commit d1165dba9979b6bd4ba063b7e39384ece33eec4e · pyrox.dev/nixpkgs

+2 -2

.editorconfig

···

       13
        
       

     

       14
        
       # see https://nixos.org/nixpkgs/manual/#chap-conventions

     

       15
        
       

     

       16
       -
       # Match nix/ruby files, set indent to spaces with width of two

     

       17
       -
       [*.{nix,rb}]

     

       18
        
       indent_style = space

     

       19
        
       indent_size = 2

     

       20

···

       13
        
       

     

       14
        
       # see https://nixos.org/nixpkgs/manual/#chap-conventions

     

       15
        
       

     

       16
       +
       # Match nix/ruby/docbook files, set indent to spaces with width of two

     

       17
       +
       [*.{nix,rb,xml}]

     

       18
        
       indent_style = space

     

       19
        
       indent_size = 2

     

       20

+2 -2

nixos/doc/manual/administration/cleaning-store.xml

···

       29
        
       night at 03:15:

     

       30
        
       

     

       31
        
       <programlisting>

     

       32
       -
       nix.gc.automatic = true;

     

       33
       -
       nix.gc.dates = "03:15";

     

       34
        
       </programlisting>

     

       35
        
       

     

       36
        
       </para>

···

       29
        
       night at 03:15:

     

       30
        
       

     

       31
        
       <programlisting>

     

       32
       +
       <xref linkend="opt-nix.gc.automatic"/> = true;

     

       33
       +
       <xref linkend="opt-nix.gc.dates"/> = "03:15";

     

       34
        
       </programlisting>

     

       35
        
       

     

       36
        
       </para>

+3 -3

nixos/doc/manual/administration/container-networking.xml

···

       39
        
       on the host:

     

       40
        
       

     

       41
        
       <programlisting>

     

       42
       -
       networking.nat.enable = true;

     

       43
       -
       networking.nat.internalInterfaces = ["ve-+"];

     

       44
       -
       networking.nat.externalInterface = "eth0";

     

       45
        
       </programlisting>

     

       46
        
       where <literal>eth0</literal> should be replaced with the desired

     

       47
        
       external interface. Note that <literal>ve-+</literal> is a wildcard

···

       39
        
       on the host:

     

       40
        
       

     

       41
        
       <programlisting>

     

       42
       +
       <xref linkend="opt-networking.nat.enable"/> = true;

     

       43
       +
       <xref linkend="opt-networking.nat.internalInterfaces"/> = ["ve-+"];

     

       44
       +
       <xref linkend="opt-networking.nat.externalInterface"/> = "eth0";

     

       45
        
       </programlisting>

     

       46
        
       where <literal>eth0</literal> should be replaced with the desired

     

       47
        
       external interface. Note that <literal>ve-+</literal> is a wildcard

+2 -2

nixos/doc/manual/administration/control-groups.xml

···

       47
        
       CPU share in <filename>configuration.nix</filename>:

     

       48
        
       

     

       49
        
       <programlisting>

     

       50
       -
       systemd.services.httpd.serviceConfig.CPUShares = 512;

     

       51
        
       </programlisting>

     

       52
        
       

     

       53
        
       By default, every cgroup has 1024 CPU shares, so this will halve the

     
···

       61
        
       <literal>httpd.service</literal> to 512 MiB of RAM (excluding swap):

     

       62
        
       

     

       63
        
       <programlisting>

     

       64
       -
       systemd.services.httpd.serviceConfig.MemoryLimit = "512M";

     

       65
        
       </programlisting>

     

       66
        
       

     

       67
        
       </para>

···

       47
        
       CPU share in <filename>configuration.nix</filename>:

     

       48
        
       

     

       49
        
       <programlisting>

     

       50
       +
       <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.httpd.serviceConfig</link>.CPUShares = 512;

     

       51
        
       </programlisting>

     

       52
        
       

     

       53
        
       By default, every cgroup has 1024 CPU shares, so this will halve the

     
···

       61
        
       <literal>httpd.service</literal> to 512 MiB of RAM (excluding swap):

     

       62
        
       

     

       63
        
       <programlisting>

     

       64
       +
       <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.httpd.serviceConfig</link>.MemoryLimit = "512M";

     

       65
        
       </programlisting>

     

       66
        
       

     

       67
        
       </para>

+7 -7

nixos/doc/manual/administration/declarative-containers.xml

···

       15
        
       containers.database =

     

       16
        
         { config =

     

       17
        
             { config, pkgs, ... }:

     

       18
       -
             { services.postgresql.enable = true;

     

       19
       -
               services.postgresql.package = pkgs.postgresql96;

     

       20
        
             };

     

       21
        
         };

     

       22
        
       </programlisting>

     
···

       33
        
       give a container its own network as follows:

     

       34
        
       

     

       35
        
       <programlisting>

     

       36
       -
       containers.database =

     

       37
       -
         { privateNetwork = true;

     

       38
       -
           hostAddress = "192.168.100.10";

     

       39
       -
           localAddress = "192.168.100.11";

     

       40
       -
         };

     

       41
        
       </programlisting>

     

       42
        
       

     

       43
        
       This gives the container a private virtual Ethernet interface with IP

···

       15
        
       containers.database =

     

       16
        
         { config =

     

       17
        
             { config, pkgs, ... }:

     

       18
       +
             { <xref linkend="opt-services.postgresql.enable"/> = true;

     

       19
       +
             <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql96;

     

       20
        
             };

     

       21
        
         };

     

       22
        
       </programlisting>

     
···

       33
        
       give a container its own network as follows:

     

       34
        
       

     

       35
        
       <programlisting>

     

       36
       +
       containers.database = {

     

       37
       +
         <link linkend="opt-containers._name_.privateNetwork">privateNetwork</link> = true;

     

       38
       +
         <link linkend="opt-containers._name_.hostAddress">hostAddress</link> = "192.168.100.10";

     

       39
       +
         <link linkend="opt-containers._name_.localAddress">localAddress</link> = "192.168.100.11";

     

       40
       +
       };

     

       41
        
       </programlisting>

     

       42
        
       

     

       43
        
       This gives the container a private virtual Ethernet interface with IP

+5 -5

nixos/doc/manual/administration/imperative-containers.xml

···

       30
        
       

     

       31
        
       <screen>

     

       32
        
       # nixos-container create foo --config '

     

       33
       -
         services.openssh.enable = true;

     

       34
       -
         users.extraUsers.root.openssh.authorizedKeys.keys = ["ssh-dss AAAAB3N…"];

     

       35
        
       '

     

       36
        
       </screen>

     

       37
        
       

     
···

       100
        
       

     

       101
        
       <screen>

     

       102
        
       # nixos-container update foo --config '

     

       103
       -
         services.httpd.enable = true;

     

       104
       -
         services.httpd.adminAddr = "foo@example.org";

     

       105
       -
         networking.firewall.allowedTCPPorts = [ 80 ];

     

       106
        
       '

     

       107
        
       

     

       108
        
       # curl http://$(nixos-container show-ip foo)/

···

       30
        
       

     

       31
        
       <screen>

     

       32
        
       # nixos-container create foo --config '

     

       33
       +
         <xref linkend="opt-services.openssh.enable"/> = true;

     

       34
       +
         <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.extraUsers.root.openssh.authorizedKeys.keys</link> = ["ssh-dss AAAAB3N…"];

     

       35
        
       '

     

       36
        
       </screen>

     

       37
        
       

     
···

       100
        
       

     

       101
        
       <screen>

     

       102
        
       # nixos-container update foo --config '

     

       103
       +
         <xref linkend="opt-services.httpd.enable"/> = true;

     

       104
       +
         <xref linkend="opt-services.httpd.adminAddr"/> = "foo@example.org";

     

       105
       +
         <xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 ];

     

       106
        
       '

     

       107
        
       

     

       108
        
       # curl http://$(nixos-container show-ip foo)/

+6 -6

nixos/doc/manual/configuration/abstractions.xml

···

       11
        
       

     

       12
        
       <programlisting>

     

       13
        
       {

     

       14
       -
         services.httpd.virtualHosts =

     

       15
        
           [ { hostName = "example.org";

     

       16
        
               documentRoot = "/webroot";

     

       17
        
               adminAddr = "alice@example.org";

     
···

       43
        
           };

     

       44
        
       in

     

       45
        
       {

     

       46
       -
         services.httpd.virtualHosts =

     

       47
        
           [ exampleOrgCommon

     

       48
        
             (exampleOrgCommon // {

     

       49
        
               enableSSL = true;

     
···

       66
        
       

     

       67
        
       <programlisting>

     

       68
        
       {

     

       69
       -
         services.httpd.virtualHosts =

     

       70
        
           let exampleOrgCommon = <replaceable>...</replaceable>; in

     

       71
        
           [ exampleOrgCommon

     

       72
        
             (exampleOrgCommon // { <replaceable>...</replaceable> })

     
···

       86
        
       

     

       87
        
       <programlisting>

     

       88
        
       {

     

       89
       -
         services.httpd.virtualHosts =

     

       90
        
           let

     

       91
        
             makeVirtualHost = name:

     

       92
        
               { hostName = name;

     
···

       113
        
       

     

       114
        
       <programlisting>

     

       115
        
       {

     

       116
       -
         services.httpd.virtualHosts =

     

       117
        
           let

     

       118
        
             makeVirtualHost = <replaceable>...</replaceable>;

     

       119
        
           in map makeVirtualHost

     
···

       132
        
       

     

       133
        
       <programlisting>

     

       134
        
       {

     

       135
       -
         services.httpd.virtualHosts =

     

       136
        
           let

     

       137
        
             makeVirtualHost = { name, root }:

     

       138
        
               { hostName = name;

···

       11
        
       

     

       12
        
       <programlisting>

     

       13
        
       {

     

       14
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       15
        
           [ { hostName = "example.org";

     

       16
        
               documentRoot = "/webroot";

     

       17
        
               adminAddr = "alice@example.org";

     
···

       43
        
           };

     

       44
        
       in

     

       45
        
       {

     

       46
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       47
        
           [ exampleOrgCommon

     

       48
        
             (exampleOrgCommon // {

     

       49
        
               enableSSL = true;

     
···

       66
        
       

     

       67
        
       <programlisting>

     

       68
        
       {

     

       69
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       70
        
           let exampleOrgCommon = <replaceable>...</replaceable>; in

     

       71
        
           [ exampleOrgCommon

     

       72
        
             (exampleOrgCommon // { <replaceable>...</replaceable> })

     
···

       86
        
       

     

       87
        
       <programlisting>

     

       88
        
       {

     

       89
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       90
        
           let

     

       91
        
             makeVirtualHost = name:

     

       92
        
               { hostName = name;

     
···

       113
        
       

     

       114
        
       <programlisting>

     

       115
        
       {

     

       116
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       117
        
           let

     

       118
        
             makeVirtualHost = <replaceable>...</replaceable>;

     

       119
        
           in map makeVirtualHost

     
···

       132
        
       

     

       133
        
       <programlisting>

     

       134
        
       {

     

       135
       +
         <xref linkend="opt-services.httpd.virtualHosts"/> =

     

       136
        
           let

     

       137
        
             makeVirtualHost = { name, root }:

     

       138
        
               { hostName = name;

+2 -2

nixos/doc/manual/configuration/ad-hoc-network-config.xml

···

       6
        
       

     

       7
        
       <title>Ad-Hoc Configuration</title>

     

       8
        
       

     

       9
       -
       <para>You can use <option>networking.localCommands</option> to specify

     

       10
        
       shell commands to be run at the end of

     

       11
        
       <literal>network-setup.service</literal>.  This is useful for doing

     

       12
        
       network configuration not covered by the existing NixOS modules.  For

     

       13
        
       instance, to statically configure an IPv6 address:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       -
       networking.localCommands =

     

       17
        
         ''

     

       18
        
           ip -6 addr add 2001:610:685:1::1/64 dev eth0

     

       19
        
         '';

···

       6
        
       

     

       7
        
       <title>Ad-Hoc Configuration</title>

     

       8
        
       

     

       9
       +
       <para>You can use <xref linkend="opt-networking.localCommands"/> to specify

     

       10
        
       shell commands to be run at the end of

     

       11
        
       <literal>network-setup.service</literal>.  This is useful for doing

     

       12
        
       network configuration not covered by the existing NixOS modules.  For

     

       13
        
       instance, to statically configure an IPv6 address:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       +
       <xref linkend="opt-networking.localCommands"/> =

     

       17
        
         ''

     

       18
        
           ip -6 addr add 2001:610:685:1::1/64 dev eth0

     

       19
        
         '';

+3 -3

nixos/doc/manual/configuration/adding-custom-packages.xml

···

       24
        
       <literal>environment.systemPackages</literal>, e.g.

     

       25
        
       

     

       26
        
       <programlisting>

     

       27
       -
       environment.systemPackages = [ pkgs.my-package ];

     

       28
        
       </programlisting>

     

       29
        
       

     

       30
        
       and you run <command>nixos-rebuild</command>, specifying your own

     
···

       41
        
       package directly in <filename>configuration.nix</filename>:

     

       42
        
       

     

       43
        
       <programlisting>

     

       44
       -
       environment.systemPackages =

     

       45
        
         let

     

       46
        
           my-hello = with pkgs; stdenv.mkDerivation rec {

     

       47
        
             name = "hello-2.8";

     
···

       57
        
       Of course, you can also move the definition of

     

       58
        
       <literal>my-hello</literal> into a separate Nix expression, e.g.

     

       59
        
       <programlisting>

     

       60
       -
       environment.systemPackages = [ (import ./my-hello.nix) ];

     

       61
        
       </programlisting>

     

       62
        
       where <filename>my-hello.nix</filename> contains:

     

       63
        
       <programlisting>

···

       24
        
       <literal>environment.systemPackages</literal>, e.g.

     

       25
        
       

     

       26
        
       <programlisting>

     

       27
       +
       <xref linkend="opt-environment.systemPackages"/> = [ pkgs.my-package ];

     

       28
        
       </programlisting>

     

       29
        
       

     

       30
        
       and you run <command>nixos-rebuild</command>, specifying your own

     
···

       41
        
       package directly in <filename>configuration.nix</filename>:

     

       42
        
       

     

       43
        
       <programlisting>

     

       44
       +
       <xref linkend="opt-environment.systemPackages"/> =

     

       45
        
         let

     

       46
        
           my-hello = with pkgs; stdenv.mkDerivation rec {

     

       47
        
             name = "hello-2.8";

     
···

       57
        
       Of course, you can also move the definition of

     

       58
        
       <literal>my-hello</literal> into a separate Nix expression, e.g.

     

       59
        
       <programlisting>

     

       60
       +
       <xref linkend="opt-environment.systemPackages"/> = [ (import ./my-hello.nix) ];

     

       61
        
       </programlisting>

     

       62
        
       where <filename>my-hello.nix</filename> contains:

     

       63
        
       <programlisting>

+13 -13

nixos/doc/manual/configuration/config-file.xml

···

       28
        
       <programlisting>

     

       29
        
       { config, pkgs, ... }:

     

       30
        
       

     

       31
       -
       { services.httpd.enable = true;

     

       32
       -
         services.httpd.adminAddr = "alice@example.org";

     

       33
       -
         services.httpd.documentRoot = "/webroot";

     

       34
        
       }

     

       35
        
       </programlisting>

     

       36
        
       

     
···

       40
        
       

     

       41
        
       <para>Sets can be nested, and in fact dots in option names are

     

       42
        
       shorthand for defining a set containing another set.  For instance,

     

       43
       -
       <option>services.httpd.enable</option> defines a set named

     

       44
        
       <varname>services</varname> that contains a set named

     

       45
        
       <varname>httpd</varname>, which in turn contains an option definition

     

       46
        
       named <varname>enable</varname> with value <literal>true</literal>.

     
···

       89
        
             <para>Strings are enclosed in double quotes, e.g.

     

       90
        
       

     

       91
        
       <programlisting>

     

       92
       -
       networking.hostName = "dexter";

     

       93
        
       </programlisting>

     

       94
        
       

     

       95
        
             Special characters can be escaped by prefixing them with a

     
···

       99
        
             single quotes</emphasis>, e.g.

     

       100
        
       

     

       101
        
       <programlisting>

     

       102
       -
       networking.extraHosts =

     

       103
        
         ''

     

       104
        
           127.0.0.2 other-localhost

     

       105
        
           10.0.0.1 server

     
···

       125
        
             <literal>false</literal>, e.g.

     

       126
        
       

     

       127
        
       <programlisting>

     

       128
       -
       networking.firewall.enable = true;

     

       129
       -
       networking.firewall.allowPing = false;

     

       130
        
       </programlisting>

     

       131
        
             </para>

     

       132
        
           </listitem>

     
···

       138
        
             <para>For example,

     

       139
        
       

     

       140
        
       <programlisting>

     

       141
       -
       boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60;

     

       142
        
       </programlisting>

     

       143
        
       

     

       144
        
             (Note that here the attribute name

     
···

       158
        
             enclosed in braces, as in the option definition

     

       159
        
       

     

       160
        
       <programlisting>

     

       161
       -
       fileSystems."/boot" =

     

       162
        
         { device = "/dev/sda1";

     

       163
        
           fsType = "ext4";

     

       164
        
           options = [ "rw" "data=ordered" "relatime" ];

     
···

       175
        
             elements are separated by whitespace, like this:

     

       176
        
       

     

       177
        
       <programlisting>

     

       178
       -
       boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];

     

       179
        
       </programlisting>

     

       180
        
       

     

       181
        
             List elements can be any other type, e.g. sets:

     
···

       195
        
             the function argument <varname>pkgs</varname>.  Typical uses:

     

       196
        
       

     

       197
        
       <programlisting>

     

       198
       -
       environment.systemPackages =

     

       199
        
         [ pkgs.thunderbird

     

       200
        
           pkgs.emacs

     

       201
        
         ];

     

       202
        
       

     

       203
       -
       postgresql.package = pkgs.postgresql90;

     

       204
        
       </programlisting>

     

       205
        
       

     

       206
        
             The latter option definition changes the default PostgreSQL

···

       28
        
       <programlisting>

     

       29
        
       { config, pkgs, ... }:

     

       30
        
       

     

       31
       +
       { <xref linkend="opt-services.httpd.enable"/> = true;

     

       32
       +
         <xref linkend="opt-services.httpd.adminAddr"/> = "alice@example.org";

     

       33
       +
         <xref linkend="opt-services.httpd.documentRoot"/> = "/webroot";

     

       34
        
       }

     

       35
        
       </programlisting>

     

       36
        
       

     
···

       40
        
       

     

       41
        
       <para>Sets can be nested, and in fact dots in option names are

     

       42
        
       shorthand for defining a set containing another set.  For instance,

     

       43
       +
       <xref linkend="opt-services.httpd.enable"/> defines a set named

     

       44
        
       <varname>services</varname> that contains a set named

     

       45
        
       <varname>httpd</varname>, which in turn contains an option definition

     

       46
        
       named <varname>enable</varname> with value <literal>true</literal>.

     
···

       89
        
             <para>Strings are enclosed in double quotes, e.g.

     

       90
        
       

     

       91
        
       <programlisting>

     

       92
       +
       <xref linkend="opt-networking.hostName"/> = "dexter";

     

       93
        
       </programlisting>

     

       94
        
       

     

       95
        
             Special characters can be escaped by prefixing them with a

     
···

       99
        
             single quotes</emphasis>, e.g.

     

       100
        
       

     

       101
        
       <programlisting>

     

       102
       +
       <xref linkend="opt-networking.extraHosts"/> =

     

       103
        
         ''

     

       104
        
           127.0.0.2 other-localhost

     

       105
        
           10.0.0.1 server

     
···

       125
        
             <literal>false</literal>, e.g.

     

       126
        
       

     

       127
        
       <programlisting>

     

       128
       +
       <xref linkend="opt-networking.firewall.enable"/> = true;

     

       129
       +
       <xref linkend="opt-networking.firewall.allowPing"/> = false;

     

       130
        
       </programlisting>

     

       131
        
             </para>

     

       132
        
           </listitem>

     
···

       138
        
             <para>For example,

     

       139
        
       

     

       140
        
       <programlisting>

     

       141
       +
       <xref linkend="opt-boot.kernel.sysctl"/>."net.ipv4.tcp_keepalive_time" = 60;

     

       142
        
       </programlisting>

     

       143
        
       

     

       144
        
             (Note that here the attribute name

     
···

       158
        
             enclosed in braces, as in the option definition

     

       159
        
       

     

       160
        
       <programlisting>

     

       161
       +
       <xref linkend="opt-fileSystems"/>."/boot" =

     

       162
        
         { device = "/dev/sda1";

     

       163
        
           fsType = "ext4";

     

       164
        
           options = [ "rw" "data=ordered" "relatime" ];

     
···

       175
        
             elements are separated by whitespace, like this:

     

       176
        
       

     

       177
        
       <programlisting>

     

       178
       +
       <xref linkend="opt-boot.kernelModules"/> = [ "fuse" "kvm-intel" "coretemp" ];

     

       179
        
       </programlisting>

     

       180
        
       

     

       181
        
             List elements can be any other type, e.g. sets:

     
···

       195
        
             the function argument <varname>pkgs</varname>.  Typical uses:

     

       196
        
       

     

       197
        
       <programlisting>

     

       198
       +
       <xref linkend="opt-environment.systemPackages"/> =

     

       199
        
         [ pkgs.thunderbird

     

       200
        
           pkgs.emacs

     

       201
        
         ];

     

       202
        
       

     

       203
       +
       <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql90;

     

       204
        
       </programlisting>

     

       205
        
       

     

       206
        
             The latter option definition changes the default PostgreSQL

+3 -3

nixos/doc/manual/configuration/customizing-packages.xml

···

       28
        
       you can specify that as follows:

     

       29
        
       

     

       30
        
       <programlisting>

     

       31
       -
       environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];

     

       32
        
       </programlisting>

     

       33
        
       

     

       34
        
       The function <varname>override</varname> performs the call to the Nix

     
···

       38
        
       causing Emacs to depend on GTK+ 3.  (The parentheses are necessary

     

       39
        
       because in Nix, function application binds more weakly than list

     

       40
        
       construction, so without them,

     

       41
       -
       <literal>environment.systemPackages</literal> would be a list with two

     

       42
        
       elements.)</para>

     

       43
        
       

     

       44
        
       <para>Even greater customisation is possible using the function

     
···

       51
        
       can say:

     

       52
        
       

     

       53
        
       <programlisting>

     

       54
       -
       environment.systemPackages = [

     

       55
        
         (pkgs.emacs.overrideAttrs (oldAttrs: {

     

       56
        
           name = "emacs-25.0-pre";

     

       57
        
           src = /path/to/my/emacs/tree;

···

       28
        
       you can specify that as follows:

     

       29
        
       

     

       30
        
       <programlisting>

     

       31
       +
       <xref linkend="opt-environment.systemPackages"/> = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ];

     

       32
        
       </programlisting>

     

       33
        
       

     

       34
        
       The function <varname>override</varname> performs the call to the Nix

     
···

       38
        
       causing Emacs to depend on GTK+ 3.  (The parentheses are necessary

     

       39
        
       because in Nix, function application binds more weakly than list

     

       40
        
       construction, so without them,

     

       41
       +
       <xref linkend="opt-environment.systemPackages"/> would be a list with two

     

       42
        
       elements.)</para>

     

       43
        
       

     

       44
        
       <para>Even greater customisation is possible using the function

     
···

       51
        
       can say:

     

       52
        
       

     

       53
        
       <programlisting>

     

       54
       +
       <xref linkend="opt-environment.systemPackages"/> = [

     

       55
        
         (pkgs.emacs.overrideAttrs (oldAttrs: {

     

       56
        
           name = "emacs-25.0-pre";

     

       57
        
           src = /path/to/my/emacs/tree;

+3 -3

nixos/doc/manual/configuration/declarative-packages.xml

···

       8
        
       

     

       9
        
       <para>With declarative package management, you specify which packages

     

       10
        
       you want on your system by setting the option

     

       11
       -
       <option>environment.systemPackages</option>.  For instance, adding the

     

       12
        
       following line to <filename>configuration.nix</filename> enables the

     

       13
        
       Mozilla Thunderbird email application:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       -
       environment.systemPackages = [ pkgs.thunderbird ];

     

       17
        
       </programlisting>

     

       18
        
       

     

       19
        
       The effect of this specification is that the Thunderbird package from

     
···

       34
        
       different channels that you might have.)</para>

     

       35
        
       

     

       36
        
       <para>To “uninstall” a package, simply remove it from

     

       37
       -
       <option>environment.systemPackages</option> and run

     

       38
        
       <command>nixos-rebuild switch</command>.</para>

     

       39
        
       

     

       40
        
       <xi:include href="customizing-packages.xml" />

···

       8
        
       

     

       9
        
       <para>With declarative package management, you specify which packages

     

       10
        
       you want on your system by setting the option

     

       11
       +
       <xref linkend="opt-environment.systemPackages"/>.  For instance, adding the

     

       12
        
       following line to <filename>configuration.nix</filename> enables the

     

       13
        
       Mozilla Thunderbird email application:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       +
       <xref linkend="opt-environment.systemPackages"/> = [ pkgs.thunderbird ];

     

       17
        
       </programlisting>

     

       18
        
       

     

       19
        
       The effect of this specification is that the Thunderbird package from

     
···

       34
        
       different channels that you might have.)</para>

     

       35
        
       

     

       36
        
       <para>To “uninstall” a package, simply remove it from

     

       37
       +
       <xref linkend="opt-environment.systemPackages"/> and run

     

       38
        
       <command>nixos-rebuild switch</command>.</para>

     

       39
        
       

     

       40
        
       <xi:include href="customizing-packages.xml" />

+4 -4

nixos/doc/manual/configuration/file-systems.xml

···

       13
        
       point <filename>/data</filename>:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       -
       fileSystems."/data" =

     

       17
        
         { device = "/dev/disk/by-label/data";

     

       18
        
           fsType = "ext4";

     

       19
        
         };

     

       20
        
       </programlisting>

     

       21
        
       

     

       22
        
       Mount points are created automatically if they don’t already exist.

     

       23
       -
       For <option>device</option>, it’s best to use the topology-independent

     

       24
        
       device aliases in <filename>/dev/disk/by-label</filename> and

     

       25
        
       <filename>/dev/disk/by-uuid</filename>, as these don’t change if the

     

       26
        
       topology changes (e.g. if a disk is moved to another IDE

     

       27
        
       controller).</para>

     

       28
        
       

     

       29
        
       <para>You can usually omit the file system type

     

       30
       -
       (<option>fsType</option>), since <command>mount</command> can usually

     

       31
        
       detect the type and load the necessary kernel module automatically.

     

       32
        
       However, if the file system is needed at early boot (in the initial

     

       33
        
       ramdisk) and is not <literal>ext2</literal>, <literal>ext3</literal>

     
···

       38
        
       <note><para>System startup will fail if any of the filesystems fails to mount,

     

       39
        
       dropping you to the emergency shell.

     

       40
        
       You can make a mount asynchronous and non-critical by adding

     

       41
       -
       <literal>options = [ "nofail" ];</literal>.

     

       42
        
       </para></note>

     

       43
        
       

     

       44
        
       <xi:include href="luks-file-systems.xml" />

···

       13
        
       point <filename>/data</filename>:

     

       14
        
       

     

       15
        
       <programlisting>

     

       16
       +
       <xref linkend="opt-fileSystems"/>."/data" =

     

       17
        
         { device = "/dev/disk/by-label/data";

     

       18
        
           fsType = "ext4";

     

       19
        
         };

     

       20
        
       </programlisting>

     

       21
        
       

     

       22
        
       Mount points are created automatically if they don’t already exist.

     

       23
       +
       For <option><link linkend="opt-fileSystems._name__.device">device</link></option>, it’s best to use the topology-independent

     

       24
        
       device aliases in <filename>/dev/disk/by-label</filename> and

     

       25
        
       <filename>/dev/disk/by-uuid</filename>, as these don’t change if the

     

       26
        
       topology changes (e.g. if a disk is moved to another IDE

     

       27
        
       controller).</para>

     

       28
        
       

     

       29
        
       <para>You can usually omit the file system type

     

       30
       +
       (<option><link linkend="opt-fileSystems._name__.fsType">fsType</link></option>), since <command>mount</command> can usually

     

       31
        
       detect the type and load the necessary kernel module automatically.

     

       32
        
       However, if the file system is needed at early boot (in the initial

     

       33
        
       ramdisk) and is not <literal>ext2</literal>, <literal>ext3</literal>

     
···

       38
        
       <note><para>System startup will fail if any of the filesystems fails to mount,

     

       39
        
       dropping you to the emergency shell.

     

       40
        
       You can make a mount asynchronous and non-critical by adding

     

       41
       +
       <literal><link linkend="opt-fileSystems._name__.options">options</link> = [ "nofail" ];</literal>.

     

       42
        
       </para></note>

     

       43
        
       

     

       44
        
       <xi:include href="luks-file-systems.xml" />

+7 -7

nixos/doc/manual/configuration/firewall.xml

···

       12
        
       disabled as follows:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       -
       networking.firewall.enable = false;

     

       16
        
       </programlisting>

     

       17
        
       

     

       18
        
       If the firewall is enabled, you can open specific TCP ports to the

     

       19
        
       outside world:

     

       20
        
       

     

       21
        
       <programlisting>

     

       22
       -
       networking.firewall.allowedTCPPorts = [ 80 443 ];

     

       23
        
       </programlisting>

     

       24
        
       

     

       25
        
       Note that TCP port 22 (ssh) is opened automatically if the SSH daemon

     

       26
       -
       is enabled (<option>services.openssh.enable = true</option>). UDP

     

       27
        
       ports can be opened through

     

       28
       -
       <option>networking.firewall.allowedUDPPorts</option>.</para>

     

       29
        
       

     

       30
        
       <para>To open ranges of TCP ports:

     

       31
        
       

     

       32
        
       <programlisting>

     

       33
       -
       networking.firewall.allowedTCPPortRanges = [

     

       34
        
         { from = 4000; to = 4007; }

     

       35
        
         { from = 8000; to = 8010; }

     

       36
        
       ];

     

       37
        
       </programlisting>

     

       38
        
       

     

       39
        
       Similarly, UDP port ranges can be opened through

     

       40
       -
       <option>networking.firewall.allowedUDPPortRanges</option>.</para>

     

       41
        
       

     

       42
        
       <para>Also of interest is

     

       43
        
       

     

       44
        
       <programlisting>

     

       45
       -
       networking.firewall.allowPing = true;

     

       46
        
       </programlisting>

     

       47
        
       

     

       48
        
       to allow the machine to respond to ping requests.  (ICMPv6 pings are

···

       12
        
       disabled as follows:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       +
       <xref linkend="opt-networking.firewall.enable"/> = false;

     

       16
        
       </programlisting>

     

       17
        
       

     

       18
        
       If the firewall is enabled, you can open specific TCP ports to the

     

       19
        
       outside world:

     

       20
        
       

     

       21
        
       <programlisting>

     

       22
       +
       <xref linkend="opt-networking.firewall.allowedTCPPorts"/> = [ 80 443 ];

     

       23
        
       </programlisting>

     

       24
        
       

     

       25
        
       Note that TCP port 22 (ssh) is opened automatically if the SSH daemon

     

       26
       +
       is enabled (<option><xref linkend="opt-services.openssh.enable"/> = true</option>). UDP

     

       27
        
       ports can be opened through

     

       28
       +
       <xref linkend="opt-networking.firewall.allowedUDPPorts"/>.</para>

     

       29
        
       

     

       30
        
       <para>To open ranges of TCP ports:

     

       31
        
       

     

       32
        
       <programlisting>

     

       33
       +
       <xref linkend="opt-networking.firewall.allowedTCPPortRanges"/> = [

     

       34
        
         { from = 4000; to = 4007; }

     

       35
        
         { from = 8000; to = 8010; }

     

       36
        
       ];

     

       37
        
       </programlisting>

     

       38
        
       

     

       39
        
       Similarly, UDP port ranges can be opened through

     

       40
       +
       <xref linkend="opt-networking.firewall.allowedUDPPortRanges"/>.</para>

     

       41
        
       

     

       42
        
       <para>Also of interest is

     

       43
        
       

     

       44
        
       <programlisting>

     

       45
       +
       <xref linkend="opt-networking.firewall.allowPing"/> = true;

     

       46
        
       </programlisting>

     

       47
        
       

     

       48
        
       to allow the machine to respond to ping requests.  (ICMPv6 pings are

+8 -5

nixos/doc/manual/configuration/ipv4-config.xml

···

       12
        
       follows:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       -
       networking.interfaces.eth0.ipv4.addresses = [ { address = "192.168.1.2"; prefixLength = 24; } ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       16
        
       </programlisting>

     

       17
        
       

     

       18
        
       Typically you’ll also want to set a default gateway and set of name

     

       19
        
       servers:

     

       20
        
       

     

       21
        
       <programlisting>

     

       22
       -
       networking.defaultGateway = "192.168.1.1";

     

       23
       -
       networking.nameservers = [ "8.8.8.8" ];

     

       24
        
       </programlisting>

     

       25
        
       

     

       26
        
       </para>

     
···

       31
        
       The default gateway and name server configuration is performed by

     

       32
        
       <literal>network-setup.service</literal>.</para></note>

     

       33
        
       

     

       34
       -
       <para>The host name is set using <option>networking.hostName</option>:

     

       35
        
       

     

       36
        
       <programlisting>

     

       37
       -
       networking.hostName = "cartman";

     

       38
        
       </programlisting>

     

       39
        
       

     

       40
        
       The default host name is <literal>nixos</literal>.  Set it to the

···

       12
        
       follows:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       +
       <link linkend="opt-networking.interfaces._name__.ipv4.addresses">networking.interfaces.eth0.ipv4.addresses</link> = [ {

     

       16
       +
         address = "192.168.1.2";

     

       17
       +
         prefixLength = 24;

     

       18
       +
       } ];

     

       19
        
       </programlisting>

     

       20
        
       

     

       21
        
       Typically you’ll also want to set a default gateway and set of name

     

       22
        
       servers:

     

       23
        
       

     

       24
        
       <programlisting>

     

       25
       +
       <xref linkend="opt-networking.defaultGateway"/> = "192.168.1.1";

     

       26
       +
       <xref linkend="opt-networking.nameservers"/> = [ "8.8.8.8" ];

     

       27
        
       </programlisting>

     

       28
        
       

     

       29
        
       </para>

     
···

       34
        
       The default gateway and name server configuration is performed by

     

       35
        
       <literal>network-setup.service</literal>.</para></note>

     

       36
        
       

     

       37
       +
       <para>The host name is set using <xref linkend="opt-networking.hostName"/>:

     

       38
        
       

     

       39
        
       <programlisting>

     

       40
       +
       <xref linkend="opt-networking.hostName"/> = "cartman";

     

       41
        
       </programlisting>

     

       42
        
       

     

       43
        
       The default host name is <literal>nixos</literal>.  Set it to the

+7 -4

nixos/doc/manual/configuration/ipv6-config.xml

···

       11
        
       can disable IPv6 support globally by setting:

     

       12
        
       

     

       13
        
       <programlisting>

     

       14
       -
       networking.enableIPv6 = false;

     

       15
        
       </programlisting></para>

     

       16
        
       

     

       17
        
       <para>You can disable IPv6 on a single interface using a normal sysctl (in this

     

       18
        
       example, we use interface <varname>eth0</varname>):

     

       19
        
       

     

       20
        
       <programlisting>

     

       21
       -
       boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true;

     

       22
        
       </programlisting>

     

       23
        
       </para>

     

       24
        
       

     
···

       26
        
       DHCPv6. You can configure an interface manually:

     

       27
        
       

     

       28
        
       <programlisting>

     

       29
       -
       networking.interfaces.eth0.ipv6.addresses = [ { address = "fe00:aa:bb:cc::2"; prefixLength = 64; } ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       30
        
       </programlisting>

     

       31
        
       </para>

     

       32
        
       

     

       33
        
       <para>For configuring a gateway, optionally with explicitly specified interface:

     

       34
        
       

     

       35
        
       <programlisting>

     

       36
       -
       networking.defaultGateway6 = {

     

       37
        
         address = "fe00::1";

     

       38
        
         interface = "enp0s3";

     

       39
        
       }

···

       11
        
       can disable IPv6 support globally by setting:

     

       12
        
       

     

       13
        
       <programlisting>

     

       14
       +
       <xref linkend="opt-networking.enableIPv6"/> = false;

     

       15
        
       </programlisting></para>

     

       16
        
       

     

       17
        
       <para>You can disable IPv6 on a single interface using a normal sysctl (in this

     

       18
        
       example, we use interface <varname>eth0</varname>):

     

       19
        
       

     

       20
        
       <programlisting>

     

       21
       +
       <xref linkend="opt-boot.kernel.sysctl"/>."net.ipv6.conf.eth0.disable_ipv6" = true;

     

       22
        
       </programlisting>

     

       23
        
       </para>

     

       24
        
       

     
···

       26
        
       DHCPv6. You can configure an interface manually:

     

       27
        
       

     

       28
        
       <programlisting>

     

       29
       +
       <link linkend="opt-networking.interfaces._name__.ipv6.addresses">networking.interfaces.eth0.ipv6.addresses</link> = [ {

     

       30
       +
         address = "fe00:aa:bb:cc::2";

     

       31
       +
         prefixLength = 64;

     

       32
       +
       } ];

     

       33
        
       </programlisting>

     

       34
        
       </para>

     

       35
        
       

     

       36
        
       <para>For configuring a gateway, optionally with explicitly specified interface:

     

       37
        
       

     

       38
        
       <programlisting>

     

       39
       +
       <xref linkend="opt-networking.defaultGateway6"/> = {

     

       40
        
         address = "fe00::1";

     

       41
        
         interface = "enp0s3";

     

       42
        
       }

+7 -7

nixos/doc/manual/configuration/linux-kernel.xml

···

       10
        
       the option <option>boot.kernelPackages</option>.  For instance, this

     

       11
        
       selects the Linux 3.10 kernel:

     

       12
        
       <programlisting>

     

       13
       -
       boot.kernelPackages = pkgs.linuxPackages_3_10;

     

       14
        
       </programlisting>

     

       15
        
       Note that this not only replaces the kernel, but also packages that

     

       16
        
       are specific to the kernel version, such as the NVIDIA video drivers.

     
···

       45
        
       

     

       46
        
       <para>Kernel modules for hardware devices are generally loaded

     

       47
        
       automatically by <command>udev</command>.  You can force a module to

     

       48
       -
       be loaded via <option>boot.kernelModules</option>, e.g.

     

       49
        
       <programlisting>

     

       50
       -
       boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ];

     

       51
        
       </programlisting>

     

       52
        
       If the module is required early during the boot (e.g. to mount the

     

       53
        
       root file system), you can use

     

       54
       -
       <option>boot.initrd.extraKernelModules</option>:

     

       55
        
       <programlisting>

     

       56
       -
       boot.initrd.extraKernelModules = [ "cifs" ];

     

       57
        
       </programlisting>

     

       58
        
       This causes the specified modules and their dependencies to be added

     

       59
        
       to the initial ramdisk.</para>

     

       60
        
       

     

       61
        
       <para>Kernel runtime parameters can be set through

     

       62
       -
       <option>boot.kernel.sysctl</option>, e.g.

     

       63
        
       <programlisting>

     

       64
       -
       boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120;

     

       65
        
       </programlisting>

     

       66
        
       sets the kernel’s TCP keepalive time to 120 seconds.  To see the

     

       67
        
       available parameters, run <command>sysctl -a</command>.</para>

···

       10
        
       the option <option>boot.kernelPackages</option>.  For instance, this

     

       11
        
       selects the Linux 3.10 kernel:

     

       12
        
       <programlisting>

     

       13
       +
       <xref linkend="opt-boot.kernelPackages"/> = pkgs.linuxPackages_3_10;

     

       14
        
       </programlisting>

     

       15
        
       Note that this not only replaces the kernel, but also packages that

     

       16
        
       are specific to the kernel version, such as the NVIDIA video drivers.

     
···

       45
        
       

     

       46
        
       <para>Kernel modules for hardware devices are generally loaded

     

       47
        
       automatically by <command>udev</command>.  You can force a module to

     

       48
       +
       be loaded via <xref linkend="opt-boot.kernelModules"/>, e.g.

     

       49
        
       <programlisting>

     

       50
       +
       <xref linkend="opt-boot.kernelModules"/> = [ "fuse" "kvm-intel" "coretemp" ];

     

       51
        
       </programlisting>

     

       52
        
       If the module is required early during the boot (e.g. to mount the

     

       53
        
       root file system), you can use

     

       54
       +
       <xref linkend="opt-boot.initrd.extraKernelModules"/>:

     

       55
        
       <programlisting>

     

       56
       +
       <xref linkend="opt-boot.initrd.extraKernelModules"/> = [ "cifs" ];

     

       57
        
       </programlisting>

     

       58
        
       This causes the specified modules and their dependencies to be added

     

       59
        
       to the initial ramdisk.</para>

     

       60
        
       

     

       61
        
       <para>Kernel runtime parameters can be set through

     

       62
       +
       <xref linkend="opt-boot.kernel.sysctl"/>, e.g.

     

       63
        
       <programlisting>

     

       64
       +
       <xref linkend="opt-boot.kernel.sysctl"/>."net.ipv4.tcp_keepalive_time" = 120;

     

       65
        
       </programlisting>

     

       66
        
       sets the kernel’s TCP keepalive time to 120 seconds.  To see the

     

       67
        
       available parameters, run <command>sysctl -a</command>.</para>

+3 -3

nixos/doc/manual/configuration/luks-file-systems.xml

···

       33
        
       <filename>configuration.nix</filename>:

     

       34
        
       

     

       35
        
       <programlisting>

     

       36
       -
       boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";

     

       37
       -
       fileSystems."/".device = "/dev/mapper/crypted";

     

       38
        
       </programlisting>

     

       39
        
       

     

       40
        
       Should grub be used as bootloader, and <filename>/boot</filename> is located

     

       41
        
       on an encrypted partition, it is necessary to add the following grub option:

     

       42
       -
       <programlisting>boot.loader.grub.enableCryptodisk = true;</programlisting>

     

       43
        
       

     

       44
        
       </para>

     

       45

···

       33
        
       <filename>configuration.nix</filename>:

     

       34
        
       

     

       35
        
       <programlisting>

     

       36
       +
       <link linkend="opt-boot.initrd.luks.devices._name__.device">boot.initrd.luks.devices.crypted.device</link> = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d";

     

       37
       +
       <xref linkend="opt-fileSystems"/>."/".device = "/dev/mapper/crypted";

     

       38
        
       </programlisting>

     

       39
        
       

     

       40
        
       Should grub be used as bootloader, and <filename>/boot</filename> is located

     

       41
        
       on an encrypted partition, it is necessary to add the following grub option:

     

       42
       +
       <programlisting><xref linkend="opt-boot.loader.grub.enableCryptodisk"/> = true;</programlisting>

     

       43
        
       

     

       44
        
       </para>

     

       45

+18 -18

nixos/doc/manual/configuration/modularity.xml

···

       22
        
       { config, pkgs, ... }:

     

       23
        
       

     

       24
        
       { imports = [ ./vpn.nix ./kde.nix ];

     

       25
       -
         services.httpd.enable = true;

     

       26
       -
         environment.systemPackages = [ pkgs.emacs ];

     

       27
        
         <replaceable>...</replaceable>

     

       28
        
       }

     

       29
        
       </programlisting>

     
···

       35
        
       <programlisting>

     

       36
        
       { config, pkgs, ... }:

     

       37
        
       

     

       38
       -
       { services.xserver.enable = true;

     

       39
       -
         services.xserver.displayManager.sddm.enable = true;

     

       40
       -
         services.xserver.desktopManager.plasma5.enable = true;

     

       41
        
       }

     

       42
        
       </programlisting>

     

       43
        
       

     

       44
        
       Note that both <filename>configuration.nix</filename> and

     

       45
        
       <filename>kde.nix</filename> define the option

     

       46
       -
       <option>environment.systemPackages</option>.  When multiple modules

     

       47
        
       define an option, NixOS will try to <emphasis>merge</emphasis> the

     

       48
        
       definitions.  In the case of

     

       49
       -
       <option>environment.systemPackages</option>, that’s easy: the lists of

     

       50
        
       packages can simply be concatenated.  The value in

     

       51
        
       <filename>configuration.nix</filename> is merged last, so for

     

       52
        
       list-type options, it will appear at the end of the merged list. If

     

       53
        
       you want it to appear first, you can use <varname>mkBefore</varname>:

     

       54
        
       

     

       55
        
       <programlisting>

     

       56
       -
       boot.kernelModules = mkBefore [ "kvm-intel" ];

     

       57
        
       </programlisting>

     

       58
        
       

     

       59
        
       This causes the <literal>kvm-intel</literal> kernel module to be

     
···

       61
        
       

     

       62
        
       <para>For other types of options, a merge may not be possible. For

     

       63
        
       instance, if two modules define

     

       64
       -
       <option>services.httpd.adminAddr</option>,

     

       65
        
       <command>nixos-rebuild</command> will give an error:

     

       66
        
       

     

       67
        
       <screen>

     
···

       72
        
       precedence over the others:

     

       73
        
       

     

       74
        
       <programlisting>

     

       75
       -
       services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org";

     

       76
        
       </programlisting>

     

       77
        
       

     

       78
        
       </para>

     
···

       89
        
       is a “lazy” language — it only computes values when they are needed.

     

       90
        
       This works as long as no individual configuration value depends on

     

       91
        
       itself.</para></footnote>.  For example, here is a module that adds

     

       92
       -
       some packages to <option>environment.systemPackages</option> only if

     

       93
       -
       <option>services.xserver.enable</option> is set to

     

       94
        
       <literal>true</literal> somewhere else:

     

       95
        
       

     

       96
        
       <programlisting>

     

       97
        
       { config, pkgs, ... }:

     

       98
        
       

     

       99
       -
       { environment.systemPackages =

     

       100
       -
           if config.services.xserver.enable then

     

       101
        
             [ pkgs.firefox

     

       102
        
               pkgs.thunderbird

     

       103
        
             ]

     
···

       113
        
       <option>nixos-option</option> allows you to find out:

     

       114
        
       

     

       115
        
       <screen>

     

       116
       -
       $ nixos-option services.xserver.enable

     

       117
        
       true

     

       118
        
       

     

       119
       -
       $ nixos-option boot.kernelModules

     

       120
        
       [ "tun" "ipv6" "loop" <replaceable>...</replaceable> ]

     

       121
        
       </screen>

     

       122
        
       

     
···

       130
        
       <screen>

     

       131
        
       $ nix-repl '&lt;nixpkgs/nixos>'

     

       132
        
       

     

       133
       -
       nix-repl> config.networking.hostName

     

       134
        
       "mandark"

     

       135
        
       

     

       136
       -
       nix-repl> map (x: x.hostName) config.services.httpd.virtualHosts

     

       137
        
       [ "example.org" "example.gov" ]

     

       138
        
       </screen>

     

       139

···

       22
        
       { config, pkgs, ... }:

     

       23
        
       

     

       24
        
       { imports = [ ./vpn.nix ./kde.nix ];

     

       25
       +
         <xref linkend="opt-services.httpd.enable"/> = true;

     

       26
       +
         <xref linkend="opt-environment.systemPackages"/> = [ pkgs.emacs ];

     

       27
        
         <replaceable>...</replaceable>

     

       28
        
       }

     

       29
        
       </programlisting>

     
···

       35
        
       <programlisting>

     

       36
        
       { config, pkgs, ... }:

     

       37
        
       

     

       38
       +
       { <xref linkend="opt-services.xserver.enable"/> = true;

     

       39
       +
         <xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true;

     

       40
       +
         <xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> = true;

     

       41
        
       }

     

       42
        
       </programlisting>

     

       43
        
       

     

       44
        
       Note that both <filename>configuration.nix</filename> and

     

       45
        
       <filename>kde.nix</filename> define the option

     

       46
       +
       <xref linkend="opt-environment.systemPackages"/>.  When multiple modules

     

       47
        
       define an option, NixOS will try to <emphasis>merge</emphasis> the

     

       48
        
       definitions.  In the case of

     

       49
       +
       <xref linkend="opt-environment.systemPackages"/>, that’s easy: the lists of

     

       50
        
       packages can simply be concatenated.  The value in

     

       51
        
       <filename>configuration.nix</filename> is merged last, so for

     

       52
        
       list-type options, it will appear at the end of the merged list. If

     

       53
        
       you want it to appear first, you can use <varname>mkBefore</varname>:

     

       54
        
       

     

       55
        
       <programlisting>

     

       56
       +
       <xref linkend="opt-boot.kernelModules"/> = mkBefore [ "kvm-intel" ];

     

       57
        
       </programlisting>

     

       58
        
       

     

       59
        
       This causes the <literal>kvm-intel</literal> kernel module to be

     
···

       61
        
       

     

       62
        
       <para>For other types of options, a merge may not be possible. For

     

       63
        
       instance, if two modules define

     

       64
       +
       <xref linkend="opt-services.httpd.adminAddr"/>,

     

       65
        
       <command>nixos-rebuild</command> will give an error:

     

       66
        
       

     

       67
        
       <screen>

     
···

       72
        
       precedence over the others:

     

       73
        
       

     

       74
        
       <programlisting>

     

       75
       +
       <xref linkend="opt-services.httpd.adminAddr"/> = pkgs.lib.mkForce "bob@example.org";

     

       76
        
       </programlisting>

     

       77
        
       

     

       78
        
       </para>

     
···

       89
        
       is a “lazy” language — it only computes values when they are needed.

     

       90
        
       This works as long as no individual configuration value depends on

     

       91
        
       itself.</para></footnote>.  For example, here is a module that adds

     

       92
       +
       some packages to <xref linkend="opt-environment.systemPackages"/> only if

     

       93
       +
       <xref linkend="opt-services.xserver.enable"/> is set to

     

       94
        
       <literal>true</literal> somewhere else:

     

       95
        
       

     

       96
        
       <programlisting>

     

       97
        
       { config, pkgs, ... }:

     

       98
        
       

     

       99
       +
       { <xref linkend="opt-environment.systemPackages"/> =

     

       100
       +
           if config.<xref linkend="opt-services.xserver.enable"/> then

     

       101
        
             [ pkgs.firefox

     

       102
        
               pkgs.thunderbird

     

       103
        
             ]

     
···

       113
        
       <option>nixos-option</option> allows you to find out:

     

       114
        
       

     

       115
        
       <screen>

     

       116
       +
       $ nixos-option <xref linkend="opt-services.xserver.enable"/>

     

       117
        
       true

     

       118
        
       

     

       119
       +
       $ nixos-option <xref linkend="opt-boot.kernelModules"/>

     

       120
        
       [ "tun" "ipv6" "loop" <replaceable>...</replaceable> ]

     

       121
        
       </screen>

     

       122
        
       

     
···

       130
        
       <screen>

     

       131
        
       $ nix-repl '&lt;nixpkgs/nixos>'

     

       132
        
       

     

       133
       +
       nix-repl> config.<xref linkend="opt-networking.hostName"/>

     

       134
        
       "mandark"

     

       135
        
       

     

       136
       +
       nix-repl> map (x: x.hostName) config.<xref linkend="opt-services.httpd.virtualHosts"/>

     

       137
        
       [ "example.org" "example.gov" ]

     

       138
        
       </screen>

     

       139

+2 -2

nixos/doc/manual/configuration/network-manager.xml

···

       10
        
       use NetworkManager. You can enable NetworkManager by setting:

     

       11
        
       

     

       12
        
       <programlisting>

     

       13
       -
       networking.networkmanager.enable = true;

     

       14
        
       </programlisting>

     

       15
        
       

     

       16
        
       some desktop managers (e.g., GNOME) enable NetworkManager

     
···

       20
        
       belong to the <code>networkmanager</code> group:

     

       21
        
       

     

       22
        
       <programlisting>

     

       23
       -
       users.extraUsers.youruser.extraGroups = [ "networkmanager" ];

     

       24
        
       </programlisting>

     

       25
        
       </para>

     

       26

···

       10
        
       use NetworkManager. You can enable NetworkManager by setting:

     

       11
        
       

     

       12
        
       <programlisting>

     

       13
       +
       <xref linkend="opt-networking.networkmanager.enable"/> = true;

     

       14
        
       </programlisting>

     

       15
        
       

     

       16
        
       some desktop managers (e.g., GNOME) enable NetworkManager

     
···

       20
        
       belong to the <code>networkmanager</code> group:

     

       21
        
       

     

       22
        
       <programlisting>

     

       23
       +
       <link linkend="opt-users.users._name__.extraGroups">users.extraUsers.youruser.extraGroups</link> = [ "networkmanager" ];

     

       24
        
       </programlisting>

     

       25
        
       </para>

     

       26

+3 -3

nixos/doc/manual/configuration/ssh.xml

···

       10
        
       setting:

     

       11
        
       

     

       12
        
       <programlisting>

     

       13
       -
       services.openssh.enable = true;

     

       14
        
       </programlisting>

     

       15
        
       

     

       16
        
       By default, root logins using a password are disallowed.  They can be

     

       17
        
       disabled entirely by setting

     

       18
       -
       <literal>services.openssh.permitRootLogin</literal> to

     

       19
        
       <literal>"no"</literal>.</para>

     

       20
        
       

     

       21
        
       <para>You can declaratively specify authorised RSA/DSA public keys for

     
···

       23
        
       

     

       24
        
       <!-- FIXME: this might not work if the user is unmanaged. -->

     

       25
        
       <programlisting>

     

       26
       -
       users.extraUsers.alice.openssh.authorizedKeys.keys =

     

       27
        
         [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];

     

       28
        
       </programlisting>

     

       29

···

       10
        
       setting:

     

       11
        
       

     

       12
        
       <programlisting>

     

       13
       +
       <xref linkend="opt-services.openssh.enable"/> = true;

     

       14
        
       </programlisting>

     

       15
        
       

     

       16
        
       By default, root logins using a password are disallowed.  They can be

     

       17
        
       disabled entirely by setting

     

       18
       +
       <xref linkend="opt-services.openssh.permitRootLogin"/> to

     

       19
        
       <literal>"no"</literal>.</para>

     

       20
        
       

     

       21
        
       <para>You can declaratively specify authorised RSA/DSA public keys for

     
···

       23
        
       

     

       24
        
       <!-- FIXME: this might not work if the user is unmanaged. -->

     

       25
        
       <programlisting>

     

       26
       +
       <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">users.extraUsers.alice.openssh.authorizedKeys.keys</link> =

     

       27
        
         [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ];

     

       28
        
       </programlisting>

     

       29

+14 -14

nixos/doc/manual/configuration/user-mgmt.xml

···

       12
        
       states that a user account named <literal>alice</literal> shall exist:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       -
       users.users.alice =

     

       16
       -
         { isNormalUser = true;

     

       17
       -
           home = "/home/alice";

     

       18
       -
           description = "Alice Foobar";

     

       19
       -
           extraGroups = [ "wheel" "networkmanager" ];

     

       20
       -
           openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ];

     

       21
       -
         };

     

       22
        
       </programlisting>

     

       23
        
       

     

       24
        
       Note that <literal>alice</literal> is a member of the

     
···

       32
        
       to set a password, which is retained across invocations of

     

       33
        
       <command>nixos-rebuild</command>.</para>

     

       34
        
       

     

       35
       -
       <para>If you set users.mutableUsers to false, then the contents of /etc/passwd

     

       36
       -
       and /etc/group will be congruent to your NixOS configuration. For instance,

     

       37
       -
       if you remove a user from users.users and run nixos-rebuild, the user

     

       38
       -
       account will cease to exist. Also, imperative commands for managing users

     

       39
        
       and groups, such as useradd, are no longer available. Passwords may still be

     

       40
       -
       assigned by setting the user's <literal>hashedPassword</literal> option. A

     

       41
       -
       hashed password can be generated using <command>mkpasswd -m sha-512</command>

     

       42
        
       after installing the <literal>mkpasswd</literal> package.</para>

     

       43
        
       

     

       44
        
       <para>A user ID (uid) is assigned automatically.  You can also specify

     
···

       54
        
       group named <literal>students</literal> shall exist:

     

       55
        
       

     

       56
        
       <programlisting>

     

       57
       -
       users.groups.students.gid = 1000;

     

       58
        
       </programlisting>

     

       59
        
       

     

       60
        
       As with users, the group ID (gid) is optional and will be assigned

···

       12
        
       states that a user account named <literal>alice</literal> shall exist:

     

       13
        
       

     

       14
        
       <programlisting>

     

       15
       +
       <xref linkend="opt-users.users"/>.alice = {

     

       16
       +
         <link linkend="opt-users.users._name__.isNormalUser">isNormalUser</link> = true;

     

       17
       +
         <link linkend="opt-users.users._name__.home">home</link> = "/home/alice";

     

       18
       +
         <link linkend="opt-users.users._name__.description">description</link> = "Alice Foobar";

     

       19
       +
         <link linkend="opt-users.users._name__.extraGroups">extraGroups</link> = [ "wheel" "networkmanager" ];

     

       20
       +
         <link linkend="opt-users.users._name__.openssh.authorizedKeys.keys">openssh.authorizedKeys.keys</link> = [ "ssh-dss AAAAB3Nza... alice@foobar" ];

     

       21
       +
       };

     

       22
        
       </programlisting>

     

       23
        
       

     

       24
        
       Note that <literal>alice</literal> is a member of the

     
···

       32
        
       to set a password, which is retained across invocations of

     

       33
        
       <command>nixos-rebuild</command>.</para>

     

       34
        
       

     

       35
       +
       <para>If you set <xref linkend="opt-users.mutableUsers"/> to false, then the contents of

     

       36
       +
       <literal>/etc/passwd</literal> and <literal>/etc/group</literal> will be congruent to

     

       37
       +
       your NixOS configuration. For instance, if you remove a user from <xref linkend="opt-users.users"/>

     

       38
       +
       and run nixos-rebuild, the user account will cease to exist. Also, imperative commands for managing users

     

       39
        
       and groups, such as useradd, are no longer available. Passwords may still be

     

       40
       +
       assigned by setting the user's <link linkend="opt-users.users._name__.hashedPassword">hashedPassword</link>

     

       41
       +
       option. A hashed password can be generated using <command>mkpasswd -m sha-512</command>

     

       42
        
       after installing the <literal>mkpasswd</literal> package.</para>

     

       43
        
       

     

       44
        
       <para>A user ID (uid) is assigned automatically.  You can also specify

     
···

       54
        
       group named <literal>students</literal> shall exist:

     

       55
        
       

     

       56
        
       <programlisting>

     

       57
       +
       <xref linkend="opt-users.groups"/>.students.gid = 1000;

     

       58
        
       </programlisting>

     

       59
        
       

     

       60
        
       As with users, the group ID (gid) is optional and will be assigned

+2 -2

nixos/doc/manual/configuration/wireless.xml

···

       15
        
       NixOS will start wpa_supplicant for you if you enable this setting:

     

       16
        
       

     

       17
        
       <programlisting>

     

       18
       -
       networking.wireless.enable = true;

     

       19
        
       </programlisting>

     

       20
        
       

     

       21
        
       NixOS lets you specify networks for wpa_supplicant declaratively:

     

       22
        
       <programlisting>

     

       23
       -
       networking.wireless.networks = {

     

       24
        
         echelon = {

     

       25
        
           psk = "abcdefgh";

     

       26
        
         };

···

       15
        
       NixOS will start wpa_supplicant for you if you enable this setting:

     

       16
        
       

     

       17
        
       <programlisting>

     

       18
       +
       <xref linkend="opt-networking.wireless.enable"/> = true;

     

       19
        
       </programlisting>

     

       20
        
       

     

       21
        
       NixOS lets you specify networks for wpa_supplicant declaratively:

     

       22
        
       <programlisting>

     

       23
       +
       <xref linkend="opt-networking.wireless.networks"/> = {

     

       24
        
         echelon = {

     

       25
        
           psk = "abcdefgh";

     

       26
        
         };

+23 -23

nixos/doc/manual/configuration/x-windows.xml

···

       9
        
       <para>The X Window System (X11) provides the basis of NixOS’ graphical

     

       10
        
       user interface.  It can be enabled as follows:

     

       11
        
       <programlisting>

     

       12
       -
       services.xserver.enable = true;

     

       13
        
       </programlisting>

     

       14
        
       The X server will automatically detect and use the appropriate video

     

       15
        
       driver from a set of X.org drivers (such as <literal>vesa</literal>

     

       16
        
       and <literal>intel</literal>).  You can also specify a driver

     

       17
        
       manually, e.g.

     

       18
        
       <programlisting>

     

       19
       -
       services.xserver.videoDrivers = [ "r128" ];

     

       20
        
       </programlisting>

     

       21
        
       to enable X.org’s <literal>xf86-video-r128</literal> driver.</para>

     

       22
        
       

     
···

       25
        
       <command>xterm</command> window.  Thus you should pick one or more of

     

       26
        
       the following lines:

     

       27
        
       <programlisting>

     

       28
       -
       services.xserver.desktopManager.plasma5.enable = true;

     

       29
       -
       services.xserver.desktopManager.xfce.enable = true;

     

       30
       -
       services.xserver.desktopManager.gnome3.enable = true;

     

       31
       -
       services.xserver.windowManager.xmonad.enable = true;

     

       32
       -
       services.xserver.windowManager.twm.enable = true;

     

       33
       -
       services.xserver.windowManager.icewm.enable = true;

     

       34
       -
       services.xserver.windowManager.i3.enable = true;

     

       35
        
       </programlisting>

     

       36
        
       </para>

     

       37
        
       

     
···

       40
        
       server) is SLiM. You can select an alternative one by picking one

     

       41
        
       of the following lines:

     

       42
        
       <programlisting>

     

       43
       -
       services.xserver.displayManager.sddm.enable = true;

     

       44
       -
       services.xserver.displayManager.lightdm.enable = true;

     

       45
        
       </programlisting>

     

       46
        
       </para>

     

       47
        
       

     

       48
        
       <para>You can set the keyboard layout (and optionally the layout variant):

     

       49
        
       <programlisting>

     

       50
       -
       services.xserver.layout = "de";

     

       51
       -
       services.xserver.xkbVariant = "neo";

     

       52
        
       </programlisting>

     

       53
        
       </para>

     

       54
        
       

     

       55
        
       <para>The X server is started automatically at boot time.  If you

     

       56
        
       don’t want this to happen, you can set:

     

       57
        
       <programlisting>

     

       58
       -
       services.xserver.autorun = false;

     

       59
        
       </programlisting>

     

       60
        
       The X server can then be started manually:

     

       61
        
       <screen>

     
···

       70
        
       has better 3D performance than the X.org drivers.  It is not enabled

     

       71
        
       by default because it’s not free software.  You can enable it as follows:

     

       72
        
       <programlisting>

     

       73
       -
       services.xserver.videoDrivers = [ "nvidia" ];

     

       74
        
       </programlisting>

     

       75
        
       Or if you have an older card, you may have to use one of the legacy drivers:

     

       76
        
       <programlisting>

     

       77
       -
       services.xserver.videoDrivers = [ "nvidiaLegacy340" ];

     

       78
       -
       services.xserver.videoDrivers = [ "nvidiaLegacy304" ];

     

       79
       -
       services.xserver.videoDrivers = [ "nvidiaLegacy173" ];

     

       80
        
       </programlisting>

     

       81
        
       You may need to reboot after enabling this driver to prevent a clash

     

       82
        
       with other kernel modules.</para>

     
···

       84
        
       <para>On 64-bit systems, if you want full acceleration for 32-bit

     

       85
        
       programs such as Wine, you should also set the following:

     

       86
        
       <programlisting>

     

       87
       -
       hardware.opengl.driSupport32Bit = true;

     

       88
        
       </programlisting>

     

       89
        
       </para>

     

       90
        
       

     
···

       96
        
       has better 3D performance than the X.org drivers.  It is not enabled

     

       97
        
       by default because it’s not free software.  You can enable it as follows:

     

       98
        
       <programlisting>

     

       99
       -
       services.xserver.videoDrivers = [ "ati_unfree" ];

     

       100
        
       </programlisting>

     

       101
        
       You will need to reboot after enabling this driver to prevent a clash

     

       102
        
       with other kernel modules.</para>

     
···

       104
        
       <para>On 64-bit systems, if you want full acceleration for 32-bit

     

       105
        
       programs such as Wine, you should also set the following:

     

       106
        
       <programlisting>

     

       107
       -
       hardware.opengl.driSupport32Bit = true;

     

       108
        
       </programlisting>

     

       109
        
       </para>

     

       110
        
       

     
···

       115
        
       <para>Support for Synaptics touchpads (found in many laptops such as

     

       116
        
       the Dell Latitude series) can be enabled as follows:

     

       117
        
       <programlisting>

     

       118
       -
       services.xserver.libinput.enable = true;

     

       119
        
       </programlisting>

     

       120
        
       The driver has many options (see <xref linkend="ch-options"/>).  For

     

       121
        
       instance, the following disables tap-to-click behavior:

     

       122
        
       <programlisting>

     

       123
       -
       services.xserver.libinput.tapping = false;

     

       124
        
       </programlisting>

     

       125
        
       Note: the use of <literal>services.xserver.synaptics</literal> is deprecated since NixOS 17.09.

     

       126
        
       </para>

···

       9
        
       <para>The X Window System (X11) provides the basis of NixOS’ graphical

     

       10
        
       user interface.  It can be enabled as follows:

     

       11
        
       <programlisting>

     

       12
       +
       <xref linkend="opt-services.xserver.enable"/> = true;

     

       13
        
       </programlisting>

     

       14
        
       The X server will automatically detect and use the appropriate video

     

       15
        
       driver from a set of X.org drivers (such as <literal>vesa</literal>

     

       16
        
       and <literal>intel</literal>).  You can also specify a driver

     

       17
        
       manually, e.g.

     

       18
        
       <programlisting>

     

       19
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "r128" ];

     

       20
        
       </programlisting>

     

       21
        
       to enable X.org’s <literal>xf86-video-r128</literal> driver.</para>

     

       22
        
       

     
···

       25
        
       <command>xterm</command> window.  Thus you should pick one or more of

     

       26
        
       the following lines:

     

       27
        
       <programlisting>

     

       28
       +
       <xref linkend="opt-services.xserver.desktopManager.plasma5.enable"/> = true;

     

       29
       +
       <xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true;

     

       30
       +
       <xref linkend="opt-services.xserver.desktopManager.gnome3.enable"/> = true;

     

       31
       +
       <xref linkend="opt-services.xserver.windowManager.xmonad.enable"/> = true;

     

       32
       +
       <xref linkend="opt-services.xserver.windowManager.twm.enable"/> = true;

     

       33
       +
       <xref linkend="opt-services.xserver.windowManager.icewm.enable"/> = true;

     

       34
       +
       <xref linkend="opt-services.xserver.windowManager.i3.enable"/> = true;

     

       35
        
       </programlisting>

     

       36
        
       </para>

     

       37
        
       

     
···

       40
        
       server) is SLiM. You can select an alternative one by picking one

     

       41
        
       of the following lines:

     

       42
        
       <programlisting>

     

       43
       +
       <xref linkend="opt-services.xserver.displayManager.sddm.enable"/> = true;

     

       44
       +
       <xref linkend="opt-services.xserver.displayManager.lightdm.enable"/> = true;

     

       45
        
       </programlisting>

     

       46
        
       </para>

     

       47
        
       

     

       48
        
       <para>You can set the keyboard layout (and optionally the layout variant):

     

       49
        
       <programlisting>

     

       50
       +
       <xref linkend="opt-services.xserver.layout"/> = "de";

     

       51
       +
       <xref linkend="opt-services.xserver.xkbVariant"/> = "neo";

     

       52
        
       </programlisting>

     

       53
        
       </para>

     

       54
        
       

     

       55
        
       <para>The X server is started automatically at boot time.  If you

     

       56
        
       don’t want this to happen, you can set:

     

       57
        
       <programlisting>

     

       58
       +
       <xref linkend="opt-services.xserver.autorun"/> = false;

     

       59
        
       </programlisting>

     

       60
        
       The X server can then be started manually:

     

       61
        
       <screen>

     
···

       70
        
       has better 3D performance than the X.org drivers.  It is not enabled

     

       71
        
       by default because it’s not free software.  You can enable it as follows:

     

       72
        
       <programlisting>

     

       73
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidia" ];

     

       74
        
       </programlisting>

     

       75
        
       Or if you have an older card, you may have to use one of the legacy drivers:

     

       76
        
       <programlisting>

     

       77
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy340" ];

     

       78
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy304" ];

     

       79
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "nvidiaLegacy173" ];

     

       80
        
       </programlisting>

     

       81
        
       You may need to reboot after enabling this driver to prevent a clash

     

       82
        
       with other kernel modules.</para>

     
···

       84
        
       <para>On 64-bit systems, if you want full acceleration for 32-bit

     

       85
        
       programs such as Wine, you should also set the following:

     

       86
        
       <programlisting>

     

       87
       +
       <xref linkend="opt-hardware.opengl.driSupport32Bit"/> = true;

     

       88
        
       </programlisting>

     

       89
        
       </para>

     

       90
        
       

     
···

       96
        
       has better 3D performance than the X.org drivers.  It is not enabled

     

       97
        
       by default because it’s not free software.  You can enable it as follows:

     

       98
        
       <programlisting>

     

       99
       +
       <xref linkend="opt-services.xserver.videoDrivers"/> = [ "ati_unfree" ];

     

       100
        
       </programlisting>

     

       101
        
       You will need to reboot after enabling this driver to prevent a clash

     

       102
        
       with other kernel modules.</para>

     
···

       104
        
       <para>On 64-bit systems, if you want full acceleration for 32-bit

     

       105
        
       programs such as Wine, you should also set the following:

     

       106
        
       <programlisting>

     

       107
       +
       <xref linkend="opt-hardware.opengl.driSupport32Bit"/> = true;

     

       108
        
       </programlisting>

     

       109
        
       </para>

     

       110
        
       

     
···

       115
        
       <para>Support for Synaptics touchpads (found in many laptops such as

     

       116
        
       the Dell Latitude series) can be enabled as follows:

     

       117
        
       <programlisting>

     

       118
       +
       <xref linkend="opt-services.xserver.libinput.enable"/> = true;

     

       119
        
       </programlisting>

     

       120
        
       The driver has many options (see <xref linkend="ch-options"/>).  For

     

       121
        
       instance, the following disables tap-to-click behavior:

     

       122
        
       <programlisting>

     

       123
       +
       <xref linkend="opt-services.xserver.libinput.tapping"/> = false;

     

       124
        
       </programlisting>

     

       125
        
       Note: the use of <literal>services.xserver.synaptics</literal> is deprecated since NixOS 17.09.

     

       126
        
       </para>

+12 -12

nixos/doc/manual/configuration/xfce.xml

···

       9
        
           <para>

     

       10
        
               To enable the Xfce Desktop Environment, set

     

       11
        
               <programlisting>

     

       12
       -
       services.xserver.desktopManager = {

     

       13
       -
           xfce.enable = true;

     

       14
       -
           default = "xfce";

     

       15
        
       };

     

       16
        
               </programlisting>

     

       17
        
           </para>

     
···

       20
        
               Optionally, <emphasis>compton</emphasis>

     

       21
        
               can be enabled for nice graphical effects, some example settings:

     

       22
        
               <programlisting>

     

       23
       -
       services.compton = {

     

       24
       -
         enable          = true;

     

       25
       -
         fade            = true;

     

       26
       -
         inactiveOpacity = "0.9";

     

       27
       -
         shadow          = true;

     

       28
       -
         fadeDelta       = 4;

     

       29
        
       };

     

       30
        
               </programlisting>

     

       31
        
           </para>

     
···

       33
        
           <para>

     

       34
        
               Some Xfce programs are not installed automatically.

     

       35
        
               To install them manually (system wide), put them into your

     

       36
       -
               <literal>environment.systemPackages</literal>.

     

       37
        
           </para>

     

       38
       -
                

     

       39
        
           <simplesect>

     

       40
        
               <title>Thunar Volume Support</title>

     

       41
        
       

     
···

       44
        
                   <emphasis>Thunar</emphasis>

     

       45
        
                   volume support, put

     

       46
        
                   <programlisting>

     

       47
       -
       services.xserver.desktopManager.xfce.enable = true;

     

       48
        
                   </programlisting>

     

       49
        
                   into your <emphasis>configuration.nix</emphasis>.

     

       50
        
               </para>

···

       9
        
           <para>

     

       10
        
               To enable the Xfce Desktop Environment, set

     

       11
        
               <programlisting>

     

       12
       +
       <link linkend="opt-services.xserver.desktopManager.default">services.xserver.desktopManager</link> = {

     

       13
       +
         <link linkend="opt-services.xserver.desktopManager.xfce.enable">xfce.enable</link> = true;

     

       14
       +
         <link linkend="opt-services.xserver.desktopManager.default">default</link> = "xfce";

     

       15
        
       };

     

       16
        
               </programlisting>

     

       17
        
           </para>

     
···

       20
        
               Optionally, <emphasis>compton</emphasis>

     

       21
        
               can be enabled for nice graphical effects, some example settings:

     

       22
        
               <programlisting>

     

       23
       +
       <link linkend="opt-services.compton.enable">services.compton</link> = {

     

       24
       +
         <link linkend="opt-services.compton.enable">enable</link>          = true;

     

       25
       +
         <link linkend="opt-services.compton.fade">fade</link>            = true;

     

       26
       +
         <link linkend="opt-services.compton.inactiveOpacity">inactiveOpacity</link> = "0.9";

     

       27
       +
         <link linkend="opt-services.compton.shadow">shadow</link>          = true;

     

       28
       +
         <link linkend="opt-services.compton.fadeDelta">fadeDelta</link>       = 4;

     

       29
        
       };

     

       30
        
               </programlisting>

     

       31
        
           </para>

     
···

       33
        
           <para>

     

       34
        
               Some Xfce programs are not installed automatically.

     

       35
        
               To install them manually (system wide), put them into your

     

       36
       +
               <xref linkend="opt-environment.systemPackages"/>.

     

       37
        
           </para>

     

       38
       +
       

     

       39
        
           <simplesect>

     

       40
        
               <title>Thunar Volume Support</title>

     

       41
        
       

     
···

       44
        
                   <emphasis>Thunar</emphasis>

     

       45
        
                   volume support, put

     

       46
        
                   <programlisting>

     

       47
       +
       <xref linkend="opt-services.xserver.desktopManager.xfce.enable"/> = true;

     

       48
        
                   </programlisting>

     

       49
        
                   into your <emphasis>configuration.nix</emphasis>.

     

       50
        
               </para>

+1 -1

nixos/doc/manual/installation/changing-config.xml

···

       75
        
       temporarily add the following to your configuration:

     

       76
        
       

     

       77
        
       <screen>

     

       78
       -
       users.extraUsers.your-user.initialPassword = "test"  

     

       79
        
       </screen>

     

       80
        
       

     

       81
        
       <emphasis>Important:</emphasis> delete the $hostname.qcow2 file if you

···

       75
        
       temporarily add the following to your configuration:

     

       76
        
       

     

       77
        
       <screen>

     

       78
       +
       <link linkend="opt-users.users._name__.initialHashedPassword">users.extraUsers.your-user.initialHashedPassword</link> = "test";

     

       79
        
       </screen>

     

       80
        
       

     

       81
        
       <emphasis>Important:</emphasis> delete the $hostname.qcow2 file if you

+8 -4

nixos/doc/manual/installation/installing-from-other-distro.xml

···

       111
        
                       <literal>configuration.nix</literal>:</para>

     

       112
        
       

     

       113
        
                   <programlisting>

     

       114
       -
       boot.loader.grub.extraEntries = ''

     

       115
        
         menuentry "Ubuntu" {

     

       116
        
           search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e

     

       117
        
           configfile "($ubuntu)/boot/grub/grub.cfg"

     
···

       183
        
                       account with <literal>sudo passwd -l root</literal> if you use

     

       184
        
                       <literal>sudo</literal>)</para>

     

       185
        
       

     

       186
       -
                   <programlisting>users.extraUsers.root.initialHashedPassword = "";</programlisting>

     

       0
        
       
     

       0
        
       
     

       187
        
               </listitem>

     

       188
        
       

     

       189
        
               <listitem>

     
···

       243
        
       

     

       244
        
                   <screen>

     

       245
        
       $ sudo touch /etc/NIXOS

     

       246
       -
       $ sudo touch /etc/NIXOS_LUSTRATE</screen>

     

       0
        
       
     

       247
        
       

     

       248
        
                   <para>Let's also make sure the NixOS configuration files are kept

     

       249
        
                       once we reboot on NixOS:</para>

     

       250
        
       

     

       251
        
                   <screen>

     

       252
       -
       $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE</screen>

     

       0
        
       
     

       253
        
               </listitem>

     

       254
        
       

     

       255
        
               <listitem>

···

       111
        
                       <literal>configuration.nix</literal>:</para>

     

       112
        
       

     

       113
        
                   <programlisting>

     

       114
       +
       <xref linkend="opt-boot.loader.grub.extraEntries"/> = ''

     

       115
        
         menuentry "Ubuntu" {

     

       116
        
           search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e

     

       117
        
           configfile "($ubuntu)/boot/grub/grub.cfg"

     
···

       183
        
                       account with <literal>sudo passwd -l root</literal> if you use

     

       184
        
                       <literal>sudo</literal>)</para>

     

       185
        
       

     

       186
       +
                     <programlisting>

     

       187
       +
       <link linkend="opt-users.users._name__.initialHashedPassword">users.extraUsers.root.initialHashedPassword</link> = "";

     

       188
       +
                     </programlisting>

     

       189
        
               </listitem>

     

       190
        
       

     

       191
        
               <listitem>

     
···

       245
        
       

     

       246
        
                   <screen>

     

       247
        
       $ sudo touch /etc/NIXOS

     

       248
       +
       $ sudo touch /etc/NIXOS_LUSTRATE

     

       249
       +
                   </screen>

     

       250
        
       

     

       251
        
                   <para>Let's also make sure the NixOS configuration files are kept

     

       252
        
                       once we reboot on NixOS:</para>

     

       253
        
       

     

       254
        
                   <screen>

     

       255
       +
       $ echo etc/nixos | sudo tee -a /etc/NIXOS_LUSTRATE

     

       256
       +
                   </screen>

     

       257
        
               </listitem>

     

       258
        
       

     

       259
        
               <listitem>

+2 -2

nixos/doc/manual/installation/installing-virtualbox-guest.xml

···

       42
        
       </para>

     

       43
        
       

     

       44
        
       <programlisting>

     

       45
       -
       boot.loader.grub.device = "/dev/sda";

     

       46
        
       </programlisting>

     

       47
        
       

     

       48
        
       <para>

     
···

       51
        
       </para>

     

       52
        
       

     

       53
        
       <programlisting>

     

       54
       -
       boot.initrd.checkJournalingFS = false;

     

       55
        
       </programlisting>

     

       56
        
       

     

       57
        
       <para>

···

       42
        
       </para>

     

       43
        
       

     

       44
        
       <programlisting>

     

       45
       +
       <xref linkend="opt-boot.loader.grub.device"/> = "/dev/sda";

     

       46
        
       </programlisting>

     

       47
        
       

     

       48
        
       <para>

     
···

       51
        
       </para>

     

       52
        
       

     

       53
        
       <programlisting>

     

       54
       +
       <xref linkend="opt-boot.initrd.checkJournalingFS"/> = false;

     

       55
        
       </programlisting>

     

       56
        
       

     

       57
        
       <para>

+38 -36

nixos/doc/manual/installation/installing.xml

···

       203
        
           <variablelist>

     

       204
        
       

     

       205
        
             <varlistentry><term>BIOS systems</term>

     

       206
       -
             <listitem><para>You <emphasis>must</emphasis> set the option

     

       207
       -
           <option>boot.loader.grub.device</option> to specify on which disk

     

       208
       -
           the GRUB boot loader is to be installed.  Without it, NixOS cannot

     

       209
       -
             boot.</para></listitem></varlistentry>

     

       210
        
       

     

       211
        
             <varlistentry><term>UEFI systems</term>

     

       212
       -
             <listitem><para>You <emphasis>must</emphasis> set the option

     

       213
       -
             <option>boot.loader.systemd-boot.enable</option> to <literal>true</literal>.

     

       214
       -
             <command>nixos-generate-config</command> should do this automatically for new

     

       215
       -
             configurations when booted in

     

       216
       -
             UEFI mode.</para>

     

       217
       -
             <para>You may want to look at the options starting with

     

       218
       -
             <option>boot.loader.efi</option> and <option>boot.loader.systemd-boot</option>

     

       219
       -
             as well.</para></listitem></varlistentry>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       220
        
       

     

       221
        
           </variablelist>

     

       222
        
       

     

       223
        
           <para>If there are other operating systems running on the machine before

     

       224
        
           installing NixOS, the

     

       225
       -
           <option>boot.loader.grub.useOSProber</option> option can be set to

     

       226
        
           <literal>true</literal> to automatically add them to the grub menu.</para>

     

       227
        
       

     

       228
        
           <para>Another critical option is <option>fileSystems</option>,

     
···

       264
        
           <para>As the last step, <command>nixos-install</command> will ask

     

       265
        
           you to set the password for the <literal>root</literal> user, e.g.

     

       266
        
       

     

       267
       -
       <screen>

     

       268
        
       setting root password...

     

       269
        
       Enter new UNIX password: ***

     

       270
        
       Retype new UNIX password: ***

     

       271
       -
       </screen>

     

       272
        
       

     

       273
        
           <note>

     

       274
        
             <para>

     

       275
       -
               To prevent the password prompt, set <code>users.mutableUsers = false;</code> in

     

       276
        
               <filename>configuration.nix</filename>, which allows unattended installation

     

       277
        
               necessary in automation.

     

       278
        
             </para>

     
···

       285
        
         <listitem>

     

       286
        
           <para>If everything went well:

     

       287
        
       

     

       288
       -
       <screen>

     

       289
       -
       # reboot</screen>

     

       290
        
       

     

       291
        
         </para></listitem>

     

       292
        
       

     

       293
        
         <listitem>

     

       294
        
       

     

       295
        
           <para>You should now be able to boot into the installed NixOS. The

     

       296
       -
           GRUB boot menu shows a list of <emphasis>available

     

       297
       -
           configurations</emphasis> (initially just one). Every time you

     

       298
       -
           change the NixOS configuration (see <link

     

       299
       -
           linkend="sec-changing-config">Changing Configuration</link> ), a

     

       300
       -
           new item is added to the menu. This allows you to easily roll back

     

       301
       -
           to a previous configuration if something goes wrong.</para>

     

       302
        
       

     

       303
        
           <para>You should log in and change the <literal>root</literal>

     

       304
        
           password with <command>passwd</command>.</para>

     
···

       372
        
       </example>

     

       373
        
       

     

       374
        
       <example xml:id='ex-config'><title>NixOS Configuration</title>

     

       375
       -
       <screen>

     

       376
       -
       { config, pkgs, ... }:

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       377
        
       

     

       378
       -
       {

     

       379
       -
         imports =

     

       380
       -
           [ # Include the results of the hardware scan.

     

       381
       -
             ./hardware-configuration.nix

     

       382
       -
           ];

     

       383
       -
       

     

       384
       -
         boot.loader.grub.device = "/dev/sda";   # <lineannotation>(for BIOS systems only)</lineannotation>

     

       385
       -
         boot.loader.systemd-boot.enable = true; # <lineannotation>(for UEFI systems only)</lineannotation>

     

       386
        
       

     

       387
        
         # Note: setting fileSystems is generally not

     

       388
        
         # necessary, since nixos-generate-config figures them out

     

       389
        
         # automatically in hardware-configuration.nix.

     

       390
       -
         #fileSystems."/".device = "/dev/disk/by-label/nixos";

     

       391
        
       

     

       392
        
         # Enable the OpenSSH server.

     

       393
        
         services.sshd.enable = true;

     

       394
       -
       }</screen>

     

       0
        
       
     

       395
        
       </example>

     

       396
        
       

     

       397
        
       <xi:include href="installing-usb.xml" />

···

       203
        
           <variablelist>

     

       204
        
       

     

       205
        
             <varlistentry><term>BIOS systems</term>

     

       206
       +
               <listitem><para>You <emphasis>must</emphasis> set the option

     

       207
       +
                   <xref linkend="opt-boot.loader.grub.device"/> to specify on which disk

     

       208
       +
                   the GRUB boot loader is to be installed.  Without it, NixOS cannot

     

       209
       +
                   boot.</para></listitem></varlistentry>

     

       210
        
       

     

       211
        
             <varlistentry><term>UEFI systems</term>

     

       212
       +
               <listitem><para>You <emphasis>must</emphasis> set the option

     

       213
       +
                   <xref linkend="opt-boot.loader.systemd-boot.enable"/> to <literal>true</literal>.

     

       214
       +
                   <command>nixos-generate-config</command> should do this automatically for new

     

       215
       +
                   configurations when booted in

     

       216
       +
                   UEFI mode.</para>

     

       217
       +
                 <para>You may want to look at the options starting with

     

       218
       +
                   <option><link linkend="opt-boot.loader.efi.canTouchEfiVariables">boot.loader.efi</link></option> and

     

       219
       +
                   <option><link linkend="opt-boot.loader.systemd-boot.enable">boot.loader.systemd</link></option> as well.

     

       220
       +
                 </para>

     

       221
       +
               </listitem>

     

       222
       +
             </varlistentry>

     

       223
        
       

     

       224
        
           </variablelist>

     

       225
        
       

     

       226
        
           <para>If there are other operating systems running on the machine before

     

       227
        
           installing NixOS, the

     

       228
       +
           <xref linkend="opt-boot.loader.grub.useOSProber"/> option can be set to

     

       229
        
           <literal>true</literal> to automatically add them to the grub menu.</para>

     

       230
        
       

     

       231
        
           <para>Another critical option is <option>fileSystems</option>,

     
···

       267
        
           <para>As the last step, <command>nixos-install</command> will ask

     

       268
        
           you to set the password for the <literal>root</literal> user, e.g.

     

       269
        
       

     

       270
       +
           <screen>

     

       271
        
       setting root password...

     

       272
        
       Enter new UNIX password: ***

     

       273
        
       Retype new UNIX password: ***

     

       274
       +
           </screen>

     

       275
        
       

     

       276
        
           <note>

     

       277
        
             <para>

     

       278
       +
               To prevent the password prompt, set <code><xref linkend="opt-users.mutableUsers"/> = false;</code> in

     

       279
        
               <filename>configuration.nix</filename>, which allows unattended installation

     

       280
        
               necessary in automation.

     

       281
        
             </para>

     
···

       288
        
         <listitem>

     

       289
        
           <para>If everything went well:

     

       290
        
       

     

       291
       +
             <screen>

     

       292
       +
               # reboot</screen>

     

       293
        
       

     

       294
        
         </para></listitem>

     

       295
        
       

     

       296
        
         <listitem>

     

       297
        
       

     

       298
        
           <para>You should now be able to boot into the installed NixOS. The

     

       299
       +
             GRUB boot menu shows a list of <emphasis>available

     

       300
       +
               configurations</emphasis> (initially just one). Every time you

     

       301
       +
             change the NixOS configuration (see <link

     

       302
       +
               linkend="sec-changing-config">Changing Configuration</link> ), a

     

       303
       +
             new item is added to the menu. This allows you to easily roll back

     

       304
       +
             to a previous configuration if something goes wrong.</para>

     

       305
        
       

     

       306
        
           <para>You should log in and change the <literal>root</literal>

     

       307
        
           password with <command>passwd</command>.</para>

     
···

       375
        
       </example>

     

       376
        
       

     

       377
        
       <example xml:id='ex-config'><title>NixOS Configuration</title>

     

       378
       +
         <screen>

     

       379
       +
       { config, pkgs, ... }: {

     

       380
       +
         imports = [

     

       381
       +
           # Include the results of the hardware scan.

     

       382
       +
           ./hardware-configuration.nix

     

       383
       +
         ];

     

       384
        
       

     

       385
       +
         <xref linkend="opt-boot.loader.grub.device"/> = "/dev/sda";   # <lineannotation>(for BIOS systems only)</lineannotation>

     

       386
       +
         <xref linkend="opt-boot.loader.systemd-boot.enable"/> = true; # <lineannotation>(for UEFI systems only)</lineannotation>

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       387
        
       

     

       388
        
         # Note: setting fileSystems is generally not

     

       389
        
         # necessary, since nixos-generate-config figures them out

     

       390
        
         # automatically in hardware-configuration.nix.

     

       391
       +
         #<link linkend="opt-fileSystems._name__.device">fileSystems."/".device</link> = "/dev/disk/by-label/nixos";

     

       392
        
       

     

       393
        
         # Enable the OpenSSH server.

     

       394
        
         services.sshd.enable = true;

     

       395
       +
       }

     

       396
       +
         </screen>

     

       397
        
       </example>

     

       398
        
       

     

       399
        
       <xi:include href="installing-usb.xml" />

+2 -2

nixos/doc/manual/installation/upgrading.xml

···

       119
        
       the following to <filename>configuration.nix</filename>:

     

       120
        
       

     

       121
        
       <programlisting>

     

       122
       -
       system.autoUpgrade.enable = true;

     

       123
        
       </programlisting>

     

       124
        
       

     

       125
        
       This enables a periodically executed systemd service named

     
···

       130
        
       specify a channel explicitly, e.g.

     

       131
        
       

     

       132
        
       <programlisting>

     

       133
       -
       system.autoUpgrade.channel = https://nixos.org/channels/nixos-17.03;

     

       134
        
       </programlisting>

     

       135
        
       

     

       136
        
       </para>

···

       119
        
       the following to <filename>configuration.nix</filename>:

     

       120
        
       

     

       121
        
       <programlisting>

     

       122
       +
       <xref linkend="opt-system.autoUpgrade.enable"/> = true;

     

       123
        
       </programlisting>

     

       124
        
       

     

       125
        
       This enables a periodically executed systemd service named

     
···

       130
        
       specify a channel explicitly, e.g.

     

       131
        
       

     

       132
        
       <programlisting>

     

       133
       +
       <xref linkend="opt-system.autoUpgrade.channel"/> = https://nixos.org/channels/nixos-17.03;

     

       134
        
       </programlisting>

     

       135
        
       

     

       136
        
       </para>

+39 -39

nixos/modules/i18n/input-method/default.xml

···

       6
        
       

     

       7
        
       <title>Input Methods</title>

     

       8
        
       

     

       9
       -
       <para>Input methods are an operating system component that allows any data, such 

     

       10
       -
         as keyboard strokes or mouse movements, to be received as input. In this way 

     

       11
       -
         users can enter characters and symbols not found on their input devices. Using 

     

       12
       -
         an input method is obligatory for any language that has more graphemes than 

     

       13
        
         there are keys on the keyboard.</para>

     

       14
        
       

     

       15
        
       <para>The following input methods are available in NixOS:</para>

     

       16
        
       

     

       17
        
       <itemizedlist>

     

       18
        
         <listitem><para>IBus: The intelligent input bus.</para></listitem>

     

       19
       -
         <listitem><para>Fcitx: A customizable lightweight input 

     

       20
        
             method.</para></listitem>

     

       21
        
         <listitem><para>Nabi: A Korean input method based on XIM.</para></listitem>

     

       22
       -
         <listitem><para>Uim: The universal input method, is a library with a XIM 

     

       23
        
             bridge.</para></listitem>

     

       24
        
       </itemizedlist>

     

       25
        
       

     

       26
        
       <section><title>IBus</title>

     

       27
        
       

     

       28
       -
       <para>IBus is an Intelligent Input Bus. It provides full featured and user 

     

       29
        
         friendly input method user interface.</para>

     

       30
        
       

     

       31
        
       <para>The following snippet can be used to configure IBus:</para>

     

       32
        
       

     

       33
        
       <programlisting>

     

       34
        
       i18n.inputMethod = {

     

       35
       -
         enabled = "ibus";

     

       36
       -
         ibus.engines = with pkgs.ibus-engines; [ anthy hangul mozc ];

     

       37
        
       };

     

       38
        
       </programlisting>

     

       39
        
       

     

       40
       -
       <para><literal>i18n.inputMethod.ibus.engines</literal> is optional and can be 

     

       41
        
         used to add extra IBus engines.</para>

     

       42
        
       

     

       43
        
       <para>Available extra IBus engines are:</para>

     

       44
        
       

     

       45
        
       <itemizedlist>

     

       46
       -
         <listitem><para>Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a 

     

       47
       -
             system for Japanese input method. It converts Hiragana text to Kana Kanji 

     

       48
        
             mixed text.</para></listitem>

     

       49
       -
         <listitem><para>Hangul (<literal>ibus-engines.hangul</literal>): Korean input 

     

       50
        
             method.</para></listitem>

     

       51
       -
         <listitem><para>m17n (<literal>ibus-engines.m17n</literal>): m17n is an input 

     

       52
       -
             method that uses input methods and corresponding icons in the m17n 

     

       53
        
             database.</para></listitem>

     

       54
       -
         <listitem><para>mozc (<literal>ibus-engines.mozc</literal>): A Japanese input 

     

       55
        
             method from Google.</para></listitem>

     

       56
       -
         <listitem><para>Table (<literal>ibus-engines.table</literal>): An input method 

     

       57
        
             that load tables of input methods.</para></listitem>

     

       58
       -
         <listitem><para>table-others (<literal>ibus-engines.table-others</literal>): 

     

       59
        
             Various table-based input methods. To use this, and any other table-based

     

       60
        
             input methods, it must appear in the list of engines along with

     

       61
        
             <literal>table</literal>. For example:

     
···

       72
        
       

     

       73
        
       <section><title>Fcitx</title>

     

       74
        
       

     

       75
       -
       <para>Fcitx is an input method framework with extension support. It has three 

     

       76
       -
         built-in Input Method Engine, Pinyin, QuWei and Table-based input 

     

       77
        
         methods.</para>

     

       78
        
       <para>The following snippet can be used to configure Fcitx:</para>

     

       79
        
       

     

       80
        
       <programlisting>

     

       81
        
       i18n.inputMethod = {

     

       82
       -
         enabled = "fcitx";

     

       83
       -
         fcitx.engines = with pkgs.fcitx-engines; [ mozc hangul m17n ];

     

       84
        
       };

     

       85
        
       </programlisting>

     

       86
        
       

     

       87
       -
       <para><literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be 

     

       88
        
         used to add extra Fcitx engines.</para>

     

       89
        
       

     

       90
        
       <para>Available extra Fcitx engines are:</para>

     

       91
        
       

     

       92
        
       <itemizedlist>

     

       93
       -
         <listitem><para>Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a 

     

       94
       -
             system for Japanese input method. It converts Hiragana text to Kana Kanji 

     

       95
        
             mixed text.</para></listitem>

     

       96
       -
         <listitem><para>Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is 

     

       97
       -
             an intelligent Zhuyin input method. It is one of the most popular input 

     

       98
        
             methods among Traditional Chinese Unix users.</para></listitem>

     

       99
       -
         <listitem><para>Hangul (<literal>fcitx-engines.hangul</literal>): Korean input 

     

       100
        
             method.</para></listitem>

     

       101
       -
         <listitem><para>Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input 

     

       102
        
             method.</para></listitem>

     

       103
       -
         <listitem><para>m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input 

     

       104
       -
             method that uses input methods and corresponding icons in the m17n 

     

       105
        
             database.</para></listitem>

     

       106
       -
         <listitem><para>mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input 

     

       107
        
             method from Google.</para></listitem>

     

       108
       -
         <listitem><para>table-others (<literal>fcitx-engines.table-others</literal>): 

     

       109
        
             Various table-based input methods.</para></listitem>

     

       110
        
       </itemizedlist>

     

       111
        
       </section>

     

       112
        
       

     

       113
        
       <section><title>Nabi</title>

     

       114
        
       

     

       115
       -
       <para>Nabi is an easy to use Korean X input method. It allows you to enter 

     

       116
       -
         phonetic Korean characters (hangul) and pictographic Korean characters 

     

       117
        
         (hanja).</para>

     

       118
        
       <para>The following snippet can be used to configure Nabi:</para>

     

       119
        
       

     

       120
        
       <programlisting>

     

       121
        
       i18n.inputMethod = {

     

       122
       -
         enabled = "nabi";

     

       123
        
       };

     

       124
        
       </programlisting>

     

       125
        
       </section>

     

       126
        
       

     

       127
        
       <section><title>Uim</title>

     

       128
        
       

     

       129
       -
       <para>Uim (short for "universal input method") is a multilingual input method 

     

       130
        
         framework. Applications can use it through so-called bridges.</para>

     

       131
        
       <para>The following snippet can be used to configure uim:</para>

     

       132
        
       

     

       133
        
       <programlisting>

     

       134
        
       i18n.inputMethod = {

     

       135
       -
         enabled = "uim";

     

       136
        
       };

     

       137
        
       </programlisting>

     

       138
        
       

     

       139
       -
       <para>Note: The <literal>i18n.inputMethod.uim.toolbar</literal> option can be 

     

       140
        
         used to choose uim toolbar.</para>

     

       141
        
       

     

       142
        
       </section>

···

       6
        
       

     

       7
        
       <title>Input Methods</title>

     

       8
        
       

     

       9
       +
       <para>Input methods are an operating system component that allows any data, such

     

       10
       +
         as keyboard strokes or mouse movements, to be received as input. In this way

     

       11
       +
         users can enter characters and symbols not found on their input devices. Using

     

       12
       +
         an input method is obligatory for any language that has more graphemes than

     

       13
        
         there are keys on the keyboard.</para>

     

       14
        
       

     

       15
        
       <para>The following input methods are available in NixOS:</para>

     

       16
        
       

     

       17
        
       <itemizedlist>

     

       18
        
         <listitem><para>IBus: The intelligent input bus.</para></listitem>

     

       19
       +
         <listitem><para>Fcitx: A customizable lightweight input

     

       20
        
             method.</para></listitem>

     

       21
        
         <listitem><para>Nabi: A Korean input method based on XIM.</para></listitem>

     

       22
       +
         <listitem><para>Uim: The universal input method, is a library with a XIM

     

       23
        
             bridge.</para></listitem>

     

       24
        
       </itemizedlist>

     

       25
        
       

     

       26
        
       <section><title>IBus</title>

     

       27
        
       

     

       28
       +
       <para>IBus is an Intelligent Input Bus. It provides full featured and user

     

       29
        
         friendly input method user interface.</para>

     

       30
        
       

     

       31
        
       <para>The following snippet can be used to configure IBus:</para>

     

       32
        
       

     

       33
        
       <programlisting>

     

       34
        
       i18n.inputMethod = {

     

       35
       +
         <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "ibus";

     

       36
       +
         <link linkend="opt-i18n.inputMethod.ibus.engines">ibus.engines</link> = with pkgs.ibus-engines; [ anthy hangul mozc ];

     

       37
        
       };

     

       38
        
       </programlisting>

     

       39
        
       

     

       40
       +
       <para><literal>i18n.inputMethod.ibus.engines</literal> is optional and can be

     

       41
        
         used to add extra IBus engines.</para>

     

       42
        
       

     

       43
        
       <para>Available extra IBus engines are:</para>

     

       44
        
       

     

       45
        
       <itemizedlist>

     

       46
       +
         <listitem><para>Anthy (<literal>ibus-engines.anthy</literal>): Anthy is a

     

       47
       +
             system for Japanese input method. It converts Hiragana text to Kana Kanji

     

       48
        
             mixed text.</para></listitem>

     

       49
       +
         <listitem><para>Hangul (<literal>ibus-engines.hangul</literal>): Korean input

     

       50
        
             method.</para></listitem>

     

       51
       +
         <listitem><para>m17n (<literal>ibus-engines.m17n</literal>): m17n is an input

     

       52
       +
             method that uses input methods and corresponding icons in the m17n

     

       53
        
             database.</para></listitem>

     

       54
       +
         <listitem><para>mozc (<literal>ibus-engines.mozc</literal>): A Japanese input

     

       55
        
             method from Google.</para></listitem>

     

       56
       +
         <listitem><para>Table (<literal>ibus-engines.table</literal>): An input method

     

       57
        
             that load tables of input methods.</para></listitem>

     

       58
       +
         <listitem><para>table-others (<literal>ibus-engines.table-others</literal>):

     

       59
        
             Various table-based input methods. To use this, and any other table-based

     

       60
        
             input methods, it must appear in the list of engines along with

     

       61
        
             <literal>table</literal>. For example:

     
···

       72
        
       

     

       73
        
       <section><title>Fcitx</title>

     

       74
        
       

     

       75
       +
       <para>Fcitx is an input method framework with extension support. It has three

     

       76
       +
         built-in Input Method Engine, Pinyin, QuWei and Table-based input

     

       77
        
         methods.</para>

     

       78
        
       <para>The following snippet can be used to configure Fcitx:</para>

     

       79
        
       

     

       80
        
       <programlisting>

     

       81
        
       i18n.inputMethod = {

     

       82
       +
         <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "fcitx";

     

       83
       +
         <link linkend="opt-i18n.inputMethod.fcitx.engines">fcitx.engines</link> = with pkgs.fcitx-engines; [ mozc hangul m17n ];

     

       84
        
       };

     

       85
        
       </programlisting>

     

       86
        
       

     

       87
       +
       <para><literal>i18n.inputMethod.fcitx.engines</literal> is optional and can be

     

       88
        
         used to add extra Fcitx engines.</para>

     

       89
        
       

     

       90
        
       <para>Available extra Fcitx engines are:</para>

     

       91
        
       

     

       92
        
       <itemizedlist>

     

       93
       +
         <listitem><para>Anthy (<literal>fcitx-engines.anthy</literal>): Anthy is a

     

       94
       +
             system for Japanese input method. It converts Hiragana text to Kana Kanji

     

       95
        
             mixed text.</para></listitem>

     

       96
       +
         <listitem><para>Chewing (<literal>fcitx-engines.chewing</literal>): Chewing is

     

       97
       +
             an intelligent Zhuyin input method. It is one of the most popular input

     

       98
        
             methods among Traditional Chinese Unix users.</para></listitem>

     

       99
       +
         <listitem><para>Hangul (<literal>fcitx-engines.hangul</literal>): Korean input

     

       100
        
             method.</para></listitem>

     

       101
       +
         <listitem><para>Unikey (<literal>fcitx-engines.unikey</literal>): Vietnamese input

     

       102
        
             method.</para></listitem>

     

       103
       +
         <listitem><para>m17n (<literal>fcitx-engines.m17n</literal>): m17n is an input

     

       104
       +
             method that uses input methods and corresponding icons in the m17n

     

       105
        
             database.</para></listitem>

     

       106
       +
         <listitem><para>mozc (<literal>fcitx-engines.mozc</literal>): A Japanese input

     

       107
        
             method from Google.</para></listitem>

     

       108
       +
         <listitem><para>table-others (<literal>fcitx-engines.table-others</literal>):

     

       109
        
             Various table-based input methods.</para></listitem>

     

       110
        
       </itemizedlist>

     

       111
        
       </section>

     

       112
        
       

     

       113
        
       <section><title>Nabi</title>

     

       114
        
       

     

       115
       +
       <para>Nabi is an easy to use Korean X input method. It allows you to enter

     

       116
       +
         phonetic Korean characters (hangul) and pictographic Korean characters

     

       117
        
         (hanja).</para>

     

       118
        
       <para>The following snippet can be used to configure Nabi:</para>

     

       119
        
       

     

       120
        
       <programlisting>

     

       121
        
       i18n.inputMethod = {

     

       122
       +
         <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "nabi";

     

       123
        
       };

     

       124
        
       </programlisting>

     

       125
        
       </section>

     

       126
        
       

     

       127
        
       <section><title>Uim</title>

     

       128
        
       

     

       129
       +
       <para>Uim (short for "universal input method") is a multilingual input method

     

       130
        
         framework. Applications can use it through so-called bridges.</para>

     

       131
        
       <para>The following snippet can be used to configure uim:</para>

     

       132
        
       

     

       133
        
       <programlisting>

     

       134
        
       i18n.inputMethod = {

     

       135
       +
         <link linkend="opt-i18n.inputMethod.enabled">enabled</link> = "uim";

     

       136
        
       };

     

       137
        
       </programlisting>

     

       138
        
       

     

       139
       +
       <para>Note: The <xref linkend="opt-i18n.inputMethod.uim.toolbar"/> option can be

     

       140
        
         used to choose uim toolbar.</para>

     

       141
        
       

     

       142
        
       </section>

+19 -19

nixos/modules/programs/digitalbitbox/doc.xml

···

       15
        
           installed by setting <literal>programs.digitalbitbox</literal>

     

       16
        
           to <literal>true</literal> in a manner similar to

     

       17
        
       

     

       18
       -
           <programlisting>

     

       19
       -
             programs.digitalbitbox.enable = true;

     

       20
       -
           </programlisting>

     

       21
        
       

     

       22
        
           and bundles the <literal>digitalbitbox</literal> package (see <xref

     

       23
        
             linkend="sec-digitalbitbox-package" />), which contains the

     
···

       46
        
             <literal>digitalbitbox</literal> package which could be installed

     

       47
        
             as follows:

     

       48
        
       

     

       49
       -
             <programlisting>

     

       50
       -
               environment.systemPackages = [

     

       51
       -
                 pkgs.digitalbitbox

     

       52
       -
               ];

     

       53
       -
             </programlisting>

     

       54
        
           </para>

     

       55
        
         </section>

     

       56
        
       

     
···

       62
        
             The digitalbitbox hardware package enables the udev rules for

     

       63
        
             Digital Bitbox devices and may be installed as follows:

     

       64
        
       

     

       65
       -
             <programlisting>

     

       66
       -
               hardware.digitalbitbox.enable = true;

     

       67
       -
             </programlisting>

     

       68
        
           </para>

     

       69
        
       

     

       70
        
           <para>

     
···

       72
        
             the <literal>udevRule51</literal> and <literal>udevRule52</literal>

     

       73
        
             attributes by means of overriding as follows:

     

       74
        
       

     

       75
       -
             <programlisting>

     

       76
       -
               programs.digitalbitbox = {

     

       77
       -
                 enable = true;

     

       78
       -
                 package = pkgs.digitalbitbox.override {

     

       79
       -
                   udevRule51 = "something else";

     

       80
       -
                 };

     

       81
       -
               };

     

       82
       -
             </programlisting>

     

       83
        
           </para>

     

       84
        
         </section>

     

       85
        
       </chapter>

···

       15
        
           installed by setting <literal>programs.digitalbitbox</literal>

     

       16
        
           to <literal>true</literal> in a manner similar to

     

       17
        
       

     

       18
       +
       <programlisting>

     

       19
       +
       <xref linkend="opt-programs.digitalbitbox.enable"/> = true;

     

       20
       +
       </programlisting>

     

       21
        
       

     

       22
        
           and bundles the <literal>digitalbitbox</literal> package (see <xref

     

       23
        
             linkend="sec-digitalbitbox-package" />), which contains the

     
···

       46
        
             <literal>digitalbitbox</literal> package which could be installed

     

       47
        
             as follows:

     

       48
        
       

     

       49
       +
       <programlisting>

     

       50
       +
       <xref linkend="opt-environment.systemPackages"/> = [

     

       51
       +
         pkgs.digitalbitbox

     

       52
       +
       ];

     

       53
       +
       </programlisting>

     

       54
        
           </para>

     

       55
        
         </section>

     

       56
        
       

     
···

       62
        
             The digitalbitbox hardware package enables the udev rules for

     

       63
        
             Digital Bitbox devices and may be installed as follows:

     

       64
        
       

     

       65
       +
       <programlisting>

     

       66
       +
       <xref linkend="opt-hardware.digitalbitbox.enable"/> = true;

     

       67
       +
       </programlisting>

     

       68
        
           </para>

     

       69
        
       

     

       70
        
           <para>

     
···

       72
        
             the <literal>udevRule51</literal> and <literal>udevRule52</literal>

     

       73
        
             attributes by means of overriding as follows:

     

       74
        
       

     

       75
       +
       <programlisting>

     

       76
       +
       programs.digitalbitbox = {

     

       77
       +
         <link linkend="opt-programs.digitalbitbox.enable">enable</link> = true;

     

       78
       +
         <link linkend="opt-programs.digitalbitbox.package">package</link> = pkgs.digitalbitbox.override {

     

       79
       +
           udevRule51 = "something else";

     

       80
       +
         };

     

       81
       +
       };

     

       82
       +
       </programlisting>

     

       83
        
           </para>

     

       84
        
         </section>

     

       85
        
       </chapter>

+1 -1

nixos/modules/programs/plotinus.xml

···

       17
        
       <para>To enable Plotinus, add the following to your <filename>configuration.nix</filename>:

     

       18
        
       

     

       19
        
       <programlisting>

     

       20
       -
       programs.plotinus.enable = true;

     

       21
        
       </programlisting>

     

       22
        
       

     

       23
        
       </para>

···

       17
        
       <para>To enable Plotinus, add the following to your <filename>configuration.nix</filename>:

     

       18
        
       

     

       19
        
       <programlisting>

     

       20
       +
       <xref linkend="opt-programs.plotinus.enable"/> = true;

     

       21
        
       </programlisting>

     

       22
        
       

     

       23
        
       </para>

+11 -11

nixos/modules/security/acme.xml

···

       48
        
       <filename>configuration.nix</filename>:

     

       49
        
       

     

       50
        
       <programlisting>

     

       51
       -
       security.acme.certs."foo.example.com" = {

     

       52
       -
         webroot = "/var/www/challenges";

     

       53
       -
         email = "foo@example.com";

     

       54
        
       };

     

       55
        
       </programlisting>

     

       56
        
       </para>

     
···

       58
        
       <para>The private key <filename>key.pem</filename> and certificate

     

       59
        
       <filename>fullchain.pem</filename> will be put into

     

       60
        
       <filename>/var/lib/acme/foo.example.com</filename>. The target directory can

     

       61
       -
       be configured with the option <literal>security.acme.directory</literal>.

     

       62
        
       </para>

     

       63
        
       

     

       64
        
       <para>Refer to <xref linkend="ch-options" /> for all available configuration

     

       65
       -
       options for the <literal>security.acme</literal> module.</para>

     

       66
        
       

     

       67
        
       </section>

     

       68
        
       

     

       69
        
       <section><title>Using ACME certificates in Nginx</title>

     

       70
        
       <para>NixOS supports fetching ACME certificates for you by setting

     

       71
       -
       <literal>enableACME = true;</literal> in a virtualHost config. We

     

       72
        
       first create self-signed placeholder certificates in place of the

     

       73
        
       real ACME certs. The placeholder certs are overwritten when the ACME

     

       74
        
       certs arrive. For <literal>foo.example.com</literal> the config would

     
···

       77
        
       

     

       78
        
       <programlisting>

     

       79
        
       services.nginx = {

     

       80
       -
         enable = true;

     

       81
       -
         virtualHosts = {

     

       82
        
           "foo.example.com" = {

     

       83
       -
             forceSSL = true;

     

       84
       -
             enableACME = true;

     

       85
        
             locations."/" = {

     

       86
       -
               root = "/var/www";

     

       87
        
             };

     

       88
        
           };

     

       89
        
         };

···

       48
        
       <filename>configuration.nix</filename>:

     

       49
        
       

     

       50
        
       <programlisting>

     

       51
       +
       <xref linkend="opt-security.acme.certs"/>."foo.example.com" = {

     

       52
       +
         <link linkend="opt-security.acme.certs._name_.webroot">webroot</link> = "/var/www/challenges";

     

       53
       +
         <link linkend="opt-security.acme.certs._name_.email">email</link> = "foo@example.com";

     

       54
        
       };

     

       55
        
       </programlisting>

     

       56
        
       </para>

     
···

       58
        
       <para>The private key <filename>key.pem</filename> and certificate

     

       59
        
       <filename>fullchain.pem</filename> will be put into

     

       60
        
       <filename>/var/lib/acme/foo.example.com</filename>. The target directory can

     

       61
       +
       be configured with the option <xref linkend="opt-security.acme.directory"/>.

     

       62
        
       </para>

     

       63
        
       

     

       64
        
       <para>Refer to <xref linkend="ch-options" /> for all available configuration

     

       65
       +
       options for the <link linkend="opt-security.acme.certs">security.acme</link> module.</para>

     

       66
        
       

     

       67
        
       </section>

     

       68
        
       

     

       69
        
       <section><title>Using ACME certificates in Nginx</title>

     

       70
        
       <para>NixOS supports fetching ACME certificates for you by setting

     

       71
       +
         <literal><link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;</literal> in a virtualHost config. We

     

       72
        
       first create self-signed placeholder certificates in place of the

     

       73
        
       real ACME certs. The placeholder certs are overwritten when the ACME

     

       74
        
       certs arrive. For <literal>foo.example.com</literal> the config would

     
···

       77
        
       

     

       78
        
       <programlisting>

     

       79
        
       services.nginx = {

     

       80
       +
         <link linkend="opt-services.nginx.enable">enable = true;</link>

     

       81
       +
         <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link> = {

     

       82
        
           "foo.example.com" = {

     

       83
       +
             <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;

     

       84
       +
             <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;

     

       85
        
             locations."/" = {

     

       86
       +
               <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.root">root</link> = "/var/www";

     

       87
        
             };

     

       88
        
           };

     

       89
        
         };

+6 -6

nixos/modules/security/hidepid.xml

···

       8
        
       

     

       9
        
         <para>

     

       10
        
           Setting

     

       11
       -
           <programlisting>

     

       12
       -
             security.hideProcessInformation = true;

     

       13
       -
           </programlisting>

     

       14
        
           ensures that access to process information is restricted to the

     

       15
        
           owning user.  This implies, among other things, that command-line

     

       16
        
           arguments remain private.  Unless your deployment relies on unprivileged

     
···

       25
        
       

     

       26
        
         <para>

     

       27
        
           To allow a service <replaceable>foo</replaceable> to run without process information hiding, set

     

       28
       -
           <programlisting>

     

       29
       -
             systemd.services.<replaceable>foo</replaceable>.serviceConfig.SupplementaryGroups = [ "proc" ];

     

       30
       -
           </programlisting>

     

       31
        
         </para>

     

       32
        
       

     

       33
        
       </chapter>

···

       8
        
       

     

       9
        
         <para>

     

       10
        
           Setting

     

       11
       +
       <programlisting>

     

       12
       +
       <xref linkend="opt-security.hideProcessInformation"/> = true;

     

       13
       +
       </programlisting>

     

       14
        
           ensures that access to process information is restricted to the

     

       15
        
           owning user.  This implies, among other things, that command-line

     

       16
        
           arguments remain private.  Unless your deployment relies on unprivileged

     
···

       25
        
       

     

       26
        
         <para>

     

       27
        
           To allow a service <replaceable>foo</replaceable> to run without process information hiding, set

     

       28
       +
       <programlisting>

     

       29
       +
       <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];

     

       30
       +
       </programlisting>

     

       31
        
         </para>

     

       32
        
       

     

       33
        
       </chapter>

+6 -6

nixos/modules/services/databases/postgresql.xml

···

       23
        
       <filename>configuration.nix</filename>:

     

       24
        
       

     

       25
        
       <programlisting>

     

       26
       -
       services.postgresql.enable = true;

     

       27
       -
       services.postgresql.package = pkgs.postgresql94;

     

       28
        
       </programlisting>

     

       29
        
       

     

       30
        
       Note that you are required to specify the desired version of

     

       31
        
       PostgreSQL (e.g. <literal>pkgs.postgresql94</literal>). Since

     

       32
        
       upgrading your PostgreSQL version requires a database dump and reload

     

       33
        
       (see below), NixOS cannot provide a default value for

     

       34
       -
       <option>services.postgresql.package</option> such as the most recent

     

       35
        
       release of PostgreSQL.</para>

     

       36
        
       

     

       37
        
       <!--

     
···

       49
        
       

     

       50
        
       <para>By default, PostgreSQL stores its databases in

     

       51
        
       <filename>/var/db/postgresql</filename>. You can override this using

     

       52
       -
       <option>services.postgresql.dataDir</option>, e.g.

     

       53
        
       

     

       54
        
       <programlisting>

     

       55
       -
       services.postgresql.dataDir = "/data/postgresql";

     

       56
        
       </programlisting>

     

       57
        
       

     

       58
        
       </para>

     
···

       69
        
       

     

       70
        
       <section><title>Options</title>

     

       71
        
       

     

       72
       -
       <para>FIXME: auto-generated list of module options.</para>

     

       73
        
       

     

       74
        
       </section>

     

       75

···

       23
        
       <filename>configuration.nix</filename>:

     

       24
        
       

     

       25
        
       <programlisting>

     

       26
       +
       <xref linkend="opt-services.postgresql.enable"/> = true;

     

       27
       +
       <xref linkend="opt-services.postgresql.package"/> = pkgs.postgresql94;

     

       28
        
       </programlisting>

     

       29
        
       

     

       30
        
       Note that you are required to specify the desired version of

     

       31
        
       PostgreSQL (e.g. <literal>pkgs.postgresql94</literal>). Since

     

       32
        
       upgrading your PostgreSQL version requires a database dump and reload

     

       33
        
       (see below), NixOS cannot provide a default value for

     

       34
       +
       <xref linkend="opt-services.postgresql.package"/> such as the most recent

     

       35
        
       release of PostgreSQL.</para>

     

       36
        
       

     

       37
        
       <!--

     
···

       49
        
       

     

       50
        
       <para>By default, PostgreSQL stores its databases in

     

       51
        
       <filename>/var/db/postgresql</filename>. You can override this using

     

       52
       +
       <xref linkend="opt-services.postgresql.dataDir"/>, e.g.

     

       53
        
       

     

       54
        
       <programlisting>

     

       55
       +
       <xref linkend="opt-services.postgresql.dataDir"/> = "/data/postgresql";

     

       56
        
       </programlisting>

     

       57
        
       

     

       58
        
       </para>

     
···

       69
        
       

     

       70
        
       <section><title>Options</title>

     

       71
        
       

     

       72
       +
         <para>A complete list of options for the PostgreSQL module may be found <link linkend="opt-services.postgresql.enable">here</link>.</para>

     

       73
        
       

     

       74
        
       </section>

     

       75

+10 -10

nixos/modules/services/editors/emacs.xml

···

       404
        
             user service for Emacs daemon, add the following to your

     

       405
        
             <filename>configuration.nix</filename>:

     

       406
        
       

     

       407
       -
             <programlisting><![CDATA[

     

       408
       -
       services.emacs.enable = true;

     

       409
       -
       services.emacs.package = import /home/cassou/.emacs.d { pkgs = pkgs; };

     

       410
       -
       ]]></programlisting>

     

       411
        
           </para>

     

       412
        
       

     

       413
        
           <para>

     
···

       462
        
           <!--<title><command>emacsclient</command> as the Default Editor</title>-->

     

       463
        
       

     

       464
        
           <para>

     

       465
       -
             If <varname>services.emacs.defaultEditor</varname> is

     

       466
        
             <literal>true</literal>, the <varname>EDITOR</varname> variable

     

       467
        
             will be set to a wrapper script which launches

     

       468
        
             <command>emacsclient</command>.

     
···

       497
        
             Emacs daemon is not wanted for all users, it is possible to

     

       498
        
             install the service but not globally enable it:

     

       499
        
       

     

       500
       -
             <programlisting><![CDATA[

     

       501
       -
       services.emacs.enable = false;

     

       502
       -
       services.emacs.install = true;

     

       503
       -
       ]]></programlisting>

     

       504
        
           </para>

     

       505
        
       

     

       506
        
           <para>

     
···

       582
        
           <para>

     

       583
        
             To install the DocBook 5.0 schemas, either add

     

       584
        
             <varname>pkgs.docbook5</varname> to

     

       585
       -
             <varname>environment.systemPackages</varname> (<link

     

       586
        
             linkend="sec-declarative-package-mgmt">NixOS</link>), or run

     

       587
        
             <literal>nix-env -i pkgs.docbook5</literal>

     

       588
        
             (<link linkend="sec-ad-hoc-packages">Nix</link>).

···

       404
        
             user service for Emacs daemon, add the following to your

     

       405
        
             <filename>configuration.nix</filename>:

     

       406
        
       

     

       407
       +
       <programlisting>

     

       408
       +
       <xref linkend="opt-services.emacs.enable"/> = true;

     

       409
       +
       <xref linkend="opt-services.emacs.package"/> = import /home/cassou/.emacs.d { pkgs = pkgs; };

     

       410
       +
       </programlisting>

     

       411
        
           </para>

     

       412
        
       

     

       413
        
           <para>

     
···

       462
        
           <!--<title><command>emacsclient</command> as the Default Editor</title>-->

     

       463
        
       

     

       464
        
           <para>

     

       465
       +
             If <xref linkend="opt-services.emacs.defaultEditor"/> is

     

       466
        
             <literal>true</literal>, the <varname>EDITOR</varname> variable

     

       467
        
             will be set to a wrapper script which launches

     

       468
        
             <command>emacsclient</command>.

     
···

       497
        
             Emacs daemon is not wanted for all users, it is possible to

     

       498
        
             install the service but not globally enable it:

     

       499
        
       

     

       500
       +
       <programlisting>

     

       501
       +
       <xref linkend="opt-services.emacs.enable"/> = false;

     

       502
       +
       <xref linkend="opt-services.emacs.install"/> = true;

     

       503
       +
       </programlisting>

     

       504
        
           </para>

     

       505
        
       

     

       506
        
           <para>

     
···

       582
        
           <para>

     

       583
        
             To install the DocBook 5.0 schemas, either add

     

       584
        
             <varname>pkgs.docbook5</varname> to

     

       585
       +
             <xref linkend="opt-environment.systemPackages"/> (<link

     

       586
        
             linkend="sec-declarative-package-mgmt">NixOS</link>), or run

     

       587
        
             <literal>nix-env -i pkgs.docbook5</literal>

     

       588
        
             (<link linkend="sec-ad-hoc-packages">Nix</link>).

+29 -30

nixos/modules/services/misc/gitlab.xml

···

       18
        
           frontend proxy:

     

       19
        
       

     

       20
        
       <programlisting>

     

       21
       -
           services.nginx = {

     

       22
       -
             enable = true;

     

       23
       -
             recommendedGzipSettings = true;

     

       24
       -
             recommendedOptimisation = true;

     

       25
       -
             recommendedProxySettings = true;

     

       26
       -
             recommendedTlsSettings = true;

     

       27
       -
             virtualHosts."git.example.com" = {

     

       28
       -
               enableACME = true;

     

       29
       -
               forceSSL = true;

     

       30
       -
               locations."/".proxyPass = "http://unix:/run/gitlab/gitlab-workhorse.socket";

     

       31
       -
             };

     

       32
       -
           };

     

       33
       -
       '';

     

       34
        
       </programlisting>

     

       35
        
       </para>

     

       36
        
       

     
···

       49
        
       

     

       50
        
       <programlisting>

     

       51
        
       services.gitlab = {

     

       52
       -
         enable = true;

     

       53
       -
         databasePassword = "eXaMpl3";

     

       54
       -
         initialRootPassword = "UseNixOS!";

     

       55
       -
         https = true;

     

       56
       -
         host = "git.example.com";

     

       57
       -
         port = 443;

     

       58
       -
         user = "git";

     

       59
       -
         group = "git";

     

       60
        
         smtp = {

     

       61
       -
           enable = true;

     

       62
       -
           address = "localhost";

     

       63
       -
           port = 25;

     

       64
        
         };

     

       65
        
         secrets = {

     

       66
       -
           db = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";

     

       67
       -
           secret = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";

     

       68
       -
           otp = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";

     

       69
       -
           jws = ''

     

       70
        
             -----BEGIN RSA PRIVATE KEY-----

     

       71
        
             MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK

     

       72
        
             ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm

     
···

       96
        
             -----END RSA PRIVATE KEY-----

     

       97
        
           '';

     

       98
        
         };

     

       99
       -
         extraConfig = {

     

       100
        
           gitlab = {

     

       101
        
             email_from = "gitlab-no-reply@example.com";

     

       102
        
             email_display_name = "Example GitLab";

     
···

       116
        
       folder.</para>

     

       117
        
       

     

       118
        
       <para>Refer to <xref linkend="ch-options" /> for all available configuration

     

       119
       -
       options for the <literal>services.gitlab</literal> module.</para>

     

       120
        
       

     

       121
        
       </section>

     

       122

···

       18
        
           frontend proxy:

     

       19
        
       

     

       20
        
       <programlisting>

     

       21
       +
       <link linkend="opt-services.nginx.enable">services.nginx</link> = {

     

       22
       +
         <link linkend="opt-services.nginx.enable">enable</link> = true;

     

       23
       +
         <link linkend="opt-services.nginx.recommendedGzipSettings">recommendedGzipSettings</link> = true;

     

       24
       +
         <link linkend="opt-services.nginx.recommendedOptimisation">recommendedOptimisation</link> = true;

     

       25
       +
         <link linkend="opt-services.nginx.recommendedProxySettings">recommendedProxySettings</link> = true;

     

       26
       +
         <link linkend="opt-services.nginx.recommendedTlsSettings">recommendedTlsSettings</link> = true;

     

       27
       +
         <link linkend="opt-services.nginx.virtualHosts">virtualHosts</link>."git.example.com" = {

     

       28
       +
           <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">enableACME</link> = true;

     

       29
       +
           <link linkend="opt-services.nginx.virtualHosts._name_.forceSSL">forceSSL</link> = true;

     

       30
       +
           <link linkend="opt-services.nginx.virtualHosts._name_.locations._name_.proxyPass">locations."/".proxyPass</link> = "http://unix:/run/gitlab/gitlab-workhorse.socket";

     

       31
       +
         };

     

       32
       +
       };

     

       0
        
       
     

       33
        
       </programlisting>

     

       34
        
       </para>

     

       35
        
       

     
···

       48
        
       

     

       49
        
       <programlisting>

     

       50
        
       services.gitlab = {

     

       51
       +
         <link linkend="opt-services.gitlab.enable">enable</link> = true;

     

       52
       +
         <link linkend="opt-services.gitlab.databasePassword">databasePassword</link> = "eXaMpl3";

     

       53
       +
         <link linkend="opt-services.gitlab.initialRootPassword">initialRootPassword</link> = "UseNixOS!";

     

       54
       +
         <link linkend="opt-services.gitlab.https">https</link> = true;

     

       55
       +
         <link linkend="opt-services.gitlab.host">host</link> = "git.example.com";

     

       56
       +
         <link linkend="opt-services.gitlab.port">port</link> = 443;

     

       57
       +
         <link linkend="opt-services.gitlab.user">user</link> = "git";

     

       58
       +
         <link linkend="opt-services.gitlab.group">group</link> = "git";

     

       59
        
         smtp = {

     

       60
       +
           <link linkend="opt-services.gitlab.smtp.enable">enable</link> = true;

     

       61
       +
           <link linkend="opt-services.gitlab.smtp.address">address</link> = "localhost";

     

       62
       +
           <link linkend="opt-services.gitlab.smtp.port">port</link> = 25;

     

       63
        
         };

     

       64
        
         secrets = {

     

       65
       +
           <link linkend="opt-services.gitlab.secrets.db">db</link> = "uPgq1gtwwHiatiuE0YHqbGa5lEIXH7fMsvuTNgdzJi8P0Dg12gibTzBQbq5LT7PNzcc3BP9P1snHVnduqtGF43PgrQtU7XL93ts6gqe9CBNhjtaqUwutQUDkygP5NrV6";

     

       66
       +
           <link linkend="opt-services.gitlab.secrets.secret">secret</link> = "devzJ0Tz0POiDBlrpWmcsjjrLaltyiAdS8TtgT9YNBOoUcDsfppiY3IXZjMVtKgXrFImIennFGOpPN8IkP8ATXpRgDD5rxVnKuTTwYQaci2NtaV1XxOQGjdIE50VGsR3";

     

       67
       +
           <link linkend="opt-services.gitlab.secrets.otp">otp</link> = "e1GATJVuS2sUh7jxiPzZPre4qtzGGaS22FR50Xs1TerRVdgI3CBVUi5XYtQ38W4xFeS4mDqi5cQjExE838iViSzCdcG19XSL6qNsfokQP9JugwiftmhmCadtsnHErBMI";

     

       68
       +
           <link linkend="opt-services.gitlab.secrets.jws">jws</link> = ''

     

       69
        
             -----BEGIN RSA PRIVATE KEY-----

     

       70
        
             MIIEpAIBAAKCAQEArrtx4oHKwXoqUbMNqnHgAklnnuDon3XG5LJB35yPsXKv/8GK

     

       71
        
             ke92wkI+s1Xkvsp8tg9BIY/7c6YK4SR07EWL+dB5qwctsWR2Q8z+/BKmTx9D99pm

     
···

       95
        
             -----END RSA PRIVATE KEY-----

     

       96
        
           '';

     

       97
        
         };

     

       98
       +
         <link linkend="opt-services.gitlab.extraConfig">extraConfig</link> = {

     

       99
        
           gitlab = {

     

       100
        
             email_from = "gitlab-no-reply@example.com";

     

       101
        
             email_display_name = "Example GitLab";

     
···

       115
        
       folder.</para>

     

       116
        
       

     

       117
        
       <para>Refer to <xref linkend="ch-options" /> for all available configuration

     

       118
       +
       options for the <link linkend="opt-services.gitlab.enable">services.gitlab</link> module.</para>

     

       119
        
       

     

       120
        
       </section>

     

       121

+6 -6

nixos/modules/services/misc/taskserver/doc.xml

···

       55
        
             Because Taskserver by default only provides scripts to setup users

     

       56
        
             imperatively, the <command>nixos-taskserver</command> tool is used for

     

       57
        
             addition and deletion of organisations along with users and groups defined

     

       58
       -
             by <option>services.taskserver.organisations</option> and as well for

     

       59
        
             imperative set up.

     

       60
        
           </para>

     

       61
        
       

     
···

       99
        
             For example, let's say you have the following configuration:

     

       100
        
       <screen>

     

       101
        
       {

     

       102
       -
         services.taskserver.enable = true;

     

       103
       -
         services.taskserver.fqdn = "server";

     

       104
       -
         services.taskserver.listenHost = "::";

     

       105
       -
         services.taskserver.organisations.my-company.users = [ "alice" ];

     

       106
        
       }

     

       107
        
       </screen>

     

       108
        
             This creates an organisation called <literal>my-company</literal> with the

     
···

       136
        
       

     

       137
        
           <para>

     

       138
        
             If you set any options within

     

       139
       -
             <option>service.taskserver.pki.manual.*</option>,

     

       140
        
             <command>nixos-taskserver</command> won't issue certificates, but you can

     

       141
        
             still use it for adding or removing user accounts.

     

       142
        
           </para>

···

       55
        
             Because Taskserver by default only provides scripts to setup users

     

       56
        
             imperatively, the <command>nixos-taskserver</command> tool is used for

     

       57
        
             addition and deletion of organisations along with users and groups defined

     

       58
       +
             by <xref linkend="opt-services.taskserver.organisations"/> and as well for

     

       59
        
             imperative set up.

     

       60
        
           </para>

     

       61
        
       

     
···

       99
        
             For example, let's say you have the following configuration:

     

       100
        
       <screen>

     

       101
        
       {

     

       102
       +
         <xref linkend="opt-services.taskserver.enable"/> = true;

     

       103
       +
         <xref linkend="opt-services.taskserver.fqdn"/> = "server";

     

       104
       +
         <xref linkend="opt-services.taskserver.listenHost"/> = "::";

     

       105
       +
         <link linkend="opt-services.taskserver.organisations._name_.users">services.taskserver.organisations.my-company.users</link> = [ "alice" ];

     

       106
        
       }

     

       107
        
       </screen>

     

       108
        
             This creates an organisation called <literal>my-company</literal> with the

     
···

       136
        
       

     

       137
        
           <para>

     

       138
        
             If you set any options within

     

       139
       +
             <link linkend="opt-services.taskserver.pki.manual.ca.cert">service.taskserver.pki.manual</link>.*,

     

       140
        
             <command>nixos-taskserver</command> won't issue certificates, but you can

     

       141
        
             still use it for adding or removing user accounts.

     

       142
        
           </para>

+10 -10

nixos/modules/services/networking/dnscrypt-proxy.xml

···

       19
        
         <para>

     

       20
        
           To enable the client proxy, set

     

       21
        
           <programlisting>

     

       22
       -
             services.dnscrypt-proxy.enable = true;

     

       23
        
           </programlisting>

     

       24
        
         </para>

     

       25
        
       

     
···

       38
        
           DNS client, change the default proxy listening port to a

     

       39
        
           non-standard value and point the other client to it:

     

       40
        
           <programlisting>

     

       41
       -
             services.dnscrypt-proxy.localPort = 43;

     

       42
        
           </programlisting>

     

       43
        
         </para>

     

       44
        
       

     

       45
        
         <sect2><title>dnsmasq</title>

     

       46
        
         <para>

     

       47
        
           <programlisting>

     

       48
       -
             {

     

       49
       -
               services.dnsmasq.enable = true;

     

       50
       -
               services.dnsmasq.servers = [ "127.0.0.1#43" ];

     

       51
       -
             }

     

       52
        
           </programlisting>

     

       53
        
         </para>

     

       54
        
         </sect2>

     
···

       56
        
         <sect2><title>unbound</title>

     

       57
        
         <para>

     

       58
        
           <programlisting>

     

       59
       -
             {

     

       60
       -
               services.unbound.enable = true;

     

       61
       -
               services.unbound.forwardAddresses = [ "127.0.0.1@43" ];

     

       62
       -
             }

     

       63
        
           </programlisting>

     

       64
        
         </para>

     

       65
        
         </sect2>

···

       19
        
         <para>

     

       20
        
           To enable the client proxy, set

     

       21
        
           <programlisting>

     

       22
       +
       <xref linkend="opt-services.dnscrypt-proxy.enable"/> = true;

     

       23
        
           </programlisting>

     

       24
        
         </para>

     

       25
        
       

     
···

       38
        
           DNS client, change the default proxy listening port to a

     

       39
        
           non-standard value and point the other client to it:

     

       40
        
           <programlisting>

     

       41
       +
       <xref linkend="opt-services.dnscrypt-proxy.localPort"/> = 43;

     

       42
        
           </programlisting>

     

       43
        
         </para>

     

       44
        
       

     

       45
        
         <sect2><title>dnsmasq</title>

     

       46
        
         <para>

     

       47
        
           <programlisting>

     

       48
       +
       {

     

       49
       +
         <xref linkend="opt-services.dnsmasq.enable"/> = true;

     

       50
       +
         <xref linkend="opt-services.dnsmasq.servers"/> = [ "127.0.0.1#43" ];

     

       51
       +
       }

     

       52
        
           </programlisting>

     

       53
        
         </para>

     

       54
        
         </sect2>

     
···

       56
        
         <sect2><title>unbound</title>

     

       57
        
         <para>

     

       58
        
           <programlisting>

     

       59
       +
       {

     

       60
       +
         <xref linkend="opt-services.unbound.enable"/> = true;

     

       61
       +
         <xref linkend="opt-services.unbound.forwardAddresses"/> = [ "127.0.0.1@43" ];

     

       62
       +
       }

     

       63
        
           </programlisting>

     

       64
        
         </para>

     

       65
        
         </sect2>