Merge branch 'master' into staging

lib/customisation.nix

@@ -47,7 +47,7 @@ rec {
 
 
   /* `makeOverridable` takes a function from attribute set to attribute set and
-     injects `override` attibute which can be used to override arguments of
+     injects `override` attribute which can be used to override arguments of
      the function.
 
        nix-repl> x = {a, b}: { result = a + b; }

lib/systems/examples.nix

@@ -236,4 +236,9 @@ rec {
     useLLVM = true;
   };
 
+  # Ghcjs
+  ghcjs = {
+    config = "js-unknown-ghcjs";
+    platform = {};
+  };
 }

lib/systems/inspect.nix

@@ -12,7 +12,7 @@ rec {
     isx86_32       = { cpu = { family = "x86"; bits = 32; }; };
     isx86_64       = { cpu = { family = "x86"; bits = 64; }; };
     isPowerPC      = { cpu = cpuTypes.powerpc; };
-    isPower = { cpu = { family = "power"; }; };
+    isPower        = { cpu = { family = "power"; }; };
     isx86          = { cpu = { family = "x86"; }; };
     isAarch32      = { cpu = { family = "arm"; bits = 32; }; };
     isAarch64      = { cpu = { family = "arm"; bits = 64; }; };
@@ -23,6 +23,7 @@ rec {
     isMsp430       = { cpu = { family = "msp430"; }; };
     isAvr          = { cpu = { family = "avr"; }; };
     isAlpha        = { cpu = { family = "alpha"; }; };
+    isJavaScript   = { cpu = cpuTypes.js; };
 
     is32bit        = { cpu = { bits = 32; }; };
     is64bit        = { cpu = { bits = 64; }; };
@@ -44,6 +45,7 @@ rec {
     isCygwin       = { kernel = kernels.windows; abi = abis.cygnus; };
     isMinGW        = { kernel = kernels.windows; abi = abis.gnu; };
     isWasi         = { kernel = kernels.wasi; };
+    isGhcjs        = { kernel = kernels.ghcjs; };
     isNone         = { kernel = kernels.none; };
 
     isAndroid      = [ { abi = abis.android; } { abi = abis.androideabi; } ];

lib/systems/parse.nix

@@ -106,11 +106,13 @@ rec {
 
     wasm32   = { bits = 32; significantByte = littleEndian; family = "wasm"; };
     wasm64   = { bits = 64; significantByte = littleEndian; family = "wasm"; };
-    
+
     alpha    = { bits = 64; significantByte = littleEndian; family = "alpha"; };
 
     msp430   = { bits = 16; significantByte = littleEndian; family = "msp430"; };
     avr      = { bits = 8; family = "avr"; };
+
+    js       = { bits = 32; significantByte = littleEndian; family = "js"; };
   };
 
   # Determine where two CPUs are compatible with each other. That is,
@@ -271,6 +273,7 @@ rec {
     solaris = { execFormat = elf;     families = { }; };
     wasi    = { execFormat = wasm;    families = { }; };
     windows = { execFormat = pe;      families = { }; };
+    ghcjs   = { execFormat = unknown; families = { }; };
   } // { # aliases
     # 'darwin' is the kernel for all of them. We choose macOS by default.
     darwin = kernels.macos;
@@ -384,6 +387,8 @@ rec {
         then { cpu = elemAt l 0; vendor = elemAt l 1;    kernel = elemAt l 2;                }
       else if (elem (elemAt l 2) ["eabi" "eabihf" "elf"])
         then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 1; abi = elemAt l 2; }
+      else if (elemAt l 2 == "ghcjs")
+        then { cpu = elemAt l 0; vendor = "unknown"; kernel = elemAt l 2; }
       else throw "Target specification with 3 components is ambiguous";
     "4" =    { cpu = elemAt l 0; vendor = elemAt l 1; kernel = elemAt l 2; abi = elemAt l 3; };
   }.${toString (length l)}

lib/types.nix

@@ -217,7 +217,8 @@ rec {
 
     # Deprecated; should not be used because it quietly concatenates
     # strings, which is usually not what you want.
-    string = separatedString "";
+    string = warn "types.string is deprecated because it quietly concatenates strings"
+      (separatedString "");
 
     attrs = mkOptionType {
       name = "attrs";

maintainers/maintainer-list.nix

@@ -5095,6 +5095,12 @@
     githubId = 9568176;
     name = "Piotr Halama";
   };
+  puckipedia = {
+    email = "puck@puckipedia.com";
+    github = "puckipedia";
+    githubId = 488734;
+    name = "Puck Meerburg";
+  };
   puffnfresh = {
     email = "brian@brianmckenna.org";
     github = "puffnfresh";

nixos/doc/manual/configuration/profiles/clone-config.xml

@@ -16,6 +16,6 @@
   On images where the installation media also becomes an installation target,
   copying over <literal>configuration.nix</literal> should be disabled by
   setting <literal>installer.cloneConfig</literal> to <literal>false</literal>.
-  This is already done in <literal>sd-image.nix</literal>.
+  For example, this is done in <literal>sd-image-aarch64.nix</literal>.
  </para>
 </section>

nixos/doc/manual/release-notes/rl-1909.xml

@@ -57,6 +57,64 @@
       and <option>services.xserver.desktopManager.xfce4-14</option> simultaneously or to downgrade from Xfce 4.14 after upgrading.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The GNOME 3 desktop manager module sports an interface to enable/disable core services, applications, and optional GNOME packages
+      like games.
+      <itemizedlist>
+      <para>This can be achieved with the following options which the desktop manager default enables, excluding <literal>games</literal>.</para>
+      <listitem><para><link linkend="opt-services.gnome3.core-os-services.enable"><literal>services.gnome3.core-os-services.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.core-shell.enable"><literal>services.gnome3.core-shell.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.core-utilities.enable"><literal>services.gnome3.core-utilities.enable</literal></link></para></listitem>
+      <listitem><para><link linkend="opt-services.gnome3.games.enable"><literal>services.gnome3.games.enable</literal></link></para></listitem>
+      </itemizedlist>
+      With these options we hope to give users finer grained control over their systems. Prior to this change you'd either have to manually
+      disable options or use <option>environment.gnome3.excludePackages</option> which only excluded the optional applications.
+      <option>environment.gnome3.excludePackages</option> is now unguarded, it can exclude any package installed with <option>environment.systemPackages</option>
+      in the GNOME 3 module.
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Orthogonal to the previous changes to the GNOME 3 desktop manager module, we've updated all default services and applications
+     to match as close as possible to a default reference GNOME 3 experience.
+    </para>
+
+    <bridgehead>The following changes were enacted in <option>services.gnome3.core-utilities.enable</option></bridgehead>
+
+    <itemizedlist>
+     <title>Applications removed from defaults:</title>
+     <listitem><para><literal>accerciser</literal></para></listitem>
+     <listitem><para><literal>dconf-editor</literal></para></listitem>
+     <listitem><para><literal>evolution</literal></para></listitem>
+     <listitem><para><literal>gnome-documents</literal></para></listitem>
+     <listitem><para><literal>gnome-nettool</literal></para></listitem>
+     <listitem><para><literal>gnome-power-manager</literal></para></listitem>
+     <listitem><para><literal>gnome-todo</literal></para></listitem>
+     <listitem><para><literal>gnome-tweaks</literal></para></listitem>
+     <listitem><para><literal>gnome-usage</literal></para></listitem>
+     <listitem><para><literal>gucharmap</literal></para></listitem>
+     <listitem><para><literal>nautilus-sendto</literal></para></listitem>
+     <listitem><para><literal>vinagre</literal></para></listitem>
+    </itemizedlist>
+    <itemizedlist>
+     <title>Applications added to defaults:</title>
+     <listitem><para><literal>cheese</literal></para></listitem>
+     <listitem><para><literal>geary</literal></para></listitem>
+    </itemizedlist>
+
+    <bridgehead>The following changes were enacted in <option>services.gnome3.core-shell.enable</option></bridgehead>
+
+    <itemizedlist>
+     <title>Applications added to defaults:</title>
+     <listitem><para><literal>gnome-color-manager</literal></para></listitem>
+     <listitem><para><literal>orca</literal></para></listitem>
+    </itemizedlist>
+    <itemizedlist>
+     <title>Services enabled:</title>
+     <listitem><para><option>services.avahi.enable</option></para></listitem>
+    </itemizedlist>
+   </listitem>
   </itemizedlist>
  </section>
 
@@ -348,6 +406,12 @@
        What used to be called <literal>emacsPackagesNg</literal> is now simply called <literal>emacsPackages</literal>.
      </para>
    </listitem>
+   <listitem>
+     <para>
+       <option>services.xserver.desktopManager.xterm</option> is now disabled by default.
+       It was not useful except for debugging purposes and was confusingly set as default in some circumstances.
+     </para>
+   </listitem>
 
   </itemizedlist>
  </section>
@@ -547,8 +611,8 @@
       </para>
      </listitem>
     </itemizedlist>
-
-     This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>.
+     This also configures the kernel to pass coredumps to <literal>systemd-coredump</literal>,
+     and restricts the SysRq key combinations to the sync command only.
      These sysctl snippets can be found in <literal>/etc/sysctl.d/50-*.conf</literal>,
      and overridden via <link linkend="opt-boot.kernel.sysctl">boot.kernel.sysctl</link>
      (which will place the parameters in <literal>/etc/sysctl.d/60-nixos.conf</literal>).
@@ -591,6 +655,51 @@
      The defaults from fontconfig are sufficient.
     </para>
    </listitem>
+   <listitem>
+    <para>
+      The <literal>crashplan</literal> package and the
+      <literal>crashplan</literal> service have been removed from nixpkgs due to
+      crashplan shutting down the service, while the <literal>crashplansb</literal>
+      package and <literal>crashplan-small-business</literal> service have been
+      removed from nixpkgs due to lack of maintainer.
+    </para>
+    <para>
+      The <link linkend="opt-services.redis.enable">redis module</link> was hardcoded to use the <literal>redis</literal> user,
+      <filename class="directory">/run/redis</filename> as runtime directory and
+      <filename class="directory">/var/lib/redis</filename> as state directory.
+      Note that the NixOS module for Redis now disables kernel support for Transparent Huge Pages (THP),
+      because this features causes major performance problems for Redis,
+      e.g. (https://redis.io/topics/latency).
+    </para>
+   </listitem>
+   <listitem>
+    <para>
+     Using <option>fonts.enableDefaultFonts</option> adds a default emoji font <literal>noto-fonts-emoji</literal>.
+     <itemizedlist>
+      <para>Users of the following options will have this enabled by default:</para>
+      <listitem>
+       <para><option>services.xserver.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>programs.sway.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>programs.way-cooler.enable</option></para>
+      </listitem>
+      <listitem>
+       <para><option>services.xrdp.enable</option></para>
+      </listitem>
+     </itemizedlist>
+    </para>
+   </listitem>
+   <listitem>
+     <para>
+       The <literal>altcoins</literal> categorization of packages has
+       been removed. You now access these packages at the top level,
+       ie. <literal>nix-shell -p dogecoin</literal> instead of
+       <literal>nix-shell -p altcoins.dogecoin</literal>, etc.
+     </para>
+   </listitem>
   </itemizedlist>
  </section>
 </section>

nixos/modules/config/fonts/fontconfig.nix

@@ -116,7 +116,7 @@ let
   defaultFontsConf =
     let genDefault = fonts: name:
       optionalString (fonts != []) ''
-        <alias>
+        <alias binding="same">
           <family>${name}</family>
           <prefer>
           ${concatStringsSep ""
@@ -139,6 +139,8 @@ let
 
       ${genDefault cfg.defaultFonts.monospace "monospace"}
 
+      ${genDefault cfg.defaultFonts.emoji "emoji"}
+
     </fontconfig>
   '';
 
@@ -344,6 +346,21 @@ in
               in case multiple languages must be supported.
             '';
           };
+
+          emoji = mkOption {
+            type = types.listOf types.str;
+            default = ["Noto Color Emoji"];
+            description = ''
+              System-wide default emoji font(s). Multiple fonts may be listed
+              in case a font does not support all emoji.
+
+              Note that fontconfig matches color emoji fonts preferentially,
+              so if you want to use a black and white font while having
+              a color font installed (eg. Noto Color Emoji installed alongside
+              Noto Emoji), fontconfig will still choose the color font even
+              when it is later in the list.
+            '';
+          };
         };
 
         hinting = {

nixos/modules/config/fonts/fonts.nix

@@ -43,6 +43,7 @@ with lib;
         pkgs.xorg.fontmiscmisc
         pkgs.xorg.fontcursormisc
         pkgs.unifont
+        pkgs.noto-fonts-emoji
       ];
 
   };

nixos/modules/config/users-groups.nix

@@ -181,7 +181,7 @@ let
       };
 
       hashedPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the hashed password for the user.
@@ -191,7 +191,7 @@ let
       };
 
       password = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the (clear text) password for the user.
@@ -203,7 +203,7 @@ let
       };
 
       passwordFile = mkOption {
-        type = with types; uniq (nullOr string);
+        type = with types; nullOr str;
         default = null;
         description = ''
           The full path to a file that contains the user's password. The password
@@ -215,7 +215,7 @@ let
       };
 
       initialHashedPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the initial hashed password for the user, i.e. the
@@ -230,7 +230,7 @@ let
       };
 
       initialPassword = mkOption {
-        type = with types; uniq (nullOr str);
+        type = with types; nullOr str;
         default = null;
         description = ''
           Specifies the initial password for the user, i.e. the
@@ -304,7 +304,7 @@ let
       };
 
       members = mkOption {
-        type = with types; listOf string;
+        type = with types; listOf str;
         default = [];
         description = ''
           The user names of the group members, added to the

nixos/modules/hardware/video/nvidia.nix

@@ -88,7 +88,7 @@ in
     };
 
     hardware.nvidia.optimus_prime.nvidiaBusId = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
       default = "";
       example = "PCI:1:0:0";
       description = ''
@@ -98,7 +98,7 @@ in
     };
 
     hardware.nvidia.optimus_prime.intelBusId = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
       default = "";
       example = "PCI:0:2:0";
       description = ''

nixos/modules/installer/cd-dvd/sd-image-aarch64.nix

@@ -59,4 +59,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image-armv7l-multiplatform.nix

@@ -56,4 +56,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image-raspberrypi.nix

@@ -45,4 +45,8 @@ in
       ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot
     '';
   };
+
+  # the installation media is also the installation target,
+  # so we don't want to provide the installation configuration.nix.
+  installer.cloneConfig = false;
 }

nixos/modules/installer/cd-dvd/sd-image.nix

@@ -54,7 +54,7 @@ in
     };
 
     firmwarePartitionID = mkOption {
-      type = types.string;
+      type = types.str;
       default = "0x2178694e";
       description = ''
         Volume ID for the /boot/firmware partition on the SD card. This value
@@ -63,7 +63,7 @@ in
     };
 
     rootPartitionUUID = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "14e19a7b-0ae0-484d-9d54-43bd6fdc20c7";
       description = ''
@@ -194,9 +194,5 @@ in
         rm -f /nix-path-registration
       fi
     '';
-
-    # the installation media is also the installation target,
-    # so we don't want to provide the installation configuration.nix.
-    installer.cloneConfig = false;
   };
 }

nixos/modules/module-list.nix

@@ -138,6 +138,7 @@
   ./programs/qt5ct.nix
   ./programs/screen.nix
   ./programs/sedutil.nix
+  ./programs/seahorse.nix
   ./programs/slock.nix
   ./programs/shadow.nix
   ./programs/shell.nix
@@ -216,8 +217,6 @@
   ./services/backup/bacula.nix
   ./services/backup/borgbackup.nix
   ./services/backup/duplicati.nix
-  ./services/backup/crashplan.nix
-  ./services/backup/crashplan-small-business.nix
   ./services/backup/duplicity.nix
   ./services/backup/mysql-backup.nix
   ./services/backup/postgresql-backup.nix
@@ -303,7 +302,6 @@
   ./services/desktops/gnome3/gnome-settings-daemon.nix
   ./services/desktops/gnome3/gnome-user-share.nix
   ./services/desktops/gnome3/rygel.nix
-  ./services/desktops/gnome3/seahorse.nix
   ./services/desktops/gnome3/sushi.nix
   ./services/desktops/gnome3/tracker.nix
   ./services/desktops/gnome3/tracker-miners.nix

nixos/modules/programs/seahorse.nix

@@ -0,0 +1,44 @@
+# Seahorse.
+
+{ config, pkgs, lib, ... }:
+
+with lib;
+
+{
+
+ # Added 2019-08-27
+  imports = [
+    (mkRenamedOptionModule
+      [ "services" "gnome3" "seahorse" "enable" ]
+      [ "programs" "seahorse" "enable" ])
+  ];
+
+
+  ###### interface
+
+  options = {
+
+    programs.seahorse = {
+
+      enable = mkEnableOption "Seahorse, a GNOME application for managing encryption keys and passwords in the GNOME Keyring";
+
+    };
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf config.programs.seahorse.enable {
+
+    environment.systemPackages = [
+      pkgs.gnome3.seahorse
+    ];
+
+    services.dbus.packages = [
+      pkgs.gnome3.seahorse
+    ];
+
+  };
+
+}

nixos/modules/programs/thefuck.nix

@@ -17,7 +17,7 @@ in
 
         alias = mkOption {
           default = "fuck";
-          type = types.string;
+          type = types.str;
 
           description = ''
             `thefuck` needs an alias to be configured.

nixos/modules/programs/xss-lock.nix

@@ -12,7 +12,7 @@ in
     lockerCommand = mkOption {
       default = "${pkgs.i3lock}/bin/i3lock";
       example = literalExample ''''${pkgs.i3lock-fancy}/bin/i3lock-fancy'';
-      type = types.string;
+      type = types.separatedString " ";
       description = "Locker to be used with xsslock";
     };
 

nixos/modules/programs/yabar.nix

@@ -76,7 +76,7 @@ in
             font = mkOption {
               default = "sans bold 9";
               example = "Droid Sans, FontAwesome Bold 9";
-              type = types.string;
+              type = types.str;
 
               description = ''
                 The font that will be used to draw the status bar.
@@ -95,7 +95,7 @@ in
 
             extra = mkOption {
               default = {};
-              type = types.attrsOf types.string;
+              type = types.attrsOf types.str;
 
               description = ''
                 An attribute set which contains further attributes of a bar.
@@ -107,7 +107,7 @@ in
               type = types.attrsOf(types.submodule {
                 options.exec = mkOption {
                   example = "YABAR_DATE";
-                  type = types.string;
+                  type = types.str;
                   description = ''
                      The type of the indicator to be executed.
                   '';
@@ -125,7 +125,7 @@ in
 
                 options.extra = mkOption {
                   default = {};
-                  type = types.attrsOf (types.either types.string types.int);
+                  type = types.attrsOf (types.either types.str types.int);
 
                   description = ''
                     An attribute set which contains further attributes of a indicator.

nixos/modules/programs/zsh/zsh-syntax-highlighting.nix

@@ -33,7 +33,7 @@ in
 
       patterns = mkOption {
         default = {};
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
 
         example = literalExample ''
           {
@@ -50,7 +50,7 @@ in
       };
       styles = mkOption {
         default = {};
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
 
         example = literalExample ''
           {

nixos/modules/rename.nix

@@ -256,7 +256,7 @@ with lib;
 
     # binfmt
     (mkRenamedOptionModule [ "boot" "binfmtMiscRegistrations" ] [ "boot" "binfmt" "registrations" ])
-    
+
     # ACME
     (mkRemovedOptionModule [ "security" "acme" "directory"] "ACME Directory is now hardcoded to /var/lib/acme and its permisisons are managed by systemd. See https://github.com/NixOS/nixpkgs/issues/53852 for more info.")
     (mkRemovedOptionModule [ "security" "acme" "preDelay"] "This option has been removed. If you want to make sure that something executes before certificates are provisioned, add a RequiredBy=acme-\${cert}.service to the service you want to execute before the cert renewal")
@@ -285,6 +285,13 @@ with lib;
           throw "services.redshift.longitude is set to null, you can remove this"
           else builtins.fromJSON value))
 
+    # Redis
+    (mkRemovedOptionModule [ "services" "redis" "user" ] "The redis module now is hardcoded to the redis user.")
+    (mkRemovedOptionModule [ "services" "redis" "dbpath" ] "The redis module now uses /var/lib/redis as data directory.")
+    (mkRemovedOptionModule [ "services" "redis" "dbFilename" ] "The redis module now uses /var/lib/redis/dump.rdb as database dump location.")
+    (mkRemovedOptionModule [ "services" "redis" "appendOnlyFilename" ] "This option was never used.")
+    (mkRemovedOptionModule [ "services" "redis" "pidFile" ] "This option was removed.")
+
   ] ++ (forEach [ "blackboxExporter" "collectdExporter" "fritzboxExporter"
                    "jsonExporter" "minioExporter" "nginxExporter" "nodeExporter"
                    "snmpExporter" "unifiExporter" "varnishExporter" ]

nixos/modules/security/auditd.nix

@@ -6,6 +6,10 @@ with lib;
   options.security.auditd.enable = mkEnableOption "the Linux Audit daemon";
 
   config = mkIf config.security.auditd.enable {
+    boot.kernelParams = [ "audit=1" ];
+
+    environment.systemPackages = [ pkgs.audit ];
+
     systemd.services.auditd = {
       description = "Linux Audit daemon";
       wantedBy = [ "basic.target" ];

nixos/modules/security/pam.nix

@@ -685,7 +685,7 @@ in
       };
       id = mkOption {
         example = "42";
-        type = types.string;
+        type = types.str;
         description = "client id";
       };
 

nixos/modules/security/sudo.nix

@@ -91,7 +91,7 @@ in
       type = with types; listOf (submodule {
         options = {
           users = mkOption {
-            type = with types; listOf (either string int);
+            type = with types; listOf (either str int);
             description = ''
               The usernames / UIDs this rule should apply for.
             '';
@@ -99,7 +99,7 @@ in
           };
 
           groups = mkOption {
-            type = with types; listOf (either string int);
+            type = with types; listOf (either str int);
             description = ''
               The groups / GIDs this rule should apply for.
             '';
@@ -107,7 +107,7 @@ in
           };
 
           host = mkOption {
-            type = types.string;
+            type = types.str;
             default = "ALL";
             description = ''
               For what host this rule should apply.
@@ -115,7 +115,7 @@ in
           };
 
           runAs = mkOption {
-            type = with types; string;
+            type = with types; str;
             default = "ALL:ALL";
             description = ''
               Under which user/group the specified command is allowed to run.
@@ -130,11 +130,11 @@ in
             description = ''
               The commands for which the rule should apply.
             '';
-            type = with types; listOf (either string (submodule {
+            type = with types; listOf (either str (submodule {
 
               options = {
                 command = mkOption {
-                  type = with types; string;
+                  type = with types; str;
                   description = ''
                     A command being either just a path to a binary to allow any arguments,
                     the full command with arguments pre-set or with <code>""</code> used as the argument,

nixos/modules/services/amqp/activemq/default.nix

@@ -40,7 +40,7 @@ in {
         '';
       };
       configurationURI = mkOption {
-        type = types.string;
+        type = types.str;
         default = "xbean:activemq.xml";
         description = ''
           The URI that is passed along to the BrokerFactory to
@@ -51,7 +51,7 @@ in {
         '';
       };
       baseDir = mkOption {
-        type = types.string;
+        type = types.str;
         default = "/var/activemq";
         description = ''
           The base directory where ActiveMQ stores its persistent data and logs.
@@ -81,7 +81,7 @@ in {
         '';
       };
       extraJavaOptions = mkOption {
-        type = types.string;
+        type = types.separatedString " ";
         default = "";
         example = "-Xmx2G -Xms2G -XX:MaxPermSize=512M";
         description = ''

nixos/modules/services/audio/alsa.nix

@@ -64,7 +64,7 @@ in
         };
 
         volumeStep = mkOption {
-          type = types.string;
+          type = types.str;
           default = "1";
           example = "1%";
           description = ''

nixos/modules/services/audio/ympd.nix

@@ -23,7 +23,7 @@ in {
 
       mpd = {
         host = mkOption {
-          type = types.string;
+          type = types.str;
           default = "localhost";
           description = "The host where MPD is listening.";
           example = "localhost";

nixos/modules/services/backup/crashplan-small-business.nix

@@ -1,73 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.crashplansb;
-  crashplansb = pkgs.crashplansb.override { maxRam = cfg.maxRam; };
-in
-
-with lib;
-
-{
-  options = {
-    services.crashplansb = {
-      enable = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Starts crashplan for small business background service.
-        '';
-      };
-      maxRam = mkOption {
-        default = "1024m";
-        example = "2G";
-        type = types.str;
-        description = ''
-          Maximum amount of ram that the crashplan engine should use.
-        '';
-      };
-      openPorts = mkOption {
-        description = "Open ports in the firewall for crashplan.";
-        default = true;
-        type = types.bool;
-      };
-      ports =  mkOption {
-        # https://support.code42.com/Administrator/6/Planning_and_installing/TCP_and_UDP_ports_used_by_the_Code42_platform
-        # used ports can also be checked in the desktop app console using the command connection.info
-        description = "which ports to open.";
-        default = [ 4242 4243 4244 4247 ];
-        type = types.listOf types.int;
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ crashplansb ];
-    networking.firewall.allowedTCPPorts = mkIf cfg.openPorts cfg.ports;
-
-    systemd.services.crashplansb = {
-      description = "CrashPlan Backup Engine";
-
-      wantedBy = [ "multi-user.target" ];
-      after    = [ "network.target" "local-fs.target" ];
-
-      preStart = ''
-        install -d -m 755 ${crashplansb.vardir}
-        install -d -m 700 ${crashplansb.vardir}/conf
-        install -d -m 700 ${crashplansb.manifestdir}
-        install -d -m 700 ${crashplansb.vardir}/cache
-        install -d -m 700 ${crashplansb.vardir}/backupArchives
-        install -d -m 777 ${crashplansb.vardir}/log
-        cp -avn ${crashplansb}/conf.template/* ${crashplansb.vardir}/conf
-      '';
-
-      serviceConfig = {
-        Type = "forking";
-        EnvironmentFile = "${crashplansb}/bin/run.conf";
-        ExecStart = "${crashplansb}/bin/CrashPlanEngine start";
-        ExecStop = "${crashplansb}/bin/CrashPlanEngine stop";
-        PIDFile = "${crashplansb.vardir}/CrashPlanEngine.pid";
-        WorkingDirectory = crashplansb;
-      };
-    };
-  };
-}

nixos/modules/services/backup/crashplan.nix

@@ -1,67 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.crashplan;
-  crashplan = pkgs.crashplan;
-in
-
-with lib;
-
-{
-  options = {
-    services.crashplan = {
-      enable = mkOption {
-        default = false;
-        type = types.bool;
-        description = ''
-          Starts crashplan background service.
-        '';
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    environment.systemPackages = [ crashplan ];
-
-    systemd.services.crashplan = {
-      description = "CrashPlan Backup Engine";
-
-      wantedBy = [ "multi-user.target" ];
-      after    = [ "network.target" "local-fs.target" ];
-
-      preStart = ''
-        ensureDir() {
-          dir=$1
-          mode=$2
-
-          if ! test -e $dir; then
-            ${pkgs.coreutils}/bin/mkdir -m $mode -p $dir
-          elif [ "$(${pkgs.coreutils}/bin/stat -c %a $dir)" != "$mode" ]; then
-            ${pkgs.coreutils}/bin/chmod $mode $dir
-          fi
-        }
-
-        ensureDir ${crashplan.vardir} 755
-        ensureDir ${crashplan.vardir}/conf 700
-        ensureDir ${crashplan.manifestdir} 700
-        ensureDir ${crashplan.vardir}/cache 700
-        ensureDir ${crashplan.vardir}/backupArchives 700
-        ensureDir ${crashplan.vardir}/log 777
-        cp -avn ${crashplan}/conf.template/* ${crashplan.vardir}/conf
-        for x in app.asar bin install.vars lang lib libc42archive64.so libc52archive.so libjniwrap64.so libjniwrap.so libjtux64.so libjtux.so libleveldb64.so libleveldb.so libmd564.so libmd5.so share skin upgrade; do
-          rm -f ${crashplan.vardir}/$x;
-          ln -sf ${crashplan}/$x ${crashplan.vardir}/$x;
-        done
-      '';
-
-      serviceConfig = {
-        Type = "forking";
-        EnvironmentFile = "${crashplan}/bin/run.conf";
-        ExecStart = "${crashplan}/bin/CrashPlanEngine start";
-        ExecStop = "${crashplan}/bin/CrashPlanEngine stop";
-        PIDFile = "${crashplan.vardir}/CrashPlanEngine.pid";
-        WorkingDirectory = crashplan;
-      };
-    };
-  };
-}

nixos/modules/services/backup/postgresql-backup.nix

@@ -81,7 +81,7 @@ in {
       };
 
       pgdumpOptions = mkOption {
-        type = types.string;
+        type = types.separatedString " ";
         default = "-Cbo";
         description = ''
           Command line options for pg_dump. This options is not used

nixos/modules/services/backup/rsnapshot.nix

@@ -2,7 +2,7 @@
 
 with lib;
 
-let 
+let
   cfg = config.services.rsnapshot;
   cfgfile = pkgs.writeText "rsnapshot.conf" ''
     config_version	1.2
@@ -52,7 +52,7 @@ in
       cronIntervals = mkOption {
         default = {};
         example = { hourly = "0 * * * *"; daily = "50 21 * * *"; };
-        type = types.attrsOf types.string;
+        type = types.attrsOf types.str;
         description = ''
           Periodicity at which intervals should be run by cron.
           Note that the intervals also have to exist in configuration

nixos/modules/services/computing/boinc/client.nix

@@ -111,7 +111,7 @@ in
 
       systemd.services.boinc = {
         description = "BOINC Client";
-        after = ["network.target" "local-fs.target"];
+        after = ["network.target"];
         wantedBy = ["multi-user.target"];
         script = ''
           ${fhsEnvExecutable} --dir ${cfg.dataDir} --redirectio ${allowRemoteGuiRpcFlag}

nixos/modules/services/databases/cassandra.nix

@@ -259,7 +259,7 @@ in {
         '';
     };
     incrementalRepairOptions = mkOption {
-      type = types.listOf types.string;
+      type = types.listOf types.str;
       default = [];
       example = [ "--partitioner-range" ];
       description = ''
@@ -267,7 +267,7 @@ in {
         '';
     };
     maxHeapSize = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "4G";
       description = ''
@@ -287,7 +287,7 @@ in {
       '';
     };
     heapNewSize = mkOption {
-      type = types.nullOr types.string;
+      type = types.nullOr types.str;
       default = null;
       example = "800M";
       description = ''
@@ -352,11 +352,11 @@ in {
       type = types.listOf (types.submodule {
         options = {
           username = mkOption {
-            type = types.string;
+            type = types.str;
             description = "Username for JMX";
           };
           password = mkOption {
-            type = types.string;
+            type = types.str;
             description = "Password for JMX";
           };
         };

nixos/modules/services/databases/couchdb.nix

@@ -56,7 +56,7 @@ in {
 
 
       user = mkOption {
-        type = types.string;
+        type = types.str;
         default = "couchdb";
         description = ''
           User account under which couchdb runs.
@@ -64,7 +64,7 @@ in {
       };
 
       group = mkOption {
-        type = types.string;
+        type = types.str;
         default = "couchdb";
         description = ''
           Group account under which couchdb runs.
@@ -106,7 +106,7 @@ in {
       };
 
       bindAddress = mkOption {
-        type = types.string;
+        type = types.str;
         default = "127.0.0.1";
         description = ''
           Defines the IP address by which CouchDB will be accessible.
@@ -138,7 +138,7 @@ in {
       };
 
       configFile = mkOption {
-        type = types.string;
+        type = types.path;
         description = ''
           Configuration file for persisting runtime changes. File
           needs to be readable and writable from couchdb user/group.

nixos/modules/services/databases/foundationdb.nix

@@ -140,7 +140,7 @@ in
     };
 
     logSize = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "10MiB";
       description = ''
         Roll over to a new log file after the current log file
@@ -149,7 +149,7 @@ in
     };
 
     maxLogSize = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "100MiB";
       description = ''
         Delete the oldest log file when the total size of all log
@@ -171,7 +171,7 @@ in
     };
 
     memory = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "8GiB";
       description = ''
         Maximum memory used by the process. The default value is
@@ -193,7 +193,7 @@ in
     };
 
     storageMemory = mkOption {
-      type        = types.string;
+      type        = types.str;
       default     = "1GiB";
       description = ''
         Maximum memory used for data storage. The default value is