···

       
15043
       
15043
       
 
       
    githubId = 496447;

     

       
15044
       
15044
       
 
       
    name = "Robert Hensing";

     

       
15045
       
15045
       
 
       
  };

     

       
15046
       
15046
       
+
       
  robert-manchester = {

     

       
15047
       
15047
       
+
       
    email = "robert.manchester@gmail.com";

     

       
15048
       
15048
       
+
       
    github = "robert-manchester";

     

       
15049
       
15049
       
+
       
    githubId = 86313040;

     

       
15050
       
15050
       
+
       
    name = "Robert Manchester";

     

       
15051
       
15051
       
+
       
  };

     

       
15046
       
15052
       
 
       
  robertodr = {

     

       
15047
       
15053
       
 
       
    email = "roberto.diremigio@gmail.com";

     

       
15048
       
15054
       
 
       
    github = "robertodr";

     

···

       
786
       
786
       
 
       
    autocommit = not args.no_commit

     

       
787
       
787
       
 
       


     

       
788
       
788
       
 
       
    if autocommit:

     

       
789
       
789
       
+
       
        from datetime import date

     

       
789
       
790
       
 
       
        editor.nixpkgs_repo = git.Repo(editor.root, search_parent_directories=True)

     

       
790
       
790
       
-
       
        commit(editor.nixpkgs_repo, f"{editor.attr_path}: update", [args.outfile])

     

       
791
       
791
       
+
       
        updated = date.today().strftime('%m-%d-%Y')

     

       
792
       
792
       
+
       


     

       
793
       
793
       
+
       
        commit(editor.nixpkgs_repo, f"{editor.attr_path}: updated the {updated}", [args.outfile])

     

       
791
       
794
       
 
       


     

       
792
       
795
       
 
       
    if redirects:

     

       
793
       
796
       
 
       
        update()

     

···

       
44
       
44
       
 
       
- Inspect what changed during these actions and print units that failed and

     

       
45
       
45
       
 
       
  that were newly started

     

       
46
       
46
       
 
       


     

       
47
       
47
       
+
       
By default, some units are filtered from the outputs to make it less spammy.

     

       
48
       
48
       
+
       
This can be disabled for development or testing by setting the environment variable

     

       
49
       
49
       
+
       
`STC_DISPLAY_ALL_UNITS=1`

     

       
50
       
50
       
+
       


     

       
47
       
51
       
 
       
Most of these actions are either self-explaining but some of them have to do

     

       
48
       
52
       
 
       
with our units or the activation script. For this reason, these topics are

     

       
49
       
53
       
 
       
explained in the next sections.

     

···

       
359
       
359
       
 
       


     

       
360
       
360
       
 
       
- The application firewall `opensnitch` now uses the process monitor method eBPF as default as recommended by upstream. The method can be changed with the setting [services.opensnitch.settings.ProcMonitorMethod](#opt-services.opensnitch.settings.ProcMonitorMethod).

     

       
361
       
361
       
 
       


     

       
362
       
362
       
+
       
- `services.hedgedoc` has been heavily refactored, reducing the amount of declared options in the module. Most of the options should still work without any changes. Some options have been deprecated, as they no longer have any effect. See [#244941](https://github.com/NixOS/nixpkgs/pull/244941) for more details.

     

       
363
       
363
       
+
       


     

       
362
       
364
       
 
       
- The module [services.ankisyncd](#opt-services.ankisyncd.package) has been switched to [anki-sync-server-rs](https://github.com/ankicommunity/anki-sync-server-rs) from the old python version, which was difficult to update, had not been updated in a while, and did not support recent versions of anki.

     

       
363
       
365
       
 
       
Unfortunately all servers supporting new clients (newer version of anki-sync-server, anki's built in sync server and this new rust package) do not support the older sync protocol that was used in the old server, so such old clients will also need updating and in particular the anki package in nixpkgs is also being updated in this release.

     

       
364
       
366
       
 
       
The module update takes care of the new config syntax and the data itself (user login and cards) are compatible, so users of the module will be able to just log in again after updating both client and server without any extra action.

     

···

       
7
       
7
       
 
       
in

     

       
8
       
8
       
 
       
{

     

       
9
       
9
       
 
       
  options.networking.iproute2 = {

     

       
10
       
10
       
-
       
    enable = mkEnableOption (lib.mdDoc "copy IP route configuration files");

     

       
10
       
10
       
+
       
    enable = mkEnableOption (lib.mdDoc "copying IP route configuration files");

     

       
11
       
11
       
 
       
    rttablesExtraConfig = mkOption {

     

       
12
       
12
       
 
       
      type = types.lines;

     

       
13
       
13
       
 
       
      default = "";

     

···

       
15
       
15
       
 
       
in

     

       
16
       
16
       
 
       
{

     

       
17
       
17
       
 
       
  options.networking.stevenblack = {

     

       
18
       
18
       
-
       
    enable = mkEnableOption (mdDoc "Enable the stevenblack hosts file blocklist");

     

       
18
       
18
       
+
       
    enable = mkEnableOption (mdDoc "the stevenblack hosts file blocklist");

     

       
19
       
19
       
 
       


     

       
20
       
20
       
 
       
    block = mkOption {

     

       
21
       
21
       
 
       
      type = types.listOf (types.enum [ "fakenews" "gambling" "porn" "social" ]);

     

···

       
8
       
8
       
 
       
{

     

       
9
       
9
       
 
       
  options.programs.corectrl = {

     

       
10
       
10
       
 
       
    enable = mkEnableOption (lib.mdDoc ''

     

       
11
       
11
       
-
       
      A tool to overclock amd graphics cards and processors.

     

       
11
       
11
       
+
       
      CoreCtrl, a tool to overclock amd graphics cards and processors.

     

       
12
       
12
       
 
       
      Add your user to the corectrl group to run corectrl without needing to enter your password

     

       
13
       
13
       
 
       
    '');

     

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
    gpuOverclock = {

     

       
16
       
16
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
17
       
17
       
-
       
        true

     

       
17
       
17
       
+
       
        GPU overclocking

     

       
18
       
18
       
 
       
      '');

     

       
19
       
19
       
 
       
      ppfeaturemask = mkOption {

     

       
20
       
20
       
 
       
        type = types.str;

     

···

       
11
       
11
       
 
       
    enable = mkEnableOption (lib.mdDoc ''

     

       
12
       
12
       
 
       
      i2c devices support. By default access is granted to users in the "i2c"

     

       
13
       
13
       
 
       
      group (will be created if non-existent) and any user with a seat, meaning

     

       
14
       
14
       
-
       
      logged on the computer locally.

     

       
14
       
14
       
+
       
      logged on the computer locally

     

       
15
       
15
       
 
       
    '');

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
    group = mkOption {

     

···

       
11
       
11
       
 
       
      non-root access to the firmware of UHK keyboards.

     

       
12
       
12
       
 
       
      You need it when you want to flash a new firmware on the keyboard.

     

       
13
       
13
       
 
       
      Access to the keyboard is granted to users in the "input" group.

     

       
14
       
14
       
-
       
      You may want to install the uhk-agent package.

     

       
14
       
14
       
+
       
      You may want to install the uhk-agent package

     

       
15
       
15
       
 
       
    '');

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
  };

     

···

       
11
       
11
       
 
       
      udev rules for keyboards from ZSA like the ErgoDox EZ, Planck EZ and Moonlander Mark I.

     

       
12
       
12
       
 
       
      You need it when you want to flash a new configuration on the keyboard

     

       
13
       
13
       
 
       
      or use their live training in the browser.

     

       
14
       
14
       
-
       
      You may want to install the wally-cli package.

     

       
14
       
14
       
+
       
      You may want to install the wally-cli package

     

       
15
       
15
       
 
       
    '');

     

       
16
       
16
       
 
       
  };

     

       
17
       
17
       
 
       


     

···

       
50
       
50
       
 
       
  options = {

     

       
51
       
51
       
 
       
    hardware.openrazer = {

     

       
52
       
52
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
53
       
53
       
-
       
        OpenRazer drivers and userspace daemon.

     

       
53
       
53
       
+
       
        OpenRazer drivers and userspace daemon

     

       
54
       
54
       
 
       
      '');

     

       
55
       
55
       
 
       


     

       
56
       
56
       
 
       
      verboseLogging = mkOption {

     

···

       
9
       
9
       
 
       
  {

     

       
10
       
10
       
 
       
    options.hardware.tuxedo-keyboard = {

     

       
11
       
11
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
12
       
12
       
-
       
          Enables the tuxedo-keyboard driver.

     

       
12
       
12
       
+
       
          the tuxedo-keyboard driver.

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
          To configure the driver, pass the options to the {option}`boot.kernelParams` configuration.

     

       
15
       
15
       
 
       
          There are several parameters you can change. It's best to check at the source code description which options are supported.

     

···

       
24
       
24
       
 
       
  options = {

     

       
25
       
25
       
 
       
    hardware.nvidia = {

     

       
26
       
26
       
 
       
      datacenter.enable = lib.mkEnableOption (lib.mdDoc ''

     

       
27
       
27
       
-
       
        Data Center drivers for NVIDIA cards on a NVLink topology.

     

       
27
       
27
       
+
       
        Data Center drivers for NVIDIA cards on a NVLink topology

     

       
28
       
28
       
 
       
      '');

     

       
29
       
29
       
 
       
      datacenter.settings = lib.mkOption {

     

       
30
       
30
       
 
       
        type = settingsFormat.type;

     
···

       
79
       
79
       
 
       


     

       
80
       
80
       
 
       
      powerManagement.enable = lib.mkEnableOption (lib.mdDoc ''

     

       
81
       
81
       
 
       
        experimental power management through systemd. For more information, see

     

       
82
       
82
       
-
       
        the NVIDIA docs, on Chapter 21. Configuring Power Management Support.

     

       
82
       
82
       
+
       
        the NVIDIA docs, on Chapter 21. Configuring Power Management Support

     

       
83
       
83
       
 
       
      '');

     

       
84
       
84
       
 
       


     

       
85
       
85
       
 
       
      powerManagement.finegrained = lib.mkEnableOption (lib.mdDoc ''

     

       
86
       
86
       
 
       
        experimental power management of PRIME offload. For more information, see

     

       
87
       
87
       
-
       
        the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management.

     

       
87
       
87
       
+
       
        the NVIDIA docs, on Chapter 22. PCI-Express Runtime D3 (RTD3) Power Management

     

       
88
       
88
       
 
       
      '');

     

       
89
       
89
       
 
       


     

       
90
       
90
       
 
       
      dynamicBoost.enable = lib.mkEnableOption (lib.mdDoc ''

     

       
91
       
91
       
 
       
        dynamic Boost balances power between the CPU and the GPU for improved

     

       
92
       
92
       
 
       
        performance on supported laptops using the nvidia-powerd daemon. For more

     

       
93
       
93
       
-
       
        information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux.

     

       
93
       
93
       
+
       
        information, see the NVIDIA docs, on Chapter 23. Dynamic Boost on Linux

     

       
94
       
94
       
 
       
      '');

     

       
95
       
95
       
 
       


     

       
96
       
96
       
 
       
      modesetting.enable = lib.mkEnableOption (lib.mdDoc ''

     
···

       
99
       
99
       
 
       
        Enabling this fixes screen tearing when using Optimus via PRIME (see

     

       
100
       
100
       
 
       
        {option}`hardware.nvidia.prime.sync.enable`. This is not enabled

     

       
101
       
101
       
 
       
        by default because it is not officially supported by NVIDIA and would not

     

       
102
       
102
       
-
       
        work with SLI.

     

       
102
       
102
       
+
       
        work with SLI

     

       
103
       
103
       
 
       
      '');

     

       
104
       
104
       
 
       


     

       
105
       
105
       
 
       
      prime.nvidiaBusId = lib.mkOption {

     
···

       
153
       
153
       
 
       


     

       
154
       
154
       
 
       
        Note that this configuration will only be successful when a display manager

     

       
155
       
155
       
 
       
        for which the {option}`services.xserver.displayManager.setupCommands`

     

       
156
       
156
       
-
       
        option is supported is used.

     

       
156
       
156
       
+
       
        option is supported is used

     

       
157
       
157
       
 
       
      '');

     

       
158
       
158
       
 
       


     

       
159
       
159
       
 
       
      prime.allowExternalGpu = lib.mkEnableOption (lib.mdDoc ''

     

       
160
       
160
       
-
       
        configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus.

     

       
160
       
160
       
+
       
        configuring X to allow external NVIDIA GPUs when using Prime [Reverse] sync optimus

     

       
161
       
161
       
 
       
      '');

     

       
162
       
162
       
 
       


     

       
163
       
163
       
 
       
      prime.offload.enable = lib.mkEnableOption (lib.mdDoc ''

     
···

       
166
       
166
       
 
       
        If this is enabled, then the bus IDs of the NVIDIA and Intel/AMD GPUs have to

     

       
167
       
167
       
 
       
        be specified ({option}`hardware.nvidia.prime.nvidiaBusId` and

     

       
168
       
168
       
 
       
        {option}`hardware.nvidia.prime.intelBusId` or

     

       
169
       
169
       
-
       
        {option}`hardware.nvidia.prime.amdgpuBusId`).

     

       
169
       
169
       
+
       
        {option}`hardware.nvidia.prime.amdgpuBusId`)

     

       
170
       
170
       
 
       
      '');

     

       
171
       
171
       
 
       


     

       
172
       
172
       
 
       
      prime.offload.enableOffloadCmd = lib.mkEnableOption (lib.mdDoc ''

     
···

       
174
       
174
       
 
       
        for offloading programs to an nvidia device. To work, should have also enabled

     

       
175
       
175
       
 
       
        {option}`hardware.nvidia.prime.offload.enable` or {option}`hardware.nvidia.prime.reverseSync.enable`.

     

       
176
       
176
       
 
       


     

       
177
       
177
       
-
       
        Example usage `nvidia-offload sauerbraten_client`.

     

       
177
       
177
       
+
       
        Example usage `nvidia-offload sauerbraten_client`

     

       
178
       
178
       
 
       
      '');

     

       
179
       
179
       
 
       


     

       
180
       
180
       
 
       
      prime.reverseSync.enable = lib.mkEnableOption (lib.mdDoc ''

     
···

       
202
       
202
       
 
       


     

       
203
       
203
       
 
       
        Note that this configuration will only be successful when a display manager

     

       
204
       
204
       
 
       
        for which the {option}`services.xserver.displayManager.setupCommands`

     

       
205
       
205
       
-
       
        option is supported is used.

     

       
205
       
205
       
+
       
        option is supported is used

     

       
206
       
206
       
 
       
      '');

     

       
207
       
207
       
 
       


     

       
208
       
208
       
 
       
      nvidiaSettings =

     

       
209
       
209
       
 
       
        (lib.mkEnableOption (lib.mdDoc ''

     

       
210
       
210
       
-
       
          nvidia-settings, NVIDIA's GUI configuration tool.

     

       
210
       
210
       
+
       
          nvidia-settings, NVIDIA's GUI configuration tool

     

       
211
       
211
       
 
       
        ''))

     

       
212
       
212
       
 
       
        // {default = true;};

     

       
213
       
213
       
 
       


     

       
214
       
214
       
 
       
      nvidiaPersistenced = lib.mkEnableOption (lib.mdDoc ''

     

       
215
       
215
       
 
       
        nvidia-persistenced a update for NVIDIA GPU headless mode, i.e.

     

       
216
       
216
       
-
       
        It ensures all GPUs stay awake even during headless mode.

     

       
216
       
216
       
+
       
        It ensures all GPUs stay awake even during headless mode

     

       
217
       
217
       
 
       
      '');

     

       
218
       
218
       
 
       


     

       
219
       
219
       
 
       
      forceFullCompositionPipeline = lib.mkEnableOption (lib.mdDoc ''

     

       
220
       
220
       
 
       
        forcefully the full composition pipeline.

     

       
221
       
221
       
 
       
        This sometimes fixes screen tearing issues.

     

       
222
       
222
       
 
       
        This has been reported to reduce the performance of some OpenGL applications and may produce issues in WebGL.

     

       
223
       
223
       
-
       
        It also drastically increases the time the driver needs to clock down after load.

     

       
223
       
223
       
+
       
        It also drastically increases the time the driver needs to clock down after load

     

       
224
       
224
       
 
       
      '');

     

       
225
       
225
       
 
       


     

       
226
       
226
       
 
       
      package = lib.mkOption {

     

···

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
{

     

       
14
       
14
       
 
       


     

       
15
       
15
       
-
       
  options.hardware.facetimehd.enable = mkEnableOption (lib.mdDoc "facetimehd kernel module");

     

       
15
       
15
       
+
       
  options.hardware.facetimehd.enable = mkEnableOption (lib.mdDoc "the facetimehd kernel module");

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
  options.hardware.facetimehd.withCalibration = mkOption {

     

       
18
       
18
       
 
       
    default = false;

     

···

       
5
       
5
       
 
       


     

       
6
       
6
       
 
       
  inherit (config.nixops) enableDeprecatedAutoLuks;

     

       
7
       
7
       
 
       
in {

     

       
8
       
8
       
-
       
  options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption (lib.mdDoc "Enable the deprecated NixOps AutoLuks module");

     

       
8
       
8
       
+
       
  options.nixops.enableDeprecatedAutoLuks = lib.mkEnableOption (lib.mdDoc "the deprecated NixOps AutoLuks module");

     

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
  config = {

     

       
11
       
11
       
 
       
    assertions = [

     

···

       
8
       
8
       
 
       
  options = {

     

       
9
       
9
       
 
       
    programs.calls = {

     

       
10
       
10
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
11
       
11
       
-
       
        Whether to enable GNOME calls: a phone dialer and call handler.

     

       
11
       
11
       
+
       
        GNOME calls: a phone dialer and call handler

     

       
12
       
12
       
 
       
      '');

     

       
13
       
13
       
 
       
    };

     

       
14
       
14
       
 
       
  };

     

···

       
8
       
8
       
 
       
{

     

       
9
       
9
       
 
       
  options = {

     

       
10
       
10
       
 
       
    programs.cnping = {

     

       
11
       
11
       
-
       
      enable = mkEnableOption (lib.mdDoc "Whether to install a setcap wrapper for cnping");

     

       
11
       
11
       
+
       
      enable = mkEnableOption (lib.mdDoc "a setcap wrapper for cnping");

     

       
12
       
12
       
 
       
    };

     

       
13
       
13
       
 
       
  };

     

       
14
       
14
       
 
       


     

···

       
11
       
11
       
 
       
    enable = lib.mkEnableOption (lib.mdDoc ''

     

       
12
       
12
       
 
       
      direnv integration. Takes care of both installation and

     

       
13
       
13
       
 
       
      setting up the sourcing of the shell. Additionally enables nix-direnv

     

       
14
       
14
       
-
       
      integration. Note that you need to logout and login for this change to apply.

     

       
14
       
14
       
+
       
      integration. Note that you need to logout and login for this change to apply

     

       
15
       
15
       
 
       
    '');

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
    package = lib.mkPackageOptionMD pkgs "direnv" {};

     

···

       
8
       
8
       
 
       
  options = {

     

       
9
       
9
       
 
       
    programs.feedbackd = {

     

       
10
       
10
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
11
       
11
       
-
       
        Whether to enable the feedbackd D-BUS service and udev rules.

     

       
11
       
11
       
+
       
        the feedbackd D-BUS service and udev rules.

     

       
12
       
12
       
 
       


     

       
13
       
13
       
-
       
        Your user needs to be in the `feedbackd` group to trigger effects.

     

       
13
       
13
       
+
       
        Your user needs to be in the `feedbackd` group to trigger effects

     

       
14
       
14
       
 
       
      '');

     

       
15
       
15
       
 
       
      package = mkOption {

     

       
16
       
16
       
 
       
        description = lib.mdDoc ''

     

···

       
9
       
9
       
 
       
      1714 to 1764 as they are needed for it to function properly.

     

       
10
       
10
       
 
       
      You can use the {option}`package` to use

     

       
11
       
11
       
 
       
      `gnomeExtensions.gsconnect` as an alternative

     

       
12
       
12
       
-
       
      implementation if you use Gnome.

     

       
12
       
12
       
+
       
      implementation if you use Gnome

     

       
13
       
13
       
 
       
    '');

     

       
14
       
14
       
 
       
    package = mkOption {

     

       
15
       
15
       
 
       
      default = pkgs.plasma5Packages.kdeconnect-kde;

     

···

       
6
       
6
       
 
       
  meta.maintainers = with lib.maintainers; [ rewine ];

     

       
7
       
7
       
 
       


     

       
8
       
8
       
 
       
  options.programs.wayfire = {

     

       
9
       
9
       
-
       
    enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots.");

     

       
9
       
9
       
+
       
    enable = lib.mkEnableOption (lib.mdDoc "Wayfire, a wayland compositor based on wlroots");

     

       
10
       
10
       
 
       


     

       
11
       
11
       
 
       
    package = lib.mkPackageOptionMD pkgs "wayfire" { };

     

       
12
       
12
       
 
       


     

···

       
359
       
359
       
 
       
      };

     

       
360
       
360
       
 
       


     

       
361
       
361
       
 
       
      features.oracleMode = mkEnableOption (lib.mdDoc ''

     

       
362
       
362
       
-
       
        Destroy snapshots one by one instead of using one long argument list.

     

       
362
       
362
       
+
       
        destroying snapshots one by one instead of using one long argument list.

     

       
363
       
363
       
 
       
        If source and destination are out of sync for a long time, you may have

     

       
364
       
364
       
 
       
        so many snapshots to destroy that the argument gets is too long and the

     

       
365
       
365
       
-
       
        command fails.

     

       
365
       
365
       
+
       
        command fails

     

       
366
       
366
       
 
       
      '');

     

       
367
       
367
       
 
       
      features.recvu = mkEnableOption (lib.mdDoc ''

     

       
368
       
368
       
 
       
        recvu feature which uses `-u` on the receiving end to keep the destination

     

       
369
       
369
       
-
       
        filesystem unmounted.

     

       
369
       
369
       
+
       
        filesystem unmounted

     

       
370
       
370
       
 
       
      '');

     

       
371
       
371
       
 
       
      features.compressed = mkEnableOption (lib.mdDoc ''

     

       
372
       
372
       
 
       
        compressed feature which adds the options `-Lce` to

     
···

       
377
       
377
       
 
       
        support and -e is for embedded data support. see

     

       
378
       
378
       
 
       
        {manpage}`znapzend(1)`

     

       
379
       
379
       
 
       
        and {manpage}`zfs(8)`

     

       
380
       
380
       
-
       
        for more info.

     

       
380
       
380
       
+
       
        for more info

     

       
381
       
381
       
 
       
      '');

     

       
382
       
382
       
 
       
      features.sendRaw = mkEnableOption (lib.mdDoc ''

     

       
383
       
383
       
 
       
        sendRaw feature which adds the options `-w` to the

     
···

       
386
       
386
       
 
       
        backup that can't be read without the encryption key/passphrase, useful

     

       
387
       
387
       
 
       
        when the remote isn't fully trusted or not physically secure. This

     

       
388
       
388
       
 
       
        option must be used consistently, raw incrementals cannot be based on

     

       
389
       
389
       
-
       
        non-raw snapshots and vice versa.

     

       
389
       
389
       
+
       
        non-raw snapshots and vice versa

     

       
390
       
390
       
 
       
      '');

     

       
391
       
391
       
 
       
      features.skipIntermediates = mkEnableOption (lib.mdDoc ''

     

       
392
       
392
       
-
       
        Enable the skipIntermediates feature to send a single increment

     

       
392
       
392
       
+
       
        the skipIntermediates feature to send a single increment

     

       
393
       
393
       
 
       
        between latest common snapshot and the newly made one. It may skip

     

       
394
       
394
       
 
       
        several source snaps if the destination was offline for some time, and

     

       
395
       
395
       
 
       
        it should skip snapshots not managed by znapzend. Normally for online

     

       
396
       
396
       
 
       
        destinations, the new snapshot is sent as soon as it is created on the

     

       
397
       
397
       
-
       
        source, so there are no automatic increments to skip.

     

       
397
       
397
       
+
       
        source, so there are no automatic increments to skip

     

       
398
       
398
       
 
       
      '');

     

       
399
       
399
       
 
       
      features.lowmemRecurse = mkEnableOption (lib.mdDoc ''

     

       
400
       
400
       
 
       
        use lowmemRecurse on systems where you have too many datasets, so a

     

       
401
       
401
       
 
       
        recursive listing of attributes to find backup plans exhausts the

     

       
402
       
402
       
 
       
        memory available to {command}`znapzend`: instead, go the slower

     

       
403
       
403
       
 
       
        way to first list all impacted dataset names, and then query their

     

       
404
       
404
       
-
       
        configs one by one.

     

       
404
       
404
       
+
       
        configs one by one

     

       
405
       
405
       
 
       
      '');

     

       
406
       
406
       
 
       
      features.zfsGetType = mkEnableOption (lib.mdDoc ''

     

       
407
       
407
       
-
       
        use zfsGetType if your {command}`zfs get` supports a

     

       
407
       
407
       
+
       
        using zfsGetType if your {command}`zfs get` supports a

     

       
408
       
408
       
 
       
        `-t` argument for filtering by dataset type at all AND

     

       
409
       
409
       
 
       
        lists properties for snapshots by default when recursing, so that there

     

       
410
       
410
       
 
       
        is too much data to process while searching for backup plans.

     
···

       
412
       
412
       
 
       
        `--recursive` search for backup plans can literally

     

       
413
       
413
       
 
       
        differ by hundreds of times (depending on the amount of snapshots in

     

       
414
       
414
       
 
       
        that dataset tree... and a decent backup plan will ensure you have a lot

     

       
415
       
415
       
-
       
        of those), so you would benefit from requesting this feature.

     

       
415
       
415
       
+
       
        of those), so you would benefit from requesting this feature

     

       
416
       
416
       
 
       
      '');

     

       
417
       
417
       
 
       
    };

     

       
418
       
418
       
 
       
  };

     

···

       
122
       
122
       
 
       
  options.services.cassandra = {

     

       
123
       
123
       
 
       


     

       
124
       
124
       
 
       
    enable = mkEnableOption (lib.mdDoc ''

     

       
125
       
125
       
-
       
      Apache Cassandra – Scalable and highly available database.

     

       
125
       
125
       
+
       
      Apache Cassandra – Scalable and highly available database

     

       
126
       
126
       
 
       
    '');

     

       
127
       
127
       
 
       


     

       
128
       
128
       
 
       
    clusterName = mkOption {

     

···

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
  options = {

     

       
13
       
13
       
 
       
    services.ferretdb = {

     

       
14
       
14
       
-
       
      enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative.";

     

       
14
       
14
       
+
       
      enable = mkEnableOption "FerretDB, an Open Source MongoDB alternative";

     

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
      package = mkOption {

     

       
17
       
17
       
 
       
        type = types.package;

     

···

       
75
       
75
       
 
       
              Note that the NixOS module for Redis disables kernel support

     

       
76
       
76
       
 
       
              for Transparent Huge Pages (THP),

     

       
77
       
77
       
 
       
              because this features causes major performance problems for Redis,

     

       
78
       
78
       
-
       
              e.g. (https://redis.io/topics/latency).

     

       
78
       
78
       
+
       
              e.g. (https://redis.io/topics/latency)

     

       
79
       
79
       
 
       
            '');

     

       
80
       
80
       
 
       


     

       
81
       
81
       
 
       
            user = mkOption {

     

···

       
8
       
8
       
 
       


     

       
9
       
9
       
 
       
  options = {

     

       
10
       
10
       
 
       
    services.surrealdb = {

     

       
11
       
11
       
-
       
      enable = mkEnableOption (lib.mdDoc "A scalable, distributed, collaborative, document-graph database, for the realtime web ");

     

       
11
       
11
       
+
       
      enable = mkEnableOption (lib.mdDoc "SurrealDB, a scalable, distributed, collaborative, document-graph database, for the realtime web");

     

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
      package = mkOption {

     

       
14
       
14
       
 
       
        default = pkgs.surrealdb;

     

···

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
    services.deepin.app-services = {

     

       
16
       
16
       
 
       


     

       
17
       
17
       
-
       
      enable = mkEnableOption (lib.mdDoc "Service collection of DDE applications, including dconfig-center");

     

       
17
       
17
       
+
       
      enable = mkEnableOption (lib.mdDoc "service collection of DDE applications, including dconfig-center");

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
    };

     

       
20
       
20
       
 
       


     

···

       
15
       
15
       
 
       
    services.deepin.dde-api = {

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
      enable = mkEnableOption (lib.mdDoc ''

     

       
18
       
18
       
-
       
        Provides some dbus interfaces that is used for screen zone detecting,

     

       
19
       
19
       
-
       
        thumbnail generating, and sound playing in Deepin Desktop Environment.

     

       
18
       
18
       
+
       
        some dbus interfaces that is used for screen zone detecting,

     

       
19
       
19
       
+
       
        thumbnail generating, and sound playing in Deepin Desktop Environment

     

       
20
       
20
       
 
       
      '');

     

       
21
       
21
       
 
       


     

       
22
       
22
       
 
       
    };

     

···

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
    services.deepin.dde-daemon = {

     

       
16
       
16
       
 
       


     

       
17
       
17
       
-
       
      enable = mkEnableOption (lib.mdDoc "Daemon for handling the deepin session settings");

     

       
17
       
17
       
+
       
      enable = mkEnableOption (lib.mdDoc "daemon for handling the deepin session settings");

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
    };

     

       
20
       
20
       
 
       


     

···

       
24
       
24
       
 
       


     

       
25
       
25
       
 
       
  options = {

     

       
26
       
26
       
 
       
    services.gnome.gnome-browser-connector.enable = mkEnableOption (mdDoc ''

     

       
27
       
27
       
-
       
      Native host connector for the GNOME Shell browser extension, a DBus service

     

       
28
       
28
       
-
       
      allowing to install GNOME Shell extensions from a web browser.

     

       
27
       
27
       
+
       
      native host connector for the GNOME Shell browser extension, a DBus service

     

       
28
       
28
       
+
       
      allowing to install GNOME Shell extensions from a web browser

     

       
29
       
29
       
 
       
    '');

     

       
30
       
30
       
 
       
  };

     

       
31
       
31
       
 
       


     

···

       
7
       
7
       
 
       
{

     

       
8
       
8
       
 
       
  options = {

     

       
9
       
9
       
 
       
    services.supergfxd = {

     

       
10
       
10
       
-
       
      enable = lib.mkEnableOption (lib.mdDoc "Enable the supergfxd service");

     

       
10
       
10
       
+
       
      enable = lib.mkEnableOption (lib.mdDoc "the supergfxd service");

     

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
      settings = lib.mkOption {

     

       
13
       
13
       
 
       
        type = lib.types.nullOr json.type;

     

···

       
9
       
9
       
 
       
{

     

       
10
       
10
       
 
       
  options = {

     

       
11
       
11
       
 
       
    hardware.tuxedo-rs = {

     

       
12
       
12
       
-
       
      enable = mkEnableOption (lib.mdDoc "Rust utilities for interacting with hardware from TUXEDO Computers.");

     

       
12
       
12
       
+
       
      enable = mkEnableOption (lib.mdDoc "Rust utilities for interacting with hardware from TUXEDO Computers");

     

       
13
       
13
       
 
       


     

       
14
       
14
       
-
       
      tailor-gui.enable = mkEnableOption (lib.mdDoc "Alternative to TUXEDO Control Center, written in Rust.");

     

       
14
       
14
       
+
       
      tailor-gui.enable = mkEnableOption (lib.mdDoc "tailor-gui, an alternative to TUXEDO Control Center, written in Rust");

     

       
15
       
15
       
 
       
    };

     

       
16
       
16
       
 
       
  };

     

       
17
       
17
       
 
       


     

···

       
302
       
302
       
 
       


     

       
303
       
303
       
 
       
    enablePAM = mkEnableOption (lib.mdDoc "creating a own Dovecot PAM service and configure PAM user logins") // { default = true; };

     

       
304
       
304
       
 
       


     

       
305
       
305
       
-
       
    enableDHE = mkEnableOption (lib.mdDoc "enable ssl_dh and generation of primes for the key exchange") // { default = true; };

     

       
305
       
305
       
+
       
    enableDHE = mkEnableOption (lib.mdDoc "ssl_dh and generation of primes for the key exchange") // { default = true; };

     

       
306
       
306
       
 
       


     

       
307
       
307
       
 
       
    sieveScripts = mkOption {

     

       
308
       
308
       
 
       
      type = types.attrsOf types.path;

     

···

       
260
       
260
       
 
       
      };

     

       
261
       
261
       
 
       


     

       
262
       
262
       
 
       
      serve = {

     

       
263
       
263
       
-
       
        enable = mkEnableOption (lib.mdDoc "Automatic nginx and uwsgi setup for mailman-web");

     

       
263
       
263
       
+
       
        enable = mkEnableOption (lib.mdDoc "automatic nginx and uwsgi setup for mailman-web");

     

       
264
       
264
       
 
       


     

       
265
       
265
       
 
       
        virtualRoot = mkOption {

     

       
266
       
266
       
 
       
          default = "/";

     
···

       
592
       
592
       
 
       
          # Since the mailman-web settings.py obstinately creates a logs

     

       
593
       
593
       
 
       
          # dir in the cwd, change to the (writable) runtime directory before

     

       
594
       
594
       
 
       
          # starting uwsgi.

     

       
595
       
595
       
-
       
          ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override { plugins = ["python3"]; }}/bin/uwsgi --json ${uwsgiConfigFile}";

     

       
595
       
595
       
+
       
          ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override { plugins = ["python3"]; python3 = webEnv.python; }}/bin/uwsgi --json ${uwsgiConfigFile}";

     

       
596
       
596
       
 
       
          User = cfg.webUser;

     

       
597
       
597
       
 
       
          Group = "mailman";

     

       
598
       
598
       
 
       
          RuntimeDirectory = "mailman-uwsgi";

     

···

       
96
       
96
       
 
       
      type = types.submodule {

     

       
97
       
97
       
 
       
        options = {

     

       
98
       
98
       
 
       
          enable = mkEnableOption (lib.mdDoc ''

     

       
99
       
99
       
-
       
            If true, accessToken is ignored and the username/password below will be

     

       
100
       
100
       
-
       
            used instead. The access token of the bot will be stored in the dataPath.

     

       
99
       
99
       
+
       
            ignoring the accessToken. If true, accessToken is ignored and the username/password below will be

     

       
100
       
100
       
+
       
            used instead. The access token of the bot will be stored in the dataPath

     

       
101
       
101
       
 
       
          '');

     

       
102
       
102
       
 
       


     

       
103
       
103
       
 
       
          username = mkOption {

     

···

       
111
       
111
       
 
       
          (submodule {

     

       
112
       
112
       
 
       
            options = {

     

       
113
       
113
       
 
       
              enable = mkEnableOption (lib.mdDoc ''

     

       
114
       
114
       
-
       
                building of firmware for manual flashing.

     

       
114
       
114
       
+
       
                building of firmware for manual flashing

     

       
115
       
115
       
 
       
              '');

     

       
116
       
116
       
 
       
              enableKlipperFlash = mkEnableOption (lib.mdDoc ''

     

       
117
       
117
       
 
       
                flashings scripts for firmware. This will add `klipper-flash-$mcu` scripts to your environment which can be called to flash the firmware.

     

       
118
       
118
       
-
       
                Please check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash`.

     

       
118
       
118
       
+
       
                Please check the configs at [klipper](https://github.com/Klipper3d/klipper/tree/master/config) whether your board supports flashing via `make flash`

     

       
119
       
119
       
 
       
              '');

     

       
120
       
120
       
 
       
              serial = mkOption {

     

       
121
       
121
       
 
       
                type = types.nullOr path;

     

···

       
40
       
40
       
 
       


     

       
41
       
41
       
 
       
  options.services.packagekit = {

     

       
42
       
42
       
 
       
    enable = mkEnableOption (lib.mdDoc ''

     

       
43
       
43
       
-
       
      PackageKit provides a cross-platform D-Bus abstraction layer for

     

       
43
       
43
       
+
       
      PackageKit, a cross-platform D-Bus abstraction layer for

     

       
44
       
44
       
 
       
      installing software. Software utilizing PackageKit can install

     

       
45
       
45
       
-
       
      software regardless of the package manager.

     

       
45
       
45
       
+
       
      software regardless of the package manager

     

       
46
       
46
       
 
       
    '');

     

       
47
       
47
       
 
       


     

       
48
       
48
       
 
       
    settings = mkOption {

     

···

       
12
       
12
       
 
       
in

     

       
13
       
13
       
 
       
{

     

       
14
       
14
       
 
       
  options.services.rshim = {

     

       
15
       
15
       
-
       
    enable = lib.mkEnableOption (lib.mdDoc "User-space rshim driver for the BlueField SoC");

     

       
15
       
15
       
+
       
    enable = lib.mkEnableOption (lib.mdDoc "user-space rshim driver for the BlueField SoC");

     

       
16
       
16
       
 
       


     

       
17
       
17
       
 
       
    package = lib.mkPackageOptionMD pkgs "rshim-user-space" { };

     

       
18
       
18
       
 
       


     

···

       
438
       
438
       
 
       
        };

     

       
439
       
439
       
 
       


     

       
440
       
440
       
 
       
        options."lists.sr.ht" = commonServiceSettings "lists" // {

     

       
441
       
441
       
-
       
          allow-new-lists = mkEnableOption (lib.mdDoc "Allow creation of new lists");

     

       
441
       
441
       
+
       
          allow-new-lists = mkEnableOption (lib.mdDoc "creation of new lists");

     

       
442
       
442
       
 
       
          notify-from = mkOption {

     

       
443
       
443
       
 
       
            description = lib.mdDoc "Outgoing email for notifications generated by users.";

     

       
444
       
444
       
 
       
            type = types.str;

     

···

       
9
       
9
       
 
       


     

       
10
       
10
       
 
       
  options = {

     

       
11
       
11
       
 
       
    services.tp-auto-kbbl = {

     

       
12
       
12
       
-
       
      enable = mkEnableOption (lib.mdDoc "Auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux");

     

       
12
       
12
       
+
       
      enable = mkEnableOption (lib.mdDoc "auto toggle keyboard back-lighting on Thinkpads (and maybe other laptops) for Linux");

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
      package = mkOption {

     

       
15
       
15
       
 
       
        type = types.package;

     

···

       
67
       
67
       
 
       
  options = {

     

       
68
       
68
       
 
       
    services.zoneminder = with lib; {

     

       
69
       
69
       
 
       
      enable = lib.mkEnableOption (lib.mdDoc ''

     

       
70
       
70
       
-
       
        ZoneMinder

     

       
70
       
70
       
+
       
        ZoneMinder.

     

       
71
       
71
       
 
       


     

       
72
       
72
       
 
       
        If you intend to run the database locally, you should set

     

       
73
       
73
       
 
       
        `config.services.zoneminder.database.createLocally` to true. Otherwise,

     

       
74
       
74
       
 
       
        when set to `false` (the default), you will have to create the database

     

       
75
       
75
       
 
       
        and database user as well as populate the database yourself.

     

       
76
       
76
       
 
       
        Additionally, you will need to run `zmupdate.pl` yourself when

     

       
77
       
77
       
-
       
        upgrading to a newer version.

     

       
77
       
77
       
+
       
        upgrading to a newer version

     

       
78
       
78
       
 
       
      '');

     

       
79
       
79
       
 
       


     

       
80
       
80
       
 
       
      webserver = mkOption {

     

···

       
11
       
11
       
 
       


     

       
12
       
12
       
 
       
    # the upstream package runs as root, but doesn't seem to be strictly

     

       
13
       
13
       
 
       
    # necessary for basic functionality

     

       
14
       
14
       
-
       
    runAsRoot = mkEnableOption (lib.mdDoc "Whether to run as root");

     

       
14
       
14
       
+
       
    runAsRoot = mkEnableOption (lib.mdDoc "running as root");

     

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
    autoRetirement = mkEnableOption (lib.mdDoc ''

     

       
17
       
17
       
-
       
      Whether to automatically retire the host upon OS shutdown.

     

       
17
       
17
       
+
       
      retiring the host upon OS shutdown

     

       
18
       
18
       
 
       
    '');

     

       
19
       
19
       
 
       


     

       
20
       
20
       
 
       
    apiKeyFile = mkOption {

     
···

       
59
       
59
       
 
       
        };

     

       
60
       
60
       
 
       


     

       
61
       
61
       
 
       
        options.diagnostic =

     

       
62
       
62
       
-
       
          mkEnableOption (lib.mdDoc "Collect memory usage for the agent itself");

     

       
62
       
62
       
+
       
          mkEnableOption (lib.mdDoc "collecting memory usage for the agent itself");

     

       
63
       
63
       
 
       
      };

     

       
64
       
64
       
 
       
    };

     

       
65
       
65
       
 
       
  };

     

···

       
11
       
11
       
 
       
    ({ options.warnings = options.warnings; options.assertions = options.assertions; })

     

       
12
       
12
       
 
       
  ];

     

       
13
       
13
       
 
       
  extraOpts = {

     

       
14
       
14
       
-
       
    verbose = mkEnableOption (lib.mdDoc "Verbose logging mode for prometheus-wireguard-exporter");

     

       
14
       
14
       
+
       
    verbose = mkEnableOption (lib.mdDoc "verbose logging mode for prometheus-wireguard-exporter");

     

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
    wireguardConfig = mkOption {

     

       
17
       
17
       
 
       
      type = with types; nullOr (either path str);

     

···

       
177
       
177
       
 
       


     

       
178
       
178
       
 
       
        backup = {

     

       
179
       
179
       
 
       
          enable = mkEnableOption (lib.mdDoc ''

     

       
180
       
180
       
-
       
            Backup server role. When using OpenAFS built-in buserver, use in conjunction with the

     

       
180
       
180
       
+
       
            the backup server role. When using OpenAFS built-in buserver, use in conjunction with the

     

       
181
       
181
       
 
       
            `database` role to maintain the Backup

     

       
182
       
182
       
 
       
            Database. Normally only used in conjunction with tape storage

     

       
183
       
183
       
 
       
            or IBM's Tivoli Storage Manager.

     

       
184
       
184
       
 
       


     

       
185
       
185
       
 
       
            For a modern backup server, enable this role and see

     

       
186
       
186
       
-
       
            {option}`enableFabs`.

     

       
186
       
186
       
+
       
            {option}`enableFabs`

     

       
187
       
187
       
 
       
          '');

     

       
188
       
188
       
 
       


     

       
189
       
189
       
 
       
          enableFabs = mkEnableOption (lib.mdDoc ''

     

···

       
8
       
8
       
 
       
in {

     

       
9
       
9
       
 
       
  options = {

     

       
10
       
10
       
 
       
    services.create_ap = {

     

       
11
       
11
       
-
       
      enable = mkEnableOption (lib.mdDoc "setup wifi hotspots using create_ap");

     

       
11
       
11
       
+
       
      enable = mkEnableOption (lib.mdDoc "setting up wifi hotspots using create_ap");

     

       
12
       
12
       
 
       
      settings = mkOption {

     

       
13
       
13
       
 
       
        type = with types; attrsOf (oneOf [ int bool str ]);

     

       
14
       
14
       
 
       
        default = {};

     

···

       
14
       
14
       
 
       
  options = {

     

       
15
       
15
       
 
       
    services.dae = with lib;{

     

       
16
       
16
       
 
       
      enable = mkEnableOption

     

       
17
       
17
       
-
       
        (mdDoc "A Linux high-performance transparent proxy solution based on eBPF");

     

       
17
       
17
       
+
       
        (mdDoc "dae, a Linux high-performance transparent proxy solution based on eBPF");

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
      package = mkPackageOptionMD pkgs "dae" { };

     

       
20
       
20
       
 
       


     
···

       
46
       
46
       
 
       
      openFirewall = mkOption {

     

       
47
       
47
       
 
       
        type = with types; submodule {

     

       
48
       
48
       
 
       
          options = {

     

       
49
       
49
       
-
       
            enable = mkEnableOption "enable";

     

       
49
       
49
       
+
       
            enable = mkEnableOption (mdDoc "opening {option}`port` in the firewall");

     

       
50
       
50
       
 
       
            port = mkOption {

     

       
51
       
51
       
 
       
              type = types.port;

     

       
52
       
52
       
 
       
              description = ''

     
···

       
91
       
91
       
 
       
      };

     

       
92
       
92
       
 
       


     

       
93
       
93
       
 
       
      disableTxChecksumIpGeneric =

     

       
94
       
94
       
-
       
        mkEnableOption (mdDoc "See <https://github.com/daeuniverse/dae/issues/43>");

     

       
94
       
94
       
+
       
        mkEnableOption "" // { description = mdDoc "See <https://github.com/daeuniverse/dae/issues/43>"; };

     

       
95
       
95
       
 
       


     

       
96
       
96
       
 
       
    };

     

       
97
       
97
       
 
       
  };

     

···

       
54
       
54
       
 
       
      description = "TCP port for the WebSocket.";

     

       
55
       
55
       
 
       
    };

     

       
56
       
56
       
 
       


     

       
57
       
57
       
-
       
    openFirewall = lib.mkEnableOption "open up the service ports in the firewall";

     

       
57
       
57
       
+
       
    openFirewall = lib.mkEnableOption "opening up the service ports in the firewall";

     

       
58
       
58
       
 
       


     

       
59
       
59
       
-
       
    allowRebootSystem = lib.mkEnableOption "allow rebooting the system";

     

       
59
       
59
       
+
       
    allowRebootSystem = lib.mkEnableOption "rebooting the system";

     

       
60
       
60
       
 
       


     

       
61
       
61
       
-
       
    allowRestartService = lib.mkEnableOption "allow killing/restarting processes";

     

       
61
       
61
       
+
       
    allowRestartService = lib.mkEnableOption "killing/restarting processes";

     

       
62
       
62
       
 
       


     

       
63
       
63
       
-
       
    allowSetSystemTime = lib.mkEnableOption "allow setting the system time";

     

       
63
       
63
       
+
       
    allowSetSystemTime = lib.mkEnableOption "setting the system time";

     

       
64
       
64
       
 
       


     

       
65
       
65
       
 
       
    extraArgs = lib.mkOption {

     

       
66
       
66
       
 
       
      type = lib.types.listOf lib.types.str;

     

···

       
9
       
9
       
 
       
  configFile = settingsFormat.generate "config.yaml" cfg.config;

     

       
10
       
10
       
 
       
in {

     

       
11
       
11
       
 
       
  options.services.go-neb = {

     

       
12
       
12
       
-
       
    enable = mkEnableOption (lib.mdDoc "Extensible matrix bot written in Go");

     

       
12
       
12
       
+
       
    enable = mkEnableOption (lib.mdDoc "an extensible matrix bot written in Go");

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
    bindAddress = mkOption {

     

       
15
       
15
       
 
       
      type = types.str;

     

···

       
116
       
116
       
 
       
  options = {

     

       
117
       
117
       
 
       
    services.hostapd = {

     

       
118
       
118
       
 
       
      enable = mkEnableOption (mdDoc ''

     

       
119
       
119
       
-
       
        Whether to enable hostapd. hostapd is a user space daemon for access point and

     

       
119
       
119
       
+
       
        hostapd, a user space daemon for access point and

     

       
120
       
120
       
 
       
        authentication servers. It implements IEEE 802.11 access point management,

     

       
121
       
121
       
 
       
        IEEE 802.1X/WPA/WPA2/EAP Authenticators, RADIUS client, EAP server, and RADIUS

     

       
122
       
122
       
-
       
        authentication server.

     

       
122
       
122
       
+
       
        authentication server

     

       
123
       
123
       
 
       
      '');

     

       
124
       
124
       
 
       


     

       
125
       
125
       
 
       
      package = mkPackageOption pkgs "hostapd" {};

     

···

       
272
       
272
       
 
       
    };

     

       
273
       
273
       
 
       


     

       
274
       
274
       
 
       
    faxcron.enable.spoolInit = mkEnableOption (lib.mdDoc ''

     

       
275
       
275
       
-
       
      Purge old files from the spooling area with

     

       
275
       
275
       
+
       
      purging old files from the spooling area with

     

       
276
       
276
       
 
       
      {file}`faxcron`

     

       
277
       
277
       
-
       
      each time the spooling area is initialized.

     

       
277
       
277
       
+
       
      each time the spooling area is initialized

     

       
278
       
278
       
 
       
    '');

     

       
279
       
279
       
 
       
    faxcron.enable.frequency = mkOption {

     

       
280
       
280
       
 
       
      type = nullOr nonEmptyStr;

     

       
281
       
281
       
 
       
      default = null;

     

       
282
       
282
       
 
       
      example = "daily";

     

       
283
       
283
       
 
       
      description = lib.mdDoc ''

     

       
284
       
284
       
-
       
        Purge old files from the spooling area with

     

       
284
       
284
       
+
       
        purging old files from the spooling area with

     

       
285
       
285
       
 
       
        {file}`faxcron` with the given frequency

     

       
286
       
286
       
-
       
        (see systemd.time(7)).

     

       
286
       
286
       
+
       
        (see systemd.time(7))

     

       
287
       
287
       
 
       
      '';

     

       
288
       
288
       
 
       
    };

     

       
289
       
289
       
 
       
    faxcron.infoDays = mkOption {

     

···

       
265
       
265
       
 
       
        '';

     

       
266
       
266
       
 
       
      };

     

       
267
       
267
       
 
       


     

       
268
       
268
       
-
       
      logCLFTime = mkEnableOption (lib.mdDoc "Full CLF-formatted date and time to log");

     

       
268
       
268
       
+
       
      logCLFTime = mkEnableOption (lib.mdDoc "full CLF-formatted date and time to log");

     

       
269
       
269
       
 
       


     

       
270
       
270
       
 
       
      address = mkOption {

     

       
271
       
271
       
 
       
        type = with types; nullOr str;

     
···

       
456
       
456
       
 
       
        '';

     

       
457
       
457
       
 
       
      };

     

       
458
       
458
       
 
       


     

       
459
       
459
       
-
       
      trust.enable = mkEnableOption (lib.mdDoc "Explicit trust options");

     

       
459
       
459
       
+
       
      trust.enable = mkEnableOption (lib.mdDoc "explicit trust options");

     

       
460
       
460
       
 
       


     

       
461
       
461
       
 
       
      trust.family = mkOption {

     

       
462
       
462
       
 
       
        type = with types; nullOr str;

     
···

       
474
       
474
       
 
       
        '';

     

       
475
       
475
       
 
       
      };

     

       
476
       
476
       
 
       


     

       
477
       
477
       
-
       
      trust.hidden = mkEnableOption (lib.mdDoc "Router concealment");

     

       
477
       
477
       
+
       
      trust.hidden = mkEnableOption (lib.mdDoc "router concealment");

     

       
478
       
478
       
 
       


     

       
479
       
479
       
 
       
      websocket = mkEndpointOpt "websockets" "127.0.0.1" 7666;

     

       
480
       
480
       
 
       


     
···

       
552
       
552
       
 
       


     

       
553
       
553
       
 
       
      proto.http = (mkEndpointOpt "http" "127.0.0.1" 7070) // {

     

       
554
       
554
       
 
       


     

       
555
       
555
       
-
       
        auth = mkEnableOption (lib.mdDoc "Webconsole authentication");

     

       
555
       
555
       
+
       
        auth = mkEnableOption (lib.mdDoc "webconsole authentication");

     

       
556
       
556
       
 
       


     

       
557
       
557
       
 
       
        user = mkOption {

     

       
558
       
558
       
 
       
          type = types.str;

     

···

       
7
       
7
       
 
       
    enable = mkEnableOption (lib.mdDoc "the openiscsi iscsi daemon");

     

       
8
       
8
       
 
       
    enableAutoLoginOut = mkEnableOption (lib.mdDoc ''

     

       
9
       
9
       
 
       
      automatic login and logout of all automatic targets.

     

       
10
       
10
       
-
       
      You probably do not want this.

     

       
10
       
10
       
+
       
      You probably do not want this

     

       
11
       
11
       
 
       
    '');

     

       
12
       
12
       
 
       
    discoverPortal = mkOption {

     

       
13
       
13
       
 
       
      type = nullOr str;

     

···

       
10
       
10
       
 
       
  };

     

       
11
       
11
       
 
       
  options = {

     

       
12
       
12
       
 
       
    services.nar-serve = {

     

       
13
       
13
       
-
       
      enable = mkEnableOption (lib.mdDoc "Serve NAR file contents via HTTP");

     

       
13
       
13
       
+
       
      enable = mkEnableOption (lib.mdDoc "serving NAR file contents via HTTP");

     

       
14
       
14
       
 
       


     

       
15
       
15
       
 
       
      port = mkOption {

     

       
16
       
16
       
 
       
        type = types.port;

     

···

       
103
       
103
       
 
       
      '';

     

       
104
       
104
       
 
       
    };

     

       
105
       
105
       
 
       


     

       
106
       
106
       
-
       
    networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "Flush the entire ruleset on each reload.");

     

       
106
       
106
       
+
       
    networking.nftables.flushRuleset = mkEnableOption (lib.mdDoc "flushing the entire ruleset on each reload");

     

       
107
       
107
       
 
       


     

       
108
       
108
       
 
       
    networking.nftables.extraDeletions = mkOption {

     

       
109
       
109
       
 
       
      type = types.lines;

     

···

       
8
       
8
       
 
       
{

     

       
9
       
9
       
 
       
  options = {

     

       
10
       
10
       
 
       
    services.snowflake-proxy = {

     

       
11
       
11
       
-
       
      enable = mkEnableOption (lib.mdDoc "System to defeat internet censorship");

     

       
11
       
11
       
+
       
      enable = mkEnableOption (lib.mdDoc "snowflake-proxy, a system to defeat internet censorship");

     

       
12
       
12
       
 
       


     

       
13
       
13
       
 
       
      broker = mkOption {

     

       
14
       
14
       
 
       
        description = lib.mdDoc "Broker URL (default \"https://snowflake-broker.torproject.net/\")";

     

···

       
116
       
116
       
 
       
      };

     

       
117
       
117
       
 
       


     

       
118
       
118
       
 
       
      persistentKeys = mkEnableOption (lib.mdDoc ''

     

       
119
       
119
       
-
       
        If enabled then keys will be generated once and Yggdrasil

     

       
119
       
119
       
+
       
        persistent keys. If enabled then keys will be generated once and Yggdrasil

     

       
120
       
120
       
 
       
        will retain the same IPv6 address when the service is

     

       
121
       
121
       
-
       
        restarted. Keys are stored at ${keysPath}.

     

       
121
       
121
       
+
       
        restarted. Keys are stored at ${keysPath}

     

       
122
       
122
       
 
       
      '');

     

       
123
       
123
       
 
       


     

       
124
       
124
       
 
       
      extraArgs = mkOption {

     

···

       
11
       
11
       
 
       
in

     

       
12
       
12
       
 
       
{

     

       
13
       
13
       
 
       
  options.services.earlyoom = {

     

       
14
       
14
       
-
       
    enable = mkEnableOption (lib.mdDoc "Early out of memory killing");

     

       
14
       
14
       
+
       
    enable = mkEnableOption (lib.mdDoc "early out of memory killing");

     

       
15
       
15
       
 
       


     

       
16
       
16
       
 
       
    freeMemThreshold = mkOption {

     

       
17
       
17
       
 
       
      type = types.ints.between 1 100;

     

···

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
      WARNING: enabling this option (while convenient) should *not* be done on a

     

       
15
       
15
       
 
       
      machine where you do not trust the other users as it allows any other

     

       
16
       
16
       
-
       
      local user to DoS your session by spamming notifications.

     

       
16
       
16
       
+
       
      local user to DoS your session by spamming notifications

     

       
17
       
17
       
 
       
    '');

     

       
18
       
18
       
 
       
  };

     

       
19
       
19
       
 
       


     

···

       
14
       
14
       
 
       
in {

     

       
15
       
15
       
 
       
  options = {

     

       
16
       
16
       
 
       
    services.flexget = {

     

       
17
       
17
       
-
       
      enable = mkEnableOption (lib.mdDoc "Run FlexGet Daemon");

     

       
17
       
17
       
+
       
      enable = mkEnableOption (lib.mdDoc "FlexGet daemon");

     

       
18
       
18
       
 
       


     

       
19
       
19
       
 
       
      package = mkPackageOptionMD pkgs "flexget" {};

     

       
20
       
20
       
 
       


     

···

       
40
       
40
       
 
       
      };

     

       
41
       
41
       
 
       


     

       
42
       
42
       
 
       
      allowVideoAccess = lib.mkEnableOption (lib.mdDoc ''

     

       
43
       
43
       
-
       
        Enable access to video devices like cameras on the system.

     

       
43
       
43
       
+
       
        access to video devices like cameras on the system

     

       
44
       
44
       
 
       
      '');

     

       
45
       
45
       
 
       
    };

     

       
46
       
46
       
 
       
  };

     

···

       
69
       
69
       
 
       
in

     

       
70
       
70
       
 
       
{

     

       
71
       
71
       
 
       
  options.services.cloudlog = with types; {

     

       
72
       
72
       
-
       
    enable = mkEnableOption (mdDoc "Whether to enable Cloudlog");

     

       
72
       
72
       
+
       
    enable = mkEnableOption (mdDoc "Cloudlog");

     

       
73
       
73
       
 
       
    dataDir = mkOption {

     

       
74
       
74
       
 
       
      type = str;

     

       
75
       
75
       
 
       
      default = "/var/lib/cloudlog";

     

···

       
1
       
1
       
 
       
{ config, lib, pkgs, ... }:

     

       
2
       
2
       
 
       


     

       
3
       
3
       
 
       
let

     

       
4
       
4
       
-
       
  inherit (lib) literalExpression mdDoc mkEnableOption mkIf mkOption mkPackageOptionMD mkRenamedOptionModule types versionAtLeast;

     

       
4
       
4
       
+
       
  inherit (lib) mkOption types mdDoc literalExpression;

     

       
5
       
5
       
 
       


     

       
6
       
6
       
 
       
  cfg = config.services.hedgedoc;

     

       
7
       
7
       
 
       


     
···

       
9
       
9
       
 
       
  # versionAtLeast statement remains set to 21.03 for backwards compatibility.

     

       
10
       
10
       
 
       
  # See https://github.com/NixOS/nixpkgs/pull/108899 and

     

       
11
       
11
       
 
       
  # https://github.com/NixOS/rfcs/blob/master/rfcs/0080-nixos-release-schedule.md.

     

       
12
       
12
       
-
       
  name = if versionAtLeast config.system.stateVersion "21.03"

     

       
13
       
13
       
-
       
    then "hedgedoc"

     

       
14
       
14
       
-
       
    else "codimd";

     

       
15
       
15
       
-
       


     

       
16
       
16
       
-
       
  settingsFormat = pkgs.formats.json {};

     

       
12
       
12
       
+
       
  name = if lib.versionAtLeast config.system.stateVersion "21.03" then

     

       
13
       
13
       
+
       
    "hedgedoc"

     

       
14
       
14
       
+
       
  else

     

       
15
       
15
       
+
       
    "codimd";

     

       
17
       
16
       
 
       


     

       
18
       
18
       
-
       
  prettyJSON = conf:

     

       
19
       
19
       
-
       
    pkgs.runCommandLocal "hedgedoc-config.json" {

     

       
20
       
20
       
-
       
      nativeBuildInputs = [ pkgs.jq ];

     

       
21
       
21
       
-
       
    } ''

     

       
22
       
22
       
-
       
      jq '{production:del(.[]|nulls)|del(.[][]?|nulls)}' \

     

       
23
       
23
       
-
       
        < ${settingsFormat.generate "hedgedoc-ugly.json" cfg.settings} \

     

       
24
       
24
       
-
       
        > $out

     

       
25
       
25
       
-
       
    '';

     

       
17
       
17
       
+
       
  settingsFormat = pkgs.formats.json { };

     

       
26
       
18
       
 
       
in

     

       
27
       
19
       
 
       
{

     

       
20
       
20
       
+
       
  meta.maintainers = with lib.maintainers; [ SuperSandro2000 h7x4 ];

     

       
21
       
21
       
+
       


     

       
28
       
22
       
 
       
  imports = [

     

       
29
       
29
       
-
       
    (mkRenamedOptionModule [ "services" "codimd" ] [ "services" "hedgedoc" ])

     

       
30
       
30
       
-
       
    (mkRenamedOptionModule

     

       
31
       
31
       
-
       
      [ "services" "hedgedoc" "configuration" ] [ "services" "hedgedoc" "settings" ])

     

       
23
       
23
       
+
       
    (lib.mkRenamedOptionModule [ "services" "codimd" ] [ "services" "hedgedoc" ])

     

       
24
       
24
       
+
       
    (lib.mkRenamedOptionModule [ "services" "hedgedoc" "configuration" ] [ "services" "hedgedoc" "settings" ])

     

       
25
       
25
       
+
       
    (lib.mkRenamedOptionModule [ "services" "hedgedoc" "groups" ] [ "users" "users" "hedgedoc" "extraGroups" ])

     

       
26
       
26
       
+
       
    (lib.mkRemovedOptionModule [ "services" "hedgedoc" "workDir" ] ''

     

       
27
       
27
       
+
       
      This option has been removed in favor of systemd managing the state directory.

     

       
28
       
28
       
+
       


     

       
29
       
29
       
+
       
      If you have set this option without specifying `services.settings.uploadsDir`,

     

       
30
       
30
       
+
       
      please move these files to `/var/lib/hedgedoc/uploads`, or set the option to point

     

       
31
       
31
       
+
       
      at the correct location.

     

       
32
       
32
       
+
       
    '')

     

       
32
       
33
       
 
       
  ];

     

       
33
       
34
       
 
       


     

       
34
       
35
       
 
       
  options.services.hedgedoc = {

     

       
35
       
35
       
-
       
    package = mkPackageOptionMD pkgs "hedgedoc" { };

     

       
36
       
36
       
-
       
    enable = mkEnableOption (lib.mdDoc "the HedgeDoc Markdown Editor");

     

       
36
       
36
       
+
       
    package = lib.mkPackageOptionMD pkgs "hedgedoc" { };

     

       
37
       
37
       
+
       
    enable = lib.mkEnableOption (mdDoc "the HedgeDoc Markdown Editor");

     

       
37
       
38
       
 
       


     

       
38
       
38
       
-
       
    groups = mkOption {

     

       
39
       
39
       
-
       
      type = types.listOf types.str;

     

       
40
       
40
       
-
       
      default = [];

     

       
41
       
41
       
-
       
      description = lib.mdDoc ''

     

       
42
       
42
       
-
       
        Groups to which the service user should be added.

     

       
43
       
43
       
-
       
      '';

     

       
44
       
44
       
-
       
    };

     

       
45
       
45
       
-
       


     

       
46
       
46
       
-
       
    workDir = mkOption {

     

       
47
       
47
       
-
       
      type = types.path;

     

       
48
       
48
       
-
       
      default = "/var/lib/${name}";

     

       
49
       
49
       
-
       
      description = lib.mdDoc ''

     

       
50
       
50
       
-
       
        Working directory for the HedgeDoc service.

     

       
51
       
51
       
-
       
      '';

     

       
52
       
52
       
-
       
    };

     

       
39
       
39
       
+
       
    settings = mkOption {

     

       
40
       
40
       
+
       
      type = types.submodule {

     

       
41
       
41
       
+
       
        freeformType = settingsFormat.type;

     

       
42
       
42
       
+
       
        options = {

     

       
43
       
43
       
+
       
          domain = mkOption {

     

       
44
       
44
       
+
       
            type = with types; nullOr str;

     

       
45
       
45
       
+
       
            default = null;

     

       
46
       
46
       
+
       
            example = "hedgedoc.org";

     

       
47
       
47
       
+
       
            description = mdDoc ''

     

       
48
       
48
       
+
       
              Domain to use for website.

     

       
53
       
49
       
 
       


     

       
54
       
54
       
-
       
    settings = let options = {

     

       
55
       
55
       
-
       
      debug = mkEnableOption (lib.mdDoc "debug mode");

     

       
56
       
56
       
-
       
      domain = mkOption {

     

       
57
       
57
       
-
       
        type = types.nullOr types.str;

     

       
58
       
58
       
-
       
        default = null;

     

       
59
       
59
       
-
       
        example = "hedgedoc.org";

     

       
60
       
60
       
-
       
        description = lib.mdDoc ''

     

       
61
       
61
       
-
       
          Domain name for the HedgeDoc instance.

     

       
62
       
62
       
-
       
        '';

     

       
63
       
63
       
-
       
      };

     

       
64
       
64
       
-
       
      urlPath = mkOption {

     

       
65
       
65
       
-
       
        type = types.nullOr types.str;

     

       
66
       
66
       
-
       
        default = null;

     

       
67
       
67
       
-
       
        example = "/url/path/to/hedgedoc";

     

       
68
       
68
       
-
       
        description = lib.mdDoc ''

     

       
69
       
69
       
-
       
          Path under which HedgeDoc is accessible.

     

       
70
       
70
       
-
       
        '';

     

       
71
       
71
       
-
       
      };

     

       
72
       
72
       
-
       
      host = mkOption {

     

       
73
       
73
       
-
       
        type = types.str;

     

       
74
       
74
       
-
       
        default = "localhost";

     

       
75
       
75
       
-
       
        description = lib.mdDoc ''

     

       
76
       
76
       
-
       
          Address to listen on.

     

       
77
       
77
       
-
       
        '';

     

       
78
       
78
       
-
       
      };

     

       
79
       
79
       
-
       
      port = mkOption {

     

       
80
       
80
       
-
       
        type = types.port;

     

       
81
       
81
       
-
       
        default = 3000;

     

       
82
       
82
       
-
       
        example = 80;

     

       
83
       
83
       
-
       
        description = lib.mdDoc ''

     

       
84
       
84
       
-
       
          Port to listen on.

     

       
85
       
85
       
-
       
        '';

     

       
86
       
86
       
-
       
      };

     

       
87
       
87
       
-
       
      path = mkOption {

     

       
88
       
88
       
-
       
        type = types.nullOr types.str;

     

       
89
       
89
       
-
       
        default = null;

     

       
90
       
90
       
-
       
        example = "/run/hedgedoc.sock";

     

       
91
       
91
       
-
       
        description = lib.mdDoc ''

     

       
92
       
92
       
-
       
          Specify where a UNIX domain socket should be placed.

     

       
93
       
93
       
-
       
        '';

     

       
94
       
94
       
-
       
      };

     

       
95
       
95
       
-
       
      allowOrigin = mkOption {

     

       
96
       
96
       
-
       
        type = types.listOf types.str;

     

       
97
       
97
       
-
       
        default = [];

     

       
98
       
98
       
-
       
        example = [ "localhost" "hedgedoc.org" ];

     

       
99
       
99
       
-
       
        description = lib.mdDoc ''

     

       
100
       
100
       
-
       
          List of domains to whitelist.

     

       
101
       
101
       
-
       
        '';

     

       
102
       
102
       
-
       
      };

     

       
103
       
103
       
-
       
      useSSL = mkOption {

     

       
104
       
104
       
-
       
        type = types.bool;

     

       
105
       
105
       
-
       
        default = false;

     

       
106
       
106
       
-
       
        description = lib.mdDoc ''

     

       
107
       
107
       
-
       
          Enable to use SSL server. This will also enable

     

       
108
       
108
       
-
       
          {option}`protocolUseSSL`.

     

       
109
       
109
       
-
       
        '';

     

       
110
       
110
       
-
       
      };

     

       
111
       
111
       
-
       
      enableStatsApi = mkOption {

     

       
112
       
112
       
-
       
        type = types.bool;

     

       
113
       
113
       
-
       
        default = false;

     

       
114
       
114
       
-
       
        description = lib.mdDoc ''

     

       
115
       
115
       
-
       
          Enables or disables the /status and /metrics endpoint.

     

       
116
       
116
       
-
       
        '';

     

       
117
       
117
       
-
       
      };

     

       
118
       
118
       
-
       
      hsts = {

     

       
119
       
119
       
-
       
        enable = mkOption {

     

       
120
       
120
       
-
       
          type = types.bool;

     

       
121
       
121
       
-
       
          default = true;

     

       
122
       
122
       
-
       
          description = lib.mdDoc ''

     

       
123
       
123
       
-
       
            Whether to enable HSTS if HTTPS is also enabled.

     

       
124
       
124
       
-
       
          '';

     

       
125
       
125
       
-
       
        };

     

       
126
       
126
       
-
       
        maxAgeSeconds = mkOption {

     

       
127
       
127
       
-
       
          type = types.int;

     

       
128
       
128
       
-
       
          default = 31536000;

     

       
129
       
129
       
-
       
          description = lib.mdDoc ''

     

       
130
       
130
       
-
       
            Max duration for clients to keep the HSTS status.

     

       
131
       
131
       
-
       
          '';

     

       
132
       
132
       
-
       
        };

     

       
133
       
133
       
-
       
        includeSubdomains = mkOption {

     

       
134
       
134
       
-
       
          type = types.bool;

     

       
135
       
135
       
-
       
          default = true;

     

       
136
       
136
       
-
       
          description = lib.mdDoc ''

     

       
137
       
137
       
-
       
            Whether to include subdomains in HSTS.

     

       
138
       
138
       
-
       
          '';

     

       
139
       
139
       
-
       
        };

     

       
140
       
140
       
-
       
        preload = mkOption {

     

       
141
       
141
       
-
       
          type = types.bool;

     

       
142
       
142
       
-
       
          default = true;

     

       
143
       
143
       
-
       
          description = lib.mdDoc ''

     

       
144
       
144
       
-
       
            Whether to allow preloading of the site's HSTS status.

     

       
145
       
145
       
-
       
          '';

     

       
146
       
146
       
-
       
        };

     

       
147
       
147
       
-
       
      };

     

       
148
       
148
       
-
       
      csp = mkOption {

     

       
149
       
149
       
-
       
        type = types.nullOr types.attrs;

     

       
150
       
150
       
-
       
        default = null;

     

       
151
       
151
       
-
       
        example = literalExpression ''

     

       
152
       
152
       
-
       
          {

     

       
153
       
153
       
-
       
            enable = true;

     

       
154
       
154
       
-
       
            directives = {

     

       
155
       
155
       
-
       
              scriptSrc = "trustworthy.scripts.example.com";

     

       
156
       
156
       
-
       
            };

     

       
157
       
157
       
-
       
            upgradeInsecureRequest = "auto";

     

       
158
       
158
       
-
       
            addDefaults = true;

     

       
159
       
159
       
-
       
          }

     

       
160
       
160
       
-
       
        '';

     

       
161
       
161
       
-
       
        description = lib.mdDoc ''

     

       
162
       
162
       
-
       
          Specify the Content Security Policy which is passed to Helmet.

     

       
163
       
163
       
-
       
          For configuration details see <https://helmetjs.github.io/docs/csp/>.

     

       
164
       
164
       
-
       
        '';

     

       
165
       
165
       
-
       
      };

     

       
166
       
166
       
-
       
      protocolUseSSL = mkOption {

     

       
167
       
167
       
-
       
        type = types.bool;

     

       
168
       
168
       
-
       
        default = false;

     

       
169
       
169
       
-
       
        description = lib.mdDoc ''

     

       
170
       
170
       
-
       
          Enable to use TLS for resource paths.

     

       
171
       
171
       
-
       
          This only applies when {option}`domain` is set.

     

       
172
       
172
       
-
       
        '';

     

       
173
       
173
       
-
       
      };

     

       
174
       
174
       
-
       
      urlAddPort = mkOption {

     

       
175
       
175
       
-
       
        type = types.bool;

     

       
176
       
176
       
-
       
        default = false;

     

       
177
       
177
       
-
       
        description = lib.mdDoc ''

     

       
178
       
178
       
-
       
          Enable to add the port to callback URLs.

     

       
179
       
179
       
-
       
          This only applies when {option}`domain` is set

     

       
180
       
180
       
-
       
          and only for ports other than 80 and 443.

     

       
181
       
181
       
-
       
        '';

     

       
182
       
182
       
-
       
      };

     

       
183
       
183
       
-
       
      useCDN = mkOption {

     

       
184
       
184
       
-
       
        type = types.bool;

     

       
185
       
185
       
-
       
        default = false;

     

       
186
       
186
       
-
       
        description = lib.mdDoc ''

     

       
187
       
187
       
-
       
          Whether to use CDN resources or not.

     

       
188
       
188
       
-
       
        '';

     

       
189
       
189
       
-
       
      };

     

       
190
       
190
       
-
       
      allowAnonymous = mkOption {

     

       
191
       
191
       
-
       
        type = types.bool;

     

       
192
       
192
       
-
       
        default = true;

     

       
193
       
193
       
-
       
        description = lib.mdDoc ''

     

       
194
       
194
       
-
       
          Whether to allow anonymous usage.

     

       
195
       
195
       
-
       
        '';

     

       
196
       
196
       
-
       
      };

     

       
197
       
197
       
-
       
      allowAnonymousEdits = mkOption {

     

       
198
       
198
       
-
       
        type = types.bool;

     

       
199
       
199
       
-
       
        default = false;

     

       
200
       
200
       
-
       
        description = lib.mdDoc ''

     

       
201
       
201
       
-
       
          Whether to allow guests to edit existing notes with the `freely` permission,

     

       
202
       
202
       
-
       
          when {option}`allowAnonymous` is enabled.

     

       
203
       
203
       
-
       
        '';

     

       
204
       
204
       
-
       
      };

     

       
205
       
205
       
-
       
      allowFreeURL = mkOption {

     

       
206
       
206
       
-
       
        type = types.bool;

     

       
207
       
207
       
-
       
        default = false;

     

       
208
       
208
       
-
       
        description = lib.mdDoc ''

     

       
209
       
209
       
-
       
          Whether to allow note creation by accessing a nonexistent note URL.

     

       
210
       
210
       
-
       
        '';

     

       
211
       
211
       
-
       
      };

     

       
212
       
212
       
-
       
      requireFreeURLAuthentication = mkOption {

     

       
213
       
213
       
-
       
        type = types.bool;

     

       
214
       
214
       
-
       
        default = false;

     

       
215
       
215
       
-
       
        description = lib.mdDoc ''

     

       
216
       
216
       
-
       
          Whether to require authentication for FreeURL mode style note creation.

     

       
217
       
217
       
-
       
        '';

     

       
218
       
218
       
-
       
      };

     

       
219
       
219
       
-
       
      defaultPermission = mkOption {

     

       
220
       
220
       
-
       
        type = types.enum [ "freely" "editable" "limited" "locked" "private" ];

     

       
221
       
221
       
-
       
        default = "editable";

     

       
222
       
222
       
-
       
        description = lib.mdDoc ''

     

       
223
       
223
       
-
       
          Default permissions for notes.

     

       
224
       
224
       
-
       
          This only applies for signed-in users.

     

       
225
       
225
       
-
       
        '';

     

       
226
       
226
       
-
       
      };

     

       
227
       
227
       
-
       
      dbURL = mkOption {

     

       
228
       
228
       
-
       
        type = types.nullOr types.str;

     

       
229
       
229
       
-
       
        default = null;

     

       
230
       
230
       
-
       
        example = ''

     

       
231
       
231
       
-
       
          postgres://user:pass@host:5432/dbname

     

       
232
       
232
       
-
       
        '';

     

       
233
       
233
       
-
       
        description = lib.mdDoc ''

     

       
234
       
234
       
-
       
          Specify which database to use.

     

       
235
       
235
       
-
       
          HedgeDoc supports mysql, postgres, sqlite and mssql.

     

       
236
       
236
       
-
       
          See [

     

       
237
       
237
       
-
       
          https://sequelize.readthedocs.io/en/v3/](https://sequelize.readthedocs.io/en/v3/) for more information.

     

       
238
       
238
       
-
       
          Note: This option overrides {option}`db`.

     

       
239
       
239
       
-
       
        '';

     

       
240
       
240
       
-
       
      };

     

       
241
       
241
       
-
       
      db = mkOption {

     

       
242
       
242
       
-
       
        type = types.attrs;

     

       
243
       
243
       
-
       
        default = {};

     

       
244
       
244
       
-
       
        example = literalExpression ''

     

       
245
       
245
       
-
       
          {

     

       
246
       
246
       
-
       
            dialect = "sqlite";

     

       
247
       
247
       
-
       
            storage = "/var/lib/${name}/db.${name}.sqlite";

     

       
248
       
248
       
-
       
          }

     

       
249
       
249
       
-
       
        '';

     

       
250
       
250
       
-
       
        description = lib.mdDoc ''

     

       
251
       
251
       
-
       
          Specify the configuration for sequelize.

     

       
252
       
252
       
-
       
          HedgeDoc supports mysql, postgres, sqlite and mssql.

     

       
253
       
253
       
-
       
          See [

     

       
254
       
254
       
-
       
          https://sequelize.readthedocs.io/en/v3/](https://sequelize.readthedocs.io/en/v3/) for more information.

     

       
255
       
255
       
-
       
          Note: This option overrides {option}`db`.

     

       
256
       
256
       
-
       
        '';

     

       
257
       
257
       
-
       
      };

     

       
258
       
258
       
-
       
      sslKeyPath= mkOption {

     

       
259
       
259
       
-
       
        type = types.nullOr types.str;

     

       
260
       
260
       
-
       
        default = null;

     

       
261
       
261
       
-
       
        example = "/var/lib/hedgedoc/hedgedoc.key";

     

       
262
       
262
       
-
       
        description = lib.mdDoc ''

     

       
263
       
263
       
-
       
          Path to the SSL key. Needed when {option}`useSSL` is enabled.

     

       
264
       
264
       
-
       
        '';

     

       
265
       
265
       
-
       
      };

     

       
266
       
266
       
-
       
      sslCertPath = mkOption {

     

       
267
       
267
       
-
       
        type = types.nullOr types.str;

     

       
268
       
268
       
-
       
        default = null;

     

       
269
       
269
       
-
       
        example = "/var/lib/hedgedoc/hedgedoc.crt";

     

       
270
       
270
       
-
       
        description = lib.mdDoc ''

     

       
271
       
271
       
-
       
          Path to the SSL cert. Needed when {option}`useSSL` is enabled.

     

       
272
       
272
       
-
       
        '';

     

       
273
       
273
       
-
       
      };

     

       
274
       
274
       
-
       
      sslCAPath = mkOption {

     

       
275
       
275
       
-
       
        type = types.listOf types.str;

     

       
276
       
276
       
-
       
        default = [];

     

       
277
       
277
       
-
       
        example = [ "/var/lib/hedgedoc/ca.crt" ];

     

       
278
       
278
       
-
       
        description = lib.mdDoc ''

     

       
279
       
279
       
-
       
          SSL ca chain. Needed when {option}`useSSL` is enabled.

     

       
280
       
280
       
-
       
        '';

     

       
281
       
281
       
-
       
      };

     

       
282
       
282
       
-
       
      dhParamPath = mkOption {

     

       
283
       
283
       
-
       
        type = types.nullOr types.str;

     

       
284
       
284
       
-
       
        default = null;

     

       
285
       
285
       
-
       
        example = "/var/lib/hedgedoc/dhparam.pem";

     

       
286
       
286
       
-
       
        description = lib.mdDoc ''

     

       
287
       
287
       
-
       
          Path to the SSL dh params. Needed when {option}`useSSL` is enabled.

     

       
288
       
288
       
-
       
        '';

     

       
289
       
289
       
-
       
      };

     

       
290
       
290
       
-
       
      tmpPath = mkOption {

     

       
291
       
291
       
-
       
        type = types.str;

     

       
292
       
292
       
-
       
        default = "/tmp";

     

       
293
       
293
       
-
       
        description = lib.mdDoc ''

     

       
294
       
294
       
-
       
          Path to the temp directory HedgeDoc should use.

     

       
295
       
295
       
-
       
          Note that {option}`serviceConfig.PrivateTmp` is enabled for

     

       
296
       
296
       
-
       
          the HedgeDoc systemd service by default.

     

       
297
       
297
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
298
       
298
       
-
       
        '';

     

       
299
       
299
       
-
       
      };

     

       
300
       
300
       
-
       
      defaultNotePath = mkOption {

     

       
301
       
301
       
-
       
        type = types.nullOr types.str;

     

       
302
       
302
       
-
       
        default = "${cfg.package}/public/default.md";

     

       
303
       
303
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/default.md\"";

     

       
304
       
304
       
-
       
        description = lib.mdDoc ''

     

       
305
       
305
       
-
       
          Path to the default Note file.

     

       
306
       
306
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
307
       
307
       
-
       
        '';

     

       
308
       
308
       
-
       
      };

     

       
309
       
309
       
-
       
      docsPath = mkOption {

     

       
310
       
310
       
-
       
        type = types.nullOr types.str;

     

       
311
       
311
       
-
       
        default = "${cfg.package}/public/docs";

     

       
312
       
312
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/docs\"";

     

       
313
       
313
       
-
       
        description = lib.mdDoc ''

     

       
314
       
314
       
-
       
          Path to the docs directory.

     

       
315
       
315
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
316
       
316
       
-
       
        '';

     

       
317
       
317
       
-
       
      };

     

       
318
       
318
       
-
       
      indexPath = mkOption {

     

       
319
       
319
       
-
       
        type = types.nullOr types.str;

     

       
320
       
320
       
-
       
        default = "${cfg.package}/public/views/index.ejs";

     

       
321
       
321
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/views/index.ejs\"";

     

       
322
       
322
       
-
       
        description = lib.mdDoc ''

     

       
323
       
323
       
-
       
          Path to the index template file.

     

       
324
       
324
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
325
       
325
       
-
       
        '';

     

       
326
       
326
       
-
       
      };

     

       
327
       
327
       
-
       
      hackmdPath = mkOption {

     

       
328
       
328
       
-
       
        type = types.nullOr types.str;

     

       
329
       
329
       
-
       
        default = "${cfg.package}/public/views/hackmd.ejs";

     

       
330
       
330
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/views/hackmd.ejs\"";

     

       
331
       
331
       
-
       
        description = lib.mdDoc ''

     

       
332
       
332
       
-
       
          Path to the hackmd template file.

     

       
333
       
333
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
334
       
334
       
-
       
        '';

     

       
335
       
335
       
-
       
      };

     

       
336
       
336
       
-
       
      errorPath = mkOption {

     

       
337
       
337
       
-
       
        type = types.nullOr types.str;

     

       
338
       
338
       
-
       
        default = "${cfg.package}/public/views/error.ejs";

     

       
339
       
339
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/views/error.ejs\"";

     

       
340
       
340
       
-
       
        description = lib.mdDoc ''

     

       
341
       
341
       
-
       
          Path to the error template file.

     

       
342
       
342
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
343
       
343
       
-
       
        '';

     

       
344
       
344
       
-
       
      };

     

       
345
       
345
       
-
       
      prettyPath = mkOption {

     

       
346
       
346
       
-
       
        type = types.nullOr types.str;

     

       
347
       
347
       
-
       
        default = "${cfg.package}/public/views/pretty.ejs";

     

       
348
       
348
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/views/pretty.ejs\"";

     

       
349
       
349
       
-
       
        description = lib.mdDoc ''

     

       
350
       
350
       
-
       
          Path to the pretty template file.

     

       
351
       
351
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
352
       
352
       
-
       
        '';

     

       
353
       
353
       
-
       
      };

     

       
354
       
354
       
-
       
      slidePath = mkOption {

     

       
355
       
355
       
-
       
        type = types.nullOr types.str;

     

       
356
       
356
       
-
       
        default = "${cfg.package}/public/views/slide.hbs";

     

       
357
       
357
       
-
       
        defaultText = literalExpression "\"\${cfg.package}/public/views/slide.hbs\"";

     

       
358
       
358
       
-
       
        description = lib.mdDoc ''

     

       
359
       
359
       
-
       
          Path to the slide template file.

     

       
360
       
360
       
-
       
          (Non-canonical paths are relative to HedgeDoc's base directory)

     

       
361
       
361
       
-
       
        '';

     

       
362
       
362
       
-
       
      };

     

       
363
       
363
       
-
       
      uploadsPath = mkOption {

     

       
364
       
364
       
-
       
        type = types.str;

     

       
365
       
365
       
-
       
        default = "${cfg.workDir}/uploads";

     

       
366
       
366
       
-
       
        defaultText = literalExpression "\"\${cfg.workDir}/uploads\"";

     

       
367
       
367
       
-
       
        description = lib.mdDoc ''

     

       
368
       
368
       
-
       
          Path under which uploaded files are saved.

     

       
369
       
369
       
-
       
        '';

     

       
370
       
370
       
-
       
      };

     

       
371
       
371
       
-
       
      sessionName = mkOption {

     

       
372
       
372
       
-
       
        type = types.str;

     

       
373
       
373
       
-
       
        default = "connect.sid";

     

       
374
       
374
       
-
       
        description = lib.mdDoc ''

     

       
375
       
375
       
-
       
          Specify the name of the session cookie.

     

       
376
       
376
       
-
       
        '';

     

       
377
       
377
       
-
       
      };

     

       
378
       
378
       
-
       
      sessionSecret = mkOption {

     

       
379
       
379
       
-
       
        type = types.nullOr types.str;

     

       
380
       
380
       
-
       
        default = null;

     

       
381
       
381
       
-
       
        description = lib.mdDoc ''

     

       
382
       
382
       
-
       
          Specify the secret used to sign the session cookie.

     

       
383
       
383
       
-
       
          If unset, one will be generated on startup.

     

       
384
       
384
       
-
       
        '';

     

       
385
       
385
       
-
       
      };

     

       
386
       
386
       
-
       
      sessionLife = mkOption {

     

       
387
       
387
       
-
       
        type = types.int;

     

       
388
       
388
       
-
       
        default = 1209600000;

     

       
389
       
389
       
-
       
        description = lib.mdDoc ''

     

       
390
       
390
       
-
       
          Session life time in milliseconds.

     

       
391
       
391
       
-
       
        '';

     

       
392
       
392
       
-
       
      };

     

       
393
       
393
       
-
       
      heartbeatInterval = mkOption {

     

       
394
       
394
       
-
       
        type = types.int;

     

       
395
       
395
       
-
       
        default = 5000;

     

       
396
       
396
       
-
       
        description = lib.mdDoc ''

     

       
397
       
397
       
-
       
          Specify the socket.io heartbeat interval.

     

       
398
       
398
       
-
       
        '';

     

       
399
       
399
       
-
       
      };

     

       
400
       
400
       
-
       
      heartbeatTimeout = mkOption {

     

       
401
       
401
       
-
       
        type = types.int;

     

       
402
       
402
       
-
       
        default = 10000;

     

       
403
       
403
       
-
       
        description = lib.mdDoc ''

     

       
404
       
404
       
-
       
          Specify the socket.io heartbeat timeout.

     

       
405
       
405
       
-
       
        '';

     

       
406
       
406
       
-
       
      };

     

       
407
       
407
       
-
       
      documentMaxLength = mkOption {

     

       
408
       
408
       
-
       
        type = types.int;

     

       
409
       
409
       
-
       
        default = 100000;

     

       
410
       
410
       
-
       
        description = lib.mdDoc ''

     

       
411
       
411
       
-
       
          Specify the maximum document length.

     

       
412
       
412
       
-
       
        '';

     

       
413
       
413
       
-
       
      };

     

       
414
       
414
       
-
       
      email = mkOption {

     

       
415
       
415
       
-
       
        type = types.bool;

     

       
416
       
416
       
-
       
        default = true;

     

       
417
       
417
       
-
       
        description = lib.mdDoc ''

     

       
418
       
418
       
-
       
          Whether to enable email sign-in.

     

       
419
       
419
       
-
       
        '';

     

       
420
       
420
       
-
       
      };

     

       
421
       
421
       
-
       
      allowEmailRegister = mkOption {

     

       
422
       
422
       
-
       
        type = types.bool;

     

       
423
       
423
       
-
       
        default = true;

     

       
424
       
424
       
-
       
        description = lib.mdDoc ''

     

       
425
       
425
       
-
       
          Whether to enable email registration.

     

       
426
       
426
       
-
       
        '';

     

       
427
       
427
       
-
       
      };

     

       
428
       
428
       
-
       
      allowGravatar = mkOption {

     

       
429
       
429
       
-
       
        type = types.bool;

     

       
430
       
430
       
-
       
        default = true;

     

       
431
       
431
       
-
       
        description = lib.mdDoc ''

     

       
432
       
432
       
-
       
          Whether to use gravatar as profile picture source.

     

       
433
       
433
       
-
       
        '';

     

       
434
       
434
       
-
       
      };

     

       
435
       
435
       
-
       
      imageUploadType = mkOption {

     

       
436
       
436
       
-
       
        type = types.enum [ "imgur" "s3" "minio" "filesystem" ];

     

       
437
       
437
       
-
       
        default = "filesystem";

     

       
438
       
438
       
-
       
        description = lib.mdDoc ''

     

       
439
       
439
       
-
       
          Specify where to upload images.

     

       
440
       
440
       
-
       
        '';

     

       
441
       
441
       
-
       
      };

     

       
442
       
442
       
-
       
      minio = mkOption {

     

       
443
       
443
       
-
       
        type = types.nullOr (types.submodule {

     

       
444
       
444
       
-
       
          options = {

     

       
445
       
445
       
-
       
            accessKey = mkOption {

     

       
446
       
446
       
-
       
              type = types.str;

     

       
447
       
447
       
-
       
              description = lib.mdDoc ''

     

       
448
       
448
       
-
       
                Minio access key.

     

       
449
       
449
       
-
       
              '';

     

       
450
       
450
       
-
       
            };

     

       
451
       
451
       
-
       
            secretKey = mkOption {

     

       
452
       
452
       
-
       
              type = types.str;

     

       
453
       
453
       
-
       
              description = lib.mdDoc ''

     

       
454
       
454
       
-
       
                Minio secret key.

     

       
455
       
455
       
-
       
              '';

     

       
456
       
456
       
-
       
            };

     

       
457
       
457
       
-
       
            endPoint = mkOption {

     

       
458
       
458
       
-
       
              type = types.str;

     

       
459
       
459
       
-
       
              description = lib.mdDoc ''

     

       
460
       
460
       
-
       
                Minio endpoint.

     

       
461
       
461
       
-
       
              '';

     

       
462
       
462
       
-
       
            };

     

       
463
       
463
       
-
       
            port = mkOption {

     

       
464
       
464
       
-
       
              type = types.port;

     

       
465
       
465
       
-
       
              default = 9000;

     

       
466
       
466
       
-
       
              description = lib.mdDoc ''

     

       
467
       
467
       
-
       
                Minio listen port.

     

       
468
       
468
       
-
       
              '';

     

       
469
       
469
       
-
       
            };

     

       
470
       
470
       
-
       
            secure = mkOption {

     

       
471
       
471
       
-
       
              type = types.bool;

     

       
472
       
472
       
-
       
              default = true;

     

       
473
       
473
       
-
       
              description = lib.mdDoc ''

     

       
474
       
474
       
-
       
                Whether to use HTTPS for Minio.

     

       
475
       
475
       
-
       
              '';

     

       
476
       
476
       
-
       
            };

     

       
50
       
50
       
+
       
              This is useful if you are trying to run hedgedoc behind

     

       
51
       
51
       
+
       
              a reverse proxy.

     

       
52
       
52
       
+
       
            '';

     

       
477
       
53
       
 
       
          };

     

       
478
       
478
       
-
       
        });

     

       
479
       
479
       
-
       
        default = null;

     

       
480
       
480
       
-
       
        description = lib.mdDoc "Configure the minio third-party integration.";

     

       
481
       
481
       
-
       
      };

     

       
482
       
482
       
-
       
      s3 = mkOption {

     

       
483
       
483
       
-
       
        type = types.nullOr (types.submodule {

     

       
484
       
484
       
-
       
          options = {

     

       
485
       
485
       
-
       
            accessKeyId = mkOption {

     

       
486
       
486
       
-
       
              type = types.str;

     

       
487
       
487
       
-
       
              description = lib.mdDoc ''

     

       
488
       
488
       
-
       
                AWS access key id.

     

       
489
       
489
       
-
       
              '';

     

       
490
       
490
       
-
       
            };

     

       
491
       
491
       
-
       
            secretAccessKey = mkOption {

     

       
492
       
492
       
-
       
              type = types.str;

     

       
493
       
493
       
-
       
              description = lib.mdDoc ''

     

       
494
       
494
       
-
       
                AWS access key.

     

       
495
       
495
       
-
       
              '';

     

       
496
       
496
       
-
       
            };

     

       
497
       
497
       
-
       
            region = mkOption {

     

       
498
       
498
       
-
       
              type = types.str;

     

       
499
       
499
       
-
       
              description = lib.mdDoc ''

     

       
500
       
500
       
-
       
                AWS S3 region.

     

       
501
       
501
       
-
       
              '';

     

       
502
       
502
       
-
       
            };

     

       
503
       
503
       
-
       
          };

     

       
504
       
504
       
-
       
        });

     

       
505
       
505
       
-
       
        default = null;

     

       
506
       
506
       
-
       
        description = lib.mdDoc "Configure the s3 third-party integration.";

     

       
507
       
507
       
-
       
      };

     

       
508
       
508
       
-
       
      s3bucket = mkOption {

     

       
509
       
509
       
-
       
        type = types.nullOr types.str;

     

       
510
       
510
       
-
       
        default = null;

     

       
511
       
511
       
-
       
        description = lib.mdDoc ''

     

       
512
       
512
       
-
       
          Specify the bucket name for upload types `s3` and `minio`.

     

       
513
       
513
       
-
       
        '';

     

       
514
       
514
       
-
       
      };

     

       
515
       
515
       
-
       
      allowPDFExport = mkOption {

     

       
516
       
516
       
-
       
        type = types.bool;

     

       
517
       
517
       
-
       
        default = true;

     

       
518
       
518
       
-
       
        description = lib.mdDoc ''

     

       
519
       
519
       
-
       
          Whether to enable PDF exports.

     

       
520
       
520
       
-
       
        '';

     

       
521
       
521
       
-
       
      };

     

       
522
       
522
       
-
       
      imgur.clientId = mkOption {

     

       
523
       
523
       
-
       
        type = types.nullOr types.str;

     

       
524
       
524
       
-
       
        default = null;

     

       
525
       
525
       
-
       
        description = lib.mdDoc ''

     

       
526
       
526
       
-
       
          Imgur API client ID.

     

       
527
       
527
       
-
       
        '';

     

       
528
       
528
       
-
       
      };

     

       
529
       
529
       
-
       
      azure = mkOption {

     

       
530
       
530
       
-
       
        type = types.nullOr (types.submodule {

     

       
531
       
531
       
-
       
          options = {

     

       
532
       
532
       
-
       
            connectionString = mkOption {

     

       
533
       
533
       
-
       
              type = types.str;

     

       
534
       
534
       
-
       
              description = lib.mdDoc ''

     

       
535
       
535
       
-
       
                Azure Blob Storage connection string.

     

       
536
       
536
       
-
       
              '';

     

       
537
       
537
       
-
       
            };

     

       
538
       
538
       
-
       
            container = mkOption {

     

       
539
       
539
       
-
       
              type = types.str;

     

       
540
       
540
       
-
       
              description = lib.mdDoc ''

     

       
541
       
541
       
-
       
                Azure Blob Storage container name.

     

       
542
       
542
       
-
       
                It will be created if non-existent.

     

       
543
       
543
       
-
       
              '';

     

       
544
       
544
       
-
       
            };

     

       
545
       
545
       
-
       
          };

     

       
546
       
546
       
-
       
        });

     

       
547
       
547
       
-
       
        default = null;

     

       
548
       
548
       
-
       
        description = lib.mdDoc "Configure the azure third-party integration.";

     

       
549
       
549
       
-
       
      };

     

       
550
       
550
       
-
       
      oauth2 = mkOption {

     

       
551
       
551
       
-
       
        type = types.nullOr (types.submodule {

     

       
552
       
552
       
-
       
          options = {

     

       
553
       
553
       
-
       
            authorizationURL = mkOption {

     

       
554
       
554
       
-
       
              type = types.str;

     

       
555
       
555
       
-
       
              description = lib.mdDoc ''

     

       
556
       
556
       
-
       
                Specify the OAuth authorization URL.

     

       
557
       
557
       
-
       
              '';

     

       
558
       
558
       
-
       
            };

     

       
559
       
559
       
-
       
            tokenURL = mkOption {

     

       
560
       
560
       
-
       
              type = types.str;

     

       
561
       
561
       
-
       
              description = lib.mdDoc ''

     

       
562
       
562
       
-
       
                Specify the OAuth token URL.

     

       
563
       
563
       
-
       
              '';

     

       
564
       
564
       
-
       
            };

     

       
565
       
565
       
-
       
            baseURL = mkOption {

     

       
566
       
566
       
-
       
              type = with types; nullOr str;

     

       
567
       
567
       
-
       
              default = null;

     

       
568
       
568
       
-
       
              description = lib.mdDoc ''

     

       
569
       
569
       
-
       
                Specify the OAuth base URL.

     

       
570
       
570
       
-
       
              '';

     

       
571
       
571
       
-
       
            };

     

       
572
       
572
       
-
       
            userProfileURL = mkOption {

     

       
573
       
573
       
-
       
              type = with types; nullOr str;

     

       
574
       
574
       
-
       
              default = null;

     

       
575
       
575
       
-
       
              description = lib.mdDoc ''

     

       
576
       
576
       
-
       
                Specify the OAuth userprofile URL.

     

       
577
       
577
       
-
       
              '';

     

       
578
       
578
       
-
       
            };

     

       
579
       
579
       
-
       
            userProfileUsernameAttr = mkOption {

     

       
580
       
580
       
-
       
              type = with types; nullOr str;

     

       
581
       
581
       
-
       
              default = null;

     

       
582
       
582
       
-
       
              description = lib.mdDoc ''

     

       
583
       
583
       
-
       
                Specify the name of the attribute for the username from the claim.

     

       
584
       
584
       
-
       
              '';

     

       
585
       
585
       
-
       
            };

     

       
586
       
586
       
-
       
            userProfileDisplayNameAttr = mkOption {

     

       
587
       
587
       
-
       
              type = with types; nullOr str;

     

       
588
       
588
       
-
       
              default = null;

     

       
589
       
589
       
-
       
              description = lib.mdDoc ''

     

       
590
       
590
       
-
       
                Specify the name of the attribute for the display name from the claim.

     

       
591
       
591
       
-
       
              '';

     

       
592
       
592
       
-
       
            };

     

       
593
       
593
       
-
       
            userProfileEmailAttr = mkOption {

     

       
594
       
594
       
-
       
              type = with types; nullOr str;

     

       
595
       
595
       
-
       
              default = null;

     

       
596
       
596
       
-
       
              description = lib.mdDoc ''

     

       
597
       
597
       
-
       
                Specify the name of the attribute for the email from the claim.

     

       
598
       
598
       
-
       
              '';

     

       
599
       
599
       
-
       
            };

     

       
600
       
600
       
-
       
            scope = mkOption {

     

       
601
       
601
       
-
       
              type = with types; nullOr str;

     

       
602
       
602
       
-
       
              default = null;

     

       
603
       
603
       
-
       
              description = lib.mdDoc ''

     

       
604
       
604
       
-
       
                Specify the OAuth scope.

     

       
605
       
605
       
-
       
              '';

     

       
606
       
606
       
-
       
            };

     

       
607
       
607
       
-
       
            providerName = mkOption {

     

       
608
       
608
       
-
       
              type = with types; nullOr str;

     

       
609
       
609
       
-
       
              default = null;

     

       
610
       
610
       
-
       
              description = lib.mdDoc ''

     

       
611
       
611
       
-
       
                Specify the name to be displayed for this strategy.

     

       
612
       
612
       
-
       
              '';

     

       
613
       
613
       
-
       
            };

     

       
614
       
614
       
-
       
            rolesClaim = mkOption {

     

       
615
       
615
       
-
       
              type = with types; nullOr str;

     

       
616
       
616
       
-
       
              default = null;

     

       
617
       
617
       
-
       
              description = lib.mdDoc ''

     

       
618
       
618
       
-
       
                Specify the role claim name.

     

       
619
       
619
       
-
       
              '';

     

       
620
       
620
       
-
       
            };

     

       
621
       
621
       
-
       
            accessRole = mkOption {

     

       
622
       
622
       
-
       
              type = with types; nullOr str;

     

       
623
       
623
       
-
       
              default = null;

     

       
624
       
624
       
-
       
              description = lib.mdDoc ''

     

       
625
       
625
       
-
       
                Specify role which should be included in the ID token roles claim to grant access

     

       
626
       
626
       
-
       
              '';

     

       
627
       
627
       
-
       
            };

     

       
628
       
628
       
-
       
            clientID = mkOption {

     

       
629
       
629
       
-
       
              type = types.str;

     

       
630
       
630
       
-
       
              description = lib.mdDoc ''

     

       
631
       
631
       
-
       
                Specify the OAuth client ID.

     

       
632
       
632
       
-
       
              '';

     

       
633
       
633
       
-
       
            };

     

       
634
       
634
       
-
       
            clientSecret = mkOption {

     

       
635
       
635
       
-
       
              type = with types; nullOr str;

     

       
636
       
636
       
-
       
              default = null;

     

       
637
       
637
       
-
       
              description = lib.mdDoc ''

     

       
638
       
638
       
-
       
                Specify the OAuth client secret.

     

       
639
       
639
       
-
       
              '';

     

       
640
       
640
       
-
       
            };

     

       
54
       
54
       
+
       
          urlPath = mkOption {

     

       
55
       
55
       
+
       
            type = with types; nullOr str;

     

       
56
       
56
       
+
       
            default = null;

     

       
57
       
57
       
+
       
            example = "hedgedoc";

     

       
58
       
58
       
+
       
            description = mdDoc ''

     

       
59
       
59
       
+
       
              URL path for the website.

     

       
60
       
60
       
+
       


     

       
61
       
61
       
+
       
              This is useful if you are hosting hedgedoc on a path like

     

       
62
       
62
       
+
       
              `www.example.com/hedgedoc`

     

       
63
       
63
       
+
       
            '';

     

       
641
       
64
       
 
       
          };

     

       
642
       
642
       
-
       
        });

     

       
643
       
643
       
-
       
        default = null;

     

       
644
       
644
       
-
       
        description = lib.mdDoc "Configure the OAuth integration.";

     

       
645
       
645
       
-
       
      };

     

       
646
       
646
       
-
       
      facebook = mkOption {

     

       
647
       
647
       
-
       
        type = types.nullOr (types.submodule {

     

       
648
       
648
       
-
       
          options = {

     

       
649
       
649
       
-
       
            clientID = mkOption {

     

       
650
       
650
       
-
       
              type = types.str;

     

       
651
       
651
       
-
       
              description = lib.mdDoc ''

     

       
652
       
652
       
-
       
                Facebook API client ID.

     

       
653
       
653
       
-
       
              '';

     

       
654
       
654
       
-
       
            };

     

       
655
       
655
       
-
       
            clientSecret = mkOption {

     

       
656
       
656
       
-
       
              type = types.str;

     

       
657
       
657
       
-
       
              description = lib.mdDoc ''

     

       
658
       
658
       
-
       
                Facebook API client secret.

     

       
659
       
659
       
-
       
              '';

     

       
660
       
660
       
-
       
            };

     

       
65
       
65
       
+
       
          host = mkOption {

     

       
66
       
66
       
+
       
            type = with types; nullOr str;

     

       
67
       
67
       
+
       
            default = "localhost";

     

       
68
       
68
       
+
       
            description = mdDoc ''

     

       
69
       
69
       
+
       
              Address to listen on.

     

       
70
       
70
       
+
       
            '';

     

       
661
       
71
       
 
       
          };

     

       
662
       
662
       
-
       
        });

     

       
663
       
663
       
-
       
        default = null;

     

       
664
       
664
       
-
       
        description = lib.mdDoc "Configure the facebook third-party integration";

     

       
665
       
665
       
-
       
      };

     

       
666
       
666
       
-
       
      twitter = mkOption {

     

       
667
       
667
       
-
       
        type = types.nullOr (types.submodule {

     

       
668
       
668
       
-
       
          options = {

     

       
669
       
669
       
-
       
            consumerKey = mkOption {

     

       
670
       
670
       
-
       
              type = types.str;

     

       
671
       
671
       
-
       
              description = lib.mdDoc ''

     

       
672
       
672
       
-
       
                Twitter API consumer key.

     

       
673
       
673
       
-
       
              '';

     

       
674
       
674
       
-
       
            };

     

       
675
       
675
       
-
       
            consumerSecret = mkOption {

     

       
676
       
676
       
-
       
              type = types.str;

     

       
677
       
677
       
-
       
              description = lib.mdDoc ''

     

       
678
       
678
       
-
       
                Twitter API consumer secret.

     

       
679
       
679
       
-
       
              '';

     

       
680
       
680
       
-
       
            };

     

       
72
       
72
       
+
       
          port = mkOption {

     

       
73
       
73
       
+
       
            type = types.port;

     

       
74
       
74
       
+
       
            default = 3000;

     

       
75
       
75
       
+
       
            example = 80;

     

       
76
       
76
       
+
       
            description = mdDoc ''

     

       
77
       
77
       
+
       
              Port to listen on.

     

       
78
       
78
       
+
       
            '';

     

       
681
       
79
       
 
       
          };

     

       
682
       
682
       
-
       
        });

     

       
683
       
683
       
-
       
        default = null;

     

       
684
       
684
       
-
       
        description = lib.mdDoc "Configure the Twitter third-party integration.";

     

       
685
       
685
       
-
       
      };

     

       
686
       
686
       
-
       
      github = mkOption {

     

       
687
       
687
       
-
       
        type = types.nullOr (types.submodule {

     

       
688
       
688
       
-
       
          options = {

     

       
689
       
689
       
-
       
            clientID = mkOption {

     

       
690
       
690
       
-
       
              type = types.str;

     

       
691
       
691
       
-
       
              description = lib.mdDoc ''

     

       
692
       
692
       
-
       
                GitHub API client ID.

     

       
693
       
693
       
-
       
              '';

     

       
694
       
694
       
-
       
            };

     

       
695
       
695
       
-
       
            clientSecret = mkOption {

     

       
696
       
696
       
-
       
              type = types.str;

     

       
697
       
697
       
-
       
              description = lib.mdDoc ''

     

       
698
       
698
       
-
       
                Github API client secret.

     

       
699
       
699
       
-
       
              '';

     

       
700
       
700
       
-
       
            };

     

       
80
       
80
       
+
       
          path = mkOption {

     

       
81
       
81
       
+
       
            type = with types; nullOr path;

     

       
82
       
82
       
+
       
            default = null;

     

       
83
       
83
       
+
       
            example = "/run/hedgedoc/hedgedoc.sock";

     

       
84
       
84
       
+
       
            description = mdDoc ''

     

       
85
       
85
       
+
       
              Path to UNIX domain socket to listen on

     

       
86
       
86
       
+
       


     

       
87
       
87
       
+
       
              ::: {.note}

     

       
88
       
88
       
+
       
                If specified, {option}`host` and {option}`port` will be ignored.

     

       
89
       
89
       
+
       
              :::

     

       
90
       
90
       
+
       
            '';

     

       
701
       
91
       
 
       
          };

     

       
702
       
702
       
-
       
        });

     

       
703
       
703
       
-
       
        default = null;

     

       
704
       
704
       
-
       
        description = lib.mdDoc "Configure the GitHub third-party integration.";

     

       
705
       
705
       
-
       
      };

     

       
706
       
706
       
-
       
      gitlab = mkOption {

     

       
707
       
707
       
-
       
        type = types.nullOr (types.submodule {

     

       
708
       
708
       
-
       
          options = {

     

       
709
       
709
       
-
       
            baseURL = mkOption {

     

       
710
       
710
       
-
       
              type = types.str;

     

       
711
       
711
       
-
       
              default = "";

     

       
712
       
712
       
-
       
              description = lib.mdDoc ''

     

       
713
       
713
       
-
       
                GitLab API authentication endpoint.

     

       
714
       
714
       
-
       
                Only needed for other endpoints than gitlab.com.

     

       
715
       
715
       
-
       
              '';

     

       
716
       
716
       
-
       
            };

     

       
717
       
717
       
-
       
            clientID = mkOption {

     

       
718
       
718
       
-
       
              type = types.str;

     

       
719
       
719
       
-
       
              description = lib.mdDoc ''

     

       
720
       
720
       
-
       
                GitLab API client ID.

     

       
721
       
721
       
-
       
              '';

     

       
722
       
722
       
-
       
            };

     

       
723
       
723
       
-
       
            clientSecret = mkOption {

     

       
724
       
724
       
-
       
              type = types.str;

     

       
725
       
725
       
-
       
              description = lib.mdDoc ''

     

       
726
       
726
       
-
       
                GitLab API client secret.

     

       
727
       
727
       
-
       
              '';

     

       
728
       
728
       
-
       
            };

     

       
729
       
729
       
-
       
            scope = mkOption {

     

       
730
       
730
       
-
       
              type = types.enum [ "api" "read_user" ];

     

       
731
       
731
       
-
       
              default = "api";

     

       
732
       
732
       
-
       
              description = lib.mdDoc ''

     

       
733
       
733
       
-
       
                GitLab API requested scope.

     

       
734
       
734
       
-
       
                GitLab snippet import/export requires api scope.

     

       
735
       
735
       
-
       
              '';

     

       
736
       
736
       
-
       
            };

     

       
92
       
92
       
+
       
          protocolUseSSL = mkOption {

     

       
93
       
93
       
+
       
            type = types.bool;

     

       
94
       
94
       
+
       
            default = false;

     

       
95
       
95
       
+
       
            example = true;

     

       
96
       
96
       
+
       
            description = mdDoc ''

     

       
97
       
97
       
+
       
              Use `https://` for all links.

     

       
98
       
98
       
+
       


     

       
99
       
99
       
+
       
              This is useful if you are trying to run hedgedoc behind

     

       
100
       
100
       
+
       
              a reverse proxy.

     

       
101
       
101
       
+
       


     

       
102
       
102
       
+
       
              ::: {.note}

     

       
103
       
103
       
+
       
                Only applied if {option}`domain` is set.

     

       
104
       
104
       
+
       
              :::

     

       
105
       
105
       
+
       
            '';

     

       
737
       
106
       
 
       
          };

     

       
738
       
738
       
-
       
        });

     

       
739
       
739
       
-
       
        default = null;

     

       
740
       
740
       
-
       
        description = lib.mdDoc "Configure the GitLab third-party integration.";

     

       
741
       
741
       
-
       
      };

     

       
742
       
742
       
-
       
      mattermost = mkOption {

     

       
743
       
743
       
-
       
        type = types.nullOr (types.submodule {

     

       
744
       
744
       
-
       
          options = {

     

       
745
       
745
       
-
       
            baseURL = mkOption {

     

       
746
       
746
       
-
       
              type = types.str;

     

       
747
       
747
       
-
       
              description = lib.mdDoc ''

     

       
748
       
748
       
-
       
                Mattermost authentication endpoint.

     

       
749
       
749
       
-
       
              '';

     

       
750
       
750
       
-
       
            };

     

       
751
       
751
       
-
       
            clientID = mkOption {

     

       
752
       
752
       
-
       
              type = types.str;

     

       
753
       
753
       
-
       
              description = lib.mdDoc ''

     

       
754
       
754
       
-
       
                Mattermost API client ID.

     

       
755
       
755
       
-
       
              '';

     

       
756
       
756
       
-
       
            };

     

       
757
       
757
       
-
       
            clientSecret = mkOption {

     

       
758
       
758
       
-
       
              type = types.str;

     

       
759
       
759
       
-
       
              description = lib.mdDoc ''

     

       
760
       
760
       
-
       
                Mattermost API client secret.

     

       
761
       
761
       
-
       
              '';

     

       
762
       
762
       
-
       
            };

     

       
107
       
107
       
+
       
          allowOrigin = mkOption {

     

       
108
       
108
       
+
       
            type = with types; listOf str;

     

       
109
       
109
       
+
       
            default = with cfg.settings; [ host ] ++ lib.optionals (domain != null) [ domain ];

     

       
110
       
110
       
+
       
            defaultText = literalExpression ''

     

       
111
       
111
       
+
       
              with config.services.hedgedoc.settings; [ host ] ++ lib.optionals (domain != null) [ domain ]

     

       
112
       
112
       
+
       
            '';

     

       
113
       
113
       
+
       
            example = [ "localhost" "hedgedoc.org" ];

     

       
114
       
114
       
+
       
            description = mdDoc ''

     

       
115
       
115
       
+
       
              List of domains to whitelist.

     

       
116
       
116
       
+
       
            '';

     

       
763
       
117
       
 
       
          };

     

       
764
       
764
       
-
       
        });

     

       
765
       
765
       
-
       
        default = null;

     

       
766
       
766
       
-
       
        description = lib.mdDoc "Configure the Mattermost third-party integration.";

     

       
767
       
767
       
-
       
      };

     

       
768
       
768
       
-
       
      dropbox = mkOption {

     

       
769
       
769
       
-
       
        type = types.nullOr (types.submodule {

     

       
770
       
770
       
-
       
          options = {

     

       
771
       
771
       
-
       
            clientID = mkOption {

     

       
772
       
772
       
-
       
              type = types.str;

     

       
773
       
773
       
-
       
              description = lib.mdDoc ''

     

       
774
       
774
       
-
       
                Dropbox API client ID.

     

       
775
       
775
       
-
       
              '';

     

       
118
       
118
       
+
       
          db = mkOption {

     

       
119
       
119
       
+
       
            type = types.attrs;

     

       
120
       
120
       
+
       
            default = {

     

       
121
       
121
       
+
       
              dialect = "sqlite";

     

       
122
       
122
       
+
       
              storage = "/var/lib/${name}/db.sqlite";

     

       
776
       
123
       
 
       
            };

     

       
777
       
777
       
-
       
            clientSecret = mkOption {

     

       
778
       
778
       
-
       
              type = types.str;

     

       
779
       
779
       
-
       
              description = lib.mdDoc ''

     

       
780
       
780
       
-
       
                Dropbox API client secret.

     

       
781
       
781
       
-
       
              '';

     

       
782
       
782
       
-
       
            };

     

       
783
       
783
       
-
       
            appKey = mkOption {

     

       
784
       
784
       
-
       
              type = types.str;

     

       
785
       
785
       
-
       
              description = lib.mdDoc ''

     

       
786
       
786
       
-
       
                Dropbox app key.

     

       
787
       
787
       
-
       
              '';

     

       
788
       
788
       
-
       
            };

     

       
124
       
124
       
+
       
            defaultText = literalExpression ''

     

       
125
       
125
       
+
       
              {

     

       
126
       
126
       
+
       
                dialect = "sqlite";

     

       
127
       
127
       
+
       
                storage = "/var/lib/hedgedoc/db.sqlite";

     

       
128
       
128
       
+
       
              }

     

       
129
       
129
       
+
       
            '';

     

       
130
       
130
       
+
       
            example = literalExpression ''

     

       
131
       
131
       
+
       
              db = {

     

       
132
       
132
       
+
       
                username = "hedgedoc";

     

       
133
       
133
       
+
       
                database = "hedgedoc";

     

       
134
       
134
       
+
       
                host = "localhost:5432";

     

       
135
       
135
       
+
       
                # or via socket

     

       
136
       
136
       
+
       
                # host = "/run/postgresql";

     

       
137
       
137
       
+
       
                dialect = "postgresql";

     

       
138
       
138
       
+
       
              };

     

       
139
       
139
       
+
       
            '';

     

       
140
       
140
       
+
       
            description = mdDoc ''

     

       
141
       
141
       
+
       
              Specify the configuration for sequelize.

     

       
142
       
142
       
+
       
              HedgeDoc supports `mysql`, `postgres`, `sqlite` and `mssql`.

     

       
143
       
143
       
+
       
              See <https://sequelize.readthedocs.io/en/v3/>

     

       
144
       
144
       
+
       
              for more information.

     

       
145
       
145
       
+
       


     

       
146
       
146
       
+
       
              ::: {.note}

     

       
147
       
147
       
+
       
                The relevant parts will be overriden if you set {option}`dbURL`.

     

       
148
       
148
       
+
       
              :::

     

       
149
       
149
       
+
       
            '';

     

       
789
       
150
       
 
       
          };

     

       
790
       
790
       
-
       
        });

     

       
791
       
791
       
-
       
        default = null;

     

       
792
       
792
       
-
       
        description = lib.mdDoc "Configure the Dropbox third-party integration.";

     

       
793
       
793
       
-
       
      };

     

       
794
       
794
       
-
       
      google = mkOption {

     

       
795
       
795
       
-
       
        type = types.nullOr (types.submodule {

     

       
796
       
796
       
-
       
          options = {

     

       
797
       
797
       
-
       
            clientID = mkOption {

     

       
798
       
798
       
-
       
              type = types.str;

     

       
799
       
799
       
-
       
              description = lib.mdDoc ''

     

       
800
       
800
       
-
       
                Google API client ID.

     

       
801
       
801
       
-
       
              '';

     

       
802
       
802
       
-
       
            };

     

       
803
       
803
       
-
       
            clientSecret = mkOption {

     

       
804
       
804
       
-
       
              type = types.str;

     

       
805
       
805
       
-
       
              description = lib.mdDoc ''

     

       
806
       
806
       
-
       
                Google API client secret.

     

       
807
       
807
       
-
       
              '';

     

       
808
       
808
       
-
       
            };

     

       
151
       
151
       
+
       
          useSSL = mkOption {

     

       
152
       
152
       
+
       
            type = types.bool;

     

       
153
       
153
       
+
       
            default = false;

     

       
154
       
154
       
+
       
            description = mdDoc ''

     

       
155
       
155
       
+
       
              Enable to use SSL server.

     

       
156
       
156
       
+
       


     

       
157
       
157
       
+
       
              ::: {.note}

     

       
158
       
158
       
+
       
                This will also enable {option}`protocolUseSSL`.

     

       
159
       
159
       
+
       


     

       
160
       
160
       
+
       
                It will also require you to set the following:

     

       
161
       
161
       
+
       


     

       
162
       
162
       
+
       
                - {option}`sslKeyPath`

     

       
163
       
163
       
+
       
                - {option}`sslCertPath`

     

       
164
       
164
       
+
       
                - {option}`sslCAPath`

     

       
165
       
165
       
+
       
                - {option}`dhParamPath`

     

       
166
       
166
       
+
       
              :::

     

       
167
       
167
       
+
       
            '';

     

       
809
       
168
       
 
       
          };

     

       
810
       
810
       
-
       
        });

     

       
811
       
811
       
-
       
        default = null;

     

       
812
       
812
       
-
       
        description = lib.mdDoc "Configure the Google third-party integration.";

     

       
813
       
813
       
-
       
      };

     

       
814
       
814
       
-
       
      ldap = mkOption {

     

       
815
       
815
       
-
       
        type = types.nullOr (types.submodule {

     

       
816
       
816
       
-
       
          options = {

     

       
817
       
817
       
-
       
            providerName = mkOption {

     

       
818
       
818
       
-
       
              type = types.str;

     

       
819
       
819
       
-
       
              default = "";

     

       
820
       
820
       
-
       
              description = lib.mdDoc ''

     

       
821
       
821
       
-
       
                Optional name to be displayed at login form, indicating the LDAP provider.

     

       
822
       
822
       
-
       
              '';

     

       
823
       
823
       
-
       
            };

     

       
824
       
824
       
-
       
            url = mkOption {

     

       
825
       
825
       
-
       
              type = types.str;

     

       
826
       
826
       
-
       
              example = "ldap://localhost";

     

       
827
       
827
       
-
       
              description = lib.mdDoc ''

     

       
828
       
828
       
-
       
                URL of LDAP server.

     

       
829
       
829
       
-
       
              '';

     

       
830
       
830
       
-
       
            };

     

       
831
       
831
       
-
       
            bindDn = mkOption {

     

       
832
       
832
       
-
       
              type = types.str;

     

       
833
       
833
       
-
       
              description = lib.mdDoc ''

     

       
834
       
834
       
-
       
                Bind DN for LDAP access.

     

       
835
       
835
       
-
       
              '';

     

       
836
       
836
       
-
       
            };

     

       
837
       
837
       
-
       
            bindCredentials = mkOption {

     

       
838
       
838
       
-
       
              type = types.str;

     

       
839
       
839
       
-
       
              description = lib.mdDoc ''

     

       
840
       
840
       
-
       
                Bind credentials for LDAP access.

     

       
841
       
841
       
-
       
              '';

     

       
842
       
842
       
-
       
            };

     

       
843
       
843
       
-
       
            searchBase = mkOption {

     

       
844
       
844
       
-
       
              type = types.str;

     

       
845
       
845
       
-
       
              example = "o=users,dc=example,dc=com";

     

       
846
       
846
       
-
       
              description = lib.mdDoc ''

     

       
847
       
847
       
-
       
                LDAP directory to begin search from.

     

       
848
       
848
       
-
       
              '';

     

       
849
       
849
       
-
       
            };

     

       
850
       
850
       
-
       
            searchFilter = mkOption {

     

       
851
       
851
       
-
       
              type = types.str;

     

       
852
       
852
       
-
       
              example = "(uid={{username}})";

     

       
853
       
853
       
-
       
              description = lib.mdDoc ''

     

       
854
       
854
       
-
       
                LDAP filter to search with.

     

       
855
       
855
       
-
       
              '';

     

       
856
       
856
       
-
       
            };

     

       
857
       
857
       
-
       
            searchAttributes = mkOption {

     

       
858
       
858
       
-
       
              type = types.nullOr (types.listOf types.str);

     

       
859
       
859
       
-
       
              default = null;

     

       
860
       
860
       
-
       
              example = [ "displayName" "mail" ];

     

       
861
       
861
       
-
       
              description = lib.mdDoc ''

     

       
862
       
862
       
-
       
                LDAP attributes to search with.

     

       
863
       
863
       
-
       
              '';

     

       
864
       
864
       
-
       
            };

     

       
865
       
865
       
-
       
            userNameField = mkOption {

     

       
866
       
866
       
-
       
              type = types.str;

     

       
867
       
867
       
-
       
              default = "";

     

       
868
       
868
       
-
       
              description = lib.mdDoc ''

     

       
869
       
869
       
-
       
                LDAP field which is used as the username on HedgeDoc.

     

       
870
       
870
       
-
       
                By default {option}`useridField` is used.

     

       
871
       
871
       
-
       
              '';

     

       
872
       
872
       
-
       
            };

     

       
873
       
873
       
-
       
            useridField = mkOption {

     

       
874
       
874
       
-
       
              type = types.str;

     

       
875
       
875
       
-
       
              example = "uid";

     

       
876
       
876
       
-
       
              description = lib.mdDoc ''

     

       
877
       
877
       
-
       
                LDAP field which is a unique identifier for users on HedgeDoc.

     

       
878
       
878
       
-
       
              '';

     

       
879
       
879
       
-
       
            };

     

       
880
       
880
       
-
       
            tlsca = mkOption {

     

       
881
       
881
       
-
       
              type = types.str;

     

       
882
       
882
       
-
       
              default = "/etc/ssl/certs/ca-certificates.crt";

     

       
883
       
883
       
-
       
              example = "server-cert.pem,root.pem";

     

       
884
       
884
       
-
       
              description = lib.mdDoc ''

     

       
885
       
885
       
-
       
                Root CA for LDAP TLS in PEM format.

     

       
886
       
886
       
-
       
              '';

     

       
887
       
887
       
-
       
            };

     

       
169
       
169
       
+
       
          uploadsPath = mkOption {

     

       
170
       
170
       
+
       
            type = types.path;

     

       
171
       
171
       
+
       
            default = "/var/lib/${name}/uploads";

     

       
172
       
172
       
+
       
            defaultText = "/var/lib/hedgedoc/uploads";

     

       
173
       
173
       
+
       
            description = mdDoc ''

     

       
174
       
174
       
+
       
              Directory for storing uploaded images.

     

       
175
       
175
       
+
       
            '';

     

       
888
       
176
       
 
       
          };

     

       
889
       
889
       
-
       
        });

     

       
890
       
890
       
-
       
        default = null;

     

       
891
       
891
       
-
       
        description = lib.mdDoc "Configure the LDAP integration.";

     

       
892
       
892
       
-
       
      };

     

       
893
       
893
       
-
       
      saml = mkOption {

     

       
894
       
894
       
-
       
        type = types.nullOr (types.submodule {

     

       
895
       
895
       
-
       
          options = {

     

       
896
       
896
       
-
       
            idpSsoUrl = mkOption {

     

       
897
       
897
       
-
       
              type = types.str;

     

       
898
       
898
       
-
       
              example = "https://idp.example.com/sso";

     

       
899
       
899
       
-
       
              description = lib.mdDoc ''

     

       
900
       
900
       
-
       
                IdP authentication endpoint.

     

       
901
       
901
       
-
       
              '';

     

       
902
       
902
       
-
       
            };

     

       
903
       
903
       
-
       
            idpCert = mkOption {

     

       
904
       
904
       
-
       
              type = types.path;

     

       
905
       
905
       
-
       
              example = "/path/to/cert.pem";

     

       
906
       
906
       
-
       
              description = lib.mdDoc ''

     

       
907
       
907
       
-
       
                Path to IdP certificate file in PEM format.

     

       
908
       
908
       
-
       
              '';

     

       
909
       
909
       
-
       
            };

     

       
910
       
910
       
-
       
            issuer = mkOption {

     

       
911
       
911
       
-
       
              type = types.str;

     

       
912
       
912
       
-
       
              default = "";

     

       
913
       
913
       
-
       
              description = lib.mdDoc ''

     

       
914
       
914
       
-
       
                Optional identity of the service provider.

     

       
915
       
915
       
-
       
                This defaults to the server URL.

     

       
916
       
916
       
-
       
              '';

     

       
917
       
917
       
-
       
            };

     

       
918
       
918
       
-
       
            identifierFormat = mkOption {

     

       
919
       
919
       
-
       
              type = types.str;

     

       
920
       
920
       
-
       
              default = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";

     

       
921
       
921
       
-
       
              description = lib.mdDoc ''

     

       
922
       
922
       
-
       
                Optional name identifier format.

     

       
923
       
923
       
-
       
              '';

     

       
924
       
924
       
-
       
            };

     

       
925
       
925
       
-
       
            groupAttribute = mkOption {

     

       
926
       
926
       
-
       
              type = types.str;

     

       
927
       
927
       
-
       
              default = "";

     

       
928
       
928
       
-
       
              example = "memberOf";

     

       
929
       
929
       
-
       
              description = lib.mdDoc ''

     

       
930
       
930
       
-
       
                Optional attribute name for group list.

     

       
931
       
931
       
-
       
              '';

     

       
932
       
932
       
-
       
            };

     

       
933
       
933
       
-
       
            externalGroups = mkOption {

     

       
934
       
934
       
-
       
              type = types.listOf types.str;

     

       
935
       
935
       
-
       
              default = [];

     

       
936
       
936
       
-
       
              example = [ "Temporary-staff" "External-users" ];

     

       
937
       
937
       
-
       
              description = lib.mdDoc ''

     

       
938
       
938
       
-
       
                Excluded group names.

     

       
939
       
939
       
-
       
              '';

     

       
940
       
940
       
-
       
            };

     

       
941
       
941
       
-
       
            requiredGroups = mkOption {

     

       
942
       
942
       
-
       
              type = types.listOf types.str;

     

       
943
       
943
       
-
       
              default = [];

     

       
944
       
944
       
-
       
              example = [ "Hedgedoc-Users" ];

     

       
945
       
945
       
-
       
              description = lib.mdDoc ''

     

       
946
       
946
       
-
       
                Required group names.

     

       
947
       
947
       
-
       
              '';

     

       
948
       
948
       
-
       
            };

     

       
949
       
949
       
-
       
            providerName = mkOption {

     

       
950
       
950
       
-
       
              type = types.str;

     

       
951
       
951
       
-
       
              default = "";

     

       
952
       
952
       
-
       
              example = "My institution";

     

       
953
       
953
       
-
       
              description = lib.mdDoc ''

     

       
954
       
954
       
-
       
                Optional name to be displayed at login form indicating the SAML provider.

     

       
955
       
955
       
-
       
              '';

     

       
956
       
956
       
-
       
            };

     

       
957
       
957
       
-
       
            attribute = {

     

       
958
       
958
       
-
       
              id = mkOption {

     

       
959
       
959
       
-
       
                type = types.str;

     

       
960
       
960
       
-
       
                default = "";

     

       
961
       
961
       
-
       
                description = lib.mdDoc ''

     

       
962
       
962
       
-
       
                  Attribute map for `id`.

     

       
963
       
963
       
-
       
                  Defaults to `NameID` of SAML response.

     

       
964
       
964
       
-
       
                '';

     

       
965
       
965
       
-
       
              };

     

       
966
       
966
       
-
       
              username = mkOption {

     

       
967
       
967
       
-
       
                type = types.str;

     

       
968
       
968
       
-
       
                default = "";

     

       
969
       
969
       
-
       
                description = lib.mdDoc ''

     

       
970
       
970
       
-
       
                  Attribute map for `username`.

     

       
971
       
971
       
-
       
                  Defaults to `NameID` of SAML response.

     

       
972
       
972
       
-
       
                '';

     

       
973
       
973
       
-
       
              };

     

       
974
       
974
       
-
       
              email = mkOption {

     

       
975
       
975
       
-
       
                type = types.str;

     

       
976
       
976
       
-
       
                default = "";

     

       
977
       
977
       
-
       
                description = lib.mdDoc ''

     

       
978
       
978
       
-
       
                  Attribute map for `email`.

     

       
979
       
979
       
-
       
                  Defaults to `NameID` of SAML response if

     

       
980
       
980
       
-
       
                  {option}`identifierFormat` has

     

       
981
       
981
       
-
       
                  the default value.

     

       
982
       
982
       
-
       
                '';

     

       
983
       
983
       
-
       
              };

     

       
984
       
984
       
-
       
            };

     

       
177
       
177
       
+
       


     

       
178
       
178
       
+
       
          # Declared because we change the default to false.

     

       
179
       
179
       
+
       
          allowGravatar = mkOption {

     

       
180
       
180
       
+
       
            type = types.bool;

     

       
181
       
181
       
+
       
            default = false;

     

       
182
       
182
       
+
       
            example = true;

     

       
183
       
183
       
+
       
            description = mdDoc ''

     

       
184
       
184
       
+
       
              Whether to enable [Libravatar](https://wiki.libravatar.org/) as

     

       
185
       
185
       
+
       
              profile picture source on your instance.

     

       
186
       
186
       
+
       


     

       
187
       
187
       
+
       
              Despite the naming of the setting, Hedgedoc replaced Gravatar

     

       
188
       
188
       
+
       
              with Libravatar in [CodiMD 1.4.0](https://hedgedoc.org/releases/1.4.0/)

     

       
189
       
189
       
+
       
            '';

     

       
985
       
190
       
 
       
          };

     

       
986
       
986
       
-
       
        });

     

       
987
       
987
       
-
       
        default = null;

     

       
988
       
988
       
-
       
        description = lib.mdDoc "Configure the SAML integration.";

     

       
191
       
191
       
+
       
        };

     

       
989
       
192
       
 
       
      };

     

       
990
       
990
       
-
       
    }; in lib.mkOption {

     

       
991
       
991
       
-
       
      type = lib.types.submodule {

     

       
992
       
992
       
-
       
        freeformType = settingsFormat.type;

     

       
993
       
993
       
-
       
        inherit options;

     

       
994
       
994
       
-
       
      };

     

       
995
       
995
       
-
       
      description = lib.mdDoc ''

     

       
193
       
193
       
+
       


     

       
194
       
194
       
+
       
      description = mdDoc ''

     

       
996
       
195
       
 
       
        HedgeDoc configuration, see

     

       
997
       
196
       
 
       
        <https://docs.hedgedoc.org/configuration/>

     

       
998
       
197
       
 
       
        for documentation.

     
···

       
1003
       
202
       
 
       
      type = with types; nullOr path;

     

       
1004
       
203
       
 
       
      default = null;

     

       
1005
       
204
       
 
       
      example = "/var/lib/hedgedoc/hedgedoc.env";

     

       
1006
       
1006
       
-
       
      description = lib.mdDoc ''

     

       
205
       
205
       
+
       
      description = mdDoc ''

     

       
1007
       
206
       
 
       
        Environment file as defined in {manpage}`systemd.exec(5)`.

     

       
1008
       
207
       
 
       


     

       
1009
       
208
       
 
       
        Secrets may be passed to the service without adding them to the world-readable

     
···

       
1028
       
227
       
 
       
    };

     

       
1029
       
228
       
 
       
  };

     

       
1030
       
229
       
 
       


     

       
1031
       
1031
       
-
       
  config = mkIf cfg.enable {

     

       
1032
       
1032
       
-
       
    assertions = [

     

       
1033
       
1033
       
-
       
      { assertion = cfg.settings.db == {} -> (

     

       
1034
       
1034
       
-
       
          cfg.settings.dbURL != "" && cfg.settings.dbURL != null

     

       
1035
       
1035
       
-
       
        );

     

       
1036
       
1036
       
-
       
        message = "Database configuration for HedgeDoc missing."; }

     

       
1037
       
1037
       
-
       
    ];

     

       
1038
       
1038
       
-
       
    users.groups.${name} = {};

     

       
230
       
230
       
+
       
  config = lib.mkIf cfg.enable {

     

       
231
       
231
       
+
       
    users.groups.${name} = { };

     

       
1039
       
232
       
 
       
    users.users.${name} = {

     

       
1040
       
233
       
 
       
      description = "HedgeDoc service user";

     

       
1041
       
234
       
 
       
      group = name;

     

       
1042
       
1042
       
-
       
      extraGroups = cfg.groups;

     

       
1043
       
1043
       
-
       
      home = cfg.workDir;

     

       
1044
       
1044
       
-
       
      createHome = true;

     

       
1045
       
235
       
 
       
      isSystemUser = true;

     

       
1046
       
236
       
 
       
    };

     

       
1047
       
237
       
 
       


     

       
238
       
238
       
+
       
    services.hedgedoc.settings = {

     

       
239
       
239
       
+
       
      defaultNotePath = lib.mkDefault "${cfg.package}/public/default.md";

     

       
240
       
240
       
+
       
      docsPath = lib.mkDefault "${cfg.package}/public/docs";

     

       
241
       
241
       
+
       
      viewPath = lib.mkDefault "${cfg.package}/public/views";

     

       
242
       
242
       
+
       
    };

     

       
243
       
243
       
+
       


     

       
1048
       
244
       
 
       
    systemd.services.hedgedoc = {

     

       
1049
       
245
       
 
       
      description = "HedgeDoc Service";

     

       
246
       
246
       
+
       
      documentation = [ "https://docs.hedgedoc.org/" ];

     

       
1050
       
247
       
 
       
      wantedBy = [ "multi-user.target" ];

     

       
1051
       
248
       
 
       
      after = [ "networking.target" ];

     

       
1052
       
1052
       
-
       
      preStart = ''

     

       
1053
       
1053
       
-
       
        ${pkgs.envsubst}/bin/envsubst \

     

       
1054
       
1054
       
-
       
          -o ${cfg.workDir}/config.json \

     

       
1055
       
1055
       
-
       
          -i ${prettyJSON cfg.settings}

     

       
1056
       
1056
       
-
       
        mkdir -p ${cfg.settings.uploadsPath}

     

       
1057
       
1057
       
-
       
      '';

     

       
249
       
249
       
+
       
      preStart =

     

       
250
       
250
       
+
       
        let

     

       
251
       
251
       
+
       
          configFile = settingsFormat.generate "hedgedoc-config.json" {

     

       
252
       
252
       
+
       
            production = cfg.settings;

     

       
253
       
253
       
+
       
          };

     

       
254
       
254
       
+
       
        in

     

       
255
       
255
       
+
       
        ''

     

       
256
       
256
       
+
       
          ${pkgs.envsubst}/bin/envsubst \

     

       
257
       
257
       
+
       
            -o /run/${name}/config.json \

     

       
258
       
258
       
+
       
            -i ${configFile}

     

       
259
       
259
       
+
       
          ${pkgs.coreutils}/bin/mkdir -p ${cfg.settings.uploadsPath}

     

       
260
       
260
       
+
       
        '';

     

       
1058
       
261
       
 
       
      serviceConfig = {

     

       
1059
       
1059
       
-
       
        WorkingDirectory = cfg.workDir;

     

       
1060
       
1060
       
-
       
        StateDirectory = [ cfg.workDir cfg.settings.uploadsPath ];

     

       
1061
       
1061
       
-
       
        ExecStart = "${lib.getExe cfg.package}";

     

       
1062
       
1062
       
-
       
        EnvironmentFile = mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];

     

       
262
       
262
       
+
       
        User = name;

     

       
263
       
263
       
+
       
        Group = name;

     

       
264
       
264
       
+
       


     

       
265
       
265
       
+
       
        Restart = "always";

     

       
266
       
266
       
+
       
        ExecStart = "${cfg.package}/bin/hedgedoc";

     

       
267
       
267
       
+
       
        RuntimeDirectory = [ name ];

     

       
268
       
268
       
+
       
        StateDirectory = [ name ];

     

       
269
       
269
       
+
       
        WorkingDirectory = "/run/${name}";

     

       
270
       
270
       
+
       
        ReadWritePaths = [

     

       
271
       
271
       
+
       
          "-${cfg.settings.uploadsPath}"

     

       
272
       
272
       
+
       
        ] ++ lib.optionals (cfg.settings.db ? "storage") [ "-${cfg.settings.db.storage}" ];

     

       
273
       
273
       
+
       
        EnvironmentFile = lib.mkIf (cfg.environmentFile != null) [ cfg.environmentFile ];

     

       
1063
       
274
       
 
       
        Environment = [

     

       
1064
       
1064
       
-
       
          "CMD_CONFIG_FILE=${cfg.workDir}/config.json"

     

       
275
       
275
       
+
       
          "CMD_CONFIG_FILE=/run/${name}/config.json"

     

       
1065
       
276
       
 
       
          "NODE_ENV=production"

     

       
1066
       
277
       
 
       
        ];

     

       
1067
       
1067
       
-
       
        Restart = "always";

     

       
1068
       
1068
       
-
       
        User = name;

     

       
278
       
278
       
+
       


     

       
279
       
279
       
+
       
        # Hardening

     

       
280
       
280
       
+
       
        AmbientCapabilities = "";

     

       
281
       
281
       
+
       
        CapabilityBoundingSet = "";

     

       
282
       
282
       
+
       
        LockPersonality = true;

     

       
283
       
283
       
+
       
        NoNewPrivileges = true;

     

       
284
       
284
       
+
       
        PrivateDevices = true;

     

       
285
       
285
       
+
       
        PrivateMounts = true;

     

       
1069
       
286
       
 
       
        PrivateTmp = true;

     

       
287
       
287
       
+
       
        PrivateUsers = true;

     

       
288
       
288
       
+
       
        ProcSubset = "pid";

     

       
289
       
289
       
+
       
        ProtectClock = true;

     

       
290
       
290
       
+
       
        ProtectControlGroups = true;

     

       
291
       
291
       
+
       
        ProtectHome = true;

     

       
292
       
292
       
+
       
        ProtectHostname = true;

     

       
293
       
293
       
+
       
        ProtectKernelLogs = true;

     

       
294
       
294
       
+
       
        ProtectKernelModules = true;

     

       
295
       
295
       
+
       
        ProtectKernelTunables = true;

     

       
296
       
296
       
+
       
        ProtectProc = "invisible";

     

       
297
       
297
       
+
       
        ProtectSystem = "strict";

     

       
298
       
298
       
+
       
        RemoveIPC = true;

     

       
299
       
299
       
+
       
        RestrictAddressFamilies = [

     

       
300
       
300
       
+
       
          "AF_INET"

     

       
301
       
301
       
+
       
          "AF_INET6"

     

       
302
       
302
       
+
       
          # Required for connecting to database sockets,

     

       
303
       
303
       
+
       
          # and listening to unix socket at `cfg.settings.path`

     

       
304
       
304
       
+
       
          "AF_UNIX"

     

       
305
       
305
       
+
       
        ];

     

       
306
       
306
       
+
       
        RestrictNamespaces = true;

     

       
307
       
307
       
+
       
        RestrictRealtime = true;

     

       
308
       
308
       
+
       
        RestrictSUIDSGID = true;

     

       
309
       
309
       
+
       
        SocketBindAllow = lib.mkIf (cfg.settings.path == null) cfg.settings.port;

     

       
310
       
310
       
+
       
        SocketBindDeny = "any";

     

       
311
       
311
       
+
       
        SystemCallArchitectures = "native";

     

       
312
       
312
       
+
       
        SystemCallFilter = [

     

       
313
       
313
       
+
       
          "@system-service"

     

       
314
       
314
       
+
       
          "~@privileged @obsolete"

     

       
315
       
315
       
+
       
          "@pkey"

     

       
316
       
316
       
+
       
        ];

     

       
317
       
317
       
+
       
        UMask = "0007";

     

       
1070
       
318
       
 
       
      };

     

       
1071
       
319
       
 
       
    };

     

       
1072
       
320
       
 
       
  };