Merge branch 'master' into staging-next

2021-01-10 23:24:33 +01:00 · 2021-01-10 23:24:33 +01:00 · dd72357155
commit dd72357155
parent 76394e4624 581232454f
298 changed files with 746 additions and 415 deletions
--- a/doc/languages-frameworks/emscripten.section.md
+++ b/doc/languages-frameworks/emscripten.section.md
@ -102,7 +102,7 @@ See the `zlib` example:
        echo "================= /testing zlib using node ================="
      '';
-      postPatch = pkgs.stdenv.lib.optionalString pkgs.stdenv.isDarwin ''
+      postPatch = pkgs.lib.optionalString pkgs.stdenv.isDarwin ''
        substituteInPlace configure \
          --replace '/usr/bin/libtool' 'ar' \
          --replace 'AR="libtool"' 'AR="ar"' \
--- a/nixos/doc/manual/release-notes/rl-2103.xml
+++ b/nixos/doc/manual/release-notes/rl-2103.xml
@ -185,6 +185,30 @@
       with <literal>mkfs.xfs -m reflink=0</literal>.
     </para>
   </listitem>
   <listitem>
    <para>
      The uWSGI server is now built with POSIX capabilities. As a consequence,
      root is no longer required in emperor mode and the service defaults to
      running as the unprivileged <literal>uwsgi</literal> user. Any additional
      capability can be added via the new option
      <xref linkend="opt-services.uwsgi.capabilities"/>.
      The previous behaviour can be restored by setting:
 <programlisting>
  <xref linkend="opt-services.uwsgi.user"/> = "root";
  <xref linkend="opt-services.uwsgi.group"/> = "root";
  <xref linkend="opt-services.uwsgi.instance"/> =
    {
      uid = "uwsgi";
      gid = "uwsgi";
    };
 </programlisting>
    </para>
    <para>
      Another incompatibility from the previous release is that vassals running under a
      different user or group need to use <literal>immediate-{uid,gid}</literal>
      instead of the usual <literal>uid,gid</literal> options.
    </para>
   </listitem>
   <listitem>
    <para>
    <package>btc1</package> has been abandoned upstream, and removed.
@ -534,6 +558,12 @@ http://some.json-exporter.host:7979/probe?target=https://example.com/some/json/e
       The GNOME desktop manager once again installs <package>gnome3.epiphany</package> by default.
     </para>
   </listitem>
   <listitem>
    <para>
     NixOS now generates empty <literal>/etc/netgroup</literal>.
     <literal>/etc/netgroup</literal> defines network-wide groups and may affect to setups using NIS.
    </para>
   </listitem>
  </itemizedlist>
 </section>
 </section>
--- a/nixos/modules/config/networking.nix
+++ b/nixos/modules/config/networking.nix
@ -193,6 +193,10 @@ in
          cat ${escapeShellArgs cfg.hostFiles} > $out
        '';
        # /etc/netgroup: Network-wide groups.
        netgroup.text = mkDefault ''
        '';
        # /etc/host.conf: resolver configuration file
        "host.conf".text = ''
          multi on
--- a/nixos/modules/services/security/fprintd.nix
+++ b/nixos/modules/services/security/fprintd.nix
@ -43,9 +43,9 @@ in
  config = mkIf cfg.enable {
-    services.dbus.packages = [ pkgs.fprintd ];
+    services.dbus.packages = [ cfg.package ];
-    environment.systemPackages = [ pkgs.fprintd ];
+    environment.systemPackages = [ cfg.package ];
    systemd.packages = [ cfg.package ];
--- a/nixos/modules/services/web-apps/ihatemoney/default.nix
+++ b/nixos/modules/services/web-apps/ihatemoney/default.nix
@ -44,7 +44,7 @@ let
 in
  {
    options.services.ihatemoney = {
-      enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode running as root";
+      enable = mkEnableOption "ihatemoney webapp. Note that this will set uwsgi to emperor mode";
      backend = mkOption {
        type = types.enum [ "sqlite" "postgresql" ];
        default = "sqlite";
@ -116,16 +116,13 @@ in
      services.uwsgi = {
        enable = true;
        plugins = [ "python3" ];
        # the vassal needs to be able to setuid
        user = "root";
        group = "root";
        instance = {
          type = "emperor";
          vassals.ihatemoney = {
            type = "normal";
            strict = true;
-            uid = user;
+            immediate-uid = user;
-            gid = group;
+            immediate-gid = group;
            # apparently flask uses threads: https://github.com/spiral-project/ihatemoney/commit/c7815e48781b6d3a457eaff1808d179402558f8c
            enable-threads = true;
            module = "wsgi:application";
--- a/nixos/modules/services/web-servers/uwsgi.nix
+++ b/nixos/modules/services/web-servers/uwsgi.nix
@ -5,11 +5,24 @@ with lib;
 let
  cfg = config.services.uwsgi;
  isEmperor = cfg.instance.type == "emperor";
  imperialPowers =
    [
      # spawn other user processes
      "CAP_SETUID" "CAP_SETGID"
      "CAP_SYS_CHROOT"
      # transfer capabilities
      "CAP_SETPCAP"
      # create other user sockets
      "CAP_CHOWN"
    ];
  buildCfg = name: c:
    let
      plugins =
        if any (n: !any (m: m == n) cfg.plugins) (c.plugins or [])
-        then throw "`plugins` attribute in UWSGI configuration contains plugins not in config.services.uwsgi.plugins"
+        then throw "`plugins` attribute in uWSGI configuration contains plugins not in config.services.uwsgi.plugins"
        else c.plugins or cfg.plugins;
      hasPython = v: filter (n: n == "python${v}") plugins != [];
@ -18,7 +31,7 @@ let
      python =
        if hasPython2 && hasPython3 then
-          throw "`plugins` attribute in UWSGI configuration shouldn't contain both python2 and python3"
+          throw "`plugins` attribute in uWSGI configuration shouldn't contain both python2 and python3"
        else if hasPython2 then cfg.package.python2
        else if hasPython3 then cfg.package.python3
        else null;
@ -43,7 +56,7 @@ let
                      oldPaths = filter (x: x != null) (map getPath env');
                  in env' ++ [ "PATH=${optionalString (oldPaths != []) "${last oldPaths}:"}${pythonEnv}/bin" ];
              }
-          else if c.type == "emperor"
+          else if isEmperor
            then {
              emperor = if builtins.typeOf c.vassals != "set" then c.vassals
                        else pkgs.buildEnv {
@ -51,7 +64,7 @@ let
                          paths = mapAttrsToList buildCfg c.vassals;
                        };
            } // removeAttrs c [ "type" "vassals" ]
-          else throw "`type` attribute in UWSGI configuration should be either 'normal' or 'emperor'";
+          else throw "`type` attribute in uWSGI configuration should be either 'normal' or 'emperor'";
      };
    in pkgs.writeTextDir "${name}.json" (builtins.toJSON uwsgiCfg);
@ -79,7 +92,7 @@ in {
      };
      instance = mkOption {
-        type =  with lib.types; let
+        type =  with types; let
          valueType = nullOr (oneOf [
            bool
            int
@ -137,31 +150,65 @@ in {
      user = mkOption {
        type = types.str;
        default = "uwsgi";
-        description = "User account under which uwsgi runs.";
+        description = "User account under which uWSGI runs.";
      };
      group = mkOption {
        type = types.str;
        default = "uwsgi";
-        description = "Group account under which uwsgi runs.";
+        description = "Group account under which uWSGI runs.";
      };
      capabilities = mkOption {
        type = types.listOf types.str;
        apply = caps: caps ++ optionals isEmperor imperialPowers;
        default = [ ];
        example = literalExample ''
          [
            "CAP_NET_BIND_SERVICE" # bind on ports <1024
            "CAP_NET_RAW"          # open raw sockets
          ]
        '';
        description = ''
          Grant capabilities to the uWSGI instance. See the
          <literal>capabilities(7)</literal> for available values.
          <note>
            <para>
              uWSGI runs as an unprivileged user (even as Emperor) with the minimal
              capabilities required. This option can be used to add fine-grained
              permissions without running the service as root.
            </para>
            <para>
              When in Emperor mode, any capability to be inherited by a vassal must
              be specified again in the vassal configuration using <literal>cap</literal>.
              See the uWSGI <link
              xlink:href="https://uwsgi-docs.readthedocs.io/en/latest/Capabilities.html">docs</link>
              for more information.
            </para>
          </note>
        '';
      };
    };
  };
  config = mkIf cfg.enable {
    systemd.tmpfiles.rules = optional (cfg.runDir != "/run/uwsgi") ''
      d ${cfg.runDir} 775 ${cfg.user} ${cfg.group}
    '';
    systemd.services.uwsgi = {
      wantedBy = [ "multi-user.target" ];
      preStart = ''
        mkdir -p ${cfg.runDir}
        chown ${cfg.user}:${cfg.group} ${cfg.runDir}
      '';
      serviceConfig = {
        User = cfg.user;
        Group = cfg.group;
        Type = "notify";
-        ExecStart = "${cfg.package}/bin/uwsgi --uid ${cfg.user} --gid ${cfg.group} --json ${buildCfg "server" cfg.instance}/server.json";
+        ExecStart = "${cfg.package}/bin/uwsgi --json ${buildCfg "server" cfg.instance}/server.json";
        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
        ExecStop = "${pkgs.coreutils}/bin/kill -INT $MAINPID";
        NotifyAccess = "main";
        KillSignal = "SIGQUIT";
        AmbientCapabilities = cfg.capabilities;
        CapabilityBoundingSet = cfg.capabilities;
      };
    };
--- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix
+++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix
@ -20,7 +20,7 @@ let
  timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout;
  isAarch64 = pkgs.stdenv.hostPlatform.isAarch64;
-  optional = pkgs.stdenv.lib.optionalString;
+  optional = pkgs.lib.optionalString;
  configTxt =
    pkgs.writeText "config.txt" (''
--- a/nixos/tests/3proxy.nix
+++ b/nixos/tests/3proxy.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "3proxy";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ misuzu ];
  };
--- a/nixos/tests/agda.nix
+++ b/nixos/tests/agda.nix
@ -9,7 +9,7 @@ let
 in
 {
  name = "agda";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ alexarice turion ];
  };
--- a/nixos/tests/ammonite.nix
+++ b/nixos/tests/ammonite.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "ammonite";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus ];
  };
--- a/nixos/tests/atd.nix
+++ b/nixos/tests/atd.nix
@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
 {
  name = "atd";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ bjornfor ];
  };
--- a/nixos/tests/avahi.nix
+++ b/nixos/tests/avahi.nix
@ -8,7 +8,7 @@
 # Test whether `avahi-daemon' and `libnss-mdns' work as expected.
 import ./make-test-python.nix {
  name = "avahi";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ eelco ];
  };
--- a/nixos/tests/awscli.nix
+++ b/nixos/tests/awscli.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "awscli";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus ];
  };
--- a/nixos/tests/babeld.nix
+++ b/nixos/tests/babeld.nix
@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, lib, ...} : {
  name = "babeld";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ hexa ];
  };
--- a/nixos/tests/bat.nix
+++ b/nixos/tests/bat.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "bat";
-  meta = with pkgs.stdenv.lib.maintainers; { maintainers = [ nequissimus ]; };
+  meta = with pkgs.lib.maintainers; { maintainers = [ nequissimus ]; };
  machine = { pkgs, ... }: { environment.systemPackages = [ pkgs.bat ]; };
--- a/nixos/tests/bcachefs.nix
+++ b/nixos/tests/bcachefs.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "bcachefs";
-  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ chiiruno ];
+  meta.maintainers = with pkgs.lib.maintainers; [ chiiruno ];
  machine = { pkgs, ... }: {
    virtualisation.emptyDiskImages = [ 4096 ];
--- a/nixos/tests/bitcoind.nix
+++ b/nixos/tests/bitcoind.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "bitcoind";
-  meta = with pkgs.stdenv.lib; {
+  meta = with pkgs.lib; {
    maintainers = with maintainers; [ _1000101 ];
  };
--- a/nixos/tests/bittorrent.nix
+++ b/nixos/tests/bittorrent.nix
@ -35,7 +35,7 @@ in
 {
  name = "bittorrent";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ domenkozar eelco rob bobvanderlinden ];
  };
--- a/nixos/tests/bitwarden.nix
+++ b/nixos/tests/bitwarden.nix
@ -27,7 +27,7 @@ let
  makeBitwardenTest = backend: makeTest {
    name = "bitwarden_rs-${backend}";
    meta = {
-      maintainers = with pkgs.stdenv.lib.maintainers; [ jjjollyjim ];
+      maintainers = with pkgs.lib.maintainers; [ jjjollyjim ];
    };
    nodes = {
--- a/nixos/tests/blockbook-frontend.nix
+++ b/nixos/tests/blockbook-frontend.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "blockbook-frontend";
-  meta = with pkgs.stdenv.lib; {
+  meta = with pkgs.lib; {
    maintainers = with maintainers; [ _1000101 ];
  };
--- a/nixos/tests/boot-stage1.nix
+++ b/nixos/tests/boot-stage1.nix
@ -158,5 +158,5 @@ import ./make-test-python.nix ({ pkgs, ... }: {
    machine.succeed('pgrep -a -f "^kcanary$"')
  '';
-  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ aszlig ];
+  meta.maintainers = with pkgs.lib.maintainers; [ aszlig ];
 })
--- a/nixos/tests/borgbackup.nix
+++ b/nixos/tests/borgbackup.nix
@ -36,7 +36,7 @@ let
 in {
  name = "borgbackup";
-  meta = with pkgs.stdenv.lib; {
+  meta = with pkgs.lib; {
    maintainers = with maintainers; [ dotlambda ];
  };
--- a/nixos/tests/buildbot.nix
+++ b/nixos/tests/buildbot.nix
@ -109,5 +109,5 @@ import ./make-test-python.nix {
        bbworker.fail("nc -z bbmaster 8011")
  '';
-  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ nand0p ];
+  meta.maintainers = with pkgs.lib.maintainers; [ nand0p ];
 } {}
--- a/nixos/tests/buildkite-agents.nix
+++ b/nixos/tests/buildkite-agents.nix
@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ... }:
 {
  name = "buildkite-agent";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ flokli ];
  };
--- a/nixos/tests/caddy.nix
+++ b/nixos/tests/caddy.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "caddy";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ xfix Br1ght0ne ];
  };
--- a/nixos/tests/cadvisor.nix
+++ b/nixos/tests/cadvisor.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... } : {
  name = "cadvisor";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ offline ];
  };
--- a/nixos/tests/cage.nix
+++ b/nixos/tests/cage.nix
@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
 {
  name = "cage";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ matthewbauer flokli ];
  };
--- a/nixos/tests/cagebreak.nix
+++ b/nixos/tests/cagebreak.nix
@ -9,7 +9,7 @@ let
 in
 {
  name = "cagebreak";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ berbiche ];
  };
--- a/nixos/tests/ceph-multi-node.nix
+++ b/nixos/tests/ceph-multi-node.nix
@ -218,7 +218,7 @@ let
  '';
 in {
  name = "basic-multi-node-ceph-cluster";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ lejonet ];
  };
--- a/nixos/tests/ceph-single-node.nix
+++ b/nixos/tests/ceph-single-node.nix
@ -184,7 +184,7 @@ let
  '';
 in {
  name = "basic-single-node-ceph-cluster";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ lejonet johanot ];
  };
--- a/nixos/tests/charliecloud.nix
+++ b/nixos/tests/charliecloud.nix
@ -11,7 +11,7 @@ import ./make-test-python.nix ({ pkgs, ...} : let
 in {
  name = "charliecloud";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ bzizou ];
  };
--- a/nixos/tests/cjdns.nix
+++ b/nixos/tests/cjdns.nix
@ -19,7 +19,7 @@ in
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "cjdns";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ehmry ];
  };
--- a/nixos/tests/clickhouse.nix
+++ b/nixos/tests/clickhouse.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "clickhouse";
-  meta.maintainers = with pkgs.stdenv.lib.maintainers; [ ma27 ];
+  meta.maintainers = with pkgs.lib.maintainers; [ ma27 ];
  machine = {
    services.clickhouse.enable = true;
--- a/nixos/tests/cloud-init.nix
+++ b/nixos/tests/cloud-init.nix
@ -40,7 +40,7 @@ let
  };
 in makeTest {
  name = "cloud-init";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ lewo ];
  };
  machine = { ... }:
--- a/nixos/tests/cockroachdb.nix
+++ b/nixos/tests/cockroachdb.nix
@ -99,7 +99,7 @@ let
 in import ./make-test-python.nix ({ pkgs, ...} : {
  name = "cockroachdb";
-  meta.maintainers = with pkgs.stdenv.lib.maintainers;
+  meta.maintainers = with pkgs.lib.maintainers;
    [ thoughtpolice ];
  nodes = {
--- a/nixos/tests/containers-bridge.nix
+++ b/nixos/tests/containers-bridge.nix
@ -9,7 +9,7 @@ in
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-bridge";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ aristid aszlig eelco kampfschlaefer ];
  };
--- a/nixos/tests/containers-extra_veth.nix
+++ b/nixos/tests/containers-extra_veth.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-extra_veth";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ kampfschlaefer ];
  };
--- a/nixos/tests/containers-hosts.nix
+++ b/nixos/tests/containers-hosts.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-hosts";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ montag451 ];
  };
--- a/nixos/tests/containers-imperative.nix
+++ b/nixos/tests/containers-imperative.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-imperative";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ aristid aszlig eelco kampfschlaefer ];
  };
--- a/nixos/tests/containers-ip.nix
+++ b/nixos/tests/containers-ip.nix
@ -15,7 +15,7 @@ let
 in import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-ipv4-ipv6";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ aristid aszlig eelco kampfschlaefer ];
  };
--- a/nixos/tests/containers-macvlans.nix
+++ b/nixos/tests/containers-macvlans.nix
@ -8,7 +8,7 @@ in
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-macvlans";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ montag451 ];
  };
--- a/nixos/tests/containers-physical_interfaces.nix
+++ b/nixos/tests/containers-physical_interfaces.nix
@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-physical_interfaces";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ kampfschlaefer ];
  };
--- a/nixos/tests/containers-portforward.nix
+++ b/nixos/tests/containers-portforward.nix
@ -9,7 +9,7 @@ in
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-portforward";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ aristid aszlig eelco kampfschlaefer ianwookim ];
  };
--- a/nixos/tests/containers-reloadable.nix
+++ b/nixos/tests/containers-reloadable.nix
@ -16,7 +16,7 @@ let
  };
 in {
  name = "containers-reloadable";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ danbst ];
  };
--- a/nixos/tests/containers-restart_networking.nix
+++ b/nixos/tests/containers-restart_networking.nix
@ -19,7 +19,7 @@ let
 in import ./make-test-python.nix ({ pkgs, ...} :
 {
  name = "containers-restart_networking";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ kampfschlaefer ];
  };
--- a/nixos/tests/containers-tmpfs.nix
+++ b/nixos/tests/containers-tmpfs.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "containers-tmpfs";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ kampka ];
  };
--- a/nixos/tests/convos.nix
+++ b/nixos/tests/convos.nix
@ -6,7 +6,7 @@ let
 in
 {
  name = "convos";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ sgo ];
  };
--- a/nixos/tests/couchdb.nix
+++ b/nixos/tests/couchdb.nix
@ -19,7 +19,7 @@ with lib;
 {
  name = "couchdb";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ fpletz ];
  };
--- a/nixos/tests/cri-o.nix
+++ b/nixos/tests/cri-o.nix
@ -1,7 +1,7 @@
 # This test runs CRI-O and verifies via critest
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "cri-o";
-  maintainers = with pkgs.stdenv.lib.maintainers; teams.podman.members;
+  maintainers = with pkgs.lib.maintainers; teams.podman.members;
  nodes = {
    crio = {
--- a/nixos/tests/deluge.nix
+++ b/nixos/tests/deluge.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "deluge";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ flokli ];
  };
--- a/nixos/tests/dnscrypt-proxy2.nix
+++ b/nixos/tests/dnscrypt-proxy2.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "dnscrypt-proxy2";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ joachifm ];
  };
--- a/nixos/tests/dnscrypt-wrapper/default.nix
+++ b/nixos/tests/dnscrypt-wrapper/default.nix
@ -1,6 +1,6 @@
 import ../make-test-python.nix ({ pkgs, ... }: {
  name = "dnscrypt-wrapper";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ rnhmjoj ];
  };
--- a/nixos/tests/docker-edge.nix
+++ b/nixos/tests/docker-edge.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "docker";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus offline ];
  };
--- a/nixos/tests/docker-registry.nix
+++ b/nixos/tests/docker-registry.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "docker-registry";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ globin ma27 ironpinguin ];
  };
--- a/nixos/tests/docker-tools-cross.nix
+++ b/nixos/tests/docker-tools-cross.nix
@ -35,7 +35,7 @@ let
 in {
  name = "docker-tools";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ roberth ];
  };
--- a/nixos/tests/docker-tools-overlay.nix
+++ b/nixos/tests/docker-tools-overlay.nix
@ -3,7 +3,7 @@
 import ./make-test-python.nix ({ pkgs, ... }:
 {
  name = "docker-tools-overlay";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ lnl7 ];
  };
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "docker-tools";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ lnl7 ];
  };
--- a/nixos/tests/docker.nix
+++ b/nixos/tests/docker.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "docker";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus offline ];
  };
--- a/nixos/tests/documize.nix
+++ b/nixos/tests/documize.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, lib, ...} : {
  name = "documize";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ma27 ];
  };
--- a/nixos/tests/dokuwiki.nix
+++ b/nixos/tests/dokuwiki.nix
@ -32,7 +32,7 @@ let
 in {
  name = "dokuwiki";
-  meta = with pkgs.stdenv.lib; {
+  meta = with pkgs.lib; {
    maintainers = with maintainers; [ _1000101 ];
  };
  machine = { ... }: {
--- a/nixos/tests/elk.nix
+++ b/nixos/tests/elk.nix
@ -12,7 +12,7 @@ let
  mkElkTest = name : elk :
    import ./make-test-python.nix ({
    inherit name;
-    meta = with pkgs.stdenv.lib.maintainers; {
+    meta = with pkgs.lib.maintainers; {
      maintainers = [ eelco offline basvandijk ];
    };
    nodes = {
--- a/nixos/tests/emacs-daemon.nix
+++ b/nixos/tests/emacs-daemon.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "emacs-daemon";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ];
  };
--- a/nixos/tests/engelsystem.nix
+++ b/nixos/tests/engelsystem.nix
@ -2,7 +2,7 @@ import ./make-test-python.nix (
  { pkgs, lib, ... }:
  {
    name = "engelsystem";
-    meta = with pkgs.stdenv.lib.maintainers; {
+    meta = with pkgs.lib.maintainers; {
      maintainers = [ talyz ];
    };
--- a/nixos/tests/enlightenment.nix
+++ b/nixos/tests/enlightenment.nix
@ -2,7 +2,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
 {
  name = "enlightenment";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ romildo ];
  };
--- a/nixos/tests/env.nix
+++ b/nixos/tests/env.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "environment";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus ];
  };
--- a/nixos/tests/ergo.nix
+++ b/nixos/tests/ergo.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "ergo";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ mmahut ];
  };
--- a/nixos/tests/etcd-cluster.nix
+++ b/nixos/tests/etcd-cluster.nix
@ -97,7 +97,7 @@ import ./make-test-python.nix ({ pkgs, ... } : let
 in {
  name = "etcd";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ offline ];
  };
--- a/nixos/tests/etcd.nix
+++ b/nixos/tests/etcd.nix
@ -3,7 +3,7 @@
 import ./make-test-python.nix ({ pkgs, ... } : {
  name = "etcd";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ offline ];
  };
--- a/nixos/tests/etesync-dav.nix
+++ b/nixos/tests/etesync-dav.nix
@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "etesync-dav";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ _3699n ];
  };
--- a/nixos/tests/fenics.nix
+++ b/nixos/tests/fenics.nix
@ -29,7 +29,7 @@ in
 {
  name = "fenics";
  meta = {
-    maintainers = with pkgs.stdenv.lib.maintainers; [ knedlsepp ];
+    maintainers = with pkgs.lib.maintainers; [ knedlsepp ];
  };
  nodes = {
--- a/nixos/tests/ferm.nix
+++ b/nixos/tests/ferm.nix
@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "ferm";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ mic92 ];
  };
--- a/nixos/tests/firefox.nix
+++ b/nixos/tests/firefox.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, esr ? false, ... }: {
  name = "firefox";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ eelco shlevy ];
  };
--- a/nixos/tests/firejail.nix
+++ b/nixos/tests/firejail.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "firejail";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ sgo ];
  };
--- a/nixos/tests/firewall.nix
+++ b/nixos/tests/firewall.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ( { pkgs, ... } : {
  name = "firewall";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ eelco ];
  };
--- a/nixos/tests/freeswitch.nix
+++ b/nixos/tests/freeswitch.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "freeswitch";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ misuzu ];
  };
  nodes = {
--- a/nixos/tests/gerrit.nix
+++ b/nixos/tests/gerrit.nix
@ -9,7 +9,7 @@ let
 in {
  name = "gerrit";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ flokli zimbatm ];
  };
--- a/nixos/tests/git/hub.nix
+++ b/nixos/tests/git/hub.nix
@ -1,6 +1,6 @@
 import ../make-test-python.nix ({ pkgs, ...} : {
  name = "hub";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ nequissimus ];
  };
--- a/nixos/tests/gitdaemon.nix
+++ b/nixos/tests/gitdaemon.nix
@ -7,7 +7,7 @@ let
 in {
  name = "gitdaemon";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ tilpner ];
  };
--- a/nixos/tests/gitlab.nix
+++ b/nixos/tests/gitlab.nix
@ -5,7 +5,7 @@ let
 in
 import ./make-test-python.nix ({ pkgs, lib, ...} : with lib; {
  name = "gitlab";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ globin ];
  };
--- a/nixos/tests/gitolite-fcgiwrap.nix
+++ b/nixos/tests/gitolite-fcgiwrap.nix
@ -13,7 +13,7 @@ import ./make-test-python.nix (
      {
        name = "gitolite-fcgiwrap";
-        meta = with pkgs.stdenv.lib.maintainers; {
+        meta = with pkgs.lib.maintainers; {
          maintainers = [ bbigras ];
        };
--- a/nixos/tests/gitolite.nix
+++ b/nixos/tests/gitolite.nix
@ -51,7 +51,7 @@ in
 {
  name = "gitolite";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ bjornfor ];
  };
--- a/nixos/tests/go-neb.nix
+++ b/nixos/tests/go-neb.nix
@ -1,7 +1,7 @@
 import ./make-test-python.nix ({ pkgs, ... }:
 {
  name = "go-neb";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ hexa maralorn ];
  };
--- a/nixos/tests/gocd-agent.nix
+++ b/nixos/tests/gocd-agent.nix
@ -11,7 +11,7 @@ in
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "gocd-agent";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ grahamc swarren83 ];
    # gocd agent needs to register with the autoregister key created on first server startup,
--- a/nixos/tests/gocd-server.nix
+++ b/nixos/tests/gocd-server.nix
@ -6,7 +6,7 @@ import ./make-test-python.nix ({ pkgs, ...} :
 {
  name = "gocd-server";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ swarren83 ];
  };
--- a/nixos/tests/google-oslogin/default.nix
+++ b/nixos/tests/google-oslogin/default.nix
@ -11,7 +11,7 @@ let
    '';
 in {
  name = "google-oslogin";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ adisbladis flokli ];
  };
--- a/nixos/tests/gotify-server.nix
+++ b/nixos/tests/gotify-server.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, lib, ...} : {
  name = "gotify-server";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ma27 ];
  };
--- a/nixos/tests/grocy.nix
+++ b/nixos/tests/grocy.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "grocy";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ma27 ];
  };
--- a/nixos/tests/gvisor.nix
+++ b/nixos/tests/gvisor.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "gvisor";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ andrew-d ];
  };
--- a/nixos/tests/haka.nix
+++ b/nixos/tests/haka.nix
@ -2,7 +2,7 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "haka";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ tvestelind ];
  };
--- a/nixos/tests/handbrake.nix
+++ b/nixos/tests/handbrake.nix
@ -9,7 +9,7 @@ in {
  name = "handbrake";
  meta = {
-    maintainers = with pkgs.stdenv.lib.maintainers; [ danieldk ];
+    maintainers = with pkgs.lib.maintainers; [ danieldk ];
  };
  machine = { pkgs, ... }: {
--- a/nixos/tests/hardened.nix
+++ b/nixos/tests/hardened.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, latestKernel ? false, ... } : {
  name = "hardened";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ joachifm ];
  };
--- a/nixos/tests/hitch/default.nix
+++ b/nixos/tests/hitch/default.nix
@ -1,7 +1,7 @@
 import ../make-test-python.nix ({ pkgs, ... }:
 {
  name = "hitch";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ jflanglois ];
  };
  machine = { pkgs, ... }: {
--- a/nixos/tests/hocker-fetchdocker/default.nix
+++ b/nixos/tests/hocker-fetchdocker/default.nix
@ -1,6 +1,6 @@
 import ../make-test-python.nix ({ pkgs, ...} : {
  name = "test-hocker-fetchdocker";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ ixmatus ];
    broken = true; # tries to download from registry-1.docker.io - how did this ever work?
  };
--- a/nixos/tests/home-assistant.nix
+++ b/nixos/tests/home-assistant.nix
@ -6,7 +6,7 @@ let
  mqttPassword = "secret";
 in {
  name = "home-assistant";
-  meta = with pkgs.stdenv.lib; {
+  meta = with pkgs.lib; {
    maintainers = with maintainers; [ dotlambda ];
  };
--- a/nixos/tests/hostname.nix
+++ b/nixos/tests/hostname.nix
@ -13,7 +13,7 @@ let
    in
      makeTest {
        name = "hostname-${fqdn}";
-        meta = with pkgs.stdenv.lib.maintainers; {
+        meta = with pkgs.lib.maintainers; {
          maintainers = [ primeos blitz ];
        };
--- a/nixos/tests/hound.nix
+++ b/nixos/tests/hound.nix
@ -1,7 +1,7 @@
 # Test whether `houndd` indexes nixpkgs
 import ./make-test-python.nix ({ pkgs, ... } : {
  name = "hound";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ grahamc ];
  };
  machine = { pkgs, ... }: {
--- a/nixos/tests/hydra/common.nix
+++ b/nixos/tests/hydra/common.nix
@ -19,7 +19,7 @@
      buildInputs = [ pkgs.makeWrapper ];
      installPhase = "install -m755 -D ${./create-trivial-project.sh} $out/bin/create-trivial-project.sh";
      postFixup = ''
-        wrapProgram "$out/bin/create-trivial-project.sh" --prefix PATH ":" ${pkgs.stdenv.lib.makeBinPath [ pkgs.curl ]} --set EXPR_PATH ${trivialJob}
+        wrapProgram "$out/bin/create-trivial-project.sh" --prefix PATH ":" ${pkgs.lib.makeBinPath [ pkgs.curl ]} --set EXPR_PATH ${trivialJob}
      '';
    };
  in {
--- a/nixos/tests/hydra/default.nix
+++ b/nixos/tests/hydra/default.nix
@ -16,7 +16,7 @@ let
  makeHydraTest = with pkgs.lib; name: package: makeTest {
    name = "hydra-${name}";
-    meta = with pkgs.stdenv.lib.maintainers; {
+    meta = with pkgs.lib.maintainers; {
      maintainers = [ pstn lewo ma27 ];
    };
--- a/nixos/tests/i3wm.nix
+++ b/nixos/tests/i3wm.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ...} : {
  name = "i3wm";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ aszlig ];
  };
--- a/nixos/tests/icingaweb2.nix
+++ b/nixos/tests/icingaweb2.nix
@ -1,6 +1,6 @@
 import ./make-test-python.nix ({ pkgs, ... }: {
  name = "icingaweb2";
-  meta = with pkgs.stdenv.lib.maintainers; {
+  meta = with pkgs.lib.maintainers; {
    maintainers = [ das_j ];
  };
--- a/Show More
+++ b/Show More