NixOS Update: Module Argument Refactoring, NIX_PATH Changes, and Package Improvements

- The Nix expression search path (`NIX_PATH`) no longer contains `/etc/nixos/nixpkgs` by default. You can override `NIX_PATH` by setting `nix.nixPath`. - Python 2.6 has been marked as broken (as it no longer receives security updates from upstream). - Any use of module arguments such as `pkgs` to access library functions, or to define `imports` attributes will now lead to an infinite loop at the time of the evaluation. In case of an infinite loop, use the `--show-trace` command line argument and read the line just above the error message. ```ShellSession $ nixos-rebuild build --show-trace … while evaluating the module argument `pkgs' in "/etc/nixos/my-module.nix": infinite recursion encountered ``` Any use of `pkgs.lib`, should be replaced by `lib`, after adding it as argument of the module. The following module ```nix { config, pkgs, ... }: with pkgs.lib; { options = { foo = mkOption { # … }; }; config = mkIf config.foo { # … }; } ``` should be modified to look like: ```nix { config, pkgs, lib, ... }: with lib; { options = { foo = mkOption { # option declaration }; }; config = mkIf config.foo { # option definition }; } ``` When `pkgs` is used to download other projects to import their modules, and only in such cases, it should be replaced by `(import <nixpkgs> {})`. The following module ```nix { config, pkgs, ... }: let myProject = pkgs.fetchurl { src = url; sha256 = hash; }; in { imports = [ "${myProject}/module.nix" ]; } ``` should be modified to look like: ```nix { config, pkgs, ... }: let myProject = (import <nixpkgs> { }).fetchurl { src = url; sha256 = hash; }; in { imports = [ "${myProject}/module.nix" ]; } ``` Other notable improvements: - The nixos and nixpkgs channels were unified, so one _can_ use `nix-env -iA nixos.bash` instead of `nix-env -iA nixos.pkgs.bash`. See [the commit](https://github.com/NixOS/nixpkgs/commit/2cd7c1f198) for details. - Users running an SSH server who worry about the quality of their `/etc/ssh/moduli` file with respect to the [vulnerabilities discovered in the Diffie-Hellman key exchange](https://stribika.github.io/2015/01/04/secure-secure-shell.html) can now replace OpenSSH's default version with one they generated themselves using the new `services.openssh.moduliFile` option. - A newly packaged TeX Live 2015 is provided in `pkgs.texlive`, split into 6500 nix packages. For basic user documentation see [the source](https://github.com/NixOS/nixpkgs/blob/release-15.09/pkgs/tools/typesetting/tex/texlive/default.nix#L1). Beware of [an issue](https://github.com/NixOS/nixpkgs/issues/9757) when installing a too large package set. The plan is to deprecate and maybe delete the original TeX packages until the next release. - `buildEnv.env` on all Python interpreters is now available for nix-shell interoperability.

This chunk outlines several significant updates and breaking changes in NixOS. The `NIX_PATH` no longer includes `/etc/nixos/nixpkgs` by default, and Python 2.6 is now marked as broken. A crucial change to module evaluation means that directly using `pkgs` as a module argument to access library functions (e.g., `pkgs.lib`) or define `imports` from fetched projects will cause infinite loops; users must now explicitly add `lib` as a module argument for library functions, and use `(import <nixpkgs> {})` when fetching projects for imports. Other notable improvements include the unification of `nixos` and `nixpkgs` channels, a new `services.openssh.moduliFile` option for custom Diffie-Hellman moduli, the introduction of TeX Live 2015 (replacing older TeX packages), and `buildEnv.env` availability for Python interpreters in `nix-shell`.