204 files changed, 1172 insertions, 721 deletions

diff --git a/pkgs/applications/audio/mympd/default.nix b/pkgs/applications/audio/mympd/default.nix
index c28eb62d07a4..f96c08577b39 100644
--- a/pkgs/applications/audio/mympd/default.nix
+++ b/pkgs/applications/audio/mympd/default.nix
@@ -12,6 +12,7 @@
 , gzip
 , perl
 , jq
+, nixosTests
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -57,6 +58,8 @@ stdenv.mkDerivation (finalAttrs: {
   # 5 tests out of 23 fail, probably due to the sandbox...
   doCheck = false;
 
+  passthru.tests = { inherit (nixosTests) mympd; };
+
   meta = {
     homepage = "https://jcorporation.github.io/myMPD";
     description = "Standalone and mobile friendly web mpd client with a tiny footprint and advanced features";
diff --git a/pkgs/applications/blockchains/ergo/default.nix b/pkgs/applications/blockchains/ergo/default.nix
index 0ab89e9c2709..ba24148ed51e 100644
--- a/pkgs/applications/blockchains/ergo/default.nix
+++ b/pkgs/applications/blockchains/ergo/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, makeWrapper, jre }:
+{ lib, stdenv, fetchurl, makeWrapper, jre, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "ergo";
@@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
     makeWrapper ${jre}/bin/java $out/bin/ergo --add-flags "-jar $src"
   '';
 
+  passthru.tests = { inherit (nixosTests) ergo; };
+
   meta = with lib; {
     description = "Open protocol that implements modern scientific ideas in the blockchain area";
     homepage = "https://ergoplatform.org/en/";
diff --git a/pkgs/applications/blockchains/quorum/default.nix b/pkgs/applications/blockchains/quorum/default.nix
index 23e1d92a8314..ca323bba3a7b 100644
--- a/pkgs/applications/blockchains/quorum/default.nix
+++ b/pkgs/applications/blockchains/quorum/default.nix
@@ -1,4 +1,4 @@
-{ lib, fetchFromGitHub, buildGoModule }:
+{ lib, fetchFromGitHub, buildGoModule, nixosTests }:
 
 buildGoModule rec {
   pname = "quorum";
@@ -20,6 +20,8 @@ buildGoModule rec {
 
   ldflags = [ "-s" "-w" ];
 
+  passthru.tests = { inherit (nixosTests) quorum; };
+
   meta = with lib; {
     description = "Permissioned implementation of Ethereum supporting data privacy";
     homepage = "https://consensys.net/quorum/";
diff --git a/pkgs/applications/blockchains/wasabibackend/default.nix b/pkgs/applications/blockchains/wasabibackend/default.nix
index 1371be1a9752..59a3c1689b07 100644
--- a/pkgs/applications/blockchains/wasabibackend/default.nix
+++ b/pkgs/applications/blockchains/wasabibackend/default.nix
@@ -6,6 +6,7 @@
   dotnetCorePackages,
   zlib,
   openssl,
+  nixosTests,
 }:
 buildDotnetModule rec {
   pname = "wasabibackend";
@@ -38,6 +39,10 @@ buildDotnetModule rec {
     mv $out/bin/WalletWasabi.Backend $out/bin/WasabiBackend
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) wasabibackend;
+  };
+
   meta = with lib; {
     description = "Backend for the Wasabi Wallet";
     homepage = "https://wasabiwallet.io/";
diff --git a/pkgs/applications/display-managers/lightdm/default.nix b/pkgs/applications/display-managers/lightdm/default.nix
index f5d856ec1770..820477861bb5 100644
--- a/pkgs/applications/display-managers/lightdm/default.nix
+++ b/pkgs/applications/display-managers/lightdm/default.nix
@@ -28,6 +28,7 @@
 , qtbase
 , yelp-tools
 , yelp-xsl
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -115,6 +116,7 @@ stdenv.mkDerivation rec {
 
   passthru = {
     updateScript = nix-update-script { };
+    tests = { inherit (nixosTests) lightdm; };
   };
 
 
diff --git a/pkgs/applications/display-managers/ly/default.nix b/pkgs/applications/display-managers/ly/default.nix
index 41ecfd40f4b5..24332a10c080 100644
--- a/pkgs/applications/display-managers/ly/default.nix
+++ b/pkgs/applications/display-managers/ly/default.nix
@@ -1,5 +1,5 @@
 { stdenv, lib, fetchFromGitHub, linux-pam, libxcb, makeBinaryWrapper, zig_0_12
-, callPackage }:
+, callPackage, nixosTests }:
 
 stdenv.mkDerivation {
   pname = "ly";
@@ -19,6 +19,8 @@ stdenv.mkDerivation {
     ln -s ${callPackage ./deps.nix { }} $ZIG_GLOBAL_CACHE_DIR/p
   '';
 
+  passthru.tests = { inherit (nixosTests) ly; };
+
   meta = with lib; {
     description = "TUI display manager";
     license = licenses.wtfpl;
diff --git a/pkgs/applications/display-managers/sddm/default.nix b/pkgs/applications/display-managers/sddm/default.nix
index 2708ff060814..45268ae44bdf 100644
--- a/pkgs/applications/display-managers/sddm/default.nix
+++ b/pkgs/applications/display-managers/sddm/default.nix
@@ -16,6 +16,7 @@ runCommand "sddm-wrapped" {
 
   passthru = {
     inherit unwrapped;
+    inherit (unwrapped.passthru) tests;
   };
 
   meta = unwrapped.meta;
diff --git a/pkgs/applications/display-managers/sddm/unwrapped.nix b/pkgs/applications/display-managers/sddm/unwrapped.nix
index 430e62a5ef4a..3a7a73dd9610 100644
--- a/pkgs/applications/display-managers/sddm/unwrapped.nix
+++ b/pkgs/applications/display-managers/sddm/unwrapped.nix
@@ -2,6 +2,7 @@
 , cmake, pkg-config, qttools
 , libxcb, libXau, pam, qtbase, qtdeclarative
 , qtquickcontrols2 ? null, systemd, xkeyboardconfig
+, nixosTests
 }:
 let
   isQt6 = lib.versions.major qtbase.version == "6";
@@ -76,6 +77,8 @@ in stdenv.mkDerivation(finalAttrs: {
     done
   '';
 
+  passthru.tests = { inherit (nixosTests) sddm; };
+
   meta = with lib; {
     description = "QML based X11 display manager";
     homepage    = "https://github.com/sddm/sddm";
diff --git a/pkgs/applications/editors/music/tuxguitar/default.nix b/pkgs/applications/editors/music/tuxguitar/default.nix
index 47614b260b82..a602de8a37b7 100644
--- a/pkgs/applications/editors/music/tuxguitar/default.nix
+++ b/pkgs/applications/editors/music/tuxguitar/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, swt, jre, makeWrapper, alsa-lib, jack2, fluidsynth, libpulseaudio }:
+{ lib, stdenv, fetchurl, swt, jre, makeWrapper, alsa-lib, jack2, fluidsynth, libpulseaudio, nixosTests }:
 
 let metadata = assert stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux";
   if stdenv.hostPlatform.system == "i686-linux" then
@@ -31,6 +31,8 @@ in stdenv.mkDerivation rec {
       --prefix CLASSPATH : "${swt}/jars/swt.jar:$out/lib/tuxguitar.jar:$out/lib/itext.jar"
   '';
 
+  passthru.tests = { inherit (nixosTests) tuxguitar; };
+
   meta = with lib; {
     description = "Multitrack guitar tablature editor";
     longDescription = ''
diff --git a/pkgs/applications/editors/ox/default.nix b/pkgs/applications/editors/ox/default.nix
index 978f2b2aaa1a..dd213f846073 100644
--- a/pkgs/applications/editors/ox/default.nix
+++ b/pkgs/applications/editors/ox/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "ox";
-  version = "0.2.7";
+  version = "0.3.0";
 
   src = fetchFromGitHub {
     owner = "curlpipe";
     repo = pname;
     rev = version;
-    hash = "sha256-4I6RjSCfNyeSQwGn6zX9AhePkqr+uOuhXdV0tat1LqI=";
+    hash = "sha256-g5M/d6pts4Y17CpWJAsWFL5KCq1YFaACJq6n6BQw7mo=";
   };
 
-  cargoHash = "sha256-VFrN58SRTRGH+RSc59RIdsysR3umnrU2KM5XVCp9u1Q=";
+  cargoHash = "sha256-6+W/guijsb9+ip1cvke8JLVa4h1nU2zQJCrLv64vsa0=";
 
   meta = with lib; {
     description = "Independent Rust text editor that runs in your terminal";
diff --git a/pkgs/applications/editors/vscode/extensions/default.nix b/pkgs/applications/editors/vscode/extensions/default.nix
index 5ff8557279cc..dee4e0b12f8d 100644
--- a/pkgs/applications/editors/vscode/extensions/default.nix
+++ b/pkgs/applications/editors/vscode/extensions/default.nix
@@ -3106,6 +3106,8 @@ let
         };
       };
 
+      mongodb.mongodb-vscode = callPackage ./mongodb.mongodb-vscode { };
+
       moshfeu.compare-folders = buildVscodeMarketplaceExtension {
         mktplcRef = {
           name = "compare-folders";
@@ -4832,8 +4834,8 @@ let
         mktplcRef = {
           name = "uiua-vscode";
           publisher = "uiua-lang";
-          version = "0.0.44";
-          hash = "sha256-lumK7gcj/NIhiZKT6F++ZsTFKWw7ZVaKZgIsQvZAGs4=";
+          version = "0.0.52";
+          hash = "sha256-zFtu3AYnDxb/aMtkpiaItQtwLpynTVbSRGuqKv3SueM=";
         };
         meta = {
           description = "VSCode language extension for Uiua";
diff --git a/pkgs/applications/editors/vscode/extensions/mongodb.mongodb-vscode/default.nix b/pkgs/applications/editors/vscode/extensions/mongodb.mongodb-vscode/default.nix
new file mode 100644
index 000000000000..f1e2132dc81d
--- /dev/null
+++ b/pkgs/applications/editors/vscode/extensions/mongodb.mongodb-vscode/default.nix
@@ -0,0 +1,19 @@
+{ lib, vscode-utils }:
+
+vscode-utils.buildVscodeMarketplaceExtension {
+  mktplcRef = {
+    name = "mongodb-vscode";
+    publisher = "mongodb";
+    version = "1.7.0";
+    hash = "sha256-EDU8kQLTQIe5D905ZVskFt/28Mzv1Zr7auqG4tksQ/o=";
+  };
+
+  meta = {
+    changelog = "https://github.com/mongodb-js/vscode/blob/main/CHANGELOG.md";
+    description = "An extension for VS Code that makes it easy to work with your data in MongoDB";
+    downloadPage = "https://marketplace.visualstudio.com/items?itemName=mongodb.mongodb-vscode";
+    homepage = "https://github.com/mongodb-js/vscode";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [ drupol ];
+  };
+}
diff --git a/pkgs/applications/file-managers/clifm/default.nix b/pkgs/applications/file-managers/clifm/default.nix
index cd263dd2e851..f24445f2a6d2 100644
--- a/pkgs/applications/file-managers/clifm/default.nix
+++ b/pkgs/applications/file-managers/clifm/default.nix
@@ -11,13 +11,13 @@
 
 stdenv.mkDerivation rec {
   pname = "clifm";
-  version = "1.19";
+  version = "1.20";
 
   src = fetchFromGitHub {
     owner = "leo-arch";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-QNxEvFZ5e4jQV2Tv2/D9KPRDoCoQlrqStFnbKVgcXxg=";
+    hash = "sha256-TKQxNl+RTPQAE7mMALugm3rg8mPZq3eD/uW23DLws8I=";
   };
 
   buildInputs = [
diff --git a/pkgs/applications/misc/fluidd/default.nix b/pkgs/applications/misc/fluidd/default.nix
index c3d5340640b3..1741e5f2d325 100644
--- a/pkgs/applications/misc/fluidd/default.nix
+++ b/pkgs/applications/misc/fluidd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenvNoCC, fetchurl, unzip }:
+{ lib, stdenvNoCC, fetchurl, unzip, nixosTests }:
 
 stdenvNoCC.mkDerivation rec {
   pname = "fluidd";
@@ -25,6 +25,8 @@ stdenvNoCC.mkDerivation rec {
     cp -r fluidd $out/share/fluidd/htdocs
   '';
 
+  passthru.tests = { inherit (nixosTests) fluidd; };
+
   meta = with lib; {
     description = "Klipper web interface";
     homepage = "https://docs.fluidd.xyz";
diff --git a/pkgs/applications/misc/jotta-cli/default.nix b/pkgs/applications/misc/jotta-cli/default.nix
index b2239298d1a2..4130f7867a75 100644
--- a/pkgs/applications/misc/jotta-cli/default.nix
+++ b/pkgs/applications/misc/jotta-cli/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchzip }:
+{ lib, stdenv, fetchzip, nixosTests }:
 
 let
   arch = "amd64";
@@ -23,6 +23,8 @@ stdenv.mkDerivation rec {
     $out/bin/jotta-cli completion bash > $out/share/bash-completion/completions/jotta-cli.bash
   '';
 
+  passthru.tests = { inherit (nixosTests) jotta-cli; };
+
   meta = with lib; {
     description  = "Jottacloud CLI";
     homepage     = "https://www.jottacloud.com/";
diff --git a/pkgs/applications/misc/nwg-dock/default.nix b/pkgs/applications/misc/nwg-dock/default.nix
index 3d8e8f82d39d..29880d734000 100644
--- a/pkgs/applications/misc/nwg-dock/default.nix
+++ b/pkgs/applications/misc/nwg-dock/default.nix
@@ -8,13 +8,13 @@
 
 buildGoModule rec {
   pname = "nwg-dock";
-  version = "0.4.0";
+  version = "0.4.1";
 
   src = fetchFromGitHub {
     owner = "nwg-piotr";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-qmzCjbWmrDJBB2gnhR5hc0sYD3V0i/SKTavfMA2iLyc=";
+    sha256 = "sha256-ZR72QMftR6bWCieJHW3k46Ujdn/W5fulGxYKoNPiPfE=";
   };
 
   vendorHash = "sha256-paRcBQwg2uGouMRX5XF++OyN8Y0JyucXLN0G5O0j3qA=";
diff --git a/pkgs/applications/misc/writefreely/default.nix b/pkgs/applications/misc/writefreely/default.nix
index d505ae2e380a..0f8d3b6fac29 100644
--- a/pkgs/applications/misc/writefreely/default.nix
+++ b/pkgs/applications/misc/writefreely/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
 
 buildGoModule rec {
   pname = "writefreely";
@@ -23,6 +23,8 @@ buildGoModule rec {
 
   subPackages = [ "cmd/writefreely" ];
 
+  passthru.tests = { inherit (nixosTests) writefreely; };
+
   meta = with lib; {
     description = "Build a digital writing community";
     homepage = "https://github.com/writefreely/writefreely";
diff --git a/pkgs/applications/networking/cluster/argocd/default.nix b/pkgs/applications/networking/cluster/argocd/default.nix
index 59803dabdf27..e74961dea391 100644
--- a/pkgs/applications/networking/cluster/argocd/default.nix
+++ b/pkgs/applications/networking/cluster/argocd/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "argocd";
-  version = "2.12.0";
+  version = "2.12.1";
 
   src = fetchFromGitHub {
     owner = "argoproj";
     repo = "argo-cd";
     rev = "v${version}";
-    hash = "sha256-l2J7inrV82ej8baoY3FTcGeusN5e6WNEZMtzOdE8/WY=";
+    hash = "sha256-mqFQdgzHjht3ipTdjE4IfG9wrV7GZtuvH8T2iosiHMs=";
   };
 
   proxyVendor = true; # darwin/linux hash mismatch
diff --git a/pkgs/applications/networking/cluster/kubelogin-oidc/default.nix b/pkgs/applications/networking/cluster/kubelogin-oidc/default.nix
index 17822e687f7e..baa070a17608 100644
--- a/pkgs/applications/networking/cluster/kubelogin-oidc/default.nix
+++ b/pkgs/applications/networking/cluster/kubelogin-oidc/default.nix
@@ -2,18 +2,18 @@
 
 buildGoModule rec {
   pname = "kubelogin";
-  version = "1.28.2";
+  version = "1.29.0";
 
   src = fetchFromGitHub {
     owner = "int128";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-hWGP3/WAS2+/jylytZWo7+N/bWmrkaJDHZ0tYbElLSs=";
+    sha256 = "sha256-fGCllV07YustUIX1XiSvsC42obDOgl2yV5ruQMT2R0c=";
   };
 
   subPackages = ["."];
 
-  vendorHash = "sha256-r9WaS3J0b2yerjOgVLu0g95fwETqOFWoUvSC30gDzH0=";
+  vendorHash = "sha256-wtxSoRSpmRwuIOdKGmCRR+QLwOvONiiltg6KL6t2cf8=";
 
   # Rename the binary instead of symlinking to avoid conflict with the
   # Azure version of kubelogin
diff --git a/pkgs/applications/networking/cluster/nixops/default.nix b/pkgs/applications/networking/cluster/nixops/default.nix
index 5cbd49e2f562..d9d31d94ac96 100644
--- a/pkgs/applications/networking/cluster/nixops/default.nix
+++ b/pkgs/applications/networking/cluster/nixops/default.nix
@@ -22,16 +22,16 @@ let
       nixops-aws = callPackage ./plugins/nixops-aws.nix { };
       nixops-digitalocean = callPackage ./plugins/nixops-digitalocean.nix { };
       nixops-encrypted-links = callPackage ./plugins/nixops-encrypted-links.nix { };
-      nixops-gce = callPackage ./plugins/nixops-gce.nix { };
       nixops-hercules-ci = callPackage ./plugins/nixops-hercules-ci.nix { };
-      nixops-hetzner = callPackage ./plugins/nixops-hetzner.nix { };
-      nixops-hetznercloud = callPackage ./plugins/nixops-hetznercloud.nix { };
-      nixops-libvirtd = callPackage ./plugins/nixops-libvirtd.nix { };
       nixops-vbox = callPackage ./plugins/nixops-vbox.nix { };
       nixos-modules-contrib = callPackage ./plugins/nixos-modules-contrib.nix { };
 
+      nixops-gce = throw "nixops-gce was broken and was removed from nixpkgs";
+      nixops-libvirtd = throw "nixops-libvirtd was broken and was removed from nixpkgs";
+      nixops-hetzner = throw "nixops-hetzner was broken and was removed from nixpkgs";
+      nixops-hetznercloud = throw "nixops-hetznercloud was broken and was removed from nixpkgs";
+
       # aliases for backwards compatibility
-      nixops-gcp = nixops-gce;
       nixops-virtd = nixops-libvirtd;
       nixopsvbox = nixops-vbox;
     };
@@ -109,14 +109,11 @@ in
 
   # Not recommended; too fragile.
   nixops_unstable_full = minimal.withPlugins (ps: [
-    ps.nixops-aws
+    # currently broken
+    # ps.nixops-aws
     ps.nixops-digitalocean
     ps.nixops-encrypted-links
-    ps.nixops-gce
     ps.nixops-hercules-ci
-    ps.nixops-hetzner
-    ps.nixops-hetznercloud
-    ps.nixops-libvirtd
     ps.nixops-vbox
   ]);
 }
diff --git a/pkgs/applications/networking/cluster/nixops/plugins/nixops-aws.nix b/pkgs/applications/networking/cluster/nixops/plugins/nixops-aws.nix
index 44671b0809ed..895794d3e0f6 100644
--- a/pkgs/applications/networking/cluster/nixops/plugins/nixops-aws.nix
+++ b/pkgs/applications/networking/cluster/nixops/plugins/nixops-aws.nix
@@ -53,6 +53,7 @@ buildPythonPackage {
     description = "AWS plugin for NixOps";
     homepage = "https://github.com/NixOS/nixops-aws";
     license = licenses.lgpl3Only;
+    broken = true; # fails with `nose-1.3.7 not supported for interpreter python3.12`
     maintainers = nixops.meta.maintainers;
   };
 }
diff --git a/pkgs/applications/networking/cluster/nixops/plugins/nixops-gce.nix b/pkgs/applications/networking/cluster/nixops/plugins/nixops-gce.nix
deleted file mode 100644
index 8f179e6755b4..000000000000
--- a/pkgs/applications/networking/cluster/nixops/plugins/nixops-gce.nix
+++ /dev/null
@@ -1,55 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, unstableGitUpdater
-, poetry-core
-, cryptography
-, libcloud
-, nixops
-, nixos-modules-contrib
-}:
-
-buildPythonPackage {
-  pname = "nixops-gce";
-  version = "0-unstable-2023-05-26";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "nix-community";
-    repo = "nixops-gce";
-    rev = "d13cb794aef763338f544010ceb1816fe31d7f42";
-    hash = "sha256-UkYf6CoUrr8yuQoe/ik6vu+UCi3ByJd0BdkS9SLEp0Q=";
-  };
-
-  postPatch = ''
-    substituteInPlace pyproject.toml \
-    --replace poetry.masonry.api poetry.core.masonry.api \
-    --replace "poetry>=" "poetry-core>="
-  '';
-
-  nativeBuildInputs = [
-    poetry-core
-  ];
-
-  buildInputs = [
-    nixops
-  ];
-
-  propagatedBuildInputs = [
-    cryptography
-    libcloud
-    nixos-modules-contrib
-  ];
-
-  pythonImportsCheck = [ "nixops_gcp" ];
-
-  passthru.updateScript = unstableGitUpdater {};
-
-  meta = with lib; {
-    description = "NixOps Google Cloud Backend";
-    homepage = "https://github.com/nix-community/nixops-gce";
-    license = licenses.mit;
-    maintainers = nixops.meta.maintainers;
-    broken = true; # never built on Hydra
-  };
-}
diff --git a/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetzner.nix b/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetzner.nix
deleted file mode 100644
index 092a932a47cc..000000000000
--- a/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetzner.nix
+++ /dev/null
@@ -1,57 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, unstableGitUpdater
-, poetry-core
-, hetzner
-, nixops
-, nixos-modules-contrib
-, typing-extensions
-}:
-
-buildPythonPackage {
-  pname = "nixops-hetzner";
-  version = "1.0.1-unstable-2022-04-24";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "NixOS";
-    repo = "nixops-hetzner";
-    rev = "bc7a68070c7371468bcc8bf6e36baebc6bd2da35";
-    hash = "sha256-duK1Ui4VpbGSgGvfjTOddHSqHZ1FSy4L9Egg+FvZv04=";
-  };
-
-  postPatch = ''
-    substituteInPlace pyproject.toml \
-    --replace poetry.masonry.api poetry.core.masonry.api \
-    --replace "poetry>=" "poetry-core>="
-  '';
-
-  nativeBuildInputs = [
-    poetry-core
-  ];
-
-  buildInputs = [
-    nixops
-  ];
-
-  propagatedBuildInputs = [
-    hetzner
-    nixos-modules-contrib
-    typing-extensions
-  ];
-
-  pythonImportsCheck = [ "nixops_hetzner" ];
-
-  passthru.updateScript = unstableGitUpdater {
-    tagPrefix = "v";
-  };
-
-  meta = with lib; {
-    description = "Hetzner bare metal NixOps plugin";
-    homepage = "https://github.com/NixOS/nixops-hetzner";
-    license = licenses.mit;
-    maintainers = nixops.meta.maintainers;
-    broken = true; # never built on Hydra
-  };
-}
diff --git a/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetznercloud.nix b/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetznercloud.nix
deleted file mode 100644
index 6e9a4b742e30..000000000000
--- a/pkgs/applications/networking/cluster/nixops/plugins/nixops-hetznercloud.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, unstableGitUpdater
-, poetry-core
-, hcloud
-, nixops
-, typing-extensions
-}:
-
-buildPythonPackage {
-  pname = "nixops-hetznercloud";
-  version = "0-unstable-2023-02-19";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "lukebfox";
-    repo = "nixops-hetznercloud";
-    rev = "e14f340f7ffe9e2aa7ffbaac0b8a2e3b4cc116b3";
-    hash = "sha256-IsRJUUAfN6YXcue80qlcunkawUtgMiMU8mM6DP+7Cm4=";
-  };
-
-  postPatch = ''
-    substituteInPlace pyproject.toml \
-    --replace poetry.masonry.api poetry.core.masonry.api \
-    --replace "poetry>=" "poetry-core>="
-  '';
-
-  nativeBuildInputs = [
-    poetry-core
-  ];
-
-  buildInputs = [
-    nixops
-  ];
-
-  propagatedBuildInputs = [
-    hcloud
-    typing-extensions
-  ];
-
-  pythonImportsCheck = [ "nixops_hetznercloud" ];
-
-  passthru.updateScript = unstableGitUpdater {};
-
-  meta = with lib; {
-    description = "NixOps plugin supporting Hetzner Cloud deployments";
-    homepage = "https://github.com/lukebfox/nixops-hetznercloud";
-    license = licenses.lgpl3Only;
-    maintainers = with maintainers; [ lukebfox ];
-    broken = true; # never built on Hydra
-  };
-}
diff --git a/pkgs/applications/networking/cluster/nixops/plugins/nixops-libvirtd.nix b/pkgs/applications/networking/cluster/nixops/plugins/nixops-libvirtd.nix
deleted file mode 100644
index a315a7e2ae9b..000000000000
--- a/pkgs/applications/networking/cluster/nixops/plugins/nixops-libvirtd.nix
+++ /dev/null
@@ -1,53 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, unstableGitUpdater
-, poetry-core
-, libvirt
-, nixops
-}:
-
-buildPythonPackage {
-  pname = "nixops-libvirtd";
-  version = "1.0.0-unstable-2023-09-01";
-  pyproject = true;
-
-  src = fetchFromGitHub {
-    owner = "nix-community";
-    repo = "nixops-libvirtd";
-    rev = "b59424bf53e74200d684a4bce1ae64d276e793a0";
-    hash = "sha256-HxJu8/hOPI5aCddTpna0mf+emESYN3ZxpTkitfKcfVQ=";
-  };
-
-  postPatch = ''
-    substituteInPlace pyproject.toml \
-    --replace poetry.masonry.api poetry.core.masonry.api \
-    --replace "poetry>=" "poetry-core>="
-  '';
-
-  nativeBuildInputs = [
-    poetry-core
-  ];
-
-  buildInputs = [
-    nixops
-  ];
-
-  propagatedBuildInputs = [
-    libvirt
-  ];
-
-  pythonImportsCheck = [ "nixops_virtd" ];
-
-  passthru.updateScript = unstableGitUpdater {
-    tagPrefix = "v";
-  };
-
-  meta = with lib; {
-    description = "NixOps libvirtd backend plugin";
-    homepage = "https://github.com/nix-community/nixops-libvirtd";
-    license = licenses.lgpl3Only;
-    maintainers = with maintainers; [ aminechikhaoui ];
-    broken = true; # never built on Hydra
-  };
-}
diff --git a/pkgs/applications/networking/cluster/tfautomv/default.nix b/pkgs/applications/networking/cluster/tfautomv/default.nix
index fc9dadbf37b6..efabad7ed89b 100644
--- a/pkgs/applications/networking/cluster/tfautomv/default.nix
+++ b/pkgs/applications/networking/cluster/tfautomv/default.nix
@@ -5,16 +5,19 @@
 
 buildGoModule rec {
   pname = "tfautomv";
-  version = "0.5.4";
+  version = "0.6.2";
 
   src = fetchFromGitHub {
     owner = "busser";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-irB0Kfd8eqIKq0ooJRxB0X4t2/1aFCNYRwaG6lAw3ic=";
+    hash = "sha256-qUeIbHJqxGkt2esMm4w6fM52ZE16jWnxugVXxqBh1Qc=";
   };
 
-  vendorHash = "sha256-Wc5hpiHL5I01IodcHX0IzeKfthkFS7SuUxmaxOU6WkA=";
+  # checks require unfree programs like terraform/terragrunt
+  doCheck = false;
+
+  vendorHash = "sha256-BZ8IhVPxZTPQXBotFBrxV3dfwvst0te8R84I/urq3gY=";
 
   ldflags = [ "-s" "-w" ];
 
diff --git a/pkgs/applications/networking/ndppd/default.nix b/pkgs/applications/networking/ndppd/default.nix
index e5ea298a8dc9..65b5ee1269ee 100644
--- a/pkgs/applications/networking/ndppd/default.nix
+++ b/pkgs/applications/networking/ndppd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, gzip }:
+{ lib, stdenv, fetchFromGitHub, gzip, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "ndppd";
@@ -26,6 +26,8 @@ stdenv.mkDerivation rec {
     cp ndppd.conf-dist $out/etc/ndppd.conf
   '';
 
+  passthru.tests = { inherit (nixosTests) ndppd; };
+
   meta = with lib; {
     description = "Daemon that proxies NDP (Neighbor Discovery Protocol) messages between interfaces";
     homepage = "https://github.com/DanielAdolfsson/ndppd";
diff --git a/pkgs/applications/networking/p2p/deluge/default.nix b/pkgs/applications/networking/p2p/deluge/default.nix
index 8c3d76d755f7..241f2a02e803 100644
--- a/pkgs/applications/networking/p2p/deluge/default.nix
+++ b/pkgs/applications/networking/p2p/deluge/default.nix
@@ -8,6 +8,7 @@
 , gobject-introspection
 , librsvg
 , wrapGAppsHook3
+, nixosTests
 }:
 
 let
@@ -87,6 +88,8 @@ let
         done
       '';
 
+      passthru.tests = { inherit (nixosTests) deluge; };
+
       meta = with lib; {
         description = "Torrent client";
         homepage = "https://deluge-torrent.org";
diff --git a/pkgs/applications/networking/remote/xrdp/default.nix b/pkgs/applications/networking/remote/xrdp/default.nix
index 6e2f10ee8e47..ff301d690941 100644
--- a/pkgs/applications/networking/remote/xrdp/default.nix
+++ b/pkgs/applications/networking/remote/xrdp/default.nix
@@ -21,6 +21,7 @@
 , libjpeg_turbo
 , _experimental-update-script-combinators
 , gitUpdater
+, nixosTests
 }:
 
 let
@@ -159,6 +160,9 @@ let
         { command = ["rm" "update-git-commits.txt"]; }
         (gitUpdater { rev-prefix = "v"; attrPath = "xrdp.xorgxrdp"; })
       ]);
+      tests = {
+        inherit (nixosTests) xrdp;
+      };
     };
 
     meta = with lib; {
diff --git a/pkgs/applications/office/roam-research/common.nix b/pkgs/applications/office/roam-research/common.nix
index 19e51e7b0eae..00cbbf009096 100644
--- a/pkgs/applications/office/roam-research/common.nix
+++ b/pkgs/applications/office/roam-research/common.nix
@@ -1,22 +1,22 @@
 { fetchurl }:
 let
   pname = "roam-research";
-  version = "0.0.19";
+  version = "0.0.22";
 in
 {
   inherit pname version;
   sources = {
     x86_64-darwin = fetchurl {
       url = "https://roam-electron-deploy.s3.us-east-2.amazonaws.com/Roam+Research-${version}.dmg";
-      hash = "sha256-pIH4p7dnmyOgGyruSJ39xB8iJ45wtxcIQmfUeBLlDes=";
+      hash = "sha256-GA9m4z+3Dy87Dz/YPG5MYbREQ1cEAdX/MJvkAJ/fe34=";
     };
     aarch64-darwin = fetchurl {
       url = "https://roam-electron-deploy.s3.us-east-2.amazonaws.com/Roam+Research-${version}-arm64.dmg";
-      hash = "sha256-iQRaaSU033t3WVWZSKuXCPJbMoNpwLnDHBz5QURu6Gw=";
+      hash = "sha256-+lgV5TpTzN7mJvvVEpBbmq+aBOBKy1CpYkMNhfoxhK0=";
     };
     x86_64-linux = fetchurl {
       url = "https://roam-electron-deploy.s3.us-east-2.amazonaws.com/${pname}_${version}_amd64.deb";
-      hash = "sha256-eDN+hrAc+ePRELcXAs5WypzPlJ+Wtg3kUarf8rq5CnA=";
+      hash = "sha256-HVGytdP5fkQQABeL9y869GZioutvnBHrwPprAjfBbFg=";
     };
   };
 }
diff --git a/pkgs/applications/office/roam-research/darwin.nix b/pkgs/applications/office/roam-research/darwin.nix
index 372186f551f1..721e9e8fc7e9 100644
--- a/pkgs/applications/office/roam-research/darwin.nix
+++ b/pkgs/applications/office/roam-research/darwin.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, undmg, fetchurl }:
+{ lib, stdenv, _7zz, fetchurl }:
 let
   common = import ./common.nix { inherit fetchurl; };
   inherit (stdenv.hostPlatform) system;
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
 
   sourceRoot = ".";
 
-  nativeBuildInputs = [ undmg ];
+  nativeBuildInputs = [ _7zz ];
   installPhase = ''
     runHook preInstall
 
diff --git a/pkgs/applications/version-management/cgit/common.nix b/pkgs/applications/version-management/cgit/common.nix
index b0ed32eb0222..d5dab65bd4a9 100644
--- a/pkgs/applications/version-management/cgit/common.nix
+++ b/pkgs/applications/version-management/cgit/common.nix
@@ -1,5 +1,6 @@
 { pname, version, src, gitSrc, buildInputs ? []
 , homepage, description, maintainers
+, passthru ? {}
 }:
 
 { lib, stdenv, openssl, zlib, asciidoc, libxml2, libxslt
@@ -10,7 +11,7 @@
 }:
 
 stdenv.mkDerivation {
-  inherit pname version src gitSrc;
+  inherit pname version src gitSrc passthru;
 
   separateDebugInfo = true;
 
diff --git a/pkgs/applications/version-management/cgit/default.nix b/pkgs/applications/version-management/cgit/default.nix
index f6a0af102303..0fe86683d5fa 100644
--- a/pkgs/applications/version-management/cgit/default.nix
+++ b/pkgs/applications/version-management/cgit/default.nix
@@ -1,4 +1,4 @@
-{ lib, fetchurl, callPackage, luajit }:
+{ lib, fetchurl, callPackage, luajit, nixosTests }:
 
 callPackage (import ./common.nix rec {
   pname = "cgit";
@@ -19,6 +19,8 @@ callPackage (import ./common.nix rec {
 
   buildInputs = [ luajit ];
 
+  passthru.tests = { inherit (nixosTests) cgit; };
+
   homepage = "https://git.zx2c4.com/cgit/about/";
   description = "Web frontend for git repositories";
   maintainers = with lib.maintainers; [ bjornfor ];
diff --git a/pkgs/applications/version-management/glab/default.nix b/pkgs/applications/version-management/glab/default.nix
index 9f3e08464dd3..31af00105113 100644
--- a/pkgs/applications/version-management/glab/default.nix
+++ b/pkgs/applications/version-management/glab/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "glab";
-  version = "1.41.0";
+  version = "1.45.0";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "cli";
     rev = "v${version}";
-    hash = "sha256-DvIp7eMBWKWQ5VW9MW391xnUz8o1KNz1mkJtu7YVILo=";
+    hash = "sha256-jTpddpS+FYSQg2aRxQiVlG+bitiIqmZ4kxOJLPZkICo=";
   };
 
-  vendorHash = "sha256-WM19Kx2b31e4/iA92U9FUuF8R1DMvbKotE2D9HpLQpQ=";
+  vendorHash = "sha256-o0sYObTeDgG+3X3YEnDbk1h4DkEiMwEgYMF7hGjCL3Q=";
 
   ldflags = [
     "-s"
diff --git a/pkgs/applications/version-management/legit-web/default.nix b/pkgs/applications/version-management/legit-web/default.nix
index af340bd22eaf..ae76752f70c3 100644
--- a/pkgs/applications/version-management/legit-web/default.nix
+++ b/pkgs/applications/version-management/legit-web/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -24,6 +25,8 @@ buildGoModule rec {
     cp -r $src/static/* $out/lib/legit/static
   '';
 
+  passthru.tests = { inherit (nixosTests) legit; };
+
   meta = {
     description = "Web frontend for git";
     homepage = "https://github.com/icyphox/legit";
diff --git a/pkgs/applications/version-management/rabbitvcs/default.nix b/pkgs/applications/version-management/rabbitvcs/default.nix
deleted file mode 100644
index 7cc0a92d4c94..000000000000
--- a/pkgs/applications/version-management/rabbitvcs/default.nix
+++ /dev/null
@@ -1,46 +0,0 @@
-{ fetchFromGitHub, lib, python3Packages, meld, subversion, gvfs, xdg-utils, gtk3 }:
-
-python3Packages.buildPythonApplication rec {
-  pname = "rabbitvcs";
-  version = "0.18";
-  namePrefix = "";
-
-  src = fetchFromGitHub {
-    owner = "rabbitvcs";
-    repo = "rabbitvcs";
-    rev = "v${version}";
-    hash = "sha256-gVrdf8vQWAGORZqlTS/axs4U7aZlS8OAgPM3iKgqAtM=";
-  };
-
-  buildInputs = [ gtk3 ];
-  pythonPath = with python3Packages; [ configobj pygobject3 pysvn dulwich tkinter gvfs xdg-utils ];
-
-  prePatch = ''
-      sed -ie 's|if sys\.argv\[1\] == "install":|if False:|' ./setup.py
-      sed -ie "s|PREFIX = sys.prefix|PREFIX = \"$out\"|" ./setup.py
-      sed -ie 's|/usr/bin/meld|${meld}/bin/meld|' ./rabbitvcs/util/configspec/configspec.ini
-      sed -ie 's|/usr/bin/svnadmin|${subversion.out}/bin/svnadmin|' ./rabbitvcs/ui/create.py
-      sed -ie "s|/usr/share/doc|$out/share/doc|" ./rabbitvcs/ui/about.py
-      sed -ie "s|gnome-open|xdg-open|" ./rabbitvcs/util/helper.py
-    '';
-
-  outputs = [ "out" "cli" ];
-
-  postInstall = ''
-    mkdir -p $cli/bin
-    cp clients/cli/rabbitvcs $cli/bin
-    wrapPythonProgramsIn $cli "$out $pythonPath"
-  '';
-
-  doCheck = false;
-
-  meta = {
-    description = "Graphical tools for working with version control systems";
-    homepage = "http://rabbitvcs.org/";
-    license = lib.licenses.gpl2Plus;
-    platforms = lib.platforms.linux;
-    maintainers = [ lib.maintainers.mathnerd314 ];
-    # ModuleNotFoundError: No module named 'rabbitvcs'
-    broken = true; # Added 2024-01-28
-  };
-}
diff --git a/pkgs/applications/video/ustreamer/default.nix b/pkgs/applications/video/ustreamer/default.nix
index b612584d8b0f..512e6e8515c8 100644
--- a/pkgs/applications/video/ustreamer/default.nix
+++ b/pkgs/applications/video/ustreamer/default.nix
@@ -12,6 +12,7 @@
 , speex
 , jansson
 , libopus
+, nixosTests
 , withJanus ? true
 }:
 stdenv.mkDerivation rec {
@@ -53,6 +54,8 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  passthru.tests = { inherit (nixosTests) ustreamer; };
+
   meta = with lib; {
     homepage = "https://github.com/pikvm/ustreamer";
     description = "Lightweight and fast MJPG-HTTP streamer";
diff --git a/pkgs/applications/window-managers/i3/default.nix b/pkgs/applications/window-managers/i3/default.nix
index 6438eee19525..9b66a3279f8d 100644
--- a/pkgs/applications/window-managers/i3/default.nix
+++ b/pkgs/applications/window-managers/i3/default.nix
@@ -3,6 +3,7 @@
 , yajl, xcb-util-cursor, perl, pango, perlPackages, libxkbcommon
 , xorgserver, xvfb-run, xdotool, xorg, which
 , asciidoc, xmlto, docbook_xml_dtd_45, docbook_xsl, findXMLCatalogs
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -78,6 +79,9 @@ stdenv.mkDerivation rec {
 
   separateDebugInfo = true;
 
+  passthru.tests = { inherit (nixosTests) i3wm; };
+
+
   meta = with lib; {
     description = "Tiling window manager";
     homepage    = "https://i3wm.org";
diff --git a/pkgs/applications/window-managers/tinywl/default.nix b/pkgs/applications/window-managers/tinywl/default.nix
index d39373e78192..06d2d8d72f8a 100644
--- a/pkgs/applications/window-managers/tinywl/default.nix
+++ b/pkgs/applications/window-managers/tinywl/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, wlroots, pkg-config, wayland-scanner
 , libxkbcommon, pixman, udev, wayland, wayland-protocols
+, nixosTests
 }:
 
 stdenv.mkDerivation {
@@ -18,6 +19,8 @@ stdenv.mkDerivation {
     runHook postInstall
   '';
 
+  passthru.tests = { inherit (nixosTests) tinywl; };
+
   meta = {
     homepage = "https://gitlab.freedesktop.org/wlroots/wlroots/tree/master/tinywl";
     description = ''A "minimum viable product" Wayland compositor based on wlroots'';
diff --git a/pkgs/applications/window-managers/yabar/build.nix b/pkgs/applications/window-managers/yabar/build.nix
index edeeaf5fbf65..25ab000594aa 100644
--- a/pkgs/applications/window-managers/yabar/build.nix
+++ b/pkgs/applications/window-managers/yabar/build.nix
@@ -62,6 +62,8 @@ stdenv.mkDerivation {
     }
   '';
 
+  #passthru.tests = { inherit (nixosTests) yabar; }; # nixos currently uses yabar-unstable
+
   meta = with lib; {
     description = "Modern and lightweight status bar for X window managers";
     homepage    = "https://github.com/geommer/yabar";
diff --git a/pkgs/applications/window-managers/yabar/unstable.nix b/pkgs/applications/window-managers/yabar/unstable.nix
index 47c8f6c5e568..cb43c4e0b95e 100644
--- a/pkgs/applications/window-managers/yabar/unstable.nix
+++ b/pkgs/applications/window-managers/yabar/unstable.nix
@@ -1,4 +1,4 @@
-{ fetchpatch, playerctl, libxkbcommon, callPackage, attrs ? {} }:
+{ fetchpatch, playerctl, libxkbcommon, callPackage, nixosTests, attrs ? {} }:
 
 let
   pkg = callPackage ./build.nix ({
@@ -22,4 +22,11 @@ in pkg.overrideAttrs (o: {
       sha256 = "1q7nd66ai6nr2m6iqxn55gvbr4r5gjc00c8wyjc3riv31qcbqbhv";
     })
   ];
+
+  passthru = (o.passthru or {}) // {
+    tests = (o.passthru.tests or {}) // {
+      inherit (nixosTests) yabar;
+    };
+  };
+
 })
diff --git a/pkgs/by-name/_2/_2ship2harkinian/package.nix b/pkgs/by-name/_2/_2ship2harkinian/package.nix
index 583e2864a112..2af660495cdd 100644
--- a/pkgs/by-name/_2/_2ship2harkinian/package.nix
+++ b/pkgs/by-name/_2/_2ship2harkinian/package.nix
@@ -77,7 +77,7 @@ let
       rev = "v${version}";
       hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
     };
-    buildInputs = prev.buildInputs ++ [ pkg-config ];
+    nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
     patches = (prev.patches or [ ]) ++ [
       (fetchpatch {
         name = "stormlib-optimizations.patch";
diff --git a/pkgs/by-name/ar/argc/package.nix b/pkgs/by-name/ar/argc/package.nix
index 3fceb4af1e46..df9b4f6780e1 100644
--- a/pkgs/by-name/ar/argc/package.nix
+++ b/pkgs/by-name/ar/argc/package.nix
@@ -14,16 +14,16 @@ let
 in
 rustPlatform.buildRustPackage rec {
   pname = "argc";
-  version = "1.20.0";
+  version = "1.20.1";
 
   src = fetchFromGitHub {
     owner = "sigoden";
     repo = "argc";
     rev = "v${version}";
-    hash = "sha256-Oh2vV4Dr4suVEGrwGNyzVlKrOh+lXwdEwDPNzFzqmOo=";
+    hash = "sha256-pOkZmk7boFPqHHBDet/on6Y8V2Ik+hpqN0cUtY0BiR0=";
   };
 
-  cargoHash = "sha256-3zVO0ZAL+npijGg6/Idb7MD80WW5vi1qxbZqCwwhmIU=";
+  cargoHash = "sha256-FxhDnTy/KAeN0Zd5I12EUgXRc0VhHN0lRm5DQyCinyw=";
 
   nativeBuildInputs = [ installShellFiles ] ++ lib.optional (!canExecuteHost) buildPackages.argc;
 
diff --git a/pkgs/by-name/ar/artalk/package.nix b/pkgs/by-name/ar/artalk/package.nix
index ff2e0be2abdc..a9918059d6ad 100644
--- a/pkgs/by-name/ar/artalk/package.nix
+++ b/pkgs/by-name/ar/artalk/package.nix
@@ -7,6 +7,7 @@
   installShellFiles,
   stdenv,
   testers,
+  nixosTests,
 }:
 buildGoModule rec {
   pname = "artalk";
@@ -56,6 +57,7 @@ buildGoModule rec {
 
   passthru.tests = {
     version = testers.testVersion { package = artalk; };
+    inherit (nixosTests) artalk;
   };
 
   meta = {
diff --git a/pkgs/by-name/ca/cano/allow-read-only-store-help-page.patch b/pkgs/by-name/ca/cano/allow-read-only-store-help-page.patch
new file mode 100644
index 000000000000..174d15fc82c6
--- /dev/null
+++ b/pkgs/by-name/ca/cano/allow-read-only-store-help-page.patch
@@ -0,0 +1,42 @@
+diff --git a/src/main.c b/src/main.c
+index 993a76f..de5b2c5 100644
+--- a/src/main.c
++++ b/src/main.c
+@@ -6,12 +6,8 @@ _Static_assert(sizeof(string_modes)/sizeof(*string_modes) == MODE_COUNT, "Number
+ char *get_help_page(char *page) {
+     if (page == NULL) return NULL;
+ 
+-    char *env = getenv("HOME");
+-    if(env == NULL) CRASH("could not get HOME");
+-
+-    char *help_page = calloc(128, sizeof(char));
+-    if (help_page == NULL) CRASH("could not calloc memory for help page");
+-    snprintf(help_page, 128, "%s/.local/share/cano/help/%s", env, page);
++    char *help_page;
++    asprintf(&help_page, "@help@/%s", page);
+ 
+     // check if file exists
+     struct stat st;
+diff --git a/src/tools.c b/src/tools.c
+index 220d7a1..4ce211e 100644
+--- a/src/tools.c
++++ b/src/tools.c
+@@ -63,6 +63,9 @@ void free_undo_stack(Undo_Stack *undo) {
+ 
+ void handle_save(Buffer *buffer) {
+     FILE *file = fopen(buffer->filename, "w");
++
++    if (file == NULL)
++        return;
+     fwrite(buffer->data.data, buffer->data.count, sizeof(char), file);
+     fclose(file);
+ }
+@@ -72,7 +75,7 @@ Buffer *load_buffer_from_file(char *filename) {
+     size_t filename_s = strlen(filename)+1;
+     buffer->filename = calloc(filename_s, sizeof(char));
+     strncpy(buffer->filename, filename, filename_s);
+-    FILE *file = fopen(filename, "a+");
++    FILE *file = fopen(filename, "r");
+     if(file == NULL) CRASH("Could not open file");
+     fseek(file, 0, SEEK_END);
+     size_t length = ftell(file);
diff --git a/pkgs/by-name/ca/cano/package.nix b/pkgs/by-name/ca/cano/package.nix
index 2c4d148c70e2..5702ce5fb19f 100644
--- a/pkgs/by-name/ca/cano/package.nix
+++ b/pkgs/by-name/ca/cano/package.nix
@@ -1,34 +1,55 @@
-{ stdenv
-, lib
-, fetchFromGitHub
-, gnumake
-, ncurses
+{
+  stdenv,
+  lib,
+  fetchFromGitHub,
+  installShellFiles,
+  ncurses,
 }:
 stdenv.mkDerivation (finalAttrs: {
   pname = "cano";
-  version = "0.1.0-alpha";
+  version = "0.2.0-alpha";
 
   src = fetchFromGitHub {
     owner = "CobbCoding1";
     repo = "Cano";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-BKbBDN7xZwlNzw7UFgX+PD9UXbr9FtELo+PlbfSHyRY=";
+    hash = "sha256-OaWj0AKw3+sEhcAbIjgOLfxwCKRG6O1k+zSp0GnnFn8=";
   };
 
-  buildInputs = [ gnumake ncurses ];
-  hardeningDisable = [ "format" "fortify" ];
+  patches = [ ./allow-read-only-store-help-page.patch ];
+
+  postPatch = ''
+    substituteInPlace src/main.c \
+      --replace-fail "@help@" "${placeholder "out"}/share/help"
+  '';
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  buildInputs = [ ncurses ];
+
+  hardeningDisable = [
+    "format"
+    "fortify"
+  ];
 
   installPhase = ''
-    mkdir -p $out/bin
-    cp build/cano $out/bin
+    runHook preInstall
+
+    install -Dm755 build/cano -t $out/bin
+
+    mkdir -p $out/share
+    cp -r docs/help $out/share
+    installManPage docs/cano.1
+
+    runHook postInstall
   '';
 
   meta = {
-     description = "Text Editor Written In C Using ncurses";
-     homepage = "https://github.com/CobbCoding1/Cano";
-     license = lib.licenses.asl20;
-     mainProgram = "Cano";
-     maintainers = with lib.maintainers; [ sigmanificient ];
-     platforms = lib.platforms.linux;
+    description = "Text Editor Written In C Using ncurses";
+    homepage = "https://github.com/CobbCoding1/Cano";
+    license = lib.licenses.asl20;
+    mainProgram = "Cano";
+    maintainers = with lib.maintainers; [ sigmanificient ];
+    platforms = lib.platforms.linux;
   };
 })
diff --git a/pkgs/by-name/ce/certmgr/package.nix b/pkgs/by-name/ce/certmgr/package.nix
index e5579125a2ca..1063b4f61096 100644
--- a/pkgs/by-name/ce/certmgr/package.nix
+++ b/pkgs/by-name/ce/certmgr/package.nix
@@ -1,6 +1,7 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -18,6 +19,9 @@ buildGoModule rec {
 
   ldflags = [ "-s" "-w" ];
 
+  passthru.tests = { inherit (nixosTests) certmgr; };
+
+
   meta = with lib; {
     homepage = "https://cfssl.org/";
     description = "Cloudflare's automated certificate management using a CFSSL CA";
diff --git a/pkgs/by-name/cl/clang-uml/package.nix b/pkgs/by-name/cl/clang-uml/package.nix
index 9c037fb30be6..ec1f03499619 100644
--- a/pkgs/by-name/cl/clang-uml/package.nix
+++ b/pkgs/by-name/cl/clang-uml/package.nix
@@ -17,13 +17,13 @@
 }:
 stdenv.mkDerivation (finalAttrs: {
   pname = "clang-uml";
-  version = "0.5.3";
+  version = "0.5.4";
 
   src = fetchFromGitHub {
     owner = "bkryza";
     repo = "clang-uml";
     rev = finalAttrs.version;
-    hash = "sha256-ghnbOjVYw0zdFK/SDJ3sOObu6I7ROVNzYl1hovWju/Q=";
+    hash = "sha256-PEzTvwW/wUg8wgKjeNGbpgpP3SH2sVWRYc6o3gFjxx0=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/by-name/cu/cue/package.nix b/pkgs/by-name/cu/cue/package.nix
index b2f8359419e0..d10db99f55ac 100644
--- a/pkgs/by-name/cu/cue/package.nix
+++ b/pkgs/by-name/cu/cue/package.nix
@@ -9,16 +9,16 @@
 
 buildGoModule rec {
   pname = "cue";
-  version = "0.9.2";
+  version = "0.10.0";
 
   src = fetchFromGitHub {
     owner = "cue-lang";
     repo = "cue";
     rev = "v${version}";
-    hash = "sha256-C3BvI43oo71y19ZRflqhKRQF7DwBBOV0yRlutv+W18g=";
+    hash = "sha256-GvReoBP8QCdrKxox8yPLZEk5YvTvwr7kflpS/jN8GTg=";
   };
 
-  vendorHash = "sha256-FsFignBh669E60S8l8siQHLzeSfB5X/XOHBXPMDX3Cg=";
+  vendorHash = "sha256-sLTpra7JwgF4l1UCrUtzQA4xrP4OqxBcZ1qEssBdFtk=";
 
   subPackages = [ "cmd/*" ];
 
diff --git a/pkgs/by-name/da/davis/package.nix b/pkgs/by-name/da/davis/package.nix
index 58b1bf099fe8..1fa809859387 100644
--- a/pkgs/by-name/da/davis/package.nix
+++ b/pkgs/by-name/da/davis/package.nix
@@ -2,6 +2,7 @@
   lib,
   fetchFromGitHub,
   php,
+  nixosTests,
 }:
 
 php.buildComposerProject (finalAttrs: {
@@ -25,6 +26,10 @@ php.buildComposerProject (finalAttrs: {
     rm -rf "$out/share"
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) davis;
+  };
+
   meta = {
     changelog = "https://github.com/tchapi/davis/releases/tag/v${finalAttrs.version}";
     homepage = "https://github.com/tchapi/davis";
diff --git a/pkgs/by-name/db/dbgate/package.nix b/pkgs/by-name/db/dbgate/package.nix
index 5a1cea91a228..ab62dee5f391 100644
--- a/pkgs/by-name/db/dbgate/package.nix
+++ b/pkgs/by-name/db/dbgate/package.nix
@@ -7,21 +7,21 @@
 }:
 let
   pname = "dbgate";
-  version = "5.3.1";
+  version = "5.3.4";
   src =
     fetchurl
       {
         aarch64-linux = {
           url = "https://github.com/dbgate/dbgate/releases/download/v${version}/dbgate-${version}-linux_arm64.AppImage";
-          hash = "sha256-Qz0VA2pHT8muw9RdLg7Y3w3mJ3ubFnqf4dmfdZdnJHI=";
+          hash = "sha256-szG0orYBB1+DE9Vwjq0sluIaLDBlWOScKuruJR4iQKg=";
         };
         x86_64-linux = {
           url = "https://github.com/dbgate/dbgate/releases/download/v${version}/dbgate-${version}-linux_x86_64.AppImage";
-          hash = "sha256-H/2Tb6ZnO6LJx+rv/ADdItaRMP95x4G3lPNK0sbZn9I=";
+          hash = "sha256-C0BJ3dydaeV8ypc8c0EDiMBhvByLAKuKTGHOozqbd+w=";
         };
         x86_64-darwin = {
           url = "https://github.com/dbgate/dbgate/releases/download/v${version}/dbgate-${version}-mac_x64.dmg";
-          hash = "sha256-gZrfv9qe2arytVgiYtX9uwfwC4Z30SHEDiBUXcpF968=";
+          hash = "sha256-WwUpFFeZ9NmosHZqrHCbsz673fSbdQvwxhEvz/6JJtw=";
         };
       }
       .${stdenv.system} or (throw "dbgate: ${stdenv.system} is unsupported.");
diff --git a/pkgs/by-name/fa/fail2ban/package.nix b/pkgs/by-name/fa/fail2ban/package.nix
index 00ea39b40a2b..6425f814f2d5 100644
--- a/pkgs/by-name/fa/fail2ban/package.nix
+++ b/pkgs/by-name/fa/fail2ban/package.nix
@@ -4,6 +4,7 @@
 , fetchpatch
 , python3
 , installShellFiles
+, nixosTests
 }:
 
 python3.pkgs.buildPythonApplication rec {
@@ -87,6 +88,8 @@ python3.pkgs.buildPythonApplication rec {
       rm -r "${sitePackages}/usr"
     '';
 
+  passthru.tests = { inherit (nixosTests) fail2ban; };
+
   meta = with lib; {
     homepage = "https://www.fail2ban.org/";
     description = "Program that scans log files for repeated failing login attempts and bans IP addresses";
diff --git a/pkgs/applications/graphics/flaca/default.nix b/pkgs/by-name/fl/flaca/package.nix
index b2d82b458b49..bec47b7b302c 100644
--- a/pkgs/applications/graphics/flaca/default.nix
+++ b/pkgs/by-name/fl/flaca/package.nix
@@ -1,14 +1,15 @@
-{ lib
-, fetchFromGitHub
-, rustPlatform
-, fetchurl
-, runCommand
-, lndir
+{
+  lib,
+  fetchFromGitHub,
+  rustPlatform,
+  fetchurl,
+  runCommand,
+  lndir,
 }:
 
 rustPlatform.buildRustPackage rec {
   pname = "flaca";
-  version = "2.4.6";
+  version = "3.1.6";
 
   src =
     let
@@ -16,11 +17,11 @@ rustPlatform.buildRustPackage rec {
         owner = "Blobfolio";
         repo = pname;
         rev = "v${version}";
-        hash = "sha256-uybEo098+Y92b2P9CniKFmaV8hQZFuOSthgQRGZ/ncc=";
+        hash = "sha256-mNCb9d7/nRWSkiir2bYkslw/F2GmjvE0cPi7HhzEN68=";
       };
       lockFile = fetchurl {
         url = "https://github.com/Blobfolio/flaca/releases/download/v${version}/Cargo.lock";
-        hash = "sha256-xAjpw71HgS6fILg5zNuc43s0fIqYcoUMMbCH65xrlww=";
+        hash = "sha256-tyxTgYEGROCtoiKPX57pF32UcfpDCuMdFSttZu++ju8=";
       };
     in
     runCommand "source-with-lock" { nativeBuildInputs = [ lndir ]; } ''
@@ -29,7 +30,9 @@ rustPlatform.buildRustPackage rec {
       lndir -silent ${source} $out
     '';
 
-  cargoHash = "sha256-w+PeuH6VFIu3iH5EXF6gEwyYoGeqXX0yd5jJs2NqisQ=";
+  nativeBuildInputs = [ rustPlatform.bindgenHook ];
+
+  cargoHash = "sha256-YYNWCJT5ZT36v4u4P3gtW/osor6eIvR8leqlQHHZYMk=";
 
   meta = with lib; {
     description = "CLI tool to losslessly compress JPEG and PNG images";
diff --git a/pkgs/by-name/fl/flexget/package.nix b/pkgs/by-name/fl/flexget/package.nix
index e080f4cfdb22..79203498ec6e 100644
--- a/pkgs/by-name/fl/flexget/package.nix
+++ b/pkgs/by-name/fl/flexget/package.nix
@@ -5,7 +5,7 @@
 
 python3.pkgs.buildPythonApplication rec {
   pname = "flexget";
-  version = "3.11.42";
+  version = "3.11.43";
   pyproject = true;
 
   # Fetch from GitHub in order to use `requirements.in`
@@ -13,7 +13,7 @@ python3.pkgs.buildPythonApplication rec {
     owner = "Flexget";
     repo = "Flexget";
     rev = "refs/tags/v${version}";
-    hash = "sha256-wDZXSQlIE1qQz463roHp3jepSFMZGSJAPOhKpuXTmG8=";
+    hash = "sha256-KX7Bvu4rt+Q7x2XkBiZMngAgqRKYu90EVi2oQ21o5AI=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/tools/flip-link/default.nix b/pkgs/by-name/fl/flip-link/package.nix
index b4ba056ee3b4..b4ba056ee3b4 100644
--- a/pkgs/development/tools/flip-link/default.nix
+++ b/pkgs/by-name/fl/flip-link/package.nix
diff --git a/pkgs/by-name/fo/forgejo/generic.nix b/pkgs/by-name/fo/forgejo/generic.nix
index 080789bec45e..a2a1e51850bc 100644
--- a/pkgs/by-name/fo/forgejo/generic.nix
+++ b/pkgs/by-name/fo/forgejo/generic.nix
@@ -17,8 +17,6 @@
 , nix-update-script
 , nixosTests
 , openssh
-, pam
-, pamSupport ? true
 , sqliteSupport ? true
 , xorg
 , runCommand
@@ -68,8 +66,6 @@ buildGoModule rec {
     makeWrapper
   ];
 
-  buildInputs = lib.optional pamSupport pam;
-
   nativeCheckInputs = [
     git
     openssh
@@ -83,8 +79,7 @@ buildGoModule rec {
     substituteInPlace modules/setting/server.go --subst-var data
   '';
 
-  tags = lib.optional pamSupport "pam"
-    ++ lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
+  tags = lib.optionals sqliteSupport [ "sqlite" "sqlite_unlock_notify" ];
 
   ldflags = [
     "-s"
@@ -115,7 +110,6 @@ buildGoModule rec {
       skippedTests = [
         "Test_SSHParsePublicKey/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
         "Test_calcFingerprint/dsa-1024/SSHKeygen" # dsa-1024 is deprecated in openssh and requires opting-in at compile time
-        "TestPamAuth" # we don't have PAM set up in the build sandbox
         "TestPassword" # requires network: api.pwnedpasswords.com
         "TestCaptcha" # requires network: hcaptcha.com
         "TestDNSUpdate" # requires network: release.forgejo.org
diff --git a/pkgs/by-name/ge/gerrit/package.nix b/pkgs/by-name/ge/gerrit/package.nix
index 1a905bd1fc39..c837ce497980 100644
--- a/pkgs/by-name/ge/gerrit/package.nix
+++ b/pkgs/by-name/ge/gerrit/package.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "gerrit";
@@ -30,6 +30,9 @@ stdenv.mkDerivation rec {
       "singleusergroup"
       "webhooks"
     ];
+    tests = {
+      inherit (nixosTests) gerrit;
+    };
   };
 
   meta = with lib; {
diff --git a/pkgs/by-name/go/gotenberg/package.nix b/pkgs/by-name/go/gotenberg/package.nix
index 40cb1e185bbd..92da454785b2 100644
--- a/pkgs/by-name/go/gotenberg/package.nix
+++ b/pkgs/by-name/go/gotenberg/package.nix
@@ -12,6 +12,7 @@
   makeFontsConf,
   liberation_ttf_v2,
   exiftool,
+  nixosTests,
   nix-update-script,
 }:
 let
@@ -81,6 +82,9 @@ buildGoModule rec {
   '';
 
   passthru.updateScript = nix-update-script { };
+  passthru.tests = {
+    inherit (nixosTests) gotenberg;
+  };
 
   meta = {
     description = "Converts numerous document formats into PDF files";
diff --git a/pkgs/by-name/gu/guix/package.nix b/pkgs/by-name/gu/guix/package.nix
index 8f9e4e4836b9..d3ea63a41311 100644
--- a/pkgs/by-name/gu/guix/package.nix
+++ b/pkgs/by-name/gu/guix/package.nix
@@ -29,6 +29,7 @@
 , bzip2
 , libgcrypt
 , sqlite
+, nixosTests
 
 , stateDir ? "/var"
 , storeDir ? "/gnu/store"
@@ -134,6 +135,10 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) guix;
+  };
+
   meta = with lib; {
     description = "Functional package manager with a Scheme interface";
     longDescription = ''
diff --git a/pkgs/by-name/ha/handheld-daemon/package.nix b/pkgs/by-name/ha/handheld-daemon/package.nix
index dbd20c286667..c0a289250704 100644
--- a/pkgs/by-name/ha/handheld-daemon/package.nix
+++ b/pkgs/by-name/ha/handheld-daemon/package.nix
@@ -8,14 +8,14 @@
 }:
 python3.pkgs.buildPythonApplication rec {
   pname = "handheld-daemon";
-  version = "3.3.7";
+  version = "3.3.8";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "hhd-dev";
     repo = "hhd";
     rev = "refs/tags/v${version}";
-    hash = "sha256-nRI1YrKBg7J14PQbWLLNaCI9p3v6Yl+Q506EOlSqqVc=";
+    hash = "sha256-15vG+e509CEagZ+G9FcfRmsdD8Jex8xUfdvEKlY+FaI=";
   };
 
   propagatedBuildInputs = with python3.pkgs; [
diff --git a/pkgs/by-name/li/libmrss/package.nix b/pkgs/by-name/li/libmrss/package.nix
new file mode 100644
index 000000000000..176d65549282
--- /dev/null
+++ b/pkgs/by-name/li/libmrss/package.nix
@@ -0,0 +1,43 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  curl,
+  libnxml,
+  autoreconfHook,
+  pkg-config,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "libmrss";
+  version = "0.19.4";
+
+  src = fetchFromGitHub {
+    owner = "bakulf";
+    repo = "libmrss";
+    rev = "refs/tags/${finalAttrs.version}";
+    hash = "sha256-sllY0Q8Ct7XJn4A3N8xQCUqaHXubPoB49gBZS1vURBs=";
+  };
+
+  postPatch = ''
+    touch NEWS # https://github.com/bakulf/libmrss/issues/3
+  '';
+
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+  ];
+
+  propagatedBuildInputs = [
+    curl
+    libnxml
+  ];
+
+  meta = {
+    homepage = "https://github.com/bakulf/libmrss";
+    description = "C library for parsing, writing and creating RSS/ATOM files or streams";
+    license = lib.licenses.lgpl2;
+    platforms = lib.platforms.all;
+    maintainers = with lib.maintainers; [ sigmanificient ];
+  };
+})
diff --git a/pkgs/by-name/li/libnxml/package.nix b/pkgs/by-name/li/libnxml/package.nix
new file mode 100644
index 000000000000..2e9ddfc91ef0
--- /dev/null
+++ b/pkgs/by-name/li/libnxml/package.nix
@@ -0,0 +1,30 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  autoreconfHook,
+  curl,
+}:
+
+stdenv.mkDerivation (finalAttrs: {
+  pname = "libnxml";
+  version = "0.18.5";
+
+  src = fetchFromGitHub {
+    owner = "bakulf";
+    repo = "libnxml";
+    rev = "refs/tags/${finalAttrs.version}";
+    hash = "sha256-6KI1bsfDgGJ4x8Wv7fcwCKm5AILa3jLnV53JY1g9B+M=";
+  };
+
+  nativeBuildInputs = [ autoreconfHook ];
+  buildInputs = [ curl ];
+
+  meta = {
+    homepage = "https://github.com/bakulf/libnxml";
+    description = "C library for parsing, writing and creating XML 1.0 and 1.1 files or streams";
+    license = lib.licenses.lgpl2;
+    platforms = lib.platforms.all;
+    maintainers = with lib.maintainers; [ sigmanificient ];
+  };
+})
diff --git a/pkgs/by-name/lo/logdy/package.nix b/pkgs/by-name/lo/logdy/package.nix
new file mode 100644
index 000000000000..9b2de9f74fe4
--- /dev/null
+++ b/pkgs/by-name/lo/logdy/package.nix
@@ -0,0 +1,60 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+  installShellFiles,
+}:
+
+buildGoModule rec {
+  pname = "logdy";
+  version = "0.13.0";
+
+  src = fetchFromGitHub {
+    owner = "logdyhq";
+    repo = "logdy-core";
+    rev = "v${version}";
+    hash = "sha256-HlIl/4C1wheAxc0ReUN8xQrXJ0djoO7E0qhRwyFHEiE=";
+  };
+
+  vendorHash = "sha256-kFhcbBMymzlJ+2zw7l09LJfCdps26Id+VzOehqrLDWU=";
+
+  ldflags = [
+    "-s"
+    "-w"
+  ];
+
+  nativeBuildInputs = [ installShellFiles ];
+
+  # After the build this derivation will generate two binaries.
+  # The first one is getting renamed based on the documentation
+  # The second one is just to launch a demo. This functionality could be achieved with the first one
+  postInstall = ''
+    mv $out/bin/logdy-core $out/bin/logdy
+    rm -f $out/bin/example-app
+
+    installShellCompletion --cmd logdy \
+      --bash <($out/bin/logdy completion bash) \
+      --fish <($out/bin/logdy completion fish) \
+      --zsh <($out/bin/logdy completion zsh)
+  '';
+
+  checkFlags = [
+    "-skip=^TestClientLoad$" # index out of range
+  ];
+
+  meta = {
+    description = "Web based real-time log viewer";
+    longDescription = ''
+      Web based real-time log viewer.
+      Stream ANY content to a web UI with autogenerated filters.
+      Parse any format with TypeScript
+    '';
+    homepage = "https://github.com/logdyhq/logdy-core";
+    license = lib.licenses.asl20;
+    maintainers = with lib.maintainers; [
+      sigmanificient
+      ByteSudoer
+    ];
+    mainProgram = "logdy";
+  };
+}
diff --git a/pkgs/by-name/md/mdbook-alerts/package.nix b/pkgs/by-name/md/mdbook-alerts/package.nix
index eda9ce5fe974..10f46976dc1a 100644
--- a/pkgs/by-name/md/mdbook-alerts/package.nix
+++ b/pkgs/by-name/md/mdbook-alerts/package.nix
@@ -7,7 +7,7 @@
   CoreServices ? darwin.apple_sdk.frameworks.CoreServices,
 }:
 let
-  version = "0.6.2";
+  version = "0.6.3";
 in
 rustPlatform.buildRustPackage {
   pname = "mdbook-alerts";
@@ -17,10 +17,10 @@ rustPlatform.buildRustPackage {
     owner = "lambdalisue";
     repo = "rs-mdbook-alerts";
     rev = "v${version}";
-    hash = "sha256-wbXBsLOxQPEOzPcTOpG28B8Or74WGiAhgaLwnHAwT0g=";
+    hash = "sha256-MoaV/JRhWKYEzUkzxRTgYjqBw+gb2h+Bjb4mEvWEkp8=";
   };
 
-  cargoHash = "sha256-Q+mq6xu8fK6Jwee3x4hzHmC2zudV9IcGV0JfJRoKNMQ=";
+  cargoHash = "sha256-tHRbeDSK4aULz69jy5MeU4rANVuO2q3GUhDvBA4iQCM=";
 
   buildInputs = lib.optionals stdenv.isDarwin [ CoreServices ];
 
diff --git a/pkgs/by-name/mo/mongodb-ce/package.nix b/pkgs/by-name/mo/mongodb-ce/package.nix
new file mode 100644
index 000000000000..b05a66724479
--- /dev/null
+++ b/pkgs/by-name/mo/mongodb-ce/package.nix
@@ -0,0 +1,131 @@
+{
+  stdenv,
+  lib,
+  fetchurl,
+  autoPatchelfHook,
+  curl,
+  openssl,
+  testers,
+  mongodb-ce,
+  writeShellApplication,
+  jq,
+  nix-update,
+  gitMinimal,
+  pup,
+}:
+
+let
+  version = "7.0.12";
+
+  srcs = version: {
+    "x86_64-linux" = {
+      url = "https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-ubuntu2204-${version}.tgz";
+      hash = "sha256-Kgq66rOBKgNIVw6bvzNrpnGRxyoBCP0AWnfzs9ReVVk=";
+    };
+    "aarch64-linux" = {
+      url = "https://fastdl.mongodb.org/linux/mongodb-linux-aarch64-ubuntu2204-${version}.tgz";
+      hash = "sha256-OLxPpAYFicWrqRJo3cNIG5Y0S6MIMd2vW8bluQkqnyk=";
+    };
+    "x86_64-darwin" = {
+      url = "https://fastdl.mongodb.org/osx/mongodb-macos-x86_64-${version}.tgz";
+      hash = "sha256-sKfg1EpRQ7L2rgJArRHQLrawU8bh42liih5GR2/3jok=";
+    };
+    "aarch64-darwin" = {
+      url = "https://fastdl.mongodb.org/osx/mongodb-macos-arm64-${version}.tgz";
+      hash = "sha256-XkFSuKKxgSRoyzzrPYamE/44FV8ol125nqDOB9EnSMM=";
+    };
+  };
+in
+stdenv.mkDerivation (finalAttrs: {
+  pname = "mongodb-ce";
+  inherit version;
+
+  src = fetchurl (
+    (srcs version).${stdenv.hostPlatform.system}
+      or (throw "unsupported system: ${stdenv.hostPlatform.system}")
+  );
+
+  nativeBuildInputs = [ autoPatchelfHook ];
+
+  buildInputs = [
+    # This is to avoid the following error:
+    # ./result/bin/mongod: /nix/store/y6w7agm3aw5p96q7vsgzivba0dqq3rd0-curl-8.8.0/lib/libcurl.so.4: no version information available (required by ./result/bin/mongod)
+    # When running `mongod --version`
+    # See https://discourse.nixos.org/t/patchelf-and-libcurl-no-version-information-available/24453
+    (curl.overrideAttrs (old: {
+      configureFlags = old.configureFlags ++ [ "--enable-versioned-symbols" ];
+    })).dev
+    openssl.dev
+    stdenv.cc.cc.lib
+  ];
+
+  installPhase = ''
+    runHook preInstall
+
+    install -Dm 755 bin/mongod $out/bin/mongod
+    install -Dm 755 bin/mongos $out/bin/mongos
+
+    runHook postInstall
+  '';
+
+  passthru = {
+
+    updateScript =
+      let
+        script = writeShellApplication {
+          name = "${finalAttrs.pname}-updateScript";
+
+          runtimeInputs = [
+            curl
+            jq
+            nix-update
+            gitMinimal
+            pup
+          ];
+
+          text =
+            ''
+              # Get latest version string from Github
+              NEW_VERSION=$(curl -s "https://api.github.com/repos/mongodb/mongo/tags?per_page=1000" | jq -r 'first(.[] | .name | select(startswith("r7.0")) | select(contains("rc") | not) | .[1:])')
+
+              # Check if the new version is available for download, if not, exit
+              AVAILABLE=$(curl -s https://www.mongodb.com/try/download/community-edition/releases | pup 'h3:not([id]) text{}' | grep "$NEW_VERSION")
+
+              if [[ "${version}" = "$NEW_VERSION" ]]; then
+                  echo "The new version same as the old version."
+                  exit 0
+              fi
+            ''
+            + lib.concatStrings (
+              map (system: ''
+                nix-update --system ${system} --version "$NEW_VERSION" ${finalAttrs.pname}
+              '') finalAttrs.meta.platforms
+            );
+        };
+      in
+      {
+        command = lib.getExe script;
+      };
+
+    tests.version = testers.testVersion {
+      package = mongodb-ce;
+      command = "mongod --version";
+    };
+  };
+
+  meta = {
+    changelog = "https://www.mongodb.com/docs/upcoming/release-notes/7.0/";
+    description = "MongoDB is a general purpose, document-based, distributed database.";
+    homepage = "https://www.mongodb.com/";
+    license = with lib.licenses; [ sspl ];
+    longDescription = ''
+      MongoDB CE (Community Edition) is a general purpose, document-based, distributed database.
+      It is designed to be flexible and easy to use, with the ability to store data of any structure.
+      This pre-compiled binary distribution package provides the MongoDB daemon (mongod) and the MongoDB Shard utility
+      (mongos).
+    '';
+    maintainers = with lib.maintainers; [ drupol ];
+    platforms = lib.attrNames (srcs version);
+    sourceProvenance = with lib.sourceTypes; [ binaryNativeCode ];
+  };
+})
diff --git a/pkgs/by-name/mo/moonlight-qt/package.nix b/pkgs/by-name/mo/moonlight-qt/package.nix
index 2f8749c82ca1..a0ca66b61e64 100644
--- a/pkgs/by-name/mo/moonlight-qt/package.nix
+++ b/pkgs/by-name/mo/moonlight-qt/package.nix
@@ -20,6 +20,7 @@
   libvdpau,
   libxkbcommon,
   wayland,
+  libdrm,
   nix-update-script,
 }:
 
@@ -80,6 +81,7 @@ stdenv'.mkDerivation rec {
       libxkbcommon
       qt6.qtwayland
       wayland
+      libdrm
     ]
     ++ lib.optionals stdenv.isDarwin [
       AVFoundation
diff --git a/pkgs/by-name/my/mycelium/package.nix b/pkgs/by-name/my/mycelium/package.nix
index df96ad255fad..04a1714826bf 100644
--- a/pkgs/by-name/my/mycelium/package.nix
+++ b/pkgs/by-name/my/mycelium/package.nix
@@ -4,6 +4,7 @@
 , stdenv
 , openssl
 , darwin
+, nixosTests
 }:
 
 rustPlatform.buildRustPackage rec {
@@ -37,6 +38,8 @@ rustPlatform.buildRustPackage rec {
     OPENSSL_DIR = "${lib.getDev openssl}";
   };
 
+  passthru.tests = { inherit (nixosTests) mycelium; };
+
   meta = with lib; {
     description = "End-2-end encrypted IPv6 overlay network";
     homepage = "https://github.com/threefoldtech/mycelium";
diff --git a/pkgs/by-name/na/nar-serve/package.nix b/pkgs/by-name/na/nar-serve/package.nix
index 5f1f55198fdf..8bd274af659f 100644
--- a/pkgs/by-name/na/nar-serve/package.nix
+++ b/pkgs/by-name/na/nar-serve/package.nix
@@ -1,6 +1,7 @@
 { buildGoModule
 , fetchFromGitHub
 , lib
+, nixosTests
 }:
 buildGoModule rec {
   pname = "nar-serve";
@@ -17,6 +18,8 @@ buildGoModule rec {
 
   doCheck = false;
 
+  passthru.tests = { inherit (nixosTests) nar-serve; };
+
   meta = with lib; {
     description = "Serve NAR file contents via HTTP";
     mainProgram = "nar-serve";
diff --git a/pkgs/by-name/ne/nexus/package.nix b/pkgs/by-name/ne/nexus/package.nix
index 00e4e7325e04..68822ba5dcb8 100644
--- a/pkgs/by-name/ne/nexus/package.nix
+++ b/pkgs/by-name/ne/nexus/package.nix
@@ -5,6 +5,7 @@
   makeWrapper,
   jre_headless,
   gawk,
+  nixosTests,
 }:
 
 stdenv.mkDerivation rec {
@@ -49,6 +50,10 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) nexus;
+  };
+
   meta = {
     description = "Repository manager for binary software components";
     homepage = "https://www.sonatype.com/products/sonatype-nexus-oss";
diff --git a/pkgs/by-name/no/noto-fonts/package.nix b/pkgs/by-name/no/noto-fonts/package.nix
index f700f8ad121c..b47072549b24 100644
--- a/pkgs/by-name/no/noto-fonts/package.nix
+++ b/pkgs/by-name/no/noto-fonts/package.nix
@@ -2,6 +2,7 @@
 , stdenvNoCC
 , fetchFromGitHub
 , gitUpdater
+, nixosTests
 , variants ? [ ]
 , suffix ? ""
 , longDescription ? ''
@@ -62,6 +63,8 @@ stdenvNoCC.mkDerivation rec {
     rev-prefix = "noto-monthly-release-";
   };
 
+  passthru.tests = { inherit (nixosTests) noto-fonts; };
+
   meta = {
     description = "Beautiful and free fonts for many languages";
     homepage = "https://www.google.com/get/noto/";
diff --git a/pkgs/by-name/np/nph/lock.json b/pkgs/by-name/np/nph/lock.json
new file mode 100644
index 000000000000..28a56c2087d8
--- /dev/null
+++ b/pkgs/by-name/np/nph/lock.json
@@ -0,0 +1,3 @@
+{
+  "depends": []
+}
diff --git a/pkgs/by-name/np/nph/package.nix b/pkgs/by-name/np/nph/package.nix
new file mode 100644
index 000000000000..897b84d7980a
--- /dev/null
+++ b/pkgs/by-name/np/nph/package.nix
@@ -0,0 +1,36 @@
+{
+  lib,
+  buildNimPackage,
+  fetchFromGitHub,
+}:
+
+buildNimPackage (finalAttrs: {
+  pname = "nph";
+  version = "0.6.0";
+
+  src = fetchFromGitHub {
+    owner = "arnetheduck";
+    repo = "nph";
+    rev = "v${finalAttrs.version}";
+    hash = "sha256-9t5VeGsxyytGdu7+Uv/J+x6bmeB5+eQapbyp30iPxqs=";
+  };
+
+  lockFile = ./lock.json;
+
+  checkPhase = ''
+    runHook preCheck
+
+    $out/bin/nph tests/before
+    diff tests/before tests/after -x "*.yaml"
+
+    runHook postCheck
+  '';
+
+  meta = {
+    description = "Opinionated code formatter for Nim";
+    homepage = "https://github.com/arnetheduck/nph";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ sigmanificient ];
+    mainProgram = "nph";
+  };
+})
diff --git a/pkgs/by-name/nz/nzbhydra2/package.nix b/pkgs/by-name/nz/nzbhydra2/package.nix
index 3cbbb76811ac..2e6303c7a31b 100644
--- a/pkgs/by-name/nz/nzbhydra2/package.nix
+++ b/pkgs/by-name/nz/nzbhydra2/package.nix
@@ -6,6 +6,7 @@
   openjdk17,
   python3,
   unzip,
+  nixosTests,
 }:
 stdenv.mkDerivation rec {
   pname = "nzbhydra2";
@@ -37,6 +38,10 @@ stdenv.mkDerivation rec {
     runHook postInstall
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) nzbhydra2;
+  };
+
   meta = {
     description = "Usenet meta search";
     homepage = "https://github.com/theotherp/nzbhydra2";
diff --git a/pkgs/by-name/op/openfga-cli/package.nix b/pkgs/by-name/op/openfga-cli/package.nix
index 4a0ea0be8876..a1ca9738b61b 100644
--- a/pkgs/by-name/op/openfga-cli/package.nix
+++ b/pkgs/by-name/op/openfga-cli/package.nix
@@ -7,7 +7,7 @@
 
 let
   pname = "openfga-cli";
-  version = "0.5.2";
+  version = "0.5.3";
 in
 
 buildGoModule {
@@ -17,10 +17,10 @@ buildGoModule {
     owner = "openfga";
     repo = "cli";
     rev = "v${version}";
-    hash = "sha256-tWGklsAsZ+kBTjpA2by3S0fSpUMNkh9dFKJ7DPzXNRA=";
+    hash = "sha256-74wHhVGhLiuszRZBjxGGk9jfN+D6T1eZg8OFEkE3gPE=";
   };
 
-  vendorHash = "sha256-GDYj4KcRK9/J5BTuUsk4f+qBrkT3ofP141mmKIqZAWA=";
+  vendorHash = "sha256-TDjXy5zR5LJWVmIfAolHgzM7JElgyksHbv0NAS97QnU=";
 
   nativeBuildInputs = [ installShellFiles ];
 
diff --git a/pkgs/by-name/po/polybar/package.nix b/pkgs/by-name/po/polybar/package.nix
index 7771eec81d2b..520b7753d3f0 100644
--- a/pkgs/by-name/po/polybar/package.nix
+++ b/pkgs/by-name/po/polybar/package.nix
@@ -42,13 +42,13 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "polybar";
-  version = "3.7.1";
+  version = "3.7.2";
 
   src = fetchFromGitHub {
     owner = "polybar";
     repo = "polybar";
     rev = finalAttrs.version;
-    hash = "sha256-DX648jY1vewl3ImK84gF6/vtcSCg3wtgq6Ie3fCwZoA=";
+    hash = "sha256-5PYKl6Hi4EYEmUBwkV0rLiwxNqIyR5jwm495YnNs0gI=";
     fetchSubmodules = true;
   };
 
diff --git a/pkgs/by-name/pr/private-gpt/package.nix b/pkgs/by-name/pr/private-gpt/package.nix
index 1b717cc2bfb8..4912c42212c8 100644
--- a/pkgs/by-name/pr/private-gpt/package.nix
+++ b/pkgs/by-name/pr/private-gpt/package.nix
@@ -5,8 +5,10 @@
 python3Packages.toPythonApplication (python3Packages.private-gpt.overrideAttrs (oldAttrs: {
   nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ makeBinaryWrapper ];
 
-  passthru.cl100k_base = {
-    inherit (python3Packages.private-gpt.cl100k_base) tiktoken;
+  passthru = (oldAttrs.passthru or {}) // {
+    cl100k_base = {
+      inherit (python3Packages.private-gpt.cl100k_base) tiktoken;
+    };
   };
 
   postInstall = ''
diff --git a/pkgs/by-name/pr/prometheus-restic-exporter/package.nix b/pkgs/by-name/pr/prometheus-restic-exporter/package.nix
index 603650a66ab6..d2dc4875282f 100644
--- a/pkgs/by-name/pr/prometheus-restic-exporter/package.nix
+++ b/pkgs/by-name/pr/prometheus-restic-exporter/package.nix
@@ -8,13 +8,13 @@
 
 stdenvNoCC.mkDerivation rec {
   pname = "prometheus-restic-exporter";
-  version = "1.5.0";
+  version = "1.6.0";
 
   src = fetchFromGitHub {
     owner = "ngosang";
     repo = "restic-exporter";
     rev = version;
-    hash = "sha256-SC2ZCIQ33RaFI9+l/WI6edNzGEtsxJ2bBdeGNMHuyqY=";
+    hash = "sha256-gXiEts0EY9H01+rs+2o+cbVENotM33uhcQiGDtroSU4=";
   };
 
   buildInputs = [
diff --git a/pkgs/by-name/ra/railway/package.nix b/pkgs/by-name/ra/railway/package.nix
index d564fe1ecf81..b6daf9f26949 100644
--- a/pkgs/by-name/ra/railway/package.nix
+++ b/pkgs/by-name/ra/railway/package.nix
@@ -12,16 +12,16 @@ let
 in
 rustPlatform.buildRustPackage rec {
   pname = "railway";
-  version = "3.11.4";
+  version = "3.12.2";
 
   src = fetchFromGitHub {
     owner = "railwayapp";
     repo = "cli";
     rev = "v${version}";
-    hash = "sha256-b9koWJunBlbg92/n5Wdvri7TAn9sbscLXasX+isXMHA=";
+    hash = "sha256-G3sdwQ5SqCA5jEDMny7a446wSMrPmgs4q5u1mcNY7SU=";
   };
 
-  cargoHash = "sha256-1N/5HNDN45Y+GSsrxMhVJAGbLUyLjDZaVNHS77x1SKw=";
+  cargoHash = "sha256-zyMXx1CITE0y7RyRirT3o5F8U/9ReXwlGr2nrobwmYI=";
 
   nativeBuildInputs = [ pkg-config ];
 
diff --git a/pkgs/by-name/rs/rspamd-trainer/package.nix b/pkgs/by-name/rs/rspamd-trainer/package.nix
index 56e6f9e9ce8e..e00bddcbfbce 100644
--- a/pkgs/by-name/rs/rspamd-trainer/package.nix
+++ b/pkgs/by-name/rs/rspamd-trainer/package.nix
@@ -4,6 +4,7 @@
 , fetchFromGitLab
 , fetchpatch
 , rspamd
+, nixosTests
 }:
 
 python3Packages.buildPythonApplication {
@@ -48,6 +49,8 @@ python3Packages.buildPythonApplication {
     imapclient
   ];
 
+  passthru.tests = { inherit (nixosTests) rspamd-trainer; };
+
   meta = {
     homepage = "https://gitlab.com/onlime/rspamd-trainer";
     description = "Grabs messages from a spam mailbox via IMAP and feeds them to Rspamd for training";
diff --git a/pkgs/by-name/ta/tana/package.nix b/pkgs/by-name/ta/tana/package.nix
index d464b55c2a92..d9e37f2b8711 100644
--- a/pkgs/by-name/ta/tana/package.nix
+++ b/pkgs/by-name/ta/tana/package.nix
@@ -55,7 +55,7 @@ let
   ];
   buildInputs = glLibs ++ libs;
   runpathPackages = glLibs ++ [ stdenv.cc.cc stdenv.cc.libc ];
-  version = "1.0.15";
+  version = "1.0.16";
 in
 stdenv.mkDerivation {
   pname = "tana";
@@ -63,7 +63,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "https://github.com/tanainc/tana-desktop-releases/releases/download/v${version}/tana_${version}_amd64.deb";
-    hash = "sha256-94AyAwNFN5FCol97US1Pv8IN1+WMRA3St9kL2w+9FJU=";
+    hash = "sha256-XLjzvMai5HyxEGK02DfBAKy5jva9wEGcf5A/38jzu+s=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/by-name/te/telescope/package.nix b/pkgs/by-name/te/telescope/package.nix
index 8198bd4750f7..1a4db30c9058 100644
--- a/pkgs/by-name/te/telescope/package.nix
+++ b/pkgs/by-name/te/telescope/package.nix
@@ -14,13 +14,13 @@
 
 stdenv.mkDerivation rec {
   pname = "telescope";
-  version = "0.10";
+  version = "0.10.1";
 
   src = fetchFromGitHub {
     owner = "omar-polo";
     repo = pname;
     rev = version;
-    hash = "sha256-hkXXM/I7sNFomWamT0q1JH62arX1hFbt68Axcijadug=";
+    hash = "sha256-MVZ/pvDAETacQiEMEXM0gYM20LXqNiHtMfFGqS1vipY=";
   };
 
   postPatch = ''
diff --git a/pkgs/by-name/ui/uiua/package.nix b/pkgs/by-name/ui/uiua/package.nix
index d2552459474f..20f50b0957a1 100644
--- a/pkgs/by-name/ui/uiua/package.nix
+++ b/pkgs/by-name/ui/uiua/package.nix
@@ -18,16 +18,16 @@ let
 in
 rustPlatform.buildRustPackage rec {
   pname = "uiua";
-  version = "0.11.1";
+  version = "0.12.2";
 
   src = fetchFromGitHub {
     owner = "uiua-lang";
     repo = "uiua";
     rev = version;
-    hash = "sha256-bK5Z6aoyZti46GLulpdxGPxHM+EfEVQgeAUY6fRc7YY=";
+    hash = "sha256-w/eB9EN3IrEDdwbMqj2w5YAZK/BImA/Xq2k9oRng7Zk=";
   };
 
-  cargoHash = "sha256-iq5V+FGOcK2opmA4ot0KF9ZToYWC82gRsRyVqftuFPA=";
+  cargoHash = "sha256-/DO/jkYaInoO0nMfflDuu7E08gk9D89m9ubeubHdvd8=";
 
   nativeBuildInputs =
     lib.optionals stdenv.isDarwin [ rustPlatform.bindgenHook ]
diff --git a/pkgs/by-name/ve/veloren/Cargo.lock b/pkgs/by-name/ve/veloren/Cargo.lock
index 6f90da6983ad..f9c58f456565 100644
--- a/pkgs/by-name/ve/veloren/Cargo.lock
+++ b/pkgs/by-name/ve/veloren/Cargo.lock
@@ -6336,9 +6336,9 @@ dependencies = [
 
 [[package]]
 name = "time"
-version = "0.3.34"
+version = "0.3.35"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8248b6521bb14bc45b4067159b9b6ad792e2d6d754d6c41fb50e29fefe38749"
+checksum = "ef89ece63debf11bc32d1ed8d078ac870cbeb44da02afb02a9ff135ae7ca0582"
 dependencies = [
  "deranged",
  "itoa",
@@ -6357,9 +6357,9 @@ checksum = "ef927ca75afb808a4d64dd374f00a2adf8d0fcff8e7b184af886c3c87ec4a3f3"
 
 [[package]]
 name = "time-macros"
-version = "0.2.17"
+version = "0.2.18"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7ba3a3ef41e6672a2f0f001392bb5dcd3ff0a9992d618ca761a11c3121547774"
+checksum = "3f252a68540fde3a3877aeea552b832b40ab9a69e318efd078774a01ddee1ccf"
 dependencies = [
  "num-conv",
  "time-core",
diff --git a/pkgs/by-name/ve/veloren/package.nix b/pkgs/by-name/ve/veloren/package.nix
index fd2ffc686c51..fff47f2583fa 100644
--- a/pkgs/by-name/ve/veloren/package.nix
+++ b/pkgs/by-name/ve/veloren/package.nix
@@ -50,6 +50,9 @@ rustPlatform.buildRustPackage {
   ];
 
   postPatch = ''
+    # Use our Cargo.lock
+    cp ${./Cargo.lock} Cargo.lock
+
     # Force vek to build in unstable mode
     cat <<'EOF' | tee "$cargoDepsCopy"/vek-*/build.rs
     fn main() {
diff --git a/pkgs/by-name/wa/wastebin/package.nix b/pkgs/by-name/wa/wastebin/package.nix
index 5fcbcfa64259..53f58c5caf39 100644
--- a/pkgs/by-name/wa/wastebin/package.nix
+++ b/pkgs/by-name/wa/wastebin/package.nix
@@ -6,6 +6,7 @@
 , zstd
 , stdenv
 , darwin
+, nixosTests
 }:
 
 rustPlatform.buildRustPackage rec {
@@ -36,6 +37,10 @@ rustPlatform.buildRustPackage rec {
     ZSTD_SYS_USE_PKG_CONFIG = true;
   };
 
+  passthru.tests = {
+    inherit (nixosTests) wastebin;
+  };
+
   meta = with lib; {
     description = "Wastebin is a pastebin";
     homepage = "https://github.com/matze/wastebin";
diff --git a/pkgs/by-name/wa/watchdogd/package.nix b/pkgs/by-name/wa/watchdogd/package.nix
index 34567dbe566d..4781257c88f9 100644
--- a/pkgs/by-name/wa/watchdogd/package.nix
+++ b/pkgs/by-name/wa/watchdogd/package.nix
@@ -6,6 +6,7 @@
 , libite
 , libuev
 , libconfuse
+, nixosTests
 }:
 stdenv.mkDerivation rec {
   pname = "watchdogd";
@@ -21,6 +22,8 @@ stdenv.mkDerivation rec {
   nativeBuildInputs = [ pkg-config autoreconfHook ];
   buildInputs = [ libite libuev libconfuse ];
 
+  passthru.tests = { inherit (nixosTests) watchdogd; };
+
   meta = with lib; {
     description = "Advanced system & process supervisor for Linux";
     homepage = "https://troglobit.com/watchdogd.html";
diff --git a/pkgs/by-name/wo/workout-tracker/package.nix b/pkgs/by-name/wo/workout-tracker/package.nix
index 349048008769..533f85a3f4a3 100644
--- a/pkgs/by-name/wo/workout-tracker/package.nix
+++ b/pkgs/by-name/wo/workout-tracker/package.nix
@@ -3,6 +3,7 @@
   buildGoModule,
   fetchFromGitHub,
   nix-update-script,
+  nixosTests,
   ...
 }:
 
@@ -21,6 +22,10 @@ buildGoModule rec {
 
   passthru.updateScript = nix-update-script { };
 
+  passthru.tests = {
+    inherit (nixosTests) workout-tracker;
+  };
+
   meta = {
     changelog = "https://github.com/jovandeginste/workout-tracker/releases/tag/v${version}";
     description = "Workout tracking web application for personal use";
diff --git a/pkgs/by-name/ya/yandex-cloud/sources.json b/pkgs/by-name/ya/yandex-cloud/sources.json
index a111fdf22649..04ba451895c8 100644
--- a/pkgs/by-name/ya/yandex-cloud/sources.json
+++ b/pkgs/by-name/ya/yandex-cloud/sources.json
@@ -1,25 +1,25 @@
 {
-  "version": "0.130.0",
+  "version": "0.131.0",
   "binaries": {
     "aarch64-darwin": {
-      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.130.0/darwin/arm64/yc",
-      "hash": "sha256-nvEu2aV9ykG9j6p9+kW4bBGOoj5FzJD8eU1M9dFXF5I="
+      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.131.0/darwin/arm64/yc",
+      "hash": "sha256-qbixNy5zjnJRuKtqamCWD7L7SS637sFSkpM24Olle2w="
     },
     "aarch64-linux": {
-      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.130.0/linux/arm64/yc",
-      "hash": "sha256-qZajFYaDVV+XcxC28MoRtIPaCm2He58p+yRMOrFhQU4="
+      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.131.0/linux/arm64/yc",
+      "hash": "sha256-xW8lh/7L+rp7lBZS2EZGvop1r6Wy75W08Z3tpRJ6K80="
     },
     "i686-linux": {
-      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.130.0/linux/386/yc",
-      "hash": "sha256-RhDZ2VnmO+GrKQ0SIFwyCqPxnfUc5VoGlgg8uJncERY="
+      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.131.0/linux/386/yc",
+      "hash": "sha256-h4nO+qokC7yxgFWG/51NRqio0nVlc7y6O0NmpAK5hyE="
     },
     "x86_64-darwin": {
-      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.130.0/darwin/amd64/yc",
-      "hash": "sha256-hGdInZAo+LH6qzoQXDmfSzVb1SdN565XuRGByzJrrfI="
+      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.131.0/darwin/amd64/yc",
+      "hash": "sha256-DFF7XmC/YWxWjDdXpCkeMk7bVUYXSk8ncZF3T3Nf47w="
     },
     "x86_64-linux": {
-      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.130.0/linux/amd64/yc",
-      "hash": "sha256-0NwGi46WtOV/2oJJPiXIj0+39dKno2LlsVuWEFVycTI="
+      "url": "https://storage.yandexcloud.net/yandexcloud-yc/release/0.131.0/linux/amd64/yc",
+      "hash": "sha256-ZVsMrlCN4nV4LsgLtHvwOMUUKkNdZ654rjM6ixcS94o="
     }
   }
 }
diff --git a/pkgs/by-name/yo/your_spotify/package.nix b/pkgs/by-name/yo/your_spotify/package.nix
index 738d1aefa248..77864788fa19 100644
--- a/pkgs/by-name/yo/your_spotify/package.nix
+++ b/pkgs/by-name/yo/your_spotify/package.nix
@@ -8,6 +8,7 @@
   nodejs,
   makeWrapper,
   callPackage,
+  nixosTests,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -63,6 +64,9 @@ stdenv.mkDerivation (finalAttrs: {
     client = callPackage ./client.nix {
       inherit (finalAttrs) src version offlineCache meta;
     };
+    tests = {
+      inherit (nixosTests) your_spotify;
+    };
   };
 
   meta = {
diff --git a/pkgs/data/fonts/monocraft/default.nix b/pkgs/data/fonts/monocraft/default.nix
index 88680682a7c9..fe3778e6b053 100644
--- a/pkgs/data/fonts/monocraft/default.nix
+++ b/pkgs/data/fonts/monocraft/default.nix
@@ -1,7 +1,7 @@
 { stdenvNoCC, lib, fetchurl }:
 
 let
-  version = "3.0";
+  version = "4.0";
   relArtifact = name: hash: fetchurl {
     inherit name hash;
     url = "https://github.com/IdreesInc/Monocraft/releases/download/v${version}/${name}";
@@ -12,10 +12,9 @@ stdenvNoCC.mkDerivation {
   inherit version;
 
   srcs = [
-    (relArtifact "Monocraft.otf" "sha256-PA1W+gOUStGw7cDmtEbG+B6M+sAYr8cft+Ckxj5LciU=")
-    (relArtifact "Monocraft.ttf" "sha256-S4j5v2bTJbhujT3Bt8daNN1YGYYP8zVPf9XXjuR64+o=")
-    (relArtifact "Monocraft-no-ligatures.ttf" "sha256-MuHfoP+dsXe+ODN4vWFIj50jwOxYyIiS0dd1tzVxHts=")
-    (relArtifact "Monocraft-nerd-fonts-patched.ttf" "sha256-QxMp8UwcRjWySNHWoNeX2sX9teZ4+tCFj+DG41azsXw=")
+    (relArtifact "Monocraft.ttc" "sha256-SBzl/X2PQOq1cY4dlqO89BDwCrP+/LYwZ9X24p2LDCs=")
+    (relArtifact "Monocraft-no-ligatures.ttc" "sha256-jFZ5Fr/cBwGVsdy7lPqLiLlKtzjF5OIWVkwZI6gR3W4=")
+    (relArtifact "Monocraft-nerd-fonts-patched.ttc" "sha256-lYAb8hgmv4VyrzeHr4LnfuSN9L+4fpDEMX/P++fq8Dc=")
   ];
 
   dontUnpack = true;
@@ -24,8 +23,10 @@ stdenvNoCC.mkDerivation {
 
   installPhase = ''
     runHook preInstall
-    find $srcs -name '*.otf' -exec install -Dm644 --target $out/share/fonts/opentype {} +
-    find $srcs -name '*.ttf' -exec install -Dm644 --target $out/share/fonts/truetype {} +
+    for src in "''${srcs[@]}"
+    do
+      install -Dm644 --target $out/share/fonts/truetype $src
+    done
     runHook postInstall
   '';
 
diff --git a/pkgs/desktops/gnome/misc/gnome-flashback/default.nix b/pkgs/desktops/gnome/misc/gnome-flashback/default.nix
index f54860ba19ad..770d389d77d1 100644
--- a/pkgs/desktops/gnome/misc/gnome-flashback/default.nix
+++ b/pkgs/desktops/gnome/misc/gnome-flashback/default.nix
@@ -26,6 +26,7 @@
 , writeTextFile
 , xkeyboard_config
 , xorg
+, nixosTests
 , runCommand
 , buildEnv
 }:
@@ -180,6 +181,8 @@ let
           cp -r "${gnome-flashback}/lib/systemd/user/gnome-session@gnome-flashback-metacity.target.d" \
             "$out/lib/systemd/user/gnome-session@gnome-flashback-${wmName}.target.d"
         '';
+
+      tests = { inherit (nixosTests) gnome-flashback; };
     };
 
     meta = with lib; {
diff --git a/pkgs/development/compilers/scryer-prolog/default.nix b/pkgs/development/compilers/scryer-prolog/default.nix
index 7a63db530f96..245d48d1a595 100644
--- a/pkgs/development/compilers/scryer-prolog/default.nix
+++ b/pkgs/development/compilers/scryer-prolog/default.nix
@@ -3,9 +3,6 @@
 , fetchFromGitHub
 , pkg-config
 , openssl
-, gmp
-, libmpc
-, mpfr
 , stdenv
 , darwin
 }:
@@ -25,7 +22,7 @@ rustPlatform.buildRustPackage rec {
 
   nativeBuildInputs = [ pkg-config ];
 
-  buildInputs = [ openssl gmp libmpc mpfr ]
+  buildInputs = [ openssl ]
                 ++ lib.optionals stdenv.isDarwin [
                   darwin.apple_sdk.frameworks.SystemConfiguration
                 ];
diff --git a/pkgs/development/libraries/dconf/default.nix b/pkgs/development/libraries/dconf/default.nix
index ab3804dfcf3b..0dddcb5d6482 100644
--- a/pkgs/development/libraries/dconf/default.nix
+++ b/pkgs/development/libraries/dconf/default.nix
@@ -14,6 +14,7 @@
 , gtk-doc
 , docbook-xsl-nons
 , docbook_xml_dtd_42
+, nixosTests
 , withDocs ? true
 }:
 
@@ -73,6 +74,7 @@ stdenv.mkDerivation rec {
       packageName = pname;
       versionPolicy = "odd-unstable";
     };
+    tests = { inherit (nixosTests) dconf; };
   };
 
   meta = with lib; {
diff --git a/pkgs/development/libraries/libmrss/default.nix b/pkgs/development/libraries/libmrss/default.nix
deleted file mode 100644
index daa66847b408..000000000000
--- a/pkgs/development/libraries/libmrss/default.nix
+++ /dev/null
@@ -1,23 +0,0 @@
-{lib, stdenv, fetchurl, curl, libnxml, pkg-config}:
-
-stdenv.mkDerivation rec {
-  pname = "libmrss";
-  version = "0.19.2";
-
-  src = fetchurl {
-    url = "https://www.autistici.org/bakunin/libmrss/libmrss-${version}.tar.gz";
-    sha256 = "02r1bgj8qlkn63xqfi5yq8y7wrilxcnkycaag8qskhg5ranic507";
-  };
-
-  nativeBuildInputs = [ pkg-config ];
-  propagatedBuildInputs = [ curl libnxml ];
-
-  meta = {
-    homepage = "http://www.autistici.org/bakunin/libmrss/doc";
-    description = "C library for parsing, writing and creating RSS/ATOM files or streams";
-    license = lib.licenses.lgpl2;
-
-    platforms = lib.platforms.all;
-    maintainers = [ ];
-  };
-}
diff --git a/pkgs/development/libraries/libnxml/default.nix b/pkgs/development/libraries/libnxml/default.nix
deleted file mode 100644
index 69ff6a6ebdc5..000000000000
--- a/pkgs/development/libraries/libnxml/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{lib, stdenv, fetchurl, curl}:
-
-stdenv.mkDerivation rec {
-  pname = "libnxml";
-  version = "0.18.3";
-
-  src = fetchurl {
-    url = "https://www.autistici.org/bakunin/libnxml/libnxml-${version}.tar.gz";
-    sha256 = "0ix5b9bxd7r517vhgcxwdviq4m0g0pq46s5g3h04gcqnpbin150g";
-  };
-
-  buildInputs = [ curl ];
-
-  meta = {
-    homepage = "https://www.autistici.org/bakunin/libnxml/";
-    description = "C library for parsing, writing and creating XML 1.0 and 1.1 files or streams";
-    license = lib.licenses.lgpl2;
-
-    platforms = lib.platforms.all;
-    maintainers = [ ];
-  };
-}
diff --git a/pkgs/development/libraries/libpsl/default.nix b/pkgs/development/libraries/libpsl/default.nix
index d05481a1dc2b..f1b2fbbab4fb 100644
--- a/pkgs/development/libraries/libpsl/default.nix
+++ b/pkgs/development/libraries/libpsl/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
   };
 
   # bin/psl-make-dafsa brings a large runtime closure through python3
-  outputs = [ "bin" "out" "dev" ];
+  outputs = lib.optional (!stdenv.hostPlatform.isStatic) "bin" ++ [ "out" "dev" ];
 
   nativeBuildInputs = [
     autoreconfHook
@@ -40,14 +40,13 @@ stdenv.mkDerivation rec {
     libidn2
     libunistring
     libxslt
-    python3
-  ];
+  ] ++ lib.optional (!stdenv.hostPlatform.isStatic) python3;
 
   propagatedBuildInputs = [
     publicsuffix-list
   ];
 
-  postPatch = ''
+  postPatch = lib.optionalString (!stdenv.hostPlatform.isStatic) ''
     patchShebangs src/psl-make-dafsa
   '';
 
diff --git a/pkgs/development/libraries/rapidyaml/default.nix b/pkgs/development/libraries/rapidyaml/default.nix
index 0ba51a86893a..0ab61d3e7178 100644
--- a/pkgs/development/libraries/rapidyaml/default.nix
+++ b/pkgs/development/libraries/rapidyaml/default.nix
@@ -7,14 +7,14 @@
 
 stdenv.mkDerivation rec {
   pname = "rapidyaml";
-  version = "0.7.0";
+  version = "0.7.1";
 
   src = fetchFromGitHub {
     owner = "biojppm";
     repo = pname;
     fetchSubmodules = true;
     rev = "v${version}";
-    hash = "sha256-VpREG75d+Rmfu8B2VTWueJtfEZwKxGUFb8E3OwVy1L4=";
+    hash = "sha256-NUPx/1DkhSeCTt3Y5WpsN3wX7pMNOeku7eHdmFv/OWw=";
   };
 
   nativeBuildInputs = [ cmake git ];
diff --git a/pkgs/development/libraries/tdlib/default.nix b/pkgs/development/libraries/tdlib/default.nix
index 3b341cb2eae0..d02bd3b81011 100644
--- a/pkgs/development/libraries/tdlib/default.nix
+++ b/pkgs/development/libraries/tdlib/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation {
   pname = "tdlib";
-  version = "1.8.34";
+  version = "1.8.35";
 
   src = fetchFromGitHub {
     owner = "tdlib";
@@ -11,8 +11,8 @@ stdenv.mkDerivation {
     # The tdlib authors do not set tags for minor versions, but
     # external programs depending on tdlib constrain the minor
     # version, hence we set a specific commit with a known version.
-    rev = "1fa2a372a88c26369dcac2ce476166531df74a77";
-    hash = "sha256-7I2hm3KFtiJwz1tOxh+kSPItFnUcE4ALT865wAyASCA=";
+    rev = "8d08b34e22a08e58db8341839c4e18ee06c516c5";
+    hash = "sha256-RxFiOp3QDpLeikPqd8vstvhdglFLtOmwpcfGvvdgI5Y=";
   };
 
   buildInputs = [ gperf openssl readline zlib ];
diff --git a/pkgs/development/mobile/webos/novacomd.nix b/pkgs/development/mobile/webos/novacomd.nix
index 390b201d93c6..7095dbaf9dfa 100644
--- a/pkgs/development/mobile/webos/novacomd.nix
+++ b/pkgs/development/mobile/webos/novacomd.nix
@@ -1,6 +1,7 @@
 { lib, stdenv,
 fetchFromGitHub, fetchpatch,
 webos, cmake, pkg-config,
+nixosTests,
 libusb-compat-0_1 }:
 
 stdenv.mkDerivation rec {
@@ -36,6 +37,8 @@ stdenv.mkDerivation rec {
 
   cmakeFlags = [ "-DWEBOS_TARGET_MACHINE_IMPL=host" ];
 
+  passthru.tests = { inherit (nixosTests) novacomd; };
+
   meta = with lib; {
     description = "Daemon for communicating with WebOS devices";
     mainProgram = "novacomd";
diff --git a/pkgs/development/python-modules/captcha/default.nix b/pkgs/development/python-modules/captcha/default.nix
index fae80969824c..b7d7e55ad4e2 100644
--- a/pkgs/development/python-modules/captcha/default.nix
+++ b/pkgs/development/python-modules/captcha/default.nix
@@ -5,24 +5,26 @@
   buildPythonPackage,
   pillow,
   pytestCheckHook,
+  setuptools,
 }:
 
 buildPythonPackage rec {
   pname = "captcha";
-  version = "0.5.0";
+  version = "0.6.0";
+  pyproject = true;
 
   disabled = pythonOlder "3.8";
 
-  format = "setuptools";
-
   src = fetchFromGitHub {
     owner = "lepture";
-    repo = pname;
-    rev = "v${version}";
-    hash = "sha256-TPPuf0BRZPSHPSF0HuGxhjhoSyZQ7r86kSjkrztgZ5w=";
+    repo = "captcha";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-5d5gts+BXS5OKVziR9cLczsD2QMXZ/n31sPEq+gPlxk=";
   };
 
-  propagatedBuildInputs = [ pillow ];
+  dependencies = [ pillow ];
+
+  nativeBuildInputs = [ setuptools ];
 
   pythonImportsCheck = [ "captcha" ];
 
diff --git a/pkgs/development/python-modules/carbon/default.nix b/pkgs/development/python-modules/carbon/default.nix
index 3cfbf3c213f9..74440cc504de 100644
--- a/pkgs/development/python-modules/carbon/default.nix
+++ b/pkgs/development/python-modules/carbon/default.nix
@@ -7,6 +7,7 @@
   txamqp,
   cachetools,
   urllib3,
+  nixosTests,
 }:
 
 buildPythonPackage rec {
@@ -31,6 +32,10 @@ buildPythonPackage rec {
     urllib3
   ];
 
+  passthru.tests = {
+    inherit (nixosTests) graphite;
+  };
+
   meta = with lib; {
     homepage = "http://graphiteapp.org/";
     description = "Backend data caching and persistence daemon for Graphite";
diff --git a/pkgs/development/python-modules/doorbirdpy/default.nix b/pkgs/development/python-modules/doorbirdpy/default.nix
index 49884c421b7b..acb4fab9c31b 100644
--- a/pkgs/development/python-modules/doorbirdpy/default.nix
+++ b/pkgs/development/python-modules/doorbirdpy/default.nix
@@ -2,7 +2,6 @@
   lib,
   buildPythonPackage,
   fetchFromGitLab,
-  fetchpatch2,
   setuptools,
   aiohttp,
   aioresponses,
@@ -12,25 +11,16 @@
 
 buildPythonPackage rec {
   pname = "doorbirdpy";
-  version = "3.0.2";
+  version = "3.0.3";
   pyproject = true;
 
   src = fetchFromGitLab {
     owner = "klikini";
     repo = "doorbirdpy";
     rev = "refs/tags/${version}";
-    hash = "sha256-6B4EMK41vEpmLoQLD+XN9yStLdxyHHk/Mym9J0o7Qvc=";
+    hash = "sha256-0UvzMFYKM/Sb9B2XwZwl+a9v7lTxAc1H59vR88VwDww=";
   };
 
-  patches = [
-    # https://gitlab.com/klikini/doorbirdpy/-/merge_requests/15
-    (fetchpatch2 {
-      name = "aiohttp-3.10-compat.patch";
-      url = "https://gitlab.com/klikini/doorbirdpy/-/commit/91f417433be36a0c9d2baaf0d6ff1a45042f94eb.patch";
-      hash = "sha256-b/ORH6ygkiBreWYTH7rP8b68HlFUEyLQCzVo1KLffPQ=";
-    })
-  ];
-
   build-system = [ setuptools ];
 
   dependencies = [ aiohttp ];
diff --git a/pkgs/development/python-modules/etebase/default.nix b/pkgs/development/python-modules/etebase/default.nix
index ffdad6347628..18d5488bee36 100644
--- a/pkgs/development/python-modules/etebase/default.nix
+++ b/pkgs/development/python-modules/etebase/default.nix
@@ -13,6 +13,7 @@
   Security,
   msgpack,
   fetchpatch,
+  nixosTests,
 }:
 
 buildPythonPackage rec {
@@ -70,6 +71,10 @@ buildPythonPackage rec {
 
   pythonImportsCheck = [ "etebase" ];
 
+  passthru.tests = {
+    inherit (nixosTests) etebase-server;
+  };
+
   meta = with lib; {
     broken = stdenv.isDarwin;
     homepage = "https://www.etebase.com/";
diff --git a/pkgs/development/python-modules/geoparquet/default.nix b/pkgs/development/python-modules/geoparquet/default.nix
new file mode 100644
index 000000000000..ce50e2484c2d
--- /dev/null
+++ b/pkgs/development/python-modules/geoparquet/default.nix
@@ -0,0 +1,47 @@
+{
+  lib,
+  buildPythonPackage,
+  fetchFromGitHub,
+  setuptools,
+  pandas,
+  pyarrow,
+  pyproj,
+  shapely,
+  geopandas,
+  pytestCheckHook,
+}:
+
+buildPythonPackage {
+  pname = "geoparquet";
+  version = "0.7.5";
+  pyproject = true;
+
+  src = fetchFromGitHub {
+    owner = "darcy-r";
+    repo = "geoparquet-python";
+    rev = "b09b12dd0ebc34d73f082c3d97ccb69a889167e3";
+    hash = "sha256-WGZfDQh7Abh83n8jsCGr41IlKKq7QVDlauuWi20llh8=";
+  };
+
+  build-system = [ setuptools ];
+
+  dependencies = [
+    pandas
+    pyarrow
+    pyproj
+    shapely
+    geopandas
+  ];
+
+  nativeCheckInputs = [ pytestCheckHook ];
+  pythonImportCheck = "geoparquet";
+
+  doCheck = false; # no tests
+
+  meta = {
+    description = "API between Parquet files and GeoDataFrames for fast input/output of GIS data";
+    homepage = "https://github.com/darcy-r/geoparquet-python";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; [ sigmanificient ];
+  };
+}
diff --git a/pkgs/development/python-modules/graphite-web/default.nix b/pkgs/development/python-modules/graphite-web/default.nix
index 2a861bd8d339..cda30828836d 100644
--- a/pkgs/development/python-modules/graphite-web/default.nix
+++ b/pkgs/development/python-modules/graphite-web/default.nix
@@ -17,6 +17,7 @@
   txamqp,
   urllib3,
   whisper,
+  nixosTests,
 }:
 
 buildPythonPackage rec {
@@ -94,6 +95,10 @@ buildPythonPackage rec {
 
   pythonImportsCheck = [ "graphite" ];
 
+  passthru.tests = {
+    inherit (nixosTests) graphite;
+  };
+
   meta = with lib; {
     description = "Enterprise scalable realtime graphing";
     homepage = "http://graphiteapp.org/";
diff --git a/pkgs/development/python-modules/jupyterhub/default.nix b/pkgs/development/python-modules/jupyterhub/default.nix
index 543564b606ea..38a2fc97a662 100644
--- a/pkgs/development/python-modules/jupyterhub/default.nix
+++ b/pkgs/development/python-modules/jupyterhub/default.nix
@@ -42,7 +42,7 @@
 
 buildPythonPackage rec {
   pname = "jupyterhub";
-  version = "5.0.0";
+  version = "5.1.0";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -51,12 +51,12 @@ buildPythonPackage rec {
     owner = "jupyterhub";
     repo = "jupyterhub";
     rev = "refs/tags/${version}";
-    hash = "sha256-YGDbyWe3JSXbluOX6qyLqzl92Z/f5sD/5TPc2LR7W80=";
+    hash = "sha256-3L83FLhLCdTgOuFRgRMbz316cYbai0Z+hJwxXUCYB2Y=";
   };
 
   npmDeps = fetchNpmDeps {
     inherit src;
-    hash = "sha256-7G/Y2yaMi9cyf20/o8rLXKIE6SdZ74HSWJ3Wfypl4Cc=";
+    hash = "sha256-b7j6iGYXrwco4YruqRPEEi4yWRF6otTUD2jKCEPcLTE=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/langfuse/default.nix b/pkgs/development/python-modules/langfuse/default.nix
index 05b65c0cd137..c5d40d514835 100644
--- a/pkgs/development/python-modules/langfuse/default.nix
+++ b/pkgs/development/python-modules/langfuse/default.nix
@@ -2,6 +2,7 @@
   lib,
   buildPythonPackage,
   fetchFromGitHub,
+  anyio,
   backoff,
   httpx,
   idna,
@@ -16,22 +17,22 @@
 
 buildPythonPackage rec {
   pname = "langfuse";
-  version = "2.36.2";
+  version = "2.43.3";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "langfuse";
     repo = "langfuse-python";
     rev = "refs/tags/v${version}";
-    hash = "sha256-7snmEjRRciYaxUm0wUwQn5HKTvQOPVH5rXVUGZ+BXgk=";
+    hash = "sha256-pS3JF+9AfPkK3EmQOipVs5SJs0fWsZhudg4uNPH+6p8=";
   };
 
   build-system = [ poetry-core ];
 
-
   pythonRelaxDeps = [ "packaging" ];
 
   dependencies = [
+    anyio
     backoff
     httpx
     idna
diff --git a/pkgs/development/python-modules/magic-wormhole-mailbox-server/default.nix b/pkgs/development/python-modules/magic-wormhole-mailbox-server/default.nix
index f43cf4c4afee..55bc5da3fd35 100644
--- a/pkgs/development/python-modules/magic-wormhole-mailbox-server/default.nix
+++ b/pkgs/development/python-modules/magic-wormhole-mailbox-server/default.nix
@@ -11,6 +11,7 @@
   autobahn,
   treq,
   mock,
+  nixosTests,
   pythonOlder,
   pythonAtLeast,
   pytestCheckHook,
@@ -58,6 +59,10 @@ buildPythonPackage rec {
     "src/wormhole_mailbox_server/test/test_web.py"
   ];
 
+  passthru.tests = {
+    inherit (nixosTests) magic-wormhole-mailbox-server;
+  };
+
   meta = {
     description = "Securely transfer data between computers";
     homepage = "https://github.com/magic-wormhole/magic-wormhole-mailbox-server";
diff --git a/pkgs/development/python-modules/molecule/default.nix b/pkgs/development/python-modules/molecule/default.nix
index 67100465874e..834b336f48bc 100644
--- a/pkgs/development/python-modules/molecule/default.nix
+++ b/pkgs/development/python-modules/molecule/default.nix
@@ -23,14 +23,14 @@
 
 buildPythonPackage rec {
   pname = "molecule";
-  version = "24.7.0";
+  version = "24.8.0";
   pyproject = true;
 
   disabled = pythonOlder "3.10";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-2yx/pZkj6b8j1hqSpbGdaIHsnuX+lu2enp1wCwJyPwM=";
+    hash = "sha256-FAc4kE6fF4FXgFaKxAjJ9zu54qxyHjRoWjWebTUH5nc=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/python-modules/private-gpt/default.nix b/pkgs/development/python-modules/private-gpt/default.nix
index 8c4c1545c350..2824587d7c25 100644
--- a/pkgs/development/python-modules/private-gpt/default.nix
+++ b/pkgs/development/python-modules/private-gpt/default.nix
@@ -17,6 +17,7 @@
   gradio,
   fetchurl,
   fetchpatch,
+  nixosTests,
 }:
 
 buildPythonPackage rec {
@@ -87,6 +88,10 @@ buildPythonPackage rec {
 
   pythonImportsCheck = [ "private_gpt" ];
 
+  passthru.tests = {
+    inherit (nixosTests) private-gpt;
+  };
+
   meta = {
     changelog = "https://github.com/zylon-ai/private-gpt/blob/${src.rev}/CHANGELOG.md";
     description = "Interact with your documents using the power of GPT, 100% privately, no data leaks";
diff --git a/pkgs/development/python-modules/pure-protobuf/default.nix b/pkgs/development/python-modules/pure-protobuf/default.nix
index 5bbed7bb1b8d..df72926be397 100644
--- a/pkgs/development/python-modules/pure-protobuf/default.nix
+++ b/pkgs/development/python-modules/pure-protobuf/default.nix
@@ -14,7 +14,7 @@
 
 buildPythonPackage rec {
   pname = "pure-protobuf";
-  version = "3.1.1";
+  version = "3.1.2";
 
   format = "pyproject";
   # < 3.10 requires get-annotations which isn't packaged yet
@@ -24,7 +24,7 @@ buildPythonPackage rec {
     owner = "eigenein";
     repo = "protobuf";
     rev = "refs/tags/${version}";
-    hash = "sha256-xcW6ODL0UqwVesqIUxxzN5EuXK8hE4rY1inatuM1UpI=";
+    hash = "sha256-up/01Q2IdaW41Ple+nCRpWjYnl/IAlOppdGcg4djRZY=";
   };
 
   build-system = [
diff --git a/pkgs/development/python-modules/pyais/default.nix b/pkgs/development/python-modules/pyais/default.nix
index 9749114a4090..8b8d98d61318 100644
--- a/pkgs/development/python-modules/pyais/default.nix
+++ b/pkgs/development/python-modules/pyais/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "pyais";
-  version = "2.7.0";
+  version = "2.7.1";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = "M0r13n";
     repo = "pyais";
     rev = "refs/tags/v${version}";
-    hash = "sha256-6Bv0YE2zQv0mdXNzHkhq4sOJ18nmyxO884Smzwn2c8I=";
+    hash = "sha256-EUbEVhriJAlxr4g+iPzeyftrF+qtdIqvvljKKihK3C8=";
   };
 
   build-system = [ setuptools ];
diff --git a/pkgs/development/python-modules/pyannote-audio/default.nix b/pkgs/development/python-modules/pyannote-audio/default.nix
index 7507b56528e0..3a3ee228bcc8 100644
--- a/pkgs/development/python-modules/pyannote-audio/default.nix
+++ b/pkgs/development/python-modules/pyannote-audio/default.nix
@@ -1,30 +1,32 @@
 {
   lib,
-  buildPythonPackage,
-  fetchFromGitHub,
-  setuptools,
-  wheel,
   asteroid-filterbanks,
+  buildPythonPackage,
   einops,
+  fetchFromGitHub,
   huggingface-hub,
-  pytorch-lightning,
+  hydra-core,
+  numpy,
   omegaconf,
   pyannote-core,
   pyannote-database,
   pyannote-metrics,
   pyannote-pipeline,
+  pyscaffold,
+  pythonOlder,
+  pytorch-lightning,
   pytorch-metric-learning,
   rich,
   semver,
+  setuptools,
   soundfile,
   speechbrain,
   tensorboardx,
-  torch,
   torch-audiomentations,
+  torch,
   torchaudio,
   torchmetrics,
-  numpy,
-  pyscaffold,
+  typer,
 }:
 
 buildPythonPackage rec {
@@ -32,6 +34,8 @@ buildPythonPackage rec {
   version = "3.3.0";
   pyproject = true;
 
+  disabled = pythonOlder "3.9";
+
   src = fetchFromGitHub {
     owner = "pyannote";
     repo = "pyannote-audio";
@@ -40,20 +44,21 @@ buildPythonPackage rec {
     fetchSubmodules = true;
   };
 
-  nativeBuildInputs = [
+  pythonRelaxDeps = [ "torchaudio" ];
+
+  build-system = [
     pyscaffold
     setuptools
-    wheel
   ];
 
   postPatch = ''
     substituteInPlace setup.cfg \
-      --replace "pyscaffold>=3.2a0,<3.3a0" "pyscaffold"
+      --replace-fail "pyscaffold>=3.2a0,<3.3a0" "pyscaffold"
     substituteInPlace requirements.txt \
-      --replace "lightning" "pytorch-lightning"
+      --replace-fail "lightning" "pytorch-lightning"
   '';
 
-  propagatedBuildInputs = [
+  dependencies = [
     asteroid-filterbanks
     einops
     huggingface-hub
@@ -76,6 +81,13 @@ buildPythonPackage rec {
     pytorch-lightning
   ];
 
+  optional-dependencies = {
+    cli = [
+      hydra-core
+      typer
+    ];
+  };
+
   pythonImportsCheck = [ "pyannote.audio" ];
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/pybravia/default.nix b/pkgs/development/python-modules/pybravia/default.nix
index b94efc55b3c9..fdb66df306af 100644
--- a/pkgs/development/python-modules/pybravia/default.nix
+++ b/pkgs/development/python-modules/pybravia/default.nix
@@ -9,7 +9,7 @@
 
 buildPythonPackage rec {
   pname = "pybravia";
-  version = "0.3.3";
+  version = "0.3.4";
   format = "pyproject";
 
   disabled = pythonOlder "3.8";
@@ -17,8 +17,8 @@ buildPythonPackage rec {
   src = fetchFromGitHub {
     owner = "Drafteed";
     repo = pname;
-    rev = "v${version}";
-    hash = "sha256-Ux9EereKKbgaVQORliW6J5FSBlytLM+m4PVFBk+OW6k=";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-1LfYEVclRneU3eD52kvzjLYyGdzYSWVDQ5EADOviglw=";
   };
 
   nativeBuildInputs = [ poetry-core ];
diff --git a/pkgs/development/python-modules/pyseventeentrack/default.nix b/pkgs/development/python-modules/pyseventeentrack/default.nix
index 8433e5590eea..1029c1f50e53 100644
--- a/pkgs/development/python-modules/pyseventeentrack/default.nix
+++ b/pkgs/development/python-modules/pyseventeentrack/default.nix
@@ -4,7 +4,6 @@
   attrs,
   buildPythonPackage,
   fetchFromGitHub,
-  fetchpatch2,
   lib,
   poetry-core,
   pytestCheckHook,
@@ -13,25 +12,16 @@
 
 buildPythonPackage rec {
   pname = "pyseventeentrack";
-  version = "1.0.0";
+  version = "1.0.1";
   pyproject = true;
 
   src = fetchFromGitHub {
     owner = "shaiu";
     repo = "pyseventeentrack";
     rev = "refs/tags/v${version}";
-    hash = "sha256-J5pYtJrEvShRXE/NwbYdmcUhCc5dmDZmJWS550NvRD0=";
+    hash = "sha256-AHFJu2z3UWBR6BzwdxAKl3wpqBnsyj8pn16z1rgFVpw=";
   };
 
-  patches = [
-    # https://github.com/shaiu/pyseventeentrack/pull/4
-    (fetchpatch2 {
-      name = "use-poetry-core.patch";
-      url = "https://github.com/shaiu/pyseventeentrack/commit/6feef4fb29544933836de0a9c06bf85e5105c8bf.patch";
-      hash = "sha256-l6lHWRAoRhYouNT43nb7fYA4RMsmC6rCJOKYTJN8vAU=";
-    })
-  ];
-
   build-system = [ poetry-core ];
 
   dependencies = [
diff --git a/pkgs/development/python-modules/pytest-ansible/default.nix b/pkgs/development/python-modules/pytest-ansible/default.nix
index 5832ff98e668..12e9d62c9549 100644
--- a/pkgs/development/python-modules/pytest-ansible/default.nix
+++ b/pkgs/development/python-modules/pytest-ansible/default.nix
@@ -16,7 +16,7 @@
 
 buildPythonPackage rec {
   pname = "pytest-ansible";
-  version = "24.7.0";
+  version = "24.8.0";
   pyproject = true;
 
   disabled = pythonOlder "3.10";
@@ -25,7 +25,7 @@ buildPythonPackage rec {
     owner = "ansible";
     repo = "pytest-ansible";
     rev = "refs/tags/v${version}";
-    hash = "sha256-yrdfVWXcTB6WKDUnm4wDdKZGWq9F7oOT0RP42xyASRw=";
+    hash = "sha256-+kGVSutTKO6eGH6oHSZ86Hp4jLbofYDcvsiJRXSGQHE=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/pytest-twisted/default.nix b/pkgs/development/python-modules/pytest-twisted/default.nix
index 29ae8e462498..93e74cf1c01a 100644
--- a/pkgs/development/python-modules/pytest-twisted/default.nix
+++ b/pkgs/development/python-modules/pytest-twisted/default.nix
@@ -1,7 +1,8 @@
 {
   lib,
   buildPythonPackage,
-  fetchPypi,
+  fetchFromGitHub,
+  setuptools,
   greenlet,
   pytest,
   decorator,
@@ -11,17 +12,21 @@
 
 buildPythonPackage rec {
   pname = "pytest-twisted";
-  version = "1.14.1";
-  format = "setuptools";
+  version = "1.14.2";
+  pyproject = true;
 
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-qbGLyfykfSiG+O/j/SeHmoHxwLtJ8cVgZmyedkSRtjI=";
+  src = fetchFromGitHub {
+    owner = "pytest-dev";
+    repo = "pytest-twisted";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-1NkKTdk5D36VngJtBEdT42o1MmMT6stBne9KyC17518=";
   };
 
+  build-system = [ setuptools ];
+
   buildInputs = [ pytest ];
 
-  propagatedBuildInputs = [
+  dependencies = [
     decorator
     greenlet
   ];
@@ -34,6 +39,7 @@ buildPythonPackage rec {
   pythonImportsCheck = [ "pytest_twisted" ];
 
   meta = with lib; {
+    changelog = "https://github.com/pytest-dev/pytest-twisted/releases/tag/v${version}";
     description = "Twisted plugin for py.test";
     homepage = "https://github.com/pytest-dev/pytest-twisted";
     license = licenses.bsd3;
diff --git a/pkgs/development/python-modules/softlayer/default.nix b/pkgs/development/python-modules/softlayer/default.nix
index ecb04654073a..b2238da2916f 100644
--- a/pkgs/development/python-modules/softlayer/default.nix
+++ b/pkgs/development/python-modules/softlayer/default.nix
@@ -21,7 +21,7 @@
 
 buildPythonPackage rec {
   pname = "softlayer";
-  version = "6.2.4";
+  version = "6.2.5";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -30,7 +30,7 @@ buildPythonPackage rec {
     owner = pname;
     repo = "softlayer-python";
     rev = "refs/tags/v${version}";
-    hash = "sha256-Hl3nW31EoqjziYMeeHip/Ieq8eYLa7//qrENThPa7ns=";
+    hash = "sha256-wDLMVonPUexoaZ60kRBILmr5l46yajzACozCp6uETGY=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/torch-audiomentations/default.nix b/pkgs/development/python-modules/torch-audiomentations/default.nix
index 2a9985ce91b4..7a4205268e3e 100644
--- a/pkgs/development/python-modules/torch-audiomentations/default.nix
+++ b/pkgs/development/python-modules/torch-audiomentations/default.nix
@@ -2,13 +2,15 @@
   lib,
   buildPythonPackage,
   fetchFromGitHub,
-  setuptools,
-  wheel,
   julius,
   librosa,
+  pytest-cov-stub,
+  pytestCheckHook,
+  pythonOlder,
+  setuptools,
+  torch-pitch-shift,
   torch,
   torchaudio,
-  torch-pitch-shift,
 }:
 
 buildPythonPackage rec {
@@ -16,6 +18,8 @@ buildPythonPackage rec {
   version = "0.11.1";
   pyproject = true;
 
+  disabled = pythonOlder "3.8";
+
   src = fetchFromGitHub {
     owner = "asteroid-team";
     repo = "torch-audiomentations";
@@ -23,7 +27,11 @@ buildPythonPackage rec {
     hash = "sha256-0+5wc+mP4c221q6mdaqPalfumTOtdnkjnIPtLErOp9E=";
   };
 
-  propagatedBuildInputs = [
+  pythonRelaxDeps = [ "torchaudio" ];
+
+  build-system = [ setuptools ];
+
+  dependencies = [
     julius
     librosa
     torch
@@ -31,16 +39,27 @@ buildPythonPackage rec {
     torch-pitch-shift
   ];
 
-  nativeBuildInputs = [
-    setuptools
-    wheel
+  nativeCheckInputs = [
+    pytest-cov-stub
+    pytestCheckHook
   ];
 
   pythonImportsCheck = [ "torch_audiomentations" ];
 
+  disabledTestPaths = [
+    # librosa issues
+    "tests/test_mix.py"
+    "tests/test_convolution.py"
+    "tests/test_impulse_response.py"
+    "tests/test_background_noise.py"
+  ];
+
+  disabledTests = [ "test_transform_is_differentiable" ];
+
   meta = with lib; {
-    description = "Fast audio data augmentation in PyTorch. Inspired by audiomentations. Useful for deep learning";
+    description = "Fast audio data augmentation in PyTorch";
     homepage = "https://github.com/asteroid-team/torch-audiomentations";
+    changelog = "https://github.com/asteroid-team/torch-audiomentations/releases/tag/v${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ matthewcroughan ];
   };
diff --git a/pkgs/development/python-modules/torch-pitch-shift/default.nix b/pkgs/development/python-modules/torch-pitch-shift/default.nix
index f6d35338dad8..910b65c6363a 100644
--- a/pkgs/development/python-modules/torch-pitch-shift/default.nix
+++ b/pkgs/development/python-modules/torch-pitch-shift/default.nix
@@ -3,11 +3,11 @@
   buildPythonPackage,
   fetchFromGitHub,
   setuptools,
-  wheel,
   packaging,
   primepy,
   torch,
   torchaudio,
+  pythonOlder,
 }:
 
 buildPythonPackage rec {
@@ -15,30 +15,35 @@ buildPythonPackage rec {
   version = "1.2.4";
   pyproject = true;
 
+  disabled = pythonOlder "3.8";
+
   src = fetchFromGitHub {
     owner = "KentoNishi";
     repo = "torch-pitch-shift";
-    rev = "v${version}";
+    rev = "refs/tags/v${version}";
     hash = "sha256-s3z+6jOGC7RfF9TzVZ9HFbIFz2BsBm6Yhx7lgaEKv6o=";
   };
 
-  nativeBuildInputs = [
-    setuptools
-    wheel
-  ];
+  pythonRelaxDeps = [ "torchaudio" ];
 
-  propagatedBuildInputs = [
+  build-system = [ setuptools ];
+
+  dependencies = [
     packaging
     primepy
     torch
     torchaudio
   ];
 
+  # Module has no tests
+  doCheck = false;
+
   pythonImportsCheck = [ "torch_pitch_shift" ];
 
   meta = with lib; {
     description = "Pitch-shift audio clips quickly with PyTorch (CUDA supported)! Additional utilities for searching efficient transformations are included";
     homepage = "https://github.com/KentoNishi/torch-pitch-shift";
+    changelog = "https://github.com/KentoNishi/torch-pitch-shift/releases/tag/v${version}";
     license = licenses.mit;
     maintainers = with maintainers; [ matthewcroughan ];
   };
diff --git a/pkgs/development/python-modules/trimesh/default.nix b/pkgs/development/python-modules/trimesh/default.nix
index 91c3deed553d..417280834bde 100644
--- a/pkgs/development/python-modules/trimesh/default.nix
+++ b/pkgs/development/python-modules/trimesh/default.nix
@@ -11,14 +11,14 @@
 
 buildPythonPackage rec {
   pname = "trimesh";
-  version = "4.4.4";
+  version = "4.4.6";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-XFP2/gHi+uNXrTO3ltv9tOr+shFDVPRs85YIgGEU7Pg=";
+    hash = "sha256-sOZL8GDI06cXMCT7b+CZ9w56owYwNWiILLrJDmWZ9Fs=";
   };
 
   build-system = [ setuptools ];
diff --git a/pkgs/development/python-modules/unearth/default.nix b/pkgs/development/python-modules/unearth/default.nix
index 957db7180d59..82c832b6b98f 100644
--- a/pkgs/development/python-modules/unearth/default.nix
+++ b/pkgs/development/python-modules/unearth/default.nix
@@ -16,14 +16,14 @@
 
 buildPythonPackage rec {
   pname = "unearth";
-  version = "0.16.1";
+  version = "0.17.0";
   pyproject = true;
 
   disabled = pythonOlder "3.8";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-mIpDQY+gt4rrYooV9qOwIVLBeH9j/m0lTH9OLM+NsKc=";
+    hash = "sha256-dxyicP7IvqJid0oLHOJ1JzkFbmUjRDQCjs6vRmy7oLY=";
   };
 
   build-system = [ pdm-backend ];
diff --git a/pkgs/development/tools/coder/default.nix b/pkgs/development/tools/coder/default.nix
index 0c040a7cdd90..c191b2e3f439 100644
--- a/pkgs/development/tools/coder/default.nix
+++ b/pkgs/development/tools/coder/default.nix
@@ -6,6 +6,7 @@
 , terraform
 , stdenvNoCC
 , unzip
+, nixosTests
 }:
 
 let
@@ -100,5 +101,8 @@ stdenvNoCC.mkDerivation (finalAttrs: {
 
   passthru = {
     updateScript = ./update.sh;
+    tests = {
+      inherit (nixosTests) coder;
+    };
   };
 })
diff --git a/pkgs/development/tools/continuous-integration/gocd-agent/default.nix b/pkgs/development/tools/continuous-integration/gocd-agent/default.nix
index 314dd38c0795..adb2839de1d8 100644
--- a/pkgs/development/tools/continuous-integration/gocd-agent/default.nix
+++ b/pkgs/development/tools/continuous-integration/gocd-agent/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, unzip }:
+{ lib, stdenv, fetchurl, unzip, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "gocd-agent";
@@ -9,6 +9,9 @@ stdenv.mkDerivation rec {
     url = "https://download.go.cd/binaries/${version}-${rev}/generic/go-agent-${version}-${rev}.zip";
     sha256 = "sha256-L2MOkbVHoQu99lKrbnsNkhuU0SZ8VANSK72GZrGLbiQ=";
   };
+
+  passthru.tests = { inherit (nixosTests) gocd-agent; };
+
   meta = with lib; {
     description = "Continuous delivery server specializing in advanced workflow modeling and visualization";
     homepage = "http://www.go.cd";
diff --git a/pkgs/development/tools/database/litestream/default.nix b/pkgs/development/tools/database/litestream/default.nix
index fa47959a333c..15c287114750 100644
--- a/pkgs/development/tools/database/litestream/default.nix
+++ b/pkgs/development/tools/database/litestream/default.nix
@@ -1,6 +1,7 @@
 { buildGoModule
 , fetchFromGitHub
 , lib
+, nixosTests
 }:
 buildGoModule rec {
   pname = "litestream";
@@ -21,6 +22,8 @@ buildGoModule rec {
 
   vendorHash = "sha256-sYIY3Z3VrCqbjEbQtEY7q6Jljg8jMoa2qWEB/IkDjzM=";
 
+  passthru.tests = { inherit (nixosTests) litestream; };
+
   meta = with lib; {
     description = "Streaming replication for SQLite";
     mainProgram = "litestream";
diff --git a/pkgs/development/tools/go-mockery/default.nix b/pkgs/development/tools/go-mockery/default.nix
index 551934001bda..b57491d47e38 100644
--- a/pkgs/development/tools/go-mockery/default.nix
+++ b/pkgs/development/tools/go-mockery/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "go-mockery";
-  version = "2.44.1";
+  version = "2.44.2";
 
   src = fetchFromGitHub {
     owner = "vektra";
     repo = "mockery";
     rev = "v${version}";
-    sha256 = "sha256-FaQzGkMUgf3QRM3gjlvUEDmnb1mZ8Yd85E4ONB5yCm4=";
+    sha256 = "sha256-zVzCAX52kzugj9LRqnrUZ881sE8EyhLM1QPnJK5O2ak=";
   };
 
   preCheck = ''
diff --git a/pkgs/development/tools/leaps/default.nix b/pkgs/development/tools/leaps/default.nix
index 27a6cb95220c..c9eac1db13a8 100644
--- a/pkgs/development/tools/leaps/default.nix
+++ b/pkgs/development/tools/leaps/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub, testers, leaps }:
+{ lib, buildGoModule, fetchFromGitHub, testers, leaps, nixosTests }:
 
 buildGoModule rec {
   pname = "leaps";
@@ -16,7 +16,10 @@ buildGoModule rec {
 
   ldflags = [ "-s" "-w" "-X main.version=${version}" ];
 
-  passthru.tests.version = testers.testVersion { package = leaps; };
+  passthru.tests = {
+    version = testers.testVersion { package = leaps; };
+    inherit (nixosTests) leaps;
+  };
 
   meta = with lib; {
     description = "Pair programming tool and library written in Golang";
diff --git a/pkgs/development/tools/profiling/systemtap/default.nix b/pkgs/development/tools/profiling/systemtap/default.nix
index 25bdd45e03b8..a2895a095422 100644
--- a/pkgs/development/tools/profiling/systemtap/default.nix
+++ b/pkgs/development/tools/profiling/systemtap/default.nix
@@ -1,5 +1,6 @@
 { lib, fetchgit, pkg-config, gettext, runCommand, makeWrapper
 , cpio, elfutils, kernel, gnumake, python3
+, nixosTests
 }:
 
 let
@@ -35,6 +36,7 @@ let
 in runCommand "systemtap-${kernel.version}-${version}" {
   inherit stapBuild;
   nativeBuildInputs = [ makeWrapper ];
+  passthru.tests = { inherit (nixosTests.systemtap) linux_default linux_latest; };
   meta = {
     homepage = "https://sourceware.org/systemtap/";
     description = "Provides a scripting language for instrumentation on a live kernel plus user-space";
diff --git a/pkgs/development/tools/rust/rust-analyzer/default.nix b/pkgs/development/tools/rust/rust-analyzer/default.nix
index 4ddf399f783f..925cffb71eed 100644
--- a/pkgs/development/tools/rust/rust-analyzer/default.nix
+++ b/pkgs/development/tools/rust/rust-analyzer/default.nix
@@ -13,14 +13,14 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "rust-analyzer-unwrapped";
-  version = "2024-08-05";
-  cargoHash = "sha256-6ZlC/zzPYvBbp2lsl8U2piHxPqCFVQ+AiNFbnPumAXo=";
+  version = "2024-08-12";
+  cargoHash = "sha256-F1DuuBjHCPY3NIwnS1jFMTxcMnc1TGv2KaKttF6FIKs=";
 
   src = fetchFromGitHub {
     owner = "rust-lang";
     repo = "rust-analyzer";
     rev = version;
-    sha256 = "sha256-/Bd0VzlutcxTwSNouS/iC6BDv395NoO4XmBJaS2vQLg=";
+    sha256 = "sha256-xAxVDxuvCs8WWkrxVWjCiqxTkHhGj7sSppr1YMuEdT8=";
   };
 
   cargoBuildFlags = [ "--bin" "rust-analyzer" "--bin" "rust-analyzer-proc-macro-srv" ];
diff --git a/pkgs/development/web/mailcatcher/default.nix b/pkgs/development/web/mailcatcher/default.nix
index 17d25378d8cd..a6188fec5dbd 100644
--- a/pkgs/development/web/mailcatcher/default.nix
+++ b/pkgs/development/web/mailcatcher/default.nix
@@ -1,4 +1,4 @@
-{ ruby_3_2, lib, bundlerApp, bundlerUpdateScript }:
+{ ruby_3_2, lib, bundlerApp, bundlerUpdateScript, nixosTests }:
 
 bundlerApp {
   pname = "mailcatcher";
@@ -7,6 +7,7 @@ bundlerApp {
   ruby = ruby_3_2;
 
   passthru.updateScript = bundlerUpdateScript "mailcatcher";
+  passthru.tests = { inherit (nixosTests) mailcatcher; };
 
   meta = with lib; {
     description = "SMTP server and web interface to locally test outbound emails";
diff --git a/pkgs/games/openarena/default.nix b/pkgs/games/openarena/default.nix
index 25b4954cb426..211dbcd25106 100644
--- a/pkgs/games/openarena/default.nix
+++ b/pkgs/games/openarena/default.nix
@@ -18,6 +18,7 @@
 , SDL2
 , speex
 , makeDesktopItem
+, nixosTests
 }:
 
 let
@@ -102,6 +103,8 @@ stdenv.mkDerivation (finalAttrs: {
     })
   ];
 
+  passthru.tests = { inherit (nixosTests) openarena; };
+
   meta = {
     description = "Fast-paced 3D first-person shooter, similar to id Software Inc.'s Quake III Arena";
     homepage = "http://openarena.ws/";
diff --git a/pkgs/games/shipwright/default.nix b/pkgs/games/shipwright/default.nix
index 2ee250a703f4..d214e6934b19 100644
--- a/pkgs/games/shipwright/default.nix
+++ b/pkgs/games/shipwright/default.nix
@@ -33,13 +33,13 @@ let
 in
 stdenv.mkDerivation (finalAttrs: {
   pname = "shipwright";
-  version = "8.0.5";
+  version = "8.0.6";
 
   src = fetchFromGitHub {
     owner = "harbourmasters";
     repo = "shipwright";
-    rev = finalAttrs.version;
-    hash = "sha256-o2VwOF46Iq4pwpumOau3bDXJ/CArx6NWBi00s3E4PnE=";
+    rev = "refs/tags/${finalAttrs.version}";
+    hash = "sha256-bA+Bm7M6udeZLpFhGa8fCtagfYBeRxWWqFuAj62XwGQ=";
     fetchSubmodules = true;
   };
 
@@ -51,8 +51,8 @@ stdenv.mkDerivation (finalAttrs: {
   # https://github.com/HarbourMasters/Shipwright/blob/e46c60a7a1396374e23f7a1f7122ddf9efcadff7/soh/CMakeLists.txt#L736
   gamecontrollerdb = fetchurl {
     name = "gamecontrollerdb.txt";
-    url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b7933e43ca2f8d26d8b668ea8ea52b736221af1e/gamecontrollerdb.txt";
-    hash = "sha256-XIuS9BkWkM9d+SgT1OYTfWtcmzqSUDbMrMLoVnPgidE=";
+    url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/075c1549075ef89a397fd7e0663d21e53a2485fd/gamecontrollerdb.txt";
+    hash = "sha256-atjc0t921l6JSUAd/Yk7uup2R7mCp5ivAh6Dr7HBY7I=";
   };
 
   nativeBuildInputs = [
@@ -95,8 +95,8 @@ stdenv.mkDerivation (finalAttrs: {
   ];
 
   cmakeFlags = [
-    "-DCMAKE_INSTALL_PREFIX=${placeholder "out"}/lib"
     (lib.cmakeBool "NON_PORTABLE" true)
+    (lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/lib")
   ];
 
   env.NIX_CFLAGS_COMPILE =
diff --git a/pkgs/misc/screensavers/xautolock/default.nix b/pkgs/misc/screensavers/xautolock/default.nix
index c7934125a7ae..e0fd83897e80 100644
--- a/pkgs/misc/screensavers/xautolock/default.nix
+++ b/pkgs/misc/screensavers/xautolock/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchFromGitHub
 , imake, gccmakedep, libX11, libXext, libXScrnSaver, xorgproto
+, nixosTests
 }:
 
 stdenv.mkDerivation (finalAttrs: {
@@ -25,6 +26,8 @@ stdenv.mkDerivation (finalAttrs: {
 
   installTargets = [ "install" "install.man" ];
 
+  passthru.tests = { inherit (nixosTests) xautolock; };
+
   meta = with lib; {
     description = "Launch a given program when your X session has been idle for a given time";
     homepage = "http://www.ibiblio.org/pub/linux/X11/screensavers";
diff --git a/pkgs/misc/screensavers/xss-lock/default.nix b/pkgs/misc/screensavers/xss-lock/default.nix
index 88b4b6b795f3..dfadfedaee9a 100644
--- a/pkgs/misc/screensavers/xss-lock/default.nix
+++ b/pkgs/misc/screensavers/xss-lock/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchFromGitHub, cmake, docutils, pkg-config, glib, libpthreadstubs
-, libXau, libXdmcp, xcbutil }:
+, libXau, libXdmcp, xcbutil, nixosTests }:
 
 stdenv.mkDerivation {
   pname = "xss-lock";
@@ -15,6 +15,8 @@ stdenv.mkDerivation {
   nativeBuildInputs = [ cmake pkg-config docutils ];
   buildInputs = [ glib libpthreadstubs libXau libXdmcp xcbutil ];
 
+  passthru.tests = { inherit (nixosTests) xss-lock; };
+
   meta = with lib; {
     description = "Use external locker (such as i3lock) as X screen saver";
     license = licenses.mit;
diff --git a/pkgs/os-specific/linux/atop/default.nix b/pkgs/os-specific/linux/atop/default.nix
index 7e191f01fb9b..33a00242989f 100644
--- a/pkgs/os-specific/linux/atop/default.nix
+++ b/pkgs/os-specific/linux/atop/default.nix
@@ -8,6 +8,7 @@
 , findutils
 , systemd
 , python3
+, nixosTests
 # makes the package unfree via pynvml
 , withAtopgpu ? false
 }:
@@ -79,6 +80,8 @@ stdenv.mkDerivation rec {
     rm $out/lib/systemd/system/atopgpu.service $out/bin/atopgpud $out/share/man/man8/atopgpud.8
   '');
 
+  passthru.tests = { inherit (nixosTests) atop; };
+
   meta = with lib; {
     platforms = platforms.linux;
     maintainers = with maintainers; [ raskin ];
diff --git a/pkgs/os-specific/linux/fanout/default.nix b/pkgs/os-specific/linux/fanout/default.nix
index 3352f59a05f7..fc6bac80d6cd 100644
--- a/pkgs/os-specific/linux/fanout/default.nix
+++ b/pkgs/os-specific/linux/fanout/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, kernel, kmod }:
+{ lib, stdenv, fetchFromGitHub, kernel, kmod, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "fanout";
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
     "KERNELDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
   ];
 
+  passthru.tests = { inherit (nixosTests) fanout; };
+
   meta = with lib; {
     description = "Kernel-based publish-subscribe system";
     homepage = "https://github.com/bob-linuxtoys/fanout";
diff --git a/pkgs/os-specific/linux/kernel/zen-kernels.nix b/pkgs/os-specific/linux/kernel/zen-kernels.nix
index ae16c3bd7d79..06fbfbd37d13 100644
--- a/pkgs/os-specific/linux/kernel/zen-kernels.nix
+++ b/pkgs/os-specific/linux/kernel/zen-kernels.nix
@@ -4,16 +4,16 @@ let
   # comments with variant added for update script
   # ./update-zen.py zen
   zenVariant = {
-    version = "6.10.1"; #zen
+    version = "6.10.5"; #zen
     suffix = "zen1"; #zen
-    sha256 = "0lr9qjz4hlvx3yc0lj65fnmbciyh6symycbi9ass761l1niswbk5"; #zen
+    sha256 = "08ibz7560xsmlnrm8j13hxf8hjjcxfmnjdrwffqc81g9g6rvpqra"; #zen
     isLqx = false;
   };
   # ./update-zen.py lqx
   lqxVariant = {
-    version = "6.9.11"; #lqx
+    version = "6.10.5"; #lqx
     suffix = "lqx1"; #lqx
-    sha256 = "0i6i0ak10gswlk60pnkn5dlz74g4nd7n1xbnvf24nnwwp69kkd44"; #lqx
+    sha256 = "09rscj20j94qkmvk0hlpjm6v1n1ndnkv2vl035gsp5lwggws2jqm"; #lqx
     isLqx = true;
   };
   zenKernelsFor = { version, suffix, sha256, isLqx }: buildLinux (args // {
diff --git a/pkgs/os-specific/linux/libcgroup/default.nix b/pkgs/os-specific/linux/libcgroup/default.nix
index 8f24362b94b2..e86e989ba888 100644
--- a/pkgs/os-specific/linux/libcgroup/default.nix
+++ b/pkgs/os-specific/linux/libcgroup/default.nix
@@ -1,19 +1,19 @@
-{ lib, stdenv, fetchFromGitHub, pam, bison, flex, autoreconfHook }:
+{ lib, stdenv, fetchFromGitHub, pam, bison, flex, systemdLibs, autoreconfHook }:
 
 stdenv.mkDerivation rec {
   pname = "libcgroup";
-  version = "3.0";
+  version = "3.1";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
     fetchSubmodules = true;
-    hash = "sha256-x2yBqpr3LedtWmpZ4K1ipZxIualNJuDtC4FVGzzcQn8=";
+    hash = "sha256-CnejQcOyW3QzHuvsAdKe4M4XgmG9ufRaEBdO48+8ZqQ=";
   };
 
   nativeBuildInputs = [ autoreconfHook bison flex ];
-  buildInputs = [ pam ];
+  buildInputs = [ pam systemdLibs ];
 
   postPatch = ''
     substituteInPlace src/tools/Makefile.am \
diff --git a/pkgs/os-specific/linux/trezor-udev-rules/default.nix b/pkgs/os-specific/linux/trezor-udev-rules/default.nix
index e5d20171c5cb..c631b5712733 100644
--- a/pkgs/os-specific/linux/trezor-udev-rules/default.nix
+++ b/pkgs/os-specific/linux/trezor-udev-rules/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl }:
+{ lib, stdenv, fetchurl, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "trezor-udev-rules";
@@ -23,6 +23,8 @@ stdenv.mkDerivation rec {
     cp 51-trezor.rules $out/lib/udev/rules.d/51-trezor.rules
   '';
 
+  passthru.tests = { inherit (nixosTests) trezord; };
+
   meta = with lib; {
     description = "Udev rules for Trezor";
     license = licenses.gpl3;
diff --git a/pkgs/servers/apache-kafka/default.nix b/pkgs/servers/apache-kafka/default.nix
index fd7cd084a60b..815905f76edb 100644
--- a/pkgs/servers/apache-kafka/default.nix
+++ b/pkgs/servers/apache-kafka/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, jdk17_headless, jdk11_headless, makeWrapper, bash, coreutils, gnugrep, gnused, ps }:
+{ lib, stdenv, fetchurl, jdk17_headless, jdk11_headless, makeWrapper, bash, coreutils, gnugrep, gnused, ps, nixosTests }:
 
 let
   versionMap = {
@@ -7,12 +7,14 @@ let
       scalaVersion = "2.13";
       sha256 = "sha256-YqyuShQ92YPcfrSATVdEugxQsZm1CPWZ7wAQIOJVj8k=";
       jre = jdk17_headless;
+      nixosTest = nixosTests.kafka.kafka_3_7;
     };
     "3_6" = {
       kafkaVersion = "3.6.2";
       scalaVersion = "2.13";
       sha256 = "sha256-wxfkf3cUHTFG6VY9nLodZIbIHmcLIR7OasRqn3Lkqqw=";
       jre = jdk17_headless;
+      nixosTest = nixosTests.kafka.kafka_3_6;
     };
   };
 
@@ -54,6 +56,7 @@ let
 
     passthru = {
       inherit jre; # Used by the NixOS module to select the supported jre
+      tests.nixos = versionInfo.nixosTest;
     };
 
     meta = with lib; {
diff --git a/pkgs/servers/birdwatcher/default.nix b/pkgs/servers/birdwatcher/default.nix
index 744be3822484..cca210e4a1bc 100644
--- a/pkgs/servers/birdwatcher/default.nix
+++ b/pkgs/servers/birdwatcher/default.nix
@@ -1,6 +1,7 @@
 { lib
 , fetchFromGitHub
 , buildGoModule
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -18,6 +19,10 @@ buildGoModule rec {
 
   deleteVendor = true;
 
+  passthru.tests = {
+    inherit (nixosTests) birdwatcher;
+  };
+
   meta = with lib; {
     homepage = "https://github.com/alice-lg/birdwatcher";
     description = "Small HTTP server meant to provide an API defined by Barry O'Donovan's birds-eye to the BIRD internet routing daemon";
diff --git a/pkgs/servers/dgraph/default.nix b/pkgs/servers/dgraph/default.nix
index 8a24301d43d8..f5cf357a948d 100644
--- a/pkgs/servers/dgraph/default.nix
+++ b/pkgs/servers/dgraph/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "dgraph";
-  version = "24.0.1";
+  version = "24.0.2";
 
   src = fetchFromGitHub {
     owner = "dgraph-io";
     repo = "dgraph";
     rev = "v${version}";
-    sha256 = "sha256-r3HCDgtOsTQJqOxYIF17u5zuryH6OThNU9y31f+GI+U=";
+    sha256 = "sha256-UoiVPZXeiQsgdzsU2i6FEfflJmD9pPqkf6as/3HLt6Y=";
   };
 
   vendorHash = "sha256-bqHYUFBnQEffymZ0nmm0Sli2HjHoUMEbtO8k3Y0sswc=";
diff --git a/pkgs/servers/go-libp2p-daemon/default.nix b/pkgs/servers/go-libp2p-daemon/default.nix
index cca514fcca39..f3d96c665171 100644
--- a/pkgs/servers/go-libp2p-daemon/default.nix
+++ b/pkgs/servers/go-libp2p-daemon/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "go-libp2p-daemon";
-  version = "0.8.1";
+  version = "0.9.0";
 
   src = fetchFromGitHub {
     owner = "libp2p";
     repo = "go-libp2p-daemon";
     rev = "v${version}";
-    hash = "sha256-UIiP6Tb0ys1slB4YQ2m7KlrHIZDfUaKs4RAyuxWBhhw=";
+    hash = "sha256-1ZmtUrk5BO5tl5Brcyz6NCD9vdf5XXtbmophXVX05Tk=";
   };
 
-  vendorHash = "sha256-60+JcyVV0uW+T0JZ/keyeYJNWrR3BhLInIgwbpoAe/Q=";
+  vendorHash = "sha256-jT3t7m8wPKejbjCvQzx+PIAl9NYk0rAl6edywvR1FaE=";
 
   doCheck = false;
 
diff --git a/pkgs/servers/icingaweb2/default.nix b/pkgs/servers/icingaweb2/default.nix
index 25f1a419e0e3..8a16f3afe345 100644
--- a/pkgs/servers/icingaweb2/default.nix
+++ b/pkgs/servers/icingaweb2/default.nix
@@ -1,4 +1,4 @@
-{ stdenvNoCC, lib, fetchFromGitHub, makeWrapper, php }:
+{ stdenvNoCC, lib, fetchFromGitHub, makeWrapper, php, nixosTests }:
 
 stdenvNoCC.mkDerivation rec {
   pname = "icingaweb2";
@@ -21,6 +21,8 @@ stdenvNoCC.mkDerivation rec {
     wrapProgram $out/bin/icingacli --prefix PATH : "${lib.makeBinPath [ php ]}"
   '';
 
+  passthru.tests = { inherit (nixosTests) icingaweb2; };
+
   meta = with lib; {
     description = "Webinterface for Icinga 2";
     longDescription = ''
diff --git a/pkgs/servers/icingaweb2/ipl.nix b/pkgs/servers/icingaweb2/ipl.nix
index 52ce346fd652..254729a31762 100644
--- a/pkgs/servers/icingaweb2/ipl.nix
+++ b/pkgs/servers/icingaweb2/ipl.nix
@@ -1,4 +1,4 @@
-{ stdenvNoCC, lib, fetchFromGitHub }:
+{ stdenvNoCC, lib, fetchFromGitHub, nixosTests }:
 
 stdenvNoCC.mkDerivation rec {
   pname = "icingaweb2-ipl";
@@ -16,6 +16,8 @@ stdenvNoCC.mkDerivation rec {
     cp -r * "$out"
   '';
 
+  passthru.tests = { inherit (nixosTests) icingaweb2; };
+
   meta = {
     description = "PHP library package for Icingaweb 2";
     homepage = "https://github.com/Icinga/icinga-php-library";
diff --git a/pkgs/servers/icingaweb2/thirdparty.nix b/pkgs/servers/icingaweb2/thirdparty.nix
index 552842967fde..6a2a8bebd494 100644
--- a/pkgs/servers/icingaweb2/thirdparty.nix
+++ b/pkgs/servers/icingaweb2/thirdparty.nix
@@ -1,4 +1,4 @@
-{ stdenvNoCC, lib, fetchFromGitHub }:
+{ stdenvNoCC, lib, fetchFromGitHub, nixosTests }:
 
 stdenvNoCC.mkDerivation rec {
   pname = "icingaweb2-thirdparty";
@@ -16,6 +16,8 @@ stdenvNoCC.mkDerivation rec {
     cp -r * "$out"
   '';
 
+  passthru.tests = { inherit (nixosTests) icingaweb2; };
+
   meta = {
     description = "Third party dependencies for Icingaweb 2";
     homepage = "https://github.com/Icinga/icinga-php-thirdparty";
diff --git a/pkgs/servers/irc/solanum/default.nix b/pkgs/servers/irc/solanum/default.nix
index cb4f009e5c7f..e70d6cc0a8e6 100644
--- a/pkgs/servers/irc/solanum/default.nix
+++ b/pkgs/servers/irc/solanum/default.nix
@@ -8,6 +8,7 @@
 , pkg-config
 , sqlite
 , util-linux
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -63,6 +64,8 @@ stdenv.mkDerivation rec {
   #   make[4]: *** [Makefile:634: solanum] Error 1
   enableParallelInstalling = false;
 
+  passthru.tests = { inherit (nixosTests) solanum; };
+
   meta = with lib; {
     description = "IRCd for unified networks";
     homepage = "https://github.com/solanum-ircd/solanum";
diff --git a/pkgs/servers/jackett/default.nix b/pkgs/servers/jackett/default.nix
index 06c1df68e3e2..64ce9873f45f 100644
--- a/pkgs/servers/jackett/default.nix
+++ b/pkgs/servers/jackett/default.nix
@@ -5,6 +5,7 @@
 , dotnetCorePackages
 , openssl
 , mono
+, nixosTests
 }:
 
 buildDotnetModule rec {
@@ -38,6 +39,8 @@ buildDotnetModule rec {
   '';
   passthru.updateScript = ./updater.sh;
 
+  passthru.tests = { inherit (nixosTests) jackett; };
+
   meta = with lib; {
     description = "API Support for your favorite torrent trackers";
     homepage = "https://github.com/Jackett/Jackett/";
diff --git a/pkgs/servers/jibri/default.nix b/pkgs/servers/jibri/default.nix
index 9f12ef008251..95d104123ea2 100644
--- a/pkgs/servers/jibri/default.nix
+++ b/pkgs/servers/jibri/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, dpkg, jdk11_headless, makeWrapper, writeText, xorg }:
+{ lib, stdenv, fetchurl, dpkg, jdk11_headless, makeWrapper, writeText, xorg, nixosTests }:
 
 let
   xorgModulePaths = writeText "module-paths" ''
@@ -38,6 +38,8 @@ stdenv.mkDerivation rec {
 
   passthru.updateScript = ./update.sh;
 
+  passthru.tests = { inherit (nixosTests) jibri; };
+
   meta = with lib; {
     description = "JItsi BRoadcasting Infrastructure";
     mainProgram = "jibri";
diff --git a/pkgs/servers/mail/mailhog/default.nix b/pkgs/servers/mail/mailhog/default.nix
index a4fe8fb5ea19..02912fbb8a7d 100644
--- a/pkgs/servers/mail/mailhog/default.nix
+++ b/pkgs/servers/mail/mailhog/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
 
 buildGoModule rec {
   pname = "MailHog";
@@ -19,6 +19,8 @@ buildGoModule rec {
 
   ldflags = [ "-s" "-X main.version=${version}" ];
 
+  passthru.tests = { inherit (nixosTests) mailhog; };
+
   meta = with lib; {
     description = "Web and API based SMTP testing";
     mainProgram = "MailHog";
diff --git a/pkgs/servers/misc/gobgpd/default.nix b/pkgs/servers/misc/gobgpd/default.nix
index b4e1f0cb2ccd..4f653a50a972 100644
--- a/pkgs/servers/misc/gobgpd/default.nix
+++ b/pkgs/servers/misc/gobgpd/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildGoModule
 , fetchFromGitHub
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -30,6 +31,8 @@ buildGoModule rec {
     "cmd/gobgpd"
   ];
 
+  passthru.tests = { inherit (nixosTests) gobgpd; };
+
   meta = with lib; {
     description = "BGP implemented in Go";
     mainProgram = "gobgpd";
diff --git a/pkgs/servers/misc/taskserver/default.nix b/pkgs/servers/misc/taskserver/default.nix
index bbd2a4a70da4..a0d13164901a 100644
--- a/pkgs/servers/misc/taskserver/default.nix
+++ b/pkgs/servers/misc/taskserver/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper }:
+{ lib, stdenv, fetchurl, cmake, libuuid, gnutls, makeWrapper, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "taskserver";
@@ -31,6 +31,8 @@ stdenv.mkDerivation rec {
   buildInputs = [ libuuid gnutls ];
   nativeBuildInputs = [ cmake makeWrapper ];
 
+  passthru.tests = { inherit (nixosTests) taskserver; };
+
   meta = {
     description = "Server for synchronising Taskwarrior clients";
     homepage = "https://taskwarrior.org";
diff --git a/pkgs/servers/monitoring/cadvisor/default.nix b/pkgs/servers/monitoring/cadvisor/default.nix
index dc0d890a429f..a297c85bed3c 100644
--- a/pkgs/servers/monitoring/cadvisor/default.nix
+++ b/pkgs/servers/monitoring/cadvisor/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
 
 buildGoModule rec {
   pname = "cadvisor";
@@ -22,6 +22,8 @@ buildGoModule rec {
     rm $out/bin/example
   '';
 
+  passthru.tests = { inherit (nixosTests) cadvisor; };
+
   meta = with lib; {
     description = "Analyzes resource usage and performance characteristics of running docker containers";
     mainProgram = "cadvisor";
diff --git a/pkgs/servers/monitoring/munin/default.nix b/pkgs/servers/monitoring/munin/default.nix
index c1446b90c870..785c0fecf43f 100644
--- a/pkgs/servers/monitoring/munin/default.nix
+++ b/pkgs/servers/monitoring/munin/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchFromGitHub, makeWrapper, which, coreutils, rrdtool, perlPackages
 , python3, ruby, jre8, nettools, bc
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -133,6 +134,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  passthru.tests = { inherit (nixosTests) munin; };
+
   meta = with lib; {
     description = "Networked resource monitoring tool";
     longDescription = ''
diff --git a/pkgs/servers/nosql/mongodb/5.0.nix b/pkgs/servers/nosql/mongodb/5.0.nix
index d74bf1e2f3d4..0cb71b57aae1 100644
--- a/pkgs/servers/nosql/mongodb/5.0.nix
+++ b/pkgs/servers/nosql/mongodb/5.0.nix
@@ -1,6 +1,7 @@
 { stdenv, callPackage, lib, sasl, boost
 , Security, CoreFoundation, cctools
 , avxSupport ? stdenv.hostPlatform.avxSupport
+, nixosTests
 }:
 
 let
@@ -29,4 +30,5 @@ buildMongoDB {
     ./asio-no-experimental-string-view-4-4.patch
     ./fix-gcc-Wno-exceptions-5.0.patch
   ] ++ variants.patches;
+  passthru.tests = { inherit (nixosTests) mongodb; };
 }
diff --git a/pkgs/servers/nosql/mongodb/6.0.nix b/pkgs/servers/nosql/mongodb/6.0.nix
index 4e1df2d7a297..839dc5cde024 100644
--- a/pkgs/servers/nosql/mongodb/6.0.nix
+++ b/pkgs/servers/nosql/mongodb/6.0.nix
@@ -22,4 +22,5 @@ buildMongoDB {
       sha256 = "sha256-gWlE2b/NyGe2243iNCXzjcERIY8/4ZWI4Gjh5SF0tYA=";
     })
   ];
+  # passthru.tests = { inherit (nixosTests) mongodb; }; # currently tests mongodb-5_0
 }
diff --git a/pkgs/servers/nosql/mongodb/mongodb.nix b/pkgs/servers/nosql/mongodb/mongodb.nix
index d1cc3030afd2..47d788b753e3 100644
--- a/pkgs/servers/nosql/mongodb/mongodb.nix
+++ b/pkgs/servers/nosql/mongodb/mongodb.nix
@@ -28,6 +28,7 @@
 { version, sha256, patches ? []
 , license ? lib.licenses.sspl
 , avxSupport ? stdenv.hostPlatform.avxSupport
+, passthru ? {}
 }:
 
 let
@@ -59,7 +60,7 @@ let
   inherit (lib) systems subtractLists;
 
 in stdenv.mkDerivation rec {
-  inherit version;
+  inherit version passthru;
   pname = "mongodb";
 
   src = fetchFromGitHub {
diff --git a/pkgs/servers/photoprism/default.nix b/pkgs/servers/photoprism/default.nix
index d7e092943af7..0c39ad8b6b81 100644
--- a/pkgs/servers/photoprism/default.nix
+++ b/pkgs/servers/photoprism/default.nix
@@ -1,4 +1,5 @@
 { pkgs, lib, stdenv, fetchFromGitHub, fetchzip, darktable, rawtherapee, ffmpeg_7, libheif, exiftool, imagemagick, makeWrapper, testers
+, nixosTests
 , librsvg }:
 
 let
@@ -78,6 +79,7 @@ stdenv.mkDerivation {
   '';
 
   passthru.tests.version = testers.testVersion { package = pkgs.photoprism; };
+  passthru.tests.photoprism = nixosTests.photoprism;
 
   meta = with lib; {
     homepage = "https://photoprism.app";
diff --git a/pkgs/servers/plik/default.nix b/pkgs/servers/plik/default.nix
index bcd5ca8c87c8..29ba48487a37 100644
--- a/pkgs/servers/plik/default.nix
+++ b/pkgs/servers/plik/default.nix
@@ -15,7 +15,10 @@ in
 
   inherit (programs) plik plikd-unwrapped;
 
-  plikd = runCommand "plikd-${version}" { nativeBuildInputs = [ makeWrapper ]; } ''
+  plikd = runCommand "plikd-${version}" {
+    nativeBuildInputs = [ makeWrapper ];
+    inherit (programs.plikd-unwrapped) passthru;
+  } ''
     mkdir -p $out/libexec/plikd/{bin,webapp} $out/bin
     tar xf ${webapp} plik-${version}-linux-amd64/webapp/dist/
     mv plik-*/webapp/dist $out/libexec/plikd/webapp
diff --git a/pkgs/servers/plik/programs.nix b/pkgs/servers/plik/programs.nix
index b76d46925557..2b8b5176fb9a 100644
--- a/pkgs/servers/plik/programs.nix
+++ b/pkgs/servers/plik/programs.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub, makeWrapper, runCommand }:
+{ lib, buildGoModule, fetchFromGitHub, makeWrapper, runCommand, nixosTests }:
 
 let
   version = "1.3.8";
@@ -25,12 +25,16 @@ let
       --replace '"0.0.0"' '"${version}"'
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) plikd;
+  };
+
 in
 {
 
   plik = buildGoModule {
     pname = "plik";
-    inherit version meta src vendorHash postPatch;
+    inherit version meta src vendorHash postPatch passthru;
 
     subPackages = [ "client" ];
     postInstall = ''
@@ -40,7 +44,7 @@ in
 
   plikd-unwrapped = buildGoModule {
     pname = "plikd-unwrapped";
-    inherit version src vendorHash postPatch;
+    inherit version src vendorHash postPatch passthru;
 
     subPackages = [ "server" ];
     postFixup = ''
diff --git a/pkgs/servers/portunus/default.nix b/pkgs/servers/portunus/default.nix
index 971a6a0967f5..1cbc81afdd97 100644
--- a/pkgs/servers/portunus/default.nix
+++ b/pkgs/servers/portunus/default.nix
@@ -2,6 +2,7 @@
 , buildGoModule
 , fetchFromGitHub
 , libxcrypt
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -19,6 +20,8 @@ buildGoModule rec {
 
   vendorHash = null;
 
+  passthru.tests = { inherit (nixosTests) portunus; };
+
   meta = with lib; {
     description = "Self-contained user/group management and authentication service";
     homepage = "https://github.com/majewsky/portunus";
diff --git a/pkgs/servers/postfixadmin/default.nix b/pkgs/servers/postfixadmin/default.nix
index be879fa03062..26628e13ea08 100644
--- a/pkgs/servers/postfixadmin/default.nix
+++ b/pkgs/servers/postfixadmin/default.nix
@@ -1,4 +1,4 @@
-{ fetchFromGitHub, stdenv, lib }:
+{ fetchFromGitHub, stdenv, lib, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "postfixadmin";
@@ -18,6 +18,8 @@ stdenv.mkDerivation rec {
     ln -sf /var/cache/postfixadmin/templates_c $out/
   '';
 
+  passthru.tests = { inherit (nixosTests) postfixadmin; };
+
   meta = {
     description = "Web based virtual user administration interface for Postfix mail servers";
     homepage = "https://postfixadmin.sourceforge.io/";
diff --git a/pkgs/servers/pulseaudio/default.nix b/pkgs/servers/pulseaudio/default.nix
index 331d1d3c71ac..0186de73fddf 100644
--- a/pkgs/servers/pulseaudio/default.nix
+++ b/pkgs/servers/pulseaudio/default.nix
@@ -7,6 +7,7 @@
 , gst_all_1
 , check, libintl, meson, ninja, m4, wrapGAppsHook3
 , fetchpatch2
+, nixosTests
 
 , x11Support ? false
 
@@ -182,6 +183,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  passthru.tests = { inherit (nixosTests) pulseaudio; };
+
   meta = {
     description = "Sound server for POSIX and Win32 systems";
     homepage    = "http://www.pulseaudio.org/";
diff --git a/pkgs/servers/roundcube/default.nix b/pkgs/servers/roundcube/default.nix
index 6ec9c8c378f2..646379e3e641 100644
--- a/pkgs/servers/roundcube/default.nix
+++ b/pkgs/servers/roundcube/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, lib, stdenv, buildEnv, roundcube, roundcubePlugins }:
+{ fetchurl, lib, stdenv, buildEnv, roundcube, roundcubePlugins, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "roundcube";
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
     paths = (f roundcubePlugins) ++ [ roundcube ];
   };
 
+  passthru.tests = { inherit (nixosTests) roundcube; };
+
   meta = {
     description = "Open Source Webmail Software";
     maintainers = with lib.maintainers; [ vskilet globin ma27 ];
diff --git a/pkgs/servers/spicedb/default.nix b/pkgs/servers/spicedb/default.nix
index a7afa073b122..249b2c8d6465 100644
--- a/pkgs/servers/spicedb/default.nix
+++ b/pkgs/servers/spicedb/default.nix
@@ -6,16 +6,16 @@
 
 buildGoModule rec {
   pname = "spicedb";
-  version = "1.33.1";
+  version = "1.35.2";
 
   src = fetchFromGitHub {
     owner = "authzed";
     repo = "spicedb";
     rev = "v${version}";
-    hash = "sha256-qEEttgo7OqCEuC+mj2e5HW1IpIl5czxScBmaLiJJuUY=";
+    hash = "sha256-r1rrMCeW7NjlMHmNNWIn6EJOLia+9CuI831O5A8kKMA=";
   };
 
-  vendorHash = "sha256-pqHDSQQMvfas9yeyhs5cWokBPISQygz2aHf6W5Zc+co=";
+  vendorHash = "sha256-NOCC34LrJ+7oubL5uOJlSy92GdiVJf3M0yowJ55JNV8=";
 
   ldflags = [
     "-X 'github.com/jzelinskie/cobrautil/v2.Version=${src.rev}'"
diff --git a/pkgs/servers/sql/monetdb/default.nix b/pkgs/servers/sql/monetdb/default.nix
index 6ccddc5faea1..9e9b2b7f95c1 100644
--- a/pkgs/servers/sql/monetdb/default.nix
+++ b/pkgs/servers/sql/monetdb/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchurl, cmake, python3, bison, openssl, readline, bzip2 }:
+{ lib, stdenv, fetchurl, cmake, python3, bison, openssl, readline, bzip2, nixosTests }:
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "monetdb";
@@ -30,6 +30,8 @@ stdenv.mkDerivation (finalAttrs: {
       $out/bin/Mconvert.py
   '';
 
+  passthru.tests = { inherit (nixosTests) monetdb; };
+
   meta = with lib; {
     description = "Open source database system";
     homepage = "https://www.monetdb.org/";
diff --git a/pkgs/servers/sql/postgresql/ext/pgjwt.nix b/pkgs/servers/sql/postgresql/ext/pgjwt.nix
index 7134c052363d..be088b81f861 100644
--- a/pkgs/servers/sql/postgresql/ext/pgjwt.nix
+++ b/pkgs/servers/sql/postgresql/ext/pgjwt.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, postgresql, unstableGitUpdater }:
+{ lib, stdenv, fetchFromGitHub, postgresql, unstableGitUpdater, nixosTests }:
 
 stdenv.mkDerivation {
   pname = "pgjwt";
@@ -19,6 +19,8 @@ stdenv.mkDerivation {
 
   passthru.updateScript = unstableGitUpdater { };
 
+  passthru.tests = { inherit (nixosTests) pgjwt; };
+
   meta = with lib; {
     description = "PostgreSQL implementation of JSON Web Tokens";
     longDescription = ''
diff --git a/pkgs/servers/sql/postgresql/ext/timescaledb.nix b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
index cf75d52e7ac7..0e5651085ea1 100644
--- a/pkgs/servers/sql/postgresql/ext/timescaledb.nix
+++ b/pkgs/servers/sql/postgresql/ext/timescaledb.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, cmake, postgresql, openssl, libkrb5, enableUnfree ? true }:
+{ lib, stdenv, fetchFromGitHub, cmake, postgresql, openssl, libkrb5, nixosTests, enableUnfree ? true }:
 
 stdenv.mkDerivation rec {
   pname = "timescaledb${lib.optionalString (!enableUnfree) "-apache"}";
@@ -32,6 +32,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  passthru.tests = { inherit (nixosTests) timescaledb; };
+
   meta = with lib; {
     description = "Scales PostgreSQL for time-series data via automatic partitioning across time and space";
     homepage = "https://www.timescale.com/";
diff --git a/pkgs/servers/trezord/default.nix b/pkgs/servers/trezord/default.nix
index 4055c505daac..247ac6832db3 100644
--- a/pkgs/servers/trezord/default.nix
+++ b/pkgs/servers/trezord/default.nix
@@ -4,6 +4,7 @@
 , fetchFromGitHub
 , fetchpatch
 , trezor-udev-rules
+, nixosTests
 , AppKit
 }:
 
@@ -37,6 +38,8 @@ buildGoModule rec {
     "-X main.githash=${commit}"
   ];
 
+  passthru.tests = { inherit (nixosTests) trezord; };
+
   meta = with lib; {
     description = "Trezor Communication Daemon aka Trezor Bridge";
     homepage = "https://trezor.io";
diff --git a/pkgs/servers/trickster/trickster.nix b/pkgs/servers/trickster/trickster.nix
index 221599065453..d11144a8359a 100644
--- a/pkgs/servers/trickster/trickster.nix
+++ b/pkgs/servers/trickster/trickster.nix
@@ -2,6 +2,7 @@
 , buildGoModule
 , fetchFromGitHub
 , go
+, nixosTests
 }:
 
 buildGoModule rec {
@@ -32,6 +33,8 @@ buildGoModule rec {
   # Tests are broken.
   doCheck = false;
 
+  passthru.tests = { inherit (nixosTests) trickster; };
+
   meta = with lib; {
     description = "Reverse proxy cache and time series dashboard accelerator";
     mainProgram = "trickster";
diff --git a/pkgs/servers/ucarp/default.nix b/pkgs/servers/ucarp/default.nix
index 90cbc562d382..fc9cdf947515 100644
--- a/pkgs/servers/ucarp/default.nix
+++ b/pkgs/servers/ucarp/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, lib, fetchurl, libpcap }:
+{ stdenv, lib, fetchurl, libpcap, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "ucarp";
@@ -17,6 +17,8 @@ stdenv.mkDerivation rec {
   #     `__packed'; ucarp.o:/build/ucarp-1.5.2/src/ip_carp.h:73: first defined here
   env.NIX_CFLAGS_COMPILE = "-fcommon";
 
+  passthru.tests = { inherit (nixosTests) ucarp; };
+
   meta = with lib; {
     description = "Userspace implementation of CARP";
     longDescription = ''
diff --git a/pkgs/servers/web-apps/jirafeau/default.nix b/pkgs/servers/web-apps/jirafeau/default.nix
index bf67125e1dab..96496ee83a64 100644
--- a/pkgs/servers/web-apps/jirafeau/default.nix
+++ b/pkgs/servers/web-apps/jirafeau/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitLab, writeText }:
+{ lib, stdenv, fetchFromGitLab, writeText, nixosTests }:
 let
   localConfig = writeText "config.local.php" ''
     <?php
@@ -23,6 +23,8 @@ stdenv.mkDerivation rec {
     cp ${localConfig} $out/lib/config.local.php
   '';
 
+  passthru.tests = { inherit (nixosTests) jirafeau; };
+
   meta = with lib; {
     description = "Website permitting upload of a file in a simple way and giving a unique link to it";
     license = licenses.agpl3Plus;
diff --git a/pkgs/servers/web-apps/morty/default.nix b/pkgs/servers/web-apps/morty/default.nix
index b44d2e03bf16..6ee57abc028a 100644
--- a/pkgs/servers/web-apps/morty/default.nix
+++ b/pkgs/servers/web-apps/morty/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
 
 buildGoModule {
   pname = "morty";
@@ -13,6 +13,8 @@ buildGoModule {
 
   vendorHash = "sha256-3sllcoTDYQBAyAT7e9KeKNrlTEbgnoZc0Vt0ksQByvo=";
 
+  passthru.tests = { inherit (nixosTests) morty; };
+
   meta = with lib; {
     description = "Privacy aware web content sanitizer proxy as a service";
     mainProgram = "morty";
diff --git a/pkgs/tools/backup/borgmatic/default.nix b/pkgs/tools/backup/borgmatic/default.nix
index f6f9bcd3c0d3..18318dc8e584 100644
--- a/pkgs/tools/backup/borgmatic/default.nix
+++ b/pkgs/tools/backup/borgmatic/default.nix
@@ -11,6 +11,7 @@
   stdenv,
   systemd,
   testers,
+  nixosTests,
 }:
 python3Packages.buildPythonApplication rec {
   pname = "borgmatic";
@@ -60,7 +61,10 @@ python3Packages.buildPythonApplication rec {
                --replace "sleep " "${coreutils}/bin/sleep "
   '';
 
-  passthru.tests.version = testers.testVersion { package = borgmatic; };
+  passthru.tests = {
+    version = testers.testVersion { package = borgmatic; };
+    inherit (nixosTests) borgmatic;
+  };
 
   __darwinAllowLocalNetworking = true;
 
diff --git a/pkgs/tools/filesystems/moosefs/default.nix b/pkgs/tools/filesystems/moosefs/default.nix
index 48ec4cea7c98..54a78f89c399 100644
--- a/pkgs/tools/filesystems/moosefs/default.nix
+++ b/pkgs/tools/filesystems/moosefs/default.nix
@@ -5,6 +5,7 @@
 , pkg-config
 , libpcap
 , zlib
+, nixosTests
 }:
 
 stdenv.mkDerivation rec {
@@ -47,6 +48,8 @@ stdenv.mkDerivation rec {
 
   doCheck = true;
 
+  passthru.tests = { inherit (nixosTests) moosefs; };
+
   meta = with lib; {
     homepage = "https://moosefs.com";
     description = "Open Source, Petabyte, Fault-Tolerant, Highly Performing, Scalable Network Distributed File System";
diff --git a/pkgs/tools/filesystems/orangefs/default.nix b/pkgs/tools/filesystems/orangefs/default.nix
index 235639457a31..0566a8a4c129 100644
--- a/pkgs/tools/filesystems/orangefs/default.nix
+++ b/pkgs/tools/filesystems/orangefs/default.nix
@@ -1,5 +1,6 @@
 { lib, stdenv, fetchurl, fetchpatch, bison, flex, autoreconfHook
 , openssl, db, attr, perl, tcsh
+, nixosTests
 } :
 
 stdenv.mkDerivation rec {
@@ -60,6 +61,8 @@ stdenv.mkDerivation rec {
     sed -i 's:openssl:${openssl}/bin/openssl:' $out/bin/pvfs2-gen-keys.sh
   '';
 
+  passthru.tests = { inherit (nixosTests) orangefs; };
+
   meta = with lib; {
     description = "Scale-out network file system for use on high-end computing systems";
     homepage = "http://www.orangefs.org/";
diff --git a/pkgs/tools/misc/diffoci/default.nix b/pkgs/tools/misc/diffoci/default.nix
index 6337b2d500c4..b2142cfc227e 100644
--- a/pkgs/tools/misc/diffoci/default.nix
+++ b/pkgs/tools/misc/diffoci/default.nix
@@ -8,16 +8,16 @@
 
 buildGoModule rec {
   pname = "diffoci";
-  version = "0.1.4";
+  version = "0.1.5";
 
   src = fetchFromGitHub {
     owner = "reproducible-containers";
     repo = "diffoci";
     rev = "v${version}";
-    hash = "sha256-BTggky5behIxbVxyDZ09uobw0FBopboE9uUBEVgCgR4=";
+    hash = "sha256-ZVWnfg5uWYuqsNd4X6t1gWBGMfdcirSp7QZZDhqAfaI=";
   };
 
-  vendorHash = "sha256-4C35LBxSm6EkcOznQY1hT2vX9bwFfps/q76VqqPKBfI=";
+  vendorHash = "sha256-qb4HvK4UbJbtP/ypeptV/MMbhOu5UZDaGartq/RGpDM=";
 
   ldflags = [
     "-s"
diff --git a/pkgs/tools/misc/esphome/default.nix b/pkgs/tools/misc/esphome/default.nix
index 57f29a9d103d..b95f6d6d9b3c 100644
--- a/pkgs/tools/misc/esphome/default.nix
+++ b/pkgs/tools/misc/esphome/default.nix
@@ -8,6 +8,7 @@
 , git
 , inetutils
 , stdenv
+, nixosTests
 }:
 
 let
@@ -133,6 +134,7 @@ python.pkgs.buildPythonApplication rec {
   passthru = {
     dashboard = python.pkgs.esphome-dashboard;
     updateScript = callPackage ./update.nix { };
+    tests = { inherit (nixosTests) esphome; };
   };
 
   meta = with lib; {
diff --git a/pkgs/tools/misc/opentelemetry-collector/default.nix b/pkgs/tools/misc/opentelemetry-collector/default.nix
index 05e5f9425462..f372d705491f 100644
--- a/pkgs/tools/misc/opentelemetry-collector/default.nix
+++ b/pkgs/tools/misc/opentelemetry-collector/default.nix
@@ -3,6 +3,7 @@
 , fetchFromGitHub
 , installShellFiles
 , testers
+, nixosTests
 , opentelemetry-collector
 }:
 
@@ -41,10 +42,13 @@ buildGoModule rec {
       --zsh <($out/bin/otelcorecol completion zsh)
   '';
 
-  passthru.tests.version = testers.testVersion {
-    inherit version;
-    package = opentelemetry-collector;
-    command = "otelcorecol -v";
+  passthru.tests = {
+    version = testers.testVersion {
+      inherit version;
+      package = opentelemetry-collector;
+      command = "otelcorecol -v";
+    };
+    inherit (nixosTests) opentelemetry-collector;
   };
 
   meta = with lib; {
diff --git a/pkgs/tools/misc/plotinus/default.nix b/pkgs/tools/misc/plotinus/default.nix
index 2cd2a74f6fde..f8b50d55cdf4 100644
--- a/pkgs/tools/misc/plotinus/default.nix
+++ b/pkgs/tools/misc/plotinus/default.nix
@@ -7,6 +7,7 @@
 , cmake
 , ninja
 , vala
+, nixosTests
 , wrapGAppsHook3 }:
 
 stdenv.mkDerivation rec {
@@ -33,6 +34,8 @@ stdenv.mkDerivation rec {
     gtk3
   ];
 
+  passthru.tests = { inherit (nixosTests) plotinus; };
+
   meta = with lib; {
     description = "Searchable command palette in every modern GTK application";
     homepage = "https://github.com/p-e-w/plotinus";
diff --git a/pkgs/tools/misc/tailspin/default.nix b/pkgs/tools/misc/tailspin/default.nix
index 4e837df61c7c..25aba0ebb95d 100644
--- a/pkgs/tools/misc/tailspin/default.nix
+++ b/pkgs/tools/misc/tailspin/default.nix
@@ -5,16 +5,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "tailspin";
-  version = "3.0.1";
+  version = "3.0.2";
 
   src = fetchFromGitHub {
     owner = "bensadeh";
     repo = "tailspin";
     rev = version;
-    hash = "sha256-Aqm7Nt+rAu8A2216JCuID1eIpWSdKpoKjILYovr7bYw=";
+    hash = "sha256-STQtWLrRS76sowGOBLZqeE8bYcDUjI5ErQD3D7z98M8=";
   };
 
-  cargoHash = "sha256-uTUowYoLEywGNzPyxq53Si5GSrh/F9kUFIDjw/wfdAQ=";
+  cargoHash = "sha256-gNyegmr7Iv7dRe/bCwxLbhVkhex0D9ylF5Eulix26tg=";
 
   meta = with lib; {
     description = "Log file highlighter";
diff --git a/pkgs/tools/misc/watchexec/default.nix b/pkgs/tools/misc/watchexec/default.nix
index 32ee78ff6cb0..cd7381243cc4 100644
--- a/pkgs/tools/misc/watchexec/default.nix
+++ b/pkgs/tools/misc/watchexec/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "watchexec";
-  version = "2.1.1";
+  version = "2.1.2";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-S0c/UqdbEqhZRkxZonW1TPQLmGbZeiK14yPbW5dpI70=";
+    hash = "sha256-mH670pBxSQQ4mTtX6O71aRRxRVyz0J7r4227UsUJ5LE=";
   };
 
-  cargoHash = "sha256-IuubIEu2mY3h1i9gJgQlyVoGwUYWsdp8+hKYyz0j3is=";
+  cargoHash = "sha256-cBxFaERUDaOxAYfpvBdJa9LxvrG2niJqVovcZDucbUA=";
 
   nativeBuildInputs = [ installShellFiles ];
 
@@ -22,7 +22,7 @@ rustPlatform.buildRustPackage rec {
   checkFlags = [ "--skip=help" "--skip=help_short" ];
 
   postPatch = ''
-    rm .cargo/config
+    rm .cargo/config.toml
   '';
 
   postInstall = ''
diff --git a/pkgs/tools/misc/zitadel-tools/default.nix b/pkgs/tools/misc/zitadel-tools/default.nix
index 83d4cc147205..1837280f9757 100644
--- a/pkgs/tools/misc/zitadel-tools/default.nix
+++ b/pkgs/tools/misc/zitadel-tools/default.nix
@@ -6,18 +6,18 @@
 
 buildGoModule rec {
   pname = "zitadel-tools";
-  version = "0.4.1";
+  version = "0.5.0";
 
   src = fetchFromGitHub {
     owner = "zitadel";
     repo = "zitadel-tools";
     rev = "v${version}";
-    hash = "sha256-r9GEHpfDlpK98/dnsxjhUgWKn6vHQla8Z+jQUVrHGyo=";
+    hash = "sha256-wtCBRsP0b7qPOQfYgvmgDT0t2zZHocokO5J8yLZcsgQ=";
   };
 
   nativeBuildInputs = [ installShellFiles ];
 
-  vendorHash = "sha256-y2PYj0XRSgfiaYpeqAh4VR/+NKUPKd1c0w9pPCWsUrY=";
+  vendorHash = "sha256-ql5Qw5Va/wLBKsb9bCmPciuVrgORU8nndRkhjoJBIgs=";
 
   ldflags = [
     "-s" "-w"
diff --git a/pkgs/tools/networking/croc/default.nix b/pkgs/tools/networking/croc/default.nix
index 17caf588c3b3..d719c3f9b06a 100644
--- a/pkgs/tools/networking/croc/default.nix
+++ b/pkgs/tools/networking/croc/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub, callPackage }:
+{ lib, buildGoModule, fetchFromGitHub, callPackage, nixosTests }:
 
 buildGoModule rec {
   pname = "croc";
@@ -18,6 +18,7 @@ buildGoModule rec {
   passthru = {
     tests = {
       local-relay = callPackage ./test-local-relay.nix { };
+      inherit (nixosTests) croc;
     };
   };
 
diff --git a/pkgs/tools/networking/dae/default.nix b/pkgs/tools/networking/dae/default.nix
index 52adba063ee5..783cf6cc8622 100644
--- a/pkgs/tools/networking/dae/default.nix
+++ b/pkgs/tools/networking/dae/default.nix
@@ -3,6 +3,7 @@
   clang,
   fetchFromGitHub,
   buildGoModule,
+  nixosTests,
 }:
 buildGoModule rec {
   pname = "dae";
@@ -46,6 +47,10 @@ buildGoModule rec {
       --replace /usr/bin/dae $out/bin/dae
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) dae;
+  };
+
   meta = with lib; {
     description = "Linux high-performance transparent proxy solution based on eBPF";
     homepage = "https://github.com/daeuniverse/dae";
diff --git a/pkgs/tools/networking/dnscrypt-proxy/default.nix b/pkgs/tools/networking/dnscrypt-proxy/default.nix
index eeb8696bc8ed..1a3f06ef0cac 100644
--- a/pkgs/tools/networking/dnscrypt-proxy/default.nix
+++ b/pkgs/tools/networking/dnscrypt-proxy/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, nixosTests }:
 
 buildGoModule rec {
   pname = "dnscrypt-proxy";
@@ -15,6 +15,8 @@ buildGoModule rec {
     sha256 = "sha256-A9Cu4wcJxrptd9CpgXw4eyMX2nmNAogYBRDeeAjpEZY=";
   };
 
+  passthru.tests = { inherit (nixosTests) dnscrypt-proxy2; };
+
   meta = with lib; {
     description = "Tool that provides secure DNS resolution";
 
diff --git a/pkgs/tools/networking/grpc_cli/default.nix b/pkgs/tools/networking/grpc_cli/default.nix
index fc5c996a3a18..0c7454141a2f 100644
--- a/pkgs/tools/networking/grpc_cli/default.nix
+++ b/pkgs/tools/networking/grpc_cli/default.nix
@@ -2,12 +2,12 @@
 
 stdenv.mkDerivation rec {
   pname = "grpc_cli";
-  version = "1.65.2";
+  version = "1.65.5";
   src = fetchFromGitHub {
     owner = "grpc";
     repo = "grpc";
     rev = "v${version}";
-    hash = "sha256-G9Wo5ySqexxn/Od8qPvmHOhW+X/U6/MMZqtZ6uFKifY=";
+    hash = "sha256-3dMLv4qhZ+X+Now++G8mvp/WIgAIDnMwcZ6rXdVhBjE=";
     fetchSubmodules = true;
   };
   nativeBuildInputs = [ automake cmake autoconf ];
diff --git a/pkgs/tools/networking/miniupnpc/default.nix b/pkgs/tools/networking/miniupnpc/default.nix
index b643e472ea62..6942e682a813 100644
--- a/pkgs/tools/networking/miniupnpc/default.nix
+++ b/pkgs/tools/networking/miniupnpc/default.nix
@@ -3,6 +3,7 @@
   stdenv,
   fetchFromGitHub,
   cmake,
+  nixosTests,
 }:
 
 stdenv.mkDerivation rec {
@@ -33,6 +34,10 @@ stdenv.mkDerivation rec {
     mv $out/bin/external-ip.sh $out/bin/external-ip
   '';
 
+  passthru.tests = {
+    inherit (nixosTests) upnp;
+  };
+
   meta = with lib; {
     homepage = "https://miniupnp.tuxfamily.org/";
     description = "Client that implements the UPnP Internet Gateway Device (IGD) specification";
diff --git a/pkgs/tools/networking/oha/default.nix b/pkgs/tools/networking/oha/default.nix
index c25d471abf2e..71bc43135455 100644
--- a/pkgs/tools/networking/oha/default.nix
+++ b/pkgs/tools/networking/oha/default.nix
@@ -9,16 +9,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "oha";
-  version = "1.4.5";
+  version = "1.4.6";
 
   src = fetchFromGitHub {
     owner = "hatoo";
     repo = pname;
     rev = "refs/tags/v${version}";
-    hash = "sha256-siYJVx5WYveCDpLYp+Bapnr9KSitmBlw9RFkrqPZYCQ=";
+    hash = "sha256-SqspsXVFeYNyTm6Pvt8i/W7MAbary7chs+C+ku8z4Eo=";
   };
 
-  cargoHash = "sha256-ieutZfp1vw3/wVLQ/GQu+W8fEqYS7peHFBrWjZ4qLwU=";
+  cargoHash = "sha256-ks7n/x3RhjQbITL2hxiFkjxpZ5tcYMUyyfR/T7Kq/uU=";
 
   nativeBuildInputs = lib.optionals stdenv.isLinux [
     pkg-config
diff --git a/pkgs/tools/networking/pykms/default.nix b/pkgs/tools/networking/pykms/default.nix
index a8dcbbebe141..b94922d35596 100644
--- a/pkgs/tools/networking/pykms/default.nix
+++ b/pkgs/tools/networking/pykms/default.nix
@@ -4,6 +4,7 @@
 , writeText
 , writeShellScript
 , sqlite
+, nixosTests
 }:
 let
   pypkgs = python3.pkgs;
@@ -83,6 +84,8 @@ pypkgs.buildPythonApplication rec {
     runHook postInstall
   '';
 
+  passthru.tests = { inherit (nixosTests) pykms; };
+
   meta = with lib; {
     description = "Windows KMS (Key Management Service) server written in Python";
     homepage = "https://github.com/Py-KMS-Organization/py-kms";
diff --git a/pkgs/tools/networking/rathole/default.nix b/pkgs/tools/networking/rathole/default.nix
index 1f12ed46b147..8453792e703e 100644
--- a/pkgs/tools/networking/rathole/default.nix
+++ b/pkgs/tools/networking/rathole/default.nix
@@ -4,6 +4,7 @@
 , rustPlatform
 , pkg-config
 , openssl
+, nixosTests
 , CoreServices
 }:
 
@@ -34,6 +35,8 @@ rustPlatform.buildRustPackage rec {
 
   doCheck = false; # https://github.com/rapiz1/rathole/issues/222
 
+  passthru.tests = { inherit (nixosTests) rathole; };
+
   meta = with lib; {
     description = "Reverse proxy for NAT traversal";
     homepage = "https://github.com/rapiz1/rathole";
diff --git a/pkgs/tools/networking/tinc/default.nix b/pkgs/tools/networking/tinc/default.nix
index 2ca679b16c85..6250ec84d9df 100644
--- a/pkgs/tools/networking/tinc/default.nix
+++ b/pkgs/tools/networking/tinc/default.nix
@@ -16,6 +16,8 @@ stdenv.mkDerivation rec {
     "--sysconfdir=/etc"
   ];
 
+  #passthru.tests = { inherit (nixosTests) tinc; }; # test uses tinc_pre
+
   meta = {
     description = "VPN daemon with full mesh routing";
     longDescription = ''
diff --git a/pkgs/tools/networking/tinc/pre.nix b/pkgs/tools/networking/tinc/pre.nix
index f15f398dc7db..31757dcf4c72 100644
--- a/pkgs/tools/networking/tinc/pre.nix
+++ b/pkgs/tools/networking/tinc/pre.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, texinfo, ncurses, readline, zlib, lzo, openssl }:
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, texinfo, ncurses, readline, zlib, lzo, openssl, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "tinc";
@@ -29,6 +29,8 @@ stdenv.mkDerivation rec {
     "--localstatedir=/var"
   ];
 
+  passthru.tests = { inherit (nixosTests) tinc; };
+
   meta = with lib; {
     description = "VPN daemon with full mesh routing";
     longDescription = ''
diff --git a/pkgs/tools/package-management/pdm/default.nix b/pkgs/tools/package-management/pdm/default.nix
index c7856bde2796..234a6265144b 100644
--- a/pkgs/tools/package-management/pdm/default.nix
+++ b/pkgs/tools/package-management/pdm/default.nix
@@ -1,73 +1,65 @@
-{ lib
-, python3
-, fetchPypi
-, nix-update-script
-, runtimeShell
-, installShellFiles
-, testers
-, pdm
+{
+  lib,
+  python3,
+  fetchFromGitHub,
+  runtimeShell,
+  installShellFiles,
+  testers,
+  pdm,
 }:
 
-with python3.pkgs;
-buildPythonApplication rec {
+python3.pkgs.buildPythonApplication rec {
   pname = "pdm";
-  version = "2.18.0";
+  version = "2.18.1";
   pyproject = true;
 
-  disabled = pythonOlder "3.8";
+  disabled = python3.pkgs.pythonOlder "3.8";
 
-  src = fetchPypi {
-    inherit pname version;
-    hash = "sha256-+WP48VWMD/lNrYK54xIS1V0MWdIVIH4PXgQG1Bsql9w=";
+  src = fetchFromGitHub {
+    owner = "pdm-project";
+    repo = "pdm";
+    rev = "refs/tags/${version}";
+    hash = "sha256-pCBwt55tu9bEVVHfdPsJ5vaJXVXEZ2+4ft9LathwBt0=";
   };
 
-  nativeBuildInputs = [
-    installShellFiles
-  ];
+  nativeBuildInputs = [ installShellFiles ];
 
-  build-system = [
+  build-system = with python3.pkgs; [
     pdm-backend
     pdm-build-locked
   ];
 
-  dependencies = [
-    blinker
-    dep-logic
-    filelock
-    findpython
-    hishel
-    httpx
-    installer
-    msgpack
-    packaging
-    pbs-installer
-    platformdirs
-    pyproject-hooks
-    python-dotenv
-    resolvelib
-    rich
-    shellingham
-    tomlkit
-    unearth
-    virtualenv
-  ] ++ httpx.optional-dependencies.socks
-  ++ lib.optionals (pythonOlder "3.11") [
-    tomli
-  ]
-  ++ lib.optionals (pythonOlder "3.10") [
-    importlib-metadata
-  ]
-  ++ lib.optionals (pythonAtLeast "3.10") [
-    truststore
-  ];
-
-  makeWrapperArgs = [
-    "--set PDM_CHECK_UPDATE 0"
-  ];
-
+  dependencies =
+    with python3.pkgs;
+    [
+      blinker
+      dep-logic
+      filelock
+      findpython
+      hishel
+      httpx
+      installer
+      msgpack
+      packaging
+      pbs-installer
+      platformdirs
+      pyproject-hooks
+      python-dotenv
+      resolvelib
+      rich
+      shellingham
+      tomlkit
+      truststore
+      unearth
+      virtualenv
+    ]
+    ++ httpx.optional-dependencies.socks;
+
+  makeWrapperArgs = [ "--set PDM_CHECK_UPDATE 0" ];
+
+  # Silence network warning during pypaInstallPhase
+  # by disabling latest version check
   preInstall = ''
-    # Silence network warning during pypaInstallPhase
-    # by disabling latest version check
     export PDM_CHECK_UPDATE=0
   '';
 
@@ -80,7 +72,7 @@ buildPythonApplication rec {
     unset PDM_LOG_DIR
   '';
 
-  nativeCheckInputs = [
+  nativeCheckInputs = with python3.pkgs; [
     first
     pytestCheckHook
     pytest-mock
@@ -88,9 +80,7 @@ buildPythonApplication rec {
     pytest-httpserver
   ];
 
-  pytestFlagsArray = [
-    "-m 'not network'"
-  ];
+  pytestFlagsArray = [ "-m 'not network'" ];
 
   preCheck = ''
     export HOME=$TMPDIR
@@ -115,18 +105,17 @@ buildPythonApplication rec {
 
   __darwinAllowLocalNetworking = true;
 
-  passthru.tests.version = testers.testVersion {
-    package = pdm;
-  };
-
-  passthru.updateScript = nix-update-script { };
+  passthru.tests.version = testers.testVersion { package = pdm; };
 
   meta = with lib; {
     homepage = "https://pdm-project.org";
     changelog = "https://github.com/pdm-project/pdm/releases/tag/${version}";
     description = "Modern Python package and dependency manager supporting the latest PEP standards";
     license = licenses.mit;
-    maintainers = with maintainers; [ cpcloud ];
+    maintainers = with maintainers; [
+      cpcloud
+      natsukium
+    ];
     mainProgram = "pdm";
   };
 }
diff --git a/pkgs/tools/security/doas/default.nix b/pkgs/tools/security/doas/default.nix
index 2864a1edcf4d..3a43a575589a 100644
--- a/pkgs/tools/security/doas/default.nix
+++ b/pkgs/tools/security/doas/default.nix
@@ -4,6 +4,7 @@
 , bison
 , pam
 , libxcrypt
+, nixosTests
 
 , withPAM ? true
 , withTimestamp ? true
@@ -48,6 +49,8 @@ stdenv.mkDerivation rec {
     ++ lib.optional withPAM pam
     ++ lib.optional (!withPAM) libxcrypt;
 
+  passthru.tests = { inherit (nixosTests) doas; };
+
   meta = with lib; {
     description = "Executes the given command as another user";
     mainProgram = "doas";
diff --git a/pkgs/tools/security/ecryptfs/default.nix b/pkgs/tools/security/ecryptfs/default.nix
index 777aaea41ec2..24246a5de9c5 100644
--- a/pkgs/tools/security/ecryptfs/default.nix
+++ b/pkgs/tools/security/ecryptfs/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, pkg-config, perl, util-linux, keyutils, nss, nspr, python2, pam, enablePython ? false
-, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof }:
+, intltool, makeWrapper, coreutils, bash, gettext, cryptsetup, lvm2, rsync, which, lsof, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "ecryptfs";
@@ -58,6 +58,8 @@ stdenv.mkDerivation rec {
     done
   '';
 
+  passthru.tests = { inherit (nixosTests) ecryptfs; };
+
   meta = with lib; {
     description = "Enterprise-class stacked cryptographic filesystem";
     license     = licenses.gpl2Plus;
diff --git a/pkgs/tools/security/slsa-verifier/default.nix b/pkgs/tools/security/slsa-verifier/default.nix
index 0d261fc3a6fd..558d1c74b594 100644
--- a/pkgs/tools/security/slsa-verifier/default.nix
+++ b/pkgs/tools/security/slsa-verifier/default.nix
@@ -5,16 +5,16 @@
 
 buildGoModule rec {
   pname = "slsa-verifier";
-  version = "2.5.1";
+  version = "2.6.0";
 
   src = fetchFromGitHub {
     owner = "slsa-framework";
     repo = "slsa-verifier";
     rev = "v${version}";
-    hash = "sha256-vDzgbE/Cl3TMVzf6H300EtDpGPYBkkSOJBu+0l2fPFw=";
+    hash = "sha256-x9phhfQVeUO7NRjB6n1rdwkpeCu4VMUcJTrkP6PfVyA=";
   };
 
-  vendorHash = "sha256-NkEYr56Wb3EV7TI+0W7w7PdmbZpX3/yQ4TbOebqW9ng=";
+  vendorHash = "sha256-HJ3/RY0Co86y1t2Mas5C+rjwRRG4ZJgxjkz9iWcKf5E=";
 
   CGO_ENABLED = 0;
 
diff --git a/pkgs/tools/system/hddfancontrol/default.nix b/pkgs/tools/system/hddfancontrol/default.nix
index 64409cbcdba0..7af08d9108bf 100644
--- a/pkgs/tools/system/hddfancontrol/default.nix
+++ b/pkgs/tools/system/hddfancontrol/default.nix
@@ -1,4 +1,4 @@
-{ lib, python3Packages, fetchFromGitHub, hddtemp, hdparm, smartmontools }:
+{ lib, python3Packages, fetchFromGitHub, hddtemp, hdparm, smartmontools, nixosTests }:
 
 python3Packages.buildPythonPackage rec {
   pname = "hddfancontrol";
@@ -25,6 +25,8 @@ python3Packages.buildPythonPackage rec {
     sed -i -e '/EnvironmentFile=.*/d' $out/etc/systemd/system/hddfancontrol.service
   '';
 
+  passthru.tests = { inherit (nixosTests) hddfancontrol; };
+
   meta = with lib; {
     description = "Dynamically control fan speed according to hard drive temperature on Linux";
     homepage = "https://github.com/desbma/hddfancontrol";
diff --git a/pkgs/tools/system/incron/default.nix b/pkgs/tools/system/incron/default.nix
index 5c26235f8452..bf0299de2030 100644
--- a/pkgs/tools/system/incron/default.nix
+++ b/pkgs/tools/system/incron/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, bash }:
+{ lib, stdenv, fetchFromGitHub, bash, nixosTests }:
 
 stdenv.mkDerivation rec {
   pname = "incron";
@@ -27,6 +27,8 @@ stdenv.mkDerivation rec {
     cp incrond incrontab $out/bin/
   '';
 
+  passthru.tests = { inherit (nixosTests) incron; };
+
   meta = with lib; {
     description = "Cron-like daemon which handles filesystem events";
     homepage = "https://github.com/ar-/incron";
diff --git a/pkgs/tools/typesetting/tex/texpresso/default.nix b/pkgs/tools/typesetting/tex/texpresso/default.nix
index 38974b9a45dc..8653782da71c 100644
--- a/pkgs/tools/typesetting/tex/texpresso/default.nix
+++ b/pkgs/tools/typesetting/tex/texpresso/default.nix
@@ -17,7 +17,7 @@
 
 stdenv.mkDerivation rec {
   pname = "texpresso";
-  version = "0-unstable-2024-06-22";
+  version = "0-unstable-2024-07-02";
 
   postPatch = ''
     substituteInPlace Makefile \
@@ -41,7 +41,7 @@ stdenv.mkDerivation rec {
   src = fetchFromGitHub {
     owner = "let-def";
     repo = "texpresso";
-    rev = "e1e05f5559751d4b50772cd51d14101be0563ce1";
+    rev = "0e14b1df6269b07c2c985f001e32b48673495a8b";
     hash = "sha256-av1yadR2giJUxFQuHSXFgTbCNsmccrzKOmLVnAGJt6c=";
   };
 
diff --git a/pkgs/tools/typesetting/tex/texpresso/tectonic.nix b/pkgs/tools/typesetting/tex/texpresso/tectonic.nix
index 1848bf26b5b5..34df5c5ed1f4 100644
--- a/pkgs/tools/typesetting/tex/texpresso/tectonic.nix
+++ b/pkgs/tools/typesetting/tex/texpresso/tectonic.nix
@@ -6,8 +6,8 @@ tectonic-unwrapped.override (old: {
       src = fetchFromGitHub {
         owner = "let-def";
         repo = "tectonic";
-        rev = "b38cb3b2529bba947d520ac29fbb7873409bd270";
-        hash = "sha256-ap7fEPHsASAphIQkjcvk1CC7egTdxaUh7IpSS5os4W8=";
+        rev = "5b844105c06e0b16e40b1254359f8c28e8956280";
+        hash = "sha256-RPsXmp+5MF9h+H3wdL1O1hXSRZWjWTY8lXq/dWZIM1g=";
         fetchSubmodules = true;
       };
       cargoHash = "sha256-g4iBo8r+QUOcFJ3CI2+HOi4VHxU7jKnIWlJcKx/6r5E=";
diff --git a/pkgs/top-level/aliases.nix b/pkgs/top-level/aliases.nix
index 6a6dc3086608..a6403e6792eb 100644
--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@@ -1258,6 +1258,7 @@ mapAliases ({
 
   ### R ###
 
+  rabbitvcs = throw "rabbitvcs has been removed from nixpkgs, because it was broken"; # Added 2024-07-15
   radare2-cutter = cutter; # Added 2021-03-30
   radicle-cli = throw "'radicle-cli' was removed in favor of 'radicle-node'"; # Added 2024-05-04
   radicle-upstream = throw "'radicle-upstream' was sunset, see <https://community.radworks.org/t/2962>"; # Added 2024-05-04
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index b7a0691fb46f..1547f9550ed0 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -643,8 +643,6 @@ with pkgs;
 
   firefly-desktop = callPackage ../applications/misc/firefly-desktop { };
 
-  flaca = callPackage ../applications/graphics/flaca { };
-
   frece = callPackage ../development/tools/frece { };
 
   frida-tools = callPackage ../tools/security/frida-tools { };
@@ -7868,8 +7866,6 @@ with pkgs;
 
   flintlock = callPackage ../applications/virtualization/flintlock { };
 
-  flip-link = callPackage ../development/tools/flip-link { };
-
   flips = callPackage ../tools/compression/flips { };
 
   flowblade = callPackage ../applications/video/flowblade { };
@@ -22039,8 +22035,6 @@ with pkgs;
 
   libmp3splt = callPackage ../development/libraries/libmp3splt { };
 
-  libmrss = callPackage ../development/libraries/libmrss { };
-
   libmspack = callPackage ../development/libraries/libmspack { };
 
   libmusicbrainz3 = callPackage ../development/libraries/libmusicbrainz { };
@@ -22077,8 +22071,6 @@ with pkgs;
 
   libnova = callPackage ../development/libraries/science/astronomy/libnova { };
 
-  libnxml = callPackage ../development/libraries/libnxml { };
-
   libodfgen = callPackage ../development/libraries/libodfgen { };
 
   libofa = callPackage ../development/libraries/libofa { };
@@ -33185,8 +33177,6 @@ with pkgs;
 
   qxw = callPackage ../applications/editors/qxw { };
 
-  rabbitvcs = callPackage ../applications/version-management/rabbitvcs { };
-
   rakarrack = callPackage ../applications/audio/rakarrack {
     fltk = fltk13;
   };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 5824b35ec084..988c33fe2ca9 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -4909,6 +4909,8 @@ self: super: with self; {
 
   geopandas = callPackage ../development/python-modules/geopandas { };
 
+  geoparquet = callPackage  ../development/python-modules/geoparquet { };
+
   geopy = callPackage ../development/python-modules/geopy { };
 
   georss-client = callPackage ../development/python-modules/georss-client { };