Merge staging-next into staging

40 files changed, 583 insertions, 182 deletions

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index da5cb5d2fa0..d5e78cda086 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -14,23 +14,19 @@ permissions:
 jobs:
   backport:
     permissions:
-      contents: write  # for zeebe-io/backport-action to create branch
-      pull-requests: write  # for zeebe-io/backport-action to create PR to backport
+      contents: write # for korthout/backport-action to create branch
+      pull-requests: write # for korthout/backport-action to create PR to backport
     name: Backport Pull Request
     if: github.repository_owner == 'NixOS' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         with:
-          # required to find all branches
-          fetch-depth: 0
           ref: ${{ github.event.pull_request.head.sha }}
       - name: Create backport PRs
-        uses: zeebe-io/backport-action@v0.0.9
+        uses: korthout/backport-action@v1.0.0
         with:
-          # Config README: https://github.com/zeebe-io/backport-action#backport-action
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          github_workspace: ${{ github.workspace }}
+          # Config README: https://github.com/korthout/backport-action#backport-action
           pull_description: |-
             Bot-based backport to `${target_branch}`, triggered by a label in #${pull_number}.
 
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 7816bb90f40..2f9f0fd0b9e 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -5138,6 +5138,12 @@
     githubId = 15957973;
     name = "Jeffry Molanus";
   };
+  gilice = {
+    email = "gilice@proton.me";
+    github = "gilice";
+    githubId = 104317939;
+    name = "gilice";
+  };
   gilligan = {
     email = "tobias.pflug@gmail.com";
     github = "gilligan";
diff --git a/nixos/modules/programs/nix-ld.nix b/nixos/modules/programs/nix-ld.nix
index f753cf5f97e..9a12b4ca5c7 100644
--- a/nixos/modules/programs/nix-ld.nix
+++ b/nixos/modules/programs/nix-ld.nix
@@ -36,23 +36,22 @@ let
 in
 {
   meta.maintainers = [ lib.maintainers.mic92 ];
-  options = {
-    programs.nix-ld = {
-      enable = lib.mkEnableOption (lib.mdDoc ''nix-ld, Documentation: <https://github.com/Mic92/nix-ld>'');
-      package = lib.mkOption {
-        type = lib.types.package;
-        description = lib.mdDoc "Which package to use for the nix-ld.";
-        default = pkgs.nix-ld;
-        defaultText = lib.mdDoc "pkgs.nix-ld";
-      };
-      libraries = lib.mkOption {
-        type = lib.types.listOf lib.types.package;
-        description = lib.mdDoc "Libraries that automatically become available to all programs. The default set includes common libraries.";
-        default = baseLibraries;
-        defaultText = lib.mdDoc "baseLibraries";
-      };
+  options.programs.nix-ld = {
+    enable = lib.mkEnableOption (lib.mdDoc ''nix-ld, Documentation: <https://github.com/Mic92/nix-ld>'');
+    package = lib.mkOption {
+      type = lib.types.package;
+      description = lib.mdDoc "Which package to use for the nix-ld.";
+      default = pkgs.nix-ld;
+      defaultText = lib.literalExpression "pkgs.nix-ld";
+    };
+    libraries = lib.mkOption {
+      type = lib.types.listOf lib.types.package;
+      description = lib.mdDoc "Libraries that automatically become available to all programs. The default set includes common libraries.";
+      default = baseLibraries;
+      defaultText = lib.literalExpression "baseLibraries derived from systemd and nix dependencies.";
     };
   };
+
   config = lib.mkIf config.programs.nix-ld.enable {
     systemd.tmpfiles.packages = [ cfg.package ];
 
diff --git a/nixos/modules/services/misc/paperless.nix b/nixos/modules/services/misc/paperless.nix
index 33a8394dff2..1dddd147ac0 100644
--- a/nixos/modules/services/misc/paperless.nix
+++ b/nixos/modules/services/misc/paperless.nix
@@ -212,14 +212,14 @@ in
 
     systemd.services.paperless-scheduler = {
       description = "Paperless Celery Beat";
+      wantedBy = [ "multi-user.target" ];
+      wants = [ "paperless-consumer.service" "paperless-web.service" "paperless-task-queue.service" ];
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
         ExecStart = "${pkg}/bin/celery --app paperless beat --loglevel INFO";
         Restart = "on-failure";
       };
       environment = env;
-      wantedBy = [ "multi-user.target" ];
-      wants = [ "paperless-consumer.service" "paperless-web.service" "paperless-task-queue.service" ];
 
       preStart = ''
         ln -sf ${manage} ${cfg.dataDir}/paperless-manage
@@ -248,6 +248,7 @@ in
 
     systemd.services.paperless-task-queue = {
       description = "Paperless Celery Workers";
+      after = [ "paperless-scheduler.service" ];
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
         ExecStart = "${pkg}/bin/celery --app paperless worker --loglevel INFO";
@@ -275,20 +276,24 @@ in
 
     systemd.services.paperless-consumer = {
       description = "Paperless document consumer";
+      # Bind to `paperless-scheduler` so that the consumer never runs
+      # during migrations
+      bindsTo = [ "paperless-scheduler.service" ];
+      after = [ "paperless-scheduler.service" ];
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
         ExecStart = "${pkg}/bin/paperless-ngx document_consumer";
         Restart = "on-failure";
       };
       environment = env;
-      # Bind to `paperless-scheduler` so that the consumer never runs
-      # during migrations
-      bindsTo = [ "paperless-scheduler.service" ];
-      after = [ "paperless-scheduler.service" ];
     };
 
     systemd.services.paperless-web = {
       description = "Paperless web server";
+      # Bind to `paperless-scheduler` so that the web server never runs
+      # during migrations
+      bindsTo = [ "paperless-scheduler.service" ];
+      after = [ "paperless-scheduler.service" ];
       serviceConfig = defaultServiceConfig // {
         User = cfg.user;
         ExecStart = ''
@@ -312,10 +317,6 @@ in
       # Allow the web interface to access the private /tmp directory of the server.
       # This is required to support uploading files via the web interface.
       unitConfig.JoinsNamespaceOf = "paperless-task-queue.service";
-      # Bind to `paperless-scheduler` so that the web server never runs
-      # during migrations
-      bindsTo = [ "paperless-scheduler.service" ];
-      after = [ "paperless-scheduler.service" ];
     };
 
     users = optionalAttrs (cfg.user == defaultUser) {
diff --git a/nixos/tests/paperless.nix b/nixos/tests/paperless.nix
index b97834835c2..7f36de4c29b 100644
--- a/nixos/tests/paperless.nix
+++ b/nixos/tests/paperless.nix
@@ -26,6 +26,10 @@ import ./make-test-python.nix ({ lib, ... }: {
         # Wait until server accepts connections
         machine.wait_until_succeeds("curl -fs localhost:28981")
 
+    # Required for consuming documents via the web interface
+    with subtest("Task-queue gets ready"):
+        machine.wait_for_unit("paperless-task-queue.service")
+
     with subtest("Add a document via the web interface"):
         machine.succeed(
             "convert -size 400x40 xc:white -font 'DejaVu-Sans' -pointsize 20 -fill black "
diff --git a/pkgs/applications/audio/strawberry/default.nix b/pkgs/applications/audio/strawberry/default.nix
index 13dc80c1dc6..303e0e265f8 100644
--- a/pkgs/applications/audio/strawberry/default.nix
+++ b/pkgs/applications/audio/strawberry/default.nix
@@ -42,13 +42,13 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "strawberry";
-  version = "1.0.10";
+  version = "1.0.11";
 
   src = fetchFromGitHub {
     owner = "jonaski";
     repo = pname;
     rev = version;
-    hash = "sha256-N3jLw2UXLXLpTmFIHihzcMXrxJY0gmvwoawTQ0vRR+w=";
+    hash = "sha256-w2KOZwxPpe/yQw2RBeTEYueeq7m5ZCQXlUH/f52GiyI=";
   };
 
   # the big strawberry shown in the context menu is *very* much in your face, so use the grey version instead
diff --git a/pkgs/applications/editors/molsketch/default.nix b/pkgs/applications/editors/molsketch/default.nix
new file mode 100644
index 00000000000..cb94cef3a32
--- /dev/null
+++ b/pkgs/applications/editors/molsketch/default.nix
@@ -0,0 +1,40 @@
+{ lib
+, stdenv
+, mkDerivation
+, fetchurl
+, cmake
+, pkg-config
+, hicolor-icon-theme
+, openbabel
+, desktop-file-utils
+, qttranslations
+}:
+
+mkDerivation rec {
+  pname = "molsketch";
+  version = "0.7.3";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/molsketch/Molsketch-${version}-src.tar.gz";
+    hash = "sha256-82iNJRiXqESwidjifKBf0+ljcqbFD1WehsXI8VUgrwQ=";
+  };
+
+  preConfigure = ''
+    cmakeFlags="$cmakeFlags -DMSK_PREFIX=$out"
+  '';
+
+  nativeBuildInputs = [ cmake pkg-config ];
+  buildInputs = [
+    hicolor-icon-theme
+    openbabel
+    desktop-file-utils
+    qttranslations
+  ];
+
+  meta = with lib; {
+    description = "2D molecule editor";
+    homepage = "https://sourceforge.net/projects/molsketch/";
+    license = licenses.gpl2Plus;
+    maintainers = [ maintainers.fortuneteller2k ];
+  };
+}
diff --git a/pkgs/applications/editors/vim/plugins/generated.nix b/pkgs/applications/editors/vim/plugins/generated.nix
index 2b2f7f25c40..263c0428ff1 100644
--- a/pkgs/applications/editors/vim/plugins/generated.nix
+++ b/pkgs/applications/editors/vim/plugins/generated.nix
@@ -835,12 +835,12 @@ final: prev:
 
   barbecue-nvim = buildVimPluginFrom2Nix {
     pname = "barbecue.nvim";
-    version = "2022-12-31";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "utilyre";
       repo = "barbecue.nvim";
-      rev = "95f145a9445df954918e3751dd51ba2446606a31";
-      sha256 = "1vv4pp02znww3kmwn0y9j8xds6z83cfbv4mr1fcw8qj2k6f76h2r";
+      rev = "1006f449e7bef625e706d53adfe944647c6a990d";
+      sha256 = "1765bf151k1gcjb5c6yysrhabbr9bi454xhlk9nvr3zlfzsva5h8";
     };
     meta.homepage = "https://github.com/utilyre/barbecue.nvim/";
   };
@@ -2927,12 +2927,12 @@ final: prev:
 
   firenvim = buildVimPluginFrom2Nix {
     pname = "firenvim";
-    version = "2022-11-10";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "glacambre";
       repo = "firenvim";
-      rev = "17a189f0f1e2d4197e00cd56dbeaed8c268bac8c";
-      sha256 = "1fwwmvl1zciffwjf6iskqa5qychknnc300y9ympg51hlxzmm0vpz";
+      rev = "c9cab43d62919c5fd34ebe33270a227a11442e12";
+      sha256 = "1dgn27midg4sis3bq6y9k42dpmk2415kskv7lq56s0pq963377fi";
     };
     meta.homepage = "https://github.com/glacambre/firenvim/";
   };
@@ -3192,12 +3192,12 @@ final: prev:
 
   gentoo-syntax = buildVimPluginFrom2Nix {
     pname = "gentoo-syntax";
-    version = "2022-12-04";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "gentoo";
       repo = "gentoo-syntax";
-      rev = "526aeb1acda9504a4293b2a221700f6441211a7d";
-      sha256 = "0nzsn79m3xk338gikz0qk7lqriia0fjfxbw3k9aj5h3kqxw7qgmw";
+      rev = "9e4f5360b69558799c6974ed72248b86d09c6549";
+      sha256 = "1pv64p2g385h4awapg99m39r3qipkpwg4rkicvdsc0dsnamqmis3";
     };
     meta.homepage = "https://github.com/gentoo/gentoo-syntax/";
   };
@@ -3322,6 +3322,18 @@ final: prev:
     meta.homepage = "https://github.com/gregsexton/gitv/";
   };
 
+  glance-nvim = buildVimPluginFrom2Nix {
+    pname = "glance.nvim";
+    version = "2022-12-05";
+    src = fetchFromGitHub {
+      owner = "DNLHC";
+      repo = "glance.nvim";
+      rev = "cc087d378c3458fd2fb5ddf627af5e8fa1b76458";
+      sha256 = "0608j0kawm641sd7jcccc461wabncxlnssldi976grb5v8mk3kx0";
+    };
+    meta.homepage = "https://github.com/DNLHC/glance.nvim/";
+  };
+
   gleam-vim = buildVimPluginFrom2Nix {
     pname = "gleam.vim";
     version = "2020-06-24";
@@ -3539,12 +3551,12 @@ final: prev:
 
   haskell-tools-nvim = buildVimPluginFrom2Nix {
     pname = "haskell-tools.nvim";
-    version = "2023-01-01";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "MrcJkb";
       repo = "haskell-tools.nvim";
-      rev = "ad0f38f8c1a2cabc155ef9c7f6065578150edbe8";
-      sha256 = "1p0iinpzfhsh79kcxihs8zrzdzragvg93i73z3y33k7nrbqhplk8";
+      rev = "37684363cbab507f5069c2976f1232888734dc5b";
+      sha256 = "0fyl0ab4rbw0sm4275dhjb0vcfa2pvxbqy03s7wiy86yn6h994cy";
     };
     meta.homepage = "https://github.com/MrcJkb/haskell-tools.nvim/";
   };
@@ -4079,12 +4091,12 @@ final: prev:
 
   lazy-nvim = buildVimPluginFrom2Nix {
     pname = "lazy.nvim";
-    version = "2023-01-01";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "folke";
       repo = "lazy.nvim";
-      rev = "3974a6cbe38f7958c2e4f41c6f0d9a6c001a723d";
-      sha256 = "1idpzy1mnkgvpgiiirazpfpdm2xvv4zl7bbfsvmfqi6wc57c7vx6";
+      rev = "06db1ec3c6baa9460e42ef8ed4d2cc2613b194cb";
+      sha256 = "071zhazm15jbp8biv4516fckhy72fvvxlnjvicdi43b2g2941zcn";
     };
     meta.homepage = "https://github.com/folke/lazy.nvim/";
   };
@@ -4715,12 +4727,12 @@ final: prev:
 
   mini-nvim = buildVimPluginFrom2Nix {
     pname = "mini.nvim";
-    version = "2022-12-30";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "echasnovski";
       repo = "mini.nvim";
-      rev = "06eddfd8d6341e6c4f53ec9ae109a376a566329d";
-      sha256 = "19q7khrgkc2214gjn988dlviavpf7ry695h9x077a1ykkml5jxfm";
+      rev = "a2d436f4b8b7d59c0ebcf5a5fed39ccab0e68515";
+      sha256 = "0p1g34xwnqkallf0y9lfv0czcwgqf1dlh1d7ir3cc024zfmx0d2j";
     };
     meta.homepage = "https://github.com/echasnovski/mini.nvim/";
   };
@@ -5183,12 +5195,12 @@ final: prev:
 
   neorg = buildVimPluginFrom2Nix {
     pname = "neorg";
-    version = "2022-12-23";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "nvim-neorg";
       repo = "neorg";
-      rev = "2c18f831effb5f3f383b2049902be23ea0dd7a8e";
-      sha256 = "10lwjrwxjmag2jbhpzfv9g6zpl7mlmv646gr062pragb2cphrm7n";
+      rev = "00532bd997d2aef0384ed8f11500d33d229a7e53";
+      sha256 = "194fp3j7fyvd6iwk5n4s8jm81ljkgi8a5611iibasl8wynzmvvv1";
     };
     meta.homepage = "https://github.com/nvim-neorg/neorg/";
   };
@@ -5255,12 +5267,12 @@ final: prev:
 
   neotest-haskell = buildVimPluginFrom2Nix {
     pname = "neotest-haskell";
-    version = "2022-12-28";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "MrcJkb";
       repo = "neotest-haskell";
-      rev = "7a3a6fcf2bde2a98b2d221bf54162eef2e09eb50";
-      sha256 = "1i99x9d6kqd8qrvy3si2h4mk3d5akqjibs006wf7fp2gr7fivvkc";
+      rev = "c6a60b8476e146f22e47b378d8f52ed7b35dd8a1";
+      sha256 = "0235ljraa6cbwb81jhijw10i3kc1xlmiq01qwzgqz8saacd26ccr";
     };
     meta.homepage = "https://github.com/MrcJkb/neotest-haskell/";
   };
@@ -5411,12 +5423,12 @@ final: prev:
 
   nlsp-settings-nvim = buildVimPluginFrom2Nix {
     pname = "nlsp-settings.nvim";
-    version = "2023-01-01";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "tamago324";
       repo = "nlsp-settings.nvim";
-      rev = "e73d509e77d97324a1fe3cc0118a707cc28cf92b";
-      sha256 = "0n6crpb6gvi5vyirypz7s4c38k80iah1203w5hvlx5qr0bjxw14c";
+      rev = "4d7588d898cc4d20891d36a5288045237ca523da";
+      sha256 = "080d32pwwq7r1crb843m9vq4wqdzx2l0cmd0b0aq8zqgh7d1c6ck";
     };
     meta.homepage = "https://github.com/tamago324/nlsp-settings.nvim/";
   };
@@ -6335,12 +6347,12 @@ final: prev:
 
   nvim-ts-rainbow = buildVimPluginFrom2Nix {
     pname = "nvim-ts-rainbow";
-    version = "2022-11-04";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "p00f";
       repo = "nvim-ts-rainbow";
-      rev = "064fd6c0a15fae7f876c2c6dd4524ca3fad96750";
-      sha256 = "1b7z8xyiplb9rjkdqwijnypjqrssrz5lr1wnl5vk1pyb6dnxspzg";
+      rev = "ef95c15a935f97c65a80e48e12fe72d49aacf9b9";
+      sha256 = "0ldv8g9i25286n0xqa1cj7a2lglcz9564dawz6ixd4ipsysjj571";
     };
     meta.homepage = "https://github.com/p00f/nvim-ts-rainbow/";
   };
@@ -8935,12 +8947,12 @@ final: prev:
 
   vim-airline = buildVimPluginFrom2Nix {
     pname = "vim-airline";
-    version = "2023-01-01";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "vim-airline";
       repo = "vim-airline";
-      rev = "785dbbe504f9fe00f6adc1cc2598fcc701cec224";
-      sha256 = "105k0qnav9xpadjbnnxz5nq6zlp856kjndy1p8ic12brzsjr74dv";
+      rev = "0913c0a3b6fc256e6de8dff00dfd1c9388cad9a6";
+      sha256 = "0bvyr49shcqbdmcp0q06nfbay5cff11r80nhis3p3gdccik74zv7";
     };
     meta.homepage = "https://github.com/vim-airline/vim-airline/";
   };
@@ -10291,12 +10303,12 @@ final: prev:
 
   vim-graphql = buildVimPluginFrom2Nix {
     pname = "vim-graphql";
-    version = "2022-12-24";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "jparise";
       repo = "vim-graphql";
-      rev = "ee618bc2101040a4a702b4724a094ca2820562b4";
-      sha256 = "1qj5jsdz3r9j6djhqdfjpd6qmpqbamngr8y4lvgkjpbjz2jvrgp1";
+      rev = "ca377b1592428c0a96507d17197fdc79d4694123";
+      sha256 = "1mhx32gvm7bpf1av7laji3ic5im5yzplskw7z1bcny16f8p0m6my";
     };
     meta.homepage = "https://github.com/jparise/vim-graphql/";
   };
@@ -12158,8 +12170,8 @@ final: prev:
     src = fetchFromGitHub {
       owner = "tpope";
       repo = "vim-sensible";
-      rev = "dad453eb1b1dfb5d682b0834341239eb647768f9";
-      sha256 = "0bjn7lr7bxifxrjfmkpdq8f41lwjwjbxqq30in92r7d7dv811yy8";
+      rev = "eb59f4550894257af6033b95d23e3971d369e8b8";
+      sha256 = "0d5nfdjcsl2mxlxdgxrq5crgfmlpbpf5ypz57hxh4ribnj3b3027";
     };
     meta.homepage = "https://github.com/tpope/vim-sensible/";
   };
@@ -12743,12 +12755,12 @@ final: prev:
 
   vim-tmux-navigator = buildVimPluginFrom2Nix {
     pname = "vim-tmux-navigator";
-    version = "2022-12-08";
+    version = "2023-01-02";
     src = fetchFromGitHub {
       owner = "christoomey";
       repo = "vim-tmux-navigator";
-      rev = "41ea9d23b814014c8d8daf8b44fa0cd827a0e5f4";
-      sha256 = "15581nighr1a82gkn0blkx75l6bz0vfq573nf626dw1qa652nipz";
+      rev = "18f0c7fc1e7181e6422247505727d7111c5da544";
+      sha256 = "0ws9sz3sz4izfh6chrvj8p00np37n16n48mrzispdm3ph8nb1ii3";
     };
     meta.homepage = "https://github.com/christoomey/vim-tmux-navigator/";
   };
diff --git a/pkgs/applications/editors/vim/plugins/vim-plugin-names b/pkgs/applications/editors/vim/plugins/vim-plugin-names
index c1aaf4c5be2..f729c240f5d 100644
--- a/pkgs/applications/editors/vim/plugins/vim-plugin-names
+++ b/pkgs/applications/editors/vim/plugins/vim-plugin-names
@@ -277,6 +277,7 @@ https://github.com/vim-scripts/gitignore.vim/,,
 https://github.com/ruifm/gitlinker.nvim/,,
 https://github.com/lewis6991/gitsigns.nvim/,,
 https://github.com/gregsexton/gitv/,,
+https://github.com/DNLHC/glance.nvim/,HEAD,
 https://github.com/gleam-lang/gleam.vim/,,
 https://github.com/ellisonleao/glow.nvim/,,
 https://github.com/p00f/godbolt.nvim/,HEAD,
diff --git a/pkgs/applications/graphics/blockbench-electron/default.nix b/pkgs/applications/graphics/blockbench-electron/default.nix
index 1968756496b..5afd0f1d876 100644
--- a/pkgs/applications/graphics/blockbench-electron/default.nix
+++ b/pkgs/applications/graphics/blockbench-electron/default.nix
@@ -1,12 +1,12 @@
-{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron_16 }:
+{ lib, stdenv, fetchurl, appimageTools, makeWrapper, electron_22 }:
 
 stdenv.mkDerivation rec {
   pname = "blockbench-electron";
-  version = "4.1.1";
+  version = "4.5.2";
 
   src = fetchurl {
     url = "https://github.com/JannisX11/blockbench/releases/download/v${version}/Blockbench_${version}.AppImage";
-    sha256 = "0mqdkjhmylrjjfrm05jv1967qqka5263fgcn9qzax08gcq93s18f";
+    sha256 = "sha256-uUgVBdYMCF31+L/FV4ADIpUdEAmnW59KfscQxUStPWM=";
     name = "${pname}-${version}.AppImage";
   };
 
@@ -33,7 +33,7 @@ stdenv.mkDerivation rec {
   '';
 
   postFixup = ''
-    makeWrapper ${electron_16}/bin/electron $out/bin/${pname} \
+    makeWrapper ${electron_22}/bin/electron $out/bin/${pname} \
       --add-flags $out/share/${pname}/resources/app.asar \
       --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc ]}"
   '';
@@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
     description = "A boxy 3D model editor powered by Electron";
     homepage = "https://blockbench.net/";
     license = licenses.gpl3Only;
-    maintainers = [ maintainers.ckie ];
+    maintainers = with maintainers; [ ckie ];
     platforms = [ "x86_64-linux" ];
   };
 }
diff --git a/pkgs/applications/misc/josm/default.nix b/pkgs/applications/misc/josm/default.nix
index 7b2973b5075..2efe9ec440e 100644
--- a/pkgs/applications/misc/josm/default.nix
+++ b/pkgs/applications/misc/josm/default.nix
@@ -3,15 +3,15 @@
 }:
 let
   pname = "josm";
-  version = "18583";
+  version = "18621";
   srcs = {
     jar = fetchurl {
       url = "https://josm.openstreetmap.de/download/josm-snapshot-${version}.jar";
-      hash = "sha256-6S6E7ngTCBXb0epPfYxIswLvfm9r2Ql0wgOs/PxpmIM=";
+      hash = "sha256-RZiYHDqowk0oG/rQVcsoYpZvL4wNmegZD2EHlsQggw8=";
     };
     macosx = fetchurl {
       url = "https://josm.openstreetmap.de/download/macosx/josm-macos-${version}-java17.zip";
-      hash = "sha256-3XEoSCXEpeqZj1y4nns5+0JR1SINYE1rsmQ4fMflxRQ=";
+      hash = "sha256-Sf5mgxWjq240U1tUByBS6FFb0Tpj/QP7yHl+wvTIfng=";
     };
     pkg = fetchsvn {
       url = "https://josm.openstreetmap.de/svn/trunk/native/linux/tested";
diff --git a/pkgs/applications/misc/keepass-diff/default.nix b/pkgs/applications/misc/keepass-diff/default.nix
new file mode 100644
index 00000000000..3f88c00b4f5
--- /dev/null
+++ b/pkgs/applications/misc/keepass-diff/default.nix
@@ -0,0 +1,22 @@
+{ lib, fetchFromGitHub, rustPlatform }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "keepass-diff";
+  version = "1.1.3";
+
+  src = fetchFromGitHub {
+    owner = "Narigo";
+    repo = pname;
+    rev = version;
+    sha256 = "sha256-jd/cUkTHylLwzxolQUzMlXHauCfXUhcUr/1zKpdngbo=";
+  };
+
+  cargoSha256 = "sha256-2e2lGG72HmX7AFk0+J3U62Kch5ylrqvaIpitRF546JA=";
+
+  meta = with lib; {
+    description = "A CLI-tool to diff Keepass (.kdbx) files";
+    homepage = "https://keepass-diff.narigo.dev/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ wamserma ];
+  };
+}
diff --git a/pkgs/applications/misc/yubioath-flutter/default.nix b/pkgs/applications/misc/yubioath-flutter/default.nix
index d858605e904..50bb48347ac 100644
--- a/pkgs/applications/misc/yubioath-flutter/default.nix
+++ b/pkgs/applications/misc/yubioath-flutter/default.nix
@@ -5,53 +5,70 @@
 , stdenv
 , pcre2
 }:
-
 let
   vendorHashes = {
     x86_64-linux = "sha256-BwhWA8N0S55XkljDKPNkDhsj0QSpmJJ5MwEnrPjymS8=";
     aarch64-linux = "sha256-T1aGz3+2Sls+rkUVDUo39Ky2igg+dxGSUaf3qpV7ovQ=";
   };
-
+in
+flutter.mkFlutterApp rec {
+  pname = "yubioath-flutter";
   version = "6.0.2";
+
   src = fetchFromGitHub {
     owner = "Yubico";
     repo = "yubioath-flutter";
     rev = version;
     sha256 = "13nh5qpq02c6azfdh4cbzhlrq0hs9is45q5z5cnxg84hrx26hd4k";
   };
-  meta = with lib; {
-    description = "Yubico Authenticator for Desktop";
-    homepage = "https://github.com/Yubico/yubioath-flutter";
-    license = licenses.asl20;
-    maintainers = with maintainers; [ lukegb ];
-    platforms = builtins.attrNames vendorHashes;
-  };
-
-  helper = python3.pkgs.callPackage ./helper.nix { inherit src version meta; };
-in
-flutter.mkFlutterApp rec {
-  pname = "yubioath-flutter";
-  inherit src version meta;
 
-  passthru.helper = helper;
+  passthru.helper = python3.pkgs.callPackage ./helper.nix { inherit src version meta; };
 
-  vendorHash = vendorHashes."${stdenv.system}";
+  vendorHash = vendorHashes.${stdenv.system};
 
   postPatch = ''
     substituteInPlace linux/CMakeLists.txt \
-      --replace "../build/linux/helper" "${helper}/libexec/helper"
+      --replace "../build/linux/helper" "${passthru.helper}/libexec/helper"
   '';
 
   preInstall = ''
     # Make sure we have permission to delete things CMake has copied in to our build directory from elsewhere.
-    chmod -R +w build/
+    chmod -R +w build
   '';
+
   postInstall = ''
     # Swap the authenticator-helper symlink with the correct symlink.
-    ln -fs "${helper}/bin/authenticator-helper" "$out/app/helper/authenticator-helper"
+    ln -fs "${passthru.helper}/bin/authenticator-helper" "$out/app/helper/authenticator-helper"
+
+    # Move the icon.
+    mkdir $out/share/icons
+    mv $out/app/linux_support/com.yubico.yubioath.png $out/share/icons
+
+    # Cleanup.
+    rm -rf \
+      "$out/app/README.adoc" \
+      "$out/app/desktop_integration.sh" \
+      "$out/app/linux_support" \
+      $out/bin/* # We will repopulate this directory later.
+
+    # Symlink binary.
+    ln -sf "$out/app/authenticator" "$out/bin/yubioath-flutter"
+
+    # Set the correct path to the binary in desktop file.
+    substituteInPlace "$out/share/applications/com.yubico.authenticator.desktop" \
+      --replace "@EXEC_PATH/authenticator" "$out/bin/yubioath-flutter" \
+      --replace "@EXEC_PATH/linux_support/com.yubico.yubioath.png" "$out/share/icons/com.yubico.yubioath.png"
   '';
 
   buildInputs = [
     pcre2
   ];
+
+  meta = with lib; {
+    description = "Yubico Authenticator for Desktop";
+    homepage = "https://github.com/Yubico/yubioath-flutter";
+    license = licenses.asl20;
+    maintainers = with maintainers; [ lukegb ];
+    platforms = builtins.attrNames vendorHashes;
+  };
 }
diff --git a/pkgs/applications/misc/yubioath-flutter/helper.nix b/pkgs/applications/misc/yubioath-flutter/helper.nix
index a37ae01990a..12e5f52d6b2 100644
--- a/pkgs/applications/misc/yubioath-flutter/helper.nix
+++ b/pkgs/applications/misc/yubioath-flutter/helper.nix
@@ -12,7 +12,7 @@
 , meta
 }:
 
-buildPythonApplication rec {
+buildPythonApplication {
   pname = "yubioath-flutter-helper";
   inherit src version meta;
 
diff --git a/pkgs/applications/networking/browsers/librewolf/src.json b/pkgs/applications/networking/browsers/librewolf/src.json
index 4070556cdce..9955fd0a936 100644
--- a/pkgs/applications/networking/browsers/librewolf/src.json
+++ b/pkgs/applications/networking/browsers/librewolf/src.json
@@ -1,11 +1,11 @@
 {
-  "packageVersion": "108.0-1",
+  "packageVersion": "108.0.1-1",
   "source": {
-    "rev": "108.0-1",
-    "sha256": "1gfqxlcgf7qxgisbj565ndrfhkk68py2jpwrx7k2j7zpszkb2f4m"
+    "rev": "108.0.1-1",
+    "sha256": "0ix8ri2s8rnpd9nqvwlk50x9hp51y70gb3r6f7lh4ldg2bay08n0"
   },
   "firefox": {
-    "version": "108.0",
-    "sha512": "fa800f62cca395a51b9a04373a27be48fc3860208e34ecf74d908127638d1eb8c41cf9898be6896777d408127d5c4b7104d9ee89c97da923b2dc6ea32186187e"
+    "version": "108.0.1",
+    "sha512": "e6219ed6324422ec293ed96868738e056582bb9f7fb82e59362541f3465c6ebca806d26ecd801156b074c3675bd5a22507b1f1fa53eebf82b7dd35f2b1ff0625"
   }
 }
diff --git a/pkgs/applications/networking/remote/xrdp/default.nix b/pkgs/applications/networking/remote/xrdp/default.nix
index feb8252c7ed..3744451f3e2 100644
--- a/pkgs/applications/networking/remote/xrdp/default.nix
+++ b/pkgs/applications/networking/remote/xrdp/default.nix
@@ -100,6 +100,20 @@ let
       license = licenses.asl20;
       maintainers = [ ];
       platforms = platforms.linux;
+      knownVulnerabilities = [
+        "CVE-2020-4044"
+        "CVE-2022-23468"
+        "CVE-2022-23477"
+        "CVE-2022-23478"
+        "CVE-2022-23479"
+        "CVE-2022-23480"
+        "CVE-2022-23481"
+        "CVE-2022-23482"
+        "CVE-2022-23483"
+        "CVE-2022-23484"
+        "CVE-2022-23493"
+        "CVE-2022-23613"
+      ];
     };
   };
 in xrdp
diff --git a/pkgs/applications/office/paperless-ngx/default.nix b/pkgs/applications/office/paperless-ngx/default.nix
index eaad04c64f6..feda51e4f66 100644
--- a/pkgs/applications/office/paperless-ngx/default.nix
+++ b/pkgs/applications/office/paperless-ngx/default.nix
@@ -10,6 +10,7 @@
 , qpdf
 , tesseract5
 , unpaper
+, poppler_utils
 , liberation_ttf
 , fetchFromGitHub
 }:
@@ -75,6 +76,7 @@ let
     qpdf
     tesseract5
     unpaper
+    poppler_utils
   ];
 in
 python.pkgs.pythonPackages.buildPythonApplication rec {
diff --git a/pkgs/applications/radio/ax25-apps/default.nix b/pkgs/applications/radio/ax25-apps/default.nix
new file mode 100644
index 00000000000..4f9ecd3580f
--- /dev/null
+++ b/pkgs/applications/radio/ax25-apps/default.nix
@@ -0,0 +1,33 @@
+{ lib
+, stdenv
+, fetchurl
+, libax25
+, ncurses
+}:
+
+stdenv.mkDerivation rec {
+  pname = "ax25-apps";
+  version = "0.0.8-rc5";
+
+  buildInputs = [ libax25 ncurses ];
+
+  # Due to recent unsolvable administrative domain problems with linux-ax25.org,
+  # the new domain is linux-ax25.in-berlin.de
+  src = fetchurl {
+    url = "https://linux-ax25.in-berlin.de/pub/ax25-apps/ax25-apps-${version}.tar.gz";
+    sha256 = "sha256-MzQOIyy5tbJKmojMrgtOcsaQTFJvs3rqt2hUgholz5Y=";
+  };
+
+  configureFlags = [
+    "--sysconfdir=/etc"
+    "--program-transform-name=s@^call$@ax&@;s@^listen$@ax&@"
+  ];
+
+  meta = with lib; {
+    description = "AX.25 ham radio applications";
+    homepage = "https://linux-ax25.in-berlin.de/wiki/Main_Page";
+    license = licenses.lgpl21Only;
+    maintainers = with maintainers; [ sarcasticadmin ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/data/fonts/dm-sans/default.nix b/pkgs/data/fonts/dm-sans/default.nix
new file mode 100644
index 00000000000..f7b556fe538
--- /dev/null
+++ b/pkgs/data/fonts/dm-sans/default.nix
@@ -0,0 +1,21 @@
+{ lib, fetchzip }:
+let version = "1.002"; in
+fetchzip {
+  inherit version;
+  pname = "dm-sans";
+  url = "https://github.com/googlefonts/dm-fonts/releases/download/v${version}/DeepMindSans_v${version}.zip";
+  stripRoot = false;
+  hash = "sha256-zyS0gz7CGn39HCiyeN5cAP63v9nG6jffGSsI1vr84EQ=";
+
+  postFetch = ''
+    mkdir -p $out/share/fonts/truetype
+    mv $out/*.ttf $out/share/fonts/truetype
+  '';
+
+  meta = {
+    description = "A geometric sans-serif typeface";
+    homepage = "https://github.com/googlefonts/dm-fonts";
+    license = lib.licenses.ofl;
+    maintainers = with lib.maintainers; [ gilice ];
+  };
+}
diff --git a/pkgs/development/compilers/shaderc/default.nix b/pkgs/development/compilers/shaderc/default.nix
index 65938fcc226..3a75c9b8c95 100644
--- a/pkgs/development/compilers/shaderc/default.nix
+++ b/pkgs/development/compilers/shaderc/default.nix
@@ -8,25 +8,25 @@ let
   glslang = fetchFromGitHub {
     owner = "KhronosGroup";
     repo = "glslang";
-    rev = "18eef33bd7a4bf5ad8c69f99cb72022608cf6e73";
-    sha256 = "sha256-tkWVvYmSpJPaZ8VJOkAWndDWhA0PiHAkR3feBAo+knM=";
+    rev = "728c689574fba7e53305b475cd57f196c1a21226";
+    hash = "sha256-BAgDQosiO3e4yy2DpQ6SjrJNrHTUDSduHFRvzWvd4v0=";
   };
   spirv-tools = fetchFromGitHub {
     owner = "KhronosGroup";
     repo = "SPIRV-Tools";
-    rev = "c2d5375fa7cc87c93f692e7200d5d974283d4391";
-    sha256 = "sha256-tMJRljrlH+qb+27rTn+3LuEyMOVpiU0zSCiGNfUTb6g=";
+    rev = "d9446130d5165f7fafcb3599252a22e264c7d4bd";
+    hash = "sha256-fuYhzfkWXDm1icLHifc32XZCNQ6Dj5f5WJslT2JoMbc=";
   };
   spirv-headers = fetchFromGitHub {
     owner = "KhronosGroup";
     repo = "SPIRV-Headers";
-    rev = "0c28b6451d77774912e52949c1e57fa726edf113";
-    sha256 = "sha256-KpCMceTV/BRaoJe1qeXhKYQNQqdGaM6Q9nklpJKzHFY=";
+    rev = "c214f6f2d1a7253bb0e9f195c2dc5b0659dc99ef";
+    hash = "sha256-/9EDOiqN6ZzDhRKP/Kv8D/BT2Cs7G8wyzEsGATLpmrA=";
   };
 in
 stdenv.mkDerivation rec {
   pname = "shaderc";
-  version = "2021.0";
+  version = "2022.4";
 
   outputs = [ "out" "lib" "bin" "dev" "static" ];
 
@@ -34,7 +34,7 @@ stdenv.mkDerivation rec {
     owner = "google";
     repo = "shaderc";
     rev = "v${version}";
-    sha256 = "sha256-RfSMzrGVtdXbr/mjSrHoN447e3vMQfJbesQMvLOARBs=";
+    hash = "sha256-/p2gJ7Lnh8IfvwBwHPDtmfLJ8j+Rbv+Oxu9lxY6fxfk=";
   };
 
   patchPhase = ''
diff --git a/pkgs/development/libraries/jxrlib/default.nix b/pkgs/development/libraries/jxrlib/default.nix
index 06499e151ba..e6768dc0fa5 100644
--- a/pkgs/development/libraries/jxrlib/default.nix
+++ b/pkgs/development/libraries/jxrlib/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, python3, fixDarwinDylibNames }:
+{ lib, stdenv, fetchFromGitHub, fetchpatch, cmake }:
 
 stdenv.mkDerivation rec {
   pname = "jxrlib";
@@ -13,21 +13,25 @@ stdenv.mkDerivation rec {
     sha256 = "0rk3hbh00nw0wgbfbqk1szrlfg3yq7w6ar16napww3nrlm9cj65w";
   };
 
-  postPatch = ''
-    substituteInPlace Makefile \
-      --replace "cc" "$CC"
-  '' + lib.optionalString stdenv.isDarwin ''
-    substituteInPlace Makefile \
-      --replace '-shared' '-dynamiclib -undefined dynamic_lookup' \
-      --replace '.so' '.dylib'
-  '';
+  patches = [
+    (fetchpatch {
+      url = "https://salsa.debian.org/debian-phototools-team/jxrlib/-/raw/df96f9b9c1fbe9cdc97589c337f8a948bc81c4d0/debian/patches/usecmake.patch";
+      sha256 = "sha256-BpCToLgA5856PZk5mXlwAy3Oh9aYP/2wvu2DXDTqufM=";
+    })
+    (fetchpatch {
+      url = "https://salsa.debian.org/debian-phototools-team/jxrlib/-/raw/6c88037293aff8d5bc8a76ea32b36781c430ede3/debian/patches/bug803743.patch";
+      sha256 = "sha256-omIGa+ZrWjaH/IkBn4jgjufF/HEDKw69anVCX4hw+xQ=";
+    })
+    (fetchpatch {
+      url = "https://salsa.debian.org/debian-phototools-team/jxrlib/-/raw/b23d49062ec6a9b2739c9dade86be525a72fc807/debian/patches/pkg-config.patch";
+      sha256 = "sha256-ZACaXEi+rbKIFBHtSBheyFfqV2HYsKKrT+SmTShyUhg=";
+    })
+  ];
 
-  nativeBuildInputs = [ python3 ] ++ lib.optional stdenv.isDarwin fixDarwinDylibNames;
+  nativeBuildInputs = [ cmake ];
 
   strictDeps = true;
 
-  makeFlags = [ "DIR_INSTALL=$(out)" "SHARED=1" ];
-
   meta = with lib; {
     description = "Implementation of the JPEG XR image codec standard";
     homepage = "https://jxrlib.codeplex.com";
diff --git a/pkgs/development/libraries/libplacebo/default.nix b/pkgs/development/libraries/libplacebo/default.nix
index 73d97a47655..754ac2097b9 100644
--- a/pkgs/development/libraries/libplacebo/default.nix
+++ b/pkgs/development/libraries/libplacebo/default.nix
@@ -7,7 +7,6 @@
 , vulkan-headers
 , vulkan-loader
 , shaderc
-, glslang
 , lcms2
 , libepoxy
 , libGL
@@ -38,7 +37,6 @@ stdenv.mkDerivation rec {
     vulkan-headers
     vulkan-loader
     shaderc
-    glslang
     lcms2
     libepoxy
     libGL
@@ -50,6 +48,7 @@ stdenv.mkDerivation rec {
     "-Dvulkan-registry=${vulkan-headers}/share/vulkan/registry/vk.xml"
     "-Ddemos=false" # Don't build and install the demo programs
     "-Dd3d11=disabled" # Disable the Direct3D 11 based renderer
+    "-Dglslang=disabled" # rely on shaderc for GLSL compilation instead
   ] ++ lib.optionals stdenv.isDarwin [
     "-Dunwind=disabled" # libplacebo doesn’t build with `darwin.libunwind`
   ];
diff --git a/pkgs/development/python-modules/hassil/default.nix b/pkgs/development/python-modules/hassil/default.nix
index bbbe26faccb..84800b51381 100644
--- a/pkgs/development/python-modules/hassil/default.nix
+++ b/pkgs/development/python-modules/hassil/default.nix
@@ -2,6 +2,9 @@
 , buildPythonPackage
 , fetchPypi
 
+# build
+, antlr4
+
 # propagates
 , antlr4-python3-runtime
 , dataclasses-json
@@ -13,7 +16,7 @@
 
 let
   pname = "hassil";
-  version = "0.1.3";
+  version = "0.1.4";
 in
 buildPythonPackage {
   inherit pname version;
@@ -21,11 +24,17 @@ buildPythonPackage {
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-KWkzHWMo50OIrZ2kwFhhqDSleFFkAD7/JugjvSyCkww=";
+    hash = "sha256-ygaPdfH2jBk2xvlgt7V8/VcZAtv6Lwsi8g+stK/DdT8=";
   };
 
+  nativeBuildInputs = [
+    antlr4
+  ];
+
   postPatch = ''
     sed -i 's/antlr4-python3-runtime==.*/antlr4-python3-runtime/' requirements.txt
+    rm hassil/grammar/*.{tokens,interp}
+    antlr -Dlanguage=Python3 -visitor -o hassil/grammar/ *.g4
   '';
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/kiwiki-client/default.nix b/pkgs/development/python-modules/kiwiki-client/default.nix
new file mode 100644
index 00000000000..22da8a5236e
--- /dev/null
+++ b/pkgs/development/python-modules/kiwiki-client/default.nix
@@ -0,0 +1,42 @@
+{ lib
+, buildPythonPackage
+, fetchFromGitHub
+, python-dateutil
+, pythonOlder
+, requests
+}:
+
+buildPythonPackage rec {
+  pname = "kiwiki-client";
+  version = "0.1.2";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "c7h";
+    repo = "kiwiki_client";
+    rev = "refs/tags/${version}";
+    hash = "sha256-CIBed8HzbUqUIzNy1lHxIgjneA6R8uKtmd43LU92M0Q=";
+  };
+
+  propagatedBuildInputs = [
+    python-dateutil
+    requests
+  ];
+
+  # Module has no tests
+  doCheck = false;
+
+  pythonImportsCheck = [
+    "kiwiki"
+  ];
+
+  meta = with lib; {
+    description = "Module to interact with the KIWI.KI API";
+    homepage = "https://github.com/c7h/kiwiki_client";
+    changelog = "https://github.com/c7h/kiwiki_client/releases/tag/${version}";
+    license = licenses.gpl3Only;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/development/python-modules/osc-lib/default.nix b/pkgs/development/python-modules/osc-lib/default.nix
index 9d2a4929a6e..1e86f11e414 100644
--- a/pkgs/development/python-modules/osc-lib/default.nix
+++ b/pkgs/development/python-modules/osc-lib/default.nix
@@ -56,7 +56,6 @@ buildPythonPackage rec {
   pythonImportsCheck = [ "osc_lib" ];
 
   meta = with lib; {
-    broken = stdenv.isDarwin;
     description = "OpenStackClient Library";
     homepage = "https://github.com/openstack/osc-lib";
     license = licenses.asl20;
diff --git a/pkgs/development/python-modules/pykaleidescape/default.nix b/pkgs/development/python-modules/pykaleidescape/default.nix
new file mode 100644
index 00000000000..62d65490ff0
--- /dev/null
+++ b/pkgs/development/python-modules/pykaleidescape/default.nix
@@ -0,0 +1,51 @@
+{ lib
+, aiohttp
+, buildPythonPackage
+, dnspython
+, fetchFromGitHub
+, pytest-asyncio
+, pytestCheckHook
+, pythonOlder
+}:
+
+buildPythonPackage rec {
+  pname = "pykaleidescape";
+  version = "1.0.1";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.7";
+
+  src = fetchFromGitHub {
+    owner = "SteveEasley";
+    repo = pname;
+    rev = "refs/tags/v${version}";
+    hash = "sha256-KM/gtpsQ27QZz2uI1t/yVN5no0zp9LZag1duAJzK55g=";
+  };
+
+  propagatedBuildInputs = [
+    aiohttp
+    dnspython
+  ];
+
+  checkInputs = [
+    pytest-asyncio
+    pytestCheckHook
+  ];
+
+  pythonImportsCheck = [
+    "kaleidescape"
+  ];
+
+  disabledTests = [
+    # Test requires network access
+    "test_resolve_succeeds"
+  ];
+
+  meta = with lib; {
+    description = "Module for controlling Kaleidescape devices";
+    homepage = "https://github.com/SteveEasley/pykaleidescape";
+    changelog = "https://github.com/SteveEasley/pykaleidescape/releases/tag/v${version}";
+    license = licenses.mit;
+    maintainers = with maintainers; [ fab ];
+  };
+}
diff --git a/pkgs/development/tools/devd/default.nix b/pkgs/development/tools/devd/default.nix
index 0789850a494..05ed14dfcd6 100644
--- a/pkgs/development/tools/devd/default.nix
+++ b/pkgs/development/tools/devd/default.nix
@@ -1,16 +1,30 @@
-{ buildGoPackage, fetchFromGitHub, lib }:
+{ buildGoModule, fetchFromGitHub, fetchpatch, lib }:
 
-buildGoPackage rec {
+buildGoModule rec {
   pname = "devd";
-  version = "0.9";
+  version = "unstable-2020-04-27";
+
   src = fetchFromGitHub {
     owner = "cortesi";
     repo = "devd";
-    rev = "v${version}";
-    sha256 = "1b02fj821k68q7xl48wc194iinqw9jiavzfl136hlzvg4m07p1wf";
+    rev = "c1a3bfba27d8e028de90fb24452374412a4cffb3";
+    hash = "sha256-k0zj7fiYbaHnNUUI7ruD0vXiT4c1bxPuR4I0dRouCbU=";
   };
-  goPackagePath = "github.com/cortesi/devd";
+
+  vendorHash = "sha256-o7MbN/6n7fkp/yqYyQbfWBUqI09/JYh5jtV31gjNf6w=";
+
+  patches = [
+    # Update x/sys to support go 1.17.
+    (fetchpatch {
+      url = "https://github.com/cortesi/devd/commit/5f4720bf41399736b4e7e1a493da6c87a583d0b2.patch";
+      hash = "sha256-WDN08XNsDPuZwBCE8iDXgGAWFwx2UTwqRkhzKMtPKR8=";
+    })
+  ];
+
   subPackages = [ "cmd/devd" ];
+
+  ldflags = [ "-s" "-w" ];
+
   meta = with lib; {
     description = "A local webserver for developers";
     homepage = "https://github.com/cortesi/devd";
diff --git a/pkgs/servers/home-assistant/component-packages.nix b/pkgs/servers/home-assistant/component-packages.nix
index b72fa929a7d..3b561c1e317 100644
--- a/pkgs/servers/home-assistant/component-packages.nix
+++ b/pkgs/servers/home-assistant/component-packages.nix
@@ -1720,7 +1720,8 @@
     "kaiterra" = ps: with ps; [
     ]; # missing inputs: kaiterra-async-client
     "kaleidescape" = ps: with ps; [
-    ]; # missing inputs: pykaleidescape
+      pykaleidescape
+    ];
     "kankun" = ps: with ps; [
     ];
     "keba" = ps: with ps; [
@@ -1776,7 +1777,8 @@
       pykira
     ];
     "kiwi" = ps: with ps; [
-    ]; # missing inputs: kiwiki-client
+      kiwiki-client
+    ];
     "kmtronic" = ps: with ps; [
       pykmtronic
     ];
@@ -4380,6 +4382,7 @@
     "jewish_calendar"
     "juicenet"
     "justnimbus"
+    "kaleidescape"
     "keenetic_ndms2"
     "kegtron"
     "keymitt_ble"
diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix
index f99935449cb..b34c18a08bc 100644
--- a/pkgs/servers/nosql/redis/default.nix
+++ b/pkgs/servers/nosql/redis/default.nix
@@ -1,5 +1,5 @@
 { lib, stdenv, fetchurl, lua, pkg-config, nixosTests
-, tcl, which, ps, getconf, fetchpatch
+, tcl, which, ps, getconf
 , withSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isStatic, systemd
 # dependency ordering is broken at the moment when building with openssl
 , tlsSupport ? !stdenv.hostPlatform.isStatic, openssl
@@ -7,22 +7,13 @@
 
 stdenv.mkDerivation rec {
   pname = "redis";
-  version = "7.0.5";
+  version = "7.0.7";
 
   src = fetchurl {
     url = "https://download.redis.io/releases/${pname}-${version}.tar.gz";
-    hash = "sha256-ZwVMw3tYwSXfk714AAJh7A70Q2omtA84Jix4DlYxXMM=";
+    hash = "sha256-jTJ9foh9G7MI/Deq9xegv3n1gSnjc5Bpqu6uiJVaxYY=";
   };
 
-  patches = [
-    # https://nvd.nist.gov/vuln/detail/CVE-2022-3647
-    (fetchpatch {
-      name = "CVE-2022-3647.patch";
-      url = "https://github.com/redis/redis/commit/0bf90d944313919eb8e63d3588bf63a367f020a3.patch";
-      sha256 = "sha256-R5Tj/bHFTRnvWXiOYvRulqePzU5zvKbGfpO87TLfLWk=";
-    })
-  ];
-
   nativeBuildInputs = [ pkg-config ];
 
   buildInputs = [ lua ]
diff --git a/pkgs/servers/sql/pgbouncer/default.nix b/pkgs/servers/sql/pgbouncer/default.nix
index 0a6bfda03a7..46030c286a4 100644
--- a/pkgs/servers/sql/pgbouncer/default.nix
+++ b/pkgs/servers/sql/pgbouncer/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "pgbouncer";
-  version = "1.17.0";
+  version = "1.18.0";
 
   src = fetchurl {
-    url = "https://pgbouncer.github.io/downloads/files/${version}/${pname}-${version}.tar.gz";
-    sha256 = "sha256-ZXMJt7xceoXL9wqaRBtTX3gkEjCB6rt7qG0ANJolbiM=";
+    url = "https://www.pgbouncer.org/downloads/files/${version}/${pname}-${version}.tar.gz";
+    sha256 = "sha256-k0nJ5Z9viBVjVPT2ryfNsBSiNbAK4YTLqjdoi9DfVEw=";
   };
 
   nativeBuildInputs = [ pkg-config ];
@@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
   enableParallelBuilding = true;
 
   meta = with lib; {
-    homepage = "https://pgbouncer.github.io";
+    homepage = "https://www.pgbouncer.org/";
     description = "Lightweight connection pooler for PostgreSQL";
     license = licenses.isc;
     maintainers = with maintainers; [ _1000101 ];
diff --git a/pkgs/stdenv/linux/default.nix b/pkgs/stdenv/linux/default.nix
index 6a1211f9cc4..870fb04c388 100644
--- a/pkgs/stdenv/linux/default.nix
+++ b/pkgs/stdenv/linux/default.nix
@@ -1,8 +1,61 @@
 # This file constructs the standard build environment for the
-# Linux/i686 platform.  It's completely pure; that is, it relies on no
+# Linux platform.  It's completely pure; that is, it relies on no
 # external (non-Nix) tools, such as /usr/bin/gcc, and it contains a C
 # compiler and linker that do not search in default locations,
 # ensuring purity of components produced by it.
+#
+# It starts from prebuilt seed bootstrapFiles and creates a series of
+# nixpkgs instances (stages) to gradually rebuild stdenv, which
+# is used to build all other packages (including the bootstrapFiles).
+#
+# Goals of the bootstrap process:
+# 1. final stdenv must not reference any of the bootstrap files.
+# 2. final stdenv must not contain any of the bootstrap files
+#    (the only current violation is libgcc_s.so in glibc).
+# 3. final stdenv must not contain any of the files directly
+#    generated by the bootstrap code generators (assembler, linker,
+#    compiler). The only current violations are: libgcc_s.so in glibc,
+#    the lib{mpfr,mpc,gmp,isl} which are statically linked
+#    into the final gcc).
+#
+# These goals ensure that final packages and final stdenv are built
+# exclusively using nixpkgs package definitions and don't depend
+# on bootstrapTools (via direct references, inclusion
+# of copied code, or code compiled directly by bootstrapTools).
+#
+# Stages are described below along with their definitions.
+#
+# Debugging stdenv dependency graph:
+# An useful tool to explore dependencies across stages is to use
+# '__bootPackages' attribute of 'stdenv. Examples of last 3 stages:
+# - stdenv
+# - stdenv.__bootPackages.stdenv
+# - stdenv.__bootPackages.stdenv.__bootPackages.stdenv
+# - ... and so on.
+#
+# To explore build-time dependencies in graphical form one can use
+# the following:
+#     $ nix-store --query --graph $(nix-instantiate -A stdenv) |
+#         grep -P -v '[.]sh|[.]patch|bash|[.]tar' | # avoid clutter
+#         dot -Tsvg > stdenv-final.svg
+#
+# To find all the packages built by a particular stdenv instance:
+#    $ for stage in 0 1 2 3 4; do
+#      echo "stage${stage} used in:"
+#      nix-store --query --graph $(nix-instantiate -A stdenv) |
+#          grep -P ".*bootstrap-stage${stage}-stdenv.*->.*" |
+#          sed 's/"[0-9a-z]\{32\}-/"/g'
+#      done
+#
+# To verify which stdenv was used to build a given final package:
+#     $ nix-store --query --graph $(nix-instantiate -A stdenv) |
+#       grep -P -v '[.]sh|[.]patch|bash|[.]tar' |
+#       grep -P '.*stdenv.*->.*glibc-2'
+#     "...-bootstrap-stage2-stdenv-linux.drv" -> "...-glibc-2.35-224.drv";
+#
+# For a TUI (rather than CLI) view, you can use:
+#
+#     $ nix-tree --derivation $(nix-instantiate -A stdenv)
 { lib
 , localSystem, crossSystem, config, overlays, crossOverlays ? []
 
@@ -147,6 +200,9 @@ in
 
   # Build a dummy stdenv with no GCC or working fetchurl.  This is
   # because we need a stdenv to build the GCC wrapper and fetchurl.
+  #
+  # resulting stage0 stdenv:
+  # - coreutils, binutils, glibc, gcc: from bootstrapFiles
   (prevStage: stageFun prevStage {
     name = "bootstrap-stage0";
 
@@ -202,6 +258,9 @@ in
   # If we ever need to use a package from more than one stage back, we
   # simply re-export those packages in the middle stage(s) using the
   # overrides attribute and the inherit syntax.
+  #
+  # resulting stage1 stdenv:
+  # - coreutils, binutils, glibc, gcc: from bootstrapFiles
   (prevStage: stageFun prevStage {
     name = "bootstrap-stage1";
 
@@ -228,6 +287,10 @@ in
 
   # 2nd stdenv that contains our own rebuilt binutils and is used for
   # compiling our own Glibc.
+  #
+  # resulting stage2 stdenv:
+  # - coreutils, glibc, gcc: from bootstrapFiles
+  # - binutils: from nixpkgs, built by bootstrapFiles toolchain
   (prevStage: stageFun prevStage {
     name = "bootstrap-stage2";
 
@@ -296,6 +359,10 @@ in
   # Construct a third stdenv identical to the 2nd, except that this
   # one uses the rebuilt Glibc from stage2.  It still uses the recent
   # binutils and rest of the bootstrap tools, including GCC.
+  #
+  # resulting stage3 stdenv:
+  # - coreutils, gcc: from bootstrapFiles
+  # - glibc, binutils: from nixpkgs, built by bootstrapFiles toolchain
   (prevStage: stageFun prevStage {
     name = "bootstrap-stage3";
 
@@ -332,6 +399,17 @@ in
 
   # Construct a fourth stdenv that uses the new GCC.  But coreutils is
   # still from the bootstrap tools.
+  #
+  # resulting stage4 stdenv:
+  # - coreutils: from bootstrapFiles
+  # - glibc, binutils: from nixpkgs, built by bootstrapFiles toolchain
+  # - gcc: from nixpkgs, built by bootstrapFiles toolchain. Can assume
+  #        it has almost no code from bootstrapTools as gcc bootstraps
+  #        internally. The only exceptions are crt files from glibc
+  #        built by bootstrapTools used to link executables and libraries,
+  #        and the bootstrapTools-built, statically-linked
+  #        lib{mpfr,mpc,gmp,isl}.a which are linked into the final gcc
+  #        (see commit cfde88976ba4cddd01b1bb28b40afd12ea93a11d).
   (prevStage: stageFun prevStage {
     name = "bootstrap-stage4";
 
@@ -388,6 +466,17 @@ in
   # When updating stdenvLinux, make sure that the result has no
   # dependency (`nix-store -qR') on bootstrapTools or the first
   # binutils built.
+  #
+  # resulting stage5 (final) stdenv:
+  # - coreutils, binutils: from nixpkgs, built by nixpkgs toolchain
+  # - glibc: from nixpkgs, built by bootstrapFiles toolchain
+  # - gcc: from nixpkgs, built by bootstrapFiles toolchain. Can assume
+  #        it has almost no code from bootstrapTools as gcc bootstraps
+  #        internally. The only exceptions are crt files from glibc
+  #        built by bootstrapTools used to link executables and libraries,
+  #        and the bootstrapTools-built, statically-linked
+  #        lib{mpfr,mpc,gmp,isl}.a which are linked into the final gcc
+  #        (see commit cfde88976ba4cddd01b1bb28b40afd12ea93a11d).
   (prevStage: {
     inherit config overlays;
     stdenv = import ../generic rec {
diff --git a/pkgs/tools/X11/xpra/default.nix b/pkgs/tools/X11/xpra/default.nix
index dd94f5ad46a..05a36726c0c 100644
--- a/pkgs/tools/X11/xpra/default.nix
+++ b/pkgs/tools/X11/xpra/default.nix
@@ -151,6 +151,7 @@ in buildPythonApplication rec {
     python-uinput
     pyxdg
     rencode
+    invoke
   ] ++ lib.optionals withNvenc [
     pycuda
     pynvml
diff --git a/pkgs/tools/filesystems/garage/default.nix b/pkgs/tools/filesystems/garage/default.nix
index 18c2b96de80..f41ad499dc0 100644
--- a/pkgs/tools/filesystems/garage/default.nix
+++ b/pkgs/tools/filesystems/garage/default.nix
@@ -84,8 +84,8 @@ in
       version = "0.8.0";
       sha256 = "sha256-c2RhHfg0+YV2E9Ckl1YSc+0nfzbHPIt0JgtT0DND9lA=";
       cargoSha256 = "sha256-vITXckNOiJbMuQW6/8p7dsZThkjxg/zUy3AZBbn33no=";
-      # On Darwin, tests are failing.
-      broken = stdenv.isDarwin;
+      # On x86_64-darwin, tests are failing.
+      broken = stdenv.isDarwin && stdenv.isx86_64;
     };
 
     garage_0_8 = garage_0_8_0;
diff --git a/pkgs/tools/filesystems/xtreemfs/default.nix b/pkgs/tools/filesystems/xtreemfs/default.nix
index 0effd845664..6c02117936d 100644
--- a/pkgs/tools/filesystems/xtreemfs/default.nix
+++ b/pkgs/tools/filesystems/xtreemfs/default.nix
@@ -9,7 +9,7 @@
 , cmake
 , file
 , fuse
-, jdk
+, jdk8
 , openssl
 , python3
 , valgrind
@@ -17,30 +17,49 @@
 }:
 
 stdenv.mkDerivation {
+  pname = "XtreemFS";
+  # using unstable release because stable (v1.5.1) has broken repl java plugin
+  version = "unstable-2015-06-17";
+
   src = fetchFromGitHub {
-    # using unstable release because stable (v1.5.1) has broken repl java plugin
     rev = "7ddcb081aa125b0cfb008dc98addd260b8353ab3";
     owner = "xtreemfs";
     repo = "xtreemfs";
     sha256 = "1hjmd32pla27zf98ghzz6r5ml8ry86m9dsryv1z01kxv5l95b3m0";
   };
 
-  pname = "XtreemFS";
-  version = "1.5.1.81";
-
   nativeBuildInputs = [ makeWrapper python3 ];
   buildInputs = [ which attr ];
 
   patches = [
     (fetchpatch {
+      name = "protobuf-add-arm64-atomicops.patch";
+      url = "https://github.com/protocolbuffers/protobuf/commit/2ca19bd8066821a56f193e7fca47139b25c617ad.patch";
+      stripLen = 1;
+      extraPrefix = "cpp/thirdparty/protobuf-2.5.0/";
+      sha256 = "sha256-hlL5ZiJhpO3fPpcSTV+yki4zahg/OhFdIZEGF1TNTe0=";
+    })
+    (fetchpatch {
+      name = "protobuf-add-aarch64-architecture-to-platform-macros.patch";
+      url = "https://github.com/protocolbuffers/protobuf/commit/f0b6a5cfeb5f6347c34975446bda08e0c20c9902.patch";
+      stripLen = 1;
+      extraPrefix = "cpp/thirdparty/protobuf-2.5.0/";
+      sha256 = "sha256-VRl303x9g5ES/LMODcAdhsPiEmQTq/qXhE/DfvLXF84=";
+    })
+    (fetchpatch {
+      name = "xtreemfs-fix-for-boost-version-1.66.patch";
+      url = "https://github.com/xtreemfs/xtreemfs/commit/aab843cb115ab0739edf7f58fd2d4553a05374a8.patch";
+      sha256 = "sha256-y/vXI/PT1TwSy8/73+RKIgKq4pZ9i22MBxr6jo/M5l8=";
+    })
+    (fetchpatch {
+      name = "xtreemfs-fix-for-openssl_1_1.patch";
       url = "https://github.com/xtreemfs/xtreemfs/commit/ebfdc2fff56c09f310159d92026883941e42a953.patch";
       sha256 = "075w00ad88qm6xpm5679m0gfzkrc53w17sk7ycybf4hzxjs29ygy";
-      name = "xtreemfs-fix-for-openssl_1_1";
     })
   ];
 
   preConfigure = ''
-    export JAVA_HOME=${jdk}
+    export JAVA_HOME=${jdk8}
     export ANT_HOME=${ant}
 
     export BOOST_INCLUDEDIR=${boost.dev}/include
@@ -90,7 +109,5 @@ stdenv.mkDerivation {
     maintainers = with lib.maintainers; [ raskin matejc ];
     platforms = lib.platforms.linux;
     license = lib.licenses.bsd3;
-    # never built on aarch64-linux since first introduction in nixpkgs
-    broken = stdenv.isLinux && stdenv.isAarch64;
   };
 }
diff --git a/pkgs/tools/graphics/barcode/default.nix b/pkgs/tools/graphics/barcode/default.nix
index eed06602a5d..9eb368b83af 100644
--- a/pkgs/tools/graphics/barcode/default.nix
+++ b/pkgs/tools/graphics/barcode/default.nix
@@ -16,12 +16,14 @@ stdenv.mkDerivation rec {
     })
   ];
 
+  configureFlags = lib.optional stdenv.isDarwin "ac_cv_func_calloc_0_nonnull=yes";
+
   hardeningDisable = [ "format" ];
 
   meta = with lib; {
     description = "GNU barcode generator";
     maintainers = with maintainers; [ raskin ];
-    platforms = platforms.linux; # Maybe other non-darwin Unix
+    platforms = platforms.unix;
     downloadPage = "https://ftp.gnu.org/gnu/barcode/";
     homepage = "https://www.gnu.org/software/barcode/";
     license = licenses.gpl3;
diff --git a/pkgs/tools/misc/nurl/default.nix b/pkgs/tools/misc/nurl/default.nix
index b3ba4ca3a6a..6f0cf9bdfef 100644
--- a/pkgs/tools/misc/nurl/default.nix
+++ b/pkgs/tools/misc/nurl/default.nix
@@ -10,16 +10,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "nurl";
-  version = "0.2.2";
+  version = "0.3.1";
 
   src = fetchFromGitHub {
     owner = "nix-community";
     repo = "nurl";
     rev = "v${version}";
-    hash = "sha256-hK3bHaMzpqz3W/iJpSPf4Iv6nrLpVLBIkAy5QxI+yrg=";
+    hash = "sha256-fLa9gNdwBOSOMisU1UI8KAKGOkDN13LZsBpH+bObqUM=";
   };
 
-  cargoSha256 = "sha256-eHk9mBaHbKVp7lCmSmrHQoRMDFCmUJ+LN5TVa3LhNZ8=";
+  cargoSha256 = "sha256-vyhsZYYSpR2qbwTXOw8e1DFRQ78RVHktK6zCbiXT7RI=";
 
   nativeBuildInputs = [
     installShellFiles
diff --git a/pkgs/tools/misc/yt-dlp/default.nix b/pkgs/tools/misc/yt-dlp/default.nix
index 1b01cca1a3f..4bcb98532eb 100644
--- a/pkgs/tools/misc/yt-dlp/default.nix
+++ b/pkgs/tools/misc/yt-dlp/default.nix
@@ -20,11 +20,11 @@ buildPythonPackage rec {
   # The websites yt-dlp deals with are a very moving target. That means that
   # downloads break constantly. Because of that, updates should always be backported
   # to the latest stable release.
-  version = "2022.11.11";
+  version = "2023.1.2";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-9rliAjwXp3FRR28Pbtcb6H0Bdim6XZmUUovFSFIRkbY=";
+    sha256 = "sha256-uNe7tcFZX3GIVaMfNNigJ2pwhvXT9ULAIaje2LJtNq4=";
   };
 
   propagatedBuildInputs = [ brotli certifi mutagen pycryptodomex websockets ];
diff --git a/pkgs/tools/text/d2/default.nix b/pkgs/tools/text/d2/default.nix
index d3a45b22268..a020497704d 100644
--- a/pkgs/tools/text/d2/default.nix
+++ b/pkgs/tools/text/d2/default.nix
@@ -8,16 +8,16 @@
 
 buildGoModule rec {
   pname = "d2";
-  version = "0.1.2";
+  version = "0.1.4";
 
   src = fetchFromGitHub {
     owner = "terrastruct";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-O3T26Stau168hP7Hhv2bayamXQvaFD6feyW5AYoHf0U=";
+    hash = "sha256-whxXMU9jQ/ixXUx6vqs1CdLWZGHTBFJcA6v1Z4aAV4s=";
   };
 
-  vendorHash = "sha256-k9zaZ28vs3R5usWUW5N78zz0PuP5UrYEhgXxpQ+v5sE=";
+  vendorHash = "sha256-t94xCNteYRpbV2GzrD4ppD8xfUV1HTJPkipEzr36CaM=";
 
   ldflags = [
     "-s"
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index a04c298431d..88e3d54d91a 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7956,6 +7956,8 @@ with pkgs;
 
   haskell-language-server = callPackage ../development/tools/haskell/haskell-language-server/withWrapper.nix { };
 
+  hassil = with python3Packages; toPythonApplication hassil;
+
   hasmail = callPackage ../applications/networking/mailreaders/hasmail { };
 
   haste-client = callPackage ../tools/misc/haste-client { };
@@ -13349,8 +13351,7 @@ with pkgs;
   };
 
   xtreemfs = callPackage ../tools/filesystems/xtreemfs {
-    boost = boost165;
-    jdk = jdk8; # TODO: remove override https://github.com/NixOS/nixpkgs/pull/89731
+    boost = boost17x;
   };
 
   xurls = callPackage ../tools/text/xurls {};
@@ -26638,6 +26639,7 @@ with pkgs;
 
   dina-font = callPackage ../data/fonts/dina { };
 
+  dm-sans = callPackage ../data/fonts/dm-sans { };
   dns-root-data = callPackage ../data/misc/dns-root-data { };
 
   docbook5 = callPackage ../data/sgml+xml/schemas/docbook-5.0 { };
@@ -27842,6 +27844,8 @@ with pkgs;
 
   avocode = callPackage ../applications/graphics/avocode {};
 
+  ax25-apps = callPackage ../applications/radio/ax25-apps {};
+
   ax25-tools = callPackage ../applications/radio/ax25-tools {};
 
   azpainter = callPackage ../applications/graphics/azpainter { };
@@ -28744,6 +28748,8 @@ with pkgs;
   keepassx2 = callPackage ../applications/misc/keepassx/2.0.nix { };
   keepassxc = libsForQt5.callPackage ../applications/misc/keepassx/community.nix { };
 
+  keepass-diff = callPackage ../applications/misc/keepass-diff { };
+
   keeweb = callPackage ../applications/misc/keeweb { };
 
   inherit (gnome) evince;
@@ -29383,6 +29389,8 @@ with pkgs;
 
   moe =  callPackage ../applications/editors/moe { };
 
+  molsketch = libsForQt5.callPackage ../applications/editors/molsketch { };
+
   pattypan = callPackage ../applications/misc/pattypan {};
 
   praat = callPackage ../applications/audio/praat { };
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 9f6924f7f55..837126faf3d 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -5075,6 +5075,8 @@ self: super: with self; {
 
   kivy-garden = callPackage ../development/python-modules/kivy-garden { };
 
+  kiwiki-client = callPackage ../development/python-modules/kiwiki-client { };
+
   kiwisolver = callPackage ../development/python-modules/kiwisolver { };
 
   klaus = callPackage ../development/python-modules/klaus { };
@@ -8060,6 +8062,8 @@ self: super: with self; {
 
   pykakasi = callPackage ../development/python-modules/pykakasi { };
 
+  pykaleidescape = callPackage ../development/python-modules/pykaleidescape { };
+
   pykdl = callPackage ../development/python-modules/pykdl { };
 
   pykdtree = callPackage ../development/python-modules/pykdtree {