diff options
Diffstat (limited to 'nixpkgs/nixos/doc/manual/configuration')
26 files changed, 499 insertions, 312 deletions
diff --git a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md index bf26e4c51ed3..5bc44aa72245 100644 --- a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md @@ -47,9 +47,9 @@ You can write a `let` wherever an expression is allowed. Thus, you also could ha ```nix { services.httpd.virtualHosts = - let commonConfig = ...; in - { "blog.example.org" = (commonConfig // { ... }) - "wiki.example.org" = (commonConfig // { ... }) + let commonConfig = { /* ... */ }; in + { "blog.example.org" = (commonConfig // { /* ... */ }); + "wiki.example.org" = (commonConfig // { /* ... */ }); }; } ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md index 4478d77f361d..ecb06ad984a3 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md @@ -6,8 +6,10 @@ is useful for doing network configuration not covered by the existing NixOS modules. For instance, to statically configure an IPv6 address: ```nix -networking.localCommands = - '' - ip -6 addr add 2001:610:685:1::1/64 dev eth0 - ''; +{ + networking.localCommands = + '' + ip -6 addr add 2001:610:685:1::1/64 dev eth0 + ''; +} ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md index 2340723e07c6..f9a5221d6c93 100644 --- a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md @@ -23,7 +23,9 @@ Then you write and test the package as described in the Nixpkgs manual. Finally, you add it to [](#opt-environment.systemPackages), e.g. ```nix -environment.systemPackages = [ pkgs.my-package ]; +{ + environment.systemPackages = [ pkgs.my-package ]; +} ``` and you run `nixos-rebuild`, specifying your own Nixpkgs tree: @@ -38,24 +40,28 @@ tree. For instance, here is how you specify a build of the `configuration.nix`: ```nix -environment.systemPackages = - let - my-hello = with pkgs; stdenv.mkDerivation rec { - name = "hello-2.8"; - src = fetchurl { - url = "mirror://gnu/hello/${name}.tar.gz"; - hash = "sha256-5rd/gffPfa761Kn1tl3myunD8TuM+66oy1O7XqVGDXM="; +{ + environment.systemPackages = + let + my-hello = with pkgs; stdenv.mkDerivation rec { + name = "hello-2.8"; + src = fetchurl { + url = "mirror://gnu/hello/${name}.tar.gz"; + hash = "sha256-5rd/gffPfa761Kn1tl3myunD8TuM+66oy1O7XqVGDXM="; + }; }; - }; - in - [ my-hello ]; + in + [ my-hello ]; +} ``` Of course, you can also move the definition of `my-hello` into a separate Nix expression, e.g. ```nix -environment.systemPackages = [ (import ./my-hello.nix) ]; +{ + environment.systemPackages = [ (import ./my-hello.nix) ]; +} ``` where `my-hello.nix` contains: @@ -88,7 +94,9 @@ section](#module-services-flatpak). AppImages will not run "as-is" on NixOS. First you need to install `appimage-run`: add to `/etc/nixos/configuration.nix` ```nix -environment.systemPackages = [ pkgs.appimage-run ]; +{ + environment.systemPackages = [ pkgs.appimage-run ]; +} ``` Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`. diff --git a/nixpkgs/nixos/doc/manual/configuration/config-file.section.md b/nixpkgs/nixos/doc/manual/configuration/config-file.section.md index b010026c5828..e213aae29ae3 100644 --- a/nixpkgs/nixos/doc/manual/configuration/config-file.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/config-file.section.md @@ -5,7 +5,7 @@ The NixOS configuration file generally looks like this: ```nix { config, pkgs, ... }: -{ option definitions +{ /* option definitions */ } ``` @@ -80,7 +80,9 @@ Strings : Strings are enclosed in double quotes, e.g. ```nix - networking.hostName = "dexter"; + { + networking.hostName = "dexter"; + } ``` Special characters can be escaped by prefixing them with a backslash @@ -89,11 +91,13 @@ Strings Multi-line strings can be enclosed in *double single quotes*, e.g. ```nix - networking.extraHosts = - '' - 127.0.0.2 other-localhost - 10.0.0.1 server - ''; + { + networking.extraHosts = + '' + 127.0.0.2 other-localhost + 10.0.0.1 server + ''; + } ``` The main difference is that it strips from each line a number of @@ -108,8 +112,10 @@ Booleans : These can be `true` or `false`, e.g. ```nix - networking.firewall.enable = true; - networking.firewall.allowPing = false; + { + networking.firewall.enable = true; + networking.firewall.allowPing = false; + } ``` Integers @@ -117,7 +123,9 @@ Integers : For example, ```nix - boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; + { + boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; + } ``` (Note that here the attribute name `net.ipv4.tcp_keepalive_time` is @@ -132,11 +140,13 @@ Sets braces, as in the option definition ```nix - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext4"; - options = [ "rw" "data=ordered" "relatime" ]; - }; + { + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext4"; + options = [ "rw" "data=ordered" "relatime" ]; + }; + } ``` Lists @@ -145,13 +155,17 @@ Lists separated by whitespace, like this: ```nix - boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + { + boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + } ``` List elements can be any other type, e.g. sets: ```nix - swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; + { + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; + } ``` Packages @@ -161,12 +175,14 @@ Packages argument `pkgs`. Typical uses: ```nix - environment.systemPackages = - [ pkgs.thunderbird - pkgs.emacs - ]; - - services.postgresql.package = pkgs.postgresql_14; + { + environment.systemPackages = + [ pkgs.thunderbird + pkgs.emacs + ]; + + services.postgresql.package = pkgs.postgresql_14; + } ``` The latter option definition changes the default PostgreSQL package diff --git a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md index 76413b7d84fb..a524ef266eaf 100644 --- a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md @@ -16,18 +16,20 @@ Examples include: You can use them like this: ```nix -environment.systemPackages = with pkgs; [ - sl - (pass.withExtensions (subpkgs: with subpkgs; [ - pass-audit - pass-otp - pass-genphrase - ])) - (python3.withPackages (subpkgs: with subpkgs; [ - requests - ])) - cowsay -]; +{ + environment.systemPackages = with pkgs; [ + sl + (pass.withExtensions (subpkgs: with subpkgs; [ + pass-audit + pass-otp + pass-genphrase + ])) + (python3.withPackages (subpkgs: with subpkgs; [ + requests + ])) + cowsay + ]; +} ``` ::: @@ -38,7 +40,9 @@ dependency on GTK 2. If you want to build it against GTK 3, you can specify that as follows: ```nix -environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; +{ + environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; +} ``` The function `override` performs the call to the Nix function that @@ -58,12 +62,14 @@ of the package, such as the source code. For instance, if you want to override the source code of Emacs, you can say: ```nix -environment.systemPackages = [ - (pkgs.emacs.overrideAttrs (oldAttrs: { - name = "emacs-25.0-pre"; - src = /path/to/my/emacs/tree; - })) -]; +{ + environment.systemPackages = [ + (pkgs.emacs.overrideAttrs (oldAttrs: { + name = "emacs-25.0-pre"; + src = /path/to/my/emacs/tree; + })) + ]; +} ``` Here, `overrideAttrs` takes the Nix derivation specified by `pkgs.emacs` @@ -80,9 +86,11 @@ two instances of the package. If you want to have everything depend on your customised instance, you can apply a *global* override as follows: ```nix -nixpkgs.config.packageOverrides = pkgs: - { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; }; - }; +{ + nixpkgs.config.packageOverrides = pkgs: + { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; }; + }; +} ``` The effect of this definition is essentially equivalent to modifying the diff --git a/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md index 480e250da8c7..6cdd520dcf15 100644 --- a/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md @@ -7,7 +7,9 @@ following line to `configuration.nix` enables the Mozilla Thunderbird email application: ```nix -environment.systemPackages = [ pkgs.thunderbird ]; +{ + environment.systemPackages = [ pkgs.thunderbird ]; +} ``` The effect of this specification is that the Thunderbird package from diff --git a/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md b/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md index 3dfdd20ac33e..4bdd9c60e327 100644 --- a/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md @@ -6,10 +6,12 @@ Ext4 file system on device `/dev/disk/by-label/data` onto the mount point `/data`: ```nix -fileSystems."/data" = - { device = "/dev/disk/by-label/data"; - fsType = "ext4"; - }; +{ + fileSystems."/data" = + { device = "/dev/disk/by-label/data"; + fsType = "ext4"; + }; +} ``` This will create an entry in `/etc/fstab`, which will generate a diff --git a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md index dbf0ffb9273e..9a71217944ee 100644 --- a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md @@ -5,14 +5,18 @@ and other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. It is enabled by default. It can be disabled as follows: ```nix -networking.firewall.enable = false; +{ + networking.firewall.enable = false; +} ``` If the firewall is enabled, you can open specific TCP ports to the outside world: ```nix -networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} ``` Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is @@ -22,10 +26,12 @@ enabled (`services.openssh.enable = true`). UDP ports can be opened through To open ranges of TCP ports: ```nix -networking.firewall.allowedTCPPortRanges = [ - { from = 4000; to = 4007; } - { from = 8000; to = 8010; } -]; +{ + networking.firewall.allowedTCPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } + ]; +} ``` Similarly, UDP port ranges can be opened through diff --git a/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md index aa63aec61669..3b98bdd97c68 100644 --- a/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md @@ -55,9 +55,11 @@ supported through the rocmPackages.clr.icd package. Adding this package to enables OpenCL support: ```nix -hardware.opengl.extraPackages = [ - rocmPackages.clr.icd -]; +{ + hardware.opengl.extraPackages = [ + rocmPackages.clr.icd + ]; +} ``` ### Intel {#sec-gpu-accel-opencl-intel} @@ -74,9 +76,11 @@ to enable OpenCL support. For example, for Gen8 and later GPUs, the following configuration can be used: ```nix -hardware.opengl.extraPackages = [ - intel-compute-runtime -]; +{ + hardware.opengl.extraPackages = [ + intel-compute-runtime + ]; +} ``` ## Vulkan {#sec-gpu-accel-vulkan} @@ -141,20 +145,22 @@ makes amdvlk the default driver and hides radv and lavapipe from the device list A specific driver can be forced as follows: ```nix -hardware.opengl.extraPackages = [ - pkgs.amdvlk -]; - -# To enable Vulkan support for 32-bit applications, also add: -hardware.opengl.extraPackages32 = [ - pkgs.driversi686Linux.amdvlk -]; - -# Force radv -environment.variables.AMD_VULKAN_ICD = "RADV"; -# Or -environment.variables.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; +{ + hardware.opengl.extraPackages = [ + pkgs.amdvlk + ]; + + # To enable Vulkan support for 32-bit applications, also add: + hardware.opengl.extraPackages32 = [ + pkgs.driversi686Linux.amdvlk + ]; + + # Force radv + environment.variables.AMD_VULKAN_ICD = "RADV"; + # Or + environment.variables.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; +} ``` ## VA-API {#sec-gpu-accel-va-api} @@ -178,17 +184,21 @@ $ nix-shell -p libva-utils --run vainfo Modern Intel GPUs use the iHD driver, which can be installed with: ```nix -hardware.opengl.extraPackages = [ - intel-media-driver -]; +{ + hardware.opengl.extraPackages = [ + intel-media-driver + ]; +} ``` Older Intel GPUs use the i965 driver, which can be installed with: ```nix -hardware.opengl.extraPackages = [ - intel-vaapi-driver -]; +{ + hardware.opengl.extraPackages = [ + intel-vaapi-driver + ]; +} ``` ## Common issues {#sec-gpu-accel-common-issues} diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md index c73024b856d7..0464f5389855 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md @@ -5,18 +5,22 @@ configure network interfaces. However, you can configure an interface manually as follows: ```nix -networking.interfaces.eth0.ipv4.addresses = [ { - address = "192.168.1.2"; - prefixLength = 24; -} ]; +{ + networking.interfaces.eth0.ipv4.addresses = [ { + address = "192.168.1.2"; + prefixLength = 24; + } ]; +} ``` Typically you'll also want to set a default gateway and set of name servers: ```nix -networking.defaultGateway = "192.168.1.1"; -networking.nameservers = [ "8.8.8.8" ]; +{ + networking.defaultGateway = "192.168.1.1"; + networking.nameservers = [ "8.8.8.8" ]; +} ``` ::: {.note} @@ -28,7 +32,9 @@ configuration is performed by `network-setup.service`. The host name is set using [](#opt-networking.hostName): ```nix -networking.hostName = "cartman"; +{ + networking.hostName = "cartman"; +} ``` The default host name is `nixos`. Set it to the empty string (`""`) to diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md index ce66f53ed472..b4fe0d759b8a 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md @@ -9,34 +9,42 @@ may be overridden on a per-interface basis by IPv6 support globally by setting: ```nix -networking.enableIPv6 = false; +{ + networking.enableIPv6 = false; +} ``` You can disable IPv6 on a single interface using a normal sysctl (in this example, we use interface `eth0`): ```nix -boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; +{ + boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; +} ``` As with IPv4 networking interfaces are automatically configured via DHCPv6. You can configure an interface manually: ```nix -networking.interfaces.eth0.ipv6.addresses = [ { - address = "fe00:aa:bb:cc::2"; - prefixLength = 64; -} ]; +{ + networking.interfaces.eth0.ipv6.addresses = [ { + address = "fe00:aa:bb:cc::2"; + prefixLength = 64; + } ]; +} ``` For configuring a gateway, optionally with explicitly specified interface: ```nix -networking.defaultGateway6 = { - address = "fe00::1"; - interface = "enp0s3"; -}; +{ + networking.defaultGateway6 = { + address = "fe00::1"; + interface = "enp0s3"; + }; +} ``` See [](#sec-ipv4) for similar examples and additional information. diff --git a/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md b/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md index f39726090e43..fba40b648752 100644 --- a/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md @@ -7,14 +7,16 @@ There are generally two ways of enabling Kubernetes on NixOS. One way is to enable and configure cluster components appropriately by hand: ```nix -services.kubernetes = { - apiserver.enable = true; - controllerManager.enable = true; - scheduler.enable = true; - addonManager.enable = true; - proxy.enable = true; - flannel.enable = true; -}; +{ + services.kubernetes = { + apiserver.enable = true; + controllerManager.enable = true; + scheduler.enable = true; + addonManager.enable = true; + proxy.enable = true; + flannel.enable = true; + }; +} ``` Another way is to assign cluster roles ("master" and/or "node") to @@ -22,20 +24,26 @@ the host. This enables apiserver, controllerManager, scheduler, addonManager, kube-proxy and etcd: ```nix -services.kubernetes.roles = [ "master" ]; +{ + services.kubernetes.roles = [ "master" ]; +} ``` While this will enable the kubelet and kube-proxy only: ```nix -services.kubernetes.roles = [ "node" ]; +{ + services.kubernetes.roles = [ "node" ]; +} ``` Assigning both the master and node roles is usable if you want a single node Kubernetes cluster for dev or testing purposes: ```nix -services.kubernetes.roles = [ "master" "node" ]; +{ + services.kubernetes.roles = [ "master" "node" ]; +} ``` Note: Assigning either role will also default both diff --git a/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md b/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md index 31d8d1a7d0cf..3bc97446f452 100644 --- a/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md @@ -5,7 +5,9 @@ option `boot.kernelPackages`. For instance, this selects the Linux 3.10 kernel: ```nix -boot.kernelPackages = pkgs.linuxKernel.packages.linux_3_10; +{ + boot.kernelPackages = pkgs.linuxKernel.packages.linux_3_10; +} ``` Note that this not only replaces the kernel, but also packages that are @@ -40,13 +42,15 @@ If you want to change the kernel configuration, you can use the instance, to enable support for the kernel debugger KGDB: ```nix -nixpkgs.config.packageOverrides = pkgs: pkgs.lib.recursiveUpdate pkgs { - linuxKernel.kernels.linux_5_10 = pkgs.linuxKernel.kernels.linux_5_10.override { - extraConfig = '' - KGDB y - ''; +{ + nixpkgs.config.packageOverrides = pkgs: pkgs.lib.recursiveUpdate pkgs { + linuxKernel.kernels.linux_5_10 = pkgs.linuxKernel.kernels.linux_5_10.override { + extraConfig = '' + KGDB y + ''; + }; }; -}; +} ``` `extraConfig` takes a list of Linux kernel configuration options, one @@ -59,14 +63,18 @@ by `udev`. You can force a module to be loaded via [](#opt-boot.kernelModules), e.g. ```nix -boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; +{ + boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; +} ``` If the module is required early during the boot (e.g. to mount the root file system), you can use [](#opt-boot.initrd.kernelModules): ```nix -boot.initrd.kernelModules = [ "cifs" ]; +{ + boot.initrd.kernelModules = [ "cifs" ]; +} ``` This causes the specified modules and their dependencies to be added to @@ -76,7 +84,9 @@ Kernel runtime parameters can be set through [](#opt-boot.kernel.sysctl), e.g. ```nix -boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120; +{ + boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120; +} ``` sets the kernel's TCP keepalive time to 120 seconds. To see the @@ -89,7 +99,9 @@ Please refer to the Nixpkgs manual for the various ways of [building a custom ke To use your custom kernel package in your NixOS configuration, set ```nix -boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel; +{ + boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel; +} ``` ## Rust {#sec-linux-rust} @@ -99,15 +111,17 @@ default. For kernel versions 6.7 or newer, experimental Rust support can be enabled. In a NixOS configuration, set: ```nix -boot.kernelPatches = [ - { - name = "Rust Support"; - patch = null; - features = { - rust = true; - }; - } -]; +{ + boot.kernelPatches = [ + { + name = "Rust Support"; + patch = null; + features = { + rust = true; + }; + } + ]; +} ``` ## Developing kernel modules {#sec-linux-config-developing-modules} diff --git a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md index 7615b95aef42..4d2f625073d4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md @@ -29,15 +29,19 @@ system is automatically mounted at boot time as `/`, add the following to `configuration.nix`: ```nix -boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; -fileSystems."/".device = "/dev/mapper/crypted"; +{ + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; + fileSystems."/".device = "/dev/mapper/crypted"; +} ``` Should grub be used as bootloader, and `/boot` is located on an encrypted partition, it is necessary to add the following grub option: ```nix -boot.loader.grub.enableCryptodisk = true; +{ + boot.loader.grub.enableCryptodisk = true; +} ``` ## FIDO2 {#sec-luks-file-systems-fido2} @@ -68,8 +72,10 @@ To ensure that this file system is decrypted using the FIDO2 compatible key, add the following to `configuration.nix`: ```nix -boot.initrd.luks.fido2Support = true; -boot.initrd.luks.devices."/dev/sda2".fido2.credential = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; +{ + boot.initrd.luks.fido2Support = true; + boot.initrd.luks.devices."/dev/sda2".fido2.credential = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; +} ``` You can also use the FIDO2 passwordless setup, but for security reasons, @@ -77,7 +83,9 @@ you might want to enable it only when your device is PIN protected, such as [Trezor](https://trezor.io/). ```nix -boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true; +{ + boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true; +} ``` ### systemd Stage 1 {#sec-luks-file-systems-fido2-systemd} @@ -88,13 +96,15 @@ unlocking the existing LUKS2 volume `root` using any enrolled FIDO2 compatible tokens. ```nix -boot.initrd = { - luks.devices.root = { - crypttabExtraOpts = [ "fido2-device=auto" ]; - device = "/dev/sda2"; +{ + boot.initrd = { + luks.devices.root = { + crypttabExtraOpts = [ "fido2-device=auto" ]; + device = "/dev/sda2"; + }; + systemd.enable = true; }; - systemd.enable = true; -}; +} ``` All tokens that should be used for unlocking the LUKS2-encrypted volume must diff --git a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md index f4a566d66973..cb9f543797d2 100644 --- a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md @@ -16,7 +16,7 @@ including them from `configuration.nix`, e.g.: { imports = [ ./vpn.nix ./kde.nix ]; services.httpd.enable = true; environment.systemPackages = [ pkgs.emacs ]; - ... + # ... } ``` @@ -42,7 +42,9 @@ merged last, so for list-type options, it will appear at the end of the merged list. If you want it to appear first, you can use `mkBefore`: ```nix -boot.kernelModules = mkBefore [ "kvm-intel" ]; +{ + boot.kernelModules = mkBefore [ "kvm-intel" ]; +} ``` This causes the `kvm-intel` kernel module to be loaded before any other @@ -60,7 +62,9 @@ When that happens, it's possible to force one definition take precedence over the others: ```nix -services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org"; +{ + services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org"; +} ``` When using multiple modules, you may need to access configuration values diff --git a/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md b/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md index 4bda21d34a10..8e8dfabbf3cd 100644 --- a/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md @@ -4,7 +4,9 @@ To facilitate network configuration, some desktop environments use NetworkManager. You can enable NetworkManager by setting: ```nix -networking.networkmanager.enable = true; +{ + networking.networkmanager.enable = true; +} ``` some desktop managers (e.g., GNOME) enable NetworkManager automatically @@ -14,7 +16,9 @@ All users that should have permission to change network settings must belong to the `networkmanager` group: ```nix -users.users.alice.extraGroups = [ "networkmanager" ]; +{ + users.users.alice.extraGroups = [ "networkmanager" ]; +} ``` NetworkManager is controlled using either `nmcli` or `nmtui` @@ -32,9 +36,11 @@ can be used together if desired. To do this you need to instruct NetworkManager to ignore those interfaces like: ```nix -networking.networkmanager.unmanaged = [ - "*" "except:type:wwan" "except:type:gsm" -]; +{ + networking.networkmanager.unmanaged = [ + "*" "except:type:wwan" "except:type:gsm" + ]; +} ``` Refer to the option description for the exact syntax and references to diff --git a/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md b/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md index 592fb7c2e6f7..7027a6f426d4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md @@ -4,21 +4,23 @@ NixOS offers a convenient abstraction to create both read-only as well writable overlays. ```nix -fileSystems = { - "/writable-overlay" = { - overlay = { - lowerdir = [ writableOverlayLowerdir ]; - upperdir = "/.rw-writable-overlay/upper"; - workdir = "/.rw-writable-overlay/work"; +{ + fileSystems = { + "/writable-overlay" = { + overlay = { + lowerdir = [ writableOverlayLowerdir ]; + upperdir = "/.rw-writable-overlay/upper"; + workdir = "/.rw-writable-overlay/work"; + }; + # Mount the writable overlay in the initrd. + neededForBoot = true; }; - # Mount the writable overlay in the initrd. - neededForBoot = true; + "/readonly-overlay".overlay.lowerdir = [ + writableOverlayLowerdir + writableOverlayLowerdir2 + ]; }; - "/readonly-overlay".overlay.lowerdir = [ - writableOverlayLowerdir - writableOverlayLowerdir2 - ]; -}; +} ``` If `upperdir` and `workdir` are not null, they will be created before the diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md b/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md index 9f6c11b0d59d..6161d48e353f 100644 --- a/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md @@ -8,9 +8,11 @@ is to say, expected usage is to add them to the imports list of your `/etc/configuration.nix` as such: ```nix -imports = [ - <nixpkgs/nixos/modules/profiles/profile-name.nix> -]; +{ + imports = [ + <nixpkgs/nixos/modules/profiles/profile-name.nix> + ]; +} ``` Even if some of these profiles seem only useful in the context of diff --git a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md index 5b515e9f82a0..4804e35f8a24 100644 --- a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md @@ -25,10 +25,12 @@ we assign the name `wan` to the interface with MAC address `52:54:00:12:01:01` using a netword link unit: ```nix -systemd.network.links."10-wan" = { - matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; - linkConfig.Name = "wan"; -}; +{ + systemd.network.links."10-wan" = { + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; + linkConfig.Name = "wan"; + }; +} ``` Note that links are directly read by udev, *not networkd*, and will work @@ -37,10 +39,12 @@ even if networkd is disabled. Alternatively, we can use a plain old udev rule: ```nix -boot.initrd.services.udev.rules = '' - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \ - ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan" -''; +{ + boot.initrd.services.udev.rules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \ + ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan" + ''; +} ``` ::: {.warning} diff --git a/nixpkgs/nixos/doc/manual/configuration/ssh.section.md b/nixpkgs/nixos/doc/manual/configuration/ssh.section.md index 9e239a848178..8754e3d9ccaf 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ssh.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ssh.section.md @@ -3,7 +3,9 @@ Secure shell (SSH) access to your machine can be enabled by setting: ```nix -services.openssh.enable = true; +{ + services.openssh.enable = true; +} ``` By default, root logins using a password are disallowed. They can be @@ -14,6 +16,8 @@ You can declaratively specify authorised RSA/DSA public keys for a user as follows: ```nix -users.users.alice.openssh.authorizedKeys.keys = - [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; +{ + users.users.alice.openssh.authorizedKeys.keys = + [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; +} ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md b/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md index ff870f5c40b9..2436138669fe 100644 --- a/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md @@ -21,9 +21,11 @@ Apache HTTP, setting [](#opt-services.httpd.adminAddr) appropriately: ```nix -services.httpd.enable = true; -services.httpd.adminAddr = ...; -networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + services.httpd.enable = true; + services.httpd.adminAddr = "..."; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} ``` For a simple Subversion server with basic authentication, configure the @@ -34,25 +36,28 @@ the `.authz` file describing access permission, and `AuthUserFile` to the password file. ```nix -services.httpd.extraModules = [ - # note that order is *super* important here - { name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; } - { name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; } - ]; - services.httpd.virtualHosts = { - "svn" = { - hostName = HOSTNAME; - documentRoot = DOCUMENTROOT; - locations."/svn".extraConfig = '' - DAV svn - SVNParentPath REPO_PARENT - AuthzSVNAccessFile ACCESS_FILE - AuthName "SVN Repositories" - AuthType Basic - AuthUserFile PASSWORD_FILE - Require valid-user - ''; - } +{ + services.httpd.extraModules = [ + # note that order is *super* important here + { name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; } + { name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; } + ]; + services.httpd.virtualHosts = { + "svn" = { + hostName = HOSTNAME; + documentRoot = DOCUMENTROOT; + locations."/svn".extraConfig = '' + DAV svn + SVNParentPath REPO_PARENT + AuthzSVNAccessFile ACCESS_FILE + AuthName "SVN Repositories" + AuthType Basic + AuthUserFile PASSWORD_FILE + Require valid-user + ''; + }; + }; +} ``` The key `"svn"` is just a symbolic name identifying the virtual host. @@ -90,7 +95,7 @@ $ htpasswd -s PASSWORD_FILE USER_NAME The file describing access permissions `ACCESS_FILE` will look something like the following: -```nix +``` [/] * = r diff --git a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md index 71d61ce4c641..7d83121d41e0 100644 --- a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md @@ -6,13 +6,15 @@ management. In the declarative style, users are specified in account named `alice` shall exist: ```nix -users.users.alice = { - isNormalUser = true; - home = "/home/alice"; - description = "Alice Foobar"; - extraGroups = [ "wheel" "networkmanager" ]; - openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; -}; +{ + users.users.alice = { + isNormalUser = true; + home = "/home/alice"; + description = "Alice Foobar"; + extraGroups = [ "wheel" "networkmanager" ]; + openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; + }; +} ``` Note that `alice` is a member of the `wheel` and `networkmanager` @@ -38,7 +40,9 @@ A user ID (uid) is assigned automatically. You can also specify a uid manually by adding ```nix -uid = 1000; +{ + uid = 1000; +} ``` to the user specification. @@ -47,7 +51,9 @@ Groups can be specified similarly. The following states that a group named `students` shall exist: ```nix -users.groups.students.gid = 1000; +{ + users.groups.students.gid = 1000; +} ``` As with users, the group ID (gid) is optional and will be assigned @@ -100,7 +106,9 @@ Instead of using a custom perl script to create users and groups, you can use systemd-sysusers: ```nix -systemd.sysusers.enable = true; +{ + systemd.sysusers.enable = true; +} ``` The primary benefit of this is to remove a dependency on perl. diff --git a/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md b/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md index 0f195bd66567..27c027d38514 100644 --- a/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md @@ -9,7 +9,9 @@ a Wayland Compositor such as sway without separately enabling a Wayland server: ```nix +{ programs.sway.enable = true; +} ``` This installs the sway compositor along with some essential utilities. @@ -19,7 +21,9 @@ If you are using a wlroots-based compositor, like sway, and want to be able to share your screen, you might want to activate this option: ```nix -xdg.portal.wlr.enable = true; +{ + xdg.portal.wlr.enable = true; +} ``` and configure Pipewire using diff --git a/nixpkgs/nixos/doc/manual/configuration/wireless.section.md b/nixpkgs/nixos/doc/manual/configuration/wireless.section.md index 3299d2d7ecb8..df828698cf03 100644 --- a/nixpkgs/nixos/doc/manual/configuration/wireless.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/wireless.section.md @@ -7,25 +7,29 @@ skip the rest of this section on wireless networks. NixOS will start wpa_supplicant for you if you enable this setting: ```nix -networking.wireless.enable = true; +{ + networking.wireless.enable = true; +} ``` NixOS lets you specify networks for wpa_supplicant declaratively: ```nix -networking.wireless.networks = { - echelon = { # SSID with no spaces or special characters - psk = "abcdefgh"; - }; - "echelon's AP" = { # SSID with spaces and/or special characters - psk = "ijklmnop"; - }; - echelon = { # Hidden SSID - hidden = true; - psk = "qrstuvwx"; +{ + networking.wireless.networks = { + echelon = { # SSID with no spaces or special characters + psk = "abcdefgh"; + }; + "echelon's AP" = { # SSID with spaces and/or special characters + psk = "ijklmnop"; + }; + echelon = { # Hidden SSID + hidden = true; + psk = "qrstuvwx"; + }; + free.wifi = {}; # Public wireless network }; - free.wifi = {}; # Public wireless network -}; +} ``` Be aware that keys will be written to the nix store in plaintext! When @@ -46,11 +50,13 @@ network={ ``` ```nix -networking.wireless.networks = { - echelon = { - pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435"; +{ + networking.wireless.networks = { + echelon = { + pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435"; + }; }; -}; +} ``` or you can use it to directly generate the `wpa_supplicant.conf`: diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md index bf1872ae01ac..8162e38e9f5b 100644 --- a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md @@ -4,7 +4,9 @@ The X Window System (X11) provides the basis of NixOS' graphical user interface. It can be enabled as follows: ```nix -services.xserver.enable = true; +{ + services.xserver.enable = true; +} ``` The X server will automatically detect and use the appropriate video @@ -12,7 +14,9 @@ driver from a set of X.org drivers (such as `vesa` and `intel`). You can also specify a driver manually, e.g. ```nix -services.xserver.videoDrivers = [ "r128" ]; +{ + services.xserver.videoDrivers = [ "r128" ]; +} ``` to enable X.org's `xf86-video-r128` driver. @@ -22,15 +26,17 @@ Otherwise, you can only log into a plain undecorated `xterm` window. Thus you should pick one or more of the following lines: ```nix -services.xserver.desktopManager.plasma5.enable = true; -services.xserver.desktopManager.xfce.enable = true; -services.xserver.desktopManager.gnome.enable = true; -services.xserver.desktopManager.mate.enable = true; -services.xserver.windowManager.xmonad.enable = true; -services.xserver.windowManager.twm.enable = true; -services.xserver.windowManager.icewm.enable = true; -services.xserver.windowManager.i3.enable = true; -services.xserver.windowManager.herbstluftwm.enable = true; +{ + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.mate.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.twm.enable = true; + services.xserver.windowManager.icewm.enable = true; + services.xserver.windowManager.i3.enable = true; + services.xserver.windowManager.herbstluftwm.enable = true; +} ``` NixOS's default *display manager* (the program that provides a graphical @@ -38,22 +44,28 @@ login prompt and manages the X server) is LightDM. You can select an alternative one by picking one of the following lines: ```nix -services.xserver.displayManager.sddm.enable = true; -services.xserver.displayManager.gdm.enable = true; +{ + services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.gdm.enable = true; +} ``` You can set the keyboard layout (and optionally the layout variant): ```nix -services.xserver.xkb.layout = "de"; -services.xserver.xkb.variant = "neo"; +{ + services.xserver.xkb.layout = "de"; + services.xserver.xkb.variant = "neo"; +} ``` The X server is started automatically at boot time. If you don't want this to happen, you can set: ```nix -services.xserver.autorun = false; +{ + services.xserver.autorun = false; +} ``` The X server can then be started manually: @@ -66,7 +78,9 @@ On 64-bit systems, if you want OpenGL for 32-bit programs such as in Wine, you should also set the following: ```nix -hardware.opengl.driSupport32Bit = true; +{ + hardware.opengl.driSupport32Bit = true; +} ``` ## Auto-login {#sec-x11-auto-login} @@ -84,16 +98,20 @@ desktop environment. If you wanted no desktop environment and i3 as your your window manager, you'd define: ```nix -services.xserver.displayManager.defaultSession = "none+i3"; +{ + services.xserver.displayManager.defaultSession = "none+i3"; +} ``` Every display manager in NixOS supports auto-login, here is an example using lightdm for a user `alice`: ```nix -services.xserver.displayManager.lightdm.enable = true; -services.xserver.displayManager.autoLogin.enable = true; -services.xserver.displayManager.autoLogin.user = "alice"; +{ + services.xserver.displayManager.lightdm.enable = true; + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "alice"; +} ``` ## Intel Graphics drivers {#sec-x11--graphics-cards-intel} @@ -119,18 +137,22 @@ drivers. Use the option to set one. The recommended configuration for modern systems is: ```nix -services.xserver.videoDrivers = [ "modesetting" ]; +{ + services.xserver.videoDrivers = [ "modesetting" ]; +} ``` If you experience screen tearing no matter what, this configuration was reported to resolve the issue: ```nix -services.xserver.videoDrivers = [ "intel" ]; -services.xserver.deviceSection = '' - Option "DRI" "2" - Option "TearFree" "true" -''; +{ + services.xserver.videoDrivers = [ "intel" ]; + services.xserver.deviceSection = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; +} ``` Note that this will likely downgrade the performance compared to @@ -143,17 +165,19 @@ better 3D performance than the X.org drivers. It is not enabled by default because it's not free software. You can enable it as follows: ```nix -services.xserver.videoDrivers = [ "nvidia" ]; +{ + services.xserver.videoDrivers = [ "nvidia" ]; +} ``` -Or if you have an older card, you may have to use one of the legacy -drivers: +If you have an older card, you may have to use one of the legacy drivers: ```nix -services.xserver.videoDrivers = [ "nvidiaLegacy470" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy390" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy340" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy304" ]; +{ + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_390; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340; +} ``` You may need to reboot after enabling this driver to prevent a clash @@ -168,7 +192,9 @@ performance. If you still want to use it anyway, you need to explicitly set: ```nix -services.xserver.videoDrivers = [ "amdgpu-pro" ]; +{ + services.xserver.videoDrivers = [ "amdgpu-pro" ]; +} ``` You will need to reboot after enabling this driver to prevent a clash @@ -180,14 +206,18 @@ Support for Synaptics touchpads (found in many laptops such as the Dell Latitude series) can be enabled as follows: ```nix -services.xserver.libinput.enable = true; +{ + services.xserver.libinput.enable = true; +} ``` The driver has many options (see [](#ch-options)). For instance, the following disables tap-to-click behavior: ```nix -services.xserver.libinput.touchpad.tapping = false; +{ + services.xserver.libinput.touchpad.tapping = false; +} ``` Note: the use of `services.xserver.synaptics` is deprecated since NixOS @@ -200,9 +230,11 @@ GTK themes can be installed either to user profile or system-wide (via GTK ones, you can use the following configuration: ```nix -qt.enable = true; -qt.platformTheme = "gtk2"; -qt.style = "gtk2"; +{ + qt.enable = true; + qt.platformTheme = "gtk2"; + qt.style = "gtk2"; +} ``` ## Custom XKB layouts {#custom-xkb-layouts} @@ -219,7 +251,7 @@ Create a file called `us-greek` with the following content (under a directory called `symbols`; it's an XKB peculiarity that will help with testing): -```nix +``` xkb_symbols "us-greek" { include "us(basic)" // includes the base US keys @@ -236,11 +268,13 @@ xkb_symbols "us-greek" A minimal layout specification must include the following: ```nix -services.xserver.xkb.extraLayouts.us-greek = { - description = "US layout with alt-gr greek"; - languages = [ "eng" ]; - symbolsFile = /yourpath/symbols/us-greek; -}; +{ + services.xserver.xkb.extraLayouts.us-greek = { + description = "US layout with alt-gr greek"; + languages = [ "eng" ]; + symbolsFile = /yourpath/symbols/us-greek; + }; +} ``` ::: {.note} @@ -277,7 +311,7 @@ Use the *xev* utility from `pkgs.xorg.xev` to find the codes of the keys of interest, then create a `media-key` file to hold the keycodes definitions -```nix +``` xkb_keycodes "media" { <volUp> = 123; @@ -287,7 +321,7 @@ xkb_keycodes "media" Now use the newly define keycodes in `media-sym`: -```nix +``` xkb_symbols "media" { key.type = "ONE_LEVEL"; @@ -299,12 +333,14 @@ xkb_symbols "media" As before, to install the layout do ```nix -services.xserver.xkb.extraLayouts.media = { - description = "Multimedia keys remapping"; - languages = [ "eng" ]; - symbolsFile = /path/to/media-key; - keycodesFile = /path/to/media-sym; -}; +{ + services.xserver.xkb.extraLayouts.media = { + description = "Multimedia keys remapping"; + languages = [ "eng" ]; + symbolsFile = /path/to/media-key; + keycodesFile = /path/to/media-sym; + }; +} ``` ::: {.note} @@ -320,7 +356,9 @@ workaround, you can set the keymap using `setxkbmap` at the start of the session with: ```nix -services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media"; +{ + services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media"; +} ``` If you are manually starting the X server, you should set the argument diff --git a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md index 9ec4a51d6e35..fcc9bcc45641 100644 --- a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md @@ -3,21 +3,25 @@ To enable the Xfce Desktop Environment, set ```nix -services.xserver.desktopManager.xfce.enable = true; -services.xserver.displayManager.defaultSession = "xfce"; +{ + services.xserver.desktopManager.xfce.enable = true; + services.xserver.displayManager.defaultSession = "xfce"; +} ``` Optionally, *picom* can be enabled for nice graphical effects, some example settings: ```nix -services.picom = { - enable = true; - fade = true; - inactiveOpacity = 0.9; - shadow = true; - fadeDelta = 4; -}; +{ + services.picom = { + enable = true; + fade = true; + inactiveOpacity = 0.9; + shadow = true; + fadeDelta = 4; + }; +} ``` Some Xfce programs are not installed automatically. To install them |