Merge branch 'master' into update-internetarchive

51 files changed, 2716 insertions, 1097 deletions

diff --git a/lib/attrsets.nix b/lib/attrsets.nix
index 34054460ba761..de5968b953485 100644
--- a/lib/attrsets.nix
+++ b/lib/attrsets.nix
@@ -1,4 +1,6 @@
-/* Operations on attribute sets. */
+/**
+  Operations on attribute sets.
+*/
 { lib }:
 
 let
@@ -12,35 +14,57 @@ rec {
   inherit (builtins) attrNames listToAttrs hasAttr isAttrs getAttr removeAttrs;
 
 
-  /* Return an attribute from nested attribute sets.
+  /**
+    Return an attribute from nested attribute sets.
+
+    Nix has an [attribute selection operator `. or`](https://nixos.org/manual/nix/stable/language/operators#attribute-selection) which is sufficient for such queries, as long as the number of attributes is static. For example:
+
+    ```nix
+    (x.a.b or 6) == attrByPath ["a" "b"] 6 x
+    # and
+    (x.${f p}."example.com" or 6) == attrByPath [ (f p) "example.com" ] 6 x
+    ```
+
 
-     Nix has an [attribute selection operator `. or`](https://nixos.org/manual/nix/stable/language/operators#attribute-selection) which is sufficient for such queries, as long as the number of attributes is static. For example:
+    # Inputs
 
-     ```nix
-     (x.a.b or 6) == attrByPath ["a" "b"] 6 x
-     # and
-     (x.${f p}."example.com" or 6) == attrByPath [ (f p) "example.com" ] 6 x
-     ```
+    `attrPath`
 
-     Example:
-       x = { a = { b = 3; }; }
-       # ["a" "b"] is equivalent to x.a.b
-       # 6 is a default value to return if the path does not exist in attrset
-       attrByPath ["a" "b"] 6 x
-       => 3
-       attrByPath ["z" "z"] 6 x
-       => 6
+    : A list of strings representing the attribute path to return from `set`
 
-     Type:
-       attrByPath :: [String] -> Any -> AttrSet -> Any
+    `default`
+
+    : Default value if `attrPath` does not resolve to an existing value
+
+    `set`
+
+    : The nested attribute set to select values from
+
+    # Type
 
+    ```
+    attrByPath :: [String] -> Any -> AttrSet -> Any
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.attrByPath` usage example
+
+    ```nix
+    x = { a = { b = 3; }; }
+    # ["a" "b"] is equivalent to x.a.b
+    # 6 is a default value to return if the path does not exist in attrset
+    attrByPath ["a" "b"] 6 x
+    => 3
+    attrByPath ["z" "z"] 6 x
+    => 6
+    ```
+
+    :::
   */
   attrByPath =
-    # A list of strings representing the attribute path to return from `set`
     attrPath:
-    # Default value if `attrPath` does not resolve to an existing value
     default:
-    # The nested attribute set to select values from
     set:
     let
       lenAttrPath = length attrPath;
@@ -57,37 +81,57 @@ rec {
     in
       attrByPath' 0 set;
 
-  /* Return if an attribute from nested attribute set exists.
+  /**
+    Return if an attribute from nested attribute set exists.
+
+    Nix has a [has attribute operator `?`](https://nixos.org/manual/nix/stable/language/operators#has-attribute), which is sufficient for such queries, as long as the number of attributes is static. For example:
 
-     Nix has a [has attribute operator `?`](https://nixos.org/manual/nix/stable/language/operators#has-attribute), which is sufficient for such queries, as long as the number of attributes is static. For example:
+    ```nix
+    (x?a.b) == hasAttryByPath ["a" "b"] x
+    # and
+    (x?${f p}."example.com") == hasAttryByPath [ (f p) "example.com" ] x
+    ```
+
+    **Laws**:
+     1.  ```nix
+         hasAttrByPath [] x == true
+         ```
+
+
+    # Inputs
 
-     ```nix
-     (x?a.b) == hasAttryByPath ["a" "b"] x
-     # and
-     (x?${f p}."example.com") == hasAttryByPath [ (f p) "example.com" ] x
-     ```
+    `attrPath`
 
-     **Laws**:
-      1.  ```nix
-          hasAttrByPath [] x == true
-          ```
+    : A list of strings representing the attribute path to check from `set`
 
-     Example:
-       x = { a = { b = 3; }; }
-       hasAttrByPath ["a" "b"] x
-       => true
-       hasAttrByPath ["z" "z"] x
-       => false
-       hasAttrByPath [] (throw "no need")
-       => true
+    `e`
 
-    Type:
-      hasAttrByPath :: [String] -> AttrSet -> Bool
+    : The nested attribute set to check
+
+    # Type
+
+    ```
+    hasAttrByPath :: [String] -> AttrSet -> Bool
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.hasAttrByPath` usage example
+
+    ```nix
+    x = { a = { b = 3; }; }
+    hasAttrByPath ["a" "b"] x
+    => true
+    hasAttrByPath ["z" "z"] x
+    => false
+    hasAttrByPath [] (throw "no need")
+    => true
+    ```
+
+    :::
   */
   hasAttrByPath =
-    # A list of strings representing the attribute path to check from `set`
     attrPath:
-    # The nested attribute set to check
     e:
     let
       lenAttrPath = length attrPath;
@@ -103,7 +147,7 @@ rec {
     in
       hasAttrByPath' 0 e;
 
-  /*
+  /**
     Return the longest prefix of an attribute path that refers to an existing attribute in a nesting of attribute sets.
 
     Can be used after [`mapAttrsRecursiveCond`](#function-library-lib.attrsets.mapAttrsRecursiveCond) to apply a condition,
@@ -120,24 +164,43 @@ rec {
         hasAttrByPath (attrsets.longestValidPathPrefix p x) x == true
         ```
 
-    Example:
-      x = { a = { b = 3; }; }
-      attrsets.longestValidPathPrefix ["a" "b" "c"] x
-      => ["a" "b"]
-      attrsets.longestValidPathPrefix ["a"] x
-      => ["a"]
-      attrsets.longestValidPathPrefix ["z" "z"] x
-      => []
-      attrsets.longestValidPathPrefix ["z" "z"] (throw "no need")
-      => []
-
-    Type:
-      attrsets.longestValidPathPrefix :: [String] -> Value -> [String]
+
+    # Inputs
+
+    `attrPath`
+
+    : A list of strings representing the longest possible path that may be returned.
+
+    `v`
+
+    : The nested attribute set to check.
+
+    # Type
+
+    ```
+    attrsets.longestValidPathPrefix :: [String] -> Value -> [String]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.longestValidPathPrefix` usage example
+
+    ```nix
+    x = { a = { b = 3; }; }
+    attrsets.longestValidPathPrefix ["a" "b" "c"] x
+    => ["a" "b"]
+    attrsets.longestValidPathPrefix ["a"] x
+    => ["a"]
+    attrsets.longestValidPathPrefix ["z" "z"] x
+    => []
+    attrsets.longestValidPathPrefix ["z" "z"] (throw "no need")
+    => []
+    ```
+
+    :::
   */
   longestValidPathPrefix =
-    # A list of strings representing the longest possible path that may be returned.
     attrPath:
-    # The nested attribute set to check.
     v:
     let
       lenAttrPath = length attrPath;
@@ -168,19 +231,39 @@ rec {
     in
       getPrefixForSetAtIndex v 0;
 
-  /* Create a new attribute set with `value` set at the nested attribute location specified in `attrPath`.
+  /**
+    Create a new attribute set with `value` set at the nested attribute location specified in `attrPath`.
+
 
-     Example:
-       setAttrByPath ["a" "b"] 3
-       => { a = { b = 3; }; }
+    # Inputs
 
-     Type:
-       setAttrByPath :: [String] -> Any -> AttrSet
+    `attrPath`
+
+    : A list of strings representing the attribute path to set
+
+    `value`
+
+    : The value to set at the location described by `attrPath`
+
+    # Type
+
+    ```
+    setAttrByPath :: [String] -> Any -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.setAttrByPath` usage example
+
+    ```nix
+    setAttrByPath ["a" "b"] 3
+    => { a = { b = 3; }; }
+    ```
+
+    :::
   */
   setAttrByPath =
-    # A list of strings representing the attribute path to set
     attrPath:
-    # The value to set at the location described by `attrPath`
     value:
     let
       len = length attrPath;
@@ -190,47 +273,89 @@ rec {
         else { ${elemAt attrPath n} = atDepth (n + 1); };
     in atDepth 0;
 
-  /* Like `attrByPath`, but without a default value. If it doesn't find the
-     path it will throw an error.
+  /**
+    Like `attrByPath`, but without a default value. If it doesn't find the
+    path it will throw an error.
 
-     Nix has an [attribute selection operator](https://nixos.org/manual/nix/stable/language/operators#attribute-selection) which is sufficient for such queries, as long as the number of attributes is static. For example:
+    Nix has an [attribute selection operator](https://nixos.org/manual/nix/stable/language/operators#attribute-selection) which is sufficient for such queries, as long as the number of attributes is static. For example:
 
     ```nix
-     x.a.b == getAttrByPath ["a" "b"] x
-     # and
-     x.${f p}."example.com" == getAttrByPath [ (f p) "example.com" ] x
-     ```
-
-     Example:
-       x = { a = { b = 3; }; }
-       getAttrFromPath ["a" "b"] x
-       => 3
-       getAttrFromPath ["z" "z"] x
-       => error: cannot find attribute `z.z'
-
-     Type:
-       getAttrFromPath :: [String] -> AttrSet -> Any
+    x.a.b == getAttrByPath ["a" "b"] x
+    # and
+    x.${f p}."example.com" == getAttrByPath [ (f p) "example.com" ] x
+    ```
+
+
+    # Inputs
+
+    `attrPath`
+
+    : A list of strings representing the attribute path to get from `set`
+
+    `set`
+
+    : The nested attribute set to find the value in.
+
+    # Type
+
+    ```
+    getAttrFromPath :: [String] -> AttrSet -> Any
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getAttrFromPath` usage example
+
+    ```nix
+    x = { a = { b = 3; }; }
+    getAttrFromPath ["a" "b"] x
+    => 3
+    getAttrFromPath ["z" "z"] x
+    => error: cannot find attribute `z.z'
+    ```
+
+    :::
   */
   getAttrFromPath =
-    # A list of strings representing the attribute path to get from `set`
     attrPath:
-    # The nested attribute set to find the value in.
     set:
     attrByPath attrPath (abort ("cannot find attribute `" + concatStringsSep "." attrPath + "'")) set;
 
-  /* Map each attribute in the given set and merge them into a new attribute set.
+  /**
+    Map each attribute in the given set and merge them into a new attribute set.
+
+
+    # Inputs
 
-     Type:
-       concatMapAttrs :: (String -> a -> AttrSet) -> AttrSet -> AttrSet
+    `f`
 
-     Example:
-       concatMapAttrs
-         (name: value: {
-           ${name} = value;
-           ${name + value} = value;
-         })
-         { x = "a"; y = "b"; }
-       => { x = "a"; xa = "a"; y = "b"; yb = "b"; }
+    : 1\. Function argument
+
+    `v`
+
+    : 2\. Function argument
+
+    # Type
+
+    ```
+    concatMapAttrs :: (String -> a -> AttrSet) -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.concatMapAttrs` usage example
+
+    ```nix
+    concatMapAttrs
+      (name: value: {
+        ${name} = value;
+        ${name + value} = value;
+      })
+      { x = "a"; y = "b"; }
+    => { x = "a"; xa = "a"; y = "b"; yb = "b"; }
+    ```
+
+    :::
   */
   concatMapAttrs = f: v:
     foldl' mergeAttrs { }
@@ -239,49 +364,61 @@ rec {
       );
 
 
-  /* Update or set specific paths of an attribute set.
-
-     Takes a list of updates to apply and an attribute set to apply them to,
-     and returns the attribute set with the updates applied. Updates are
-     represented as `{ path = ...; update = ...; }` values, where `path` is a
-     list of strings representing the attribute path that should be updated,
-     and `update` is a function that takes the old value at that attribute path
-     as an argument and returns the new
-     value it should be.
-
-     Properties:
-
-     - Updates to deeper attribute paths are applied before updates to more
-       shallow attribute paths
-
-     - Multiple updates to the same attribute path are applied in the order
-       they appear in the update list
-
-     - If any but the last `path` element leads into a value that is not an
-       attribute set, an error is thrown
-
-     - If there is an update for an attribute path that doesn't exist,
-       accessing the argument in the update function causes an error, but
-       intermediate attribute sets are implicitly created as needed
-
-     Example:
-       updateManyAttrsByPath [
-         {
-           path = [ "a" "b" ];
-           update = old: { d = old.c; };
-         }
-         {
-           path = [ "a" "b" "c" ];
-           update = old: old + 1;
-         }
-         {
-           path = [ "x" "y" ];
-           update = old: "xy";
-         }
-       ] { a.b.c = 0; }
-       => { a = { b = { d = 1; }; }; x = { y = "xy"; }; }
-
-    Type: updateManyAttrsByPath :: [{ path :: [String]; update :: (Any -> Any); }] -> AttrSet -> AttrSet
+  /**
+    Update or set specific paths of an attribute set.
+
+    Takes a list of updates to apply and an attribute set to apply them to,
+    and returns the attribute set with the updates applied. Updates are
+    represented as `{ path = ...; update = ...; }` values, where `path` is a
+    list of strings representing the attribute path that should be updated,
+    and `update` is a function that takes the old value at that attribute path
+    as an argument and returns the new
+    value it should be.
+
+    Properties:
+
+    - Updates to deeper attribute paths are applied before updates to more
+      shallow attribute paths
+
+    - Multiple updates to the same attribute path are applied in the order
+      they appear in the update list
+
+    - If any but the last `path` element leads into a value that is not an
+      attribute set, an error is thrown
+
+    - If there is an update for an attribute path that doesn't exist,
+      accessing the argument in the update function causes an error, but
+      intermediate attribute sets are implicitly created as needed
+
+    # Type
+
+    ```
+    updateManyAttrsByPath :: [{ path :: [String]; update :: (Any -> Any); }] -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.updateManyAttrsByPath` usage example
+
+    ```nix
+    updateManyAttrsByPath [
+      {
+        path = [ "a" "b" ];
+        update = old: { d = old.c; };
+      }
+      {
+        path = [ "a" "b" "c" ];
+        update = old: old + 1;
+      }
+      {
+        path = [ "x" "y" ];
+        update = old: "xy";
+      }
+    ] { a.b.c = 0; }
+    => { a = { b = { d = 1; }; }; x = { y = "xy"; }; }
+    ```
+
+    :::
   */
   updateManyAttrsByPath = let
     # When recursing into attributes, instead of updating the `path` of each
@@ -342,96 +479,208 @@ rec {
 
   in updates: value: go 0 true value updates;
 
-  /* Return the specified attributes from a set.
+  /**
+    Return the specified attributes from a set.
+
+
+    # Inputs
+
+    `nameList`
+
+    : The list of attributes to fetch from `set`. Each attribute name must exist on the attrbitue set
 
-     Example:
-       attrVals ["a" "b" "c"] as
-       => [as.a as.b as.c]
+    `set`
 
-     Type:
-       attrVals :: [String] -> AttrSet -> [Any]
+    : The set to get attribute values from
+
+    # Type
+
+    ```
+    attrVals :: [String] -> AttrSet -> [Any]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.attrVals` usage example
+
+    ```nix
+    attrVals ["a" "b" "c"] as
+    => [as.a as.b as.c]
+    ```
+
+    :::
   */
   attrVals =
-    # The list of attributes to fetch from `set`. Each attribute name must exist on the attrbitue set
     nameList:
-    # The set to get attribute values from
     set: map (x: set.${x}) nameList;
 
 
-  /* Return the values of all attributes in the given set, sorted by
-     attribute name.
+  /**
+    Return the values of all attributes in the given set, sorted by
+    attribute name.
 
-     Example:
-       attrValues {c = 3; a = 1; b = 2;}
-       => [1 2 3]
+    # Type
 
-     Type:
-       attrValues :: AttrSet -> [Any]
+    ```
+    attrValues :: AttrSet -> [Any]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.attrValues` usage example
+
+    ```nix
+    attrValues {c = 3; a = 1; b = 2;}
+    => [1 2 3]
+    ```
+
+    :::
   */
   attrValues = builtins.attrValues;
 
 
-  /* Given a set of attribute names, return the set of the corresponding
-     attributes from the given set.
+  /**
+    Given a set of attribute names, return the set of the corresponding
+    attributes from the given set.
+
+
+    # Inputs
+
+    `names`
 
-     Example:
-       getAttrs [ "a" "b" ] { a = 1; b = 2; c = 3; }
-       => { a = 1; b = 2; }
+    : A list of attribute names to get out of `set`
 
-     Type:
-       getAttrs :: [String] -> AttrSet -> AttrSet
+    `attrs`
+
+    : The set to get the named attributes from
+
+    # Type
+
+    ```
+    getAttrs :: [String] -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getAttrs` usage example
+
+    ```nix
+    getAttrs [ "a" "b" ] { a = 1; b = 2; c = 3; }
+    => { a = 1; b = 2; }
+    ```
+
+    :::
   */
   getAttrs =
-    # A list of attribute names to get out of `set`
     names:
-    # The set to get the named attributes from
     attrs: genAttrs names (name: attrs.${name});
 
-  /* Collect each attribute named `attr` from a list of attribute
-     sets.  Sets that don't contain the named attribute are ignored.
+  /**
+    Collect each attribute named `attr` from a list of attribute
+    sets.  Sets that don't contain the named attribute are ignored.
+
+    # Inputs
+
+    `attr`
+
+    : The attribute name to get out of the sets.
 
-     Example:
-       catAttrs "a" [{a = 1;} {b = 0;} {a = 2;}]
-       => [1 2]
+    `list`
 
-     Type:
-       catAttrs :: String -> [AttrSet] -> [Any]
+    : The list of attribute sets to go through
+
+    # Type
+
+    ```
+    catAttrs :: String -> [AttrSet] -> [Any]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.catAttrs` usage example
+
+    ```nix
+    catAttrs "a" [{a = 1;} {b = 0;} {a = 2;}]
+    => [1 2]
+    ```
+
+    :::
   */
   catAttrs = builtins.catAttrs;
 
 
-  /* Filter an attribute set by removing all attributes for which the
-     given predicate return false.
+  /**
+    Filter an attribute set by removing all attributes for which the
+    given predicate return false.
+
+
+    # Inputs
+
+    `pred`
 
-     Example:
-       filterAttrs (n: v: n == "foo") { foo = 1; bar = 2; }
-       => { foo = 1; }
+    : Predicate taking an attribute name and an attribute value, which returns `true` to include the attribute, or `false` to exclude the attribute.
 
-     Type:
-       filterAttrs :: (String -> Any -> Bool) -> AttrSet -> AttrSet
+    `set`
+
+    : The attribute set to filter
+
+    # Type
+
+    ```
+    filterAttrs :: (String -> Any -> Bool) -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.filterAttrs` usage example
+
+    ```nix
+    filterAttrs (n: v: n == "foo") { foo = 1; bar = 2; }
+    => { foo = 1; }
+    ```
+
+    :::
   */
   filterAttrs =
-    # Predicate taking an attribute name and an attribute value, which returns `true` to include the attribute, or `false` to exclude the attribute.
     pred:
-    # The attribute set to filter
     set:
     listToAttrs (concatMap (name: let v = set.${name}; in if pred name v then [(nameValuePair name v)] else []) (attrNames set));
 
 
-  /* Filter an attribute set recursively by removing all attributes for
-     which the given predicate return false.
+  /**
+    Filter an attribute set recursively by removing all attributes for
+    which the given predicate return false.
+
+
+    # Inputs
+
+    `pred`
+
+    : Predicate taking an attribute name and an attribute value, which returns `true` to include the attribute, or `false` to exclude the attribute.
+
+    `set`
+
+    : The attribute set to filter
+
+    # Type
+
+    ```
+    filterAttrsRecursive :: (String -> Any -> Bool) -> AttrSet -> AttrSet
+    ```
 
-     Example:
-       filterAttrsRecursive (n: v: v != null) { foo = { bar = null; }; }
-       => { foo = {}; }
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.filterAttrsRecursive` usage example
 
-     Type:
-       filterAttrsRecursive :: (String -> Any -> Bool) -> AttrSet -> AttrSet
+    ```nix
+    filterAttrsRecursive (n: v: v != null) { foo = { bar = null; }; }
+    => { foo = {}; }
+    ```
+
+    :::
   */
   filterAttrsRecursive =
-    # Predicate taking an attribute name and an attribute value, which returns `true` to include the attribute, or `false` to exclude the attribute.
     pred:
-    # The attribute set to filter
     set:
     listToAttrs (
       concatMap (name:
@@ -445,59 +694,84 @@ rec {
       ) (attrNames set)
     );
 
-   /*
+   /**
     Like [`lib.lists.foldl'`](#function-library-lib.lists.foldl-prime) but for attribute sets.
     Iterates over every name-value pair in the given attribute set.
     The result of the callback function is often called `acc` for accumulator. It is passed between callbacks from left to right and the final `acc` is the return value of `foldlAttrs`.
 
     Attention:
-      There is a completely different function
-      `lib.foldAttrs`
-      which has nothing to do with this function, despite the similar name.
-
-    Example:
-      foldlAttrs
-        (acc: name: value: {
-          sum = acc.sum + value;
-          names = acc.names ++ [name];
-        })
-        { sum = 0; names = []; }
-        {
-          foo = 1;
-          bar = 10;
-        }
-      ->
-        {
-          sum = 11;
-          names = ["bar" "foo"];
-        }
-
-      foldlAttrs
-        (throw "function not needed")
-        123
-        {};
-      ->
-        123
-
-      foldlAttrs
-        (acc: _: _: acc)
-        3
-        { z = throw "value not needed"; a = throw "value not needed"; };
-      ->
-        3
-
-      The accumulator doesn't have to be an attrset.
-      It can be as simple as a number or string.
-
-      foldlAttrs
-        (acc: _: v: acc * 10 + v)
-        1
-        { z = 1; a = 2; };
-      ->
-        121
-
-    Type:
-      foldlAttrs :: ( a -> String -> b -> a ) -> a -> { ... :: b } -> a
+
+    There is a completely different function `lib.foldAttrs`
+    which has nothing to do with this function, despite the similar name.
+
+
+    # Inputs
+
+    `f`
+
+    : 1\. Function argument
+
+    `init`
+
+    : 2\. Function argument
+
+    `set`
+
+    : 3\. Function argument
+
+    # Type
+
+    ```
+    foldlAttrs :: ( a -> String -> b -> a ) -> a -> { ... :: b } -> a
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.foldlAttrs` usage example
+
+    ```nix
+    foldlAttrs
+      (acc: name: value: {
+        sum = acc.sum + value;
+        names = acc.names ++ [name];
+      })
+      { sum = 0; names = []; }
+      {
+        foo = 1;
+        bar = 10;
+      }
+    ->
+      {
+        sum = 11;
+        names = ["bar" "foo"];
+      }
+
+    foldlAttrs
+      (throw "function not needed")
+      123
+      {};
+    ->
+      123
+
+    foldlAttrs
+      (acc: _: _: acc)
+      3
+      { z = throw "value not needed"; a = throw "value not needed"; };
+    ->
+      3
+
+    The accumulator doesn't have to be an attrset.
+    It can be as simple as a number or string.
+
+    foldlAttrs
+      (acc: _: v: acc * 10 + v)
+      1
+      { z = 1; a = 2; };
+    ->
+      121
+    ```
+
+    :::
   */
   foldlAttrs = f: init: set:
     foldl'
@@ -505,22 +779,44 @@ rec {
       init
       (attrNames set);
 
-  /* Apply fold functions to values grouped by key.
+  /**
+    Apply fold functions to values grouped by key.
+
+
+    # Inputs
+
+    `op`
+
+    : A function, given a value and a collector combines the two.
+
+    `nul`
+
+    : The starting value.
+
+    `list_of_attrs`
+
+    : A list of attribute sets to fold together by key.
+
+    # Type
+
+    ```
+    foldAttrs :: (Any -> Any -> Any) -> Any -> [AttrSets] -> Any
+    ```
 
-     Example:
-       foldAttrs (item: acc: [item] ++ acc) [] [{ a = 2; } { a = 3; }]
-       => { a = [ 2 3 ]; }
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.foldAttrs` usage example
 
-     Type:
-       foldAttrs :: (Any -> Any -> Any) -> Any -> [AttrSets] -> Any
+    ```nix
+    foldAttrs (item: acc: [item] ++ acc) [] [{ a = 2; } { a = 3; }]
+    => { a = [ 2 3 ]; }
+    ```
 
+    :::
   */
   foldAttrs =
-    # A function, given a value and a collector combines the two.
     op:
-    # The starting value.
     nul:
-    # A list of attribute sets to fold together by key.
     list_of_attrs:
     foldr (n: a:
         foldr (name: o:
@@ -529,26 +825,46 @@ rec {
     ) {} list_of_attrs;
 
 
-  /* Recursively collect sets that verify a given predicate named `pred`
-     from the set `attrs`.  The recursion is stopped when the predicate is
-     verified.
+  /**
+    Recursively collect sets that verify a given predicate named `pred`
+    from the set `attrs`. The recursion is stopped when the predicate is
+    verified.
+
 
-     Example:
-       collect isList { a = { b = ["b"]; }; c = [1]; }
-       => [["b"] [1]]
+    # Inputs
 
-       collect (x: x ? outPath)
-          { a = { outPath = "a/"; }; b = { outPath = "b/"; }; }
-       => [{ outPath = "a/"; } { outPath = "b/"; }]
+    `pred`
+
+    : Given an attribute's value, determine if recursion should stop.
+
+    `attrs`
+
+    : The attribute set to recursively collect.
+
+    # Type
 
-     Type:
-       collect :: (AttrSet -> Bool) -> AttrSet -> [x]
+    ```
+    collect :: (AttrSet -> Bool) -> AttrSet -> [x]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.collect` usage example
+
+    ```nix
+    collect isList { a = { b = ["b"]; }; c = [1]; }
+    => [["b"] [1]]
+
+    collect (x: x ? outPath)
+       { a = { outPath = "a/"; }; b = { outPath = "b/"; }; }
+    => [{ outPath = "a/"; } { outPath = "b/"; }]
+    ```
+
+    :::
   */
   collect =
-  # Given an attribute's value, determine if recursion should stop.
-  pred:
-  # The attribute set to recursively collect.
-  attrs:
+    pred:
+    attrs:
     if pred attrs then
       [ attrs ]
     else if isAttrs attrs then
@@ -556,21 +872,39 @@ rec {
     else
       [];
 
-  /* Return the cartesian product of attribute set value combinations.
-
-    Example:
-      cartesianProductOfSets { a = [ 1 2 ]; b = [ 10 20 ]; }
-      => [
-           { a = 1; b = 10; }
-           { a = 1; b = 20; }
-           { a = 2; b = 10; }
-           { a = 2; b = 20; }
-         ]
-     Type:
-       cartesianProductOfSets :: AttrSet -> [AttrSet]
+  /**
+    Return the cartesian product of attribute set value combinations.
+
+
+    # Inputs
+
+    `attrsOfLists`
+
+    : Attribute set with attributes that are lists of values
+
+    # Type
+
+    ```
+    cartesianProductOfSets :: AttrSet -> [AttrSet]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.cartesianProductOfSets` usage example
+
+    ```nix
+    cartesianProductOfSets { a = [ 1 2 ]; b = [ 10 20 ]; }
+    => [
+         { a = 1; b = 10; }
+         { a = 1; b = 20; }
+         { a = 2; b = 10; }
+         { a = 2; b = 20; }
+       ]
+    ```
+
+    :::
   */
   cartesianProductOfSets =
-    # Attribute set with attributes that are lists of values
     attrsOfLists:
     foldl' (listOfAttrs: attrName:
       concatMap (attrs:
@@ -579,76 +913,155 @@ rec {
     ) [{}] (attrNames attrsOfLists);
 
 
-  /* Utility function that creates a `{name, value}` pair as expected by `builtins.listToAttrs`.
+  /**
+    Utility function that creates a `{name, value}` pair as expected by `builtins.listToAttrs`.
+
+
+    # Inputs
 
-     Example:
-       nameValuePair "some" 6
-       => { name = "some"; value = 6; }
+    `name`
 
-     Type:
-       nameValuePair :: String -> Any -> { name :: String; value :: Any; }
+    : Attribute name
+
+    `value`
+
+    : Attribute value
+
+    # Type
+
+    ```
+    nameValuePair :: String -> Any -> { name :: String; value :: Any; }
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.nameValuePair` usage example
+
+    ```nix
+    nameValuePair "some" 6
+    => { name = "some"; value = 6; }
+    ```
+
+    :::
   */
   nameValuePair =
-    # Attribute name
     name:
-    # Attribute value
     value:
     { inherit name value; };
 
 
-  /* Apply a function to each element in an attribute set, creating a new attribute set.
+  /**
+    Apply a function to each element in an attribute set, creating a new attribute set.
+
+    # Inputs
+
+    `f`
 
-     Example:
-       mapAttrs (name: value: name + "-" + value)
-          { x = "foo"; y = "bar"; }
-       => { x = "x-foo"; y = "y-bar"; }
+    : A function that takes an attribute name and its value, and returns the new value for the attribute.
 
-     Type:
-       mapAttrs :: (String -> Any -> Any) -> AttrSet -> AttrSet
+    `attrset`
+
+    : The attribute set to iterate through.
+
+    # Type
+
+    ```
+    mapAttrs :: (String -> Any -> Any) -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.mapAttrs` usage example
+
+    ```nix
+    mapAttrs (name: value: name + "-" + value)
+       { x = "foo"; y = "bar"; }
+    => { x = "x-foo"; y = "y-bar"; }
+    ```
+
+    :::
   */
   mapAttrs = builtins.mapAttrs;
 
 
-  /* Like `mapAttrs`, but allows the name of each attribute to be
-     changed in addition to the value.  The applied function should
-     return both the new name and value as a `nameValuePair`.
+  /**
+    Like `mapAttrs`, but allows the name of each attribute to be
+    changed in addition to the value.  The applied function should
+    return both the new name and value as a `nameValuePair`.
+
+
+    # Inputs
 
-     Example:
-       mapAttrs' (name: value: nameValuePair ("foo_" + name) ("bar-" + value))
-          { x = "a"; y = "b"; }
-       => { foo_x = "bar-a"; foo_y = "bar-b"; }
+    `f`
 
-     Type:
-       mapAttrs' :: (String -> Any -> { name :: String; value :: Any; }) -> AttrSet -> AttrSet
+    : A function, given an attribute's name and value, returns a new `nameValuePair`.
+
+    `set`
+
+    : Attribute set to map over.
+
+    # Type
+
+    ```
+    mapAttrs' :: (String -> Any -> { name :: String; value :: Any; }) -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.mapAttrs'` usage example
+
+    ```nix
+    mapAttrs' (name: value: nameValuePair ("foo_" + name) ("bar-" + value))
+       { x = "a"; y = "b"; }
+    => { foo_x = "bar-a"; foo_y = "bar-b"; }
+    ```
+
+    :::
   */
   mapAttrs' =
-    # A function, given an attribute's name and value, returns a new `nameValuePair`.
     f:
-    # Attribute set to map over.
     set:
     listToAttrs (map (attr: f attr set.${attr}) (attrNames set));
 
 
-  /* Call a function for each attribute in the given set and return
-     the result in a list.
+  /**
+    Call a function for each attribute in the given set and return
+    the result in a list.
+
+    # Inputs
+
+    `f`
 
-     Example:
-       mapAttrsToList (name: value: name + value)
-          { x = "a"; y = "b"; }
-       => [ "xa" "yb" ]
+    : A function, given an attribute's name and value, returns a new value.
 
-     Type:
-       mapAttrsToList :: (String -> a -> b) -> AttrSet -> [b]
+    `attrs`
 
+    : Attribute set to map over.
+
+    # Type
+
+    ```
+    mapAttrsToList :: (String -> a -> b) -> AttrSet -> [b]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.mapAttrsToList` usage example
+
+    ```nix
+    mapAttrsToList (name: value: name + value)
+       { x = "a"; y = "b"; }
+    => [ "xa" "yb" ]
+    ```
+
+    :::
   */
   mapAttrsToList =
-    # A function, given an attribute's name and value, returns a new value.
     f:
-    # Attribute set to map over.
     attrs:
     map (name: f name attrs.${name}) (attrNames attrs);
 
-  /*
+  /**
     Deconstruct an attrset to a list of name-value pairs as expected by [`builtins.listToAttrs`](https://nixos.org/manual/nix/stable/language/builtins.html#builtins-listToAttrs).
     Each element of the resulting list is an attribute set with these attributes:
     - `name` (string): The name of the attribute
@@ -668,13 +1081,28 @@ rec {
     This is because the `listToAttrs` removes duplicate names and doesn't preserve the order of the list.
     :::
 
-    Example:
-      attrsToList { foo = 1; bar = "asdf"; }
-      => [ { name = "bar"; value = "asdf"; } { name = "foo"; value = 1; } ]
+    # Inputs
+
+    `set`
 
-    Type:
-      attrsToList :: AttrSet -> [ { name :: String; value :: Any; } ]
+    : The attribute set to deconstruct.
+
+    # Type
 
+    ```
+    attrsToList :: AttrSet -> [ { name :: String; value :: Any; } ]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.attrsToList` usage example
+
+    ```nix
+    attrsToList { foo = 1; bar = "asdf"; }
+    => [ { name = "bar"; value = "asdf"; } { name = "foo"; value = 1; } ]
+    ```
+
+    :::
   */
   attrsToList = mapAttrsToList nameValuePair;
 
@@ -705,9 +1133,7 @@ rec {
     ```
   */
   mapAttrsRecursive =
-    # A function that, given an attribute path as a list of strings and the corresponding attribute value, returns a new value.
     f:
-    # Attribute set to recursively map over.
     set:
     mapAttrsRecursiveCond (as: true) f set;
 
@@ -736,12 +1162,8 @@ rec {
     ```
   */
   mapAttrsRecursiveCond =
-    # A function that, given the attribute set the recursion is currently at, determines if to recurse deeper into that attribute set.
     cond:
-    # A function that, given an attribute path as a list of strings and the corresponding attribute value, returns a new value.
-    # The attribute value is either an attribute set for which `cond` returns false, or something other than an attribute set.
     f:
-    # Attribute set to recursively map over.
     set:
     let
       recurse = path:
@@ -754,48 +1176,95 @@ rec {
     recurse [ ] set;
 
 
-  /* Generate an attribute set by mapping a function over a list of
-     attribute names.
+  /**
+    Generate an attribute set by mapping a function over a list of
+    attribute names.
+
+
+    # Inputs
+
+    `names`
+
+    : Names of values in the resulting attribute set.
+
+    `f`
+
+    : A function, given the name of the attribute, returns the attribute's value.
+
+    # Type
+
+    ```
+    genAttrs :: [ String ] -> (String -> Any) -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.genAttrs` usage example
 
-     Example:
-       genAttrs [ "foo" "bar" ] (name: "x_" + name)
-       => { foo = "x_foo"; bar = "x_bar"; }
+    ```nix
+    genAttrs [ "foo" "bar" ] (name: "x_" + name)
+    => { foo = "x_foo"; bar = "x_bar"; }
+    ```
 
-     Type:
-       genAttrs :: [ String ] -> (String -> Any) -> AttrSet
+    :::
   */
   genAttrs =
-    # Names of values in the resulting attribute set.
     names:
-    # A function, given the name of the attribute, returns the attribute's value.
     f:
     listToAttrs (map (n: nameValuePair n (f n)) names);
 
 
-  /* Check whether the argument is a derivation. Any set with
-     `{ type = "derivation"; }` counts as a derivation.
+  /**
+    Check whether the argument is a derivation. Any set with
+    `{ type = "derivation"; }` counts as a derivation.
+
 
-     Example:
-       nixpkgs = import <nixpkgs> {}
-       isDerivation nixpkgs.ruby
-       => true
-       isDerivation "foobar"
-       => false
+    # Inputs
 
-     Type:
-       isDerivation :: Any -> Bool
+    `value`
+
+    : Value to check.
+
+    # Type
+
+    ```
+    isDerivation :: Any -> Bool
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.isDerivation` usage example
+
+    ```nix
+    nixpkgs = import <nixpkgs> {}
+    isDerivation nixpkgs.ruby
+    => true
+    isDerivation "foobar"
+    => false
+    ```
+
+    :::
   */
   isDerivation =
-    # Value to check.
     value: value.type or null == "derivation";
 
-   /* Converts a store path to a fake derivation.
+   /**
+    Converts a store path to a fake derivation.
+
+
+    # Inputs
+
+    `path`
 
-      Type:
-        toDerivation :: Path -> Derivation
-   */
+    : A store path to convert to a derivation.
+
+    # Type
+
+    ```
+    toDerivation :: Path -> Derivation
+    ```
+  */
    toDerivation =
-     # A store path to convert to a derivation.
      path:
      let
        path' = builtins.storePath path;
@@ -810,42 +1279,85 @@ rec {
     in res;
 
 
-  /* If `cond` is true, return the attribute set `as`,
-     otherwise an empty attribute set.
+  /**
+    If `cond` is true, return the attribute set `as`,
+    otherwise an empty attribute set.
+
+
+    # Inputs
+
+    `cond`
 
-     Example:
-       optionalAttrs (true) { my = "set"; }
-       => { my = "set"; }
-       optionalAttrs (false) { my = "set"; }
-       => { }
+    : Condition under which the `as` attribute set is returned.
+
+    `as`
+
+    : The attribute set to return if `cond` is `true`.
+
+    # Type
+
+    ```
+    optionalAttrs :: Bool -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.optionalAttrs` usage example
+
+    ```nix
+    optionalAttrs (true) { my = "set"; }
+    => { my = "set"; }
+    optionalAttrs (false) { my = "set"; }
+    => { }
+    ```
 
-     Type:
-       optionalAttrs :: Bool -> AttrSet -> AttrSet
+    :::
   */
   optionalAttrs =
-    # Condition under which the `as` attribute set is returned.
     cond:
-    # The attribute set to return if `cond` is `true`.
     as:
     if cond then as else {};
 
 
-  /* Merge sets of attributes and use the function `f` to merge attributes
-     values.
+  /**
+    Merge sets of attributes and use the function `f` to merge attributes
+    values.
+
+
+    # Inputs
+
+    `names`
 
-     Example:
-       zipAttrsWithNames ["a"] (name: vs: vs) [{a = "x";} {a = "y"; b = "z";}]
-       => { a = ["x" "y"]; }
+    : List of attribute names to zip.
 
-     Type:
-       zipAttrsWithNames :: [ String ] -> (String -> [ Any ] -> Any) -> [ AttrSet ] -> AttrSet
+    `f`
+
+    : A function, accepts an attribute name, all the values, and returns a combined value.
+
+    `sets`
+
+    : List of values from the list of attribute sets.
+
+    # Type
+
+    ```
+    zipAttrsWithNames :: [ String ] -> (String -> [ Any ] -> Any) -> [ AttrSet ] -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.zipAttrsWithNames` usage example
+
+    ```nix
+    zipAttrsWithNames ["a"] (name: vs: vs) [{a = "x";} {a = "y"; b = "z";}]
+    => { a = ["x" "y"]; }
+    ```
+
+    :::
   */
   zipAttrsWithNames =
-    # List of attribute names to zip.
     names:
-    # A function, accepts an attribute name, all the values, and returns a combined value.
     f:
-    # List of values from the list of attribute sets.
     sets:
     listToAttrs (map (name: {
       inherit name;
@@ -853,52 +1365,91 @@ rec {
     }) names);
 
 
-  /* Merge sets of attributes and use the function f to merge attribute values.
-     Like `lib.attrsets.zipAttrsWithNames` with all key names are passed for `names`.
+  /**
+    Merge sets of attributes and use the function f to merge attribute values.
+    Like `lib.attrsets.zipAttrsWithNames` with all key names are passed for `names`.
 
-     Implementation note: Common names appear multiple times in the list of
-     names, hopefully this does not affect the system because the maximal
-     laziness avoid computing twice the same expression and `listToAttrs` does
-     not care about duplicated attribute names.
+    Implementation note: Common names appear multiple times in the list of
+    names, hopefully this does not affect the system because the maximal
+    laziness avoid computing twice the same expression and `listToAttrs` does
+    not care about duplicated attribute names.
 
-     Example:
-       zipAttrsWith (name: values: values) [{a = "x";} {a = "y"; b = "z";}]
-       => { a = ["x" "y"]; b = ["z"]; }
+    # Type
+
+    ```
+    zipAttrsWith :: (String -> [ Any ] -> Any) -> [ AttrSet ] -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.zipAttrsWith` usage example
 
-     Type:
-       zipAttrsWith :: (String -> [ Any ] -> Any) -> [ AttrSet ] -> AttrSet
+    ```nix
+    zipAttrsWith (name: values: values) [{a = "x";} {a = "y"; b = "z";}]
+    => { a = ["x" "y"]; b = ["z"]; }
+    ```
+
+    :::
   */
   zipAttrsWith =
     builtins.zipAttrsWith or (f: sets: zipAttrsWithNames (concatMap attrNames sets) f sets);
 
 
-  /* Merge sets of attributes and combine each attribute value in to a list.
+  /**
+    Merge sets of attributes and combine each attribute value in to a list.
+
+    Like `lib.attrsets.zipAttrsWith` with `(name: values: values)` as the function.
+
+    # Type
+
+    ```
+    zipAttrs :: [ AttrSet ] -> AttrSet
+    ```
 
-     Like `lib.attrsets.zipAttrsWith` with `(name: values: values)` as the function.
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.zipAttrs` usage example
 
-     Example:
-       zipAttrs [{a = "x";} {a = "y"; b = "z";}]
-       => { a = ["x" "y"]; b = ["z"]; }
+    ```nix
+    zipAttrs [{a = "x";} {a = "y"; b = "z";}]
+    => { a = ["x" "y"]; b = ["z"]; }
+    ```
 
-     Type:
-       zipAttrs :: [ AttrSet ] -> AttrSet
+    :::
   */
   zipAttrs = zipAttrsWith (name: values: values);
 
-  /*
+  /**
     Merge a list of attribute sets together using the `//` operator.
     In case of duplicate attributes, values from later list elements take precedence over earlier ones.
     The result is the same as `foldl mergeAttrs { }`, but the performance is better for large inputs.
     For n list elements, each with an attribute set containing m unique attributes, the complexity of this operation is O(nm log n).
 
-    Type:
-      mergeAttrsList :: [ Attrs ] -> Attrs
 
-    Example:
-      mergeAttrsList [ { a = 0; b = 1; } { c = 2; d = 3; } ]
-      => { a = 0; b = 1; c = 2; d = 3; }
-      mergeAttrsList [ { a = 0; } { a = 1; } ]
-      => { a = 1; }
+    # Inputs
+
+    `list`
+
+    : 1\. Function argument
+
+    # Type
+
+    ```
+    mergeAttrsList :: [ Attrs ] -> Attrs
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.mergeAttrsList` usage example
+
+    ```nix
+    mergeAttrsList [ { a = 0; b = 1; } { c = 2; d = 3; } ]
+    => { a = 0; b = 1; c = 2; d = 3; }
+    mergeAttrsList [ { a = 0; } { a = 1; } ]
+    => { a = 1; }
+    ```
+
+    :::
   */
   mergeAttrsList = list:
     let
@@ -922,42 +1473,65 @@ rec {
       binaryMerge 0 (length list);
 
 
-  /* Does the same as the update operator '//' except that attributes are
-     merged until the given predicate is verified.  The predicate should
-     accept 3 arguments which are the path to reach the attribute, a part of
-     the first attribute set and a part of the second attribute set.  When
-     the predicate is satisfied, the value of the first attribute set is
-     replaced by the value of the second attribute set.
-
-     Example:
-       recursiveUpdateUntil (path: l: r: path == ["foo"]) {
-         # first attribute set
-         foo.bar = 1;
-         foo.baz = 2;
-         bar = 3;
-       } {
-         #second attribute set
-         foo.bar = 1;
-         foo.quz = 2;
-         baz = 4;
-       }
-
-       => {
-         foo.bar = 1; # 'foo.*' from the second set
-         foo.quz = 2; #
-         bar = 3;     # 'bar' from the first set
-         baz = 4;     # 'baz' from the second set
-       }
-
-     Type:
-       recursiveUpdateUntil :: ( [ String ] -> AttrSet -> AttrSet -> Bool ) -> AttrSet -> AttrSet -> AttrSet
+  /**
+    Does the same as the update operator '//' except that attributes are
+    merged until the given predicate is verified.  The predicate should
+    accept 3 arguments which are the path to reach the attribute, a part of
+    the first attribute set and a part of the second attribute set.  When
+    the predicate is satisfied, the value of the first attribute set is
+    replaced by the value of the second attribute set.
+
+
+    # Inputs
+
+    `pred`
+
+    : Predicate, taking the path to the current attribute as a list of strings for attribute names, and the two values at that path from the original arguments.
+
+    `lhs`
+
+    : Left attribute set of the merge.
+
+    `rhs`
+
+    : Right attribute set of the merge.
+
+    # Type
+
+    ```
+    recursiveUpdateUntil :: ( [ String ] -> AttrSet -> AttrSet -> Bool ) -> AttrSet -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.recursiveUpdateUntil` usage example
+
+    ```nix
+    recursiveUpdateUntil (path: l: r: path == ["foo"]) {
+      # first attribute set
+      foo.bar = 1;
+      foo.baz = 2;
+      bar = 3;
+    } {
+      #second attribute set
+      foo.bar = 1;
+      foo.quz = 2;
+      baz = 4;
+    }
+
+    => {
+      foo.bar = 1; # 'foo.*' from the second set
+      foo.quz = 2; #
+      bar = 3;     # 'bar' from the first set
+      baz = 4;     # 'baz' from the second set
+    }
+    ```
+
+    :::
   */
   recursiveUpdateUntil =
-    # Predicate, taking the path to the current attribute as a list of strings for attribute names, and the two values at that path from the original arguments.
     pred:
-    # Left attribute set of the merge.
     lhs:
-    # Right attribute set of the merge.
     rhs:
     let f = attrPath:
       zipAttrsWith (n: values:
@@ -971,51 +1545,90 @@ rec {
     in f [] [rhs lhs];
 
 
-  /* A recursive variant of the update operator ‘//’.  The recursion
-     stops when one of the attribute values is not an attribute set,
-     in which case the right hand side value takes precedence over the
-     left hand side value.
+  /**
+    A recursive variant of the update operator ‘//’.  The recursion
+    stops when one of the attribute values is not an attribute set,
+    in which case the right hand side value takes precedence over the
+    left hand side value.
+
+
+    # Inputs
+
+    `lhs`
+
+    : Left attribute set of the merge.
+
+    `rhs`
+
+    : Right attribute set of the merge.
+
+    # Type
+
+    ```
+    recursiveUpdate :: AttrSet -> AttrSet -> AttrSet
+    ```
 
-     Example:
-       recursiveUpdate {
-         boot.loader.grub.enable = true;
-         boot.loader.grub.device = "/dev/hda";
-       } {
-         boot.loader.grub.device = "";
-       }
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.recursiveUpdate` usage example
 
-       returns: {
-         boot.loader.grub.enable = true;
-         boot.loader.grub.device = "";
-       }
+    ```nix
+    recursiveUpdate {
+      boot.loader.grub.enable = true;
+      boot.loader.grub.device = "/dev/hda";
+    } {
+      boot.loader.grub.device = "";
+    }
+
+    returns: {
+      boot.loader.grub.enable = true;
+      boot.loader.grub.device = "";
+    }
+    ```
 
-     Type:
-       recursiveUpdate :: AttrSet -> AttrSet -> AttrSet
+    :::
   */
   recursiveUpdate =
-    # Left attribute set of the merge.
     lhs:
-    # Right attribute set of the merge.
     rhs:
     recursiveUpdateUntil (path: lhs: rhs: !(isAttrs lhs && isAttrs rhs)) lhs rhs;
 
 
-  /*
+  /**
     Recurse into every attribute set of the first argument and check that:
     - Each attribute path also exists in the second argument.
     - If the attribute's value is not a nested attribute set, it must have the same value in the right argument.
 
-     Example:
-       matchAttrs { cpu = {}; } { cpu = { bits = 64; }; }
-       => true
 
-     Type:
-       matchAttrs :: AttrSet -> AttrSet -> Bool
+    # Inputs
+
+    `pattern`
+
+    : Attribute set structure to match
+
+    `attrs`
+
+    : Attribute set to check
+
+    # Type
+
+    ```
+    matchAttrs :: AttrSet -> AttrSet -> Bool
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.matchAttrs` usage example
+
+    ```nix
+    matchAttrs { cpu = {}; } { cpu = { bits = 64; }; }
+    => true
+    ```
+
+    :::
   */
   matchAttrs =
-    # Attribute set structure to match
     pattern:
-    # Attribute set to check
     attrs:
     assert isAttrs pattern;
     all
@@ -1034,161 +1647,340 @@ rec {
     )
     (attrNames pattern);
 
-  /* Override only the attributes that are already present in the old set
+  /**
+    Override only the attributes that are already present in the old set
     useful for deep-overriding.
 
-    Example:
-      overrideExisting {} { a = 1; }
-      => {}
-      overrideExisting { b = 2; } { a = 1; }
-      => { b = 2; }
-      overrideExisting { a = 3; b = 2; } { a = 1; }
-      => { a = 1; b = 2; }
 
-    Type:
-      overrideExisting :: AttrSet -> AttrSet -> AttrSet
+    # Inputs
+
+    `old`
+
+    : Original attribute set
+
+    `new`
+
+    : Attribute set with attributes to override in `old`.
+
+    # Type
+
+    ```
+    overrideExisting :: AttrSet -> AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.overrideExisting` usage example
+
+    ```nix
+    overrideExisting {} { a = 1; }
+    => {}
+    overrideExisting { b = 2; } { a = 1; }
+    => { b = 2; }
+    overrideExisting { a = 3; b = 2; } { a = 1; }
+    => { a = 1; b = 2; }
+    ```
+
+    :::
   */
   overrideExisting =
-    # Original attribute set
     old:
-    # Attribute set with attributes to override in `old`.
     new:
     mapAttrs (name: value: new.${name} or value) old;
 
 
-  /* Turns a list of strings into a human-readable description of those
+  /**
+    Turns a list of strings into a human-readable description of those
     strings represented as an attribute path. The result of this function is
     not intended to be machine-readable.
     Create a new attribute set with `value` set at the nested attribute location specified in `attrPath`.
 
-    Example:
-      showAttrPath [ "foo" "10" "bar" ]
-      => "foo.\"10\".bar"
-      showAttrPath []
-      => "<root attribute path>"
 
-    Type:
-      showAttrPath :: [String] -> String
+    # Inputs
+
+    `path`
+
+    : Attribute path to render to a string
+
+    # Type
+
+    ```
+    showAttrPath :: [String] -> String
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.showAttrPath` usage example
+
+    ```nix
+    showAttrPath [ "foo" "10" "bar" ]
+    => "foo.\"10\".bar"
+    showAttrPath []
+    => "<root attribute path>"
+    ```
+
+    :::
   */
   showAttrPath =
-    # Attribute path to render to a string
     path:
     if path == [] then "<root attribute path>"
     else concatMapStringsSep "." escapeNixIdentifier path;
 
 
-  /* Get a package output.
-     If no output is found, fallback to `.out` and then to the default.
+  /**
+    Get a package output.
+    If no output is found, fallback to `.out` and then to the default.
+
+
+    # Inputs
+
+    `output`
 
-     Example:
-       getOutput "dev" pkgs.openssl
-       => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-dev"
+    : 1\. Function argument
 
-     Type:
-       getOutput :: String -> Derivation -> String
+    `pkg`
+
+    : 2\. Function argument
+
+    # Type
+
+    ```
+    getOutput :: String -> Derivation -> String
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getOutput` usage example
+
+    ```nix
+    getOutput "dev" pkgs.openssl
+    => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-dev"
+    ```
+
+    :::
   */
   getOutput = output: pkg:
     if ! pkg ? outputSpecified || ! pkg.outputSpecified
       then pkg.${output} or pkg.out or pkg
       else pkg;
 
-  /* Get a package's `bin` output.
-     If the output does not exist, fallback to `.out` and then to the default.
+  /**
+    Get a package's `bin` output.
+    If the output does not exist, fallback to `.out` and then to the default.
+
+    # Inputs
+
+    `pkg`
 
-     Example:
-       getBin pkgs.openssl
-       => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r"
+    : The package whose `bin` output will be retrieved.
 
-     Type:
-       getBin :: Derivation -> String
+    # Type
+
+    ```
+    getBin :: Derivation -> String
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getBin` usage example
+
+    ```nix
+    getBin pkgs.openssl
+    => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r"
+    ```
+
+    :::
   */
   getBin = getOutput "bin";
 
 
-  /* Get a package's `lib` output.
-     If the output does not exist, fallback to `.out` and then to the default.
+  /**
+    Get a package's `lib` output.
+    If the output does not exist, fallback to `.out` and then to the default.
+
+    # Inputs
+
+    `pkg`
 
-     Example:
-       getLib pkgs.openssl
-       => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-lib"
+    : The package whose `lib` output will be retrieved.
 
-     Type:
-       getLib :: Derivation -> String
+    # Type
+
+    ```
+    getLib :: Derivation -> String
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getLib` usage example
+
+    ```nix
+    getLib pkgs.openssl
+    => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-lib"
+    ```
+
+    :::
   */
   getLib = getOutput "lib";
 
 
-  /* Get a package's `dev` output.
-     If the output does not exist, fallback to `.out` and then to the default.
+  /**
+    Get a package's `dev` output.
+    If the output does not exist, fallback to `.out` and then to the default.
+
+    # Inputs
+
+    `pkg`
 
-     Example:
-       getDev pkgs.openssl
-       => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-dev"
+    : The package whose `dev` output will be retrieved.
+
+    # Type
+
+    ```
+    getDev :: Derivation -> String
+    ```
 
-     Type:
-       getDev :: Derivation -> String
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getDev` usage example
+
+    ```nix
+    getDev pkgs.openssl
+    => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-dev"
+    ```
+
+    :::
   */
   getDev = getOutput "dev";
 
 
-  /* Get a package's `man` output.
-     If the output does not exist, fallback to `.out` and then to the default.
+  /**
+    Get a package's `man` output.
+    If the output does not exist, fallback to `.out` and then to the default.
+
+    # Inputs
+
+    `pkg`
+
+    : The package whose `man` output will be retrieved.
+
+    # Type
+
+    ```
+    getMan :: Derivation -> String
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.getMan` usage example
 
-     Example:
-       getMan pkgs.openssl
-       => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-man"
+    ```nix
+    getMan pkgs.openssl
+    => "/nix/store/9rz8gxhzf8sw4kf2j2f1grr49w8zx5vj-openssl-1.0.1r-man"
+    ```
 
-     Type:
-       getMan :: Derivation -> String
+    :::
   */
   getMan = getOutput "man";
 
-  /* Pick the outputs of packages to place in `buildInputs`
+  /**
+    Pick the outputs of packages to place in `buildInputs`
+
+    # Inputs
 
-   Type: chooseDevOutputs :: [Derivation] -> [String]
+    `pkgs`
 
+    : List of packages.
+
+    # Type
+
+    ```
+    chooseDevOutputs :: [Derivation] -> [String]
+    ```
   */
   chooseDevOutputs = builtins.map getDev;
 
-  /* Make various Nix tools consider the contents of the resulting
-     attribute set when looking for what to build, find, etc.
+  /**
+    Make various Nix tools consider the contents of the resulting
+    attribute set when looking for what to build, find, etc.
 
-     This function only affects a single attribute set; it does not
-     apply itself recursively for nested attribute sets.
+    This function only affects a single attribute set; it does not
+    apply itself recursively for nested attribute sets.
 
-     Example:
-       { pkgs ? import <nixpkgs> {} }:
-       {
-         myTools = pkgs.lib.recurseIntoAttrs {
-           inherit (pkgs) hello figlet;
-         };
-       }
 
-     Type:
-       recurseIntoAttrs :: AttrSet -> AttrSet
+    # Inputs
+
+    `attrs`
+
+    : An attribute set to scan for derivations.
+
+    # Type
 
-   */
+    ```
+    recurseIntoAttrs :: AttrSet -> AttrSet
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.attrsets.recurseIntoAttrs` usage example
+
+    ```nix
+    { pkgs ? import <nixpkgs> {} }:
+    {
+      myTools = pkgs.lib.recurseIntoAttrs {
+        inherit (pkgs) hello figlet;
+      };
+    }
+    ```
+
+    :::
+  */
   recurseIntoAttrs =
-    # An attribute set to scan for derivations.
     attrs:
     attrs // { recurseForDerivations = true; };
 
-  /* Undo the effect of recurseIntoAttrs.
+  /**
+    Undo the effect of recurseIntoAttrs.
 
-     Type:
-       dontRecurseIntoAttrs :: AttrSet -> AttrSet
-   */
+
+    # Inputs
+
+    `attrs`
+
+    : An attribute set to not scan for derivations.
+
+    # Type
+
+    ```
+    dontRecurseIntoAttrs :: AttrSet -> AttrSet
+    ```
+  */
   dontRecurseIntoAttrs =
-    # An attribute set to not scan for derivations.
     attrs:
     attrs // { recurseForDerivations = false; };
 
-  /* `unionOfDisjoint x y` is equal to `x // y // z` where the
-     attrnames in `z` are the intersection of the attrnames in `x` and
-     `y`, and all values `assert` with an error message.  This
-      operator is commutative, unlike (//).
+  /**
+    `unionOfDisjoint x y` is equal to `x // y // z` where the
+    attrnames in `z` are the intersection of the attrnames in `x` and
+    `y`, and all values `assert` with an error message.  This
+     operator is commutative, unlike (//).
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
 
-     Type: unionOfDisjoint :: AttrSet -> AttrSet -> AttrSet
+    : 2\. Function argument
+
+    # Type
+
+    ```
+    unionOfDisjoint :: AttrSet -> AttrSet -> AttrSet
+    ```
   */
   unionOfDisjoint = x: y:
     let
diff --git a/lib/trivial.nix b/lib/trivial.nix
index c197822a4f8e5..936ad207c03df 100644
--- a/lib/trivial.nix
+++ b/lib/trivial.nix
@@ -16,59 +16,114 @@ in {
 
   ## Simple (higher order) functions
 
-  /* The identity function
-     For when you need a function that does “nothing”.
+  /**
+    The identity function
+    For when you need a function that does “nothing”.
 
-     Type: id :: a -> a
+
+    # Inputs
+
+    `x`
+
+    : The value to return
+
+    # Type
+
+    ```
+    id :: a -> a
+    ```
   */
-  id =
-    # The value to return
-    x: x;
+  id = x: x;
+
+  /**
+    The constant function
+
+    Ignores the second argument. If called with only one argument,
+    constructs a function that always returns a static value.
+
+
+    # Inputs
+
+    `x`
+
+    : Value to return
+
+    `y`
+
+    : Value to ignore
+
+    # Type
+
+    ```
+    const :: a -> b -> a
+    ```
 
-  /* The constant function
+    # Examples
+    :::{.example}
+    ## `lib.trivial.const` usage example
 
-     Ignores the second argument. If called with only one argument,
-     constructs a function that always returns a static value.
+    ```nix
+    let f = const 5; in f 10
+    => 5
+    ```
 
-     Type: const :: a -> b -> a
-     Example:
-       let f = const 5; in f 10
-       => 5
+    :::
   */
   const =
-    # Value to return
     x:
-    # Value to ignore
     y: x;
 
-  /* Pipes a value through a list of functions, left to right.
+  /**
+    Pipes a value through a list of functions, left to right.
 
-     Type: pipe :: a -> [<functions>] -> <return type of last function>
-     Example:
-       pipe 2 [
-         (x: x + 2)  # 2 + 2 = 4
-         (x: x * 2)  # 4 * 2 = 8
-       ]
-       => 8
+    # Inputs
 
-       # ideal to do text transformations
-       pipe [ "a/b" "a/c" ] [
+    `value`
 
-         # create the cp command
-         (map (file: ''cp "${src}/${file}" $out\n''))
+    : Value to start piping.
 
-         # concatenate all commands into one string
-         lib.concatStrings
+    `fns`
 
-         # make that string into a nix derivation
-         (pkgs.runCommand "copy-to-out" {})
+    : List of functions to apply sequentially.
 
-       ]
-       => <drv which copies all files to $out>
+    # Type
 
-     The output type of each function has to be the input type
-     of the next function, and the last function returns the
-     final value.
+    ```
+    pipe :: a -> [<functions>] -> <return type of last function>
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.pipe` usage example
+
+    ```nix
+    pipe 2 [
+        (x: x + 2)  # 2 + 2 = 4
+        (x: x * 2)  # 4 * 2 = 8
+      ]
+    => 8
+
+    # ideal to do text transformations
+    pipe [ "a/b" "a/c" ] [
+
+      # create the cp command
+      (map (file: ''cp "${src}/${file}" $out\n''))
+
+      # concatenate all commands into one string
+      lib.concatStrings
+
+      # make that string into a nix derivation
+      (pkgs.runCommand "copy-to-out" {})
+
+    ]
+    => <drv which copies all files to $out>
+
+    The output type of each function has to be the input type
+    of the next function, and the last function returns the
+    final value.
+    ```
+
+    :::
   */
   pipe = builtins.foldl' (x: f: f x);
 
@@ -79,71 +134,197 @@ in {
 
   ## Named versions corresponding to some builtin operators.
 
-  /* Concatenate two lists
+  /**
+    Concatenate two lists
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
+
+    : 2\. Function argument
 
-     Type: concat :: [a] -> [a] -> [a]
+    # Type
 
-     Example:
-       concat [ 1 2 ] [ 3 4 ]
-       => [ 1 2 3 4 ]
+    ```
+    concat :: [a] -> [a] -> [a]
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.concat` usage example
+
+    ```nix
+    concat [ 1 2 ] [ 3 4 ]
+    => [ 1 2 3 4 ]
+    ```
+
+    :::
   */
   concat = x: y: x ++ y;
 
-  /* boolean “or” */
+  /**
+    boolean “or”
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
+
+    : 2\. Function argument
+  */
   or = x: y: x || y;
 
-  /* boolean “and” */
+  /**
+    boolean “and”
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
+
+    : 2\. Function argument
+  */
   and = x: y: x && y;
 
-  /* bitwise “not” */
+  /**
+    bitwise “not”
+  */
   bitNot = builtins.sub (-1);
 
-  /* Convert a boolean to a string.
+  /**
+    Convert a boolean to a string.
+
+    This function uses the strings "true" and "false" to represent
+    boolean values. Calling `toString` on a bool instead returns "1"
+    and "" (sic!).
+
+
+    # Inputs
+
+    `b`
+
+    : 1\. Function argument
 
-     This function uses the strings "true" and "false" to represent
-     boolean values. Calling `toString` on a bool instead returns "1"
-     and "" (sic!).
+    # Type
 
-     Type: boolToString :: bool -> string
+    ```
+    boolToString :: bool -> string
+    ```
   */
   boolToString = b: if b then "true" else "false";
 
-  /* Merge two attribute sets shallowly, right side trumps left
+  /**
+    Merge two attribute sets shallowly, right side trumps left
+
+    mergeAttrs :: attrs -> attrs -> attrs
+
+
+    # Inputs
+
+    `x`
+
+    : Left attribute set
+
+    `y`
+
+    : Right attribute set (higher precedence for equal keys)
 
-     mergeAttrs :: attrs -> attrs -> attrs
 
-     Example:
-       mergeAttrs { a = 1; b = 2; } { b = 3; c = 4; }
-       => { a = 1; b = 3; c = 4; }
+    # Examples
+    :::{.example}
+    ## `lib.trivial.mergeAttrs` usage example
+
+    ```nix
+    mergeAttrs { a = 1; b = 2; } { b = 3; c = 4; }
+    => { a = 1; b = 3; c = 4; }
+    ```
+
+    :::
   */
   mergeAttrs =
-    # Left attribute set
     x:
-    # Right attribute set (higher precedence for equal keys)
     y: x // y;
 
-  /* Flip the order of the arguments of a binary function.
+  /**
+    Flip the order of the arguments of a binary function.
+
+
+    # Inputs
+
+    `f`
+
+    : 1\. Function argument
+
+    `a`
+
+    : 2\. Function argument
 
-     Type: flip :: (a -> b -> c) -> (b -> a -> c)
+    `b`
 
-     Example:
-       flip concat [1] [2]
-       => [ 2 1 ]
+    : 3\. Function argument
+
+    # Type
+
+    ```
+    flip :: (a -> b -> c) -> (b -> a -> c)
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.flip` usage example
+
+    ```nix
+    flip concat [1] [2]
+    => [ 2 1 ]
+    ```
+
+    :::
   */
   flip = f: a: b: f b a;
 
-  /* Apply function if the supplied argument is non-null.
+  /**
+    Apply function if the supplied argument is non-null.
+
+
+    # Inputs
 
-     Example:
-       mapNullable (x: x+1) null
-       => null
-       mapNullable (x: x+1) 22
-       => 23
+    `f`
+
+    : Function to call
+
+    `a`
+
+    : Argument to check for null before passing it to `f`
+
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.mapNullable` usage example
+
+    ```nix
+    mapNullable (x: x+1) null
+    => null
+    mapNullable (x: x+1) 22
+    => 23
+    ```
+
+    :::
   */
   mapNullable =
-    # Function to call
     f:
-    # Argument to check for null before passing it to `f`
     a: if a == null then a else f a;
 
   # Pull in some builtins not included elsewhere.
@@ -155,57 +336,84 @@ in {
 
   ## nixpkgs version strings
 
-  /* Returns the current full nixpkgs version number. */
+  /**
+    Returns the current full nixpkgs version number.
+  */
   version = release + versionSuffix;
 
-  /* Returns the current nixpkgs release number as string. */
+  /**
+    Returns the current nixpkgs release number as string.
+  */
   release = lib.strings.fileContents ./.version;
 
-  /* The latest release that is supported, at the time of release branch-off,
-     if applicable.
+  /**
+    The latest release that is supported, at the time of release branch-off,
+    if applicable.
 
-     Ideally, out-of-tree modules should be able to evaluate cleanly with all
-     supported Nixpkgs versions (master, release and old release until EOL).
-     So if possible, deprecation warnings should take effect only when all
-     out-of-tree expressions/libs/modules can upgrade to the new way without
-     losing support for supported Nixpkgs versions.
+    Ideally, out-of-tree modules should be able to evaluate cleanly with all
+    supported Nixpkgs versions (master, release and old release until EOL).
+    So if possible, deprecation warnings should take effect only when all
+    out-of-tree expressions/libs/modules can upgrade to the new way without
+    losing support for supported Nixpkgs versions.
 
-     This release number allows deprecation warnings to be implemented such that
-     they take effect as soon as the oldest release reaches end of life. */
+    This release number allows deprecation warnings to be implemented such that
+    they take effect as soon as the oldest release reaches end of life.
+  */
   oldestSupportedRelease =
     # Update on master only. Do not backport.
     2311;
 
-  /* Whether a feature is supported in all supported releases (at the time of
-     release branch-off, if applicable). See `oldestSupportedRelease`. */
+  /**
+    Whether a feature is supported in all supported releases (at the time of
+    release branch-off, if applicable). See `oldestSupportedRelease`.
+
+
+    # Inputs
+
+    `release`
+
+    : Release number of feature introduction as an integer, e.g. 2111 for 21.11.
+    Set it to the upcoming release, matching the nixpkgs/.version file.
+  */
   isInOldestRelease =
-    /* Release number of feature introduction as an integer, e.g. 2111 for 21.11.
-       Set it to the upcoming release, matching the nixpkgs/.version file.
-    */
     release:
       release <= lib.trivial.oldestSupportedRelease;
 
-  /* Returns the current nixpkgs release code name.
+  /**
+    Returns the current nixpkgs release code name.
 
-     On each release the first letter is bumped and a new animal is chosen
-     starting with that new letter.
+    On each release the first letter is bumped and a new animal is chosen
+    starting with that new letter.
   */
   codeName = "Uakari";
 
-  /* Returns the current nixpkgs version suffix as string. */
+  /**
+    Returns the current nixpkgs version suffix as string.
+  */
   versionSuffix =
     let suffixFile = ../.version-suffix;
     in if pathExists suffixFile
     then lib.strings.fileContents suffixFile
     else "pre-git";
 
-  /* Attempts to return the the current revision of nixpkgs and
-     returns the supplied default value otherwise.
+  /**
+    Attempts to return the the current revision of nixpkgs and
+    returns the supplied default value otherwise.
+
+
+    # Inputs
+
+    `default`
 
-     Type: revisionWithDefault :: string -> string
+    : Default value to return if revision can not be determined
+
+    # Type
+
+    ```
+    revisionWithDefault :: string -> string
+    ```
   */
   revisionWithDefault =
-    # Default value to return if revision can not be determined
     default:
     let
       revisionFile = "${toString ./..}/.git-revision";
@@ -217,47 +425,115 @@ in {
 
   nixpkgsVersion = warn "lib.nixpkgsVersion is a deprecated alias of lib.version." version;
 
-  /* Determine whether the function is being called from inside a Nix
-     shell.
+  /**
+    Determine whether the function is being called from inside a Nix
+    shell.
 
-     Type: inNixShell :: bool
+    # Type
+
+    ```
+    inNixShell :: bool
+    ```
   */
   inNixShell = builtins.getEnv "IN_NIX_SHELL" != "";
 
-  /* Determine whether the function is being called from inside pure-eval mode
-     by seeing whether `builtins` contains `currentSystem`. If not, we must be in
-     pure-eval mode.
+  /**
+    Determine whether the function is being called from inside pure-eval mode
+    by seeing whether `builtins` contains `currentSystem`. If not, we must be in
+    pure-eval mode.
+
+    # Type
 
-     Type: inPureEvalMode :: bool
+    ```
+    inPureEvalMode :: bool
+    ```
   */
   inPureEvalMode = ! builtins ? currentSystem;
 
   ## Integer operations
 
-  /* Return minimum of two numbers. */
+  /**
+    Return minimum of two numbers.
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
+
+    : 2\. Function argument
+  */
   min = x: y: if x < y then x else y;
 
-  /* Return maximum of two numbers. */
+  /**
+    Return maximum of two numbers.
+
+
+    # Inputs
+
+    `x`
+
+    : 1\. Function argument
+
+    `y`
+
+    : 2\. Function argument
+  */
   max = x: y: if x > y then x else y;
 
-  /* Integer modulus
+  /**
+    Integer modulus
+
+
+    # Inputs
+
+    `base`
+
+    : 1\. Function argument
+
+    `int`
+
+    : 2\. Function argument
+
 
-     Example:
-       mod 11 10
-       => 1
-       mod 1 10
-       => 1
+    # Examples
+    :::{.example}
+    ## `lib.trivial.mod` usage example
+
+    ```nix
+    mod 11 10
+    => 1
+    mod 1 10
+    => 1
+    ```
+
+    :::
   */
   mod = base: int: base - (int * (builtins.div base int));
 
 
   ## Comparisons
 
-  /* C-style comparisons
+  /**
+    C-style comparisons
+
+    a < b,  compare a b => -1
+    a == b, compare a b => 0
+    a > b,  compare a b => 1
+
+
+    # Inputs
+
+    `a`
+
+    : 1\. Function argument
+
+    `b`
 
-     a < b,  compare a b => -1
-     a == b, compare a b => 0
-     a > b,  compare a b => 1
+    : 2\. Function argument
   */
   compare = a: b:
     if a < b
@@ -266,50 +542,100 @@ in {
          then 1
          else 0;
 
-  /* Split type into two subtypes by predicate `p`, take all elements
-     of the first subtype to be less than all the elements of the
-     second subtype, compare elements of a single subtype with `yes`
-     and `no` respectively.
+  /**
+    Split type into two subtypes by predicate `p`, take all elements
+    of the first subtype to be less than all the elements of the
+    second subtype, compare elements of a single subtype with `yes`
+    and `no` respectively.
+
+
+    # Inputs
+
+    `p`
+
+    : Predicate
+
+    `yes`
+
+    : Comparison function if predicate holds for both values
+
+    `no`
 
-     Type: (a -> bool) -> (a -> a -> int) -> (a -> a -> int) -> (a -> a -> int)
+    : Comparison function if predicate holds for neither value
 
-     Example:
-       let cmp = splitByAndCompare (hasPrefix "foo") compare compare; in
+    `a`
 
-       cmp "a" "z" => -1
-       cmp "fooa" "fooz" => -1
+    : First value to compare
 
-       cmp "f" "a" => 1
-       cmp "fooa" "a" => -1
-       # while
-       compare "fooa" "a" => 1
+    `b`
+
+    : Second value to compare
+
+    # Type
+
+    ```
+    (a -> bool) -> (a -> a -> int) -> (a -> a -> int) -> (a -> a -> int)
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.splitByAndCompare` usage example
+
+    ```nix
+    let cmp = splitByAndCompare (hasPrefix "foo") compare compare; in
+
+    cmp "a" "z" => -1
+    cmp "fooa" "fooz" => -1
+
+    cmp "f" "a" => 1
+    cmp "fooa" "a" => -1
+    # while
+    compare "fooa" "a" => 1
+    ```
+
+    :::
   */
   splitByAndCompare =
-    # Predicate
-    p:
-    # Comparison function if predicate holds for both values
-    yes:
-    # Comparison function if predicate holds for neither value
-    no:
-    # First value to compare
-    a:
-    # Second value to compare
-    b:
+    p: yes: no: a: b:
     if p a
     then if p b then yes a b else -1
     else if p b then 1 else no a b;
 
 
-  /* Reads a JSON file.
+  /**
+    Reads a JSON file.
 
-     Type: importJSON :: path -> any
+
+    # Inputs
+
+    `path`
+
+    : 1\. Function argument
+
+    # Type
+
+    ```
+    importJSON :: path -> any
+    ```
   */
   importJSON = path:
     builtins.fromJSON (builtins.readFile path);
 
-  /* Reads a TOML file.
+  /**
+    Reads a TOML file.
+
+
+    # Inputs
 
-     Type: importTOML :: path -> any
+    `path`
+
+    : 1\. Function argument
+
+    # Type
+
+    ```
+    importTOML :: path -> any
+    ```
   */
   importTOML = path:
     builtins.fromTOML (builtins.readFile path);
@@ -329,7 +655,7 @@ in {
   # TODO: figure out a clever way to integrate location information from
   # something like __unsafeGetAttrPos.
 
-  /*
+  /**
     Print a warning before returning the second argument. This function behaves
     like `builtins.trace`, but requires a string message and formats it as a
     warning, including the `warning: ` prefix.
@@ -337,28 +663,80 @@ in {
     To get a call stack trace and abort evaluation, set the environment variable
     `NIX_ABORT_ON_WARN=true` and set the Nix options `--option pure-eval false --show-trace`
 
-    Type: string -> a -> a
+    # Inputs
+
+    `msg`
+
+    : Warning message to print.
+
+    `val`
+
+    : Value to return as-is.
+
+    # Type
+
+    ```
+    string -> a -> a
+    ```
   */
   warn =
     if lib.elem (builtins.getEnv "NIX_ABORT_ON_WARN") ["1" "true" "yes"]
     then msg: builtins.trace "warning: ${msg}" (abort "NIX_ABORT_ON_WARN=true; warnings are treated as unrecoverable errors.")
     else msg: builtins.trace "warning: ${msg}";
 
-  /*
+  /**
     Like warn, but only warn when the first argument is `true`.
 
-    Type: bool -> string -> a -> a
+
+    # Inputs
+
+    `cond`
+
+    : 1\. Function argument
+
+    `msg`
+
+    : 2\. Function argument
+
+    `val`
+
+    : Value to return as-is.
+
+    # Type
+
+    ```
+    bool -> string -> a -> a
+    ```
   */
   warnIf = cond: msg: if cond then warn msg else x: x;
 
-  /*
+  /**
     Like warnIf, but negated (warn if the first argument is `false`).
 
-    Type: bool -> string -> a -> a
+
+    # Inputs
+
+    `cond`
+
+    : 1\. Function argument
+
+    `msg`
+
+    : 2\. Function argument
+
+    `val`
+
+    : Value to return as-is.
+
+    # Type
+
+    ```
+    bool -> string -> a -> a
+    ```
   */
   warnIfNot = cond: msg: if cond then x: x else warn msg;
 
-  /*
+  /**
     Like the `assert b; e` expression, but with a custom error message and
     without the semicolon.
 
@@ -369,33 +747,95 @@ in {
     Calls can be juxtaposed using function application, as `(r: r) a = a`, so
     `(r: r) (r: r) a = a`, and so forth.
 
-    Type: bool -> string -> a -> a
 
-    Example:
+    # Inputs
+
+    `cond`
+
+    : 1\. Function argument
 
-        throwIfNot (lib.isList overlays) "The overlays argument to nixpkgs must be a list."
-        lib.foldr (x: throwIfNot (lib.isFunction x) "All overlays passed to nixpkgs must be functions.") (r: r) overlays
-        pkgs
+    `msg`
 
+    : 2\. Function argument
+
+    # Type
+
+    ```
+    bool -> string -> a -> a
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.throwIfNot` usage example
+
+    ```nix
+    throwIfNot (lib.isList overlays) "The overlays argument to nixpkgs must be a list."
+    lib.foldr (x: throwIfNot (lib.isFunction x) "All overlays passed to nixpkgs must be functions.") (r: r) overlays
+    pkgs
+    ```
+
+    :::
   */
   throwIfNot = cond: msg: if cond then x: x else throw msg;
 
-  /*
+  /**
     Like throwIfNot, but negated (throw if the first argument is `true`).
 
-    Type: bool -> string -> a -> a
+
+    # Inputs
+
+    `cond`
+
+    : 1\. Function argument
+
+    `msg`
+
+    : 2\. Function argument
+
+    # Type
+
+    ```
+    bool -> string -> a -> a
+    ```
   */
   throwIf = cond: msg: if cond then throw msg else x: x;
 
-  /* Check if the elements in a list are valid values from a enum, returning the identity function, or throwing an error message otherwise.
+  /**
+    Check if the elements in a list are valid values from a enum, returning the identity function, or throwing an error message otherwise.
+
+
+    # Inputs
+
+    `msg`
 
-     Example:
-       let colorVariants = ["bright" "dark" "black"]
-       in checkListOfEnum "color variants" [ "standard" "light" "dark" ] colorVariants;
-       =>
-       error: color variants: bright, black unexpected; valid ones: standard, light, dark
+    : 1\. Function argument
 
-     Type: String -> List ComparableVal -> List ComparableVal -> a -> a
+    `valid`
+
+    : 2\. Function argument
+
+    `given`
+
+    : 3\. Function argument
+
+    # Type
+
+    ```
+    String -> List ComparableVal -> List ComparableVal -> a -> a
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.checkListOfEnum` usage example
+
+    ```nix
+    let colorVariants = ["bright" "dark" "black"]
+    in checkListOfEnum "color variants" [ "standard" "light" "dark" ] colorVariants;
+    =>
+    error: color variants: bright, black unexpected; valid ones: standard, light, dark
+    ```
+
+    :::
   */
   checkListOfEnum = msg: valid: given:
     let
@@ -410,15 +850,27 @@ in {
 
   ## Function annotations
 
-  /* Add metadata about expected function arguments to a function.
-     The metadata should match the format given by
-     builtins.functionArgs, i.e. a set from expected argument to a bool
-     representing whether that argument has a default or not.
-     setFunctionArgs : (a → b) → Map String Bool → (a → b)
+  /**
+    Add metadata about expected function arguments to a function.
+    The metadata should match the format given by
+    builtins.functionArgs, i.e. a set from expected argument to a bool
+    representing whether that argument has a default or not.
+    setFunctionArgs : (a → b) → Map String Bool → (a → b)
 
-     This function is necessary because you can't dynamically create a
-     function of the { a, b ? foo, ... }: format, but some facilities
-     like callPackage expect to be able to query expected arguments.
+    This function is necessary because you can't dynamically create a
+    function of the { a, b ? foo, ... }: format, but some facilities
+    like callPackage expect to be able to query expected arguments.
+
+
+    # Inputs
+
+    `f`
+
+    : 1\. Function argument
+
+    `args`
+
+    : 2\. Function argument
   */
   setFunctionArgs = f: args:
     { # TODO: Should we add call-time "type" checking like built in?
@@ -426,84 +878,133 @@ in {
       __functionArgs = args;
     };
 
-  /* Extract the expected function arguments from a function.
-     This works both with nix-native { a, b ? foo, ... }: style
-     functions and functions with args set with 'setFunctionArgs'. It
-     has the same return type and semantics as builtins.functionArgs.
-     setFunctionArgs : (a → b) → Map String Bool.
+  /**
+    Extract the expected function arguments from a function.
+    This works both with nix-native { a, b ? foo, ... }: style
+    functions and functions with args set with 'setFunctionArgs'. It
+    has the same return type and semantics as builtins.functionArgs.
+    setFunctionArgs : (a → b) → Map String Bool.
+
+
+    # Inputs
+
+    `f`
+
+    : 1\. Function argument
   */
   functionArgs = f:
     if f ? __functor
     then f.__functionArgs or (functionArgs (f.__functor f))
     else builtins.functionArgs f;
 
-  /* Check whether something is a function or something
-     annotated with function args.
+  /**
+    Check whether something is a function or something
+    annotated with function args.
+
+
+    # Inputs
+
+    `f`
+
+    : 1\. Function argument
   */
   isFunction = f: builtins.isFunction f ||
     (f ? __functor && isFunction (f.__functor f));
 
-  /*
+  /**
     `mirrorFunctionArgs f g` creates a new function `g'` with the same behavior as `g` (`g' x == g x`)
     but its function arguments mirroring `f` (`lib.functionArgs g' == lib.functionArgs f`).
 
-    Type:
-      mirrorFunctionArgs :: (a -> b) -> (a -> c) -> (a -> c)
-
-    Example:
-      addab = {a, b}: a + b
-      addab { a = 2; b = 4; }
-      => 6
-      lib.functionArgs addab
-      => { a = false; b = false; }
-      addab1 = attrs: addab attrs + 1
-      addab1 { a = 2; b = 4; }
-      => 7
-      lib.functionArgs addab1
-      => { }
-      addab1' = lib.mirrorFunctionArgs addab addab1
-      addab1' { a = 2; b = 4; }
-      => 7
-      lib.functionArgs addab1'
-      => { a = false; b = false; }
+
+    # Inputs
+
+    `f`
+
+    : Function to provide the argument metadata
+
+    `g`
+
+    : Function to set the argument metadata to
+
+    # Type
+
+    ```
+    mirrorFunctionArgs :: (a -> b) -> (a -> c) -> (a -> c)
+    ```
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.mirrorFunctionArgs` usage example
+
+    ```nix
+    addab = {a, b}: a + b
+    addab { a = 2; b = 4; }
+    => 6
+    lib.functionArgs addab
+    => { a = false; b = false; }
+    addab1 = attrs: addab attrs + 1
+    addab1 { a = 2; b = 4; }
+    => 7
+    lib.functionArgs addab1
+    => { }
+    addab1' = lib.mirrorFunctionArgs addab addab1
+    addab1' { a = 2; b = 4; }
+    => 7
+    lib.functionArgs addab1'
+    => { a = false; b = false; }
+    ```
+
+    :::
   */
   mirrorFunctionArgs =
-    # Function to provide the argument metadata
     f:
     let
       fArgs = functionArgs f;
     in
-    # Function to set the argument metadata to
     g:
     setFunctionArgs g fArgs;
 
-  /*
+  /**
     Turns any non-callable values into constant functions.
     Returns callable values as is.
 
-    Example:
 
-      nix-repl> lib.toFunction 1 2
-      1
+    # Inputs
+
+    `v`
+
+    : Any value
+
+
+    # Examples
+    :::{.example}
+    ## `lib.trivial.toFunction` usage example
+
+    ```nix
+    nix-repl> lib.toFunction 1 2
+    1
 
-      nix-repl> lib.toFunction (x: x + 1) 2
-      3
+    nix-repl> lib.toFunction (x: x + 1) 2
+    3
+    ```
+
+    :::
   */
   toFunction =
-    # Any value
     v:
     if isFunction v
     then v
     else k: v;
 
-  /* Convert the given positive integer to a string of its hexadecimal
-     representation. For example:
+  /**
+    Convert the given positive integer to a string of its hexadecimal
+    representation. For example:
 
-     toHexString 0 => "0"
+    toHexString 0 => "0"
 
-     toHexString 16 => "10"
+    toHexString 16 => "10"
 
-     toHexString 250 => "FA"
+    toHexString 250 => "FA"
   */
   toHexString = let
     hexDigits = {
@@ -520,14 +1021,26 @@ in {
       else hexDigits.${toString d};
   in i: lib.concatMapStrings toHexDigit (toBaseDigits 16 i);
 
-  /* `toBaseDigits base i` converts the positive integer i to a list of its
-     digits in the given base. For example:
+  /**
+    `toBaseDigits base i` converts the positive integer i to a list of its
+    digits in the given base. For example:
+
+    toBaseDigits 10 123 => [ 1 2 3 ]
+
+    toBaseDigits 2 6 => [ 1 1 0 ]
+
+    toBaseDigits 16 250 => [ 15 10 ]
+
+
+    # Inputs
+
+    `base`
 
-     toBaseDigits 10 123 => [ 1 2 3 ]
+    : 1\. Function argument
 
-     toBaseDigits 2 6 => [ 1 1 0 ]
+    `i`
 
-     toBaseDigits 16 250 => [ 15 10 ]
+    : 2\. Function argument
   */
   toBaseDigits = base: i:
     let
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 98d84131085b3..484973b938566 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -15046,6 +15046,12 @@
     github = "pennae";
     githubId = 82953136;
   };
+  perchun = {
+    name = "Perchun Pak";
+    email = "nixpkgs@perchun.it";
+    github = "PerchunPak";
+    githubId = 68118654;
+  };
   peret = {
     name = "Peter Retzlaff";
     github = "peret";
diff --git a/nixos/modules/services/desktop-managers/plasma6.nix b/nixos/modules/services/desktop-managers/plasma6.nix
index 1cb7a7ea778b2..6119987688240 100644
--- a/nixos/modules/services/desktop-managers/plasma6.nix
+++ b/nixos/modules/services/desktop-managers/plasma6.nix
@@ -252,6 +252,7 @@ in {
     services.xserver.displayManager.sddm = {
       package = kdePackages.sddm;
       theme = mkDefault "breeze";
+      wayland.compositor = "kwin";
       extraPackages = with kdePackages; [
         breeze-icons
         kirigami
diff --git a/nixos/modules/services/misc/etebase-server.nix b/nixos/modules/services/misc/etebase-server.nix
index 546d52b1a3b5f..6ec3807f0fb20 100644
--- a/nixos/modules/services/misc/etebase-server.nix
+++ b/nixos/modules/services/misc/etebase-server.nix
@@ -177,6 +177,7 @@ in
 
     systemd.tmpfiles.rules = [
       "d '${cfg.dataDir}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
+    ] ++ lib.optionals (cfg.unixSocket != null) [
       "d '${builtins.dirOf cfg.unixSocket}' - ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
     ];
 
diff --git a/nixos/modules/services/x11/display-managers/sddm.nix b/nixos/modules/services/x11/display-managers/sddm.nix
index 5b7f4bc58d80c..a315a3ebf3224 100644
--- a/nixos/modules/services/x11/display-managers/sddm.nix
+++ b/nixos/modules/services/x11/display-managers/sddm.nix
@@ -1,19 +1,24 @@
 { config, lib, pkgs, ... }:
 
-with lib;
 let
   xcfg = config.services.xserver;
   dmcfg = xcfg.displayManager;
   cfg = dmcfg.sddm;
   xEnv = config.systemd.services.display-manager.environment;
 
-  sddm = cfg.package.override(old: {
+  sddm = cfg.package.override (old: {
     withWayland = cfg.wayland.enable;
-    extraPackages = old.extraPackages or [] ++ cfg.extraPackages;
+    extraPackages = old.extraPackages or [ ] ++ cfg.extraPackages;
   });
 
   iniFmt = pkgs.formats.ini { };
 
+  inherit (lib)
+    concatMapStrings concatStringsSep getExe
+    attrNames getAttr optionalAttrs optionalString
+    mkRemovedOptionModule mkRenamedOptionModule mkIf mkEnableOption mkOption mkPackageOption types
+    ;
+
   xserverWrapper = pkgs.writeShellScript "xserver-wrapper" ''
     ${concatMapStrings (n: "export ${n}=\"${getAttr n xEnv}\"\n") (attrNames xEnv)}
     exec systemd-cat -t xserver-wrapper ${dmcfg.xserverBin} ${toString dmcfg.xserverArgs} "$@"
@@ -38,12 +43,21 @@ let
       DefaultSession = optionalString (dmcfg.defaultSession != null) "${dmcfg.defaultSession}.desktop";
 
       DisplayServer = if cfg.wayland.enable then "wayland" else "x11";
+    } // optionalAttrs (cfg.wayland.compositor == "kwin") {
+      GreeterEnvironment = concatStringsSep " " [
+        "LANG=C.UTF-8"
+        "QT_WAYLAND_SHELL_INTEGRATION=layer-shell"
+      ];
+      InputMethod = ""; # needed if we are using --inputmethod with kwin
     };
 
     Theme = {
       Current = cfg.theme;
       ThemeDir = "/run/current-system/sw/share/sddm/themes";
       FacesDir = "/run/current-system/sw/share/sddm/faces";
+    } // optionalAttrs (cfg.theme == "breeze") {
+      CursorTheme = "breeze_cursors";
+      CursorSize = 24;
     };
 
     Users = {
@@ -69,7 +83,7 @@ let
       SessionDir = "${dmcfg.sessionData.desktops}/share/wayland-sessions";
       CompositorCommand = lib.optionalString cfg.wayland.enable cfg.wayland.compositorCommand;
     };
-  } // lib.optionalAttrs dmcfg.autoLogin.enable {
+  } // optionalAttrs dmcfg.autoLogin.enable {
     Autologin = {
       User = dmcfg.autoLogin.user;
       Session = autoLoginSessionName;
@@ -83,6 +97,34 @@ let
   autoLoginSessionName =
     "${dmcfg.sessionData.autologinSession}.desktop";
 
+  compositorCmds = {
+    kwin = concatStringsSep " " [
+      "${lib.getBin pkgs.kdePackages.kwin}/bin/kwin_wayland"
+      "--no-global-shortcuts"
+      "--no-kactivities"
+      "--no-lockscreen"
+      "--locale1"
+    ];
+    # This is basically the upstream default, but with Weston referenced by full path
+    # and the configuration generated from NixOS options.
+    weston =
+      let
+        westonIni = (pkgs.formats.ini { }).generate "weston.ini" {
+          libinput = {
+            enable-tap = xcfg.libinput.mouse.tapping;
+            left-handed = xcfg.libinput.mouse.leftHanded;
+          };
+          keyboard = {
+            keymap_model = xcfg.xkb.model;
+            keymap_layout = xcfg.xkb.layout;
+            keymap_variant = xcfg.xkb.variant;
+            keymap_options = xcfg.xkb.options;
+          };
+        };
+      in
+      "${getExe pkgs.weston} --shell=kiosk -c ${westonIni}";
+  };
+
 in
 {
   imports = [
@@ -111,7 +153,7 @@ in
         '';
       };
 
-      package = mkPackageOption pkgs [ "plasma5Packages" "sddm" ] {};
+      package = mkPackageOption pkgs [ "plasma5Packages" "sddm" ] { };
 
       enableHidpi = mkOption {
         type = types.bool;
@@ -145,7 +187,7 @@ in
 
       extraPackages = mkOption {
         type = types.listOf types.package;
-        default = [];
+        default = [ ];
         defaultText = "[]";
         description = lib.mdDoc ''
           Extra Qt plugins / QML libraries to add to the environment.
@@ -206,24 +248,16 @@ in
       wayland = {
         enable = mkEnableOption "experimental Wayland support";
 
+        compositor = mkOption {
+          description = lib.mdDoc "The compositor to use: ${lib.concatStringsSep ", " (builtins.attrNames compositorCmds)}";
+          type = types.enum (builtins.attrNames compositorCmds);
+          default = "weston";
+        };
+
         compositorCommand = mkOption {
           type = types.str;
           internal = true;
-
-          # This is basically the upstream default, but with Weston referenced by full path
-          # and the configuration generated from NixOS options.
-          default = let westonIni = (pkgs.formats.ini {}).generate "weston.ini" {
-              libinput = {
-                enable-tap = xcfg.libinput.mouse.tapping;
-                left-handed = xcfg.libinput.mouse.leftHanded;
-              };
-              keyboard = {
-                keymap_model = xcfg.xkb.model;
-                keymap_layout = xcfg.xkb.layout;
-                keymap_variant = xcfg.xkb.variant;
-                keymap_options = xcfg.xkb.options;
-              };
-            }; in "${pkgs.weston}/bin/weston --shell=kiosk -c ${westonIni}";
+          default = compositorCmds.${cfg.wayland.compositor};
           description = lib.mdDoc "Command used to start the selected compositor";
         };
       };
@@ -247,8 +281,6 @@ in
       }
     ];
 
-    services.xserver.displayManager.job.execCmd = "exec /run/current-system/sw/bin/sddm";
-
     security.pam.services = {
       sddm.text = ''
         auth      substack      login
@@ -293,30 +325,41 @@ in
       uid = config.ids.uids.sddm;
     };
 
-    environment.etc."sddm.conf".source = cfgFile;
-    environment.pathsToLink = [
-      "/share/sddm"
-    ];
+    environment = {
+      etc."sddm.conf".source = cfgFile;
+      pathsToLink = [
+        "/share/sddm"
+      ];
+      systemPackages = [ sddm ];
+    };
 
     users.groups.sddm.gid = config.ids.gids.sddm;
 
-    environment.systemPackages = [ sddm ];
-    services.dbus.packages = [ sddm ];
-    systemd.tmpfiles.packages = [ sddm ];
-
-    # We're not using the upstream unit, so copy these: https://github.com/sddm/sddm/blob/develop/services/sddm.service.in
-    systemd.services.display-manager.after = [
-      "systemd-user-sessions.service"
-      "getty@tty7.service"
-      "plymouth-quit.service"
-      "systemd-logind.service"
-    ];
-    systemd.services.display-manager.conflicts = [
-      "getty@tty7.service"
-    ];
+    services = {
+      dbus.packages = [ sddm ];
+      xserver = {
+        displayManager.job.execCmd = "exec /run/current-system/sw/bin/sddm";
+        # To enable user switching, allow sddm to allocate TTYs/displays dynamically.
+        tty = null;
+        display = null;
+      };
+    };
 
-    # To enable user switching, allow sddm to allocate TTYs/displays dynamically.
-    services.xserver.tty = null;
-    services.xserver.display = null;
+    systemd = {
+      tmpfiles.packages = [ sddm ];
+
+      # We're not using the upstream unit, so copy these: https://github.com/sddm/sddm/blob/develop/services/sddm.service.in
+      services.display-manager = {
+        after = [
+          "systemd-user-sessions.service"
+          "getty@tty7.service"
+          "plymouth-quit.service"
+          "systemd-logind.service"
+        ];
+        conflicts = [
+          "getty@tty7.service"
+        ];
+      };
+    };
   };
 }
diff --git a/pkgs/applications/misc/1password/default.nix b/pkgs/applications/misc/1password/default.nix
index 895ba87f4f1e4..9e9465f9c6edd 100644
--- a/pkgs/applications/misc/1password/default.nix
+++ b/pkgs/applications/misc/1password/default.nix
@@ -12,12 +12,12 @@ let
     if extension == "zip" then fetchzip args else fetchurl args;
 
   pname = "1password-cli";
-  version = "2.25.1";
+  version = "2.26.0";
   sources = rec {
-    aarch64-linux = fetch "linux_arm64" "sha256-3LUfqTaLpJal/tjtRzTztm8H4wl1g4VSHWiFRukAqvE=" "zip";
-    i686-linux = fetch "linux_386" "sha256-QJu4SHfM4zzHP14MKaSydAeFCvAPa4wsMh+JvWGR7J4=" "zip";
-    x86_64-linux = fetch "linux_amd64" "sha256-erZCpCH5Q4VqGO045qKP5KAp07xKgMKrVrY54btT5BM=" "zip";
-    aarch64-darwin = fetch "apple_universal" "sha256-kOAbr5MrDylgEQGMYUDklKCNNkZalVfJBcUwSZSMFH0=" "pkg";
+    aarch64-linux = fetch "linux_arm64" "sha256-zWmWeAPtgSR8/3l40K4DPdMm0Pan+J1uNjUaEx+geO4=" "zip";
+    i686-linux = fetch "linux_386" "sha256-OOjAMfRTSW+RuD0PPosvxMIPJcPQQok5Wn209sa0tuU=" "zip";
+    x86_64-linux = fetch "linux_amd64" "sha256-RwdEeqBFNj5dgBsmC2fiDwUGFWhuqeEL7g60ogFEq1Y=" "zip";
+    aarch64-darwin = fetch "apple_universal" "sha256-pwXHax0DBx1UpVmwYytpSikt5xdKZJXrdqvjWyWdUBM=" "pkg";
     x86_64-darwin = aarch64-darwin;
   };
   platforms = builtins.attrNames sources;
diff --git a/pkgs/applications/networking/rymdport/default.nix b/pkgs/applications/networking/rymdport/default.nix
index 8f78701fb9e5e..7108b2306b79e 100644
--- a/pkgs/applications/networking/rymdport/default.nix
+++ b/pkgs/applications/networking/rymdport/default.nix
@@ -11,16 +11,16 @@
 
 buildGoModule rec {
   pname = "rymdport";
-  version = "3.5.2";
+  version = "3.5.3";
 
   src = fetchFromGitHub {
     owner = "Jacalz";
     repo = "rymdport";
     rev = "v${version}";
-    hash = "sha256-LTCr1OFh+1QQhXFNl9SoLPqEY0ERlLlWfSxRKjyyqPk=";
+    hash = "sha256-lCtFm360UeypzYpivlYXxuqZ0BzGzGkkq31dmgjwv4M=";
   };
 
-  vendorHash = "sha256-twXeLNWy/5wTaFb645mCeI5PzByEGj5aCWl6vO+qRLQ=";
+  vendorHash = "sha256-PXRy12JWYQQMMzh7jrEhquileY2oYFvqt8KZvrfp2o0=";
 
   nativeBuildInputs = [
     pkg-config
diff --git a/pkgs/applications/video/kodi/addons/inputstream-adaptive/default.nix b/pkgs/applications/video/kodi/addons/inputstream-adaptive/default.nix
index 49afbf8507b19..cb85df276412d 100644
--- a/pkgs/applications/video/kodi/addons/inputstream-adaptive/default.nix
+++ b/pkgs/applications/video/kodi/addons/inputstream-adaptive/default.nix
@@ -10,13 +10,13 @@ in
 buildKodiBinaryAddon rec {
   pname = "inputstream-adaptive";
   namespace = "inputstream.adaptive";
-  version = "20.3.16";
+  version = "20.3.18";
 
   src = fetchFromGitHub {
     owner = "xbmc";
     repo = "inputstream.adaptive";
     rev = "${version}-${rel}";
-    sha256 = "sha256-1OY+3pvpVW8rkj7HL84IECyHpAmWsUQ9mTzuGesH+jI=";
+    sha256 = "sha256-cjlUKrus4Dv48dCk6AlOgY2iZYTwT39tj2u7aq1P104=";
   };
 
   extraCMakeFlags = [
diff --git a/pkgs/applications/video/vdr/markad/default.nix b/pkgs/applications/video/vdr/markad/default.nix
index db273ba4ff047..28dad0200270a 100644
--- a/pkgs/applications/video/vdr/markad/default.nix
+++ b/pkgs/applications/video/vdr/markad/default.nix
@@ -19,12 +19,12 @@
 }:
 stdenv.mkDerivation rec {
   pname = "vdr-markad";
-  version = "3.4.12";
+  version = "3.4.13";
 
   src = fetchFromGitHub {
     repo = "vdr-plugin-markad";
     owner = "kfb77";
-    sha256 = "sha256-yc/zWMGzsfZl3n+Qt5Se2duo3jwntCWaYq1yACsrPzM=";
+    sha256 = "sha256-pDnziIWX6deBXuVIN7w6F6TdYDCcEO6MSaUIMB63uAg=";
     rev = "V${version}";
   };
 
diff --git a/pkgs/by-name/al/alt-tab-macos/package.nix b/pkgs/by-name/al/alt-tab-macos/package.nix
index d63dd91c05db3..98b2d3da2d25b 100644
--- a/pkgs/by-name/al/alt-tab-macos/package.nix
+++ b/pkgs/by-name/al/alt-tab-macos/package.nix
@@ -6,11 +6,11 @@
 
 stdenvNoCC.mkDerivation (finalAttrs: {
   pname = "alt-tab-macos";
-  version = "6.61.0";
+  version = "6.66.0";
 
   src = fetchurl {
     url = "https://github.com/lwouis/alt-tab-macos/releases/download/v${finalAttrs.version}/AltTab-${finalAttrs.version}.zip";
-    hash = "sha256-crmeYVeSmu5avNSd3dCbEeGnuqonh1HC5NnEOz8OB2U=";
+    hash = "sha256-mQ4tS9htL+X4lXqSe3L+mnwgVnHb3Zxyz6dgzmYHY9w=";
   };
 
   sourceRoot = ".";
diff --git a/pkgs/by-name/ce/cert-viewer/package.nix b/pkgs/by-name/ce/cert-viewer/package.nix
new file mode 100644
index 0000000000000..6fcead475a360
--- /dev/null
+++ b/pkgs/by-name/ce/cert-viewer/package.nix
@@ -0,0 +1,26 @@
+{ buildGoModule
+, fetchFromGitHub
+, lib
+}:
+
+buildGoModule rec {
+  pname = "cert-viewer";
+  version = "0.9.0";
+
+  src = fetchFromGitHub {
+    owner = "mgit-at";
+    repo = "cert-viewer";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-q4FLKH0ZA/79zLo7dt+CSOjfKyygTiQKSuungQTtue0=";
+  };
+
+  vendorHash = "sha256-55zDUAe5s+03/OnDcK1DqmMUpFO2sBaVjEk6vbrHgzY=";
+
+  meta = {
+    description = "Admin tool to view and inspect multiple x509 Certificates";
+    homepage = "https://github.com/mgit-at/cert-viewer";
+    license = lib.licenses.apsl20;
+    maintainers = [ lib.maintainers.mkg20001 ];
+    mainProgram = "cert-viewer";
+  };
+}
diff --git a/pkgs/by-name/gh/gh-copilot/package.nix b/pkgs/by-name/gh/gh-copilot/package.nix
new file mode 100644
index 0000000000000..42f0f489bdda4
--- /dev/null
+++ b/pkgs/by-name/gh/gh-copilot/package.nix
@@ -0,0 +1,59 @@
+{ stdenv
+, lib
+, fetchurl
+}:
+let
+  inherit (stdenv.hostPlatform) system;
+  throwSystem = throw "Unsupported system: ${system}";
+
+  systemToPlatform = {
+    "x86_64-linux" = {
+      name = "linux-amd64";
+      hash = "sha256-FKzvERcVYkyy1aNYHZIftC2WvSHRxFqSG/g7gpTTvoo=";
+    };
+    "aarch64-linux" = {
+      name = "linux-arm64";
+      hash = "sha256-4vX9On0upgfjM/IL/UzQj5ioeVnSsd2rUgIz6w4szZM=";
+    };
+    "x86_64-darwin" = {
+      name = "darwin-amd64";
+      hash = "sha256-W4ElKXsMo47dVRNJEnLzH2rpvkua56lj/NkJd3R8CCE=";
+    };
+    "aarch64-darwin" = {
+      name = "darwin-arm64";
+      hash = "sha256-F2OA66h/ptkjLZ2oQgkbZlDo31YDZzhk5Pre36TkHvI=";
+    };
+  };
+  platform = systemToPlatform.${system} or throwSystem;
+in
+stdenv.mkDerivation (finalAttrs: {
+  pname = "gh-copilot";
+  version = "0.5.4-beta";
+
+  src = fetchurl {
+    name = "gh-copilot";
+    url = "https://github.com/github/gh-copilot/releases/download/v${finalAttrs.version}/${platform.name}";
+    hash = platform.hash;
+  };
+
+  dontUnpack = true;
+
+  installPhase = ''
+    runHook preInstall
+
+    install -m755 -D $src $out/bin/gh-copilot
+
+    runHook postInstall
+  '';
+
+  meta = {
+    changelog = "https://github.com/github/gh-copilot/releases/tag/v${finalAttrs.version}";
+    description = "Ask for assistance right in your terminal.";
+    homepage = "https://github.com/github/gh-copilot";
+    license = lib.licenses.unfree;
+    mainProgram = "gh-copilot";
+    maintainers = with lib.maintainers; [ perchun ];
+    platforms = lib.attrNames systemToPlatform;
+    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
+  };
+})
diff --git a/pkgs/by-name/ja/jan/package.nix b/pkgs/by-name/ja/jan/package.nix
index 181a7006c24c7..76daa73b20e65 100644
--- a/pkgs/by-name/ja/jan/package.nix
+++ b/pkgs/by-name/ja/jan/package.nix
@@ -5,10 +5,10 @@
 
 let
   pname = "jan";
-  version = "0.4.8";
+  version = "0.4.9";
   src = fetchurl {
     url = "https://github.com/janhq/jan/releases/download/v${version}/jan-linux-x86_64-${version}.AppImage";
-    hash = "sha256-8Vi2KK+5Wk/K+RJZ0/cbRUb8L25WEiLdo5ay8+ichdw=";
+    hash = "sha256-6XnDrr+AkZH69zXf0OKdi8R6LoRWWMZNqWilZhLGynk=";
   };
 
   appimageContents = appimageTools.extractType2 { inherit pname version src; };
diff --git a/pkgs/development/ocaml-modules/eliom/default.nix b/pkgs/development/ocaml-modules/eliom/default.nix
index 48b9a153f5b3e..73f7c0aaccd20 100644
--- a/pkgs/development/ocaml-modules/eliom/default.nix
+++ b/pkgs/development/ocaml-modules/eliom/default.nix
@@ -1,6 +1,7 @@
 { buildDunePackage
 , lib
 , fetchFromGitHub
+, fetchpatch
 , which
 , ocsigen_server
 , lwt_react
@@ -26,6 +27,12 @@ buildDunePackage rec {
     hash = "sha256-REOyxwnQqWOKywVYwN/WP22cNKZv5Nv0OpFVbNBPJN8=";
   };
 
+  # Compatibility with tyxml 4.6.x
+  patches = fetchpatch {
+    url = "https://github.com/ocsigen/eliom/commit/9a6adcce3959a37b971890999331335d07f4f732.patch";
+    hash = "sha256-rgsqohSAHHljvag3c+HNGEgW9qwmqPq8qfTpX6vVKtg=";
+  };
+
   nativeBuildInputs = [
     which
   ];
diff --git a/pkgs/development/ocaml-modules/lwd/tyxml-lwd.nix b/pkgs/development/ocaml-modules/lwd/tyxml-lwd.nix
index 0832847be3d6b..0aad68fa5a0b0 100644
--- a/pkgs/development/ocaml-modules/lwd/tyxml-lwd.nix
+++ b/pkgs/development/ocaml-modules/lwd/tyxml-lwd.nix
@@ -1,12 +1,17 @@
-{ lib, fetchurl, buildDunePackage, js_of_ocaml, js_of_ocaml-ppx, lwd, tyxml }:
+{ lib, fetchurl, fetchpatch, buildDunePackage, js_of_ocaml, js_of_ocaml-ppx, lwd, tyxml }:
 
 buildDunePackage {
   pname = "tyxml-lwd";
 
   inherit (lwd) version src;
 
+  # Compatibility with latest Tyxml (4.6.x)
+  patches = fetchpatch {
+    url = "https://github.com/let-def/lwd/commit/7f3364ec593b5ccf0d0294b97bcd1e28e4164691.patch";
+    hash = "sha256-W1HjExZxDKRwsrB9ZTkvHTMKO0K5iZl+FrNqPs6BPGU=";
+  };
+
   minimalOCamlVersion = "4.08";
-  duneVersion = "3";
 
   buildInputs = [ js_of_ocaml-ppx ];
   propagatedBuildInputs = [ js_of_ocaml lwd tyxml ];
diff --git a/pkgs/development/ocaml-modules/ocsigen-start/default.nix b/pkgs/development/ocaml-modules/ocsigen-start/default.nix
index 3b26c28f53414..e9af3a27a756d 100644
--- a/pkgs/development/ocaml-modules/ocsigen-start/default.nix
+++ b/pkgs/development/ocaml-modules/ocsigen-start/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchFromGitHub, ocaml, findlib, ocsigen-toolkit, pgocaml_ppx, safepass, yojson
+{ stdenv, lib, fetchFromGitHub, fetchpatch, ocaml, findlib, ocsigen-toolkit, pgocaml_ppx, safepass, yojson
 , cohttp-lwt-unix, eliom
 , resource-pooling
 , ocsigen-ppx-rpc
@@ -14,7 +14,13 @@ stdenv.mkDerivation rec {
 
   strictDeps = true;
 
-  patches = [ ./templates-dir.patch ];
+  patches = [ ./templates-dir.patch
+    # Compatibility with tyxml 4.6.x
+    (fetchpatch {
+       url = "https://github.com/ocsigen/ocsigen-start/commit/0b70506f94fcb2e06cb65ce0d6a28b9b84c695f3.patch";
+       hash = "sha256-p/VvIu9reI8lc9lxWiTrjZvn46vuF00QInYuWPtRVyk=";
+    })
+  ];
 
   src = fetchFromGitHub {
     owner = "ocsigen";
diff --git a/pkgs/development/ocaml-modules/tyxml/default.nix b/pkgs/development/ocaml-modules/tyxml/default.nix
index c49327d7d3385..4cc5aa4cc42d7 100644
--- a/pkgs/development/ocaml-modules/tyxml/default.nix
+++ b/pkgs/development/ocaml-modules/tyxml/default.nix
@@ -2,13 +2,11 @@
 
 buildDunePackage rec {
   pname = "tyxml";
-  version = "4.5.0";
-
-  useDune2 = true;
+  version = "4.6.0";
 
   src = fetchurl {
     url = "https://github.com/ocsigen/tyxml/releases/download/${version}/tyxml-${version}.tbz";
-    sha256 = "0s30f72m457c3gbdmdwbx7ls9zg806nvm83aiz9qkpglbppwr6n6";
+    hash = "sha256-v+tnPGtOEgpOykxIRIrdR9w/jQLCtA9j/9zMTpHJAt0=";
   };
 
   propagatedBuildInputs = [ uutf re ];
diff --git a/pkgs/development/python-modules/boto3-stubs/default.nix b/pkgs/development/python-modules/boto3-stubs/default.nix
index d6c1756f275d9..18648dbeb8150 100644
--- a/pkgs/development/python-modules/boto3-stubs/default.nix
+++ b/pkgs/development/python-modules/boto3-stubs/default.nix
@@ -365,14 +365,14 @@
 
 buildPythonPackage rec {
   pname = "boto3-stubs";
-  version = "1.34.65";
+  version = "1.34.66";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-EF2koE3LXk3ckPIauLJKNCPs+stHdbjM04eVdOXc41g=";
+    hash = "sha256-oFemuSAJwZ/qDZvQFY1JQ9TB9IL/T62dDejLRJ9E5vc=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/botocore-stubs/default.nix b/pkgs/development/python-modules/botocore-stubs/default.nix
index 0eb05bbae616f..c0de8899a4b32 100644
--- a/pkgs/development/python-modules/botocore-stubs/default.nix
+++ b/pkgs/development/python-modules/botocore-stubs/default.nix
@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "botocore-stubs";
-  version = "1.34.65";
+  version = "1.34.66";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -17,7 +17,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "botocore_stubs";
     inherit version;
-    hash = "sha256-fFEK2yxv/uLipfGYwQMLuO3/ITbuVuRnKcAuo3skJKU=";
+    hash = "sha256-paoSQMPIzMYtQ5FjlZQ4lq+oE5ncXUIDEnzA/7og+Zk=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/datadog/default.nix b/pkgs/development/python-modules/datadog/default.nix
index c700bdd82b395..8b0b0956b89d3 100644
--- a/pkgs/development/python-modules/datadog/default.nix
+++ b/pkgs/development/python-modules/datadog/default.nix
@@ -16,14 +16,14 @@
 
 buildPythonPackage rec {
   pname = "datadog";
-  version = "0.49.0";
+  version = "0.49.1";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-rcHH/a6ntmQZvyDqsg2eWcMQbKouauHsUvJtECQPsiw=";
+    hash = "sha256-TLenmRr2ytuGj+RQzUVkc+ZfEfxni3189hBE/xxgdNg=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/etils/default.nix b/pkgs/development/python-modules/etils/default.nix
index b6990e50330f7..fd1d034138e95 100644
--- a/pkgs/development/python-modules/etils/default.nix
+++ b/pkgs/development/python-modules/etils/default.nix
@@ -28,14 +28,14 @@
 
 buildPythonPackage rec {
   pname = "etils";
-  version = "1.7.0";
+  version = "1.8.0";
   pyproject = true;
 
   disabled = pythonOlder "3.10";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-l7aP0l4YVoMhUobvOlTjgZm2JF9f6L5r7cEYm+QlY1A=";
+    hash = "sha256-+0ePV/7CAuJg5UyRkrMXaS/WPbLRHZk+cLzf+inMzVg=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/firebase-messaging/default.nix b/pkgs/development/python-modules/firebase-messaging/default.nix
index bc5a4d1dbdf7d..5acd1ff480225 100644
--- a/pkgs/development/python-modules/firebase-messaging/default.nix
+++ b/pkgs/development/python-modules/firebase-messaging/default.nix
@@ -1,40 +1,35 @@
 { lib
+, async-timeout
 , buildPythonPackage
-, fetchFromGitHub
-
-# build-system
-, poetry-core
-
-# dependencies
 , cryptography
+, fetchFromGitHub
 , http-ece
+, poetry-core
 , protobuf
+, pytest-asyncio
+, pytest-mock
+, pytestCheckHook
+, pythonOlder
 , requests
-
-# docs
+, requests-mock
 , sphinx
-, sphinxHook
 , sphinx-autodoc-typehints
 , sphinx-rtd-theme
-
-# tests
-, async-timeout
-, requests-mock
-, pytest-asyncio
-, pytest-mock
-, pytestCheckHook
+, sphinxHook
 }:
 
 buildPythonPackage rec {
   pname = "firebase-messaging";
-  version = "0.2.0";
+  version = "0.2.1";
   pyproject = true;
 
+  disabled = pythonOlder "3.8";
+
   src = fetchFromGitHub {
     owner = "sdb9696";
     repo = "firebase-messaging";
-    rev = version;
-    hash = "sha256-e3Ny3pnAfOpNERvvtE/jqSDIsM+YwLq/hbw753QpJ6o=";
+    rev = "refs/tags/${version}";
+    hash = "sha256-8e+S12ZMqAmK7OR7O45QsRa0UKQq6cngeaqz2ugi6iY=";
   };
 
   outputs = [
@@ -75,9 +70,9 @@ buildPythonPackage rec {
   ];
 
   meta = with lib; {
-    description = "A library to subscribe to GCM/FCM and receive notifications within a python application";
+    description = "Library to subscribe to GCM/FCM and receive notifications within a python application";
     homepage = "https://github.com/sdb9696/firebase-messaging";
-    changelog = "https://github.com/sdb9696/firebase-messaging/blob/${src.rev}/CHANGELOG.rst";
+    changelog = "https://github.com/sdb9696/firebase-messaging/releases/tag/${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ ];
   };
diff --git a/pkgs/development/python-modules/garminconnect/default.nix b/pkgs/development/python-modules/garminconnect/default.nix
index 861e2e788994c..3e039ec5aac9d 100644
--- a/pkgs/development/python-modules/garminconnect/default.nix
+++ b/pkgs/development/python-modules/garminconnect/default.nix
@@ -10,7 +10,7 @@
 
 buildPythonPackage rec {
   pname = "garminconnect";
-  version = "0.2.14";
+  version = "0.2.15";
   pyproject = true;
 
   disabled = pythonOlder "3.10";
@@ -19,7 +19,7 @@ buildPythonPackage rec {
     owner = "cyberjunky";
     repo = "python-garminconnect";
     rev = "refs/tags/${version}";
-    hash = "sha256-FytgckIu99ZKfmxJ0KU+fpbBEgszdp8iwK3SFCL9Ejs=";
+    hash = "sha256-N6PJLsT8BnjGaOLeohDo3ACOyVb/iOCw3LAXZMjwoyw=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/griffe/default.nix b/pkgs/development/python-modules/griffe/default.nix
index d0d8275392c14..0ae203f6331f3 100644
--- a/pkgs/development/python-modules/griffe/default.nix
+++ b/pkgs/development/python-modules/griffe/default.nix
@@ -12,7 +12,7 @@
 
 buildPythonPackage rec {
   pname = "griffe";
-  version = "0.42.0";
+  version = "0.42.1";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -21,7 +21,7 @@ buildPythonPackage rec {
     owner = "mkdocstrings";
     repo = "griffe";
     rev = "refs/tags/${version}";
-    hash = "sha256-gleVVwi2exSHz+u8zHhH3nF1duz7qDOpiZBm228ZsSs=";
+    hash = "sha256-KaD3j96FJJx43m/nfHa4kAft4FcDOdq+2dsiaMY7PPY=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/internetarchive/default.nix b/pkgs/development/python-modules/internetarchive/default.nix
index 0d711f2b59a7c..6df7a76dadd53 100644
--- a/pkgs/development/python-modules/internetarchive/default.nix
+++ b/pkgs/development/python-modules/internetarchive/default.nix
@@ -21,11 +21,10 @@ buildPythonPackage rec {
 
   disabled = pythonOlder "3.8";
 
-  # no tests data included in PyPI tarball
   src = fetchFromGitHub {
     owner = "jjjake";
     repo = "internetarchive";
-    rev = "v${version}";
+    rev = "refs/tags/v${version}";
     hash = "sha256-krMOjXzI9tmLGLEswXLLqc8J68Gwnl1VrRO2fLbDv0o=";
   };
 
diff --git a/pkgs/development/python-modules/k5test/default.nix b/pkgs/development/python-modules/k5test/default.nix
index aa7d1c172c678..dbab01e01a549 100644
--- a/pkgs/development/python-modules/k5test/default.nix
+++ b/pkgs/development/python-modules/k5test/default.nix
@@ -1,23 +1,24 @@
 { lib
+, stdenv
 , buildPythonPackage
 , pythonOlder
 , fetchPypi
 , substituteAll
 , findutils
 , krb5
-, stdenv
+, setuptools
 }:
 
 buildPythonPackage rec {
   pname = "k5test";
-  version = "0.10.3";
-  format = "setuptools";
+  version = "0.10.4";
+  pyproject = true;
 
-  disabled = pythonOlder "3.6";
+  disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-nJ3uvK1joxXoGDPUXp/RK/IBZmQ7iry5/29NaxhMVx8=";
+    hash = "sha256-4VJJHmYC9qk7PVM9OHvUWQ8kdgk7aEIXD/C5PeZL7zA=";
   };
 
   patches = [
@@ -29,16 +30,23 @@ buildPythonPackage rec {
     })
   ];
 
+  nativeBuildInputs = [
+    setuptools
+  ];
+
   # No tests
   doCheck = false;
 
-  pythonImportsCheck = [ "k5test" ];
+  pythonImportsCheck = [
+    "k5test"
+  ];
 
   meta = with lib; {
-    broken = stdenv.isDarwin;
     description = "Library for setting up self-contained Kerberos 5 environment";
     homepage = "https://github.com/pythongssapi/k5test";
+    changelog = "https://github.com/pythongssapi/k5test/releases/tag/v${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ ];
+    broken = stdenv.isDarwin;
   };
 }
diff --git a/pkgs/development/python-modules/litellm/default.nix b/pkgs/development/python-modules/litellm/default.nix
index c3ffb1c8bf147..3650ab3731bcd 100644
--- a/pkgs/development/python-modules/litellm/default.nix
+++ b/pkgs/development/python-modules/litellm/default.nix
@@ -33,7 +33,7 @@
 
 buildPythonPackage rec {
   pname = "litellm";
-  version = "1.32.1";
+  version = "1.32.4";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -42,7 +42,7 @@ buildPythonPackage rec {
     owner = "BerriAI";
     repo = "litellm";
     rev = "refs/tags/v${version}";
-    hash = "sha256-qIEAtgfzTiUK+HzsocIH3L7z0Wfah3C4GByaA89wvso=";
+    hash = "sha256-rAHh4oCOfK4uS1GY8TXOxGwe/kRJKIBh/O6kLxYm8Qs=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/llama-index-core/default.nix b/pkgs/development/python-modules/llama-index-core/default.nix
index 8a71591eb27d1..df6e3b92e2892 100644
--- a/pkgs/development/python-modules/llama-index-core/default.nix
+++ b/pkgs/development/python-modules/llama-index-core/default.nix
@@ -30,7 +30,7 @@
 
 buildPythonPackage rec {
   pname = "llama-index-core";
-  version = "0.10.18";
+  version = "0.10.20";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -39,7 +39,7 @@ buildPythonPackage rec {
     owner = "run-llama";
     repo = "llama_index";
     rev = "refs/tags/v${version}";
-    hash = "sha256-xNPvaXODY159x8Fl3HRdYCdYeFNIieX5TsLTfup8Dtg=";
+    hash = "sha256-F7k5gtmhFdn369Ws5PSJ/xTid6ONstoWPotk+DmDtLw=";
   };
 
   sourceRoot = "${src.name}/${pname}";
diff --git a/pkgs/development/python-modules/lnkparse3/default.nix b/pkgs/development/python-modules/lnkparse3/default.nix
index 255466a22b7c2..94fd7aaee1905 100644
--- a/pkgs/development/python-modules/lnkparse3/default.nix
+++ b/pkgs/development/python-modules/lnkparse3/default.nix
@@ -8,7 +8,7 @@
 
 buildPythonPackage rec {
   pname = "lnkparse3";
-  version = "1.3.3";
+  version = "1.4.0";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -17,7 +17,7 @@ buildPythonPackage rec {
     owner = "Matmaus";
     repo = "LnkParse3";
     rev = "refs/tags/v${version}";
-    hash = "sha256-Ej2Tv1RViHqm2z1EG/cAkImcvtJcwSc3I0DxIL/q8FI=";
+    hash = "sha256-aWMkLFbmikdj4mlAPpo0qrxfE8zgRcSV83aiws03XsQ=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/pontos/default.nix b/pkgs/development/python-modules/pontos/default.nix
index f1477f5b24247..8716316d5779e 100644
--- a/pkgs/development/python-modules/pontos/default.nix
+++ b/pkgs/development/python-modules/pontos/default.nix
@@ -18,7 +18,7 @@
 
 buildPythonPackage rec {
   pname = "pontos";
-  version = "24.3.1";
+  version = "24.3.2";
   pyproject = true;
 
   disabled = pythonOlder "3.9";
@@ -27,7 +27,7 @@ buildPythonPackage rec {
     owner = "greenbone";
     repo = "pontos";
     rev = "refs/tags/v${version}";
-    hash = "sha256-EYfhbIFD2p6ZZ4i6NCA22LS6mAZoJCJSYlTmRExWgw4=";
+    hash = "sha256-DXZDXipYBClqSdlTJsaPWaKr3qTiJ3osm3hHPp/MPow=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/pvlib/default.nix b/pkgs/development/python-modules/pvlib/default.nix
index 2c8894cbb11f7..986fd4ed8b4df 100644
--- a/pkgs/development/python-modules/pvlib/default.nix
+++ b/pkgs/development/python-modules/pvlib/default.nix
@@ -21,14 +21,14 @@
 
 buildPythonPackage rec {
   pname = "pvlib";
-  version = "0.10.3";
-  format = "pyproject";
+  version = "0.10.4";
+  pyproject = true;
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi{
     inherit pname version;
-    hash = "sha256-AkobUj1zpjMyNhLn8xWhcJzwbR/UP/CCGQH2akBostk=";
+    hash = "sha256-DF+ov+ixSjmjC/7+WmzwFksuvYKikSbbPZBqhNk5+HI=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/pychromecast/default.nix b/pkgs/development/python-modules/pychromecast/default.nix
index f5e6029e85603..5e4e971432edc 100644
--- a/pkgs/development/python-modules/pychromecast/default.nix
+++ b/pkgs/development/python-modules/pychromecast/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "pychromecast";
-  version = "14.0.0";
+  version = "14.0.1";
   pyproject = true;
 
   disabled = pythonOlder "3.11";
@@ -19,7 +19,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "PyChromecast";
     inherit version;
-    hash = "sha256-3E+LBS52CpeNqbJWi3kCDLea9gigJkZfB1RM/+Q5c88=";
+    hash = "sha256-4W4Kf5SIMZGRuLT6IcoL60vxLu2lyb9kAkEYjyvqCj4=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/pytenable/default.nix b/pkgs/development/python-modules/pytenable/default.nix
index 2810332d42bb0..0bf5ef3de39fe 100644
--- a/pkgs/development/python-modules/pytenable/default.nix
+++ b/pkgs/development/python-modules/pytenable/default.nix
@@ -20,7 +20,7 @@
 
 buildPythonPackage rec {
   pname = "pytenable";
-  version = "1.4.20";
+  version = "1.4.21";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -29,7 +29,7 @@ buildPythonPackage rec {
     owner = "tenable";
     repo = "pyTenable";
     rev = "refs/tags/${version}";
-    hash = "sha256-NiAv0zNITpKIQ2TarNoU4HwKuHm22LTu8pJUi0SDlfE=";
+    hash = "sha256-+P+6EmKpR+qlvLMgeg6iIxSx7jtC995v2eijkjJdc70=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/python-fsutil/default.nix b/pkgs/development/python-modules/python-fsutil/default.nix
index 5a347071f6201..c1c433ddd2db6 100644
--- a/pkgs/development/python-modules/python-fsutil/default.nix
+++ b/pkgs/development/python-modules/python-fsutil/default.nix
@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "python-fsutil";
-  version = "0.13.1";
+  version = "0.14.1";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -18,7 +18,7 @@ buildPythonPackage rec {
     owner = "fabiocaccamo";
     repo = "python-fsutil";
     rev = "refs/tags/${version}";
-    hash = "sha256-yY8hhw6uNKqrcj0geoQeGN/JCDJVja7pCPUHwoViL64=";
+    hash = "sha256-Cs78zpf3W5UZJkkUBEP6l6fi2J4OtJXGvqqQ8PWKx+8=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/sentry-sdk/default.nix b/pkgs/development/python-modules/sentry-sdk/default.nix
index f15096a8e430f..f225853368b5c 100644
--- a/pkgs/development/python-modules/sentry-sdk/default.nix
+++ b/pkgs/development/python-modules/sentry-sdk/default.nix
@@ -38,7 +38,7 @@
 
 buildPythonPackage rec {
   pname = "sentry-sdk";
-  version = "1.41.0";
+  version = "1.42.0";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
@@ -47,7 +47,7 @@ buildPythonPackage rec {
     owner = "getsentry";
     repo = "sentry-python";
     rev = "refs/tags/${version}";
-    hash = "sha256-eoHoUW3cXxdGeWpo/0kBIfVkLECrnKA2wtobe3GeU2Q=";
+    hash = "sha256-LZn7oWwKdHi/KScitFnNDX7pI92mNkC6niGP+BixjtA=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/signify/default.nix b/pkgs/development/python-modules/signify/default.nix
index a1924902fe8ef..1c7f503d33c12 100644
--- a/pkgs/development/python-modules/signify/default.nix
+++ b/pkgs/development/python-modules/signify/default.nix
@@ -3,7 +3,6 @@
 , buildPythonPackage
 , certvalidator
 , fetchFromGitHub
-, fetchpatch2
 , mscerts
 , oscrypto
 , pyasn1
@@ -11,30 +10,23 @@
 , pytestCheckHook
 , pythonOlder
 , setuptools
+, typing-extensions
 }:
 
 buildPythonPackage rec {
   pname = "signify";
-  version = "0.5.2";
+  version = "0.6.0";
   pyproject = true;
 
-  disabled = pythonOlder "3.6";
+  disabled = pythonOlder "3.8";
 
   src = fetchFromGitHub {
     owner = "ralphje";
     repo = "signify";
     rev = "refs/tags/v${version}";
-    hash = "sha256-+UhZF+QYuv8pq/sTu7GDPUrlPNNixFgVZL+L0ulj/ko=";
+    hash = "sha256-29SyzqtZ1cI+1xrSPLFr63vwB5st/9i5b3FYtJn6eok=";
   };
 
-  patches = [
-    # https://github.com/ralphje/signify/pull/42
-    (fetchpatch2 {
-      url = "https://github.com/ralphje/signify/commit/38cad57bf86f7498259b47bfef1354aec27c0955.patch";
-      hash = "sha256-dLmHSlj2Cj6jbbrZStgK2Rh/H5vOaIbi5lut5RAbd+s=";
-    })
-  ];
-
   nativeBuildInputs = [
     setuptools
   ];
@@ -46,6 +38,7 @@ buildPythonPackage rec {
     oscrypto
     pyasn1
     pyasn1-modules
+    typing-extensions
   ];
 
   pythonImportsCheck = [
diff --git a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix
index 19cd3956aa5d5..24a7848417f67 100644
--- a/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix
+++ b/pkgs/development/python-modules/tencentcloud-sdk-python/default.nix
@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "tencentcloud-sdk-python";
-  version = "3.0.1111";
+  version = "3.0.1112";
   pyproject = true;
 
   disabled = pythonOlder "3.9";
@@ -18,7 +18,7 @@ buildPythonPackage rec {
     owner = "TencentCloud";
     repo = "tencentcloud-sdk-python";
     rev = "refs/tags/${version}";
-    hash = "sha256-CM544yVoUH4nHE6UwPfVxZE2+P+wHLBtKMM9QWpda9A=";
+    hash = "sha256-icfRs0+ljMx7YoViRKPyPK8Kp8Zx3dp0aiKxw8yYrUs=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/tools/ammonite/default.nix b/pkgs/development/tools/ammonite/default.nix
index 39f69f402b94c..aa38d17cda6b8 100644
--- a/pkgs/development/tools/ammonite/default.nix
+++ b/pkgs/development/tools/ammonite/default.nix
@@ -7,7 +7,7 @@ let
   common = { scalaVersion, sha256 }:
     stdenv.mkDerivation rec {
       pname = "ammonite";
-      version = "2.5.3";
+      version = "3.0.0-M1";
 
       src = fetchurl {
         url =
@@ -82,10 +82,10 @@ let
 in {
   ammonite_2_12 = common {
     scalaVersion = "2.12";
-    sha256 = "sha256-Iov55ohFjcGhur5UEng7aAZJPVua1H/JaKKW6OKS6Zg=";
+    sha256 = "sha256-SlweOVHudknbInM4rfEPJ9bLd3Z/EImLhVLzeKfjfMQ=";
   };
   ammonite_2_13 = common {
     scalaVersion = "2.13";
-    sha256 = "sha256-dzUhKUQDHrYZ4WyCk4z4CTxb6vK05qfApR/WPOwhA5s=";
+    sha256 = "sha256-2BydXmF6AkWDdG5rbRLD2I/6z3w3UD0dCd5Tp+3lU7c=";
   };
 }
diff --git a/pkgs/development/tools/mongosh/package-lock.json b/pkgs/development/tools/mongosh/package-lock.json
index 572c3dbff7d53..f0fae4c8e2451 100644
--- a/pkgs/development/tools/mongosh/package-lock.json
+++ b/pkgs/development/tools/mongosh/package-lock.json
@@ -1,15 +1,15 @@
 {
   "name": "mongosh",
-  "version": "2.2.0",
+  "version": "2.2.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "mongosh",
-      "version": "2.2.0",
+      "version": "2.2.1",
       "license": "Apache-2.0",
       "dependencies": {
-        "@mongosh/cli-repl": "2.2.0"
+        "@mongosh/cli-repl": "2.2.1"
       },
       "bin": {
         "mongosh": "bin/mongosh.js"
@@ -670,39 +670,39 @@
       }
     },
     "node_modules/@babel/code-frame": {
-      "version": "7.23.5",
-      "resolved": "https://registry.npmmirror.com/@babel/code-frame/-/code-frame-7.23.5.tgz",
-      "integrity": "sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==",
+      "version": "7.24.2",
+      "resolved": "https://registry.npmmirror.com/@babel/code-frame/-/code-frame-7.24.2.tgz",
+      "integrity": "sha512-y5+tLQyV8pg3fsiln67BVLD1P13Eg4lh5RW9mF0zUuvLrv9uIQ4MCL+CRT+FTsBlBjcIan6PGsLcBN0m3ClUyQ==",
       "dependencies": {
-        "@babel/highlight": "^7.23.4",
-        "chalk": "^2.4.2"
+        "@babel/highlight": "^7.24.2",
+        "picocolors": "^1.0.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/compat-data": {
-      "version": "7.23.5",
-      "resolved": "https://registry.npmmirror.com/@babel/compat-data/-/compat-data-7.23.5.tgz",
-      "integrity": "sha512-uU27kfDRlhfKl+w1U6vp16IuvSLtjAxdArVXPa9BvLkrr7CYIsxH5adpHObeAGY/41+syctUWOZ140a2Rvkgjw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/compat-data/-/compat-data-7.24.1.tgz",
+      "integrity": "sha512-Pc65opHDliVpRHuKfzI+gSA4zcgr65O4cl64fFJIWEEh8JoHIHh0Oez1Eo8Arz8zq/JhgKodQaxEwUPRtZylVA==",
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/core": {
-      "version": "7.24.0",
-      "resolved": "https://registry.npmmirror.com/@babel/core/-/core-7.24.0.tgz",
-      "integrity": "sha512-fQfkg0Gjkza3nf0c7/w6Xf34BW4YvzNfACRLmmb7XRLa6XHdR+K9AlJlxneFfWYf6uhOzuzZVTjF/8KfndZANw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/core/-/core-7.24.1.tgz",
+      "integrity": "sha512-F82udohVyIgGAY2VVj/g34TpFUG606rumIHjTfVbssPg2zTR7PuuEpZcX8JA6sgBfIYmJrFtWgPvHQuJamVqZQ==",
       "dependencies": {
         "@ampproject/remapping": "^2.2.0",
-        "@babel/code-frame": "^7.23.5",
-        "@babel/generator": "^7.23.6",
+        "@babel/code-frame": "^7.24.1",
+        "@babel/generator": "^7.24.1",
         "@babel/helper-compilation-targets": "^7.23.6",
         "@babel/helper-module-transforms": "^7.23.3",
-        "@babel/helpers": "^7.24.0",
-        "@babel/parser": "^7.24.0",
+        "@babel/helpers": "^7.24.1",
+        "@babel/parser": "^7.24.1",
         "@babel/template": "^7.24.0",
-        "@babel/traverse": "^7.24.0",
+        "@babel/traverse": "^7.24.1",
         "@babel/types": "^7.24.0",
         "convert-source-map": "^2.0.0",
         "debug": "^4.1.0",
@@ -723,13 +723,13 @@
       }
     },
     "node_modules/@babel/generator": {
-      "version": "7.23.6",
-      "resolved": "https://registry.npmmirror.com/@babel/generator/-/generator-7.23.6.tgz",
-      "integrity": "sha512-qrSfCYxYQB5owCmGLbl8XRpX1ytXlpueOb0N0UmQwA073KZxejgQTzAmJezxvpwQD9uGtK2shHdi55QT+MbjIw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/generator/-/generator-7.24.1.tgz",
+      "integrity": "sha512-DfCRfZsBcrPEHUfuBMgbJ1Ut01Y/itOs+hY2nFLgqsqXd52/iSiVq5TITtUasIUgm+IIKdY2/1I7auiQOEeC9A==",
       "dependencies": {
-        "@babel/types": "^7.23.6",
-        "@jridgewell/gen-mapping": "^0.3.2",
-        "@jridgewell/trace-mapping": "^0.3.17",
+        "@babel/types": "^7.24.0",
+        "@jridgewell/gen-mapping": "^0.3.5",
+        "@jridgewell/trace-mapping": "^0.3.25",
         "jsesc": "^2.5.1"
       },
       "engines": {
@@ -791,11 +791,11 @@
       }
     },
     "node_modules/@babel/helper-module-imports": {
-      "version": "7.22.15",
-      "resolved": "https://registry.npmmirror.com/@babel/helper-module-imports/-/helper-module-imports-7.22.15.tgz",
-      "integrity": "sha512-0pYVBnDKZO2fnSPCrgM/6WMc7eS20Fbok+0r88fp+YtWVLZrp4CkafFGIp+W0VKw4a22sgebPT99y+FDNMdP4w==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/helper-module-imports/-/helper-module-imports-7.24.1.tgz",
+      "integrity": "sha512-HfEWzysMyOa7xI5uQHc/OcZf67/jc+xe/RZlznWQHhbb8Pg1SkRdbK4yEi61aY8wxQA7PkSfoojtLQP/Kpe3og==",
       "dependencies": {
-        "@babel/types": "^7.22.15"
+        "@babel/types": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -850,9 +850,9 @@
       }
     },
     "node_modules/@babel/helper-string-parser": {
-      "version": "7.23.4",
-      "resolved": "https://registry.npmmirror.com/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz",
-      "integrity": "sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/helper-string-parser/-/helper-string-parser-7.24.1.tgz",
+      "integrity": "sha512-2ofRCjnnA9y+wk8b9IAREroeUP02KHp431N2mhKniy2yKIDKpbrHv9eXwm8cBeWQYcJmzv5qKCu65P47eCF7CQ==",
       "engines": {
         "node": ">=6.9.0"
       }
@@ -874,12 +874,12 @@
       }
     },
     "node_modules/@babel/helpers": {
-      "version": "7.24.0",
-      "resolved": "https://registry.npmmirror.com/@babel/helpers/-/helpers-7.24.0.tgz",
-      "integrity": "sha512-ulDZdc0Aj5uLc5nETsa7EPx2L7rM0YJM8r7ck7U73AXi7qOV44IHHRAYZHY6iU1rr3C5N4NtTmMRUJP6kwCWeA==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/helpers/-/helpers-7.24.1.tgz",
+      "integrity": "sha512-BpU09QqEe6ZCHuIHFphEFgvNSrubve1FtyMton26ekZ85gRGi6LrTF7zArARp2YvyFxloeiRmtSCq5sjh1WqIg==",
       "dependencies": {
         "@babel/template": "^7.24.0",
-        "@babel/traverse": "^7.24.0",
+        "@babel/traverse": "^7.24.1",
         "@babel/types": "^7.24.0"
       },
       "engines": {
@@ -887,22 +887,23 @@
       }
     },
     "node_modules/@babel/highlight": {
-      "version": "7.23.4",
-      "resolved": "https://registry.npmmirror.com/@babel/highlight/-/highlight-7.23.4.tgz",
-      "integrity": "sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==",
+      "version": "7.24.2",
+      "resolved": "https://registry.npmmirror.com/@babel/highlight/-/highlight-7.24.2.tgz",
+      "integrity": "sha512-Yac1ao4flkTxTteCDZLEvdxg2fZfz1v8M4QpaGypq/WPDqg3ijHYbDfs+LG5hvzSoqaSZ9/Z9lKSP3CjZjv+pA==",
       "dependencies": {
         "@babel/helper-validator-identifier": "^7.22.20",
         "chalk": "^2.4.2",
-        "js-tokens": "^4.0.0"
+        "js-tokens": "^4.0.0",
+        "picocolors": "^1.0.0"
       },
       "engines": {
         "node": ">=6.9.0"
       }
     },
     "node_modules/@babel/parser": {
-      "version": "7.24.0",
-      "resolved": "https://registry.npmmirror.com/@babel/parser/-/parser-7.24.0.tgz",
-      "integrity": "sha512-QuP/FxEAzMSjXygs8v4N9dvdXzEHN4W1oF3PxuWAtPo08UdM17u89RDMgjLn/mlc56iM0HlLmVkO/wgR+rDgHg==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/parser/-/parser-7.24.1.tgz",
+      "integrity": "sha512-Zo9c7N3xdOIQrNip7Lc9wvRPzlRtovHVE4lkz8WEDr7uYh/GMQhSiIgFxGIArRHYdJE5kxtZjAf8rT0xhdLCzg==",
       "bin": {
         "parser": "bin/babel-parser.js"
       },
@@ -911,11 +912,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-destructuring": {
-      "version": "7.23.3",
-      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.23.3.tgz",
-      "integrity": "sha512-n225npDqjDIr967cMScVKHXJs7rout1q+tt50inyBCPkyZ8KxeI6d+GIbSBTT/w/9WdlWDOej3V9HE5Lgk57gw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-destructuring/-/plugin-transform-destructuring-7.24.1.tgz",
+      "integrity": "sha512-ow8jciWqNxR3RYbSNVuF4U2Jx130nwnBnhRw6N6h1bOejNkABmcI5X5oz29K4alWX7vf1C+o6gtKXikzRKkVdw==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.22.5"
+        "@babel/helper-plugin-utils": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -925,11 +926,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-parameters": {
-      "version": "7.23.3",
-      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.23.3.tgz",
-      "integrity": "sha512-09lMt6UsUb3/34BbECKVbVwrT9bO6lILWln237z7sLaWnMsTi7Yc9fhX5DLpkJzAGfaReXI22wP41SZmnAA3Vw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-parameters/-/plugin-transform-parameters-7.24.1.tgz",
+      "integrity": "sha512-8Jl6V24g+Uw5OGPeWNKrKqXPDw2YDjLc53ojwfMcKwlEoETKU9rU0mHUtcg9JntWI/QYzGAXNWEcVHZ+fR+XXg==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.22.5"
+        "@babel/helper-plugin-utils": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -939,11 +940,11 @@
       }
     },
     "node_modules/@babel/plugin-transform-shorthand-properties": {
-      "version": "7.23.3",
-      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.23.3.tgz",
-      "integrity": "sha512-ED2fgqZLmexWiN+YNFX26fx4gh5qHDhn1O2gvEhreLW2iI63Sqm4llRLCXALKrCnbN4Jy0VcMQZl/SAzqug/jg==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/plugin-transform-shorthand-properties/-/plugin-transform-shorthand-properties-7.24.1.tgz",
+      "integrity": "sha512-LyjVB1nsJ6gTTUKRjRWx9C1s9hE7dLfP/knKdrfeH9UPtAGjYGgxIbFfx7xyLIEWs7Xe1Gnf8EWiUqfjLhInZA==",
       "dependencies": {
-        "@babel/helper-plugin-utils": "^7.22.5"
+        "@babel/helper-plugin-utils": "^7.24.0"
       },
       "engines": {
         "node": ">=6.9.0"
@@ -966,17 +967,17 @@
       }
     },
     "node_modules/@babel/traverse": {
-      "version": "7.24.0",
-      "resolved": "https://registry.npmmirror.com/@babel/traverse/-/traverse-7.24.0.tgz",
-      "integrity": "sha512-HfuJlI8qq3dEDmNU5ChzzpZRWq+oxCZQyMzIMEqLho+AQnhMnKQUzH6ydo3RBl/YjPCuk68Y6s0Gx0AeyULiWw==",
+      "version": "7.24.1",
+      "resolved": "https://registry.npmmirror.com/@babel/traverse/-/traverse-7.24.1.tgz",
+      "integrity": "sha512-xuU6o9m68KeqZbQuDt2TcKSxUw/mrsvavlEqQ1leZ/B+C9tk6E4sRWy97WaXgvq5E+nU3cXMxv3WKOCanVMCmQ==",
       "dependencies": {
-        "@babel/code-frame": "^7.23.5",
-        "@babel/generator": "^7.23.6",
+        "@babel/code-frame": "^7.24.1",
+        "@babel/generator": "^7.24.1",
         "@babel/helper-environment-visitor": "^7.22.20",
         "@babel/helper-function-name": "^7.23.0",
         "@babel/helper-hoist-variables": "^7.22.5",
         "@babel/helper-split-export-declaration": "^7.22.6",
-        "@babel/parser": "^7.24.0",
+        "@babel/parser": "^7.24.1",
         "@babel/types": "^7.24.0",
         "debug": "^4.3.1",
         "globals": "^11.1.0"
@@ -1167,12 +1168,12 @@
       }
     },
     "node_modules/@mongosh/arg-parser": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/arg-parser/-/arg-parser-2.2.0.tgz",
-      "integrity": "sha512-PAgpZJG8g2PRv79PHdsdODzX7+rKlsCqNJYcPseUbYydRzHH5qSVf1LGX/69eqEmwDBC7cNZ3iGNO83vnl8PIg==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/arg-parser/-/arg-parser-2.2.1.tgz",
+      "integrity": "sha512-qz/RDf0go1irs/c/B5ZjN1OwPNplm8cQJU8eB037NVg0jCuDn/V+ERw3cSkinYdN1iZgLDtE/l3rgmEvkxz9Yg==",
       "dependencies": {
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/i18n": "2.2.0",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/i18n": "2.2.1",
         "mongodb-connection-string-url": "^3.0.0"
       },
       "engines": {
@@ -1180,9 +1181,9 @@
       }
     },
     "node_modules/@mongosh/async-rewriter2": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/async-rewriter2/-/async-rewriter2-2.2.0.tgz",
-      "integrity": "sha512-4f+FXDbeHusbpss4M2sAao8i/qyJEbqP7YZbEqcDMtuogQKIpy+8KAjG3VQNR+qzgCDYh1E0INCyibIOIlrkkw==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/async-rewriter2/-/async-rewriter2-2.2.1.tgz",
+      "integrity": "sha512-xlSoweQUlX5nwW2FTOssQPpoJGZX1gZhfkaZ8qoanUdUMGDN+FfwjhUxMf8vUlOP8s899PUqDktCfc4UYo31mQ==",
       "dependencies": {
         "@babel/core": "^7.22.8",
         "@babel/plugin-transform-destructuring": "^7.22.5",
@@ -1199,12 +1200,12 @@
       }
     },
     "node_modules/@mongosh/autocomplete": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/autocomplete/-/autocomplete-2.2.0.tgz",
-      "integrity": "sha512-jbiXkq2ZYeNnQS31QFiNpUvfJtBDu0wyli7KLcu+BUG0JIK68z9zgsQzHxzDlY9J+dR/PUJ1ueiJQP5Sp9q3lA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/autocomplete/-/autocomplete-2.2.1.tgz",
+      "integrity": "sha512-M02TfYQvIXy7HWWXT36aEvZ/LfkurET4F1M7y4J9aVb5GL6j3pkSmubOjJNzwkt9vEIJlHFlJFQfPDgq5DWFUA==",
       "dependencies": {
         "@mongodb-js/mongodb-constants": "^0.8.10",
-        "@mongosh/shell-api": "2.2.0",
+        "@mongosh/shell-api": "2.2.1",
         "semver": "^7.5.4"
       },
       "engines": {
@@ -1212,25 +1213,25 @@
       }
     },
     "node_modules/@mongosh/cli-repl": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/cli-repl/-/cli-repl-2.2.0.tgz",
-      "integrity": "sha512-hnw4tYReRYrOrryrZXjNYjn2yAnqMvrgGj8j/xLjbONJF60qq5l0ZF5RLjP8Qpst8fyIP5YhI+OSID7KFK8/iA==",
-      "dependencies": {
-        "@mongosh/arg-parser": "2.2.0",
-        "@mongosh/autocomplete": "2.2.0",
-        "@mongosh/editor": "2.2.0",
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/history": "2.2.0",
-        "@mongosh/i18n": "2.2.0",
-        "@mongosh/import-node-fetch": "2.2.0",
-        "@mongosh/js-multiline-to-singleline": "2.2.0",
-        "@mongosh/logging": "2.2.0",
-        "@mongosh/service-provider-core": "2.2.0",
-        "@mongosh/service-provider-server": "2.2.0",
-        "@mongosh/shell-api": "2.2.0",
-        "@mongosh/shell-evaluator": "2.2.0",
-        "@mongosh/snippet-manager": "2.2.0",
-        "@mongosh/types": "2.2.0",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/cli-repl/-/cli-repl-2.2.1.tgz",
+      "integrity": "sha512-KrnRS5IzdIvWG46n274Ay2c9ZhiMJqJryExNjs00H56VjepGq2HY7hop3U9vY31eQ/s+xLjzChR9qNJ+2E9WwA==",
+      "dependencies": {
+        "@mongosh/arg-parser": "2.2.1",
+        "@mongosh/autocomplete": "2.2.1",
+        "@mongosh/editor": "2.2.1",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/history": "2.2.1",
+        "@mongosh/i18n": "2.2.1",
+        "@mongosh/import-node-fetch": "2.2.1",
+        "@mongosh/js-multiline-to-singleline": "2.2.1",
+        "@mongosh/logging": "2.2.1",
+        "@mongosh/service-provider-core": "2.2.1",
+        "@mongosh/service-provider-server": "2.2.1",
+        "@mongosh/shell-api": "2.2.1",
+        "@mongosh/shell-evaluator": "2.2.1",
+        "@mongosh/snippet-manager": "2.2.1",
+        "@mongosh/types": "2.2.1",
         "@segment/analytics-node": "^1.3.0",
         "ansi-escape-sequences": "^5.1.2",
         "askcharacter": "^1.0.0",
@@ -1261,15 +1262,15 @@
       }
     },
     "node_modules/@mongosh/editor": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/editor/-/editor-2.2.0.tgz",
-      "integrity": "sha512-ffjObGg7N2R6JnJDc8lN89IlWVlv8X18pMLwiGbBID4nAyrY+QF/jzie50tqIXx4fenNuk3be610+bi8geddZA==",
-      "dependencies": {
-        "@mongosh/js-multiline-to-singleline": "2.2.0",
-        "@mongosh/service-provider-core": "2.2.0",
-        "@mongosh/shell-api": "2.2.0",
-        "@mongosh/shell-evaluator": "2.2.0",
-        "@mongosh/types": "2.2.0",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/editor/-/editor-2.2.1.tgz",
+      "integrity": "sha512-z0nxSIVvCiR+kG2md24diMNou/9NBQvhn5334OeGyNk6y3/EEp52VN9Grmk9HL70d1tfr0A8F7c3kUpwJ6Q3XQ==",
+      "dependencies": {
+        "@mongosh/js-multiline-to-singleline": "2.2.1",
+        "@mongosh/service-provider-core": "2.2.1",
+        "@mongosh/shell-api": "2.2.1",
+        "@mongosh/shell-evaluator": "2.2.1",
+        "@mongosh/types": "2.2.1",
         "js-beautify": "^1.14.0"
       },
       "engines": {
@@ -1277,17 +1278,17 @@
       }
     },
     "node_modules/@mongosh/errors": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/errors/-/errors-2.2.0.tgz",
-      "integrity": "sha512-ba4qrge333fj5h4dpHG+zuBBSNK5bR0821uxC3/BEOUWkOLaOI666bNzbS2CgLjlSL/jqjdL9mT+aFdHY7Borw==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/errors/-/errors-2.2.1.tgz",
+      "integrity": "sha512-pwBI8Bv1KWYUSBoY2gh48dzvabCH8WlWYfo3Kzci7DPVK1vOccZpzr4PZony6ajvJ0KUswGGSaRFVdS54lO9QA==",
       "engines": {
         "node": ">=14.15.1"
       }
     },
     "node_modules/@mongosh/history": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/history/-/history-2.2.0.tgz",
-      "integrity": "sha512-y5prhR0TVb0sgCpoAsjaPORg1e1qiDK8ssmHfi6KiYTnDMJ7PP4TXEMQc4AJTQlBDUyK6zpJYIxJKU9FQSLuJw==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/history/-/history-2.2.1.tgz",
+      "integrity": "sha512-AfqtzjrfvJl0EwM3co4fTYGs12E76WUOfJbRejaBI1aLZZ7h36cjQjOG0bAckEuPYRw0sygkql5X0DLjZHDB/A==",
       "dependencies": {
         "mongodb-connection-string-url": "^3.0.0",
         "mongodb-redact": "^0.2.2"
@@ -1297,11 +1298,11 @@
       }
     },
     "node_modules/@mongosh/i18n": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/i18n/-/i18n-2.2.0.tgz",
-      "integrity": "sha512-sQ+t17PRrgdMl7dFwWXeyqjYQO4AYT7Mt/tIqqtWkfF7LyCb4FE04/UF5CX3PLUQLWOjXL5rl6jePSiZ97skNw==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/i18n/-/i18n-2.2.1.tgz",
+      "integrity": "sha512-ZbWV4Sykz4WIsLLGq9MfKR5baNXo5caM2pdBFVF6fwJMOcR87meBFcQ3SkbI7ZKezrMaQi/o9l6o6amI0vr2Rg==",
       "dependencies": {
-        "@mongosh/errors": "2.2.0",
+        "@mongosh/errors": "2.2.1",
         "mustache": "^4.0.0"
       },
       "engines": {
@@ -1309,9 +1310,9 @@
       }
     },
     "node_modules/@mongosh/import-node-fetch": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/import-node-fetch/-/import-node-fetch-2.2.0.tgz",
-      "integrity": "sha512-ZKXzawFdYqiBslTWCO106rNXBQEr/oKFx2JysTMy5BDzKJILfz06whgKIEAQOLVmW8IbHy+UYfKSFR4++tz++A==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/import-node-fetch/-/import-node-fetch-2.2.1.tgz",
+      "integrity": "sha512-rN9BBe3Z/zhnNjTc4cBYpt4oDa+JS7Th5grg/rYurb6Bs8f68Rzn1BTDACix7jzzHM6pVtptuk+b2QXIb2sAlw==",
       "dependencies": {
         "node-fetch": "^3.3.2"
       },
@@ -1320,9 +1321,9 @@
       }
     },
     "node_modules/@mongosh/js-multiline-to-singleline": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/js-multiline-to-singleline/-/js-multiline-to-singleline-2.2.0.tgz",
-      "integrity": "sha512-duicDJNk+dN3Qi7dS4aZmB8x3QQfOsfibw+9wyMVyJeIQGpSWkkijtu9a0F7+KKGQOkikQsHaRwWoL8ZvsJAqA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/js-multiline-to-singleline/-/js-multiline-to-singleline-2.2.1.tgz",
+      "integrity": "sha512-e3F8ukzBfJibVaT22lqNdTKMW2UnOTGwEGmAgJC6MLElNjo+zR2z+OBWdLbuOdkY5nsXFDYB2IWgPYbKFiWu/A==",
       "dependencies": {
         "@babel/core": "^7.16.12",
         "@babel/types": "^7.21.2"
@@ -1332,14 +1333,14 @@
       }
     },
     "node_modules/@mongosh/logging": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/logging/-/logging-2.2.0.tgz",
-      "integrity": "sha512-Ibfplr9oklq7L/wJ39vfHamKhgFJCbRrMoFlstFOtoojW8hlcYknPfNp8k1WAAOIOf91YYgEFeCCKbBhLyvtsA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/logging/-/logging-2.2.1.tgz",
+      "integrity": "sha512-2YYLnBvx5GI4zof0sQw8bqLULGf/hOsn8rNIhosfbHKNUPrCCyWlPnjeFD3npaAt7zffkI7Acpev6hWlEDuulA==",
       "dependencies": {
         "@mongodb-js/devtools-connect": "^2.6.0",
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/history": "2.2.0",
-        "@mongosh/types": "2.2.0",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/history": "2.2.1",
+        "@mongosh/types": "2.2.1",
         "mongodb-log-writer": "^1.4.0",
         "mongodb-redact": "^0.2.2"
       },
@@ -1348,12 +1349,12 @@
       }
     },
     "node_modules/@mongosh/service-provider-core": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/service-provider-core/-/service-provider-core-2.2.0.tgz",
-      "integrity": "sha512-jvl8GlW6uV3LjQ1fmYkGvguFqMzcWFbGO82HwxcPKPw3tl4bkh210mnrZMfsyET0uU756q9F8MOkJTmGAP8UBQ==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/service-provider-core/-/service-provider-core-2.2.1.tgz",
+      "integrity": "sha512-D+sGmdKjeuTln5vTDqgg3Yx6DfidNuS/8keM14VGafRpVV8CEBD0My8F3kHpimV9w7xZnrAMKBqczcL1ZcJeww==",
       "dependencies": {
         "@aws-sdk/credential-providers": "^3.525.0",
-        "@mongosh/errors": "2.2.0",
+        "@mongosh/errors": "2.2.1",
         "bson": "^6.5.0",
         "mongodb": "^6.5.0",
         "mongodb-build-info": "^1.7.1"
@@ -1366,15 +1367,15 @@
       }
     },
     "node_modules/@mongosh/service-provider-server": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/service-provider-server/-/service-provider-server-2.2.0.tgz",
-      "integrity": "sha512-RRxv2SBjfIWWrNxXgmndsnd44FWvC3D2jdPj8BjvGzIkhoKSXoM+DCdLHrFN4L9ntH3FXfBuAurGZ863rhrW8w==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/service-provider-server/-/service-provider-server-2.2.1.tgz",
+      "integrity": "sha512-dZ2YlTWANFnfwSjDNxpMbdbFDAqru2pMXoxIyPzEW3ISnathRfJjObiSO0+i56AoGPPG0lTFEdHAb0r9lPgxew==",
       "dependencies": {
         "@mongodb-js/devtools-connect": "^2.6.0",
         "@mongodb-js/oidc-plugin": "^0.4.0",
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/service-provider-core": "2.2.0",
-        "@mongosh/types": "2.2.0",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/service-provider-core": "2.2.1",
+        "@mongosh/types": "2.2.1",
         "@types/sinon-chai": "^3.2.4",
         "aws4": "^1.12.0",
         "mongodb": "^6.5.0",
@@ -1390,15 +1391,15 @@
       }
     },
     "node_modules/@mongosh/shell-api": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/shell-api/-/shell-api-2.2.0.tgz",
-      "integrity": "sha512-yhLI3MvhHY/UV875B/ZYF4LSB+79bfzvrKerIrBBC0exfRKhMcUC/O2mpDRiAyfhfUG8bfMuPp/lDFVmrHEU1g==",
-      "dependencies": {
-        "@mongosh/arg-parser": "2.2.0",
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/history": "2.2.0",
-        "@mongosh/i18n": "2.2.0",
-        "@mongosh/service-provider-core": "2.2.0",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/shell-api/-/shell-api-2.2.1.tgz",
+      "integrity": "sha512-v7SNBBYms8SoHgDdDqN+jkG6V9GlpEJe5pY7tpLwlrQJ7ioBc8SOidsmHviStYP4oMzhkWQMXWETayWO92Fn+g==",
+      "dependencies": {
+        "@mongosh/arg-parser": "2.2.1",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/history": "2.2.1",
+        "@mongosh/i18n": "2.2.1",
+        "@mongosh/service-provider-core": "2.2.1",
         "mongodb-redact": "^0.2.2"
       },
       "engines": {
@@ -1406,27 +1407,27 @@
       }
     },
     "node_modules/@mongosh/shell-evaluator": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/shell-evaluator/-/shell-evaluator-2.2.0.tgz",
-      "integrity": "sha512-uKQF5G+HMrskIhzHBIV5Tveu/EOY9Rjjpot5no6i2f28uNv3rh3XoZrfFnO9QqWBrYuqhse+lGBTnYP69H59xA==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/shell-evaluator/-/shell-evaluator-2.2.1.tgz",
+      "integrity": "sha512-drs0wUGjMwsh5RCcTatuUE+xOcggASmMnRfJTrCF/qq/Zvt4Jdx2g0VYfU6QjwPU7X1xqRC+0efMo9ixEVIDVQ==",
       "dependencies": {
-        "@mongosh/async-rewriter2": "2.2.0",
-        "@mongosh/history": "2.2.0",
-        "@mongosh/shell-api": "2.2.0"
+        "@mongosh/async-rewriter2": "2.2.1",
+        "@mongosh/history": "2.2.1",
+        "@mongosh/shell-api": "2.2.1"
       },
       "engines": {
         "node": ">=14.15.1"
       }
     },
     "node_modules/@mongosh/snippet-manager": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/snippet-manager/-/snippet-manager-2.2.0.tgz",
-      "integrity": "sha512-N/Yrr2VZYre8g2qz9DW1BQEfs0T6SkRHf2LU+qiD/gUk/EZAjksqbuSQaVN78fHCt/d2SCSPZOomU3WBDpgHFg==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/snippet-manager/-/snippet-manager-2.2.1.tgz",
+      "integrity": "sha512-jjDAjaPCdWQAmlbWhZ1Jso7D19oKaxuEl3avn6vkxMIQIMML4IWrNOHoqWkfx5Z3NPteyx4grVfPyzjvipi94g==",
       "dependencies": {
-        "@mongosh/errors": "2.2.0",
-        "@mongosh/import-node-fetch": "2.2.0",
-        "@mongosh/shell-api": "2.2.0",
-        "@mongosh/types": "2.2.0",
+        "@mongosh/errors": "2.2.1",
+        "@mongosh/import-node-fetch": "2.2.1",
+        "@mongosh/shell-api": "2.2.1",
+        "@mongosh/types": "2.2.1",
         "bson": "^6.5.0",
         "cross-spawn": "^7.0.3",
         "escape-string-regexp": "^4.0.0",
@@ -1438,9 +1439,9 @@
       }
     },
     "node_modules/@mongosh/types": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmmirror.com/@mongosh/types/-/types-2.2.0.tgz",
-      "integrity": "sha512-l2S9nf1WDUqm1AHLMNrQKGHvnmObjphuOZe/aDS4wwYO8vJHZSCp/IjGMWDA69tdjyAScEhpT3S6XTq0Tiotqg==",
+      "version": "2.2.1",
+      "resolved": "https://registry.npmmirror.com/@mongosh/types/-/types-2.2.1.tgz",
+      "integrity": "sha512-lV1khTdJ8s3ldithGRa06nl4wlmKZm6eDnILPqW3QrZa0j6a2GBBe0GSUFo8kZkq4x3Y6SkT05ZHe1mnhh1gJQ==",
       "dependencies": {
         "@mongodb-js/devtools-connect": "^2.6.0"
       },
@@ -2114,9 +2115,9 @@
       }
     },
     "node_modules/@types/chai": {
-      "version": "4.3.12",
-      "resolved": "https://registry.npmmirror.com/@types/chai/-/chai-4.3.12.tgz",
-      "integrity": "sha512-zNKDHG/1yxm8Il6uCCVsm+dRdEsJlFoDu73X17y09bId6UwoYww+vFBsAcRzl8knM1sab3Dp1VRikFQwDOtDDw=="
+      "version": "4.3.13",
+      "resolved": "https://registry.npmmirror.com/@types/chai/-/chai-4.3.13.tgz",
+      "integrity": "sha512-+LxQEbg4BDUf88utmhpUpTyYn1zHao443aGnXIAQak9ZMt9Rtsic0Oig0OS1xyIqdDXc5uMekoC6NaiUlkT/qA=="
     },
     "node_modules/@types/sinon": {
       "version": "17.0.3",
@@ -2507,9 +2508,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001598",
-      "resolved": "https://registry.npmmirror.com/caniuse-lite/-/caniuse-lite-1.0.30001598.tgz",
-      "integrity": "sha512-j8mQRDziG94uoBfeFuqsJUNECW37DXpnvhcMJMdlH2u3MRkq1sAI0LJcXP1i/Py0KbSIC4UDj8YHPrTn5YsL+Q=="
+      "version": "1.0.30001599",
+      "resolved": "https://registry.npmmirror.com/caniuse-lite/-/caniuse-lite-1.0.30001599.tgz",
+      "integrity": "sha512-LRAQHZ4yT1+f9LemSMeqdMpMxZcc4RMWdj4tiFe3G8tNkWK+E58g+/tzotb5cU6TbcVJLr4fySiAW7XmxQvZQA=="
     },
     "node_modules/chalk": {
       "version": "2.4.2",
@@ -2730,9 +2731,9 @@
       }
     },
     "node_modules/detect-libc": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmmirror.com/detect-libc/-/detect-libc-2.0.2.tgz",
-      "integrity": "sha512-UX6sGumvvqSaXgdKGUsgZWqcUyIXZ/vZTrlRT/iobiKhGL0zL4d3osHj3uqllWJK+i+sixDS/3COVEOFbupFyw==",
+      "version": "2.0.3",
+      "resolved": "https://registry.npmmirror.com/detect-libc/-/detect-libc-2.0.3.tgz",
+      "integrity": "sha512-bwy0MGW55bG41VqxxypOsdSdGqLwXPI/focwgTYCFMbdUiBAxLg9CFzG08sz2aqzknwiX7Hkl0bQENjg8iLByw==",
       "optional": true,
       "engines": {
         "node": ">=8"
@@ -2774,9 +2775,9 @@
       "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow=="
     },
     "node_modules/electron-to-chromium": {
-      "version": "1.4.708",
-      "resolved": "https://registry.npmmirror.com/electron-to-chromium/-/electron-to-chromium-1.4.708.tgz",
-      "integrity": "sha512-iWgEEvREL4GTXXHKohhh33+6Y8XkPI5eHihDmm8zUk5Zo7HICEW+wI/j5kJ2tbuNUCXJ/sNXa03ajW635DiJXA=="
+      "version": "1.4.711",
+      "resolved": "https://registry.npmmirror.com/electron-to-chromium/-/electron-to-chromium-1.4.711.tgz",
+      "integrity": "sha512-hRg81qzvUEibX2lDxnFlVCHACa+LtrCPIsWAxo161LDYIB3jauf57RGsMZV9mvGwE98yGH06icj3zBEoOkxd/w=="
     },
     "node_modules/emoji-regex": {
       "version": "9.2.2",
diff --git a/pkgs/development/tools/mongosh/source.json b/pkgs/development/tools/mongosh/source.json
index f4adfe0aad9cb..8f771e9917ee9 100644
--- a/pkgs/development/tools/mongosh/source.json
+++ b/pkgs/development/tools/mongosh/source.json
@@ -1,6 +1,6 @@
 {
-  "version": "2.2.0",
-  "integrity": "sha512-6qwqz+1XTPYQCZzXH9QkyhjlxafwbodQi792FseEw8DX8bY1UWhufq6xT+cQEwkgEVHyg0df8TnZKVii3gwjbA==",
-  "filename": "mongosh-2.2.0.tgz",
-  "deps": "sha256-yU1qvjmSHqFj1GUOadLqfvKw4/7n6hfLyeNapBVakRg="
+  "version": "2.2.1",
+  "integrity": "sha512-jqgOlNl5ZE/jasl6LIDZ8lKP658I+XFZh1e16eYo+c9UfL+NqRXwVJCRWKaZ/tph9Hc3dzCd9dKCN7OC0T50iQ==",
+  "filename": "mongosh-2.2.1.tgz",
+  "deps": "sha256-sZ2zSFi2tuYhjLHHrewNHcmSxwIHggL+wbHvEScK38Y="
 }
diff --git a/pkgs/development/tools/rye/Cargo.lock b/pkgs/development/tools/rye/Cargo.lock
index 9aa4ff424bb57..763afd5d39d34 100644
--- a/pkgs/development/tools/rye/Cargo.lock
+++ b/pkgs/development/tools/rye/Cargo.lock
@@ -631,6 +631,12 @@ dependencies = [
 ]
 
 [[package]]
+name = "dotenvy"
+version = "0.15.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
+
+[[package]]
 name = "either"
 version = "1.9.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -1795,7 +1801,7 @@ dependencies = [
 
 [[package]]
 name = "rye"
-version = "0.29.0"
+version = "0.30.0"
 dependencies = [
  "age",
  "anyhow",
@@ -1808,6 +1814,7 @@ dependencies = [
  "curl",
  "decompress",
  "dialoguer",
+ "dotenvy",
  "flate2",
  "fslock",
  "git-testament",
diff --git a/pkgs/development/tools/rye/default.nix b/pkgs/development/tools/rye/default.nix
index b69888447c7bf..a5f14816dbff8 100644
--- a/pkgs/development/tools/rye/default.nix
+++ b/pkgs/development/tools/rye/default.nix
@@ -12,13 +12,13 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "rye";
-  version = "0.29.0";
+  version = "0.30.0";
 
   src = fetchFromGitHub {
     owner = "mitsuhiko";
     repo = "rye";
     rev = "refs/tags/${version}";
-    hash = "sha256-rNXzhJazOi815dhqviqtfSTM60Y/5ncKBVn2YhqcKJM=";
+    hash = "sha256-a4u8dBqp9zs4RW7tXN8HjGzvjYFyDUJzEFMxMoGhu4E=";
   };
 
   cargoLock = {
@@ -67,6 +67,7 @@ rustPlatform.buildRustPackage rec {
     "--skip=test_config_incompatible_format_and_show_path"
     "--skip=test_config_save_missing_folder"
     "--skip=test_config_show_path"
+    "--skip=test_dotenv"
     "--skip=test_empty_sync"
     "--skip=test_fetch"
     "--skip=test_init_default"
diff --git a/pkgs/development/tools/templ/default.nix b/pkgs/development/tools/templ/default.nix
index 63dd98bd54ab0..f3eda5a559755 100644
--- a/pkgs/development/tools/templ/default.nix
+++ b/pkgs/development/tools/templ/default.nix
@@ -5,7 +5,7 @@
 
 buildGoModule rec {
   pname = "templ";
-  version = "0.2.598";
+  version = "0.2.639";
 
   subPackages = [ "cmd/templ" ];
 
@@ -21,7 +21,7 @@ buildGoModule rec {
     owner = "a-h";
     repo = "templ";
     rev = "refs/tags/v${version}";
-    hash = "sha256-jMoAocMDq8U1JsYoH3PFzZbnjSAzhifLwNZoKY+ambA=";
+    hash = "sha256-W1efknPo45mmKYuiFakJ0AigmfQqlfQ/u+de0zTRwwY=";
   };
 
   vendorHash = "sha256-Upd5Wq4ajsyOMDiAWS2g2iNO1sm1XJc43AFQLIo5eDM=";
diff --git a/pkgs/games/xivlauncher/default.nix b/pkgs/games/xivlauncher/default.nix
index 63a0e5e4e35f8..ec617ad0f0f55 100644
--- a/pkgs/games/xivlauncher/default.nix
+++ b/pkgs/games/xivlauncher/default.nix
@@ -3,7 +3,7 @@
 , useSteamRun ? true }:
 
 let
-  rev = "1.0.7";
+  rev = "1.0.8";
 in
   buildDotnetModule rec {
     pname = "XIVLauncher";
@@ -13,7 +13,7 @@ in
       owner = "goatcorp";
       repo = "XIVLauncher.Core";
       inherit rev;
-      hash = "sha256-bWrFGaNkcKo5vUhhrpzEMuX1Ws6ud57sJ0tM4CUuUEk=";
+      hash = "sha256-x4W5L4k+u0MYKDWJu82QcXARW0zjmqqwGiueR1IevMk=";
       fetchSubmodules = true;
     };
 
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index e19f33c7c6afc..1e50fc3dfa15e 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -62,10 +62,26 @@ let
       SUNRPC_DEBUG              = yes;
       # Provide access to tunables like sched_migration_cost_ns
       SCHED_DEBUG               = yes;
+
+      # Count IRQ and steal CPU time separately
+      IRQ_TIME_ACCOUNTING       = yes;
+      PARAVIRT_TIME_ACCOUNTING  = yes;
+
+      # Enable CPU lockup detection
+      LOCKUP_DETECTOR           = yes;
+      SOFTLOCKUP_DETECTOR       = yes;
+      HARDLOCKUP_DETECTOR       = yes;
+
+      # Enable streaming logs to a remote device over a network
+      NETCONSOLE                = module;
+      NETCONSOLE_DYNAMIC        = yes;
+
+      # Export known printks in debugfs
+      PRINTK_INDEX              = whenAtLeast "5.15" yes;
     };
 
     power-management = {
-      CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
+      CPU_FREQ_DEFAULT_GOV_SCHEDUTIL   = yes;
       CPU_FREQ_GOV_SCHEDUTIL           = yes;
       PM_ADVANCED_DEBUG                = yes;
       PM_WAKELOCKS                     = yes;
@@ -85,6 +101,30 @@ let
       # depends on HAVE_VIRT_CPU_ACCOUNTING_GEN depends on 64BIT,
       # so we can't force-enable this
       RCU_LAZY                         = whenAtLeast "6.2" (option yes);
+
+      # Auto suspend Bluetooth devices at idle
+      BT_HCIBTUSB_AUTOSUSPEND          = yes;
+
+      # Expose cpufreq stats in sysfs
+      CPU_FREQ_STAT                    = yes;
+
+      # Enable CPU energy model for scheduling
+      ENERGY_MODEL                     = whenAtLeast "5.0" yes;
+
+      # Enable scheduling stats collection
+      SCHEDSTATS                       = yes;
+
+      # Enable thermal interface netlink API
+      THERMAL_NETLINK                  = whenAtLeast "5.9" yes;
+
+      # Prefer power-efficient workqueue implementation to per-CPU workqueues,
+      # which is slightly slower, but improves battery life.
+      # This is opt-in per workqueue, and can be disabled globally with a kernel command line option.
+      WQ_POWER_EFFICIENT_DEFAULT       = yes;
+
+      # Default SATA link power management to "medium with device initiated PM"
+      # for some extra power savings.
+      SATA_MOBILE_LPM_POLICY           = whenAtLeast "5.18" (freeform "3");
     } // optionalAttrs (stdenv.hostPlatform.isx86) {
       INTEL_IDLE                       = yes;
       INTEL_RAPL                       = whenAtLeast "5.3" module;
@@ -109,6 +149,9 @@ let
       CHT_DC_TI_PMIC_OPREGION          = whenAtLeast "5.10" yes;
       MFD_TPS68470                     = whenBetween "5.10" "5.13" yes;
       TPS68470_PMIC_OPREGION           = whenAtLeast "5.10" yes;
+
+      # Enable Intel thermal hardware feedback
+      INTEL_HFI_THERMAL                = whenAtLeast "5.18" yes;
     };
 
     external-firmware = {
@@ -136,6 +179,16 @@ let
       DAMON_DBGFS = whenAtLeast "5.15" yes;
       DAMON_RECLAIM = whenAtLeast "5.16" yes;
       DAMON_LRU_SORT = whenAtLeast "6.0" yes;
+      # Support recovering from memory failures on systems with ECC and MCA recovery.
+      MEMORY_FAILURE = yes;
+
+      # Collect ECC errors and retire pages that fail too often
+      RAS_CEC                   = yes;
+    } // optionalAttrs (stdenv.is32bit) {
+      # Enable access to the full memory range (aka PAE) on 32-bit architectures
+      # This check isn't super accurate but it's close enough
+      HIGHMEM                   = option yes;
+      BOUNCE                    = option yes;
     };
 
     memtest = {
@@ -154,6 +207,9 @@ let
       BFQ_GROUP_IOSCHED = yes;
       MQ_IOSCHED_KYBER = yes;
       IOSCHED_BFQ = module;
+      # Enable CPU utilization clamping for RT tasks
+      UCLAMP_TASK = whenAtLeast "5.3" yes;
+      UCLAMP_TASK_GROUP = whenAtLeast "5.4" yes;
     };
 
 
@@ -166,6 +222,7 @@ let
     # Enable NUMA.
     numa = {
       NUMA  = option yes;
+      NUMA_BALANCING = option yes;
     };
 
     networking = {
@@ -250,6 +307,9 @@ let
       # Bridge Netfilter Configuration
       NF_TABLES_BRIDGE            = mkMerge [ (whenOlder "5.3" yes)
                                               (whenAtLeast "5.3" module) ];
+      # Expose some debug info
+      NF_CONNTRACK_PROCFS         = yes;
+      NF_FLOW_TABLE_PROCFS        = whenAtLeast "6.0" yes;
 
       # needed for `dropwatch`
       # Builtin-only since https://github.com/torvalds/linux/commit/f4b6bcc7002f0e3a3428bac33cf1945abff95450
@@ -276,6 +336,10 @@ let
       INFINIBAND = module;
       INFINIBAND_IPOIB = module;
       INFINIBAND_IPOIB_CM = yes;
+
+      # Enable debugfs for wireless drivers
+      CFG80211_DEBUGFS = yes;
+      MAC80211_DEBUGFS = yes;
     } // optionalAttrs (stdenv.hostPlatform.system == "aarch64-linux") {
       # Not enabled by default, hides modules behind it
       NET_VENDOR_MEDIATEK = yes;
@@ -288,8 +352,8 @@ let
       CFG80211_WEXT               = option yes; # Without it, ipw2200 drivers don't build
       IPW2100_MONITOR             = option yes; # support promiscuous mode
       IPW2200_MONITOR             = option yes; # support promiscuous mode
-      HOSTAP_FIRMWARE             = option yes; # Support downloading firmware images with Host AP driver
-      HOSTAP_FIRMWARE_NVRAM       = option yes;
+      HOSTAP_FIRMWARE             = whenOlder "6.8" (option yes); # Support downloading firmware images with Host AP driver
+      HOSTAP_FIRMWARE_NVRAM       = whenOlder "6.8" (option yes);
       MAC80211_MESH               = option yes; # Enable 802.11s (mesh networking) support
       ATH9K_PCI                   = option yes; # Detect Atheros AR9xxx cards on PCI(e) bus
       ATH9K_AHB                   = option yes; # Ditto, AHB bus
@@ -345,8 +409,12 @@ let
       FONT_TER16x32 = whenAtLeast "5.0" yes;
     };
 
-    video = {
+    video = let
+      whenHasDevicePrivate = mkIf (!stdenv.isx86_32 && versionAtLeast version "5.1");
+    in {
       DRM_LEGACY = whenOlder "6.8" no;
+      DRM_SIMPLEDRM = yes;
+
       NOUVEAU_LEGACY_CTX_SUPPORT = whenBetween "5.2" "6.3" no;
 
       # Allow specifying custom EDID on the kernel command line
@@ -371,8 +439,25 @@ let
       DRM_AMD_DC_FP = whenAtLeast "6.4" yes;
       DRM_AMD_DC_HDCP = whenBetween "5.5" "6.4" yes;
       DRM_AMD_DC_SI = whenAtLeast "5.10" yes;
+
+      # Enable AMD Audio Coprocessor support for HDMI outputs
+      DRM_AMD_ACP = yes;
+
+      # Enable AMD secure display when available
+      DRM_AMD_SECURE_DISPLAY = whenAtLeast "5.13" yes;
+
       # Enable new firmware (and by extension NVK) for compatible hardware on Nouveau
       DRM_NOUVEAU_GSP_DEFAULT = whenAtLeast "6.8" yes;
+
+      # Enable Nouveau shared virtual memory (used by OpenCL)
+      DEVICE_PRIVATE = whenHasDevicePrivate yes;
+      DRM_NOUVEAU_SVM = whenHasDevicePrivate yes;
+
+      # Enable HDMI-CEC receiver support
+      MEDIA_CEC_RC = whenAtLeast "5.10" yes;
+
+      # Enable CEC over DisplayPort
+      DRM_DP_CEC = yes;
     } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
       # Intel GVT-g graphics virtualization supports 64-bit only
       DRM_I915_GVT = yes;
@@ -409,6 +494,7 @@ let
       SND_HDA_CODEC_CA0132_DSP = whenOlder "5.7" yes; # Enable DSP firmware loading on Creative Soundblaster Z/Zx/ZxR/Recon
       SND_OSSEMUL         = yes;
       SND_USB_CAIAQ_INPUT = yes;
+      SND_USB_AUDIO_MIDI_V2 = whenAtLeast "6.5" yes;
     # Enable Sound Open Firmware support
     } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" &&
                         versionAtLeast version "5.5") {
@@ -445,14 +531,23 @@ let
       SND_SOC_SOF_TIGERLAKE_SUPPORT     = whenOlder "5.12" yes;
     };
 
-    usb-serial = {
-      USB_SERIAL_GENERIC          = yes; # USB Generic Serial Driver
-    };
-
     usb = {
+      USB                  = yes; # compile USB core into kernel, so we can use USB_SERIAL_CONSOLE before modules
+
       USB_EHCI_ROOT_HUB_TT = yes; # Root Hub Transaction Translators
       USB_EHCI_TT_NEWSCHED = yes; # Improved transaction translator scheduling
       USB_HIDDEV = yes; # USB Raw HID Devices (like monitor controls and Uninterruptable Power Supplies)
+
+      # default to dual role mode
+      USB_DWC2_DUAL_ROLE = yes;
+      USB_DWC3_DUAL_ROLE = yes;
+    };
+
+    usb-serial = {
+      USB_SERIAL                  = yes;
+      USB_SERIAL_GENERIC          = yes; # USB Generic Serial Driver
+      USB_SERIAL_CONSOLE          = yes; # Allow using USB serial adapter as console
+      U_SERIAL_CONSOLE            = whenAtLeast "5.10" yes; # Allow using USB gadget as console
     };
 
     # Filesystem options - in particular, enable extended attributes and
@@ -533,6 +628,7 @@ let
 
       SQUASHFS_FILE_DIRECT         = yes;
       SQUASHFS_DECOMP_MULTI_PERCPU = whenOlder "6.2" yes;
+      SQUASHFS_CHOICE_DECOMP_BY_MOUNT = whenAtLeast "6.2" yes;
       SQUASHFS_XATTR               = yes;
       SQUASHFS_ZLIB                = yes;
       SQUASHFS_LZO                 = yes;
@@ -598,6 +694,16 @@ let
       CRYPTO_DRBG_HASH                 = yes;
       CRYPTO_DRBG_CTR                  = yes;
 
+      # Enable KFENCE
+      # See: https://docs.kernel.org/dev-tools/kfence.html
+      KFENCE                           = whenAtLeast "5.12" yes;
+
+      # Enable support for page poisoning. Still needs to be enabled on the command line to actually work.
+      PAGE_POISONING                   = yes;
+
+      # Enable stack smashing protections in schedule()
+      # See: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?h=v4.8&id=0d9e26329b0c9263d4d9e0422d80a0e73268c52f
+      SCHED_STACK_END_CHECK            = yes;
     } // optionalAttrs stdenv.hostPlatform.isx86_64 {
       # Enable Intel SGX
       X86_SGX     = whenAtLeast "5.11" yes;
@@ -614,6 +720,9 @@ let
       SEV_GUEST       = whenAtLeast "5.19" module;
       # Shadow stacks
       X86_USER_SHADOW_STACK = whenAtLeast "6.6" yes;
+
+      # Mitigate straight line speculation at the cost of some file size
+      SLS = whenAtLeast "5.17" yes;
     };
 
     microcode = {
@@ -791,6 +900,10 @@ let
       # Unconditionally enabled, because it is required for CRIU and
       # it provides the kcmp() system call that Mesa depends on.
       CHECKPOINT_RESTORE  = yes;
+
+      # Allows soft-dirty tracking on pages, used by CRIU.
+      # See https://docs.kernel.org/admin-guide/mm/soft-dirty.html
+      MEM_SOFT_DIRTY = mkIf (!stdenv.isx86_32) yes;
     };
 
     misc = let
@@ -805,6 +918,9 @@ let
       # enabled by default in x86_64 but not arm64, so we do that here
       HIDRAW               = yes;
 
+      # Enable loading HID fixups as eBPF from userspace
+      HID_BPF            = whenAtLeast "6.3" yes;
+
       HID_ACRUX_FF       = yes;
       DRAGONRISE_FF      = yes;
       GREENASIA_FF       = yes;
@@ -832,7 +948,10 @@ let
       # Enable initrd support.
       BLK_DEV_INITRD    = yes;
 
-      PM_TRACE_RTC         = no; # Disable some expensive (?) features.
+      # Allows debugging systems that get stuck during suspend/resume
+      PM_TRACE             = yes;
+      PM_TRACE_RTC         = yes;
+
       ACCESSIBILITY        = yes; # Accessibility support
       AUXDISPLAY           = yes; # Auxiliary Display support
       HIPPI                = yes;
@@ -857,6 +976,11 @@ let
 
       BLK_SED_OPAL = yes;
 
+      # Enable support for block layer inline encryption
+      BLK_INLINE_ENCRYPTION = whenAtLeast "5.8" yes;
+      # ...but fall back to CPU encryption if unavailable
+      BLK_INLINE_ENCRYPTION_FALLBACK = whenAtLeast "5.8" yes;
+
       BSD_PROCESS_ACCT_V3 = yes;
 
       SERIAL_DEV_BUS = yes; # enables support for serial devices
@@ -971,7 +1095,7 @@ let
       # Disable the firmware helper fallback, udev doesn't implement it any more
       FW_LOADER_USER_HELPER_FALLBACK = option no;
 
-      FW_LOADER_COMPRESS = option yes;
+      FW_LOADER_COMPRESS = whenAtLeast "5.3" yes;
 
       HOTPLUG_PCI_ACPI = yes; # PCI hotplug using ACPI
       HOTPLUG_PCI_PCIE = yes; # PCI-Expresscard hotplug support
@@ -1018,6 +1142,13 @@ let
 
       # Set system time from RTC on startup and resume
       RTC_HCTOSYS = option yes;
+
+      # Expose watchdog information in sysfs
+      WATCHDOG_SYSFS = yes;
+
+      # Enable generic kernel watch queues
+      # See https://docs.kernel.org/core-api/watch_queue.html
+      WATCH_QUEUE = whenAtLeast "5.8" yes;
     } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
       # Enable CPU/memory hotplug support
       # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
@@ -1048,6 +1179,10 @@ let
       # https://github.com/torvalds/linux/blob/856deb866d16e29bd65952e0289066f6078af773/kernel/dma/contiguous.c#L35-L44
       CMA_SIZE_MBYTES = freeform "32";
 
+      # Add debug interfaces for CMA
+      CMA_DEBUGFS = yes;
+      CMA_SYSFS = yes;
+
       # Many ARM SBCs hand off a pre-configured framebuffer.
       # This always can can be replaced by the actual native driver.
       # Keeping it a built-in ensures it will be used if possible.
@@ -1093,6 +1228,24 @@ let
     } // optionalAttrs (versionAtLeast version "5.4" && stdenv.hostPlatform.system == "x86_64-linux") {
       CHROMEOS_LAPTOP = module;
       CHROMEOS_PSTORE = module;
+    } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux") {
+      # Enable x86 resource control
+      X86_CPU_RESCTRL = whenAtLeast "5.0" yes;
+
+      # Enable TSX on CPUs where it's not vulnerable
+      X86_INTEL_TSX_MODE_AUTO = yes;
+
+      # Enable AMD Wi-Fi RF band mitigations
+      # See https://cateee.net/lkddb/web-lkddb/AMD_WBRF.html
+      AMD_WBRF = whenAtLeast "6.8" yes;
+
+      # Enable Intel Turbo Boost Max 3.0
+      INTEL_TURBO_MAX_3 = yes;
+    };
+
+    accel = {
+      # Build DRM accelerator devices
+      DRM_ACCEL = whenAtLeast "6.2" yes;
     };
   };
 in
diff --git a/pkgs/servers/hqplayerd/default.nix b/pkgs/servers/hqplayerd/default.nix
index 07f0c1dc48586..aa08f781121c8 100644
--- a/pkgs/servers/hqplayerd/default.nix
+++ b/pkgs/servers/hqplayerd/default.nix
@@ -26,11 +26,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "hqplayerd";
-  version = "5.2.0-6";
+  version = "5.5.0-13";
 
   src = fetchurl {
     url = "https://www.signalyst.eu/bins/${pname}/fc37/${pname}-${version}.fc37.x86_64.rpm";
-    hash = "sha256-AJKSj7t1yog3EXrzdods9Jk35ibEbegnXQzFcsr2N7I=";
+    hash = "sha256-yfdgsQu2w56apq5lyD0JcEkM9/EtlfdZQ9I5x1BBOcU=";
   };
 
   unpackPhase = ''
diff --git a/pkgs/servers/matrix-synapse/matrix-hookshot/default.nix b/pkgs/servers/matrix-synapse/matrix-hookshot/default.nix
index 9598baed39e69..e89e4e1e682b4 100644
--- a/pkgs/servers/matrix-synapse/matrix-hookshot/default.nix
+++ b/pkgs/servers/matrix-synapse/matrix-hookshot/default.nix
@@ -72,6 +72,11 @@ mkYarnPackage rec {
         "$out/libexec/matrix-hookshot/deps/matrix-hookshot/lib/App/BridgeApp.js"
   '';
 
+  postFixup = ''
+    # Scrub reference to rustc
+    rm $out/libexec/matrix-hookshot/deps/matrix-hookshot/target/.rustc_info.json
+  '';
+
   doDist = false;
 
   meta = with lib; {
diff --git a/pkgs/tools/security/cnspec/default.nix b/pkgs/tools/security/cnspec/default.nix
index 9114c52a052a0..e01d1155a980f 100644
--- a/pkgs/tools/security/cnspec/default.nix
+++ b/pkgs/tools/security/cnspec/default.nix
@@ -5,18 +5,18 @@
 
 buildGoModule rec {
   pname = "cnspec";
-  version = "10.8.0";
+  version = "10.8.2";
 
   src = fetchFromGitHub {
     owner = "mondoohq";
     repo = "cnspec";
     rev = "refs/tags/v${version}";
-    hash = "sha256-EfVbYIGkjH0tHaMgnoyAGw7ZlAPVBlhbKTjryFRBF1A=";
+    hash = "sha256-F38qymDYAV2hc1jKrnyot6rk/vDPAvH+DP/JhucmZkE=";
   };
 
   proxyVendor = true;
 
-  vendorHash = "sha256-xrWGILBxZEoNi4PHG1vixLpOVaW0LRKkTkJsx5mWBns=";
+  vendorHash = "sha256-w8iGRPnYbyNeHZ+cOA6K4GJdsIyES5zC3A70r9BEFuY=";
 
   subPackages = [
     "apps/cnspec"
diff --git a/pkgs/tools/security/gotestwaf/default.nix b/pkgs/tools/security/gotestwaf/default.nix
index 5a807b0a08c70..b710d209244c7 100644
--- a/pkgs/tools/security/gotestwaf/default.nix
+++ b/pkgs/tools/security/gotestwaf/default.nix
@@ -7,13 +7,13 @@
 
 buildGoModule rec {
   pname = "gotestwaf";
-  version = "0.4.15";
+  version = "0.4.16";
 
   src = fetchFromGitHub {
     owner = "wallarm";
     repo = "gotestwaf";
     rev = "refs/tags/v${version}";
-    hash = "sha256-C5lDiHDSSweUZh83AOv5WIQ4JuC9OiCvpHshgius51k=";
+    hash = "sha256-fMSXnA8ZuyfOQINkWiYwX7NSffsHbdlfDcpfo/hahMY=";
   };
 
   vendorHash = null;
diff --git a/pkgs/tools/security/mokutil/default.nix b/pkgs/tools/security/mokutil/default.nix
index 8b36e5c1c6319..cd36b8eaa1e9f 100644
--- a/pkgs/tools/security/mokutil/default.nix
+++ b/pkgs/tools/security/mokutil/default.nix
@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "mokutil";
-  version = "0.7.1";
+  version = "0.7.2";
 
   src = fetchFromGitHub {
     owner = "lcp";
     repo = pname;
     rev = version;
-    sha256 = "sha256-vxSYwsQ+xjW7a7gZhvgX4lzA7my6BZCYGwE1bLceTQA=";
+    sha256 = "sha256-DO3S1O0AKoI8gssnUyBTRj5lDNs6hhisc/5dTIqmbzM=";
   };
 
   nativeBuildInputs = [