Merge commit '12363fb6d89859a37cd7e27f85288599f13e49d9'

Update 2022-08-04

infra/libkookie/nixpkgs/unstable/.github/CODEOWNERS

@@ -48,6 +48,7 @@
 /pkgs/build-support/writers @lassulus @Profpatsch
 
 # Nixpkgs documentation
+/doc @fricklerhandwerk
 /maintainers/scripts/db-to-md.sh @jtojnar @ryantm
 /maintainers/scripts/doc @jtojnar @ryantm
 /doc/build-aux/pandoc-filters @jtojnar
@@ -256,8 +257,8 @@
 /pkgs/development/go-packages  @kalbasit @Mic92 @zowoq
 
 # GNOME
-/pkgs/desktops/gnome                              @jtojnar @hedning
-/pkgs/desktops/gnome/extensions       @piegamesde @jtojnar @hedning
+/pkgs/desktops/gnome                              @jtojnar
+/pkgs/desktops/gnome/extensions       @piegamesde @jtojnar
 
 # Cinnamon
 /pkgs/desktops/cinnamon @mkg20001

infra/libkookie/nixpkgs/unstable/.github/workflows/backport.yml

@@ -8,8 +8,14 @@ on:
 # the GitHub repository. This means that it should not evaluate user input in a
 # way that allows code injection.
 
+permissions:
+  contents: read
+
 jobs:
   backport:
+    permissions:
+      contents: write  # for zeebe-io/backport-action to create branch
+      pull-requests: write  # for zeebe-io/backport-action to create PR to backport
     name: Backport Pull Request
     if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
     runs-on: ubuntu-latest

infra/libkookie/nixpkgs/unstable/.github/workflows/basic-eval.yml

@@ -10,6 +10,9 @@ on:
   #   branches:
   #    - master
   #    - release-**
+permissions:
+  contents: read
+
 jobs:
   tests:
     runs-on: ubuntu-latest

infra/libkookie/nixpkgs/unstable/.github/workflows/direct-push.yml

@@ -4,8 +4,13 @@ on:
     branches:
      - master
      - release-**
+permissions:
+  contents: read
+
 jobs:
   build:
+    permissions:
+      contents: write  # for peter-evans/commit-comment to comment on commit
     runs-on: ubuntu-latest
     if: github.repository_owner == 'NixOS'
     env:

infra/libkookie/nixpkgs/unstable/.github/workflows/nixos-manual.yml

@@ -23,4 +23,12 @@ jobs:
     - name: Check DocBook files generated from Markdown are consistent
       run: |
         nixos/doc/manual/md-to-db.sh
-        git diff --exit-code
+        git diff --exit-code || {
+          echo
+          echo 'Generated manual files are out of date.'
+          echo 'Please run'
+          echo
+          echo '    nixos/doc/manual/md-to-db.sh'
+          echo
+          exit 1
+        }

infra/libkookie/nixpkgs/unstable/.github/workflows/no-channel.yml

@@ -6,8 +6,13 @@ on:
       - 'nixos-**'
       - 'nixpkgs-**'
 
+permissions:
+  contents: read
+
 jobs:
   fail:
+    permissions:
+      contents: none
     name: "This PR is is targeting a channel branch"
     runs-on: ubuntu-latest
     steps:

infra/libkookie/nixpkgs/unstable/.github/workflows/pending-clear.yml

@@ -4,8 +4,13 @@ on:
   check_suite:
     types: [ completed ]
 
+permissions:
+  contents: read
+
 jobs:
   action:
+    permissions:
+      statuses: write
     runs-on: ubuntu-latest
     steps:
     - name: clear pending status

infra/libkookie/nixpkgs/unstable/.github/workflows/pending-set.yml

@@ -8,8 +8,13 @@ on:
 # the GitHub repository. This means that it should not evaluate user input in a
 # way that allows code injection.
 
+permissions:
+  contents: read
+
 jobs:
   action:
+    permissions:
+      statuses: write
     runs-on: ubuntu-latest
     steps:
     - name: set pending status

infra/libkookie/nixpkgs/unstable/.github/workflows/periodic-merge-24h.yml

@@ -14,8 +14,14 @@ on:
     # Merge every 24 hours
     - cron:  '0 0 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   periodic-merge:
+    permissions:
+      contents: write  # for devmasx/merge-branch to merge branches
+      issues: write  # for peter-evans/create-or-update-comment to create or update comment
     if: github.repository_owner == 'NixOS'
     runs-on: ubuntu-latest
     strategy:
@@ -28,10 +34,6 @@ jobs:
         pairs:
           - from: master
             into: haskell-updates
-          - from: release-21.11
-            into: staging-next-21.11
-          - from: staging-next-21.11
-            into: staging-21.11
           - from: release-22.05
             into: staging-next-22.05
           - from: staging-next-22.05

infra/libkookie/nixpkgs/unstable/.github/workflows/periodic-merge-6h.yml

@@ -14,8 +14,14 @@ on:
     # Merge every 6 hours
     - cron:  '0 */6 * * *'
 
+permissions:
+  contents: read
+
 jobs:
   periodic-merge:
+    permissions:
+      contents: write  # for devmasx/merge-branch to merge branches
+      issues: write  # for peter-evans/create-or-update-comment to create or update comment
     if: github.repository_owner == 'NixOS'
     runs-on: ubuntu-latest
     strategy:

infra/libkookie/nixpkgs/unstable/.github/workflows/update-terraform-providers.yml

@@ -2,11 +2,18 @@ name: "Update terraform-providers"
 
 on:
   schedule:
-    - cron: "14 3 * * 1"
+    - cron: "14 3 * * 0"
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   tf-providers:
+    permissions:
+      contents: write  # for peter-evans/create-pull-request to create branch
+      issues: write  # for peter-evans/create-or-update-comment to create or update comment
+      pull-requests: write  # for peter-evans/create-pull-request to create a PR
     if: github.repository_owner == 'NixOS' && github.ref == 'refs/heads/master' # ensure workflow_dispatch only runs on master
     runs-on: ubuntu-latest
     steps:
@@ -32,7 +39,7 @@ jobs:
 
             Check that all providers build with:
             ```
-            @ofborg build terraform-full
+            @ofborg build terraform.full
             ```
           branch: terraform-providers-update
           delete-branch: false

infra/libkookie/nixpkgs/unstable/doc/builders/images/dockertools.section.md

@@ -20,7 +20,12 @@ buildImage {
   fromImageName = null;
   fromImageTag = "latest";
 
-  contents = pkgs.redis;
+  copyToRoot = pkgs.buildEnv {
+    name = "image-root";
+    paths = [ pkgs.redis ];
+    pathsToLink = [ "/bin" ];
+  };
+
   runAsRoot = ''
     #!${pkgs.runtimeShell}
     mkdir -p /data
@@ -46,7 +51,7 @@ The above example will build a Docker image `redis/latest` from the given base i
 
 - `fromImageTag` can be used to further specify the tag of the base image within the repository, in case an image contains multiple tags. By default it's `null`, in which case `buildImage` will peek the first tag available for the base image.
 
-- `contents` is a derivation that will be copied in the new layer of the resulting image. This can be similarly seen as `ADD contents/ /` in a `Dockerfile`. By default it's `null`.
+- `copyToRoot` is a derivation that will be copied in the new layer of the resulting image. This can be similarly seen as `ADD contents/ /` in a `Dockerfile`. By default it's `null`.
 
 - `runAsRoot` is a bash script that will run as root in an environment that overlays the existing layers of the base image with the new resulting layer, including the previously copied `contents` derivation. This can be similarly seen as `RUN ...` in a `Dockerfile`.
 
@@ -81,7 +86,11 @@ pkgs.dockerTools.buildImage {
   name = "hello";
   tag = "latest";
   created = "now";
-  contents = pkgs.hello;
+  copyToRoot = pkgs.buildEnv {
+    name = "image-root";
+    paths = [ pkgs.hello ];
+    pathsToLink = [ "/bin" ];
+  };
 
   config.Cmd = [ "/bin/hello" ];
 }

infra/libkookie/nixpkgs/unstable/doc/builders/packages/unfree.xml

@@ -1,13 +0,0 @@
-<section xmlns="http://docbook.org/ns/docbook"
-         xmlns:xlink="http://www.w3.org/1999/xlink"
-         xml:id="unfree-software">
- <title>Unfree software</title>
-
- <para>
-  All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software. At the same time, many users need (or want) to run some specific pieces of proprietary software. Nixpkgs includes some expressions for unfree software packages. By default unfree software cannot be installed and doesn’t show up in searches. To allow installing unfree software in a single Nix invocation one can export <literal>NIXPKGS_ALLOW_UNFREE=1</literal>. For a persistent solution, users can set <literal>allowUnfree</literal> in the Nixpkgs configuration.
- </para>
-
- <para>
-  Fine-grained control is possible by defining <literal>allowUnfreePredicate</literal> function in config; it takes the <literal>mkDerivation</literal> parameter attrset and returns <literal>true</literal> for unfree packages that should be allowed.
- </para>
-</section>

infra/libkookie/nixpkgs/unstable/doc/contributing/submitting-changes.chapter.md

@@ -167,24 +167,30 @@ Packages with automated tests are much more likely to be merged in a timely fash
 
 ### Tested compilation of all pkgs that depend on this change using `nixpkgs-review` {#submitting-changes-tested-compilation}
 
-If you are updating a package’s version, you can use nixpkgs-review to make sure all packages that depend on the updated package still compile correctly. The `nixpkgs-review` utility can look for and build all dependencies either based on uncommited changes with the `wip` option or specifying a github pull request number.
+If you are updating a package’s version, you can use `nixpkgs-review` to make sure all packages that depend on the updated package still compile correctly. The `nixpkgs-review` utility can look for and build all dependencies either based on uncommitted changes with the `wip` option or specifying a GitHub pull request number.
 
-review changes from pull request number 12345:
+Review changes from pull request number 12345:
 
 ```ShellSession
-nix run nixpkgs.nixpkgs-review -c nixpkgs-review pr 12345
+nix-shell -p nixpkgs-review --run "nixpkgs-review pr 12345"
 ```
 
-review uncommitted changes:
+Alternatively, with flakes (and analogously for the other commands below):
 
 ```ShellSession
-nix run nixpkgs.nixpkgs-review -c nixpkgs-review wip
+nix run nixpkgs#nixpkgs-review -- pr 12345
 ```
 
-review changes from last commit:
+Review uncommitted changes:
 
 ```ShellSession
-nix run nixpkgs.nixpkgs-review -c nixpkgs-review rev HEAD
+nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
+```
+
+Review changes from last commit:
+
+```ShellSession
+nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
 ```
 
 ### Tested execution of all binary files (usually in `./result/bin/`) {#submitting-changes-tested-execution}

infra/libkookie/nixpkgs/unstable/doc/doc-support/parameters.xml

@@ -11,4 +11,5 @@
  <xsl:param name="toc.section.depth" select="0" />
  <xsl:param name="admon.style" select="''" />
  <xsl:param name="callout.graphics.extension" select="'.svg'" />
+ <xsl:param name="generate.consistent.ids" select="1" />
 </xsl:stylesheet>

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/coq.section.md

@@ -5,9 +5,11 @@
 The Coq derivation is overridable through the `coq.override overrides`, where overrides is an attribute set which contains the arguments to override. We recommend overriding either of the following
 
 * `version` (optional, defaults to the latest version of Coq selected for nixpkgs, see `pkgs/top-level/coq-packages` to witness this choice), which follows the conventions explained in the `coqPackages` section below,
-* `customOCamlPackage` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example).
+* `customOCamlPackages` (optional, defaults to `null`, which lets Coq choose a version automatically), which can be set to any of the ocaml packages attribute of `ocaml-ng` (such as `ocaml-ng.ocamlPackages_4_10` which is the default for Coq 8.11 for example).
 * `coq-version` (optional, defaults to the short version e.g. "8.10"), is a version number of the form "x.y" that indicates which Coq's version build behavior to mimic when using a source which is not a release. E.g. `coq.override { version = "d370a9d1328a4e1cdb9d02ee032f605a9d94ec7a"; coq-version = "8.10"; }`.
 
+The associated package set can be optained using `mkCoqPackages coq`, where `coq` is the derivation to use.
+
 ## Coq packages attribute sets: `coqPackages` {#coq-packages-attribute-sets-coqpackages}
 
 The recommended way of defining a derivation for a Coq library, is to use the `coqPackages.mkCoqDerivation` function, which is essentially a specialization of `mkDerivation` taking into account most of the specifics of Coq libraries. The following attributes are supported:

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/dotnet.section.md

@@ -87,6 +87,7 @@ To package Dotnet applications, you can use `buildDotnetModule`. This has simila
 * `executables` is used to specify which executables get wrapped to `$out/bin`, relative to `$out/lib/$pname`. If this is unset, all executables generated will get installed. If you do not want to install any, set this to `[]`. This gets done in the `preFixup` phase.
 * `runtimeDeps` is used to wrap libraries into `LD_LIBRARY_PATH`. This is how dotnet usually handles runtime dependencies.
 * `buildType` is used to change the type of build. Possible values are `Release`, `Debug`, etc. By default, this is set to `Release`.
+* `selfContainedBuild` allows to enable the [self-contained](https://docs.microsoft.com/en-us/dotnet/core/deploying/#publish-self-contained) build flag. By default, it is set to false and generated applications have a dependency on the selected dotnet runtime. If enabled, the dotnet runtime is bundled into the executable and the built app has no dependency on Dotnet.
 * `dotnet-sdk` is useful in cases where you need to change what dotnet SDK is being used.
 * `dotnet-runtime` is useful in cases where you need to change what dotnet runtime is being used. This can be either a regular dotnet runtime, or an aspnetcore.
 * `dotnet-test-sdk` is useful in cases where unit tests expect a different dotnet SDK. By default, this is set to the `dotnet-sdk` attribute.

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/go.section.md

@@ -11,8 +11,8 @@ The function `buildGoModule` builds Go programs managed with Go modules. It buil
 
 In the following is an example expression using `buildGoModule`, the following arguments are of special significance to the function:
 
-- `vendorSha256`: is the hash of the output of the intermediate fetcher derivation. `vendorSha256` can also take `null` as an input. When `null` is used as a value, rather than fetching the dependencies and vendoring them, we use the vendoring included within the source repo. If you'd like to not have to update this field on dependency changes, run `go mod vendor` in your source repo and set `vendorSha256 = null;`
-- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorSha256` checksums.
+- `vendorHash`: is the hash of the output of the intermediate fetcher derivation. `vendorHash` can also take `null` as an input. When `null` is used as a value, rather than fetching the dependencies and vendoring them, we use the vendoring included within the source repo. If you'd like to not have to update this field on dependency changes, run `go mod vendor` in your source repo and set `vendorHash = null;`
+- `proxyVendor`: Fetches (go mod download) and proxies the vendor directory. This is useful if your code depends on c code and go mod tidy does not include the needed sources to build or if any dependency has case-insensitive conflicts which will produce platform dependant `vendorHash` checksums.
 
 ```nix
 pet = buildGoModule rec {
@@ -26,7 +26,7 @@ pet = buildGoModule rec {
     sha256 = "0m2fzpqxk7hrbxsgqplkg7h2p7gv6s1miymv3gvw0cz039skag0s";
   };
 
-  vendorSha256 = "1879j77k96684wi554rkjxydrj8g3hpp0kvxz03sd8dmwr3lh83j";
+  vendorHash = "sha256-ciBIR+a1oaYH+H1PcC8cD8ncfJczk1IiJ8iYNM+R6aA=";
 
   meta = with lib; {
     description = "Simple command-line snippet manager, written in Go";

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/javascript.section.md

@@ -180,18 +180,27 @@ See `node2nix` [docs](https://github.com/svanderburg/node2nix) for more info.
 
 #### Preparation {#javascript-yarn2nix-preparation}
 
-You will need at least a yarn.lock and yarn.nix file.
+You will need at least a `yarn.lock` file. If upstream does not have one you need to generate it and reference it in your package definition.
 
-- Generate a yarn.lock in upstream if it is not already there.
-- `yarn2nix > yarn.nix` will generate the dependencies in a Nix format.
+If the downloaded files contain the `package.json` and `yarn.lock` files they can be used like this:
+
+```nix
+offlineCache = fetchYarnDeps {
+  yarnLock = src + "/yarn.lock";
+  sha256 = "....";
+};
+```
 
 #### mkYarnPackage {#javascript-yarn2nix-mkYarnPackage}
 
-This will by default try to generate a binary. For package only generating static assets (Svelte, Vue, React...), you will need to explicitly override the build step with your instructions. It's important to use the `--offline` flag. For example if you script is `"build": "something"` in package.json use:
+`mkYarnPackage` will by default try to generate a binary. For package only generating static assets (Svelte, Vue, React, WebPack, ...), you will need to explicitly override the build step with your instructions.
+
+It's important to use the `--offline` flag. For example if you script is `"build": "something"` in `package.json` use:
 
 ```nix
 buildPhase = ''
-  yarn build --offline
+  export HOME=$(mktemp -d)
+  yarn --offline build
 '';
 ```
 
@@ -201,15 +210,27 @@ The dist phase is also trying to build a binary, the only way to override it is
 distPhase = "true";
 ```
 
-The configure phase can sometimes fail because it tries to be too clever. One common override is:
+The configure phase can sometimes fail because it makes many assumptions which may not always apply. One common override is:
+
+```nix
+configurePhase = ''
+  ln -s $node_modules node_modules
+'';
+```
+
+or if you need a writeable node_modules directory:
 
 ```nix
-configurePhase = "ln -s $node_modules node_modules";
+configurePhase = ''
+  cp -r $node_modules node_modules
+  chmod +w node_modules
+'';
 ```
 
 #### mkYarnModules {#javascript-yarn2nix-mkYarnModules}
 
-This will generate a derivation including the node_modules. If you have to build a derivation for an integrated web framework (rails, phoenix..), this is probably the easiest way. [Plausible](https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/web-apps/plausible/default.nix#L39) offers a good example of how to do this.
+This will generate a derivation including the `node_modules` directory.
+If you have to build a derivation for an integrated web framework (rails, phoenix..), this is probably the easiest way.
 
 #### Overriding dependency behavior
 

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/maven.section.md

@@ -233,7 +233,8 @@ in stdenv.mkDerivation rec {
 
   src = builtins.fetchTarball
     "https://github.com/fzakaria/nixos-maven-example/archive/main.tar.gz";
-  buildInputs = [ maven makeWrapper ];
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ maven ];
 
   buildPhase = ''
     echo "Using repository ${repository}"
@@ -310,7 +311,8 @@ in stdenv.mkDerivation rec {
 
   src = builtins.fetchTarball
     "https://github.com/fzakaria/nixos-maven-example/archive/main.tar.gz";
-  buildInputs = [ maven makeWrapper ];
+  nativeBuildInputs = [ makeWrapper ];
+  buildInputs = [ maven ];
 
   buildPhase = ''
     echo "Using repository ${repository}"

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/perl.section.md

@@ -1,6 +1,6 @@
 # Perl {#sec-language-perl}
 
-## Running perl programs on the shell {#ssec-perl-running}
+## Running Perl programs on the shell {#ssec-perl-running}
 
 When executing a Perl script, it is possible you get an error such as `./myscript.pl: bad interpreter: /usr/bin/perl: no such file or directory`. This happens when the script expects Perl to be installed at `/usr/bin/perl`, which is not the case when using Perl from nixpkgs. You can fix the script by changing the first line to:
 
@@ -35,15 +35,16 @@ Perl packages from CPAN are defined in [pkgs/top-level/perl-packages.nix](https:
 
 ```nix
 ClassC3 = buildPerlPackage rec {
-  name = "Class-C3-0.21";
+  pname = "Class-C3";
+  version = "0.21";
   src = fetchurl {
-    url = "mirror://cpan/authors/id/F/FL/FLORA/${name}.tar.gz";
+    url = "mirror://cpan/authors/id/F/FL/FLORA/${pname}-${version}.tar.gz";
     sha256 = "1bl8z095y4js66pwxnm7s853pi9czala4sqc743fdlnk27kq94gz";
   };
 };
 ```
 
-Note the use of `mirror://cpan/`, and the `${name}` in the URL definition to ensure that the name attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write
+Note the use of `mirror://cpan/`, and the `pname` and `version` in the URL definition to ensure that the `pname` attribute is consistent with the source that we’re actually downloading. Perl packages are made available in `all-packages.nix` through the variable `perlPackages`. For instance, if you have a package that needs `ClassC3`, you would typically write
 
 ```nix
 foo = import ../path/to/foo.nix {
@@ -72,10 +73,11 @@ So what does `buildPerlPackage` do? It does the following:
 { buildPerlPackage, fetchurl, db }:
 
 buildPerlPackage rec {
-  name = "BerkeleyDB-0.36";
+  pname = "BerkeleyDB";
+  version = "0.36";
 
   src = fetchurl {
-    url = "mirror://cpan/authors/id/P/PM/PMQS/${name}.tar.gz";
+    url = "mirror://cpan/authors/id/P/PM/PMQS/${pname}-${version}.tar.gz";
     sha256 = "07xf50riarb60l1h6m2dqmql8q5dij619712fsgw7ach04d8g3z1";
   };
 
@@ -90,9 +92,10 @@ Dependencies on other Perl packages can be specified in the `buildInputs` and `p
 
 ```nix
 ClassC3Componentised = buildPerlPackage rec {
-  name = "Class-C3-Componentised-1.0004";
+  pname = "Class-C3-Componentised";
+  version = "1.0004";
   src = fetchurl {
-    url = "mirror://cpan/authors/id/A/AS/ASH/${name}.tar.gz";
+    url = "mirror://cpan/authors/id/A/AS/ASH/${pname}-${version}.tar.gz";
     sha256 = "0xql73jkcdbq4q9m0b0rnca6nrlvf5hyzy8is0crdk65bynvs8q1";
   };
   propagatedBuildInputs = [
@@ -111,7 +114,7 @@ ImageExifTool = buildPerlPackage {
   version = "11.50";
 
   src = fetchurl {
-    url = "https://www.sno.phy.queensu.ca/~phil/exiftool/Image-ExifTool-11.50.tar.gz";
+    url = "https://www.sno.phy.queensu.ca/~phil/exiftool/${pname}-${version}.tar.gz";
     sha256 = "0d8v48y94z8maxkmw1rv7v9m0jg2dc8xbp581njb6yhr7abwqdv3";
   };
 
@@ -139,9 +142,10 @@ This program takes a Perl module name, looks it up on CPAN, fetches and unpacks
 ```ShellSession
 $ nix-generate-from-cpan XML::Simple
   XMLSimple = buildPerlPackage rec {
-    name = "XML-Simple-2.22";
+    pname = "XML-Simple";
+    version = "2.22";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/G/GR/GRANTM/${name}.tar.gz";
+      url = "mirror://cpan/authors/id/G/GR/GRANTM/XML-Simple-2.22.tar.gz";
       sha256 = "b9450ef22ea9644ae5d6ada086dc4300fa105be050a2030ebd4efd28c198eb49";
     };
     propagatedBuildInputs = [ XMLNamespaceSupport XMLSAX XMLSAXExpat ];

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/python.section.md

@@ -602,10 +602,10 @@ been removed, in this case, it's recommended to use `pytestCheckHook`.
 #### Using pytestCheckHook {#using-pytestcheckhook}
 
 `pytestCheckHook` is a convenient hook which will substitute the setuptools
-`test` command for a checkPhase which runs `pytest`. This is also beneficial
+`test` command for a `checkPhase` which runs `pytest`. This is also beneficial
 when a package may need many items disabled to run the test suite.
 
-Using the example above, the analagous pytestCheckHook usage would be:
+Using the example above, the analagous `pytestCheckHook` usage would be:
 
 ```
   checkInputs = [ pytestCheckHook ];
@@ -624,7 +624,7 @@ Using the example above, the analagous pytestCheckHook usage would be:
   ];
 ```
 
-This is expecially useful when tests need to be conditionallydisabled,
+This is expecially useful when tests need to be conditionally disabled,
 for example:
 
 ```
@@ -640,31 +640,35 @@ for example:
     "socket"
   ];
 ```
-Trying to concatenate the related strings to disable tests in a regular checkPhase
-would be much harder to read. This also enables us to comment on why specific tests
-are disabled.
+
+Trying to concatenate the related strings to disable tests in a regular
+`checkPhase` would be much harder to read. This also enables us to comment on
+why specific tests are disabled.
 
 #### Using pythonImportsCheck {#using-pythonimportscheck}
 
-Although unit tests are highly prefered to validate correctness of a package, not
-all packages have test suites that can be ran easily, and some have none at all.
+Although unit tests are highly preferred to validate correctness of a package, not
+all packages have test suites that can be run easily, and some have none at all.
 To help ensure the package still works, `pythonImportsCheck` can attempt to import
 the listed modules.
 
 ```
   pythonImportsCheck = [ "requests" "urllib" ];
 ```
+
 roughly translates to:
+
 ```
   postCheck = ''
     PYTHONPATH=$out/${python.sitePackages}:$PYTHONPATH
     python -c "import requests; import urllib"
   '';
 ```
-However, this is done in it's own phase, and not dependent on whether `doCheck = true;`
+
+However, this is done in its own phase, and not dependent on whether `doCheck = true;`.
 
 This can also be useful in verifying that the package doesn't assume commonly
-present packages (e.g. `setuptools`)
+present packages (e.g. `setuptools`).
 
 #### Using pythonRelaxDepsHook {#using-pythonrelaxdepshook}
 
@@ -719,7 +723,7 @@ pkg3
 ```
 
 In general you should always use `pythonRelaxDeps`, because `pythonRemoveDeps`
-will convert build errors in runtime errors. However `pythonRemoveDeps` may
+will convert build errors into runtime errors. However `pythonRemoveDeps` may
 still be useful in exceptional cases, and also to remove dependencies wrongly
 declared by upstream (for example, declaring `black` as a runtime dependency
 instead of a dev dependency).
@@ -738,14 +742,14 @@ creates a special link to the project code. That way, you can run updated code
 without having to reinstall after each and every change you make. Development
 mode is also available. Let's see how you can use it.
 
-In the previous Nix expression the source was fetched from an url. We can also
+In the previous Nix expression the source was fetched from a url. We can also
 refer to a local source instead using `src = ./path/to/source/tree;`
 
 If we create a `shell.nix` file which calls `buildPythonPackage`, and if `src`
 is a local source, and if the local source has a `setup.py`, then development
 mode is activated.
 
-In the following example we create a simple environment that has a Python 3.9
+In the following example, we create a simple environment that has a Python 3.9
 version of our package in it, as well as its dependencies and other packages we
 like to have in the environment, all specified with `propagatedBuildInputs`.
 Indeed, we can just add any package we like to have in our environment to
@@ -862,7 +866,7 @@ Each interpreter has the following attributes:
 
 ### Optimizations {#optimizations}
 
-The Python interpreters are by default not build with optimizations enabled, because
+The Python interpreters are by default not built with optimizations enabled, because
 the builds are in that case not reproducible. To enable optimizations, override the
 interpreter of interest, e.g using
 
@@ -913,7 +917,7 @@ and the aliases
 #### `buildPythonPackage` function {#buildpythonpackage-function}
 
 The `buildPythonPackage` function is implemented in
-`pkgs/development/interpreters/python/mk-python-derivation`
+`pkgs/development/interpreters/python/mk-python-derivation.nix`
 using setup hooks.
 
 The following is an example:
@@ -954,7 +958,7 @@ The `buildPythonPackage` mainly does four things:
 * In the `postFixup` phase, the `wrapPythonPrograms` bash function is called to
   wrap all programs in the `$out/bin/*` directory to include `$PATH`
   environment variable and add dependent libraries to script's `sys.path`.
-* In the `installCheck` phase, `${python.interpreter} setup.py test` is ran.
+* In the `installCheck` phase, `${python.interpreter} setup.py test` is run.
 
 By default tests are run because `doCheck = true`. Test dependencies, like
 e.g. the test runner, should be added to `checkInputs`.
@@ -969,7 +973,7 @@ following are specific to `buildPythonPackage`:
 
 * `catchConflicts ? true`: If `true`, abort package build if a package name
   appears more than once in dependency tree. Default is `true`.
-* `disabled` ? false: If `true`, package is not built for the particular Python
+* `disabled ? false`: If `true`, package is not built for the particular Python
   interpreter version.
 * `dontWrapPythonPrograms ? false`: Skip wrapping of Python programs.
 * `permitUserSite ? false`: Skip setting the `PYTHONNOUSERSITE` environment
@@ -1421,7 +1425,8 @@ in newpkgs.inkscape
 
 ### `python setup.py bdist_wheel` cannot create .whl {#python-setup.py-bdist_wheel-cannot-create-.whl}
 
-Executing `python setup.py bdist_wheel` in a `nix-shell `fails with
+Executing `python setup.py bdist_wheel` in a `nix-shell`fails with
+
 ```
 ValueError: ZIP does not support timestamps before 1980
 ```
@@ -1513,7 +1518,7 @@ in pkgs.mkShell rec {
     # the environment.
     pythonPackages.python
 
-    # This execute some shell code to initialize a venv in $venvDir before
+    # This executes some shell code to initialize a venv in $venvDir before
     # dropping into the shell
     pythonPackages.venvShellHook
 

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/ruby.section.md

@@ -274,7 +274,7 @@ bundlerApp {
   gemdir = ./.;
   exes = [ "r10k" ];
 
-  buildInputs = [ makeWrapper ];
+  nativeBuildInputs = [ makeWrapper ];
 
   postBuild = ''
     wrapProgram $out/bin/r10k --prefix PATH : ${lib.makeBinPath [ git gnutar gzip ]}

infra/libkookie/nixpkgs/unstable/doc/languages-frameworks/vim.section.md

@@ -5,11 +5,9 @@ and additional libraries.
 
 Loading can be deferred; see examples.
 
-At the moment we support three different methods for managing plugins:
+At the moment we support two different methods for managing plugins:
 
-- Vim packages (*recommend*)
-- VAM (=vim-addon-manager)
-- Pathogen
+- Vim packages (*recommended*)
 - vim-plug
 
 ## Custom configuration {#custom-configuration}
@@ -45,7 +43,7 @@ neovim.override {
 ```
 
 If you want to use `neovim-qt` as a graphical editor, you can configure it by overriding Neovim in an overlay
-or passing it an overridden Neovimn:
+or passing it an overridden Neovim:
 
 ```nix
 neovim-qt.override {
@@ -61,7 +59,7 @@ neovim-qt.override {
 
 ## Managing plugins with Vim packages {#managing-plugins-with-vim-packages}
 
-To store you plugins in Vim packages (the native Vim plugin manager, see `:help packages`) the following example can be used:
+To store your plugins in Vim packages (the native Vim plugin manager, see `:help packages`) the following example can be used:
 
 ```nix
 vim_configurable.customize {
@@ -110,7 +108,7 @@ The resulting package can be added to `packageOverrides` in `~/.nixpkgs/config.n
     };
     myNeovim = neovim.override {
       configure = {
-      # add here code from the example section
+      # add code from the example section here
       };
     };
   };
@@ -158,10 +156,10 @@ in
 ```
 
 ### Specificities for some plugins
-#### Tree sitter
+#### Treesitter
 
 By default `nvim-treesitter` encourages you to download, compile and install
-the required tree-sitter grammars at run time with `:TSInstall`. This works
+the required Treesitter grammars at run time with `:TSInstall`. This works
 poorly on NixOS.  Instead, to install the `nvim-treesitter` plugins with a set
 of precompiled grammars, you can use `nvim-treesitter.withPlugins` function:
 
@@ -204,7 +202,7 @@ For Neovim the syntax is:
 neovim.override {
   configure = {
     customRC = ''
-      # here your custom configuration goes!
+      # your custom configuration goes here! 
     '';
     plug.plugins = with pkgs.vimPlugins; [
       vim-go
@@ -213,100 +211,6 @@ neovim.override {
 }
 ```
 
-## Managing plugins with VAM {#managing-plugins-with-vam}
-
-### Handling dependencies of Vim plugins {#handling-dependencies-of-vim-plugins}
-
-VAM introduced .json files supporting dependencies without versioning
-assuming that "using latest version" is ok most of the time.
-
-### Example {#example}
-
-First create a vim-scripts file having one plugin name per line. Example:
-
-```vim
-"tlib"
-{'name': 'vim-addon-sql'}
-{'filetype_regex': '\%(vim)$', 'names': ['reload', 'vim-dev-plugin']}
-```
-
-Such vim-scripts file can be read by VAM as well like this:
-
-```vim
-call vam#Scripts(expand('~/.vim-scripts'), {})
-```
-
-Create a default.nix file:
-
-```nix
-{ nixpkgs ? import <nixpkgs> {}, compiler ? "ghc7102" }:
-nixpkgs.vim_configurable.customize { name = "vim"; vimrcConfig.vam.pluginDictionaries = [ "vim-addon-vim2nix" ]; }
-```
-
-Create a generate.vim file:
-
-```vim
-ActivateAddons vim-addon-vim2nix
-let vim_scripts = "vim-scripts"
-call nix#ExportPluginsForNix({
-\  'path_to_nixpkgs': eval('{"'.substitute(substitute(substitute($NIX_PATH, ':', ',', 'g'), '=',':', 'g'), '\([:,]\)', '"\1"',"g").'"}')["nixpkgs"],
-\  'cache_file': '/tmp/vim2nix-cache',
-\  'try_catch': 0,
-\  'plugin_dictionaries': ["vim-addon-manager"]+map(readfile(vim_scripts), 'eval(v:val)')
-\ })
-```
-
-Then run
-
-```bash
-nix-shell -p vimUtils.vim_with_vim2nix --command "vim -c 'source generate.vim'"
-```
-
-You should get a Vim buffer with the nix derivations (output1) and vam.pluginDictionaries (output2).
-You can add your Vim to your system's configuration file like this and start it by "vim-my":
-
-```nix
-my-vim =
-  let plugins = let inherit (vimUtils) buildVimPluginFrom2Nix; in {
-    copy paste output1 here
-  }; in vim_configurable.customize {
-    name = "vim-my";
-
-    vimrcConfig.vam.knownPlugins = plugins; # optional
-    vimrcConfig.vam.pluginDictionaries = [
-       copy paste output2 here
-    ];
-
-  };
-```
-
-Sample output1:
-
-```nix
-"reload" = buildVimPluginFrom2Nix { # created by nix#NixDerivation
-  name = "reload";
-  src = fetchgit {
-    url = "https://github.com/xolox/vim-reload";
-    rev = "0a601a668727f5b675cb1ddc19f6861f3f7ab9e1";
-    sha256 = "0vb832l9yxj919f5hfg6qj6bn9ni57gnjd3bj7zpq7d4iv2s4wdh";
-  };
-  dependencies = ["nim-misc"];
-
-};
-[...]
-```
-
-Sample output2:
-
-```nix
-[
-  ''vim-addon-manager''
-  ''tlib''
-  { "name" = ''vim-addon-sql''; }
-  { "filetype_regex" = ''\%(vim)$$''; "names" = [ ''reload'' ''vim-dev-plugin'' ]; }
-]
-```
-
 ## Adding new plugins to nixpkgs {#adding-new-plugins-to-nixpkgs}
 
 Nix expressions for Vim plugins are stored in [pkgs/applications/editors/vim/plugins](https://github.com/NixOS/nixpkgs/tree/master/pkgs/applications/editors/vim/plugins). For the vast majority of plugins, Nix expressions are automatically generated by running [`./update.py`](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/update.py). This creates a [generated.nix](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/generated.nix) file based on the plugins listed in [vim-plugin-names](https://github.com/NixOS/nixpkgs/blob/master/pkgs/applications/editors/vim/plugins/vim-plugin-names). Plugins are listed in alphabetical order in `vim-plugin-names` using the format `[github username]/[repository]@[gitref]`. For example https://github.com/scrooloose/nerdtree becomes `scrooloose/nerdtree`.
@@ -323,7 +227,7 @@ Sometimes plugins require an override that must be changed when the plugin is up
 
 To add a new plugin, run `./update.py --add "[owner]/[name]"`. **NOTE**: This script automatically commits to your git repository. Be sure to check out a fresh branch before running.
 
-Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of Language Server Protocol integration with vim/neovim.
+Finally, there are some plugins that are also packaged in nodePackages because they have Javascript-related build steps, such as running webpack. Those plugins are not listed in `vim-plugin-names` or managed by `update.py` at all, and are included separately in `overrides.nix`. Currently, all these plugins are related to the `coc.nvim` ecosystem of the Language Server Protocol integration with vim/neovim.
 
 ## Updating plugins in nixpkgs {#updating-plugins-in-nixpkgs}
 

infra/libkookie/nixpkgs/unstable/doc/stdenv/cross-compilation.chapter.md

@@ -155,14 +155,14 @@ doCheck = stdenv.hostPlatform == stdenv.buildPlatform;
 
 #### Package using Meson needs to run binaries for the host platform during build. {#cross-meson-runs-host-code}
 
-Add `mesonEmulatorHook` cross conditionally to `nativeBuildInputs`.
+Add `mesonEmulatorHook` to `nativeBuildInputs` conditionally on if the target binaries can be executed.
 
 e.g.
 
 ```
 nativeBuildInputs = [
   meson
-] ++ lib.optionals (stdenv.buildPlatform != stdenv.hostPlatform) [
+] ++ lib.optionals (!stdenv.buildPlatform.canExecute stdenv.hostPlatform) [
   mesonEmulatorHook
 ];
 ```

infra/libkookie/nixpkgs/unstable/doc/stdenv/platform-notes.chapter.md

@@ -60,3 +60,8 @@ Some common issues when packaging software for Darwin:
   ```
 
   The package `xcbuild` can be used to build projects that really depend on Xcode. However, this replacement is not 100% compatible with Xcode and can occasionally cause issues.
+
+- x86_64-darwin uses the 10.12 SDK by default, but some software is not compatible with that version of the SDK. In that case,
+  the 11.0 SDK used by aarch64-darwin is available for use on x86_64-darwin. To use it, reference `apple_sdk_11_0` instead of
+  `apple_sdk` in your derivation and use `pkgs.darwin.apple_sdk_11_0.callPackage` instead of `pkgs.callPackage`. On Linux, this will
+  have the same effect as `pkgs.callPackage`, so you can use `pkgs.darwin.apple_sdk_11_0.callPackage` regardless of platform.

infra/libkookie/nixpkgs/unstable/doc/stdenv/stdenv.chapter.md

@@ -77,7 +77,7 @@ where the builder can do anything it wants, but typically starts with
 source $stdenv/setup
 ```
 
-to let `stdenv` set up the environment (e.g., process the `buildInputs`). If you want, you can still use `stdenv`’s generic builder:
+to let `stdenv` set up the environment (e.g. by resetting `PATH` and populating it from build inputs). If you want, you can still use `stdenv`’s generic builder:
 
 ```bash
 source $stdenv/setup
@@ -698,12 +698,12 @@ Hook executed at the end of the install phase.
 
 ### The fixup phase {#ssec-fixup-phase}
 
-The fixup phase performs some (Nix-specific) post-processing actions on the files installed under `$out` by the install phase. The default `fixupPhase` does the following:
+The fixup phase performs (Nix-specific) post-processing actions on the files installed under `$out` by the install phase. The default `fixupPhase` does the following:
 
 - It moves the `man/`, `doc/` and `info/` subdirectories of `$out` to `share/`.
 - It strips libraries and executables of debug information.
 - On Linux, it applies the `patchelf` command to ELF executables and libraries to remove unused directories from the `RPATH` in order to prevent unnecessary runtime dependencies.
-- It rewrites the interpreter paths of shell scripts to paths found in `PATH`. E.g., `/usr/bin/perl` will be rewritten to `/nix/store/some-perl/bin/perl` found in `PATH`.
+- It rewrites the interpreter paths of shell scripts to paths found in `PATH`. E.g., `/usr/bin/perl` will be rewritten to `/nix/store/some-perl/bin/perl` found in `PATH`. See [](#patch-shebangs.sh) for details.
 
 #### Variables controlling the fixup phase {#variables-controlling-the-fixup-phase}
 
@@ -749,7 +749,7 @@ If set, the `patchelf` command is not used to remove unnecessary `RPATH` entries
 
 ##### `dontPatchShebangs` {#var-stdenv-dontPatchShebangs}
 
-If set, scripts starting with `#!` do not have their interpreter paths rewritten to paths in the Nix store.
+If set, scripts starting with `#!` do not have their interpreter paths rewritten to paths in the Nix store. See [](#patch-shebangs.sh) on how patching shebangs works.
 
 ##### `dontPruneLibtoolFiles` {#var-stdenv-dontPruneLibtoolFiles}
 
@@ -983,7 +983,7 @@ addEnvHooks "$hostOffset" myBashFunction
 
 The *existence* of setups hooks has long been documented and packages inside Nixpkgs are free to use this mechanism. Other packages, however, should not rely on these mechanisms not changing between Nixpkgs versions. Because of the existing issues with this system, there’s little benefit from mandating it be stable for any period of time.
 
-First, let’s cover some setup hooks that are part of Nixpkgs default stdenv. This means that they are run for every package built using `stdenv.mkDerivation`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa.
+First, let’s cover some setup hooks that are part of Nixpkgs default `stdenv`. This means that they are run for every package built using `stdenv.mkDerivation` or when using a custom builder that has `source $stdenv/setup`. Some of these are platform specific, so they may run on Linux but not Darwin or vice-versa.
 
 ### `move-docs.sh` {#move-docs.sh}
 
@@ -999,7 +999,70 @@ This runs the strip command on installed binaries and libraries. This removes un
 
 ### `patch-shebangs.sh` {#patch-shebangs.sh}
 
-This setup hook patches installed scripts to use the full path to the shebang interpreter. A shebang interpreter is the first commented line of a script telling the operating system which program will run the script (e.g `#!/bin/bash`). In Nix, we want an exact path to that interpreter to be used. This often replaces `/bin/sh` with a path in the Nix store.
+This setup hook patches installed scripts to add Nix store paths to their shebang interpreter as found in the build environment. The [shebang](https://en.wikipedia.org/wiki/Shebang_(Unix)) line tells a Unix-like operating system which interpreter to use to execute the script's contents.
+
+::: note
+The [generic builder][generic-builder] populates `PATH` from inputs of the derivation.
+:::
+
+[generic-builder]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/stdenv/generic/builder.sh
+
+#### Invocation {#patch-shebangs.sh-invocation}
+
+Multiple paths can be specified.
+
+```
+patchShebangs [--build | --host] PATH...
+```
+
+##### Flags
+
+`--build`
+: Look up commands available at build time
+
+`--host`
+: Look up commands available at run time
+
+##### Examples
+
+```sh
+patchShebangs --host /nix/store/<hash>-hello-1.0/bin
+```
+
+```sh
+patchShebangs --build configure
+```
+
+`#!/bin/sh` will be rewritten to `#!/nix/store/<hash>-some-bash/bin/sh`.
+
+`#!/usr/bin/env` gets special treatment: `#!/usr/bin/env python` is rewritten to `/nix/store/<hash>/bin/python`.
+
+Interpreter paths that point to a valid Nix store location are not changed.
+
+::: note
+A script file must be marked as executable, otherwise it will not be
+considered.
+:::
+
+This mechanism ensures that the interpreter for a given script is always found and is exactly the one specified by the build.
+
+It can be disabled by setting [`dontPatchShebangs`](#var-stdenv-dontPatchShebangs):
+
+```nix
+stdenv.mkDerivation {
+  # ...
+  dontPatchShebangs = true;
+  # ...
+}
+```
+
+The file [`patch-shebangs.sh`][patch-shebangs.sh] defines the [`patchShebangs`][patchShebangs] function. It is used to implement [`patchShebangsAuto`][patchShebangsAuto], the [setup hook](#ssec-setup-hooks) that is registered to run during the [fixup phase](#ssec-fixup-phase) by default.
+
+If you need to run `patchShebangs` at build time, it must be called explicitly within [one of the build phases](#sec-stdenv-phases).
+
+[patch-shebangs.sh]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh
+[patchShebangs]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L24-L105
+[patchShebangsAuto]: https://github.com/NixOS/nixpkgs/blob/19d4f7dc485f74109bd66ef74231285ff797a823/pkgs/build-support/setup-hooks/patch-shebangs.sh#L107-L119
 
 ### `audit-tmpdir.sh` {#audit-tmpdir.sh}
 
@@ -1155,7 +1218,7 @@ The `validatePkgConfig` hook validates all pkg-config (`.pc`) files in a package
 
 ### cmake {#cmake}
 
-Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to CMAKE_PREFIX_PATH so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting configurePhase to a custom value, or by setting dontUseCmakeConfigure. cmakeFlags controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.
+Overrides the default configure phase to run the CMake command. By default, we use the Make generator of CMake. In addition, dependencies are added automatically to `CMAKE_PREFIX_PATH` so that packages are correctly detected by CMake. Some additional flags are passed in to give similar behavior to configure-based packages. You can disable this hook’s behavior by setting `configurePhase` to a custom value, or by setting `dontUseCmakeConfigure`. `cmakeFlags` controls flags passed only to CMake. By default, parallel building is enabled as CMake supports parallel building almost everywhere. When Ninja is also in use, CMake will detect that and use the ninja generator.
 
 ### xcbuildHook {#xcbuildhook}
 
@@ -1316,7 +1379,7 @@ If the libraries lack `-fPIE`, you will get the error `recompile with -fPIE`.
 
 [^footnote-stdenv-ignored-build-platform]: The build platform is ignored because it is a mere implementation detail of the package satisfying the dependency: As a general programming principle, dependencies are always *specified* as interfaces, not concrete implementation.
 [^footnote-stdenv-native-dependencies-in-path]: Currently, this means for native builds all dependencies are put on the `PATH`. But in the future that may not be the case for sake of matching cross: the platforms would be assumed to be unique for native and cross builds alike, so only the `depsBuild*` and `nativeBuildInputs` would be added to the `PATH`.
-[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like setup hooks (mentioned above) also are run as if the propagated dependency.
+[^footnote-stdenv-propagated-dependencies]: Nix itself already takes a package’s transitive dependencies into account, but this propagation ensures nixpkgs-specific infrastructure like [setup hooks](#ssec-setup-hooks) also are run as if it were a propagated dependency.
 [^footnote-stdenv-find-inputs-location]: The `findInputs` function, currently residing in `pkgs/stdenv/generic/setup.sh`, implements the propagation logic.
 [^footnote-stdenv-sys-lib-search-path]: It clears the `sys_lib_*search_path` variables in the Libtool script to prevent Libtool from using libraries in `/usr/lib` and such.
 [^footnote-stdenv-build-time-guessing-impurity]: Eventually these will be passed building natively as well, to improve determinism: build-time guessing, as is done today, is a risk of impurity.

infra/libkookie/nixpkgs/unstable/doc/using/configuration.chapter.md

@@ -77,6 +77,11 @@ The difference between a package being unsupported on some system and being brok
 
 ## Installing unfree packages {#sec-allow-unfree}
 
+All users of Nixpkgs are free software users, and many users (and developers) of Nixpkgs want to limit and tightly control their exposure to unfree software.
+At the same time, many users need (or want) to run some specific pieces of proprietary software.
+Nixpkgs includes some expressions for unfree software packages.
+By default unfree software cannot be installed and doesn’t show up in searches.
+
 There are several ways to tweak how Nix handles a package which has been marked as unfree.
 
 -   To temporarily allow all unfree packages, you can use an environment variable for a single invocation of the nix tools:

infra/libkookie/nixpkgs/unstable/flake.nix

@@ -20,13 +20,20 @@
         nixos = import ./nixos/lib { lib = final; };
 
         nixosSystem = args:
-          import ./nixos/lib/eval-config.nix (args // {
-            modules = args.modules ++ [ {
-              system.nixos.versionSuffix =
-                ".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
-              system.nixos.revision = final.mkIf (self ? rev) self.rev;
-            } ];
-          });
+          import ./nixos/lib/eval-config.nix (
+            args // {
+              modules = args.modules ++ [{
+                system.nixos.versionSuffix =
+                  ".${final.substring 0 8 (self.lastModifiedDate or self.lastModified or "19700101")}.${self.shortRev or "dirty"}";
+                system.nixos.revision = final.mkIf (self ? rev) self.rev;
+              }];
+            } // lib.optionalAttrs (! args?system) {
+              # Allow system to be set modularly in nixpkgs.system.
+              # We set it to null, to remove the "legacy" entrypoint's
+              # non-hermetic default.
+              system = null;
+            }
+          );
       });
 
       checks.x86_64-linux.tarball = jobs.tarball;

infra/libkookie/nixpkgs/unstable/lib/licenses.nix

@@ -55,6 +55,12 @@ in mkLicense lset) ({
     fullName = "GNU Affero General Public License v3.0 or later";
   };
 
+  aladdin = {
+    spdxId = "Aladdin";
+    fullName = "Aladdin Free Public License";
+    free = false;
+  };
+
   amazonsl = {
     fullName = "Amazon Software License";
     url = "https://aws.amazon.com/asl/";
@@ -514,6 +520,13 @@ in mkLicense lset) ({
     free = false;
   };
 
+  databricks-dbx = {
+    fullName = "DataBricks eXtensions aka dbx License";
+    url = "https://github.com/databrickslabs/dbx/blob/743b579a4ac44531f764c6e522dbe5a81a7dc0e4/LICENSE";
+    free = false;
+    redistributable = false;
+  };
+
   issl = {
     fullName = "Intel Simplified Software License";
     url = "https://software.intel.com/en-us/license/intel-simplified-software-license";

infra/libkookie/nixpkgs/unstable/lib/systems/default.nix

@@ -36,6 +36,7 @@ rec {
       config = parse.tripleFromSystem final.parsed;
       # Determine whether we can execute binaries built for the provided platform.
       canExecute = platform:
+        final.isAndroid == platform.isAndroid &&
         parse.isCompatible final.parsed.cpu platform.parsed.cpu
         && final.parsed.kernel == platform.parsed.kernel;
       isCompatible = _: throw "2022-05-23: isCompatible has been removed in favor of canExecute, refer to the 22.11 changelog for details";

infra/libkookie/nixpkgs/unstable/lib/systems/examples.nix

@@ -57,23 +57,23 @@ rec {
   armv7a-android-prebuilt = {
     config = "armv7a-unknown-linux-androideabi";
     rustc.config = "armv7-linux-androideabi";
-    sdkVer = "29";
-    ndkVer = "21";
+    sdkVer = "28";
+    ndkVer = "24";
     useAndroidPrebuilt = true;
   } // platforms.armv7a-android;
 
   aarch64-android-prebuilt = {
     config = "aarch64-unknown-linux-android";
     rustc.config = "aarch64-linux-android";
-    sdkVer = "29";
-    ndkVer = "21";
+    sdkVer = "28";
+    ndkVer = "24";
     useAndroidPrebuilt = true;
   };
 
   aarch64-android = {
     config = "aarch64-unknown-linux-android";
     sdkVer = "30";
-    ndkVer = "21";
+    ndkVer = "24";
     libc = "bionic";
     useAndroidPrebuilt = false;
     useLLVM = true;
@@ -91,25 +91,23 @@ rec {
     config = "mipsel-unknown-linux-gnu";
   } // platforms.fuloong2f_n32;
 
-  # MIPS ABI table transcribed from here: https://wiki.debian.org/Multiarch/Tuples
-
   # can execute on 32bit chip
-  mips-linux-gnu                = { config = "mips-linux-gnu";                } // platforms.gcc_mips32r2_o32;
-  mipsel-linux-gnu              = { config = "mipsel-linux-gnu";              } // platforms.gcc_mips32r2_o32;
-  mipsisa32r6-linux-gnu         = { config = "mipsisa32r6-linux-gnu";         } // platforms.gcc_mips32r6_o32;
-  mipsisa32r6el-linux-gnu       = { config = "mipsisa32r6el-linux-gnu";       } // platforms.gcc_mips32r6_o32;
+  mips-linux-gnu                = { config = "mips-unknown-linux-gnu";                } // platforms.gcc_mips32r2_o32;
+  mipsel-linux-gnu              = { config = "mipsel-unknown-linux-gnu";              } // platforms.gcc_mips32r2_o32;
+  mipsisa32r6-linux-gnu         = { config = "mipsisa32r6-unknown-linux-gnu";         } // platforms.gcc_mips32r6_o32;
+  mipsisa32r6el-linux-gnu       = { config = "mipsisa32r6el-unknown-linux-gnu";       } // platforms.gcc_mips32r6_o32;
 
   # require 64bit chip (for more registers, 64-bit floating point, 64-bit "long long") but use 32bit pointers
-  mips64-linux-gnuabin32        = { config = "mips64-linux-gnuabin32";        } // platforms.gcc_mips64r2_n32;
-  mips64el-linux-gnuabin32      = { config = "mips64el-linux-gnuabin32";      } // platforms.gcc_mips64r2_n32;
-  mipsisa64r6-linux-gnuabin32   = { config = "mipsisa64r6-linux-gnuabin32";   } // platforms.gcc_mips64r6_n32;
-  mipsisa64r6el-linux-gnuabin32 = { config = "mipsisa64r6el-linux-gnuabin32"; } // platforms.gcc_mips64r6_n32;
+  mips64-linux-gnuabin32        = { config = "mips64-unknown-linux-gnuabin32";        } // platforms.gcc_mips64r2_n32;
+  mips64el-linux-gnuabin32      = { config = "mips64el-unknown-linux-gnuabin32";      } // platforms.gcc_mips64r2_n32;
+  mipsisa64r6-linux-gnuabin32   = { config = "mipsisa64r6-unknown-linux-gnuabin32";   } // platforms.gcc_mips64r6_n32;
+  mipsisa64r6el-linux-gnuabin32 = { config = "mipsisa64r6el-unknown-linux-gnuabin32"; } // platforms.gcc_mips64r6_n32;
 
   # 64bit pointers
-  mips64-linux-gnuabi64         = { config = "mips64-linux-gnuabi64";         } // platforms.gcc_mips64r2_64;
-  mips64el-linux-gnuabi64       = { config = "mips64el-linux-gnuabi64";       } // platforms.gcc_mips64r2_64;
-  mipsisa64r6-linux-gnuabi64    = { config = "mipsisa64r6-linux-gnuabi64";    } // platforms.gcc_mips64r6_64;
-  mipsisa64r6el-linux-gnuabi64  = { config = "mipsisa64r6el-linux-gnuabi64";  } // platforms.gcc_mips64r6_64;
+  mips64-linux-gnuabi64         = { config = "mips64-unknown-linux-gnuabi64";         } // platforms.gcc_mips64r2_64;
+  mips64el-linux-gnuabi64       = { config = "mips64el-unknown-linux-gnuabi64";       } // platforms.gcc_mips64r2_64;
+  mipsisa64r6-linux-gnuabi64    = { config = "mipsisa64r6-unknown-linux-gnuabi64";    } // platforms.gcc_mips64r6_64;
+  mipsisa64r6el-linux-gnuabi64  = { config = "mipsisa64r6el-unknown-linux-gnuabi64";  } // platforms.gcc_mips64r6_64;
 
   muslpi = raspberryPi // {
     config = "armv6l-unknown-linux-musleabihf";

infra/libkookie/nixpkgs/unstable/lib/systems/inspect.nix

@@ -16,6 +16,7 @@ rec {
     isx86          = { cpu = { family = "x86"; }; };
     isAarch32      = { cpu = { family = "arm"; bits = 32; }; };
     isAarch64      = { cpu = { family = "arm"; bits = 64; }; };
+    isAarch        = { cpu = { family = "arm"; }; };
     isMips         = { cpu = { family = "mips"; }; };
     isMips32       = { cpu = { family = "mips"; bits = 32; }; };
     isMips64       = { cpu = { family = "mips"; bits = 64; }; };

infra/libkookie/nixpkgs/unstable/lib/systems/platforms.nix

@@ -483,8 +483,8 @@ rec {
   };
 
   # can execute on 32bit chip
-  gcc_mips32r2_o32 = { gcc = { arch = "mips32r2"; abi = "o32"; }; };
-  gcc_mips32r6_o32 = { gcc = { arch = "mips32r6"; abi = "o32"; }; };
+  gcc_mips32r2_o32 = { gcc = { arch = "mips32r2"; abi =  "32"; }; };
+  gcc_mips32r6_o32 = { gcc = { arch = "mips32r6"; abi =  "32"; }; };
   gcc_mips64r2_n32 = { gcc = { arch = "mips64r2"; abi = "n32"; }; };
   gcc_mips64r6_n32 = { gcc = { arch = "mips64r6"; abi = "n32"; }; };
   gcc_mips64r2_64  = { gcc = { arch = "mips64r2"; abi =  "64"; }; };

infra/libkookie/nixpkgs/unstable/lib/trivial.nix

@@ -179,7 +179,7 @@ rec {
      they take effect as soon as the oldest release reaches end of life. */
   oldestSupportedRelease =
     # Update on master only. Do not backport.
-    2111;
+    2205;
 
   /* Whether a feature is supported in all supported releases (at the time of
      release branch-off, if applicable). See `oldestSupportedRelease`. */

infra/libkookie/nixpkgs/unstable/lib/types.nix

@@ -55,6 +55,7 @@ let
     concatMapStringsSep
     concatStringsSep
     escapeNixString
+    hasInfix
     isCoercibleToString
     ;
   inherit (lib.trivial)
@@ -360,6 +361,11 @@ rec {
       deprecationMessage = "See https://github.com/NixOS/nixpkgs/pull/66346 for better alternative types.";
     };
 
+    passwdEntry = entryType: addCheck entryType (str: !(hasInfix ":" str || hasInfix "\n" str)) // {
+      name = "passwdEntry ${entryType.name}";
+      description = "${entryType.description}, not containing newlines or colons";
+    };
+
     attrs = mkOptionType {
       name = "attrs";
       description = "attribute set";

infra/libkookie/nixpkgs/unstable/maintainers/scripts/fetch-kde-qt.sh

@@ -2,30 +2,159 @@
 #! nix-shell -i bash -p coreutils findutils gnused nix wget
 
 set -efuo pipefail
+export LC_COLLATE=C # fix sort order
 
-SRCS=
-if [ -d "$1" ]; then
-    SRCS="$(pwd)/$1/srcs.nix"
-    . "$1/fetch.sh"
+# parse files and folders from https://download.kde.org/ and https://download.qt.io/
+# you can override this function in fetch.sh
+function PARSE_INDEX() {
+    cat "$1" | grep -o -E -e '\s+href="[^"]+\.tar\.xz"' -e '\s+href="[-_a-zA-Z0-9]+/"' | cut -d'"' -f2 | sort | uniq
+}
+
+if [ $# != 1 ]; then
+    echo "example use:" >&2
+    echo "cd nixpkgs/" >&2
+    echo "./maintainers/scripts/fetch-kde-qt.sh pkgs/development/libraries/qt-5/5.12" >&2
+    exit 1
+fi
+
+if ! echo "$1" | grep -q '^pkgs/'; then
+    echo "error: path argument must start with pkgs/" >&2
+    exit 1
+fi
+
+# need absolute path for the pushd-popd block
+if [ -f "$1" ]; then
+    echo "ok: using fetchfile $1"
+    fetchfilerel="$1"
+    fetchfile="$(readlink -f "$fetchfilerel")" # resolve absolute path
+    basedir="$(dirname "$fetchfile")"
+    basedirrel="$(dirname "$fetchfilerel")"
+elif [ -d "$1" ]; then
+    echo "ok: using basedir $1"
+    basedirrel="$1"
+    basedir="$(readlink -f "$basedirrel")" # resolve absolute path
+    if ! [ -d "$basedir" ]; then
+        basedir="$(dirname "$basedir")"
+    fi
+    fetchfile="$basedir/fetch.sh"
 else
-    SRCS="$(pwd)/$(dirname $1)/srcs.nix"
-    . "$1"
+    echo 'error: $1 must be file or dir' >&2
+    exit 1
 fi
 
-tmp=$(mktemp -d)
+pkgname=$(basename "$basedir")
+SRCS="$basedir/srcs.nix"
+srcsrel="$basedirrel/srcs.nix"
+
+source "$fetchfile"
+
+if [ -n "$WGET_ARGS" ]; then # old format
+    BASE_URL="${WGET_ARGS[0]}" # convert to new format
+    # validate
+    if ! echo "$BASE_URL" | grep -q -E '^(http|https|ftp)://'; then
+        printf 'error: from WGET_ARGS, converted invalid BASE_URL: %q\n' "$BASE_URL" >&2
+        exit 1
+    fi
+    printf 'ok: from WGET_ARGS, converted BASE_URL: %q\n' "$BASE_URL"
+elif [ -n "$BASE_URL" ]; then # new format
+    :
+else
+    echo "error: fetch.sh must set either WGET_ARGS or BASE_URL" >&2
+    exit 1
+fi
+
+tmptpl=tmp.fetch-kde-qt.$pkgname.XXXXXXXXXX
+
+tmp=$(mktemp -d $tmptpl)
 pushd $tmp >/dev/null
-wget -nH -r -c --no-parent "${WGET_ARGS[@]}" >/dev/null
+echo "tempdir is $tmp"
+
+wgetargs='--quiet --show-progress'
+#wgetargs='' # debug
+
+dirlist="$BASE_URL"
+filelist=""
+base_url_len=${#BASE_URL}
 
-csv=$(mktemp)
-find . -type f | while read src; do
+clean_urls() {
+    # // -> /
+    sed -E 's,//+,/,g' | sed -E 's,^(http|https|ftp):/,&/,'
+}
+
+while [ -n "$dirlist" ]
+do
+    for dirurl in $dirlist
+    do
+        echo "fetching index.html from $dirurl"
+        relpath=$(echo "./${dirurl:$base_url_len}" | clean_urls)
+        mkdir -p "$relpath"
+        indexfile=$(echo "$relpath/index.html" | clean_urls)
+        wget $wgetargs -O "$indexfile" "$dirurl"
+        echo "parsing $indexfile"
+        filedirlist="$(PARSE_INDEX "$indexfile")"
+        filelist_next="$(echo "$filedirlist" | grep '\.tar\.xz$' | while read file; do echo "$dirurl/$file"; done)"
+        filelist_next="$(echo "$filelist_next" | clean_urls)"
+        [ -n "$filelist" ] && filelist+=$'\n'
+        filelist+="$filelist_next"
+        dirlist="$(echo "$filedirlist" | grep -v '\.tar\.xz$' | while read dir; do echo "$dirurl/$dir"; done || true)"
+        dirlist="$(echo "$dirlist" | clean_urls)"
+    done
+done
+
+filecount=$(echo "$filelist" | wc -l)
+
+if [ -z "$filelist" ]
+then
+    echo "error: no files parsed from $tmp/index.html"
+    exit 1
+fi
+
+echo "parsed $filecount tar.xz files:"; echo "$filelist"
+
+# most time is spent here
+echo "fetching $filecount sha256 files ..."
+urllist="$(echo "$filelist" | while read file; do echo "$file.sha256"; done)"
+# wget -r: keep directory structure
+echo "$urllist" | xargs wget $wgetargs -nH -r -c --no-parent && {
+    actual=$(find . -type f -name '*.sha256' | wc -l)
+    echo "fetching $filecount sha256 files done: got $actual files"
+} || {
+    # workaround: in rare cases, the server does not provide the sha256 files
+    # for example when the release is just a few hours old
+    # and the servers are not yet fully synced
+    actual=$(find . -type f -name '*.sha256' | wc -l)
+    echo "fetching $filecount sha256 files failed: got only $actual files"
+
+    # TODO fetch only missing tar.xz files
+    echo "fetching $filecount tar.xz files ..."
+    urllist="$(echo "$filelist" | while read file; do echo "$BASE_URL/$file"; done)"
+    echo "$urllist" | xargs wget $wgetargs -nH -r -c --no-parent
+
+    echo "generating sha256 files ..."
+    find . -type f -name '*.tar.xz' | while read src; do
+        name=$(basename "$src")
+        sha256=$(sha256sum "$src" | cut -d' ' -f1)
+        echo "$sha256  $name" >"$src.sha256"
+    done
+}
+
+csv=$(mktemp $tmptpl.csv)
+echo "writing temporary file $csv ..."
+find . -type f -name '*.sha256' | while read sha256file; do
+    src="${sha256file%.*}" # remove extension
+    sha256=$(cat $sha256file | cut -d' ' -f1) # base16
+    sha256=$(nix-hash --type sha256 --to-base32 $sha256)
     # Sanitize file name
     filename=$(basename "$src" | tr '@' '_')
     nameVersion="${filename%.tar.*}"
     name=$(echo "$nameVersion" | sed -e 's,-[[:digit:]].*,,' | sed -e 's,-opensource-src$,,' | sed -e 's,-everywhere-src$,,')
     version=$(echo "$nameVersion" | sed -e 's,^\([[:alpha:]][[:alnum:]]*-\)\+,,')
-    echo "$name,$version,$src,$filename" >>$csv
+    echo "$name,$version,$src,$filename,$sha256" >>$csv
 done
 
+files_before=$(grep -c 'src = ' "$SRCS")
+
+echo "writing output file $SRCS ..."
 cat >"$SRCS" <<EOF
 # DO NOT EDIT! This file is generated automatically.
 # Command: $0 $@
@@ -39,8 +168,8 @@ gawk -F , "{ print \$1 }" $csv | sort | uniq | while read name; do
     latestVersion=$(echo "$versions" | sort -rV | head -n 1)
     src=$(gawk -F , "/^$name,$latestVersion,/ { print \$3 }" $csv)
     filename=$(gawk -F , "/^$name,$latestVersion,/ { print \$4 }" $csv)
+    sha256=$(gawk -F , "/^$name,$latestVersion,/ { print \$5 }" $csv)
     url="${src:2}"
-    sha256=$(nix-hash --type sha256 --base32 --flat "$src")
     cat >>"$SRCS" <<EOF
   $name = {
     version = "$latestVersion";
@@ -55,6 +184,13 @@ done
 
 echo "}" >>"$SRCS"
 
+files_after=$(grep -c 'src = ' "$SRCS")
+echo "files before: $files_before"
+echo "files after:  $files_after"
+
+echo "compare:"
+echo "git diff $srcsrel"
+
 popd >/dev/null
 rm -fr $tmp >/dev/null
 

infra/libkookie/nixpkgs/unstable/maintainers/scripts/fix-maintainers.pl

@@ -0,0 +1,52 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i perl -p perl -p perlPackages.LWP -p perlPackages.LWPProtocolHttps -p perlPackages.LWPUserAgent -p perlPackages.JSON -p perlPackages.PathTiny
+use LWP::UserAgent;
+use JSON;
+use Path::Tiny;
+use strict;
+use warnings;
+
+my $maintainers_list_nix = "../maintainer-list.nix";
+my $maintainers_json = from_json(`nix-instantiate --json --eval --expr 'builtins.fromJSON (builtins.toJSON (import $maintainers_list_nix))'`);
+
+STDOUT->autoflush(1);
+
+my $ua = LWP::UserAgent->new();
+
+keys %$maintainers_json; # reset the internal iterator so a prior each() doesn't affect the loop
+while(my($k, $v) = each %$maintainers_json) {
+    my $current_user = %$v{'github'};
+    if (!defined $current_user) {
+        print "$k has no github handle\n";
+        next;
+    }
+    my $github_id = %$v{'githubId'};
+    if (!defined $github_id) {
+        print "$k has no githubId\n";
+        next;
+    }
+    my $url = 'https://api.github.com/user/' . $github_id;
+    my $resp = $ua->get(
+        $url,
+        "Authorization" => "Token $ENV{GH_TOKEN}"
+    );
+
+    if ($resp->header("X-RateLimit-Remaining") == 0) {
+        my $ratelimit_reset = $resp->header("X-RateLimit-Reset");
+        print "Request limit exceeded, waiting until " . scalar localtime $ratelimit_reset . "\n";
+        sleep($ratelimit_reset - time() + 5);
+    }
+    if ($resp->code != 200) {
+        print $current_user . " likely deleted their github account\n";
+        next;
+    }
+    my $resp_json = from_json($resp->content);
+    my $api_user = %$resp_json{"login"};
+    if ($current_user ne $api_user) {
+        print $current_user . " is now known on github as " . $api_user . ". Editing maintainer-list.nix…\n";
+        my $file = path($maintainers_list_nix);
+        my $data = $file->slurp_utf8;
+        $data =~ s/github = "$current_user";$/github = "$api_user";/m;
+        $file->spew_utf8($data);
+    }
+}

infra/libkookie/nixpkgs/unstable/maintainers/scripts/haskell/hydra-report.hs

@@ -451,8 +451,8 @@ printBuildSummary
       showBuild (name, entry) = printJob id name (summaryBuilds entry, Text.pack (if summaryReverseDeps entry > 0 then " :arrow_heading_up: " <> show (summaryUnbrokenReverseDeps entry) <>" | "<> show (summaryReverseDeps entry) else ""))
       showMaintainedBuild (name, (table, maintainers)) = printJob id name (table, Text.intercalate " " (fmap ("@" <>) (toList maintainers)))
       tldr = case (errors, warnings) of
-               ([],[]) -> [":green_circle: **Ready to merge**"]
-               ([],_) -> [":yellow_circle: **Potential issues**"]
+               ([],[]) -> [":green_circle: **Ready to merge** (if there are no [Evaluation Errors](https://hydra.nixos.org/jobset/nixpkgs/haskell-updates))"]
+               ([],_) -> [":yellow_circle: **Potential issues** (and possibly [Evaluation Errors](https://hydra.nixos.org/jobset/nixpkgs/haskell-updates))"]
                _ -> [":red_circle: **Branch not mergeable**"]
       warnings =
          if' (Unfinished > maybe Success worstState maintainedJob) "`maintained` jobset failed." <>

infra/libkookie/nixpkgs/unstable/maintainers/scripts/luarocks-packages.csv

@@ -86,6 +86,7 @@ plenary.nvim,https://github.com/nvim-lua/plenary.nvim.git,,,,lua5_1,
 rapidjson,https://github.com/xpol/lua-rapidjson.git,,,,,
 readline,,,,,,
 say,https://github.com/Olivine-Labs/say.git,,,,,
+serpent,,,,,,lockejan
 sqlite,,,,,,
 std._debug,https://github.com/lua-stdlib/_debug.git,,,,,
 std.normalize,https://github.com/lua-stdlib/normalize.git,,,,,

infra/libkookie/nixpkgs/unstable/maintainers/scripts/mdize-module.sh

@@ -0,0 +1,83 @@
+#! /usr/bin/env nix-shell
+#! nix-shell -I nixpkgs=. -i bash -p delta jq perl
+
+set -euo pipefail
+shopt -s inherit_errexit
+
+cat <<'EOF'
+This script attempts to automatically convert option descriptions from
+DocBook syntax to markdown. Naturally this process is incomplete and
+imperfect, so any changes generated by this script MUST be reviewed.
+
+Possible problems include: incorrectly replaced tags, badly formatted
+markdown, DocBook tags this script doesn't recognize remaining in the
+output and crashing the docs build, incorrect escaping of markdown
+metacharacters, incorrect unescaping of XML entities—and the list goes on.
+
+Always review the generated changes!
+
+Some known limitations:
+  - Does not transform literalDocBook items
+  - Replacements can occur in non-option code, such as string literals
+
+
+EOF
+
+
+
+build-options-json() {
+    nix-build --no-out-link --expr '
+        let
+            sys = import ./nixos/default.nix {
+                configuration = {};
+            };
+        in
+        [
+            sys.config.system.build.manual.optionsJSON
+        ]
+    '
+}
+
+
+
+git diff --quiet || {
+    echo "Worktree is dirty. Please stash or commit first."
+    exit 1
+}
+
+echo "Building options.json ..."
+old_options=$(build-options-json)
+
+echo "Applying replacements ..."
+perl -pi -e '
+    BEGIN {
+        undef $/;
+    }
+
+    s,<literal>([^`]*?)</literal>,`$1`,smg;
+    s,<replaceable>([^»]*?)</replaceable>,«$1»,smg;
+    s,<filename>([^`]*?)</filename>,{file}`$1`,smg;
+    s,<option>([^`]*?)</option>,{option}`$1`,smg;
+    s,<code>([^`]*?)</code>,`$1`,smg;
+    s,<command>([^`]*?)</command>,{command}`$1`,smg;
+    s,<link xlink:href="(.+?)" ?/>,<$1>,smg;
+    s,<link xlink:href="(.+?)">(.*?)</link>,[$2]($1),smg;
+    s,<package>([^`]*?)</package>,`$1`,smg;
+    s,<emphasis>([^*]*?)</emphasis>,*$1*,smg;
+    s,<citerefentry>\s*
+        <refentrytitle>\s*(.*?)\s*</refentrytitle>\s*
+        <manvolnum>\s*(.*?)\s*</manvolnum>\s*
+      </citerefentry>,{manpage}`$1($2)`,smgx;
+    s,^( +description =),\1 lib.mdDoc,smg;
+' "$@"
+
+echo "Building options.json again ..."
+new_options=$(build-options-json)
+
+
+! cmp -s {$old_options,$new_options}/share/doc/nixos/options.json && {
+    diff -U10 \
+        <(jq . <$old_options/share/doc/nixos/options.json) \
+        <(jq . <$new_options/share/doc/nixos/options.json) \
+        | delta
+}

infra/libkookie/nixpkgs/unstable/maintainers/team-list.nix

@@ -98,6 +98,7 @@ with lib.maintainers; {
     members = [
       astro
       SuperSandro2000
+      revol-xut
     ];
     scope = "Maintain packages used in the C3D2 hackspace";
     shortName = "c3d2";
@@ -325,7 +326,6 @@ with lib.maintainers; {
   jitsi = {
     members = [
       cleeyv
-      petabyteboy
       ryantm
       yuka
     ];

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/configuration/adding-custom-packages.section.md

@@ -1,11 +1,18 @@
 # Adding Custom Packages {#sec-custom-packages}
 
 It's possible that a package you need is not available in NixOS. In that
-case, you can do two things. First, you can clone the Nixpkgs
-repository, add the package to your clone, and (optionally) submit a
-patch or pull request to have it accepted into the main Nixpkgs repository.
-This is described in detail in the [Nixpkgs manual](https://nixos.org/nixpkgs/manual).
-In short, you clone Nixpkgs:
+case, you can do two things. Either you can package it with Nix, or you can try
+to use prebuilt packages from upstream. Due to the peculiarities of NixOS, it
+is important to note that building software from source is often easier than
+using pre-built executables.
+
+## Building with Nix {#sec-custom-packages-nix}
+
+This can be done either in-tree or out-of-tree. For an in-tree build, you can
+clone the Nixpkgs repository, add the package to your clone, and (optionally)
+submit a patch or pull request to have it accepted into the main Nixpkgs
+repository. This is described in detail in the [Nixpkgs
+manual](https://nixos.org/nixpkgs/manual). In short, you clone Nixpkgs:
 
 ```ShellSession
 $ git clone https://github.com/NixOS/nixpkgs
@@ -72,3 +79,21 @@ $ nix-build my-hello.nix
 $ ./result/bin/hello
 Hello, world!
 ```
+
+## Using pre-built executables {#sec-custom-packages-prebuilt}
+
+Most pre-built executables will not work on NixOS. There are two notable
+exceptions: flatpaks and AppImages. For flatpaks see the [dedicated
+section](#module-services-flatpak). AppImages will not run "as-is" on NixOS.
+First you need to install `appimage-run`: add to `/etc/nixos/configuration.nix`
+
+```nix
+environment.systemPackages = [ pkgs.appimage-run ];
+```
+
+Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`.
+
+To make other pre-built executables work on NixOS, you need to package them
+with Nix and special helpers like `autoPatchelfHook` or `buildFHSUserEnv`. See
+the [Nixpkgs manual](https://nixos.org/nixpkgs/manual) for details. This
+is complex and often doing a source build is easier.

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/development/writing-nixos-tests.section.md

@@ -362,7 +362,6 @@ with foo_running:
     ...  # Put `foo` through its paces
 ```
 
-
 `polling_condition` takes the following (optional) arguments:
 
 `seconds_interval`
@@ -407,6 +406,9 @@ import ./make-test-python.nix
 
   nodes = { };
 
+  # Type checking on extra packages doesn't work yet
+  skipTypeCheck = true;
+
   testScript = ''
     import numpy as np
     assert str(np.zeros(4) == "array([0., 0., 0., 0.])")

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/from_md/configuration/adding-custom-packages.section.xml

@@ -2,40 +2,50 @@
   <title>Adding Custom Packages</title>
   <para>
     It’s possible that a package you need is not available in NixOS. In
-    that case, you can do two things. First, you can clone the Nixpkgs
-    repository, add the package to your clone, and (optionally) submit a
-    patch or pull request to have it accepted into the main Nixpkgs
-    repository. This is described in detail in the
-    <link xlink:href="https://nixos.org/nixpkgs/manual">Nixpkgs
-    manual</link>. In short, you clone Nixpkgs:
+    that case, you can do two things. Either you can package it with
+    Nix, or you can try to use prebuilt packages from upstream. Due to
+    the peculiarities of NixOS, it is important to note that building
+    software from source is often easier than using pre-built
+    executables.
   </para>
-  <programlisting>
+  <section xml:id="sec-custom-packages-nix">
+    <title>Building with Nix</title>
+    <para>
+      This can be done either in-tree or out-of-tree. For an in-tree
+      build, you can clone the Nixpkgs repository, add the package to
+      your clone, and (optionally) submit a patch or pull request to
+      have it accepted into the main Nixpkgs repository. This is
+      described in detail in the
+      <link xlink:href="https://nixos.org/nixpkgs/manual">Nixpkgs
+      manual</link>. In short, you clone Nixpkgs:
+    </para>
+    <programlisting>
 $ git clone https://github.com/NixOS/nixpkgs
 $ cd nixpkgs
 </programlisting>
-  <para>
-    Then you write and test the package as described in the Nixpkgs
-    manual. Finally, you add it to
-    <xref linkend="opt-environment.systemPackages" />, e.g.
-  </para>
-  <programlisting language="bash">
+    <para>
+      Then you write and test the package as described in the Nixpkgs
+      manual. Finally, you add it to
+      <xref linkend="opt-environment.systemPackages" />, e.g.
+    </para>
+    <programlisting language="bash">
 environment.systemPackages = [ pkgs.my-package ];
 </programlisting>
-  <para>
-    and you run <literal>nixos-rebuild</literal>, specifying your own
-    Nixpkgs tree:
-  </para>
-  <programlisting>
+    <para>
+      and you run <literal>nixos-rebuild</literal>, specifying your own
+      Nixpkgs tree:
+    </para>
+    <programlisting>
 # nixos-rebuild switch -I nixpkgs=/path/to/my/nixpkgs
 </programlisting>
-  <para>
-    The second possibility is to add the package outside of the Nixpkgs
-    tree. For instance, here is how you specify a build of the
-    <link xlink:href="https://www.gnu.org/software/hello/">GNU
-    Hello</link> package directly in
-    <literal>configuration.nix</literal>:
-  </para>
-  <programlisting language="bash">
+    <para>
+      The second possibility is to add the package outside of the
+      Nixpkgs tree. For instance, here is how you specify a build of the
+      <link xlink:href="https://www.gnu.org/software/hello/">GNU
+      Hello</link> package directly in
+      <literal>configuration.nix</literal>:
+    </para>
+    <programlisting language="bash">
 environment.systemPackages =
   let
     my-hello = with pkgs; stdenv.mkDerivation rec {
@@ -48,17 +58,17 @@ environment.systemPackages =
   in
   [ my-hello ];
 </programlisting>
-  <para>
-    Of course, you can also move the definition of
-    <literal>my-hello</literal> into a separate Nix expression, e.g.
-  </para>
-  <programlisting language="bash">
+    <para>
+      Of course, you can also move the definition of
+      <literal>my-hello</literal> into a separate Nix expression, e.g.
+    </para>
+    <programlisting language="bash">
 environment.systemPackages = [ (import ./my-hello.nix) ];
 </programlisting>
-  <para>
-    where <literal>my-hello.nix</literal> contains:
-  </para>
-  <programlisting language="bash">
+    <para>
+      where <literal>my-hello.nix</literal> contains:
+    </para>
+    <programlisting language="bash">
 with import &lt;nixpkgs&gt; {}; # bring all of Nixpkgs into scope
 
 stdenv.mkDerivation rec {
@@ -69,12 +79,40 @@ stdenv.mkDerivation rec {
   };
 }
 </programlisting>
-  <para>
-    This allows testing the package easily:
-  </para>
-  <programlisting>
+    <para>
+      This allows testing the package easily:
+    </para>
+    <programlisting>
 $ nix-build my-hello.nix
 $ ./result/bin/hello
 Hello, world!
 </programlisting>
+  </section>
+  <section xml:id="sec-custom-packages-prebuilt">
+    <title>Using pre-built executables</title>
+    <para>
+      Most pre-built executables will not work on NixOS. There are two
+      notable exceptions: flatpaks and AppImages. For flatpaks see the
+      <link linkend="module-services-flatpak">dedicated section</link>.
+      AppImages will not run <quote>as-is</quote> on NixOS. First you
+      need to install <literal>appimage-run</literal>: add to
+      <literal>/etc/nixos/configuration.nix</literal>
+    </para>
+    <programlisting language="bash">
+environment.systemPackages = [ pkgs.appimage-run ];
+</programlisting>
+    <para>
+      Then instead of running the AppImage <quote>as-is</quote>, run
+      <literal>appimage-run foo.appimage</literal>.
+    </para>
+    <para>
+      To make other pre-built executables work on NixOS, you need to
+      package them with Nix and special helpers like
+      <literal>autoPatchelfHook</literal> or
+      <literal>buildFHSUserEnv</literal>. See the
+      <link xlink:href="https://nixos.org/nixpkgs/manual">Nixpkgs
+      manual</link> for details. This is complex and often doing a
+      source build is easier.
+    </para>
+  </section>
 </section>

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/from_md/development/writing-nixos-tests.section.xml

@@ -680,6 +680,9 @@ import ./make-test-python.nix
 
   nodes = { };
 
+  # Type checking on extra packages doesn't work yet
+  skipTypeCheck = true;
+
   testScript = ''
     import numpy as np
     assert str(np.zeros(4) == "array([0., 0., 0., 0.])")

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/from_md/installation/building-nixos.chapter.xml

@@ -33,9 +33,14 @@
   </para>
   <section xml:id="sec-building-image-instructions">
     <title>Practical Instructions</title>
+    <para>
+      To build an ISO image for the channel
+      <literal>nixos-unstable</literal>:
+    </para>
     <programlisting>
 $ git clone https://github.com/NixOS/nixpkgs.git
 $ cd nixpkgs/nixos
+$ git switch nixos-unstable
 $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
 </programlisting>
     <para>

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/from_md/installation/installing.chapter.xml

@@ -426,7 +426,9 @@ OK
             </term>
             <listitem>
               <para>
-                You <emphasis>must</emphasis> set the option
+                You must select a boot-loader, either system-boot or
+                GRUB. The recommended option is systemd-boot: set the
+                option
                 <xref linkend="opt-boot.loader.systemd-boot.enable" />
                 to <literal>true</literal>.
                 <literal>nixos-generate-config</literal> should do this
@@ -440,6 +442,23 @@ OK
                 <link linkend="opt-boot.loader.systemd-boot.enable"><literal>boot.loader.systemd-boot</literal></link>
                 as well.
               </para>
+              <para>
+                If you want to use GRUB, set
+                <xref linkend="opt-boot.loader.grub.device" /> to
+                <literal>nodev</literal> and
+                <xref linkend="opt-boot.loader.grub.efiSupport" /> to
+                <literal>true</literal>.
+              </para>
+              <para>
+                With system-boot, you should not need any special
+                configuration to detect other installed systems. With
+                GRUB, set
+                <xref linkend="opt-boot.loader.grub.useOSProber" /> to
+                <literal>true</literal>, but this will only detect
+                windows partitions, not other linux distributions. If
+                you dual boot another linux distribution, use
+                system-boot instead.
+              </para>
             </listitem>
           </varlistentry>
         </variablelist>

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml

@@ -133,6 +133,14 @@
           <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/jtroo/kanata">kanata</link>,
+          a tool to improve keyboard comfort and usability with advanced
+          customization. Available as
+          <link xlink:href="options.html#opt-services.kanata.enable">services.kanata</link>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           <link xlink:href="https://github.com/aiberia/persistent-evdev">persistent-evdev</link>,
@@ -156,6 +164,13 @@
           <link linkend="opt-services.expressvpn.enable">services.expressvpn</link>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://www.grafana.com/oss/tempo/">Grafana
+          Tempo</link>, a distributed tracing store. Available as
+          <link linkend="opt-services.tempo.enable">services.tempo</link>.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
   <section xml:id="sec-release-22.11-incompatibilities">
@@ -243,6 +258,12 @@
           this version for the entire lifecycle of the 22.11 release.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <literal>pkgs.cosign</literal> does not provide the
+          <literal>cosigned</literal> binary anymore.
+        </para>
+      </listitem>
       <listitem>
         <para>
           riak package removed along with
@@ -250,6 +271,31 @@
           maintainer to update the package.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          xow package removed along with the
+          <literal>hardware.xow</literal> module, due to the project
+          being deprecated in favor of <literal>xone</literal>, which is
+          available via the <literal>hardware.xone</literal> module.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          The <literal>services.graphite.api</literal> and
+          <literal>services.graphite.beacon</literal> NixOS options, and
+          the <literal>python3.pkgs.graphite_api</literal>,
+          <literal>python3.pkgs.graphite_beacon</literal> and
+          <literal>python3.pkgs.influxgraph</literal> packages, have
+          been removed due to lack of upstream maintenance.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          The <literal>meta.mainProgram</literal> attribute of packages
+          in <literal>wineWowPackages</literal> now defaults to
+          <literal>&quot;wine64&quot;</literal>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           (Neo)Vim can not be configured with
@@ -285,6 +331,13 @@
           <literal>hardware.saleae-logic.package</literal>.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          The Redis module now disables RDB persistence when
+          <literal>services.redis.servers.&lt;name&gt;.save = []</literal>
+          instead of using the Redis default.
+        </para>
+      </listitem>
       <listitem>
         <para>
           Matrix Synapse now requires entries in the
@@ -296,6 +349,15 @@
           and require manual remediation.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          <literal>dockerTools.buildImage</literal> deprecates the
+          misunderstood <literal>contents</literal> parameter, in favor
+          of <literal>copyToRoot</literal>. Use
+          <literal>copyToRoot = buildEnv { ... };</literal> or similar
+          if you intend to add packages to <literal>/bin</literal>.
+        </para>
+      </listitem>
       <listitem>
         <para>
           memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2.
@@ -303,6 +365,20 @@
           as coreboot’s fork is no longer available.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          Add udev rules for the Teensy family of microcontrollers.
+        </para>
+      </listitem>
+      <listitem>
+        <para>
+          The <literal>pass-secret-service</literal> package now
+          includes systemd units from upstream, so adding it to the
+          NixOS <literal>services.dbus.packages</literal> option will
+          make it start automatically as a systemd user service when an
+          application tries to talk to the libsecret D-Bus API.
+        </para>
+      </listitem>
       <listitem>
         <para>
           There is a new module for the <literal>thunar</literal>
@@ -315,6 +391,13 @@
           release it may be removed.
         </para>
       </listitem>
+      <listitem>
+        <para>
+          There is a new module for the <literal>xfconf</literal>
+          program (the Xfce configuration storage system), which has a
+          dbus service.
+        </para>
+      </listitem>
     </itemizedlist>
   </section>
 </section>

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/installation/building-nixos.chapter.md

@@ -18,9 +18,12 @@ enforced values with `mkForce`.
 
 ## Practical Instructions {#sec-building-image-instructions}
 
+To build an ISO image for the channel `nixos-unstable`:
+
 ```ShellSession
 $ git clone https://github.com/NixOS/nixpkgs.git
 $ cd nixpkgs/nixos
+$ git switch nixos-unstable
 $ nix-build -A config.system.build.isoImage -I nixos-config=modules/installer/cd-dvd/installation-cd-minimal.nix default.nix
 ```
 

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/installation/installing.chapter.md

@@ -303,7 +303,8 @@ Use the following commands:
 
     UEFI systems
 
-    :   You *must* set the option [](#opt-boot.loader.systemd-boot.enable)
+    :   You must select a boot-loader, either system-boot or GRUB. The recommended
+        option is systemd-boot: set the option [](#opt-boot.loader.systemd-boot.enable)
         to `true`. `nixos-generate-config` should do this automatically
         for new configurations when booted in UEFI mode.
 
@@ -312,6 +313,15 @@ Use the following commands:
         [`boot.loader.systemd-boot`](#opt-boot.loader.systemd-boot.enable)
         as well.
 
+    :   If you want to use GRUB, set [](#opt-boot.loader.grub.device) to `nodev` and
+        [](#opt-boot.loader.grub.efiSupport) to `true`.
+
+    :   With system-boot, you should not need any special configuration to detect
+        other installed systems. With GRUB, set [](#opt-boot.loader.grub.useOSProber)
+        to `true`, but this will only detect windows partitions, not other linux
+        distributions. If you dual boot another linux distribution, use system-boot
+        instead.
+
     If you need to configure networking for your machine the
     configuration options are described in [](#sec-networking). In
     particular, while wifi is supported on the installation image, it is

infra/libkookie/nixpkgs/unstable/nixos/doc/manual/release-notes/rl-2211.section.md

@@ -58,12 +58,18 @@ In addition to numerous new and upgraded packages, this release has the followin
 
 - [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle.
   Available as [services.infnoise](options.html#opt-services.infnoise.enable).
+
+- [kanata](https://github.com/jtroo/kanata), a tool to improve keyboard comfort and usability with advanced customization.
+  Available as [services.kanata](options.html#opt-services.kanata.enable).
+
 - [persistent-evdev](https://github.com/aiberia/persistent-evdev), a daemon to add virtual proxy devices that mirror a physical input device but persist even if the underlying hardware is hot-plugged. Available as [services.persistent-evdev](#opt-services.persistent-evdev.enable).
 
 - [schleuder](https://schleuder.org/), a mailing list manager with PGP support. Enable using [services.schleuder](#opt-services.schleuder.enable).
 
 - [expressvpn](https://www.expressvpn.com), the CLI client for ExpressVPN. Available as [services.expressvpn](#opt-services.expressvpn.enable).
 
+- [Grafana Tempo](https://www.grafana.com/oss/tempo/), a distributed tracing store. Available as [services.tempo](#opt-services.tempo.enable).
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
 
 ## Backward Incompatibilities {#sec-release-22.11-incompatibilities}
@@ -95,8 +101,19 @@ In addition to numerous new and upgraded packages, this release has the followin
 - PHP 7.4 is no longer supported due to upstream not supporting this
   version for the entire lifecycle of the 22.11 release.
 
+- `pkgs.cosign` does not provide the `cosigned` binary anymore.
+
 - riak package removed along with `services.riak` module, due to lack of maintainer to update the package.
 
+- xow package removed along with the `hardware.xow` module, due to the project being deprecated in favor of `xone`,  which is available via the `hardware.xone` module.
+
+- The `services.graphite.api` and `services.graphite.beacon` NixOS options, and
+  the `python3.pkgs.graphite_api`, `python3.pkgs.graphite_beacon` and
+  `python3.pkgs.influxgraph` packages, have been removed due to lack of upstream
+  maintenance.
+
+- The `meta.mainProgram` attribute of packages in `wineWowPackages` now defaults to `"wine64"`.
+
 - (Neo)Vim can not be configured with `configure.pathogen` anymore to reduce maintainance burden.
 Use `configure.packages` instead.
 
@@ -110,10 +127,21 @@ Use `configure.packages` instead.
 
 - A new module was added for the Saleae Logic device family, providing the options `hardware.saleae-logic.enable` and `hardware.saleae-logic.package`.
 
+- The Redis module now disables RDB persistence when `services.redis.servers.<name>.save = []` instead of using the Redis default.
+
 - Matrix Synapse now requires entries in the `state_group_edges` table to be unique, in order to prevent accidentally introducing duplicate information (for example, because a database backup was restored multiple times). If your Synapse database already has duplicate rows in this table, this could fail with an error and require manual remediation.
 
+- `dockerTools.buildImage` deprecates the misunderstood `contents` parameter, in favor of `copyToRoot`.
+  Use `copyToRoot = buildEnv { ... };` or similar if you intend to add packages to `/bin`.
+
 - memtest86+ was updated from 5.00-coreboot-002 to 6.00-beta2. It is now the upstream version from https://www.memtest.org/, as coreboot's fork is no longer available.
 
+- Add udev rules for the Teensy family of microcontrollers.
+
+- The `pass-secret-service` package now includes systemd units from upstream, so adding it to the NixOS `services.dbus.packages` option will make it start automatically as a systemd user service when an application tries to talk to the libsecret D-Bus API.
+
 - There is a new module for the `thunar` program (the Xfce file manager), which depends on the `xfconf` dbus service, and also has a dbus service and a systemd unit. The option `services.xserver.desktopManager.xfce.thunarPlugins` has been renamed to `programs.thunar.plugins`, and in a future release it may be removed.
 
+- There is a new module for the `xfconf` program (the Xfce configuration storage system), which has a dbus service.
+
 <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->

infra/libkookie/nixpkgs/unstable/nixos/lib/eval-config.nix

@@ -9,7 +9,9 @@
 # expressions are ever made modular at the top level) can just use
 # types.submodule instead of using eval-config.nix
 evalConfigArgs@
-{ # !!! system can be set modularly, would be nice to remove
+{ # !!! system can be set modularly, would be nice to remove,
+  #     however, removing or changing this default is too much
+  #     of a breaking change. To set it modularly, pass `null`.
   system ? builtins.currentSystem
 , # !!! is this argument needed any more? The pkgs argument can
   # be set modularly anyway.
@@ -48,7 +50,7 @@ let
       # this.  Since the latter defaults to the former, the former should
       # default to the argument. That way this new default could propagate all
       # they way through, but has the last priority behind everything else.
-      nixpkgs.system = lib.mkDefault system;
+      nixpkgs.system = lib.mkIf (system != null) (lib.mkDefault system);
 
       _module.args.pkgs = lib.mkIf (pkgs_ != null) (lib.mkForce pkgs_);
     };

infra/libkookie/nixpkgs/unstable/nixos/lib/make-multi-disk-zfs-image.nix

@@ -128,7 +128,7 @@ let
       gptfdisk
       nix
       parted
-      utillinux
+      util-linux
       zfs
     ]
   );

infra/libkookie/nixpkgs/unstable/nixos/lib/make-options-doc/default.nix

@@ -99,6 +99,14 @@ let
 
   optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
 
+  pythonMD =
+    let
+      self = (pkgs.python3Minimal.override {
+        inherit self;
+        includeSiteCustomize = true;
+        });
+      in self.withPackages (p: [ p.mistune_2_0 ]);
+
 in rec {
   inherit optionsNix;
 
@@ -116,17 +124,20 @@ in rec {
 
   optionsJSON = pkgs.runCommand "options.json"
     { meta.description = "List of NixOS options in JSON format";
-      buildInputs = [
-        pkgs.brotli
-        (let
-          self = (pkgs.python3Minimal.override {
-            inherit self;
-            includeSiteCustomize = true;
-           });
-         in self.withPackages (p: [ p.mistune_2_0 ]))
-      ];
+      buildInputs = [ pkgs.brotli pythonMD ];
       options = builtins.toFile "options.json"
         (builtins.unsafeDiscardStringContext (builtins.toJSON optionsNix));
+      # convert markdown to docbook in its own derivation to cache the
+      # conversion results. the conversion is surprisingly expensive.
+      baseJSON =
+        if baseOptionsJSON != null
+        then
+          pkgs.runCommand "base-json-md-converted" {
+            buildInputs = [ pythonMD ];
+          } ''
+            python ${./mergeJSON.py} ${baseOptionsJSON} <(echo '{}') > $out
+          ''
+        else null;
     }
     ''
       # Export list of options in different format.
@@ -143,7 +154,7 @@ in rec {
           else ''
             python ${./mergeJSON.py} \
               ${lib.optionalString warningsAreErrors "--warnings-are-errors"} \
-              ${baseOptionsJSON} $options \
+              $baseJSON $options \
               > $dst/options.json
           ''
       }

infra/libkookie/nixpkgs/unstable/nixos/lib/make-options-doc/mergeJSON.py

@@ -53,12 +53,14 @@ def convertMD(options: Dict[str, Any]) -> str:
         '.note': 'note'
     }
     class Renderer(mistune.renderers.BaseRenderer):
+        def __init__(self, path):
+            self.path = path
         def _get_method(self, name):
             try:
                 return super(Renderer, self)._get_method(name)
             except AttributeError:
                 def not_supported(*args, **kwargs):
-                    raise NotImplementedError("md node not supported yet", name, args, **kwargs)
+                    raise NotImplementedError("md node not supported yet", self.path, name, args, **kwargs)
                 return not_supported
 
         def text(self, text):
@@ -166,8 +168,8 @@ def convertMD(options: Dict[str, Any]) -> str:
         md.block.rules.append('admonition')
     plugins.append(admonition)
 
-    def convertString(text: str) -> str:
-        rendered = mistune.markdown(text, renderer=Renderer(), plugins=plugins)
+    def convertString(path: str, text: str) -> str:
+        rendered = mistune.markdown(text, renderer=Renderer(path), plugins=plugins)
         # keep trailing spaces so we can diff the generated XML to check for conversion bugs.
         return rendered.rstrip() + text[len(text.rstrip()):]
 
@@ -179,12 +181,12 @@ def convertMD(options: Dict[str, Any]) -> str:
 
     for (name, option) in options.items():
         if optionIs(option, 'description', 'mdDoc'):
-            option['description'] = convertString(option['description']['text'])
+            option['description'] = convertString(name, option['description']['text'])
         if optionIs(option, 'example', 'literalMD'):
-            docbook = convertString(option['example']['text'])
+            docbook = convertString(name, option['example']['text'])
             option['example'] = { '_type': 'literalDocBook', 'text': docbook }
         if optionIs(option, 'default', 'literalMD'):
-            docbook = convertString(option['default']['text'])
+            docbook = convertString(name, option['default']['text'])
             option['default'] = { '_type': 'literalDocBook', 'text': docbook }
 
     return options

infra/libkookie/nixpkgs/unstable/nixos/lib/make-single-disk-zfs-image.nix

@@ -116,7 +116,7 @@ let
       gptfdisk
       nix
       parted
-      utillinux
+      util-linux
       zfs
     ]
   );

infra/libkookie/nixpkgs/unstable/nixos/lib/qemu-common.nix

@@ -18,7 +18,7 @@ rec {
     ];
 
   qemuSerialDevice = if pkgs.stdenv.hostPlatform.isx86 || pkgs.stdenv.hostPlatform.isRiscV then "ttyS0"
-        else if (with pkgs.stdenv.hostPlatform; isAarch32 || isAarch64 || isPower) then "ttyAMA0"
+        else if (with pkgs.stdenv.hostPlatform; isAarch || isPower) then "ttyAMA0"
         else throw "Unknown QEMU serial device for system '${pkgs.stdenv.hostPlatform.system}'";
 
   qemuBinary = qemuPkg: {

infra/libkookie/nixpkgs/unstable/nixos/lib/test-driver/test_driver/vlan.py

@@ -32,8 +32,12 @@ class VLan:
         rootlog.info("start vlan")
         pty_master, pty_slave = pty.openpty()
 
+        # The --hub is required for the scenario determined by
+        # nixos/tests/networking.nix vlan-ping.
+        # VLAN Tagged traffic (802.1Q) seams to be blocked if a vde_switch is
+        # used without the hub mode (flood packets to all ports).
         self.process = subprocess.Popen(
-            ["vde_switch", "-s", self.socket_dir, "--dirmode", "0700"],
+            ["vde_switch", "-s", self.socket_dir, "--dirmode", "0700", "--hub"],
             stdin=pty_slave,
             stdout=subprocess.PIPE,
             stderr=subprocess.PIPE,
@@ -50,7 +54,7 @@ class VLan:
         if not (self.socket_dir / "ctl").exists():
             rootlog.error("cannot start vde_switch")
 
-        rootlog.info(f"running vlan (pid {self.pid})")
+        rootlog.info(f"running vlan (pid {self.pid}; ctl {self.socket_dir})")
 
     def __del__(self) -> None:
         rootlog.info(f"kill vlan (pid {self.pid})")

infra/libkookie/nixpkgs/unstable/nixos/modules/config/appstream.nix

@@ -6,9 +6,9 @@ with lib;
     appstream.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://www.freedesktop.org/software/appstream/docs/index.html">AppStream metadata specification</link>.
+        [AppStream metadata specification](https://www.freedesktop.org/software/appstream/docs/index.html).
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/console.nix

@@ -58,7 +58,7 @@ in
       type = with types; either str path;
       default = "us";
       example = "fr";
-      description = ''
+      description = lib.mdDoc ''
         The keyboard mapping table for the virtual consoles.
       '';
     };
@@ -72,7 +72,7 @@ in
         "002b36" "cb4b16" "586e75" "657b83"
         "839496" "6c71c4" "93a1a1" "fdf6e3"
       ];
-      description = ''
+      description = lib.mdDoc ''
         The 16 colors palette used by the virtual consoles.
         Leave empty to use the default colors.
         Colors must be in hexadecimal format and listed in
@@ -84,7 +84,7 @@ in
     packages = mkOption {
       type = types.listOf types.package;
       default = [ ];
-      description = ''
+      description = lib.mdDoc ''
         List of additional packages that provide console fonts, keymaps and
         other resources for virtual consoles use.
       '';
@@ -93,7 +93,7 @@ in
     useXkbConfig = mkOption {
       type = types.bool;
       default = false;
-      description = ''
+      description = lib.mdDoc ''
         If set, configure the virtual console keymap from the xserver
         keyboard settings.
       '';
@@ -102,7 +102,7 @@ in
     earlySetup = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Enable setting virtual console options as early as possible (in initrd).
       '';
     };
@@ -159,7 +159,11 @@ in
           "${config.boot.initrd.systemd.package}/lib/systemd/systemd-vconsole-setup"
           "${config.boot.initrd.systemd.package.kbd}/bin/setfont"
           "${config.boot.initrd.systemd.package.kbd}/bin/loadkeys"
-          "${config.boot.initrd.systemd.package.kbd.gzip}/bin/gzip" # keyboard layouts are compressed
+          "${config.boot.initrd.systemd.package.kbd.gzip}/bin/gzip" # Fonts and keyboard layouts are compressed
+        ] ++ optionals (hasPrefix builtins.storeDir cfg.font) [
+          "${cfg.font}"
+        ] ++ optionals (hasPrefix builtins.storeDir cfg.keyMap) [
+          "${cfg.keyMap}"
         ];
 
         systemd.services.reload-systemd-vconsole-setup =

infra/libkookie/nixpkgs/unstable/nixos/modules/config/fonts/fontconfig.nix

@@ -246,7 +246,7 @@ in
         enable = mkOption {
           type = types.bool;
           default = true;
-          description = ''
+          description = lib.mdDoc ''
             If enabled, a Fontconfig configuration file will be built
             pointing to a set of default fonts.  If you don't care about
             running X11 applications or any other program that uses
@@ -267,7 +267,7 @@ in
         antialias = mkOption {
           type = types.bool;
           default = true;
-          description = ''
+          description = lib.mdDoc ''
             Enable font antialiasing. At high resolution (> 200 DPI),
             antialiasing has no visible effect; users of such displays may want
             to disable this option.
@@ -277,9 +277,9 @@ in
         localConf = mkOption {
           type = types.lines;
           default = "";
-          description = ''
+          description = lib.mdDoc ''
             System-wide customization file contents, has higher priority than
-            <literal>defaultFonts</literal> settings.
+            `defaultFonts` settings.
           '';
         };
 
@@ -287,7 +287,7 @@ in
           monospace = mkOption {
             type = types.listOf types.str;
             default = ["DejaVu Sans Mono"];
-            description = ''
+            description = lib.mdDoc ''
               System-wide default monospace font(s). Multiple fonts may be
               listed in case multiple languages must be supported.
             '';
@@ -296,7 +296,7 @@ in
           sansSerif = mkOption {
             type = types.listOf types.str;
             default = ["DejaVu Sans"];
-            description = ''
+            description = lib.mdDoc ''
               System-wide default sans serif font(s). Multiple fonts may be
               listed in case multiple languages must be supported.
             '';
@@ -305,7 +305,7 @@ in
           serif = mkOption {
             type = types.listOf types.str;
             default = ["DejaVu Serif"];
-            description = ''
+            description = lib.mdDoc ''
               System-wide default serif font(s). Multiple fonts may be listed
               in case multiple languages must be supported.
             '';
@@ -314,7 +314,7 @@ in
           emoji = mkOption {
             type = types.listOf types.str;
             default = ["Noto Color Emoji"];
-            description = ''
+            description = lib.mdDoc ''
               System-wide default emoji font(s). Multiple fonts may be listed
               in case a font does not support all emoji.
 
@@ -331,7 +331,7 @@ in
           enable = mkOption {
             type = types.bool;
             default = true;
-            description = ''
+            description = lib.mdDoc ''
               Enable font hinting. Hinting aligns glyphs to pixel boundaries to
               improve rendering sharpness at low resolution. At high resolution
               (> 200 dpi) hinting will do nothing (at best); users of such
@@ -342,7 +342,7 @@ in
           autohint = mkOption {
             type = types.bool;
             default = false;
-            description = ''
+            description = lib.mdDoc ''
               Enable the autohinter in place of the default interpreter.
               The results are usually lower quality than correctly-hinted
               fonts, but better than unhinted fonts.
@@ -352,7 +352,7 @@ in
           style = mkOption {
             type = types.enum [ "hintnone" "hintslight" "hintmedium" "hintfull" ];
             default = "hintslight";
-            description = ''
+            description = lib.mdDoc ''
               Hintstyle is the amount of font reshaping done to line up
               to the grid.
 
@@ -367,10 +367,10 @@ in
         includeUserConf = mkOption {
           type = types.bool;
           default = true;
-          description = ''
+          description = lib.mdDoc ''
             Include the user configuration from
-            <filename>~/.config/fontconfig/fonts.conf</filename> or
-            <filename>~/.config/fontconfig/conf.d</filename>.
+            {file}`~/.config/fontconfig/fonts.conf` or
+            {file}`~/.config/fontconfig/conf.d`.
           '';
         };
 
@@ -379,26 +379,26 @@ in
           rgba = mkOption {
             default = "rgb";
             type = types.enum ["rgb" "bgr" "vrgb" "vbgr" "none"];
-            description = ''
+            description = lib.mdDoc ''
               Subpixel order. The overwhelming majority of displays are
-              <literal>rgb</literal> in their normal orientation. Select
-              <literal>vrgb</literal> for mounting such a display 90 degrees
-              clockwise from its normal orientation or <literal>vbgr</literal>
+              `rgb` in their normal orientation. Select
+              `vrgb` for mounting such a display 90 degrees
+              clockwise from its normal orientation or `vbgr`
               for mounting 90 degrees counter-clockwise. Select
-              <literal>bgr</literal> in the unlikely event of mounting 180
+              `bgr` in the unlikely event of mounting 180
               degrees from the normal orientation. Reverse these directions in
               the improbable event that the display's native subpixel order is
-              <literal>bgr</literal>.
+              `bgr`.
             '';
           };
 
           lcdfilter = mkOption {
             default = "default";
             type = types.enum ["none" "default" "light" "legacy"];
-            description = ''
+            description = lib.mdDoc ''
               FreeType LCD filter. At high resolution (> 200 DPI), LCD filtering
               has no visible effect; users of such displays may want to select
-              <literal>none</literal>.
+              `none`.
             '';
           };
 
@@ -407,7 +407,7 @@ in
         cache32Bit = mkOption {
           default = false;
           type = types.bool;
-          description = ''
+          description = lib.mdDoc ''
             Generate system fonts cache for 32-bit applications.
           '';
         };
@@ -415,8 +415,8 @@ in
         allowBitmaps = mkOption {
           type = types.bool;
           default = true;
-          description = ''
-            Allow bitmap fonts. Set to <literal>false</literal> to ban all
+          description = lib.mdDoc ''
+            Allow bitmap fonts. Set to `false` to ban all
             bitmap fonts.
           '';
         };
@@ -424,8 +424,8 @@ in
         allowType1 = mkOption {
           type = types.bool;
           default = false;
-          description = ''
-            Allow Type-1 fonts. Default is <literal>false</literal> because of
+          description = lib.mdDoc ''
+            Allow Type-1 fonts. Default is `false` because of
             poor rendering.
           '';
         };
@@ -433,7 +433,7 @@ in
         useEmbeddedBitmaps = mkOption {
           type = types.bool;
           default = false;
-          description = "Use embedded bitmaps in fonts like Calibri.";
+          description = lib.mdDoc "Use embedded bitmaps in fonts like Calibri.";
         };
 
       };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/fonts/fontdir.nix

@@ -30,9 +30,9 @@ in
       enable = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to create a directory with links to all fonts in
-          <filename>/run/current-system/sw/share/X11/fonts</filename>.
+          {file}`/run/current-system/sw/share/X11/fonts`.
         '';
       };
 
@@ -40,9 +40,9 @@ in
         type = types.bool;
         default = config.programs.xwayland.enable;
         defaultText = literalExpression "config.programs.xwayland.enable";
-        description = ''
+        description = lib.mdDoc ''
           Whether to decompress fonts in
-          <filename>/run/current-system/sw/share/X11/fonts</filename>.
+          {file}`/run/current-system/sw/share/X11/fonts`.
         '';
       };
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/fonts/fonts.nix

@@ -57,13 +57,13 @@ in
         type = types.listOf types.path;
         default = [];
         example = literalExpression "[ pkgs.dejavu_fonts ]";
-        description = "List of primary font paths.";
+        description = lib.mdDoc "List of primary font paths.";
       };
 
       enableDefaultFonts = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Enable a basic set of fonts providing several font styles
           and families and reasonable coverage of Unicode.
         '';

infra/libkookie/nixpkgs/unstable/nixos/modules/config/fonts/ghostscript.nix

@@ -11,7 +11,7 @@ with lib;
       enableGhostscriptFonts = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to add the fonts provided by Ghostscript (such as
           various URW fonts and the “Base-14” Postscript fonts) to the
           list of system fonts, making them available to X11

infra/libkookie/nixpkgs/unstable/nixos/modules/config/gnu.nix

@@ -5,7 +5,7 @@
     gnu = lib.mkOption {
       type = lib.types.bool;
       default = false;
-      description = ''
+      description = lib.mdDoc ''
         When enabled, GNU software is chosen by default whenever a there is
         a choice between GNU and non-GNU software (e.g., GNU lsh
         vs. OpenSSH).

infra/libkookie/nixpkgs/unstable/nixos/modules/config/gtk/gtk-icon-cache.nix

@@ -7,7 +7,7 @@ with lib;
       type = types.bool;
       default = config.services.xserver.enable;
       defaultText = literalExpression "config.services.xserver.enable";
-      description = ''
+      description = lib.mdDoc ''
         Whether to build icon theme caches for GTK applications.
       '';
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/i18n.nix

@@ -21,7 +21,7 @@ with lib;
           }
         '';
         example = literalExpression "pkgs.glibcLocales";
-        description = ''
+        description = lib.mdDoc ''
           Customized pkg.glibcLocales package.
 
           Changing this option can disable handling of i18n.defaultLocale
@@ -33,7 +33,7 @@ with lib;
         type = types.str;
         default = "en_US.UTF-8";
         example = "nl_NL.UTF-8";
-        description = ''
+        description = lib.mdDoc ''
           The default locale.  It determines the language for program
           messages, the format for dates and times, sort order, and so on.
           It also determines the character set, such as UTF-8.
@@ -44,25 +44,30 @@ with lib;
         type = types.attrsOf types.str;
         default = {};
         example = { LC_MESSAGES = "en_US.UTF-8"; LC_TIME = "de_DE.UTF-8"; };
-        description = ''
+        description = lib.mdDoc ''
           A set of additional system-wide locale settings other than
-          <literal>LANG</literal> which can be configured with
-          <option>i18n.defaultLocale</option>.
+          `LANG` which can be configured with
+          {option}`i18n.defaultLocale`.
         '';
       };
 
       supportedLocales = mkOption {
         type = types.listOf types.str;
-        default = builtins.map (l: l + "/UTF-8")
-          (unique (
-            [ config.i18n.defaultLocale ] ++
-            (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
+        default = unique
+          (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
+            [
+              "C.UTF-8"
+              "en_US.UTF-8"
+              config.i18n.defaultLocale
+            ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
           ));
         defaultText = literalExpression ''
-          builtins.map (l: l + "/UTF-8")
-            (unique (
-              [ config.i18n.defaultLocale ] ++
-              (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
+          unique
+            (builtins.map (l: (replaceStrings [ "utf8" "utf-8" "UTF8" ] [ "UTF-8" "UTF-8" "UTF-8" ] l) + "/UTF-8") (
+              [
+                "C.UTF-8"
+                config.i18n.defaultLocale
+              ] ++ (attrValues (filterAttrs (n: v: n != "LANGUAGE") config.i18n.extraLocaleSettings))
             ))
         '';
         example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"];

infra/libkookie/nixpkgs/unstable/nixos/modules/config/iproute2.nix

@@ -11,7 +11,7 @@ in
     rttablesExtraConfig = mkOption {
       type = types.lines;
       default = "";
-      description = ''
+      description = lib.mdDoc ''
         Verbatim lines to add to /etc/iproute2/rt_tables
       '';
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/krb5/default.nix

@@ -85,9 +85,9 @@ in {
         default = pkgs.krb5Full;
         defaultText = literalExpression "pkgs.krb5Full";
         example = literalExpression "pkgs.heimdal";
-        description = ''
+        description = lib.mdDoc ''
           The Kerberos implementation that will be present in
-          <literal>environment.systemPackages</literal> after enabling this
+          `environment.systemPackages` after enabling this
           service.
         '';
       };
@@ -101,7 +101,7 @@ in {
             default_realm = "ATHENA.MIT.EDU";
           };
         '';
-        description = ''
+        description = lib.mdDoc ''
           Settings used by the Kerberos V5 library.
         '';
       };
@@ -121,7 +121,7 @@ in {
           };
         '';
         apply = attrs: filterEmbeddedMetadata attrs;
-        description = "Realm-specific contact information and settings.";
+        description = lib.mdDoc "Realm-specific contact information and settings.";
       };
 
       domain_realm = mkOption {
@@ -134,7 +134,7 @@ in {
           };
         '';
         apply = attrs: filterEmbeddedMetadata attrs;
-        description = ''
+        description = lib.mdDoc ''
           Map of server hostnames to Kerberos realms.
         '';
       };
@@ -153,7 +153,7 @@ in {
           };
         '';
         apply = attrs: filterEmbeddedMetadata attrs;
-        description = ''
+        description = lib.mdDoc ''
           Authentication paths for non-hierarchical cross-realm authentication.
         '';
       };
@@ -174,7 +174,7 @@ in {
           };
         '';
         apply = attrs: filterEmbeddedMetadata attrs;
-        description = ''
+        description = lib.mdDoc ''
           Settings used by some Kerberos V5 applications.
         '';
       };
@@ -190,7 +190,7 @@ in {
           };
         '';
         apply = attrs: filterEmbeddedMetadata attrs;
-        description = ''
+        description = lib.mdDoc ''
           Controls plugin module registration.
         '';
       };
@@ -235,14 +235,14 @@ in {
             admin_server = SYSLOG:NOTICE
             default      = SYSLOG:NOTICE
         '';
-        description = ''
-          Verbatim <literal>krb5.conf</literal> configuration.  Note that this
+        description = lib.mdDoc ''
+          Verbatim `krb5.conf` configuration.  Note that this
           is mutually exclusive with configuration via
-          <literal>libdefaults</literal>, <literal>realms</literal>,
-          <literal>domain_realm</literal>, <literal>capaths</literal>,
-          <literal>appdefaults</literal>, <literal>plugins</literal> and
-          <literal>extraConfig</literal> configuration options.  Consult
-          <literal>man krb5.conf</literal> for documentation.
+          `libdefaults`, `realms`,
+          `domain_realm`, `capaths`,
+          `appdefaults`, `plugins` and
+          `extraConfig` configuration options.  Consult
+          `man krb5.conf` for documentation.
         '';
       };
 
@@ -250,9 +250,9 @@ in {
         type = with types; nullOr str;
         default = null;
         example = "ATHENA.MIT.EDU";
-        description = ''
+        description = lib.mdDoc ''
           DEPRECATED, please use
-          <literal>krb5.libdefaults.default_realm</literal>.
+          `krb5.libdefaults.default_realm`.
         '';
       };
 
@@ -260,9 +260,9 @@ in {
         type = with types; nullOr str;
         default = null;
         example = "athena.mit.edu";
-        description = ''
+        description = lib.mdDoc ''
           DEPRECATED, please create a map of server hostnames to Kerberos realms
-          in <literal>krb5.domain_realm</literal>.
+          in `krb5.domain_realm`.
         '';
       };
 
@@ -270,9 +270,9 @@ in {
         type = with types; nullOr str;
         default = null;
         example = "kerberos.mit.edu";
-        description = ''
-          DEPRECATED, please pass a <literal>kdc</literal> attribute to a realm
-          in <literal>krb5.realms</literal>.
+        description = lib.mdDoc ''
+          DEPRECATED, please pass a `kdc` attribute to a realm
+          in `krb5.realms`.
         '';
       };
 
@@ -280,9 +280,9 @@ in {
         type = with types; nullOr str;
         default = null;
         example = "kerberos.mit.edu";
-        description = ''
-          DEPRECATED, please pass an <literal>admin_server</literal> attribute
-          to a realm in <literal>krb5.realms</literal>.
+        description = lib.mdDoc ''
+          DEPRECATED, please pass an `admin_server` attribute
+          to a realm in `krb5.realms`.
         '';
       };
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/ldap.nix

@@ -64,34 +64,34 @@ in
       loginPam = mkOption {
         type = types.bool;
         default = true;
-        description = "Whether to include authentication against LDAP in login PAM.";
+        description = lib.mdDoc "Whether to include authentication against LDAP in login PAM.";
       };
 
       nsswitch = mkOption {
         type = types.bool;
         default = true;
-        description = "Whether to include lookup against LDAP in NSS.";
+        description = lib.mdDoc "Whether to include lookup against LDAP in NSS.";
       };
 
       server = mkOption {
         type = types.str;
         example = "ldap://ldap.example.org/";
-        description = "The URL of the LDAP server.";
+        description = lib.mdDoc "The URL of the LDAP server.";
       };
 
       base = mkOption {
         type = types.str;
         example = "dc=example,dc=org";
-        description = "The distinguished name of the search base.";
+        description = lib.mdDoc "The distinguished name of the search base.";
       };
 
       useTLS = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           If enabled, use TLS (encryption) over an LDAP (port 389)
           connection.  The alternative is to specify an LDAPS server (port
-          636) in <option>users.ldap.server</option> or to forego
+          636) in {option}`users.ldap.server` or to forego
           security.
         '';
       };
@@ -99,7 +99,7 @@ in
       timeLimit = mkOption {
         default = 0;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Specifies the time limit (in seconds) to use when performing
           searches. A value of zero (0), which is the default, is to
           wait indefinitely for searches to be completed.
@@ -110,7 +110,7 @@ in
         enable = mkOption {
           type = types.bool;
           default = false;
-          description = ''
+          description = lib.mdDoc ''
             Whether to let the nslcd daemon (nss-pam-ldapd) handle the
             LDAP lookups for NSS and PAM. This can improve performance,
             and if you need to bind to the LDAP server with a password,
@@ -125,9 +125,9 @@ in
         extraConfig = mkOption {
           default =  "";
           type = types.lines;
-          description = ''
+          description = lib.mdDoc ''
             Extra configuration options that will be added verbatim at
-            the end of the nslcd configuration file (<literal>nslcd.conf(5)</literal>).
+            the end of the nslcd configuration file (`nslcd.conf(5)`).
           '' ;
         } ;
 
@@ -135,7 +135,7 @@ in
           default = "";
           example = "cn=admin,dc=example,dc=com";
           type = types.str;
-          description = ''
+          description = lib.mdDoc ''
             The distinguished name to use to bind to the LDAP server
             when the root user tries to modify a user's password.
           '';
@@ -145,7 +145,7 @@ in
           default = "";
           example = "/run/keys/nslcd.rootpwmodpw";
           type = types.str;
-          description = ''
+          description = lib.mdDoc ''
             The path to a file containing the credentials with which to bind to
             the LDAP server if the root user tries to change a user's password.
           '';
@@ -157,7 +157,7 @@ in
           default = "";
           example = "cn=admin,dc=example,dc=com";
           type = types.str;
-          description = ''
+          description = lib.mdDoc ''
             The distinguished name to bind to the LDAP server with. If this
             is not specified, an anonymous bind will be done.
           '';
@@ -166,7 +166,7 @@ in
         passwordFile = mkOption {
           default = "/etc/ldap/bind.password";
           type = types.str;
-          description = ''
+          description = lib.mdDoc ''
             The path to a file containing the credentials to use when binding
             to the LDAP server (if not binding anonymously).
           '';
@@ -175,10 +175,10 @@ in
         timeLimit = mkOption {
           default = 30;
           type = types.int;
-          description = ''
+          description = lib.mdDoc ''
             Specifies the time limit (in seconds) to use when connecting
             to the directory server. This is distinct from the time limit
-            specified in <option>users.ldap.timeLimit</option> and affects
+            specified in {option}`users.ldap.timeLimit` and affects
             the initial server connection only.
           '';
         };
@@ -205,12 +205,12 @@ in
       extraConfig = mkOption {
         default = "";
         type = types.lines;
-        description = ''
+        description = lib.mdDoc ''
           Extra configuration options that will be added verbatim at
-          the end of the ldap configuration file (<literal>ldap.conf(5)</literal>).
-          If <option>users.ldap.daemon</option> is enabled, this
+          the end of the ldap configuration file (`ldap.conf(5)`).
+          If {option}`users.ldap.daemon` is enabled, this
           configuration will not be used. In that case, use
-          <option>users.ldap.daemon.extraConfig</option> instead.
+          {option}`users.ldap.daemon.extraConfig` instead.
         '' ;
       };
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/locale.nix

@@ -22,9 +22,8 @@ in
         default = null;
         type = timezone;
         example = "America/New_York";
-        description = ''
-          The time zone used when displaying times and dates. See <link
-          xlink:href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones"/>
+        description = lib.mdDoc ''
+          The time zone used when displaying times and dates. See <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones>
           for a comprehensive list of possible values for this setting.
 
           If null, the timezone will default to UTC and can be set imperatively
@@ -35,7 +34,7 @@ in
       hardwareClockInLocalTime = mkOption {
         default = false;
         type = types.bool;
-        description = "If set, keep the hardware clock in local time instead of UTC.";
+        description = lib.mdDoc "If set, keep the hardware clock in local time instead of UTC.";
       };
 
     };
@@ -44,18 +43,18 @@ in
 
       latitude = mkOption {
         type = types.float;
-        description = ''
+        description = lib.mdDoc ''
           Your current latitude, between
-          <literal>-90.0</literal> and <literal>90.0</literal>. Must be provided
+          `-90.0` and `90.0`. Must be provided
           along with longitude.
         '';
       };
 
       longitude = mkOption {
         type = types.float;
-        description = ''
+        description = lib.mdDoc ''
           Your current longitude, between
-          between <literal>-180.0</literal> and <literal>180.0</literal>. Must be
+          between `-180.0` and `180.0`. Must be
           provided along with latitude.
         '';
       };
@@ -63,9 +62,9 @@ in
       provider = mkOption {
         type = types.enum [ "manual" "geoclue2" ];
         default = "manual";
-        description = ''
+        description = lib.mdDoc ''
           The location provider to use for determining your location. If set to
-          <literal>manual</literal> you must also provide latitude/longitude.
+          `manual` you must also provide latitude/longitude.
         '';
       };
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/networking.nix

@@ -28,7 +28,7 @@ in
           "192.168.0.2" = [ "fileserver.local" "nameserver.local" ];
         };
       '';
-      description = ''
+      description = lib.mdDoc ''
         Locally defined maps of hostnames to IP addresses.
       '';
     };
@@ -37,8 +37,8 @@ in
       type = types.listOf types.path;
       defaultText = literalDocBook "Hosts from <option>networking.hosts</option> and <option>networking.extraHosts</option>";
       example = literalExpression ''[ "''${pkgs.my-blocklist-package}/share/my-blocklist/hosts" ]'';
-      description = ''
-        Files that should be concatenated together to form <filename>/etc/hosts</filename>.
+      description = lib.mdDoc ''
+        Files that should be concatenated together to form {file}`/etc/hosts`.
       '';
     };
 
@@ -46,9 +46,9 @@ in
       type = types.lines;
       default = "";
       example = "192.168.0.1 lanlocalhost";
-      description = ''
-        Additional verbatim entries to be appended to <filename>/etc/hosts</filename>.
-        For adding hosts from derivation results, use <option>networking.hostFiles</option> instead.
+      description = lib.mdDoc ''
+        Additional verbatim entries to be appended to {file}`/etc/hosts`.
+        For adding hosts from derivation results, use {option}`networking.hostFiles` instead.
       '';
     };
 
@@ -60,7 +60,7 @@ in
         "3.nixos.pool.ntp.org"
       ];
       type = types.listOf types.str;
-      description = ''
+      description = lib.mdDoc ''
         The set of NTP servers from which to synchronise.
       '';
     };
@@ -70,7 +70,7 @@ in
       default = lib.mkOption {
         type = types.nullOr types.str;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the default value for httpProxy, httpsProxy, ftpProxy and rsyncProxy.
         '';
         example = "http://127.0.0.1:3128";
@@ -80,7 +80,7 @@ in
         type = types.nullOr types.str;
         default = cfg.proxy.default;
         defaultText = literalExpression "config.${opt.proxy.default}";
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the http_proxy environment variable.
         '';
         example = "http://127.0.0.1:3128";
@@ -90,7 +90,7 @@ in
         type = types.nullOr types.str;
         default = cfg.proxy.default;
         defaultText = literalExpression "config.${opt.proxy.default}";
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the https_proxy environment variable.
         '';
         example = "http://127.0.0.1:3128";
@@ -100,7 +100,7 @@ in
         type = types.nullOr types.str;
         default = cfg.proxy.default;
         defaultText = literalExpression "config.${opt.proxy.default}";
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the ftp_proxy environment variable.
         '';
         example = "http://127.0.0.1:3128";
@@ -110,7 +110,7 @@ in
         type = types.nullOr types.str;
         default = cfg.proxy.default;
         defaultText = literalExpression "config.${opt.proxy.default}";
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the rsync_proxy environment variable.
         '';
         example = "http://127.0.0.1:3128";
@@ -120,7 +120,7 @@ in
         type = types.nullOr types.str;
         default = cfg.proxy.default;
         defaultText = literalExpression "config.${opt.proxy.default}";
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the all_proxy environment variable.
         '';
         example = "http://127.0.0.1:3128";
@@ -129,7 +129,7 @@ in
       noProxy = lib.mkOption {
         type = types.nullOr types.str;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           This option specifies the no_proxy environment variable.
           If a default proxy is used and noProxy is null,
           then noProxy will be set to 127.0.0.1,localhost.

infra/libkookie/nixpkgs/unstable/nixos/modules/config/no-x-libs.nix

@@ -10,7 +10,7 @@ with lib;
     environment.noXlibs = mkOption {
       type = types.bool;
       default = false;
-      description = ''
+      description = lib.mdDoc ''
         Switch off the options in the default configuration that
         require X11 libraries. This includes client-side font
         configuration and SSH forwarding of X11 authentication

infra/libkookie/nixpkgs/unstable/nixos/modules/config/nsswitch.nix

@@ -13,10 +13,10 @@ with lib;
       type = types.listOf types.path;
       internal = true;
       default = [];
-      description = ''
+      description = lib.mdDoc ''
         Search path for NSS (Name Service Switch) modules.  This allows
         several DNS resolution methods to be specified via
-        <filename>/etc/nsswitch.conf</filename>.
+        {file}`/etc/nsswitch.conf`.
       '';
       apply = list:
         {
@@ -28,8 +28,8 @@ with lib;
     system.nssDatabases = {
       passwd = mkOption {
         type = types.listOf types.str;
-        description = ''
-          List of passwd entries to configure in <filename>/etc/nsswitch.conf</filename>.
+        description = lib.mdDoc ''
+          List of passwd entries to configure in {file}`/etc/nsswitch.conf`.
 
           Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
 
@@ -40,8 +40,8 @@ with lib;
 
       group = mkOption {
         type = types.listOf types.str;
-        description = ''
-          List of group entries to configure in <filename>/etc/nsswitch.conf</filename>.
+        description = lib.mdDoc ''
+          List of group entries to configure in {file}`/etc/nsswitch.conf`.
 
           Note that "files" is always prepended while "systemd" is appended if nscd is enabled.
 
@@ -52,8 +52,8 @@ with lib;
 
       shadow = mkOption {
         type = types.listOf types.str;
-        description = ''
-          List of shadow entries to configure in <filename>/etc/nsswitch.conf</filename>.
+        description = lib.mdDoc ''
+          List of shadow entries to configure in {file}`/etc/nsswitch.conf`.
 
           Note that "files" is always prepended.
 
@@ -64,8 +64,8 @@ with lib;
 
       hosts = mkOption {
         type = types.listOf types.str;
-        description = ''
-          List of hosts entries to configure in <filename>/etc/nsswitch.conf</filename>.
+        description = lib.mdDoc ''
+          List of hosts entries to configure in {file}`/etc/nsswitch.conf`.
 
           Note that "files" is always prepended, and "dns" and "myhostname" are always appended.
 
@@ -76,8 +76,8 @@ with lib;
 
       services = mkOption {
         type = types.listOf types.str;
-        description = ''
-          List of services entries to configure in <filename>/etc/nsswitch.conf</filename>.
+        description = lib.mdDoc ''
+          List of services entries to configure in {file}`/etc/nsswitch.conf`.
 
           Note that "files" is always prepended.
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/power-management.nix

@@ -20,7 +20,7 @@ in
         type = types.bool;
         default = true;
         description =
-          ''
+          lib.mdDoc ''
             Whether to enable power management.  This includes support
             for suspend-to-RAM and powersave features on laptops.
           '';
@@ -29,7 +29,7 @@ in
       resumeCommands = mkOption {
         type = types.lines;
         default = "";
-        description = "Commands executed after the system resumes from suspend-to-RAM.";
+        description = lib.mdDoc "Commands executed after the system resumes from suspend-to-RAM.";
       };
 
       powerUpCommands = mkOption {
@@ -39,7 +39,7 @@ in
           "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
         '';
         description =
-          ''
+          lib.mdDoc ''
             Commands executed when the machine powers up.  That is,
             they're executed both when the system first boots and when
             it resumes from suspend or hibernation.
@@ -53,7 +53,7 @@ in
           "''${pkgs.hdparm}/sbin/hdparm -B 255 /dev/sda"
         '';
         description =
-          ''
+          lib.mdDoc ''
             Commands executed when the machine powers down.  That is,
             they're executed both when the system shuts down and when
             it goes to suspend or hibernation.

infra/libkookie/nixpkgs/unstable/nixos/modules/config/pulseaudio.nix

@@ -89,7 +89,7 @@ in {
       enable = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to enable the PulseAudio sound server.
         '';
       };
@@ -97,7 +97,7 @@ in {
       systemWide = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           If false, a PulseAudio server is launched automatically for
           each user that tries to use the sound system. The server runs
           with user privileges. If true, one system-wide PulseAudio
@@ -112,7 +112,7 @@ in {
       support32Bit = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to include the 32-bit pulseaudio libraries in the system or not.
           This is only useful on 64-bit systems and currently limited to x86_64-linux.
         '';
@@ -120,7 +120,7 @@ in {
 
       configFile = mkOption {
         type = types.nullOr types.path;
-        description = ''
+        description = lib.mdDoc ''
           The path to the default configuration options the PulseAudio server
           should use. By default, the "default.pa" configuration
           from the PulseAudio distribution is used.
@@ -130,8 +130,8 @@ in {
       extraConfig = mkOption {
         type = types.lines;
         default = "";
-        description = ''
-          Literal string to append to <literal>configFile</literal>
+        description = lib.mdDoc ''
+          Literal string to append to `configFile`
           and the config file generated by the pulseaudio module.
         '';
       };
@@ -139,7 +139,7 @@ in {
       extraClientConf = mkOption {
         type = types.lines;
         default = "";
-        description = ''
+        description = lib.mdDoc ''
           Extra configuration appended to pulse/client.conf file.
         '';
       };
@@ -151,10 +151,10 @@ in {
                   else pkgs.pulseaudio;
         defaultText = literalExpression "pkgs.pulseaudio";
         example = literalExpression "pkgs.pulseaudioFull";
-        description = ''
+        description = lib.mdDoc ''
           The PulseAudio derivation to use.  This can be used to enable
           features (such as JACK support, Bluetooth) via the
-          <literal>pulseaudioFull</literal> package.
+          `pulseaudioFull` package.
         '';
       };
 
@@ -162,7 +162,7 @@ in {
         type = types.listOf types.package;
         default = [];
         example = literalExpression "[ pkgs.pulseaudio-modules-bt ]";
-        description = ''
+        description = lib.mdDoc ''
           Extra pulseaudio modules to use. This is intended for out-of-tree
           pulseaudio modules like extra bluetooth codecs.
 
@@ -174,7 +174,7 @@ in {
         logLevel = mkOption {
           type = types.str;
           default = "notice";
-          description = ''
+          description = lib.mdDoc ''
             The log level that the system-wide pulseaudio daemon should use,
             if activated.
           '';
@@ -183,7 +183,7 @@ in {
         config = mkOption {
           type = types.attrsOf types.unspecified;
           default = {};
-          description = "Config of the pulse daemon. See <literal>man pulse-daemon.conf</literal>.";
+          description = lib.mdDoc "Config of the pulse daemon. See `man pulse-daemon.conf`.";
           example = literalExpression ''{ realtime-scheduling = "yes"; }'';
         };
       };
@@ -205,7 +205,7 @@ in {
             type = types.listOf types.str;
             default = [];
             example = literalExpression ''[ "127.0.0.1" "192.168.1.0/24" ]'';
-            description = ''
+            description = lib.mdDoc ''
               A list of IP subnets that are allowed to stream to the server.
             '';
           };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/qt5.nix

@@ -8,14 +8,21 @@ let
 
   isQGnome = cfg.platformTheme == "gnome" && builtins.elem cfg.style ["adwaita" "adwaita-dark"];
   isQtStyle = cfg.platformTheme == "gtk2" && !(builtins.elem cfg.style ["adwaita" "adwaita-dark"]);
+  isQt5ct = cfg.platformTheme == "qt5ct";
+  isLxqt = cfg.platformTheme == "lxqt";
+  isKde = cfg.platformTheme == "kde";
 
   packages = if isQGnome then [ pkgs.qgnomeplatform pkgs.adwaita-qt ]
     else if isQtStyle then [ pkgs.libsForQt5.qtstyleplugins ]
+    else if isQt5ct then [ pkgs.libsForQt5.qt5ct ]
+    else if isLxqt then [ pkgs.lxqt.lxqt-qtplugin pkgs.lxqt.lxqt-config ]
+    else if isKde then [ pkgs.libsForQt5.plasma-integration pkgs.libsForQt5.systemsettings ]
     else throw "`qt5.platformTheme` ${cfg.platformTheme} and `qt5.style` ${cfg.style} are not compatible.";
 
 in
 
 {
+  meta.maintainers = [ maintainers.romildo ];
 
   options = {
     qt5 = {
@@ -26,29 +33,29 @@ in
         type = types.enum [
           "gtk2"
           "gnome"
+          "lxqt"
+          "qt5ct"
+          "kde"
         ];
         example = "gnome";
         relatedPackages = [
           "qgnomeplatform"
           ["libsForQt5" "qtstyleplugins"]
+          ["libsForQt5" "qt5ct"]
+          ["lxqt" "lxqt-qtplugin"]
+          ["libsForQt5" "plasma-integration"]
         ];
-        description = ''
-          Selects the platform theme to use for Qt5 applications.</para>
-          <para>The options are
-          <variablelist>
-            <varlistentry>
-              <term><literal>gtk</literal></term>
-              <listitem><para>Use GTK theme with
-                <link xlink:href="https://github.com/qt/qtstyleplugins">qtstyleplugins</link>
-              </para></listitem>
-            </varlistentry>
-            <varlistentry>
-              <term><literal>gnome</literal></term>
-              <listitem><para>Use GNOME theme with
-                <link xlink:href="https://github.com/FedoraQt/QGnomePlatform">qgnomeplatform</link>
-              </para></listitem>
-            </varlistentry>
-          </variablelist>
+        description = lib.mdDoc ''
+          Selects the platform theme to use for Qt5 applications.
+
+          The options are
+          - `gtk`: Use GTK theme with [qtstyleplugins](https://github.com/qt/qtstyleplugins)
+          - `gnome`: Use GNOME theme with [qgnomeplatform](https://github.com/FedoraQt/QGnomePlatform)
+          - `lxqt`: Use LXQt style set using the [lxqt-config-appearance](https://github.com/lxqt/lxqt-config)
+             application.
+          - `qt5ct`: Use Qt style set using the [qt5ct](https://sourceforge.net/projects/qt5ct/)
+             application.
+          - `kde`: Use Qt settings from Plasma.
         '';
       };
 
@@ -66,27 +73,14 @@ in
           "adwaita-qt"
           ["libsForQt5" "qtstyleplugins"]
         ];
-        description = ''
-          Selects the style to use for Qt5 applications.</para>
-          <para>The options are
-          <variablelist>
-            <varlistentry>
-              <term><literal>adwaita</literal></term>
-              <term><literal>adwaita-dark</literal></term>
-              <listitem><para>Use Adwaita Qt style with
-                <link xlink:href="https://github.com/FedoraQt/adwaita-qt">adwaita</link>
-              </para></listitem>
-            </varlistentry>
-            <varlistentry>
-              <term><literal>cleanlooks</literal></term>
-              <term><literal>gtk2</literal></term>
-              <term><literal>motif</literal></term>
-              <term><literal>plastique</literal></term>
-              <listitem><para>Use styles from
-                <link xlink:href="https://github.com/qt/qtstyleplugins">qtstyleplugins</link>
-              </para></listitem>
-            </varlistentry>
-          </variablelist>
+        description = lib.mdDoc ''
+          Selects the style to use for Qt5 applications.
+
+          The options are
+          - `adwaita`, `adwaita-dark`: Use Adwaita Qt style with
+            [adwaita](https://github.com/FedoraQt/adwaita-qt)
+          - `cleanlooks`, `gtk2`, `motif`, `plastique`: Use styles from
+            [qtstyleplugins](https://github.com/qt/qtstyleplugins)
         '';
       };
     };
@@ -96,7 +90,7 @@ in
 
     environment.variables.QT_QPA_PLATFORMTHEME = cfg.platformTheme;
 
-    environment.variables.QT_STYLE_OVERRIDE = cfg.style;
+    environment.variables.QT_STYLE_OVERRIDE = mkIf (! (isQt5ct || isLxqt || isKde)) cfg.style;
 
     environment.systemPackages = packages;
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/resolvconf.nix

@@ -49,15 +49,28 @@ in
         type = types.bool;
         default = !(config.environment.etc ? "resolv.conf");
         defaultText = literalExpression ''!(config.environment.etc ? "resolv.conf")'';
-        description = ''
-          DNS configuration is managed by resolvconf.
+        description = lib.mdDoc ''
+          Whether DNS configuration is managed by resolvconf.
+        '';
+      };
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.openresolv;
+        defaultText = literalExpression "pkgs.openresolv";
+        description = lib.mdDoc ''
+          The package that provides the system-wide resolvconf command. Defaults to `openresolv`
+          if this module is enabled. Otherwise, can be used by other modules (for example {option}`services.resolved`) to
+          provide a compatibility layer.
+
+          This option generally shouldn't be set by the user.
         '';
       };
 
       dnsSingleRequest = lib.mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Recent versions of glibc will issue both ipv4 (A) and ipv6 (AAAA)
           address queries at the same time, from the same port. Sometimes upstream
           routers will systemically drop the ipv4 queries. The symptom of this problem is
@@ -82,8 +95,8 @@ in
         type = types.lines;
         default = "";
         example = "libc=NO";
-        description = ''
-          Extra configuration to append to <filename>resolvconf.conf</filename>.
+        description = lib.mdDoc ''
+          Extra configuration to append to {file}`resolvconf.conf`.
         '';
       };
 
@@ -91,15 +104,15 @@ in
         type = types.listOf types.str;
         default = [];
         example = [ "ndots:1" "rotate" ];
-        description = ''
-          Set the options in <filename>/etc/resolv.conf</filename>.
+        description = lib.mdDoc ''
+          Set the options in {file}`/etc/resolv.conf`.
         '';
       };
 
       useLocalResolver = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Use local DNS server for resolving.
         '';
       };
@@ -119,10 +132,12 @@ in
             exit 1
           ''
         else configText;
+
+      environment.systemPackages = [ cfg.package ];
     }
 
     (mkIf cfg.enable {
-      environment.systemPackages = [ pkgs.openresolv ];
+      networking.resolvconf.package = pkgs.openresolv;
 
       systemd.services.resolvconf = {
         description = "resolvconf update";
@@ -134,7 +149,7 @@ in
 
         serviceConfig = {
           Type = "oneshot";
-          ExecStart = "${pkgs.openresolv}/bin/resolvconf -u";
+          ExecStart = "${cfg.package}/bin/resolvconf -u";
           RemainAfterExit = true;
         };
       };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/shells-environment.nix

@@ -35,7 +35,7 @@ in
     environment.variables = mkOption {
       default = {};
       example = { EDITOR = "nvim"; VISUAL = "nvim"; };
-      description = ''
+      description = lib.mdDoc ''
         A set of environment variables used in the global environment.
         These variables will be set on shell initialisation (e.g. in /etc/profile).
         The value of each variable can be either a string or a list of
@@ -48,7 +48,7 @@ in
 
     environment.profiles = mkOption {
       default = [];
-      description = ''
+      description = lib.mdDoc ''
         A list of profiles used to setup the global environment.
       '';
       type = types.listOf types.str;
@@ -57,10 +57,10 @@ in
     environment.profileRelativeEnvVars = mkOption {
       type = types.attrsOf (types.listOf types.str);
       example = { PATH = [ "/bin" ]; MANPATH = [ "/man" "/share/man" ]; };
-      description = ''
+      description = lib.mdDoc ''
         Attribute set of environment variable.  Each attribute maps to a list
         of relative paths.  Each relative path is appended to the each profile
-        of <option>environment.profiles</option> to form the content of the
+        of {option}`environment.profiles` to form the content of the
         corresponding environment variable.
       '';
     };
@@ -68,7 +68,7 @@ in
     # !!! isn't there a better way?
     environment.extraInit = mkOption {
       default = "";
-      description = ''
+      description = lib.mdDoc ''
         Shell script code called during global environment initialisation
         after all variables and profileVariables have been set.
         This code is assumed to be shell-independent, which means you should
@@ -79,7 +79,7 @@ in
 
     environment.shellInit = mkOption {
       default = "";
-      description = ''
+      description = lib.mdDoc ''
         Shell script code called during shell initialisation.
         This code is assumed to be shell-independent, which means you should
         stick to pure sh without sh word split.
@@ -89,7 +89,7 @@ in
 
     environment.loginShellInit = mkOption {
       default = "";
-      description = ''
+      description = lib.mdDoc ''
         Shell script code called during login shell initialisation.
         This code is assumed to be shell-independent, which means you should
         stick to pure sh without sh word split.
@@ -99,7 +99,7 @@ in
 
     environment.interactiveShellInit = mkOption {
       default = "";
-      description = ''
+      description = lib.mdDoc ''
         Shell script code called during interactive shell initialisation.
         This code is assumed to be shell-independent, which means you should
         stick to pure sh without sh word split.
@@ -119,7 +119,7 @@ in
     };
 
     environment.homeBinInPath = mkOption {
-      description = ''
+      description = lib.mdDoc ''
         Include ~/bin/ in $PATH.
       '';
       default = false;
@@ -127,7 +127,7 @@ in
     };
 
     environment.localBinInPath = mkOption {
-      description = ''
+      description = lib.mdDoc ''
         Add ~/.local/bin/ to $PATH
       '';
       default = false;
@@ -151,9 +151,9 @@ in
     environment.shells = mkOption {
       default = [];
       example = literalExpression "[ pkgs.bashInteractive pkgs.zsh ]";
-      description = ''
+      description = lib.mdDoc ''
         A list of permissible login shells for user accounts.
-        No need to mention <literal>/bin/sh</literal>
+        No need to mention `/bin/sh`
         here, it is placed into this list implicitly.
       '';
       type = types.listOf (types.either types.shellPackage types.path);

infra/libkookie/nixpkgs/unstable/nixos/modules/config/swap.nix

@@ -14,7 +14,7 @@ let
       enable = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Encrypt swap device with a random key. This way you won't have a persistent swap device.
 
           WARNING: Don't try to hibernate when you have at least one swap partition with
@@ -31,7 +31,7 @@ let
         default = "aes-xts-plain64";
         example = "serpent-xts-plain64";
         type = types.str;
-        description = ''
+        description = lib.mdDoc ''
           Use specified cipher for randomEncryption.
 
           Hint: Run "cryptsetup benchmark" to see which one is fastest on your machine.
@@ -42,7 +42,7 @@ let
         default = "/dev/urandom";
         example = "/dev/random";
         type = types.str;
-        description = ''
+        description = lib.mdDoc ''
           Define the source of randomness to obtain a random key for encryption.
         '';
       };
@@ -50,7 +50,7 @@ let
       allowDiscards = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Whether to allow TRIM requests to the underlying device. This option
           has security implications; please read the LUKS documentation before
           activating it.
@@ -67,7 +67,7 @@ let
       device = mkOption {
         example = "/dev/sda3";
         type = types.str;
-        description = "Path of the device or swap file.";
+        description = lib.mdDoc "Path of the device or swap file.";
       };
 
       label = mkOption {
@@ -82,7 +82,7 @@ let
         default = null;
         example = 2048;
         type = types.nullOr types.int;
-        description = ''
+        description = lib.mdDoc ''
           If this option is set, ‘device’ is interpreted as the
           path of a swapfile that will be created automatically
           with the indicated size (in megabytes).
@@ -93,7 +93,7 @@ let
         default = null;
         example = 2048;
         type = types.nullOr types.int;
-        description = ''
+        description = lib.mdDoc ''
           Specify the priority of the swap device. Priority is a value between 0 and 32767.
           Higher numbers indicate higher priority.
           null lets the kernel choose a priority, which will show up as a negative value.
@@ -108,7 +108,7 @@ let
           source = "/dev/random";
         };
         type = types.coercedTo types.bool randomEncryptionCoerce (types.submodule randomEncryptionOpts);
-        description = ''
+        description = lib.mdDoc ''
           Encrypt swap device with a random key. This way you won't have a persistent swap device.
 
           HINT: run "cryptsetup benchmark" to test cipher performance on your machine.
@@ -127,7 +127,7 @@ let
         default = null;
         example = "once";
         type = types.nullOr (types.enum ["once" "pages" "both" ]);
-        description = ''
+        description = lib.mdDoc ''
           Specify the discard policy for the swap device. If "once", then the
           whole swap space is discarded at swapon invocation. If "pages",
           asynchronous discard on freed pages is performed, before returning to
@@ -140,7 +140,7 @@ let
         default = [ "defaults" ];
         example = [ "nofail" ];
         type = types.listOf types.nonEmptyStr;
-        description = ''
+        description = lib.mdDoc ''
           Options used to mount the swap.
         '';
       };
@@ -181,13 +181,13 @@ in
         { device = "/var/swapfile"; }
         { label = "bigswap"; }
       ];
-      description = ''
+      description = lib.mdDoc ''
         The swap devices and swap files.  These must have been
-        initialised using <command>mkswap</command>.  Each element
+        initialised using {command}`mkswap`.  Each element
         should be an attribute set specifying either the path of the
-        swap device or file (<literal>device</literal>) or the label
-        of the swap device (<literal>label</literal>, see
-        <command>mkswap -L</command>).  Using a label is
+        swap device or file (`device`) or the label
+        of the swap device (`label`, see
+        {command}`mkswap -L`).  Using a label is
         recommended.
       '';
 

infra/libkookie/nixpkgs/unstable/nixos/modules/config/system-path.nix

@@ -64,14 +64,14 @@ in
         type = types.listOf types.package;
         default = [];
         example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]";
-        description = ''
+        description = lib.mdDoc ''
           The set of packages that appear in
           /run/current-system/sw.  These packages are
           automatically available to all users, and are
           automatically updated every time you rebuild the system
           configuration.  (The latter is the main difference with
           installing them in the default profile,
-          <filename>/nix/var/nix/profiles/default</filename>.
+          {file}`/nix/var/nix/profiles/default`.
         '';
       };
 
@@ -109,20 +109,20 @@ in
         # to work.
         default = [];
         example = ["/"];
-        description = "List of directories to be symlinked in <filename>/run/current-system/sw</filename>.";
+        description = lib.mdDoc "List of directories to be symlinked in {file}`/run/current-system/sw`.";
       };
 
       extraOutputsToInstall = mkOption {
         type = types.listOf types.str;
         default = [ ];
         example = [ "doc" "info" "devdoc" ];
-        description = "List of additional package outputs to be symlinked into <filename>/run/current-system/sw</filename>.";
+        description = lib.mdDoc "List of additional package outputs to be symlinked into {file}`/run/current-system/sw`.";
       };
 
       extraSetup = mkOption {
         type = types.lines;
         default = "";
-        description = "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.";
+        description = lib.mdDoc "Shell fragments to be run after the system environment has been created. This should only be used for things that need to modify the internals of the environment, e.g. generating MIME caches. The environment being built can be accessed at $out.";
       };
 
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/terminfo.nix

@@ -9,7 +9,7 @@ with lib;
   options.environment.enableAllTerminfo = with lib; mkOption {
     default = false;
     type = types.bool;
-    description = ''
+    description = lib.mdDoc ''
       Whether to install all terminfo outputs
     '';
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/unix-odbc-drivers.nix

@@ -20,10 +20,10 @@ in {
       type = types.listOf types.package;
       default = [];
       example = literalExpression "with pkgs.unixODBCDrivers; [ sqlite psql ]";
-      description = ''
+      description = lib.mdDoc ''
         Specifies Unix ODBC drivers to be registered in
-        <filename>/etc/odbcinst.ini</filename>.  You may also want to
-        add <literal>pkgs.unixODBC</literal> to the system path to get
+        {file}`/etc/odbcinst.ini`.  You may also want to
+        add `pkgs.unixODBC` to the system path to get
         a command line client to connect to ODBC databases.
       '';
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/users-groups.nix

@@ -6,12 +6,6 @@ let
   ids = config.ids;
   cfg = config.users;
 
-  isPasswdCompatible = str: !(hasInfix ":" str || hasInfix "\n" str);
-  passwdEntry = type: lib.types.addCheck type isPasswdCompatible // {
-    name = "passwdEntry ${type.name}";
-    description = "${type.description}, not containing newlines or colons";
-  };
-
   # Check whether a password hash will allow login.
   allowsLogin = hash:
     hash == "" # login without password
@@ -60,29 +54,29 @@ let
     options = {
 
       name = mkOption {
-        type = passwdEntry types.str;
+        type = types.passwdEntry types.str;
         apply = x: assert (builtins.stringLength x < 32 || abort "Username '${x}' is longer than 31 characters which is not allowed!"); x;
-        description = ''
+        description = lib.mdDoc ''
           The name of the user account. If undefined, the name of the
           attribute set will be used.
         '';
       };
 
       description = mkOption {
-        type = passwdEntry types.str;
+        type = types.passwdEntry types.str;
         default = "";
         example = "Alice Q. User";
-        description = ''
+        description = lib.mdDoc ''
           A short description of the user account, typically the
           user's full name.  This is actually the “GECOS” or “comment”
-          field in <filename>/etc/passwd</filename>.
+          field in {file}`/etc/passwd`.
         '';
       };
 
       uid = mkOption {
         type = with types; nullOr int;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           The account UID. If the UID is null, a free UID is picked on
           activation.
         '';
@@ -91,15 +85,15 @@ let
       isSystemUser = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Indicates if the user is a system user or not. This option
-          only has an effect if <option>uid</option> is
-          <option>null</option>, in which case it determines whether
+          only has an effect if {option}`uid` is
+          {option}`null`, in which case it determines whether
           the user's UID is allocated in the range for system users
           (below 500) or in the range for normal users (starting at
           1000).
-          Exactly one of <literal>isNormalUser</literal> and
-          <literal>isSystemUser</literal> must be true.
+          Exactly one of `isNormalUser` and
+          `isSystemUser` must be true.
         '';
       };
 
@@ -124,31 +118,31 @@ let
         type = types.str;
         apply = x: assert (builtins.stringLength x < 32 || abort "Group name '${x}' is longer than 31 characters which is not allowed!"); x;
         default = "";
-        description = "The user's primary group.";
+        description = lib.mdDoc "The user's primary group.";
       };
 
       extraGroups = mkOption {
         type = types.listOf types.str;
         default = [];
-        description = "The user's auxiliary groups.";
+        description = lib.mdDoc "The user's auxiliary groups.";
       };
 
       home = mkOption {
-        type = passwdEntry types.path;
+        type = types.passwdEntry types.path;
         default = "/var/empty";
-        description = "The user's home directory.";
+        description = lib.mdDoc "The user's home directory.";
       };
 
       homeMode = mkOption {
         type = types.strMatching "[0-7]{1,5}";
         default = "700";
-        description = "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if <option>users.users.&lt;name&gt;.createHome</option> is true.";
+        description = lib.mdDoc "The user's home directory mode in numeric format. See chmod(1). The mode is only applied if {option}`users.users.<name>.createHome` is true.";
       };
 
       cryptHomeLuks = mkOption {
         type = with types; nullOr str;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           Path to encrypted luks device that contains
           the user's home directory.
         '';
@@ -169,7 +163,7 @@ let
       };
 
       shell = mkOption {
-        type = types.nullOr (types.either types.shellPackage (passwdEntry types.path));
+        type = types.nullOr (types.either types.shellPackage (types.passwdEntry types.path));
         default = pkgs.shadow;
         defaultText = literalExpression "pkgs.shadow";
         example = literalExpression "pkgs.bashInteractive";
@@ -189,10 +183,10 @@ let
           { startUid = 1000; count = 1; }
           { startUid = 100001; count = 65534; }
         ];
-        description = ''
+        description = lib.mdDoc ''
           Subordinate user ids that user is allowed to use.
-          They are set into <filename>/etc/subuid</filename> and are used
-          by <literal>newuidmap</literal> for user namespaces.
+          They are set into {file}`/etc/subuid` and are used
+          by `newuidmap` for user namespaces.
         '';
       };
 
@@ -203,10 +197,10 @@ let
           { startGid = 100; count = 1; }
           { startGid = 1001; count = 999; }
         ];
-        description = ''
+        description = lib.mdDoc ''
           Subordinate group ids that user is allowed to use.
-          They are set into <filename>/etc/subgid</filename> and are used
-          by <literal>newgidmap</literal> for user namespaces.
+          They are set into {file}`/etc/subgid` and are used
+          by `newgidmap` for user namespaces.
         '';
       };
 
@@ -214,7 +208,7 @@ let
         type = types.bool;
         default = false;
         example = true;
-        description = ''
+        description = lib.mdDoc ''
           Automatically allocate subordinate user and group ids for this user.
           Allocated range is currently always of size 65536.
         '';
@@ -223,7 +217,7 @@ let
       createHome = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           Whether to create the home directory and ensure ownership as well as
           permissions to match the user.
         '';
@@ -232,9 +226,9 @@ let
       useDefaultShell = mkOption {
         type = types.bool;
         default = false;
-        description = ''
+        description = lib.mdDoc ''
           If true, the user's shell will be set to
-          <option>users.defaultUserShell</option>.
+          {option}`users.defaultUserShell`.
         '';
       };
 
@@ -290,13 +284,13 @@ let
       initialPassword = mkOption {
         type = with types; nullOr str;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           Specifies the initial password for the user, i.e. the
           password assigned if the user does not already exist. If
-          <option>users.mutableUsers</option> is true, the password
+          {option}`users.mutableUsers` is true, the password
           can be changed subsequently using the
-          <command>passwd</command> command. Otherwise, it's
-          equivalent to setting the <option>password</option>
+          {command}`passwd` command. Otherwise, it's
+          equivalent to setting the {option}`password`
           option. The same caveat applies: the password specified here
           is world-readable in the Nix store, so it should only be
           used for guest accounts or passwords that will be changed
@@ -308,9 +302,9 @@ let
         type = types.listOf types.package;
         default = [];
         example = literalExpression "[ pkgs.firefox pkgs.thunderbird ]";
-        description = ''
+        description = lib.mdDoc ''
           The set of packages that should be made available to the user.
-          This is in contrast to <option>environment.systemPackages</option>,
+          This is in contrast to {option}`environment.systemPackages`,
           which adds packages to all users.
         '';
       };
@@ -349,8 +343,8 @@ let
     options = {
 
       name = mkOption {
-        type = passwdEntry types.str;
-        description = ''
+        type = types.passwdEntry types.str;
+        description = lib.mdDoc ''
           The name of the group. If undefined, the name of the attribute set
           will be used.
         '';
@@ -359,7 +353,7 @@ let
       gid = mkOption {
         type = with types; nullOr int;
         default = null;
-        description = ''
+        description = lib.mdDoc ''
           The group GID. If the GID is null, a free GID is picked on
           activation.
         '';
@@ -368,9 +362,9 @@ let
       members = mkOption {
         type = with types; listOf (passwdEntry str);
         default = [];
-        description = ''
+        description = lib.mdDoc ''
           The user names of the group members, added to the
-          <literal>/etc/group</literal> file.
+          `/etc/group` file.
         '';
       };
 
@@ -390,7 +384,7 @@ let
     options = {
       startUid = mkOption {
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Start of the range of subordinate user ids that user is
           allowed to use.
         '';
@@ -398,7 +392,7 @@ let
       count = mkOption {
         type = types.int;
         default = 1;
-        description = "Count of subordinate user ids";
+        description = lib.mdDoc "Count of subordinate user ids";
       };
     };
   };
@@ -407,7 +401,7 @@ let
     options = {
       startGid = mkOption {
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Start of the range of subordinate group ids that user is
           allowed to use.
         '';
@@ -415,7 +409,7 @@ let
       count = mkOption {
         type = types.int;
         default = 1;
-        description = "Count of subordinate group ids";
+        description = lib.mdDoc "Count of subordinate group ids";
       };
     };
   };
@@ -490,7 +484,7 @@ in {
     users.enforceIdUniqueness = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to require that no two users/groups share the same uid/gid.
       '';
     };
@@ -509,7 +503,7 @@ in {
           shell = "/bin/sh";
         };
       };
-      description = ''
+      description = lib.mdDoc ''
         Additional user accounts to be created automatically by the system.
         This can also be used to set options for root.
       '';
@@ -522,7 +516,7 @@ in {
           hackers = { };
         };
       type = with types; attrsOf (submodule groupOpts);
-      description = ''
+      description = lib.mdDoc ''
         Additional groups to be created automatically by the system.
       '';
     };
@@ -531,8 +525,8 @@ in {
     users.allowNoPasswordLogin = mkOption {
       type = types.bool;
       default = false;
-      description = ''
-        Disable checking that at least the <literal>root</literal> user or a user in the <literal>wheel</literal> group can log in using
+      description = lib.mdDoc ''
+        Disable checking that at least the `root` user or a user in the `wheel` group can log in using
         a password or an SSH key.
 
         WARNING: enabling this can lock you out of your system. Enable this only if you know what are you doing.

infra/libkookie/nixpkgs/unstable/nixos/modules/config/vte.nix

@@ -25,7 +25,7 @@ in
     programs.bash.vteIntegration = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Whether to enable Bash integration for VTE terminals.
         This allows it to preserve the current directory of the shell
         across terminals.
@@ -35,7 +35,7 @@ in
     programs.zsh.vteIntegration = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Whether to enable Zsh integration for VTE terminals.
         This allows it to preserve the current directory of the shell
         across terminals.

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/autostart.nix

@@ -10,9 +10,9 @@ with lib;
     xdg.autostart.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html">XDG Autostart specification</link>.
+        [XDG Autostart specification](https://specifications.freedesktop.org/autostart-spec/autostart-spec-latest.html).
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/icons.nix

@@ -10,9 +10,9 @@ with lib;
     xdg.icons.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html">XDG Icon Theme specification</link>.
+        [XDG Icon Theme specification](https://specifications.freedesktop.org/icon-theme-spec/icon-theme-spec-latest.html).
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/menus.nix

@@ -10,9 +10,9 @@ with lib;
     xdg.menus.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://specifications.freedesktop.org/menu-spec/menu-spec-latest.html">XDG Desktop Menu specification</link>.
+        [XDG Desktop Menu specification](https://specifications.freedesktop.org/menu-spec/menu-spec-latest.html).
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/mime.nix

@@ -18,10 +18,10 @@ in
     xdg.mime.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-latest.html">XDG Shared MIME-info specification</link> and the
-        <link xlink:href="https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html">XDG MIME Applications specification</link>.
+        [XDG Shared MIME-info specification](https://specifications.freedesktop.org/shared-mime-info-spec/shared-mime-info-spec-latest.html) and the
+        [XDG MIME Applications specification](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html).
       '';
     };
 
@@ -32,10 +32,10 @@ in
         "application/pdf" = "firefox.desktop";
         "text/xml" = [ "nvim.desktop" "codium.desktop" ];
       };
-      description = ''
+      description = lib.mdDoc ''
         Adds associations between mimetypes and applications. See the
-        <link xlink:href="https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations">
-        specifications</link> for more information.
+        [
+        specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations) for more information.
       '';
     };
 
@@ -46,10 +46,10 @@ in
         "application/pdf" = "firefox.desktop";
         "image/png" = [ "sxiv.desktop" "gimp.desktop" ];
       };
-      description = ''
+      description = lib.mdDoc ''
         Sets the default applications for given mimetypes. See the
-        <link xlink:href="https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#default">
-        specifications</link> for more information.
+        [
+        specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#default) for more information.
       '';
     };
 
@@ -60,10 +60,10 @@ in
         "audio/mp3" = [ "mpv.desktop" "umpv.desktop" ];
         "inode/directory" = "codium.desktop";
       };
-      description = ''
+      description = lib.mdDoc ''
         Removes associations between mimetypes and applications. See the
-        <link xlink:href="https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations">
-        specifications</link> for more information.
+        [
+        specifications](https://specifications.freedesktop.org/mime-apps-spec/mime-apps-spec-latest.html#associations) for more information.
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/portal.nix

@@ -1,10 +1,30 @@
 { config, pkgs, lib, ... }:
 
-with lib;
+let
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    mkRenamedOptionModule
+    teams
+    types;
+in
 
 {
   imports = [
     (mkRenamedOptionModule [ "services" "flatpak" "extraPortals" ] [ "xdg" "portal" "extraPortals" ])
+
+    ({ config, lib, options, ... }:
+      let
+        from = [ "xdg" "portal" "gtkUsePortal" ];
+        fromOpt = lib.getAttrFromPath from options;
+      in
+      {
+        warnings = lib.mkIf config.xdg.portal.gtkUsePortal [
+          "The option `${lib.showOption from}' defined in ${lib.showFiles fromOpt.files} has been deprecated. Setting the variable globally with `environment.sessionVariables' NixOS option can have unforseen side-effects."
+        ];
+      }
+    )
   ];
 
   meta = {
@@ -32,11 +52,12 @@ with lib;
 
     gtkUsePortal = mkOption {
       type = types.bool;
+      visible = false;
       default = false;
       description = ''
         Sets environment variable <literal>GTK_USE_PORTAL</literal> to <literal>1</literal>.
-        This is needed for packages ran outside Flatpak to respect and use XDG Desktop Portals.
-        For example, you'd need to set this for non-flatpak Firefox to use native filechoosers.
+        This will force GTK-based programs ran outside Flatpak to respect and use XDG Desktop Portals
+        for features like file chooser but it is an unsupported hack that can easily break things.
         Defaults to <literal>false</literal> to respect its opt-in nature.
       '';
     };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/portals/lxqt.nix

@@ -0,0 +1,49 @@
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.xdg.portal.lxqt;
+
+in
+{
+  meta = {
+    maintainers = teams.lxqt.members;
+  };
+
+  options.xdg.portal.lxqt = {
+    enable = mkEnableOption ''
+      the desktop portal for the LXQt desktop environment.
+
+      This will add the <package>lxqt.xdg-desktop-portal-lxqt</package>
+      package (with the extra Qt styles) into the
+      <option>xdg.portal.extraPortals</option> option
+    '';
+
+    styles = mkOption {
+      type = types.listOf types.package;
+      default = [];
+      example = literalExpression ''[
+        pkgs.libsForQt5.qtstyleplugin-kvantum
+        pkgs.breeze-qt5
+        pkgs.qtcurve
+      ];
+      '';
+      description = ''
+        Extra Qt styles that will be available to the
+        <package>lxqt.xdg-desktop-portal-lxqt</package>.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    xdg.portal = {
+      enable = true;
+      extraPortals = [
+        (pkgs.lxqt.xdg-desktop-portal-lxqt.override { extraQtStyles = cfg.styles; })
+      ];
+    };
+
+    environment.systemPackages = cfg.styles;
+  };
+}

infra/libkookie/nixpkgs/unstable/nixos/modules/config/xdg/sounds.nix

@@ -10,9 +10,9 @@ with lib;
     xdg.sounds.enable = mkOption {
       type = types.bool;
       default = true;
-      description = ''
+      description = lib.mdDoc ''
         Whether to install files to support the
-        <link xlink:href="https://www.freedesktop.org/wiki/Specifications/sound-theme-spec/">XDG Sound Theme specification</link>.
+        [XDG Sound Theme specification](https://www.freedesktop.org/wiki/Specifications/sound-theme-spec/).
       '';
     };
   };

infra/libkookie/nixpkgs/unstable/nixos/modules/config/zram.nix

@@ -40,21 +40,21 @@ in
       enable = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Enable in-memory compressed devices and swap space provided by the zram
           kernel module.
-          See <link xlink:href="https://www.kernel.org/doc/Documentation/blockdev/zram.txt">
+          See [
             https://www.kernel.org/doc/Documentation/blockdev/zram.txt
-          </link>.
+          ](https://www.kernel.org/doc/Documentation/blockdev/zram.txt).
         '';
       };
 
       numDevices = mkOption {
         default = 1;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Number of zram devices to create. See also
-          <literal>zramSwap.swapDevices</literal>
+          `zramSwap.swapDevices`
         '';
       };
 
@@ -62,20 +62,20 @@ in
         default = null;
         example = 1;
         type = with types; nullOr int;
-        description = ''
+        description = lib.mdDoc ''
           Number of zram devices to be used as swap. Must be
-          <literal>&lt;= zramSwap.numDevices</literal>.
-          Default is same as <literal>zramSwap.numDevices</literal>, recommended is 1.
+          `<= zramSwap.numDevices`.
+          Default is same as `zramSwap.numDevices`, recommended is 1.
         '';
       };
 
       memoryPercent = mkOption {
         default = 50;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Maximum amount of memory that can be used by the zram swap devices
           (as a percentage of your total memory). Defaults to 1/2 of your total
-          RAM. Run <literal>zramctl</literal> to check how good memory is
+          RAM. Run `zramctl` to check how good memory is
           compressed.
         '';
       };
@@ -83,7 +83,7 @@ in
       memoryMax = mkOption {
         default = null;
         type = with types; nullOr int;
-        description = ''
+        description = lib.mdDoc ''
           Maximum total amount of memory (in bytes) that can be used by the zram
           swap devices.
         '';
@@ -92,7 +92,7 @@ in
       priority = mkOption {
         default = 5;
         type = types.int;
-        description = ''
+        description = lib.mdDoc ''
           Priority of the zram swap devices. It should be a number higher than
           the priority of your disk-based swap devices (so that the system will
           fill the zram swap devices before falling back to disk swap).

infra/libkookie/nixpkgs/unstable/nixos/modules/hardware/acpilight.nix

@@ -10,7 +10,7 @@ in
       enable = mkOption {
         default = false;
         type = types.bool;
-        description = ''
+        description = lib.mdDoc ''
           Enable acpilight.
           This will allow brightness control via xbacklight from users in the video group
         '';

infra/libkookie/nixpkgs/unstable/nixos/modules/hardware/all-firmware.nix

@@ -21,7 +21,7 @@ in {
     hardware.enableAllFirmware = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Turn on this option if you want to enable all the firmware.
       '';
     };
@@ -30,7 +30,7 @@ in {
       default = config.hardware.enableAllFirmware;
       defaultText = lib.literalExpression "config.hardware.enableAllFirmware";
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Turn on this option if you want to enable all the firmware with a license allowing redistribution.
       '';
     };
@@ -38,7 +38,7 @@ in {
     hardware.wirelessRegulatoryDatabase = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Load the wireless regulatory database at boot.
       '';
     };
@@ -62,7 +62,7 @@ in {
         alsa-firmware
         sof-firmware
         libreelec-dvb-firmware
-      ] ++ optional (pkgs.stdenv.hostPlatform.isAarch32 || pkgs.stdenv.hostPlatform.isAarch64) raspberrypiWirelessFirmware
+      ] ++ optional pkgs.stdenv.hostPlatform.isAarch raspberrypiWirelessFirmware
         ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "4.13") [
         rtl8723bs-firmware
       ] ++ optionals (versionOlder config.boot.kernelPackages.kernel.version "5.16") [

infra/libkookie/nixpkgs/unstable/nixos/modules/hardware/bladeRF.nix

@@ -12,7 +12,7 @@ in
     enable = mkOption {
       type = types.bool;
       default = false;
-      description = ''
+      description = lib.mdDoc ''
         Enables udev rules for BladeRF devices. By default grants access
         to users in the "bladerf" group. You may want to install the
         libbladeRF package.

infra/libkookie/nixpkgs/unstable/nixos/modules/hardware/ckb-next.nix

@@ -19,7 +19,7 @@ in
         type = types.nullOr types.int;
         default = null;
         example = 100;
-        description = ''
+        description = lib.mdDoc ''
           Limit access to the ckb daemon to a particular group.
         '';
       };
@@ -28,7 +28,7 @@ in
         type = types.package;
         default = pkgs.ckb-next;
         defaultText = literalExpression "pkgs.ckb-next";
-        description = ''
+        description = lib.mdDoc ''
           The package implementing the Corsair keyboard/mouse driver.
         '';
       };
@@ -48,6 +48,6 @@ in
     };
 
     meta = {
-      maintainers = with lib.maintainers; [ kierdavis ];
+      maintainers = with lib.maintainers; [ superherointj ];
     };
   }

infra/libkookie/nixpkgs/unstable/nixos/modules/hardware/cpu/amd-microcode.nix

@@ -11,7 +11,7 @@ with lib;
     hardware.cpu.amd.updateMicrocode = mkOption {
       default = false;
       type = types.bool;
-      description = ''
+      description = lib.mdDoc ''
         Update the CPU microcode for AMD processors.
       '';
     };