalAttrs (cfg.processConfig != null)
+      { 
+        "dd-agent/conf.d/process.yaml".source = processConfig;
+      }) //
+      (optionalAttrs (cfg.jmxConfig != null)
+      {
+        "dd-agent/conf.d/jmx.yaml".source = jmxConfig;
      });

 in {
--- a/nixos/modules/services/monitoring/fusion-inventory.nix
+++ b/nixos/modules/services/monitoring/fusion-inventory.nix
@ -46,8 +46,7 @@ in {

  config = mkIf cfg.enable {

-    users.users = singleton {
-      name = "fusion-inventory";
+    users.users.fusion-inventory = {
      description = "FusionInventory user";
      isSystemUser = true;
    };
--- a/nixos/modules/services/monitoring/graphite.nix
+++ b/nixos/modules/services/monitoring/graphite.nix
@ -632,8 +632,7 @@ in {
      cfg.web.enable || cfg.api.enable ||
      cfg.seyren.enable || cfg.pager.enable || cfg.beacon.enable
     ) {
-      users.users = singleton {
-        name = "graphite";
+      users.users.graphite = {
        uid = config.ids.uids.graphite;
        description = "Graphite daemon user";
        home = dataDir;
--- a/nixos/modules/services/monitoring/heapster.nix
+++ b/nixos/modules/services/monitoring/heapster.nix
@ -49,8 +49,7 @@ in {
      };
    };

-    users.users = singleton {
-      name = "heapster";
+    users.users.heapsterrs = {
      uid = config.ids.uids.heapster;
      description = "Heapster user";
    };
--- a/nixos/modules/services/monitoring/munin.nix
+++ b/nixos/modules/services/monitoring/munin.nix
@ -317,18 +317,16 @@ in

    environment.systemPackages = [ pkgs.munin ];

-    users.users = [{
-      name = "munin";
+    users.users.munin = {
      description = "Munin monitoring user";
      group = "munin";
      uid = config.ids.uids.munin;
      home = "/var/lib/munin";
-    }];
+    };

-    users.groups = [{
-      name = "munin";
+    users.groups.munin = {
      gid = config.ids.gids.munin;
-    }];
+    };

  }) (mkIf nodeCfg.enable {

--- a/nixos/modules/services/monitoring/nagios.nix
+++ b/nixos/modules/services/monitoring/nagios.nix
@ -184,11 +184,7 @@ in

    # This isn't needed, it's just so that the user can type "nagiostats
    # -c /etc/nagios.cfg".
-    environment.etc = [
-      { source = nagiosCfgFile;
-        target = "nagios.cfg";
-      }
-    ];
+    environment.etc."nagios.cfg".source = nagiosCfgFile;

    environment.systemPackages = [ pkgs.nagios ];
    systemd.services.nagios = {
--- a/nixos/modules/services/monitoring/netdata.nix
+++ b/nixos/modules/services/monitoring/netdata.nix
@ -179,13 +179,14 @@ in {
      { domain = "netdata"; type = "hard"; item = "nofile"; value = "30000"; }
    ];

-    users.users = optional (cfg.user == defaultUser) {
-      name = defaultUser;
-      isSystemUser = true;
+    users.users = optionalAttrs (cfg.user == defaultUser) {
+      ${defaultUser} = {
+        isSystemUser = true;
+      };
    };

-    users.groups = optional (cfg.group == defaultUser) {
-      name = defaultUser;
+    users.groups = optionalAttrs (cfg.group == defaultUser) {
+      ${defaultUser} = { };
    };

  };
--- a/nixos/modules/services/monitoring/statsd.nix
+++ b/nixos/modules/services/monitoring/statsd.nix
@ -125,8 +125,7 @@ in
      message = "Only builtin backends (graphite, console, repeater) or backends enumerated in `pkgs.nodePackages` are allowed!";
    }) cfg.backends;

-    users.users = singleton {
-      name = "statsd";
+    users.use.statsdrs = {
      uid = config.ids.uids.statsd;
      description = "Statsd daemon user";
    };
--- a/nixos/modules/services/monitoring/telegraf.nix
+++ b/nixos/modules/services/monitoring/telegraf.nix
@ -63,10 +63,9 @@ in {
      };
    };

-    users.users = [{
-      name = "telegraf";
+    users.users.telegraf = {
      uid = config.ids.uids.telegraf;
      description = "telegraf daemon user";
-    }];
+    };
  };
 }
--- a/nixos/modules/services/monitoring/ups.nix
+++ b/nixos/modules/services/monitoring/ups.nix
@ -214,14 +214,12 @@ in
      environment.NUT_STATEPATH = "/var/lib/nut/";
    };

-    environment.etc = [
-      { source = pkgs.writeText "nut.conf"
+    environment.etc = {
+      "nut/nut.conf".source = pkgs.writeText "nut.conf"
        ''
          MODE = ${cfg.mode}
        '';
-        target = "nut/nut.conf";
-      }
-      { source = pkgs.writeText "ups.conf"
+      "nut/ups.conf".source = pkgs.writeText "ups.conf"
        ''
          maxstartdelay = ${toString cfg.maxStartDelay}

@ -229,25 +227,15 @@ in

          "}
        '';
-        target = "nut/ups.conf";
-      }
-      { source = cfg.schedulerRules;
-        target = "nut/upssched.conf";
-      }
+      "nut/upssched.conf".source = cfg.schedulerRules;
      # These file are containing private informations and thus should not
      # be stored inside the Nix store.
      /*
-      { source = ;
-        target = "nut/upsd.conf";
-      }
-      { source = ;
-        target = "nut/upsd.users";
-      }
-      { source = ;
-        target = "nut/upsmon.conf;
-      }
+      "nut/upsd.conf".source = "";
+      "nut/upsd.users".source = "";
+      "nut/upsmon.conf".source = "";
      */
-    ];
+    };

    power.ups.schedulerRules = mkDefault "${pkgs.nut}/etc/upssched.conf.sample";

@ -259,21 +247,16 @@ in


 /*
-    users.users = [
-      { name = "nut";
-        uid = 84;
+    users.users.nut =
+      { uid = 84;
        home = "/var/lib/nut";
        createHome = true;
        group = "nut";
        description = "UPnP A/V Media Server user";
-      }
-    ];
-
-    users.groups = [
-      { name = "nut";
-        gid = 84;
-      }
-    ];
+      };
+
+    users.groups."nut" =
+      { gid = 84; };
 */

  };
--- a/nixos/modules/services/network-filesystems/ceph.nix
+++ b/nixos/modules/services/network-filesystems/ceph.nix
@ -371,15 +371,14 @@ in
      in
        generators.toINI {} totalConfig;

-    users.users = singleton {
-      name = "ceph";
+    users.users.ceph = {
      uid = config.ids.uids.ceph;
      description = "Ceph daemon user";
      group = "ceph";
      extraGroups = [ "disk" ];
    };
-    users.groups = singleton {
-      name = "ceph";
+
+    users.groups.ceph = {
      gid = config.ids.gids.ceph;
    };

--- a/nixos/modules/services/network-filesystems/davfs2.nix
+++ b/nixos/modules/services/network-filesystems/davfs2.nix
@ -57,18 +57,19 @@ in
    environment.systemPackages = [ pkgs.davfs2 ];
    environment.etc."davfs2/davfs2.conf".source = cfgFile;

-    users.groups = optionalAttrs (cfg.davGroup == "davfs2") (singleton {
-      name = "davfs2";
-      gid = config.ids.gids.davfs2;
-    });
+    users.groups = optionalAttrs (cfg.davGroup == "davfs2") {
+      davfs2.gid = config.ids.gids.davfs2;
+    };
+
+    users.users = optionalAttrs (cfg.davUser == "davfs2") {
+      davfs2 = {
+        createHome = false;
+        group = cfg.davGroup;
+        uid = config.ids.uids.davfs2;
+        description = "davfs2 user";
+      };
+    };

-    users.users = optionalAttrs (cfg.davUser == "davfs2") (singleton {
-      name = "davfs2";
-      createHome = false;
-      group = cfg.davGroup;
-      uid = config.ids.uids.davfs2;
-      description = "davfs2 user";
-    });
  };

 }
--- a/nixos/modules/services/network-filesystems/drbd.nix
+++ b/nixos/modules/services/network-filesystems/drbd.nix
@ -47,10 +47,8 @@ let cfg = config.services.drbd; in
        options drbd usermode_helper=/run/current-system/sw/bin/drbdadm
      '';

-    environment.etc = singleton
-      { source = pkgs.writeText "drbd.conf" cfg.config;
-        target = "drbd.conf";
-      };
+    environment.etc.drbd.conf =
+      { source = pkgs.writeText "drbd.conf" cfg.config; };

    systemd.services.drbd = {
      after = [ "systemd-udev.settle.service" "network.target" ];
--- a/nixos/modules/services/networking/bind.nix
+++ b/nixos/modules/services/networking/bind.nix
@ -178,9 +178,8 @@ in

    networking.resolvconf.useLocalResolver = mkDefault true;

-    users.users = singleton
-      { name = bindUser;
-        uid = config.ids.uids.bind;
+    users.users.${bindUser} =
+      { uid = config.ids.uids.bind;
        description = "BIND daemon user";
      };

--- a/nixos/modules/services/networking/bitlbee.nix
+++ b/nixos/modules/services/networking/bitlbee.nix
@ -161,8 +161,7 @@ in

  config =  mkMerge [
    (mkIf config.services.bitlbee.enable {
-      users.users = singleton {
-        name = "bitlbee";
+      users.users.bitlbee = {
        uid = bitlbeeUid;
        description = "BitlBee user";
        home = "/var/lib/bitlbee";
--- a/nixos/modules/services/networking/charybdis.nix
+++ b/nixos/modules/services/networking/charybdis.nix
@ -71,15 +71,13 @@ in

  config = mkIf cfg.enable (lib.mkMerge [
    {
-      users.users = singleton {
-        name = cfg.user;
+      users.users.${cfg.user} = {
        description = "Charybdis IRC daemon user";
        uid = config.ids.uids.ircd;
        group = cfg.group;
      };

-      users.groups = singleton {
-        name = cfg.group;
+      users.groups.${cfg.group} = {
        gid = config.ids.gids.ircd;
      };

--- a/nixos/modules/services/networking/coturn.nix
+++ b/nixos/modules/services/networking/coturn.nix
@ -294,16 +294,14 @@ in {
  };

  config = mkIf cfg.enable {
-    users.users = [
-      { name = "turnserver";
-        uid = config.ids.uids.turnserver;
+    users.users.turnserver =
+      { uid = config.ids.uids.turnserver;
        description = "coturn TURN server user";
-      } ];
-    users.groups = [
-      { name = "turnserver";
-        gid = config.ids.gids.turnserver;
+      };
+    users.groups.turnserver =
+      { gid = config.ids.gids.turnserver;
        members = [ "turnserver" ];
-      } ];
+      };

    systemd.services.coturn = {
      description = "coturn TURN server";
--- a/nixos/modules/services/networking/dhcpcd.nix
+++ b/nixos/modules/services/networking/dhcpcd.nix
@ -185,11 +185,7 @@ in

    environment.systemPackages = [ dhcpcd ];

-    environment.etc =
-      [ { source = exitHook;
-          target = "dhcpcd.exit-hook";
-        }
-      ];
+    environment.etc."dhcpcd.exit-hook".source = exitHook;

    powerManagement.resumeCommands = mkIf config.systemd.services.dhcpcd.enable
      ''
--- a/nixos/modules/services/networking/dnschain.nix
+++ b/nixos/modules/services/networking/dnschain.nix
@ -147,8 +147,7 @@ in
      '';
    };

-    users.users = singleton {
-      name = username;
+    users.users.${username} = {
      description = "DNSChain daemon user";
      home = dataDir;
      createHome = true;
--- a/nixos/modules/services/networking/dnsmasq.nix
+++ b/nixos/modules/services/networking/dnsmasq.nix
@ -86,8 +86,7 @@ in

    services.dbus.packages = [ dnsmasq ];

-    users.users = singleton {
-      name = "dnsmasq";
+    users.users.dnsmasq = {
      uid = config.ids.uids.dnsmasq;
      description = "Dnsmasq daemon user";
    };
--- a/nixos/modules/services/networking/ejabberd.nix
+++ b/nixos/modules/services/networking/ejabberd.nix
@ -94,18 +94,18 @@ in {
  config = mkIf cfg.enable {
    environment.systemPackages = [ cfg.package ];

-    users.users = optionalAttrs (cfg.user == "ejabberd") (singleton
-      { name = "ejabberd";
+    users.users = optionalAttrs (cfg.user == "ejabberd") {
+      ejabberd = {
        group = cfg.group;
        home = cfg.spoolDir;
        createHome = true;
        uid = config.ids.uids.ejabberd;
-      });
+      };
+    };

-    users.groups = optionalAttrs (cfg.group == "ejabberd") (singleton
-      { name = "ejabberd";
-        gid = config.ids.gids.ejabberd;
-      });
+    users.groups = optionalAttrs (cfg.group == "ejabberd") {
+      ejabberd.gid = config.ids.gids.ejabberd;
+    };

    systemd.services.ejabberd = {
      description = "ejabberd server";
--- a/nixos/modules/services/networking/gale.nix
+++ b/nixos/modules/services/networking/gale.nix
@ -104,14 +104,13 @@ in
         systemPackages = [ pkgs.gale ];
       };

-       users.users = [{
-         name = cfg.user;
+       users.users.${cfg.user} = {
         description = "Gale daemon";
         uid = config.ids.uids.gale;
         group = cfg.group;
         home = home;
         createHome = true;
-       }];
+       };

       users.groups = [{
         name = cfg.group;
--- a/nixos/modules/services/networking/git-daemon.nix
+++ b/nixos/modules/services/networking/git-daemon.nix
@ -104,16 +104,16 @@ in

  config = mkIf cfg.enable {

-    users.users = if cfg.user != "git" then {} else singleton
-      { name = "git";
+    users.users = optionalAttrs (cfg.user != "git") {
+      git = {
        uid = config.ids.uids.git;
        description = "Git daemon user";
      };
+    };

-    users.groups = if cfg.group != "git" then {} else singleton
-      { name = "git";
-        gid = config.ids.gids.git;
-      };
+    users.groups = optionalAttrs (cfg.group != "git") {
+      git.gid = config.ids.gids.git;
+    };

    systemd.services.git-daemon = {
      after = [ "network.target" ];
--- a/nixos/modules/services/networking/hans.nix
+++ b/nixos/modules/services/networking/hans.nix
@ -135,8 +135,7 @@ in
      };
    };

-    users.users = singleton {
-      name = hansUser;
+    users.users.${hansUser} = {
      description = "Hans daemon user";
      isSystemUser = true;
    };
--- a/nixos/modules/services/networking/i2pd.nix
+++ b/nixos/modules/services/networking/i2pd.nix
@ -158,10 +158,10 @@ let
      (sec "addressbook")
      (strOpt "defaulturl" cfg.addressbook.defaulturl)
    ] ++ (optionalEmptyList "subscriptions" cfg.addressbook.subscriptions)
-      ++ (flip map
-      (collect (proto: proto ? port && proto ? address && proto ? name) cfg.proto)
+      ++ (flip mapAttrs
+      (collect (name: proto: proto ? port && proto ? address && proto ? name) cfg.proto)
      (proto: let protoOpts = [
-        (sec proto.name)
+        (sec name)
        (boolOpt "enabled" proto.enable)
        (strOpt "address" proto.address)
        (intOpt "port" proto.port)
@ -181,10 +181,10 @@ let

  tunnelConf = let opts = [
    notice
-    (flip map
-      (collect (tun: tun ? port && tun ? destination) cfg.outTunnels)
+    (flip mapAttrs
+      (collect (name: tun: tun ? port && tun ? destination) cfg.outTunnels)
      (tun: let outTunOpts = [
-        (sec tun.name)
+        (sec name)
        "type = client"
        (intOpt "port" tun.port)
        (strOpt "destination" tun.destination)
@ -204,10 +204,10 @@ let
        ++ (if tun ? crypto.tagsToSend then
            optionalNullInt "crypto.tagstosend" tun.crypto.tagsToSend else []);
        in concatStringsSep "\n" outTunOpts))
-    (flip map
-      (collect (tun: tun ? port && tun ? address) cfg.inTunnels)
+    (flip mapAttrs
+      (collect (name: tun: tun ? port && tun ? address) cfg.inTunnels)
      (tun: let inTunOpts = [
-        (sec tun.name)
+        (sec name)
        "type = server"
        (intOpt "port" tun.port)
        (strOpt "host" tun.address)
--- a/nixos/modules/services/networking/iodine.nix
+++ b/nixos/modules/services/networking/iodine.nix
@ -147,8 +147,7 @@ in
      };
    };

-    users.users = singleton {
-      name = iodinedUser;
+    users.users.${iodinedUser} = {
      uid = config.ids.uids.iodined;
      description = "Iodine daemon user";
    };
--- a/nixos/modules/services/networking/ircd-hybrid/default.nix
+++ b/nixos/modules/services/networking/ircd-hybrid/default.nix
@ -112,9 +112,8 @@ in

  config = mkIf config.services.ircdHybrid.enable {

-    users.users = singleton
-      { name = "ircd";
-        description = "IRCD owner";
+    users.users.ircd =
+      { description = "IRCD owner";
        group = "ircd";
        uid = config.ids.uids.ircd;
      };
--- a/Show More
+++ b/Show More