commit 1d41cff3dc4c8f37bb5841f51fcbff705e169178 · pyrox.dev/nixpkgs

+7 -7

nixos/modules/services/backup/znapzend.nix

···

       12
        
             backups. It consists of a series of retention periodes to interval

     

       13
        
             associations:

     

       14
        
       

     

       15
       -
             <literal>

     

       16
        
               retA=>intA,retB=>intB,...

     

       17
       -
             </literal>

     

       18
        
       

     

       19
        
             Both intervals and retention periods are expressed in standard units

     

       20
        
             of time or multiples of them. You can use both the full name or a

     

       21
        
             shortcut according to the following listing:

     

       22
        
       

     

       23
       -
             <literal>

     

       24
        
               second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y

     

       25
       -
             </literal>

     

       26
        
       

     

       27
       -
             See <citerefentry><refentrytitle>znapzendzetup</refentrytitle><manvolnum>1</manvolnum></citerefentry> for more info.

     

       28
        
         '';

     

       29
        
         planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";

     

       30
        
       

     
···

       57
        
       

     

       58
        
             plan = mkOption {

     

       59
        
               type = str;

     

       60
       -
               description = planDescription;

     

       61
        
               example = planExample;

     

       62
        
             };

     

       63
        
       

     
···

       209
        
       

     

       210
        
             plan = mkOption {

     

       211
        
               type = str;

     

       212
       -
               description = planDescription;

     

       213
        
               example = planExample;

     

       214
        
             };

     

       215

···

       12
        
             backups. It consists of a series of retention periodes to interval

     

       13
        
             associations:

     

       14
        
       

     

       15
       +
             ```

     

       16
        
               retA=>intA,retB=>intB,...

     

       17
       +
             ```

     

       18
        
       

     

       19
        
             Both intervals and retention periods are expressed in standard units

     

       20
        
             of time or multiples of them. You can use both the full name or a

     

       21
        
             shortcut according to the following listing:

     

       22
        
       

     

       23
       +
             ```

     

       24
        
               second|sec|s, minute|min, hour|h, day|d, week|w, month|mon|m, year|y

     

       25
       +
             ```

     

       26
        
       

     

       27
       +
             See {manpage}`znapzendzetup(1)` for more info.

     

       28
        
         '';

     

       29
        
         planExample = "1h=>10min,1d=>1h,1w=>1d,1m=>1w,1y=>1m";

     

       30
        
       

     
···

       57
        
       

     

       58
        
             plan = mkOption {

     

       59
        
               type = str;

     

       60
       +
               description = lib.mdDoc planDescription;

     

       61
        
               example = planExample;

     

       62
        
             };

     

       63
        
       

     
···

       209
        
       

     

       210
        
             plan = mkOption {

     

       211
        
               type = str;

     

       212
       +
               description = lib.mdDoc planDescription;

     

       213
        
               example = planExample;

     

       214
        
             };

     

       215

+3 -3

nixos/modules/services/development/zammad.nix

···

       137
        
                   {

     

       138
        
                   }

     

       139
        
                 '';

     

       140
       -
                 description = ''

     

       141
       -
                   The <filename>database.yml</filename> configuration file as key value set.

     

       142
       -
                   See <link xlink:href="TODO"/>

     

       143
        
                   for list of configuration parameters.

     

       144
        
                 '';

     

       145
        
               };

···

       137
        
                   {

     

       138
        
                   }

     

       139
        
                 '';

     

       140
       +
                 description = lib.mdDoc ''

     

       141
       +
                   The {file}`database.yml` configuration file as key value set.

     

       142
       +
                   See \<TODO\>

     

       143
        
                   for list of configuration parameters.

     

       144
        
                 '';

     

       145
        
               };

+2 -2

nixos/modules/services/games/teeworlds.nix

···

       80
        
             extraOptions = mkOption {

     

       81
        
               type = types.listOf types.str;

     

       82
        
               default = [];

     

       83
       -
               description = ''

     

       84
       -
                 Extra configuration lines for the <filename>teeworlds.cfg</filename>. See <link xlink:href="https://www.teeworlds.com/?page=docs&amp;wiki=server_settings">Teeworlds Documentation</link>.

     

       85
        
               '';

     

       86
        
               example = [ "sv_map dm1" "sv_gametype dm" ];

     

       87
        
             };

···

       80
        
             extraOptions = mkOption {

     

       81
        
               type = types.listOf types.str;

     

       82
        
               default = [];

     

       83
       +
               description = lib.mdDoc ''

     

       84
       +
                 Extra configuration lines for the {file}`teeworlds.cfg`. See [Teeworlds Documentation](https://www.teeworlds.com/?page=docs&wiki=server_settings).

     

       85
        
               '';

     

       86
        
               example = [ "sv_map dm1" "sv_gametype dm" ];

     

       87
        
             };

+2 -2

nixos/modules/services/mail/pfix-srsd.nix

···

       22
        
             };

     

       23
        
       

     

       24
        
             secretsFile = mkOption {

     

       25
       -
               description = ''

     

       26
        
                 The secret data used to encode the SRS address.

     

       27
        
                 to generate, use a command like:

     

       28
       -
                 <literal>for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done</literal>

     

       29
        
               '';

     

       30
        
               type = types.path;

     

       31
        
               default = "/var/lib/pfix-srsd/secrets";

···

       22
        
             };

     

       23
        
       

     

       24
        
             secretsFile = mkOption {

     

       25
       +
               description = lib.mdDoc ''

     

       26
        
                 The secret data used to encode the SRS address.

     

       27
        
                 to generate, use a command like:

     

       28
       +
                 `for n in $(seq 5); do dd if=/dev/urandom count=1 bs=1024 status=none | sha256sum | sed 's/  -$//' | sed 's/^/          /'; done`

     

       29
        
               '';

     

       30
        
               type = types.path;

     

       31
        
               default = "/var/lib/pfix-srsd/secrets";

+12 -9

nixos/modules/services/mail/spamassassin.nix

···

       22
        
       

     

       23
        
             config = mkOption {

     

       24
        
               type = types.lines;

     

       25
       -
               description = ''

     

       26
        
                 The SpamAssassin local.cf config

     

       27
        
       

     

       28
        
                 If you are using this configuration:

     

       29
       -
                   add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_

     

       0
        
       
     

       30
        
       

     

       31
        
                 Then you can Use this sieve filter:

     

       32
       -
                   require ["fileinto", "reject", "envelope"];

     

       0
        
       
     

       33
        
       

     

       34
       -
                   if header :contains "X-Spam-Flag" "YES" {

     

       35
       -
                     fileinto "spam";

     

       36
       -
                   }

     

       37
        
       

     

       38
        
                 Or this procmail filter:

     

       39
       -
                   :0:

     

       40
       -
                   * ^X-Spam-Flag: YES

     

       41
       -
                   /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new

     

       0
        
       
     

       42
        
       

     

       43
        
                 To filter your messages based on the additional mail headers added by spamassassin.

     

       44
        
               '';

···

       22
        
       

     

       23
        
             config = mkOption {

     

       24
        
               type = types.lines;

     

       25
       +
               description = lib.mdDoc ''

     

       26
        
                 The SpamAssassin local.cf config

     

       27
        
       

     

       28
        
                 If you are using this configuration:

     

       29
       +
       

     

       30
       +
                     add_header all Status _YESNO_, score=_SCORE_ required=_REQD_ tests=_TESTS_ autolearn=_AUTOLEARN_ version=_VERSION_

     

       31
        
       

     

       32
        
                 Then you can Use this sieve filter:

     

       33
       +
       

     

       34
       +
                     require ["fileinto", "reject", "envelope"];

     

       35
        
       

     

       36
       +
                     if header :contains "X-Spam-Flag" "YES" {

     

       37
       +
                       fileinto "spam";

     

       38
       +
                     }

     

       39
        
       

     

       40
        
                 Or this procmail filter:

     

       41
       +
       

     

       42
       +
                     :0:

     

       43
       +
                     * ^X-Spam-Flag: YES

     

       44
       +
                     /var/vpopmail/domains/lastlog.de/js/.maildir/.spam/new

     

       45
        
       

     

       46
        
                 To filter your messages based on the additional mail headers added by spamassassin.

     

       47
        
               '';

+4 -4

nixos/modules/services/misc/autorandr.nix

···

       149
        
                   };

     

       150
        
                 };

     

       151
        
               });

     

       152
       -
               description = ''

     

       153
        
                 Output scale configuration.

     

       154
        
       

     

       155
        
                 Either configure by pixels or a scaling factor. When using pixel method the

     

       156
       -
                 <citerefentry><refentrytitle>xrandr</refentrytitle><manvolnum>1</manvolnum></citerefentry>

     

       157
        
                 option

     

       158
       -
                 <parameter class="command">--scale-from</parameter>

     

       159
        
                 will be used; when using factor method the option

     

       160
       -
                 <parameter class="command">--scale</parameter>

     

       161
        
                 will be used.

     

       162
        
       

     

       163
        
                 This option is a shortcut version of the transform option and they are mutually

···

       149
        
                   };

     

       150
        
                 };

     

       151
        
               });

     

       152
       +
               description = lib.mdDoc ''

     

       153
        
                 Output scale configuration.

     

       154
        
       

     

       155
        
                 Either configure by pixels or a scaling factor. When using pixel method the

     

       156
       +
                 {manpage}`xrandr(1)`

     

       157
        
                 option

     

       158
       +
                 `--scale-from`

     

       159
        
                 will be used; when using factor method the option

     

       160
       +
                 `--scale`

     

       161
        
                 will be used.

     

       162
        
       

     

       163
        
                 This option is a shortcut version of the transform option and they are mutually

+6 -6

nixos/modules/services/misc/gitea.nix

···

       322
        
                   };

     

       323
        
       

     

       324
        
                   service = {

     

       325
       -
                     DISABLE_REGISTRATION = mkEnableOption "the registration lock" // {

     

       326
       -
                       description = ''

     

       327
       -
                         By default any user can create an account on this <literal>gitea</literal> instance.

     

       328
        
                         This can be disabled by using this option.

     

       329
        
       

     

       330
       -
                         <emphasis>Note:</emphasis> please keep in mind that this should be added after the initial

     

       331
       -
                         deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>

     

       332
       -
                         is <literal>true</literal> as the first registered user will be the administrator if

     

       333
        
                         no install wizard is used.

     

       334
        
                       '';

     

       335
        
                     };

···

       322
        
                   };

     

       323
        
       

     

       324
        
                   service = {

     

       325
       +
                     DISABLE_REGISTRATION = mkEnableOption (lib.mdDoc "the registration lock") // {

     

       326
       +
                       description = lib.mdDoc ''

     

       327
       +
                         By default any user can create an account on this `gitea` instance.

     

       328
        
                         This can be disabled by using this option.

     

       329
        
       

     

       330
       +
                         *Note:* please keep in mind that this should be added after the initial

     

       331
       +
                         deploy unless [](#opt-services.gitea.useWizard)

     

       332
       +
                         is `true` as the first registered user will be the administrator if

     

       333
        
                         no install wizard is used.

     

       334
        
                       '';

     

       335
        
                     };

+3 -3

nixos/modules/services/misc/gitit.nix

···

       211
        
             templatesDir = mkOption {

     

       212
        
               type = types.path;

     

       213
        
               default = gititShared + "/data/templates";

     

       214
       -
               description = ''

     

       215
        
                 Specifies the path of the directory containing page templates.  If it

     

       216
        
                 does not exist, gitit will create it with default templates.  Users

     

       217
        
                 may wish to edit the templates to customize the appearance of their

     
···

       490
        
             absoluteUrls = mkOption {

     

       491
        
               type = types.bool;

     

       492
        
               default = false;

     

       493
       -
               description = ''

     

       494
        
                 Make wikilinks absolute with respect to the base-url.  So, for

     

       495
        
                 example, in a wiki served at the base URL '/wiki', on a page

     

       496
       -
                 Sub/Page, the wikilink '[Cactus]()' will produce a link to

     

       497
        
                 '/wiki/Cactus' if absoluteUrls is true, and a relative link to

     

       498
        
                 'Cactus' (referring to '/wiki/Sub/Cactus') if absolute-urls is 'no'.

     

       499
        
               '';

···

       211
        
             templatesDir = mkOption {

     

       212
        
               type = types.path;

     

       213
        
               default = gititShared + "/data/templates";

     

       214
       +
               description = lib.mdDoc ''

     

       215
        
                 Specifies the path of the directory containing page templates.  If it

     

       216
        
                 does not exist, gitit will create it with default templates.  Users

     

       217
        
                 may wish to edit the templates to customize the appearance of their

     
···

       490
        
             absoluteUrls = mkOption {

     

       491
        
               type = types.bool;

     

       492
        
               default = false;

     

       493
       +
               description = lib.mdDoc ''

     

       494
        
                 Make wikilinks absolute with respect to the base-url.  So, for

     

       495
        
                 example, in a wiki served at the base URL '/wiki', on a page

     

       496
       +
                 Sub/Page, the wikilink `[Cactus]()` will produce a link to

     

       497
        
                 '/wiki/Cactus' if absoluteUrls is true, and a relative link to

     

       498
        
                 'Cactus' (referring to '/wiki/Sub/Cactus') if absolute-urls is 'no'.

     

       499
        
               '';

+6 -6

nixos/modules/services/misc/nix-daemon.nix

···

       628
        
                   sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };

     

       629
        
                 }

     

       630
        
               '';

     

       631
       -
               description = ''

     

       632
        
                 Configuration for Nix, see

     

       633
       -
                 <link xlink:href="https://nixos.org/manual/nix/stable/#sec-conf-file"/> or

     

       634
       -
                 <citerefentry><refentrytitle>nix.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> for avalaible options.

     

       635
        
                 The value declared here will be translated directly to the key-value pairs Nix expects.

     

       636
        
       

     

       637
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.nix.settings</command>

     

       638
        
                 to view the current value. By default it is empty.

     

       639
        
       

     

       640
       -
                 Nix configurations defined under <option>nix.*</option> will be translated and applied to this

     

       641
       -
                 option. In addition, configuration specified in <option>nix.extraOptions</option> which will be appended

     

       642
        
                 verbatim to the resulting config file.

     

       643
        
               '';

     

       644
        
             };

···

       628
        
                   sandbox-paths = { "/bin/sh" = "''${pkgs.busybox-sandbox-shell.out}/bin/busybox"; };

     

       629
        
                 }

     

       630
        
               '';

     

       631
       +
               description = lib.mdDoc ''

     

       632
        
                 Configuration for Nix, see

     

       633
       +
                 <https://nixos.org/manual/nix/stable/#sec-conf-file> or

     

       634
       +
                 {manpage}`nix.conf(5)` for avalaible options.

     

       635
        
                 The value declared here will be translated directly to the key-value pairs Nix expects.

     

       636
        
       

     

       637
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.nix.settings`

     

       638
        
                 to view the current value. By default it is empty.

     

       639
        
       

     

       640
       +
                 Nix configurations defined under {option}`nix.*` will be translated and applied to this

     

       641
       +
                 option. In addition, configuration specified in {option}`nix.extraOptions` which will be appended

     

       642
        
                 verbatim to the resulting config file.

     

       643
        
               '';

     

       644
        
             };

+6 -6

nixos/modules/services/misc/persistent-evdev.nix

···

       16
        
           devices = lib.mkOption {

     

       17
        
             default = {};

     

       18
        
             type = with lib.types; attrsOf str;

     

       19
       -
             description = ''

     

       20
        
               A set of virtual proxy device labels with backing physical device ids.

     

       21
        
       

     

       22
       -
               Physical devices should already exist in <filename class="devicefile">/dev/input/by-id/</filename>.

     

       23
       -
               Proxy devices will be automatically given a <literal>uinput-</literal> prefix.

     

       24
        
       

     

       25
       -
               See the <link xlink:href="https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt">project page</link>

     

       26
        
               for example configuration of virtual devices with libvirt

     

       27
       -
               and remember to add <literal>uinput-*</literal> devices to the qemu

     

       28
       -
               <literal>cgroup_device_acl</literal> list (see <xref linkend="opt-virtualisation.libvirtd.qemu.verbatimConfig"/>).

     

       29
        
             '';

     

       30
        
             example = lib.literalExpression ''

     

       31
        
               {

···

       16
        
           devices = lib.mkOption {

     

       17
        
             default = {};

     

       18
        
             type = with lib.types; attrsOf str;

     

       19
       +
             description = lib.mdDoc ''

     

       20
        
               A set of virtual proxy device labels with backing physical device ids.

     

       21
        
       

     

       22
       +
               Physical devices should already exist in {file}`/dev/input/by-id/`.

     

       23
       +
               Proxy devices will be automatically given a `uinput-` prefix.

     

       24
        
       

     

       25
       +
               See the [project page](https://github.com/aiberia/persistent-evdev#example-usage-with-libvirt)

     

       26
        
               for example configuration of virtual devices with libvirt

     

       27
       +
               and remember to add `uinput-*` devices to the qemu

     

       28
       +
               `cgroup_device_acl` list (see [](#opt-virtualisation.libvirtd.qemu.verbatimConfig)).

     

       29
        
             '';

     

       30
        
             example = lib.literalExpression ''

     

       31
        
               {

+3 -3

nixos/modules/services/monitoring/prometheus/exporters.nix

···

       115
        
             example = literalExpression ''

     

       116
        
               "-i eth0 -p tcp -m tcp --dport ${toString port}"

     

       117
        
             '';

     

       118
       -
             description = ''

     

       119
        
               Specify a filter for iptables to use when

     

       120
       -
               <option>services.prometheus.exporters.${name}.openFirewall</option>

     

       121
       -
               is true. It is used as `ip46tables -I nixos-fw <option>firewallFilter</option> -j nixos-fw-accept`.

     

       122
        
             '';

     

       123
        
           };

     

       124
        
           user = mkOption {

···

       115
        
             example = literalExpression ''

     

       116
        
               "-i eth0 -p tcp -m tcp --dport ${toString port}"

     

       117
        
             '';

     

       118
       +
             description = lib.mdDoc ''

     

       119
        
               Specify a filter for iptables to use when

     

       120
       +
               {option}`services.prometheus.exporters.${name}.openFirewall`

     

       121
       +
               is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.

     

       122
        
             '';

     

       123
        
           };

     

       124
        
           user = mkOption {

+2 -2

nixos/modules/services/monitoring/smartd.nix

···

       135
        
                   default = "root";

     

       136
        
                   example = "example@domain.tld";

     

       137
        
                   type = types.str;

     

       138
       -
                   description = ''

     

       139
        
                     Sender of the notification messages.

     

       140
       -
                     Acts as the value of <literal>email</literal> in the emails' <literal>From: ... </literal> field.

     

       141
        
                   '';

     

       142
        
                 };

     

       143

···

       135
        
                   default = "root";

     

       136
        
                   example = "example@domain.tld";

     

       137
        
                   type = types.str;

     

       138
       +
                   description = lib.mdDoc ''

     

       139
        
                     Sender of the notification messages.

     

       140
       +
                     Acts as the value of `email` in the emails' `From: ...` field.

     

       141
        
                   '';

     

       142
        
                 };

     

       143

+2 -2

nixos/modules/services/networking/3proxy.nix

···

       155
        
                         type = types.listOf types.str;

     

       156
        
                         default = [ ];

     

       157
        
                         example = [ "127.0.0.1" "192.168.1.0/24" ];

     

       158
       -
                         description = ''

     

       159
        
                           List of target IP ranges, use empty list for any.

     

       160
        
                           May also contain host names instead of addresses.

     

       161
       -
                           It's possible to use wildmask in the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.

     

       162
        
                           Hostname is only checked if hostname presents in request.

     

       163
        
                         '';

     

       164
        
                       };

···

       155
        
                         type = types.listOf types.str;

     

       156
        
                         default = [ ];

     

       157
        
                         example = [ "127.0.0.1" "192.168.1.0/24" ];

     

       158
       +
                         description = lib.mdDoc ''

     

       159
        
                           List of target IP ranges, use empty list for any.

     

       160
        
                           May also contain host names instead of addresses.

     

       161
       +
                           It's possible to use wildmask in the begginning and in the the end of hostname, e.g. `*badsite.com` or `*badcontent*`.

     

       162
        
                           Hostname is only checked if hostname presents in request.

     

       163
        
                         '';

     

       164
        
                       };

+2 -2

nixos/modules/services/networking/networkmanager.nix

···

       327
        
                   type = mkOption {

     

       328
        
                     type = types.enum (attrNames dispatcherTypesSubdirMap);

     

       329
        
                     default = "basic";

     

       330
       -
                     description = ''

     

       331
        
                       Dispatcher hook type. Look up the hooks described at

     

       332
       -
                       <link xlink:href="https://developer.gnome.org/NetworkManager/stable/NetworkManager.html">https://developer.gnome.org/NetworkManager/stable/NetworkManager.html</link>

     

       333
        
                       and choose the type depending on the output folder.

     

       334
        
                       You should then filter the event type (e.g., "up"/"down") from within your script.

     

       335
        
                     '';

···

       327
        
                   type = mkOption {

     

       328
        
                     type = types.enum (attrNames dispatcherTypesSubdirMap);

     

       329
        
                     default = "basic";

     

       330
       +
                     description = lib.mdDoc ''

     

       331
        
                       Dispatcher hook type. Look up the hooks described at

     

       332
       +
                       [https://developer.gnome.org/NetworkManager/stable/NetworkManager.html](https://developer.gnome.org/NetworkManager/stable/NetworkManager.html)

     

       333
        
                       and choose the type depending on the output folder.

     

       334
        
                       You should then filter the event type (e.g., "up"/"down") from within your script.

     

       335
        
                     '';

+13 -12

nixos/modules/services/networking/wireguard.nix

···

       194
        
               default = null;

     

       195
        
               example = "demo.wireguard.io:12913";

     

       196
        
               type = with types; nullOr str;

     

       197
       -
               description = ''Endpoint IP or hostname of the peer, followed by a colon,

     

       198
       -
               and then a port number of the peer.

     

       0
        
       
     

       199
        
       

     

       200
       -
               Warning for endpoints with changing IPs:

     

       201
       -
               The WireGuard kernel side cannot perform DNS resolution.

     

       202
       -
               Thus DNS resolution is done once by the <literal>wg</literal> userspace

     

       203
       -
               utility, when setting up WireGuard. Consequently, if the IP address

     

       204
       -
               behind the name changes, WireGuard will not notice.

     

       205
       -
               This is especially common for dynamic-DNS setups, but also applies to

     

       206
       -
               any other DNS-based setup.

     

       207
       -
               If you do not use IP endpoints, you likely want to set

     

       208
       -
               <option>networking.wireguard.dynamicEndpointRefreshSeconds</option>

     

       209
       -
               to refresh the IPs periodically.

     

       210
        
               '';

     

       211
        
             };

     

       212

···

       194
        
               default = null;

     

       195
        
               example = "demo.wireguard.io:12913";

     

       196
        
               type = with types; nullOr str;

     

       197
       +
               description = lib.mdDoc ''

     

       198
       +
                 Endpoint IP or hostname of the peer, followed by a colon,

     

       199
       +
                 and then a port number of the peer.

     

       200
        
       

     

       201
       +
                 Warning for endpoints with changing IPs:

     

       202
       +
                 The WireGuard kernel side cannot perform DNS resolution.

     

       203
       +
                 Thus DNS resolution is done once by the `wg` userspace

     

       204
       +
                 utility, when setting up WireGuard. Consequently, if the IP address

     

       205
       +
                 behind the name changes, WireGuard will not notice.

     

       206
       +
                 This is especially common for dynamic-DNS setups, but also applies to

     

       207
       +
                 any other DNS-based setup.

     

       208
       +
                 If you do not use IP endpoints, you likely want to set

     

       209
       +
                 {option}`networking.wireguard.dynamicEndpointRefreshSeconds`

     

       210
       +
                 to refresh the IPs periodically.

     

       211
        
               '';

     

       212
        
             };

     

       213

+8 -8

nixos/modules/services/networking/znc/default.nix

···

       149
        
                   };

     

       150
        
                 }

     

       151
        
               '';

     

       152
       -
               description = ''

     

       153
        
                 Configuration for ZNC, see

     

       154
       -
                 <link xlink:href="https://wiki.znc.in/Configuration"/> for details. The

     

       155
        
                 Nix value declared here will be translated directly to the xml-like

     

       156
        
                 format ZNC expects. This is much more flexible than the legacy options

     

       157
       -
                 under <option>services.znc.confOptions.*</option>, but also can't do

     

       158
        
                 any type checking.

     

       159
        
       

     

       160
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.services.znc.config</command>

     

       161
        
                 to view the current value. By default it contains a listener for port

     

       162
        
                 5000 with SSL enabled.

     

       163
        
       

     

       164
       -
                 Nix attributes called <literal>extraConfig</literal> will be inserted

     

       165
        
                 verbatim into the resulting config file.

     

       166
        
       

     

       167
       -
                 If <option>services.znc.useLegacyConfig</option> is turned on, the

     

       168
       -
                 option values in <option>services.znc.confOptions.*</option> will be

     

       169
        
                 gracefully be applied to this option.

     

       170
        
       

     

       171
        
                 If you intend to update the configuration through this option, be sure

     

       172
       -
                 to enable <option>services.znc.mutable</option>, otherwise none of the

     

       173
        
                 changes here will be applied after the initial deploy.

     

       174
        
               '';

     

       175
        
             };

···

       149
        
                   };

     

       150
        
                 }

     

       151
        
               '';

     

       152
       +
               description = lib.mdDoc ''

     

       153
        
                 Configuration for ZNC, see

     

       154
       +
                 <https://wiki.znc.in/Configuration> for details. The

     

       155
        
                 Nix value declared here will be translated directly to the xml-like

     

       156
        
                 format ZNC expects. This is much more flexible than the legacy options

     

       157
       +
                 under {option}`services.znc.confOptions.*`, but also can't do

     

       158
        
                 any type checking.

     

       159
        
       

     

       160
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`

     

       161
        
                 to view the current value. By default it contains a listener for port

     

       162
        
                 5000 with SSL enabled.

     

       163
        
       

     

       164
       +
                 Nix attributes called `extraConfig` will be inserted

     

       165
        
                 verbatim into the resulting config file.

     

       166
        
       

     

       167
       +
                 If {option}`services.znc.useLegacyConfig` is turned on, the

     

       168
       +
                 option values in {option}`services.znc.confOptions.*` will be

     

       169
        
                 gracefully be applied to this option.

     

       170
        
       

     

       171
        
                 If you intend to update the configuration through this option, be sure

     

       172
       +
                 to enable {option}`services.znc.mutable`, otherwise none of the

     

       173
        
                 changes here will be applied after the initial deploy.

     

       174
        
               '';

     

       175
        
             };

+8 -8

nixos/modules/services/networking/znc/options.nix

···

       97
        
             useLegacyConfig = mkOption {

     

       98
        
               default = true;

     

       99
        
               type = types.bool;

     

       100
       -
               description = ''

     

       101
        
                 Whether to propagate the legacy options under

     

       102
       -
                 <option>services.znc.confOptions.*</option> to the znc config. If this

     

       103
        
                 is turned on, the znc config will contain a user with the default name

     

       104
        
                 "znc", global modules "webadmin" and "adminlog" will be enabled by

     

       105
        
                 default, and more, all controlled through the

     

       106
       -
                 <option>services.znc.confOptions.*</option> options.

     

       107
       -
                 You can use <command>nix-instantiate --eval --strict '&lt;nixpkgs/nixos&gt;' -A config.services.znc.config</command>

     

       108
        
                 to view the current value of the config.

     

       109
        
       

     

       110
        
                 In any case, if you need more flexibility,

     

       111
       -
                 <option>services.znc.config</option> can be used to override/add to

     

       112
        
                 all of the legacy options.

     

       113
        
               '';

     

       114
        
             };

     
···

       177
        
                   &lt;/Pass&gt;

     

       178
        
                 '';

     

       179
        
                 type = types.str;

     

       180
       -
                 description = ''

     

       181
       -
                   Generate with <command>nix-shell -p znc --command "znc --makepass"</command>.

     

       182
        
                   This is the password used to log in to the ZNC web admin interface.

     

       183
        
                   You can also set this through

     

       184
       -
                   <option>services.znc.config.User.&lt;username&gt;.Pass.Method</option>

     

       185
        
                   and co.

     

       186
        
                 '';

     

       187
        
               };

···

       97
        
             useLegacyConfig = mkOption {

     

       98
        
               default = true;

     

       99
        
               type = types.bool;

     

       100
       +
               description = lib.mdDoc ''

     

       101
        
                 Whether to propagate the legacy options under

     

       102
       +
                 {option}`services.znc.confOptions.*` to the znc config. If this

     

       103
        
                 is turned on, the znc config will contain a user with the default name

     

       104
        
                 "znc", global modules "webadmin" and "adminlog" will be enabled by

     

       105
        
                 default, and more, all controlled through the

     

       106
       +
                 {option}`services.znc.confOptions.*` options.

     

       107
       +
                 You can use {command}`nix-instantiate --eval --strict '<nixpkgs/nixos>' -A config.services.znc.config`

     

       108
        
                 to view the current value of the config.

     

       109
        
       

     

       110
        
                 In any case, if you need more flexibility,

     

       111
       +
                 {option}`services.znc.config` can be used to override/add to

     

       112
        
                 all of the legacy options.

     

       113
        
               '';

     

       114
        
             };

     
···

       177
        
                   &lt;/Pass&gt;

     

       178
        
                 '';

     

       179
        
                 type = types.str;

     

       180
       +
                 description = lib.mdDoc ''

     

       181
       +
                   Generate with {command}`nix-shell -p znc --command "znc --makepass"`.

     

       182
        
                   This is the password used to log in to the ZNC web admin interface.

     

       183
        
                   You can also set this through

     

       184
       +
                   {option}`services.znc.config.User.<username>.Pass.Method`

     

       185
        
                   and co.

     

       186
        
                 '';

     

       187
        
               };

+5 -5

nixos/modules/services/security/tor.nix

···

       288
        
             };

     

       289
        
       

     

       290
        
             relay = {

     

       291
       -
               enable = mkEnableOption "tor relaying" // {

     

       292
       -
                 description = ''

     

       293
        
                   Whether to enable relaying of Tor traffic for others.

     

       294
        
       

     

       295
       -
                   See <link xlink:href="https://www.torproject.org/docs/tor-doc-relay"/>

     

       296
        
                   for details.

     

       297
        
       

     

       298
        
                   Setting this to true requires setting

     

       299
       -
                   <option>services.tor.relay.role</option>

     

       300
        
                   and

     

       301
       -
                   <option>services.tor.settings.ORPort</option>

     

       302
        
                   options.

     

       303
        
                 '';

     

       304
        
               };

···

       288
        
             };

     

       289
        
       

     

       290
        
             relay = {

     

       291
       +
               enable = mkEnableOption (lib.mdDoc "tor relaying") // {

     

       292
       +
                 description = lib.mdDoc ''

     

       293
        
                   Whether to enable relaying of Tor traffic for others.

     

       294
        
       

     

       295
       +
                   See <https://www.torproject.org/docs/tor-doc-relay>

     

       296
        
                   for details.

     

       297
        
       

     

       298
        
                   Setting this to true requires setting

     

       299
       +
                   {option}`services.tor.relay.role`

     

       300
        
                   and

     

       301
       +
                   {option}`services.tor.settings.ORPort`

     

       302
        
                   options.

     

       303
        
                 '';

     

       304
        
               };

+9 -9

nixos/modules/services/security/vaultwarden/default.nix

···

       97
        
                 SMTP_FROM_NAME = "example.com Bitwarden server";

     

       98
        
               }

     

       99
        
             '';

     

       100
       -
             description = ''

     

       101
        
               The configuration of vaultwarden is done through environment variables,

     

       102
       -
               therefore it is recommended to use upper snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).

     

       103
        
       

     

       104
       -
               However, camel case (e.g. <literal>disable2FARemember</literal>) is also supported:

     

       105
        
               The NixOS module will convert it automatically to

     

       106
       -
               upper case snake case (e.g. <envar>DISABLE_2FA_REMEMBER</envar>).

     

       107
        
               In this conversion digits (0-9) are handled just like upper case characters,

     

       108
       -
               so <literal>foo2</literal> would be converted to <envar>FOO_2</envar>.

     

       109
       -
               Names already in this format remain unchanged, so <literal>FOO2</literal> remains <literal>FOO2</literal> if passed as such,

     

       110
       -
               even though <literal>foo2</literal> would have been converted to <envar>FOO_2</envar>.

     

       111
        
               This allows working around any potential future conflicting naming conventions.

     

       112
        
       

     

       113
        
               Based on the attributes passed to this config option an environment file will be generated

     

       114
        
               that is passed to vaultwarden's systemd service.

     

       115
        
       

     

       116
        
               The available configuration options can be found in

     

       117
       -
               <link xlink:href="https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template">the environment template file</link>.

     

       118
        
       

     

       119
       -
               See <xref linkend="opt-services.vaultwarden.environmentFile"/> for how

     

       120
        
               to set up access to the Admin UI to invite initial users.

     

       121
        
             '';

     

       122
        
           };

···

       97
        
                 SMTP_FROM_NAME = "example.com Bitwarden server";

     

       98
        
               }

     

       99
        
             '';

     

       100
       +
             description = lib.mdDoc ''

     

       101
        
               The configuration of vaultwarden is done through environment variables,

     

       102
       +
               therefore it is recommended to use upper snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).

     

       103
        
       

     

       104
       +
               However, camel case (e.g. `disable2FARemember`) is also supported:

     

       105
        
               The NixOS module will convert it automatically to

     

       106
       +
               upper case snake case (e.g. {env}`DISABLE_2FA_REMEMBER`).

     

       107
        
               In this conversion digits (0-9) are handled just like upper case characters,

     

       108
       +
               so `foo2` would be converted to {env}`FOO_2`.

     

       109
       +
               Names already in this format remain unchanged, so `FOO2` remains `FOO2` if passed as such,

     

       110
       +
               even though `foo2` would have been converted to {env}`FOO_2`.

     

       111
        
               This allows working around any potential future conflicting naming conventions.

     

       112
        
       

     

       113
        
               Based on the attributes passed to this config option an environment file will be generated

     

       114
        
               that is passed to vaultwarden's systemd service.

     

       115
        
       

     

       116
        
               The available configuration options can be found in

     

       117
       +
               [the environment template file](https://github.com/dani-garcia/vaultwarden/blob/${vaultwarden.version}/.env.template).

     

       118
        
       

     

       119
       +
               See ()[#opt-services.vaultwarden.environmentFile) for how

     

       120
        
               to set up access to the Admin UI to invite initial users.

     

       121
        
             '';

     

       122
        
           };

+6 -6

nixos/modules/services/torrent/transmission.nix

···

       24
        
         ];

     

       25
        
         options = {

     

       26
        
           services.transmission = {

     

       27
       -
             enable = mkEnableOption "transmission" // {

     

       28
       -
               description = ''

     

       29
        
                 Whether to enable the headless Transmission BitTorrent daemon.

     

       30
        
       

     

       31
        
                 Transmission daemon can be controlled via the RPC interface using

     

       32
        
                 transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),

     

       33
        
                 or other clients like stig or tremc.

     

       34
        
       

     

       35
       -
                 Torrents are downloaded to <xref linkend="opt-services.transmission.home"/>/${downloadsDir} by default and are

     

       36
        
                 accessible to users in the "transmission" group.

     

       37
        
               '';

     

       38
        
             };

     
···

       237
        
       

     

       238
        
             openRPCPort = mkEnableOption (lib.mdDoc "opening of the RPC port in the firewall");

     

       239
        
       

     

       240
       -
             performanceNetParameters = mkEnableOption "performance tweaks" // {

     

       241
       -
               description = ''

     

       242
        
                 Whether to enable tweaking of kernel parameters

     

       243
        
                 to open many more connections at the same time.

     

       244
        
       

     

       245
        
                 Note that you may also want to increase

     

       246
       -
                 <literal>peer-limit-global"</literal>.

     

       247
        
                 And be aware that these settings are quite aggressive

     

       248
        
                 and might not suite your regular desktop use.

     

       249
        
                 For instance, SSH sessions may time out more easily.

···

       24
        
         ];

     

       25
        
         options = {

     

       26
        
           services.transmission = {

     

       27
       +
             enable = mkEnableOption (lib.mdDoc "transmission") // {

     

       28
       +
               description = lib.mdDoc ''

     

       29
        
                 Whether to enable the headless Transmission BitTorrent daemon.

     

       30
        
       

     

       31
        
                 Transmission daemon can be controlled via the RPC interface using

     

       32
        
                 transmission-remote, the WebUI (http://127.0.0.1:9091/ by default),

     

       33
        
                 or other clients like stig or tremc.

     

       34
        
       

     

       35
       +
                 Torrents are downloaded to [](#opt-services.transmission.home)/${downloadsDir} by default and are

     

       36
        
                 accessible to users in the "transmission" group.

     

       37
        
               '';

     

       38
        
             };

     
···

       237
        
       

     

       238
        
             openRPCPort = mkEnableOption (lib.mdDoc "opening of the RPC port in the firewall");

     

       239
        
       

     

       240
       +
             performanceNetParameters = mkEnableOption (lib.mdDoc "performance tweaks") // {

     

       241
       +
               description = lib.mdDoc ''

     

       242
        
                 Whether to enable tweaking of kernel parameters

     

       243
        
                 to open many more connections at the same time.

     

       244
        
       

     

       245
        
                 Note that you may also want to increase

     

       246
       +
                 `peer-limit-global`.

     

       247
        
                 And be aware that these settings are quite aggressive

     

       248
        
                 and might not suite your regular desktop use.

     

       249
        
                 For instance, SSH sessions may time out more easily.

+9 -4

nixos/modules/services/web-apps/dokuwiki.nix

···

       137
        
               usersFile = mkOption {

     

       138
        
                 type = with types; nullOr str;

     

       139
        
                 default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null;

     

       140
       -
                 description = ''

     

       141
        
                   Location of the dokuwiki users file. List of users. Format:

     

       142
       -
                   login:passwordhash:Real Name:email:groups,comma,separated

     

       143
       -
                   Create passwordHash easily by using:$ mkpasswd -5 password `pwgen 8 1`

     

       144
       -
                   Example: <link xlink:href="https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist"/>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       145
        
                   '';

     

       146
        
                 example = "/var/lib/dokuwiki/${name}/users.auth.php";

     

       147
        
               };

···

       137
        
               usersFile = mkOption {

     

       138
        
                 type = with types; nullOr str;

     

       139
        
                 default = if config.aclUse then "/var/lib/dokuwiki/${name}/users.auth.php" else null;

     

       140
       +
                 description = lib.mdDoc ''

     

       141
        
                   Location of the dokuwiki users file. List of users. Format:

     

       142
       +
       

     

       143
       +
                       login:passwordhash:Real Name:email:groups,comma,separated

     

       144
       +
       

     

       145
       +
                   Create passwordHash easily by using:

     

       146
       +
       

     

       147
       +
                       mkpasswd -5 password `pwgen 8 1`

     

       148
       +
       

     

       149
       +
                   Example: <https://github.com/splitbrain/dokuwiki/blob/master/conf/users.auth.php.dist>

     

       150
        
                   '';

     

       151
        
                 example = "/var/lib/dokuwiki/${name}/users.auth.php";

     

       152
        
               };

+6 -6

nixos/modules/services/web-apps/jirafeau.nix

···

       45
        
               $cfg['style'] = 'courgette';

     

       46
        
               $cfg['organisation'] = 'ACME';

     

       47
        
             '';

     

       48
       -
             description = let

     

       49
        
               documentationLink =

     

       50
        
                 "https://gitlab.com/mojo42/Jirafeau/-/blob/${cfg.package.version}/lib/config.original.php";

     

       51
        
             in

     

       52
       -
               ''

     

       53
       -
                 Jirefeau configuration. Refer to <link xlink:href="${documentationLink}"/> for supported

     

       54
        
                 values.

     

       55
        
               '';

     

       56
        
           };

     
···

       73
        
             description = let

     

       74
        
               nginxCoreDocumentation = "http://nginx.org/en/docs/http/ngx_http_core_module.html";

     

       75
        
             in

     

       76
       -
               ''

     

       77
        
                 Timeout for reading client request bodies and headers. Refer to

     

       78
       -
                 <link xlink:href="${nginxCoreDocumentation}#client_body_timeout"/> and

     

       79
       -
                 <link xlink:href="${nginxCoreDocumentation}#client_header_timeout"/> for accepted values.

     

       80
        
               '';

     

       81
        
           };

     

       82

···

       45
        
               $cfg['style'] = 'courgette';

     

       46
        
               $cfg['organisation'] = 'ACME';

     

       47
        
             '';

     

       48
       +
             description =  let

     

       49
        
               documentationLink =

     

       50
        
                 "https://gitlab.com/mojo42/Jirafeau/-/blob/${cfg.package.version}/lib/config.original.php";

     

       51
        
             in

     

       52
       +
               lib.mdDoc ''

     

       53
       +
                 Jirefeau configuration. Refer to <${documentationLink}> for supported

     

       54
        
                 values.

     

       55
        
               '';

     

       56
        
           };

     
···

       73
        
             description = let

     

       74
        
               nginxCoreDocumentation = "http://nginx.org/en/docs/http/ngx_http_core_module.html";

     

       75
        
             in

     

       76
       +
               lib.mdDoc ''

     

       77
        
                 Timeout for reading client request bodies and headers. Refer to

     

       78
       +
                 <${nginxCoreDocumentation}#client_body_timeout> and

     

       79
       +
                 <${nginxCoreDocumentation}#client_header_timeout> for accepted values.

     

       80
        
               '';

     

       81
        
           };

     

       82

+6 -6

nixos/modules/services/web-apps/mastodon.nix

···

       107
        
             enable = lib.mkEnableOption (lib.mdDoc "Mastodon, a federated social network server");

     

       108
        
       

     

       109
        
             configureNginx = lib.mkOption {

     

       110
       -
               description = ''

     

       111
        
                 Configure nginx as a reverse proxy for mastodon.

     

       112
        
                 Note that this makes some assumptions on your setup, and sets settings that will

     

       113
        
                 affect other virtualHosts running on your nginx instance, if any.

     

       114
        
                 Alternatively you can configure a reverse-proxy of your choice to serve these paths:

     

       115
        
       

     

       116
       -
                 <literal>/ -> $(nix-instantiate --eval '&lt;nixpkgs&gt;' -A mastodon.outPath)/public</literal>

     

       117
        
       

     

       118
       -
                 <literal>/ -> 127.0.0.1:{{ webPort }} </literal>(If there was no file in the directory above.)

     

       119
        
       

     

       120
       -
                 <literal>/system/ -> /var/lib/mastodon/public-system/</literal>

     

       121
        
       

     

       122
       -
                 <literal>/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}</literal>

     

       123
        
       

     

       124
        
                 Make sure that websockets are forwarded properly. You might want to set up caching

     

       125
        
                 of some requests. Take a look at mastodon's provided nginx configuration at

     

       126
       -
                 <literal>https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf</literal>.

     

       127
        
               '';

     

       128
        
               type = lib.types.bool;

     

       129
        
               default = false;

···

       107
        
             enable = lib.mkEnableOption (lib.mdDoc "Mastodon, a federated social network server");

     

       108
        
       

     

       109
        
             configureNginx = lib.mkOption {

     

       110
       +
               description = lib.mdDoc ''

     

       111
        
                 Configure nginx as a reverse proxy for mastodon.

     

       112
        
                 Note that this makes some assumptions on your setup, and sets settings that will

     

       113
        
                 affect other virtualHosts running on your nginx instance, if any.

     

       114
        
                 Alternatively you can configure a reverse-proxy of your choice to serve these paths:

     

       115
        
       

     

       116
       +
                 `/ -> $(nix-instantiate --eval '<nixpkgs>' -A mastodon.outPath)/public`

     

       117
        
       

     

       118
       +
                 `/ -> 127.0.0.1:{{ webPort }} `(If there was no file in the directory above.)

     

       119
        
       

     

       120
       +
                 `/system/ -> /var/lib/mastodon/public-system/`

     

       121
        
       

     

       122
       +
                 `/api/v1/streaming/ -> 127.0.0.1:{{ streamingPort }}`

     

       123
        
       

     

       124
        
                 Make sure that websockets are forwarded properly. You might want to set up caching

     

       125
        
                 of some requests. Take a look at mastodon's provided nginx configuration at

     

       126
       +
                 `https://github.com/mastodon/mastodon/blob/master/dist/nginx.conf`.

     

       127
        
               '';

     

       128
        
               type = lib.types.bool;

     

       129
        
               default = false;

+3 -3

nixos/modules/services/web-apps/matomo.nix

···

       53
        
               type = types.nullOr types.str;

     

       54
        
               default = null;

     

       55
        
               example = "lighttpd";

     

       56
       -
               description = ''

     

       57
       -
                 Name of the web server user that forwards requests to <option>services.phpfpm.pools.&lt;name&gt;.socket</option> the fastcgi socket for Matomo if the nginx

     

       58
        
                 option is not used. Either this option or the nginx option is mandatory.

     

       59
        
                 If you want to use another webserver than nginx, you need to set this to that server's user

     

       60
       -
                 and pass fastcgi requests to <literal>index.php</literal>, <literal>matomo.php</literal> and <literal>piwik.php</literal> (legacy name) to this socket.

     

       61
        
               '';

     

       62
        
             };

     

       63

···

       53
        
               type = types.nullOr types.str;

     

       54
        
               default = null;

     

       55
        
               example = "lighttpd";

     

       56
       +
               description = lib.mdDoc ''

     

       57
       +
                 Name of the web server user that forwards requests to {option}`services.phpfpm.pools.<name>.socket` the fastcgi socket for Matomo if the nginx

     

       58
        
                 option is not used. Either this option or the nginx option is mandatory.

     

       59
        
                 If you want to use another webserver than nginx, you need to set this to that server's user

     

       60
       +
                 and pass fastcgi requests to `index.php`, `matomo.php` and `piwik.php` (legacy name) to this socket.

     

       61
        
               '';

     

       62
        
             };

     

       63

+3 -3

nixos/modules/services/web-apps/wiki-js.nix

···

       85
        
                   '';

     

       86
        
                 };

     

       87
        
       

     

       88
       -
                 offline = mkEnableOption "offline mode" // {

     

       89
       -
                   description = ''

     

       90
        
                     Disable latest file updates and enable

     

       91
       -
                     <link xlink:href="https://docs.requarks.io/install/sideload">sideloading</link>.

     

       92
        
                   '';

     

       93
        
                 };

     

       94
        
               };

···

       85
        
                   '';

     

       86
        
                 };

     

       87
        
       

     

       88
       +
                 offline = mkEnableOption (lib.mdDoc "offline mode") // {

     

       89
       +
                   description = lib.mdDoc ''

     

       90
        
                     Disable latest file updates and enable

     

       91
       +
                     [sideloading](https://docs.requarks.io/install/sideload).

     

       92
        
                   '';

     

       93
        
                 };

     

       94
        
               };

+4 -4

nixos/modules/services/web-servers/apache-httpd/vhost-options.nix

···

       116
        
           useACMEHost = mkOption {

     

       117
        
             type = types.nullOr types.str;

     

       118
        
             default = null;

     

       119
       -
             description = ''

     

       120
        
               A host of an existing Let's Encrypt certificate to use.

     

       121
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       122
       -
               <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.

     

       123
       -
               Alternately, you can generate a certificate through <option>enableACME</option>.

     

       124
       -
               <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using  <xref linkend="opt-security.acme.certs"/>.</emphasis>

     

       125
        
             '';

     

       126
        
           };

     

       127

···

       116
        
           useACMEHost = mkOption {

     

       117
        
             type = types.nullOr types.str;

     

       118
        
             default = null;

     

       119
       +
             description = lib.mdDoc ''

     

       120
        
               A host of an existing Let's Encrypt certificate to use.

     

       121
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       122
       +
               [rate limit](https://letsencrypt.org/docs/rate-limits).

     

       123
       +
               Alternately, you can generate a certificate through {option}`enableACME`.

     

       124
       +
               *Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*

     

       125
        
             '';

     

       126
        
           };

     

       127

+2 -2

nixos/modules/services/web-servers/hitch/default.nix

···

       36
        
             frontend = mkOption {

     

       37
        
               type = types.either types.str (types.listOf types.str);

     

       38
        
               default = "[127.0.0.1]:443";

     

       39
       -
               description = ''

     

       40
        
                 The port and interface of the listen endpoint in the

     

       41
       -
       +         form [HOST]:PORT[+CERT].

     

       42
        
               '';

     

       43
        
               apply = toList;

     

       44
        
             };

···

       36
        
             frontend = mkOption {

     

       37
        
               type = types.either types.str (types.listOf types.str);

     

       38
        
               default = "[127.0.0.1]:443";

     

       39
       +
               description = lib.mdDoc ''

     

       40
        
                 The port and interface of the listen endpoint in the

     

       41
       +
                 form [HOST]:PORT[+CERT].

     

       42
        
               '';

     

       43
        
               apply = toList;

     

       44
        
             };

+4 -4

nixos/modules/services/web-servers/nginx/vhost-options.nix

···

       75
        
           useACMEHost = mkOption {

     

       76
        
             type = types.nullOr types.str;

     

       77
        
             default = null;

     

       78
       -
             description = ''

     

       79
        
               A host of an existing Let's Encrypt certificate to use.

     

       80
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       81
       -
               <link xlink:href="https://letsencrypt.org/docs/rate-limits/">rate limit</link>.

     

       82
       -
               Alternately, you can generate a certificate through <option>enableACME</option>.

     

       83
       -
               <emphasis>Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using  <xref linkend="opt-security.acme.certs"/>.</emphasis>

     

       84
        
             '';

     

       85
        
           };

     

       86

···

       75
        
           useACMEHost = mkOption {

     

       76
        
             type = types.nullOr types.str;

     

       77
        
             default = null;

     

       78
       +
             description = lib.mdDoc ''

     

       79
        
               A host of an existing Let's Encrypt certificate to use.

     

       80
        
               This is useful if you have many subdomains and want to avoid hitting the

     

       81
       +
               [rate limit](https://letsencrypt.org/docs/rate-limits).

     

       82
       +
               Alternately, you can generate a certificate through {option}`enableACME`.

     

       83
       +
               *Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using [](#opt-security.acme.certs).*

     

       84
        
             '';

     

       85
        
           };

     

       86

+2 -2

nixos/modules/system/activation/activation-script.nix

···

       88
        
               supportsDryActivation = mkOption

     

       89
        
                 { type = types.bool;

     

       90
        
                   default = false;

     

       91
       -
                   description = ''

     

       92
        
                     Whether this activation script supports being dry-activated.

     

       93
        
                     These activation scripts will also be executed on dry-activate

     

       94
        
                     activations with the environment variable

     

       95
       -
                     <literal>NIXOS_ACTION</literal> being set to <literal>dry-activate</literal>.

     

       96
        
                     it's important that these activation scripts  don't

     

       97
        
                     modify anything about the system when the variable is set.

     

       98
        
                   '';

···

       88
        
               supportsDryActivation = mkOption

     

       89
        
                 { type = types.bool;

     

       90
        
                   default = false;

     

       91
       +
                   description = lib.mdDoc ''

     

       92
        
                     Whether this activation script supports being dry-activated.

     

       93
        
                     These activation scripts will also be executed on dry-activate

     

       94
        
                     activations with the environment variable

     

       95
       +
                     `NIXOS_ACTION` being set to `dry-activate`.

     

       96
        
                     it's important that these activation scripts  don't

     

       97
        
                     modify anything about the system when the variable is set.

     

       98
        
                   '';

+2 -2

nixos/modules/system/boot/systemd/initrd.nix

···

       132
        
       

     

       133
        
       in {

     

       134
        
         options.boot.initrd.systemd = {

     

       135
       -
           enable = mkEnableOption "systemd in initrd" // {

     

       136
       -
             description = ''

     

       137
        
               Whether to enable systemd in initrd.

     

       138
        
       

     

       139
        
               Note: This is in very early development and is highly

···

       132
        
       

     

       133
        
       in {

     

       134
        
         options.boot.initrd.systemd = {

     

       135
       +
           enable = mkEnableOption (lib.mdDoc "systemd in initrd") // {

     

       136
       +
             description = lib.mdDoc ''

     

       137
        
               Whether to enable systemd in initrd.

     

       138
        
       

     

       139
        
               Note: This is in very early development and is highly

+3 -3

nixos/modules/virtualisation/kvmgt.nix

···

       17
        
       in {

     

       18
        
         options = {

     

       19
        
           virtualisation.kvmgt = {

     

       20
       -
             enable = mkEnableOption ''

     

       21
        
               KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.

     

       22
        
               Currently only one graphical device can be shared. To allow users to access the device without root add them

     

       23
       -
               to the kvm group: <literal>users.extraUsers.&lt;yourusername&gt;.extraGroups = [ "kvm" ];</literal>

     

       24
       -
             '';

     

       25
        
             # multi GPU support is under the question

     

       26
        
             device = mkOption {

     

       27
        
               type = types.str;

···

       17
        
       in {

     

       18
        
         options = {

     

       19
        
           virtualisation.kvmgt = {

     

       20
       +
             enable = mkEnableOption (lib.mdDoc ''

     

       21
        
               KVMGT (iGVT-g) VGPU support. Allows Qemu/KVM guests to share host's Intel integrated graphics card.

     

       22
        
               Currently only one graphical device can be shared. To allow users to access the device without root add them

     

       23
       +
               to the kvm group: `users.extraUsers.<yourusername>.extraGroups = [ "kvm" ];`

     

       24
       +
             '');

     

       25
        
             # multi GPU support is under the question

     

       26
        
             device = mkOption {

     

       27
        
               type = types.str;