dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/*: automatically convert option docs to MD

Browse Source 
once again using nix-doc-munge (69d080323a)
This commit is contained in:
pennae 2022-08-03 22:46:41 +02:00
parent 645cfa59ac
commit 61e93df189
101 changed files with 628 additions and 628 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/config/i18n.nix
View File

@ -71,11 +71,11 @@ with lib;
)) ))
''; '';
example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"]; example = ["en_US.UTF-8/UTF-8" "nl_NL.UTF-8/UTF-8" "nl_NL/ISO-8859-1"];
description = '' description = lib.mdDoc ''
List of locales that the system should support. The value List of locales that the system should support. The value
<literal>"all"</literal> means that all locales supported by `"all"` means that all locales supported by
Glibc will be installed. A full list of supported locales Glibc will be installed. A full list of supported locales
can be found at <link xlink:href="https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED"/>. can be found at <https://sourceware.org/git/?p=glibc.git;a=blob;f=localedata/SUPPORTED>.
''; '';
}; };

6
nixos/modules/config/resolvconf.nix
View File

@ -83,9 +83,9 @@ in
dnsExtensionMechanism = mkOption { dnsExtensionMechanism = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Enable the <literal>edns0</literal> option in <filename>resolv.conf</filename>. With Enable the `edns0` option in {file}`resolv.conf`. With
that option set, <literal>glibc</literal> supports use of the extension mechanisms for that option set, `glibc` supports use of the extension mechanisms for
DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC, DNS (EDNS) specified in RFC 2671. The most popular user of that feature is DNSSEC,
which does not work without it. which does not work without it.
''; '';

4
nixos/modules/config/shells-environment.nix
View File

@ -109,11 +109,11 @@ in
environment.shellAliases = mkOption { environment.shellAliases = mkOption {
example = { l = null; ll = "ls -l"; }; example = { l = null; ll = "ls -l"; };
description = '' description = lib.mdDoc ''
An attribute set that maps aliases (the top level attribute names in An attribute set that maps aliases (the top level attribute names in
this option) to command strings or directly to build outputs. The this option) to command strings or directly to build outputs. The
aliases are added to all users' shells. aliases are added to all users' shells.
Aliases mapped to <literal>null</literal> are ignored. Aliases mapped to `null` are ignored.
''; '';
type = with types; attrsOf (nullOr (either str path)); type = with types; attrsOf (nullOr (either str path));
}; };

8
nixos/modules/config/system-environment.nix
View File

@ -16,7 +16,7 @@ in
environment.sessionVariables = mkOption { environment.sessionVariables = mkOption {
default = {}; default = {};
description = '' description = lib.mdDoc ''
A set of environment variables used in the global environment. A set of environment variables used in the global environment.
These variables will be set by PAM early in the login process. These variables will be set by PAM early in the login process.
@ -25,12 +25,12 @@ in
colon characters. colon characters.
Note, due to limitations in the PAM format values may not Note, due to limitations in the PAM format values may not
contain the <literal>"</literal> character. contain the `"` character.
Also, these variables are merged into Also, these variables are merged into
<xref linkend="opt-environment.variables"/> and it is [](#opt-environment.variables) and it is
therefore not possible to use PAM style variables such as therefore not possible to use PAM style variables such as
<literal>@{HOME}</literal>. `@{HOME}`.
''; '';
type = with types; attrsOf (either str (listOf str)); type = with types; attrsOf (either str (listOf str));
apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v); apply = mapAttrs (n: v: if isList v then concatStringsSep ":" v else v);

38
nixos/modules/config/users-groups.nix
View File

@ -100,17 +100,17 @@ let
isNormalUser = mkOption { isNormalUser = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Indicates whether this is an account for a real user. This Indicates whether this is an account for a real user. This
automatically sets <option>group</option> to automatically sets {option}`group` to
<literal>users</literal>, <option>createHome</option> to `users`, {option}`createHome` to
<literal>true</literal>, <option>home</option> to `true`, {option}`home` to
<filename>/home/«username»</filename>, {file}`/home/«username»`,
<option>useDefaultShell</option> to <literal>true</literal>, {option}`useDefaultShell` to `true`,
and <option>isSystemUser</option> to and {option}`isSystemUser` to
<literal>false</literal>. `false`.
Exactly one of <literal>isNormalUser</literal> and Exactly one of `isNormalUser` and
<literal>isSystemUser</literal> must be true. `isSystemUser` must be true.
''; '';
}; };
@ -151,12 +151,12 @@ let
pamMount = mkOption { pamMount = mkOption {
type = with types; attrsOf str; type = with types; attrsOf str;
default = {}; default = {};
description = '' description = lib.mdDoc ''
Attributes for user's entry in Attributes for user's entry in
<filename>pam_mount.conf.xml</filename>. {file}`pam_mount.conf.xml`.
Useful attributes might include <literal>path</literal>, Useful attributes might include `path`,
<literal>options</literal>, <literal>fstype</literal>, and <literal>server</literal>. `options`, `fstype`, and `server`.
See <link xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html"/> See <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>
for more information. for more information.
''; '';
}; };
@ -166,12 +166,12 @@ let
default = pkgs.shadow; default = pkgs.shadow;
defaultText = literalExpression "pkgs.shadow"; defaultText = literalExpression "pkgs.shadow";
example = literalExpression "pkgs.bashInteractive"; example = literalExpression "pkgs.bashInteractive";
description = '' description = lib.mdDoc ''
The path to the user's shell. Can use shell derivations, The path to the user's shell. Can use shell derivations,
like <literal>pkgs.bashInteractive</literal>. Dont like `pkgs.bashInteractive`. Dont
forget to enable your shell in forget to enable your shell in
<literal>programs</literal> if necessary, `programs` if necessary,
like <literal>programs.zsh.enable = true;</literal>. like `programs.zsh.enable = true;`.
''; '';
}; };

2
nixos/modules/hardware/logitech.nix
View File

@ -32,7 +32,7 @@ in
devices = mkOption { devices = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ "0a07" "c222" "c225" "c227" "c251" ]; default = [ "0a07" "c222" "c225" "c227" "c251" ];
description = '' description = lib.mdDoc ''
List of USB device ids supported by g15daemon. List of USB device ids supported by g15daemon.
You most likely do not need to change this. You most likely do not need to change this.

12
nixos/modules/hardware/video/uvcvideo/default.nix
View File

@ -34,15 +34,15 @@ in
packages = mkOption { packages = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
example = literalExpression "[ pkgs.tiscamera ]"; example = literalExpression "[ pkgs.tiscamera ]";
description = '' description = lib.mdDoc ''
List of packages containing <command>uvcvideo</command> dynamic controls List of packages containing {command}`uvcvideo` dynamic controls
rules. All files found in rules. All files found in
<filename>«pkg»/share/uvcdynctrl/data</filename> {file}`«pkg»/share/uvcdynctrl/data`
will be included. will be included.
Note that these will serve as input to the <command>libwebcam</command> Note that these will serve as input to the {command}`libwebcam`
package which through its own <command>udev</command> rule will register package which through its own {command}`udev` rule will register
the dynamic controls from specified packages to the <command>uvcvideo</command> the dynamic controls from specified packages to the {command}`uvcvideo`
driver. driver.
''; '';
apply = map getBin; apply = map getBin;

4
nixos/modules/programs/adb.nix
View File

@ -11,10 +11,10 @@ with lib;
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Whether to configure system to use Android Debug Bridge (adb). Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group: To grant access to a user, it must be part of adbusers group:
<literal>users.users.alice.extraGroups = ["adbusers"];</literal> `users.users.alice.extraGroups = ["adbusers"];`
''; '';
}; };
}; };

4
nixos/modules/programs/firejail.nix
View File

@ -69,12 +69,12 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
Wrap the binaries in firejail and place them in the global path. Wrap the binaries in firejail and place them in the global path.
You will get file collisions if you put the actual application binary in You will get file collisions if you put the actual application binary in
the global environment (such as by adding the application package to the global environment (such as by adding the application package to
<literal>environment.systemPackages</literal>), and applications started via `environment.systemPackages`), and applications started via
.desktop files are not wrapped if they specify the absolute path to the .desktop files are not wrapped if they specify the absolute path to the
binary. binary.
''; '';

4
nixos/modules/programs/gphoto2.nix
View File

@ -11,11 +11,11 @@ with lib;
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Whether to configure system to use gphoto2. Whether to configure system to use gphoto2.
To grant digital camera access to a user, the user must To grant digital camera access to a user, the user must
be part of the camera group: be part of the camera group:
<literal>users.users.alice.extraGroups = ["camera"];</literal> `users.users.alice.extraGroups = ["camera"];`
''; '';
}; };
}; };

4
nixos/modules/programs/neovim.nix
View File

@ -72,9 +72,9 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
Generate your init file from your list of plugins and custom commands. Generate your init file from your list of plugins and custom commands.
Neovim will then be wrapped to load <command>nvim -u /nix/store/«hash»-vimrc</command> Neovim will then be wrapped to load {command}`nvim -u /nix/store/«hash»-vimrc`
''; '';
}; };

18
nixos/modules/programs/nncp.nix
View File

@ -33,24 +33,24 @@ in {
secrets = mkOption { secrets = mkOption {
type = with types; listOf str; type = with types; listOf str;
example = [ "/run/keys/nncp.hjson" ]; example = [ "/run/keys/nncp.hjson" ];
description = '' description = lib.mdDoc ''
A list of paths to NNCP configuration files that should not be A list of paths to NNCP configuration files that should not be
in the Nix store. These files are layered on top of the values at in the Nix store. These files are layered on top of the values at
<xref linkend="opt-programs.nncp.settings"/>. [](#opt-programs.nncp.settings).
''; '';
}; };
settings = mkOption { settings = mkOption {
type = settingsFormat.type; type = settingsFormat.type;
description = '' description = lib.mdDoc ''
NNCP configuration, see NNCP configuration, see
<link xlink:href="http://www.nncpgo.org/Configuration.html"/>. <http://www.nncpgo.org/Configuration.html>.
At runtime these settings will be overlayed by the contents of At runtime these settings will be overlayed by the contents of
<xref linkend="opt-programs.nncp.secrets"/> into the file [](#opt-programs.nncp.secrets) into the file
<literal>${nncpCfgFile}</literal>. Node keypairs go in `${nncpCfgFile}`. Node keypairs go in
<literal>secrets</literal>, do not specify them in `secrets`, do not specify them in
<literal>settings</literal> as they will be leaked into `settings` as they will be leaked into
<literal>/nix/store</literal>! `/nix/store`!
''; '';
default = { }; default = { };
}; };

6
nixos/modules/programs/turbovnc.nix
View File

@ -15,14 +15,14 @@ in
ensureHeadlessSoftwareOpenGL = mkOption { ensureHeadlessSoftwareOpenGL = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to set up NixOS such that TurboVNC's built-in software OpenGL Whether to set up NixOS such that TurboVNC's built-in software OpenGL
implementation works. implementation works.
This will enable <option>hardware.opengl.enable</option> so that OpenGL This will enable {option}`hardware.opengl.enable` so that OpenGL
programs can find Mesa's llvmpipe drivers. programs can find Mesa's llvmpipe drivers.
Setting this option to <literal>false</literal> does not mean that software Setting this option to `false` does not mean that software
OpenGL won't work; it may still work depending on your system OpenGL won't work; it may still work depending on your system
configuration. configuration.

4
nixos/modules/security/acme/default.nix
View File

@ -504,8 +504,8 @@ let
reloadServices = mkOption { reloadServices = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
inherit (defaultAndText "reloadServices" []) default defaultText; inherit (defaultAndText "reloadServices" []) default defaultText;
description = '' description = lib.mdDoc ''
The list of systemd services to call <literal>systemctl try-reload-or-restart</literal> The list of systemd services to call `systemctl try-reload-or-restart`
on. on.
''; '';
}; };

60
nixos/modules/security/doas.nix
View File

@ -62,19 +62,19 @@ in
wheelNeedsPassword = mkOption { wheelNeedsPassword = mkOption {
type = with types; bool; type = with types; bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether users of the <literal>wheel</literal> group must provide a password to Whether users of the `wheel` group must provide a password to
run commands as super user via <command>doas</command>. run commands as super user via {command}`doas`.
''; '';
}; };
extraRules = mkOption { extraRules = mkOption {
default = []; default = [];
description = '' description = lib.mdDoc ''
Define specific rules to be set in the Define specific rules to be set in the
<filename>/etc/doas.conf</filename> file. More specific rules should {file}`/etc/doas.conf` file. More specific rules should
come after more general ones in order to yield the expected behavior. come after more general ones in order to yield the expected behavior.
You can use <literal>mkBefore</literal> and/or <literal>mkAfter</literal> to ensure You can use `mkBefore` and/or `mkAfter` to ensure
this is the case when configuration options are merged. this is the case when configuration options are merged.
''; '';
example = literalExpression '' example = literalExpression ''
@ -113,8 +113,8 @@ in
noPass = mkOption { noPass = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If <literal>true</literal>, the user is not required to enter a If `true`, the user is not required to enter a
password. password.
''; '';
}; };
@ -122,18 +122,18 @@ in
noLog = mkOption { noLog = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If <literal>true</literal>, successful executions will not be logged If `true`, successful executions will not be logged
to to
<citerefentry><refentrytitle>syslogd</refentrytitle><manvolnum>8</manvolnum></citerefentry>. {manpage}`syslogd(8)`.
''; '';
}; };
persist = mkOption { persist = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If <literal>true</literal>, do not ask for a password again for some If `true`, do not ask for a password again for some
time after the user successfully authenticates. time after the user successfully authenticates.
''; '';
}; };
@ -141,10 +141,10 @@ in
keepEnv = mkOption { keepEnv = mkOption {
type = with types; bool; type = with types; bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If <literal>true</literal>, environment variables other than those If `true`, environment variables other than those
listed in listed in
<citerefentry><refentrytitle>doas</refentrytitle><manvolnum>1</manvolnum></citerefentry> {manpage}`doas(1)`
are kept when creating the environment for the new process. are kept when creating the environment for the new process.
''; '';
}; };
@ -152,18 +152,18 @@ in
setEnv = mkOption { setEnv = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = []; default = [];
description = '' description = lib.mdDoc ''
Keep or set the specified variables. Variables may also be Keep or set the specified variables. Variables may also be
removed with a leading '-' or set using removed with a leading '-' or set using
<literal>variable=value</literal>. If the first character of `variable=value`. If the first character of
<literal>value</literal> is a '$', the value to be set is taken from `value` is a '$', the value to be set is taken from
the existing environment variable of the indicated name. This the existing environment variable of the indicated name. This
option is processed after the default environment has been option is processed after the default environment has been
created. created.
NOTE: All rules have <literal>setenv { SSH_AUTH_SOCK }</literal> by NOTE: All rules have `setenv { SSH_AUTH_SOCK }` by
default. To prevent <literal>SSH_AUTH_SOCK</literal> from being default. To prevent `SSH_AUTH_SOCK` from being
inherited, add <literal>"-SSH_AUTH_SOCK"</literal> anywhere in this inherited, add `"-SSH_AUTH_SOCK"` anywhere in this
list. list.
''; '';
}; };
@ -183,23 +183,23 @@ in
runAs = mkOption { runAs = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
description = '' description = lib.mdDoc ''
Which user or group the specified command is allowed to run as. Which user or group the specified command is allowed to run as.
When set to <literal>null</literal> (the default), all users are When set to `null` (the default), all users are
allowed. allowed.
A user can be specified using just the username: A user can be specified using just the username:
<literal>"foo"</literal>. It is also possible to only allow running as `"foo"`. It is also possible to only allow running as
a specific group with <literal>":bar"</literal>. a specific group with `":bar"`.
''; '';
}; };
cmd = mkOption { cmd = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
description = '' description = lib.mdDoc ''
The command the user is allowed to run. When set to The command the user is allowed to run. When set to
<literal>null</literal> (the default), all commands are allowed. `null` (the default), all commands are allowed.
NOTE: It is best practice to specify absolute paths. If a NOTE: It is best practice to specify absolute paths. If a
relative path is specified, only a restricted PATH will be relative path is specified, only a restricted PATH will be
@ -210,9 +210,9 @@ in
args = mkOption { args = mkOption {
type = with types; nullOr (listOf str); type = with types; nullOr (listOf str);
default = null; default = null;
description = '' description = lib.mdDoc ''
Arguments that must be provided to the command. When set to Arguments that must be provided to the command. When set to
<literal>[]</literal>, the command must be run without any arguments. `[]`, the command must be run without any arguments.
''; '';
}; };
}; };

4
nixos/modules/security/misc.nix
View File

@ -52,7 +52,7 @@ with lib;
security.allowSimultaneousMultithreading = mkOption { security.allowSimultaneousMultithreading = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to allow SMT/hyperthreading. Disabling SMT means that only Whether to allow SMT/hyperthreading. Disabling SMT means that only
physical CPU cores will be usable at runtime, potentially at physical CPU cores will be usable at runtime, potentially at
significant performance cost. significant performance cost.
@ -62,7 +62,7 @@ with lib;
e.g., shared caches). This attack vector is unproven. e.g., shared caches). This attack vector is unproven.
Disabling SMT is a supplement to the L1 data cache flushing mitigation Disabling SMT is a supplement to the L1 data cache flushing mitigation
(see <xref linkend="opt-security.virtualisation.flushL1DataCache"/>) (see [](#opt-security.virtualisation.flushL1DataCache))
versus malicious VM guests (SMT could "bring back" previously flushed versus malicious VM guests (SMT could "bring back" previously flushed
data). data).
''; '';

100
nixos/modules/security/pam.nix
View File

@ -807,14 +807,14 @@ in
default = config.krb5.enable; default = config.krb5.enable;
defaultText = literalExpression "config.krb5.enable"; defaultText = literalExpression "config.krb5.enable";
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enables Kerberos PAM modules (<literal>pam-krb5</literal>, Enables Kerberos PAM modules (`pam-krb5`,
<literal>pam-ccreds</literal>). `pam-ccreds`).
If set, users can authenticate with their Kerberos password. If set, users can authenticate with their Kerberos password.
This requires a valid Kerberos configuration This requires a valid Kerberos configuration
(<literal>config.krb5.enable</literal> should be set to (`config.krb5.enable` should be set to
<literal>true</literal>). `true`).
Note that the Kerberos PAM modules are not necessary when using SSS Note that the Kerberos PAM modules are not necessary when using SSS
to handle Kerberos authentication. to handle Kerberos authentication.
@ -826,12 +826,12 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enables P11 PAM (<literal>pam_p11</literal>) module. Enables P11 PAM (`pam_p11`) module.
If set, users can log in with SSH keys and PKCS#11 tokens. If set, users can log in with SSH keys and PKCS#11 tokens.
More information can be found <link xlink:href="https://github.com/OpenSC/pam_p11">here</link>. More information can be found [here](https://github.com/OpenSC/pam_p11).
''; '';
}; };
@ -858,71 +858,71 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enables U2F PAM (<literal>pam-u2f</literal>) module. Enables U2F PAM (`pam-u2f`) module.
If set, users listed in If set, users listed in
<filename>$XDG_CONFIG_HOME/Yubico/u2f_keys</filename> (or {file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or
<filename>$HOME/.config/Yubico/u2f_keys</filename> if XDG variable is {file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is
not set) are able to log in with the associated U2F key. The path can not set) are able to log in with the associated U2F key. The path can
be changed using <option>security.pam.u2f.authFile</option> option. be changed using {option}`security.pam.u2f.authFile` option.
File format is: File format is:
<literal>username:first_keyHandle,first_public_key: second_keyHandle,second_public_key</literal> `username:first_keyHandle,first_public_key: second_keyHandle,second_public_key`
This file can be generated using <command>pamu2fcfg</command> command. This file can be generated using {command}`pamu2fcfg` command.
More information can be found <link xlink:href="https://developers.yubico.com/pam-u2f/">here</link>. More information can be found [here](https://developers.yubico.com/pam-u2f/).
''; '';
}; };
authFile = mkOption { authFile = mkOption {
default = null; default = null;
type = with types; nullOr path; type = with types; nullOr path;
description = '' description = lib.mdDoc ''
By default <literal>pam-u2f</literal> module reads the keys from By default `pam-u2f` module reads the keys from
<filename>$XDG_CONFIG_HOME/Yubico/u2f_keys</filename> (or {file}`$XDG_CONFIG_HOME/Yubico/u2f_keys` (or
<filename>$HOME/.config/Yubico/u2f_keys</filename> if XDG variable is {file}`$HOME/.config/Yubico/u2f_keys` if XDG variable is
not set). not set).
If you want to change auth file locations or centralize database (for If you want to change auth file locations or centralize database (for
example use <filename>/etc/u2f-mappings</filename>) you can set this example use {file}`/etc/u2f-mappings`) you can set this
option. option.
File format is: File format is:
<literal>username:first_keyHandle,first_public_key: second_keyHandle,second_public_key</literal> `username:first_keyHandle,first_public_key: second_keyHandle,second_public_key`
This file can be generated using <command>pamu2fcfg</command> command. This file can be generated using {command}`pamu2fcfg` command.
More information can be found <link xlink:href="https://developers.yubico.com/pam-u2f/">here</link>. More information can be found [here](https://developers.yubico.com/pam-u2f/).
''; '';
}; };
appId = mkOption { appId = mkOption {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = lib.mdDoc ''
By default <literal>pam-u2f</literal> module sets the application By default `pam-u2f` module sets the application
ID to <literal>pam://$HOSTNAME</literal>. ID to `pam://$HOSTNAME`.
When using <command>pamu2fcfg</command>, you can specify your When using {command}`pamu2fcfg`, you can specify your
application ID with the <literal>-i</literal> flag. application ID with the `-i` flag.
More information can be found <link xlink:href="https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html">here</link> More information can be found [here](https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html)
''; '';
}; };
origin = mkOption { origin = mkOption {
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = lib.mdDoc ''
By default <literal>pam-u2f</literal> module sets the origin By default `pam-u2f` module sets the origin
to <literal>pam://$HOSTNAME</literal>. to `pam://$HOSTNAME`.
Setting origin to an host independent value will allow you to Setting origin to an host independent value will allow you to
reuse credentials across machines reuse credentials across machines
When using <command>pamu2fcfg</command>, you can specify your When using {command}`pamu2fcfg`, you can specify your
application ID with the <literal>-o</literal> flag. application ID with the `-o` flag.
More information can be found <link xlink:href="https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html">here</link> More information can be found [here](https://developers.yubico.com/pam-u2f/Manuals/pam_u2f.8.html)
''; '';
}; };
@ -978,17 +978,17 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enables Uber's USSH PAM (<literal>pam-ussh</literal>) module. Enables Uber's USSH PAM (`pam-ussh`) module.
This is similar to <literal>pam-ssh-agent</literal>, except that This is similar to `pam-ssh-agent`, except that
the presence of a CA-signed SSH key with a valid principal is checked the presence of a CA-signed SSH key with a valid principal is checked
instead. instead.
Note that this module must both be enabled using this option and on a Note that this module must both be enabled using this option and on a
per-PAM-service level as well (using <literal>usshAuth</literal>). per-PAM-service level as well (using `usshAuth`).
More information can be found <link xlink:href="https://github.com/uber/pam-ussh">here</link>. More information can be found [here](https://github.com/uber/pam-ussh).
''; '';
}; };
@ -1067,16 +1067,16 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enables Yubico PAM (<literal>yubico-pam</literal>) module. Enables Yubico PAM (`yubico-pam`) module.
If set, users listed in If set, users listed in
<filename>~/.yubico/authorized_yubikeys</filename> {file}`~/.yubico/authorized_yubikeys`
are able to log in with the associated Yubikey tokens. are able to log in with the associated Yubikey tokens.
The file must have only one line: The file must have only one line:
<literal>username:yubikey_token_id1:yubikey_token_id2</literal> `username:yubikey_token_id1:yubikey_token_id2`
More information can be found <link xlink:href="https://developers.yubico.com/yubico-pam/">here</link>. More information can be found [here](https://developers.yubico.com/yubico-pam/).
''; '';
}; };
control = mkOption { control = mkOption {
@ -1111,7 +1111,7 @@ in
mode = mkOption { mode = mkOption {
default = "client"; default = "client";
type = types.enum [ "client" "challenge-response" ]; type = types.enum [ "client" "challenge-response" ];
description = '' description = lib.mdDoc ''
Mode of operation. Mode of operation.
Use "client" for online validation with a YubiKey validation service such as Use "client" for online validation with a YubiKey validation service such as
@ -1121,16 +1121,16 @@ in
Challenge-Response configurations. See the man-page ykpamcfg(1) for further Challenge-Response configurations. See the man-page ykpamcfg(1) for further
details on how to configure offline Challenge-Response validation. details on how to configure offline Challenge-Response validation.
More information can be found <link xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>. More information can be found [here](https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html).
''; '';
}; };
challengeResponsePath = mkOption { challengeResponsePath = mkOption {
default = null; default = null;
type = types.nullOr types.path; type = types.nullOr types.path;
description = '' description = lib.mdDoc ''
If not null, set the path used by yubico pam module where the challenge expected response is stored. If not null, set the path used by yubico pam module where the challenge expected response is stored.
More information can be found <link xlink:href="https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html">here</link>. More information can be found [here](https://developers.yubico.com/yubico-pam/Authentication_Using_Challenge-Response.html).
''; '';
}; };
}; };

12
nixos/modules/security/pam_mount.nix
View File

@ -31,9 +31,9 @@ in
extraVolumes = mkOption { extraVolumes = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = lib.mdDoc ''
List of volume definitions for pam_mount. List of volume definitions for pam_mount.
For more information, visit <link xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html"/>. For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>.
''; '';
}; };
@ -63,20 +63,20 @@ in
type = types.int; type = types.int;
default = 0; default = 0;
example = 1; example = 1;
description = '' description = lib.mdDoc ''
Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing, Sets the Debug-Level. 0 disables debugging, 1 enables pam_mount tracing,
and 2 additionally enables tracing in mount.crypt. The default is 0. and 2 additionally enables tracing in mount.crypt. The default is 0.
For more information, visit <link xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html"/>. For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>.
''; '';
}; };
logoutWait = mkOption { logoutWait = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
description = '' description = lib.mdDoc ''
Amount of microseconds to wait until killing remaining processes after Amount of microseconds to wait until killing remaining processes after
final logout. final logout.
For more information, visit <link xlink:href="http://pam-mount.sourceforge.net/pam_mount.conf.5.html"/>. For more information, visit <http://pam-mount.sourceforge.net/pam_mount.conf.5.html>.
''; '';
}; };

4
nixos/modules/security/pam_usb.nix
View File

@ -17,9 +17,9 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Enable USB login for all login systems that support it. For Enable USB login for all login systems that support it. For
more information, visit <link xlink:href="https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users"/>. more information, visit <https://github.com/aluzzardi/pam_usb/wiki/Getting-Started#setting-up-devices-and-users>.
''; '';
}; };

20
nixos/modules/security/sudo.nix
View File

@ -55,19 +55,19 @@ in
type = types.bool; type = types.bool;
default = true; default = true;
description = description =
'' lib.mdDoc ''
Whether users of the <literal>wheel</literal> group must Whether users of the `wheel` group must
provide a password to run commands as super user via <command>sudo</command>. provide a password to run commands as super user via {command}`sudo`.
''; '';
}; };
security.sudo.execWheelOnly = mkOption { security.sudo.execWheelOnly = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Only allow members of the <literal>wheel</literal> group to execute sudo by Only allow members of the `wheel` group to execute sudo by
setting the executable's permissions accordingly. setting the executable's permissions accordingly.
This prevents users that are not members of <literal>wheel</literal> from This prevents users that are not members of `wheel` from
exploiting vulnerabilities in sudo such as CVE-2021-3156. exploiting vulnerabilities in sudo such as CVE-2021-3156.
''; '';
}; };
@ -139,12 +139,12 @@ in
runAs = mkOption { runAs = mkOption {
type = with types; str; type = with types; str;
default = "ALL:ALL"; default = "ALL:ALL";
description = '' description = lib.mdDoc ''
Under which user/group the specified command is allowed to run. Under which user/group the specified command is allowed to run.
A user can be specified using just the username: <literal>"foo"</literal>. A user can be specified using just the username: `"foo"`.
It is also possible to specify a user/group combination using <literal>"foo:bar"</literal> It is also possible to specify a user/group combination using `"foo:bar"`
or to only allow running as a specific group with <literal>":bar"</literal>. or to only allow running as a specific group with `":bar"`.
''; '';
}; };

2
nixos/modules/services/backup/restic.nix
View File

@ -227,7 +227,7 @@ in
type = types.package; type = types.package;
default = pkgs.restic; default = pkgs.restic;
defaultText = literalExpression "pkgs.restic"; defaultText = literalExpression "pkgs.restic";
description = '' description = lib.mdDoc ''
Restic package to use. Restic package to use.
''; '';
}; };

2
nixos/modules/services/backup/syncoid.nix
View File

@ -192,7 +192,7 @@ in
target = mkOption { target = mkOption {
type = types.str; type = types.str;
example = "user@server:pool/dataset"; example = "user@server:pool/dataset";
description = '' description = lib.mdDoc ''
Target ZFS dataset. Can be either local Target ZFS dataset. Can be either local
(«pool/dataset») or remote («pool/dataset») or remote
(«user@server:pool/dataset»). («user@server:pool/dataset»).

4
nixos/modules/services/backup/zrepl.nix
View File

@ -22,8 +22,8 @@ in
settings = mkOption { settings = mkOption {
default = { }; default = { };
description = '' description = lib.mdDoc ''
Configuration for zrepl. See <link xlink:href="https://zrepl.github.io/configuration.html"/> Configuration for zrepl. See <https://zrepl.github.io/configuration.html>
for more information. for more information.
''; '';
type = types.submodule { type = types.submodule {

4
nixos/modules/services/continuous-integration/github-runner.nix
View File

@ -18,11 +18,11 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
example = true; example = true;
description = '' description = lib.mdDoc ''
Whether to enable GitHub Actions runner. Whether to enable GitHub Actions runner.
Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here: Note: GitHub recommends using self-hosted runners with private repositories only. Learn more here:
<link xlink:href="https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners">About self-hosted runners</link>. [About self-hosted runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners).
''; '';
type = lib.types.bool; type = lib.types.bool;
}; };

94
nixos/modules/services/continuous-integration/gitlab-runner.nix
View File

@ -113,15 +113,15 @@ in
configFile = mkOption { configFile = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Configuration file for gitlab-runner. Configuration file for gitlab-runner.
<option>configFile</option> takes precedence over <option>services</option>. {option}`configFile` takes precedence over {option}`services`.
<option>checkInterval</option> and <option>concurrent</option> will be ignored too. {option}`checkInterval` and {option}`concurrent` will be ignored too.
This option is deprecated, please use <option>services</option> instead. This option is deprecated, please use {option}`services` instead.
You can use <option>registrationConfigFile</option> and You can use {option}`registrationConfigFile` and
<option>registrationFlags</option> {option}`registrationFlags`
for settings not covered by this module. for settings not covered by this module.
''; '';
}; };
@ -130,16 +130,16 @@ in
freeformType = (pkgs.formats.json { }).type; freeformType = (pkgs.formats.json { }).type;
}; };
default = { }; default = { };
description = '' description = lib.mdDoc ''
Global gitlab-runner configuration. See Global gitlab-runner configuration. See
<link xlink:href="https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section"/> <https://docs.gitlab.com/runner/configuration/advanced-configuration.html#the-global-section>
for supported values. for supported values.
''; '';
}; };
gracefulTermination = mkOption { gracefulTermination = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Finish all remaining jobs before stopping. Finish all remaining jobs before stopping.
If not set gitlab-runner will stop immediatly without waiting If not set gitlab-runner will stop immediatly without waiting
for jobs to finish, which will lead to failed builds. for jobs to finish, which will lead to failed builds.
@ -149,7 +149,7 @@ in
type = types.str; type = types.str;
default = "infinity"; default = "infinity";
example = "5min 20s"; example = "5min 20s";
description = '' description = lib.mdDoc ''
Time to wait until a graceful shutdown is turned into a forceful one. Time to wait until a graceful shutdown is turned into a forceful one.
''; '';
}; };
@ -158,17 +158,17 @@ in
default = pkgs.gitlab-runner; default = pkgs.gitlab-runner;
defaultText = literalExpression "pkgs.gitlab-runner"; defaultText = literalExpression "pkgs.gitlab-runner";
example = literalExpression "pkgs.gitlab-runner_1_11"; example = literalExpression "pkgs.gitlab-runner_1_11";
description = "Gitlab Runner package to use."; description = lib.mdDoc "Gitlab Runner package to use.";
}; };
extraPackages = mkOption { extraPackages = mkOption {
type = types.listOf types.package; type = types.listOf types.package;
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
Extra packages to add to PATH for the gitlab-runner process. Extra packages to add to PATH for the gitlab-runner process.
''; '';
}; };
services = mkOption { services = mkOption {
description = "GitLab Runner services."; description = lib.mdDoc "GitLab Runner services.";
default = { }; default = { };
example = literalExpression '' example = literalExpression ''
{ {
@ -250,17 +250,17 @@ in
options = { options = {
registrationConfigFile = mkOption { registrationConfigFile = mkOption {
type = types.path; type = types.path;
description = '' description = lib.mdDoc ''
Absolute path to a file with environment variables Absolute path to a file with environment variables
used for gitlab-runner registration. used for gitlab-runner registration.
A list of all supported environment variables can be found in A list of all supported environment variables can be found in
<literal>gitlab-runner register --help</literal>. `gitlab-runner register --help`.
Ones that you probably want to set is Ones that you probably want to set is
<literal>CI_SERVER_URL=&lt;CI server URL&gt;</literal> `CI_SERVER_URL=<CI server URL>`
<literal>REGISTRATION_TOKEN=&lt;registration secret&gt;</literal> `REGISTRATION_TOKEN=<registration secret>`
WARNING: make sure to use quoted absolute path, WARNING: make sure to use quoted absolute path,
or it is going to be copied to Nix Store. or it is going to be copied to Nix Store.
@ -270,10 +270,10 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "--docker-helper-image my/gitlab-runner-helper" ]; example = [ "--docker-helper-image my/gitlab-runner-helper" ];
description = '' description = lib.mdDoc ''
Extra command-line flags passed to Extra command-line flags passed to
<literal>gitlab-runner register</literal>. `gitlab-runner register`.
Execute <literal>gitlab-runner register --help</literal> Execute `gitlab-runner register --help`
for a list of supported flags. for a list of supported flags.
''; '';
}; };
@ -281,32 +281,32 @@ in
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = { }; default = { };
example = { NAME = "value"; }; example = { NAME = "value"; };
description = '' description = lib.mdDoc ''
Custom environment variables injected to build environment. Custom environment variables injected to build environment.
For secrets you can use <option>registrationConfigFile</option> For secrets you can use {option}`registrationConfigFile`
with <literal>RUNNER_ENV</literal> variable set. with `RUNNER_ENV` variable set.
''; '';
}; };
description = mkOption { description = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = lib.mdDoc ''
Name/description of the runner. Name/description of the runner.
''; '';
}; };
executor = mkOption { executor = mkOption {
type = types.str; type = types.str;
default = "docker"; default = "docker";
description = '' description = lib.mdDoc ''
Select executor, eg. shell, docker, etc. Select executor, eg. shell, docker, etc.
See <link xlink:href="https://docs.gitlab.com/runner/executors/README.html">runner documentation</link> for more information. See [runner documentation](https://docs.gitlab.com/runner/executors/README.html) for more information.
''; '';
}; };
buildsDir = mkOption { buildsDir = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
example = "/var/lib/gitlab-runner/builds"; example = "/var/lib/gitlab-runner/builds";
description = '' description = lib.mdDoc ''
Absolute path to a directory where builds will be stored Absolute path to a directory where builds will be stored
in context of selected executor (Locally, Docker, SSH). in context of selected executor (Locally, Docker, SSH).
''; '';
@ -315,14 +315,14 @@ in
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "http://gitlab.example.local"; example = "http://gitlab.example.local";
description = '' description = lib.mdDoc ''
Overwrite the URL for the GitLab instance. Used if the Runner cant connect to GitLab on the URL GitLab exposes itself. Overwrite the URL for the GitLab instance. Used if the Runner cant connect to GitLab on the URL GitLab exposes itself.
''; '';
}; };
dockerImage = mkOption { dockerImage = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = lib.mdDoc ''
Docker image to be used. Docker image to be used.
''; '';
}; };
@ -330,7 +330,7 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "/var/run/docker.sock:/var/run/docker.sock" ]; example = [ "/var/run/docker.sock:/var/run/docker.sock" ];
description = '' description = lib.mdDoc ''
Bind-mount a volume and create it Bind-mount a volume and create it
if it doesn't exist prior to mounting. if it doesn't exist prior to mounting.
''; '';
@ -338,14 +338,14 @@ in
dockerDisableCache = mkOption { dockerDisableCache = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Disable all container caching. Disable all container caching.
''; '';
}; };
dockerPrivileged = mkOption { dockerPrivileged = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Give extended privileges to container. Give extended privileges to container.
''; '';
}; };
@ -353,7 +353,7 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "other-host:127.0.0.1" ]; example = [ "other-host:127.0.0.1" ];
description = '' description = lib.mdDoc ''
Add a custom host-to-IP mapping. Add a custom host-to-IP mapping.
''; '';
}; };
@ -361,7 +361,7 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ]; example = [ "ruby:*" "python:*" "php:*" "my.registry.tld:5000/*:*" ];
description = '' description = lib.mdDoc ''
Whitelist allowed images. Whitelist allowed images.
''; '';
}; };
@ -369,21 +369,21 @@ in
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
example = [ "postgres:9" "redis:*" "mysql:*" ]; example = [ "postgres:9" "redis:*" "mysql:*" ];
description = '' description = lib.mdDoc ''
Whitelist allowed services. Whitelist allowed services.
''; '';
}; };
preCloneScript = mkOption { preCloneScript = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Runner-specific command script executed before code is pulled. Runner-specific command script executed before code is pulled.
''; '';
}; };
preBuildScript = mkOption { preBuildScript = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Runner-specific command script executed after code is pulled, Runner-specific command script executed after code is pulled,
just before build executes. just before build executes.
''; '';
@ -391,7 +391,7 @@ in
postBuildScript = mkOption { postBuildScript = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Runner-specific command script executed after code is pulled Runner-specific command script executed after code is pulled
and just after build executes. and just after build executes.
''; '';
@ -399,22 +399,22 @@ in
tagList = mkOption { tagList = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
Tag list. Tag list.
''; '';
}; };
runUntagged = mkOption { runUntagged = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Register to run untagged builds; defaults to Register to run untagged builds; defaults to
<literal>true</literal> when <option>tagList</option> is empty. `true` when {option}`tagList` is empty.
''; '';
}; };
limit = mkOption { limit = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
description = '' description = lib.mdDoc ''
Limit how many jobs can be handled concurrently by this service. Limit how many jobs can be handled concurrently by this service.
0 (default) simply means don't limit. 0 (default) simply means don't limit.
''; '';
@ -422,14 +422,14 @@ in
requestConcurrency = mkOption { requestConcurrency = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
description = '' description = lib.mdDoc ''
Limit number of concurrent requests for new jobs from GitLab. Limit number of concurrent requests for new jobs from GitLab.
''; '';
}; };
maximumTimeout = mkOption { maximumTimeout = mkOption {
type = types.int; type = types.int;
default = 0; default = 0;
description = '' description = lib.mdDoc ''
What is the maximum timeout (in seconds) that will be set for What is the maximum timeout (in seconds) that will be set for
job when using this Runner. 0 (default) simply means don't limit. job when using this Runner. 0 (default) simply means don't limit.
''; '';
@ -437,7 +437,7 @@ in
protected = mkOption { protected = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
When set to true Runner will only run on pipelines When set to true Runner will only run on pipelines
triggered on protected branches. triggered on protected branches.
''; '';
@ -445,9 +445,9 @@ in
debugTraceDisabled = mkOption { debugTraceDisabled = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
When set to true Runner will disable the possibility of When set to true Runner will disable the possibility of
using the <literal>CI_DEBUG_TRACE</literal> feature. using the `CI_DEBUG_TRACE` feature.
''; '';
}; };
}; };

6
nixos/modules/services/databases/firebird.nix
View File

@ -47,9 +47,9 @@ in
defaultText = literalExpression "pkgs.firebird"; defaultText = literalExpression "pkgs.firebird";
type = types.package; type = types.package;
example = literalExpression "pkgs.firebird_3"; example = literalExpression "pkgs.firebird_3";
description = '' description = lib.mdDoc ''
Which Firebird package to be installed: <literal>pkgs.firebird_3</literal> Which Firebird package to be installed: `pkgs.firebird_3`
For SuperServer use override: <literal>pkgs.firebird_3.override { superServer = true; };</literal> For SuperServer use override: `pkgs.firebird_3.override { superServer = true; };`
''; '';
}; };

6
nixos/modules/services/databases/mysql.nix
View File

@ -201,7 +201,7 @@ in
ensurePermissions = mkOption { ensurePermissions = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
description = '' description = lib.mdDoc ''
Permissions to ensure for the user, specified as attribute set. Permissions to ensure for the user, specified as attribute set.
The attribute names specify the database and tables to grant the permissions for, The attribute names specify the database and tables to grant the permissions for,
separated by a dot. You may use wildcards here. separated by a dot. You may use wildcards here.
@ -210,8 +210,8 @@ in
For more information on how to specify the target For more information on how to specify the target
and on which privileges exist, see the and on which privileges exist, see the
<link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>. [GRANT syntax](https://mariadb.com/kb/en/library/grant/).
The attributes are used as <literal>GRANT ''${attrName} ON ''${attrValue}</literal>. The attributes are used as `GRANT ''${attrName} ON ''${attrValue}`.
''; '';
example = literalExpression '' example = literalExpression ''
{ {

86
nixos/modules/services/databases/neo4j.nix
View File

@ -139,14 +139,14 @@ in {
constrainLoadCsv = mkOption { constrainLoadCsv = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Sets the root directory for file URLs used with the Cypher Sets the root directory for file URLs used with the Cypher
<literal>LOAD CSV</literal> clause to be that defined by `LOAD CSV` clause to be that defined by
<option>directories.imports</option>. It restricts {option}`directories.imports`. It restricts
access to only those files within that directory and its access to only those files within that directory and its
subdirectories. subdirectories.
Setting this option to <literal>false</literal> introduces Setting this option to `false` introduces
possible security problems. possible security problems.
''; '';
}; };
@ -154,14 +154,14 @@ in {
defaultListenAddress = mkOption { defaultListenAddress = mkOption {
type = types.str; type = types.str;
default = "127.0.0.1"; default = "127.0.0.1";
description = '' description = lib.mdDoc ''
Default network interface to listen for incoming connections. To Default network interface to listen for incoming connections. To
listen for connections on all interfaces, use "0.0.0.0". listen for connections on all interfaces, use "0.0.0.0".
Specifies the default IP address and address part of connector Specifies the default IP address and address part of connector
specific <option>listenAddress</option> options. To bind specific specific {option}`listenAddress` options. To bind specific
connectors to a specific network interfaces, specify the entire connectors to a specific network interfaces, specify the entire
<option>listenAddress</option> option for that connector. {option}`listenAddress` option for that connector.
''; '';
}; };
@ -225,18 +225,18 @@ in {
sslPolicy = mkOption { sslPolicy = mkOption {
type = types.str; type = types.str;
default = "legacy"; default = "legacy";
description = '' description = lib.mdDoc ''
Neo4j SSL policy for BOLT traffic. Neo4j SSL policy for BOLT traffic.
The legacy policy is a special policy which is not defined in The legacy policy is a special policy which is not defined in
the policy configuration section, but rather derives from the policy configuration section, but rather derives from
<option>directories.certificates</option> and {option}`directories.certificates` and
associated files (by default: <filename>neo4j.key</filename> and associated files (by default: {file}`neo4j.key` and
<filename>neo4j.cert</filename>). Its use will be deprecated. {file}`neo4j.cert`). Its use will be deprecated.
Note: This connector must be configured to support/require Note: This connector must be configured to support/require
SSL/TLS for the legacy policy to actually be utilized. See SSL/TLS for the legacy policy to actually be utilized. See
<option>bolt.tlsLevel</option>. {option}`bolt.tlsLevel`.
''; '';
}; };
@ -254,19 +254,19 @@ in {
type = types.path; type = types.path;
default = "${cfg.directories.home}/certificates"; default = "${cfg.directories.home}/certificates";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/certificates"''; defaultText = literalExpression ''"''${config.${opt.directories.home}}/certificates"'';
description = '' description = lib.mdDoc ''
Directory for storing certificates to be used by Neo4j for Directory for storing certificates to be used by Neo4j for
TLS connections. TLS connections.
When setting this directory to something other than its default, When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user <literal>neo4j</literal>. given to the Neo4j daemon user `neo4j`.
Note that changing this directory from its default will prevent Note that changing this directory from its default will prevent
the directory structure required for each SSL policy from being the directory structure required for each SSL policy from being
automatically generated. A policy's directory structure as defined by automatically generated. A policy's directory structure as defined by
its <option>baseDirectory</option>,<option>revokedDir</option> and its {option}`baseDirectory`,{option}`revokedDir` and
<option>trustedDir</option> must then be setup manually. The {option}`trustedDir` must then be setup manually. The
existence of these directories is mandatory, as well as the presence existence of these directories is mandatory, as well as the presence
of the certificate file and the private key. Ensure the correct of the certificate file and the private key. Ensure the correct
permissions are set on these directories and files. permissions are set on these directories and files.
@ -277,13 +277,13 @@ in {
type = types.path; type = types.path;
default = "${cfg.directories.home}/data"; default = "${cfg.directories.home}/data";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/data"''; defaultText = literalExpression ''"''${config.${opt.directories.home}}/data"'';
description = '' description = lib.mdDoc ''
Path of the data directory. You must not configure more than one Path of the data directory. You must not configure more than one
Neo4j installation to use the same data directory. Neo4j installation to use the same data directory.
When setting this directory to something other than its default, When setting this directory to something other than its default,
ensure the directory's existence, and that read/write permissions are ensure the directory's existence, and that read/write permissions are
given to the Neo4j daemon user <literal>neo4j</literal>. given to the Neo4j daemon user `neo4j`.
''; '';
}; };
@ -302,15 +302,15 @@ in {
type = types.path; type = types.path;
default = "${cfg.directories.home}/import"; default = "${cfg.directories.home}/import";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/import"''; defaultText = literalExpression ''"''${config.${opt.directories.home}}/import"'';
description = '' description = lib.mdDoc ''
The root directory for file URLs used with the Cypher The root directory for file URLs used with the Cypher
<literal>LOAD CSV</literal> clause. Only meaningful when `LOAD CSV` clause. Only meaningful when
<option>constrainLoadCvs</option> is set to {option}`constrainLoadCvs` is set to
<literal>true</literal>. `true`.
When setting this directory to something other than its default, When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is ensure the directory's existence, and that read permission is
given to the Neo4j daemon user <literal>neo4j</literal>. given to the Neo4j daemon user `neo4j`.
''; '';
}; };
@ -318,14 +318,14 @@ in {
type = types.path; type = types.path;
default = "${cfg.directories.home}/plugins"; default = "${cfg.directories.home}/plugins";
defaultText = literalExpression ''"''${config.${opt.directories.home}}/plugins"''; defaultText = literalExpression ''"''${config.${opt.directories.home}}/plugins"'';
description = '' description = lib.mdDoc ''
Path of the database plugin directory. Compiled Java JAR files that Path of the database plugin directory. Compiled Java JAR files that
contain database procedures will be loaded if they are placed in contain database procedures will be loaded if they are placed in
this directory. this directory.
When setting this directory to something other than its default, When setting this directory to something other than its default,
ensure the directory's existence, and that read permission is ensure the directory's existence, and that read permission is
given to the Neo4j daemon user <literal>neo4j</literal>. given to the Neo4j daemon user `neo4j`.
''; '';
}; };
}; };
@ -377,14 +377,14 @@ in {
sslPolicy = mkOption { sslPolicy = mkOption {
type = types.str; type = types.str;
default = "legacy"; default = "legacy";
description = '' description = lib.mdDoc ''
Neo4j SSL policy for HTTPS traffic. Neo4j SSL policy for HTTPS traffic.
The legacy policy is a special policy which is not defined in the The legacy policy is a special policy which is not defined in the
policy configuration section, but rather derives from policy configuration section, but rather derives from
<option>directories.certificates</option> and {option}`directories.certificates` and
associated files (by default: <filename>neo4j.key</filename> and associated files (by default: {file}`neo4j.key` and
<filename>neo4j.cert</filename>). Its use will be deprecated. {file}`neo4j.cert`). Its use will be deprecated.
''; '';
}; };
}; };
@ -407,7 +407,7 @@ in {
allowKeyGeneration = mkOption { allowKeyGeneration = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Allows the generation of a private key and associated self-signed Allows the generation of a private key and associated self-signed
certificate. Only performed when both objects cannot be found for certificate. Only performed when both objects cannot be found for
this policy. It is recommended to turn this off again after keys this policy. It is recommended to turn this off again after keys
@ -415,7 +415,7 @@ in {
The public certificate is required to be duplicated to the The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the directory holding trusted certificates as defined by the
<option>trustedDir</option> option. {option}`trustedDir` option.
Keys should in general be generated and distributed offline by a Keys should in general be generated and distributed offline by a
trusted certificate authority and not by utilizing this mode. trusted certificate authority and not by utilizing this mode.
@ -426,16 +426,16 @@ in {
type = types.path; type = types.path;
default = "${cfg.directories.certificates}/${name}"; default = "${cfg.directories.certificates}/${name}";
defaultText = literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"''; defaultText = literalExpression ''"''${config.${opt.directories.certificates}}/''${name}"'';
description = '' description = lib.mdDoc ''
The mandatory base directory for cryptographic objects of this The mandatory base directory for cryptographic objects of this
policy. This path is only automatically generated when this policy. This path is only automatically generated when this
option as well as <option>directories.certificates</option> are option as well as {option}`directories.certificates` are
left at their default. Ensure read/write permissions are given left at their default. Ensure read/write permissions are given
to the Neo4j daemon user <literal>neo4j</literal>. to the Neo4j daemon user `neo4j`.
It is also possible to override each individual It is also possible to override each individual
configuration with absolute paths. See the configuration with absolute paths. See the
<option>privateKey</option> and <option>publicCertificate</option> {option}`privateKey` and {option}`publicCertificate`
policy options. policy options.
''; '';
}; };
@ -470,15 +470,15 @@ in {
publicCertificate = mkOption { publicCertificate = mkOption {
type = types.str; type = types.str;
default = "public.crt"; default = "public.crt";
description = '' description = lib.mdDoc ''
The name of public X.509 certificate (chain) file in PEM format The name of public X.509 certificate (chain) file in PEM format
for this policy to be found in the <option>baseDirectory</option>, for this policy to be found in the {option}`baseDirectory`,
or the absolute path to the certificate file. It is mandatory or the absolute path to the certificate file. It is mandatory
that a certificate can be found or generated. that a certificate can be found or generated.
The public certificate is required to be duplicated to the The public certificate is required to be duplicated to the
directory holding trusted certificates as defined by the directory holding trusted certificates as defined by the
<option>trustedDir</option> option. {option}`trustedDir` option.
''; '';
}; };
@ -522,18 +522,18 @@ in {
type = types.path; type = types.path;
default = "${config.baseDirectory}/trusted"; default = "${config.baseDirectory}/trusted";
defaultText = literalExpression ''"''${config.${options.baseDirectory}}/trusted"''; defaultText = literalExpression ''"''${config.${options.baseDirectory}}/trusted"'';
description = '' description = lib.mdDoc ''
Path to directory of X.509 certificates in PEM format for Path to directory of X.509 certificates in PEM format for
trusted parties. Must be an absolute path. The existence of this trusted parties. Must be an absolute path. The existence of this
directory is mandatory and will need to be created manually when: directory is mandatory and will need to be created manually when:
setting this option to something other than its default; setting setting this option to something other than its default; setting
either this policy's <option>baseDirectory</option> or either this policy's {option}`baseDirectory` or
<option>directories.certificates</option> to something other than {option}`directories.certificates` to something other than
their default. Ensure read/write permissions are given to the their default. Ensure read/write permissions are given to the
Neo4j daemon user <literal>neo4j</literal>. Neo4j daemon user `neo4j`.
The public certificate as defined by The public certificate as defined by
<option>publicCertificate</option> is required to be duplicated {option}`publicCertificate` is required to be duplicated
to this directory. to this directory.
''; '';
}; };

10
nixos/modules/services/databases/openldap.nix
View File

@ -88,7 +88,7 @@ in {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "Whether to enable the ldap server."; description = lib.mdDoc "Whether to enable the ldap server.";
}; };
package = mkOption { package = mkOption {
@ -173,9 +173,9 @@ in {
configDir = mkOption { configDir = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Use this config directory instead of generating one from the Use this config directory instead of generating one from the
<literal>settings</literal> option. Overrides all NixOS settings. `settings` option. Overrides all NixOS settings.
''; '';
example = "/var/lib/openldap/slapd.d"; example = "/var/lib/openldap/slapd.d";
}; };
@ -183,9 +183,9 @@ in {
mutableConfig = mkOption { mutableConfig = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to allow writable on-line configuration. If Whether to allow writable on-line configuration. If
<literal>true</literal>, the NixOS settings will only be used to `true`, the NixOS settings will only be used to
initialize the OpenLDAP configuration if it does not exist, and are initialize the OpenLDAP configuration if it does not exist, and are
subsequently ignored. subsequently ignored.
''; '';

4
nixos/modules/services/databases/pgmanage.nix
View File

@ -62,11 +62,11 @@ in {
nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres"; nuc-server = "hostaddr=192.168.0.100 port=5432 dbname=postgres";
mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require"; mini-server = "hostaddr=127.0.0.1 port=5432 dbname=postgres sslmode=require";
}; };
description = '' description = lib.mdDoc ''
pgmanage requires at least one PostgreSQL server be defined. pgmanage requires at least one PostgreSQL server be defined.
Detailed information about PostgreSQL connection strings is available at: Detailed information about PostgreSQL connection strings is available at:
<link xlink:href="http://www.postgresql.org/docs/current/static/libpq-connect.html"/> <http://www.postgresql.org/docs/current/static/libpq-connect.html>
Note that you should not specify your user name or password. That Note that you should not specify your user name or password. That
information will be entered on the login screen. If you specify a information will be entered on the login screen. If you specify a

6
nixos/modules/services/databases/postgresql.nix
View File

@ -149,7 +149,7 @@ in
ensurePermissions = mkOption { ensurePermissions = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};
description = '' description = lib.mdDoc ''
Permissions to ensure for the user, specified as an attribute set. Permissions to ensure for the user, specified as an attribute set.
The attribute names specify the database and tables to grant the permissions for. The attribute names specify the database and tables to grant the permissions for.
The attribute values specify the permissions to grant. You may specify one or The attribute values specify the permissions to grant. You may specify one or
@ -157,8 +157,8 @@ in
For more information on how to specify the target For more information on how to specify the target
and on which privileges exist, see the and on which privileges exist, see the
<link xlink:href="https://www.postgresql.org/docs/current/sql-grant.html">GRANT syntax</link>. [GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html).
The attributes are used as <literal>GRANT ''${attrValue} ON ''${attrName}</literal>. The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`.
''; '';
example = literalExpression '' example = literalExpression ''
{ {

6
nixos/modules/services/databases/victoriametrics.nix
View File

@ -28,10 +28,10 @@ let cfg = config.services.victoriametrics; in
extraOptions = mkOption { extraOptions = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = lib.mdDoc ''
Extra options to pass to VictoriaMetrics. See the README: Extra options to pass to VictoriaMetrics. See the README:
<link xlink:href="https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md"/> <https://github.com/VictoriaMetrics/VictoriaMetrics/blob/master/README.md>
or <command>victoriametrics -help</command> for more or {command}`victoriametrics -help` for more
information. information.
''; '';
}; };

4
nixos/modules/services/games/asf.nix
View File

@ -136,8 +136,8 @@ in
}; };
settings = mkOption { settings = mkOption {
type = types.attrs; type = types.attrs;
description = '' description = lib.mdDoc ''
Additional settings that are documented <link xlink:href="https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config">here</link>. Additional settings that are documented [here](https://github.com/JustArchiNET/ArchiSteamFarm/wiki/Configuration#bot-config).
''; '';
default = { }; default = { };
}; };

14
nixos/modules/services/hardware/kanata.nix
View File

@ -10,7 +10,7 @@ let
device = mkOption { device = mkOption {
type = types.str; type = types.str;
example = "/dev/input/by-id/usb-0000_0000-event-kbd"; example = "/dev/input/by-id/usb-0000_0000-event-kbd";
description = "Path to the keyboard device."; description = lib.mdDoc "Path to the keyboard device.";
}; };
config = mkOption { config = mkOption {
type = types.lines; type = types.lines;
@ -33,18 +33,18 @@ let
;; tap within 100ms for capslk, hold more than 100ms for lctl ;; tap within 100ms for capslk, hold more than 100ms for lctl
cap (tap-hold 100 100 caps lctl)) cap (tap-hold 100 100 caps lctl))
''; '';
description = '' description = lib.mdDoc ''
Configuration other than defcfg. Configuration other than defcfg.
See <link xlink:href="https://github.com/jtroo/kanata"/> for more information. See <https://github.com/jtroo/kanata> for more information.
''; '';
}; };
extraDefCfg = mkOption { extraDefCfg = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
example = "danger-enable-cmd yes"; example = "danger-enable-cmd yes";
description = '' description = lib.mdDoc ''
Configuration of defcfg other than linux-dev. Configuration of defcfg other than linux-dev.
See <link xlink:href="https://github.com/jtroo/kanata"/> for more information. See <https://github.com/jtroo/kanata> for more information.
''; '';
}; };
}; };
@ -131,7 +131,7 @@ in
default = pkgs.kanata; default = pkgs.kanata;
defaultText = lib.literalExpression "pkgs.kanata"; defaultText = lib.literalExpression "pkgs.kanata";
example = lib.literalExpression "pkgs.kanata-with-cmd"; example = lib.literalExpression "pkgs.kanata-with-cmd";
description = '' description = lib.mdDoc ''
kanata package to use. kanata package to use.
If you enable danger-enable-cmd, pkgs.kanata-with-cmd should be used. If you enable danger-enable-cmd, pkgs.kanata-with-cmd should be used.
''; '';
@ -139,7 +139,7 @@ in
keyboards = mkOption { keyboards = mkOption {
type = types.attrsOf (types.submodule keyboard); type = types.attrsOf (types.submodule keyboard);
default = { }; default = { };
description = "Keyboard configurations."; description = lib.mdDoc "Keyboard configurations.";
}; };
}; };

16
nixos/modules/services/hardware/udev.nix
View File

@ -209,11 +209,11 @@ in
packages = mkOption { packages = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = []; default = [];
description = '' description = lib.mdDoc ''
List of packages containing <command>udev</command> rules. List of packages containing {command}`udev` rules.
All files found in All files found in
<filename>«pkg»/etc/udev/rules.d</filename> and {file}`«pkg»/etc/udev/rules.d` and
<filename>«pkg»/lib/udev/rules.d</filename> {file}`«pkg»/lib/udev/rules.d`
will be included. will be included.
''; '';
apply = map getBin; apply = map getBin;
@ -281,15 +281,15 @@ in
networking.usePredictableInterfaceNames = mkOption { networking.usePredictableInterfaceNames = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Whether to assign <link xlink:href="http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames">predictable names to network interfaces</link>. Whether to assign [predictable names to network interfaces](http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames).
If enabled, interfaces If enabled, interfaces
are assigned names that contain topology information are assigned names that contain topology information
(e.g. <literal>wlp3s0</literal>) and thus should be stable (e.g. `wlp3s0`) and thus should be stable
across reboots. If disabled, names depend on the order in across reboots. If disabled, names depend on the order in
which interfaces are discovered by the kernel, which may which interfaces are discovered by the kernel, which may
change randomly across reboots; for instance, you may find change randomly across reboots; for instance, you may find
<literal>eth0</literal> and <literal>eth1</literal> flipping `eth0` and `eth1` flipping
unpredictably. unpredictably.
''; '';
}; };

20
nixos/modules/services/logging/filebeat.nix
View File

@ -31,20 +31,20 @@ in
}; };
inputs = mkOption { inputs = mkOption {
description = '' description = lib.mdDoc ''
Inputs specify how Filebeat locates and processes input data. Inputs specify how Filebeat locates and processes input data.
This is like <literal>services.filebeat.settings.filebeat.inputs</literal>, This is like `services.filebeat.settings.filebeat.inputs`,
but structured as an attribute set. This has the benefit but structured as an attribute set. This has the benefit
that multiple NixOS modules can contribute settings to a that multiple NixOS modules can contribute settings to a
single filebeat input. single filebeat input.
An input type can be specified multiple times by choosing a An input type can be specified multiple times by choosing a
different <literal>&lt;name></literal> for each, but setting different `<name>` for each, but setting
<xref linkend="opt-services.filebeat.inputs._name_.type"/> [](#opt-services.filebeat.inputs._name_.type)
to the same value. to the same value.
See <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html"/>. See <https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html>.
''; '';
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {
@ -77,24 +77,24 @@ in
}; };
modules = mkOption { modules = mkOption {
description = '' description = lib.mdDoc ''
Filebeat modules provide a quick way to get started Filebeat modules provide a quick way to get started
processing common log formats. They contain default processing common log formats. They contain default
configurations, Elasticsearch ingest pipeline definitions, configurations, Elasticsearch ingest pipeline definitions,
and Kibana dashboards to help you implement and deploy a log and Kibana dashboards to help you implement and deploy a log
monitoring solution. monitoring solution.
This is like <literal>services.filebeat.settings.filebeat.modules</literal>, This is like `services.filebeat.settings.filebeat.modules`,
but structured as an attribute set. This has the benefit but structured as an attribute set. This has the benefit
that multiple NixOS modules can contribute settings to a that multiple NixOS modules can contribute settings to a
single filebeat module. single filebeat module.
A module can be specified multiple times by choosing a A module can be specified multiple times by choosing a
different <literal>&lt;name></literal> for each, but setting different `<name>` for each, but setting
<xref linkend="opt-services.filebeat.modules._name_.module"/> [](#opt-services.filebeat.modules._name_.module)
to the same value. to the same value.
See <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html"/>. See <https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-modules.html>.
''; '';
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {

10
nixos/modules/services/logging/logrotate.nix
View File

@ -276,9 +276,9 @@ in
defaultText = '' defaultText = ''
A configuration file automatically generated by NixOS. A configuration file automatically generated by NixOS.
''; '';
description = '' description = lib.mdDoc ''
Override the configuration file used by MySQL. By default, Override the configuration file used by MySQL. By default,
NixOS generates one automatically from <xref linkend="opt-services.logrotate.settings"/>. NixOS generates one automatically from [](#opt-services.logrotate.settings).
''; '';
example = literalExpression '' example = literalExpression ''
pkgs.writeText "logrotate.conf" ''' pkgs.writeText "logrotate.conf" '''
@ -346,11 +346,11 @@ in
extraConfig = mkOption { extraConfig = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
Extra contents to append to the logrotate configuration file. Refer to Extra contents to append to the logrotate configuration file. Refer to
<link xlink:href="https://linux.die.net/man/8/logrotate"/> for details. <https://linux.die.net/man/8/logrotate> for details.
This setting has been deprecated in favor of This setting has been deprecated in favor of
<link linkend="opt-services.logrotate.settings">logrotate settings</link>. [logrotate settings](#opt-services.logrotate.settings).
''; '';
}; };
}; };

4
nixos/modules/services/mail/mailman.nix
View File

@ -112,9 +112,9 @@ in {
bindPasswordFile = mkOption { bindPasswordFile = mkOption {
type = types.str; type = types.str;
example = "/run/secrets/ldap-bind"; example = "/run/secrets/ldap-bind";
description = '' description = lib.mdDoc ''
Path to the file containing the bind password of the servie account Path to the file containing the bind password of the servie account
defined by <xref linkend="opt-services.mailman.ldap.bindDn"/>. defined by [](#opt-services.mailman.ldap.bindDn).
''; '';
}; };
superUserGroup = mkOption { superUserGroup = mkOption {

12
nixos/modules/services/mail/nullmailer.nix
View File

@ -38,11 +38,11 @@ with lib;
remotesFile = mkOption { remotesFile = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = lib.mdDoc ''
Path to the <literal>remotes</literal> control file. This file contains a Path to the `remotes` control file. This file contains a
list of remote servers to which to send each message. list of remote servers to which to send each message.
See <literal>man 8 nullmailer-send</literal> for syntax and available See `man 8 nullmailer-send` for syntax and available
options. options.
''; '';
}; };
@ -153,17 +153,17 @@ with lib;
remotes = mkOption { remotes = mkOption {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
description = '' description = lib.mdDoc ''
A list of remote servers to which to send each message. Each line A list of remote servers to which to send each message. Each line
contains a remote host name or address followed by an optional contains a remote host name or address followed by an optional
protocol string, separated by white space. protocol string, separated by white space.
See <literal>man 8 nullmailer-send</literal> for syntax and available See `man 8 nullmailer-send` for syntax and available
options. options.
WARNING: This is stored world-readable in the nix store. If you need WARNING: This is stored world-readable in the nix store. If you need
to specify any secret credentials here, consider using the to specify any secret credentials here, consider using the
<literal>remotesFile</literal> option instead. `remotesFile` option instead.
''; '';
}; };

6
nixos/modules/services/mail/postfixadmin.nix
View File

@ -13,12 +13,12 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to enable postfixadmin. Whether to enable postfixadmin.
Also enables nginx virtual host management. Also enables nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>. Further nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information. See [](#opt-services.nginx.virtualHosts) for further information.
''; '';
}; };

10
nixos/modules/services/mail/public-inbox.nix
View File

@ -23,10 +23,10 @@ let
port = mkOption { port = mkOption {
type = with types; nullOr (either str port); type = with types; nullOr (either str port);
default = defaultPort; default = defaultPort;
description = '' description = lib.mdDoc ''
Listening port. Listening port.
Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not. Beware that public-inbox uses well-known ports number to decide whether to enable TLS or not.
Set to null and use <literal>systemd.sockets.public-inbox-${proto}d.listenStreams</literal> Set to null and use `systemd.sockets.public-inbox-${proto}d.listenStreams`
if you need a more advanced listening. if you need a more advanced listening.
''; '';
}; };
@ -239,11 +239,11 @@ in
type = with types; nullOr (either str port); type = with types; nullOr (either str port);
default = 80; default = 80;
example = "/run/public-inbox-httpd.sock"; example = "/run/public-inbox-httpd.sock";
description = '' description = lib.mdDoc ''
Listening port or systemd's ListenStream= entry Listening port or systemd's ListenStream= entry
to be used as a reverse proxy, eg. in nginx: to be used as a reverse proxy, eg. in nginx:
<literal>locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";</literal> `locations."/inbox".proxyPass = "http://unix:''${config.services.public-inbox.http.port}:/inbox";`
Set to null and use <literal>systemd.sockets.public-inbox-httpd.listenStreams</literal> Set to null and use `systemd.sockets.public-inbox-httpd.listenStreams`
if you need a more advanced listening. if you need a more advanced listening.
''; '';
}; };

10
nixos/modules/services/mail/roundcube.nix
View File

@ -14,12 +14,12 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to enable roundcube. Whether to enable roundcube.
Also enables nginx virtual host management. Also enables nginx virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>. Further nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information. See [](#opt-services.nginx.virtualHosts) for further information.
''; '';
}; };
@ -99,11 +99,11 @@ in
maxAttachmentSize = mkOption { maxAttachmentSize = mkOption {
type = types.int; type = types.int;
default = 18; default = 18;
description = '' description = lib.mdDoc ''
The maximum attachment size in MB. The maximum attachment size in MB.
Note: Since roundcube only uses 70% of max upload values configured in php Note: Since roundcube only uses 70% of max upload values configured in php
30% is added automatically to <xref linkend="opt-services.roundcube.maxAttachmentSize"/>. 30% is added automatically to [](#opt-services.roundcube.maxAttachmentSize).
''; '';
apply = configuredMaxAttachmentSize: "${toString (configuredMaxAttachmentSize * 1.3)}M"; apply = configuredMaxAttachmentSize: "${toString (configuredMaxAttachmentSize * 1.3)}M";
}; };

16
nixos/modules/services/mail/sympa.nix
View File

@ -86,9 +86,9 @@ in
type = str; type = str;
default = "en_US"; default = "en_US";
example = "cs"; example = "cs";
description = '' description = lib.mdDoc ''
Default Sympa language. Default Sympa language.
See <link xlink:href="https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa"/> See <https://github.com/sympa-community/sympa/tree/sympa-6.2/po/sympa>
for available options. for available options.
''; '';
}; };
@ -136,9 +136,9 @@ in
example = { example = {
default_max_list_members = 3; default_max_list_members = 3;
}; };
description = '' description = lib.mdDoc ''
The <filename>robot.conf</filename> configuration file as key value set. The {file}`robot.conf` configuration file as key value set.
See <link xlink:href="https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html"/> See <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html>
for list of configuration parameters. for list of configuration parameters.
''; '';
}; };
@ -285,9 +285,9 @@ in
viewlogs_page_size = 50; viewlogs_page_size = 50;
} }
''; '';
description = '' description = lib.mdDoc ''
The <filename>sympa.conf</filename> configuration file as key value set. The {file}`sympa.conf` configuration file as key value set.
See <link xlink:href="https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html"/> See <https://sympa-community.github.io/gpldoc/man/sympa.conf.5.html>
for list of configuration parameters. for list of configuration parameters.
''; '';
}; };

10
nixos/modules/services/matrix/appservice-discord.nix
View File

@ -40,16 +40,16 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
<filename>config.yaml</filename> configuration as a Nix attribute set. {file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in Configuration options should match those described in
<link xlink:href="https://github.com/Half-Shot/matrix-appservice-discord/blob/master/config/config.sample.yaml">config.sample.yaml</link>. [config.sample.yaml](https://github.com/Half-Shot/matrix-appservice-discord/blob/master/config/config.sample.yaml).
<option>config.bridge.domain</option> and <option>config.bridge.homeserverUrl</option> {option}`config.bridge.domain` and {option}`config.bridge.homeserverUrl`
should be set to match the public host name of the Matrix homeserver for webhooks and avatars to work. should be set to match the public host name of the Matrix homeserver for webhooks and avatars to work.
Secret tokens should be specified using <option>environmentFile</option> Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set. instead of this world-readable attribute set.
''; '';
}; };

8
nixos/modules/services/matrix/mautrix-facebook.nix
View File

@ -75,12 +75,12 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
<filename>config.yaml</filename> configuration as a Nix attribute set. {file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in Configuration options should match those described in
<link xlink:href="https://github.com/mautrix/facebook/blob/master/mautrix_facebook/example-config.yaml">example-config.yaml</link>. [example-config.yaml](https://github.com/mautrix/facebook/blob/master/mautrix_facebook/example-config.yaml).
Secret tokens should be specified using <option>environmentFile</option> Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set. instead of this world-readable attribute set.
''; '';
}; };

8
nixos/modules/services/matrix/mautrix-telegram.nix
View File

@ -78,12 +78,12 @@ in {
}; };
} }
''; '';
description = '' description = lib.mdDoc ''
<filename>config.yaml</filename> configuration as a Nix attribute set. {file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in Configuration options should match those described in
<link xlink:href="https://github.com/tulir/mautrix-telegram/blob/master/example-config.yaml">example-config.yaml</link>. [example-config.yaml](https://github.com/tulir/mautrix-telegram/blob/master/example-config.yaml).
Secret tokens should be specified using <option>environmentFile</option> Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set. instead of this world-readable attribute set.
''; '';
}; };

4
nixos/modules/services/misc/autorandr.nix
View File

@ -27,9 +27,9 @@ let
options = { options = {
fingerprint = mkOption { fingerprint = mkOption {
type = types.attrsOf types.str; type = types.attrsOf types.str;
description = '' description = lib.mdDoc ''
Output name to EDID mapping. Output name to EDID mapping.
Use <literal>autorandr --fingerprint</literal> to get current setup values. Use `autorandr --fingerprint` to get current setup values.
''; '';
default = { }; default = { };
}; };

4
nixos/modules/services/misc/bees.nix
View File

@ -11,7 +11,7 @@ let
fsOptions = with types; { fsOptions = with types; {
options.spec = mkOption { options.spec = mkOption {
type = str; type = str;
description = '' description = lib.mdDoc ''
Description of how to identify the filesystem to be duplicated by this Description of how to identify the filesystem to be duplicated by this
instance of bees. Note that deduplication crosses subvolumes; one must instance of bees. Note that deduplication crosses subvolumes; one must
not configure multiple instances for subvolumes of the same filesystem not configure multiple instances for subvolumes of the same filesystem
@ -28,7 +28,7 @@ let
options.hashTableSizeMB = mkOption { options.hashTableSizeMB = mkOption {
type = types.addCheck types.int (n: mod n 16 == 0); type = types.addCheck types.int (n: mod n 16 == 0);
default = 1024; # 1GB; default from upstream beesd script default = 1024; # 1GB; default from upstream beesd script
description = '' description = lib.mdDoc ''
Hash table size in MB; must be a multiple of 16. Hash table size in MB; must be a multiple of 16.
A larger ratio of index size to storage size means smaller blocks of A larger ratio of index size to storage size means smaller blocks of

4
nixos/modules/services/misc/etcd.nix
View File

@ -125,9 +125,9 @@ in {
}; };
extraConf = mkOption { extraConf = mkOption {
description = '' description = lib.mdDoc ''
Etcd extra configuration. See Etcd extra configuration. See
<link xlink:href="https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags"/> <https://github.com/coreos/etcd/blob/master/Documentation/op-guide/configuration.md#configuration-flags>
''; '';
type = types.attrsOf types.str; type = types.attrsOf types.str;
default = {}; default = {};

2
nixos/modules/services/misc/klipper.nix
View File

@ -71,7 +71,7 @@ in
}; };
firmwares = mkOption { firmwares = mkOption {
description = "Firmwares klipper should manage"; description = lib.mdDoc "Firmwares klipper should manage";
default = { }; default = { };
type = with types; attrsOf type = with types; attrsOf
(submodule { (submodule {

2
nixos/modules/services/misc/sssd.nix
View File

@ -42,7 +42,7 @@ in {
kcm = mkOption { kcm = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to use SSS as a Kerberos Cache Manager (KCM). Whether to use SSS as a Kerberos Cache Manager (KCM).
Kerberos will be configured to cache credentials in SSS. Kerberos will be configured to cache credentials in SSS.
''; '';

14
nixos/modules/services/monitoring/cadvisor.nix
View File

@ -66,16 +66,16 @@ in {
storageDriverPasswordFile = mkOption { storageDriverPasswordFile = mkOption {
type = types.str; type = types.str;
description = '' description = lib.mdDoc ''
File that contains the cadvisor storage driver password. File that contains the cadvisor storage driver password.
<option>storageDriverPasswordFile</option> takes precedence over <option>storageDriverPassword</option> {option}`storageDriverPasswordFile` takes precedence over {option}`storageDriverPassword`
Warning: when <option>storageDriverPassword</option> is non-empty this defaults to a file in the Warning: when {option}`storageDriverPassword` is non-empty this defaults to a file in the
world-readable Nix store that contains the value of <option>storageDriverPassword</option>. world-readable Nix store that contains the value of {option}`storageDriverPassword`.
It's recommended to override this with a path not in the Nix store. It's recommended to override this with a path not in the Nix store.
Tip: use <link xlink:href="https://nixos.org/nixops/manual/#idm140737318306400">nixops key management</link> Tip: use [nixops key management](https://nixos.org/nixops/manual/#idm140737318306400)
''; '';
}; };
@ -88,10 +88,10 @@ in {
extraOptions = mkOption { extraOptions = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = lib.mdDoc ''
Additional cadvisor options. Additional cadvisor options.
See <link xlink:href="https://github.com/google/cadvisor/blob/master/docs/runtime_options.md"/> for available options. See <https://github.com/google/cadvisor/blob/master/docs/runtime_options.md> for available options.
''; '';
}; };
}; };

4
nixos/modules/services/monitoring/graphite.nix
View File

@ -251,9 +251,9 @@ in {
extraConfig = mkOption { extraConfig = mkOption {
default = {}; default = {};
description = '' description = lib.mdDoc ''
Extra seyren configuration. See Extra seyren configuration. See
<link xlink:href="https://github.com/scobal/seyren#config"/> <https://github.com/scobal/seyren#config>
''; '';
type = types.attrsOf types.str; type = types.attrsOf types.str;
example = literalExpression '' example = literalExpression ''

10
nixos/modules/services/monitoring/metricbeat.nix
View File

@ -32,17 +32,17 @@ in
}; };
modules = mkOption { modules = mkOption {
description = '' description = lib.mdDoc ''
Metricbeat modules are responsible for reading metrics from the various sources. Metricbeat modules are responsible for reading metrics from the various sources.
This is like <literal>services.metricbeat.settings.metricbeat.modules</literal>, This is like `services.metricbeat.settings.metricbeat.modules`,
but structured as an attribute set. This has the benefit that multiple but structured as an attribute set. This has the benefit that multiple
NixOS modules can contribute settings to a single metricbeat module. NixOS modules can contribute settings to a single metricbeat module.
A module can be specified multiple times by choosing a different <literal>&lt;name></literal> A module can be specified multiple times by choosing a different `<name>`
for each, but setting <xref linkend="opt-services.metricbeat.modules._name_.module"/> to the same value. for each, but setting [](#opt-services.metricbeat.modules._name_.module) to the same value.
See <link xlink:href="https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html"/>. See <https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-modules.html>.
''; '';
default = {}; default = {};
type = types.attrsOf (types.submodule ({ name, ... }: { type = types.attrsOf (types.submodule ({ name, ... }: {

28
nixos/modules/services/monitoring/munin.nix
View File

@ -138,29 +138,29 @@ in
enable = mkOption { enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Enable Munin Node agent. Munin node listens on 0.0.0.0 and Enable Munin Node agent. Munin node listens on 0.0.0.0 and
by default accepts connections only from 127.0.0.1 for security reasons. by default accepts connections only from 127.0.0.1 for security reasons.
See <link xlink:href="http://guide.munin-monitoring.org/en/latest/architecture/index.html"/>. See <http://guide.munin-monitoring.org/en/latest/architecture/index.html>.
''; '';
}; };
extraConfig = mkOption { extraConfig = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
<filename>munin-node.conf</filename> extra configuration. See {file}`munin-node.conf` extra configuration. See
<link xlink:href="http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html"/> <http://guide.munin-monitoring.org/en/latest/reference/munin-node.conf.html>
''; '';
}; };
extraPluginConfig = mkOption { extraPluginConfig = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
<filename>plugin-conf.d</filename> extra plugin configuration. See {file}`plugin-conf.d` extra plugin configuration. See
<link xlink:href="http://guide.munin-monitoring.org/en/latest/plugin/use.html"/> <http://guide.munin-monitoring.org/en/latest/plugin/use.html>
''; '';
example = '' example = ''
[fail2ban_*] [fail2ban_*]
@ -266,11 +266,11 @@ in
extraGlobalConfig = mkOption { extraGlobalConfig = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
<filename>munin.conf</filename> extra global configuration. {file}`munin.conf` extra global configuration.
See <link xlink:href="http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html"/>. See <http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>.
Useful to setup notifications, see Useful to setup notifications, see
<link xlink:href="http://guide.munin-monitoring.org/en/latest/tutorial/alert.html"/> <http://guide.munin-monitoring.org/en/latest/tutorial/alert.html>
''; '';
example = '' example = ''
contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
@ -280,10 +280,10 @@ in
hosts = mkOption { hosts = mkOption {
default = ""; default = "";
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
Definitions of hosts of nodes to collect data from. Needs at least one Definitions of hosts of nodes to collect data from. Needs at least one
host for cron to succeed. See host for cron to succeed. See
<link xlink:href="http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html"/> <http://guide.munin-monitoring.org/en/latest/reference/munin.conf.html>
''; '';
example = literalExpression '' example = literalExpression ''
''' '''

4
nixos/modules/services/monitoring/netdata.nix
View File

@ -114,13 +114,13 @@ in {
example = literalExpression '' example = literalExpression ''
[ "/path/to/plugins.d" ] [ "/path/to/plugins.d" ]
''; '';
description = '' description = lib.mdDoc ''
Extra paths to add to the netdata global "plugins directory" Extra paths to add to the netdata global "plugins directory"
option. Useful for when you want to include your own option. Useful for when you want to include your own
collection scripts. collection scripts.
Details about writing a custom netdata plugin are available at: Details about writing a custom netdata plugin are available at:
<link xlink:href="https://docs.netdata.cloud/collectors/plugins.d/"/> <https://docs.netdata.cloud/collectors/plugins.d/>
Cannot be combined with configText. Cannot be combined with configText.
''; '';

34
nixos/modules/services/monitoring/parsedmarc.nix
View File

@ -29,11 +29,11 @@ in
enable = lib.mkOption { enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether Postfix and Dovecot should be set up to receive Whether Postfix and Dovecot should be set up to receive
mail locally. parsedmarc will be configured to watch the mail locally. parsedmarc will be configured to watch the
local inbox as the automatically created user specified in local inbox as the automatically created user specified in
<xref linkend="opt-services.parsedmarc.provision.localMail.recipientName" /> [](#opt-services.parsedmarc.provision.localMail.recipientName)
''; '';
}; };
@ -68,13 +68,13 @@ in
geoIp = lib.mkOption { geoIp = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether to enable and configure the <link linkend="opt-services.geoipupdate.enable">geoipupdate</link> Whether to enable and configure the [geoipupdate](#opt-services.geoipupdate.enable)
service to automatically fetch GeoIP databases. Not crucial, service to automatically fetch GeoIP databases. Not crucial,
but recommended for full functionality. but recommended for full functionality.
To finish the setup, you need to manually set the <xref linkend="opt-services.geoipupdate.settings.AccountID"/> and To finish the setup, you need to manually set the [](#opt-services.geoipupdate.settings.AccountID) and
<xref linkend="opt-services.geoipupdate.settings.LicenseKey"/> [](#opt-services.geoipupdate.settings.LicenseKey)
options. options.
''; '';
}; };
@ -95,11 +95,11 @@ in
config.${opt.provision.elasticsearch} && config.${options.services.grafana.enable} config.${opt.provision.elasticsearch} && config.${options.services.grafana.enable}
''; '';
apply = x: x && cfg.provision.elasticsearch; apply = x: x && cfg.provision.elasticsearch;
description = '' description = lib.mdDoc ''
Whether the automatically provisioned Elasticsearch Whether the automatically provisioned Elasticsearch
instance should be added as a grafana datasource. Has no instance should be added as a grafana datasource. Has no
effect unless effect unless
<xref linkend="opt-services.parsedmarc.provision.elasticsearch"/> [](#opt-services.parsedmarc.provision.elasticsearch)
is also enabled. is also enabled.
''; '';
}; };
@ -206,12 +206,12 @@ in
password = lib.mkOption { password = lib.mkOption {
type = with lib.types; nullOr (either path (attrsOf path)); type = with lib.types; nullOr (either path (attrsOf path));
default = null; default = null;
description = '' description = lib.mdDoc ''
The IMAP server password. The IMAP server password.
Always handled as a secret whether the value is Always handled as a secret whether the value is
wrapped in a <literal>{ _secret = ...; }</literal> wrapped in a `{ _secret = ...; }`
attrset or not (refer to <xref linkend="opt-services.parsedmarc.settings"/> for attrset or not (refer to [](#opt-services.parsedmarc.settings) for
details). details).
''; '';
apply = x: if isAttrs x || x == null then x else { _secret = x; }; apply = x: if isAttrs x || x == null then x else { _secret = x; };
@ -270,12 +270,12 @@ in
password = lib.mkOption { password = lib.mkOption {
type = with lib.types; nullOr (either path (attrsOf path)); type = with lib.types; nullOr (either path (attrsOf path));
default = null; default = null;
description = '' description = lib.mdDoc ''
The SMTP server password. The SMTP server password.
Always handled as a secret whether the value is Always handled as a secret whether the value is
wrapped in a <literal>{ _secret = ...; }</literal> wrapped in a `{ _secret = ...; }`
attrset or not (refer to <xref linkend="opt-services.parsedmarc.settings"/> for attrset or not (refer to [](#opt-services.parsedmarc.settings) for
details). details).
''; '';
apply = x: if isAttrs x || x == null then x else { _secret = x; }; apply = x: if isAttrs x || x == null then x else { _secret = x; };
@ -322,13 +322,13 @@ in
password = lib.mkOption { password = lib.mkOption {
type = with lib.types; nullOr (either path (attrsOf path)); type = with lib.types; nullOr (either path (attrsOf path));
default = null; default = null;
description = '' description = lib.mdDoc ''
The password to use when connecting to Elasticsearch, The password to use when connecting to Elasticsearch,
if required. if required.
Always handled as a secret whether the value is Always handled as a secret whether the value is
wrapped in a <literal>{ _secret = ...; }</literal> wrapped in a `{ _secret = ...; }`
attrset or not (refer to <xref linkend="opt-services.parsedmarc.settings"/> for attrset or not (refer to [](#opt-services.parsedmarc.settings) for
details). details).
''; '';
apply = x: if isAttrs x || x == null then x else { _secret = x; }; apply = x: if isAttrs x || x == null then x else { _secret = x; };

10
nixos/modules/services/networking/biboumi.nix
View File

@ -83,13 +83,13 @@ in
}; };
options.password = mkOption { options.password = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
description = '' description = lib.mdDoc ''
The password used to authenticate the XMPP component to your XMPP server. The password used to authenticate the XMPP component to your XMPP server.
This password must be configured in the XMPP server, This password must be configured in the XMPP server,
associated with the external component on associated with the external component on
<link linkend="opt-services.biboumi.settings.hostname">hostname</link>. [hostname](#opt-services.biboumi.settings.hostname).
Set it to null and use <link linkend="opt-services.biboumi.credentialsFile">credentialsFile</link> Set it to null and use [credentialsFile](#opt-services.biboumi.credentialsFile)
if you do not want this password to go into the Nix store. if you do not want this password to go into the Nix store.
''; '';
}; };
@ -155,12 +155,12 @@ in
credentialsFile = mkOption { credentialsFile = mkOption {
type = types.path; type = types.path;
description = '' description = lib.mdDoc ''
Path to a configuration file to be merged with the settings. Path to a configuration file to be merged with the settings.
Beware not to surround "=" with spaces when setting biboumi's options in this file. Beware not to surround "=" with spaces when setting biboumi's options in this file.
Useful to merge a file which is better kept out of the Nix store Useful to merge a file which is better kept out of the Nix store
because it contains sensible data like because it contains sensible data like
<link linkend="opt-services.biboumi.settings.password">password</link>. [password](#opt-services.biboumi.settings.password).
''; '';
default = "/dev/null"; default = "/dev/null";
example = "/run/keys/biboumi.cfg"; example = "/run/keys/biboumi.cfg";

8
nixos/modules/services/networking/bird-lg.nix
View File

@ -136,8 +136,8 @@ in
extraArgs = mkOption { extraArgs = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra parameters documented <link xlink:href="https://github.com/xddxdd/bird-lg-go#frontend">here</link>. Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#frontend).
''; '';
}; };
}; };
@ -183,8 +183,8 @@ in
extraArgs = mkOption { extraArgs = mkOption {
type = types.lines; type = types.lines;
default = ""; default = "";
description = '' description = lib.mdDoc ''
Extra parameters documented <link xlink:href="https://github.com/xddxdd/bird-lg-go#proxy">here</link>. Extra parameters documented [here](https://github.com/xddxdd/bird-lg-go#proxy).
''; '';
}; };
}; };

12
nixos/modules/services/networking/bird.nix
View File

@ -13,18 +13,18 @@ in
enable = mkEnableOption "BIRD Internet Routing Daemon"; enable = mkEnableOption "BIRD Internet Routing Daemon";
config = mkOption { config = mkOption {
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
BIRD Internet Routing Daemon configuration file. BIRD Internet Routing Daemon configuration file.
<link xlink:href="http://bird.network.cz/"/> <http://bird.network.cz/>
''; '';
}; };
checkConfig = mkOption { checkConfig = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Whether the config should be checked at build time. Whether the config should be checked at build time.
When the config can't be checked during build time, for example when it includes When the config can't be checked during build time, for example when it includes
other files, either disable this option or use <literal>preCheckConfig</literal> to create other files, either disable this option or use `preCheckConfig` to create
the included files before checking. the included files before checking.
''; '';
}; };
@ -34,9 +34,9 @@ in
example = '' example = ''
echo "cost 100;" > include.conf echo "cost 100;" > include.conf
''; '';
description = '' description = lib.mdDoc ''
Commands to execute before the config file check. The file to be checked will be Commands to execute before the config file check. The file to be checked will be
available as <literal>bird2.conf</literal> in the current directory. available as `bird2.conf` in the current directory.
Files created with this option will not be available at service runtime, only during Files created with this option will not be available at service runtime, only during
build time checking. build time checking.

4
nixos/modules/services/networking/coredns.nix
View File

@ -17,9 +17,9 @@ in {
} }
''; '';
type = types.lines; type = types.lines;
description = '' description = lib.mdDoc ''
Verbatim Corefile to use. Verbatim Corefile to use.
See <link xlink:href="https://coredns.io/manual/toc/#configuration"/> for details. See <https://coredns.io/manual/toc/#configuration> for details.
''; '';
}; };

14
nixos/modules/services/networking/ghostunnel.nix
View File

@ -49,28 +49,28 @@ let
}; };
cert = mkOption { cert = mkOption {
description = '' description = lib.mdDoc ''
Path to certificate (PEM with certificate chain). Path to certificate (PEM with certificate chain).
Not required if <literal>keystore</literal> is set. Not required if `keystore` is set.
''; '';
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
}; };
key = mkOption { key = mkOption {
description = '' description = lib.mdDoc ''
Path to certificate private key (PEM with private key). Path to certificate private key (PEM with private key).
Not required if <literal>keystore</literal> is set. Not required if `keystore` is set.
''; '';
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
}; };
cacert = mkOption { cacert = mkOption {
description = '' description = lib.mdDoc ''
Path to CA bundle file (PEM/X509). Uses system trust store if <literal>null</literal>. Path to CA bundle file (PEM/X509). Uses system trust store if `null`.
''; '';
type = types.nullOr types.str; type = types.nullOr types.str;
}; };
@ -124,7 +124,7 @@ let
}; };
extraArguments = mkOption { extraArguments = mkOption {
description = "Extra arguments to pass to <literal>ghostunnel server</literal>"; description = lib.mdDoc "Extra arguments to pass to `ghostunnel server`";
type = types.separatedString " "; type = types.separatedString " ";
default = ""; default = "";
}; };

4
nixos/modules/services/networking/hans.nix
View File

@ -19,11 +19,11 @@ in
services.hans = { services.hans = {
clients = mkOption { clients = mkOption {
default = {}; default = {};
description = '' description = lib.mdDoc ''
Each attribute of this option defines a systemd service that Each attribute of this option defines a systemd service that
runs hans. Many or none may be defined. runs hans. Many or none may be defined.
The name of each service is The name of each service is
<literal>hans-«name»</literal> `hans-«name»`
where «name» is the name of the where «name» is the name of the
corresponding attribute name. corresponding attribute name.
''; '';

4
nixos/modules/services/networking/iodine.nix
View File

@ -28,11 +28,11 @@ in
services.iodine = { services.iodine = {
clients = mkOption { clients = mkOption {
default = {}; default = {};
description = '' description = lib.mdDoc ''
Each attribute of this option defines a systemd service that Each attribute of this option defines a systemd service that
runs iodine. Many or none may be defined. runs iodine. Many or none may be defined.
The name of each service is The name of each service is
<literal>iodine-«name»</literal> `iodine-«name»`
where «name» is the name of the where «name» is the name of the
corresponding attribute name. corresponding attribute name.
''; '';

32
nixos/modules/services/networking/kea.nix
View File

@ -54,11 +54,11 @@ in
configFile = mkOption { configFile = mkOption {
type = nullOr path; type = nullOr path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Kea Control Agent configuration as a path, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html"/>. Kea Control Agent configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/agent.html>.
Takes preference over <link linkend="opt-services.kea.ctrl-agent.settings">settings</link>. Takes preference over [settings](#opt-services.kea.ctrl-agent.settings).
Most users should prefer using <link linkend="opt-services.kea.ctrl-agent.settings">settings</link> instead. Most users should prefer using [settings](#opt-services.kea.ctrl-agent.settings) instead.
''; '';
}; };
@ -93,11 +93,11 @@ in
configFile = mkOption { configFile = mkOption {
type = nullOr path; type = nullOr path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Kea DHCP4 configuration as a path, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html"/>. Kea DHCP4 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp4-srv.html>.
Takes preference over <link linkend="opt-services.kea.dhcp4.settings">settings</link>. Takes preference over [settings](#opt-services.kea.dhcp4.settings).
Most users should prefer using <link linkend="opt-services.kea.dhcp4.settings">settings</link> instead. Most users should prefer using [settings](#opt-services.kea.dhcp4.settings) instead.
''; '';
}; };
@ -153,11 +153,11 @@ in
configFile = mkOption { configFile = mkOption {
type = nullOr path; type = nullOr path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Kea DHCP6 configuration as a path, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html"/>. Kea DHCP6 configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/dhcp6-srv.html>.
Takes preference over <link linkend="opt-services.kea.dhcp6.settings">settings</link>. Takes preference over [settings](#opt-services.kea.dhcp6.settings).
Most users should prefer using <link linkend="opt-services.kea.dhcp6.settings">settings</link> instead. Most users should prefer using [settings](#opt-services.kea.dhcp6.settings) instead.
''; '';
}; };
@ -214,11 +214,11 @@ in
configFile = mkOption { configFile = mkOption {
type = nullOr path; type = nullOr path;
default = null; default = null;
description = '' description = lib.mdDoc ''
Kea DHCP-DDNS configuration as a path, see <link xlink:href="https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html"/>. Kea DHCP-DDNS configuration as a path, see <https://kea.readthedocs.io/en/kea-${package.version}/arm/ddns.html>.
Takes preference over <link linkend="opt-services.kea.dhcp-ddns.settings">settings</link>. Takes preference over [settings](#opt-services.kea.dhcp-ddns.settings).
Most users should prefer using <link linkend="opt-services.kea.dhcp-ddns.settings">settings</link> instead. Most users should prefer using [settings](#opt-services.kea.dhcp-ddns.settings) instead.
''; '';
}; };

4
nixos/modules/services/networking/ncdns.nix
View File

@ -176,10 +176,10 @@ in
certstore.nssdbdir = "../../home/alice/.pki/nssdb"; certstore.nssdbdir = "../../home/alice/.pki/nssdb";
} }
''; '';
description = '' description = lib.mdDoc ''
ncdns settings. Use this option to configure ncds ncdns settings. Use this option to configure ncds
settings not exposed in a NixOS option or to bypass one. settings not exposed in a NixOS option or to bypass one.
See the example ncdns.conf file at <link xlink:href="https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example"/> See the example ncdns.conf file at <https://github.com/namecoin/ncdns/blob/master/_doc/ncdns.conf.example>
for the available options. for the available options.
''; '';
}; };

6
nixos/modules/services/networking/networkmanager.nix
View File

@ -387,12 +387,12 @@ in {
enableStrongSwan = mkOption { enableStrongSwan = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Enable the StrongSwan plugin. Enable the StrongSwan plugin.
If you enable this option the If you enable this option the
<literal>networkmanager_strongswan</literal> plugin will be added to `networkmanager_strongswan` plugin will be added to
the <option>networking.networkmanager.plugins</option> option the {option}`networking.networkmanager.plugins` option
so you don't need to to that yourself. so you don't need to to that yourself.
''; '';
}; };

4
nixos/modules/services/networking/nntp-proxy.nix
View File

@ -167,9 +167,9 @@ in
passwordHash = mkOption { passwordHash = mkOption {
type = types.str; type = types.str;
example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0"; example = "$6$GtzE7FrpE$wwuVgFYU.TZH4Rz.Snjxk9XGua89IeVwPQ/fEUD8eujr40q5Y021yhn0aNcsQ2Ifw.BLclyzvzgegopgKcneL0";
description = '' description = lib.mdDoc ''
SHA-512 password hash (can be generated by SHA-512 password hash (can be generated by
<literal>mkpasswd -m sha-512 &lt;password&gt;</literal>) `mkpasswd -m sha-512 <password>`)
''; '';
}; };

4
nixos/modules/services/networking/nsd.nix
View File

@ -392,8 +392,8 @@ let
requestXFR = mkOption { requestXFR = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = lib.mdDoc ''
Format: <literal>[AXFR|UDP] &lt;ip-address&gt; &lt;key-name | NOKEY&gt;</literal> Format: `[AXFR|UDP] <ip-address> <key-name | NOKEY>`
''; '';
}; };

8
nixos/modules/services/networking/ntp/ntpd.nix
View File

@ -40,17 +40,17 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to synchronise your machine's time using ntpd, as a peer in Whether to synchronise your machine's time using ntpd, as a peer in
the NTP network. the NTP network.
Disables <literal>systemd.timesyncd</literal> if enabled. Disables `systemd.timesyncd` if enabled.
''; '';
}; };
restrictDefault = mkOption { restrictDefault = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = '' description = lib.mdDoc ''
The restriction flags to be set by default. The restriction flags to be set by default.
The default flags prevent external hosts from using ntpd as a DDoS The default flags prevent external hosts from using ntpd as a DDoS
@ -63,7 +63,7 @@ in
restrictSource = mkOption { restrictSource = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
description = '' description = lib.mdDoc ''
The restriction flags to be set on source. The restriction flags to be set on source.
The default flags allow peers to be added by ntpd from configured The default flags allow peers to be added by ntpd from configured

14
nixos/modules/services/networking/openconnect.nix
View File

@ -38,10 +38,10 @@ let
# set an authentication cookie, because they have to be requested # set an authentication cookie, because they have to be requested
# for every new connection and would only work once. # for every new connection and would only work once.
passwordFile = mkOption { passwordFile = mkOption {
description = '' description = lib.mdDoc ''
File containing the password to authenticate with. This File containing the password to authenticate with. This
is passed to <literal>openconnect</literal> via the is passed to `openconnect` via the
<literal>--passwd-on-stdin</literal> option. `--passwd-on-stdin` option.
''; '';
default = null; default = null;
example = "/var/lib/secrets/openconnect-passwd"; example = "/var/lib/secrets/openconnect-passwd";
@ -63,13 +63,13 @@ let
}; };
extraOptions = mkOption { extraOptions = mkOption {
description = '' description = lib.mdDoc ''
Extra config to be appended to the interface config. It should Extra config to be appended to the interface config. It should
contain long-format options as would be accepted on the command contain long-format options as would be accepted on the command
line by <literal>openconnect</literal> line by `openconnect`
(see https://www.infradead.org/openconnect/manual.html). (see https://www.infradead.org/openconnect/manual.html).
Non-key-value options like <literal>deflate</literal> can be used by Non-key-value options like `deflate` can be used by
declaring them as booleans, i. e. <literal>deflate = true;</literal>. declaring them as booleans, i. e. `deflate = true;`.
''; '';
default = { }; default = { };
example = { example = {

4
nixos/modules/services/networking/openvpn.nix
View File

@ -115,11 +115,11 @@ in
} }
''; '';
description = '' description = lib.mdDoc ''
Each attribute of this option defines a systemd service that Each attribute of this option defines a systemd service that
runs an OpenVPN instance. These can be OpenVPN servers or runs an OpenVPN instance. These can be OpenVPN servers or
clients. The name of each systemd service is clients. The name of each systemd service is
<literal>openvpn-«name».service</literal>, `openvpn-«name».service`,
where «name» is the corresponding where «name» is the corresponding
attribute name. attribute name.
''; '';

8
nixos/modules/services/networking/pleroma.nix
View File

@ -34,7 +34,7 @@ in {
configs = mkOption { configs = mkOption {
type = with types; listOf str; type = with types; listOf str;
description = '' description = lib.mdDoc ''
Pleroma public configuration. Pleroma public configuration.
This list gets appended from left to This list gets appended from left to
@ -42,9 +42,9 @@ in {
configuration imperatively, meaning you can override a configuration imperatively, meaning you can override a
setting by appending a new str to this NixOS option list. setting by appending a new str to this NixOS option list.
<emphasis>DO NOT STORE ANY PLEROMA SECRET *DO NOT STORE ANY PLEROMA SECRET
HERE</emphasis>, use HERE*, use
<link linkend="opt-services.pleroma.secretConfigFile">services.pleroma.secretConfigFile</link> [services.pleroma.secretConfigFile](#opt-services.pleroma.secretConfigFile)
instead. instead.
This setting is going to be stored in a file part of This setting is going to be stored in a file part of

24
nixos/modules/services/networking/ssh/sshd.nix
View File

@ -257,12 +257,12 @@ in
authorizedKeysFiles = mkOption { authorizedKeysFiles = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = []; default = [];
description = '' description = lib.mdDoc ''
Specify the rules for which files to read on the host. Specify the rules for which files to read on the host.
This is an advanced option. If you're looking to configure user This is an advanced option. If you're looking to configure user
keys, you can generally use <xref linkend="opt-users.users._name_.openssh.authorizedKeys.keys"/> keys, you can generally use [](#opt-users.users._name_.openssh.authorizedKeys.keys)
or <xref linkend="opt-users.users._name_.openssh.authorizedKeys.keyFiles"/>. or [](#opt-users.users._name_.openssh.authorizedKeys.keyFiles).
These are paths relative to the host root file system or home These are paths relative to the host root file system or home
directories and they are subject to certain token expansion rules. directories and they are subject to certain token expansion rules.
@ -298,13 +298,13 @@ in
"curve25519-sha256@libssh.org" "curve25519-sha256@libssh.org"
"diffie-hellman-group-exchange-sha256" "diffie-hellman-group-exchange-sha256"
]; ];
description = '' description = lib.mdDoc ''
Allowed key exchange algorithms Allowed key exchange algorithms
Uses the lower bound recommended in both Uses the lower bound recommended in both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html"/> <https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and and
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67"/> <https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
''; '';
}; };
@ -318,13 +318,13 @@ in
"aes192-ctr" "aes192-ctr"
"aes128-ctr" "aes128-ctr"
]; ];
description = '' description = lib.mdDoc ''
Allowed ciphers Allowed ciphers
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html"/> <https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and and
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67"/> <https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
''; '';
}; };
@ -338,13 +338,13 @@ in
"hmac-sha2-256" "hmac-sha2-256"
"umac-128@openssh.com" "umac-128@openssh.com"
]; ];
description = '' description = lib.mdDoc ''
Allowed MACs Allowed MACs
Defaults to recommended settings from both Defaults to recommended settings from both
<link xlink:href="https://stribika.github.io/2015/01/04/secure-secure-shell.html"/> <https://stribika.github.io/2015/01/04/secure-secure-shell.html>
and and
<link xlink:href="https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67"/> <https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67>
''; '';
}; };

16
nixos/modules/services/networking/wireguard.nix
View File

@ -118,11 +118,11 @@ let
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
example = "container"; example = "container";
description = ''The pre-existing network namespace in which the description = lib.mdDoc ''The pre-existing network namespace in which the
WireGuard interface is created, and which retains the socket even if the WireGuard interface is created, and which retains the socket even if the
interface is moved via <option>interfaceNamespace</option>. When interface is moved via {option}`interfaceNamespace`. When
<literal>null</literal>, the interface is created in the init namespace. `null`, the interface is created in the init namespace.
See <link xlink:href="https://www.wireguard.com/netns/">documentation</link>. See [documentation](https://www.wireguard.com/netns/).
''; '';
}; };
@ -130,11 +130,11 @@ let
default = null; default = null;
type = with types; nullOr str; type = with types; nullOr str;
example = "init"; example = "init";
description = ''The pre-existing network namespace the WireGuard description = lib.mdDoc ''The pre-existing network namespace the WireGuard
interface is moved to. The special value <literal>init</literal> means interface is moved to. The special value `init` means
the init namespace. When <literal>null</literal>, the interface is not the init namespace. When `null`, the interface is not
moved. moved.
See <link xlink:href="https://www.wireguard.com/netns/">documentation</link>. See [documentation](https://www.wireguard.com/netns/).
''; '';
}; };
}; };

12
nixos/modules/services/networking/yggdrasil.nix
View File

@ -64,21 +64,21 @@ in {
type = types.nullOr types.str; type = types.nullOr types.str;
default = null; default = null;
example = "wheel"; example = "wheel";
description = "Group to grant access to the Yggdrasil control socket. If <literal>null</literal>, only root can access the socket."; description = lib.mdDoc "Group to grant access to the Yggdrasil control socket. If `null`, only root can access the socket.";
}; };
openMulticastPort = mkOption { openMulticastPort = mkOption {
type = bool; type = bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to open the UDP port used for multicast peer Whether to open the UDP port used for multicast peer
discovery. The NixOS firewall blocks link-local discovery. The NixOS firewall blocks link-local
communication, so in order to make local peering work you communication, so in order to make local peering work you
will also need to set <literal>LinkLocalTCPPort</literal> in your will also need to set `LinkLocalTCPPort` in your
yggdrasil configuration (<option>config</option> or yggdrasil configuration ({option}`config` or
<option>configFile</option>) to a port number other than 0, {option}`configFile`) to a port number other than 0,
and then add that port to and then add that port to
<option>networking.firewall.allowedTCPPorts</option>. {option}`networking.firewall.allowedTCPPorts`.
''; '';
}; };

4
nixos/modules/services/security/privacyidea.nix
View File

@ -215,9 +215,9 @@ in
environmentFile = mkOption { environmentFile = mkOption {
default = null; default = null;
type = types.nullOr types.str; type = types.nullOr types.str;
description = '' description = lib.mdDoc ''
Environment file containing secrets to be substituted into Environment file containing secrets to be substituted into
<xref linkend="opt-services.privacyidea.ldap-proxy.settings"/>. [](#opt-services.privacyidea.ldap-proxy.settings).
''; '';
}; };
}; };

6
nixos/modules/services/security/tor.nix
View File

@ -476,11 +476,11 @@ in
}; };
clientNames = mkOption { clientNames = mkOption {
type = with types; nonEmptyListOf (strMatching "[A-Za-z0-9+-_]+"); type = with types; nonEmptyListOf (strMatching "[A-Za-z0-9+-_]+");
description = '' description = lib.mdDoc ''
Only clients that are listed here are authorized to access the hidden service. Only clients that are listed here are authorized to access the hidden service.
Generated authorization data can be found in <filename>${stateDir}/onion/$name/hostname</filename>. Generated authorization data can be found in {file}`${stateDir}/onion/$name/hostname`.
Clients need to put this authorization data in their configuration file using Clients need to put this authorization data in their configuration file using
<xref linkend="opt-services.tor.settings.HidServAuth"/>. [](#opt-services.tor.settings.HidServAuth).
''; '';
}; };
}; };

4
nixos/modules/services/security/vault.nix
View File

@ -116,13 +116,13 @@ in
storageConfig = mkOption { storageConfig = mkOption {
type = types.nullOr types.lines; type = types.nullOr types.lines;
default = null; default = null;
description = '' description = lib.mdDoc ''
HCL configuration to insert in the storageBackend section. HCL configuration to insert in the storageBackend section.
Confidential values should not be specified here because this option's Confidential values should not be specified here because this option's
value is written to the Nix store, which is publicly readable. value is written to the Nix store, which is publicly readable.
Provide credentials and such in a separate file using Provide credentials and such in a separate file using
<xref linkend="opt-services.vault.extraSettingsPaths"/>. [](#opt-services.vault.extraSettingsPaths).
''; '';
}; };

14
nixos/modules/services/system/dbus.nix
View File

@ -38,17 +38,17 @@ in
packages = mkOption { packages = mkOption {
type = types.listOf types.path; type = types.listOf types.path;
default = [ ]; default = [ ];
description = '' description = lib.mdDoc ''
Packages whose D-Bus configuration files should be included in Packages whose D-Bus configuration files should be included in
the configuration of the D-Bus system-wide or session-wide the configuration of the D-Bus system-wide or session-wide
message bus. Specifically, files in the following directories message bus. Specifically, files in the following directories
will be included into their respective DBus configuration paths: will be included into their respective DBus configuration paths:
<filename>«pkg»/etc/dbus-1/system.d</filename> {file}`«pkg»/etc/dbus-1/system.d`
<filename>«pkg»/share/dbus-1/system.d</filename> {file}`«pkg»/share/dbus-1/system.d`
<filename>«pkg»/share/dbus-1/system-services</filename> {file}`«pkg»/share/dbus-1/system-services`
<filename>«pkg»/etc/dbus-1/session.d</filename> {file}`«pkg»/etc/dbus-1/session.d`
<filename>«pkg»/share/dbus-1/session.d</filename> {file}`«pkg»/share/dbus-1/session.d`
<filename>«pkg»/share/dbus-1/services</filename> {file}`«pkg»/share/dbus-1/services`
''; '';
}; };

16
nixos/modules/services/system/earlyoom.nix
View File

@ -32,32 +32,32 @@ in
freeMemKillThreshold = mkOption { freeMemKillThreshold = mkOption {
type = types.nullOr (types.ints.between 1 100); type = types.nullOr (types.ints.between 1 100);
default = null; default = null;
description = '' description = lib.mdDoc ''
Minimum available memory (in percent) before sending SIGKILL. Minimum available memory (in percent) before sending SIGKILL.
If unset, this defaults to half of <option>freeMemThreshold</option>. If unset, this defaults to half of {option}`freeMemThreshold`.
See the description of <xref linkend="opt-services.earlyoom.freeMemThreshold"/>. See the description of [](#opt-services.earlyoom.freeMemThreshold).
''; '';
}; };
freeSwapThreshold = mkOption { freeSwapThreshold = mkOption {
type = types.ints.between 1 100; type = types.ints.between 1 100;
default = 10; default = 10;
description = '' description = lib.mdDoc ''
Minimum free swap space (in percent) before sending SIGTERM. Minimum free swap space (in percent) before sending SIGTERM.
See the description of <xref linkend="opt-services.earlyoom.freeMemThreshold"/>. See the description of [](#opt-services.earlyoom.freeMemThreshold).
''; '';
}; };
freeSwapKillThreshold = mkOption { freeSwapKillThreshold = mkOption {
type = types.nullOr (types.ints.between 1 100); type = types.nullOr (types.ints.between 1 100);
default = null; default = null;
description = '' description = lib.mdDoc ''
Minimum free swap space (in percent) before sending SIGKILL. Minimum free swap space (in percent) before sending SIGKILL.
If unset, this defaults to half of <option>freeSwapThreshold</option>. If unset, this defaults to half of {option}`freeSwapThreshold`.
See the description of <xref linkend="opt-services.earlyoom.freeMemThreshold"/>. See the description of [](#opt-services.earlyoom.freeMemThreshold).
''; '';
}; };

56
nixos/modules/services/torrent/transmission.nix
View File

@ -55,13 +55,13 @@ in
type = types.path; type = types.path;
default = "${cfg.home}/${incompleteDir}"; default = "${cfg.home}/${incompleteDir}";
defaultText = literalExpression ''"''${config.${opt.home}}/${incompleteDir}"''; defaultText = literalExpression ''"''${config.${opt.home}}/${incompleteDir}"'';
description = '' description = lib.mdDoc ''
When enabled with When enabled with
services.transmission.home services.transmission.home
<xref linkend="opt-services.transmission.settings.incomplete-dir-enabled"/>, [](#opt-services.transmission.settings.incomplete-dir-enabled),
new torrents will download the files to this directory. new torrents will download the files to this directory.
When complete, the files will be moved to download-dir When complete, the files will be moved to download-dir
<xref linkend="opt-services.transmission.settings.download-dir"/>. [](#opt-services.transmission.settings.download-dir).
''; '';
}; };
options.incomplete-dir-enabled = mkOption { options.incomplete-dir-enabled = mkOption {
@ -82,17 +82,17 @@ in
options.peer-port-random-high = mkOption { options.peer-port-random-high = mkOption {
type = types.port; type = types.port;
default = 65535; default = 65535;
description = '' description = lib.mdDoc ''
The maximum peer port to listen to for incoming connections The maximum peer port to listen to for incoming connections
when <xref linkend="opt-services.transmission.settings.peer-port-random-on-start"/> is enabled. when [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled.
''; '';
}; };
options.peer-port-random-low = mkOption { options.peer-port-random-low = mkOption {
type = types.port; type = types.port;
default = 65535; default = 65535;
description = '' description = lib.mdDoc ''
The minimal peer port to listen to for incoming connections The minimal peer port to listen to for incoming connections
when <xref linkend="opt-services.transmission.settings.peer-port-random-on-start"/> is enabled. when [](#opt-services.transmission.settings.peer-port-random-on-start) is enabled.
''; '';
}; };
options.peer-port-random-on-start = mkOption { options.peer-port-random-on-start = mkOption {
@ -117,9 +117,9 @@ in
options.script-torrent-done-enabled = mkOption { options.script-torrent-done-enabled = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to run Whether to run
<xref linkend="opt-services.transmission.settings.script-torrent-done-filename"/> [](#opt-services.transmission.settings.script-torrent-done-filename)
at torrent completion. at torrent completion.
''; '';
}; };
@ -156,15 +156,15 @@ in
options.watch-dir-enabled = mkOption { options.watch-dir-enabled = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = ''Whether to enable the description = lib.mdDoc ''Whether to enable the
<xref linkend="opt-services.transmission.settings.watch-dir"/>. [](#opt-services.transmission.settings.watch-dir).
''; '';
}; };
options.trash-original-torrent-files = mkOption { options.trash-original-torrent-files = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = ''Whether to delete torrents added from the description = lib.mdDoc ''Whether to delete torrents added from the
<xref linkend="opt-services.transmission.settings.watch-dir"/>. [](#opt-services.transmission.settings.watch-dir).
''; '';
}; };
}; };
@ -174,26 +174,26 @@ in
type = with types; nullOr str; type = with types; nullOr str;
default = null; default = null;
example = "770"; example = "770";
description = '' description = lib.mdDoc ''
If not <literal>null</literal>, is used as the permissions If not `null`, is used as the permissions
set by <literal>systemd.activationScripts.transmission-daemon</literal> set by `systemd.activationScripts.transmission-daemon`
on the directories <xref linkend="opt-services.transmission.settings.download-dir"/>, on the directories [](#opt-services.transmission.settings.download-dir),
<xref linkend="opt-services.transmission.settings.incomplete-dir"/>. [](#opt-services.transmission.settings.incomplete-dir).
and <xref linkend="opt-services.transmission.settings.watch-dir"/>. and [](#opt-services.transmission.settings.watch-dir).
Note that you may also want to change Note that you may also want to change
<xref linkend="opt-services.transmission.settings.umask"/>. [](#opt-services.transmission.settings.umask).
''; '';
}; };
home = mkOption { home = mkOption {
type = types.path; type = types.path;
default = "/var/lib/transmission"; default = "/var/lib/transmission";
description = '' description = lib.mdDoc ''
The directory where Transmission will create <literal>${settingsDir}</literal>. The directory where Transmission will create `${settingsDir}`.
as well as <literal>${downloadsDir}/</literal> unless as well as `${downloadsDir}/` unless
<xref linkend="opt-services.transmission.settings.download-dir"/> is changed, [](#opt-services.transmission.settings.download-dir) is changed,
and <literal>${incompleteDir}/</literal> unless and `${incompleteDir}/` unless
<xref linkend="opt-services.transmission.settings.incomplete-dir"/> is changed. [](#opt-services.transmission.settings.incomplete-dir) is changed.
''; '';
}; };
@ -211,10 +211,10 @@ in
credentialsFile = mkOption { credentialsFile = mkOption {
type = types.path; type = types.path;
description = '' description = lib.mdDoc ''
Path to a JSON file to be merged with the settings. Path to a JSON file to be merged with the settings.
Useful to merge a file which is better kept out of the Nix store Useful to merge a file which is better kept out of the Nix store
to set secret config parameters like <literal>rpc-password</literal>. to set secret config parameters like `rpc-password`.
''; '';
default = "/dev/null"; default = "/dev/null";
example = "/var/lib/secrets/transmission/settings.json"; example = "/var/lib/secrets/transmission/settings.json";

10
nixos/modules/services/web-apps/dokuwiki.nix
View File

@ -260,14 +260,14 @@ in
webserver = mkOption { webserver = mkOption {
type = types.enum [ "nginx" "caddy" ]; type = types.enum [ "nginx" "caddy" ];
default = "nginx"; default = "nginx";
description = '' description = lib.mdDoc ''
Whether to use nginx or caddy for virtual host management. Whether to use nginx or caddy for virtual host management.
Further nginx configuration can be done by adapting <literal>services.nginx.virtualHosts.&lt;name&gt;</literal>. Further nginx configuration can be done by adapting `services.nginx.virtualHosts.<name>`.
See <xref linkend="opt-services.nginx.virtualHosts"/> for further information. See [](#opt-services.nginx.virtualHosts) for further information.
Further apache2 configuration can be done by adapting <literal>services.httpd.virtualHosts.&lt;name&gt;</literal>. Further apache2 configuration can be done by adapting `services.httpd.virtualHosts.<name>`.
See <xref linkend="opt-services.httpd.virtualHosts"/> for further information. See [](#opt-services.httpd.virtualHosts) for further information.
''; '';
}; };

4
nixos/modules/services/web-apps/hedgedoc.nix
View File

@ -150,9 +150,9 @@ in
addDefaults = true; addDefaults = true;
} }
''; '';
description = '' description = lib.mdDoc ''
Specify the Content Security Policy which is passed to Helmet. Specify the Content Security Policy which is passed to Helmet.
For configuration details see <link xlink:href="https://helmetjs.github.io/docs/csp/"/>. For configuration details see <https://helmetjs.github.io/docs/csp/>.
''; '';
}; };
protocolUseSSL = mkOption { protocolUseSSL = mkOption {

26
nixos/modules/services/web-apps/keycloak.nix
View File

@ -210,13 +210,13 @@ in
name = mkOption { name = mkOption {
type = str; type = str;
default = "keycloak"; default = "keycloak";
description = '' description = lib.mdDoc ''
Database name to use when connecting to an external or Database name to use when connecting to an external or
manually provisioned database; has no effect when a local manually provisioned database; has no effect when a local
database is automatically provisioned. database is automatically provisioned.
To use this with a local database, set <xref linkend="opt-services.keycloak.database.createLocally"/> to To use this with a local database, set [](#opt-services.keycloak.database.createLocally) to
<literal>false</literal> and create the database and user `false` and create the database and user
manually. manually.
''; '';
}; };
@ -224,13 +224,13 @@ in
username = mkOption { username = mkOption {
type = str; type = str;
default = "keycloak"; default = "keycloak";
description = '' description = lib.mdDoc ''
Username to use when connecting to an external or manually Username to use when connecting to an external or manually
provisioned database; has no effect when a local database is provisioned database; has no effect when a local database is
automatically provisioned. automatically provisioned.
To use this with a local database, set <xref linkend="opt-services.keycloak.database.createLocally"/> to To use this with a local database, set [](#opt-services.keycloak.database.createLocally) to
<literal>false</literal> and create the database and user `false` and create the database and user
manually. manually.
''; '';
}; };
@ -415,21 +415,21 @@ in
} }
''; '';
description = '' description = lib.mdDoc ''
Configuration options corresponding to parameters set in Configuration options corresponding to parameters set in
<filename>conf/keycloak.conf</filename>. {file}`conf/keycloak.conf`.
Most available options are documented at <link xlink:href="https://www.keycloak.org/server/all-config"/>. Most available options are documented at <https://www.keycloak.org/server/all-config>.
Options containing secret data should be set to an attribute Options containing secret data should be set to an attribute
set containing the attribute <literal>_secret</literal> - a set containing the attribute `_secret` - a
string pointing to a file containing the value the option string pointing to a file containing the value the option
should be set to. See the example to get a better picture of should be set to. See the example to get a better picture of
this: in the resulting this: in the resulting
<filename>conf/keycloak.conf</filename> file, the {file}`conf/keycloak.conf` file, the
<literal>https-key-store-password</literal> key will be set `https-key-store-password` key will be set
to the contents of the to the contents of the
<filename>/run/keys/store_password</filename> file. {file}`/run/keys/store_password` file.
''; '';
}; };
}; };

18
nixos/modules/services/web-apps/mastodon.nix
View File

@ -197,14 +197,14 @@ in {
}; };
vapidPublicKeyFile = lib.mkOption { vapidPublicKeyFile = lib.mkOption {
description = '' description = lib.mdDoc ''
Path to file containing the public key used for Web Push Path to file containing the public key used for Web Push
Voluntary Application Server Identification. A new keypair can Voluntary Application Server Identification. A new keypair can
be generated by running: be generated by running:
<literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</literal> `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys`
If <option>mastodon.vapidPrivateKeyFile</option>does not If {option}`mastodon.vapidPrivateKeyFile`does not
exist, it and this file will be created with a new keypair. exist, it and this file will be created with a new keypair.
''; '';
default = "/var/lib/mastodon/secrets/vapid-public-key"; default = "/var/lib/mastodon/secrets/vapid-public-key";
@ -218,11 +218,11 @@ in {
}; };
secretKeyBaseFile = lib.mkOption { secretKeyBaseFile = lib.mkOption {
description = '' description = lib.mdDoc ''
Path to file containing the secret key base. Path to file containing the secret key base.
A new secret key base can be generated by running: A new secret key base can be generated by running:
<literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</literal> `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret`
If this file does not exist, it will be created with a new secret key base. If this file does not exist, it will be created with a new secret key base.
''; '';
@ -231,11 +231,11 @@ in {
}; };
otpSecretFile = lib.mkOption { otpSecretFile = lib.mkOption {
description = '' description = lib.mdDoc ''
Path to file containing the OTP secret. Path to file containing the OTP secret.
A new OTP secret can be generated by running: A new OTP secret can be generated by running:
<literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake secret</literal> `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake secret`
If this file does not exist, it will be created with a new OTP secret. If this file does not exist, it will be created with a new OTP secret.
''; '';
@ -244,12 +244,12 @@ in {
}; };
vapidPrivateKeyFile = lib.mkOption { vapidPrivateKeyFile = lib.mkOption {
description = '' description = lib.mdDoc ''
Path to file containing the private key used for Web Push Path to file containing the private key used for Web Push
Voluntary Application Server Identification. A new keypair can Voluntary Application Server Identification. A new keypair can
be generated by running: be generated by running:
<literal>nix build -f '&lt;nixpkgs&gt;' mastodon; cd result; bin/rake webpush:generate_keys</literal> `nix build -f '<nixpkgs>' mastodon; cd result; bin/rake webpush:generate_keys`
If this file does not exist, it will be created with a new If this file does not exist, it will be created with a new
private key. private key.

24
nixos/modules/services/web-apps/nextcloud.nix
View File

@ -93,8 +93,8 @@ in {
type = types.str; type = types.str;
default = config.services.nextcloud.home; default = config.services.nextcloud.home;
defaultText = literalExpression "config.services.nextcloud.home"; defaultText = literalExpression "config.services.nextcloud.home";
description = '' description = lib.mdDoc ''
Data storage path of nextcloud. Will be <xref linkend="opt-services.nextcloud.home"/> by default. Data storage path of nextcloud. Will be [](#opt-services.nextcloud.home) by default.
This folder will be populated with a config.php and data folder which contains the state of the instance (excl the database)."; This folder will be populated with a config.php and data folder which contains the state of the instance (excl the database).";
''; '';
example = "/mnt/nextcloud-file"; example = "/mnt/nextcloud-file";
@ -102,10 +102,10 @@ in {
extraApps = mkOption { extraApps = mkOption {
type = types.attrsOf types.package; type = types.attrsOf types.package;
default = { }; default = { };
description = '' description = lib.mdDoc ''
Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp. Extra apps to install. Should be an attrSet of appid to packages generated by fetchNextcloudApp.
The appid must be identical to the "id" value in the apps appinfo/info.xml. The appid must be identical to the "id" value in the apps appinfo/info.xml.
Using this will disable the appstore to prevent Nextcloud from updating these apps (see <xref linkend="opt-services.nextcloud.appstoreEnable"/>). Using this will disable the appstore to prevent Nextcloud from updating these apps (see [](#opt-services.nextcloud.appstoreEnable)).
''; '';
example = literalExpression '' example = literalExpression ''
{ {
@ -127,8 +127,8 @@ in {
extraAppsEnable = mkOption { extraAppsEnable = mkOption {
type = types.bool; type = types.bool;
default = true; default = true;
description = '' description = lib.mdDoc ''
Automatically enable the apps in <xref linkend="opt-services.nextcloud.extraApps"/> every time nextcloud starts. Automatically enable the apps in [](#opt-services.nextcloud.extraApps) every time nextcloud starts.
If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable. If set to false, apps need to be enabled in the Nextcloud user interface or with nextcloud-occ app:enable.
''; '';
}; };
@ -136,10 +136,10 @@ in {
type = types.nullOr types.bool; type = types.nullOr types.bool;
default = null; default = null;
example = true; example = true;
description = '' description = lib.mdDoc ''
Allow the installation of apps and app updates from the store. Allow the installation of apps and app updates from the store.
Enabled by default unless there are packages in <xref linkend="opt-services.nextcloud.extraApps"/>. Enabled by default unless there are packages in [](#opt-services.nextcloud.extraApps).
Set to true to force enable the store even if <xref linkend="opt-services.nextcloud.extraApps"/> is used. Set to true to force enable the store even if [](#opt-services.nextcloud.extraApps) is used.
Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting. Set to false to disable the installation of apps from the global appstore. App management is always enabled regardless of this setting.
''; '';
}; };
@ -585,9 +585,9 @@ in {
hstsMaxAge = mkOption { hstsMaxAge = mkOption {
type = types.ints.positive; type = types.ints.positive;
default = 15552000; default = 15552000;
description = '' description = lib.mdDoc ''
Value for the <literal>max-age</literal> directive of the HTTP Value for the `max-age` directive of the HTTP
<literal>Strict-Transport-Security</literal> header. `Strict-Transport-Security` header.
See section 6.1.1 of IETF RFC 6797 for detailed information on this See section 6.1.1 of IETF RFC 6797 for detailed information on this
directive and header. directive and header.

4
nixos/modules/services/web-apps/node-red.nix
View File

@ -47,9 +47,9 @@ in
type = types.path; type = types.path;
default = "${cfg.package}/lib/node_modules/node-red/settings.js"; default = "${cfg.package}/lib/node_modules/node-red/settings.js";
defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"''; defaultText = literalExpression ''"''${package}/lib/node_modules/node-red/settings.js"'';
description = '' description = lib.mdDoc ''
Path to the JavaScript configuration file. Path to the JavaScript configuration file.
See <link xlink:href="https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js"/> See <https://github.com/node-red/node-red/blob/master/packages/node_modules/node-red/settings.js>
for a configuration example. for a configuration example.
''; '';
}; };

2
nixos/modules/services/web-apps/trilium.nix
View File

@ -53,7 +53,7 @@ in
noAuthentication = mkOption { noAuthentication = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
If set to true, no password is required to access the web frontend. If set to true, no password is required to access the web frontend.
''; '';
}; };

2
nixos/modules/services/x11/desktop-managers/plasma5.nix
View File

@ -170,7 +170,7 @@ in
supportDDC = mkOption { supportDDC = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Support setting monitor brightness via DDC. Support setting monitor brightness via DDC.
This is not needed for controlling brightness of the internal monitor This is not needed for controlling brightness of the internal monitor

4
nixos/modules/services/x11/display-managers/lightdm-greeters/mini.nix
View File

@ -55,12 +55,12 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to enable lightdm-mini-greeter as the lightdm greeter. Whether to enable lightdm-mini-greeter as the lightdm greeter.
Note that this greeter starts only the default X session. Note that this greeter starts only the default X session.
You can configure the default X session using You can configure the default X session using
<xref linkend="opt-services.xserver.displayManager.defaultSession"/>. [](#opt-services.xserver.displayManager.defaultSession).
''; '';
}; };

4
nixos/modules/services/x11/display-managers/lightdm-greeters/tiny.nix
View File

@ -17,12 +17,12 @@ in
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Whether to enable lightdm-tiny-greeter as the lightdm greeter. Whether to enable lightdm-tiny-greeter as the lightdm greeter.
Note that this greeter starts only the default X session. Note that this greeter starts only the default X session.
You can configure the default X session using You can configure the default X session using
<xref linkend="opt-services.xserver.displayManager.defaultSession"/>. [](#opt-services.xserver.displayManager.defaultSession).
''; '';
}; };

2
nixos/modules/services/x11/window-managers/fvwm2.nix
View File

@ -24,7 +24,7 @@ in
gestures = mkOption { gestures = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = "Whether or not to enable libstroke for gesture support"; description = lib.mdDoc "Whether or not to enable libstroke for gesture support";
}; };
}; };
}; };

10
nixos/modules/system/boot/initrd-network.nix
View File

@ -50,17 +50,17 @@ in
boot.initrd.network.enable = mkOption { boot.initrd.network.enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = '' description = lib.mdDoc ''
Add network connectivity support to initrd. The network may be Add network connectivity support to initrd. The network may be
configured using the <literal>ip</literal> kernel parameter, configured using the `ip` kernel parameter,
as described in <link xlink:href="https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt">the kernel documentation</link>. as described in [the kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt).
Otherwise, if Otherwise, if
<option>networking.useDHCP</option> is enabled, an IP address {option}`networking.useDHCP` is enabled, an IP address
is acquired using DHCP. is acquired using DHCP.
You should add the module(s) required for your network card to You should add the module(s) required for your network card to
boot.initrd.availableKernelModules. boot.initrd.availableKernelModules.
<literal>lspci -v | grep -iA8 'network\|ethernet'</literal> `lspci -v | grep -iA8 'network\|ethernet'`
will tell you which. will tell you which.
''; '';
}; };

4
nixos/modules/system/boot/luksroot.nix
View File

@ -548,11 +548,11 @@ in
boot.initrd.luks.devices = mkOption { boot.initrd.luks.devices = mkOption {
default = { }; default = { };
example = { luksroot.device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; }; example = { luksroot.device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; };
description = '' description = lib.mdDoc ''
The encrypted disk that should be opened before the root The encrypted disk that should be opened before the root
filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM
setups are supported. The unencrypted devices can be accessed as setups are supported. The unencrypted devices can be accessed as
<filename>/dev/mapper/«name»</filename>. {file}`/dev/mapper/«name»`.
''; '';
type = with types; attrsOf (submodule ( type = with types; attrsOf (submodule (

6
nixos/modules/system/boot/networkd.nix
View File

@ -1904,11 +1904,11 @@ in
}; };
extraArgs = mkOption { extraArgs = mkOption {
description = '' description = lib.mdDoc ''
Extra command-line arguments to pass to systemd-networkd-wait-online. Extra command-line arguments to pass to systemd-networkd-wait-online.
These also affect per-interface <literal>systemd-network-wait-online@</literal> services. These also affect per-interface `systemd-network-wait-online@` services.
See <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html"><citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></link> for all available options. See [{manpage}`systemd-networkd-wait-online.service(8)`](https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html) for all available options.
''; '';
type = with types; listOf str; type = with types; listOf str;
default = []; default = [];

6
nixos/modules/system/boot/systemd/logind.nix
View File

@ -26,14 +26,14 @@ in
services.logind.killUserProcesses = mkOption { services.logind.killUserProcesses = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = '' description = lib.mdDoc ''
Specifies whether the processes of a user should be killed Specifies whether the processes of a user should be killed
when the user logs out. If true, the scope unit corresponding when the user logs out. If true, the scope unit corresponding
to the session and all processes inside that scope will be to the session and all processes inside that scope will be
terminated. If false, the scope is "abandoned" (see terminated. If false, the scope is "abandoned" (see
<link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.scope.html#">systemd.scope(5)</link>), and processes are not killed. [systemd.scope(5)](https://www.freedesktop.org/software/systemd/man/systemd.scope.html#)), and processes are not killed.
See <link xlink:href="https://www.freedesktop.org/software/systemd/man/logind.conf.html#KillUserProcesses=">logind.conf(5)</link> See [logind.conf(5)](https://www.freedesktop.org/software/systemd/man/logind.conf.html#KillUserProcesses=)
for more details. for more details.
''; '';
}; };

10
nixos/modules/system/boot/systemd/tmpfiles.nix
View File

@ -25,16 +25,16 @@ in
default = []; default = [];
example = literalExpression "[ pkgs.lvm2 ]"; example = literalExpression "[ pkgs.lvm2 ]";
apply = map getLib; apply = map getLib;
description = '' description = lib.mdDoc ''
List of packages containing <command>systemd-tmpfiles</command> rules. List of packages containing {command}`systemd-tmpfiles` rules.
All files ending in .conf found in All files ending in .conf found in
<filename>«pkg»/lib/tmpfiles.d</filename> {file}`«pkg»/lib/tmpfiles.d`
will be included. will be included.
If this folder does not exist or does not contain any files an error will be returned instead. If this folder does not exist or does not contain any files an error will be returned instead.
If a <filename>lib</filename> output is available, rules are searched there and only there. If a {file}`lib` output is available, rules are searched there and only there.
If there is no <filename>lib</filename> output it will fall back to <filename>out</filename> If there is no {file}`lib` output it will fall back to {file}`out`
and if that does not exist either, the default output will be used. and if that does not exist either, the default output will be used.
''; '';
}; };

6
nixos/modules/tasks/auto-upgrade.nix
View File

@ -25,10 +25,10 @@ in {
type = types.enum ["switch" "boot"]; type = types.enum ["switch" "boot"];
default = "switch"; default = "switch";
example = "boot"; example = "boot";
description = '' description = lib.mdDoc ''
Whether to run Whether to run
<literal>nixos-rebuild switch --upgrade</literal> or run `nixos-rebuild switch --upgrade` or run
<literal>nixos-rebuild boot --upgrade</literal> `nixos-rebuild boot --upgrade`
''; '';
}; };

2
nixos/modules/tasks/scsi-link-power-management.nix
View File

@ -25,7 +25,7 @@ in
powerManagement.scsiLinkPolicy = mkOption { powerManagement.scsiLinkPolicy = mkOption {
default = null; default = null;
type = types.nullOr (types.enum allowedValues); type = types.nullOr (types.enum allowedValues);
description = '' description = lib.mdDoc ''
SCSI link power management policy. The kernel default is SCSI link power management policy. The kernel default is
"max_performance". "max_performance".

Some files were not shown because too many files have changed in this diff Show More