Merge master into staging-next

lib/tests/modules.sh

@@ -87,36 +87,36 @@ checkConfigOutput "false" "$@" ./define-force-enable.nix
 checkConfigOutput "false" "$@" ./define-enable-force.nix
 
 # Check mkForce with option and submodules.
-checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix
+checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix
-checkConfigOutput 'false' config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix
+checkConfigOutput 'false' config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
-set -- config.loaOfSub.foo.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo-enable.nix
+set -- config.attrsOfSub.foo.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo-enable.nix
 checkConfigOutput 'true' "$@"
-checkConfigOutput 'false' "$@" ./define-force-loaOfSub-foo-enable.nix
+checkConfigOutput 'false' "$@" ./define-force-attrsOfSub-foo-enable.nix
-checkConfigOutput 'false' "$@" ./define-loaOfSub-force-foo-enable.nix
+checkConfigOutput 'false' "$@" ./define-attrsOfSub-force-foo-enable.nix
-checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-force-enable.nix
+checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-force-enable.nix
-checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-force.nix
+checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-force.nix
 
 # Check overriding effect of mkForce on submodule definitions.
-checkConfigError 'attribute .*bar.* .* not found' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix
+checkConfigError 'attribute .*bar.* .* not found' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix
-checkConfigOutput 'false' config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar.nix
+checkConfigOutput 'false' config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar.nix
-set -- config.loaOfSub.bar.enable ./declare-loaOfSub-any-enable.nix ./define-loaOfSub-foo.nix ./define-loaOfSub-bar-enable.nix
+set -- config.attrsOfSub.bar.enable ./declare-attrsOfSub-any-enable.nix ./define-attrsOfSub-foo.nix ./define-attrsOfSub-bar-enable.nix
 checkConfigOutput 'true' "$@"
-checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-loaOfSub-foo-enable.nix
+checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-force-attrsOfSub-foo-enable.nix
-checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-loaOfSub-force-foo-enable.nix
+checkConfigError 'attribute .*bar.* .* not found' "$@" ./define-attrsOfSub-force-foo-enable.nix
-checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-force-enable.nix
+checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-force-enable.nix
-checkConfigOutput 'true' "$@" ./define-loaOfSub-foo-enable-force.nix
+checkConfigOutput 'true' "$@" ./define-attrsOfSub-foo-enable-force.nix
 
 # Check mkIf with submodules.
-checkConfigError 'attribute .*foo.* .* not found' config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix
+checkConfigError 'attribute .*foo.* .* not found' config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
-set -- config.loaOfSub.foo.enable ./declare-enable.nix ./declare-loaOfSub-any-enable.nix
+set -- config.attrsOfSub.foo.enable ./declare-enable.nix ./declare-attrsOfSub-any-enable.nix
-checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-loaOfSub-foo-enable.nix
+checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-if-attrsOfSub-foo-enable.nix
-checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-if-foo-enable.nix
+checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-if-foo-enable.nix
-checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-loaOfSub-foo-if-enable.nix
+checkConfigError 'attribute .*foo.* .* not found' "$@" ./define-attrsOfSub-foo-if-enable.nix
-checkConfigOutput 'false' "$@" ./define-loaOfSub-foo-enable-if.nix
+checkConfigOutput 'false' "$@" ./define-attrsOfSub-foo-enable-if.nix
-checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-loaOfSub-foo-enable.nix
+checkConfigOutput 'true' "$@" ./define-enable.nix ./define-if-attrsOfSub-foo-enable.nix
-checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-if-foo-enable.nix
+checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-if-foo-enable.nix
-checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-if-enable.nix
+checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-if-enable.nix
-checkConfigOutput 'true' "$@" ./define-enable.nix ./define-loaOfSub-foo-enable-if.nix
+checkConfigOutput 'true' "$@" ./define-enable.nix ./define-attrsOfSub-foo-enable-if.nix
 
 # Check disabledModules with config definitions and option declarations.
 set -- config.enable ./define-enable.nix ./declare-enable.nix
@@ -138,7 +138,7 @@ checkConfigError 'while evaluating the module argument .*custom.* in .*import-cu
 checkConfigError 'infinite recursion encountered' "$@"
 
 # Check _module.check.
-set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-loaOfSub-foo.nix
+set -- config.enable ./declare-enable.nix ./define-enable.nix ./define-attrsOfSub-foo.nix
 checkConfigError 'The option .* defined in .* does not exist.' "$@"
 checkConfigOutput "true" "$@" ./define-module-check.nix
 
@@ -152,12 +152,6 @@ checkConfigOutput "12" config.value ./declare-coerced-value-unsound.nix
 checkConfigError 'The option value .* in .* is not.*8 bit signed integer.* or string convertible to it' config.value ./declare-coerced-value-unsound.nix ./define-value-string-bigint.nix
 checkConfigError 'unrecognised JSON value' config.value ./declare-coerced-value-unsound.nix ./define-value-string-arbitrary.nix
 
-# Check loaOf with long list.
-checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-long-list.nix
-
-# Check loaOf with many merges of lists.
-checkConfigOutput "1 2 3 4 5 6 7 8 9 10" config.result ./loaOf-with-many-list-merges.nix
-
 # Check mkAliasOptionModule.
 checkConfigOutput "true" config.enable ./alias-with-priority.nix
 checkConfigOutput "true" config.enableAlias ./alias-with-priority.nix

lib/tests/modules/declare-attrsOfSub-any-enable.nix

@@ -17,10 +17,10 @@ in
 
 {
   options = {
-    loaOfSub = lib.mkOption {
+    attrsOfSub = lib.mkOption {
       default = {};
       example = {};
-      type = lib.types.loaOf (lib.types.submodule [ submod ]);
+      type = lib.types.attrsOf (lib.types.submodule [ submod ]);
       description = ''
         Some descriptive text
       '';

lib/tests/modules/define-attrsOfSub-bar-enable.nix

@@ -0,0 +1,3 @@
+{
+  attrsOfSub.bar.enable = true;
+}

lib/tests/modules/define-attrsOfSub-bar.nix

@@ -0,0 +1,3 @@
+{
+  attrsOfSub.bar = {};
+}

lib/tests/modules/define-attrsOfSub-foo-enable-force.nix

@@ -0,0 +1,5 @@
+{ lib, ... }:
+
+{
+  attrsOfSub.foo.enable = lib.mkForce false;
+}

lib/tests/modules/define-attrsOfSub-foo-enable-if.nix

@@ -0,0 +1,5 @@
+{ config, lib, ... }:
+
+{
+  attrsOfSub.foo.enable = lib.mkIf config.enable true;
+}

lib/tests/modules/define-attrsOfSub-foo-enable.nix

@@ -0,0 +1,3 @@
+{
+  attrsOfSub.foo.enable = true;
+}

lib/tests/modules/define-attrsOfSub-foo-force-enable.nix

@@ -1,7 +1,7 @@
 { lib, ... }:
 
 {
-  loaOfSub.foo = lib.mkForce {
+  attrsOfSub.foo = lib.mkForce {
     enable = false;
   };
 }

lib/tests/modules/define-attrsOfSub-foo-if-enable.nix

@@ -1,7 +1,7 @@
 { config, lib, ... }:
 
 {
-  loaOfSub.foo = lib.mkIf config.enable {
+  attrsOfSub.foo = lib.mkIf config.enable {
     enable = true;
   };
 }

lib/tests/modules/define-attrsOfSub-foo.nix

@@ -0,0 +1,3 @@
+{
+  attrsOfSub.foo = {};
+}

lib/tests/modules/define-attrsOfSub-force-foo-enable.nix

@@ -1,7 +1,7 @@
 { lib, ... }:
 
 {
-  loaOfSub = lib.mkForce {
+  attrsOfSub = lib.mkForce {
     foo.enable = false;
   };
 }

lib/tests/modules/define-attrsOfSub-if-foo-enable.nix

@@ -1,7 +1,7 @@
 { config, lib, ... }:
 
 {
-  loaOfSub = lib.mkIf config.enable {
+  attrsOfSub = lib.mkIf config.enable {
     foo.enable = true;
   };
 }

lib/tests/modules/define-force-attrsOfSub-foo-enable.nix

@@ -0,0 +1,5 @@
+{ lib, ... }:
+
+lib.mkForce {
+  attrsOfSub.foo.enable = false;
+}

lib/tests/modules/define-force-loaOfSub-foo-enable.nix

@@ -1,5 +0,0 @@
-{ lib, ... }:
-
-lib.mkForce {
-  loaOfSub.foo.enable = false;
-}

lib/tests/modules/define-if-attrsOfSub-foo-enable.nix

@@ -1,5 +1,5 @@
 { config, lib, ... }:
 
 lib.mkIf config.enable {
-  loaOfSub.foo.enable = true;
+  attrsOfSub.foo.enable = true;
 }

lib/tests/modules/define-loaOfSub-bar-enable.nix

@@ -1,3 +0,0 @@
-{
-  loaOfSub.bar.enable = true;
-}

lib/tests/modules/define-loaOfSub-bar.nix

@@ -1,3 +0,0 @@
-{
-  loaOfSub.bar = {};
-}

lib/tests/modules/define-loaOfSub-foo-enable-force.nix

@@ -1,5 +0,0 @@
-{ lib, ... }:
-
-{
-  loaOfSub.foo.enable = lib.mkForce false;
-}

lib/tests/modules/define-loaOfSub-foo-enable-if.nix

@@ -1,5 +0,0 @@
-{ config, lib, ... }:
-
-{
-  loaOfSub.foo.enable = lib.mkIf config.enable true;
-}

lib/tests/modules/define-loaOfSub-foo-enable.nix

@@ -1,3 +0,0 @@
-{
-  loaOfSub.foo.enable = true;
-}

lib/tests/modules/define-loaOfSub-foo.nix

@@ -1,3 +0,0 @@
-{
-  loaOfSub.foo = {};
-}

lib/tests/modules/loaOf-with-long-list.nix

@@ -1,19 +0,0 @@
-{ config, lib, ... }:
-
-{
-  options = {
-    loaOfInt = lib.mkOption {
-      type = lib.types.loaOf lib.types.int;
-    };
-
-    result = lib.mkOption {
-      type = lib.types.str;
-    };
-  };
-
-  config = {
-    loaOfInt = [ 1 2 3 4 5 6 7 8 9 10 ];
-
-    result = toString (lib.attrValues config.loaOfInt);
-  };
-}

lib/tests/modules/loaOf-with-many-list-merges.nix

@@ -1,19 +0,0 @@
-{ config, lib, ... }:
-
-{
-  options = {
-    loaOfInt = lib.mkOption {
-      type = lib.types.loaOf lib.types.int;
-    };
-
-    result = lib.mkOption {
-      type = lib.types.str;
-    };
-  };
-
-  config = {
-    loaOfInt = lib.mkMerge (map lib.singleton [ 1 2 3 4 5 6 7 8 9 10 ]);
-
-    result = toString (lib.attrValues config.loaOfInt);
-  };
-}

lib/types.nix

@@ -242,8 +242,7 @@ rec {
 
     path = mkOptionType {
       name = "path";
-      # Hacky: there is no ‘isPath’ primop.
+      check = x: isCoercibleToString x && builtins.substring 0 1 (toString x) == "/";
-      check = x: builtins.substring 0 1 (toString x) == "/";
       merge = mergeEqualOption;
     };
 
@@ -295,26 +294,43 @@ rec {
     # List or attribute set of ...
     loaOf = elemType:
       let
-        convertAllLists = defs:
+        convertAllLists = loc: defs:
           let
             padWidth = stringLength (toString (length defs));
             unnamedPrefix = i: "unnamed-" + fixedWidthNumber padWidth i + ".";
           in
-            imap1 (i: convertIfList (unnamedPrefix i)) defs;
+            imap1 (i: convertIfList loc (unnamedPrefix i)) defs;
-
+        convertIfList = loc: unnamedPrefix: def:
-        convertIfList = unnamedPrefix: def:
           if isList def.value then
             let
               padWidth = stringLength (toString (length def.value));
               unnamed = i: unnamedPrefix + fixedWidthNumber padWidth i;
-            in
+              res =
                 { inherit (def) file;
                   value = listToAttrs (
                     imap1 (elemIdx: elem:
                       { name  = elem.name or (unnamed elemIdx);
                         value = elem;
                       }) def.value);
-              }
+                };
+              option = concatStringsSep "." loc;
+              sample = take 3 def.value;
+              list = concatMapStrings (x: ''{ name = "${x.name or "unnamed"}"; ...} '') sample;
+              set = concatMapStrings (x: ''${x.name or "unnamed"} = {...}; '') sample;
+              msg = ''
+                In file ${def.file}
+                a list is being assigned to the option config.${option}.
+                This will soon be an error as type loaOf is deprecated.
+                See https://git.io/fj2zm for more information.
+                Do
+                  ${option} =
+                    { ${set}...}
+                instead of
+                  ${option} =
+                    [ ${list}...]
+              '';
+            in
+              lib.warn msg res
           else
             def;
         attrOnly = attrsOf elemType;
@@ -322,7 +338,7 @@ rec {
         name = "loaOf";
         description = "list or attribute set of ${elemType.description}s";
         check = x: isList x || isAttrs x;
-        merge = loc: defs: attrOnly.merge loc (convertAllLists defs);
+        merge = loc: defs: attrOnly.merge loc (convertAllLists loc defs);
         getSubOptions = prefix: elemType.getSubOptions (prefix ++ ["<name?>"]);
         getSubModules = elemType.getSubModules;
         substSubModules = m: loaOf (elemType.substSubModules m);

maintainers/maintainer-list.nix

@@ -4430,6 +4430,12 @@
     githubId = 4378377;
     name = "Matthias Devlamynck";
   };
+  mdlayher = {
+    email = "mdlayher@gmail.com";
+    github = "mdlayher";
+    githubId = 1926905;
+    name = "Matt Layher";
+  };
   meditans = {
     email = "meditans@gmail.com";
     github = "meditans";

nixos/modules/config/i18n.nix

@@ -80,14 +80,11 @@ with lib;
     };
 
     # ‘/etc/locale.conf’ is used by systemd.
-    environment.etc = singleton
+    environment.etc."locale.conf".source = pkgs.writeText "locale.conf"
-      { target = "locale.conf";
-        source = pkgs.writeText "locale.conf"
       ''
         LANG=${config.i18n.defaultLocale}
         ${concatStringsSep "\n" (mapAttrsToList (n: v: ''${n}=${v}'') config.i18n.extraLocaleSettings)}
       '';
-      };
 
   };
 }

nixos/modules/config/ldap.nix

@@ -224,7 +224,9 @@ in
 
   config = mkIf cfg.enable {
 
-    environment.etc = optional (!cfg.daemon.enable) ldapConfig;
+    environment.etc = optionalAttrs (!cfg.daemon.enable) {
+      "ldap.conf" = ldapConfig;
+    };
 
     system.activationScripts = mkIf (!cfg.daemon.enable) {
       ldap = stringAfter [ "etc" "groups" "users" ] ''

nixos/modules/config/pulseaudio.nix

@@ -215,9 +215,8 @@ in {
 
   config = mkMerge [
     {
-      environment.etc = singleton {
+      environment.etc = {
-        target = "pulse/client.conf";
+        "pulse/client.conf".source = clientConf;
-        source = clientConf;
       };
 
       hardware.pulseaudio.configFile = mkDefault "${getBin overriddenPackage}/etc/pulse/default.pa";
@@ -228,19 +227,16 @@ in {
 
       sound.enable = true;
 
-      environment.etc = [
+      environment.etc = {
-        { target = "asound.conf";
+        "asound.conf".source = alsaConf;
-          source = alsaConf; }
 
-        { target = "pulse/daemon.conf";
+        "pulse/daemon.conf".source = writeText "daemon.conf"
-          source = writeText "daemon.conf" (lib.generators.toKeyValue {} cfg.daemon.config); }
+          (lib.generators.toKeyValue {} cfg.daemon.config);
 
-        { target = "openal/alsoft.conf";
+        "openal/alsoft.conf".source = writeText "alsoft.conf" "drivers=pulse";
-          source = writeText "alsoft.conf" "drivers=pulse"; }
 
-        { target = "libao.conf";
+        "libao.conf".source = writeText "libao.conf" "default_driver=pulse";
-          source = writeText "libao.conf" "default_driver=pulse"; }
+      };
-      ];
 
       # Disable flat volumes to enable relative ones
       hardware.pulseaudio.daemon.config.flat-volumes = mkDefault "no";
@@ -275,9 +271,8 @@ in {
     })
 
     (mkIf nonSystemWide {
-      environment.etc = singleton {
+      environment.etc = {
-        target = "pulse/default.pa";
+        "pulse/default.pa".source = myConfigFile;
-        source = myConfigFile;
       };
       systemd.user = {
         services.pulseaudio = {

nixos/modules/i18n/input-method/ibus.nix

@@ -64,6 +64,8 @@ in
     # Without dconf enabled it is impossible to use IBus
     programs.dconf.enable = true;
 
+    programs.dconf.profiles.ibus = "${ibusPackage}/etc/dconf/profile/ibus";
+
     services.dbus.packages = [
       ibusAutostart
     ];

nixos/modules/installer/cd-dvd/system-tarball-pc.nix

@@ -122,11 +122,10 @@ in
 
   /* fake entry, just to have a happy stage-1. Users
      may boot without having stage-1 though */
-  fileSystems = [
+  fileSystems.fake =
     { mountPoint = "/";
       device = "/dev/something";
-      }
+    };
-  ];
 
   nixpkgs.config = {
     packageOverrides = p: {

nixos/modules/installer/cd-dvd/system-tarball-sheevaplug.nix

@@ -117,11 +117,10 @@ in
 
   /* fake entry, just to have a happy stage-1. Users
      may boot without having stage-1 though */
-  fileSystems = [
+  fileSystems.fake =
     { mountPoint = "/";
       device = "/dev/something";
-      }
+    };
-  ];
 
   services.mingetty = {
     # Some more help text.

nixos/modules/installer/cd-dvd/system-tarball.nix

@@ -41,7 +41,7 @@ in
 
     # In stage 1 of the boot, mount the CD/DVD as the root FS by label
     # so that we don't need to know its device.
-    fileSystems = [ ];
+    fileSystems = { };
 
     # boot.initrd.availableKernelModules = [ "mvsdio" "reiserfs" "ext3" "ext4" ];
 

nixos/modules/programs/dconf.nix

@@ -6,7 +6,10 @@ let
   cfg = config.programs.dconf;
 
   mkDconfProfile = name: path:
-    { source = path; target = "dconf/profile/${name}"; };
+    {
+      name = "dconf/profile/${name}";
+      value.source = path; 
+    };
 
 in
 {
@@ -29,8 +32,8 @@ in
   ###### implementation
 
   config = mkIf (cfg.profiles != {} || cfg.enable) {
-    environment.etc = optionals (cfg.profiles != {})
+    environment.etc = optionalAttrs (cfg.profiles != {})
-      (mapAttrsToList mkDconfProfile cfg.profiles);
+      (mapAttrs' mkDconfProfile cfg.profiles);
 
     services.dbus.packages = [ pkgs.dconf ];
 

nixos/modules/programs/shadow.nix

@@ -76,22 +76,18 @@ in
         config.users.defaultUserShell;
 
     environment.etc =
-      [ { # /etc/login.defs: global configuration for pwdutils.  You
+      { # /etc/login.defs: global configuration for pwdutils.  You
         # cannot login without it!
-          source = pkgs.writeText "login.defs" loginDefs;
+        "login.defs".source = pkgs.writeText "login.defs" loginDefs;
-          target = "login.defs";
-        }
 
-        { # /etc/default/useradd: configuration for useradd.
+        # /etc/default/useradd: configuration for useradd.
-          source = pkgs.writeText "useradd"
+        "default/useradd".source = pkgs.writeText "useradd"
           ''
             GROUP=100
             HOME=/home
             SHELL=${utils.toShellPath config.users.defaultUserShell}
           '';
-          target = "default/useradd";
+      };
-        }
-      ];
 
     security.pam.services =
       { chsh = { rootOK = true; };

nixos/modules/security/duosec.nix

@@ -25,18 +25,20 @@ let
     accept_env_factor=${boolToStr cfg.acceptEnvFactor}
   '';
 
-  loginCfgFile = optional cfg.ssh.enable
+  loginCfgFile = optionalAttrs cfg.ssh.enable {
+    "duo/login_duo.conf" =
       { source = pkgs.writeText "login_duo.conf" configFileLogin;
         mode   = "0600";
         user   = "sshd";
-      target = "duo/login_duo.conf";
+      };
   };
 
-  pamCfgFile = optional cfg.pam.enable
+  pamCfgFile = optional cfg.pam.enable {
+    "duo/pam_duo.conf" =
       { source = pkgs.writeText "pam_duo.conf" configFilePam;
         mode   = "0600";
         user   = "sshd";
-      target = "duo/pam_duo.conf";
+      };
   };
 in
 {
@@ -186,7 +188,7 @@ in
      environment.systemPackages = [ pkgs.duo-unix ];
 
      security.wrappers.login_duo.source = "${pkgs.duo-unix.out}/bin/login_duo";
-     environment.etc = loginCfgFile ++ pamCfgFile;
+     environment.etc = loginCfgFile // pamCfgFile;
 
      /* If PAM *and* SSH are enabled, then don't do anything special.
      If PAM isn't used, set the default SSH-only options. */

nixos/modules/security/pam.nix

@@ -475,9 +475,9 @@ let
 
   motd = pkgs.writeText "motd" config.users.motd;
 
-  makePAMService = pamService:
+  makePAMService = name: service:
-    { source = pkgs.writeText "${pamService.name}.pam" pamService.text;
+    { name = "pam.d/${name}";
-      target = "pam.d/${pamService.name}";
+      value.source = pkgs.writeText "${name}.pam" service.text;
     };
 
 in
@@ -760,8 +760,7 @@ in
       };
     };
 
-    environment.etc =
+    environment.etc = mapAttrs' makePAMService config.security.pam.services;
-      mapAttrsToList (n: v: makePAMService v) config.security.pam.services;
 
     security.pam.services =
       { other.text =

nixos/modules/security/pam_mount.nix

@@ -36,8 +36,7 @@ in
   config = mkIf (cfg.enable || anyPamMount) {
 
     environment.systemPackages = [ pkgs.pam_mount ];
-    environment.etc = [{
+    environment.etc."security/pam_mount.conf.xml" = {
-      target = "security/pam_mount.conf.xml";
       source =
         let
           extraUserVolumes = filterAttrs (n: u: u.cryptHomeLuks != null) config.users.users;
@@ -66,7 +65,7 @@ in
           ${concatStringsSep "\n" cfg.extraVolumes}
           </pam_mount>
           '';
-    }];
+    };
 
   };
 }

nixos/modules/security/rtkit.nix

@@ -34,9 +34,8 @@ with lib;
 
     services.dbus.packages = [ pkgs.rtkit ];
 
-    users.users = singleton
+    users.users.rtkit =
-      { name = "rtkit";
+      { uid = config.ids.uids.rtkit;
-        uid = config.ids.uids.rtkit;
         description = "RealtimeKit daemon";
       };
 

nixos/modules/security/sudo.nix

@@ -212,7 +212,7 @@ in
 
     security.pam.services.sudo = { sshAgentAuth = true; };
 
-    environment.etc = singleton
+    environment.etc.sudoers =
       { source =
           pkgs.runCommand "sudoers"
           {
@@ -222,7 +222,6 @@ in
           # Make sure that the sudoers file is syntactically valid.
           # (currently disabled - NIXOS-66)
           "${pkgs.buildPackages.sudo}/sbin/visudo -f $src -c && cp $src $out";
-        target = "sudoers";
         mode = "0440";
       };
 

nixos/modules/services/admin/oxidized.nix

@@ -111,7 +111,7 @@ in
         Restart  = "always";
         WorkingDirectory = cfg.dataDir;
         KillSignal = "SIGKILL";
-        PIDFile = "${cfg.dataDir}.config/oxidized/pid";
+        PIDFile = "${cfg.dataDir}/.config/oxidized/pid";
       };
     };
   };

nixos/modules/services/audio/mpd.nix

@@ -184,19 +184,19 @@ in {
       };
     };
 
-    users.users = optionalAttrs (cfg.user == name) (singleton {
+    users.users = optionalAttrs (cfg.user == name) {
+      ${name} = {
         inherit uid;
-      inherit name;
         group = cfg.group;
         extraGroups = [ "audio" ];
         description = "Music Player Daemon user";
         home = "${cfg.dataDir}";
-    });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == name) (singleton {
+    users.groups = optionalAttrs (cfg.group == name) {
-      inherit name;
+      ${name}.gid = gid;
-      gid = gid;
+    };
-    });
   };
 
 }

nixos/modules/services/backup/mysql-backup.nix

@@ -84,13 +84,14 @@ in
   };
 
   config = mkIf cfg.enable {
-    users.users = optionalAttrs (cfg.user == defaultUser) (singleton
+    users.users = optionalAttrs (cfg.user == defaultUser) {
-      { name = defaultUser;
+      ${defaultUser} = {
         isSystemUser = true;
         createHome = false;
         home = cfg.location;
         group = "nogroup";
-      });
+      };
+    };
 
     services.mysql.ensureUsers = [{
       name = cfg.user;

nixos/modules/services/cluster/kubernetes/default.nix

@@ -266,8 +266,7 @@ in {
         "d /var/lib/kubernetes 0755 kubernetes kubernetes -"
       ];
 
-      users.users = singleton {
+      users.users.kubernetes = {
-        name = "kubernetes";
         uid = config.ids.uids.kubernetes;
         description = "Kubernetes user";
         extraGroups = [ "docker" ];

nixos/modules/services/continuous-integration/buildbot/master.nix

@@ -223,11 +223,11 @@ in {
 
   config = mkIf cfg.enable {
     users.groups = optional (cfg.group == "buildbot") {
-      name = "buildbot";
+      buildbot = { };
     };
 
-    users.users = optional (cfg.user == "buildbot") {
+    users.users = optionalAttrs (cfg.user == "buildbot") {
-      name = "buildbot";
+      buildbot = {
         description = "Buildbot User.";
         isNormalUser = true;
         createHome = true;
@@ -236,6 +236,7 @@ in {
         extraGroups = cfg.extraGroups;
         useDefaultShell = true;
       };
+    };
 
     systemd.services.buildbot-master = {
       description = "Buildbot Continuous Integration Server.";

nixos/modules/services/continuous-integration/buildbot/worker.nix

@@ -137,11 +137,11 @@ in {
     services.buildbot-worker.workerPassFile = mkDefault (pkgs.writeText "buildbot-worker-password" cfg.workerPass);
 
     users.groups = optional (cfg.group == "bbworker") {
-      name = "bbworker";
+      bbworker = { };
     };
 
-    users.users = optional (cfg.user == "bbworker") {
+    users.users = optionalAttrs (cfg.user == "bbworker") {
-      name = "bbworker";
+      bbworker = {
         description = "Buildbot Worker User.";
         isNormalUser = true;
         createHome = true;
@@ -150,6 +150,7 @@ in {
         extraGroups = cfg.extraGroups;
         useDefaultShell = true;
       };
+    };
 
     systemd.services.buildbot-worker = {
       description = "Buildbot Worker.";

nixos/modules/services/continuous-integration/gocd-agent/default.nix

@@ -135,13 +135,12 @@ in {
   };
 
   config = mkIf cfg.enable {
-    users.groups = optional (cfg.group == "gocd-agent") {
+    users.groups = optionalAttrs (cfg.group == "gocd-agent") {
-      name = "gocd-agent";
+      gocd-agent.gid = config.ids.gids.gocd-agent;
-      gid = config.ids.gids.gocd-agent;
     };
 
-    users.users = optional (cfg.user == "gocd-agent") {
+    users.users = optionalAttrs (cfg.user == "gocd-agent") {
-      name = "gocd-agent";
+      gocd-agent = {
         description = "gocd-agent user";
         createHome = true;
         home = cfg.workDir;
@@ -150,6 +149,7 @@ in {
         useDefaultShell = true;
         uid = config.ids.uids.gocd-agent;
       };
+    };
 
     systemd.services.gocd-agent = {
       description = "GoCD Agent";

nixos/modules/services/continuous-integration/gocd-server/default.nix

@@ -143,13 +143,12 @@ in {
   };
 
   config = mkIf cfg.enable {
-    users.groups = optional (cfg.group == "gocd-server") {
+    users.groups = optionalAttrs (cfg.group == "gocd-server") {
-      name = "gocd-server";
+      gocd-server.gid = config.ids.gids.gocd-server;
-      gid = config.ids.gids.gocd-server;
     };
 
-    users.users = optional (cfg.user == "gocd-server") {
+    users.users = optionalAttrs (cfg.user == "gocd-server") {
-      name = "gocd-server";
+      gocd-server = {
         description = "gocd-server user";
         createHome = true;
         home = cfg.workDir;
@@ -158,6 +157,7 @@ in {
         useDefaultShell = true;
         uid = config.ids.uids.gocd-server;
       };
+    };
 
     systemd.services.gocd-server = {
       description = "GoCD Server";

nixos/modules/services/continuous-integration/jenkins/default.nix

@@ -150,13 +150,12 @@ in {
       pkgs.dejavu_fonts
     ];
 
-    users.groups = optional (cfg.group == "jenkins") {
+    users.groups = optionalAttrs (cfg.group == "jenkins") {
-      name = "jenkins";
+      jenkins.gid = config.ids.gids.jenkins;
-      gid = config.ids.gids.jenkins;
     };
 
-    users.users = optional (cfg.user == "jenkins") {
+    users.users = optionalAttrs (cfg.user == "jenkins") {
-      name = "jenkins";
+      jenkins = {
         description = "jenkins user";
         createHome = true;
         home = cfg.home;
@@ -165,6 +164,7 @@ in {
         useDefaultShell = true;
         uid = config.ids.uids.jenkins;
       };
+    };
 
     systemd.services.jenkins = {
       description = "Jenkins Continuous Integration Server";

nixos/modules/services/continuous-integration/jenkins/slave.nix

@@ -51,12 +51,11 @@ in {
 
   config = mkIf (cfg.enable && !masterCfg.enable) {
     users.groups = optional (cfg.group == "jenkins") {
-      name = "jenkins";
+      jenkins.gid = config.ids.gids.jenkins;
-      gid = config.ids.gids.jenkins;
     };
 
-    users.users = optional (cfg.user == "jenkins") {
+    users.users = optionalAttrs (cfg.user == "jenkins") {
-      name = "jenkins";
+      jenkins = {
         description = "jenkins user";
         createHome = true;
         home = cfg.home;
@@ -65,4 +64,5 @@ in {
         uid = config.ids.uids.jenkins;
       };
     };
+  };
 }

nixos/modules/services/databases/cockroachdb.nix

@@ -171,17 +171,17 @@ in
 
     environment.systemPackages = [ crdb ];
 
-    users.users = optionalAttrs (cfg.user == "cockroachdb") (singleton
+    users.users = optionalAttrs (cfg.user == "cockroachdb") {
-      { name        = "cockroachdb";
+      cockroachdb = {
         description = "CockroachDB Server User";
         uid         = config.ids.uids.cockroachdb;
         group       = cfg.group;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "cockroachdb") (singleton
+    users.groups = optionalAttrs (cfg.group == "cockroachdb") {
-      { name = "cockroachdb";
+      cockroachdb.gid = config.ids.gids.cockroachdb;
-        gid  = config.ids.gids.cockroachdb;
+    };
-      });
 
     networking.firewall.allowedTCPPorts = lib.optionals cfg.openPorts
       [ cfg.http.port cfg.listen.port ];

nixos/modules/services/databases/foundationdb.nix

@@ -341,17 +341,17 @@ in
 
     environment.systemPackages = [ pkg ];
 
-    users.users = optionalAttrs (cfg.user == "foundationdb") (singleton
+    users.users = optionalAttrs (cfg.user == "foundationdb") {
-      { name        = "foundationdb";
+      foundationdb = {
         description = "FoundationDB User";
         uid         = config.ids.uids.foundationdb;
         group       = cfg.group;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "foundationdb") (singleton
+    users.groups = optionalAttrs (cfg.group == "foundationdb") {
-      { name = "foundationdb";
+      foundationdb.gid = config.ids.gids.foundationdb;
-        gid  = config.ids.gids.foundationdb;
+    };
-      });
 
     networking.firewall.allowedTCPPortRanges = mkIf cfg.openFirewall
       [ { from = cfg.listenPortStart;

nixos/modules/services/databases/influxdb.nix

@@ -182,15 +182,15 @@ in
         '';
     };
 
-    users.users = optional (cfg.user == "influxdb") {
+    users.users = optionalAttrs (cfg.user == "influxdb") {
-      name = "influxdb";
+      influxdb = {
         uid = config.ids.uids.influxdb;
         description = "Influxdb daemon user";
       };
+    };
 
-    users.groups = optional (cfg.group == "influxdb") {
+    users.groups = optionalAttrs (cfg.group == "influxdb") {
-      name = "influxdb";
+      influxdb.gid = config.ids.gids.influxdb;
-      gid = config.ids.gids.influxdb;
     };
   };
 

nixos/modules/services/databases/memcached.nix

@@ -64,10 +64,9 @@ in
 
   config = mkIf config.services.memcached.enable {
 
-    users.users = optional (cfg.user == "memcached") {
+    users.users = optionalAttrs (cfg.user == "memcached") {
-      name = "memcached";
+      memcached.description = "Memcached server user";
-      description = "Memcached server user";
+      memcached.isSystemUser = true;
-      isSystemUser = true;
     };
 
     environment.systemPackages = [ memcached ];

nixos/modules/services/databases/neo4j.nix

@@ -650,8 +650,7 @@ in {
 
       environment.systemPackages = [ cfg.package ];
 
-      users.users = singleton {
+      users.users.neo4j = {
-        name = "neo4j";
         uid = config.ids.uids.neo4j;
         description = "Neo4j daemon user";
         home = cfg.directories.home;

nixos/modules/services/databases/virtuoso.nix

@@ -54,9 +54,8 @@ with lib;
 
   config = mkIf cfg.enable {
 
-    users.users = singleton
+    users.users.${virtuosoUser} =
-      { name = virtuosoUser;
+      { uid = config.ids.uids.virtuoso;
-        uid = config.ids.uids.virtuoso;
         description = "virtuoso user";
         home = stateDir;
       };

nixos/modules/services/editors/infinoted.nix

@@ -111,14 +111,15 @@ in {
   };
 
   config = mkIf (cfg.enable) {
-    users.users = optional (cfg.user == "infinoted")
+    users.users = optionalAttrs (cfg.user == "infinoted")
-      { name = "infinoted";
+      { infinoted = {
           description = "Infinoted user";
           group = cfg.group;
           isSystemUser = true;
         };
-    users.groups = optional (cfg.group == "infinoted")
+      };
-      { name = "infinoted";
+    users.groups = optionalAttrs (cfg.group == "infinoted")
+      { infinoted = { };
       };
 
     systemd.services.infinoted =

nixos/modules/services/hardware/bluetooth.nix

@@ -74,9 +74,9 @@ in {
 
     environment.systemPackages = [ bluez-bluetooth ];
 
-    environment.etc = singleton {
+    environment.etc."bluetooth/main.conf"= {
-      source = pkgs.writeText "main.conf" (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
+      source = pkgs.writeText "main.conf"
-      target = "bluetooth/main.conf";
+        (generators.toINI { } cfg.config + optionalString (cfg.extraConfig != null) cfg.extraConfig);
     };
 
     services.udev.packages = [ bluez-bluetooth ];

nixos/modules/services/hardware/sane_extra_backends/brscan4.nix

@@ -95,14 +95,11 @@ in
       pkgs.brscan4
     ];
 
-    environment.etc = singleton {
+    environment.etc."opt/brother/scanner/brscan4" =
-      target = "opt/brother/scanner/brscan4";
+      { source = "${etcFiles}/etc/opt/brother/scanner/brscan4"; };
-      source = "${etcFiles}/etc/opt/brother/scanner/brscan4";
-    };
 
     assertions = [
       { assertion = all (x: !(null != x.ip && null != x.nodename)) netDeviceList;
-          
         message = ''
           When describing a network device as part of the attribute list
           `hardware.sane.brscan4.netDevices`, only one of its `ip` or `nodename`

nixos/modules/services/hardware/tcsd.nix

@@ -137,15 +137,15 @@ in
       serviceConfig.ExecStart = "${pkgs.trousers}/sbin/tcsd -f -c ${tcsdConf}";
     };
 
-    users.users = optionalAttrs (cfg.user == "tss") (singleton
+    users.users = optionalAttrs (cfg.user == "tss") {
-      { name = "tss";
+      tss = {
         group = "tss";
         uid = config.ids.uids.tss;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "tss") (singleton
+    users.groups = optionalAttrs (cfg.group == "tss") {
-      { name = "tss";
+      tss.gid = config.ids.gids.tss;
-        gid = config.ids.gids.tss;
+    };
-      });
   };
 }

nixos/modules/services/hardware/tlp.nix

@@ -103,12 +103,13 @@ in
 
     services.udev.packages = [ tlp ];
 
-    environment.etc = [{ source = confFile;
+    environment.etc =
-                         target = "default/tlp";
+      {
-                       }
+        "default/tlp".source = confFile;
-                      ] ++ optional enableRDW {
+      } // optionalAttrs enableRDW {
+        "NetworkManager/dispatcher.d/99tlp-rdw-nm" = {
           source = "${tlp}/etc/NetworkManager/dispatcher.d/99tlp-rdw-nm";
-                        target = "NetworkManager/dispatcher.d/99tlp-rdw-nm";
+        };
       };
 
     environment.systemPackages = [ tlp ];

nixos/modules/services/hardware/udev.nix

@@ -281,13 +281,10 @@ in
     boot.kernelParams = mkIf (!config.networking.usePredictableInterfaceNames) [ "net.ifnames=0" ];
 
     environment.etc =
-      [ { source = udevRules;
+      {
-          target = "udev/rules.d";
+        "udev/rules.d".source = udevRules;
-        }
+        "udev/hwdb.bin".source = hwdbBin;
-        { source = hwdbBin;
+      };
-          target = "udev/hwdb.bin";
-        }
-      ];
 
     system.requiredKernelConfig = with config.lib.kernelConfig; [
       (isEnabled "UNIX")

nixos/modules/services/hardware/usbmuxd.nix

@@ -43,15 +43,16 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = optional (cfg.user == defaultUserGroup) {
+    users.users = optionalAttrs (cfg.user == defaultUserGroup) {
-      name = cfg.user;
+      ${cfg.user} = {
         description = "usbmuxd user";
         group = cfg.group;
         isSystemUser = true;
       };
+    };
 
     users.groups = optional (cfg.group == defaultUserGroup) {
-      name = cfg.group;
+      ${cfg.group} = { };
     };
 
     # Give usbmuxd permission for Apple devices

nixos/modules/services/logging/logcheck.nix

@@ -213,13 +213,14 @@ in
         mapAttrsToList writeIgnoreRule cfg.ignore
         ++ mapAttrsToList writeIgnoreCronRule cfg.ignoreCron;
 
-    users.users = optionalAttrs (cfg.user == "logcheck") (singleton
+    users.users = optionalAttrs (cfg.user == "logcheck") {
-      { name = "logcheck";
+      logcheck = {
         uid = config.ids.uids.logcheck;
         shell = "/bin/sh";
         description = "Logcheck user account";
         extraGroups = cfg.extraGroups;
-      });
+      };
+    };
 
     system.activationScripts.logcheck = ''
       mkdir -m 700 -p /var/{lib,lock}/logcheck

nixos/modules/services/mail/dovecot.nix

@@ -310,35 +310,31 @@ in
      ++ optional cfg.enablePop3 "pop3"
      ++ optional cfg.enableLmtp "lmtp";
 
-    users.users = [
+    users.users = {
-      { name = "dovenull";
+      dovenull =
-        uid = config.ids.uids.dovenull2;
+        { uid = config.ids.uids.dovenull2;
           description = "Dovecot user for untrusted logins";
           group = "dovenull";
-      }
+        };
-    ] ++ optional (cfg.user == "dovecot2")
+    } // optionalAttrs (cfg.user == "dovecot2") {
-         { name = "dovecot2";
+      dovecot2 =
-           uid = config.ids.uids.dovecot2;
+         { uid = config.ids.uids.dovecot2;
            description = "Dovecot user";
            group = cfg.group;
-         }
+         };
-      ++ optional (cfg.createMailUser && cfg.mailUser != null)
+    } // optionalAttrs (cfg.createMailUser && cfg.mailUser != null) {
-         ({ name = cfg.mailUser;
+      ${cfg.mailUser} =
-            description = "Virtual Mail User";
+        { description = "Virtual Mail User"; } //
-         } // optionalAttrs (cfg.mailGroup != null) {
+        optionalAttrs (cfg.mailGroup != null)
-           group = cfg.mailGroup;
+          { group = cfg.mailGroup; };
-         });
+    };
 
-    users.groups = optional (cfg.group == "dovecot2")
+    users.groups = {
-      { name = "dovecot2";
+      dovenull.gid = config.ids.gids.dovenull2;
-        gid = config.ids.gids.dovecot2;
+    } // optionalAttrs (cfg.group == "dovecot2") {
-      }
+      dovecot2.gid = config.ids.gids.dovecot2;
-    ++ optional (cfg.createMailUser && cfg.mailGroup != null)
+    } // optionalAttrs (cfg.createMailUser && cfg.mailGroup != null) {
-      { name = cfg.mailGroup;
+      ${cfg.mailGroup} = { };
-      }
-    ++ singleton
-      { name = "dovenull";
-        gid = config.ids.gids.dovenull2;
     };
 
     environment.etc."dovecot/modules".source = modulesDir;

nixos/modules/services/mail/dspam.nix

@@ -86,16 +86,16 @@ in {
 
   config = mkIf cfg.enable (mkMerge [
     {
-      users.users = optionalAttrs (cfg.user == "dspam") (singleton
+      users.users = optionalAttrs (cfg.user == "dspam") {
-        { name = "dspam";
+        dspam = {
           group = cfg.group;
           uid = config.ids.uids.dspam;
-        });
+        };
+      };
 
-      users.groups = optionalAttrs (cfg.group == "dspam") (singleton
+      users.groups = optionalAttrs (cfg.group == "dspam") {
-        { name = "dspam";
+        dspam.gid = config.ids.gids.dspam;
-          gid = config.ids.gids.dspam;
+      };
-        });
 
       environment.systemPackages = [ dspam ];
 

nixos/modules/services/mail/exim.nix

@@ -87,15 +87,13 @@ in
       systemPackages = [ cfg.package ];
     };
 
-    users.users = singleton {
+    users.users.${cfg.user} = {
-      name = cfg.user;
       description = "Exim mail transfer agent user";
       uid = config.ids.uids.exim;
       group = cfg.group;
     };
 
-    users.groups = singleton {
+    users.groups.${cfg.group} = {
-      name = cfg.group;
       gid = config.ids.gids.exim;
     };
 

nixos/modules/services/mail/mlmmj.nix

@@ -94,8 +94,7 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = singleton {
+    users.users.${cfg.user} = {
-      name = cfg.user;
       description = "mlmmj user";
       home = stateDir;
       createHome = true;
@@ -104,8 +103,7 @@ in
       useDefaultShell = true;
     };
 
-    users.groups = singleton {
+    users.groups.${cfg.group} = {
-      name = cfg.group;
       gid = config.ids.gids.mlmmj;
     };
 

nixos/modules/services/mail/nullmailer.nix

@@ -201,15 +201,12 @@ with lib;
     };
 
     users = {
-      users = singleton {
+      users.${cfg.user} = {
-        name = cfg.user;
         description = "Nullmailer relay-only mta user";
         group = cfg.group;
       };
 
-      groups = singleton {
+      groups.${cfg.group} = { };
-        name = cfg.group;
-      };
     };
 
     systemd.tmpfiles.rules = [

nixos/modules/services/mail/opendkim.nix

@@ -91,16 +91,16 @@ in {
 
   config = mkIf cfg.enable {
 
-    users.users = optionalAttrs (cfg.user == "opendkim") (singleton
+    users.users = optionalAttrs (cfg.user == "opendkim") {
-      { name = "opendkim";
+      opendkim = {
         group = cfg.group;
         uid = config.ids.uids.opendkim;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "opendkim") (singleton
+    users.groups = optionalAttrs (cfg.group == "opendkim") {
-      { name = "opendkim";
+      opendkim.gid = config.ids.gids.opendkim;
-        gid = config.ids.gids.opendkim;
+    };
-      });
 
     environment.systemPackages = [ pkgs.opendkim ];
 

nixos/modules/services/mail/postfix.nix

@@ -655,21 +655,20 @@ in
         setgid = true;
       };
 
-      users.users = optional (user == "postfix")
+      users.users = optionalAttrs (user == "postfix")
-        { name = "postfix";
+        { postfix = {
             description = "Postfix mail server user";
             uid = config.ids.uids.postfix;
             group = group;
           };
+        };
 
       users.groups =
-        optional (group == "postfix")
+        optionalAttrs (group == "postfix")
-        { name = group;
+        { ${group}.gid = config.ids.gids.postfix;
-          gid = config.ids.gids.postfix;
         }
-        ++ optional (setgidGroup == "postdrop")
+        // optionalAttrs (setgidGroup == "postdrop")
-        { name = setgidGroup;
+        { ${setgidGroup}.gid = config.ids.gids.postdrop;
-          gid = config.ids.gids.postdrop;
         };
 
       systemd.services.postfix =

nixos/modules/services/mail/postsrsd.nix

@@ -90,16 +90,16 @@ in {
 
     services.postsrsd.domain = mkDefault config.networking.hostName;
 
-    users.users = optionalAttrs (cfg.user == "postsrsd") (singleton
+    users.users = optionalAttrs (cfg.user == "postsrsd") {
-      { name = "postsrsd";
+      postsrsd = {
         group = cfg.group;
         uid = config.ids.uids.postsrsd;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "postsrsd") (singleton
+    users.groups = optionalAttrs (cfg.group == "postsrsd") {
-      { name = "postsrsd";
+      postsrsd.gid = config.ids.gids.postsrsd;
-        gid = config.ids.gids.postsrsd;
+    };
-      });
 
     systemd.services.postsrsd = {
       description = "PostSRSd SRS rewriting server";

nixos/modules/services/mail/rspamd.nix

@@ -374,15 +374,13 @@ in
     # Allow users to run 'rspamc' and 'rspamadm'.
     environment.systemPackages = [ pkgs.rspamd ];
 
-    users.users = singleton {
+    users.users.${cfg.user} = {
-      name = cfg.user;
       description = "rspamd daemon";
       uid = config.ids.uids.rspamd;
       group = cfg.group;
     };
 
-    users.groups = singleton {
+    users.groups.${cfg.group} = {
-      name = cfg.group;
       gid = config.ids.gids.rspamd;
     };
 

nixos/modules/services/mail/spamassassin.nix

@@ -128,15 +128,13 @@ in
       systemPackages = [ pkgs.spamassassin ];
     };
 
-    users.users = singleton {
+    users.users.spamd = {
-      name = "spamd";
       description = "Spam Assassin Daemon";
       uid = config.ids.uids.spamd;
       group = "spamd";
     };
 
-    users.groups = singleton {
+    users.groups.spamd = {
-      name = "spamd";
       gid = config.ids.gids.spamd;
     };
 

nixos/modules/services/misc/apache-kafka.nix

@@ -124,8 +124,7 @@ in {
 
     environment.systemPackages = [cfg.package];
 
-    users.users = singleton {
+    users.users.apache-kafka = {
-      name = "apache-kafka";
       uid = config.ids.uids.apache-kafka;
       description = "Apache Kafka daemon user";
       home = head cfg.logDirs;

nixos/modules/services/misc/bepasty.nix

@@ -168,16 +168,12 @@ in
         })
     ) cfg.servers;
 
-    users.users = [{
+    users.users.${user} =
-      uid = config.ids.uids.bepasty;
+      { uid = config.ids.uids.bepasty;
-      name = user;
         group = group;
         home = default_home;
-    }];
+      };
 
-    users.groups = [{
+    users.groups.${group}.gid = config.ids.gids.bepasty;
-      name = group;
-      gid = config.ids.gids.bepasty;
-    }];
   };
 }

nixos/modules/services/misc/cgminer.nix

@@ -110,11 +110,12 @@ in
 
   config = mkIf config.services.cgminer.enable {
 
-    users.users = optionalAttrs (cfg.user == "cgminer") (singleton
+    users.users = optionalAttrs (cfg.user == "cgminer") {
-      { name = "cgminer";
+      cgminer = {
         uid = config.ids.uids.cgminer;
         description = "Cgminer user";
-      });
+      };
+    };
 
     environment.systemPackages = [ cfg.package ];
 

nixos/modules/services/misc/couchpotato.nix

@@ -29,17 +29,14 @@ in
       };
     };
 
-    users.users = singleton
+    users.users.couchpotato =
-      { name = "couchpotato";
+      { group = "couchpotato";
-        group = "couchpotato";
         home = "/var/lib/couchpotato/";
         description = "CouchPotato daemon user";
         uid = config.ids.uids.couchpotato;
       };
 
-    users.groups = singleton
+    users.groups.couchpotato =
-      { name = "couchpotato";
+      { gid = config.ids.gids.couchpotato; };
-        gid = config.ids.gids.couchpotato;
-      };
   };
 }

nixos/modules/services/misc/dictd.nix

@@ -45,18 +45,14 @@ in
     # get the command line client on system path to make some use of the service
     environment.systemPackages = [ pkgs.dict ];
 
-    users.users = singleton
+    users.users.dictd =
-      { name = "dictd";
+      { group = "dictd";
-        group = "dictd";
         description = "DICT.org dictd server";
         home = "${dictdb}/share/dictd";
         uid = config.ids.uids.dictd;
       };
 
-    users.groups = singleton
+    users.groups.dictd.gid = config.ids.gids.dictd;
-      { name = "dictd";
-        gid = config.ids.gids.dictd;
-      };
 
     systemd.services.dictd = {
       description = "DICT.org Dictionary Server";

nixos/modules/services/misc/etcd.nix

@@ -186,8 +186,7 @@ in {
 
     environment.systemPackages = [ pkgs.etcdctl ];
 
-    users.users = singleton {
+    users.users.etcd = {
-      name = "etcd";
       uid = config.ids.uids.etcd;
       description = "Etcd daemon user";
       home = cfg.dataDir;

nixos/modules/services/misc/exhibitor.nix

@@ -410,8 +410,7 @@ in
         sed -i 's/'"$replace_what"'/'"$replace_with"'/g' ${cfg.baseDir}/zookeeper/bin/zk*.sh
       '';
     };
-    users.users = singleton {
+    users.users.zookeeper = {
-      name = "zookeeper";
       uid = config.ids.uids.zookeeper;
       description = "Zookeeper daemon user";
       home = cfg.baseDir;

nixos/modules/services/misc/felix.nix

@@ -47,14 +47,10 @@ in
   ###### implementation
 
   config = mkIf cfg.enable {
-    users.groups = singleton
+    users.groups.osgi.gid = config.ids.gids.osgi;
-      { name = "osgi";
-        gid = config.ids.gids.osgi;
-      };
 
-    users.users = singleton
+    users.users.osgi =
-      { name = "osgi";
+      { uid = config.ids.uids.osgi;
-        uid = config.ids.uids.osgi;
         description = "OSGi user";
         home = "/homeless-shelter";
       };

nixos/modules/services/misc/folding-at-home.nix

@@ -42,9 +42,8 @@ in {
 
   config = mkIf cfg.enable {
 
-    users.users = singleton
+    users.users.${fahUser} =
-      { name = fahUser;
+      { uid = config.ids.uids.foldingathome;
-        uid = config.ids.uids.foldingathome;
         description = "Folding@Home user";
         home = stateDir;
       };

nixos/modules/services/misc/gitlab.nix

@@ -633,20 +633,14 @@ in {
     # Use postfix to send out mails.
     services.postfix.enable = mkDefault true;
 
-    users.users = [
+    users.users.${cfg.user} =
-      { name = cfg.user;
+      { group = cfg.group;
-        group = cfg.group;
         home = "${cfg.statePath}/home";
         shell = "${pkgs.bash}/bin/bash";
         uid = config.ids.uids.gitlab;
-      }
+      };
-    ];
 
-    users.groups = [
+    users.groups.${cfg.group}.gid = config.ids.gids.gitlab;
-      { name = cfg.group;
-        gid = config.ids.gids.gitlab;
-      }
-    ];
 
     systemd.tmpfiles.rules = [
       "d /run/gitlab 0755 ${cfg.user} ${cfg.group} -"

nixos/modules/services/misc/gpsd.nix

@@ -86,17 +86,13 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = singleton
+    users.users.gpsd =
-      { name = "gpsd";
+      { inherit uid;
-        inherit uid;
         description = "gpsd daemon user";
         home = "/var/empty";
       };
 
-    users.groups = singleton
+    users.groups.gpsd = { inherit gid; };
-      { name = "gpsd";
-        inherit gid;
-      };
 
     systemd.services.gpsd = {
       description = "GPSD daemon";

nixos/modules/services/misc/headphones.nix

@@ -59,19 +59,19 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = optionalAttrs (cfg.user == name) (singleton {
+    users.users = optionalAttrs (cfg.user == name) {
-      name = name;
+      ${name} = {
         uid = config.ids.uids.headphones;
         group = cfg.group;
         description = "headphones user";
         home = cfg.dataDir;
         createHome = true;
-    });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == name) (singleton {
+    users.groups = optionalAttrs (cfg.group == name) {
-      name = name;
+      ${name}.gid = config.ids.gids.headphones;
-      gid = config.ids.gids.headphones;
+    };
-    });
 
     systemd.services.headphones = {
         description = "Headphones Server";

nixos/modules/services/misc/matrix-synapse.nix

@@ -657,19 +657,18 @@ in {
   };
 
   config = mkIf cfg.enable {
-    users.users = [
+    users.users.matrix-synapse =
-      { name = "matrix-synapse";
+      { name = "";
         group = "matrix-synapse";
         home = cfg.dataDir;
         createHome = true;
         shell = "${pkgs.bash}/bin/bash";
         uid = config.ids.uids.matrix-synapse;
-      } ];
+      };
 
-    users.groups = [
+    users.groups.matrix-synapse = {
-      { name = "matrix-synapse";
       gid = config.ids.gids.matrix-synapse;
-      } ];
+    };
 
     services.postgresql = mkIf (usePostgresql && cfg.create_local_database) {
       enable = mkDefault true;

nixos/modules/services/misc/mediatomb.nix

@@ -266,19 +266,19 @@ in {
       serviceConfig.User = "${cfg.user}";
     };
 
-    users.groups = optionalAttrs (cfg.group == "mediatomb") (singleton {
+    users.groups = optionalAttrs (cfg.group == "mediatomb") {
-      name = "mediatomb";
+      mediatomb.gid = gid;
-      gid = gid;
+    };
-    });
 
-    users.users = optionalAttrs (cfg.user == "mediatomb") (singleton {
+    users.users = optionalAttrs (cfg.user == "mediatomb") {
-      name = "mediatomb";
+      mediatomb = {
         isSystemUser = true;
         group = cfg.group;
         home = "${cfg.dataDir}";
         createHome = true;
         description = "Mediatomb DLNA Server User";
-    });
+      };
+    };
 
     networking.firewall = {
       allowedUDPPorts = [ 1900 cfg.port ];

nixos/modules/services/misc/nix-daemon.nix

@@ -12,8 +12,9 @@ let
 
   isNix23 = versionAtLeast nixVersion "2.3pre";
 
-  makeNixBuildUser = nr:
+  makeNixBuildUser = nr: {
-    { name = "nixbld${toString nr}";
+    name  = "nixbld${toString nr}";
+    value = {
       description = "Nix build user ${toString nr}";
 
       /* For consistency with the setgid(2), setuid(2), and setgroups(2)
@@ -23,8 +24,9 @@ let
       group = "nixbld";
       extraGroups = [ "nixbld" ];
     };
+  };
 
-  nixbldUsers = map makeNixBuildUser (range 1 cfg.nrBuildUsers);
+  nixbldUsers = listToAttrs (map makeNixBuildUser (range 1 cfg.nrBuildUsers));
 
   nixConf =
     assert versionAtLeast nixVersion "2.2";
@@ -445,7 +447,7 @@ in
 
     users.users = nixbldUsers;
 
-    services.xserver.displayManager.hiddenUsers = map ({ name, ... }: name) nixbldUsers;
+    services.xserver.displayManager.hiddenUsers = attrNames nixbldUsers;
 
     system.activationScripts.nix = stringAfter [ "etc" "users" ]
       ''

nixos/modules/services/misc/octoprint.nix

@@ -86,16 +86,16 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = optionalAttrs (cfg.user == "octoprint") (singleton
+    users.users = optionalAttrs (cfg.user == "octoprint") {
-      { name = "octoprint";
+      octoprint = {
         group = cfg.group;
         uid = config.ids.uids.octoprint;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "octoprint") (singleton
+    users.groups = optionalAttrs (cfg.group == "octoprint") {
-      { name = "octoprint";
+      octoprint.gid = config.ids.gids.octoprint;
-        gid = config.ids.gids.octoprint;
+    };
-      });
 
     systemd.tmpfiles.rules = [
       "d '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -"

nixos/modules/services/misc/redmine.nix

@@ -367,17 +367,17 @@ in
 
     };
 
-    users.users = optionalAttrs (cfg.user == "redmine") (singleton
+    users.users = optionalAttrs (cfg.user == "redmine") {
-      { name = "redmine";
+      redmine = {
         group = cfg.group;
         home = cfg.stateDir;
         uid = config.ids.uids.redmine;
-      });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == "redmine") (singleton
+    users.groups = optionalAttrs (cfg.group == "redmine") {
-      { name = "redmine";
+      redmine.gid = config.ids.gids.redmine;
-        gid = config.ids.gids.redmine;
+    };
-      });
 
     warnings = optional (cfg.database.password != "")
       ''config.services.redmine.database.password will be stored as plaintext

nixos/modules/services/misc/ripple-data-api.nix

@@ -185,9 +185,8 @@ in {
       ];
     };
 
-    users.users = singleton
+    users.users.ripple-data-api =
-      { name = "ripple-data-api";
+      { description = "Ripple data api user";
-        description = "Ripple data api user";
         uid = config.ids.uids.ripple-data-api;
       };
   };

nixos/modules/services/misc/rippled.nix

@@ -406,9 +406,8 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = singleton
+    users.users.rippled =
-      { name = "rippled";
+      { description = "Ripple server user";
-        description = "Ripple server user";
         uid = config.ids.uids.rippled;
         home = cfg.databasePath;
         createHome = true;

nixos/modules/services/misc/serviio.nix

@@ -63,20 +63,15 @@ in {
       };
     };
 
-    users.users = [
+    users.users.serviio =
-      {
+      { group = "serviio";
-        name = "serviio";
-        group = "serviio";
         home = cfg.dataDir;
         description = "Serviio Media Server User";
         createHome = true;
         isSystemUser = true;
-      }
+      };
-    ];
 
-    users.groups = [
+    users.groups.serviio = { };
-      { name = "serviio";}
-    ];
 
     networking.firewall = {
       allowedTCPPorts = [

nixos/modules/services/misc/sickbeard.nix

@@ -63,19 +63,19 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = optionalAttrs (cfg.user == name) (singleton {
+    users.users = optionalAttrs (cfg.user == name) {
-      name = name;
+      ${name} = {
         uid = config.ids.uids.sickbeard;
         group = cfg.group;
         description = "sickbeard user";
         home = cfg.dataDir;
         createHome = true;
-    });
+      };
+    };
 
-    users.groups = optionalAttrs (cfg.group == name) (singleton {
+    users.groups = optionalAttrs (cfg.group == name) {
-      name = name;
+      ${name}.gid = config.ids.gids.sickbeard;
-      gid = config.ids.gids.sickbeard;
+    };
-    });
 
     systemd.services.sickbeard = {
       description = "Sickbeard Server";

nixos/modules/services/misc/siproxd.nix

@@ -161,8 +161,7 @@ in
 
   config = mkIf cfg.enable {
 
-    users.users = singleton {
+    users.users.siproxyd = {
-      name = "siproxyd";
       uid = config.ids.uids.siproxd;
     };
 

nixos/modules/services/misc/taskserver/default.nix

@@ -368,16 +368,16 @@ in {
     (mkIf cfg.enable {
       environment.systemPackages = [ nixos-taskserver ];
 
-      users.users = optional (cfg.user == "taskd") {
+      users.users = optionalAttrs (cfg.user == "taskd") {
-        name = "taskd";
+        taskd = {
           uid = config.ids.uids.taskd;
           description = "Taskserver user";
           group = cfg.group;
         };
+      };
 
-      users.groups = optional (cfg.group == "taskd") {
+      users.groups = optionalAttrs (cfg.group == "taskd") {
-        name = "taskd";
+        taskd.gid = config.ids.gids.taskd;
-        gid = config.ids.gids.taskd;
       };
 
       services.taskserver.config = {

nixos/modules/services/misc/uhub.nix

@@ -161,14 +161,8 @@ in
   config = mkIf cfg.enable {
 
     users = {
-      users = singleton {
+      users.uhub.uid = config.ids.uids.uhub;
-        name = "uhub";
+      groups.uhub.gid = config.ids.gids.uhub;
-        uid = config.ids.uids.uhub;
-      };
-      groups = singleton {
-        name = "uhub";
-        gid = config.ids.gids.uhub;
-      };
     };
 
     systemd.services.uhub = {

nixos/modules/services/misc/zookeeper.nix

@@ -146,8 +146,7 @@ in {
       '';
     };
 
-    users.users = singleton {
+    users.users.zookeeper = {
-      name = "zookeeper";
       uid = config.ids.uids.zookeeper;
       description = "Zookeeper daemon user";
       home = cfg.dataDir;

nixos/modules/services/monitoring/collectd.nix

@@ -129,9 +129,10 @@ in {
       };
     };
 
-    users.users = optional (cfg.user == "collectd") {
+    users.users = optionalAttrs (cfg.user == "collectd") {
-      name = "collectd";
+      collectd = {
         isSystemUser = true;
       };
     };
+  };
 }

nixos/modules/services/monitoring/datadog-agent.nix

@@ -22,9 +22,9 @@ let
   # Generate Datadog configuration files for each configured checks.
   # This works because check configurations have predictable paths,
   # and because JSON is a valid subset of YAML.
-  makeCheckConfigs = entries: mapAttrsToList (name: conf: {
+  makeCheckConfigs = entries: mapAttrs' (name: conf: {
-    source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
+    name = "datadog-agent/conf.d/${name}.d/conf.yaml";
-    target = "datadog-agent/conf.d/${name}.d/conf.yaml";
+    value.source = pkgs.writeText "${name}-check-conf.yaml" (builtins.toJSON conf);
   }) entries;
 
   defaultChecks = {
@@ -34,10 +34,11 @@ let
 
   # Assemble all check configurations and the top-level agent
   # configuration.
-  etcfiles = with pkgs; with builtins; [{
+  etcfiles = with pkgs; with builtins;
+  { "datadog-agent/datadog.yaml" = {
       source = writeText "datadog.yaml" (toJSON ddConf);
-    target = "datadog-agent/datadog.yaml";
+    };
-  }] ++ makeCheckConfigs (cfg.checks // defaultChecks);
+  } // makeCheckConfigs (cfg.checks // defaultChecks);
 
   # Apply the configured extraIntegrations to the provided agent
   # package. See the documentation of `dd-agent/integrations-core.nix`
@@ -204,7 +205,7 @@ in {
   config = mkIf cfg.enable {
     environment.systemPackages = [ datadogPkg pkgs.sysstat pkgs.procps pkgs.iproute ];
 
-    users.extraUsers.datadog = {
+    users.users.datadog = {
       description = "Datadog Agent User";
       uid = config.ids.uids.datadog;
       group = "datadog";
@@ -212,7 +213,7 @@ in {
       createHome = true;
     };
 
-    users.extraGroups.datadog.gid = config.ids.gids.datadog;
+    users.groups.datadog.gid = config.ids.gids.datadog;
 
     systemd.services = let
       makeService = attrs: recursiveUpdate {
@@ -224,7 +225,7 @@ in {
           Restart = "always";
           RestartSec = 2;
         };
-        restartTriggers = [ datadogPkg ] ++ map (etc: etc.source) etcfiles;
+        restartTriggers = [ datadogPkg ] ++ attrNames etcfiles;
       } attrs;
     in {
       datadog-agent = makeService {