commit 1d41cff3dc4c8f37bb5841f51fcbff705e169178 · pyrox.dev/nixpkgs

+7 -7

nixos/modules/services/backup/znapzend.nix

···

       12
       12
        
             backups. It consists of a series of retention periodes to interval

     

       13
       13
        
             associations:

     

       14
       14
        
       

     

       15
       15
       -
             <literal>

     

       15
       15
       +
             ```

     

       16
       16
        
               retA=>intA,retB=>intB,...

     

       17
       17
       -
             </literal>

     

       17
       17
       +
             ```

     

       18
       18
        
       

     

       19
       19
        
             Both intervals and retention periods are expressed in standard units

     

       20
       20
        
             of time or multiples of them. You can use both the full name or a

     

       21
       21
        
             shortcut according to the following listing:

     

       22
       22
        
       

     

       23
       23
       -
             <literal>

     

       23
       23
       +
             ```

     

       24
       24
        
               second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y

     

       25
       25
       -
             </literal>

     

       25
       25
       +
             ```

     

       26
       26
        
       

     

       27
       27
       -
             See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.

     

       27
       27
       +
             See {manpage}`znapzendzetup(1)` for more info.

     

       28
       28
        
         '';

     

       29
       29
        
         planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";

     

       30
       30
        
       

     
···

       57
       57
        
       

     

       58
       58
        
             plan = mkOption {

     

       59
       59
        
               type = str;

     

       60
       60
       -
               description = planDescription;

     

       60
       60
       +
               description = lib.mdDoc planDescription;

     

       61
       61
        
               example = planExample;

     

       62
       62
        
             };

     

       63
       63
        
       

     
···

       209
       209
        
       

     

       210
       210
        
             plan = mkOption {

     

       211
       211
        
               type = str;

     

       212
       212
       -
               description = planDescription;

     

       212
       212
       +
               description = lib.mdDoc planDescription;

     

       213
       213
        
               example = planExample;

     

       214
       214
        
             };

     

       215
       215

+3 -3

nixos/modules/services/development/zammad.nix

···

       137
       137
        
                   {

     

       138
       138
        
                   }

     

       139
       139
        
                 '';

     

       140
       140
       -
                 description = ''

     

       141
       141
       -
                   The <filename>database.yml</filename> configuration file as key value set.

     

       142
       142
       -
                   See <link xlink:href="TODO"/>

     

       140
       140
       +
                 description = lib.mdDoc ''

     

       141
       141
       +
                   The {file}`database.yml` configuration file as key value set.

     

       142
       142
       +
                   See \<TODO\>

     

       143
       143
        
                   for list of configuration parameters.

     

       144
       144
        
                 '';

     

       145
       145
        
               };

+2 -2

nixos/modules/services/games/teeworlds.nix

···

       80
       80
        
             extraOptions = mkOption {

     

       81
       81
        
               type = types.listOf types.str;

     

       82
       82
        
               default = [];

     

       83
       83
       -
               description = ''

     

       84
       84
       -
                 Extra configuration lines for the <filename>teeworlds.cfg</filename>. See <link xlink:href="https://www.teeworlds.com/?page=docs&amp;wiki=server_settings">Teeworlds Documentation</link>.

     

       83
       83
       +
               description = lib.mdDoc ''

     

       84
       84
       +
                 Extra configuration lines for the {file}`teeworlds.cfg`. See [Teeworlds Documentation](https://www.teeworlds.com/?page=docs&wiki=server_settings).

     

       85
       85
        
               '';

     

       86
       86
        
               example = [ "sv_map dm1" "sv_gametype dm" ];

     

       87
       87
        
             };

+2 -2

nixos/modules/services/mail/pfix-srsd.nix

···

       22
       22
        
             };

     

       23
       23
        
       

     

       24
       24
        
             secretsFile = mkOption {

     

       25
       25
       -
               description = ''

     

       25
       25
       +
               description = lib.mdDoc ''

     

       26
       26
        
                 The secret data used to encode the SRS address.

     

       27
       27
        
                 to generate, use a command like:

     

       28
       28
       -
                 <literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done</literal>

     

       28
       28
       +
                 `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`

     

       29
       29
        
               '';

     

       30
       30
        
               type = types.path;

     

       31
       31
        
               default = "/var/lib/pfix-srsd/secrets";

+12 -9

nixos/modules/services/mail/spamassassin.nix

···

       22
       22
        
       

     

       23
       23
        
             config = mkOption {

     

       24
       24
        
               type = types.lines;

     

       25
       25
       -
               description = ''

     

       25
       25
       +
               description = lib.mdDoc ''

     

       26
       26
        
                 The SpamAssassin local.cf config

     

       27
       27
        
       

     

       28
       28
        
                 If you are using this configuration:

     

       29
       29
       -
                   add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_

     

       29
       29
       +
       

     

       30
       30
       +
                     add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_

     

       30
       31
        
       

     

       31
       32
        
                 Then you can Use this sieve filter:

     

       32
       32
       -
                   require ["fileinto", "reject", "envelope"];

     

       33
       33
       +
       

     

       34
       34
       +
                     require ["fileinto", "reject", "envelope"];

     

       33
       35
        
       

     

       34
       34
       -
                   if header :contains "X-Spam-Flag" "YES" {

     

       35
       35
       -
                     fileinto "spam";

     

       36
       36
       -
                   }

     

       36
       36
       +
                     if header :contains "X-Spam-Flag" "YES" {

     

       37
       37
       +
                       fileinto "spam";

     

       38
       38
       +
                     }

     

       37
       39
        
       

     

       38
       40
        
                 Or this procmail filter:

     

       39
       39
       -
                   :0:

     

       40
       40
       -
                   * ^X-Spam-Flag: YES

     

       41
       41
       -
                   /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new

     

       41
       41
       +
       

     

       42
       42
       +
                     :0:

     

       43
       43
       +
                     * ^X-Spam-Flag: YES

     

       44
       44
       +
                     /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new

     

       42
       45
        
       

     

       43
       46
        
                 To filter your messages based on the additional mail headers added by spamassassin.

     

       44
       47
        
               '';

+4 -4

nixos/modules/services/misc/autorandr.nix

···

       149
       149
        
                   };

     

       150
       150
        
                 };

     

       151
       151
        
               });

     

       152
       152
       -
               description = ''

     

       152
       152
       +
               description = lib.mdDoc ''

     

       153
       153
        
                 Output scale configuration.

     

       154
       154
        
       

     

       155
       155
        
                 Either configure by pixels or a scaling factor. When using pixel method the

     

       156
       156
       -
                 <citerefentry><refentrytitle>xrandr</refentrytitle><manvolnum>1</manvolnum></citerefentry>

     

       156
       156
       +
                 {manpage}`xrandr(1)`

     

       157
       157
        
                 option

     

       158
       158
       -
                 <parameter class="command">--scale-from</parameter>

     

       158
       158
       +
                 `--scale-from`

     

       159
       159
        
                 will be used; when using factor method the option

     

       160
       160
       -
                 <parameter class="command">--scale</parameter>

     

       160
       160
       +
                 `--scale`

     

       161
       161
        
                 will be used.

     

       162
       162
        
       

     

       163
       163
        
                 This option is a shortcut version of the transform option and they are mutually

+6 -6

nixos/modules/services/misc/gitea.nix

···

       322
       322
        
                   };

     

       323
       323
        
       

     

       324
       324
        
                   service = {

     

       325
       325
       -
                     DISABLE_REGISTRATION = mkEnableOption "the registration lock" // {

     

       326
       326
       -
                       description = ''

     

       327
       327
       -
                         By default any user can create an account on this <literal>gitea</literal> instance.

     

       325
       325
       +
                     DISABLE_REGISTRATION = mkEnableOption (lib.mdDoc "the registration lock") // {

     

       326
       326
       +
                       description = lib.mdDoc ''

     

       327
       327
       +
                         By default any user can create an account on this `gitea` instance.

     

       328
       328
        
                         This can be disabled by using this option.

     

       329
       329
        
       

     

       330
       330
       -
                         <emphasis>Note:</emphasis> please keep in mind that this should be added after the initial

     

       331
       331
       -
                         deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>

     

       332
       332
       -
                         is <literal>true</literal> as the first registered user will be the administrator if

     

       330
       330
       +
                         *Note:* please keep in mind that this should be added after the initial

     

       331
       331
       +
                         deploy unless [](#opt-services.gitea.useWizard)

     

       332
       332
       +
                         is `true` as the first registered user will be the administrator if

     

       333
       333
        
                         no install wizard is used.

     

       334
       334
        
                       '';

     

       335
       335
        
                     };

+3 -3

nixos/modules/services/misc/gitit.nix

···

       211
       211
        
             templatesDir = mkOption {

     

       212
       212
        
               type = types.path;

     

       213
       213
        
               default = gititShared + "/data/templates";

     

       214
       214
       -
               description = ''

     

       214
       214
       +
               description = lib.mdDoc ''

     

       215
       215
        
                 Specifies the path of the directory containing page templates.  If it

     

       216
       216
        
                 does not exist, gitit will create it with default templates.  Users

     

       217
       217
        
                 may wish to edit the templates to customize the appearance of their

     
···

       490
       490
        
             absoluteUrls = mkOption {

     

       491
       491
        
               type = types.bool;

     

       492
       492
        
               default = false;

     

       493
       493
       -
               description = ''

     

       493
       493
       +
               description = lib.mdDoc ''

     

       494
       494
        
                 Make wikilinks absolute with respect to the base-url.  So, for

     

       495
       495
        
                 example, in a wiki served at the base URL '/wiki', on a page

     

       496
       496
       -
                 Sub/Page, the wikilink '[Cactus]()' will produce a link to

     

       496
       496
       +
                 Sub/Page, the wikilink `[Cactus]()` will produce a link to

     

       497
       497
        
                 '/wiki/Cactus' if absoluteUrls is true, and a relative link to

     

       498
       498
        
                 'Cactus' (referring to '/wiki/Sub/Cactus') if absolute-urls is 'no'.

     

       499
       499
        
               '';

+6 -6

nixos/modules/services/misc/nix-daemon.nix

···

       628
       628
        
                   sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };

     

       629
       629
        
                 }

     

       630
       630
        
               '';

     

       631
       631
       -
               description = ''

     

       631
       631
       +
               description = lib.mdDoc ''

     

       632
       632
        
                 Configuration for Nix, see

     

       633
       633
       -
                 <link xlink:href="https://nixos.org/manual/nix/stable/#sec-conf-file"/> or

     

       634
       634
       -
                 <citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for avalaible options.

     

       633
       633
       +
                 <https://nixos.org/manual/nix/stable/#sec-conf-file> or

     

       634
       634
       +
                 {manpage}`nix.conf(5)` for avalaible options.

     

       635
       635
        
                 The value declared here will be translated directly to the key-value pairs Nix expects.

     

       636
       636
        
       

     

       637
       637
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.nix.settings</command>

     

       637
       637
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`

     

       638
       638
        
                 to view the current value. By default it is empty.

     

       639
       639
        
       

     

       640
       640
       -
                 Nix configurations defined under <option>nix.*</option> will be translated and applied to this

     

       641
       641
       -
                 option. In addition, configuration specified in <option>nix.extraOptions</option> which will be appended

     

       640
       640
       +
                 Nix configurations defined under {option}`nix.*` will be translated and applied to this

     

       641
       641
       +
                 option. In addition, configuration specified in {option}`nix.extraOptions` which will be appended

     

       642
       642
        
                 verbatim to the resulting config file.

     

       643
       643
        
               '';

     

       644
       644
        
             };

+6 -6

nixos/modules/services/misc/persistent-evdev.nix

···

       16
       16
        
           devices = lib.mkOption {

     

       17
       17
        
             default = {};

     

       18
       18
        
             type = with lib.types; attrsOf str;

     

       19
       19
       -
             description = ''

     

       19
       19
       +
             description = lib.mdDoc ''

     

       20
       20
        
               A set of virtual proxy device labels with backing physical device ids.

     

       21
       21
        
       

     

       22
       22
       -
               Physical devices should already exist in <filename class="devicefile">/dev/input/by-id/</filename>.

     

       23
       23
       -
               Proxy devices will be automatically given a <literal>uinput-</literal> prefix.

     

       22
       22
       +
               Physical devices should already exist in {file}`/dev/input/by-id/`.

     

       23
       23
       +
               Proxy devices will be automatically given a `uinput-` prefix.

     

       24
       24
        
       

     

       25
       25
       -
               See the <link xlink:href="https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt">project page</link>

     

       25
       25
       +
               See the [project page](https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt)

     

       26
       26
        
               for example configuration of virtual devices with libvirt

     

       27
       27
       -
               and remember to add <literal>uinput-*</literal> devices to the qemu

     

       28
       28
       -
               <literal>cgroup_device_acl</literal> list (see <xref linkend="opt-virtualisation.libvirtd.qemu.verbatimConfig"/>).

     

       27
       27
       +
               and remember to add `uinput-*` devices to the qemu

     

       28
       28
       +
               `cgroup_device_acl` list (see [](#opt-virtualisation.libvirtd.qemu.verbatimConfig)).

     

       29
       29
        
             '';

     

       30
       30
        
             example = lib.literalExpression ''

     

       31
       31
        
               {

+3 -3

nixos/modules/services/monitoring/prometheus/exporters.nix

···

       115
       115
        
             example = literalExpression ''

     

       116
       116
        
               "-i eth0 -p tcp -m tcp --dport ${toString port}"

     

       117
       117
        
             '';

     

       118
       118
       -
             description = ''

     

       118
       118
       +
             description = lib.mdDoc ''

     

       119
       119
        
               Specify a filter for iptables to use when

     

       120
       120
       -
               <option>services.prometheus.exporters.${name}.openFirewall</option>

     

       121
       121
       -
               is true. It is used as `ip46tables -I nixos-fw <option>firewallFilter</option> -j nixos-fw-accept`.

     

       120
       120
       +
               {option}`services.prometheus.exporters.${name}.openFirewall`

     

       121
       121
       +
               is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.

     

       122
       122
        
             '';

     

       123
       123
        
           };

     

       124
       124
        
           user = mkOption {

+2 -2

nixos/modules/services/monitoring/smartd.nix

···

       135
       135
        
                   default = "root";

     

       136
       136
        
                   example = "example@domain.tld";

     

       137
       137
        
                   type = types.str;

     

       138
       138
       -
                   description = ''

     

       138
       138
       +
                   description = lib.mdDoc ''

     

       139
       139
        
                     Sender of the notification messages.

     

       140
       140
       -
                     Acts as the value of <literal>email</literal> in the emails' <literal>From: ... </literal> field.

     

       140
       140
       +
                     Acts as the value of `email` in the emails' `From: ...` field.

     

       141
       141
        
                   '';

     

       142
       142
        
                 };

     

       143
       143

+2 -2

nixos/modules/services/networking/3proxy.nix

···

       155
       155
        
                         type = types.listOf types.str;

     

       156
       156
        
                         default = [ ];

     

       157
       157
        
                         example = [ "127.0.0.1" "192.168.1.0/24" ];

     

       158
       158
       -
                         description = ''

     

       158
       158
       +
                         description = lib.mdDoc ''

     

       159
       159
        
                           List of target IP ranges, use empty list for any.

     

       160
       160
        
                           May also contain host names instead of addresses.

     

       161
       161
       -
                           It's possible to use wildmask in the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.

     

       161
       161
       +
                           It's possible to use wildmask in the begginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.

     

       162
       162
        
                           Hostname is only checked if hostname presents in request.

     

       163
       163
        
                         '';

     

       164
       164
        
                       };

+2 -2

nixos/modules/services/networking/networkmanager.nix

···

       327
       327
        
                   type = mkOption {

     

       328
       328
        
                     type = types.enum (attrNames dispatcherTypesSubdirMap);

     

       329
       329
        
                     default = "basic";

     

       330
       330
       -
                     description = ''

     

       330
       330
       +
                     description = lib.mdDoc ''

     

       331
       331
        
                       Dispatcher hook type. Look up the hooks described at

     

       332
       332
       -
                       <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.html">https://developer.gnome.org/NetworkManager/stable/NetworkManager.html</link>

     

       332
       332
       +
                       [https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html)

     

       333
       333
        
                       and choose the type depending on the output folder.

     

       334
       334
        
                       You should then filter the event type (e.g., "up"/"down") from within your script.

     

       335
       335
        
                     '';

+13 -12

nixos/modules/services/networking/wireguard.nix

···

       194
       194
        
               default = null;

     

       195
       195
        
               example = "demo.wireguard.io:12913";

     

       196
       196
        
               type = with types; nullOr str;

     

       197
       197
       -
               description = ''Endpoint IP or hostname of the peer, followed by a colon,

     

       198
       198
       -
               and then a port number of the peer.

     

       197
       197
       +
               description = lib.mdDoc ''

     

       198
       198
       +
                 Endpoint IP or hostname of the peer, followed by a colon,

     

       199
       199
       +
                 and then a port number of the peer.

     

       199
       200
        
       

     

       200
       200
       -
               Warning for endpoints with changing IPs:

     

       201
       201
       -
               The WireGuard kernel side cannot perform DNS resolution.

     

       202
       202
       -
               Thus DNS resolution is done once by the <literal>wg</literal> userspace

     

       203
       203
       -
               utility, when setting up WireGuard. Consequently, if the IP address

     

       204
       204
       -
               behind the name changes, WireGuard will not notice.

     

       205
       205
       -
               This is especially common for dynamic-DNS setups, but also applies to

     

       206
       206
       -
               any other DNS-based setup.

     

       207
       207
       -
               If you do not use IP endpoints, you likely want to set

     

       208
       208
       -
               <option>networking.wireguard.dynamicEndpointRefreshSeconds</option>

     

       209
       209
       -
               to refresh the IPs periodically.

     

       201
       201
       +
                 Warning for endpoints with changing IPs:

     

       202
       202
       +
                 The WireGuard kernel side cannot perform DNS resolution.

     

       203
       203
       +
                 Thus DNS resolution is done once by the `wg` userspace

     

       204
       204
       +
                 utility, when setting up WireGuard. Consequently, if the IP address

     

       205
       205
       +
                 behind the name changes, WireGuard will not notice.

     

       206
       206
       +
                 This is especially common for dynamic-DNS setups, but also applies to

     

       207
       207
       +
                 any other DNS-based setup.

     

       208
       208
       +
                 If you do not use IP endpoints, you likely want to set

     

       209
       209
       +
                 {option}`networking.wireguard.dynamicEndpointRefreshSeconds`

     

       210
       210
       +
                 to refresh the IPs periodically.

     

       210
       211
        
               '';

     

       211
       212
        
             };

     

       212
       213

+8 -8

nixos/modules/services/networking/znc/default.nix

···

       149
       149
        
                   };

     

       150
       150
        
                 }

     

       151
       151
        
               '';

     

       152
       152
       -
               description = ''

     

       152
       152
       +
               description = lib.mdDoc ''

     

       153
       153
        
                 Configuration for ZNC, see

     

       154
       154
       -
                 <link xlink:href="https://wiki.znc.in/Configuration"/> for details. The

     

       154
       154
       +
                 <https://wiki.znc.in/Configuration> for details. The

     

       155
       155
        
                 Nix value declared here will be translated directly to the xml-like

     

       156
       156
        
                 format ZNC expects. This is much more flexible than the legacy options

     

       157
       157
       -
                 under <option>services.znc.confOptions.*</option>, but also can't do

     

       157
       157
       +
                 under {option}`services.znc.confOptions.*`, but also can't do

     

       158
       158
        
                 any type checking.

     

       159
       159
        
       

     

       160
       160
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.services.znc.config</command>

     

       160
       160
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`

     

       161
       161
        
                 to view the current value. By default it contains a listener for port

     

       162
       162
        
                 5000 with SSL enabled.

     

       163
       163
        
       

     

       164
       164
       -
                 Nix attributes called <literal>extraConfig</literal> will be inserted

     

       164
       164
       +
                 Nix attributes called `extraConfig` will be inserted

     

       165
       165
        
                 verbatim into the resulting config file.

     

       166
       166
        
       

     

       167
       167
       -
                 If <option>services.znc.useLegacyConfig</option> is turned on, the

     

       168
       168
       -
                 option values in <option>services.znc.confOptions.*</option> will be

     

       167
       167
       +
                 If {option}`services.znc.useLegacyConfig` is turned on, the

     

       168
       168
       +
                 option values in {option}`services.znc.confOptions.*` will be

     

       169
       169
        
                 gracefully be applied to this option.

     

       170
       170
        
       

     

       171
       171
        
                 If you intend to update the configuration through this option, be sure

     

       172
       172
       -
                 to enable <option>services.znc.mutable</option>, otherwise none of the

     

       172
       172
       +
                 to enable {option}`services.znc.mutable`, otherwise none of the

     

       173
       173
        
                 changes here will be applied after the initial deploy.

     

       174
       174
        
               '';

     

       175
       175
        
             };

+8 -8

nixos/modules/services/networking/znc/options.nix

···

       97
       97
        
             useLegacyConfig = mkOption {

     

       98
       98
        
               default = true;

     

       99
       99
        
               type = types.bool;

     

       100
       100
       -
               description = ''

     

       100
       100
       +
               description = lib.mdDoc ''

     

       101
       101
        
                 Whether to propagate the legacy options under

     

       102
       102
       -
                 <option>services.znc.confOptions.*</option> to the znc config. If this

     

       102
       102
       +
                 {option}`services.znc.confOptions.*` to the znc config. If this

     

       103
       103
        
                 is turned on, the znc config will contain a user with the default name

     

       104
       104
        
                 "znc", global modules "webadmin" and "adminlog" will be enabled by

     

       105
       105
        
                 default, and more, all controlled through the

     

       106
       106
       -
                 <option>services.znc.confOptions.*</option> options.

     

       107
       107
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.services.znc.config</command>

     

       106
       106
       +
                 {option}`services.znc.confOptions.*` options.

     

       107
       107
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`

     

       108
       108
        
                 to view the current value of the config.

     

       109
       109
        
       

     

       110
       110
        
                 In any case, if you need more flexibility,

     

       111
       111
       -
                 <option>services.znc.config</option> can be used to override/add to

     

       111
       111
       +
                 {option}`services.znc.config` can be used to override/add to

     

       112
       112
        
                 all of the legacy options.

     

       113
       113
        
               '';

     

       114
       114
        
             };

     
···

       177
       177
        
                   &lt;/Pass&gt;

     

       178
       178
        
                 '';

     

       179
       179
        
                 type = types.str;

     

       180
       180
       -
                 description = ''

     

       181
       181
       -
                   Generate with <command>nix-shell -p znc --command "znc --makepass"</command>.

     

       180
       180
       +
                 description = lib.mdDoc ''

     

       181
       181
       +
                   Generate with {command}`nix-shell -p znc --command "znc --makepass"`.

     

       182
       182
        
                   This is the password used to log in to the ZNC web admin interface.

     

       183
       183
        
                   You can also set this through

     

       184
       184
       -
                   <option>services.znc.config.User.&lt;username&gt;.Pass.Method</option>

     

       184
       184
       +
                   {option}`services.znc.config.User.<username>.Pass.Method`

     

       185
       185
        
                   and co.

     

       186
       186
        
                 '';

     

       187
       187
        
               };

+5 -5

nixos/modules/services/security/tor.nix

···

       288
       288
        
             };

     

       289
       289
        
       

     

       290
       290
        
             relay = {

     

       291
       291
       -
               enable = mkEnableOption "tor relaying" // {

     

       292
       292
       -
                 description = ''

     

       291
       291
       +
               enable = mkEnableOption (lib.mdDoc "tor relaying") // {

     

       292
       292
       +
                 description = lib.mdDoc ''

     

       293
       293
        
                   Whether to enable relaying of Tor traffic for others.

     

       294
       294
        
       

     

       295
       295
       -
                   See <link xlink:href="https://www.torproject.org/docs/tor-doc-relay"/>

     

       295
       295
       +
                   See <https://www.torproject.org/docs/tor-doc-relay>

     

       296
       296
        
                   for details.

     

       297
       297
        
       

     

       298
       298
        
                   Setting this to true requires setting

     

       299
       299
       -
                   <option>services.tor.relay.role</option>

     

       299
       299
       +
                   {option}`services.tor.relay.role`

     

       300
       300
        
                   and

     

       301
       301
       -
                   <option>services.tor.settings.ORPort</option>

     

       301
       301
       +
                   {option}`services.tor.settings.ORPort`

     

       302
       302
        
                   options.

     

       303
       303
        
                 '';

     

       304
       304
        
               };

+9 -9

nixos/modules/services/security/vaultwarden/default.nix

···

       97
       97
        
                 SMTP_FROM_NAME = "example.com Bitwarden server";

     

       98
       98
        
               }

     

       99
       99
        
             '';

     

       100
       100
       -
             description = ''

     

       100
       100
       +
             description = lib.mdDoc ''

     

       101
       101
        
               The configuration of vaultwarden is done through environment variables,

     

       102
       102
       -
               therefore it is recommended to use upper snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).

     

       102
       102
       +
               therefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).

     

       103
       103
        
       

     

       104
       104
       -
               However, camel case (e.g. <literal>disable2FARemember</literal>) is also supported:

     

       104
       104
       +
               However, camel case (e.g. `disable2FARemember`) is also supported:

     

       105
       105
        
               The NixOS module will convert it automatically to

     

       106
       106
       -
               upper case snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).

     

       106
       106
       +
               upper case snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).

     

       107
       107
        
               In this conversion digits (0-9) are handled just like upper case characters,

     

       108
       108
       -
               so <literal>foo2</literal> would be converted to <envar>FOO_2</envar>.

     

       109
       109
       -
               Names already in this format remain unchanged, so <literal>FOO2</literal> remains <literal>FOO2</literal> if passed as such,

     

       110
       110
       -
               even though <literal>foo2</literal> would have been converted to <envar>FOO_2</envar>.

     

       108
       108
       +
               so `foo2` would be converted to {env}`FOO_2`.

     

       109
       109
       +
               Names already in this format remain unchanged, so `FOO2` remains `FOO2` if passed as such,

     

       110
       110
       +
               even though `foo2` would have been converted to {env}`FOO_2`.

     

       111
       111
        
               This allows working around any potential future conflicting naming conventions.

     

       112
       112
        
       

     

       113
       113
        
               Based on the attributes passed to this config option an environment file will be generated

     

       114
       114
        
               that is passed to vaultwarden's systemd service.

     

       115
       115
        
       

     

       116
       116
        
               The available configuration options can be found in

     

       117
       117
       -
               <link xlink:href="https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template">the environment template file</link>.

     

       117
       117
       +
               [the environment template file](https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template).

     

       118
       118
        
       

     

       119
       119
       -
               See <xref linkend="opt-services.vaultwarden.environmentFile"/> for how

     

       119
       119
       +
               See ()[#opt-services.vaultwarden.environmentFile) for how

     

       120
       120
        
               to set up access to the Admin UI to invite initial users.

     

       121
       121
        
             '';

     

       122
       122
        
           };

+6 -6

nixos/modules/services/torrent/transmission.nix

···

       24
       24
        
         ];

     

       25
       25
        
         options = {

     

       26
       26
        
           services.transmission = {

     

       27
       27
       -
             enable = mkEnableOption "transmission" // {

     

       28
       28
       -
               description = ''

     

       27
       27
       +
             enable = mkEnableOption (lib.mdDoc "transmission") // {

     

       28
       28
       +
               description = lib.mdDoc ''

     

       29
       29
        
                 Whether to enable the headless Transmission BitTorrent daemon.

     

       30
       30
        
       

     

       31
       31
        
                 Transmission daemon can be controlled via the RPC interface using

     

       32
       32
        
                 transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),

     

       33
       33
        
                 or other clients like stig or tremc.

     

       34
       34
        
       

     

       35
       35
       -
                 Torrents are downloaded to <xref linkend="opt-services.transmission.home"/>/${downloadsDir} by default and are

     

       35
       35
       +
                 Torrents are downloaded to [](#opt-services.transmission.home)/${downloadsDir} by default and are

     

       36
       36
        
                 accessible to users in the "transmission" group.

     

       37
       37
        
               '';

     

       38
       38
        
             };

     
···

       237
       237
        
       

     

       238
       238
        
             openRPCPort = mkEnableOption (lib.mdDoc "opening of the RPC port in the firewall");

     

       239
       239
        
       

     

       240
       240
       -
             performanceNetParameters = mkEnableOption "performance tweaks" // {

     

       241
       241
       -
               description = ''

     

       240
       240
       +
             performanceNetParameters = mkEnableOption (lib.mdDoc "performance tweaks") // {

     

       241
       241
       +
               description = lib.mdDoc ''

     

       242
       242
        
                 Whether to enable tweaking of kernel parameters

     

       243
       243
        
                 to open many more connections at the same time.

     

       244
       244
        
       

     

       245
       245
        
                 Note that you may also want to increase

     

       246
       246
       -
                 <literal>peer-limit-global"</literal>.

     

       246
       246
       +
                 `peer-limit-global`.

     

       247
       247
        
                 And be aware that these settings are quite aggressive

     

       248
       248
        
                 and might not suite your regular desktop use.

     

       249
       249
        
                 For instance, SSH sessions may time out more easily.

+9 -4

nixos/modules/services/web-apps/dokuwiki.nix

···

       137
       137
        
               usersFile = mkOption {

     

       138
       138
        
                 type = with types; nullOr str;

     

       139
       139
        
                 default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null;

     

       140
       140
       -
                 description = ''

     

       140
       140
       +
                 description = lib.mdDoc ''

     

       141
       141
        
                   Location of the dokuwiki users file. List of users. Format:

     

       142
       142
       -
                   login:passwordhash:Real Name:email:groups,comma,separated

     

       143
       143
       -
                   Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1`

     

       144
       144
       -
                   Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/>

     

       142
       142
       +
       

     

       143
       143
       +
                       login:passwordhash:Real Name:email:groups,comma,separated

     

       144
       144
       +
       

     

       145
       145
       +
                   Create passwordHash easily by using:

     

       146
       146
       +
       

     

       147
       147
       +
                       mkpasswd -5 password `pwgen 8 1`

     

       148
       148
       +
       

     

       149
       149
       +
                   Example: <https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist>

     

       145
       150
        
                   '';

     

       146
       151
        
                 example = "/var/lib/dokuwiki/${name}/users.auth.php";

     

       147
       152
        
               };

+6 -6

nixos/modules/services/web-apps/jirafeau.nix

···

       45
       45
        
               $cfg['style'] = 'courgette';

     

       46
       46
        
               $cfg['organisation'] = 'ACME';

     

       47
       47
        
             '';

     

       48
       48
       -
             description = let

     

       48
       48
       +
             description =  let

     

       49
       49
        
               documentationLink =

     

       50
       50
        
                 "https://gitlab.com/mojo42/Jirafeau/-/blob/${cfg.package.version}/lib/config.original.php";

     

       51
       51
        
             in

     

       52
       52
       -
               ''

     

       53
       53
       -
                 Jirefeau configuration. Refer to <link xlink:href="${documentationLink}"/> for supported

     

       52
       52
       +
               lib.mdDoc ''

     

       53
       53
       +
                 Jirefeau configuration. Refer to <${documentationLink}> for supported

     

       54
       54
        
                 values.

     

       55
       55
        
               '';

     

       56
       56
        
           };

     
···

       73
       73
        
             description = let

     

       74
       74
        
               nginxCoreDocumentation = "http://nginx.org/en/docs/http/ngx_http_core_module.html";

     

       75
       75
        
             in

     

       76
       76
       -
               ''

     

       76
       76
       +
               lib.mdDoc ''

     

       77
       77
        
                 Timeout for reading client request bodies and headers. Refer to

     

       78
       78
       -
                 <link xlink:href="${nginxCoreDocumentation}#client_body_timeout"/> and

     

       79
       79
       -
                 <link xlink:href="${nginxCoreDocumentation}#client_header_timeout"/> for accepted values.

     

       78
       78
       +
                 <${nginxCoreDocumentation}#client_body_timeout> and

     

       79
       79
       +
                 <${nginxCoreDocumentation}#client_header_timeout> for accepted values.

     

       80
       80
        
               '';

     

       81
       81
        
           };

     

       82
       82

+6 -6

nixos/modules/services/web-apps/mastodon.nix

···

       107
       107
        
             enable = lib.mkEnableOption (lib.mdDoc "Mastodon, a federated social network server");

     

       108
       108
        
       

     

       109
       109
        
             configureNginx = lib.mkOption {

     

       110
       110
       -
               description = ''

     

       110
       110
       +
               description = lib.mdDoc ''

     

       111
       111
        
                 Configure nginx as a reverse proxy for mastodon.

     

       112
       112
        
                 Note that this makes some assumptions on your setup, and sets settings that will

     

       113
       113
        
                 affect other virtualHosts running on your nginx instance, if any.

     

       114
       114
        
                 Alternatively you can configure a reverse-proxy of your choice to serve these paths:

     

       115
       115
        
       

     

       116
       116
       -
                 <literal>/ -> $(nix-instantiate --eval '&lt;nixpkgs&gt;' -A mastodon.outPath)/public</literal>

     

       116
       116
       +
                 `/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public`

     

       117
       117
        
       

     

       118
       118
       -
                 <literal>/ -> 127.0.0.1:{{ webPort }} </literal>(If there was no file in the directory above.)

     

       118
       118
       +
                 `/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)

     

       119
       119
        
       

     

       120
       120
       -
                 <literal>/system/ -> /var/lib/mastodon/public-system/</literal>

     

       120
       120
       +
                 `/system/ -> /var/lib/mastodon/public-system/`

     

       121
       121
        
       

     

       122
       122
       -
                 <literal>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</literal>

     

       122
       122
       +
                 `/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}`

     

       123
       123
        
       

     

       124
       124
        
                 Make sure that websockets are forwarded properly. You might want to set up caching

     

       125
       125
        
                 of some requests. Take a look at mastodon's provided nginx configuration at

     

       126
       126
       -
                 <literal>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</literal>.

     

       126
       126
       +
                 `https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf`.

     

       127
       127
        
               '';

     

       128
       128
        
               type = lib.types.bool;

     

       129
       129
        
               default = false;

+3 -3

nixos/modules/services/web-apps/matomo.nix

···

       53
       53
        
               type = types.nullOr types.str;

     

       54
       54
        
               default = null;

     

       55
       55
        
               example = "lighttpd";

     

       56
       56
       -
               description = ''

     

       57
       57
       -
                 Name of the web server user that forwards requests to <option>services.phpfpm.pools.&lt;name&gt;.socket</option> the fastcgi socket for Matomo if the nginx

     

       56
       56
       +
               description = lib.mdDoc ''

     

       57
       57
       +
                 Name of the web server user that forwards requests to {option}`services.phpfpm.pools.<name>.socket` the fastcgi socket for Matomo if the nginx

     

       58
       58
        
                 option is not used. Either this option or the nginx option is mandatory.

     

       59
       59
        
                 If you want to use another webserver than nginx, you need to set this to that server's user

     

       60
       60
       -
                 and pass fastcgi requests to <literal>index.php</literal>, <literal>matomo.php</literal> and <literal>piwik.php</literal> (legacy name) to this socket.

     

       60
       60
       +
                 and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.

     

       61
       61
        
               '';

     

       62
       62
        
             };

     

       63
       63

+3 -3

nixos/modules/services/web-apps/wiki-js.nix

···

       85
       85
        
                   '';

     

       86
       86
        
                 };

     

       87
       87
        
       

     

       88
       88
       -
                 offline = mkEnableOption "offline mode" // {

     

       89
       89
       -
                   description = ''

     

       88
       88
       +
                 offline = mkEnableOption (lib.mdDoc "offline mode") // {

     

       89
       89
       +
                   description = lib.mdDoc ''

     

       90
       90
        
                     Disable latest file updates and enable

     

       91
       91
       -
                     <link xlink:href="https://docs.requarks.io/install/sideload">sideloading</link>.

     

       91
       91
       +
                     [sideloading](https://docs.requarks.io/install/sideload).

     

       92
       92
        
                   '';

     

       93
       93
        
                 };

     

       94
       94
        
               };

+4 -4

nixos/modules/services/web-servers/apache-httpd/vhost-options.nix

···

       116
       116
        
           useACMEHost = mkOption {

     

       117
       117
        
             type = types.nullOr types.str;

     

       118
       118
        
             default = null;

     

       119
       119
       -
             description = ''

     

       119
       119
       +
             description = lib.mdDoc ''

     

       120
       120
        
               A host of an existing Let's Encrypt certificate to use.

     

       121
       121
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       122
       122
       -
               <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.

     

       123
       123
       -
               Alternately, you can generate a certificate through <option>enableACME</option>.

     

       124
       124
       -
               <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using  <xref linkend="opt-security.acme.certs"/>.</emphasis>

     

       122
       122
       +
               [rate limit](https://letsencrypt.org/docs/rate-limits).

     

       123
       123
       +
               Alternately, you can generate a certificate through {option}`enableACME`.

     

       124
       124
       +
               *Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*

     

       125
       125
        
             '';

     

       126
       126
        
           };

     

       127
       127

+2 -2

nixos/modules/services/web-servers/hitch/default.nix

···

       36
       36
        
             frontend = mkOption {

     

       37
       37
        
               type = types.either types.str (types.listOf types.str);

     

       38
       38
        
               default = "[127.0.0.1]:443";

     

       39
       39
       -
               description = ''

     

       39
       39
       +
               description = lib.mdDoc ''

     

       40
       40
        
                 The port and interface of the listen endpoint in the

     

       41
       41
       -
       +         form [HOST]:PORT[+CERT].

     

       41
       41
       +
                 form [HOST]:PORT[+CERT].

     

       42
       42
        
               '';

     

       43
       43
        
               apply = toList;

     

       44
       44
        
             };

+4 -4

nixos/modules/services/web-servers/nginx/vhost-options.nix

···

       75
       75
        
           useACMEHost = mkOption {

     

       76
       76
        
             type = types.nullOr types.str;

     

       77
       77
        
             default = null;

     

       78
       78
       -
             description = ''

     

       78
       78
       +
             description = lib.mdDoc ''

     

       79
       79
        
               A host of an existing Let's Encrypt certificate to use.

     

       80
       80
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       81
       81
       -
               <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.

     

       82
       82
       -
               Alternately, you can generate a certificate through <option>enableACME</option>.

     

       83
       83
       -
               <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using  <xref linkend="opt-security.acme.certs"/>.</emphasis>

     

       81
       81
       +
               [rate limit](https://letsencrypt.org/docs/rate-limits).

     

       82
       82
       +
               Alternately, you can generate a certificate through {option}`enableACME`.

     

       83
       83
       +
               *Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*

     

       84
       84
        
             '';

     

       85
       85
        
           };

     

       86
       86

+2 -2

nixos/modules/system/activation/activation-script.nix

···

       88
       88
        
               supportsDryActivation = mkOption

     

       89
       89
        
                 { type = types.bool;

     

       90
       90
        
                   default = false;

     

       91
       91
       -
                   description = ''

     

       91
       91
       +
                   description = lib.mdDoc ''

     

       92
       92
        
                     Whether this activation script supports being dry-activated.

     

       93
       93
        
                     These activation scripts will also be executed on dry-activate

     

       94
       94
        
                     activations with the environment variable

     

       95
       95
       -
                     <literal>NIXOS_ACTION</literal> being set to <literal>dry-activate</literal>.

     

       95
       95
       +
                     `NIXOS_ACTION` being set to `dry-activate`.

     

       96
       96
        
                     it's important that these activation scripts  don't

     

       97
       97
        
                     modify anything about the system when the variable is set.

     

       98
       98
        
                   '';

+2 -2

nixos/modules/system/boot/systemd/initrd.nix

···

       132
       132
        
       

     

       133
       133
        
       in {

     

       134
       134
        
         options.boot.initrd.systemd = {

     

       135
       135
       -
           enable = mkEnableOption "systemd in initrd" // {

     

       136
       136
       -
             description = ''

     

       135
       135
       +
           enable = mkEnableOption (lib.mdDoc "systemd in initrd") // {

     

       136
       136
       +
             description = lib.mdDoc ''

     

       137
       137
        
               Whether to enable systemd in initrd.

     

       138
       138
        
       

     

       139
       139
        
               Note: This is in very early development and is highly

+3 -3

nixos/modules/virtualisation/kvmgt.nix

···

       17
       17
        
       in {

     

       18
       18
        
         options = {

     

       19
       19
        
           virtualisation.kvmgt = {

     

       20
       20
       -
             enable = mkEnableOption ''

     

       20
       20
       +
             enable = mkEnableOption (lib.mdDoc ''

     

       21
       21
        
               KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.

     

       22
       22
        
               Currently only one graphical device can be shared. To allow users to access the device without root add them

     

       23
       23
       -
               to the kvm group: <literal>users.extraUsers.&lt;yourusername&gt;.extraGroups = [ "kvm" ];</literal>

     

       24
       24
       -
             '';

     

       23
       23
       +
               to the kvm group: `users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];`

     

       24
       24
       +
             '');

     

       25
       25
        
             # multi GPU support is under the question

     

       26
       26
        
             device = mkOption {

     

       27
       27
        
               type = types.str;