diff options
Diffstat (limited to 'nixos/modules/system')
39 files changed, 478 insertions, 474 deletions
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index c04d0fc16b24..88b3ac1d18e8 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -123,12 +123,12 @@ in } ''; - description = '' + description = lib.mdDoc '' A set of shell script fragments that are executed when a NixOS system configuration is activated. Examples are updating /etc, creating accounts, and so on. Since these are executed every time you boot the system or run - <command>nixos-rebuild</command>, it's important that they are + {command}`nixos-rebuild`, it's important that they are idempotent and fast. ''; @@ -159,12 +159,12 @@ in } ''; - description = '' + description = lib.mdDoc '' A set of shell script fragments that are executed by a systemd user service when a NixOS system configuration is activated. Examples are rebuilding the .desktop file cache for showing applications in the menu. Since these are executed every time you run - <command>nixos-rebuild</command>, it's important that they are + {command}`nixos-rebuild`, it's important that they are idempotent and fast. ''; diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix index 84f560691fc4..87ff1d97d8fa 100644 --- a/nixos/modules/system/activation/top-level.nix +++ b/nixos/modules/system/activation/top-level.nix @@ -335,7 +335,7 @@ in ''; description = '' The name of the system used in the <option>system.build.toplevel</option> derivation. - </para><para> + That derivation has the following name: <literal>"nixos-system-''${config.system.name}-''${config.system.nixos.label}"</literal> ''; diff --git a/nixos/modules/system/boot/binfmt.nix b/nixos/modules/system/boot/binfmt.nix index 33748358e45b..4d95af61ac94 100644 --- a/nixos/modules/system/boot/binfmt.nix +++ b/nixos/modules/system/boot/binfmt.nix @@ -153,7 +153,7 @@ in { registrations = mkOption { default = {}; - description = '' + description = lib.mdDoc '' Extra binary formats to register with the kernel. See https://www.kernel.org/doc/html/latest/admin-guide/binfmt-misc.html for more details. ''; @@ -162,30 +162,30 @@ in { options = { recognitionType = mkOption { default = "magic"; - description = "Whether to recognize executables by magic number or extension."; + description = lib.mdDoc "Whether to recognize executables by magic number or extension."; type = types.enum [ "magic" "extension" ]; }; offset = mkOption { default = null; - description = "The byte offset of the magic number used for recognition."; + description = lib.mdDoc "The byte offset of the magic number used for recognition."; type = types.nullOr types.int; }; magicOrExtension = mkOption { - description = "The magic number or extension to match on."; + description = lib.mdDoc "The magic number or extension to match on."; type = types.str; }; mask = mkOption { default = null; description = - "A mask to be ANDed with the byte sequence of the file before matching"; + lib.mdDoc "A mask to be ANDed with the byte sequence of the file before matching"; type = types.nullOr types.str; }; interpreter = mkOption { - description = '' + description = lib.mdDoc '' The interpreter to invoke to run the program. Note that the actual registration will point to @@ -197,7 +197,7 @@ in { preserveArgvZero = mkOption { default = false; - description = '' + description = lib.mdDoc '' Whether to pass the original argv[0] to the interpreter. See the description of the 'P' flag in the kernel docs @@ -208,7 +208,7 @@ in { openBinary = mkOption { default = config.matchCredentials; - description = '' + description = lib.mdDoc '' Whether to pass the binary to the interpreter as an open file descriptor, instead of a path. ''; @@ -217,7 +217,7 @@ in { matchCredentials = mkOption { default = false; - description = '' + description = lib.mdDoc '' Whether to launch with the credentials and security token of the binary, not the interpreter (e.g. setuid bit). @@ -232,7 +232,7 @@ in { fixBinary = mkOption { default = false; - description = '' + description = lib.mdDoc '' Whether to open the interpreter file as soon as the registration is loaded, rather than waiting for a relevant file to be invoked. @@ -245,7 +245,7 @@ in { wrapInterpreterInShell = mkOption { default = true; - description = '' + description = lib.mdDoc '' Whether to wrap the interpreter in a shell script. This allows a shell command to be set as the interpreter. @@ -268,7 +268,7 @@ in { emulatedSystems = mkOption { default = []; example = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" ]; - description = '' + description = lib.mdDoc '' List of systems to emulate. Will also configure Nix to support your new systems. Warning: the builder can execute all emulated systems within the same build, which introduces impurities in the case of cross compilation. diff --git a/nixos/modules/system/boot/emergency-mode.nix b/nixos/modules/system/boot/emergency-mode.nix index ec697bcee268..a2163aa5ffb3 100644 --- a/nixos/modules/system/boot/emergency-mode.nix +++ b/nixos/modules/system/boot/emergency-mode.nix @@ -11,9 +11,9 @@ with lib; systemd.enableEmergencyMode = mkOption { default = true; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable emergency mode, which is an - <command>sulogin</command> shell started on the console if + {command}`sulogin` shell started on the console if mounting a filesystem fails. Since some machines (like EC2 instances) have no console of any kind, emergency mode doesn't make sense, and it's better to continue with the boot insofar diff --git a/nixos/modules/system/boot/initrd-network.nix b/nixos/modules/system/boot/initrd-network.nix index 2a7417ed3715..a1017c3e2420 100644 --- a/nixos/modules/system/boot/initrd-network.nix +++ b/nixos/modules/system/boot/initrd-network.nix @@ -50,18 +50,17 @@ in boot.initrd.network.enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Add network connectivity support to initrd. The network may be - configured using the <literal>ip</literal> kernel parameter, - as described in <link - xlink:href="https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt">the - kernel documentation</link>. Otherwise, if - <option>networking.useDHCP</option> is enabled, an IP address + configured using the `ip` kernel parameter, + as described in [the kernel documentation](https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt). + Otherwise, if + {option}`networking.useDHCP` is enabled, an IP address is acquired using DHCP. You should add the module(s) required for your network card to boot.initrd.availableKernelModules. - <literal>lspci -v | grep -iA8 'network\|ethernet'</literal> + `lspci -v | grep -iA8 'network\|ethernet'` will tell you which. ''; }; @@ -69,7 +68,7 @@ in boot.initrd.network.flushBeforeStage2 = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Whether to clear the configuration of the interfaces that were set up in the initrd right before stage 2 takes over. Stage 2 will do the regular network configuration based on the NixOS networking options. @@ -79,9 +78,9 @@ in boot.initrd.network.udhcpc.extraArgs = mkOption { default = []; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' Additional command-line arguments passed verbatim to udhcpc if - <option>boot.initrd.network.enable</option> and <option>networking.useDHCP</option> + {option}`boot.initrd.network.enable` and {option}`networking.useDHCP` are enabled. ''; }; @@ -89,7 +88,7 @@ in boot.initrd.network.postCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed after stage 1 of the boot has initialised the network. ''; diff --git a/nixos/modules/system/boot/initrd-openvpn.nix b/nixos/modules/system/boot/initrd-openvpn.nix index 9b52d4bbdb1e..9f476e07208a 100644 --- a/nixos/modules/system/boot/initrd-openvpn.nix +++ b/nixos/modules/system/boot/initrd-openvpn.nix @@ -15,10 +15,10 @@ in boot.initrd.network.openvpn.enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Starts an OpenVPN client during initrd boot. It can be used to e.g. remotely accessing the SSH service controlled by - <option>boot.initrd.network.ssh</option> or other network services + {option}`boot.initrd.network.ssh` or other network services included. Service is killed when stage-1 boot is finished. ''; }; diff --git a/nixos/modules/system/boot/initrd-ssh.nix b/nixos/modules/system/boot/initrd-ssh.nix index 0999142de86e..265399e562fc 100644 --- a/nixos/modules/system/boot/initrd-ssh.nix +++ b/nixos/modules/system/boot/initrd-ssh.nix @@ -14,20 +14,20 @@ in enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Start SSH service during initrd boot. It can be used to debug failing boot on a remote server, enter pasphrase for an encrypted partition etc. Service is killed when stage-1 boot is finished. The sshd configuration is largely inherited from - <option>services.openssh</option>. + {option}`services.openssh`. ''; }; port = mkOption { type = types.int; default = 22; - description = '' + description = lib.mdDoc '' Port on which SSH initrd service should listen. ''; }; @@ -35,7 +35,7 @@ in shell = mkOption { type = types.str; default = "/bin/ash"; - description = '' + description = lib.mdDoc '' Login shell of the remote user. Can be used to limit actions user can do. ''; }; @@ -79,7 +79,7 @@ in type = types.listOf types.str; default = config.users.users.root.openssh.authorizedKeys.keys; defaultText = literalExpression "config.users.users.root.openssh.authorizedKeys.keys"; - description = '' + description = lib.mdDoc '' Authorized keys for the root user on initrd. ''; }; @@ -87,7 +87,7 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = "Verbatim contents of <filename>sshd_config</filename>."; + description = lib.mdDoc "Verbatim contents of {file}`sshd_config`."; }; }; diff --git a/nixos/modules/system/boot/kernel.nix b/nixos/modules/system/boot/kernel.nix index b2c92a85f7ab..33e9eca62b07 100644 --- a/nixos/modules/system/boot/kernel.nix +++ b/nixos/modules/system/boot/kernel.nix @@ -66,7 +66,7 @@ in type = types.listOf types.attrs; default = []; example = literalExpression "[ pkgs.kernelPatches.ubuntu_fan_4_4 ]"; - description = "A list of additional patches to apply to the kernel."; + description = lib.mdDoc "A list of additional patches to apply to the kernel."; }; boot.kernel.randstructSeed = mkOption { @@ -88,14 +88,14 @@ in description = "string, with spaces inside double quotes"; }); default = [ ]; - description = "Parameters added to the kernel command line."; + description = lib.mdDoc "Parameters added to the kernel command line."; }; boot.consoleLogLevel = mkOption { type = types.int; default = 4; - description = '' - The kernel console <literal>loglevel</literal>. All Kernel Messages with a log level smaller + description = lib.mdDoc '' + The kernel console `loglevel`. All Kernel Messages with a log level smaller than this setting will be printed to the console. ''; }; @@ -103,11 +103,11 @@ in boot.vesa = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' (Deprecated) This option, if set, activates the VESA 800x600 video mode on boot and disables kernel modesetting. It is equivalent to - specifying <literal>[ "vga=0x317" "nomodeset" ]</literal> in the - <option>boot.kernelParams</option> option. This option is + specifying `[ "vga=0x317" "nomodeset" ]` in the + {option}`boot.kernelParams` option. This option is deprecated as of 2020: Xorg now works better with modesetting, and you might want a different VESA vga setting, anyway. ''; @@ -117,18 +117,18 @@ in type = types.listOf types.package; default = []; example = literalExpression "[ config.boot.kernelPackages.nvidia_x11 ]"; - description = "A list of additional packages supplying kernel modules."; + description = lib.mdDoc "A list of additional packages supplying kernel modules."; }; boot.kernelModules = mkOption { type = types.listOf types.str; default = []; - description = '' + description = lib.mdDoc '' The set of kernel modules to be loaded in the second stage of the boot process. Note that modules that are needed to mount the root file system should be added to - <option>boot.initrd.availableKernelModules</option> or - <option>boot.initrd.kernelModules</option>. + {option}`boot.initrd.availableKernelModules` or + {option}`boot.initrd.kernelModules`. ''; }; @@ -136,7 +136,7 @@ in type = types.listOf types.str; default = []; example = [ "sata_nv" "ext3" ]; - description = '' + description = lib.mdDoc '' The set of kernel modules in the initial ramdisk used during the boot process. This set must include all modules necessary for mounting the root device. That is, it should include modules @@ -149,23 +149,23 @@ in loaded automatically when an ext3 filesystem is mounted, and modules for PCI devices are loaded when they match the PCI ID of a device in your system). To force a module to be loaded, - include it in <option>boot.initrd.kernelModules</option>. + include it in {option}`boot.initrd.kernelModules`. ''; }; boot.initrd.kernelModules = mkOption { type = types.listOf types.str; default = []; - description = "List of modules that are always loaded by the initrd."; + description = lib.mdDoc "List of modules that are always loaded by the initrd."; }; boot.initrd.includeDefaultModules = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' This option, if set, adds a collection of default kernel modules - to <option>boot.initrd.availableKernelModules</option> and - <option>boot.initrd.kernelModules</option>. + to {option}`boot.initrd.availableKernelModules` and + {option}`boot.initrd.kernelModules`. ''; }; diff --git a/nixos/modules/system/boot/kernel_config.nix b/nixos/modules/system/boot/kernel_config.nix index 495fe74bc21e..448835c3e625 100644 --- a/nixos/modules/system/boot/kernel_config.nix +++ b/nixos/modules/system/boot/kernel_config.nix @@ -25,7 +25,7 @@ let }; default = null; example = ''MMC_BLOCK_MINORS.freeform = "32";''; - description = '' + description = lib.mdDoc '' Freeform description of a kernel configuration item value. ''; }; @@ -33,7 +33,7 @@ let optional = mkOption { type = types.bool // { merge = mergeFalseByDefault; }; default = false; - description = '' + description = lib.mdDoc '' Whether option should generate a failure when unused. Upon merging values, mandatory wins over optional. ''; @@ -105,7 +105,7 @@ in USB = option yes; MMC_BLOCK_MINORS = freeform "32"; }''; - description = '' + description = lib.mdDoc '' Structured kernel configuration. ''; }; diff --git a/nixos/modules/system/boot/loader/efi.nix b/nixos/modules/system/boot/loader/efi.nix index 6043c904c450..2661f362249d 100644 --- a/nixos/modules/system/boot/loader/efi.nix +++ b/nixos/modules/system/boot/loader/efi.nix @@ -8,13 +8,13 @@ with lib; canTouchEfiVariables = mkOption { default = false; type = types.bool; - description = "Whether the installation process is allowed to modify EFI boot variables."; + description = lib.mdDoc "Whether the installation process is allowed to modify EFI boot variables."; }; efiSysMountPoint = mkOption { default = "/boot"; type = types.str; - description = "Where the EFI System Partition is mounted."; + description = lib.mdDoc "Where the EFI System Partition is mounted."; }; }; } diff --git a/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix index 1437ab387700..5ace5dd06fd4 100644 --- a/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix +++ b/nixos/modules/system/boot/loader/generations-dir/generations-dir.nix @@ -22,11 +22,11 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to create symlinks to the system generations under - <literal>/boot</literal>. When enabled, - <literal>/boot/default/kernel</literal>, - <literal>/boot/default/initrd</literal>, etc., are updated to + `/boot`. When enabled, + `/boot/default/kernel`, + `/boot/default/initrd`, etc., are updated to point to the current generation's kernel image, initial RAM disk, and other bootstrap files. @@ -41,7 +41,7 @@ in copyKernels = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether copy the necessary boot files into /boot, so /nix/store is not needed by the boot loader. ''; diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix index 1f915d1f419c..1ad7cd810948 100644 --- a/nixos/modules/system/boot/loader/grub/grub.nix +++ b/nixos/modules/system/boot/loader/grub/grub.nix @@ -103,7 +103,7 @@ in default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable the GNU GRUB boot loader. ''; }; @@ -112,9 +112,9 @@ in default = 2; example = 1; type = types.int; - description = '' - The version of GRUB to use: <literal>1</literal> for GRUB - Legacy (versions 0.9x), or <literal>2</literal> (the + description = lib.mdDoc '' + The version of GRUB to use: `1` for GRUB + Legacy (versions 0.9x), or `2` (the default) for GRUB 2. ''; }; @@ -123,12 +123,12 @@ in default = ""; example = "/dev/disk/by-id/wwn-0x500001234567890a"; type = types.str; - description = '' + description = lib.mdDoc '' The device on which the GRUB boot loader will be installed. - The special value <literal>nodev</literal> means that a GRUB + The special value `nodev` means that a GRUB boot menu will be generated, but GRUB itself will not actually be installed. To install GRUB on multiple devices, - use <literal>boot.loader.grub.devices</literal>. + use `boot.loader.grub.devices`. ''; }; @@ -136,9 +136,9 @@ in default = []; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' The devices on which the boot loader, GRUB, will be - installed. Can be used instead of <literal>device</literal> to + installed. Can be used instead of `device` to install GRUB onto multiple devices. ''; }; @@ -148,7 +148,7 @@ in example = { root = { hashedPasswordFile = "/path/to/file"; }; }; - description = '' + description = lib.mdDoc '' User accounts for GRUB. When specified, the GRUB command line and all boot options except the default are password-protected. All passwords and hashes provided will be stored in /boot/grub/grub.cfg, @@ -163,7 +163,7 @@ in example = "/path/to/file"; default = null; type = with types; uniq (nullOr str); - description = '' + description = lib.mdDoc '' Specifies the path to a file containing the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be stored in /boot/grub/grub.cfg, and will @@ -174,7 +174,7 @@ in example = "grub.pbkdf2.sha512.10000.674DFFDEF76E13EA...2CC972B102CF4355"; default = null; type = with types; uniq (nullOr str); - description = '' + description = lib.mdDoc '' Specifies the password hash for the account, generated with grub-mkpasswd-pbkdf2. This hash will be copied to the Nix store, and will be visible to all local users. @@ -184,7 +184,7 @@ in example = "/path/to/file"; default = null; type = with types; uniq (nullOr str); - description = '' + description = lib.mdDoc '' Specifies the path to a file containing the clear text password for the account. This password will be stored in /boot/grub/grub.cfg, and will @@ -195,7 +195,7 @@ in example = "Pa$$w0rd!"; default = null; type = with types; uniq (nullOr str); - description = '' + description = lib.mdDoc '' Specifies the clear text password for the account. This password will be copied to the Nix store, and will be visible to all local users. ''; @@ -210,7 +210,7 @@ in { path = "/boot1"; devices = [ "/dev/disk/by-id/wwn-0x500001234567890a" ]; } { path = "/boot2"; devices = [ "/dev/disk/by-id/wwn-0x500009876543210a" ]; } ]; - description = '' + description = lib.mdDoc '' Mirror the boot configuration to multiple partitions and install grub to the respective devices corresponding to those partitions. ''; @@ -221,7 +221,7 @@ in path = mkOption { example = "/boot1"; type = types.str; - description = '' + description = lib.mdDoc '' The path to the boot directory where GRUB will be written. Generally this boot path should double as an EFI path. ''; @@ -231,7 +231,7 @@ in default = null; example = "/boot1/efi"; type = types.nullOr types.str; - description = '' + description = lib.mdDoc '' The path to the efi system mount point. Usually this is the same partition as the above path and can be left as null. ''; @@ -241,10 +241,10 @@ in default = null; example = "NixOS-fsid"; type = types.nullOr types.str; - description = '' + description = lib.mdDoc '' The id of the bootloader to store in efi nvram. The default is to name it NixOS and append the path or efiSysMountPoint. - This is only used if <literal>boot.loader.efi.canTouchEfiVariables</literal> is true. + This is only used if `boot.loader.efi.canTouchEfiVariables` is true. ''; }; @@ -252,7 +252,7 @@ in default = [ ]; example = [ "/dev/disk/by-id/wwn-0x500001234567890a" "/dev/disk/by-id/wwn-0x500009876543210a" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' The path to the devices which will have the GRUB MBR written. Note these are typically device paths and not paths to partitions. ''; @@ -266,7 +266,7 @@ in default = ""; example = "Stable 2.6.21"; type = types.str; - description = '' + description = lib.mdDoc '' GRUB entry name instead of default. ''; }; @@ -274,7 +274,7 @@ in storePath = mkOption { default = "/nix/store"; type = types.str; - description = '' + description = lib.mdDoc '' Path to the Nix store when looking for kernels at boot. Only makes sense when copyKernels is false. ''; @@ -283,7 +283,7 @@ in extraPrepareConfig = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Additional bash commands to be run at the script that prepares the GRUB menu entries. ''; @@ -297,7 +297,7 @@ in terminal_output --append serial ''; type = types.lines; - description = '' + description = lib.mdDoc '' Additional GRUB commands inserted in the configuration file just before the menu entries. ''; @@ -307,26 +307,26 @@ in default = [ ]; example = [ "--modules=nativedisk ahci pata part_gpt part_msdos diskfilter mdraid1x lvm ext2" ]; type = types.listOf types.str; - description = '' - Additional arguments passed to <literal>grub-install</literal>. + description = lib.mdDoc '' + Additional arguments passed to `grub-install`. A use case for this is to build specific GRUB2 modules directly into the GRUB2 kernel image, so that they are available - and activated even in the <literal>grub rescue</literal> shell. + and activated even in the `grub rescue` shell. They are also necessary when the BIOS/UEFI is bugged and cannot correctly read large disks (e.g. above 2 TB), so GRUB2's own - <literal>nativedisk</literal> and related modules can be used + `nativedisk` and related modules can be used to use its own disk drivers. The example shows one such case. This is also useful for booting from USB. See the - <link xlink:href="http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326"> + [ GRUB source code - </link> + ](http://git.savannah.gnu.org/cgit/grub.git/tree/grub-core/commands/nativedisk.c?h=grub-2.04#n326) for which disk modules are available. - The list elements are passed directly as <literal>argv</literal> - arguments to the <literal>grub-install</literal> program, in order. + The list elements are passed directly as `argv` + arguments to the `grub-install` program, in order. ''; }; @@ -344,7 +344,7 @@ in export GNUPGHOME=$old_gpg_home ''; type = types.lines; - description = '' + description = lib.mdDoc '' Additional shell commands inserted in the bootloader installer script after generating menu entries. ''; @@ -354,7 +354,7 @@ in default = ""; example = "root (hd0)"; type = types.lines; - description = '' + description = lib.mdDoc '' Additional GRUB commands inserted in the configuration file at the start of each NixOS menu entry. ''; @@ -379,7 +379,7 @@ in chainloader /efi/fedora/grubx64.efi } ''; - description = '' + description = lib.mdDoc '' Any additional entries you want added to the GRUB boot menu. ''; }; @@ -387,7 +387,7 @@ in extraEntriesBeforeNixOS = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether extraEntries are included before the default option. ''; }; @@ -398,10 +398,10 @@ in example = literalExpression '' { "memtest.bin" = "''${pkgs.memtest86plus}/memtest.bin"; } ''; - description = '' - A set of files to be copied to <filename>/boot</filename>. + description = lib.mdDoc '' + A set of files to be copied to {file}`/boot`. Each attribute name denotes the destination file name in - <filename>/boot</filename>, while the corresponding + {file}`/boot`, while the corresponding attribute value specifies the source file. ''; }; @@ -409,7 +409,7 @@ in useOSProber = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' If set to true, append entries for other OSs detected by os-prober. ''; }; @@ -503,7 +503,7 @@ in type = types.nullOr types.path; default = "${realGrub}/share/grub/unicode.pf2"; defaultText = literalExpression ''"''${pkgs.grub2}/share/grub/unicode.pf2"''; - description = '' + description = lib.mdDoc '' Path to a TrueType, OpenType, or pf2 font to be used by Grub. ''; }; @@ -512,8 +512,8 @@ in type = types.nullOr types.int; example = 16; default = null; - description = '' - Font size for the grub menu. Ignored unless <literal>font</literal> + description = lib.mdDoc '' + Font size for the grub menu. Ignored unless `font` is set to a ttf or otf font. ''; }; @@ -522,7 +522,7 @@ in default = "auto"; example = "1024x768"; type = types.str; - description = '' + description = lib.mdDoc '' The gfxmode to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -531,7 +531,7 @@ in default = "1024x768"; example = "auto"; type = types.str; - description = '' + description = lib.mdDoc '' The gfxmode to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -540,7 +540,7 @@ in default = "keep"; example = "text"; type = types.str; - description = '' + description = lib.mdDoc '' The gfxpayload to pass to GRUB when loading a graphical boot interface under EFI. ''; }; @@ -549,7 +549,7 @@ in default = "text"; example = "keep"; type = types.str; - description = '' + description = lib.mdDoc '' The gfxpayload to pass to GRUB when loading a graphical boot interface under BIOS. ''; }; @@ -558,7 +558,7 @@ in default = 100; example = 120; type = types.int; - description = '' + description = lib.mdDoc '' Maximum of configurations in boot menu. GRUB has problems when there are too many entries. ''; @@ -567,7 +567,7 @@ in copyKernels = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether the GRUB menu builder should copy kernels and initial ramdisks to /boot. This is done automatically if /boot is on a different partition than /. @@ -578,7 +578,7 @@ in default = "0"; type = types.either types.int types.str; apply = toString; - description = '' + description = lib.mdDoc '' Index of the default menu item to be booted. Can also be set to "saved", which will make GRUB select the menu item that was used at the last boot. @@ -588,13 +588,13 @@ in fsIdentifier = mkOption { default = "uuid"; type = types.enum [ "uuid" "label" "provided" ]; - description = '' + description = lib.mdDoc '' Determines how GRUB will identify devices when generating the configuration file. A value of uuid / label signifies that grub will always resolve the uuid or label of the device before using it in the configuration. A value of provided means that GRUB will - use the device name as show in <command>df</command> or - <command>mount</command>. Note, zfs zpools / datasets are ignored + use the device name as show in {command}`df` or + {command}`mount`. Note, zfs zpools / datasets are ignored and will always be mounted using their labels. ''; }; @@ -602,7 +602,7 @@ in zfsSupport = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether GRUB should be built against libzfs. ZFS support is only available for GRUB v2. This option is ignored for GRUB v1. @@ -612,7 +612,7 @@ in efiSupport = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether GRUB should be built with EFI support. EFI support is only available for GRUB v2. This option is ignored for GRUB v1. @@ -624,9 +624,9 @@ in type = types.bool; description = '' Whether to invoke <literal>grub-install</literal> with - <literal>--removable</literal>.</para> + <literal>--removable</literal>. - <para>Unless you turn this on, GRUB will install itself somewhere in + Unless you turn this on, GRUB will install itself somewhere in <literal>boot.loader.efi.efiSysMountPoint</literal> (exactly where depends on other config variables). If you've set <literal>boot.loader.efi.canTouchEfiVariables</literal> *AND* you @@ -637,14 +637,14 @@ in NVRAM will not be modified, and your system will not find GRUB at boot time. However, GRUB will still return success so you may miss the warning that gets printed ("<literal>efibootmgr: EFI variables - are not supported on this system.</literal>").</para> + are not supported on this system.</literal>"). - <para>If you turn this feature on, GRUB will install itself in a + If you turn this feature on, GRUB will install itself in a special location within <literal>efiSysMountPoint</literal> (namely <literal>EFI/boot/boot$arch.efi</literal>) which the firmwares - are hardcoded to try first, regardless of NVRAM EFI variables.</para> + are hardcoded to try first, regardless of NVRAM EFI variables. - <para>To summarize, turn this on if: + To summarize, turn this on if: <itemizedlist> <listitem><para>You are installing NixOS and want it to boot in UEFI mode, but you are currently booted in legacy mode</para></listitem> @@ -659,7 +659,7 @@ in enableCryptodisk = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enable support for encrypted partitions. GRUB should automatically unlock the correct encrypted partition and look for filesystems. ''; @@ -668,7 +668,7 @@ in forceInstall = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to try and forcibly install GRUB even if problems are detected. It is not recommended to enable this unless you know what you are doing. @@ -678,7 +678,7 @@ in forcei686 = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to force the use of a ia32 boot loader on x64 systems. Required to install and run NixOS on 64bit x86 systems with 32bit (U)EFI. ''; @@ -689,7 +689,7 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enable trusted boot. GRUB will measure all critical components during the boot process to offer TCG (TPM) support. ''; @@ -699,7 +699,7 @@ in default = ""; example = "YES_TPM_is_activated"; type = types.str; - description = '' + description = lib.mdDoc '' Assertion that the target system has an activated TPM. It is a safety check before allowing the activation of 'trustedBoot.enable'. TrustedBoot WILL FAIL TO BOOT YOUR SYSTEM if no TPM is available. @@ -709,7 +709,7 @@ in isHPLaptop = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Use a special version of TrustedGRUB that is needed by some HP laptops and works only for the HP laptops. ''; diff --git a/nixos/modules/system/boot/loader/grub/ipxe.nix b/nixos/modules/system/boot/loader/grub/ipxe.nix index ef8595592f41..adddcbee0164 100644 --- a/nixos/modules/system/boot/loader/grub/ipxe.nix +++ b/nixos/modules/system/boot/loader/grub/ipxe.nix @@ -28,7 +28,7 @@ in { boot.loader.grub.ipxe = mkOption { type = types.attrsOf (types.either types.path types.str); description = - '' + lib.mdDoc '' Set of iPXE scripts available for booting from the GRUB boot menu. ''; diff --git a/nixos/modules/system/boot/loader/grub/memtest.nix b/nixos/modules/system/boot/loader/grub/memtest.nix index 71e50dd0577e..150068e0e953 100644 --- a/nixos/modules/system/boot/loader/grub/memtest.nix +++ b/nixos/modules/system/boot/loader/grub/memtest.nix @@ -18,12 +18,12 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Make Memtest86+ (or MemTest86 if EFI support is enabled), a memory testing program, available from the GRUB boot menu. MemTest86 is an unfree program, so - this requires <literal>allowUnfree</literal> to be set to - <literal>true</literal>. + this requires `allowUnfree` to be set to + `true`. ''; }; diff --git a/nixos/modules/system/boot/loader/init-script/init-script.nix b/nixos/modules/system/boot/loader/init-script/init-script.nix index 374d9524ff1e..8287131d3213 100644 --- a/nixos/modules/system/boot/loader/init-script/init-script.nix +++ b/nixos/modules/system/boot/loader/init-script/init-script.nix @@ -24,7 +24,7 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Some systems require a /sbin/init script which is started. Or having it makes starting NixOS easier. This applies to some kind of hosting services and user mode linux. diff --git a/nixos/modules/system/boot/loader/loader.nix b/nixos/modules/system/boot/loader/loader.nix index 01475f79b9c2..0e33264271bf 100644 --- a/nixos/modules/system/boot/loader/loader.nix +++ b/nixos/modules/system/boot/loader/loader.nix @@ -12,7 +12,7 @@ with lib; boot.loader.timeout = mkOption { default = 5; type = types.nullOr types.int; - description = '' + description = lib.mdDoc '' Timeout (in seconds) until loader boots the default menu item. Use null if the loader menu should be displayed indefinitely. ''; }; diff --git a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix index 1023361f0b1f..426aa021c8bf 100644 --- a/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix +++ b/nixos/modules/system/boot/loader/raspberrypi/raspberrypi.nix @@ -48,10 +48,10 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to create files with the system generations in - <literal>/boot</literal>. - <literal>/boot/old</literal> will hold files from old generations. + `/boot`. + `/boot/old` will hold files from old generations. ''; }; @@ -65,7 +65,7 @@ in enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enable using uboot as bootmanager for the raspberry pi. ''; }; @@ -74,7 +74,7 @@ in default = 20; example = 10; type = types.int; - description = '' + description = lib.mdDoc '' Maximum number of configurations in the boot menu. ''; }; @@ -84,9 +84,9 @@ in firmwareConfig = mkOption { default = null; type = types.nullOr types.lines; - description = '' - Extra options that will be appended to <literal>/boot/config.txt</literal> file. - For possible values, see: https://www.raspberrypi.org/documentation/configuration/config-txt/ + description = lib.mdDoc '' + Extra options that will be appended to `/boot/config.txt` file. + For possible values, see: https://www.raspberrypi.com/documentation/computers/config_txt.html ''; }; }; diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py index aca6a1ca2cc2..77280a9680e3 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -264,8 +264,6 @@ def main() -> None: if installed_version < available_version: print("updating systemd-boot from %s to %s" % (installed_version, available_version)) subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "update"]) - else: - print("leaving systemd-boot %s in place (%s is not newer)" % (installed_version, available_version)) mkdir_p("@efiSysMountPoint@/efi/nixos") mkdir_p("@efiSysMountPoint@/loader/entries") diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 1a1dcaea9c89..baf0a9fe9c48 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -69,7 +69,7 @@ in { type = types.bool; - description = "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager"; + description = lib.mdDoc "Whether to enable the systemd-boot (formerly gummiboot) EFI boot manager"; }; editor = mkOption { @@ -77,7 +77,7 @@ in { type = types.bool; - description = '' + description = lib.mdDoc '' Whether to allow editing the kernel command-line before boot. It is recommended to set this to false, as it allows gaining root access by passing init=/bin/sh as a kernel @@ -90,11 +90,11 @@ in { default = null; example = 120; type = types.nullOr types.int; - description = '' + description = lib.mdDoc '' Maximum number of latest generations in the boot menu. Useful to prevent boot partition running out of disk space. - <literal>null</literal> means no limit i.e. all generations + `null` means no limit i.e. all generations that were not garbage collected yet. ''; }; @@ -134,21 +134,21 @@ in { enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Make MemTest86 available from the systemd-boot menu. MemTest86 is a program for testing memory. MemTest86 is an unfree program, so - this requires <literal>allowUnfree</literal> to be set to - <literal>true</literal>. + this requires `allowUnfree` to be set to + `true`. ''; }; entryFilename = mkOption { default = "memtest86.conf"; type = types.str; - description = '' - <literal>systemd-boot</literal> orders the menu entries by the config file names, + description = lib.mdDoc '' + `systemd-boot` orders the menu entries by the config file names, so if you want something to appear after all the NixOS entries, - it should start with <filename>o</filename> or onwards. + it should start with {file}`o` or onwards. ''; }; }; @@ -157,9 +157,9 @@ in { enable = mkOption { default = false; type = types.bool; - description = '' - Make <literal>netboot.xyz</literal> available from the - <literal>systemd-boot</literal> menu. <literal>netboot.xyz</literal> + description = lib.mdDoc '' + Make `netboot.xyz` available from the + `systemd-boot` menu. `netboot.xyz` is a menu system that allows you to boot OS installers and utilities over the network. ''; @@ -168,10 +168,10 @@ in { entryFilename = mkOption { default = "o_netbootxyz.conf"; type = types.str; - description = '' - <literal>systemd-boot</literal> orders the menu entries by the config file names, + description = lib.mdDoc '' + `systemd-boot` orders the menu entries by the config file names, so if you want something to appear after all the NixOS entries, - it should start with <filename>o</filename> or onwards. + it should start with {file}`o` or onwards. ''; }; }; @@ -185,15 +185,15 @@ in { efi /efi/memtest86/memtest86.efi '''; } ''; - description = '' - Any additional entries you want added to the <literal>systemd-boot</literal> menu. - These entries will be copied to <filename>/boot/loader/entries</filename>. + description = lib.mdDoc '' + Any additional entries you want added to the `systemd-boot` menu. + These entries will be copied to {file}`/boot/loader/entries`. Each attribute name denotes the destination file name, and the corresponding attribute value is the contents of the entry. - <literal>systemd-boot</literal> orders the menu entries by the config file names, + `systemd-boot` orders the menu entries by the config file names, so if you want something to appear after all the NixOS entries, - it should start with <filename>o</filename> or onwards. + it should start with {file}`o` or onwards. ''; }; @@ -203,10 +203,10 @@ in { example = literalExpression '' { "efi/memtest86/memtest86.efi" = "''${pkgs.memtest86-efi}/BOOTX64.efi"; } ''; - description = '' - A set of files to be copied to <filename>/boot</filename>. + description = lib.mdDoc '' + A set of files to be copied to {file}`/boot`. Each attribute name denotes the destination file name in - <filename>/boot</filename>, while the corresponding + {file}`/boot`, while the corresponding attribute value specifies the source file. ''; }; @@ -216,13 +216,13 @@ in { type = types.bool; - description = '' - Invoke <literal>bootctl install</literal> with the <literal>--graceful</literal> option, + description = lib.mdDoc '' + Invoke `bootctl install` with the `--graceful` option, which ignores errors when EFI variables cannot be written or when the EFI System Partition cannot be found. Currently only applies to random seed operations. - Only enable this option if <literal>systemd-boot</literal> otherwise fails to install, as the - scope or implication of the <literal>--graceful</literal> option may change in the future. + Only enable this option if `systemd-boot` otherwise fails to install, as the + scope or implication of the `--graceful` option may change in the future. ''; }; diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix index 4103a7af57cd..78301a57bd97 100644 --- a/nixos/modules/system/boot/luksroot.nix +++ b/nixos/modules/system/boot/luksroot.nix @@ -433,7 +433,7 @@ let echo "Please move your mouse to create needed randomness." ''} echo "Waiting for your FIDO2 device..." - fido2luks open ${dev.device} ${dev.name} ${dev.fido2.credential} --await-dev ${toString dev.fido2.gracePeriod} --salt string:$passphrase + fido2luks open${optionalString dev.allowDiscards " --allow-discards"} ${dev.device} ${dev.name} ${dev.fido2.credential} --await-dev ${toString dev.fido2.gracePeriod} --salt string:$passphrase if [ $? -ne 0 ]; then echo "No FIDO2 key found, falling back to normal open procedure" open_normally @@ -496,10 +496,10 @@ in boot.initrd.luks.mitigateDMAAttacks = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Unless enabled, encryption keys can be easily recovered by an attacker with physical access to any machine with PCMCIA, ExpressCard, ThunderBolt or FireWire port. - More information is available at <link xlink:href="http://en.wikipedia.org/wiki/DMA_attack"/>. + More information is available at <http://en.wikipedia.org/wiki/DMA_attack>. This option blacklists FireWire drivers, but doesn't remove them. You can manually load the drivers if you need to use a FireWire device, but don't forget to unload them! @@ -513,7 +513,7 @@ in "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "af_alg" "algif_skcipher" ]; - description = '' + description = lib.mdDoc '' A list of cryptographic kernel modules needed to decrypt the root device(s). The default includes all common modules. ''; @@ -548,11 +548,11 @@ in boot.initrd.luks.devices = mkOption { default = { }; example = { luksroot.device = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; }; - description = '' + description = lib.mdDoc '' The encrypted disk that should be opened before the root filesystem is mounted. Both LVM-over-LUKS and LUKS-over-LVM setups are supported. The unencrypted devices can be accessed as - <filename>/dev/mapper/<replaceable>name</replaceable></filename>. + {file}`/dev/mapper/«name»`. ''; type = with types; attrsOf (submodule ( @@ -569,14 +569,14 @@ in device = mkOption { example = "/dev/disk/by-uuid/430e9eff-d852-4f68-aa3b-2fa3599ebe08"; type = types.str; - description = "Path of the underlying encrypted block device."; + description = lib.mdDoc "Path of the underlying encrypted block device."; }; header = mkOption { default = null; example = "/root/header.img"; type = types.nullOr types.str; - description = '' + description = lib.mdDoc '' The name of the file or block device that should be used as header for the encrypted device. ''; @@ -586,7 +586,7 @@ in default = null; example = "/dev/sdb1"; type = types.nullOr types.str; - description = '' + description = lib.mdDoc '' The name of the file (can be a raw device or a partition) that should be used as the decryption key for the encrypted device. If not specified, you will be prompted for a passphrase instead. @@ -597,12 +597,12 @@ in default = null; example = 4096; type = types.nullOr types.int; - description = '' + description = lib.mdDoc '' The size of the key file. Use this if only the beginning of the key file should be used as a key (often the case if a raw device or partition is used as key file). If not specified, the whole - <literal>keyFile</literal> will be used decryption, instead of just - the first <literal>keyFileSize</literal> bytes. + `keyFile` will be used decryption, instead of just + the first `keyFileSize` bytes. ''; }; @@ -610,12 +610,12 @@ in default = null; example = 4096; type = types.nullOr types.int; - description = '' + description = lib.mdDoc '' The offset of the key file. Use this in combination with - <literal>keyFileSize</literal> to use part of a file as key file + `keyFileSize` to use part of a file as key file (often the case if a raw device or partition is used as a key file). If not specified, the key begins at the first byte of - <literal>keyFile</literal>. + `keyFile`. ''; }; @@ -623,13 +623,13 @@ in preLVM = mkOption { default = true; type = types.bool; - description = "Whether the luksOpen will be attempted before LVM scan or after it."; + description = lib.mdDoc "Whether the luksOpen will be attempted before LVM scan or after it."; }; allowDiscards = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to allow TRIM requests to the underlying device. This option has security implications; please read the LUKS documentation before activating it. @@ -641,10 +641,10 @@ in bypassWorkqueues = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to bypass dm-crypt's internal read and write workqueues. Enabling this should improve performance on SSDs; see - <link xlink:href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance">here</link> + [here](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Disable_workqueue_for_increased_solid_state_drive_(SSD)_performance) for more information. Needs Linux 5.9 or later. ''; }; @@ -652,7 +652,7 @@ in fallbackToPassword = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to fallback to interactive passphrase prompt if the keyfile cannot be found. This will prevent unattended boot should the keyfile go missing. @@ -661,7 +661,7 @@ in gpgCard = mkOption { default = null; - description = '' + description = lib.mdDoc '' The option to use this LUKS device with a GPG encrypted luks password by the GPG Smartcard. If null (the default), GPG-Smartcard will be disabled for this device. ''; @@ -671,17 +671,17 @@ in gracePeriod = mkOption { default = 10; type = types.int; - description = "Time in seconds to wait for the GPG Smartcard."; + description = lib.mdDoc "Time in seconds to wait for the GPG Smartcard."; }; encryptedPass = mkOption { type = types.path; - description = "Path to the GPG encrypted passphrase."; + description = lib.mdDoc "Path to the GPG encrypted passphrase."; }; publicKey = mkOption { type = types.path; - description = "Path to the Public Key."; + description = lib.mdDoc "Path to the Public Key."; }; }; }); @@ -692,29 +692,29 @@ in default = null; example = "f1d00200d8dc783f7fb1e10ace8da27f8312d72692abfca2f7e4960a73f48e82e1f7571f6ebfcee9fb434f9886ccc8fcc52a6614d8d2"; type = types.nullOr types.str; - description = "The FIDO2 credential ID."; + description = lib.mdDoc "The FIDO2 credential ID."; }; gracePeriod = mkOption { default = 10; type = types.int; - description = "Time in seconds to wait for the FIDO2 key."; + description = lib.mdDoc "Time in seconds to wait for the FIDO2 key."; }; passwordLess = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Defines whatever to use an empty string as a default salt. - Enable only when your device is PIN protected, such as <link xlink:href="https://trezor.io/">Trezor</link>. + Enable only when your device is PIN protected, such as [Trezor](https://trezor.io/). ''; }; }; yubikey = mkOption { default = null; - description = '' + description = lib.mdDoc '' The options to use for this LUKS device in YubiKey-PBA. If null (the default), YubiKey-PBA will be disabled for this device. ''; @@ -724,37 +724,37 @@ in twoFactor = mkOption { default = true; type = types.bool; - description = "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false)."; + description = lib.mdDoc "Whether to use a passphrase and a YubiKey (true), or only a YubiKey (false)."; }; slot = mkOption { default = 2; type = types.int; - description = "Which slot on the YubiKey to challenge."; + description = lib.mdDoc "Which slot on the YubiKey to challenge."; }; saltLength = mkOption { default = 16; type = types.int; - description = "Length of the new salt in byte (64 is the effective maximum)."; + description = lib.mdDoc "Length of the new salt in byte (64 is the effective maximum)."; }; keyLength = mkOption { default = 64; type = types.int; - description = "Length of the LUKS slot key derived with PBKDF2 in byte."; + description = lib.mdDoc "Length of the LUKS slot key derived with PBKDF2 in byte."; }; iterationStep = mkOption { default = 0; type = types.int; - description = "How much the iteration count for PBKDF2 is increased at each successful authentication."; + description = lib.mdDoc "How much the iteration count for PBKDF2 is increased at each successful authentication."; }; gracePeriod = mkOption { default = 10; type = types.int; - description = "Time in seconds to wait for the YubiKey."; + description = lib.mdDoc "Time in seconds to wait for the YubiKey."; }; /* TODO: Add to the documentation of the current module: @@ -765,7 +765,7 @@ in device = mkOption { default = "/dev/sda1"; type = types.path; - description = '' + description = lib.mdDoc '' An unencrypted device that will temporarily be mounted in stage-1. Must contain the current salt to create the challenge for this LUKS device. ''; @@ -774,13 +774,13 @@ in fsType = mkOption { default = "vfat"; type = types.str; - description = "The filesystem of the unencrypted device."; + description = lib.mdDoc "The filesystem of the unencrypted device."; }; path = mkOption { default = "/crypt-storage/default"; type = types.str; - description = '' + description = lib.mdDoc '' Absolute path of the salt on the unencrypted device with that device's root directory as "/". ''; @@ -797,7 +797,7 @@ in mkdir -p /tmp/persistent mount -t zfs rpool/safe/persistent /tmp/persistent ''; - description = '' + description = lib.mdDoc '' Commands that should be run right before we try to mount our LUKS device. This can be useful, if the keys needed to open the drive is on another partion. ''; @@ -809,7 +809,7 @@ in example = '' umount /tmp/persistent ''; - description = '' + description = lib.mdDoc '' Commands that should be run right after we have mounted our LUKS device. ''; }; @@ -832,7 +832,7 @@ in boot.initrd.luks.gpgSupport = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enables support for authenticating with a GPG encrypted password. ''; }; @@ -840,7 +840,7 @@ in boot.initrd.luks.yubikeySupport = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enables support for authenticating with a YubiKey on LUKS devices. See the NixOS wiki for information on how to properly setup a LUKS device and a YubiKey to work with this feature. @@ -850,7 +850,7 @@ in boot.initrd.luks.fido2Support = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Enables support for authenticating with FIDO2 devices. ''; }; diff --git a/nixos/modules/system/boot/modprobe.nix b/nixos/modules/system/boot/modprobe.nix index 21be18ef866e..4438afe4b3da 100644 --- a/nixos/modules/system/boot/modprobe.nix +++ b/nixos/modules/system/boot/modprobe.nix @@ -12,7 +12,7 @@ with lib; type = types.listOf types.str; default = []; example = [ "cirrusfb" "i2c_piix4" ]; - description = '' + description = lib.mdDoc '' List of names of kernel modules that should not be loaded automatically by the hardware probing code. ''; diff --git a/nixos/modules/system/boot/networkd.nix b/nixos/modules/system/boot/networkd.nix index 0336930b3ab7..dd4c63ab7256 100644 --- a/nixos/modules/system/boot/networkd.nix +++ b/nixos/modules/system/boot/networkd.nix @@ -452,13 +452,16 @@ let "AllMulticast" "Unmanaged" "RequiredForOnline" + "RequiredFamilyForOnline" "ActivationPolicy" + "Promiscuous" ]) (assertMacAddress "MACAddress") (assertByteFormat "MTUBytes") (assertValueOneOf "ARP" boolValues) (assertValueOneOf "Multicast" boolValues) (assertValueOneOf "AllMulticast" boolValues) + (assertValueOneOf "Promiscuous" boolValues) (assertValueOneOf "Unmanaged" boolValues) (assertValueOneOf "RequiredForOnline" (boolValues ++ [ "missing" @@ -471,6 +474,12 @@ let "enslaved" "routable" ])) + (assertValueOneOf "RequiredFamilyForOnline" [ + "ipv4" + "ipv6" + "both" + "any" + ]) (assertValueOneOf "ActivationPolicy" ([ "up" "always-up" @@ -876,8 +885,8 @@ let enable = mkOption { default = true; type = types.bool; - description = '' - Whether to manage network configuration using <command>systemd-network</command>. + description = lib.mdDoc '' + Whether to manage network configuration using {command}`systemd-network`. ''; }; @@ -885,12 +894,12 @@ let default = {}; example = { Name = "eth0"; }; type = types.attrsOf unitOption; - description = '' + description = lib.mdDoc '' Each attribute in this set specifies an option in the - <literal>[Match]</literal> section of the unit. See - <citerefentry><refentrytitle>systemd.link</refentrytitle><manvolnum>5</manvolnum></citerefentry> - <citerefentry><refentrytitle>systemd.netdev</refentrytitle><manvolnum>5</manvolnum></citerefentry> - <citerefentry><refentrytitle>systemd.network</refentrytitle><manvolnum>5</manvolnum></citerefentry> + `[Match]` section of the unit. See + {manpage}`systemd.link(5)` + {manpage}`systemd.netdev(5)` + {manpage}`systemd.network(5)` for details. ''; }; @@ -898,7 +907,7 @@ let extraConfig = mkOption { default = ""; type = types.lines; - description = "Extra configuration append to unit"; + description = lib.mdDoc "Extra configuration append to unit"; }; }; @@ -945,8 +954,8 @@ let enable = mkOption { default = true; type = types.bool; - description = '' - Whether to enable this .link unit. It's handled by udev no matter if <command>systemd-networkd</command> is enabled or not + description = lib.mdDoc '' + Whether to enable this .link unit. It's handled by udev no matter if {command}`systemd-networkd` is enabled or not ''; }; @@ -1161,8 +1170,7 @@ let <citerefentry><refentrytitle>systemd.netdev</refentrytitle> <manvolnum>5</manvolnum></citerefentry> for details. A detailed explanation about how VRFs work can be found in the - <link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel - docs</link>. + <link xlink:href="https://www.kernel.org/doc/Documentation/networking/vrf.txt">kernel docs</link>. ''; }; @@ -1379,7 +1387,7 @@ let dhcpServerStaticLeases = mkOption { default = []; - example = [ { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; } ]; + example = [ { dhcpServerStaticLeaseConfig = { MACAddress = "65:43:4a:5b:d8:5f"; Address = "192.168.1.42"; }; } ]; type = with types; listOf (submodule dhcpServerStaticLeaseOptions); description = '' A list of DHCPServerStaticLease sections to be added to the unit. See @@ -1390,7 +1398,7 @@ let ipv6Prefixes = mkOption { default = []; - example = [ { AddressAutoconfiguration = true; OnLink = true; } ]; + example = [ { ipv6PrefixConfig = { AddressAutoconfiguration = true; OnLink = true; }; } ]; type = with types; listOf (submodule ipv6PrefixOptions); description = '' A list of ipv6Prefix sections to be added to the unit. See @@ -1402,7 +1410,7 @@ let name = mkOption { type = types.nullOr types.str; default = null; - description = '' + description = lib.mdDoc '' The name of the network interface to match against. ''; }; @@ -1410,7 +1418,7 @@ let DHCP = mkOption { type = types.nullOr types.str; default = null; - description = '' + description = lib.mdDoc '' Whether to enable DHCP on the interfaces matched. ''; }; @@ -1418,7 +1426,7 @@ let domains = mkOption { type = types.nullOr (types.listOf types.str); default = null; - description = '' + description = lib.mdDoc '' A list of domains to pass to the network config. ''; }; @@ -1605,7 +1613,7 @@ let default = true; example = false; type = types.bool; - description = '' + description = lib.mdDoc '' If true and routeTables are set, then the specified route tables will also be installed into /etc/iproute2/rt_tables. ''; @@ -1825,7 +1833,7 @@ in systemd.network.enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable networkd or not. ''; }; @@ -1833,25 +1841,25 @@ in systemd.network.links = mkOption { default = {}; type = with types; attrsOf (submodule [ { options = linkOptions; } ]); - description = "Definition of systemd network links."; + description = lib.mdDoc "Definition of systemd network links."; }; systemd.network.netdevs = mkOption { default = {}; type = with types; attrsOf (submodule [ { options = netdevOptions; } ]); - description = "Definition of systemd network devices."; + description = lib.mdDoc "Definition of systemd network devices."; }; systemd.network.networks = mkOption { default = {}; type = with types; attrsOf (submodule [ { options = networkOptions; } networkConfig ]); - description = "Definition of systemd networks."; + description = lib.mdDoc "Definition of systemd networks."; }; systemd.network.config = mkOption { default = {}; type = with types; submodule [ { options = networkdOptions; } networkdConfig ]; - description = "Definition of global systemd network config."; + description = lib.mdDoc "Definition of global systemd network config."; }; systemd.network.units = mkOption { @@ -1869,7 +1877,7 @@ in systemd.network.wait-online = { anyInterface = mkOption { - description = '' + description = lib.mdDoc '' Whether to consider the network online when any interface is online, as opposed to all of them. This is useful on portable machines with a wired and a wireless interface, for example. ''; @@ -1878,7 +1886,7 @@ in }; ignoredInterfaces = mkOption { - description = '' + description = lib.mdDoc '' Network interfaces to be ignored when deciding if the system is online. ''; type = with types; listOf str; @@ -1887,7 +1895,7 @@ in }; timeout = mkOption { - description = '' + description = lib.mdDoc '' Time to wait for the network to come online, in seconds. Set to 0 to disable. ''; type = types.ints.unsigned; @@ -1896,13 +1904,11 @@ in }; extraArgs = mkOption { - description = '' + description = lib.mdDoc '' Extra command-line arguments to pass to systemd-networkd-wait-online. - These also affect per-interface <literal>systemd-network-wait-online@</literal> services. + These also affect per-interface `systemd-network-wait-online@` services. - See <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html"> - <citerefentry><refentrytitle>systemd-networkd-wait-online.service</refentrytitle><manvolnum>8</manvolnum> - </citerefentry></link> for all available options. + See [{manpage}`systemd-networkd-wait-online.service(8)`](https://www.freedesktop.org/software/systemd/man/systemd-networkd-wait-online.service.html) for all available options. ''; type = with types; listOf str; default = []; diff --git a/nixos/modules/system/boot/plymouth.nix b/nixos/modules/system/boot/plymouth.nix index 59037d4e6b4d..366d6ee43286 100644 --- a/nixos/modules/system/boot/plymouth.nix +++ b/nixos/modules/system/boot/plymouth.nix @@ -68,7 +68,7 @@ in default = "${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"; defaultText = literalExpression ''"''${pkgs.dejavu_fonts.minimal}/share/fonts/truetype/DejaVuSans.ttf"''; type = types.path; - description = '' + description = lib.mdDoc '' Font file made available for displaying text on the splash screen. ''; }; @@ -81,7 +81,7 @@ in <literal>[ ]</literal>. ''; type = types.listOf types.package; - description = '' + description = lib.mdDoc '' Extra theme packages for plymouth. ''; }; @@ -89,7 +89,7 @@ in theme = mkOption { default = "bgrt"; type = types.str; - description = '' + description = lib.mdDoc '' Splash screen theme. ''; }; @@ -102,7 +102,7 @@ in url = "https://nixos.org/logo/nixos-hires.png"; sha256 = "1ivzgd7iz0i06y36p8m5w48fd8pjqwxhdaavc0pxs7w1g7mcy5si"; }''; - description = '' + description = lib.mdDoc '' Logo which is displayed on the splash screen. ''; }; @@ -110,8 +110,8 @@ in extraConfig = mkOption { type = types.lines; default = ""; - description = '' - Literal string to append to <literal>configFile</literal> + description = lib.mdDoc '' + Literal string to append to `configFile` and the config file generated by the plymouth module. ''; }; diff --git a/nixos/modules/system/boot/resolved.nix b/nixos/modules/system/boot/resolved.nix index 21d3fab2f35d..0ab2a875975d 100644 --- a/nixos/modules/system/boot/resolved.nix +++ b/nixos/modules/system/boot/resolved.nix @@ -1,4 +1,4 @@ -{ config, lib, ... }: +{ config, lib, pkgs, ... }: with lib; let @@ -15,7 +15,7 @@ in services.resolved.enable = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable the systemd DNS resolver daemon. ''; }; @@ -24,7 +24,7 @@ in default = [ ]; example = [ "8.8.8.8" "2001:4860:4860::8844" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' A list of IPv4 and IPv6 addresses to use as the fallback DNS servers. If this option is empty, a compiled-in list of DNS servers is used instead. ''; @@ -35,7 +35,7 @@ in defaultText = literalExpression "config.networking.search"; example = [ "example.com" ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' A list of domains. These domains are used as search suffixes when resolving single-label host names (domain names which contain no dot), in order to qualify them into fully-qualified @@ -43,7 +43,7 @@ in For compatibility reasons, if this setting is not specified, the search domains listed in - <filename>/etc/resolv.conf</filename> are used instead, if + {file}`/etc/resolv.conf` are used instead, if that file exists and any domains are configured in it. ''; }; @@ -52,32 +52,14 @@ in default = "true"; example = "false"; type = types.enum [ "true" "resolve" "false" ]; - description = '' + description = lib.mdDoc '' Controls Link-Local Multicast Name Resolution support (RFC 4795) on the local host. If set to - - <variablelist> - <varlistentry> - <term><literal>"true"</literal></term> - <listitem><para> - Enables full LLMNR responder and resolver support. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"false"</literal></term> - <listitem><para> - Disables both. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"resolve"</literal></term> - <listitem><para> - Only resolution support is enabled, but responding is disabled. - </para></listitem> - </varlistentry> - </variablelist> + - `"true"`: Enables full LLMNR responder and resolver support. + - `"false"`: Disables both. + - `"resolve"`: Only resolution support is enabled, but responding is disabled. ''; }; @@ -85,21 +67,14 @@ in default = "allow-downgrade"; example = "true"; type = types.enum [ "true" "allow-downgrade" "false" ]; - description = '' + description = lib.mdDoc '' If set to - <variablelist> - <varlistentry> - <term><literal>"true"</literal></term> - <listitem><para> + - `"true"`: all DNS lookups are DNSSEC-validated locally (excluding LLMNR and Multicast DNS). Note that this mode requires a DNS server that supports DNSSEC. If the DNS server does not properly support DNSSEC all validations will fail. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"allow-downgrade"</literal></term> - <listitem><para> + - `"allow-downgrade"`: DNSSEC validation is attempted, but if the server does not support DNSSEC properly, DNSSEC mode is automatically disabled. Note that this mode makes DNSSEC validation @@ -107,22 +82,14 @@ in be able to trigger a downgrade to non-DNSSEC mode by synthesizing a DNS response that suggests DNSSEC was not supported. - </para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"false"</literal></term> - <listitem><para> - DNS lookups are not DNSSEC validated. - </para></listitem> - </varlistentry> - </variablelist> + - `"false"`: DNS lookups are not DNSSEC validated. ''; }; services.resolved.extraConfig = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Extra config to append to resolved.conf. ''; }; @@ -178,6 +145,8 @@ in # If networkmanager is enabled, ask it to interface with resolved. networking.networkmanager.dns = "systemd-resolved"; + networking.resolvconf.package = pkgs.systemd; + }; } diff --git a/nixos/modules/system/boot/stage-1.nix b/nixos/modules/system/boot/stage-1.nix index e35ccff29078..ec2f3d18c685 100644 --- a/nixos/modules/system/boot/stage-1.nix +++ b/nixos/modules/system/boot/stage-1.nix @@ -480,7 +480,7 @@ in if you want to resume from file. If left empty, the swap partitions are used. Specify here the device where the file resides. You should also use <varname>boot.kernelParams</varname> to specify - <literal><replaceable>resume_offset</replaceable></literal>. + <literal>«resume_offset»</literal>. ''; }; @@ -488,7 +488,7 @@ in type = types.bool; default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; - description = '' + description = lib.mdDoc '' Whether to enable the NixOS initial RAM disk (initrd). This may be needed to perform some initialisation tasks (like mounting network/encrypted file systems) before continuing the boot process. @@ -502,11 +502,11 @@ in options = { source = mkOption { type = types.package; - description = "The object to make available inside the initrd."; + description = lib.mdDoc "The object to make available inside the initrd."; }; }; }); - description = '' + description = lib.mdDoc '' Extra files to link and copy in to the initrd. ''; }; @@ -514,7 +514,7 @@ in boot.initrd.prepend = mkOption { default = [ ]; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' Other initrd files to prepend to the final initrd we are building. ''; }; @@ -522,15 +522,15 @@ in boot.initrd.checkJournalingFS = mkOption { default = true; type = types.bool; - description = '' - Whether to run <command>fsck</command> on journaling filesystems such as ext3. + description = lib.mdDoc '' + Whether to run {command}`fsck` on journaling filesystems such as ext3. ''; }; boot.initrd.preLVMCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed immediately before LVM discovery. ''; }; @@ -538,7 +538,7 @@ in boot.initrd.preDeviceCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed before udev is started to create device nodes. ''; @@ -547,17 +547,17 @@ in boot.initrd.postDeviceCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed immediately after stage 1 of the boot has loaded kernel modules and created device nodes in - <filename>/dev</filename>. + {file}`/dev`. ''; }; boot.initrd.postMountCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed immediately after the stage 1 filesystems have been mounted. ''; @@ -566,7 +566,7 @@ in boot.initrd.preFailCommands = mkOption { default = ""; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed before the failure prompt is shown. ''; }; @@ -630,14 +630,14 @@ in boot.initrd.compressorArgs = mkOption { default = null; type = types.nullOr (types.listOf types.str); - description = "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults."; + description = lib.mdDoc "Arguments to pass to the compressor for the initrd image, or null to use the compressor's defaults."; }; boot.initrd.secrets = mkOption { default = {}; type = types.attrsOf (types.nullOr types.path); description = - '' + lib.mdDoc '' Secrets to append to the initrd. The attribute name is the path the secret should have inside the initrd, the value is the path it should be copied from (or null for the same @@ -655,7 +655,7 @@ in default = [ ]; example = [ "btrfs" ]; type = types.listOf types.str; - description = "Names of supported filesystem types in the initial ramdisk."; + description = lib.mdDoc "Names of supported filesystem types in the initial ramdisk."; }; boot.initrd.verbose = mkOption { @@ -692,12 +692,12 @@ in options.neededForBoot = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' If set, this file system will be mounted in the initial ramdisk. Note that the file system will always be mounted in the initial ramdisk if its mount point is one of the following: ${concatStringsSep ", " ( - forEach utils.pathsNeededForBoot (i: "<filename>${i}</filename>") + forEach utils.pathsNeededForBoot (i: "{file}`${i}`") )}. ''; }; diff --git a/nixos/modules/system/boot/stage-2.nix b/nixos/modules/system/boot/stage-2.nix index f6461daf3116..6b4193ea2967 100644 --- a/nixos/modules/system/boot/stage-2.nix +++ b/nixos/modules/system/boot/stage-2.nix @@ -37,7 +37,7 @@ in default = ""; example = "rm -f /var/log/messages"; type = types.lines; - description = '' + description = lib.mdDoc '' Shell commands to be executed just before systemd is started. ''; }; @@ -45,7 +45,7 @@ in systemdExecutable = mkOption { default = "/run/current-system/systemd/lib/systemd/systemd"; type = types.str; - description = '' + description = lib.mdDoc '' The program to execute to start systemd. ''; }; @@ -53,7 +53,7 @@ in extraSystemdUnitPaths = mkOption { default = []; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' Additional paths that get appended to the SYSTEMD_UNIT_PATH environment variable that can contain mutable unit files. ''; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 645fbc2b713a..35280ee07366 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -177,11 +177,11 @@ in default = pkgs.systemd; defaultText = literalExpression "pkgs.systemd"; type = types.package; - description = "The systemd package."; + description = lib.mdDoc "The systemd package."; }; systemd.units = mkOption { - description = "Definition of systemd units."; + description = lib.mdDoc "Definition of systemd units."; default = {}; type = systemdUtils.types.units; }; @@ -190,43 +190,43 @@ in default = []; type = types.listOf types.package; example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]"; - description = "Packages providing systemd units and hooks."; + description = lib.mdDoc "Packages providing systemd units and hooks."; }; systemd.targets = mkOption { default = {}; type = systemdUtils.types.targets; - description = "Definition of systemd target units."; + description = lib.mdDoc "Definition of systemd target units."; }; systemd.services = mkOption { default = {}; type = systemdUtils.types.services; - description = "Definition of systemd service units."; + description = lib.mdDoc "Definition of systemd service units."; }; systemd.sockets = mkOption { default = {}; type = systemdUtils.types.sockets; - description = "Definition of systemd socket units."; + description = lib.mdDoc "Definition of systemd socket units."; }; systemd.timers = mkOption { default = {}; type = systemdUtils.types.timers; - description = "Definition of systemd timer units."; + description = lib.mdDoc "Definition of systemd timer units."; }; systemd.paths = mkOption { default = {}; type = systemdUtils.types.paths; - description = "Definition of systemd path units."; + description = lib.mdDoc "Definition of systemd path units."; }; systemd.mounts = mkOption { default = []; type = systemdUtils.types.mounts; - description = '' + description = lib.mdDoc '' Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -236,7 +236,7 @@ in systemd.automounts = mkOption { default = []; type = systemdUtils.types.automounts; - description = '' + description = lib.mdDoc '' Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -246,41 +246,41 @@ in systemd.slices = mkOption { default = {}; type = systemdUtils.types.slices; - description = "Definition of slice configurations."; + description = lib.mdDoc "Definition of slice configurations."; }; systemd.generators = mkOption { type = types.attrsOf types.path; default = {}; example = { systemd-gpt-auto-generator = "/dev/null"; }; - description = '' + description = lib.mdDoc '' Definition of systemd generators. - For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from - <literal>/etc/systemd/system-generators/NAME</literal> to <literal>VALUE</literal>. + For each `NAME = VALUE` pair of the attrSet, a link is generated from + `/etc/systemd/system-generators/NAME` to `VALUE`. ''; }; systemd.shutdown = mkOption { type = types.attrsOf types.path; default = {}; - description = '' + description = lib.mdDoc '' Definition of systemd shutdown executables. - For each <literal>NAME = VALUE</literal> pair of the attrSet, a link is generated from - <literal>/etc/systemd/system-shutdown/NAME</literal> to <literal>VALUE</literal>. + For each `NAME = VALUE` pair of the attrSet, a link is generated from + `/etc/systemd/system-shutdown/NAME` to `VALUE`. ''; }; systemd.defaultUnit = mkOption { default = "multi-user.target"; type = types.str; - description = "Default unit started when the system boots."; + description = lib.mdDoc "Default unit started when the system boots."; }; systemd.ctrlAltDelUnit = mkOption { default = "reboot.target"; type = types.str; example = "poweroff.target"; - description = '' + description = lib.mdDoc '' Target that should be started when Ctrl-Alt-Delete is pressed. ''; }; @@ -289,8 +289,8 @@ in type = with types; attrsOf (nullOr (oneOf [ str path package ])); default = {}; example = { TZ = "CET"; }; - description = '' - Environment variables passed to <emphasis>all</emphasis> systemd units. + description = lib.mdDoc '' + Environment variables passed to *all* systemd units. ''; }; @@ -298,16 +298,16 @@ in type = with types; attrsOf (nullOr (oneOf [ str path package ])); default = {}; example = { SYSTEMD_LOG_LEVEL = "debug"; }; - description = '' + description = lib.mdDoc '' Environment variables of PID 1. These variables are - <emphasis>not</emphasis> passed to started units. + *not* passed to started units. ''; }; systemd.enableCgroupAccounting = mkOption { default = true; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable cgroup accounting. ''; }; @@ -315,7 +315,7 @@ in systemd.enableUnifiedCgroupHierarchy = mkOption { default = true; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable the unified cgroup hierarchy (cgroupsv2). ''; }; @@ -324,7 +324,7 @@ in default = ""; type = types.lines; example = "DefaultLimitCORE=infinity"; - description = '' + description = lib.mdDoc '' Extra config options for systemd. See man systemd-system.conf for available options. ''; @@ -334,7 +334,7 @@ in default = ""; type = types.lines; example = "HibernateDelaySec=1h"; - description = '' + description = lib.mdDoc '' Extra config options for systemd sleep state logic. See sleep.conf.d(5) man page for available options. ''; @@ -344,7 +344,7 @@ in default = [ ]; type = types.listOf types.str; example = [ "debug-shell.service" "systemd-quotacheck.service" ]; - description = '' + description = lib.mdDoc '' Additional units shipped with systemd that shall be enabled. ''; }; @@ -353,10 +353,10 @@ in default = [ ]; type = types.listOf types.str; example = [ "systemd-backlight@.service" ]; - description = '' + description = lib.mdDoc '' A list of units to skip when generating system systemd configuration directory. This has - priority over upstream units, <option>systemd.units</option>, and - <option>systemd.additionalUpstreamSystemUnits</option>. The main purpose of this is to + priority over upstream units, {option}`systemd.units`, and + {option}`systemd.additionalUpstreamSystemUnits`. The main purpose of this is to prevent a upstream systemd unit from being added to the initrd with any modifications made to it by other NixOS modules. ''; @@ -366,7 +366,7 @@ in type = types.nullOr types.path; default = null; example = "/dev/watchdog"; - description = '' + description = lib.mdDoc '' The path to a hardware watchdog device which will be managed by systemd. If not specified, systemd will default to /dev/watchdog. ''; @@ -376,7 +376,7 @@ in type = types.nullOr types.str; default = null; example = "30s"; - description = '' + description = lib.mdDoc '' The amount of time which can elapse before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w". @@ -387,7 +387,7 @@ in type = types.nullOr types.str; default = null; example = "10m"; - description = '' + description = lib.mdDoc '' The amount of time which can elapse after a reboot has been triggered before a watchdog hardware device will automatically reboot the system. Valid time units include "ms", "s", "min", "h", "d", and "w". @@ -398,7 +398,7 @@ in type = types.nullOr types.str; default = null; example = "10m"; - description = '' + description = lib.mdDoc '' The amount of time which can elapse when kexec is being executed before a watchdog hardware device will automatically reboot the system. This option should only be enabled if reloadTime is also enabled. Valid @@ -592,6 +592,12 @@ in systemd.services.systemd-importd.environment = proxy_env; systemd.services.systemd-pstore.wantedBy = [ "sysinit.target" ]; # see #81138 + # NixOS has kernel modules in a different location, so override that here. + systemd.services.kmod-static-nodes.unitConfig.ConditionFileNotEmpty = [ + "" # required to unset the previous value! + "/run/booted-system/kernel-modules/lib/modules/%v/modules.devname" + ]; + # Don't bother with certain units in containers. systemd.services.systemd-remount-fs.unitConfig.ConditionVirtualization = "!container"; systemd.services.systemd-random-seed.unitConfig.ConditionVirtualization = "!container"; diff --git a/nixos/modules/system/boot/systemd/coredump.nix b/nixos/modules/system/boot/systemd/coredump.nix index b6ee2cff1f9a..c2ca973d3807 100644 --- a/nixos/modules/system/boot/systemd/coredump.nix +++ b/nixos/modules/system/boot/systemd/coredump.nix @@ -10,9 +10,9 @@ in { systemd.coredump.enable = mkOption { default = true; type = types.bool; - description = '' + description = lib.mdDoc '' Whether core dumps should be processed by - <command>systemd-coredump</command>. If disabled, core dumps + {command}`systemd-coredump`. If disabled, core dumps appear in the current directory of the crashing process. ''; }; @@ -21,37 +21,44 @@ in { default = ""; type = types.lines; example = "Storage=journal"; - description = '' + description = lib.mdDoc '' Extra config options for systemd-coredump. See coredump.conf(5) man page for available options. ''; }; }; - config = { - systemd.additionalUpstreamSystemUnits = [ - "systemd-coredump.socket" - "systemd-coredump@.service" - ]; - - environment.etc = { - "systemd/coredump.conf".text = - '' - [Coredump] - ${cfg.extraConfig} - ''; + config = mkMerge [ - # install provided sysctl snippets - "sysctl.d/50-coredump.conf".source = "${systemd}/example/sysctl.d/50-coredump.conf"; - "sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf"; - }; + (mkIf cfg.enable { + systemd.additionalUpstreamSystemUnits = [ + "systemd-coredump.socket" + "systemd-coredump@.service" + ]; - users.users.systemd-coredump = { - uid = config.ids.uids.systemd-coredump; - group = "systemd-coredump"; - }; - users.groups.systemd-coredump = {}; + environment.etc = { + "systemd/coredump.conf".text = + '' + [Coredump] + ${cfg.extraConfig} + ''; + + # install provided sysctl snippets + "sysctl.d/50-coredump.conf".source = "${systemd}/example/sysctl.d/50-coredump.conf"; + "sysctl.d/50-default.conf".source = "${systemd}/example/sysctl.d/50-default.conf"; + }; + + users.users.systemd-coredump = { + uid = config.ids.uids.systemd-coredump; + group = "systemd-coredump"; + }; + users.groups.systemd-coredump = {}; + }) + + (mkIf (!cfg.enable) { + boot.kernel.sysctl."kernel.core_pattern" = mkDefault "core"; + }) + + ]; - boot.kernel.sysctl."kernel.core_pattern" = mkIf (!cfg.enable) "core"; - }; } diff --git a/nixos/modules/system/boot/systemd/initrd.nix b/nixos/modules/system/boot/systemd/initrd.nix index b49312c924b5..888653469ed7 100644 --- a/nixos/modules/system/boot/systemd/initrd.nix +++ b/nixos/modules/system/boot/systemd/initrd.nix @@ -103,7 +103,8 @@ let fstab = pkgs.writeText "initrd-fstab" (lib.concatMapStringsSep "\n" ({ fsType, mountPoint, device, options, autoFormat, autoResize, ... }@fs: let opts = options ++ optional autoFormat "x-systemd.makefs" ++ optional autoResize "x-systemd.growfs"; - in "${device} /sysroot${mountPoint} ${fsType} ${lib.concatStringsSep "," opts}") fileSystems); + finalDevice = if (lib.elem "bind" options) then "/sysroot${device}" else device; + in "${finalDevice} /sysroot${mountPoint} ${fsType} ${lib.concatStringsSep "," opts}") fileSystems); needMakefs = lib.any (fs: fs.autoFormat) fileSystems; needGrowfs = lib.any (fs: fs.autoResize) fileSystems; @@ -129,6 +130,7 @@ let initialRamdisk = pkgs.makeInitrdNG { name = "initrd-${kernel-name}"; inherit (config.boot.initrd) compressor compressorArgs prepend; + inherit (cfg) strip; contents = map (path: { object = path; symlink = ""; }) (subtractLists cfg.suppressedStorePaths cfg.storePaths) ++ mapAttrsToList (_: v: { object = v.source; symlink = v.target; }) (filterAttrs (_: v: v.enable) cfg.contents); @@ -150,7 +152,7 @@ in { }; contents = mkOption { - description = "Set of files that have to be linked into the initrd"; + description = lib.mdDoc "Set of files that have to be linked into the initrd"; example = literalExpression '' { "/etc/hostname".text = "mymachine"; @@ -162,15 +164,28 @@ in { }; storePaths = mkOption { - description = '' + description = lib.mdDoc '' Store paths to copy into the initrd as well. ''; type = with types; listOf (oneOf [ singleLineStr package ]); default = []; }; + strip = mkOption { + description = lib.mdDoc '' + Whether to completely strip executables and libraries copied to the initramfs. + + Setting this to false may save on the order of 30MiB on the + machine building the system (by avoiding a binutils + reference), at the cost of ~1MiB of initramfs size. This puts + this option firmly in the territory of micro-optimisation. + ''; + type = types.bool; + default = true; + }; + extraBin = mkOption { - description = '' + description = lib.mdDoc '' Tools to add to /bin ''; example = literalExpression '' @@ -183,7 +198,7 @@ in { }; suppressedStorePaths = mkOption { - description = '' + description = lib.mdDoc '' Store paths specified in the storePaths option that should not be copied. ''; @@ -192,9 +207,9 @@ in { }; emergencyAccess = mkOption { - type = with types; oneOf [ bool singleLineStr ]; + type = with types; oneOf [ bool (nullOr (passwdEntry str)) ]; visible = false; - description = '' + description = lib.mdDoc '' Set to true for unauthenticated emergency access, and false for no emergency access. @@ -208,7 +223,7 @@ in { type = types.listOf types.package; default = []; visible = false; - description = '' + description = lib.mdDoc '' Packages to include in /bin for the stage 1 emergency shell. ''; }; @@ -218,7 +233,7 @@ in { type = types.listOf types.str; visible = false; example = [ "debug-shell.service" "systemd-quotacheck.service" ]; - description = '' + description = lib.mdDoc '' Additional units shipped with systemd that shall be enabled. ''; }; @@ -228,17 +243,17 @@ in { type = types.listOf types.str; example = [ "systemd-backlight@.service" ]; visible = false; - description = '' + description = lib.mdDoc '' A list of units to skip when generating system systemd configuration directory. This has - priority over upstream units, <option>boot.initrd.systemd.units</option>, and - <option>boot.initrd.systemd.additionalUpstreamUnits</option>. The main purpose of this is to + priority over upstream units, {option}`boot.initrd.systemd.units`, and + {option}`boot.initrd.systemd.additionalUpstreamUnits`. The main purpose of this is to prevent a upstream systemd unit from being added to the initrd with any modifications made to it by other NixOS modules. ''; }; units = mkOption { - description = "Definition of systemd units."; + description = lib.mdDoc "Definition of systemd units."; default = {}; visible = false; type = systemdUtils.types.units; @@ -249,49 +264,49 @@ in { visible = false; type = types.listOf types.package; example = literalExpression "[ pkgs.systemd-cryptsetup-generator ]"; - description = "Packages providing systemd units and hooks."; + description = lib.mdDoc "Packages providing systemd units and hooks."; }; targets = mkOption { default = {}; visible = false; type = systemdUtils.types.initrdTargets; - description = "Definition of systemd target units."; + description = lib.mdDoc "Definition of systemd target units."; }; services = mkOption { default = {}; type = systemdUtils.types.initrdServices; visible = false; - description = "Definition of systemd service units."; + description = lib.mdDoc "Definition of systemd service units."; }; sockets = mkOption { default = {}; type = systemdUtils.types.initrdSockets; visible = false; - description = "Definition of systemd socket units."; + description = lib.mdDoc "Definition of systemd socket units."; }; timers = mkOption { default = {}; type = systemdUtils.types.initrdTimers; visible = false; - description = "Definition of systemd timer units."; + description = lib.mdDoc "Definition of systemd timer units."; }; paths = mkOption { default = {}; type = systemdUtils.types.initrdPaths; visible = false; - description = "Definition of systemd path units."; + description = lib.mdDoc "Definition of systemd path units."; }; mounts = mkOption { default = []; type = systemdUtils.types.initrdMounts; visible = false; - description = '' + description = lib.mdDoc '' Definition of systemd mount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -302,7 +317,7 @@ in { default = []; type = systemdUtils.types.automounts; visible = false; - description = '' + description = lib.mdDoc '' Definition of systemd automount units. This is a list instead of an attrSet, because systemd mandates the names to be derived from the 'where' attribute. @@ -313,7 +328,7 @@ in { default = {}; type = systemdUtils.types.slices; visible = false; - description = "Definition of slice configurations."; + description = lib.mdDoc "Definition of slice configurations."; }; }; @@ -423,6 +438,9 @@ in { services."systemd-makefs@" = lib.mkIf needMakefs { unitConfig.IgnoreOnIsolate = true; }; services."systemd-growfs@" = lib.mkIf needGrowfs { unitConfig.IgnoreOnIsolate = true; }; + # make sure all the /dev nodes are set up + services.systemd-tmpfiles-setup-dev.wantedBy = ["sysinit.target"]; + services.initrd-nixos-activation = { after = [ "initrd-fs.target" ]; requiredBy = [ "initrd.target" ]; diff --git a/nixos/modules/system/boot/systemd/journald.nix b/nixos/modules/system/boot/systemd/journald.nix index 7e14c8ae4077..773163bbcb81 100644 --- a/nixos/modules/system/boot/systemd/journald.nix +++ b/nixos/modules/system/boot/systemd/journald.nix @@ -9,13 +9,13 @@ in { services.journald.console = mkOption { default = ""; type = types.str; - description = "If non-empty, write log messages to the specified TTY device."; + description = lib.mdDoc "If non-empty, write log messages to the specified TTY device."; }; services.journald.rateLimitInterval = mkOption { default = "30s"; type = types.str; - description = '' + description = lib.mdDoc '' Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with @@ -23,7 +23,7 @@ in { units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0. - See <option>services.journald.rateLimitBurst</option> for important + See {option}`services.journald.rateLimitBurst` for important considerations when setting this value. ''; }; @@ -31,7 +31,7 @@ in { services.journald.rateLimitBurst = mkOption { default = 10000; type = types.int; - description = '' + description = lib.mdDoc '' Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services @@ -39,11 +39,11 @@ in { Note that the effective rate limit is multiplied by a factor derived from the available free disk space for the journal as described on - <link xlink:href="https://www.freedesktop.org/software/systemd/man/journald.conf.html"> - journald.conf(5)</link>. + [ + journald.conf(5)](https://www.freedesktop.org/software/systemd/man/journald.conf.html). Note that the total amount of logs stored is limited by journald settings - such as <literal>SystemMaxUse</literal>, which defaults to a 4 GB cap. + such as `SystemMaxUse`, which defaults to a 4 GB cap. It is thus recommended to compute what period of time that you will be able to store logs for when an application logs at full burst rate. @@ -56,7 +56,7 @@ in { default = ""; type = types.lines; example = "Storage=volatile"; - description = '' + description = lib.mdDoc '' Extra config options for systemd-journald. See man journald.conf for available options. ''; @@ -65,7 +65,7 @@ in { services.journald.enableHttpGateway = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to enable the HTTP gateway to the journal. ''; }; @@ -74,7 +74,7 @@ in { default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable"; type = types.bool; - description = '' + description = lib.mdDoc '' Whether to forward log messages to syslog. ''; }; diff --git a/nixos/modules/system/boot/systemd/logind.nix b/nixos/modules/system/boot/systemd/logind.nix index 97ac588bce17..598016032136 100644 --- a/nixos/modules/system/boot/systemd/logind.nix +++ b/nixos/modules/system/boot/systemd/logind.nix @@ -16,27 +16,24 @@ in default = ""; type = types.lines; example = "IdleAction=lock"; - description = '' + description = lib.mdDoc '' Extra config options for systemd-logind. See - <link xlink:href="https://www.freedesktop.org/software/systemd/man/logind.conf.html"> - logind.conf(5)</link> for available options. + [ + logind.conf(5)](https://www.freedesktop.org/software/systemd/man/logind.conf.html) for available options. ''; }; services.logind.killUserProcesses = mkOption { default = false; type = types.bool; - description = '' + description = lib.mdDoc '' Specifies whether the processes of a user should be killed when the user logs out. If true, the scope unit corresponding to the session and all processes inside that scope will be terminated. If false, the scope is "abandoned" (see - <link xlink:href="https://www.freedesktop.org/software/systemd/man/systemd.scope.html#"> - systemd.scope(5)</link>), and processes are not killed. - </para> + [systemd.scope(5)](https://www.freedesktop.org/software/systemd/man/systemd.scope.html#)), and processes are not killed. - <para> - See <link xlink:href="https://www.freedesktop.org/software/systemd/man/logind.conf.html#KillUserProcesses=">logind.conf(5)</link> + See [logind.conf(5)](https://www.freedesktop.org/software/systemd/man/logind.conf.html#KillUserProcesses=) for more details. ''; }; @@ -46,7 +43,7 @@ in example = "ignore"; type = logindHandlerType; - description = '' + description = lib.mdDoc '' Specifies what to be done when the laptop lid is closed. ''; }; @@ -56,7 +53,7 @@ in example = "suspend"; type = logindHandlerType; - description = '' + description = lib.mdDoc '' Specifies what to be done when the laptop lid is closed and another screen is added. ''; @@ -68,7 +65,7 @@ in example = "ignore"; type = logindHandlerType; - description = '' + description = lib.mdDoc '' Specifies what to do when the laptop lid is closed and the system is on external power. By default use the same action as specified in services.logind.lidSwitch. diff --git a/nixos/modules/system/boot/systemd/nspawn.nix b/nixos/modules/system/boot/systemd/nspawn.nix index da03c60db528..c17dc951cc53 100644 --- a/nixos/modules/system/boot/systemd/nspawn.nix +++ b/nixos/modules/system/boot/systemd/nspawn.nix @@ -107,7 +107,7 @@ in { systemd.nspawn = mkOption { default = {}; type = with types; attrsOf (submodule instanceOptions); - description = "Definition of systemd-nspawn configurations."; + description = lib.mdDoc "Definition of systemd-nspawn configurations."; }; }; diff --git a/nixos/modules/system/boot/systemd/shutdown.nix b/nixos/modules/system/boot/systemd/shutdown.nix index ca4cdf827d95..cb257dce6f04 100644 --- a/nixos/modules/system/boot/systemd/shutdown.nix +++ b/nixos/modules/system/boot/systemd/shutdown.nix @@ -11,7 +11,7 @@ in { options.systemd.shutdownRamfs = { enable = lib.mkEnableOption "pivoting back to an initramfs for shutdown" // { default = true; }; contents = lib.mkOption { - description = "Set of files that have to be linked into the shutdown ramfs"; + description = lib.mdDoc "Set of files that have to be linked into the shutdown ramfs"; example = lib.literalExpression '' { "/lib/systemd/system-shutdown/zpool-sync-shutdown".source = writeShellScript "zpool" "exec ''${zfs}/bin/zpool sync" @@ -21,7 +21,7 @@ in { }; storePaths = lib.mkOption { - description = '' + description = lib.mdDoc '' Store paths to copy into the shutdown ramfs as well. ''; type = lib.types.listOf lib.types.singleLineStr; diff --git a/nixos/modules/system/boot/systemd/tmpfiles.nix b/nixos/modules/system/boot/systemd/tmpfiles.nix index 97d60e9d6527..e990e953b057 100644 --- a/nixos/modules/system/boot/systemd/tmpfiles.nix +++ b/nixos/modules/system/boot/systemd/tmpfiles.nix @@ -12,10 +12,10 @@ in type = types.listOf types.str; default = []; example = [ "d /tmp 1777 root root 10d" ]; - description = '' + description = lib.mdDoc '' Rules for creation, deletion and cleaning of volatile and temporary files automatically. See - <citerefentry><refentrytitle>tmpfiles.d</refentrytitle><manvolnum>5</manvolnum></citerefentry> + {manpage}`tmpfiles.d(5)` for the exact format. ''; }; @@ -25,16 +25,16 @@ in default = []; example = literalExpression "[ pkgs.lvm2 ]"; apply = map getLib; - description = '' - List of packages containing <command>systemd-tmpfiles</command> rules. + description = lib.mdDoc '' + List of packages containing {command}`systemd-tmpfiles` rules. All files ending in .conf found in - <filename><replaceable>pkg</replaceable>/lib/tmpfiles.d</filename> + {file}`«pkg»/lib/tmpfiles.d` will be included. If this folder does not exist or does not contain any files an error will be returned instead. - If a <filename>lib</filename> output is available, rules are searched there and only there. - If there is no <filename>lib</filename> output it will fall back to <filename>out</filename> + If a {file}`lib` output is available, rules are searched there and only there. + If there is no {file}`lib` output it will fall back to {file}`out` and if that does not exist either, the default output will be used. ''; }; diff --git a/nixos/modules/system/boot/systemd/user.nix b/nixos/modules/system/boot/systemd/user.nix index 0b1e6277c2f5..3200a58d73c9 100644 --- a/nixos/modules/system/boot/systemd/user.nix +++ b/nixos/modules/system/boot/systemd/user.nix @@ -45,14 +45,14 @@ in { default = ""; type = types.lines; example = "DefaultCPUAccounting=yes"; - description = '' + description = lib.mdDoc '' Extra config options for systemd user instances. See man systemd-user.conf for available options. ''; }; systemd.user.units = mkOption { - description = "Definition of systemd per-user units."; + description = lib.mdDoc "Definition of systemd per-user units."; default = {}; type = systemdUtils.types.units; }; @@ -60,37 +60,37 @@ in { systemd.user.paths = mkOption { default = {}; type = systemdUtils.types.paths; - description = "Definition of systemd per-user path units."; + description = lib.mdDoc "Definition of systemd per-user path units."; }; systemd.user.services = mkOption { default = {}; type = systemdUtils.types.services; - description = "Definition of systemd per-user service units."; + description = lib.mdDoc "Definition of systemd per-user service units."; }; systemd.user.slices = mkOption { default = {}; type = systemdUtils.types.slices; - description = "Definition of systemd per-user slice units."; + description = lib.mdDoc "Definition of systemd per-user slice units."; }; systemd.user.sockets = mkOption { default = {}; type = systemdUtils.types.sockets; - description = "Definition of systemd per-user socket units."; + description = lib.mdDoc "Definition of systemd per-user socket units."; }; systemd.user.targets = mkOption { default = {}; type = systemdUtils.types.targets; - description = "Definition of systemd per-user target units."; + description = lib.mdDoc "Definition of systemd per-user target units."; }; systemd.user.timers = mkOption { default = {}; type = systemdUtils.types.timers; - description = "Definition of systemd per-user timer units."; + description = lib.mdDoc "Definition of systemd per-user timer units."; }; systemd.additionalUpstreamUserUnits = mkOption { @@ -145,6 +145,10 @@ in { { # Ensure that pam_systemd gets included. This is special-cased # in systemd to provide XDG_RUNTIME_DIR. startSession = true; + # Disable pam_mount in systemd-user to prevent it from being called + # multiple times during login, because it will prevent pam_mount from + # unmounting the previously mounted volumes. + pamMount = false; }; # Some overrides to upstream units. diff --git a/nixos/modules/system/boot/timesyncd.nix b/nixos/modules/system/boot/timesyncd.nix index 6279957fcd63..a6604802c38c 100644 --- a/nixos/modules/system/boot/timesyncd.nix +++ b/nixos/modules/system/boot/timesyncd.nix @@ -11,7 +11,7 @@ with lib; default = !config.boot.isContainer; defaultText = literalExpression "!config.boot.isContainer"; type = types.bool; - description = '' + description = lib.mdDoc '' Enables the systemd NTP client daemon. ''; }; @@ -19,7 +19,7 @@ with lib; default = config.networking.timeServers; defaultText = literalExpression "config.networking.timeServers"; type = types.listOf types.str; - description = '' + description = lib.mdDoc '' The set of NTP servers from which to synchronise. ''; }; @@ -29,10 +29,10 @@ with lib; example = '' PollIntervalMaxSec=180 ''; - description = '' + description = lib.mdDoc '' Extra config options for systemd-timesyncd. See - <link xlink:href="https://www.freedesktop.org/software/systemd/man/timesyncd.conf.html"> - timesyncd.conf(5)</link> for available options. + [ + timesyncd.conf(5)](https://www.freedesktop.org/software/systemd/man/timesyncd.conf.html) for available options. ''; }; }; diff --git a/nixos/modules/system/boot/tmp.nix b/nixos/modules/system/boot/tmp.nix index cf6d19eb5f0e..1f9431710aec 100644 --- a/nixos/modules/system/boot/tmp.nix +++ b/nixos/modules/system/boot/tmp.nix @@ -14,23 +14,23 @@ in boot.cleanTmpDir = mkOption { type = types.bool; default = false; - description = '' - Whether to delete all files in <filename>/tmp</filename> during boot. + description = lib.mdDoc '' + Whether to delete all files in {file}`/tmp` during boot. ''; }; boot.tmpOnTmpfs = mkOption { type = types.bool; default = false; - description = '' - Whether to mount a tmpfs on <filename>/tmp</filename> during boot. + description = lib.mdDoc '' + Whether to mount a tmpfs on {file}`/tmp` during boot. ''; }; boot.tmpOnTmpfsSize = mkOption { type = types.oneOf [ types.str types.types.ints.positive ]; default = "50%"; - description = '' + description = lib.mdDoc '' Size of tmpfs in percentage. Percentage is defined by systemd. ''; diff --git a/nixos/modules/system/build.nix b/nixos/modules/system/build.nix index 58dc3f0d4113..41c0258a5a35 100644 --- a/nixos/modules/system/build.nix +++ b/nixos/modules/system/build.nix @@ -7,7 +7,7 @@ in system.build = mkOption { default = {}; - description = '' + description = lib.mdDoc '' Attribute set of derivations used to set up the system. ''; type = types.submoduleWith { diff --git a/nixos/modules/system/etc/etc.nix b/nixos/modules/system/etc/etc.nix index ed552fecec53..cfb9c39458ea 100644 --- a/nixos/modules/system/etc/etc.nix +++ b/nixos/modules/system/etc/etc.nix @@ -82,8 +82,8 @@ in "default/useradd".text = "GROUP=100 ..."; } ''; - description = '' - Set of files that have to be linked in <filename>/etc</filename>. + description = lib.mdDoc '' + Set of files that have to be linked in {file}`/etc`. ''; type = with types; attrsOf (submodule ( @@ -93,7 +93,7 @@ in enable = mkOption { type = types.bool; default = true; - description = '' + description = lib.mdDoc '' Whether this /etc file should be generated. This option allows specific /etc files to be disabled. ''; @@ -101,9 +101,9 @@ in target = mkOption { type = types.str; - description = '' + description = lib.mdDoc '' Name of symlink (relative to - <filename>/etc</filename>). Defaults to the attribute + {file}`/etc`). Defaults to the attribute name. ''; }; @@ -111,20 +111,20 @@ in text = mkOption { default = null; type = types.nullOr types.lines; - description = "Text of the file."; + description = lib.mdDoc "Text of the file."; }; source = mkOption { type = types.path; - description = "Path of the source file."; + description = lib.mdDoc "Path of the source file."; }; mode = mkOption { type = types.str; default = "symlink"; example = "0600"; - description = '' - If set to something else than <literal>symlink</literal>, + description = lib.mdDoc '' + If set to something else than `symlink`, the file is copied instead of symlinked, with the given file mode. ''; @@ -133,7 +133,7 @@ in uid = mkOption { default = 0; type = types.int; - description = '' + description = lib.mdDoc '' UID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). ''; @@ -142,7 +142,7 @@ in gid = mkOption { default = 0; type = types.int; - description = '' + description = lib.mdDoc '' GID of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). ''; @@ -151,20 +151,20 @@ in user = mkOption { default = "+${toString config.uid}"; type = types.str; - description = '' + description = lib.mdDoc '' User name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). - Changing this option takes precedence over <literal>uid</literal>. + Changing this option takes precedence over `uid`. ''; }; group = mkOption { default = "+${toString config.gid}"; type = types.str; - description = '' + description = lib.mdDoc '' Group name of created file. Only takes effect when the file is copied (that is, the mode is not 'symlink'). - Changing this option takes precedence over <literal>gid</literal>. + Changing this option takes precedence over `gid`. ''; }; |