diff options
Diffstat (limited to 'nixpkgs/nixos/doc')
57 files changed, 918 insertions, 585 deletions
diff --git a/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md b/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md index c9140d0869c7..4f404882055a 100644 --- a/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md +++ b/nixpkgs/nixos/doc/manual/administration/cleaning-store.chapter.md @@ -21,8 +21,10 @@ You can tell NixOS in `configuration.nix` to run this unit automatically at certain points in time, for instance, every night at 03:15: ```nix -nix.gc.automatic = true; -nix.gc.dates = "03:15"; +{ + nix.gc.automatic = true; + nix.gc.dates = "03:15"; +} ``` The commands above do not remove garbage collector roots, such as old diff --git a/nixpkgs/nixos/doc/manual/administration/container-networking.section.md b/nixpkgs/nixos/doc/manual/administration/container-networking.section.md index 0873768376cc..723cf211d872 100644 --- a/nixpkgs/nixos/doc/manual/administration/container-networking.section.md +++ b/nixpkgs/nixos/doc/manual/administration/container-networking.section.md @@ -26,9 +26,11 @@ host to rewrite container traffic to use your external IP address. This can be accomplished using the following configuration on the host: ```nix -networking.nat.enable = true; -networking.nat.internalInterfaces = ["ve-+"]; -networking.nat.externalInterface = "eth0"; +{ + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "eth0"; +} ``` where `eth0` should be replaced with the desired external interface. @@ -38,7 +40,9 @@ If you are using Network Manager, you need to explicitly prevent it from managing container interfaces: ```nix -networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; +{ + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; +} ``` You may need to restart your system for the changes to take effect. diff --git a/nixpkgs/nixos/doc/manual/administration/control-groups.chapter.md b/nixpkgs/nixos/doc/manual/administration/control-groups.chapter.md index abe8dd80b5ab..8682236ca1a9 100644 --- a/nixpkgs/nixos/doc/manual/administration/control-groups.chapter.md +++ b/nixpkgs/nixos/doc/manual/administration/control-groups.chapter.md @@ -39,7 +39,9 @@ they were in the same cgroup, then the PostgreSQL process would get `configuration.nix`: ```nix -systemd.services.httpd.serviceConfig.CPUShares = 512; +{ + systemd.services.httpd.serviceConfig.CPUShares = 512; +} ``` By default, every cgroup has 1024 CPU shares, so this will halve the CPU @@ -52,7 +54,9 @@ limits can be specified in `configuration.nix`; for instance, to limit `httpd.service` to 512 MiB of RAM (excluding swap): ```nix -systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; +{ + systemd.services.httpd.serviceConfig.MemoryLimit = "512M"; +} ``` The command `systemd-cgtop` shows a continuously updated list of all diff --git a/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md b/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md index eaa50d3c663d..f16fa8332b51 100644 --- a/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md +++ b/nixpkgs/nixos/doc/manual/administration/declarative-containers.section.md @@ -5,13 +5,15 @@ You can also specify containers and their configuration in the host's shall be a container named `database` running PostgreSQL: ```nix -containers.database = - { config = - { config, pkgs, ... }: - { services.postgresql.enable = true; - services.postgresql.package = pkgs.postgresql_14; - }; - }; +{ + containers.database = + { config = + { config, pkgs, ... }: + { services.postgresql.enable = true; + services.postgresql.package = pkgs.postgresql_14; + }; + }; +} ``` If you run `nixos-rebuild switch`, the container will be built. If the @@ -25,11 +27,13 @@ cannot change the network configuration. You can give a container its own network as follows: ```nix -containers.database = { - privateNetwork = true; - hostAddress = "192.168.100.10"; - localAddress = "192.168.100.11"; -}; +{ + containers.database = { + privateNetwork = true; + hostAddress = "192.168.100.10"; + localAddress = "192.168.100.11"; + }; +} ``` This gives the container a private virtual Ethernet interface with IP diff --git a/nixpkgs/nixos/doc/manual/administration/service-mgmt.chapter.md b/nixpkgs/nixos/doc/manual/administration/service-mgmt.chapter.md index bc9bdbe3708b..49e8d801fb80 100644 --- a/nixpkgs/nixos/doc/manual/administration/service-mgmt.chapter.md +++ b/nixpkgs/nixos/doc/manual/administration/service-mgmt.chapter.md @@ -82,7 +82,9 @@ In order to enable a systemd *system* service with provided upstream package, use (e.g): ```nix -systemd.packages = [ pkgs.packagekit ]; +{ + systemd.packages = [ pkgs.packagekit ]; +} ``` Usually NixOS modules written by the community do the above, plus take diff --git a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md index bf26e4c51ed3..5bc44aa72245 100644 --- a/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/abstractions.section.md @@ -47,9 +47,9 @@ You can write a `let` wherever an expression is allowed. Thus, you also could ha ```nix { services.httpd.virtualHosts = - let commonConfig = ...; in - { "blog.example.org" = (commonConfig // { ... }) - "wiki.example.org" = (commonConfig // { ... }) + let commonConfig = { /* ... */ }; in + { "blog.example.org" = (commonConfig // { /* ... */ }); + "wiki.example.org" = (commonConfig // { /* ... */ }); }; } ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md index 4478d77f361d..ecb06ad984a3 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ad-hoc-network-config.section.md @@ -6,8 +6,10 @@ is useful for doing network configuration not covered by the existing NixOS modules. For instance, to statically configure an IPv6 address: ```nix -networking.localCommands = - '' - ip -6 addr add 2001:610:685:1::1/64 dev eth0 - ''; +{ + networking.localCommands = + '' + ip -6 addr add 2001:610:685:1::1/64 dev eth0 + ''; +} ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md index 2340723e07c6..f9a5221d6c93 100644 --- a/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/adding-custom-packages.section.md @@ -23,7 +23,9 @@ Then you write and test the package as described in the Nixpkgs manual. Finally, you add it to [](#opt-environment.systemPackages), e.g. ```nix -environment.systemPackages = [ pkgs.my-package ]; +{ + environment.systemPackages = [ pkgs.my-package ]; +} ``` and you run `nixos-rebuild`, specifying your own Nixpkgs tree: @@ -38,24 +40,28 @@ tree. For instance, here is how you specify a build of the `configuration.nix`: ```nix -environment.systemPackages = - let - my-hello = with pkgs; stdenv.mkDerivation rec { - name = "hello-2.8"; - src = fetchurl { - url = "mirror://gnu/hello/${name}.tar.gz"; - hash = "sha256-5rd/gffPfa761Kn1tl3myunD8TuM+66oy1O7XqVGDXM="; +{ + environment.systemPackages = + let + my-hello = with pkgs; stdenv.mkDerivation rec { + name = "hello-2.8"; + src = fetchurl { + url = "mirror://gnu/hello/${name}.tar.gz"; + hash = "sha256-5rd/gffPfa761Kn1tl3myunD8TuM+66oy1O7XqVGDXM="; + }; }; - }; - in - [ my-hello ]; + in + [ my-hello ]; +} ``` Of course, you can also move the definition of `my-hello` into a separate Nix expression, e.g. ```nix -environment.systemPackages = [ (import ./my-hello.nix) ]; +{ + environment.systemPackages = [ (import ./my-hello.nix) ]; +} ``` where `my-hello.nix` contains: @@ -88,7 +94,9 @@ section](#module-services-flatpak). AppImages will not run "as-is" on NixOS. First you need to install `appimage-run`: add to `/etc/nixos/configuration.nix` ```nix -environment.systemPackages = [ pkgs.appimage-run ]; +{ + environment.systemPackages = [ pkgs.appimage-run ]; +} ``` Then instead of running the AppImage "as-is", run `appimage-run foo.appimage`. diff --git a/nixpkgs/nixos/doc/manual/configuration/config-file.section.md b/nixpkgs/nixos/doc/manual/configuration/config-file.section.md index b010026c5828..e213aae29ae3 100644 --- a/nixpkgs/nixos/doc/manual/configuration/config-file.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/config-file.section.md @@ -5,7 +5,7 @@ The NixOS configuration file generally looks like this: ```nix { config, pkgs, ... }: -{ option definitions +{ /* option definitions */ } ``` @@ -80,7 +80,9 @@ Strings : Strings are enclosed in double quotes, e.g. ```nix - networking.hostName = "dexter"; + { + networking.hostName = "dexter"; + } ``` Special characters can be escaped by prefixing them with a backslash @@ -89,11 +91,13 @@ Strings Multi-line strings can be enclosed in *double single quotes*, e.g. ```nix - networking.extraHosts = - '' - 127.0.0.2 other-localhost - 10.0.0.1 server - ''; + { + networking.extraHosts = + '' + 127.0.0.2 other-localhost + 10.0.0.1 server + ''; + } ``` The main difference is that it strips from each line a number of @@ -108,8 +112,10 @@ Booleans : These can be `true` or `false`, e.g. ```nix - networking.firewall.enable = true; - networking.firewall.allowPing = false; + { + networking.firewall.enable = true; + networking.firewall.allowPing = false; + } ``` Integers @@ -117,7 +123,9 @@ Integers : For example, ```nix - boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; + { + boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 60; + } ``` (Note that here the attribute name `net.ipv4.tcp_keepalive_time` is @@ -132,11 +140,13 @@ Sets braces, as in the option definition ```nix - fileSystems."/boot" = - { device = "/dev/sda1"; - fsType = "ext4"; - options = [ "rw" "data=ordered" "relatime" ]; - }; + { + fileSystems."/boot" = + { device = "/dev/sda1"; + fsType = "ext4"; + options = [ "rw" "data=ordered" "relatime" ]; + }; + } ``` Lists @@ -145,13 +155,17 @@ Lists separated by whitespace, like this: ```nix - boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + { + boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; + } ``` List elements can be any other type, e.g. sets: ```nix - swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; + { + swapDevices = [ { device = "/dev/disk/by-label/swap"; } ]; + } ``` Packages @@ -161,12 +175,14 @@ Packages argument `pkgs`. Typical uses: ```nix - environment.systemPackages = - [ pkgs.thunderbird - pkgs.emacs - ]; - - services.postgresql.package = pkgs.postgresql_14; + { + environment.systemPackages = + [ pkgs.thunderbird + pkgs.emacs + ]; + + services.postgresql.package = pkgs.postgresql_14; + } ``` The latter option definition changes the default PostgreSQL package diff --git a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md index 76413b7d84fb..a524ef266eaf 100644 --- a/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/customizing-packages.section.md @@ -16,18 +16,20 @@ Examples include: You can use them like this: ```nix -environment.systemPackages = with pkgs; [ - sl - (pass.withExtensions (subpkgs: with subpkgs; [ - pass-audit - pass-otp - pass-genphrase - ])) - (python3.withPackages (subpkgs: with subpkgs; [ - requests - ])) - cowsay -]; +{ + environment.systemPackages = with pkgs; [ + sl + (pass.withExtensions (subpkgs: with subpkgs; [ + pass-audit + pass-otp + pass-genphrase + ])) + (python3.withPackages (subpkgs: with subpkgs; [ + requests + ])) + cowsay + ]; +} ``` ::: @@ -38,7 +40,9 @@ dependency on GTK 2. If you want to build it against GTK 3, you can specify that as follows: ```nix -environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; +{ + environment.systemPackages = [ (pkgs.emacs.override { gtk = pkgs.gtk3; }) ]; +} ``` The function `override` performs the call to the Nix function that @@ -58,12 +62,14 @@ of the package, such as the source code. For instance, if you want to override the source code of Emacs, you can say: ```nix -environment.systemPackages = [ - (pkgs.emacs.overrideAttrs (oldAttrs: { - name = "emacs-25.0-pre"; - src = /path/to/my/emacs/tree; - })) -]; +{ + environment.systemPackages = [ + (pkgs.emacs.overrideAttrs (oldAttrs: { + name = "emacs-25.0-pre"; + src = /path/to/my/emacs/tree; + })) + ]; +} ``` Here, `overrideAttrs` takes the Nix derivation specified by `pkgs.emacs` @@ -80,9 +86,11 @@ two instances of the package. If you want to have everything depend on your customised instance, you can apply a *global* override as follows: ```nix -nixpkgs.config.packageOverrides = pkgs: - { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; }; - }; +{ + nixpkgs.config.packageOverrides = pkgs: + { emacs = pkgs.emacs.override { gtk = pkgs.gtk3; }; + }; +} ``` The effect of this definition is essentially equivalent to modifying the diff --git a/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md b/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md index 480e250da8c7..6cdd520dcf15 100644 --- a/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/declarative-packages.section.md @@ -7,7 +7,9 @@ following line to `configuration.nix` enables the Mozilla Thunderbird email application: ```nix -environment.systemPackages = [ pkgs.thunderbird ]; +{ + environment.systemPackages = [ pkgs.thunderbird ]; +} ``` The effect of this specification is that the Thunderbird package from diff --git a/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md b/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md index 3dfdd20ac33e..4bdd9c60e327 100644 --- a/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/file-systems.chapter.md @@ -6,10 +6,12 @@ Ext4 file system on device `/dev/disk/by-label/data` onto the mount point `/data`: ```nix -fileSystems."/data" = - { device = "/dev/disk/by-label/data"; - fsType = "ext4"; - }; +{ + fileSystems."/data" = + { device = "/dev/disk/by-label/data"; + fsType = "ext4"; + }; +} ``` This will create an entry in `/etc/fstab`, which will generate a diff --git a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md index dbf0ffb9273e..9a71217944ee 100644 --- a/nixpkgs/nixos/doc/manual/configuration/firewall.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/firewall.section.md @@ -5,14 +5,18 @@ and other unexpected packets. The firewall applies to both IPv4 and IPv6 traffic. It is enabled by default. It can be disabled as follows: ```nix -networking.firewall.enable = false; +{ + networking.firewall.enable = false; +} ``` If the firewall is enabled, you can open specific TCP ports to the outside world: ```nix -networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} ``` Note that TCP port 22 (ssh) is opened automatically if the SSH daemon is @@ -22,10 +26,12 @@ enabled (`services.openssh.enable = true`). UDP ports can be opened through To open ranges of TCP ports: ```nix -networking.firewall.allowedTCPPortRanges = [ - { from = 4000; to = 4007; } - { from = 8000; to = 8010; } -]; +{ + networking.firewall.allowedTCPPortRanges = [ + { from = 4000; to = 4007; } + { from = 8000; to = 8010; } + ]; +} ``` Similarly, UDP port ranges can be opened through diff --git a/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md index aa63aec61669..3b98bdd97c68 100644 --- a/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/gpu-accel.chapter.md @@ -55,9 +55,11 @@ supported through the rocmPackages.clr.icd package. Adding this package to enables OpenCL support: ```nix -hardware.opengl.extraPackages = [ - rocmPackages.clr.icd -]; +{ + hardware.opengl.extraPackages = [ + rocmPackages.clr.icd + ]; +} ``` ### Intel {#sec-gpu-accel-opencl-intel} @@ -74,9 +76,11 @@ to enable OpenCL support. For example, for Gen8 and later GPUs, the following configuration can be used: ```nix -hardware.opengl.extraPackages = [ - intel-compute-runtime -]; +{ + hardware.opengl.extraPackages = [ + intel-compute-runtime + ]; +} ``` ## Vulkan {#sec-gpu-accel-vulkan} @@ -141,20 +145,22 @@ makes amdvlk the default driver and hides radv and lavapipe from the device list A specific driver can be forced as follows: ```nix -hardware.opengl.extraPackages = [ - pkgs.amdvlk -]; - -# To enable Vulkan support for 32-bit applications, also add: -hardware.opengl.extraPackages32 = [ - pkgs.driversi686Linux.amdvlk -]; - -# Force radv -environment.variables.AMD_VULKAN_ICD = "RADV"; -# Or -environment.variables.VK_ICD_FILENAMES = - "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; +{ + hardware.opengl.extraPackages = [ + pkgs.amdvlk + ]; + + # To enable Vulkan support for 32-bit applications, also add: + hardware.opengl.extraPackages32 = [ + pkgs.driversi686Linux.amdvlk + ]; + + # Force radv + environment.variables.AMD_VULKAN_ICD = "RADV"; + # Or + environment.variables.VK_ICD_FILENAMES = + "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json"; +} ``` ## VA-API {#sec-gpu-accel-va-api} @@ -178,17 +184,21 @@ $ nix-shell -p libva-utils --run vainfo Modern Intel GPUs use the iHD driver, which can be installed with: ```nix -hardware.opengl.extraPackages = [ - intel-media-driver -]; +{ + hardware.opengl.extraPackages = [ + intel-media-driver + ]; +} ``` Older Intel GPUs use the i965 driver, which can be installed with: ```nix -hardware.opengl.extraPackages = [ - intel-vaapi-driver -]; +{ + hardware.opengl.extraPackages = [ + intel-vaapi-driver + ]; +} ``` ## Common issues {#sec-gpu-accel-common-issues} diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md index c73024b856d7..0464f5389855 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ipv4-config.section.md @@ -5,18 +5,22 @@ configure network interfaces. However, you can configure an interface manually as follows: ```nix -networking.interfaces.eth0.ipv4.addresses = [ { - address = "192.168.1.2"; - prefixLength = 24; -} ]; +{ + networking.interfaces.eth0.ipv4.addresses = [ { + address = "192.168.1.2"; + prefixLength = 24; + } ]; +} ``` Typically you'll also want to set a default gateway and set of name servers: ```nix -networking.defaultGateway = "192.168.1.1"; -networking.nameservers = [ "8.8.8.8" ]; +{ + networking.defaultGateway = "192.168.1.1"; + networking.nameservers = [ "8.8.8.8" ]; +} ``` ::: {.note} @@ -28,7 +32,9 @@ configuration is performed by `network-setup.service`. The host name is set using [](#opt-networking.hostName): ```nix -networking.hostName = "cartman"; +{ + networking.hostName = "cartman"; +} ``` The default host name is `nixos`. Set it to the empty string (`""`) to diff --git a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md index ce66f53ed472..b4fe0d759b8a 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ipv6-config.section.md @@ -9,34 +9,42 @@ may be overridden on a per-interface basis by IPv6 support globally by setting: ```nix -networking.enableIPv6 = false; +{ + networking.enableIPv6 = false; +} ``` You can disable IPv6 on a single interface using a normal sysctl (in this example, we use interface `eth0`): ```nix -boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; +{ + boot.kernel.sysctl."net.ipv6.conf.eth0.disable_ipv6" = true; +} ``` As with IPv4 networking interfaces are automatically configured via DHCPv6. You can configure an interface manually: ```nix -networking.interfaces.eth0.ipv6.addresses = [ { - address = "fe00:aa:bb:cc::2"; - prefixLength = 64; -} ]; +{ + networking.interfaces.eth0.ipv6.addresses = [ { + address = "fe00:aa:bb:cc::2"; + prefixLength = 64; + } ]; +} ``` For configuring a gateway, optionally with explicitly specified interface: ```nix -networking.defaultGateway6 = { - address = "fe00::1"; - interface = "enp0s3"; -}; +{ + networking.defaultGateway6 = { + address = "fe00::1"; + interface = "enp0s3"; + }; +} ``` See [](#sec-ipv4) for similar examples and additional information. diff --git a/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md b/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md index f39726090e43..fba40b648752 100644 --- a/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/kubernetes.chapter.md @@ -7,14 +7,16 @@ There are generally two ways of enabling Kubernetes on NixOS. One way is to enable and configure cluster components appropriately by hand: ```nix -services.kubernetes = { - apiserver.enable = true; - controllerManager.enable = true; - scheduler.enable = true; - addonManager.enable = true; - proxy.enable = true; - flannel.enable = true; -}; +{ + services.kubernetes = { + apiserver.enable = true; + controllerManager.enable = true; + scheduler.enable = true; + addonManager.enable = true; + proxy.enable = true; + flannel.enable = true; + }; +} ``` Another way is to assign cluster roles ("master" and/or "node") to @@ -22,20 +24,26 @@ the host. This enables apiserver, controllerManager, scheduler, addonManager, kube-proxy and etcd: ```nix -services.kubernetes.roles = [ "master" ]; +{ + services.kubernetes.roles = [ "master" ]; +} ``` While this will enable the kubelet and kube-proxy only: ```nix -services.kubernetes.roles = [ "node" ]; +{ + services.kubernetes.roles = [ "node" ]; +} ``` Assigning both the master and node roles is usable if you want a single node Kubernetes cluster for dev or testing purposes: ```nix -services.kubernetes.roles = [ "master" "node" ]; +{ + services.kubernetes.roles = [ "master" "node" ]; +} ``` Note: Assigning either role will also default both diff --git a/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md b/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md index 31d8d1a7d0cf..3bc97446f452 100644 --- a/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/linux-kernel.chapter.md @@ -5,7 +5,9 @@ option `boot.kernelPackages`. For instance, this selects the Linux 3.10 kernel: ```nix -boot.kernelPackages = pkgs.linuxKernel.packages.linux_3_10; +{ + boot.kernelPackages = pkgs.linuxKernel.packages.linux_3_10; +} ``` Note that this not only replaces the kernel, but also packages that are @@ -40,13 +42,15 @@ If you want to change the kernel configuration, you can use the instance, to enable support for the kernel debugger KGDB: ```nix -nixpkgs.config.packageOverrides = pkgs: pkgs.lib.recursiveUpdate pkgs { - linuxKernel.kernels.linux_5_10 = pkgs.linuxKernel.kernels.linux_5_10.override { - extraConfig = '' - KGDB y - ''; +{ + nixpkgs.config.packageOverrides = pkgs: pkgs.lib.recursiveUpdate pkgs { + linuxKernel.kernels.linux_5_10 = pkgs.linuxKernel.kernels.linux_5_10.override { + extraConfig = '' + KGDB y + ''; + }; }; -}; +} ``` `extraConfig` takes a list of Linux kernel configuration options, one @@ -59,14 +63,18 @@ by `udev`. You can force a module to be loaded via [](#opt-boot.kernelModules), e.g. ```nix -boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; +{ + boot.kernelModules = [ "fuse" "kvm-intel" "coretemp" ]; +} ``` If the module is required early during the boot (e.g. to mount the root file system), you can use [](#opt-boot.initrd.kernelModules): ```nix -boot.initrd.kernelModules = [ "cifs" ]; +{ + boot.initrd.kernelModules = [ "cifs" ]; +} ``` This causes the specified modules and their dependencies to be added to @@ -76,7 +84,9 @@ Kernel runtime parameters can be set through [](#opt-boot.kernel.sysctl), e.g. ```nix -boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120; +{ + boot.kernel.sysctl."net.ipv4.tcp_keepalive_time" = 120; +} ``` sets the kernel's TCP keepalive time to 120 seconds. To see the @@ -89,7 +99,9 @@ Please refer to the Nixpkgs manual for the various ways of [building a custom ke To use your custom kernel package in your NixOS configuration, set ```nix -boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel; +{ + boot.kernelPackages = pkgs.linuxPackagesFor yourCustomKernel; +} ``` ## Rust {#sec-linux-rust} @@ -99,15 +111,17 @@ default. For kernel versions 6.7 or newer, experimental Rust support can be enabled. In a NixOS configuration, set: ```nix -boot.kernelPatches = [ - { - name = "Rust Support"; - patch = null; - features = { - rust = true; - }; - } -]; +{ + boot.kernelPatches = [ + { + name = "Rust Support"; + patch = null; + features = { + rust = true; + }; + } + ]; +} ``` ## Developing kernel modules {#sec-linux-config-developing-modules} diff --git a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md index 7615b95aef42..4d2f625073d4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/luks-file-systems.section.md @@ -29,15 +29,19 @@ system is automatically mounted at boot time as `/`, add the following to `configuration.nix`: ```nix -boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; -fileSystems."/".device = "/dev/mapper/crypted"; +{ + boot.initrd.luks.devices.crypted.device = "/dev/disk/by-uuid/3f6b0024-3a44-4fde-a43a-767b872abe5d"; + fileSystems."/".device = "/dev/mapper/crypted"; +} ``` Should grub be used as bootloader, and `/boot` is located on an encrypted partition, it is necessary to add the following grub option: ```nix -boot.loader.grub.enableCryptodisk = true; +{ + boot.loader.grub.enableCryptodisk = true; +} ``` ## FIDO2 {#sec-luks-file-systems-fido2} @@ -68,8 +72,10 @@ To ensure that this file system is decrypted using the FIDO2 compatible key, add the following to `configuration.nix`: ```nix -boot.initrd.luks.fido2Support = true; -boot.initrd.luks.devices."/dev/sda2".fido2.credential = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; +{ + boot.initrd.luks.fido2Support = true; + boot.initrd.luks.devices."/dev/sda2".fido2.credential = "f1d00200108b9d6e849a8b388da457688e3dd653b4e53770012d8f28e5d3b269865038c346802f36f3da7278b13ad6a3bb6a1452e24ebeeaa24ba40eef559b1b287d2a2f80b7"; +} ``` You can also use the FIDO2 passwordless setup, but for security reasons, @@ -77,7 +83,9 @@ you might want to enable it only when your device is PIN protected, such as [Trezor](https://trezor.io/). ```nix -boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true; +{ + boot.initrd.luks.devices."/dev/sda2".fido2.passwordLess = true; +} ``` ### systemd Stage 1 {#sec-luks-file-systems-fido2-systemd} @@ -88,13 +96,15 @@ unlocking the existing LUKS2 volume `root` using any enrolled FIDO2 compatible tokens. ```nix -boot.initrd = { - luks.devices.root = { - crypttabExtraOpts = [ "fido2-device=auto" ]; - device = "/dev/sda2"; +{ + boot.initrd = { + luks.devices.root = { + crypttabExtraOpts = [ "fido2-device=auto" ]; + device = "/dev/sda2"; + }; + systemd.enable = true; }; - systemd.enable = true; -}; +} ``` All tokens that should be used for unlocking the LUKS2-encrypted volume must diff --git a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md index f4a566d66973..cb9f543797d2 100644 --- a/nixpkgs/nixos/doc/manual/configuration/modularity.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/modularity.section.md @@ -16,7 +16,7 @@ including them from `configuration.nix`, e.g.: { imports = [ ./vpn.nix ./kde.nix ]; services.httpd.enable = true; environment.systemPackages = [ pkgs.emacs ]; - ... + # ... } ``` @@ -42,7 +42,9 @@ merged last, so for list-type options, it will appear at the end of the merged list. If you want it to appear first, you can use `mkBefore`: ```nix -boot.kernelModules = mkBefore [ "kvm-intel" ]; +{ + boot.kernelModules = mkBefore [ "kvm-intel" ]; +} ``` This causes the `kvm-intel` kernel module to be loaded before any other @@ -60,7 +62,9 @@ When that happens, it's possible to force one definition take precedence over the others: ```nix -services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org"; +{ + services.httpd.adminAddr = pkgs.lib.mkForce "bob@example.org"; +} ``` When using multiple modules, you may need to access configuration values diff --git a/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md b/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md index 4bda21d34a10..8e8dfabbf3cd 100644 --- a/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/network-manager.section.md @@ -4,7 +4,9 @@ To facilitate network configuration, some desktop environments use NetworkManager. You can enable NetworkManager by setting: ```nix -networking.networkmanager.enable = true; +{ + networking.networkmanager.enable = true; +} ``` some desktop managers (e.g., GNOME) enable NetworkManager automatically @@ -14,7 +16,9 @@ All users that should have permission to change network settings must belong to the `networkmanager` group: ```nix -users.users.alice.extraGroups = [ "networkmanager" ]; +{ + users.users.alice.extraGroups = [ "networkmanager" ]; +} ``` NetworkManager is controlled using either `nmcli` or `nmtui` @@ -32,9 +36,11 @@ can be used together if desired. To do this you need to instruct NetworkManager to ignore those interfaces like: ```nix -networking.networkmanager.unmanaged = [ - "*" "except:type:wwan" "except:type:gsm" -]; +{ + networking.networkmanager.unmanaged = [ + "*" "except:type:wwan" "except:type:gsm" + ]; +} ``` Refer to the option description for the exact syntax and references to diff --git a/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md b/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md index 592fb7c2e6f7..7027a6f426d4 100644 --- a/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/overlayfs.section.md @@ -4,21 +4,23 @@ NixOS offers a convenient abstraction to create both read-only as well writable overlays. ```nix -fileSystems = { - "/writable-overlay" = { - overlay = { - lowerdir = [ writableOverlayLowerdir ]; - upperdir = "/.rw-writable-overlay/upper"; - workdir = "/.rw-writable-overlay/work"; +{ + fileSystems = { + "/writable-overlay" = { + overlay = { + lowerdir = [ writableOverlayLowerdir ]; + upperdir = "/.rw-writable-overlay/upper"; + workdir = "/.rw-writable-overlay/work"; + }; + # Mount the writable overlay in the initrd. + neededForBoot = true; }; - # Mount the writable overlay in the initrd. - neededForBoot = true; + "/readonly-overlay".overlay.lowerdir = [ + writableOverlayLowerdir + writableOverlayLowerdir2 + ]; }; - "/readonly-overlay".overlay.lowerdir = [ - writableOverlayLowerdir - writableOverlayLowerdir2 - ]; -}; +} ``` If `upperdir` and `workdir` are not null, they will be created before the diff --git a/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md b/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md index 9f6c11b0d59d..6161d48e353f 100644 --- a/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/profiles.chapter.md @@ -8,9 +8,11 @@ is to say, expected usage is to add them to the imports list of your `/etc/configuration.nix` as such: ```nix -imports = [ - <nixpkgs/nixos/modules/profiles/profile-name.nix> -]; +{ + imports = [ + <nixpkgs/nixos/modules/profiles/profile-name.nix> + ]; +} ``` Even if some of these profiles seem only useful in the context of diff --git a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md index 5b515e9f82a0..4804e35f8a24 100644 --- a/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/renaming-interfaces.section.md @@ -25,10 +25,12 @@ we assign the name `wan` to the interface with MAC address `52:54:00:12:01:01` using a netword link unit: ```nix -systemd.network.links."10-wan" = { - matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; - linkConfig.Name = "wan"; -}; +{ + systemd.network.links."10-wan" = { + matchConfig.PermanentMACAddress = "52:54:00:12:01:01"; + linkConfig.Name = "wan"; + }; +} ``` Note that links are directly read by udev, *not networkd*, and will work @@ -37,10 +39,12 @@ even if networkd is disabled. Alternatively, we can use a plain old udev rule: ```nix -boot.initrd.services.udev.rules = '' - SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \ - ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan" -''; +{ + boot.initrd.services.udev.rules = '' + SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", \ + ATTR{address}=="52:54:00:12:01:01", KERNEL=="eth*", NAME="wan" + ''; +} ``` ::: {.warning} diff --git a/nixpkgs/nixos/doc/manual/configuration/ssh.section.md b/nixpkgs/nixos/doc/manual/configuration/ssh.section.md index 9e239a848178..8754e3d9ccaf 100644 --- a/nixpkgs/nixos/doc/manual/configuration/ssh.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/ssh.section.md @@ -3,7 +3,9 @@ Secure shell (SSH) access to your machine can be enabled by setting: ```nix -services.openssh.enable = true; +{ + services.openssh.enable = true; +} ``` By default, root logins using a password are disallowed. They can be @@ -14,6 +16,8 @@ You can declaratively specify authorised RSA/DSA public keys for a user as follows: ```nix -users.users.alice.openssh.authorizedKeys.keys = - [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; +{ + users.users.alice.openssh.authorizedKeys.keys = + [ "ssh-dss AAAAB3NzaC1kc3MAAACBAPIkGWVEt4..." ]; +} ``` diff --git a/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md b/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md index ff870f5c40b9..2436138669fe 100644 --- a/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/subversion.chapter.md @@ -21,9 +21,11 @@ Apache HTTP, setting [](#opt-services.httpd.adminAddr) appropriately: ```nix -services.httpd.enable = true; -services.httpd.adminAddr = ...; -networking.firewall.allowedTCPPorts = [ 80 443 ]; +{ + services.httpd.enable = true; + services.httpd.adminAddr = "..."; + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} ``` For a simple Subversion server with basic authentication, configure the @@ -34,25 +36,28 @@ the `.authz` file describing access permission, and `AuthUserFile` to the password file. ```nix -services.httpd.extraModules = [ - # note that order is *super* important here - { name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; } - { name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; } - ]; - services.httpd.virtualHosts = { - "svn" = { - hostName = HOSTNAME; - documentRoot = DOCUMENTROOT; - locations."/svn".extraConfig = '' - DAV svn - SVNParentPath REPO_PARENT - AuthzSVNAccessFile ACCESS_FILE - AuthName "SVN Repositories" - AuthType Basic - AuthUserFile PASSWORD_FILE - Require valid-user - ''; - } +{ + services.httpd.extraModules = [ + # note that order is *super* important here + { name = "dav_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_dav_svn.so"; } + { name = "authz_svn"; path = "${pkgs.apacheHttpdPackages.subversion}/modules/mod_authz_svn.so"; } + ]; + services.httpd.virtualHosts = { + "svn" = { + hostName = HOSTNAME; + documentRoot = DOCUMENTROOT; + locations."/svn".extraConfig = '' + DAV svn + SVNParentPath REPO_PARENT + AuthzSVNAccessFile ACCESS_FILE + AuthName "SVN Repositories" + AuthType Basic + AuthUserFile PASSWORD_FILE + Require valid-user + ''; + }; + }; +} ``` The key `"svn"` is just a symbolic name identifying the virtual host. @@ -90,7 +95,7 @@ $ htpasswd -s PASSWORD_FILE USER_NAME The file describing access permissions `ACCESS_FILE` will look something like the following: -```nix +``` [/] * = r diff --git a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md index 71d61ce4c641..7d83121d41e0 100644 --- a/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/user-mgmt.chapter.md @@ -6,13 +6,15 @@ management. In the declarative style, users are specified in account named `alice` shall exist: ```nix -users.users.alice = { - isNormalUser = true; - home = "/home/alice"; - description = "Alice Foobar"; - extraGroups = [ "wheel" "networkmanager" ]; - openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; -}; +{ + users.users.alice = { + isNormalUser = true; + home = "/home/alice"; + description = "Alice Foobar"; + extraGroups = [ "wheel" "networkmanager" ]; + openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... alice@foobar" ]; + }; +} ``` Note that `alice` is a member of the `wheel` and `networkmanager` @@ -38,7 +40,9 @@ A user ID (uid) is assigned automatically. You can also specify a uid manually by adding ```nix -uid = 1000; +{ + uid = 1000; +} ``` to the user specification. @@ -47,7 +51,9 @@ Groups can be specified similarly. The following states that a group named `students` shall exist: ```nix -users.groups.students.gid = 1000; +{ + users.groups.students.gid = 1000; +} ``` As with users, the group ID (gid) is optional and will be assigned @@ -100,7 +106,9 @@ Instead of using a custom perl script to create users and groups, you can use systemd-sysusers: ```nix -systemd.sysusers.enable = true; +{ + systemd.sysusers.enable = true; +} ``` The primary benefit of this is to remove a dependency on perl. diff --git a/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md b/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md index 0f195bd66567..27c027d38514 100644 --- a/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/wayland.chapter.md @@ -9,7 +9,9 @@ a Wayland Compositor such as sway without separately enabling a Wayland server: ```nix +{ programs.sway.enable = true; +} ``` This installs the sway compositor along with some essential utilities. @@ -19,7 +21,9 @@ If you are using a wlroots-based compositor, like sway, and want to be able to share your screen, you might want to activate this option: ```nix -xdg.portal.wlr.enable = true; +{ + xdg.portal.wlr.enable = true; +} ``` and configure Pipewire using diff --git a/nixpkgs/nixos/doc/manual/configuration/wireless.section.md b/nixpkgs/nixos/doc/manual/configuration/wireless.section.md index 3299d2d7ecb8..df828698cf03 100644 --- a/nixpkgs/nixos/doc/manual/configuration/wireless.section.md +++ b/nixpkgs/nixos/doc/manual/configuration/wireless.section.md @@ -7,25 +7,29 @@ skip the rest of this section on wireless networks. NixOS will start wpa_supplicant for you if you enable this setting: ```nix -networking.wireless.enable = true; +{ + networking.wireless.enable = true; +} ``` NixOS lets you specify networks for wpa_supplicant declaratively: ```nix -networking.wireless.networks = { - echelon = { # SSID with no spaces or special characters - psk = "abcdefgh"; - }; - "echelon's AP" = { # SSID with spaces and/or special characters - psk = "ijklmnop"; - }; - echelon = { # Hidden SSID - hidden = true; - psk = "qrstuvwx"; +{ + networking.wireless.networks = { + echelon = { # SSID with no spaces or special characters + psk = "abcdefgh"; + }; + "echelon's AP" = { # SSID with spaces and/or special characters + psk = "ijklmnop"; + }; + echelon = { # Hidden SSID + hidden = true; + psk = "qrstuvwx"; + }; + free.wifi = {}; # Public wireless network }; - free.wifi = {}; # Public wireless network -}; +} ``` Be aware that keys will be written to the nix store in plaintext! When @@ -46,11 +50,13 @@ network={ ``` ```nix -networking.wireless.networks = { - echelon = { - pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435"; +{ + networking.wireless.networks = { + echelon = { + pskRaw = "dca6d6ed41f4ab5a984c9f55f6f66d4efdc720ebf66959810f4329bb391c5435"; + }; }; -}; +} ``` or you can use it to directly generate the `wpa_supplicant.conf`: diff --git a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md index bf1872ae01ac..8162e38e9f5b 100644 --- a/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/x-windows.chapter.md @@ -4,7 +4,9 @@ The X Window System (X11) provides the basis of NixOS' graphical user interface. It can be enabled as follows: ```nix -services.xserver.enable = true; +{ + services.xserver.enable = true; +} ``` The X server will automatically detect and use the appropriate video @@ -12,7 +14,9 @@ driver from a set of X.org drivers (such as `vesa` and `intel`). You can also specify a driver manually, e.g. ```nix -services.xserver.videoDrivers = [ "r128" ]; +{ + services.xserver.videoDrivers = [ "r128" ]; +} ``` to enable X.org's `xf86-video-r128` driver. @@ -22,15 +26,17 @@ Otherwise, you can only log into a plain undecorated `xterm` window. Thus you should pick one or more of the following lines: ```nix -services.xserver.desktopManager.plasma5.enable = true; -services.xserver.desktopManager.xfce.enable = true; -services.xserver.desktopManager.gnome.enable = true; -services.xserver.desktopManager.mate.enable = true; -services.xserver.windowManager.xmonad.enable = true; -services.xserver.windowManager.twm.enable = true; -services.xserver.windowManager.icewm.enable = true; -services.xserver.windowManager.i3.enable = true; -services.xserver.windowManager.herbstluftwm.enable = true; +{ + services.xserver.desktopManager.plasma5.enable = true; + services.xserver.desktopManager.xfce.enable = true; + services.xserver.desktopManager.gnome.enable = true; + services.xserver.desktopManager.mate.enable = true; + services.xserver.windowManager.xmonad.enable = true; + services.xserver.windowManager.twm.enable = true; + services.xserver.windowManager.icewm.enable = true; + services.xserver.windowManager.i3.enable = true; + services.xserver.windowManager.herbstluftwm.enable = true; +} ``` NixOS's default *display manager* (the program that provides a graphical @@ -38,22 +44,28 @@ login prompt and manages the X server) is LightDM. You can select an alternative one by picking one of the following lines: ```nix -services.xserver.displayManager.sddm.enable = true; -services.xserver.displayManager.gdm.enable = true; +{ + services.xserver.displayManager.sddm.enable = true; + services.xserver.displayManager.gdm.enable = true; +} ``` You can set the keyboard layout (and optionally the layout variant): ```nix -services.xserver.xkb.layout = "de"; -services.xserver.xkb.variant = "neo"; +{ + services.xserver.xkb.layout = "de"; + services.xserver.xkb.variant = "neo"; +} ``` The X server is started automatically at boot time. If you don't want this to happen, you can set: ```nix -services.xserver.autorun = false; +{ + services.xserver.autorun = false; +} ``` The X server can then be started manually: @@ -66,7 +78,9 @@ On 64-bit systems, if you want OpenGL for 32-bit programs such as in Wine, you should also set the following: ```nix -hardware.opengl.driSupport32Bit = true; +{ + hardware.opengl.driSupport32Bit = true; +} ``` ## Auto-login {#sec-x11-auto-login} @@ -84,16 +98,20 @@ desktop environment. If you wanted no desktop environment and i3 as your your window manager, you'd define: ```nix -services.xserver.displayManager.defaultSession = "none+i3"; +{ + services.xserver.displayManager.defaultSession = "none+i3"; +} ``` Every display manager in NixOS supports auto-login, here is an example using lightdm for a user `alice`: ```nix -services.xserver.displayManager.lightdm.enable = true; -services.xserver.displayManager.autoLogin.enable = true; -services.xserver.displayManager.autoLogin.user = "alice"; +{ + services.xserver.displayManager.lightdm.enable = true; + services.xserver.displayManager.autoLogin.enable = true; + services.xserver.displayManager.autoLogin.user = "alice"; +} ``` ## Intel Graphics drivers {#sec-x11--graphics-cards-intel} @@ -119,18 +137,22 @@ drivers. Use the option to set one. The recommended configuration for modern systems is: ```nix -services.xserver.videoDrivers = [ "modesetting" ]; +{ + services.xserver.videoDrivers = [ "modesetting" ]; +} ``` If you experience screen tearing no matter what, this configuration was reported to resolve the issue: ```nix -services.xserver.videoDrivers = [ "intel" ]; -services.xserver.deviceSection = '' - Option "DRI" "2" - Option "TearFree" "true" -''; +{ + services.xserver.videoDrivers = [ "intel" ]; + services.xserver.deviceSection = '' + Option "DRI" "2" + Option "TearFree" "true" + ''; +} ``` Note that this will likely downgrade the performance compared to @@ -143,17 +165,19 @@ better 3D performance than the X.org drivers. It is not enabled by default because it's not free software. You can enable it as follows: ```nix -services.xserver.videoDrivers = [ "nvidia" ]; +{ + services.xserver.videoDrivers = [ "nvidia" ]; +} ``` -Or if you have an older card, you may have to use one of the legacy -drivers: +If you have an older card, you may have to use one of the legacy drivers: ```nix -services.xserver.videoDrivers = [ "nvidiaLegacy470" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy390" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy340" ]; -services.xserver.videoDrivers = [ "nvidiaLegacy304" ]; +{ + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_390; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_340; +} ``` You may need to reboot after enabling this driver to prevent a clash @@ -168,7 +192,9 @@ performance. If you still want to use it anyway, you need to explicitly set: ```nix -services.xserver.videoDrivers = [ "amdgpu-pro" ]; +{ + services.xserver.videoDrivers = [ "amdgpu-pro" ]; +} ``` You will need to reboot after enabling this driver to prevent a clash @@ -180,14 +206,18 @@ Support for Synaptics touchpads (found in many laptops such as the Dell Latitude series) can be enabled as follows: ```nix -services.xserver.libinput.enable = true; +{ + services.xserver.libinput.enable = true; +} ``` The driver has many options (see [](#ch-options)). For instance, the following disables tap-to-click behavior: ```nix -services.xserver.libinput.touchpad.tapping = false; +{ + services.xserver.libinput.touchpad.tapping = false; +} ``` Note: the use of `services.xserver.synaptics` is deprecated since NixOS @@ -200,9 +230,11 @@ GTK themes can be installed either to user profile or system-wide (via GTK ones, you can use the following configuration: ```nix -qt.enable = true; -qt.platformTheme = "gtk2"; -qt.style = "gtk2"; +{ + qt.enable = true; + qt.platformTheme = "gtk2"; + qt.style = "gtk2"; +} ``` ## Custom XKB layouts {#custom-xkb-layouts} @@ -219,7 +251,7 @@ Create a file called `us-greek` with the following content (under a directory called `symbols`; it's an XKB peculiarity that will help with testing): -```nix +``` xkb_symbols "us-greek" { include "us(basic)" // includes the base US keys @@ -236,11 +268,13 @@ xkb_symbols "us-greek" A minimal layout specification must include the following: ```nix -services.xserver.xkb.extraLayouts.us-greek = { - description = "US layout with alt-gr greek"; - languages = [ "eng" ]; - symbolsFile = /yourpath/symbols/us-greek; -}; +{ + services.xserver.xkb.extraLayouts.us-greek = { + description = "US layout with alt-gr greek"; + languages = [ "eng" ]; + symbolsFile = /yourpath/symbols/us-greek; + }; +} ``` ::: {.note} @@ -277,7 +311,7 @@ Use the *xev* utility from `pkgs.xorg.xev` to find the codes of the keys of interest, then create a `media-key` file to hold the keycodes definitions -```nix +``` xkb_keycodes "media" { <volUp> = 123; @@ -287,7 +321,7 @@ xkb_keycodes "media" Now use the newly define keycodes in `media-sym`: -```nix +``` xkb_symbols "media" { key.type = "ONE_LEVEL"; @@ -299,12 +333,14 @@ xkb_symbols "media" As before, to install the layout do ```nix -services.xserver.xkb.extraLayouts.media = { - description = "Multimedia keys remapping"; - languages = [ "eng" ]; - symbolsFile = /path/to/media-key; - keycodesFile = /path/to/media-sym; -}; +{ + services.xserver.xkb.extraLayouts.media = { + description = "Multimedia keys remapping"; + languages = [ "eng" ]; + symbolsFile = /path/to/media-key; + keycodesFile = /path/to/media-sym; + }; +} ``` ::: {.note} @@ -320,7 +356,9 @@ workaround, you can set the keymap using `setxkbmap` at the start of the session with: ```nix -services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media"; +{ + services.xserver.displayManager.sessionCommands = "setxkbmap -keycodes media"; +} ``` If you are manually starting the X server, you should set the argument diff --git a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md index 9ec4a51d6e35..fcc9bcc45641 100644 --- a/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md +++ b/nixpkgs/nixos/doc/manual/configuration/xfce.chapter.md @@ -3,21 +3,25 @@ To enable the Xfce Desktop Environment, set ```nix -services.xserver.desktopManager.xfce.enable = true; -services.xserver.displayManager.defaultSession = "xfce"; +{ + services.xserver.desktopManager.xfce.enable = true; + services.xserver.displayManager.defaultSession = "xfce"; +} ``` Optionally, *picom* can be enabled for nice graphical effects, some example settings: ```nix -services.picom = { - enable = true; - fade = true; - inactiveOpacity = 0.9; - shadow = true; - fadeDelta = 4; -}; +{ + services.picom = { + enable = true; + fade = true; + inactiveOpacity = 0.9; + shadow = true; + fadeDelta = 4; + }; +} ``` Some Xfce programs are not installed automatically. To install them diff --git a/nixpkgs/nixos/doc/manual/development/activation-script.section.md b/nixpkgs/nixos/doc/manual/development/activation-script.section.md index cc317a6a01aa..f771c3524b79 100644 --- a/nixpkgs/nixos/doc/manual/development/activation-script.section.md +++ b/nixpkgs/nixos/doc/manual/development/activation-script.section.md @@ -17,13 +17,15 @@ activation script will take these dependencies into account and order the snippets accordingly. As a simple example: ```nix -system.activationScripts.my-activation-script = { - deps = [ "etc" ]; - # supportsDryActivation = true; - text = '' - echo "Hallo i bims" - ''; -}; +{ + system.activationScripts.my-activation-script = { + deps = [ "etc" ]; + # supportsDryActivation = true; + text = '' + echo "Hallo i bims" + ''; + }; +} ``` This example creates an activation script snippet that is run after the `etc` diff --git a/nixpkgs/nixos/doc/manual/development/assertions.section.md b/nixpkgs/nixos/doc/manual/development/assertions.section.md index cc6d81e56990..eb5158c90f98 100644 --- a/nixpkgs/nixos/doc/manual/development/assertions.section.md +++ b/nixpkgs/nixos/doc/manual/development/assertions.section.md @@ -18,7 +18,7 @@ This is an example of using `warnings`. This is known to cause some specific problems in certain situations. '' ] else []; - } + }; } ``` @@ -35,6 +35,6 @@ This example, extracted from the [`syslogd` module](https://github.com/NixOS/nix message = "rsyslogd conflicts with syslogd"; } ]; - } + }; } ``` diff --git a/nixpkgs/nixos/doc/manual/development/etc-overlay.section.md b/nixpkgs/nixos/doc/manual/development/etc-overlay.section.md index e6f6d8d4ca1e..d8588f508a26 100644 --- a/nixpkgs/nixos/doc/manual/development/etc-overlay.section.md +++ b/nixpkgs/nixos/doc/manual/development/etc-overlay.section.md @@ -9,7 +9,9 @@ Instead of using a custom perl script to activate `/etc`, you activate it via an overlay filesystem: ```nix -system.etc.overlay.enable = true; +{ + system.etc.overlay.enable = true; +} ``` Using an overlay has two benefits: @@ -22,7 +24,9 @@ upper layer). However, you can also mount `/etc` immutably (i.e. read-only) by setting: ```nix -system.etc.overlay.mutable = false; +{ + system.etc.overlay.mutable = false; +} ``` The overlay is atomically replaced during system switch. However, files that diff --git a/nixpkgs/nixos/doc/manual/development/meta-attributes.section.md b/nixpkgs/nixos/doc/manual/development/meta-attributes.section.md index 33b41fe74d29..b2ad23e58b94 100644 --- a/nixpkgs/nixos/doc/manual/development/meta-attributes.section.md +++ b/nixpkgs/nixos/doc/manual/development/meta-attributes.section.md @@ -14,11 +14,11 @@ file. { config, lib, pkgs, ... }: { options = { - ... + # ... }; config = { - ... + # ... }; meta = { diff --git a/nixpkgs/nixos/doc/manual/development/non-switchable-systems.section.md b/nixpkgs/nixos/doc/manual/development/non-switchable-systems.section.md index 87bb46c78909..a51e8233f30b 100644 --- a/nixpkgs/nixos/doc/manual/development/non-switchable-systems.section.md +++ b/nixpkgs/nixos/doc/manual/development/non-switchable-systems.section.md @@ -9,7 +9,7 @@ profile: ```nix { modulesPath, ... }: { - imports = [ "${modulesPath}/profiles/image-based-appliance.nix" ] + imports = [ "${modulesPath}/profiles/image-based-appliance.nix" ]; } ``` diff --git a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md index 762070416187..ad5857b11a2e 100644 --- a/nixpkgs/nixos/doc/manual/development/option-declarations.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-declarations.section.md @@ -6,14 +6,16 @@ hasn't been declared in any module. An option declaration generally looks like this: ```nix -options = { - name = mkOption { - type = type specification; - default = default value; - example = example value; - description = lib.mdDoc "Description for use in the NixOS manual."; +{ + options = { + name = mkOption { + type = type specification; + default = default value; + example = example value; + description = lib.mdDoc "Description for use in the NixOS manual."; + }; }; -}; +} ``` The attribute names within the `name` attribute path must be camel @@ -221,28 +223,34 @@ enforces that there can only be a single display manager enabled. ::: {#ex-option-declaration-eot-service .example} ### Extensible type placeholder in the service module ```nix -services.xserver.displayManager.enable = mkOption { - description = "Display manager to use"; - type = with types; nullOr (enum [ ]); -}; +{ + services.xserver.displayManager.enable = mkOption { + description = "Display manager to use"; + type = with types; nullOr (enum [ ]); + }; +} ``` ::: ::: {#ex-option-declaration-eot-backend-gdm .example} ### Extending `services.xserver.displayManager.enable` in the `gdm` module ```nix -services.xserver.displayManager.enable = mkOption { - type = with types; nullOr (enum [ "gdm" ]); -}; +{ + services.xserver.displayManager.enable = mkOption { + type = with types; nullOr (enum [ "gdm" ]); + }; +} ``` ::: ::: {#ex-option-declaration-eot-backend-sddm .example} ### Extending `services.xserver.displayManager.enable` in the `sddm` module ```nix -services.xserver.displayManager.enable = mkOption { - type = with types; nullOr (enum [ "sddm" ]); -}; +{ + services.xserver.displayManager.enable = mkOption { + type = with types; nullOr (enum [ "sddm" ]); + }; +} ``` ::: diff --git a/nixpkgs/nixos/doc/manual/development/option-def.section.md b/nixpkgs/nixos/doc/manual/development/option-def.section.md index 6a3dc26b99be..227f41d812ff 100644 --- a/nixpkgs/nixos/doc/manual/development/option-def.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-def.section.md @@ -4,9 +4,11 @@ Option definitions are generally straight-forward bindings of values to option names, like ```nix -config = { - services.httpd.enable = true; -}; +{ + config = { + services.httpd.enable = true; + }; +} ``` However, sometimes you need to wrap an option definition or set of @@ -18,10 +20,12 @@ If a set of option definitions is conditional on the value of another option, you may need to use `mkIf`. Consider, for instance: ```nix -config = if config.services.httpd.enable then { - environment.systemPackages = [ ... ]; - ... -} else {}; +{ + config = if config.services.httpd.enable then { + environment.systemPackages = [ /* ... */ ]; + # ... + } else {}; +} ``` This definition will cause Nix to fail with an "infinite recursion" @@ -30,30 +34,36 @@ on the value being constructed here. After all, you could also write the clearly circular and contradictory: ```nix -config = if config.services.httpd.enable then { - services.httpd.enable = false; -} else { - services.httpd.enable = true; -}; +{ + config = if config.services.httpd.enable then { + services.httpd.enable = false; + } else { + services.httpd.enable = true; + }; +} ``` The solution is to write: ```nix -config = mkIf config.services.httpd.enable { - environment.systemPackages = [ ... ]; - ... -}; +{ + config = mkIf config.services.httpd.enable { + environment.systemPackages = [ /* ... */ ]; + # ... + }; +} ``` The special function `mkIf` causes the evaluation of the conditional to be "pushed down" into the individual definitions, as if you had written: ```nix -config = { - environment.systemPackages = if config.services.httpd.enable then [ ... ] else []; - ... -}; +{ + config = { + environment.systemPackages = if config.services.httpd.enable then [ /* ... */ ] else []; + # ... + }; +} ``` ## Setting Priorities {#sec-option-definitions-setting-priorities} @@ -65,7 +75,9 @@ priority 100 and option defaults have priority 1500. You can specify an explicit priority by using `mkOverride`, e.g. ```nix -services.openssh.enable = mkOverride 10 false; +{ + services.openssh.enable = mkOverride 10 false; +} ``` This definition causes all other definitions with priorities above 10 to @@ -80,7 +92,9 @@ The functions `mkBefore` and `mkAfter` are equal to `mkOrder 500` and `mkOrder 1 As an example, ```nix -hardware.firmware = mkBefore [ myFirmware ]; +{ + hardware.firmware = mkBefore [ myFirmware ]; +} ``` This definition ensures that `myFirmware` comes before other unordered @@ -97,13 +111,15 @@ they were declared in separate modules. This can be done using `mkMerge`: ```nix -config = mkMerge - [ # Unconditional stuff. - { environment.systemPackages = [ ... ]; - } - # Conditional stuff. - (mkIf config.services.bla.enable { - environment.systemPackages = [ ... ]; - }) - ]; +{ + config = mkMerge + [ # Unconditional stuff. + { environment.systemPackages = [ /* ... */ ]; + } + # Conditional stuff. + (mkIf config.services.bla.enable { + environment.systemPackages = [ /* ... */ ]; + }) + ]; +} ``` diff --git a/nixpkgs/nixos/doc/manual/development/option-types.section.md b/nixpkgs/nixos/doc/manual/development/option-types.section.md index 04edf99e70b0..243039b01673 100644 --- a/nixpkgs/nixos/doc/manual/development/option-types.section.md +++ b/nixpkgs/nixos/doc/manual/development/option-types.section.md @@ -374,19 +374,21 @@ if you want to allow users to leave it undefined. ::: {#ex-submodule-direct .example} ### Directly defined submodule ```nix -options.mod = mkOption { - description = "submodule example"; - type = with types; submodule { - options = { - foo = mkOption { - type = int; - }; - bar = mkOption { - type = str; +{ + options.mod = mkOption { + description = "submodule example"; + type = with types; submodule { + options = { + foo = mkOption { + type = int; + }; + bar = mkOption { + type = str; + }; }; }; }; -}; +} ``` ::: @@ -405,10 +407,12 @@ let }; }; in -options.mod = mkOption { - description = "submodule example"; - type = with types; submodule modOptions; -}; +{ + options.mod = mkOption { + description = "submodule example"; + type = with types; submodule modOptions; + }; +} ``` ::: @@ -421,29 +425,33 @@ multiple definitions of the submodule option set ::: {#ex-submodule-listof-declaration .example} ### Declaration of a list of submodules ```nix -options.mod = mkOption { - description = "submodule example"; - type = with types; listOf (submodule { - options = { - foo = mkOption { - type = int; - }; - bar = mkOption { - type = str; +{ + options.mod = mkOption { + description = "submodule example"; + type = with types; listOf (submodule { + options = { + foo = mkOption { + type = int; + }; + bar = mkOption { + type = str; + }; }; - }; - }); -}; + }); + }; +} ``` ::: ::: {#ex-submodule-listof-definition .example} ### Definition of a list of submodules ```nix -config.mod = [ - { foo = 1; bar = "one"; } - { foo = 2; bar = "two"; } -]; +{ + config.mod = [ + { foo = 1; bar = "one"; } + { foo = 2; bar = "two"; } + ]; +} ``` ::: @@ -455,27 +463,31 @@ multiple named definitions of the submodule option set ::: {#ex-submodule-attrsof-declaration .example} ### Declaration of attribute sets of submodules ```nix -options.mod = mkOption { - description = "submodule example"; - type = with types; attrsOf (submodule { - options = { - foo = mkOption { - type = int; - }; - bar = mkOption { - type = str; +{ + options.mod = mkOption { + description = "submodule example"; + type = with types; attrsOf (submodule { + options = { + foo = mkOption { + type = int; + }; + bar = mkOption { + type = str; + }; }; - }; - }); -}; + }); + }; +} ``` ::: ::: {#ex-submodule-attrsof-definition .example} ### Definition of attribute sets of submodules ```nix -config.mod.one = { foo = 1; bar = "one"; }; -config.mod.two = { foo = 2; bar = "two"; }; +{ + config.mod.one = { foo = 1; bar = "one"; }; + config.mod.two = { foo = 2; bar = "two"; }; +} ``` ::: @@ -495,10 +507,12 @@ Types are mainly characterized by their `check` and `merge` functions. ### Adding a type check ```nix - byte = mkOption { - description = "An integer between 0 and 255."; - type = types.addCheck types.int (x: x >= 0 && x <= 255); - }; + { + byte = mkOption { + description = "An integer between 0 and 255."; + type = types.addCheck types.int (x: x >= 0 && x <= 255); + }; + } ``` ::: @@ -506,12 +520,14 @@ Types are mainly characterized by their `check` and `merge` functions. ### Overriding a type check ```nix - nixThings = mkOption { - description = "words that start with 'nix'"; - type = types.str // { - check = (x: lib.hasPrefix "nix" x) + { + nixThings = mkOption { + description = "words that start with 'nix'"; + type = types.str // { + check = (x: lib.hasPrefix "nix" x); + }; }; - }; + } ``` ::: diff --git a/nixpkgs/nixos/doc/manual/development/settings-options.section.md b/nixpkgs/nixos/doc/manual/development/settings-options.section.md index 71ec9bbc8892..806eee563790 100644 --- a/nixpkgs/nixos/doc/manual/development/settings-options.section.md +++ b/nixpkgs/nixos/doc/manual/development/settings-options.section.md @@ -248,28 +248,30 @@ up in the manual. ::: {#ex-settings-typed-attrs .example} ### Declaring a type-checked `settings` attribute ```nix -settings = lib.mkOption { - type = lib.types.submodule { +{ + settings = lib.mkOption { + type = lib.types.submodule { + + freeformType = settingsFormat.type; + + # Declare an option for the port such that the type is checked and this option + # is shown in the manual. + options.port = lib.mkOption { + type = lib.types.port; + default = 8080; + description = '' + Which port this service should listen on. + ''; + }; - freeformType = settingsFormat.type; - - # Declare an option for the port such that the type is checked and this option - # is shown in the manual. - options.port = lib.mkOption { - type = lib.types.port; - default = 8080; - description = '' - Which port this service should listen on. - ''; }; - + default = {}; + description = '' + Configuration for Foo, see + <link xlink:href="https://example.com/docs/foo"/> + for supported values. + ''; }; - default = {}; - description = '' - Configuration for Foo, see - <link xlink:href="https://example.com/docs/foo"/> - for supported values. - ''; -}; +} ``` ::: diff --git a/nixpkgs/nixos/doc/manual/development/unit-handling.section.md b/nixpkgs/nixos/doc/manual/development/unit-handling.section.md index d5ba6a9529d0..1f6a30d6ef34 100644 --- a/nixpkgs/nixos/doc/manual/development/unit-handling.section.md +++ b/nixpkgs/nixos/doc/manual/development/unit-handling.section.md @@ -94,11 +94,13 @@ To make an existing sysinit service restart correctly during system switch, you have to declare: ```nix -systemd.services.my-sysinit = { - requiredBy = [ "sysinit-reactivation.target" ]; - before = [ "sysinit-reactivation.target" ]; - restartTriggers = [ config.environment.etc."my-sysinit.d".source ]; -}; +{ + systemd.services.my-sysinit = { + requiredBy = [ "sysinit-reactivation.target" ]; + before = [ "sysinit-reactivation.target" ]; + restartTriggers = [ config.environment.etc."my-sysinit.d".source ]; + }; +} ``` You need to configure appropriate `restartTriggers` specific to your service. diff --git a/nixpkgs/nixos/doc/manual/development/writing-modules.chapter.md b/nixpkgs/nixos/doc/manual/development/writing-modules.chapter.md index 20157a21e890..67a5cc23a6aa 100644 --- a/nixpkgs/nixos/doc/manual/development/writing-modules.chapter.md +++ b/nixpkgs/nixos/doc/manual/development/writing-modules.chapter.md @@ -28,7 +28,7 @@ NixOS modules: ```nix { config, pkgs, ... }: -{ option definitions +{ # option definitions } ``` @@ -43,15 +43,15 @@ is shown in [Example: Structure of NixOS Modules](#ex-module-syntax). { imports = - [ paths of other modules + [ # paths of other modules ]; options = { - option declarations + # option declarations }; config = { - option definitions + # option definitions }; } ``` diff --git a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md index 50886376c240..3ce12f41c60f 100644 --- a/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md +++ b/nixpkgs/nixos/doc/manual/development/writing-nixos-tests.section.md @@ -8,10 +8,10 @@ A NixOS test is a module that has the following structure: # One or more machines: nodes = { machine = - { config, pkgs, ... }: { … }; + { config, pkgs, ... }: { /* ... */ }; machine2 = - { config, pkgs, ... }: { … }; - … + { config, pkgs, ... }: { /* ... */ }; + # … }; testScript = @@ -46,16 +46,20 @@ Tests are invoked differently depending on whether the test is part of NixOS or Tests that are part of NixOS are added to [`nixos/tests/all-tests.nix`](https://github.com/NixOS/nixpkgs/blob/master/nixos/tests/all-tests.nix). ```nix +{ hostname = runTest ./hostname.nix; +} ``` Overrides can be added by defining an anonymous module in `all-tests.nix`. ```nix +{ hostname = runTest { imports = [ ./hostname.nix ]; defaults.networking.firewall.enable = false; }; +} ``` You can run a test with attribute name `hostname` in `nixos/tests/all-tests.nix` by invoking: @@ -161,7 +165,7 @@ For faster dev cycles it's also possible to disable the code-linters skipLint = true; nodes.machine = { config, pkgs, ... }: - { configuration… + { # configuration… }; testScript = @@ -177,12 +181,14 @@ linter directly (again, don't commit this within the Nixpkgs repository): ```nix +{ testScript = '' # fmt: off Python code… # fmt: on ''; +} ``` Similarly, the type checking of test scripts can be disabled in the following @@ -193,7 +199,7 @@ way: skipTypeCheck = true; nodes.machine = { config, pkgs, ... }: - { configuration… + { # configuration… }; } ``` diff --git a/nixpkgs/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md b/nixpkgs/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md index 10bee156d113..5a552a54f531 100644 --- a/nixpkgs/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/building-images-via-systemd-repart.chapter.md @@ -18,11 +18,11 @@ An example of how to build an image: partitions = { "esp" = { contents = { - ... + # ... }; repartConfig = { Type = "esp"; - ... + # ... }; }; "root" = { @@ -30,7 +30,7 @@ An example of how to build an image: repartConfig = { Type = "root"; Label = "nixos"; - ... + # ... }; }; }; @@ -47,19 +47,21 @@ determined by the mount point, you have to set `stripNixStorePrefix = true;` so that the prefix is stripped from the paths before copying them into the image. ```nix -fileSystems."/nix/store".device = "/dev/disk/by-partlabel/nix-store" - -image.repart.partitions = { - "store" = { - storePaths = [ config.system.build.toplevel ]; - stripNixStorePrefix = true; - repartConfig = { - Type = "linux-generic"; - Label = "nix-store"; - ... +{ + fileSystems."/nix/store".device = "/dev/disk/by-partlabel/nix-store"; + + image.repart.partitions = { + "store" = { + storePaths = [ config.system.build.toplevel ]; + stripNixStorePrefix = true; + repartConfig = { + Type = "linux-generic"; + Label = "nix-store"; + # ... + }; }; }; -}; +} ``` ## Appliance Image {#sec-image-repart-appliance} diff --git a/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md b/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md index 9e56b15a880f..07a0074d17e7 100644 --- a/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/changing-config.chapter.md @@ -87,7 +87,9 @@ set `mutableUsers = false`. Another way is to temporarily add the following to your configuration: ```nix -users.users.your-user.initialHashedPassword = "test"; +{ + users.users.your-user.initialHashedPassword = "test"; +} ``` *Important:* delete the \$hostname.qcow2 file if you have started the diff --git a/nixpkgs/nixos/doc/manual/installation/installing-behind-a-proxy.section.md b/nixpkgs/nixos/doc/manual/installation/installing-behind-a-proxy.section.md index aca151531d0f..691f9c9ccf6d 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-behind-a-proxy.section.md +++ b/nixpkgs/nixos/doc/manual/installation/installing-behind-a-proxy.section.md @@ -7,8 +7,10 @@ To install NixOS behind a proxy, do the following before running keep the internet accessible after reboot. ```nix - networking.proxy.default = "http://user:password@proxy:port/"; - networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + { + networking.proxy.default = "http://user:password@proxy:port/"; + networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + } ``` 1. Setup the proxy environment variables in the shell where you are diff --git a/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.section.md b/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.section.md index 921592fe5357..10ac2be4e161 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.section.md +++ b/nixpkgs/nixos/doc/manual/installation/installing-from-other-distro.section.md @@ -89,12 +89,14 @@ The first steps to all these are the same: want to add something like this to your `configuration.nix`: ```nix - boot.loader.grub.extraEntries = '' - menuentry "Ubuntu" { - search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e - configfile "($ubuntu)/boot/grub/grub.cfg" - } - ''; + { + boot.loader.grub.extraEntries = '' + menuentry "Ubuntu" { + search --set=ubuntu --fs-uuid 3cc3e652-0c1f-4800-8451-033754f68e6e + configfile "($ubuntu)/boot/grub/grub.cfg" + } + ''; + } ``` (You can find the appropriate UUID for your partition in @@ -164,7 +166,9 @@ The first steps to all these are the same: `sudo passwd -l root` if you use `sudo`) ```nix - users.users.root.initialHashedPassword = ""; + { + users.users.root.initialHashedPassword = ""; + } ``` 1. Build the NixOS closure and install it in the `system` profile: diff --git a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.section.md b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.section.md index 004838e586be..4b9ae0a9c55f 100644 --- a/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.section.md +++ b/nixpkgs/nixos/doc/manual/installation/installing-virtualbox-guest.section.md @@ -29,14 +29,18 @@ There are a few modifications you should make in configuration.nix. Enable booting: ```nix -boot.loader.grub.device = "/dev/sda"; +{ + boot.loader.grub.device = "/dev/sda"; +} ``` Also remove the fsck that runs at startup. It will always fail to run, stopping your boot until you press `*`. ```nix -boot.initrd.checkJournalingFS = false; +{ + boot.initrd.checkJournalingFS = false; +} ``` Shared folders can be given a name and a path in the host system in the diff --git a/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md b/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md index 79cd4e55be5c..09338bf8723d 100644 --- a/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md +++ b/nixpkgs/nixos/doc/manual/installation/upgrading.chapter.md @@ -101,8 +101,10 @@ You can keep a NixOS system up-to-date automatically by adding the following to `configuration.nix`: ```nix -system.autoUpgrade.enable = true; -system.autoUpgrade.allowReboot = true; +{ + system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = true; +} ``` This enables a periodically executed systemd service named @@ -114,5 +116,7 @@ the new generation contains a different kernel, initrd or kernel modules. You can also specify a channel explicitly, e.g. ```nix -system.autoUpgrade.channel = "https://channels.nixos.org/nixos-23.11"; +{ + system.autoUpgrade.channel = "https://channels.nixos.org/nixos-23.11"; +} ``` diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1509.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-1509.section.md index f47d13008185..c2ac89a09518 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1509.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1509.section.md @@ -253,9 +253,9 @@ Installing Haskell _libraries_ this way, however, is no longer supported. See th { options = { - foo = mkOption { … }; + foo = mkOption { /* … */ }; }; - config = mkIf config.foo { … }; + config = mkIf config.foo { /* … */ }; } ``` @@ -268,9 +268,9 @@ Installing Haskell _libraries_ this way, however, is no longer supported. See th { options = { - foo = mkOption { option declaration }; + foo = mkOption { /* option declaration */ }; }; - config = mkIf config.foo { option definition }; + config = mkIf config.foo { /* option definition */ }; } ``` diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-1703.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-1703.section.md index b82c41e28ca3..e20d84d306e8 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-1703.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-1703.section.md @@ -246,7 +246,7 @@ When upgrading from a previous release, please be aware of the following incompa let pkgs = import <nixpkgs> {}; in - pkgs.overridePackages (self: super: ...) + pkgs.overridePackages (self: super: { /* ... */ }) ``` should be replaced by: @@ -255,7 +255,7 @@ When upgrading from a previous release, please be aware of the following incompa let pkgs = import <nixpkgs> {}; in - import pkgs.path { overlays = [(self: super: ...)]; } + import pkgs.path { overlays = [(self: super: { /* ... */ })]; } ``` - Autoloading connection tracking helpers is now disabled by default. This default was also changed in the Linux kernel and is considered insecure if not configured properly in your firewall. If you need connection tracking helpers (i.e. for active FTP) please enable `networking.firewall.autoLoadConntrackHelpers` and tune `networking.firewall.connectionTrackingModules` to suit your needs. diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.section.md index eac02a8ff445..900c20dbe717 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2009.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2009.section.md @@ -334,22 +334,18 @@ When upgrading from a previous release, please be aware of the following incompa - The remaining configuration flags can now be set directly on the `php` attribute. For example, instead of ```nix - { - php.override { - config.php.embed = true; - config.php.apxs2 = false; - } + php.override { + config.php.embed = true; + config.php.apxs2 = false; } ``` you should now write ```nix - { - php.override { - embedSupport = true; - apxs2Support = false; - } + php.override { + embedSupport = true; + apxs2Support = false; } ``` @@ -383,9 +379,10 @@ When upgrading from a previous release, please be aware of the following incompa { specialisation.example-sub-configuration = { configuration = { - ... + # ... }; - }; + }; + } ``` Replace a `nesting.children` entry with: @@ -395,9 +392,10 @@ When upgrading from a previous release, please be aware of the following incompa specialisation.example-sub-configuration = { inheritParentConfig = false; configuration = { - ... + # ... }; - }; + }; + } ``` To switch to a specialised configuration at runtime you need to run: @@ -469,7 +467,7 @@ When upgrading from a previous release, please be aware of the following incompa services.bitcoind = { enable = true; extraConfig = "..."; - ... + # ... }; } ``` @@ -483,7 +481,7 @@ When upgrading from a previous release, please be aware of the following incompa dataDir = "/var/lib/bitcoind"; user = "bitcoin"; extraConfig = "..."; - ... + # ... }; } ``` @@ -502,7 +500,7 @@ When upgrading from a previous release, please be aware of the following incompa { services.dokuwiki = { enable = true; - ... + # ... }; } ``` @@ -517,7 +515,7 @@ When upgrading from a previous release, please be aware of the following incompa forceSSL = true; enableACME = true; }; - ... + # ... }; } ``` diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md index 6f5a807f478a..3a2c70fb7a31 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2205.section.md @@ -462,6 +462,7 @@ In addition to numerous new and upgraded packages, this release has the followin Before: ```nix + { services.keycloak = { enable = true; httpPort = "8080"; @@ -471,10 +472,12 @@ In addition to numerous new and upgraded packages, this release has the followin "subsystem=undertow"."server=default-server"."http-listener=default".proxy-address-forwarding = true; }; }; + } ``` After: ```nix + { services.keycloak = { enable = true; settings = { @@ -485,6 +488,7 @@ In addition to numerous new and upgraded packages, this release has the followin }; database.passwordFile = "/run/keys/db_password"; }; + } ``` - The MoinMoin wiki engine (`services.moinmoin`) has been removed, because Python 2 is being retired from nixpkgs. diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2211.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2211.section.md index 1c73d0c9790d..77cb6c9baadb 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2211.section.md @@ -254,10 +254,12 @@ In addition to numerous new and upgraded packages, this release includes the fol - `services.github-runner` and `services.github-runners.<name>` gained the option `serviceOverrides` which allows overriding the systemd `serviceConfig`. If you have been overriding the systemd service configuration (i.e., by defining `systemd.services.github-runner.serviceConfig`), you have to use the `serviceOverrides` option now. Example: - ``` - services.github-runner.serviceOverrides.SupplementaryGroups = [ - "docker" - ]; + ```nix + { + services.github-runner.serviceOverrides.SupplementaryGroups = [ + "docker" + ]; + } ``` <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md index 21c798b3b4a4..ce874a6e0b2d 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2305.section.md @@ -25,7 +25,9 @@ In addition to numerous new and updated packages, this release has the following - NixOS now defaults to using [nsncd](https://github.com/twosigma/nsncd), a non-caching reimplementation of nscd in Rust, as its NSS lookup dispatcher. This replaces the buggy and deprecated nscd implementation provided through glibc. When you find problems, you can switch back by disabling it: ```nix - services.nscd.enableNsncd = false; + { + services.nscd.enableNsncd = false; + } ``` - The internal option `boot.bootspec.enable` is now enabled by default because [RFC 0125](https://github.com/NixOS/rfcs/pull/125) was merged. This means you will have a bootspec document called `boot.json` generated for each system and specialisation in the top-level. This is useful to enable advanced boot use cases in NixOS, such as Secure Boot. @@ -190,11 +192,13 @@ In addition to numerous new and updated packages, this release has the following - MAC-then-encrypt algorithms were removed from the default selection of `services.openssh.settings.Macs`. If you still require these [MACs](https://en.wikipedia.org/wiki/Message_authentication_code), for example when you are relying on libssh2 (e.g. VLC) or the SSH library shipped on the iPhone, you can re-add them like this: ```nix - services.openssh.settings.Macs = [ - "hmac-sha2-512" - "hmac-sha2-256" - "umac-128@openssh.com" - ]; + { + services.openssh.settings.Macs = [ + "hmac-sha2-512" + "hmac-sha2-256" + "umac-128@openssh.com" + ]; + } ``` - `podman` now uses the `netavark` network stack. Users will need to delete all of their local containers, images, volumes, etc, by running `podman system reset --force` once before upgrading their systems. @@ -227,21 +231,25 @@ In addition to numerous new and updated packages, this release has the following - The attributes used by `services.snapper.configs.<name>` have changed. Migrate from this: ```nix - services.snapper.configs.example = { - subvolume = "/example"; - extraConfig = '' - ALLOW_USERS="alice" - ''; - }; + { + services.snapper.configs.example = { + subvolume = "/example"; + extraConfig = '' + ALLOW_USERS="alice" + ''; + }; + } ``` to this: ```nix - services.snapper.configs.example = { - SUBVOLUME = "/example"; - ALLOW_USERS = [ "alice" ]; - }; + { + services.snapper.configs.example = { + SUBVOLUME = "/example"; + ALLOW_USERS = [ "alice" ]; + }; + } ``` - The default module options for [services.snapserver.openFirewall](#opt-services.snapserver.openFirewall), [services.tmate-ssh-server.openFirewall](#opt-services.tmate-ssh-server.openFirewall) and [services.unifi-video.openFirewall](#opt-services.unifi-video.openFirewall) have been changed from `true` to `false`. You will need to explicitly set this option to `true`, or configure your firewall. @@ -446,15 +454,17 @@ In addition to numerous new and updated packages, this release has the following - NixOS swap partitions with random encryption can now control the sector size, cipher, and key size used to set up the plain encryption device over the underlying block device rather than allowing them to be determined by `cryptsetup(8)`. One can use these features like so: ```nix - swapDevices = [ { - device = "/dev/disk/by-partlabel/swapspace"; - randomEncryption = { - enable = true; - cipher = "aes-xts-plain64"; - keySize = 512; - sectorSize = 4096; - }; - } ]; + { + swapDevices = [ { + device = "/dev/disk/by-partlabel/swapspace"; + randomEncryption = { + enable = true; + cipher = "aes-xts-plain64"; + keySize = 512; + sectorSize = 4096; + }; + } ]; + } ``` - New option `security.pam.zfs` to enable unlocking and mounting of encrypted ZFS home dataset at login. @@ -465,7 +475,9 @@ In addition to numerous new and updated packages, this release has the following - PostgreSQL has added opt-in support for [JIT compilation](https://www.postgresql.org/docs/current/jit-reason.html). It can be enabled like this: ```nix - services.postgresql.enableJIT = true; + { + services.postgresql.enableJIT = true; + } ``` - `services.netdata` offers a [`services.netdata.deadlineBeforeStopSec`](#opt-services.netdata.deadlineBeforeStopSec) option which will control the deadline (in seconds) after which systemd will consider your netdata instance as dead if it didn't start in the elapsed time. It is helpful when your netdata instance takes longer to start because of a large amount of state or upgrades. diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md index 1aef1828908f..5313f04cb789 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2311.section.md @@ -700,11 +700,13 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 will probably be removed eventually. ```nix - qt = { - enable = true; - platformTheme = "gnome"; - style = "adwaita"; - }; + { + qt = { + enable = true; + platformTheme = "gnome"; + style = "adwaita"; + }; + } ``` - DocBook option documentation is no longer supported, all module documentation @@ -885,11 +887,13 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 to a compatible major version, so they can move at their own pace. ```nix - python = python3.override { - packageOverrides = self: super: { - django = super.django_3; + { + python = python3.override { + packageOverrides = self: super: { + django = super.django_3; + }; }; - }; + } ``` - The `qemu-vm.nix` module by default now identifies block devices via @@ -1228,16 +1232,18 @@ Make sure to also check the many updates in the [Nixpkgs library](#sec-release-2 - CoreDNS may be built with external plugins now. This may be done by overriding `externalPlugins` and `vendorHash` arguments like this: - ``` - services.coredns = { - enable = true; - package = pkgs.coredns.override { - externalPlugins = [ - {name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";} - ]; - vendorHash = "<SRI hash>"; + ```nix + { + services.coredns = { + enable = true; + package = pkgs.coredns.override { + externalPlugins = [ + {name = "fanout"; repo = "github.com/networkservicemesh/fanout"; version = "v1.9.1";} + ]; + vendorHash = "<SRI hash>"; + }; }; - }; + } ``` To get the necessary SRI hash, set `vendorHash = "";`. The build will fail diff --git a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md index 19ff6f4485cd..2909c40fa291 100644 --- a/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md +++ b/nixpkgs/nixos/doc/manual/release-notes/rl-2405.section.md @@ -32,6 +32,11 @@ In addition to numerous new and upgraded packages, this release has the followin - Julia environments can now be built with arbitrary packages from the ecosystem using the `.withPackages` function. For example: `julia.withPackages ["Plots"]`. +- The PipeWire and WirePlumber modules have removed support for using +`environment.etc."pipewire/..."` and `environment.etc."wireplumber/..."`. +Use `services.pipewire.extraConfig` or `services.pipewire.configPackages` for PipeWire and +`services.pipewire.wireplumber.configPackages` for WirePlumber instead." + - A new option `systemd.sysusers.enable` was added. If enabled, users and groups are created with systemd-sysusers instead of with a custom perl script. @@ -52,7 +57,7 @@ In addition to numerous new and upgraded packages, this release has the followin without perl). Previously, the NixOS activation depended on two perl scripts which can now be replaced via an opt-in mechanism. To make your system perlless, you can use the new perlless profile: - ``` + ```nix { modulesPath, ... }: { imports = [ "${modulesPath}/profiles/perlless.nix" ]; } @@ -68,6 +73,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [Guix](https://guix.gnu.org), a functional package manager inspired by Nix. Available as [services.guix](#opt-services.guix.enable). +- [PhotonVision](https://photonvision.org/), a free, fast, and easy-to-use computer vision solution for the FIRST® Robotics Competition. + - [pyLoad](https://pyload.net/), a FOSS download manager written in Python. Available as [services.pyload](#opt-services.pyload.enable) - [maubot](https://github.com/maubot/maubot), a plugin-based Matrix bot framework. Available as [services.maubot](#opt-services.maubot.enable). @@ -78,6 +85,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [pretalx](https://github.com/pretalx/pretalx), a conference planning tool. Available as [services.pretalx](#opt-services.pretalx.enable). +- [dnsproxy](https://github.com/AdguardTeam/dnsproxy), a simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support. Available as [services.dnsproxy](#opt-services.dnsproxy.enable). + - [rspamd-trainer](https://gitlab.com/onlime/rspamd-trainer), script triggered by a helper which reads mails from a specific mail inbox and feeds them into rspamd for spam/ham training. - [ollama](https://ollama.ai), server for running large language models locally. @@ -95,6 +104,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [transfer-sh](https://github.com/dutchcoders/transfer.sh), a tool that supports easy and fast file sharing from the command-line. Available as [services.transfer-sh](#opt-services.transfer-sh.enable). +- [MollySocket](https://github.com/mollyim/mollysocket) which allows getting Signal notifications via UnifiedPush. + - [Suwayomi Server](https://github.com/Suwayomi/Suwayomi-Server), a free and open source manga reader server that runs extensions built for [Tachiyomi](https://tachiyomi.org). Available as [services.suwayomi-server](#opt-services.suwayomi-server.enable). - [ping_exporter](https://github.com/czerwonk/ping_exporter), a Prometheus exporter for ICMP echo requests. Available as [services.prometheus.exporters.ping](#opt-services.prometheus.exporters.ping.enable). @@ -107,6 +118,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - [Pretix](https://pretix.eu/about/en/), an open source ticketing software for events. Available as [services.pretix]($opt-services-pretix.enable). +- [microsocks](https://github.com/rofl0r/microsocks), a tiny, portable SOCKS5 server with very moderate resource usage. Available as [services.microsocks]($opt-services-microsocks.enable). + - [Clevis](https://github.com/latchset/clevis), a pluggable framework for automated decryption, used to unlock encrypted devices in initrd. Available as [boot.initrd.clevis.enable](#opt-boot.initrd.clevis.enable). - [fritz-exporter](https://github.com/pdreker/fritz_exporter), a Prometheus exporter for extracting metrics from [FRITZ!](https://avm.de/produkte/) devices. Available as [services.prometheus.exporters.fritz](#opt-services.prometheus.exporters.fritz.enable). @@ -135,6 +148,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `power.ups` module now generates `upsd.conf`, `upsd.users` and `upsmon.conf` automatically from a set of new configuration options. This breaks compatibility with existing `power.ups` setups where these files were created manually. Back up these files before upgrading NixOS. +- `programs.nix-ld.libraries` no longer sets `baseLibraries` via the option's default but in config and now merges any additional libraries with the default ones. + This means that `lib.mkForce` must be used to clear the list of default libraries. + - `pdns` was updated to version [v4.9.x](https://doc.powerdns.com/authoritative/changelog/4.9.html), which introduces breaking changes. Check out the [Upgrade Notes](https://doc.powerdns.com/authoritative/upgrading.html#to-4-9-0) for details. - `unrar` was updated to v7. See [changelog](https://www.rarlab.com/unrar7notes.htm) for more information. @@ -175,6 +191,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m "mysecret"` becomes `services.aria2.rpcSecretFile = "/path/to/secret_file"` where the file `secret_file` contains the string `mysecret`. +- `buildGoModule` now throws error when `vendorHash` is not specified. `vendorSha256`, deprecated in Nixpkgs 23.11, is now ignored and is no longer a `vendorHash` alias. + - Invidious has changed its default database username from `kemal` to `invidious`. Setups involving an externally provisioned database (i.e. `services.invidious.database.createLocally == false`) should adjust their configuration accordingly. The old `kemal` user will not be removed automatically even when the database is provisioned automatically.(https://github.com/NixOS/nixpkgs/pull/265857) - `writeReferencesToFile` is deprecated in favour of the new trivial build helper `writeClosure`. The latter accepts a list of paths and has an unambiguous name and cleaner implementation. @@ -209,13 +227,14 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m Example: ```nix + { locations."/".extraConfig = '' add_header Alt-Svc 'h3=":$server_port"; ma=86400'; ''; locations."^~ /assets/".extraConfig = '' add_header Alt-Svc 'h3=":$server_port"; ma=86400'; ''; - + } ``` - The package `optparse-bash` is now dropped due to upstream inactivity. Alternatives available in Nixpkgs include [`argc`](https://github.com/sigoden/argc), [`argbash`](https://github.com/matejak/argbash), [`bashly`](https://github.com/DannyBen/bashly) and [`gum`](https://github.com/charmbracelet/gum), to name a few. @@ -326,6 +345,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The `erlang_node_short_name`, `erlang_node_name`, `port` and `options` configuration parameters are gone, and have been replaced with an `environment` parameter. Use the appropriate [environment variables](https://hexdocs.pm/livebook/readme.html#environment-variables) inside `environment` to configure the service instead. +- The `crystal` package has been updated to 1.11.x, which has some breaking changes. + Refer to crystal's changelog for more information. ([v1.10](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1100-2023-10-09), [v1.11](https://github.com/crystal-lang/crystal/blob/master/CHANGELOG.md#1110-2024-01-08)) + ## Other Notable Changes {#sec-release-24.05-notable-changes} <!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. --> @@ -351,6 +373,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The Matrix homeserver [Synapse](https://element-hq.github.io/synapse/) module now supports configuring UNIX domain socket [listeners](#opt-services.matrix-synapse.settings.listeners) through the `path` option. The default replication worker on the main instance has been migrated away from TCP sockets to UNIX domain sockets. +- The initrd ssh daemon module got a new option to add authorized keys via a list of files using `boot.initrd.network.ssh.authorizedKeyFiles`. + - Programs written in [Nim](https://nim-lang.org/) are built with libraries selected by lockfiles. The `nimPackages` and `nim2Packages` sets have been removed. See https://nixos.org/manual/nixpkgs/unstable#nim for more information. @@ -432,6 +456,10 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - `nextcloud-setup.service` no longer changes the group of each file & directory inside `/var/lib/nextcloud/{config,data,store-apps}` if one of these directories has the wrong owner group. This was part of transitioning the group used for `/var/lib/nextcloud`, but isn't necessary anymore. +- `services.kavita` now uses the freeform option `services.kavita.settings` for the application settings file. + The options `services.kavita.ipAdresses` and `services.kavita.port` now exist at `services.kavita.settings.IpAddresses` + and `services.kavita.settings.IpAddresses`. + - The `krb5` module has been rewritten and moved to `security.krb5`, moving all options but `security.krb5.enable` and `security.krb5.package` into `security.krb5.settings`. - Gitea 1.21 upgrade has several breaking changes, including: @@ -446,6 +474,12 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m - The module `services.github-runner` has been removed. To configure a single GitHub Actions Runner refer to `services.github-runners.*`. Note that this will trigger a new runner registration. +- The `services.slskd` has been refactored to include more configuation options in + the freeform `services.slskd.settings` option, and some defaults (including listen ports) + have been changed to match the upstream defaults. Additionally, disk logging is now + disabled by default, and the log rotation timer has been removed. + The nginx virtualhost option is now of the `vhost-options` type. + - The `btrbk` module now automatically selects and provides required compression program depending on the configured `stream_compress` option. Since this replaces the need for the `extraPackages` option, this option will be |